fix: minor fixes and doc additions

[Pratham-Mishra04]

Summary

Briefly explain the purpose of this PR and the problem it solves.

Changes

• What was changed and why
• Any notable design decisions or trade-offs

Type of change

• Bug fix
• Feature
• Refactor
• Documentation
• Chore/CI

Affected areas

• Core (Go)
• Transports (HTTP)
• Providers/Integrations
• Plugins
• UI (Next.js)
• Docs

How to test

Describe the steps to validate this change. Include commands and expected outcomes.

# Core/Transports
go version
go test ./...

# UI
cd ui
pnpm i || npm i
pnpm test || npm test
pnpm build || npm run build

If adding new configs or environment variables, document them here.

Screenshots/Recordings

If UI changes, add before/after screenshots or short clips.

Breaking changes

• Yes
• No

If yes, describe impact and migration instructions.

Related issues

Link related issues and discussions. Example: Closes #123

Security considerations

Note any security implications (auth, secrets, PII, sandboxing, etc.).

Checklist

• I read docs/contributing/README.md and followed the guidelines
• I added/updated tests where appropriate
• I updated documentation where needed
• I verified builds succeed (Go and UI)
• I verified the CI pipeline passes locally if applicable

[Pratham-Mishra04]

• fix: minor fixes and doc additions #2562 👈 (View in Graphite)
• feat: add per-user OAuth consent flow with identity selection and MCP authentication #2552 : 1 other dependent PR (#2564 )
• v1.5.0

This stack of pull requests is managed by Graphite. Learn more about stacking.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 013c943a-d417-4a68-b1a8-6a001b64763b

📥 Commits

Reviewing files that changed from the base of the PR and between 4bceac5 and 0a0cb9b.

⛔ Files ignored due to path filters (1)

• docs/media/ui-mcp-allowed-extra-headers.png is excluded by !**/*.png

📒 Files selected for processing (12)

• core/providers/bedrock/bedrock.go
• core/providers/openai/openai.go
• docs/mcp/connecting-to-servers.mdx
• docs/openapi/openapi.json
• docs/providers/aliasing-models.mdx
• docs/providers/request-options.mdx
• docs/providers/routing-rules.mdx
• transports/bifrost-http/handlers/oauth2_consent.go
• transports/bifrost-http/handlers/providers.go
• ui/app/workspace/mcp-registry/views/mcpClientSheet.tsx
• ui/app/workspace/virtual-keys/views/virtualKeyDetailsSheet.tsx
• ui/app/workspace/virtual-keys/views/virtualKeySheet.tsx

---

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Added capability to forward incoming request headers to MCP servers with per-client allowlist (v1.5.0-prerelease1+).

• UI/UX Improvements

  • Colored badges for permission states for clearer summaries.
  • "Allowed Extra Headers" input now edits on blur with normalized parsing.
  • MCP client default now allows all tools; Escape closes config sheets.
  • Login identity input improved (spellcheck/autocapitalize/autocorrect disabled).

• Documentation

  • Added comprehensive header-forwarding guides and version notes for static aliasing and rule chaining.

Walkthrough

Removed provider-name prefixing from several stream error messages; documented per-client MCP header forwarding (allowed_extra_headers and BifrostContextKeyMCPExtraHeaders); tightened MCP client UI input handling and defaults; replaced muted permission labels with colored badges; removed a catalog-aware model-matching helper.

Changes

Cohort / File(s)	Summary
Stream error handling core/providers/bedrock/bedrock.go, core/providers/openai/openai.go	Removed provider-name usage from stream error/exception messages and one extra-fields assignment; small whitespace adjustment in OpenAI streaming handler.
MCP header forwarding docs & request option docs/mcp/connecting-to-servers.mdx, docs/providers/request-options.mdx	Added documentation for forwarding incoming headers to MCP servers via per-client allowed_extra_headers and documented BifrostContextKeyMCPExtraHeaders context key with examples.
Docs: version notices docs/providers/aliasing-models.mdx, docs/providers/routing-rules.mdx	Inserted informational notices indicating feature availability in v1.5.0-prerelease2 (aliasing, rule chaining).
Model filtering helper removal transports/bifrost-http/handlers/providers.go	Deleted keyModelListAllowsModel helper and adjusted model-filtering call sites to rely on keyAllowsModelForList (catalog-aware alias matching removed from this path).
MCP client UI input handling ui/app/workspace/mcp-registry/views/mcpClientSheet.tsx	Added allowedExtraHeadersRaw state with useEffect sync; switched parsing/normalization of comma-separated headers to occur onBlur instead of onChange.
Virtual key UI & defaults ui/app/workspace/virtual-keys/views/virtualKeyDetailsSheet.tsx, ui/app/workspace/virtual-keys/views/virtualKeySheet.tsx	Replaced muted text with colored Badge components for permission summaries; changed new MCP client tools_to_execute default from [] to ["*"]; updated sheet Escape handling to close on Escape.
OAuth2 consent input UX tweak transports/bifrost-http/handlers/oauth2_consent.go	Added spellcheck="false", autocapitalize="none", autocorrect="off" to the User ID input on the identity selection page.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Client
participant Gateway as MCP Gateway
participant MCP as MCP Server
Client->>Gateway: Request with extra headers (BifrostContextKeyMCPExtraHeaders)
Gateway->>Gateway: Filter headers against client.allowed_extra_headers
Gateway-->>MCP: Forward request with filtered headers + static auth headers
MCP-->>Gateway: Tool execution response
Gateway-->>Client: Return result

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nudge headers through the grassy way,
Streams speak clearer, names tucked away,
Badges bloom where choices lay,
Tools open wide for work and play,
Docs whisper how to forward each day.

🚥 Pre-merge checks | ❌ 5

❌ Failed checks (3 warnings, 2 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is entirely blank/template-only with no filled-in content; Summary, Changes, and specific details are missing.	Complete the description by summarizing the purpose, listing actual changes made across Go files and UI components, specifying change types, and checking affected areas.
Linked Issues check	⚠️ Warning	The PR changes do not address the linked issue #123 (Files API Support); instead, the changes focus on stream error message formatting, MCP header forwarding, and UI badge styling updates.	Either implement the Files API Support requirements from issue #123 or remove/update the linked issue reference to match the actual PR objectives.
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	Title is vague and generic, using non-descriptive terms ('minor fixes', 'doc additions') that don't convey specific information about the actual changeset.	Provide a more specific title describing the primary changes, e.g., 'Remove provider name from stream error messages and update MCP header forwarding docs'.
Out of Scope Changes check	❓ Inconclusive	Multiple changes appear disconnected from any single cohesive objective: Bedrock stream error formatting, OpenAI formatting, extensive MCP documentation, virtual key UI styling, and model aliasing notes lack clear unifying purpose.	Clarify the PR's primary objective in the description and explain how each change group contributes to that goal, or consider splitting into focused PRs.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 04-08-fix_minor_fixes_and_doc_additions

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Confidence Score: 5/5

Safe to merge — all findings are P2 style suggestions with no blocking correctness issues.

The only finding is a P2 edge case in the allowed_extra_headers input where Enter-key form submission could miss in-flight edits; the primary button-click path works correctly. All other changes (docs, VK details sheet, Go provider fixes) are clean.

ui/app/workspace/mcp-registry/views/mcpClientSheet.tsx — onBlur-only form field update for allowed_extra_headers

Vulnerabilities

No security concerns identified. HTML-escaped output (html.EscapeString) is applied consistently in oauth2_consent.go before embedding user-supplied flow_id and error values in HTML responses. The allowed_extra_headers feature in mcpClientSheet.tsx is UI-only configuration and is gated server-side by the per-client allowlist.

Important Files Changed

Filename	Overview
ui/app/workspace/mcp-registry/views/mcpClientSheet.tsx	Adds Allowed Extra Headers UI field; uses onBlur-only pattern for parsing the comma-separated input into the form array, which can miss updates on Enter-key submission.
ui/app/workspace/virtual-keys/views/virtualKeyDetailsSheet.tsx	New read-only detail sheet showing VK status, provider configs, MCP client configs, budgets, and rate limits; implementation looks correct.
ui/app/workspace/virtual-keys/views/virtualKeySheet.tsx	Minor updates to MCP config section and VK form; wildcard tool selection logic is correct.
transports/bifrost-http/handlers/oauth2_consent.go	OAuth per-user consent flow handler; input is properly HTML-escaped, flow expiry and browser-secret validation are applied consistently across all endpoints.
docs/mcp/connecting-to-servers.mdx	New Forwarding Request Headers to MCP Servers section documenting allowed_extra_headers; content is accurate and matches implementation.
core/providers/bedrock/bedrock.go	Minor fix to Bedrock provider; transport, signing, and retry logic appear correct.
core/providers/openai/openai.go	Minor fix to OpenAI provider; client setup, URL construction, and store disable logic look correct.

_{Reviews (2): Last reviewed commit: "fix: minor fixes and doc additions" | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

core/providers/bedrock/bedrock.go (2)

1228-1242: ⚠️ Potential issue | 🟡 Minor

Error message format inconsistent with TextCompletionStream.

This error message no longer includes the provider name prefix ("stream %s: %s"), while TextCompletionStream at line 1000 still uses "%s stream %s: %s" with providerName. The retryable error at line 996 in TextCompletionStream also still includes the provider name in the message.

This inconsistency affects both logging/debugging and error message formats returned to callers.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@core/providers/bedrock/bedrock.go` around lines 1228 - 1242, The error
message created in the streaming error path uses fmt.Errorf("stream %s: %s",
excType, errMsg) and thus omits the provider name, causing inconsistency with
TextCompletionStream which formats messages as "%s stream %s: %s"; update the
error construction in the streaming path to include the provider name prefix
(same format used by TextCompletionStream) so both the
retryableBedrockExceptions branch (where ProcessAndSendBifrostError is called)
and the else branch (ProcessAndSendError) emit messages like "%s stream %s: %s"
using the same provider identifier (e.g., providerName or provider.Name) to keep
logging and returned error formats consistent.

---

1572-1600: ⚠️ Potential issue | 🟡 Minor

Same inconsistency as ChatCompletionStream.

These changes mirror the ChatCompletionStream changes but leave TextCompletionStream with the old format including provider name. All three streaming methods should use the same error formatting approach for maintainability.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@core/providers/bedrock/bedrock.go` around lines 1572 - 1600, The
TextCompletionStream error formatting is inconsistent with ChatCompletionStream:
locate the code that builds the error from message.Headers (symbols:
message.Headers, excType, errMsg) inside the TextCompletionStream handling and
change the error construction so it does not prepend the provider/stream label;
format the error as "<exception-type>: <message>" (same approach as
ChatCompletionStream) before passing it to
providerUtils.ProcessAndSendError/ProcessAndSendBifrostError so all three
streaming methods use the same error format.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@core/providers/bedrock/bedrock.go`:
- Line 1200: The warning in the EventStream log currently omits the provider
context; update the log call at provider.logger.Warn("Error decoding EventStream
message: %v", err) to include the provider name (e.g.,
provider.logger.Warn("error decoding %s EventStream message: %v", providerName,
err)) so it matches the format used in TextCompletionStream, and review the
other streaming error logs (TextCompletionStream and the similar messages around
the existing decode errors) to ensure all streaming error logs consistently
include providerName and use the same message casing/format.

In `@ui/app/workspace/virtual-keys/views/virtualKeySheet.tsx`:
- Around line 324-327: The current new client creation sets tools_to_execute:
["*"] which grants full tool access by default; change newConfig (the object
with mcp_client_name and tools_to_execute in virtualKeySheet.tsx) to use a
deny-by-default value (e.g., an empty array or omit tools_to_execute) so newly
created MCP clients have no tools until explicitly selected, and update any
downstream usage that expects tools_to_execute by treating empty/undefined as
"no permissions" rather than "all permissions."

---

Outside diff comments:
In `@core/providers/bedrock/bedrock.go`:
- Around line 1228-1242: The error message created in the streaming error path
uses fmt.Errorf("stream %s: %s", excType, errMsg) and thus omits the provider
name, causing inconsistency with TextCompletionStream which formats messages as
"%s stream %s: %s"; update the error construction in the streaming path to
include the provider name prefix (same format used by TextCompletionStream) so
both the retryableBedrockExceptions branch (where ProcessAndSendBifrostError is
called) and the else branch (ProcessAndSendError) emit messages like "%s stream
%s: %s" using the same provider identifier (e.g., providerName or provider.Name)
to keep logging and returned error formats consistent.
- Around line 1572-1600: The TextCompletionStream error formatting is
inconsistent with ChatCompletionStream: locate the code that builds the error
from message.Headers (symbols: message.Headers, excType, errMsg) inside the
TextCompletionStream handling and change the error construction so it does not
prepend the provider/stream label; format the error as "<exception-type>:
<message>" (same approach as ChatCompletionStream) before passing it to
providerUtils.ProcessAndSendError/ProcessAndSendBifrostError so all three
streaming methods use the same error format.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 384a208d-d20a-465f-aa19-56afb412c63f

📥 Commits

Reviewing files that changed from the base of the PR and between e98feeb and 4bceac5.

⛔ Files ignored due to path filters (1)

• docs/media/ui-mcp-allowed-extra-headers.png is excluded by !**/*.png

📒 Files selected for processing (11)

• core/providers/bedrock/bedrock.go
• core/providers/openai/openai.go
• docs/mcp/connecting-to-servers.mdx
• docs/openapi/openapi.json
• docs/providers/aliasing-models.mdx
• docs/providers/request-options.mdx
• docs/providers/routing-rules.mdx
• transports/bifrost-http/handlers/providers.go
• ui/app/workspace/mcp-registry/views/mcpClientSheet.tsx
• ui/app/workspace/virtual-keys/views/virtualKeyDetailsSheet.tsx
• ui/app/workspace/virtual-keys/views/virtualKeySheet.tsx

💤 Files with no reviewable changes (1)

• transports/bifrost-http/handlers/providers.go

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[akshaydeo]

Merge activity

• Apr 8, 1:28 PM UTC: A user started a stack merge that includes this pull request via Graphite.
• Apr 8, 1:30 PM UTC: Graphite couldn't merge this PR because it had merge conflicts.
• Apr 8, 1:58 PM UTC: A user started a stack merge that includes this pull request via Graphite.
• Apr 8, 1:59 PM UTC: @akshaydeo merged this pull request with Graphite.

The base branch was changed.