feat: add Amazon Bedrock support with credentials schema refactor #3005

devin-ai-integration · 2026-01-13T01:44:37Z

Summary

Adds Amazon Bedrock as a new LLM provider option and refactors the AI provider credentials storage from flat fields to a discriminated union JSON structure.

Bedrock Provider:

Added Bedrock provider entry supporting two authentication methods:
- API Key (recommended): Uses AWS Bearer Token for simpler setup
- AWS Credentials (SigV4): Uses access_key_id, secret_access_key, and region
Added UI toggle for users to choose between authentication methods
Added Bedrock icon from @lobehub/icons
Added setup instructions pointing to AWS IAM Console
Added createAmazonBedrock integration in useLLMConnection.ts with conditional auth handling

Credentials Schema Refactor:

Replaced flat base_url/api_key fields with discriminated union credentials JSON field
Two credential types: api_key (base_url?, api_key) and aws (access_key_id, secret_access_key, region)
Simplified TinyBase store schema from multiple columns to single credentials column
Added migration logic in transform.ts to convert legacy flat fields to new JSON format
Updated ProviderEligibilityContext to accept parsed Credentials type instead of flat config
Updated all connection hooks (useLLMConnection.ts, useSTTConnection.ts) to parse credentials JSON

Updates since last revision:

Added requires_config_one_of requirement kind for providers that accept multiple credential types (either/or field requirements)
Added UI toggle in provider configuration for Bedrock to switch between "API Key" and "AWS Credentials" authentication
Updated useLLMConnection.ts to check for apiKey first and use API Key auth, otherwise fall back to SigV4 auth
Fixed credential type detection for new provider configurations
Fixed migration bug for legacy data with empty api_key
Fixed missing baseUrl field in STT provider eligibility check
Extracted normalizeBaseUrl to shared utility in @hypr/store
Added test coverage for AWS credentials roundtrip and legacy migration

Fixes from code review (latest):

Fixed silent data loss during migration: provider configs with base_url but empty credentials are now preserved instead of being silently dropped
Added form validation: isFormValid helper prevents saving invalid intermediate states during auto-submit
Improved error messages: new missing_config_one_of blocker type properly explains either/or credential requirements instead of listing all fields as required
Added runtime type validation: parseCredentials now accepts unknown type and validates input is a string before parsing, removing unsafe type casts throughout the codebase

Review & Testing Checklist for Human

Test migration with custom providers: If you have custom OpenAI-compatible providers configured with only base_url (no API key), verify they are preserved after the migration
Test Bedrock auth method toggle: Open Settings > AI > LLM > Amazon Bedrock, verify the "Authentication Method" toggle appears with "API Key" and "AWS Credentials" buttons, and that switching between them shows/hides the appropriate fields
Test form validation: While configuring a provider, type partial credentials and verify incomplete states are not saved (check settings.json)
Test Bedrock with API Key: Configure Bedrock with an API Key (AWS Bearer Token), save, close settings, reopen and verify persistence
Test Bedrock with AWS Credentials: Configure Bedrock with Access Key ID, Secret Access Key, and Region, save, close settings, reopen and verify persistence
Verify existing providers still work: Test that OpenAI, Anthropic, OpenRouter, Ollama, etc. still validate, save, and connect correctly after the schema change

Recommended test plan:

If you have existing settings, back them up first
Open the app and navigate to Settings > AI > LLM
Verify all existing providers show their expected fields and saved values
Expand Amazon Bedrock - confirm it shows the "Authentication Method" toggle with "API Key" selected by default
Click "AWS Credentials" button - verify Access Key ID, Secret Access Key, and Region fields appear (API Key field should hide)
Click "API Key" button - verify API Key field appears (AWS fields should hide)
Navigate to Settings > AI > STT and verify providers can be selected
Configure a provider (e.g., OpenAI with API key), save, close settings, reopen and verify persistence
Check settings.json file to confirm flat field format is preserved
(Optional) If you have AWS Bedrock access, configure real credentials and test a chat completion with both auth methods

Notes

The credentials are stored internally as JSON strings in TinyBase but transformed back to flat fields when writing to settings.json for human readability. The migration from legacy format happens transparently on load via settingsToProviderRows().

The Bedrock integration uses @ai-sdk/amazon-bedrock which was already a dependency. The provider defaults to us-east-1 region if none is specified. Per the Vercel AI SDK docs, API Key authentication is the recommended method, with SigV4 as a fallback.

Requested by @yujonglee

Link to Devin run: https://app.devin.ai/sessions/9e517eda38854c9fabea1213efa088da

devin-ai-integration · 2026-01-13T01:44:42Z

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

Address comments on this PR that start with 'DevinAI' or '@devin'.
Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

Disable automatic comment and CI monitoring

netlify · 2026-01-13T01:44:43Z

✅ Deploy Preview for howto-fix-macos-audio-selection ready!

Name	Link
🔨 Latest commit	`3960a18`
🔍 Latest deploy log	https://app.netlify.com/projects/howto-fix-macos-audio-selection/deploys/6968aa14051ff700082de4e8
😎 Deploy Preview	https://deploy-preview-3005--howto-fix-macos-audio-selection.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

netlify · 2026-01-13T01:44:43Z

✅ Deploy Preview for hyprnote ready!

Name	Link
🔨 Latest commit	`3960a18`
🔍 Latest deploy log	https://app.netlify.com/projects/hyprnote/deploys/6968aa146976960008b262fc
😎 Deploy Preview	https://deploy-preview-3005--hyprnote.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

netlify · 2026-01-13T01:44:44Z

✅ Deploy Preview for hyprnote-storybook ready!

Name	Link
🔨 Latest commit	`3960a18`
🔍 Latest deploy log	https://app.netlify.com/projects/hyprnote-storybook/deploys/6968aa14cda1810008a39b9f
😎 Deploy Preview	https://deploy-preview-3005--hyprnote-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

apps/desktop/src/components/settings/ai/shared/index.tsx

apps/desktop/src/store/tinybase/persister/settings/transform.ts

apps/desktop/src/components/settings/ai/shared/index.tsx

yujonglee · 2026-01-14T01:38:39Z

/update

apps/desktop/src/components/settings/ai/stt/select.tsx

devin-ai-integration · 2026-01-14T11:57:13Z

Devin is archived and cannot be woken up. Please unarchive Devin if you want to continue using it.

devin-ai-integration

Devin Review found 2 potential issues

Review with Devin

apps/desktop/src/hooks/useLLMConnection.ts

apps/desktop/src/store/tinybase/persister/settings/transform.ts

yujonglee · 2026-01-15T08:48:44Z

/update

- Add Bedrock provider with access_key_id, secret_access_key, and region fields - Extend ConfigField type to support new credential fields - Update aiProviderSchema to include optional Bedrock credentials - Update SETTINGS_MAPPING and queries to handle new fields - Add form fields for Bedrock credentials in NonHyprProviderCard - Add Bedrock icon from @lobehub/icons Co-Authored-By: yujonglee <yujonglee.dev@gmail.com>