Background
The Provably Python SDK currently intercepts:
This covers ~9 of the 13 frameworks listed in the Python SDK shipping unit.
Gap: AWS Strands (and any Bedrock-via-boto3 path used by smolagents, CrewAI, Agno) goes through + 'botocore' + → + 'urllib3' +. None of our current patches see those calls.
Scope
Add a third HTTP transport target to + 'src/provably/intercept/interceptor.py' +: + 'botocore.endpoint.BotocoreHTTPSession.send' + (preferred, stays inside botocore's abstraction) or + 'urllib3.PoolManager.urlopen' + (lower-level fallback).
Frameworks unlocked
- AWS Strands (primary Bedrock transport)
- smolagents
+ 'AmazonBedrockModel' +
- CrewAI Bedrock provider
- Phidata / Agno Bedrock provider
Acceptance criteria
Risks / gotchas (from earlier audit)
- SigV4 signing — intercepted payloads will be pre-signing. Recording the request body before signing is what we want for the claim/proof story; just document this.
- EventStream / chunked responses — Bedrock streaming uses
+ 'application/vnd.amazon.eventstream' +. + 'extract_raw' + may not handle binary event streams correctly. Either (a) skip recording for streaming responses with a TODO, or (b) decode via + 'botocore.eventstream.EventStream' +.
+ 'urllib3.response.HTTPResponse' + body — not the same shape as + 'httpx.Response' + / + 'requests.Response' +. + '_attach' +'s + 'isinstance' + checks need a third branch (or skip the body-override path for botocore).+ 'aiobotocore' + — async path is a separate package; deferred to its own follow-up.
Effort estimate
M (3-5 days) — bigger than the + 'aiohttp' + patch because of the SigV4 + EventStream complications, smaller than a green-field interceptor.
Related
Background
The Provably Python SDK currently intercepts:
+ 'requests' +(module-level ++ 'Session.send' +)+ 'httpx' +(module-level ++ 'Client.send' +++ 'AsyncClient.send' +)+ 'aiohttp.ClientSession._request' +(planned in a follow-up; see PR feat(intercept): extend to httpx/requests instance methods, trust all HTTP methods, OpenAI Agents SDK e2e #9)This covers ~9 of the 13 frameworks listed in the Python SDK shipping unit.
Gap: AWS Strands (and any Bedrock-via-boto3 path used by smolagents, CrewAI, Agno) goes through
+ 'botocore' +→+ 'urllib3' +. None of our current patches see those calls.Scope
Add a third HTTP transport target to
+ 'src/provably/intercept/interceptor.py' +:+ 'botocore.endpoint.BotocoreHTTPSession.send' +(preferred, stays inside botocore's abstraction) or+ 'urllib3.PoolManager.urlopen' +(lower-level fallback).Frameworks unlocked
+ 'AmazonBedrockModel' +Acceptance criteria
+ 'BotocoreHTTPSession.send' +is patched in+ 'init_interceptor()' +(soft dep — only if+ 'botocore' +is importable, like the planned+ 'aiohttp' +patch)+ 'urllib3' +is patched in a future PR+ 'boto3.client(\"...\").operation()' +produces exactly one intercept row+ 'evaluate_handoff' +PASS path worksRisks / gotchas (from earlier audit)
+ 'application/vnd.amazon.eventstream' +.+ 'extract_raw' +may not handle binary event streams correctly. Either (a) skip recording for streaming responses with a TODO, or (b) decode via+ 'botocore.eventstream.EventStream' +.+ 'urllib3.response.HTTPResponse' +body — not the same shape as+ 'httpx.Response' +/+ 'requests.Response' +.+ '_attach' +'s+ 'isinstance' +checks need a third branch (or skip the body-override path for botocore).+ 'aiobotocore' +— async path is a separate package; deferred to its own follow-up.Effort estimate
M (3-5 days) — bigger than the
+ 'aiohttp' +patch because of the SigV4 + EventStream complications, smaller than a green-field interceptor.Related