Skip to content

Add custom upstream headers and Kimi provider support#458

Closed
weselben wants to merge 2 commits into
ENTERPILOT:mainfrom
weselben:feat/custom-headers-and-passthrough
Closed

Add custom upstream headers and Kimi provider support#458
weselben wants to merge 2 commits into
ENTERPILOT:mainfrom
weselben:feat/custom-headers-and-passthrough

Conversation

@weselben

@weselben weselben commented Jul 2, 2026

Copy link
Copy Markdown

Summary

Some upstreams expect a recognizable client identity on the outbound request —
notably Kimi's coding endpoint, which reads User-Agent, X-Stainless-*, and
X-Title the way an OpenAI SDK sends them. Today GoModel can neither forward
what the caller sent nor set those headers itself, so these providers either
reject the request or behave as an unrecognized client.

This adds two optional, mutually exclusive knobs to every provider block and
ships a native kimi provider as the first consumer:

  • custom_upstream_headers — a static header map written on every outbound
    request (stable client identity, tracing, upstream-specific keys).
  • passthrough_user_headers — forward inbound caller headers onto the upstream
    request after a credential/transport skip list.

Kimi defaults passthrough on; every other provider defaults off. Setting both
modes on one provider is rejected at config-load. Provider-set auth headers
(e.g. Authorization) are written by the factory before any of this runs and
are never overwritten.

Override precedence is env > YAML > provider-type default. Both knobs are
env-overridable (<PROVIDER>_PASSTHROUGH_USER_HEADERS,
<PROVIDER>_PASSTHROUGH_USER_HEADERS_SKIP); the static bundle is YAML-only so
secrets stay out of the environment.

Implementation notes

  • The skip floor (internal/providers/headers.go) drops credentials
    (Authorization, X-Api-Key), hop-by-hop/transport headers (RFC 7230),
    cookies, Forwarded, and every X-Forwarded-* prefix, regardless of
    provider config — operators can only add to it via the skip list.
  • ApplyRequestHeaderOverrides is wired through the shared OpenAI-compatible
    provider and the native setHeaders paths (anthropic, gemini, vertex), so
    all providers get the feature from one place. In passthrough mode inbound
    values overwrite provider defaults for that key (an empty slice deletes it);
    keys not present inbound are left untouched.
  • Kimi is a thin wrapper over the shared OpenAI-compatible transport — standard
    Bearer auth, default base URL https://api.kimi.com/coding/v1, no
    provider-specific headers invented on its behalf.

weselben added 2 commits July 3, 2026 00:13
… header passthrough

Every provider block gains two optional, mutually-exclusive header fields:
custom_upstream_headers (static map) and passthrough_user_headers (forward
inbound caller headers after a credential/transport skip list). Kimi defaults
passthrough on; all other providers default off. Both modes together are
rejected at config-load. Env vars <PROVIDER>_PASSTHROUGH_USER_HEADERS and
<PROVIDER>_PASSTHROUGH_USER_HEADERS_SKIP override YAML; provider-set auth
headers are never touched.

- config: new RawProviderConfig/ProviderConfig fields + validation
- providers: SkipPassthroughHeader floor + ApplyRequestHeaderOverrides
- wired through openai compatible provider + anthropic/gemini/vertex setHeaders
  and every OpenAI-compatible provider constructor
- docs: feature page + nav + configuration reference
Native kimi provider: thin wrapper over the shared OpenAI-compatible transport
with standard Bearer auth and default base URL https://api.kimi.com/coding/v1.
Kimi defaults passthrough_user_headers to true so an OpenAI-SDK caller is
forwarded as-is; operators can disable passthrough and ship a static identity
bundle instead.

- providers/kimi: provider + tests
- cmd/gomodel: register kimi
- cmd/recordapi: kimi recording config, setKimiHeaders identity bundle
- Makefile: record-api-kimi target
- tests/contract/testdata/kimi: golden files
- docs: provider page, overview matrix row, README supported list, config example
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: ae47eb1b-5835-4f65-9ee4-116a73516cee

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@weselben weselben closed this Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant