prerelease 2 cut

[akshaydeo]

Release v1.5.1 and v1.3.1

This release bumps versions across all components and includes significant new features, bug fixes, and improvements to the platform.

Changes

• Version Updates: Bumped core to v1.5.1, framework to v1.3.1, and updated all plugin versions accordingly
• Fireworks AI Provider: Added Fireworks AI as a first-class provider with native support for completions, embeddings, and image generation
• Realtime Support: Added WebSocket, WebRTC interfaces, session log storage, and realtime request normalization
• OAuth Enhancements: Implemented per-user OAuth consent flow with identity selection and MCP authentication
• Access Control: Added access profiles for fine-grained permission control and path whitelisting from security config
• Bedrock Improvements: Added embeddings, image generation, edit and variation support; fixed tool choice conversion and streaming retry logic
• Model Catalog: Fixed pricing resolution to prioritize resolved models over requested models in override matching
• Migration Support: Added whitelisted_routes_json column handling in PostgreSQL migration tests
• EnvVar Security: Added auto-redaction of env-backed values in JSON serialization and IsSet method
• Tracking Fields: Added support for userId, teamId, customerId, and businessUnitId tracking
• MCP Fixes: Corrected MCP tool log capture and added empty arguments guard in bedrock utils

Type of change

• Feature
• Bug fix
• Chore/CI

Affected areas

• Core (Go)
• Transports (HTTP)
• Providers/Integrations
• Plugins

How to test

# Core/Transports
go version
go test ./...

# Verify migration script changes
./.github/workflows/scripts/run-migration-tests.sh

# Test new Fireworks AI provider
# Configure Fireworks AI credentials and test completions endpoint

# Test realtime features
# Set up WebSocket connections and verify session handling

# Test OAuth flow
# Configure OAuth providers and test per-user consent flow

Breaking changes

• Yes
• No

Security considerations

• Auto-redaction of environment-backed values in EnvVar JSON serialization improves secret handling
• Path whitelisting from security config enhances request filtering
• Per-user OAuth consent flow improves authentication security

Checklist

• I read docs/contributing/README.md and followed the guidelines
• I added/updated tests where appropriate
• I updated documentation where needed
• I verified builds succeed (Go and UI)
• I verified the CI pipeline passes locally if applicable

[akshaydeo]

• prerelease 2 cut #2568 👈 (View in Graphite)
• v1.5.0

This stack of pull requests is managed by Graphite. Learn more about stacking.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: da8c531c-ef7f-4205-87cb-97872d2e0760

📥 Commits

Reviewing files that changed from the base of the PR and between a8311d8 and befc659.

📒 Files selected for processing (31)

• .github/workflows/scripts/run-migration-tests.sh
• core/changelog.md
• core/version
• framework/changelog.md
• framework/modelcatalog/overrides_test.go
• framework/modelcatalog/pricing_test.go
• framework/version
• plugins/governance/changelog.md
• plugins/governance/version
• plugins/jsonparser/changelog.md
• plugins/jsonparser/version
• plugins/litellmcompat/changelog.md
• plugins/litellmcompat/version
• plugins/logging/changelog.md
• plugins/logging/version
• plugins/maxim/changelog.md
• plugins/maxim/version
• plugins/mocker/changelog.md
• plugins/mocker/version
• plugins/otel/changelog.md
• plugins/otel/version
• plugins/prompts/changelog.md
• plugins/prompts/version
• plugins/semanticcache/changelog.md
• plugins/semanticcache/version
• plugins/telemetry/changelog.md
• plugins/telemetry/version
• transports/changelog.md
• transports/version
• ui/app/_fallbacks/enterprise/components/user-groups/businessUnitsView.tsx
• ui/components/sidebar.tsx

---

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Per-user OAuth consent with identity selection and MCP auth
  • Realtime support and session logging; Fireworks AI provider and Prompts plugin
  • Bedrock: embeddings plus image generation/edit/variation
  • Tracking for userId, teamId, customerId, businessUnitId; path whitelisting

• Bug Fixes

  • Improved migration compatibility for whitelisted routes on Postgres
  • Better streaming/retry behavior, provider endpoint fixes, and logging/tool fixes
  • Minor UI text updates (sidebar and business-units view)

Walkthrough

This PR bumps core/framework/plugin versions, updates multiple changelogs, adds a runtime-gated PostgreSQL migration step to initialize config_client.whitelisted_routes_json, and renames/adjusts two pricing-related unit tests to reflect resolved-model precedence.

Changes

Cohort / File(s)	Summary
Migration Schema Update ​.github/workflows/scripts/run-migration-tests.sh	Added a runtime-gated check in append_dynamic_columns_postgres() to append UPDATE config_client SET whitelisted_routes_json = '[]' WHERE id = 1; when config_client.whitelisted_routes_json exists.
Pricing Model Tests framework/modelcatalog/overrides_test.go, framework/modelcatalog/pricing_test.go	Renamed tests and adjusted assertions/comments to reflect that pricing lookup prioritizes the resolved/deployment model over the originally requested model.
Core & Framework Versions core/version, framework/version	Version bumps: core 1.5.0 → 1.5.1, framework 1.3.0 → 1.3.1.
Plugin Versions plugins/.../version plugins/governance/version, plugins/jsonparser/version, plugins/litellmcompat/version, plugins/logging/version, plugins/maxim/version, plugins/mocker/version, plugins/otel/version, plugins/prompts/version, plugins/semanticcache/version, plugins/telemetry/version	Updated many plugin version files (mostly 1.5.0 → 1.5.1; others: litellmcompat 0.1.0→0.1.1, maxim 1.6.0→1.6.1, otel 1.2.0→1.2.1, prompts 1.0.0→1.0.1).
Changelog Updates core/changelog.md, framework/changelog.md, transports/changelog.md, plugins/*/changelog.md	Expanded and updated release notes across core, framework, transports, and plugins documenting new features (realtime, prompts plugin, OAuth flow, Bedrock, path whitelisting, tracking IDs, etc.) and numerous fixes.
UI Text Changes ui/app/_fallbacks/enterprise/components/user-groups/businessUnitsView.tsx, ui/components/sidebar.tsx	Minor UI text/icon updates: adjusted ContactUsView title/icon and renamed sidebar menu title/description for MCP Gateway entry.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• danpiths

Poem

🐰 I hop through changelogs, versioned bright,
A tiny migration step tucked in the night,
Tests now favor the model that’s resolved,
Plugins and patches neatly evolved,
Hooray — a patch release takes flight! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'prerelease 2 cut' accurately reflects the PR's main purpose: preparing and releasing a prerelease version increment, which aligns with the systematic version bumps across all components.
Description check	✅ Passed	The PR description comprehensively follows the template with all major sections completed: Summary, Changes, Type of change, Affected areas, How to test, Breaking changes, Security considerations, and Checklist all properly filled out with detailed information.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 04-08-prerelease_2_cut

Warning

Review ran into problems

🔥 Problems

Timed out fetching pipeline failures after 30000ms

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Pratham-Mishra04]

Model alias and routing rule chaining

[greptile-apps]

Confidence Score: 5/5

Safe to merge — all findings are P2; no active tests are broken and no runtime behavior is affected.

The bulk of the PR is version bumps and changelogs. The two substantive findings are both P2: skipped tests with incorrect assertions (no CI impact until t.Skip() is removed) and a minor SQLite migration coverage gap. UI and migration script changes are additive and low risk.

framework/modelcatalog/overrides_test.go — skipped tests need pointer-dereference fixes before they can be unskipped.

Vulnerabilities

No security concerns identified. The EnvVar auto-redaction improvement and path whitelisting feature both improve the security posture. No new secrets exposure, injection risks, or auth bypass patterns were introduced in the changed files.

Important Files Changed

Filename	Overview
framework/modelcatalog/overrides_test.go	New pricing override tests; several skipped tests contain incorrect assertions that compare float64 values against *float64 pointer fields without dereferencing — will fail when t.Skip() is removed.
framework/modelcatalog/pricing_test.go	New test helpers (chatPricing, makeChatResponse, etc.) — straightforward and correct.
.github/workflows/scripts/run-migration-tests.sh	Adds whitelisted_routes_json PostgreSQL dynamic-column coverage for migration tests; SQLite counterpart is absent, but mcp_disable_auto_tool_inject (same v1.5.0 group) is present in both sections, suggesting this is a minor gap.
ui/app/_fallbacks/enterprise/components/user-groups/businessUnitsView.tsx	New enterprise fallback view for Business Units — simple ContactUsView wrapper, no issues.
ui/components/sidebar.tsx	Adds Business Units entry to Governance navigation group and new compareVersions helper for semantic version comparison — logic and access control look correct.

_{Reviews (3): Last reviewed commit: "prerelease 2 cut" | Re-trigger Greptile}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[akshaydeo]

Merge activity

• Apr 8, 3:19 PM UTC: A user started a stack merge that includes this pull request via Graphite.
• Apr 8, 3:19 PM UTC: @akshaydeo merged this pull request with Graphite.