Merged
Conversation
Multi-module Maven project (core + provider modules + BOM) for integrating OpenAI and Anthropic with OCI authentication and routing. Modules: - oci-genai-bom: Version management BOM - oci-genai-core: OCI IAM auth, request signing, header injection, endpoint resolution - oci-genai-openai: Wraps openai-java SDK with OCI signing via custom HttpClient - oci-genai-anthropic: Wraps anthropic-sdk-java with OCI signing via custom HttpClient Supports all 4 OCI IAM auth types: oci_config, security_token, instance_principal, resource_principal. Includes sync and async client builders for both providers, and unit tests for core module. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When .apiKey("sk-...") is set, builders now create native SDK clients
with direct API key authentication, bypassing OCI IAM signing entirely.
This supports the Dev endpoint's x-api-key auth mode.
Both OCI IAM and API key paths are available from the same builder:
- OCI IAM: .authType("security_token") with signing interceptors
- API key: .apiKey("sk-...") using native AnthropicOkHttpClient/OpenAIOkHttpClient
Verified working against Dev endpoint with API key auth.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…PE/Dev testing - Fix OpenAI endpoint path to /20231130/actions/v1 (was /20231130/openai/v1) - Fix Anthropic endpoint path to /anthropic (was /20231130/anthropic) - Fix DuplicatableInputStream in OciSigningInterceptor (use WrappedByteArrayInputStream) - Add anthropic-version header in OciAnthropic and AsyncOciAnthropic - Fix OpenAI OciSigningHttpClient to build URL from baseUrl + pathSegments - Broaden exception handling in OciAuthProviderFactory - Add unit tests for OpenAI and Anthropic modules - Add OpenAI integration test examples Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OCI SDK 3.x RequestSignerImpl requires the body InputStream to implement DuplicatableInputStream for request signing. Replaced WrappedByteArrayInputStream with a custom DuplicatableByteArrayInputStream that satisfies this contract. Added LiveDemoTest for both Anthropic and OpenAI modules demonstrating the unified SDK against PPE endpoints with session token auth. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace multi-provider SDK with standalone OCI auth/signing library. Remove provider modules (openai, anthropic) and extract auth core into com.oracle.genai.auth package with OciAuthConfig builder API. Provider integrations moved to standalone examples. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Validates oci-genai-auth-java-core end-to-end against PPE endpoints. Anthropic and OpenAI confirmed working. Gemini disabled pending endpoint availability. All tests @disabled by default (require live OCI session). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update Gemini integration test and example to use correct OCI GenAI Google endpoint (/google/v1beta/models/...:generateContent) and native Gemini request format instead of OpenAI-compatible format. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OkHttp appends "; charset=utf-8" to Content-Type for string bodies. Some OCI endpoints strip the charset before signature verification, causing SIGNATURE_NOT_VALID errors. The fix normalizes Content-Type in OciSigningInterceptor before signing and on the re-attached body. All three providers now verified working on PPE: - Anthropic (claude-haiku-4-5): 200 - OpenAI (xai.grok-3): 200 - Gemini (google.gemini-2.5-flash): 200 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- OCI SDK: 3.57.2 → 3.72.1 - OkHttp: 4.12.0 → 5.3.2 - SLF4J: 2.0.16 → 2.0.17 - Add LICENSE.txt (UPL v1.0) All unit and integration tests verified passing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- OciEndpointResolver: enforce HTTPS + OCI domain (*.oraclecloud.com) on both baseUrl and serviceEndpoint using java.net.URI parsing; reject user-info and missing hosts - OciOkHttpClientFactory: redact Authorization, x-content-sha256, and opc-request-id headers in debug logging; use HEADERS level instead of BODY - Replace hardcoded OCIDs with env vars in all integration tests - Add OpenAIResponsesIntegrationTest for Responses API via OCI auth - Upgrade openai-java test dependency from 0.40.0 to 4.26.0 - Update .gitignore for CLAUDE.md, .claude/, and scratch/ Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Restructure examples into agenthub/ (Responses API) and partner/ (Chat Completions) to match oci-genai-auth-python layout - Remove Anthropic and Gemini examples and integration tests from main branch (preserved in feature/* branches) - Remove Anthropic SDK test dependency - Add repo scaffolding: CONTRIBUTING.md, SECURITY.md, PR template, GitHub Actions CI workflow (Java 17 + 21) - Update README with AgentHub vs Partner documentation pattern, API key auth instructions, and OCI IAM policy examples - Update .gitignore with additional patterns Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…gh terminology - Change Partner base URL from /v1 to /20231130/actions/v1 - Rename OPENAI_API_KEY to OCI_GENAI_API_KEY across README and examples - Remove "passthrough" / "non-passthrough" language from README - Add examples/agenthub/README.md and examples/partner/openai/README.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
OGHO requires README.md to explicitly link to CONTRIBUTING.md and SECURITY.md. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
AgentHub DP endpoints only require the project_id (via openai-project header), not the compartment_id. Updated all AgentHub examples and README to reflect this. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Thank you for your pull request and welcome to our community! To contribute, please sign the Oracle Contributor Agreement (OCA).
To sign the OCA, please create an Oracle account and sign the OCA in Oracle's Contributor Agreement Application. When signing the OCA, please provide your GitHub username. After signing the OCA and getting an OCA approval from Oracle, this PR will be automatically updated. If you are an Oracle employee, please make sure that you are a member of the main Oracle GitHub organization, and your membership in this organization is public. |
oracle-contributor-agreement
bot
added
the
OCA Required
OpheliaLjh
added
OCA Verified
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
OkHttpClient(via OkHttp interceptors) that works with any vendor SDK (Anthropic, OpenAI, Gemini) or raw HTTP callsOciSigningInterceptor), header injection (OciHeaderInterceptor), endpoint resolution (OciEndpointResolver), and auth provider factory (OciAuthProviderFactory)Test plan
mvn clean verifypasses (27 unit tests)mvn dependency:tree -pl oci-genai-auth-java-coreshows no vendor SDK in compile scopeoci session authenticate