[bug] AWS Bedrock signature mismatch when using modelId with colon (:) — path is over-encoded

[xiandan-erizo]

• I have searched the issues of this repository and believe that this is not a duplicate.

Ⅰ. Issue Description

When using Higress with the AI Proxy plugin to forward requests to AWS Bedrock, I encountered a signature mismatch error when calling the converse API with a standard (non-ARN) modelId such as: anthropic.claude-3-5-sonnet-20240620-v1:0

The same request works perfectly with boto3, using the same AK/SK and region.

---

Ⅱ. Describe what happened

The request returns 403 from AWS, with the following error message:

The request signature we calculated does not match the signature you provided.

The Canonical String for this request should have been
POST
/model/anthropic.claude-3-5-sonnet-20240620-v1%25253A0/converse
host:bedrock-runtime.us-east-1.amazonaws.com
x-amz-date:20250611T072336Z
...

The String-to-Sign should have been
AWS4-HMAC-SHA256
...

From this, we can see that the colon (:) in the modelId has been triple-encoded:
: → %3A → %253A → %25253A

This leads to signature mismatch on AWS’s side.

---

Ⅲ. Describe what you expected to happen

I expect:

• The plugin or WASM logic to correctly encode the modelId only once using PathEscape (i.e., : → %3A);
• The actual request path and the path used for signature to match exactly;
• Ideally, this should follow the same behavior as boto3 without requiring users to manually encode % characters;
• Or, clear guidance on where and how encoding should be applied when using modelIds in path-based Bedrock APIs.

---

Ⅳ. How to reproduce it (as minimally and precisely as possible)

1. Configure AI Proxy provider as bedrock in Higress
2. Sign requests manually via WASM extension
3. Make this request:

POST /model/anthropic.claude-3-5-sonnet-20240620-v1:0/converse
Host: bedrock-runtime.us-east-1.amazonaws.com
{
  "model": "anthropic.claude-3-5-sonnet-20240620-v1:0",
  "anthropic_version": "bedrock-2023-05-31",
  "messages": [
    { "role": "user", "content": "Hello!" }
  ]
}

Ⅴ. Anything else we need to know?

1. The same AK/SK and modelId work fine via Python boto3
2. This issue only happens when colon (:) is used in modelId
3. The WASM plugin seems to encode it more than once during signing

No Envoy aws_request_signing filter is involved — only WASM-level signature generation

Ⅵ. Environment:

• Higress version:
• OS : ubuntu docker all-in-one
• Others:

[xiandan-erizo]

full response：
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'POST\n/model/anthropic.claude-3-5-sonnet-20240620-v1%253A0/converse\n\nhost:bedrock-runtime.us-east-1.amazonaws.com\nx-amz-date:20250611T074333Z\n\nhost;x-amz-date\n97f314da5756d68e2f7412f51471794d8bca227d1423bfe0580e4879474e3c85'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20250611T074333Z\n20250611/us-east-1/bedrock/aws4_request\nc0b39784b3165e00240011ebae887209aa0c1f77071d5443c3e2f2f3ef9cc9de'\n"}

[johnlanni]

It has been fixed. We have updated the image for ai-proxy 1.0.0. You can try it again.

[a67793581]

It has been fixed. We have updated the image for ai-proxy 1.0.0. You can try it again.问题已经修复。我们已经更新了 ai-proxy 1.0.0 的镜像，你可以再次尝试。

请提供一下镜像地址

[hanxiantao]

It has been fixed. We have updated the image for ai-proxy 1.0.0. You can try it again.问题已经修复。我们已经更新了 ai-proxy 1.0.0 的镜像，你可以再次尝试。

请提供一下镜像地址

higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-proxy:1.0.0