[Feature]: Support Amazon Bedrock API Key (Bearer Token) Authentication

[pahud]

Summary

Currently, Clawdbot only supports Amazon Bedrock via the AWS SDK default credential chain (environment variables, shared config, instance roles). Users who have Bedrock API keys (bearer tokens
) generated from the Amazon Bedrock console cannot use them directly with Clawdbot.

This limits flexibility for users who:

• Prefer API key-based authentication over IAM credentials
• Work in environments where AWS SDK credential chain setup is complex
• Want a simpler onboarding experience similar to other AI providers

Proposed solution

Add support for AWS_BEARER_TOKEN_BEDROCK environment variable as an authentication option for Amazon Bedrock, similar to how opencode implements it.

The authentication precedence should be:

1. Bearer Token - AWS_BEARER_TOKEN_BEDROCK environment variable (new)
2. AWS Credential Chain - Existing behavior (access keys, profiles, instance roles)

This would allow users to simply set:

AWS_BEARER_TOKEN_BEDROCK=xxx clawdbot gateway

Alternatives considered

• OpenAI-compatible proxy: The current docs suggest placing an OpenAI-compatible proxy in front of Bedrock, but this adds complexity and another service to maintain.
• Stick with AWS SDK chain: Works but requires more setup (IAM users, roles, credentials files) compared to a simple API key.

Additional context

• opencode implementation reference: https://github.com/anomalyco/opencode/blob/main/packages/web/src/content/docs/providers.mdx#amazon-bedrock
• Current Clawdbot Bedrock docs mention AWS_BEARER_TOKEN_BEDROCK in credential surfacing order but it doesn't appear to be fully implemented

[sebslight]

Closing this issue due to inactivity (no updates in 3+ days). If this is still relevant, please feel free to reopen with any additional context or updates.

Thanks for taking the time to report this!