[codex] Add AWS Bedrock provider authentication

[HAYDEN-OAI]

Summary

• add an OpenAI-owned, opaque provider seam to the standard OpenAI and AsyncOpenAI clients
• expose Amazon Bedrock through from openai.providers import bedrock and OpenAI(provider=bedrock(...))
• make the Bedrock adapter own endpoint selection, bearer authentication, AWS credential resolution, and final-request SigV4 signing
• keep BedrockOpenAI, AsyncBedrockOpenAI, and the legacy module client as compatibility facades over the same provider implementation
• update the README and example to lead with the provider API and add shared Python/TypeScript SigV4 conformance coverage

This supersedes the earlier client-specific implementation while retaining its useful AWS authentication foundation. Thanks to Jim Blomo for the original draft and auth work: jim-openai#1.

Provider architecture

Provider configs are created only by OpenAI-owned factories and remain opaque to callers. The base client continues to own resources, request construction, retries, streaming, response parsing, and errors; the provider runtime supplies its base URL and lifecycle hooks for request-option transforms, final-request authentication, and response normalization.

When provider is configured, top-level api_key, admin_api_key, workload_identity, and base_url are rejected so authentication and routing have one clear owner. OpenAI-specific credential and routing environment variables are ignored. Provider configuration survives with_options(), can be replaced with another provider, or can be removed when switching back to normal OpenAI credentials.

Response normalization runs before retry and status handling, and request authentication runs against the fully built request on every attempt.

Bedrock authentication and safety

The Bedrock provider supports:

• the normal AWS credential chain, including environment, shared config, named profile, SSO/assume-role, and workload credentials
• explicit access key, secret key, and optional session token
• refreshable botocore-compatible credential providers
• static, environment, or refreshable Bedrock bearer tokens

SigV4 uses the bedrock-mantle service name and the /openai/v1 endpoint contract. Every retry rebuilds and signs the final request with fresh credentials and time. Request bodies are hashed exactly; one-shot bodies are rejected for SigV4, and UNSIGNED-PAYLOAD and AWS-chunked streaming are intentionally outside this milestone.

Both bearer and SigV4 authentication are bound to the configured origin. Custom Authorization headers are rejected, custom HTTPX auth cannot replace provider auth, canonical endpoint/signing-region mismatches are rejected, and automatic redirects are disabled for SigV4. Secret values are excluded from provider and compatibility-state representations, and temporary AWS session headers remain redacted from logs.

Async AWS credential construction, refresh, and signing are moved off the event-loop thread. Botocore remains lazy and optional for bearer-only users, with openai[bedrock] providing the AWS dependencies.

Compatibility

BedrockOpenAI and AsyncBedrockOpenAI translate their existing options into bedrock(...). Their mutable api_key, routing, subclass, module-client, and chained with_options() behavior is preserved by resynchronizing the provider runtime rather than maintaining a second wire-auth implementation.

Environment bearer credentials retain the legacy capture behavior in the compatibility clients, while the new public provider refreshes AWS_BEARER_TOKEN_BEDROCK per attempt and across clones.

Validation

• pytest -q -n 0 -p no:benchmark tests/lib tests/test_module_client.py tests/test_utils/test_logging.py — 261 passed
• focused client, Azure, module-client, and Bedrock suite — 376 passed
• Bedrock provider/auth/module suite — 144 passed
• ruff check .
• ruff format --check
• targeted Mypy across all changed source files — no issues
• targeted Pyright across changed source and tests — 0 errors
• shared SigV4 fixture is byte-identical to the TypeScript SDK fixture
• independent architecture, compatibility, and security review passes found no remaining merge-blocking issues

Full-repository Mypy in this local environment still reports two unrelated existing Pydantic override-signature errors in src/openai/_models.py; the changed files are clean.

Remaining validation

• run live AWS smoke tests with representative default-chain, temporary-session, retry, and response-streaming paths