AIBridge is a smart proxy for AI. It acts as a man-in-the-middle between your users' coding agents / IDEs

andAIproviders like OpenAI and Anthropic. By intercepting all the AI traffic between these clients and

the upstream APIs,AIBridge can record user prompts, token usage, and tool invocations.

Bridge is a smart proxy for AI. It acts as a man-in-the-middle between your users' coding agents / IDEs

and providers like OpenAI and Anthropic. By intercepting all the AI traffic between these clients and

the upstream APIs, Bridge can record user prompts, token usage, and tool invocations.

AIBridge solves 3 key problems:

Bridge solves 3 key problems:

1.**Centralized authn/z management**: no more issuing & managing API tokens for OpenAI/Anthropic usage.

Users use their Coder session or API tokens to authenticate with`coderd` (Coder control plane), and

3.**Centralized MCP administration**: define a set of approved MCP servers and tools which your users may

use, and prevent users from using their own.

As the library of LLMs and their associated tools grow, administrators are pressured to provide auditing, measure adoption, provide tools through MCP, and track token spend. Disparate SAAS platforms provide_some_ of these for_some_ tools, but there is no centralized, secure solution for these challenges.

AIBridge runs inside the Coder control plane, requiring no separate compute to deploy or scale. Once enabled,`coderd` hosts the bridge in-memory and brokers traffic to your configured AI providers on behalf of authenticated users.

Bridge runs inside the Coder control plane, requiring no separate compute to deploy or scale. Once enabled,`coderd` hosts the bridge in-memory and brokers traffic to your configured AI providers on behalf of authenticated users.

**Required**:

To enable this feature, activate the`aibridge` experiment using an environment variable or a CLI flag.

Additionally, you will need to enableAIBridge explicitly:

Additionally, you will need to enable Bridge explicitly:

CODER_EXPERIMENTS="aibridge" CODER_AIBRIDGE_ENABLED=true coder server

AIBridge currently supports OpenAI and Anthropic APIs.

Bridge currently supports OpenAI and Anthropic APIs.

**API Key**:

The single key used to authenticate all requests fromAIBridge to OpenAI/Anthropic APIs.

The single key used to authenticate all requests from Bridge to OpenAI/Anthropic APIs.

-`CODER_AIBRIDGE_OPENAI_KEY` or`--aibridge-openai-key`

-`CODER_AIBRIDGE_ANTHROPIC_KEY` or`--aibridge-anthropic-key`

**Base URL**:

The API to whichAIBridge will relay requests.

The API to which Bridge will relay requests.

-`CODER_AIBRIDGE_OPENAI_BASE_URL` or`--aibridge-openai-base-url`, defaults to`https://api.openai.com/v1/`

-`CODER_AIBRIDGE_ANTHROPIC_BASE_URL` or`--aibridge-anthropic-base-url`, defaults to`https://api.anthropic.com/`

AI bridge is compatible with_[Google Vertex AI](https://cloud.google.com/vertex-ai?hl=en)_,_[AWS Bedrock](https://aws.amazon.com/bedrock/)_, and other LLM brokers. You may specify the base URL(s) above to the appropriate API endpoint for your provider.

Bridge is compatible with_[Google Vertex AI](https://cloud.google.com/vertex-ai?hl=en)_,_[AWS Bedrock](https://aws.amazon.com/bedrock/)_, and other LLM brokers. You may specify the base URL(s) above to the appropriate API endpoint for your provider.

AIBridge collects:

Bridge collects:

- The last`user` prompt of each request

- All token usage (associated with each prompt)

`coderd` runs an in-memory instance of`aibridged`, whose logic is mostly contained inhttps://github.com/coder/aibridge. In future releases we will support running external instances for higher throughput and complete memory isolation from`coderd`.

<details>

<summary>See a diagram of howAIBridge interception works</summary>

<summary>See a diagram of how Bridge interception works</summary>

[Model Context Protocol (MCP)](https://modelcontextprotocol.io/docs/getting-started/intro) is a mechanism for connecting AI applications to external systems.

AIBridge can connect to MCP servers and inject tools automatically, enabling you to centrally manage the list of tools you wish to grant your users.

Bridge can connect to MCP servers and inject tools automatically, enabling you to centrally manage the list of tools you wish to grant your users.

AIBridge makes use of[External Auth](../admin/external-auth/index.md) applications, as they define OAuth2 connections to upstream services. If your External Auth application hosts a remote MCP server, you can configure AI Bridge to connect to it, retrieve its tools and inject them into requests automatically - all while using each individual user's access token.

Bridge makes use of[External Auth](../admin/external-auth/index.md) applications, as they define OAuth2 connections to upstream services. If your External Auth application hosts a remote MCP server, you can configure Bridge to connect to it, retrieve its tools and inject them into requests automatically - all while using each individual user's access token.

For example, GitHub has a[remote MCP server](https://github.com/github/github-mcp-server?tab=readme-ov-file#remote-github-mcp-server) and we can use it as follows.

CODER_EXTERNAL_AUTH_0_TYPE=github

CODER_EXTERNAL_AUTH_0_CLIENT_ID=...

CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=...

CODER_EXTERNAL_AUTH_0_MCP_URL=https://api.githubcopilot.com/mcp/

AIBridge marks automatically injected tools with a prefix`bmcp_` ("bridged MCP"). It also namespaces all tool names by the ID of their associated External Auth application (in this case`github`).

Bridge marks automatically injected tools with a prefix`bmcp_` ("bridged MCP"). It also namespaces all tool names by the ID of their associated External Auth application (in this case`github`).

If a model decides to invoke a tool and it has a`bmcp_` suffix andAIBridge has a connection with the related MCP server, it will invoke the tool. The tool result will be passed back to the upstream AI provider, and this will loop until the model has all of its required data. These inner loops are not relayed back to the client; all it seems is the result of this loop. See[Implementation Details](#implementation-details).

If a model decides to invoke a tool and it has a`bmcp_` suffix and Bridge has a connection with the related MCP server, it will invoke the tool. The tool result will be passed back to the upstream AI provider, and this will loop until the model has all of its required data. These inner loops are not relayed back to the client; all it seems is the result of this loop. See[Implementation Details](#implementation-details).

In contrast, tools which are defined by the client (i.e. the[`Bash` tool](https://docs.claude.com/en/docs/claude-code/settings#tools-available-to-claude) defined by_Claude Code_) cannot be invoked byAIBridge, and the tool call from the model will be relayed to the client, after which it will invoke the tool.

In contrast, tools which are defined by the client (i.e. the[`Bash` tool](https://docs.claude.com/en/docs/claude-code/settings#tools-available-to-claude) defined by_Claude Code_) cannot be invoked by Bridge, and the tool call from the model will be relayed to the client, after which it will invoke the tool.

If you have the`oauth2` and`mcp-server-http` experiments enabled, Coder's own[internal MCP tools](mcp-server.md) will be injected automatically.

- Codex CLI currently does not work withAIBridge due to a JSON marshaling issue:https://github.com/coder/aibridge/issues/19

- Codex CLI currently does not work with Bridge due to a JSON marshaling issue:https://github.com/coder/aibridge/issues/19

- Claude Code web searches do not report correctly:https://github.com/coder/aibridge/issues/11

API support is broken down into two categories:

-**Intercepted**: requests are intercepted, audited, and augmented - fullAIBridge functionality

-**Intercepted**: requests are intercepted, audited, and augmented - full Bridge functionality

-**Passthrough**: requests are proxied directly to the upstream, no auditing or augmentation takes place

Where relevant, both streaming and non-streaming requests are supported.