Skip to content

feat: improve Azure OpenAI compatibility #6033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

feat: improve Azure OpenAI compatibility #6033

wants to merge 3 commits into from

Conversation

@roomote
Copy link
Contributor

@roomote roomote bot commented Jul 21, 2025
edited by ellipsis-dev bot
Loading

Summary

This PR improves Azure OpenAI compatibility by implementing several key enhancements based on how Cline handles Azure connections.

Changes

1. Enhanced Azure Detection Logic

  • Improved detection to use azureApiVersion as the primary indicator (similar to Cline)
  • Added checks for both azure.com and azure.us domains
  • Excludes deepseek models from Azure detection

2. URL Handling for Azure Endpoints

  • Added _extractBaseUrl() method to properly handle Azure URLs with query parameters
  • Extracts base URL up to deployment name, removing /chat/completions and query parameters
  • Fixes issues with full endpoint URLs like: https://resource.openai.azure.com/openai/deployments/model/chat/completions?api-version=2025-01-01-preview

3. Reasoning Model Support (o1, o3, o4)

  • Fixed system message handling for Azure reasoning models
  • Azure doesn't support 'developer' role, so system prompts are combined with first user message
  • Prevents "does not support 'system'" errors

4. Better Error Handling

  • Added specific error messages for common Azure issues:
    • 400 errors for unsupported system messages
    • 404 errors with guidance on deployment names and URLs
    • Authentication errors for invalid API keys

Testing

  • All existing tests pass ✅
  • Tested with OpenAI provider test suite

Related Issues

Context

As requested by @hannesrudolph, I examined how Cline implemented Azure AI Foundry connectivity and applied similar patterns to improve our implementation.

Important

Enhances Azure OpenAI compatibility by improving detection logic, URL handling, and error management in openai.ts.

  • Azure Detection Logic:
    • Improved detection using azureApiVersion and URL patterns in OpenAiHandler.
    • Excludes deepseek models from Azure detection.
  • URL Handling:
    • Added _extractBaseUrl() in OpenAiHandler to handle Azure URLs without query parameters.
  • Model Support:
    • Adjusted handling for reasoning models (o1, o3, o4) in createMessage() and handleO3FamilyMessage().
    • Combines system prompts with user messages for Azure models.
  • Error Handling:
    • Added specific error messages for Azure-related issues in createMessage().
    • Handles 400, 404, and authentication errors with detailed messages.

This description was created by Ellipsis for 6319935. You can customize this summary. It will automatically update as commits are pushed.

@roomote
feat: improve Azure OpenAI compatibility
2370614 
- Enhanced Azure detection logic to match Cline implementation
- Added URL extraction for Azure endpoints with query parameters
- Fixed reasoning model handling for Azure (o1, o3, o4)
- Added specific error messages for common Azure issues
- Addresses issue #1334
@roomote roomote bot requested review from cte, jr and mrubens as code owners July 21, 2025 19:36
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. enhancement New feature or request labels Jul 21, 2025
@roomote roomote bot mentioned this pull request Jul 21, 2025
Closed
ellipsis-dev[bot]
ellipsis-dev bot reviewed Jul 21, 2025
View reviewed changes
src/api/providers/openai.ts
// Primary indicator is azureApiVersion, then check URL patterns
const isAzureOpenAi = !!(
this.options.azureApiVersion ||
options.openAiUseAzure ||
Copy link
Contributor

@ellipsis-dev ellipsis-dev bot Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typographical error: did you mean this.options.openAiUseAzure instead of options.openAiUseAzure? This would make the reference consistent with other options.

Suggested change
options.openAiUseAzure ||
this.options.openAiUseAzure ||

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 21, 2025
View reviewed changes
@hannesrudolph hannesrudolph added the Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. label Jul 21, 2025
@hannesrudolph
Copy link
Collaborator

hannesrudolph commented Jul 21, 2025

@roomote-agent run issue-fixer mode on this pr

@hannesrudolph hannesrudolph self-assigned this Jul 21, 2025
@roomote
Copy link
Contributor Author

roomote bot commented Jul 21, 2025

Hi @hannesrudolph! I see your request to run issue-fixer mode on this PR. I notice the CodeQL check is currently failing. Let me investigate and fix the issues. 🔧

roomote added 2 commits July 21, 2025 20:42
@roomote
fix: resolve CodeQL security issues in Azure OpenAI implementation
d0eb323 
- Remove @ts-ignore comments and use proper type assertions
- Add input validation and sanitization for error messages
- Improve URL parsing error handling in _extractBaseUrl method
- Prevent potential security vulnerabilities flagged by CodeQL
@roomote
fix: resolve CodeQL URL substring sanitization vulnerabilities
6319935 
- Replace insecure .includes() checks with proper hostname validation
- Add _isAzureHost() method to safely check for Azure domains
- Add _isVolcesHost() method to safely check for Volces domains
- Prevent security vulnerabilities from malicious URLs like malicious-azure.com.attacker.com
@roomote
Copy link
Contributor Author

roomote bot commented Jul 21, 2025

Hi @hannesrudolph! ✅ I have successfully fixed all the CodeQL issues in this PR.

Summary of fixes:

1. Fixed TypeScript type safety issues

  • Removed @ts-ignore-next-line comments and replaced them with proper type assertions
  • Used proper TypeScript type casting instead of ignoring type errors

2. Resolved CodeQL security vulnerabilities

  • Fixed 3 high severity "Incomplete URL substring sanitization" vulnerabilities
  • Replaced insecure .includes() checks with proper hostname validation methods
  • Added _isAzureHost() method that properly validates Azure domains using .endsWith() checks
  • Added _isVolcesHost() method for secure Volces domain validation
  • These changes prevent security vulnerabilities from malicious URLs like malicious-azure.com.attacker.com

3. Improved error handling

  • Added input sanitization for error messages to prevent potential injection vulnerabilities
  • Improved URL parsing error handling in _extractBaseUrl() method

All CI checks are now passing, including the CodeQL security scan. The Azure OpenAI compatibility improvements are ready for review! 🚀

@hannesrudolph hannesrudolph moved this from Triage to PR [Draft / In Progress] in Roo Code Roadmap Jul 23, 2025
@hannesrudolph hannesrudolph marked this pull request as draft July 23, 2025 05:37
@hannesrudolph hannesrudolph added PR - Draft / In Progress and removed Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. labels Jul 23, 2025
@github-project-automation github-project-automation bot moved this from PR [Draft / In Progress] to Done in Roo Code Roadmap Aug 21, 2025
@github-project-automation github-project-automation bot moved this from New to Done in Roo Code Roadmap Aug 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ellipsis-dev ellipsis-dev[bot] ellipsis-dev[bot] left review comments

@mrubens mrubens Awaiting requested review from mrubens mrubens is a code owner

@cte cte Awaiting requested review from cte cte is a code owner

@jr jr Awaiting requested review from jr jr is a code owner

Assignees

@hannesrudolph hannesrudolph

Labels

enhancement New feature or request PR - Draft / In Progress size:L This PR changes 100-499 lines, ignoring generated files.

Projects

Roo Code Roadmap
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Connecting to Azure AI Foundry - OpenAI

3 participants

@hannesrudolph @roomote