feat(proxy): expose pipeline extensions for Responses payloads#1409
feat(proxy): expose pipeline extensions for Responses payloads#14092001Y wants to merge 2 commits into
Conversation
PR governanceThis PR follows the template and is marked ready for human review. |
JerrettDavis
left a comment
There was a problem hiding this comment.
The payload hook is useful, but the HTTP /v1/responses path needs to preserve the existing bypass contract.
handle_openai_responses() now emits PipelineStage.INPUT_RECEIVED immediately after JSON parsing, before _headroom_bypass_enabled(request.headers) is checked. Any enabled extension can mutate body at that stage, and then a request carrying X-Headroom-Bypass is forwarded with those mutations. Bypass is supposed to be a full passthrough escape hatch for debugging and correctness-sensitive traffic, so extensions/compression should not get a chance to rewrite the payload first.
Please move the bypass check ahead of the new INPUT_RECEIVED emission, or explicitly skip payload-stage emission when bypass is active, and add a regression that a bypassed /v1/responses request is forwarded unchanged even when a payload extension is installed.
|
Addressed the bypass review: HTTP /v1/responses now computes the bypass gate before INPUT_RECEIVED and passes bypass through payload-stage emission so mutating extensions cannot observe or rewrite bypassed traffic. I also added a regression that a bypassed /v1/responses request is forwarded unchanged with a mutating payload extension installed, and updated the PR body to the required template.\n\nVerification:\n- python -m py_compile headroom/proxy/handlers/openai.py tests/test_proxy_byte_faithful_forwarding.py tests/test_openai_responses_context_compaction.py — passed\n- python -m pytest tests/test_proxy_byte_faithful_forwarding.py::test_openai_responses_bypass_skips_payload_extensions tests/test_openai_responses_context_compaction.py -q — 14 passed\n- uvx ruff check headroom/proxy/handlers/openai.py tests/test_proxy_byte_faithful_forwarding.py — passed\n- uvx ruff format --check headroom/proxy/handlers/openai.py tests/test_proxy_byte_faithful_forwarding.py — passed |
0e0f435 to
2e95dc0
Compare
|
Follow-up: rebased the branch onto current origin/main so PR Governance should now run against the matching base workflow/script pair. Re-ran local verification after rebase:\n\n- python -m py_compile headroom/proxy/handlers/openai.py tests/test_proxy_byte_faithful_forwarding.py tests/test_openai_responses_context_compaction.py — passed\n- python -m pytest tests/test_proxy_byte_faithful_forwarding.py::test_openai_responses_bypass_skips_payload_extensions tests/test_openai_responses_context_compaction.py -q — 14 passed\n- uvx ruff check headroom/proxy/handlers/openai.py tests/test_proxy_byte_faithful_forwarding.py — passed\n- uvx ruff format --check headroom/proxy/handlers/openai.py tests/test_proxy_byte_faithful_forwarding.py — passed\n- git diff --check — passed |
JerrettDavis
left a comment
There was a problem hiding this comment.
Thanks for preserving the bypass contract. The HTTP /v1/responses path now computes bypass before INPUT_RECEIVED payload emission and passes that bypass flag through later payload stages, so a bypassed request is not visible to mutating extensions. The added regression captures the important behavior: no extension events and the forwarded body remains unchanged.
I also checked the WebSocket helper path: subsequent response.create frames return before payload-stage emission when _ws_bypass is set, so the same passthrough rule is maintained there. Local full-proxy tests cannot collect in this worktree because headroom._core is missing, but the code-level bypass issue from my prior review is resolved.
2e95dc0 to
d9bb869
Compare
|
Rebased this branch onto current Conflict resolution notes:
Verification:
|
Description
Expose the canonical pipeline extension lifecycle to OpenAI Responses payloads so extensions can inspect or rewrite Codex
/v1/responsestraffic before it is sent upstream.This update also preserves the
X-Headroom-Bypasspassthrough contract: bypassed/v1/responsesrequests skip payload-stage extension emission and are forwarded unchanged.Refs #1307, #1342.
Type of Change
Changes Made
PipelineEvent.payloadandPipelineExtensionManager.emit(..., payload=...)support./v1/responsesand WebSocketresponse.createframes.X-Headroom-Bypassis active, preserving byte-faithful passthrough./v1/responsestraffic with a mutating payload extension installed.Testing
pytest)ruff check .)mypy headroom)Test Output
Real Behavior Proof
headroom._corecopied from an existing local build only to run tests in this fresh PR checkout./v1/responseswithx-headroom-bypass: truewhile a mutating Responses payload extension is installed._retry_requestreceives the original inbound payload unchanged, and the payload extension records no events.mypy headroom; live upstream OpenAI/Codex call.Review Readiness
Checklist
Screenshots (if applicable)
N/A.
Additional Notes
Docs and CHANGELOG are N/A for this proxy-internal lifecycle/bypass fix.