Kilo-Org · kilo-code-bot · May 7, 2026 · May 7, 2026 · May 7, 2026 · May 8, 2026
diff --git a/apps/web/package.json b/apps/web/package.json
@@ -33,8 +33,10 @@
     "@ai-sdk/openai": "^3.0.41",
     "@ai-sdk/openai-compatible": "^2.0.35",
     "@anthropic-ai/sdk": "^0.90.0",
+    "@aws-crypto/sha256-js": "^5.2.0",
     "@aws-sdk/client-s3": "^3.1009.0",
     "@aws-sdk/s3-request-presigner": "^3.1009.0",
+    "@aws-sdk/signature-v4": "^3.374.0",
     "@chat-adapter/github": "4.27.0",
     "@chat-adapter/slack": "^4.27.0",
     "@chat-adapter/state-memory": "^4.27.0",

diff --git a/apps/web/src/lib/ai-gateway/providers/bedrock-signer.ts b/apps/web/src/lib/ai-gateway/providers/bedrock-signer.ts
@@ -0,0 +1,57 @@
+import { SignatureV4 } from '@aws-sdk/signature-v4';
+import { Sha256 } from '@aws-crypto/sha256-js';
+import type { CustomLlmAwsBedrock } from '@kilocode/db';
+import type { SignedRequest, SignRequestArgs } from '@/lib/ai-gateway/providers/types';
+
+// Returns a signRequest implementation that rewrites the URL to the Bedrock
+// `/model/<modelId>/invoke[-with-response-stream]` endpoint and signs it with
+// SigV4 for the `bedrock` service.
+export function makeBedrockSignRequest(
+  credentials: CustomLlmAwsBedrock,
+  modelId: string
+): (args: SignRequestArgs) => Promise<SignedRequest> {
+  const signer = new SignatureV4({
+    credentials: {
+      accessKeyId: credentials.access_key_id,
+      secretAccessKey: credentials.secret_access_key,
+    },
+    region: credentials.region,
+    service: 'bedrock',
+    sha256: Sha256,
+  });
+
+  const hostname = `bedrock-runtime.${credentials.region}.amazonaws.com`;
+
+  return async ({ method, body }) => {
+    const isStreaming = parseStreamFlag(body);
+    const path = `/model/${encodeURIComponent(modelId)}/${
+      isStreaming ? 'invoke-with-response-stream' : 'invoke'
+    }`;
+
+    const signed = await signer.sign({
+      method,
+      hostname,
+      path,
+      protocol: 'https:',
+      headers: {
+        'Content-Type': 'application/json',
+        host: hostname,
+      },
+      body,
+    });
+
+    return {
+      url: `https://${hostname}${signed.path ?? path}`,
+      headers: signed.headers,
+    };
+  };
+}
+
+function parseStreamFlag(body: string): boolean {
+  try {
+    const parsed = JSON.parse(body);
+    return parsed !== null && typeof parsed === 'object' && parsed.stream === true;
+  } catch {
+    return false;
+  }
+}
diff --git a/apps/web/src/lib/ai-gateway/providers/get-provider.ts b/apps/web/src/lib/ai-gateway/providers/get-provider.ts
@@ -23,6 +23,7 @@ import {
   addCacheBreakpoints,
   injectReasoningIntoContent,
 } from '@/lib/ai-gateway/providers/openrouter/request-helpers';
+import { makeBedrockSignRequest } from '@/lib/ai-gateway/providers/bedrock-signer';
 
 function inferSupportedChatApis(
   aiSdkProvider: CustomLlmProvider | undefined,
@@ -94,6 +95,10 @@ async function checkCustomLlm(
   if (!customLlm || !customLlm.organization_ids.includes(organizationId)) {
     return null;
   }
+  const bedrock = customLlm.aws_bedrock;
+  const signRequest = bedrock
+    ? makeBedrockSignRequest(bedrock, customLlm.internal_id)
+    : undefined;
   return {
     provider: {
       id: 'custom',
@@ -120,6 +125,7 @@ async function checkCustomLlm(
           injectReasoningIntoContent(context.request);
         }
       },
+      signRequest,
     },
     userByok: null,
     bypassAccessCheck: true,

diff --git a/apps/web/src/lib/ai-gateway/providers/types.ts b/apps/web/src/lib/ai-gateway/providers/types.ts
@@ -30,10 +30,25 @@ export type TransformRequestContext = {
 
 export type GatewayChatApiKind = GatewayRequest['kind'];
 
+export type SignRequestArgs = {
+  method: string;
+  url: string;
+  body: string;
+};
+
+export type SignedRequest = {
+  // When set, replaces the target URL (used e.g. for Bedrock path rewriting).
+  url?: string;
+  // Final auth/signature headers. When `signRequest` is present, the caller
+  // skips the default `Authorization: Bearer ${apiKey}` header.
+  headers: Record<string, string>;
+};
+
 export type Provider = {
   id: ProviderId;
   apiUrl: string;
   apiKey: string;
   supportedChatApis: ReadonlyArray<GatewayChatApiKind>;
   transformRequest(context: TransformRequestContext): void;
+  signRequest?(args: SignRequestArgs): Promise<SignedRequest>;
 };
diff --git a/apps/web/src/lib/ai-gateway/providers/upstream-request.ts b/apps/web/src/lib/ai-gateway/providers/upstream-request.ts
@@ -31,14 +31,28 @@ export async function upstreamRequest({
   for (const [key, value] of Object.entries(ATTRIBUTION_HEADERS)) {
     headers.set(key, value);
   }
-  headers.set('Authorization', `Bearer ${provider.apiKey}`);
   headers.set('Content-Type', 'application/json');
 
   Object.entries(extraHeaders).forEach(([key, value]) => {
     headers.set(key, value);
   });
 
-  const targetUrl = `${provider.apiUrl}${path}${search}`;
+  let targetUrl = `${provider.apiUrl}${path}${search}`;
+  const serializedBody = JSON.stringify(body);
+
+  if (provider.signRequest) {
+    const signed = await provider.signRequest({
+      method,
+      url: targetUrl,
+      body: serializedBody,
+    });
+    if (signed.url) targetUrl = signed.url;
+    for (const [key, value] of Object.entries(signed.headers)) {
+      headers.set(key, value);
+    }
+  } else {
+    headers.set('Authorization', `Bearer ${provider.apiKey}`);
+  }
 
   const TEN_MINUTES_MS = 10 * 60 * 1000;
   const timeoutSignal = AbortSignal.timeout(TEN_MINUTES_MS);
@@ -47,7 +61,7 @@ export async function upstreamRequest({
   return await fetch(targetUrl, {
     method,
     headers,
-    body: JSON.stringify(body),
+    body: serializedBody,
     // @ts-expect-error see https://github.com/node-fetch/node-fetch/issues/1769
     duplex: 'half',
     signal: combinedSignal,

diff --git a/packages/db/src/schema-types.ts b/packages/db/src/schema-types.ts
@@ -951,6 +951,19 @@ export const CustomLlmPricingSchema = z.object({
 
 export type CustomLlmPricing = z.infer<typeof CustomLlmPricingSchema>;
 
+// AWS Bedrock credentials. When present, upstream requests are SigV4-signed
+// against the `bedrock` service instead of using `Authorization: Bearer`.
+// `base_url` should be `https://bedrock-runtime.<region>.amazonaws.com` and
+// `internal_id` is used as the Bedrock model id in the request path
+// (`/model/<internal_id>/invoke`).
+export const CustomLlmAwsBedrockSchema = z.object({
+  access_key_id: z.string(),
+  secret_access_key: z.string(),
+  region: z.string(),
+});
+
+export type CustomLlmAwsBedrock = z.infer<typeof CustomLlmAwsBedrockSchema>;
+
 export const CustomLlmDefinitionSchema = z.object({
   internal_id: z.string(),
   display_name: z.string(),
@@ -968,6 +981,7 @@ export const CustomLlmDefinitionSchema = z.object({
   opencode_settings: OpenCodeSettingsSchema.optional(),
   openclaw_settings: OpenClawModelSettingsSchema.optional(),
   pricing: CustomLlmPricingSchema.optional(),
+  aws_bedrock: CustomLlmAwsBedrockSchema.optional(),
 });
 
 export type CustomLlmDefinition = z.infer<typeof CustomLlmDefinitionSchema>;