maximhq
diff --git a/‎core/bifrost.go‎
Lines changed: 5 additions & 5 deletions b/‎core/bifrost.go‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎core/providers/anthropic/anthropic.go‎
Lines changed: 4 additions & 1 deletion b/‎core/providers/anthropic/anthropic.go‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎core/providers/azure/azure.go‎
Lines changed: 8 additions & 5 deletions b/‎core/providers/azure/azure.go‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎core/providers/azure/types.go‎
Lines changed: 3 additions & 2 deletions b/‎core/providers/azure/types.go‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎core/providers/bedrock/bedrock.go‎
Lines changed: 2 additions & 0 deletions b/‎core/providers/bedrock/bedrock.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎core/providers/bedrock/chat.go‎
Lines changed: 1 addition & 0 deletions b/‎core/providers/bedrock/chat.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎core/providers/bedrock/signer.go‎
Lines changed: 103 additions & 22 deletions b/‎core/providers/bedrock/signer.go‎
Lines changed: 103 additions & 22 deletions
@@ -89,7 +89,7 @@ func Init(ctx context.Context, config schemas.BifrostConfig) (*Bifrost, error) {
 	if config.Logger == nil {
 		config.Logger = NewDefaultLogger(schemas.LogLevelInfo)
 	}
-	
+
 	providerUtils.SetLogger(config.Logger)
 
 	bifrost := &Bifrost{
@@ -338,10 +338,10 @@ func (bifrost *Bifrost) ListAllModels(ctx context.Context, request *schemas.Bifr
 			for {
 				// check for context cancellation
 				select {
-					case <-ctx.Done():
-						bifrost.logger.Warn(fmt.Sprintf("context cancelled for provider %s", providerKey))
-						return
-					default:
+				case <-ctx.Done():
+					bifrost.logger.Warn(fmt.Sprintf("context cancelled for provider %s", providerKey))
+					return
+				default:
 				}
 
 				iterations++
 
@@ -77,7 +77,7 @@ func NewAnthropicProvider(config *schemas.ProviderConfig, logger schemas.Logger)
 	client := &fasthttp.Client{
 		ReadTimeout:         time.Second * time.Duration(config.NetworkConfig.DefaultRequestTimeoutInSeconds),
 		WriteTimeout:        time.Second * time.Duration(config.NetworkConfig.DefaultRequestTimeoutInSeconds),
-		MaxConnsPerHost:     10000,
+		MaxConnsPerHost:     1024,
 		MaxIdleConnDuration: 60 * time.Second,
 		MaxConnWaitTimeout:  10 * time.Second,
 	}
@@ -453,6 +453,9 @@ func HandleAnthropicChatCompletionStreaming(
 		}
 
 		scanner := bufio.NewScanner(resp.BodyStream())
+		buf := make([]byte, 0, 1024*1024)
+		scanner.Buffer(buf, 10*1024*1024)
+
 		chunkIndex := 0
 
 		startTime := time.Now()
 
@@ -33,9 +33,9 @@ func NewAzureProvider(config *schemas.ProviderConfig, logger schemas.Logger) (*A
 	config.CheckAndSetDefaults()
 
 	client := &fasthttp.Client{
-		ReadTimeout:     time.Second * time.Duration(config.NetworkConfig.DefaultRequestTimeoutInSeconds),
-		WriteTimeout:    time.Second * time.Duration(config.NetworkConfig.DefaultRequestTimeoutInSeconds),
-		MaxConnsPerHost:     10000,
+		ReadTimeout:         time.Second * time.Duration(config.NetworkConfig.DefaultRequestTimeoutInSeconds),
+		WriteTimeout:        time.Second * time.Duration(config.NetworkConfig.DefaultRequestTimeoutInSeconds),
+		MaxConnsPerHost:     1024,
 		MaxIdleConnDuration: 60 * time.Second,
 		MaxConnWaitTimeout:  10 * time.Second,
 	}
@@ -471,8 +471,11 @@ func (provider *AzureProvider) ResponsesStream(ctx context.Context, postHookRunn
 	if deployment == "" {
 		return nil, providerUtils.NewConfigurationError(fmt.Sprintf("deployment not found for model %s", request.Model), provider.GetProviderKey())
 	}
-
-	url := fmt.Sprintf("%s/openai/v1/responses?api-version=preview", key.AzureKeyConfig.Endpoint)
+	apiVersion := key.AzureKeyConfig.APIVersion
+	if apiVersion == nil {
+		apiVersion = schemas.Ptr(AzureAPIVersionPreview)
+	}
+	url := fmt.Sprintf("%s/openai/v1/responses?api-version=%s", key.AzureKeyConfig.Endpoint, *apiVersion)
 
 	// Prepare Azure-specific headers
 	authHeader := make(map[string]string)
 
@@ -1,7 +1,8 @@
 package azure
 
-// DefaultAzureAPIVersion is the default Azure OpenAI API version to use when not specified.
-const DefaultAzureAPIVersion = "2024-10-21"
+// AzureAPIVersionDefault is the default Azure OpenAI API version to use when not specified.
+const AzureAPIVersionDefault = "2024-10-21"
+const AzureAPIVersionPreview = "preview"
 
 type AzureModelCapabilities struct {
 	FineTune       bool `json:"fine_tune"`
 
@@ -19,6 +19,8 @@ import (
 	v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/bytedance/sonic"
+	"github.com/maximhq/bifrost/core/providers/anthropic"
+	"github.com/maximhq/bifrost/core/providers/cohere"
 	providerUtils "github.com/maximhq/bifrost/core/providers/utils"
 	schemas "github.com/maximhq/bifrost/core/schemas"
 )
 
@@ -6,6 +6,7 @@ import (
 
 	"github.com/bytedance/sonic"
 	"github.com/google/uuid"
+	"github.com/maximhq/bifrost/core/providers/anthropic"
 	"github.com/maximhq/bifrost/core/schemas"
 )
 
 
@@ -6,7 +6,6 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
-	"net/url"
 	"sort"
 	"strconv"
 	"strings"
@@ -124,6 +123,105 @@ func stripExcessSpaces(str string) string {
 	return result.String()
 }
 
+// percentEncodeRFC3986 encodes a string per RFC 3986
+// Keep unreserved characters (A-Z, a-z, 0-9, -, _, ., ~) as-is
+// Percent-encode everything else as %HH using uppercase hex
+func percentEncodeRFC3986(s string) string {
+	var result strings.Builder
+	result.Grow(len(s))
+
+	for i := 0; i < len(s); i++ {
+		b := s[i]
+		// RFC 3986 unreserved characters
+		if (b >= 'A' && b <= 'Z') ||
+			(b >= 'a' && b <= 'z') ||
+			(b >= '0' && b <= '9') ||
+			b == '-' || b == '_' || b == '.' || b == '~' {
+			result.WriteByte(b)
+		} else {
+			// Percent-encode with uppercase hex
+			result.WriteByte('%')
+			result.WriteByte(uppercaseHex(b >> 4))
+			result.WriteByte(uppercaseHex(b & 0x0F))
+		}
+	}
+
+	return result.String()
+}
+
+// uppercaseHex returns the uppercase hex character for a nibble (0-15)
+func uppercaseHex(b byte) byte {
+	if b < 10 {
+		return '0' + b
+	}
+	return 'A' + (b - 10)
+}
+
+// queryPair represents a query parameter name-value pair
+type queryPair struct {
+	encodedName  string
+	encodedValue string
+}
+
+// buildCanonicalQueryString builds a canonical query string per AWS SigV4 spec
+// using proper RFC 3986 percent-encoding
+func buildCanonicalQueryString(queryString string) string {
+	if queryString == "" {
+		return ""
+	}
+
+	// Split the raw query string on '&' into pairs
+	rawPairs := strings.Split(queryString, "&")
+	pairs := make([]queryPair, 0, len(rawPairs))
+
+	for _, rawPair := range rawPairs {
+		if rawPair == "" {
+			continue
+		}
+
+		// Split on the first '=' to get name and value
+		var name, value string
+		if idx := strings.IndexByte(rawPair, '='); idx >= 0 {
+			name = rawPair[:idx]
+			value = rawPair[idx+1:]
+		} else {
+			// No '=' means name only, empty value
+			name = rawPair
+			value = ""
+		}
+
+		// Percent-encode name and value per RFC 3986
+		encodedName := percentEncodeRFC3986(name)
+		encodedValue := percentEncodeRFC3986(value)
+
+		pairs = append(pairs, queryPair{
+			encodedName:  encodedName,
+			encodedValue: encodedValue,
+		})
+	}
+
+	// Sort pairs lexicographically by encoded name, then by encoded value
+	sort.Slice(pairs, func(i, j int) bool {
+		if pairs[i].encodedName != pairs[j].encodedName {
+			return pairs[i].encodedName < pairs[j].encodedName
+		}
+		return pairs[i].encodedValue < pairs[j].encodedValue
+	})
+
+	// Join encoded pairs with '&'
+	var result strings.Builder
+	for i, pair := range pairs {
+		if i > 0 {
+			result.WriteByte('&')
+		}
+		result.WriteString(pair.encodedName)
+		result.WriteByte('=')
+		result.WriteString(pair.encodedValue)
+	}
+
+	return result.String()
+}
+
 // signAWSRequestFastHTTP signs a fasthttp request using AWS Signature Version 4
 // This is a native implementation that avoids allocating http.Request
 func signAWSRequestFastHTTP(
@@ -191,9 +289,9 @@ func signAWSRequestFastHTTP(
 	headerMap["host"] = []string{host}
 
 	// Include content-length if body is present
-	if len(body) > 0 {
+	if cl := req.Header.ContentLength(); cl >= 0 {
 		headerNames = append(headerNames, "content-length")
-		headerMap["content-length"] = []string{strconv.Itoa(len(body))}
+		headerMap["content-length"] = []string{strconv.Itoa(cl)}
 	}
 
 	// Collect other headers
@@ -238,25 +336,8 @@ func signAWSRequestFastHTTP(
 
 	signedHeaders := strings.Join(headerNames, ";")
 
-	// Parse and normalize query string
-	var canonicalQueryString string
-	if queryString != "" {
-		values, _ := url.ParseQuery(queryString)
-		// Sort keys
-		keys := make([]string, 0, len(values))
-		for k := range values {
-			keys = append(keys, k)
-		}
-		sort.Strings(keys)
-
-		// Sort values for each key
-		for _, k := range keys {
-			sort.Strings(values[k])
-		}
-
-		canonicalQueryString = values.Encode()
-		canonicalQueryString = strings.ReplaceAll(canonicalQueryString, "+", "%20")
-	}
+	// Build canonical query string using RFC 3986 encoding
+	canonicalQueryString := buildCanonicalQueryString(queryString)
 
 	// Build canonical request
 	canonicalRequest := strings.Join([]string{
Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,8 @@ import (`
`19`	`19`	`v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"`
`20`	`20`	`"github.com/aws/aws-sdk-go-v2/config"`
`21`	`21`	`"github.com/bytedance/sonic"`
	`22`	`+ "github.com/maximhq/bifrost/core/providers/anthropic"`
	`23`	`+ "github.com/maximhq/bifrost/core/providers/cohere"`
`22`	`24`	`providerUtils "github.com/maximhq/bifrost/core/providers/utils"`
`23`	`25`	`schemas "github.com/maximhq/bifrost/core/schemas"`
`24`	`26`	`)`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import (`
`6`	`6`
`7`	`7`	`"github.com/bytedance/sonic"`
`8`	`8`	`"github.com/google/uuid"`
	`9`	`+ "github.com/maximhq/bifrost/core/providers/anthropic"`
`9`	`10`	`"github.com/maximhq/bifrost/core/schemas"`
`10`	`11`	`)`
`11`	`12`