@@ -383,7 +383,9 @@ Kiro Gateway is a third-party proxy gateway that provides OpenAI and Anthropic-c
**Configuration:**
In `config/providers.json`:
**IMPORTANT:** Kiro providers use a different configuration structure than other providers. Instead of an `api_key` field, they use a `kiro_config` object with authentication settings specific to Kiro/Amazon Q Developer.
- Updated all RedirectResponse calls to use proxy-aware url_for() function
- Updated templates to use proxy-aware URL generation
- Added comprehensive nginx proxy configuration examples to DOCUMENTATION.md
- Application now fully supports deployment behind reverse proxies with subpaths
- Dashboard URLs, redirects, and API responses automatically adjust based on proxy configuration
**2026-03-23 - Kiro Provider Dashboard Support**
- Updated providers.html dashboard to show kiro-specific configuration fields
- Kiro providers now display `kiro_config` options (region, creds_file, sqlite_db, refresh_token, profile_arn, client_id, client_secret) instead of standard api_key fields
- Added `updateProviderType()` function to handle switching between kiro and other provider types
- Added `updateKiroConfig()` function to manage kiro-specific configuration fields
- Updated `addProvider()` function to ask for provider type and set appropriate defaults for kiro providers
- Dashboard automatically initializes kiro_config when provider type is changed to "kiro"
- Dashboard automatically removes kiro_config when provider type is changed from "kiro" to another type
- Updated AI.PROMPT documentation to clarify kiro provider configuration differences
**2026-03-22 - Configuration Refactoring**
- Centralized API key storage in providers.json
- API keys are now stored only in provider definitions, not in rotation/autoselect configs
...
...
@@ -841,4 +890,118 @@ When making changes that affect the project structure or functionality:
### Version Control
AI.PROMPT should be committed to version control along with other project files to ensure that documentation stays synchronized with the codebase.
\ No newline at end of file
AI.PROMPT should be committed to version control along with other project files to ensure that documentation stays synchronized with the codebase.
## Proxy-Awareness and Reverse Proxy Support
### Overview
AISBF is fully proxy-aware and can be deployed behind reverse proxies like nginx, Apache, or Caddy. The application automatically detects and respects standard proxy headers to ensure correct URL generation and routing.
AISBF is fully proxy-aware and can be deployed behind reverse proxies like nginx, Apache, or Caddy. The application automatically detects and respects standard proxy headers to ensure correct URL generation and routing.
### Proxy-Awareness Features
AISBF automatically handles:
-**X-Forwarded-Proto**: Detects original protocol (http/https)
-**X-Forwarded-Host**: Detects original hostname
-**X-Forwarded-Port**: Detects original port
-**X-Forwarded-Prefix** or **X-Script-Name**: Detects URL subpath/prefix
-**X-Forwarded-For**: Detects original client IP address
All URLs in the dashboard, redirects, and API responses are automatically adjusted based on these headers.
### Nginx Proxy Configuration Examples
#### Example 1: Simple Reverse Proxy (Root Path)
Deploy AISBF at the root of a domain (e.g., `https://aisbf.example.com/`):
-**`default_condense_method`**: Default condensation method(s) for all models
**Cascading Priority:**
1. Rotation model config (highest priority, only if explicitly set)
2. Provider model-specific config
3. Provider default config (NEW)
4. System defaults
This allows minimal model definitions in rotations - unspecified fields automatically inherit from provider defaults.
### Model Configuration
Models can be configured with the following optional fields:
...
...
@@ -86,7 +147,7 @@ Models can be configured with the following optional fields:
-**`rate_limit_TPD`**: Maximum tokens allowed per day (Tokens Per Day)
-**`context_size`**: Maximum context size in tokens for the model. Used to determine when to trigger context condensation.
-**`condense_context`**: Percentage (0-100) at which to trigger context condensation. 0 means disabled, any other value triggers condensation when context reaches this percentage of context_size.
-**`condense_method`**: String or list of strings specifying condensation method(s). Supported values: "hierarchical", "conversational", "semantic", "algoritmic". Multiple methods can be chained together.
-**`condense_method`**: String or list of strings specifying condensation method(s). Supported values: "hierarchical", "conversational", "semantic", "algorithmic". Multiple methods can be chained together.
When token rate limits are exceeded, providers are automatically disabled:
- TPM limit exceeded: Provider disabled for 1 minute
...
...
@@ -97,68 +158,133 @@ When token rate limits are exceeded, providers are automatically disabled:
When context exceeds the configured percentage of `context_size`, the system automatically condenses the prompt using one or more methods:
1.**Hierarchical**: Separates context into persistent (long-term facts) and transient (immediate task) layers
2.**Conversational**: Summarizes old messages using a smaller model to maintain conversation continuity
3.**Semantic**: Prunes irrelevant context based on current query using a smaller "janitor" model
4.**Algoritmic**: Uses mathematical compression for technical data and logs (similar to LLMLingua)
1.**Hierarchical**: Separates context into persistent (long-term facts) and transient (immediate task) layers - Pure algorithmic, no LLM needed
2.**Conversational**: Summarizes old messages using a smaller model to maintain conversation continuity - LLM-based
3.**Semantic**: Prunes irrelevant context based on current query using a smaller "janitor" model - LLM-based
4.**Algorithmic**: Uses mathematical compression for technical data and logs (similar to LLMLingua) - Pure algorithmic, no LLM needed
**Note:** Only `conversational` and `semantic` methods require LLM calls and use prompt files from `config/`. The `hierarchical` and `algorithmic` methods are pure algorithmic transformations.
See `config/providers.json` and `config/rotations.json` for configuration examples.
## API Endpoints
### Three Proxy Paths
AISBF provides three ways to proxy AI models:
#### PATH 1: Direct Provider Models
Format: `{provider_id}/{model_name}`
- Access specific models from configured providers
<small style="color: #a0a0a0; font-size: 12px; display: block; margin-top: 5px;">Choose "internal" to use the configured internal model, or select a rotation/provider model</small>
</div>
<div class="form-group">
<label>Fallback Model (Default if selection fails)</label>
<small style="color: #666; font-size: 12px;">Be specific about when this model should be used (e.g., "Best for programming, code generation, debugging")</small>
Choose one authentication method: Kiro IDE credentials (creds_file), kiro-cli database (sqlite_db), or direct credentials (refresh_token + client_id/secret).
<inputtype="text"id="public_domain"name="public_domain"value="{{ config.server.public_domain or '' }}"placeholder="example.com (optional)">
<smallstyle="color: #666; display: block; margin-top: 5px;">If specified, Let's Encrypt will be used to generate valid SSL certificates. Leave empty to use self-signed certificates.</small>
</div>
<divclass="form-group">
<labelfor="ssl_cert">SSL Certificate Path</label>
<inputtype="text"id="ssl_cert"name="ssl_cert"value="{{ config.server.ssl_cert or '' }}"placeholder="~/.aisbf/cert.pem (default)">
<smallstyle="color: #666; display: block; margin-top: 5px;">Path to SSL certificate file. Leave empty to use default (~/.aisbf/cert.pem). Auto-generated using Let's Encrypt if public domain is set, otherwise self-signed.</small>
</div>
<divclass="form-group">
<labelfor="ssl_key">SSL Key Path</label>
<inputtype="text"id="ssl_key"name="ssl_key"value="{{ config.server.ssl_key or '' }}"placeholder="~/.aisbf/key.pem (default)">
<smallstyle="color: #666; display: block; margin-top: 5px;">Path to SSL private key file. Leave empty to use default (~/.aisbf/key.pem). Auto-generated with certificate.</small>