[BYOM] Support for Local, Private Endpoints

[jonathansampson]

Resolves brave/brave-browser#39627

Included Scenarios

Derived from July 8th and July 18th comments.

• Warn when a private IP/endpoint is used and the feature flag is disabled.

To satisfy this requirement, a modal will be displayed upon attempting to save a model configuration with a private endpoint, while the feature is disabled. The modal will give a brief explanation of the issue, and provide guidance on how to enable the feature.

• Warn when a private IP/endpoint is used and the feature flag is enabled (with additional context about risks).

This requirement is addressed with a 🔓 icon (and label) displayed prominently beneath the server endpoint input component. This warning element is only displayed when the server endpoint is valid only due to the optional feature having been enabled.

• Warn the user when they attempt to use a model that has an invalid endpoint. Do not permit messages to be sent under this scenario.

This pull request introduces a new error message for the chat context. If the model's server endpoint is invalid, the user will be informed. Furthermore, a "Configure" button is displayed to assist the user in reaching the model configuration UI.

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

Feature Disabled Scenario

• Verify the feature is NOT enabled via brave://flags/#brave-ai-chat-allow-private-ips
• Add a local network endpoint (e.g., http://10.198.1.12:11434/v1/chat/completions) in a new or existing model configuration.
  • You should see a warning about the endpoint being invalid (i.e., "Non-local endpoints…")
  • You should see a modal dialog (i.e., "Private IPs Not Allowed") upon clicking "Save model"

Feature Enabled Scenario

• Verify the feature IS enabled
• Add a local network endpoint in a new or existing model configuration
  • You should see a warning beneath the endpoint (i.e., "🔓 This endpoint is…")

Feature Disabled After Having Been Enabled

• Verify that there is a properly configured model with a private endpoint
• Verify that the feature has afterwards been disabled
• Attempt to use the model in a Leo chat instance
  • You should see a warning in the Leo chat regarding the model's endpoint (i.e., "This model has an invalid endpoint…")

[thypon]

Total change C4 scheme

C4Context
    title Private IP Addresses for Custom Model Endpoints

    Person(user, "User", "Brave browser user configuring custom AI models")
    
    System_Boundary(brave, "Brave Browser") {
        Container(ui, "Settings UI", "WebUI", "Handles model configuration and displays warnings")
        Container(validator, "Model Validator", "C++", "Validates model endpoints and configurations")
        Container(chat, "AI Chat Service", "C++", "Manages AI chat interactions and models")
        Container(flags, "Feature Flags", "C++", "Controls private IP feature availability")
    }
    
    System_Ext(private_endpoint, "Private Network Endpoint", "Custom AI model endpoint on local network")
    System_Ext(public_endpoint, "Public Endpoint", "Custom AI model endpoint on public internet")

    Rel(user, ui, "Configures custom model", "HTTPS")
    Rel(ui, validator, "Validates endpoint", "IPC")
    Rel(validator, flags, "Checks if private IPs allowed")
    Rel(chat, validator, "Validates model configuration")
    Rel(chat, private_endpoint, "Connects when allowed", "HTTP/HTTPS")
    Rel(chat, public_endpoint, "Connects", "HTTPS")

Loading

Model Endpoint Validation Flow

sequenceDiagram
    participant UI as Model Config UI
    participant Handler as Settings Handler
    participant Validator as Model Validator
    participant Features as Feature Flags

    UI->>Handler: validateModelEndpoint(url)
    Handler->>Validator: IsValidEndpoint(url)
    Validator->>Features: IsAllowPrivateIPsEnabled()
    Features-->>Validator: feature_enabled
    
    alt Is HTTPS or localhost
        Validator-->>Handler: true
    else Is private IP/hostname and feature enabled
        Validator->>Validator: IsValidPrivateHost() or IsValidPrivateIPAddress()
        Validator-->>Handler: true
    else
        Validator-->>Handler: false
    end
    
    Handler-->>UI: {isValid, isValidAsPrivateEndpoint, isValidDueToPrivateIPsFeature}
    
    alt isValid
        UI->>UI: Clear error state
    else isValidAsPrivateEndpoint
        UI->>UI: Show private IP warning modal
    else
        UI->>UI: Show invalid URL error
    end

Loading

Model Activation Flow

sequenceDiagram
    participant UI as Chat UI
    participant Handler as Conversation Handler
    participant Validator as Model Validator
    participant Features as Feature Flags

    UI->>Handler: ChangeModel(model_key)
    Handler->>Handler: GetModel(model_key)
    
    alt Is Custom Model
        Handler->>Validator: IsValidEndpoint(endpoint)
        Validator->>Features: IsAllowPrivateIPsEnabled()
        Features-->>Validator: feature_enabled
        
        alt Endpoint Valid
            Validator-->>Handler: true
            Handler->>Handler: SetAPIError(None)
            Handler->>Handler: InitEngine()
        else Endpoint Invalid
            Validator-->>Handler: false
            Handler->>Handler: SetAPIError(InvalidEndpointURL)
        end
    else
        Handler->>Handler: SetAPIError(None)
        Handler->>Handler: InitEngine()
    end
    
    Handler-->>UI: Update UI state

Loading

[mkarolin]

strings++

[thypon]

We should probably just remove the .local check for the moment, or improve by resolving on the UI side and only storing the final IP

[brave-builds]

Released in v1.75.43