Add Transparent HTTP Proxy Mode for Native Bedrock API Access

[fabianx-ai]

Summary

• Add transparent HTTP proxy mode for direct AWS Bedrock API access
• Single universal endpoint handles all Bedrock endpoints automatically
• Pure passthrough with zero parsing - just auth swap and URL rewrite
• Future-proof design works with any new AWS Bedrock features

Closes #170

Implementation Details

• New bedrock_proxy.py router with universal /bedrock/model/{model_id}/{endpoint_path:path} endpoint
• Environment variable AWS_BEARER_TOKEN_BEDROCK enables transparent proxy mode
• Forwards all headers, methods, query params, and body content as-is
• Automatic streaming detection and handling
• Added httpx dependency for async HTTP client

Token Authentication Approach

Uses AWS_BEARER_TOKEN_BEDROCK environment variable for simplicity. While extracting tokens from boto3 client is theoretically possible, it's very complicated due to credential chain complexity, session management, and token refresh logic. The environment variable approach provides a clean, predictable solution.

Benefits

• Perfect AWS compatibility - Always matches official AWS API exactly
• Zero maintenance overhead - New AWS features work automatically
• Better performance - No JSON parsing/reconstruction overhead
• Broader compatibility - Handles all HTTP methods, headers, query params
• Future-proof - Works with any future Bedrock API changes

Test Plan

• Health check endpoint works
• OpenAI-compatible endpoints still functional
• Transparent proxy mode with AWS bearer token
• All HTTP methods supported (GET, POST, PUT, DELETE, PATCH)
• Streaming responses work correctly
• Headers forwarded properly
• Error handling for missing AWS token

🤖 Generated with Claude Code