feat(ask_sb): Add headers param to config to allow users to specify custom headers

[brendan-kellam]

For example:

"models": [
        {
            "provider": "anthropic",
            "model": "claude-opus-4-1",
            "headers": {
                "cf-client-id": {
                    "env": "CF_CLIENT_ID"
                },
                "cf-client-secret": {
                    "env": "CF_CLIENT_SECRET"
                },
                "my-non-secret-header": "plaintextvalue"
            }
        }
    ]

Fixes #441

TODO:

• Documentation

Summary by CodeRabbit

• New Features

  • Added support for specifying optional custom HTTP headers in all language model configurations. Headers can be set as plain strings or securely referenced via secrets or environment variables.

• Bug Fixes

  • Improved clarity of token property descriptions in language model configuration schemas.

• Documentation

  • Updated schema documentation to reflect the new optional headers property for all supported language model providers.

[coderabbitai]

Walkthrough

This change introduces an optional headers property to all language model configuration schemas, types, and interfaces. The headers property allows specifying custom HTTP headers as either direct strings or secure references (via secrets or environment variables). The change is reflected across schema files, TypeScript types, and relevant backend logic, with corresponding adjustments to function signatures and interfaces.

Changes

Cohort / File(s)	Change Summary
Schema Definitions & Types docs/snippets/schemas/v3/index.schema.mdx, docs/snippets/schemas/v3/languageModel.schema.mdx, docs/snippets/schemas/v3/shared.schema.mdx, schemas/v3/languageModel.json, schemas/v3/shared.json, packages/schemas/src/v3/index.schema.ts, packages/schemas/src/v3/languageModel.schema.ts, packages/schemas/src/v3/shared.schema.ts	Added the optional headers property to all language model configuration schemas, referencing a new or updated LanguageModelHeaders definition. This property allows keys matching a specific pattern, with values as strings or objects referencing secrets or environment variables. Also, moved the description field for token properties in all schemas for clarity.
TypeScript Interfaces packages/schemas/src/v3/index.type.ts, packages/schemas/src/v3/languageModel.type.ts, packages/schemas/src/v3/shared.type.ts	Added the headers?: LanguageModelHeaders property to all language model interfaces. Introduced or updated the LanguageModelHeaders interface to support the new schema, enabling both string and secure reference values for headers.
Backend Chat Logic packages/web/src/app/api/(server)/chat/route.ts, packages/web/src/features/chat/agent.ts	Removed the headers parameter from relevant interfaces and function signatures in chat API and agent logic. The system no longer passes custom headers through these layers, simplifying the function contracts.
Language Model Provider Resolution packages/web/src/features/chat/actions.ts	Updated logic to resolve and inject custom headers for language model SDK clients. Added a helper function to resolve header values, including support for token references. Removed static header logic and updated function signatures and return types accordingly.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant ChatAPI
    participant Actions
    participant LMProvider
    participant TokenResolver

    User->>ChatAPI: Initiate chat request
    ChatAPI->>Actions: _getAISDKLanguageModelAndOptions(config, orgId)
    Actions->>Actions: Check config.headers
    alt headers present
        Actions->>TokenResolver: extractLanguageModelHeaders(headers, orgId, db)
        TokenResolver-->>Actions: Resolved headers (string-to-string)
        Actions->>LMProvider: Initialize with resolved headers
    else headers absent
        Actions->>LMProvider: Initialize without headers
    end
    Actions-->>ChatAPI: Return model and providerOptions
    ChatAPI-->>User: Stream/chat response

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

sourcebot-team

Poem

A bunny hops with schema flair,
Adding headers here and there.
Secrets and envs, so neatly arranged,
Through JSON and TypeScript, all is exchanged.
With tokens secure and configs anew,
This rabbit’s code is crisp and true!
🐇✨

Note

🔌 MCP (Model Context Protocol) integration is now available in Early Access!

Pro users can now connect to remote MCP servers under the Integrations page to get reviews and chat conversations that understand additional development context.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bkellam/language_model_headers

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

@brendan-kellam your pull request is missing a changelog!

[coderabbitai]

Actionable comments posted: 4

🔭 Outside diff range comments (1)

packages/schemas/src/v3/languageModel.type.ts (1)

1-1: Auto-generated interfaces are missing the headers property

The LanguageModelHeaders interface is defined in your schemas, but none of the generated language model interfaces include an optional

headers?: LanguageModelHeaders;

property. Please update your source JSON schemas (or generator templates) to add headers to every language model interface, then re-generate.

Affected files:

• packages/schemas/src/v3/languageModel.type.ts
• packages/schemas/src/v3/index.type.ts

After regeneration, re-run the verification script to confirm each interface now includes headers?: LanguageModelHeaders;.

♻️ Duplicate comments (11)

schemas/v3/languageModel.json (11)

77-80: Same observation as Lines 42-45 – duplication can be eliminated by introducing a shared “common” schema.

---

120-123: See earlier comment regarding factoring out the headers property.

---

156-158: See earlier comment regarding factoring out the headers property.

---

191-193: See earlier comment regarding factoring out the headers property.

---

242-244: See earlier comment regarding factoring out the headers property.

---

295-297: See earlier comment regarding factoring out the headers property.

---

330-332: See earlier comment regarding factoring out the headers property.

---

381-383: See earlier comment regarding factoring out the headers property.

---

419-421: See earlier comment regarding factoring out the headers property.

---

455-457: See earlier comment regarding factoring out the headers property.

---

494-496: See earlier comment regarding factoring out the headers property.

🧹 Nitpick comments (3)

schemas/v3/languageModel.json (1)

42-45: Avoid property duplication – consider hoisting headers into a common schema.

headers is now repeated verbatim across every provider definition. Embedding the new field through allOf with a single “LanguageModelCommon” schema (or similar) would:

• Eliminate copy-pasted blocks
• Reduce the chance of future drift when the field changes
• Keep the file shorter and more maintainable

Example sketch:

"LanguageModelCommon": {
  "type": "object",
  "properties": {
    "baseUrl": { ... },
    "headers": { "$ref": "./shared.json#/definitions/LanguageModelHeaders" }
  }
}

Then each provider could simply use:

"allOf": [
  { "$ref": "#/definitions/LanguageModelCommon" },
  { /* provider-specific props */ }
]

packages/web/src/features/chat/actions.ts (1)

602-604: Remove redundant null check

The headers parameter null check is redundant since this function is only called when config.headers exists (see all the conditional calls in the provider cases above).

-    if (!headers) {
-        return resolvedHeaders;
-    }
-

docs/snippets/schemas/v3/index.schema.mdx (1)

1303-1342: Add additionalProperties: false inside the headers object

Without this flag, values that fail the patternProperties check still pass validation, which defeats the purpose of the strict pattern. One-line fix:

  "headers": {
     "type": "object",
     "description": "Optional headers to use with the model.",
+    "additionalProperties": false,
     "patternProperties": {
       "^[a-zA-Z0-9_-]+$": { /* … */ }
     }
  }

This keeps the schema tight and prevents accidental typos in header names.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4f2644d and 819aeeb.

📒 Files selected for processing (14)

• docs/snippets/schemas/v3/index.schema.mdx (30 hunks)
• docs/snippets/schemas/v3/languageModel.schema.mdx (30 hunks)
• docs/snippets/schemas/v3/shared.schema.mdx (1 hunks)
• packages/schemas/src/v3/index.schema.ts (30 hunks)
• packages/schemas/src/v3/index.type.ts (12 hunks)
• packages/schemas/src/v3/languageModel.schema.ts (30 hunks)
• packages/schemas/src/v3/languageModel.type.ts (12 hunks)
• packages/schemas/src/v3/shared.schema.ts (1 hunks)
• packages/schemas/src/v3/shared.type.ts (1 hunks)
• packages/web/src/app/api/(server)/chat/route.ts (1 hunks)
• packages/web/src/features/chat/actions.ts (13 hunks)
• packages/web/src/features/chat/agent.ts (0 hunks)
• schemas/v3/languageModel.json (12 hunks)
• schemas/v3/shared.json (1 hunks)

💤 Files with no reviewable changes (1)

• packages/web/src/features/chat/agent.ts

🧰 Additional context used

📓 Path-based instructions (1)

**/*

📄 CodeRabbit Inference Engine (.cursor/rules/style.mdc)

Filenames should always be camelCase. Exception: if there are filenames in the same directory with a format other than camelCase, use that format to keep things consistent.

Files:

• schemas/v3/shared.json
• docs/snippets/schemas/v3/shared.schema.mdx
• packages/web/src/app/api/(server)/chat/route.ts
• packages/schemas/src/v3/languageModel.schema.ts
• packages/schemas/src/v3/index.type.ts
• packages/schemas/src/v3/shared.type.ts
• schemas/v3/languageModel.json
• packages/schemas/src/v3/shared.schema.ts
• packages/schemas/src/v3/languageModel.type.ts
• packages/web/src/features/chat/actions.ts
• docs/snippets/schemas/v3/index.schema.mdx
• packages/schemas/src/v3/index.schema.ts
• docs/snippets/schemas/v3/languageModel.schema.mdx

🧬 Code Graph Analysis (3)

packages/schemas/src/v3/index.type.ts (1)

packages/schemas/src/v3/languageModel.type.ts (1)

• LanguageModelHeaders (75-96)

packages/schemas/src/v3/shared.type.ts (2)

packages/schemas/src/v3/index.type.ts (1)

• LanguageModelHeaders (504-525)

packages/schemas/src/v3/languageModel.type.ts (1)

• LanguageModelHeaders (75-96)

packages/schemas/src/v3/languageModel.type.ts (2)

packages/schemas/src/v3/index.type.ts (1)

• LanguageModelHeaders (504-525)

packages/schemas/src/v3/shared.type.ts (1)

• LanguageModelHeaders (46-52)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (22)

schemas/v3/shared.json (1)

76-91: Pattern validation successful for LanguageModelHeaders

The regex ^[a-zA-Z0-9_-]+$ was tested against a variety of standard HTTP headers (e.g., Authorization, Content-Type, User-Agent, X-API-Key, Cache-Control, X-Custom_Header, api-key) and matches all of them. No updates to the pattern are necessary.

docs/snippets/schemas/v3/shared.schema.mdx (1)

78-120: Documentation inlines Token definitions consistently

A search across docs/snippets/schemas found no $ref usages—inline object definitions are the intentional, consistent approach for clarity in the documentation. No changes required.

packages/web/src/app/api/(server)/chat/route.ts (1)

91-91: Header handling is correctly centralized in the SDK initializer

– In packages/web/src/features/chat/actions.ts, each createX call now includes

headers: config.headers
  ? await extractLanguageModelHeaders(config.headers, orgId, prisma)
  : undefined,

ensuring that resolved headers are baked into the SDK client.
– The _getAISDKLanguageModelAndOptions function (in the same file) builds and returns a model whose internal request logic already applies these headers.
– Removing the standalone headers destructuring in route.ts and dropping it from createAgentStream is intentional and safe: the model returned by the helper now owns header injection.

No further changes required here.

packages/schemas/src/v3/shared.schema.ts (1)

77-119: Schema structure correctly mirrors the JSON definition.

The TypeScript schema constant properly defines the LanguageModelHeaders structure with inlined Token definitions, maintaining consistency with the JSON schema.

packages/schemas/src/v3/index.schema.ts (3)

1301-1343: Headers property implementation looks well-structured.

The headers property implementation follows a consistent pattern across all language model providers. The schema correctly allows both direct string values and secure references via secret or env objects, maintaining consistency with the existing token property patterns.

---

1394-1396: Good structural improvement to token descriptions.

Moving the description field from inside the anyOf array to a sibling property improves schema readability and follows JSON Schema best practices. This change makes the descriptions more accessible for documentation generation while maintaining the same validation behavior.

Also applies to: 1500-1502, 1606-1608

---

1305-1305: Header name pattern validated – no violations found.

The regex ^[a-zA-Z0-9_-]+$ covers all current header keys (e.g. Content-Type, X-Org-Domain, stripe-signature, etc.) and enforces a safe, consistent subset of token characters. No existing headers in the codebase use characters outside of letters, digits, underscores, or hyphens.

If in the future you need to support additional token characters (such as dots), you can revisit and extend this pattern then.

packages/schemas/src/v3/languageModel.schema.ts (3)

98-140: LGTM: Consistent headers implementation for Amazon Bedrock provider.

The headers property implementation is well-structured and follows established patterns in the codebase. The pattern ^[a-zA-Z0-9_-]+$ for header names is appropriate for HTTP headers, and the support for both string values and secure references (secret/env) maintains consistency with existing token handling.

---

191-192: Improved schema structure by moving token descriptions.

Moving the description fields to be siblings of the anyOf arrays rather than nested within them improves the JSON Schema structure. This makes it clearer that the description applies to the entire token property regardless of which variant (secret or env) is used.

Also applies to: 297-298, 403-404, 505-506, 623-624, 743-744, 845-846, 953-954, 1065-1066, 1171-1172, 1277-1278, 1523-1524, 1629-1630, 1735-1736, 1837-1838, 1955-1956, 2075-2076, 2177-2178, 2285-2286, 2397-2398, 2503-2504, 2609-2610

---

1337-2668: LGTM: Consistent headers implementation in oneOf schema variants.

The headers property has been consistently implemented across all language model provider variants in the oneOf section, maintaining the same structure and validation rules as in the definitions section. This ensures schema consistency and proper validation regardless of how the schema is used.

packages/schemas/src/v3/index.type.ts (2)

499-499: Consistent addition of optional headers property

The headers property has been consistently added as an optional field to all 12 language model interfaces. This maintains backward compatibility while enabling the new custom headers feature.

Also applies to: 559-559, 602-602, 637-637, 672-672, 715-715, 758-758, 793-793, 832-832, 867-867, 902-902, 937-937

---

1-1: Ignore duplication warning—interface defined once; headers property is consistent

Verified that LanguageModelHeaders is declared only once in packages/schemas/src/v3/index.type.ts and that every language model in languageModel.schema.ts includes an optional headers field. Because this file is auto-generated, please make any changes in the source schema (packages/schemas/src/v3/languageModel.schema.ts) and run yarn generate rather than editing index.type.ts directly.

Likely an incorrect or invalid review comment.

packages/web/src/features/chat/actions.ts (2)

392-394: Consistent headers extraction across all providers

The headers extraction has been consistently implemented for all 12 language model providers using the same pattern and helper function. This ensures uniform behavior across all providers.

Also applies to: 407-409, 430-432, 443-445, 458-460, 476-478, 502-504, 517-519, 532-534, 553-555, 568-570, 583-585

---

595-619: Well-structured headers extraction implementation

The function correctly handles both direct string values and secure token references (via secrets or environment variables), maintaining consistency with the existing token retrieval pattern used throughout the codebase.

docs/snippets/schemas/v3/index.schema.mdx (2)

1301-1344: Extract the headers schema into a single shared $ref to avoid massive duplication

The exact same headers object (pattern, anyOf, secret/env resolution) is inlined for every provider configuration and then duplicated again in the oneOf list.
This balloons the generated schema >2×, hurts diff-readability, and increases the risk that future edits forget one copy.

Prefer defining it once, e.g.:

"definitions": {
  "LanguageModelHeaders": {
    "type": "object",
    "description": "Optional headers to use with the model.",
    "patternProperties": {
      "^[a-zA-Z0-9_-]+$": { /* … current anyOf … */ }
    },
    "additionalProperties": false
  },
  /* existing defs … */
}

and then reference it:

- "headers": { /* huge inline block */ }
+ "headers": { "$ref": "#/definitions/LanguageModelHeaders" }

Doing so trims >3 000 lines from this file, speeds up downstream validators, and ensures one-shot maintenance.
[Suggest_essential_refactor]

---

1303-1342: Header names are treated as case-sensitive – confirm this is intentional

JSON-object keys are case-sensitive, whereas HTTP header field-names are explicitly case-insensitive (RFC 7230 §3.2).
With the current schema "Authorization" and "authorization" are two distinct entries and the latter could silently override the former at runtime.

If the implementation lower-cases keys before dispatch, add "propertyNames": { "transform": "lowercase" } in the canonical schema or document the requirement to use lower-case names only.
Otherwise consumers may configure duplicate headers without realising.

packages/schemas/src/v3/languageModel.type.ts (3)

70-70: LGTM!

The addition of the optional headers property to the AmazonBedrockLanguageModel interface is consistent with the pattern established for other optional properties.

---

72-96: Well-structured interface definition.

The LanguageModelHeaders interface properly supports both direct string values and secure references (secrets/environment variables). The regex pattern ^[a-zA-Z0-9_-]+$ for header keys is appropriate and the interface aligns with the existing codebase patterns.

---

130-130: Consistent implementation across all language model interfaces.

The addition of the optional headers property to all remaining language model interfaces (Anthropic, Azure, DeepSeek, Google Generative AI, Google Vertex Anthropic, Google Vertex, Mistral, OpenAI, OpenAI Compatible, OpenRouter, and XAI) follows a consistent pattern and maintains type safety.

Also applies to: 173-173, 208-208, 243-243, 286-286, 329-329, 364-364, 403-403, 438-438, 473-473, 508-508

docs/snippets/schemas/v3/languageModel.schema.mdx (3)

1-1: Auto-generated schema documentation is properly updated.

The systematic addition of headers properties across all language model schemas indicates the generation process is working correctly.

---

99-141: Comprehensive JSON schema validation for headers.

The headers property schema provides robust validation with:

• Pattern-based key validation (^[a-zA-Z0-9_-]+$)
• Flexible value types (string or secret/env references)
• Strict validation with additionalProperties: false

This structure ensures proper validation while maintaining flexibility for different header value types.

---

192-193: Systematic schema updates maintain consistency.

The relocation of token descriptions and consistent application of headers properties across all language model schemas ensures uniform validation behavior. The changes properly maintain the JSON schema structure with appropriate duplication between definitions and oneOf sections.

Also applies to: 298-299, 404-405, 506-507, 624-625, 744-745, 846-847, 954-955, 1066-1067, 1172-1173, 1278-1279, 1524-1525, 1630-1631, 1736-1737, 1838-1839, 1956-1957, 2076-2077, 2178-2179, 2286-2287, 2398-2399, 2504-2505, 2610-2611

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Remove duplicated LanguageModelHeaders interface

The LanguageModelHeaders interface is duplicated here. It's already defined in packages/schemas/src/v3/languageModel.type.ts. Since this is an auto-generated file, the duplication suggests an issue with the schema generation process.

---

🏁 Script executed:

#!/bin/bash
# Description: Verify the duplication and check if the interfaces are identical

# Compare the two interface definitions
echo "=== LanguageModelHeaders in index.type.ts ==="
sed -n '504,525p' packages/schemas/src/v3/index.type.ts

echo -e "\n=== LanguageModelHeaders in languageModel.type.ts ==="
sed -n '74,95p' packages/schemas/src/v3/languageModel.type.ts

# Check if languageModel.type.ts exports this interface
rg "export.*LanguageModelHeaders" packages/schemas/src/v3/languageModel.type.ts

Length of output: 1647

---

Remove duplicated LanguageModelHeaders interface

The LanguageModelHeaders interface is defined in both files, leading to needless duplication and a maintenance risk if they drift apart. Since it’s already exported from packages/schemas/src/v3/languageModel.type.ts, remove the duplicate in packages/schemas/src/v3/index.type.ts and import it instead.

• packages/schemas/src/v3/index.type.ts (lines 504–525): delete this definition
• packages/schemas/src/v3/languageModel.type.ts (lines 74–95): keep as the single source of truth

Also update the schema generation process to prevent reintroducing this duplication.

🤖 Prompt for AI Agents

In packages/schemas/src/v3/index.type.ts lines 504 to 525, remove the entire
duplicated LanguageModelHeaders interface definition. Instead, import
LanguageModelHeaders from packages/schemas/src/v3/languageModel.type.ts where it
is already defined (lines 74 to 95). Additionally, update the schema generation
process to avoid regenerating this duplicate interface in index.type.ts in the
future.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Consider expanding the header name pattern for broader compatibility.

The current pattern ^[a-zA-Z0-9_-]+$ for header names is restrictive and may not support all valid HTTP header names. According to RFC 7230, header names can include additional characters like dots. Consider whether the pattern should be expanded to support more characters or if the current restriction is intentional for security/consistency reasons.

Let me check what characters are typically allowed in HTTP header names:

Also applies to: 204-204, 314-314, 416-416, 518-518, 636-636, 756-756, 858-858, 976-976, 1081-1081, 1184-1184, 1290-1290, 1434-1434, 1536-1536, 1646-1646, 1748-1748, 1850-1850, 1968-1968, 2088-2088, 2190-2190, 2308-2308, 2413-2413, 2516-2516, 2622-2622

---

🌐 Web query:

What characters are allowed in HTTP header names according to RFC specifications?

💡 Result:

According to RFC 7230 (which updates and supersedes earlier HTTP specifications):

HTTP header field names consist of tokens. The characters allowed in a token are defined as any visible ASCII characters except delimiters and control characters.

Specifically, the characters allowed in HTTP header names are:

• US-ASCII characters from 33 to 126 decimal, excluding separators.
• Separators are:
  ()<>@,;:\\"/[]?={} \t

More precisely, a header field-name is defined as:

field-name = token
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA

Where:

• ALPHA = A-Z or a-z
• DIGIT = 0-9

So the allowed characters in HTTP header names are:

• Letters (A-Z, a-z)
• Digits (0-9)
• Special characters: ! # $ % & ' * + - . ^ _ ` | ~

Spaces, control characters, and separators such as parentheses, angle brackets, slashes, commas, colons, semicolons, equals signs, and quotes are NOT allowed in header field names.

This ensures header names are case-insensitive and have a well-defined token syntax.

Let me know if you want me to look up the exact latest wording from the RFC or provide examples!

---

Expand header name regex to fully support RFC 7230 token syntax

The current pattern ^[a-zA-Z0-9_-]+$ only allows letters, digits, underscore and hyphen. Per RFC 7230, a header field-name is a “token” comprising:

tchar = “!” / “#” / “$” / “%” / “&” / “‘” / “*” / “+” / “-” / “.” / “^” / “_” / “`” / “|” / “~” / DIGIT / ALPHA

To match all valid header names, consider replacing your regex with, for example:

- "^[a-zA-Z0-9_-]+$":
+ "^[!#$%&'*+\\-.^_`|~0-9A-Za-z]+$":

Please update this in all occurrences (lines 102, 204, 314, 416, etc.) of languageModel.schema.ts. If the more restrictive set was intentional for security or consistency, add a comment explaining the rationale.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"^[a-zA-Z0-9_-]+$": {
	"^[!#$%&'*+\\-.^_`|~0-9A-Za-z]+$": {

🤖 Prompt for AI Agents

In packages/schemas/src/v3/languageModel.schema.ts at lines 102, 204, 314, 416,
and any other occurrences, the regex for header names currently only allows
letters, digits, underscore, and hyphen, which is narrower than the RFC 7230
token specification. Update the regex pattern to include all valid tchar
characters from RFC 7230: ! # $ % & ' * + - . ^ _ ` | ~ along with digits and
letters. If the restricted pattern was intentional, add a comment explaining why
this limitation is necessary for security or consistency.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

TypeScript interface correctly mirrors the JSON schema.

The LanguageModelHeaders interface properly defines the type structure with string keys and string | Token values.

There appear to be duplicate LanguageModelHeaders interfaces across multiple files. Verify this doesn't cause conflicts:

---

🏁 Script executed:

#!/bin/bash
# Description: Check for duplicate LanguageModelHeaders interface definitions
# Expected: Should identify if there are conflicting definitions

echo "Searching for LanguageModelHeaders interface definitions:"
fd -e ts -x grep -l "interface LanguageModelHeaders" {} \;

echo -e "\nChecking for differences between definitions:"
rg -A 20 "export interface LanguageModelHeaders" --type ts

Length of output: 3928

---

Consolidate duplicate LanguageModelHeaders interface definitions

There are three conflicting definitions of LanguageModelHeaders in your v3 schema files:

• packages/schemas/src/v3/shared.type.ts

export interface LanguageModelHeaders {
  [k: string]: string | Token;
}

• packages/schemas/src/v3/index.type.ts and languageModel.type.ts

export interface LanguageModelHeaders {
  [k: string]:
    | string
    | { secret: string }
    | { env: string };
}

These variants diverge in their allowed value shapes and will lead to type‐inconsistencies and potential runtime errors. Please choose a single, authoritative definition (e.g. in shared.type.ts), update the JSON schemas accordingly, and import/reference it from the other modules instead of redefining it.

🤖 Prompt for AI Agents

In packages/schemas/src/v3/shared.type.ts around lines 40 to 52, there are
multiple conflicting definitions of the LanguageModelHeaders interface across
different files, causing type inconsistencies. To fix this, consolidate the
interface by choosing a single authoritative definition (preferably in
shared.type.ts) that includes all necessary value types (string, Token, and the
secret/env objects). Then update the JSON schemas to match this unified
definition and modify other files like index.type.ts and languageModel.type.ts
to import and reference this shared interface instead of redefining it.

[coderabbitai]

⚠️ Potential issue

Remove debug console.log statement

This line logs potentially sensitive header information (which may include API keys or tokens) and should not be in production code.

-    console.log(resolvedHeaders);
-

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

console.log(resolvedHeaders);

🤖 Prompt for AI Agents

In packages/web/src/features/chat/actions.ts at line 616, remove the console.log
statement that outputs resolvedHeaders to avoid exposing sensitive header
information such as API keys or tokens in production code.

[Ferexx]

Nothing to add beyond bot's comments.