Add extra headers support for custom LLM providers

[Duyi-Wang]

User description

背景

部分 OpenAI-compatible 的 custom LLM provider 需要通过自定义 HTTP headers 完成接入。现有配置只支持 Base URL、API Key 和 Model，无法覆盖这类 custom 接入需求，也会影响模型拉取、provider 校验和实际调用链路的一致性。

变更

• 为 custom LLM provider 增加 Extra headers 配置入口，使用 JSON object 格式填写。
• 将 extra headers 接入 credentials 持久化，避免把自定义鉴权信息写入普通配置。
• 在 provider 校验、模型拉取、实际 LLM provider 构建时统一传递 extra headers。
• 增加 header name/value 校验：
  • JSON 必须是 object。
  • header value 必须是 string。
  • header name 必须是合法 HTTP header token。
  • header value 不允许包含 CR/LF。
• 支持 API Key 留空时不发送默认 Bearer header，便于 custom provider 使用纯自定义 header 接入。
• 补充多语言文案和后端测试覆盖。

验证

• git diff --check
• npm run build -- --mode development

---

PR Type

Enhancement

---

Description

• Added extra headers support for custom LLM providers.

• Stored in credentials vault with validation (reserved headers, invalid names, line breaks).

• Passed to provider config and used in model fetching and validation.

• UI: new input field and i18n labels for extra headers.

---

Diagram Walkthrough

flowchart LR
    UI["Settings UI"] --> Vault["CredentialsVault"]
    Vault --> ProviderConfig["ProviderConfig"]
    ProviderConfig --> Actions["List models / Validate"]
    Actions --> HTTP["HTTP with extra headers"]

Loading

File Walkthrough

	Relevant files
Enhancement	6 files credentials.rs Handle extra headers in credential commands                            +10/-0    providers.rs Pass extra headers to provider config and request                +17/-2    coordinator.rs Pass extra headers to LLM provider builder                              +2/-1      credentials.rs Add extra headers storage and validation                                  +132/-2  polish.rs Add with_extra_headers method to config                                    +5/-0      ProvidersSection.tsx Add extra headers input field in settings                                +10/-0
Tests	1 files mod.rs Add test for extra headers in model fetching                          +49/-0
Documentation	5 files en.ts Add extra headers i18n labels                                                        +2/-0      ja.ts Add extra headers i18n labels                                                        +2/-0      ko.ts Add extra headers i18n labels                                                        +2/-0      zh-CN.ts Add extra headers i18n labels                                                        +2/-0      zh-TW.ts Add extra headers i18n labels                                                        +2/-0

---

[github-actions]

PR Reviewer Guide 🔍

(Review updated until commit ec0a713)

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 PR contains tests

🔒 No security concerns identified

⚡ No major issues detected

[github-actions]

Persistent review updated to latest commit c224c00

[appergb]

Review note: this PR needs full platform CI before it can be considered for merge. I would also like the header handling to explicitly define/guard protocol-critical headers such as Authorization, Content-Type, Accept, Host, and Content-Length so custom extra headers cannot accidentally override built-in request semantics unless that is an intentional supported feature.

[github-actions]

Persistent review updated to latest commit ec0a713

[Duyi-Wang]

Extra headers now reject protocol-critical headers case-insensitively: Authorization, Content-Type, Accept, Host, and Content-Length, so custom headers cannot override built-in request semantics. I also added unit coverage for that
validation.

[Duyi-Wang]

@appergb Full CI has passed on my fork for the latest PR head commit ec0a713:

Duyi-Wang/openless/actions/runs/28152349616

The run completed successfully across Android, macOS, Windows, and Linux jobs.