michael/merlyn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c169193fc4
merlyn/server/utils/AiProviders/bedrock/utils.js
Chetan Sarva c169193fc4
feature: Support for AWS Bedrock API Keys (#4651) 
* feat: add AWS Bedrock API Key option to settings panel

* feat: Bedrock API key auth method

* fix: hide IAM note when using bedrock api key

* move to camcelCase identifier for bedrock api key use
linting

---------

Co-authored-by: timothycarambat <rambat1010@gmail.com>
2025-11-20 15:38:45 -08:00

163 lines
5.5 KiB
JavaScript
Raw Blame History

const { BedrockRuntimeClient } = require("@aws-sdk/client-bedrock-runtime");
const { fromStatic } = require("@aws-sdk/token-providers");
const { ChatBedrockConverse } = require("@langchain/aws");
/** @typedef {'jpeg' | 'png' | 'gif' | 'webp'} */
const SUPPORTED_BEDROCK_IMAGE_FORMATS = ["jpeg", "png", "gif", "webp"];
/** @type {number} */
const DEFAULT_MAX_OUTPUT_TOKENS = 4096;
/** @type {number} */
const DEFAULT_CONTEXT_WINDOW_TOKENS = 8191;
/** @type {'iam' | 'iam_role' | 'sessionToken' | 'apiKey'} */
const SUPPORTED_CONNECTION_METHODS = [
"iam",
"iam_role",
"sessionToken",
"apiKey",
];
/**
* Gets the AWS Bedrock authentication method from the environment variables.
* @returns {"iam" | "iam_role" | "sessionToken" | "apiKey"} The authentication method.
*/
function getBedrockAuthMethod() {
const method = process.env.AWS_BEDROCK_LLM_CONNECTION_METHOD || "iam";
return SUPPORTED_CONNECTION_METHODS.includes(method) ? method : "iam";
}
/**
* Creates the AWS Bedrock credentials object based on the authentication method.
* @param {"iam" | "iam_role" | "sessionToken" | "apiKey"} authMethod - The authentication method.
* @returns {object | undefined} The credentials object.
*/
function createBedrockCredentials(authMethod) {
switch (authMethod) {
case "iam": // explicit credentials
return {
accessKeyId: process.env.AWS_BEDROCK_LLM_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_BEDROCK_LLM_ACCESS_KEY,
};
case "sessionToken": // Session token is used for temporary credentials
return {
accessKeyId: process.env.AWS_BEDROCK_LLM_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_BEDROCK_LLM_ACCESS_KEY,
sessionToken: process.env.AWS_BEDROCK_LLM_SESSION_TOKEN,
};
// IAM role is used for long-term credentials implied by system process
// is filled by the AWS SDK automatically if we pass in no credentials
// returning undefined will allow this to happen
case "iam_role":
return undefined;
case "apiKey":
return fromStatic({
token: { token: process.env.AWS_BEDROCK_LLM_API_KEY },
});
default:
return undefined;
}
}
/**
* Creates the AWS Bedrock runtime client based on the authentication method.
* @param {"iam" | "iam_role" | "sessionToken" | "apiKey"} authMethod - The authentication method.
* @param {object | undefined} credentials - The credentials object.
* @returns {BedrockRuntimeClient} The runtime client.
*/
function createBedrockRuntimeClient(authMethod, credentials) {
const clientOpts = {
region: process.env.AWS_BEDROCK_LLM_REGION,
};
if (authMethod === "apiKey") {
clientOpts.token = credentials;
clientOpts.authSchemePreference = ["httpBearerAuth"];
} else {
clientOpts.credentials = credentials;
}
return new BedrockRuntimeClient(clientOpts);
}
/**
* Creates the AWS Bedrock chat client based on the authentication method.
* Used explicitly by the agent provider for the AWS Bedrock provider.
* @param {object} config - The configuration object.
* @param {"iam" | "iam_role" | "sessionToken" | "apiKey"} authMethod - The authentication method.
* @param {object | undefined} credentials - The credentials object.
* @param {string | null} model - The model to use.
* @returns {ChatBedrockConverse} The chat client.
*/
function createBedrockChatClient(config = {}, authMethod, credentials, model) {
authMethod ||= getBedrockAuthMethod();
credentials ||= createBedrockCredentials(authMethod);
model ||= process.env.AWS_BEDROCK_LLM_MODEL_PREFERENCE ?? null;
const client = createBedrockRuntimeClient(authMethod, credentials);
return new ChatBedrockConverse({
region: process.env.AWS_BEDROCK_LLM_REGION,
client,
model,
...config,
});
}
/**
* Parses a MIME type string (e.g., "image/jpeg") to extract and validate the image format
* supported by Bedrock Converse. Handles 'image/jpg' as 'jpeg'.
* @param {string | null | undefined} mimeType - The MIME type string.
* @returns {string | null} The validated image format (e.g., "jpeg") or null if invalid/unsupported.
*/
function getImageFormatFromMime(mimeType = "") {
if (!mimeType) return null;
const parts = mimeType.toLowerCase().split("/");
if (parts?.[0] !== "image") return null;
let format = parts?.[1];
if (!format) return null;
// Remap jpg to jpeg
switch (format) {
case "jpg":
format = "jpeg";
break;
default:
break;
}
if (!SUPPORTED_BEDROCK_IMAGE_FORMATS.includes(format)) return null;
return format;
}
/**
* Decodes a pure base64 string (without data URI prefix) into a Uint8Array using the atob method.
* This approach matches the technique previously used by Langchain's implementation.
* @param {string} base64String - The pure base64 encoded data.
* @returns {Uint8Array | null} The resulting byte array or null on decoding error.
*/
function base64ToUint8Array(base64String) {
try {
const binaryString = atob(base64String);
const len = binaryString.length;
const bytes = new Uint8Array(len);
for (let i = 0; i < len; i++) bytes[i] = binaryString.charCodeAt(i);
return bytes;
} catch (e) {
console.error(
`[AWSBedrock] Error decoding base64 string with atob: ${e.message}`
);
return null;
}
}
module.exports = {
SUPPORTED_CONNECTION_METHODS,
SUPPORTED_BEDROCK_IMAGE_FORMATS,
DEFAULT_MAX_OUTPUT_TOKENS,
DEFAULT_CONTEXT_WINDOW_TOKENS,
getImageFormatFromMime,
base64ToUint8Array,
getBedrockAuthMethod,
createBedrockCredentials,
createBedrockRuntimeClient,
createBedrockChatClient,
};
Reference in New Issue View Git Blame Copy Permalink