fix(bookstack-agent): use Authorization: Bearer when routing via LLM gateway#97
Merged
Conversation
…gateway The Anthropic SDK sends x-api-key for auth, but the proxy gateway requires Authorization: Bearer. When LLM_BASE_URL is set, the agent now reads LLM_API_KEY (the gateway-issued bearer token) and injects it via default_headers so the gateway accepts the request. Previously the SDK sent x-api-key: <gateway_token> directly to Anthropic (if LLM_BASE_URL was unset) or to the gateway (where it failed auth), both resulting in a 401 'invalid x-api-key'. Startup validation is also updated: when LLM_BASE_URL is set, LLM_API_KEY is required instead of ANTHROPIC_API_KEY.
for more information, see https://pre-commit.ci
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The Anthropic SDK sends
x-api-key: <key>for authentication. The proxy gateway requiresAuthorization: Bearer <token>. WhenLLM_BASE_URLis set, every request failed with 401invalid x-api-key— either because the gateway rejected the missing Bearer header, or because the gateway key was sent directly to Anthropic.Fix
BookstackQAAgent: adds allm_api_keyparameter (read fromLLM_API_KEYenv var). WhenLLM_BASE_URLis set, the SDK is initialised withdefault_headers={"Authorization": "Bearer <key>"}so the gateway authenticates it correctly. The gateway'sbuild_upstream_headersthen replaces the auth header with the real provider key before forwarding to Anthropic.api/main.py: startup validation now checks forLLM_API_KEY(instead ofANTHROPIC_API_KEY) whenLLM_BASE_URLis configured.Deployment change required
When using the gateway, set both env vars on the bookstack API container:
ANTHROPIC_API_KEYis no longer needed whenLLM_BASE_URLis set.Test plan
LLM_BASE_URL+LLM_API_KEYset — agent should connect successfullyLLM_BASE_URL(ANTHROPIC_API_KEYonly) — agent should still work via direct AnthropicLLM_BASE_URLbut withoutLLM_API_KEY— startup should fail with a clear error message