feat: azure and vertex config to keys and optimised key management in store

[Pratham-Mishra04]

No description provided.

[coderabbitai]

Summary by CodeRabbit

• New Features

  • Provider-specific API key configurations for Azure and Vertex AI are now supported directly within each key, allowing detailed settings such as endpoints, deployments, project IDs, regions, and credentials.

• Refactor

  • Provider configuration structure is streamlined: Azure and Vertex meta configs are removed in favor of key-level configuration.
  • All relevant documentation and configuration examples updated to reflect the new key-centric structure.
  • Enhanced environment variable handling for key-level Azure and Vertex settings.
  • Improved merging and updating of API keys, including better handling of redacted values and environment variable cleanup.

• Bug Fixes

  • Vertex AI now correctly requires an API key.
  • More robust error handling and validation for provider updates and configuration changes.

• UI

  • The Providers and MCP Clients management pages feature improved forms, validation, and a refreshed design.
  • Updated CSS for all UI pages to the latest version for consistent styling.

Walkthrough

This update refactors provider key and configuration handling for Azure and Vertex AI by moving provider-specific metadata from global meta config objects to per-key configuration structs within the schemas.Key type. All provider method signatures and interfaces are updated to accept the new schemas.Key type, and the configuration, documentation, UI, and environment variable tracking are revised to support this key-centric model.

Changes

Files/Paths	Change Summary
core/schemas/account.go, core/schemas/provider.go	schemas.Key extended with AzureKeyConfig and VertexKeyConfig; interfaces and methods updated to use Key.
core/providers/* (anthropic.go, azure.go, bedrock.go, cohere.go, groq.go, mistral.go, ollama.go, openai.go, sgl.go, vertex.go)	All provider methods updated to accept schemas.Key instead of string; Azure and Vertex logic now use per-key configs.
core/schemas/meta/azure.go, core/schemas/meta/vertex.go	Deleted Azure and Vertex meta config structs and methods.
core/schemas/meta/bedrock.go	Removed unused getter methods from Bedrock meta config.
core/bifrost.go, core/utils.go	Key selection and validation logic updated for new key structure; Vertex now requires a key.
docs/usage/go-package/account.md, docs/usage/providers.md	Go usage documentation updated for per-key Azure/Vertex config; removed meta config examples.
docs/usage/http-transport/configuration/providers.md, docs/usage/http-transport/integrations/genai-compatible.md, docs/usage/http-transport/openapi.json	HTTP config and OpenAPI schema updated to nest Azure and Vertex config under keys.
tests/core-providers/config/account.go, tests/core-providers/vertex_test.go	Test account and Vertex provider test updated for new key-centric configuration.
transports/bifrost-http/handlers/providers.go	Provider update logic refactored to merge keys and meta config, handle redacted values, and remove Azure/Vertex meta config support.
transports/bifrost-http/lib/store.go	Environment variable tracking, config serialization, and redaction refactored for per-key Azure/Vertex configs; key IDs added.
transports/bifrost-http/lib/config.go, transports/bifrost-http/lib/account.go	Comments updated to reflect new key structure and in-memory store.
transports/config.example.json	Example config updated: Azure/Vertex meta config removed, per-key config added.
ui/components/config/meta-config-renderer.tsx	Azure and Vertex meta config UI removed; Bedrock meta config expanded.
transports/bifrost-http/handlers/completions.go	Model string parsing improved for robustness.
transports/bifrost-http/ui/* (HTML, CSS, JS chunks)	UI assets rebuilt for new provider/key config, updated CSS, and improved provider management UI.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant UI
    participant Server
    participant Provider
    User->>UI: Submit provider config with keys (Azure/Vertex)
    UI->>Server: POST /providers (keys include AzureKeyConfig/VertexKeyConfig)
    Server->>Server: Merge/validate keys, store per-key configs
    Server->>Provider: Call method with schemas.Key (per-key config)
    Provider->>Provider: Use AzureKeyConfig/VertexKeyConfig from key
    Provider-->>Server: Response
    Server-->>UI: Success/failure
    UI-->>User: Show result

Loading

Possibly related issues

• Fix: Extend Key interface to support multiple Azure endpoints and Vertex projects per provider #168: This PR implements per-key provider configuration for Azure and Vertex, directly addressing the issue's objective to support multiple endpoints/projects by moving config from meta config to per-key config.

Possibly related PRs

• feat: add streaming support for chat completions #162: Related changes in core/bifrost.go for chat completion streaming and key handling complement this PR's refactor of key types.
• feat: filter out empty API keys and improve tool calling support #55: Both PRs modify selectKeyFromProviderForModel with differing key filtering logic, making them strongly related at the code level.

Suggested reviewers

• danpiths
• akshaydeo

Poem

A hop, a skip, a leap ahead,
Provider keys now finely spread.
Azure and Vertex, configs per key—
No more meta, just clarity!
With every hop, our code refines,
A better Bifrost, by design.
🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 07-18-feat_azure_and_vertex_config_to_keys_and_optimised_key_management_in_store

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai auto-generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Pratham-Mishra04]

• feat: azure and vertex config to keys and optimised key management in store #170 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[coderabbitai]

Actionable comments posted: 7

🔭 Outside diff range comments (4)

core/providers/azure.go (2)

199-209: Fix typo in error message.

-					Message: fmt.Sprintf("deployment if not found for model %s", model),
+					Message: fmt.Sprintf("deployment is not found for model %s", model),

---

531-540: Fix typo in error message (same as earlier).

-					Message: fmt.Sprintf("deployment not found for model %s", model),
+					Message: fmt.Sprintf("deployment is not found for model %s", model),

Note: Consider extracting the deployment lookup logic to avoid duplication between completeRequest and ChatCompletionStream.

core/providers/vertex.go (2)

188-196: Minor inconsistency in error message.

-				Message: "region is not set in meta config",
+				Message: "region is not set",

The error message references "meta config" but meta configs have been removed in favor of key-level configs.

---

407-414: Same inconsistency in error message.

-				Message: "region is not set in meta config",
+				Message: "region is not set",

♻️ Duplicate comments (3)

transports/bifrost-http/ui/plugins/index.txt (1)

19-20: Same hashed‐CSS concern as main index page

The plugins page now relies on the same
e2d791eafd0cc299.css. Please ensure the file is present and shipped
with the release artefacts (see earlier verification script).

transports/bifrost-http/ui/404.html (1)

1-1: Verify 404 page picks up new stylesheet

The 404 page also switched to
e2d791eafd0cc299.css. A missing file here will render the error page
without styles, which is user-visible.

transports/bifrost-http/ui/mcp-clients/index.txt (1)

19-20: CSS fingerprint same remark

Again, just make sure the CSS file is committed and deployed.

[coderabbitai]

Actionable comments posted: 4

🔭 Outside diff range comments (4)

core/providers/azure.go (2)

188-223: Fix typo in error message.

There's a typo in the error message that should be corrected.

-					Message: fmt.Sprintf("deployment if not found for model %s", model),
+					Message: fmt.Sprintf("deployment not found for model %s", model),

---

499-555: Fix typo and consider refactoring duplicate validation logic.

The same typo exists here as in the completeRequest method. Additionally, there's significant duplication of validation logic between completeRequest and ChatCompletionStream.

-					Message: fmt.Sprintf("deployment not found for model %s", model),
+					Message: fmt.Sprintf("deployment not found for model %s", model),

Consider extracting the Azure configuration validation into a helper method to reduce duplication:

func (provider *AzureProvider) validateAzureConfig(key schemas.Key, model string) (endpoint string, deployment string, apiVersion string, err *schemas.BifrostError) {
    if key.AzureKeyConfig == nil {
        return "", "", "", &schemas.BifrostError{
            IsBifrostError: false,
            Error: schemas.ErrorField{
                Message: "azure key config not set",
            },
        }
    }
    
    if key.AzureKeyConfig.Endpoint == "" {
        return "", "", "", &schemas.BifrostError{
            IsBifrostError: false,
            Error: schemas.ErrorField{
                Message: "endpoint not set",
            },
        }
    }
    
    if key.AzureKeyConfig.Deployments == nil {
        return "", "", "", &schemas.BifrostError{
            IsBifrostError: false,
            Error: schemas.ErrorField{
                Message: "deployments not set",
            },
        }
    }
    
    deployment = key.AzureKeyConfig.Deployments[model]
    if deployment == "" {
        return "", "", "", &schemas.BifrostError{
            IsBifrostError: false,
            Error: schemas.ErrorField{
                Message: fmt.Sprintf("deployment not found for model %s", model),
            },
        }
    }
    
    apiVersionPtr := key.AzureKeyConfig.APIVersion
    if apiVersionPtr == nil {
        apiVersionPtr = StrPtr("2024-02-01")
    }
    
    return key.AzureKeyConfig.Endpoint, deployment, *apiVersionPtr, nil
}

core/providers/vertex.go (2)

188-196: Fix error message to reflect key config instead of meta config.

The error message references "meta config" but should reference the key configuration since meta configs have been removed.

-				Message: "region is not set in meta config",
+				Message: "region is not set in key config",

---

406-414: Fix error message consistency in streaming method.

Same issue as in ChatCompletion - the error message should reference key config instead of meta config.

-				Message: "region is not set in meta config",
+				Message: "region is not set in key config",

♻️ Duplicate comments (7)

transports/bifrost-http/lib/config.go (1)

21-21: Avoid over-specifying the identifier type

The comment still states “UUIDs”, but schemas.Key.ID is only required to be unique, not specifically a UUID. The earlier review raised this; please update the wording.

-	Keys                     []schemas.Key                     `json:"keys"`                                  // API keys for the provider with UUIDs
+	Keys                     []schemas.Key                     `json:"keys"`                                  // API keys for the provider; each key has its own unique ID

transports/bifrost-http/ui/index.html (1)

1-1: (Optional) add SRI for static assets

All fingerprinted assets (CSS/JS) are still shipped without integrity attributes, leaving clients unprotected against CDN tampering. Same comment as before.

docs/usage/http-transport/configuration/providers.md (1)

190-203: Same region vs location mismatch for Vertex block

See previous comment – update to whichever name the schema finally settles on.

docs/usage/http-transport/openapi.json (1)

2337-2381: Acknowledge the previous review comment about extracting inline schemas.

The previous review comment about promoting azure_key_config and vertex_key_config to reusable component schemas is still valid and applicable to these changes. Extracting these to top-level component schemas would improve maintainability and provide better type safety.

docs/usage/providers.md (1)

371-386: Fix field name inconsistency in Vertex configuration.

The Vertex configuration example uses Location but should use Region to match the actual schema field name.

                VertexKeyConfig: &schemas.VertexKeyConfig{
                    ProjectID: "your-project-id",
-                   Location:  "us-central1",
+                   Region:    "us-central1",
                    AuthCredentials: os.Getenv("VERTEX_AUTH_CREDENTIALS"), // Or read from file
                },

transports/bifrost-http/handlers/providers.go (1)

407-493: Add validation for required fields in Azure/Vertex configurations.

After merging keys, validate that required fields (e.g., Azure endpoint, Vertex project ID) are not empty to prevent runtime errors.

core/providers/vertex.go (1)

31-52: Consider implementing pool size limits or TTL-based eviction.

The client pooling implementation is well-designed with SHA-256 cache keys and error-based eviction. However, as previously noted, consider adding pool size limits or TTL-based eviction to prevent unbounded memory growth in long-running services.

[coderabbitai]

Actionable comments posted: 4

🔭 Outside diff range comments (2)

transports/bifrost-http/handlers/completions.go (1)

92-92: Consider using strings.SplitN for consistency.

The fallback parsing still uses strings.Split which could face the same issue as the main model parsing if fallback model names contain forward slashes.

-		fallbackModel := strings.Split(fallback, "/")
+		fallbackModel := strings.SplitN(fallback, "/", 2)

docs/usage/http-transport/openapi.json (1)

2320-2337: Consider marking id as format: uuid (optional).

If the new Key.ID is meant to be a UUID, adding

"format": "uuid",
"example": "8e7b91b9-765d-4ef5-a1f5-8d3b0d5b6b4c"

helps client validation and docs.

♻️ Duplicate comments (11)

transports/bifrost-http/lib/config.go (1)

21-21: Comment still over-specifies “UUIDs”
The schemas.Key.ID field is only documented as a unique identifier; callers are free to use any scheme. Replace “UUIDs” with “unique IDs” to avoid misleading integrators.

-	Keys                     []schemas.Key                     `json:"keys"`                                  // API keys for the provider with UUIDs
+	Keys                     []schemas.Key                     `json:"keys"`                                  // API keys for the provider; each key carries its own unique ID

transports/bifrost-http/ui/index.html (1)

1-1: Still missing SRI integrity attribute on stylesheet link

Same nitpick as previously raised – please consider adding an integrity attribute for stronger supply-chain safety.

transports/bifrost-http/ui/404.html (1)

1-1: Repeat: add SRI on external stylesheet

The stylesheet reference continues to ship without an integrity hash; see earlier feedback.

transports/config.example.json (1)

140-150: Missing required value field in Vertex key configuration.

The Vertex key configuration is missing the mandatory value field that the schemas.Key structure requires for identification and hashing purposes.

Please add the value field to the Vertex key configuration:

       {
+        "value": "",
         "models": ["gemini-2.0-flash-001"],
         "weight": 1.0,
         "vertex_key_config": {
           "project_id": "env.VERTEX_PROJECT_ID",
           "region": "us-central1",
           "auth_credentials": "env.VERTEX_CREDENTIALS"
         }
       }

docs/usage/http-transport/integrations/genai-compatible.md (2)

547-556: Same region vs location mismatch as previously flagged
See earlier comment – update to "location" for consistency with the actual config schema.

---

618-626: Ditto – please rename region to location here as well
Keeping both terms in docs will confuse users.

transports/bifrost-http/ui/_next/static/css/e2d791eafd0cc299.css (1)

1-1: Non-standard “in oklab” gradient still lacks a fallback
The .bg-gradient-to-r declaration keeps background-image: linear-gradient(var(--tw-gradient-stops)) with --tw-gradient-position: to right in oklab;. Browsers that haven’t shipped in oklab (e.g. Firefox ≤ 127, Safari ≤ 17) will drop the whole rule. Please prepend a standard direction fallback before the custom-property version in your source CSS/Tailwind pipeline:

.bg-gradient-to-r{
+  /* Fallback for browsers without “in oklab” support */
+  background-image: linear-gradient(to right, var(--tw-gradient-stops));
   --tw-gradient-position: to right in oklab;
   background-image: linear-gradient(var(--tw-gradient-stops));
}

That ensures graceful degradation while keeping the advanced color-space for supporting engines.

docs/usage/http-transport/openapi.json (1)

2337-2381: Inline provider-specific configs duplicate schema & lack additionalProperties: false

azure_key_config and vertex_key_config are defined inline again, repeating ~40 lines and allowing silent typos. A top-level component schema keeps the Key object concise and gives generators reusable types.

-          "azure_key_config": {
-            "type": "object",
-            "properties": {
-              ...
-            },
-            "description": "Azure key configuration"
-          },
+          "azure_key_config": { "$ref": "#/components/schemas/AzureKeyConfig" },

-          "vertex_key_config": {
-            "type": "object",
-            "properties": {
-              ...
-            },
-            "description": "Vertex key configuration"
-          }
+          "vertex_key_config": { "$ref": "#/components/schemas/VertexKeyConfig" }

Add corresponding component schemas alongside others:

"AzureKeyConfig": {
  "type": "object",
  "additionalProperties": false,
  "properties": {
    "endpoint":    { "type": "string" },
    "deployments": {
      "type": "object",
      "additionalProperties": { "type": "string" }
    },
    "api_version": { "type": "string" }
  }
},
"VertexKeyConfig": {
  "type": "object",
  "additionalProperties": false,
  "properties": {
    "project_id":       { "type": "string" },
    "region":           { "type": "string" },
    "auth_credentials": { "type": "string" }
  }
}

This mirrors the UI/Go structs, eliminates duplication, and prevents stray fields.

docs/usage/providers.md (1)

371-405: LGTM: Vertex configuration updated correctly and past issues addressed.

The Vertex configuration has been properly updated to use key-level configuration with VertexKeyConfig. The structure correctly embeds Vertex-specific settings (project_id, region, auth_credentials) within each key. The previous field name inconsistency between Location and Region has been resolved.

transports/bifrost-http/handlers/providers.go (1)

407-493: Add nil checks to prevent potential panics in nested config handling.

The code assumes oldRedactedKeys[i] has the same structure as updateKey, but if the old key doesn't have AzureKeyConfig or VertexKeyConfig while the update does, accessing fields will cause a nil pointer dereference.

Apply this diff to add nil checks:

 // Handle Azure config redacted values
 if updateKey.AzureKeyConfig != nil && oldRedactedKeys[i].AzureKeyConfig != nil {
     if lib.IsRedacted(updateKey.AzureKeyConfig.Endpoint) &&
         (!strings.HasPrefix(updateKey.AzureKeyConfig.Endpoint, "env.") ||
             !strings.EqualFold(updateKey.AzureKeyConfig.Endpoint, oldRedactedKeys[i].AzureKeyConfig.Endpoint)) {
         mergedKey.AzureKeyConfig.Endpoint = oldRawKey.AzureKeyConfig.Endpoint
     }
     if updateKey.AzureKeyConfig.APIVersion != nil {
+        if oldRedactedKeys[i].AzureKeyConfig.APIVersion != nil {
             if lib.IsRedacted(*updateKey.AzureKeyConfig.APIVersion) &&
                 (!strings.HasPrefix(*updateKey.AzureKeyConfig.APIVersion, "env.") ||
                     !strings.EqualFold(*updateKey.AzureKeyConfig.APIVersion, *oldRedactedKeys[i].AzureKeyConfig.APIVersion)) {
                 mergedKey.AzureKeyConfig.APIVersion = oldRawKey.AzureKeyConfig.APIVersion
             }
+        }
     }
 }

 // Handle Vertex config redacted values
 if updateKey.VertexKeyConfig != nil && oldRedactedKeys[i].VertexKeyConfig != nil {
     if lib.IsRedacted(updateKey.VertexKeyConfig.ProjectID) &&
         (!strings.HasPrefix(updateKey.VertexKeyConfig.ProjectID, "env.") ||
             !strings.EqualFold(updateKey.VertexKeyConfig.ProjectID, oldRedactedKeys[i].VertexKeyConfig.ProjectID)) {
         mergedKey.VertexKeyConfig.ProjectID = oldRawKey.VertexKeyConfig.ProjectID
     }
     if lib.IsRedacted(updateKey.VertexKeyConfig.Region) &&
         (!strings.HasPrefix(updateKey.VertexKeyConfig.Region, "env.") ||
             !strings.EqualFold(updateKey.VertexKeyConfig.Region, oldRedactedKeys[i].VertexKeyConfig.Region)) {
         mergedKey.VertexKeyConfig.Region = oldRawKey.VertexKeyConfig.Region
     }
     if lib.IsRedacted(updateKey.VertexKeyConfig.AuthCredentials) &&
         (!strings.HasPrefix(updateKey.VertexKeyConfig.AuthCredentials, "env.") ||
             !strings.EqualFold(updateKey.VertexKeyConfig.AuthCredentials, oldRedactedKeys[i].VertexKeyConfig.AuthCredentials)) {
         mergedKey.VertexKeyConfig.AuthCredentials = oldRawKey.VertexKeyConfig.AuthCredentials
     }
 }

core/providers/vertex.go (1)

31-52: Client pool implementation looks good.

The use of SHA-256 for secure cache keys and sync.Map for thread-safe storage is well-designed. The eviction strategy on auth/network errors helps maintain pool health by preventing reuse of invalid clients.