feat: Custom inference endpoints for third-party API models

[dagmfactory]

Description

Adds support for custom inference endpoints in AI settings, allowing users to add, edit, and remove third-party OpenAI-compatible API endpoints. Custom endpoint models surface in all model selectors when the feature flag is enabled.

Changes

1. CustomInferenceEndpoints data model (crates/ai/src/api_keys.rs, app/src/ai/llms.rs) — stores endpoint name, URL, API key, and model list with aliases.
2. Feature flag (crates/warp_features/src/lib.rs) — gates the feature behind CustomInferenceEndpoints.
3. Agent request wiring (app/src/ai/agent/api.rs, app/src/ai/agent/api/impl_tests.rs) — passes custom_model_providers to the agent API.
4. AI settings UI (app/src/settings_view/ai_page.rs) — new "Custom inference" section with endpoint cards, add/edit/remove flow.
5. Custom endpoint modal (app/src/settings_view/custom_inference_modal.rs) — form for entering endpoint details and model names/aliases.
6. Remove confirmation dialog (app/src/settings_view/remove_custom_endpoint_confirmation_dialog.rs) — confirms destructive removal with model chips preview.
7. Model selector integration — custom endpoint models appear in agent mode, toolbar, and ambient agent model selectors.
8. Infrastructure — modal dismiss-on-escape keystroke, menu right-side icon support, settings info-tooltip max-width.

Screenshots / Videos

https://www.loom.com/share/0a8b6ee1ce0d43e09b698e621be8416d

Linked Issue

https://linear.app/warpdotdev/issue/QUALITY-605/bring-your-own-endpoint

Remaining work:

Disable bring your own feature for enterprise accounts
Order custom models right after auto models in the model picker
Warp TOS hyperlink in custom inference info icon

Testing

• I have manually tested my changes locally with ./script/run
• Added unit tests for CustomInferenceEndpoints serialization/deserialization in crates/ai/src/api_keys_tests.rs and app/src/ai/llms_tests.rs.
• Added impl_tests.rs coverage for agent API wiring.

Agent Mode

• Warp Agent Mode - This PR was created via Warp's AI Agent Mode

CHANGELOG-NEW-FEATURE: Add custom inference endpoints to AI settings, allowing users to bring their own OpenAI-compatible third-party API endpoints and use them across all model selectors.

[oz-for-oss]

@dagmfactory

I'm starting a first review of this pull request.

You can view the conversation on Warp.

I completed the review and no human review was requested for this pull request.

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

[oz-for-oss]

Overview

This PR adds local storage, settings UI, model-selector integration, and request wiring for custom OpenAI-compatible inference endpoints.

Concerns

• Custom endpoint secrets can be sent even when the workspace BYOK entitlement is disabled.
• The settings UI now enables BYOK fields/custom endpoint setup based only on AI availability and the feature flag, not BYOK eligibility.
• Custom endpoint URLs are accepted with only a non-empty check before being persisted and sent to the agent backend.
• Custom model IDs still resolve when the feature flag is disabled, while request wiring omits the provider registry.
• Secure-storage writes for API keys were changed to fire-and-forget spawned callbacks, which can persist stale endpoint/API-key state out of order.

Security

• The request path bypasses the BYOK entitlement by calling custom_model_providers_for_request(true).
• Arbitrary custom endpoint URLs need HTTPS/public-host validation before they can become cloud inference targets.

Verdict

Found: 0 critical, 5 important, 0 suggestions

Request changes

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

[oz-for-oss]

⚠️ [IMPORTANT] [SECURITY] Passing true bypasses the workspace BYOK entitlement computed above, so custom endpoint API keys are sent even when BYOK is disabled. Use is_byo_enabled for this request path.

[danielpeng2]

do we mean to hardcode true as the argument here? or should this be disabled when the user is an enterprise user?

[oz-for-oss]

⚠️ [IMPORTANT] This drops the previous is_byo_enabled check, so users without BYOK can edit provider keys and configure custom endpoints despite the upgrade CTA. Keep the input/add-button enablement tied to both is_any_ai_enabled and BYOK eligibility.

[danielpeng2]

This seems valid? We want to make sure we don't regress any disabled state.

[oz-for-oss]

⚠️ [IMPORTANT] [SECURITY] The URL validation only checks for non-empty text, so arbitrary schemes or private hosts can be persisted and sent as cloud inference targets. Require HTTPS and reject local/private hosts before saving or sending an endpoint.

[oz-for-oss]

⚠️ [IMPORTANT] This lookup resolves custom models even when CustomInferenceEndpoints is disabled, while request wiring omits custom_model_providers in that state. Gate this helper too or reconcile stored custom selections back to a built-in model when the flag is off.

[oz-for-oss]

⚠️ [IMPORTANT] These spawned secure-storage writes can complete out of order when a user saves/removes endpoints quickly, allowing an older payload to overwrite a newer delete/edit. Serialize writes or version-check the callback before writing.

[danielpeng2]

Did this change get made back when we were investigating lag? If there wasn't an issue with the previous writing mechanism I'm hesitant to make changes.

[danielpeng2]

Doing some testing, going to leave comments about behaviour as they come up:

• The "Add endpoint" button isn't enabled after I fill things in, might be another ctx.notify issue: https://www.loom.com/share/5f945cf47641482ca4d0033b11c9d615

[danielpeng2]

do we mean to hardcode true as the argument here? or should this be disabled when the user is an enterprise user?

[danielpeng2]

is include_byo_keys the right name for this condition, naming it something like include_custom_model_providers seems more clear? alternatively, we could lift this check outside of the method and check it before calling this method, which might be a simpler API.

[danielpeng2]

Can we make it so that we emit the LLMPreferencesEvent::UpdatedAvailableLLMs event directly at the site where the custom endpoints are modified? I'm a little worried about this indirection.

[danielpeng2]

can we not allow custom models in computer use for now? this requires some special model setup that we aren't doing

[danielpeng2]

I believe this field controls whether the user can input images when the model is selected. I think it'd be good to leave this on by default and let it error if the model doesn't actually support vision.

[danielpeng2]

This seems valid? We want to make sure we don't regress any disabled state.

[danielpeng2]

nit: this comment got truncated

[danielpeng2]

Do we need this migration logic? Users can't add custom models right now, so I don't see how they would create one without a UUID.

[danielpeng2]

Did this change get made back when we were investigating lag? If there wasn't an issue with the previous writing mechanism I'm hesitant to make changes.

[danielpeng2]

nit: the info icon isn't vertically centered with the text

[danielpeng2]

nit: the default width of the modal feels wider than what we have in the mocks

[danielpeng2]

when there's only 1 model, we create a gap for the "x" icon even though there's nothing there. I think it should fill to the width if there's only 1 model

[danielpeng2]

the custom models don't have the borders around the text, and the edit button doesn't appear in the top right like the mocks

[danielpeng2]

the remove button in the edit endpoints modal doesn't have the same styling as in the mocks

[danielpeng2]

Nice job on this! Approving to unblock.

My most important comments are the logic/behavoural ones. We don't have to fix all the UI nits in this PR. Important thing is that we get this in before the bug bash tomorrow.