Feat/bedrock config path

.env.example

@@ -26,6 +26,7 @@ BEDROCK_ACCESS_KEY_ID=
 BEDROCK_SECRET_ACCESS_KEY=
 BEDROCK_SESSION_TOKEN=
 BEDROCK_SERVER_URL=
+BEDROCK_CONFIG_PATH= # Optional: path to a custom YAML provider config on the host (e.g. ./glm_flash_bedrock.yml next to docker-compose.yml); the name field inside the YAML sets the provider name in the UI
 
 ## DeepSeek LLM provider
 DEEPSEEK_API_KEY=

README.md

@@ -1705,6 +1705,7 @@ PentAGI integrates with Amazon Bedrock, offering access to 20+ foundation models
 | `BEDROCK_SECRET_ACCESS_KEY` |             | AWS secret access key for static credentials                                                        |
 | `BEDROCK_SESSION_TOKEN`     |             | AWS session token for temporary credentials (optional, used with static credentials)                |
 | `BEDROCK_SERVER_URL`        |             | Custom Bedrock endpoint (VPC endpoints, local testing)                                              |
+| `BEDROCK_CONFIG_PATH`       |             | Path to a custom YAML provider config file (overrides the built-in default config for model/pricing definitions) |
 
 **Authentication Priority**: `BEDROCK_DEFAULT_AUTH` → `BEDROCK_BEARER_TOKEN` → `BEDROCK_ACCESS_KEY_ID`+`BEDROCK_SECRET_ACCESS_KEY`
 
@@ -2643,6 +2644,7 @@ BEDROCK_ACCESS_KEY_ID=your_aws_access_key        # AWS access key ID (static cre
 BEDROCK_SECRET_ACCESS_KEY=your_aws_secret_key    # AWS secret access key (static credentials)
 BEDROCK_SESSION_TOKEN=                           # AWS session token (optional, for temporary credentials with static auth)
 BEDROCK_SERVER_URL=                              # Optional custom Bedrock endpoint (VPC endpoints, local testing)
+BEDROCK_CONFIG_PATH=                             # Optional path to a custom YAML provider config (overrides built-in model/pricing definitions)
 
 # For Ollama (local server or cloud)
 OLLAMA_SERVER_URL=                               # Local: http://ollama-server:11434, Cloud: https://ollama.com

backend/cmd/ctester/main.go

@@ -168,7 +168,7 @@ func createProvider(providerType string, cfg *config.Config) (provider.Provider,
 				"BEDROCK_DEFAULT_AUTH=true, BEDROCK_BEARER_TOKEN, or " +
 				"BEDROCK_ACCESS_KEY_ID+BEDROCK_SECRET_ACCESS_KEY")
 		}
-		providerConfig, err := bedrock.DefaultProviderConfig()
+		providerConfig, err := bedrock.DefaultProviderConfig(cfg)
 		if err != nil {
 			return nil, fmt.Errorf("error creating bedrock provider config: %w", err)
 		}

backend/pkg/config/config.go

@@ -111,6 +111,7 @@ type Config struct {
 	BedrockSecretKey    string `env:"BEDROCK_SECRET_ACCESS_KEY"`
 	BedrockSessionToken string `env:"BEDROCK_SESSION_TOKEN"`
 	BedrockServerURL    string `env:"BEDROCK_SERVER_URL"`
+	BedrockConfig       string `env:"BEDROCK_CONFIG_PATH"`
 
 	// === LLM Provider: DeepSeek ===
 	DeepSeekAPIKey    string `env:"DEEPSEEK_API_KEY"`

backend/pkg/providers/bedrock/bedrock.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"os"
 	"reflect"
 	"sync"
 
@@ -48,8 +49,16 @@ func BuildProviderConfig(configData []byte) (*pconfig.ProviderConfig, error) {
 	return providerConfig, nil
 }
 
-func DefaultProviderConfig() (*pconfig.ProviderConfig, error) {
-	configData, err := configFS.ReadFile("config.yml")
+func DefaultProviderConfig(cfg *config.Config) (*pconfig.ProviderConfig, error) {
+	var (
+		configData []byte
+		err        error
+	)
+	if cfg.BedrockConfig == "" {
+		configData, err = configFS.ReadFile("config.yml")
+	} else {
+		configData, err = os.ReadFile(cfg.BedrockConfig)
+	}
 	if err != nil {
 		return nil, err
 	}

backend/pkg/providers/bedrock/bedrock_test.go

@@ -21,7 +21,7 @@ func TestConfigLoading(t *testing.T) {
 		BedrockSecretKey: "test-key",
 	}
 
-	providerConfig, err := DefaultProviderConfig()
+	providerConfig, err := DefaultProviderConfig(&config.Config{})
 	if err != nil {
 		t.Fatalf("Failed to create provider config: %v", err)
 	}
@@ -68,7 +68,7 @@ func TestProviderType(t *testing.T) {
 		BedrockSecretKey: "test-key",
 	}
 
-	providerConfig, err := DefaultProviderConfig()
+	providerConfig, err := DefaultProviderConfig(&config.Config{})
 	if err != nil {
 		t.Fatalf("Failed to create provider config: %v", err)
 	}
@@ -154,7 +154,7 @@ func TestGetUsage(t *testing.T) {
 		BedrockSecretKey: "test-key",
 	}
 
-	providerConfig, err := DefaultProviderConfig()
+	providerConfig, err := DefaultProviderConfig(&config.Config{})
 	if err != nil {
 		t.Fatalf("Failed to create provider config: %v", err)
 	}
@@ -877,7 +877,7 @@ func TestExtractToolsFromOptions(t *testing.T) {
 
 // TestAuthenticationStrategies verifies all supported authentication methods.
 func TestAuthenticationStrategies(t *testing.T) {
-	providerConfig, err := DefaultProviderConfig()
+	providerConfig, err := DefaultProviderConfig(&config.Config{})
 	if err != nil {
 		t.Fatalf("Failed to create provider config: %v", err)
 	}
@@ -1020,7 +1020,7 @@ func TestAuthenticationStrategies(t *testing.T) {
 
 // TestAuthenticationErrors verifies error handling for invalid configurations.
 func TestAuthenticationErrors(t *testing.T) {
-	providerConfig, err := DefaultProviderConfig()
+	providerConfig, err := DefaultProviderConfig(&config.Config{})
 	if err != nil {
 		t.Fatalf("Failed to create provider config: %v", err)
 	}

backend/pkg/providers/pconfig/config.go

@@ -214,6 +214,7 @@ type AgentConfig struct {
 
 // ProviderConfig represents the configuration for all agents
 type ProviderConfig struct {
+	Name           string            `json:"name,omitempty" yaml:"name,omitempty"`
 	Simple         *AgentConfig      `json:"simple,omitempty" yaml:"simple,omitempty"`
 	SimpleJSON     *AgentConfig      `json:"simple_json,omitempty" yaml:"simple_json,omitempty"`
 	PrimaryAgent   *AgentConfig      `json:"primary_agent,omitempty" yaml:"primary_agent,omitempty"`

backend/pkg/providers/providers.go

@@ -117,6 +117,8 @@ type ProviderController interface {
 		prvID int64,
 	) (database.Provider, error)
 
+	SeedDefaultProviders(ctx context.Context, userID int64) error
+
 	TestAgent(
 		ctx context.Context,
 		prvtype provider.ProviderType,
@@ -186,7 +188,7 @@ func NewProviderController(
 		defaultConfigs[provider.ProviderGemini] = config
 	}
 
-	if config, err := bedrock.DefaultProviderConfig(); err != nil {
+	if config, err := bedrock.DefaultProviderConfig(cfg); err != nil {
 		return nil, fmt.Errorf("failed to create bedrock provider config: %w", err)
 	} else {
 		defaultConfigs[provider.ProviderBedrock] = config
@@ -353,7 +355,7 @@ func NewProviderController(
 		graphitiClient = &graphiti.Client{}
 	}
 
-	return &providerController{
+	pc := &providerController{
 		db:             db,
 		cfg:            cfg,
 		docker:         docker,
@@ -372,7 +374,24 @@ func NewProviderController(
 		defaultConfigs: defaultConfigs,
 
 		Providers: providers,
-	}, nil
+	}
+
+	// Seed configured system providers into the DB for all existing users so
+	// they are immediately available without any UI interaction. This runs on
+	// every startup, so editing a YAML config file and restarting PentAGI
+	// automatically propagates new values.
+	ctx := context.Background()
+	if users, err := db.GetUsers(ctx); err != nil {
+		logrus.WithError(err).Warn("failed to fetch users for provider seeding")
+	} else {
+		for _, u := range users {
+			if err := pc.SeedDefaultProviders(ctx, u.ID); err != nil {
+				logrus.WithError(err).Warnf("failed to seed default providers for user %d", u.ID)
+			}
+		}
+	}
+
+	return pc, nil
 }
 
 func (pc *providerController) NewFlowProvider(
@@ -826,6 +845,52 @@ func (pc *providerController) NewProvider(prv database.Provider) (provider.Provi
 	}
 }
 
+func (pc *providerController) SeedDefaultProviders(ctx context.Context, userID int64) error {
+	if pc.cfg.BedrockConfig == "" {
+		return nil
+	}
+	if !pc.cfg.BedrockDefaultAuth && pc.cfg.BedrockBearerToken == "" &&
+		(pc.cfg.BedrockAccessKey == "" || pc.cfg.BedrockSecretKey == "") {
+		return nil
+	}
+
+	bedrockCfg, ok := pc.defaultConfigs[provider.ProviderBedrock]
+	if !ok {
+		return nil
+	}
+
+	rawConfig, err := json.Marshal(bedrockCfg)
+	if err != nil {
+		return fmt.Errorf("failed to marshal bedrock config: %w", err)
+	}
+
+	prvname := bedrockCfg.Name
+	if prvname == "" {
+		prvname = string(provider.DefaultProviderNameBedrock)
+	}
+	existing, err := pc.db.GetUserProviderByName(ctx, database.GetUserProviderByNameParams{
+		Name:   prvname,
+		UserID: userID,
+	})
+	if err != nil {
+		_, err = pc.db.CreateProvider(ctx, database.CreateProviderParams{
+			UserID: userID,
+			Type:   database.ProviderType(provider.ProviderBedrock),
+			Name:   prvname,
+			Config: rawConfig,
+		})
+		return err
+	}
+
+	_, err = pc.db.UpdateUserProvider(ctx, database.UpdateUserProviderParams{
+		ID:     existing.ID,
+		UserID: userID,
+		Config: rawConfig,
+		Name:   existing.Name,
+	})
+	return err
+}
+
 func (pc *providerController) CreateProvider(
 	ctx context.Context,
 	userID int64,

docker-compose.yml

@@ -55,6 +55,7 @@ services:
       - BEDROCK_SECRET_ACCESS_KEY=${BEDROCK_SECRET_ACCESS_KEY:-}
       - BEDROCK_SESSION_TOKEN=${BEDROCK_SESSION_TOKEN:-}
       - BEDROCK_SERVER_URL=${BEDROCK_SERVER_URL:-}
+      - BEDROCK_CONFIG_PATH=${BEDROCK_CONFIG_PATH:+/opt/pentagi/conf/bedrock.provider.yml}
       - DEEPSEEK_API_KEY=${DEEPSEEK_API_KEY:-}
       - DEEPSEEK_SERVER_URL=${DEEPSEEK_SERVER_URL:-}
       - DEEPSEEK_PROVIDER=${DEEPSEEK_PROVIDER:-}
@@ -176,6 +177,7 @@ services:
       - ${PENTAGI_DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock
       - ${PENTAGI_LLM_SERVER_CONFIG_PATH:-./example.custom.provider.yml}:/opt/pentagi/conf/custom.provider.yml
       - ${PENTAGI_OLLAMA_SERVER_CONFIG_PATH:-./example.ollama.provider.yml}:/opt/pentagi/conf/ollama.provider.yml
+      - ${BEDROCK_CONFIG_PATH:-./glm_flash_bedrock.yml}:/opt/pentagi/conf/bedrock.provider.yml
       - ${PENTAGI_DOCKER_CERT_PATH:-./docker-ssl}:/opt/pentagi/docker/ssl
     user: root:root # while using docker.sock
     networks: