chore: standardize model allowlist configuration with wildcard default in all tests

[Pratham-Mishra04]

Summary

This PR standardizes model access control by replacing empty model arrays with explicit wildcard notation (["*"]) throughout the codebase. This change improves clarity and consistency in how "allow all models" is represented across configuration files, tests, and code.

Changes

• Updated all configuration files to use "models": ["*"] instead of empty arrays or missing model specifications
• Modified test utilities and mock data to consistently use schemas.WhiteList{"*"} for unrestricted model access
• Added allowed_models and key_ids fields with ["*"] values to provider configurations in governance tests
• Updated Go SDK documentation to reflect the new wildcard syntax
• Enhanced Redis vector store constructor to eagerly verify connectivity for consistency with other store implementations
• Refactored UI provider update logic to use a centralized buildProviderUpdatePayload utility function

Type of change

• Refactor
• Bug fix
• Feature
• Documentation
• Chore/CI

Affected areas

• Core (Go)
• Transports (HTTP)
• Providers/Integrations
• Plugins
• UI (Next.js)
• Docs

How to test

Validate that existing functionality remains unchanged while using the new wildcard notation:

# Core/Transports
go version
go test ./...

# UI
cd ui
pnpm i || npm i
pnpm test || npm test
pnpm build || npm run build

# Test governance scenarios
go test ./tests/governance/...

# Test semantic cache functionality
go test ./plugins/semanticcache/...

Verify that configurations with ["*"] model specifications work identically to previous empty array behavior.

Screenshots/Recordings

N/A - This is a refactoring change with no visible UI modifications.

Breaking changes

• Yes
• No

This change maintains backward compatibility while establishing a clearer convention for model access control.

Related issues

N/A

Security considerations

This change improves security clarity by making model access permissions explicit rather than implicit through empty arrays.

Checklist

• I read docs/contributing/README.md and followed the guidelines
• I added/updated tests where appropriate
• I updated documentation where needed
• I verified builds succeed (Go and UI)
• I verified the CI pipeline passes locally if applicable

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
0 out of 2 committers have signed the CLA.

❌ akshaydeo
❌ Pratham-Mishra04
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[Pratham-Mishra04]

• chore: standardize model allowlist configuration with wildcard default in all tests #2453 👈 (View in Graphite)
• helm chart upgrade --skip-pipeline #2452
• v1.5.0

This stack of pull requests is managed by Graphite. Learn more about stacking.

[coderabbitai]

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 20cd14bf-d7ff-4eb6-bc96-fb0c7efd52dc

📥 Commits

Reviewing files that changed from the base of the PR and between 39c7555 and cc3293a.

📒 Files selected for processing (39)

• .github/workflows/configs/default/config.json
• .github/workflows/configs/withpostgresmcpclientsinconfig/config.json
• core/schemas/images.go
• docs/quickstart/go-sdk/setting-up.mdx
• framework/vectorstore/redis.go
• helm-charts/bifrost/Chart.yaml
• helm-charts/bifrost/README.md
• helm-charts/bifrost/templates/_helpers.tpl
• helm-charts/bifrost/values.schema.json
• helm-charts/index.yaml
• plugins/governance/http_transport_prehook_test.go
• plugins/governance/model_provider_governance_test.go
• plugins/governance/resolver_test.go
• plugins/governance/test_utils.go
• plugins/semanticcache/plugin_core_test.go
• plugins/semanticcache/plugin_image_generation_test.go
• plugins/semanticcache/plugin_vectorstore_test.go
• plugins/semanticcache/test_utils.go
• tests/e2e/api/collections/bifrost-v1-vk-auth.postman_collection.json
• tests/e2e/api/collections/bifrost-v1-vk-routing.postman_collection.json
• tests/e2e/core/fixtures/test-data.fixture.ts
• tests/e2e/features/providers/providers.data.ts
• tests/e2e/features/virtual-keys/pages/virtual-keys.page.ts
• tests/e2e/features/virtual-keys/virtual-keys.data.ts
• tests/governance/advancedscenarios_test.go
• tests/governance/config.json
• tests/governance/configupdatesync_test.go
• tests/governance/e2e_test.go
• tests/governance/edgecases_test.go
• tests/governance/providerbudget_test.go
• tests/governance/ratelimit_test.go
• tests/governance/ratelimitenforcement_test.go
• tests/governance/test_utils.go
• tests/integrations/python/config.json
• tests/integrations/typescript/config.json
• transports/bifrost-http/handlers/wsresponses.go
• transports/bifrost-http/lib/config.go
• ui/app/workspace/providers/fragments/betaHeadersFormFragment.tsx
• ui/app/workspace/providers/fragments/openaiConfigFormFragment.tsx

 ________________________________________________________
< Congrats on shipping. Unfortunately, you shipped *it*. >
 --------------------------------------------------------
  \
   \   \
        \ /\
        ( )
      .( o ).

📝 Walkthrough

Walkthrough

This PR standardizes provider/model/key allowlisting by replacing empty-model arrays with explicit wildcards (["*"]) across configs, tests, fixtures, and runtime key representations; adds key_ids where applicable; plus small runtime changes: eager Redis ping and image-response model backfill helper.

Changes

Cohort / File(s)	Summary
Config files & test integrations \.github/workflows/configs/.../config.json, tests/integrations/python/config.json, tests/integrations/typescript/config.json, tests/governance/config.json	Added models: ["*"] to provider key entries; added provider_configs entries with allowed_models: ["*"] and key_ids: ["*"] where applicable.
Helm chart & schema helm-charts/bifrost/Chart.yaml, helm-charts/bifrost/README.md, helm-charts/index.yaml, helm-charts/bifrost/values.schema.json, helm-charts/bifrost/templates/_helpers.tpl	Bumped chart to v2.0.15, updated README/index, expanded values schema (MCP tool-injection, allowedExtraHeaders, pricingOverrides, websocket, beta headers) and updated templates to render new fields; relaxed some required key-config constraints.
Core runtime framework/vectorstore/redis.go, core/schemas/images.go	newRedisStore now pings Redis on creation and returns an error on failure; image response backfill now populates Model from the originating image request via new unexported helper.
Governance tests & helpers plugins/governance/test_utils.go, plugins/governance/*.go (tests)	Test helpers and tests updated to express provider allowlists explicitly (e.g., buildProviderConfig("openai", []string{"*"})); ProviderConfigRequest weight changed to *float64 with new KeyIDs []string and float64Ptr helper; numerous test payloads adjusted to include AllowedModels/KeyIDs and pointer weights.
Semantic cache & transport key models plugins/semanticcache/*, transports/bifrost-http/*	Replaced empty Models slices with wildcard whitelist (schemas.WhiteList{"*"}) across semantic-cache tests and for direct/auto-detected keys in bifrost-http config/context.
E2E fixtures & virtual-key test data tests/e2e/... (fixtures, data, Postman collections, pages)	Default provider key/provider-config fixtures now use ['*'] for models/allowedModels/keyIds; ProviderConfig interface gains optional keyIds?: string[]; Postman prerequest scripts updated to include provider_configs with wildcards.
UI provider fragments ui/app/workspace/providers/fragments/*.tsx	Refactored submit handlers to call buildProviderUpdatePayload(...) directly instead of constructing intermediate ModelProvider objects.
Docs docs/quickstart/go-sdk/setting-up.mdx	Doc snippet updated to use schemas.WhiteList{"*"} in Go quickstart example.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• refactor: standardize empty array conventions for VK Provider Config Allowed Keys #2006 — Similar changes introducing/handling ["*"] wildcards and key_id allowlisting across virtual-key/provider config paths.

Suggested reviewers

• akshaydeo
• danpiths

Poem

🐰 With whiskers twitching, I celebrate this change,
Wildcards sprout where empty arrays felt strange.
From [] to ["*"], allowances now sing—
Keys and models free, let every request spring!
Asterisks hop through configs, bright and small. ✨

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 04-01-chore_test_config_fixes

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Confidence Score: 4/5

Safe to merge for the Go/config/test changes; the UI refactor has a P1 regression that silently clears OpenAI provider config on every save.

One confirmed P1 bug in the UI layer: buildProviderUpdatePayload omits openai_config from its payload, and the server unconditionally overwrites the stored value with nil. This breaks the OpenAI config form and corrupts openai_config on unrelated provider updates. All other changes (Go, config, tests) are clean and well-executed.

ui/app/workspace/providers/views/utils.ts and both fragment files that call it (openaiConfigFormFragment.tsx, betaHeadersFormFragment.tsx).

Important Files Changed

Filename	Overview
ui/app/workspace/providers/views/utils.ts	New buildProviderUpdatePayload utility is missing openai_config from its return object, causing OpenAI config to be cleared server-side on any provider update through this helper.
ui/app/workspace/providers/fragments/openaiConfigFormFragment.tsx	Refactored to use buildProviderUpdatePayload, but because that utility omits openai_config, the disable_store setting is never actually sent to the server.
ui/app/workspace/providers/fragments/betaHeadersFormFragment.tsx	Refactored to buildProviderUpdatePayload; will silently clear openai_config on any provider that has it set when beta headers are saved.
framework/vectorstore/redis.go	Adds eager Ping on construction for consistency with other vector store implementations; clean change but may cause test failures if Redis is unreachable at init time.
core/schemas/images.go	Adds model backfill for image generation responses when the provider does not return a model field; safe addition with nil guard.
tests/governance/test_utils.go	Changes Weight from float64 to *float64 in ProviderConfigRequest, adds KeyIDs field, and introduces float64Ptr helper; all usages updated consistently across governance tests.
transports/bifrost-http/handlers/wsresponses.go	Standardizes Models: []string{} to Models: schemas.WhiteList{"*"} for header-provided API keys; correct and consistent with the rest of the PR.
plugins/semanticcache/test_utils.go	Most usages correctly updated to schemas.WhiteList{"*"}, but a few helper functions still use the raw []string{"*"} type inconsistently.
tests/e2e/api/collections/bifrost-v1-vk-routing.postman_collection.json	Replaced specific model allowlist with ['*'] wildcard and added key_ids: ['*']; the previously-flagged missing comma is now correctly present.
transports/bifrost-http/lib/config.go	Auto-detected provider keys now correctly use schemas.WhiteList{"*"} instead of empty []string{}.

Comments Outside Diff (1)

1. ui/app/workspace/providers/views/utils.ts, line 6-19 (link)

   openai_config missing from update payload — silently clears existing config

   buildProviderUpdatePayload never includes openai_config in its return object. The server handler at transports/bifrost-http/handlers/providers.go (line 439) unconditionally runs:

   config.OpenAIConfig = payload.OpenAIConfig

   This means every call through this utility will overwrite the stored OpenAIConfig with nil, regardless of what the provider previously had.

   Two concrete consequences:

   1. openaiConfigFormFragment.tsx calls buildProviderUpdatePayload(provider, { openai_config: { disable_store: data.disable_store } }). Because openai_config is absent from the returned object, the new disable_store value is never sent to the server and the existing openai_config is cleared.

   2. betaHeadersFormFragment.tsx calls buildProviderUpdatePayload(provider, { network_config: {...} }). If the provider already has openai_config set (e.g. disable_store: true), it will be silently cleared whenever beta headers are saved.

   The fix is to include openai_config in the returned payload:

_{Reviews (4): Last reviewed commit: "chore: test config fixes" | Re-trigger Greptile}

[akshaydeo]

Merge activity

• Apr 1, 11:11 AM UTC: A user started a stack merge that includes this pull request via Graphite.
• Apr 1, 11:13 AM UTC: @akshaydeo merged this pull request with Graphite.