configstore

package
v1.3.16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 4, 2026 License: Apache-2.0 Imports: 35 Imported by: 4

Documentation

Overview

Package configstore provides a persistent configuration store for Bifrost.

Index

Constants

View Source 
const (
	DefaultLockTTL         = 30 * time.Second
	DefaultRetryInterval   = 100 * time.Millisecond
	DefaultMaxRetries      = 100
	DefaultCleanupInterval = 5 * time.Minute
)

Default lock configuration values

Variables

View Source 
var (
	ErrLockNotAcquired = errors.New("failed to acquire lock")
	ErrLockNotHeld     = errors.New("lock not held by this holder")
	ErrLockExpired     = errors.New("lock has expired")
	ErrEmptyLockKey    = errors.New("empty lock key")
)

Lock errors

View Source 
var ErrAlreadyExists = errors.New("already exists")
View Source 
var ErrNotFound = errors.New("not found")

Functions

func GenerateBudgetHash added in v1.1.46 

func GenerateBudgetHash(b tables.TableBudget) (string, error)

GenerateBudgetHash generates a SHA256 hash for a budget. This is used to detect changes to budgets between config.json and database. Skips: LastReset, CurrentUsage, CreatedAt, UpdatedAt (dynamic fields)

func GenerateCustomerHash added in v1.1.46 

func GenerateCustomerHash(c tables.TableCustomer) (string, error)

GenerateCustomerHash generates a SHA256 hash for a customer. This is used to detect changes to customers between config.json and database. Skips: CreatedAt, UpdatedAt, and relationship objects (dynamic fields)

func GenerateFrameworkConfigHash added in v1.3.11 

func GenerateFrameworkConfigHash(pricingURL *string, modelParametersURL *string, pricingSyncInterval *int64) (string, error)

GenerateFrameworkConfigHash generates a SHA256 hash for a framework config. This is used to detect changes to framework config between config.json and database.

func GenerateKeyHash added in v1.1.44 

func GenerateKeyHash(key schemas.Key) (string, error)

GenerateKeyHash generates a SHA256 hash for an individual key. This is used to detect changes to keys between config.json and database. Skips: ID (dynamic UUID), timestamps

func GenerateMCPClientHash added in v1.1.46 

func GenerateMCPClientHash(m tables.TableMCPClient) (string, error)

GenerateMCPClientHash generates a SHA256 hash for an MCP client. This is used to detect changes to MCP clients between config.json and database. Skips: ID (autoIncrement), ClientID (system-assigned), CreatedAt, UpdatedAt (dynamic fields)

func GenerateModelConfigHash added in v1.3.5 

func GenerateModelConfigHash(m tables.TableModelConfig) (string, error)

GenerateModelConfigHash generates a SHA256 hash for a model config. This is used to detect changes to model configs between config.json and database. Skips: CreatedAt, UpdatedAt, and relationship objects (dynamic fields)

func GeneratePluginHash added in v1.1.46 

func GeneratePluginHash(p tables.TablePlugin) (string, error)

GeneratePluginHash generates a SHA256 hash for a plugin. This is used to detect changes to plugins between config.json and database. Skips: ID (autoIncrement), CreatedAt, UpdatedAt, IsCustom (dynamic fields)

func GeneratePricingOverrideHash added in v1.3.0 

func GeneratePricingOverrideHash(p tables.TablePricingOverride) (string, error)

GeneratePricingOverrideHash generates a SHA256 hash for a pricing override. Skips: CreatedAt, UpdatedAt, ConfigHash (dynamic/meta fields).

func GenerateProviderGovernanceHash added in v1.3.5 

func GenerateProviderGovernanceHash(p tables.TableProvider) (string, error)

GenerateProviderGovernanceHash generates a SHA256 hash for provider-governance bindings only (provider name + budget/rate-limit references). It intentionally excludes provider runtime/config fields and keys.

func GenerateRateLimitHash added in v1.1.46 

func GenerateRateLimitHash(rl tables.TableRateLimit) (string, error)

GenerateRateLimitHash generates a SHA256 hash for a rate limit. This is used to detect changes to rate limits between config.json and database. Skips: CurrentUsage, LastReset, CreatedAt, UpdatedAt (dynamic fields)

func GenerateRoutingRuleHash added in v1.2.17 

func GenerateRoutingRuleHash(r tables.TableRoutingRule) (string, error)

Skips: CreatedAt, UpdatedAt (dynamic fields)

func GenerateTeamHash added in v1.1.46 

func GenerateTeamHash(t tables.TableTeam) (string, error)

GenerateTeamHash generates a SHA256 hash for a team. This is used to detect changes to teams between config.json and database. Skips: CreatedAt, UpdatedAt, and relationship objects (dynamic fields)

func GenerateVirtualKeyHash added in v1.1.45 

func GenerateVirtualKeyHash(vk tables.TableVirtualKey) (string, error)

GenerateVirtualKeyHash generates a SHA256 hash for a virtual key. This is used to detect changes to virtual keys between config.json and database. Skips: ID (primary key), CreatedAt, UpdatedAt, and relationship objects (Team, Customer, Budget, RateLimit)

func RunSingleMigration added in v1.3.3 

func RunSingleMigration(ctx context.Context, options *migrator.Options, db *gorm.DB, migration *migrator.Migration) error

RunSingleMigration applies a single gormigrate migration on the given *gorm.DB. Mirrors (*RDBConfigStore).RunMigration but takes the *gorm.DB directly, so downstream consumers (bifrost-enterprise, plugins) can run their migrations inside a MigrateOnFreshConnection callback without having to reach the throwaway pool through the ConfigStore abstraction.

Types

type AuthConfig added in v1.1.20 

type AuthConfig struct {
	AdminUserName          *schemas.EnvVar `json:"admin_username"`
	AdminPassword          *schemas.EnvVar `json:"admin_password"`
	IsEnabled              bool            `json:"is_enabled"`
	DisableAuthOnInference bool            `json:"disable_auth_on_inference"`
}

AuthConfig represents configured auth config for Bifrost dashboard

type ClientConfig 

type ClientConfig struct {
	DropExcessRequests                    bool                             `json:"drop_excess_requests"`                       // Drop excess requests if the provider queue is full
	InitialPoolSize                       int                              `json:"initial_pool_size"`                          // The initial pool size for the bifrost client
	PrometheusLabels                      []string                         `json:"prometheus_labels"`                          // The labels to be used for prometheus metrics
	EnableLogging                         *bool                            `json:"enable_logging"`                             // Enable logging of requests and responses
	DisableContentLogging                 bool                             `json:"disable_content_logging"`                    // Disable logging of content
	AllowPerRequestContentStorageOverride bool                             `json:"allow_per_request_content_storage_override"` // Allow per-request override of content storage via x-bf-disable-content-logging header/context
	AllowPerRequestRawOverride            bool                             `json:"allow_per_request_raw_override"`             // Allow per-request override of raw request/response visibility via x-bf-send-back-raw-request and x-bf-send-back-raw-response headers
	AllowDirectKeys                       bool                             `json:"allow_direct_keys"`                          // Allow callers to bypass the registered key pool via x-bf-direct-key: true header
	DisableDBPingsInHealth                bool                             `json:"disable_db_pings_in_health"`
	LogRetentionDays                      int                              `json:"log_retention_days" validate:"min=1"`  // Number of days to retain logs (minimum 1 day)
	EnforceAuthOnInference                bool                             `json:"enforce_auth_on_inference"`            // Require auth (VK, API key, or user token) on inference endpoints
	EnforceGovernanceHeader               bool                             `json:"enforce_governance_header,omitempty"`  // Deprecated: use EnforceAuthOnInference
	EnforceSCIMAuth                       bool                             `json:"enforce_scim_auth,omitempty"`          // Deprecated: use EnforceAuthOnInference
	AllowedOrigins                        []string                         `json:"allowed_origins,omitempty"`            // Additional allowed origins for CORS and WebSocket (localhost is always allowed)
	AllowedHeaders                        []string                         `json:"allowed_headers,omitempty"`            // Additional allowed headers for CORS and WebSocket
	MaxRequestBodySizeMB                  int                              `json:"max_request_body_size_mb"`             // The maximum request body size in MB
	Compat                                CompatConfig                     `json:"compat"`                               // Compat plugin configuration
	MCPAgentDepth                         int                              `json:"mcp_agent_depth"`                      // The maximum depth for MCP agent mode tool execution
	MCPToolExecutionTimeout               int                              `json:"mcp_tool_execution_timeout"`           // The timeout for individual tool execution in seconds
	MCPCodeModeBindingLevel               string                           `json:"mcp_code_mode_binding_level"`          // Code mode binding level: "server" or "tool"
	MCPToolSyncInterval                   int                              `json:"mcp_tool_sync_interval"`               // Global tool sync interval in minutes (default: 10, 0 = disabled)
	MCPDisableAutoToolInject              bool                             `json:"mcp_disable_auto_tool_inject"`         // When true, MCP tools are not injected into requests by default
	MCPEnableTempTokenAuth                bool                             `json:"mcp_enable_temp_token_auth"`           // When true, scoped temp tokens can authorize MCP per-user OAuth and per-user-headers auth pages. User-mode flows never mint regardless.
	HeaderFilterConfig                    *tables.GlobalHeaderFilterConfig `json:"header_filter_config,omitempty"`       // Global header filtering configuration for x-bf-eh-* headers
	AsyncJobResultTTL                     int                              `json:"async_job_result_ttl"`                 // Default TTL for async job results in seconds (default: 3600 = 1 hour)
	RequiredHeaders                       []string                         `json:"required_headers,omitempty"`           // Headers that must be present on every request (case-insensitive)
	LoggingHeaders                        []string                         `json:"logging_headers,omitempty"`            // Headers to capture in log metadata
	WhitelistedRoutes                     []string                         `json:"whitelisted_routes,omitempty"`         // Routes that bypass auth middleware
	HideDeletedVirtualKeysInFilters       bool                             `json:"hide_deleted_virtual_keys_in_filters"` // Hide deleted virtual keys from logs/MCP filter data
	RoutingChainMaxDepth                  int                              `json:"routing_chain_max_depth"`              // Maximum depth for routing rule chain evaluation (default: 10)
	MCPExternalClientURL                  *schemas.EnvVar                  `json:"mcp_external_client_url,omitempty"`    // Public base URL used as redirect_uri when Bifrost acts as an OAuth client to upstream MCP servers. Supports env var syntax ("env.MY_VAR")
	ConfigHash                            string                           `json:"-"`                                    // Config hash for reconciliation (not serialized)
}

ClientConfig represents the core configuration for Bifrost HTTP transport and the Bifrost Client. It includes settings for excess request handling, Prometheus metrics, and initial pool size.

func (*ClientConfig) GenerateClientConfigHash added in v1.1.46 

func (c *ClientConfig) GenerateClientConfigHash() (string, error)

GenerateClientConfigHash generates a SHA256 hash of the client configuration. This is used to detect changes between config.json and database config.

func (*ClientConfig) GenerateClientConfigHashWithToolManager added in v1.3.10 

func (c *ClientConfig) GenerateClientConfigHashWithToolManager(tm *schemas.MCPToolManagerConfig) (string, error)

GenerateClientConfigHashWithToolManager extends GenerateClientConfigHash to also cover the mcp.tool_manager_config file section. When tm is nil it returns the same value as GenerateClientConfigHash, so it is safe to call unconditionally.

func (*ClientConfig) Redacted added in v1.3.6 

func (c *ClientConfig) Redacted() ClientConfig

Redacted returns a copy of ClientConfig with any env-backed EnvVar fields masked.

func (*ClientConfig) UnmarshalJSON added in v1.3.10 

func (c *ClientConfig) UnmarshalJSON(data []byte) error

UnmarshalJSON defaults all bool fields to true when absent from JSON.

type CompatConfig added in v1.3.2 

type CompatConfig struct {
	ConvertTextToChat      bool `json:"convert_text_to_chat"`
	ConvertChatToResponses bool `json:"convert_chat_to_responses"`
	ShouldDropParams       bool `json:"should_drop_params"`
	ShouldConvertParams    bool `json:"should_convert_params"`
}

CompatConfig holds the compat plugin feature flags.

func (*CompatConfig) UnmarshalJSON added in v1.3.10 

func (c *CompatConfig) UnmarshalJSON(data []byte) error

UnmarshalJSON defaults all bool fields to true when absent from JSON.

type Config 

type Config struct {
	Enabled bool            `json:"enabled"`
	Type    ConfigStoreType `json:"type"`
	Config  any             `json:"config"`
}

Config represents the configuration for the config store.

func (*Config) UnmarshalJSON 

func (c *Config) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals the config from JSON.

type ConfigMap 

type ConfigMap map[schemas.ModelProvider]ProviderConfig

ConfigMap maps provider names to their configurations.

type ConfigStore 

type ConfigStore interface {
	// Health check
	Ping(ctx context.Context) error

	// Encryption
	EncryptPlaintextRows(ctx context.Context) error

	// Client config CRUD
	UpdateClientConfig(ctx context.Context, config *ClientConfig) error
	GetClientConfig(ctx context.Context) (*ClientConfig, error)
	// Client config metadata (UI/admin preferences blob — bypasses config.json sync)
	GetClientMetadata(ctx context.Context) (map[string]any, error)
	UpdateClientMetadata(ctx context.Context, patch map[string]any) error

	// Framework config CRUD
	UpdateFrameworkConfig(ctx context.Context, config *tables.TableFrameworkConfig) error
	GetFrameworkConfig(ctx context.Context) (*tables.TableFrameworkConfig, error)

	// Feature flag overrides: list + upsert. Flags themselves are
	// code-declared (via featureflags.Register); only the toggle state
	// lives here. There is intentionally no Delete: removing a flag means
	// removing its Register() call in code.
	ListFeatureFlags(ctx context.Context) ([]tables.TableFeatureFlag, error)
	UpsertFeatureFlag(ctx context.Context, id string, enabled bool, updatedAt int64) error

	// Provider config CRUD
	UpdateProvidersConfig(ctx context.Context, providers map[schemas.ModelProvider]ProviderConfig, tx ...*gorm.DB) error
	AddProvider(ctx context.Context, provider schemas.ModelProvider, config ProviderConfig, tx ...*gorm.DB) error
	UpdateProvider(ctx context.Context, provider schemas.ModelProvider, config ProviderConfig, tx ...*gorm.DB) error
	DeleteProvider(ctx context.Context, provider schemas.ModelProvider, tx ...*gorm.DB) error
	GetProvidersConfig(ctx context.Context) (map[schemas.ModelProvider]ProviderConfig, error)
	GetProviderConfig(ctx context.Context, provider schemas.ModelProvider) (*ProviderConfig, error)
	GetProviderKeys(ctx context.Context, provider schemas.ModelProvider) ([]schemas.Key, error)
	GetProviderKey(ctx context.Context, provider schemas.ModelProvider, keyID string) (*schemas.Key, error)
	CreateProviderKey(ctx context.Context, provider schemas.ModelProvider, key schemas.Key, tx ...*gorm.DB) error
	UpdateProviderKey(ctx context.Context, provider schemas.ModelProvider, keyID string, key schemas.Key, tx ...*gorm.DB) error
	DeleteProviderKey(ctx context.Context, provider schemas.ModelProvider, keyID string, tx ...*gorm.DB) error
	GetProviders(ctx context.Context) ([]tables.TableProvider, error)
	GetProvider(ctx context.Context, provider schemas.ModelProvider) (*tables.TableProvider, error)
	UpdateStatus(ctx context.Context, provider schemas.ModelProvider, keyID string, status, errorMsg string) error

	// MCP config CRUD
	GetMCPConfig(ctx context.Context) (*schemas.MCPConfig, error)
	GetMCPClientByID(ctx context.Context, id string) (*tables.TableMCPClient, error)
	GetMCPClientConfigByID(ctx context.Context, id string) (*schemas.MCPClientConfig, error)
	GetMCPClientByName(ctx context.Context, name string) (*tables.TableMCPClient, error)
	GetMCPClientsPaginated(ctx context.Context, params MCPClientsQueryParams) ([]tables.TableMCPClient, int64, error)
	CreateMCPClientConfig(ctx context.Context, clientConfig *schemas.MCPClientConfig) error
	UpdateMCPClientConfig(ctx context.Context, id string, clientConfig *tables.TableMCPClient) error
	DeleteMCPClientConfig(ctx context.Context, id string) error

	// Vector store config CRUD
	UpdateVectorStoreConfig(ctx context.Context, config *vectorstore.Config) error
	GetVectorStoreConfig(ctx context.Context) (*vectorstore.Config, error)

	// Logs store config CRUD
	UpdateLogsStoreConfig(ctx context.Context, config *logstore.Config) error
	GetLogsStoreConfig(ctx context.Context) (*logstore.Config, error)

	// Config CRUD
	GetConfig(ctx context.Context, key string) (*tables.TableGovernanceConfig, error)
	UpdateConfig(ctx context.Context, config *tables.TableGovernanceConfig, tx ...*gorm.DB) error

	// Plugins CRUD
	GetPlugins(ctx context.Context) ([]*tables.TablePlugin, error)
	GetPlugin(ctx context.Context, name string) (*tables.TablePlugin, error)
	CreatePlugin(ctx context.Context, plugin *tables.TablePlugin, tx ...*gorm.DB) error
	UpsertPlugin(ctx context.Context, plugin *tables.TablePlugin, tx ...*gorm.DB) error
	UpdatePlugin(ctx context.Context, plugin *tables.TablePlugin, tx ...*gorm.DB) error
	DeletePlugin(ctx context.Context, name string, tx ...*gorm.DB) error

	// Governance config CRUD
	GetVirtualKeys(ctx context.Context) ([]tables.TableVirtualKey, error)
	GetVirtualKeysPaginated(ctx context.Context, params VirtualKeyQueryParams) ([]tables.TableVirtualKey, int64, error)
	GetRedactedVirtualKeys(ctx context.Context, ids []string) ([]tables.TableVirtualKey, error) // leave ids empty to get all
	GetVirtualKey(ctx context.Context, id string) (*tables.TableVirtualKey, error)
	GetVirtualKeyByValue(ctx context.Context, value string) (*tables.TableVirtualKey, error)
	GetVirtualKeyQuotaByValue(ctx context.Context, value string) (*tables.TableVirtualKey, error)
	CreateVirtualKey(ctx context.Context, virtualKey *tables.TableVirtualKey, tx ...*gorm.DB) error
	UpdateVirtualKey(ctx context.Context, virtualKey *tables.TableVirtualKey, tx ...*gorm.DB) error
	DeleteVirtualKey(ctx context.Context, id string, tx ...*gorm.DB) error

	// Virtual key provider config CRUD
	GetVirtualKeyProviderConfigs(ctx context.Context, virtualKeyID string) ([]tables.TableVirtualKeyProviderConfig, error)
	CreateVirtualKeyProviderConfig(ctx context.Context, virtualKeyProviderConfig *tables.TableVirtualKeyProviderConfig, tx ...*gorm.DB) error
	UpdateVirtualKeyProviderConfig(ctx context.Context, virtualKeyProviderConfig *tables.TableVirtualKeyProviderConfig, tx ...*gorm.DB) error
	DeleteVirtualKeyProviderConfig(ctx context.Context, id uint, tx ...*gorm.DB) error

	// Virtual key MCP config CRUD
	GetVirtualKeyMCPConfigs(ctx context.Context, virtualKeyID string) ([]tables.TableVirtualKeyMCPConfig, error)
	GetVirtualKeyMCPConfigsByMCPClientID(ctx context.Context, mcpClientID uint) ([]tables.TableVirtualKeyMCPConfig, error)
	GetVirtualKeyMCPConfigsByMCPClientIDs(ctx context.Context, mcpClientIDs []uint) ([]tables.TableVirtualKeyMCPConfig, error)
	GetVirtualKeyMCPConfigsByMCPClientStringIDs(ctx context.Context, clientIDs []string) ([]tables.TableVirtualKeyMCPConfig, error)
	CreateVirtualKeyMCPConfig(ctx context.Context, virtualKeyMCPConfig *tables.TableVirtualKeyMCPConfig, tx ...*gorm.DB) error
	UpdateVirtualKeyMCPConfig(ctx context.Context, virtualKeyMCPConfig *tables.TableVirtualKeyMCPConfig, tx ...*gorm.DB) error
	DeleteVirtualKeyMCPConfig(ctx context.Context, id uint, tx ...*gorm.DB) error

	// Team CRUD
	GetTeams(ctx context.Context, customerID string) ([]tables.TableTeam, error)
	GetTeamsPaginated(ctx context.Context, params TeamsQueryParams) ([]tables.TableTeam, int64, error)
	GetTeam(ctx context.Context, id string) (*tables.TableTeam, error)
	GetTeamByName(ctx context.Context, name string, customerID string) (*tables.TableTeam, error)
	GetTeamBySourceID(ctx context.Context, sourceID string) (*tables.TableTeam, error)
	CreateTeam(ctx context.Context, team *tables.TableTeam, tx ...*gorm.DB) error
	UpdateTeam(ctx context.Context, team *tables.TableTeam, tx ...*gorm.DB) error
	DeleteTeam(ctx context.Context, id string) error

	// Customer CRUD
	GetCustomers(ctx context.Context) ([]tables.TableCustomer, error)
	GetCustomersPaginated(ctx context.Context, params CustomersQueryParams) ([]tables.TableCustomer, int64, error)
	GetCustomer(ctx context.Context, id string) (*tables.TableCustomer, error)
	CreateCustomer(ctx context.Context, customer *tables.TableCustomer, tx ...*gorm.DB) error
	UpdateCustomer(ctx context.Context, customer *tables.TableCustomer, tx ...*gorm.DB) error
	DeleteCustomer(ctx context.Context, id string) error

	// Rate limit CRUD
	GetRateLimits(ctx context.Context) ([]tables.TableRateLimit, error)
	GetRateLimit(ctx context.Context, id string, tx ...*gorm.DB) (*tables.TableRateLimit, error)
	CreateRateLimit(ctx context.Context, rateLimit *tables.TableRateLimit, tx ...*gorm.DB) error
	UpdateRateLimit(ctx context.Context, rateLimit *tables.TableRateLimit, tx ...*gorm.DB) error
	UpdateRateLimits(ctx context.Context, rateLimits []*tables.TableRateLimit, tx ...*gorm.DB) error
	DeleteRateLimit(ctx context.Context, id string, tx ...*gorm.DB) error

	// Budget CRUD
	GetBudgets(ctx context.Context) ([]tables.TableBudget, error)
	GetBudget(ctx context.Context, id string, tx ...*gorm.DB) (*tables.TableBudget, error)
	CreateBudget(ctx context.Context, budget *tables.TableBudget, tx ...*gorm.DB) error
	UpdateBudget(ctx context.Context, budget *tables.TableBudget, tx ...*gorm.DB) error
	UpdateBudgets(ctx context.Context, budgets []*tables.TableBudget, tx ...*gorm.DB) error
	DeleteBudget(ctx context.Context, id string, tx ...*gorm.DB) error
	UpdateBudgetUsage(ctx context.Context, id string, currentUsage float64) error
	UpdateRateLimitUsage(ctx context.Context, id string, tokenCurrentUsage int64, requestCurrentUsage int64) error

	// Routing Rules CRUD
	GetRoutingRules(ctx context.Context) ([]tables.TableRoutingRule, error)
	GetRoutingRulesByScope(ctx context.Context, scope string, scopeID string) ([]tables.TableRoutingRule, error)
	GetRoutingRule(ctx context.Context, id string) (*tables.TableRoutingRule, error)
	GetRedactedRoutingRules(ctx context.Context, ids []string) ([]tables.TableRoutingRule, error) // leave ids empty to get all
	GetRoutingRulesPaginated(ctx context.Context, params RoutingRulesQueryParams) ([]tables.TableRoutingRule, int64, error)
	CreateRoutingRule(ctx context.Context, rule *tables.TableRoutingRule, tx ...*gorm.DB) error
	UpdateRoutingRule(ctx context.Context, rule *tables.TableRoutingRule, tx ...*gorm.DB) error
	DeleteRoutingRule(ctx context.Context, id string, tx ...*gorm.DB) error

	// Model config CRUD
	GetModelConfigs(ctx context.Context) ([]tables.TableModelConfig, error)
	GetModelConfigsPaginated(ctx context.Context, params ModelConfigsQueryParams) ([]tables.TableModelConfig, int64, error)
	GetModelConfig(ctx context.Context, modelName string, provider *string) (*tables.TableModelConfig, error)
	GetModelConfigByID(ctx context.Context, id string) (*tables.TableModelConfig, error)
	CreateModelConfig(ctx context.Context, modelConfig *tables.TableModelConfig, tx ...*gorm.DB) error
	UpdateModelConfig(ctx context.Context, modelConfig *tables.TableModelConfig, tx ...*gorm.DB) error
	UpdateModelConfigs(ctx context.Context, modelConfigs []*tables.TableModelConfig, tx ...*gorm.DB) error
	DeleteModelConfig(ctx context.Context, id string) error

	// Governance config CRUD
	GetGovernanceConfig(ctx context.Context) (*GovernanceConfig, error)

	// Auth config CRUD
	GetAuthConfig(ctx context.Context) (*AuthConfig, error)
	UpdateAuthConfig(ctx context.Context, config *AuthConfig) error

	// Proxy config CRUD
	GetProxyConfig(ctx context.Context) (*tables.GlobalProxyConfig, error)
	UpdateProxyConfig(ctx context.Context, config *tables.GlobalProxyConfig) error

	// Restart required config CRUD
	GetRestartRequiredConfig(ctx context.Context) (*tables.RestartRequiredConfig, error)
	SetRestartRequiredConfig(ctx context.Context, config *tables.RestartRequiredConfig) error
	ClearRestartRequiredConfig(ctx context.Context) error

	// Session CRUD
	GetSession(ctx context.Context, token string) (*tables.SessionsTable, error)
	CreateSession(ctx context.Context, session *tables.SessionsTable) error
	DeleteSession(ctx context.Context, token string) error
	FlushSessions(ctx context.Context) error

	// Temp token CRUD
	CreateTempToken(ctx context.Context, token *tables.TempToken, tx ...*gorm.DB) error
	GetTempTokenByHash(ctx context.Context, tokenHash string) (*tables.TempToken, error)
	// DeleteTempTokensByResourceID removes every row matching (scope, resource_id).
	// Used by lifecycle owners (e.g. OAuth provider on flow termination) to burn
	// the link as soon as the work it authorized is finished.
	DeleteTempTokensByResourceID(ctx context.Context, scope, resourceID string, tx ...*gorm.DB) (int64, error)
	DeleteExpiredTempTokens(ctx context.Context, before time.Time) (int64, error)

	// Model pricing CRUD
	GetModelPrices(ctx context.Context) ([]tables.TableModelPricing, error)
	UpsertModelPrices(ctx context.Context, pricing *tables.TableModelPricing, tx ...*gorm.DB) error
	DeleteModelPrices(ctx context.Context, tx ...*gorm.DB) error

	// UpsertModelPricingAttributes writes only the additional_attributes column
	// on the pricing rows keyed by (model, provider). Returns the number of
	// rows updated; 0 means no such pricing row exists.
	UpsertModelPricingAttributes(ctx context.Context, model, provider string, attrs map[string]string, tx ...*gorm.DB) (int64, error)

	// Governance pricing overrides CRUD
	GetPricingOverrides(ctx context.Context, filters PricingOverrideFilters) ([]tables.TablePricingOverride, error)
	GetPricingOverridesPaginated(ctx context.Context, params PricingOverridesQueryParams) ([]tables.TablePricingOverride, int64, error)
	GetPricingOverrideByID(ctx context.Context, id string) (*tables.TablePricingOverride, error)
	CreatePricingOverride(ctx context.Context, override *tables.TablePricingOverride, tx ...*gorm.DB) error
	UpdatePricingOverride(ctx context.Context, override *tables.TablePricingOverride, tx ...*gorm.DB) error
	DeletePricingOverride(ctx context.Context, id string, tx ...*gorm.DB) error

	// Model parameters
	GetModelParameters(ctx context.Context) ([]tables.TableModelParameters, error)
	GetModelParametersByModel(ctx context.Context, model string) (*tables.TableModelParameters, error)
	UpsertModelParameters(ctx context.Context, params *tables.TableModelParameters, tx ...*gorm.DB) error

	// Key management
	GetKeysByIDs(ctx context.Context, ids []string) ([]tables.TableKey, error)
	GetKeysByProvider(ctx context.Context, provider string) ([]tables.TableKey, error)
	GetAllRedactedKeys(ctx context.Context, ids []string) ([]schemas.Key, error) // leave ids empty to get all

	// Generic transaction manager
	ExecuteTransaction(ctx context.Context, fn func(tx *gorm.DB) error) error

	// TryAcquireLock attempts to insert a lock row. Returns true if the lock was acquired.
	// If the lock already exists and is not expired, returns false.
	TryAcquireLock(ctx context.Context, lock *tables.TableDistributedLock) (bool, error)

	// GetLock retrieves a lock by its key. Returns nil if the lock doesn't exist.
	GetLock(ctx context.Context, lockKey string) (*tables.TableDistributedLock, error)

	// UpdateLockExpiry updates the expiration time for an existing lock.
	// Only succeeds if the holder ID matches the current lock holder.
	UpdateLockExpiry(ctx context.Context, lockKey, holderID string, expiresAt time.Time) error

	// ReleaseLock deletes a lock if the holder ID matches.
	// Returns true if the lock was released, false if it wasn't held by the given holder.
	ReleaseLock(ctx context.Context, lockKey, holderID string) (bool, error)

	// CleanupExpiredLockByKey atomically deletes a specific lock only if it has expired.
	// Returns true if an expired lock was deleted, false if the lock doesn't exist or hasn't expired.
	CleanupExpiredLockByKey(ctx context.Context, lockKey string) (bool, error)

	// CleanupExpiredLocks removes all locks that have expired.
	// Returns the number of locks cleaned up.
	CleanupExpiredLocks(ctx context.Context) (int64, error)

	// OAuth config CRUD
	GetOauthConfigByID(ctx context.Context, id string) (*tables.TableOauthConfig, error)
	GetOauthConfigsByIDs(ctx context.Context, ids []string) (map[string]*tables.TableOauthConfig, error)
	GetOauthConfigByState(ctx context.Context, state string) (*tables.TableOauthConfig, error)
	GetOauthConfigByTokenID(ctx context.Context, tokenID string) (*tables.TableOauthConfig, error)
	CreateOauthConfig(ctx context.Context, config *tables.TableOauthConfig) error
	UpdateOauthConfig(ctx context.Context, config *tables.TableOauthConfig) error

	// OAuth token CRUD
	GetOauthTokenByID(ctx context.Context, id string) (*tables.TableOauthToken, error)
	GetExpiringOauthTokens(ctx context.Context, before time.Time) ([]*tables.TableOauthToken, error)
	CreateOauthToken(ctx context.Context, token *tables.TableOauthToken) error
	UpdateOauthToken(ctx context.Context, token *tables.TableOauthToken) error
	DeleteOauthToken(ctx context.Context, id string) error

	// Per-user OAuth session CRUD
	GetOauthUserSessionByID(ctx context.Context, id string) (*tables.TableOauthUserSession, error)
	ClaimOauthUserSessionByState(ctx context.Context, state string) (*tables.TableOauthUserSession, error)
	// GetOauthUserSessionByModeIdentityAndMCPClient returns the canonical flow
	// row for an (identity, mcp_client) binding. Used at flow-init time as the
	// single source of truth: reauth updates this row in place rather than
	// inserting a new one. Returns (nil, nil) when no row exists.
	GetOauthUserSessionByModeIdentityAndMCPClient(ctx context.Context, mode schemas.MCPAuthMode, identity, mcpClientID string) (*tables.TableOauthUserSession, error)
	CreateOauthUserSession(ctx context.Context, session *tables.TableOauthUserSession) error
	UpdateOauthUserSession(ctx context.Context, session *tables.TableOauthUserSession) error

	// Per-user OAuth token CRUD
	// GetOauthUserTokenByMode looks up the active token row keyed by a single
	// identity dimension. Filters status='active'. identity is the user ID for
	// AuthModeUser, the VK row ID for AuthModeVK, and the session ID for
	// AuthModeSession.
	GetOauthUserTokenByMode(ctx context.Context, mode schemas.MCPAuthMode, identity, mcpClientID string) (*tables.TableOauthUserToken, error)
	CreateOauthUserToken(ctx context.Context, token *tables.TableOauthUserToken) error
	UpdateOauthUserToken(ctx context.Context, token *tables.TableOauthUserToken) error
	DeleteOauthUserToken(ctx context.Context, id string) error
	// DeleteOauthUserSession hard-deletes a single flow row by primary key.
	// Used by CompleteUserOAuthFlow on terminal transitions so completed,
	// failed, and expired-at-completion flows don't accumulate. The UI
	// treats 404 on flow-detail as "expired or completed".
	DeleteOauthUserSession(ctx context.Context, id string) error
	// DeleteOauthUserSessionsByModeIdentityAndMCPClient hard-deletes any flow
	// rows matching the given identity column + MCP client. Used by revoke
	// across all auth modes so subsequent OAuth init starts from a clean slate.
	DeleteOauthUserSessionsByModeIdentityAndMCPClient(ctx context.Context, mode schemas.MCPAuthMode, identity, mcpClientID string) error
	// MarkOauthUserTokenNeedsReauthByID flips status to 'needs_reauth'
	// on a single token row. Called by the refresh-failure path when
	// the upstream credential is permanently rejected: the row stays
	// (preserves audit + binding for re-auth), but is filtered from
	// active lookups so the next inference triggers a fresh OAuth
	// flow that upserts the row back to 'active'.
	MarkOauthUserTokenNeedsReauthByID(ctx context.Context, tokenID string) error
	// GetOauthUserTokenByID looks up a single token row by primary key.
	// Returns nil, nil when not found.
	GetOauthUserTokenByID(ctx context.Context, id string) (*tables.TableOauthUserToken, error)
	// ListOauthUserTokens returns token rows matching the supplied filters,
	// regardless of status. The sessions UI renders all three states
	// (active / orphaned / needs_reauth) with distinct affordances, so
	// hiding any of them by default would only break the user's ability
	// to act on rows that need their attention; status filtering is the
	// caller's responsibility via params.Statuses. Runtime token lookups
	// apply their own status='active' filter and don't go through this
	// method.
	ListOauthUserTokens(ctx context.Context, params MCPSessionsFilterParams) ([]tables.TableOauthUserToken, error)
	// ListPendingOauthUserSessions returns pending OAuth flow rows matching
	// the supplied filters. Companion to ListOauthUserTokens for the admin
	// view. Always restricted to status='pending' AND expires_at > now;
	// params.Statuses further narrows within that set.
	ListPendingOauthUserSessions(ctx context.Context, params MCPSessionsFilterParams) ([]tables.TableOauthUserSession, error)
	// DeleteExpiredOauthUserSessions hard-deletes pending OAuth flow rows
	// whose ExpiresAt has passed. Returns the number of rows removed.
	DeleteExpiredOauthUserSessions(ctx context.Context) (int64, error)
	// DeleteOrphanedOauthUserTokens hard-deletes token rows where status='orphaned'
	// and updated_at is older than olderThan. Returns the number of rows removed.
	DeleteOrphanedOauthUserTokens(ctx context.Context, olderThan time.Duration) (int64, error)

	// Per-user MCP header credential CRUD. Storage analog of per-user OAuth
	// tokens for MCPAuthTypePerUserHeaders clients. The row holds an encrypted
	// JSON blob of header_name → value pairs keyed by (auth_mode, identity,
	// mcp_client_id).
	GetMCPPerUserHeaderCredentialByMode(ctx context.Context, mode schemas.MCPAuthMode, identity, mcpClientID string) (*tables.TableMCPPerUserHeaderCredential, error)
	GetMCPPerUserHeaderCredentialByID(ctx context.Context, id string) (*tables.TableMCPPerUserHeaderCredential, error)
	UpsertMCPPerUserHeaderCredential(ctx context.Context, cred *tables.TableMCPPerUserHeaderCredential) error
	DeleteMCPPerUserHeaderCredential(ctx context.Context, id string) error
	// ListMCPPerUserHeaderCredentials returns credential rows matching the
	// supplied filters, regardless of status. Mirrors ListOauthUserTokens —
	// the sessions UI surfaces non-active states (needs_update / orphaned)
	// with distinct affordances, so status filtering is the caller's
	// responsibility via params.Statuses.
	ListMCPPerUserHeaderCredentials(ctx context.Context, params MCPSessionsFilterParams) ([]tables.TableMCPPerUserHeaderCredential, error)
	// MarkMCPPerUserHeaderCredentialsNeedsUpdate flips status to 'needs_update'
	// for every row tied to mcpClientID. Called when the admin changes
	// PerUserHeaderKeys on the MCP client config: existing user submissions
	// stay (so the UI can prefill known values) but are excluded from runtime
	// lookups until the user re-submits.
	MarkMCPPerUserHeaderCredentialsNeedsUpdate(ctx context.Context, mcpClientID string) error
	// DeleteOrphanedMCPPerUserHeaderCredentials hard-deletes rows where
	// status='orphaned' and updated_at is older than olderThan.
	DeleteOrphanedMCPPerUserHeaderCredentials(ctx context.Context, olderThan time.Duration) (int64, error)

	// Per-user-headers submission flow CRUD. Mirrors the OAuth user-session
	// surface — the resolver creates a pending flow row when the inline-401
	// fires, the submit endpoint deletes the row on success, and the sweep
	// worker reaps expired pending rows.
	CreateMCPPerUserHeaderFlow(ctx context.Context, flow *tables.TableMCPPerUserHeaderFlow) error
	GetMCPPerUserHeaderFlowByID(ctx context.Context, id string) (*tables.TableMCPPerUserHeaderFlow, error)
	// GetMCPPerUserHeaderFlowByModeIdentityAndMCPClient returns the canonical
	// pending flow row for the (mode, identity, mcp_client) triple, if any.
	// Companion to GetOauthUserSessionByModeIdentityAndMCPClient — used by
	// InitiateUserSubmissionFlow to keep at most one pending row per binding
	// (mirrors OAuth's single-row-per-binding invariant).
	GetMCPPerUserHeaderFlowByModeIdentityAndMCPClient(ctx context.Context, mode schemas.MCPAuthMode, identity, mcpClientID string) (*tables.TableMCPPerUserHeaderFlow, error)
	// UpdateMCPPerUserHeaderFlow updates a flow row in place. Used on the
	// reauth/re-init path to rotate ExpiresAt without spawning a new row.
	UpdateMCPPerUserHeaderFlow(ctx context.Context, flow *tables.TableMCPPerUserHeaderFlow) error
	// DeleteMCPPerUserHeaderFlowsByModeIdentityAndMCPClient hard-deletes any
	// pending flow rows for a binding. Called from revoke so a credential
	// delete also clears any in-flight resubmission flow for the same
	// (mode, identity, mcp_client). Mirrors
	// DeleteOauthUserSessionsByModeIdentityAndMCPClient.
	DeleteMCPPerUserHeaderFlowsByModeIdentityAndMCPClient(ctx context.Context, mode schemas.MCPAuthMode, identity, mcpClientID string) error
	DeleteMCPPerUserHeaderFlow(ctx context.Context, id string) error
	// ListPendingMCPPerUserHeaderFlows returns non-expired pending header
	// submission flow rows matching the supplied filters. Mirrors
	// ListPendingOauthUserSessions on the OAuth side. Always restricted to
	// status='pending' AND expires_at > now; params.Statuses further
	// narrows within that set. The implementation reads via ScopedDB(ctx),
	// so a query-scope stashed on ctx (e.g. by enterprise DAC) narrows the
	// result; with no scope, every matching pending row is returned.
	ListPendingMCPPerUserHeaderFlows(ctx context.Context, params MCPSessionsFilterParams) ([]tables.TableMCPPerUserHeaderFlow, error)
	// DeleteExpiredMCPPerUserHeaderFlows hard-deletes pending flow rows whose
	// ExpiresAt has passed. Returns the number of rows removed.
	DeleteExpiredMCPPerUserHeaderFlows(ctx context.Context) (int64, error)

	// Per-user credential reconciliation.
	//
	// Called whenever a VK ↔ MCP grant might have changed (direct
	// dashboard edit, AP propagation, SCIM auto-assign). Orphans
	// vk-keyed credentials whose MCP is no longer in the VK's effective
	// allowlist (explicit per-VK row ∪ MCPs with
	// AllowOnAllVirtualKeys=true) and reactivates orphaned rows when the
	// grant returns. Pending flow rows for lost grants are hard-deleted.
	//
	// Session-keyed rows are never touched — they carry no notion of
	// "lost access".
	//
	// Handlers should invoke both surfaces (OAuth + headers) after every
	// grant-change so both stay consistent.
	ReconcileOauthAfterVKChange(ctx context.Context, vkID string) error
	ReconcileMCPHeadersAfterVKChange(ctx context.Context, vkID string) error
	// MCP-side variants: called when the change originates on the MCP
	// client (vk_configs edit OR AllowOnAllVirtualKeys toggle). Each
	// re-evaluates every VK that holds a credential for the changed MCP.
	ReconcileOauthAfterMCPChange(ctx context.Context, mcpClientID string) error
	ReconcileMCPHeadersAfterMCPChange(ctx context.Context, mcpClientID string) error

	// Not found retry wrapper
	RetryOnNotFound(ctx context.Context, fn func(ctx context.Context) (any, error), maxRetries int, retryDelay time.Duration) (any, error)

	// Prompt Repository - Folders
	GetFolders(ctx context.Context) ([]tables.TableFolder, error)
	GetFolderByID(ctx context.Context, id string) (*tables.TableFolder, error)
	CreateFolder(ctx context.Context, folder *tables.TableFolder) error
	UpdateFolder(ctx context.Context, folder *tables.TableFolder) error
	DeleteFolder(ctx context.Context, id string) error

	// Prompt Repository - Prompts
	GetPrompts(ctx context.Context, folderID *string) ([]tables.TablePrompt, error)
	GetPromptByID(ctx context.Context, id string) (*tables.TablePrompt, error)
	CreatePrompt(ctx context.Context, prompt *tables.TablePrompt, tx ...*gorm.DB) error
	UpdatePrompt(ctx context.Context, prompt *tables.TablePrompt) error
	DeletePrompt(ctx context.Context, id string) error

	// Prompt Repository - Versions
	GetAllPromptVersions(ctx context.Context) ([]tables.TablePromptVersion, error)
	GetPromptVersions(ctx context.Context, promptID string) ([]tables.TablePromptVersion, error)
	GetPromptVersionByID(ctx context.Context, id uint) (*tables.TablePromptVersion, error)
	GetLatestPromptVersion(ctx context.Context, promptID string) (*tables.TablePromptVersion, error)
	CreatePromptVersion(ctx context.Context, version *tables.TablePromptVersion) error
	DeletePromptVersion(ctx context.Context, id uint) error

	// Prompt Repository - Sessions
	GetPromptSessions(ctx context.Context, promptID string) ([]tables.TablePromptSession, error)
	GetPromptSessionByID(ctx context.Context, id uint) (*tables.TablePromptSession, error)
	CreatePromptSession(ctx context.Context, session *tables.TablePromptSession) error
	UpdatePromptSession(ctx context.Context, session *tables.TablePromptSession) error
	RenamePromptSession(ctx context.Context, id uint, name string) error
	DeletePromptSession(ctx context.Context, id uint) error

	// DB returns the underlying database connection.
	DB() *gorm.DB

	// ScopedDB returns the underlying DB bound to ctx with any
	// QueryScope on ctx pre-applied. Use this in read paths that
	// should respect caller-driven row visibility; use DB().WithContext(ctx)
	// for writes and internal lookups that must bypass scoping.
	ScopedDB(ctx context.Context) *gorm.DB

	// RunMigration opens a throwaway *gorm.DB against the same
	// backing database, invokes fn with it, and closes the connection. Use
	// this for DDL (typically downstream-consumer migrations) that must not
	// leave cached prepared-statement plans on the runtime pool.
	//
	// After fn returns successfully, callers should invoke
	// RefreshConnectionPool if the migration altered tables the runtime pool
	// has already queried — otherwise SQLSTATE 0A000 can surface on reads
	// whose cached plans predate the DDL.
	//
	// For SQLite backends, this is a pass-through that runs fn on the
	// existing connection (no server-side plan cache, single-writer lock).
	RunMigration(ctx context.Context, fn func(context.Context, *gorm.DB) error) error

	// RefreshConnectionPool tears down the runtime pool and opens a fresh
	// one against the same configuration. In-flight queries on the old
	// pool complete before it closes; subsequent DB() calls return the new
	// pool, whose connections carry no cached plans. SQLite is a no-op.
	RefreshConnectionPool(ctx context.Context) error

	// Cleanup
	Close(ctx context.Context) error
}

ConfigStore is the interface for the config store.

func NewConfigStore 

func NewConfigStore(ctx context.Context, config *Config, logger schemas.Logger) (ConfigStore, error)

NewConfigStore creates a new config store based on the configuration

type ConfigStoreType 

type ConfigStoreType string

ConfigStoreType represents the type of config store. 

const (
	ConfigStoreTypeSQLite   ConfigStoreType = "sqlite"
	ConfigStoreTypePostgres ConfigStoreType = "postgres"
)

ConfigStoreTypeSQLite is the type of config store for SQLite.

type CustomersQueryParams added in v1.2.28 

type CustomersQueryParams struct {
	Limit  int
	Offset int
	Search string
}

CustomersQueryParams holds pagination, filtering, and search parameters for customer queries.

type DistributedLock added in v1.2.9 

type DistributedLock struct {
	// contains filtered or unexported fields
}

DistributedLock represents a distributed lock that can be acquired and released across multiple processes or instances.

func (*DistributedLock) Extend added in v1.2.9 

func (l *DistributedLock) Extend(ctx context.Context) error

Extend extends the lock's TTL. This is useful for long-running operations that need to hold the lock longer than the initial TTL. Returns an error if the lock is not held by this holder or has expired. Only clears l.acquired when ErrLockNotHeld is returned; transient errors leave l.acquired untouched so Unlock() can still attempt a proper release.

func (*DistributedLock) HolderID added in v1.2.9 

func (l *DistributedLock) HolderID() string

HolderID returns the unique identifier for this lock holder.

func (*DistributedLock) IsHeld added in v1.2.9 

func (l *DistributedLock) IsHeld(ctx context.Context) (bool, error)

IsHeld checks if the lock is currently held by this holder. Note: This checks the local state and the database state. Returns (false, error) on transient database errors without clearing l.acquired, allowing Unlock() to still attempt a proper release.

func (*DistributedLock) Key added in v1.2.9 

func (l *DistributedLock) Key() string

Key returns the lock key.

func (*DistributedLock) Lock added in v1.2.9 

func (l *DistributedLock) Lock(ctx context.Context) error

Lock acquires the lock, blocking until it's available or the context is cancelled. It will make up to (maxRetries + 1) attempts, sleeping retryInterval between failed attempts.

func (*DistributedLock) LockWithRetry added in v1.2.9 

func (l *DistributedLock) LockWithRetry(ctx context.Context, maxRetries int) error

LockWithRetry acquires the lock, blocking until it's available or the context is cancelled. It will retry up to maxRetries times with retryInterval between attempts.

func (*DistributedLock) TryLock added in v1.2.9 

func (l *DistributedLock) TryLock(ctx context.Context) (bool, error)

TryLock attempts to acquire the lock without blocking. Returns true if the lock was acquired, false if it's held by another process.

func (*DistributedLock) Unlock added in v1.2.9 

func (l *DistributedLock) Unlock(ctx context.Context) error

Unlock releases the lock if it's held by this holder. Returns an error if the lock is not held by this holder.

type DistributedLockManager added in v1.2.9 

type DistributedLockManager struct {
	// contains filtered or unexported fields
}

DistributedLockManager creates and manages distributed locks. It provides a factory for creating locks with consistent configuration.

func NewDistributedLockManager added in v1.2.9 

func NewDistributedLockManager(store LockStore, logger schemas.Logger, opts ...DistributedLockManagerOption) *DistributedLockManager

NewDistributedLockManager creates a new lock manager with the given store and options.

func (*DistributedLockManager) CleanupExpiredLocks added in v1.2.9 

func (m *DistributedLockManager) CleanupExpiredLocks(ctx context.Context) (int64, error)

CleanupExpiredLocks removes all expired locks from the store. This can be called periodically to clean up stale locks.

func (*DistributedLockManager) NewLock added in v1.2.9 

func (m *DistributedLockManager) NewLock(lockKey string) (*DistributedLock, error)

NewLock creates a new DistributedLock for the given key. The lock is not acquired until Lock() or TryLock() is called. Returns an error if the lock key is empty.

func (*DistributedLockManager) NewLockWithTTL added in v1.2.9 

func (m *DistributedLockManager) NewLockWithTTL(lockKey string, ttl time.Duration) (*DistributedLock, error)

NewLockWithTTL creates a new DistributedLock with a custom TTL. Returns an error if the lock key is empty.

type DistributedLockManagerOption added in v1.2.9 

type DistributedLockManagerOption func(*DistributedLockManager)

DistributedLockManagerOption is a function that configures a DistributedLockManager.

func WithDefaultTTL added in v1.2.9 

func WithDefaultTTL(ttl time.Duration) DistributedLockManagerOption

WithDefaultTTL sets the default TTL for locks created by this manager.

func WithMaxRetries added in v1.2.9 

func WithMaxRetries(maxRetries int) DistributedLockManagerOption

WithMaxRetries sets the maximum number of retries for lock acquisition.

func WithRetryInterval added in v1.2.9 

func WithRetryInterval(interval time.Duration) DistributedLockManagerOption

WithRetryInterval sets the interval between lock acquisition retries.

type EnvKeyInfo 

type EnvKeyInfo struct {
	EnvVar     string                // The environment variable name (without env. prefix)
	Provider   schemas.ModelProvider // The provider this key belongs to (empty for core/mcp configs)
	KeyType    EnvKeyType            // Type of key (e.g., "api_key", "azure_config", "vertex_config", "bedrock_config", "connection_string", "mcp_header")
	ConfigPath string                // Path in config where this env var is used
	KeyID      string                // The key ID this env var belongs to (empty for non-key configs like bedrock_config, connection_string)
}

EnvKeyInfo stores information about a key sourced from environment

type EnvKeyType 

type EnvKeyType string
const (
	EnvKeyTypeAPIKey        EnvKeyType = "api_key"
	EnvKeyTypeAzureConfig   EnvKeyType = "azure_config"
	EnvKeyTypeVertexConfig  EnvKeyType = "vertex_config"
	EnvKeyTypeBedrockConfig EnvKeyType = "bedrock_config"
	EnvKeyTypeConnection    EnvKeyType = "connection_string"
	EnvKeyTypeMCPHeader     EnvKeyType = "mcp_header"
)

type ErrUnresolvedKeys added in v1.1.54 

type ErrUnresolvedKeys struct {
	Identifiers []string
}

ErrUnresolvedKeys is returned when one or more keys could not be resolved

func (*ErrUnresolvedKeys) Error added in v1.1.54 

func (e *ErrUnresolvedKeys) Error() string

type GovernanceConfig 

type GovernanceConfig struct {
	VirtualKeys      []tables.TableVirtualKey      `json:"virtual_keys"`
	Teams            []tables.TableTeam            `json:"teams"`
	Customers        []tables.TableCustomer        `json:"customers"`
	Budgets          []tables.TableBudget          `json:"budgets"`
	RateLimits       []tables.TableRateLimit       `json:"rate_limits"`
	ModelConfigs     []tables.TableModelConfig     `json:"model_configs"`
	Providers        []tables.TableProvider        `json:"providers"`
	RoutingRules     []tables.TableRoutingRule     `json:"routing_rules"`
	PricingOverrides []tables.TablePricingOverride `json:"pricing_overrides,omitempty"`
	AuthConfig       *AuthConfig                   `json:"auth_config,omitempty"`
}

GovernanceConfig contains governance entities loaded from the config store or reconciled from config.json.

type LockStore added in v1.2.9 

type LockStore interface {
	// TryAcquireLock attempts to insert a lock row. Returns true if the lock was acquired.
	// If the lock already exists and is not expired, returns false.
	TryAcquireLock(ctx context.Context, lock *tables.TableDistributedLock) (bool, error)

	// GetLock retrieves a lock by its key. Returns nil if the lock doesn't exist.
	GetLock(ctx context.Context, lockKey string) (*tables.TableDistributedLock, error)

	// UpdateLockExpiry updates the expiration time for an existing lock.
	// Only succeeds if the holder ID matches the current lock holder.
	UpdateLockExpiry(ctx context.Context, lockKey, holderID string, expiresAt time.Time) error

	// ReleaseLock deletes a lock if the holder ID matches.
	// Returns true if the lock was released, false if it wasn't held by the given holder.
	ReleaseLock(ctx context.Context, lockKey, holderID string) (bool, error)

	// CleanupExpiredLocks removes all locks that have expired.
	// Returns the number of locks cleaned up.
	CleanupExpiredLocks(ctx context.Context) (int64, error)

	// CleanupExpiredLockByKey atomically deletes a lock only if it has expired.
	// Returns true if an expired lock was deleted, false if the lock doesn't exist or hasn't expired.
	CleanupExpiredLockByKey(ctx context.Context, lockKey string) (bool, error)
}

LockStore defines the storage operations required for distributed locking. This interface abstracts the database operations, making the lock implementation testable and decoupled from the specific database implementation.

type MCPClientsQueryParams added in v1.2.28 

type MCPClientsQueryParams struct {
	Limit  int
	Offset int
	Search string
}

MCPClientsQueryParams holds pagination, filtering, and search parameters for MCP client queries.

type MCPSessionsFilterParams added in v1.3.14 

type MCPSessionsFilterParams struct {
	Search       string
	Statuses     []string
	AuthModes    []string // matched against auth_mode (tokens, credentials) or flow_mode (sessions, flows)
	MCPClientIDs []string
	// MatchedUserIDs is an optional set of user_ids that should be treated
	// as a positive search hit alongside Search. Callers that maintain a
	// user directory (display names, emails) resolve the search string
	// against that directory and pass the resulting user_ids in here so
	// rows owned by those users surface even though the search columns on
	// these tables only carry the opaque user_id. When non-empty the
	// filter ORs `{table}.user_id IN (matched)` into the search WHERE.
	// Only consulted when Search is non-empty.
	MatchedUserIDs []string
}

MCPSessionsFilterParams is the filter set shared across the four MCP-sessions list methods (oauth tokens, pending oauth sessions, per-user header credentials, pending per-user header flows).

Pagination is intentionally omitted: the four sources are merged and de-duped in the handler before the page slice, so per-table LIMIT/OFFSET would not compose into a correct global page. These methods are filter pushdown only; the handler paginates the merged result.

Search is a case-insensitive substring matched against the MCP client's name/client_id, the row's identity columns (user_id, session_id), and the virtual key's id/name (joined). Empty filter slices match all values for that field.

type ModelConfigsQueryParams added in v1.2.28 

type ModelConfigsQueryParams struct {
	Limit  int
	Offset int
	Search string
}

ModelConfigsQueryParams holds pagination, filtering, and search parameters for model configs queries.

type PostgresConfig added in v1.1.0 

type PostgresConfig struct {
	Host         *schemas.EnvVar `json:"host"`
	Port         *schemas.EnvVar `json:"port"`
	User         *schemas.EnvVar `json:"user"`
	Password     *schemas.EnvVar `json:"password"`
	DBName       *schemas.EnvVar `json:"db_name"`
	SSLMode      *schemas.EnvVar `json:"ssl_mode"`
	MaxIdleConns int             `json:"max_idle_conns"`
	MaxOpenConns int             `json:"max_open_conns"`
}

PostgresConfig represents the configuration for a Postgres database.

type PricingOverrideFilters added in v1.3.0 

type PricingOverrideFilters struct {
	ScopeKind     *string
	VirtualKeyID  *string
	ProviderID    *string
	ProviderKeyID *string
}

PricingOverrideFilters holds the filters for pricing overrides.

type PricingOverridesQueryParams added in v1.3.0 

type PricingOverridesQueryParams struct {
	Limit         int
	Offset        int
	Search        string
	ScopeKind     *string
	VirtualKeyID  *string
	ProviderID    *string
	ProviderKeyID *string
}

PricingOverridesQueryParams holds pagination, filtering, and search parameters for pricing override queries.

type ProviderConfig 

type ProviderConfig struct {
	Keys                     []schemas.Key                     `json:"keys"`                                  // API keys for the provider with UUIDs
	NetworkConfig            *schemas.NetworkConfig            `json:"network_config,omitempty"`              // Network-related settings
	ConcurrencyAndBufferSize *schemas.ConcurrencyAndBufferSize `json:"concurrency_and_buffer_size,omitempty"` // Concurrency settings
	ProxyConfig              *schemas.ProxyConfig              `json:"proxy_config,omitempty"`                // Proxy configuration
	SendBackRawRequest       bool                              `json:"send_back_raw_request"`                 // Include raw request in BifrostResponse
	SendBackRawResponse      bool                              `json:"send_back_raw_response"`                // Include raw response in BifrostResponse
	StoreRawRequestResponse  bool                              `json:"store_raw_request_response"`            // Capture raw request/response for internal logging only; strip from API responses returned to clients
	CustomProviderConfig     *schemas.CustomProviderConfig     `json:"custom_provider_config,omitempty"`      // Custom provider configuration
	OpenAIConfig             *schemas.OpenAIConfig             `json:"openai_config,omitempty"`               // OpenAI-specific configuration
	ConfigHash               string                            `json:"config_hash,omitempty"`                 // Hash of config.json version, used for change detection
	Status                   string                            `json:"status,omitempty"`                      // Model discovery status for keyless providers
	Description              string                            `json:"description,omitempty"`                 // Model discovery error message for keyless providers
}

ProviderConfig represents the configuration for a specific AI model provider. It includes API keys, network settings, and concurrency settings.

func (*ProviderConfig) GenerateConfigHash added in v1.1.44 

func (p *ProviderConfig) GenerateConfigHash(providerName string) (string, error)

GenerateConfigHash generates a SHA256 hash of the provider configuration. This is used to detect changes between config.json and database config. Keys are excluded as they are hashed separately.

func (*ProviderConfig) Redacted added in v1.2.15 

func (p *ProviderConfig) Redacted() *ProviderConfig

Redacted returns a redacted copy of the provider configuration.

type RDBConfigStore added in v1.1.0 

type RDBConfigStore struct {
	// contains filtered or unexported fields
}

RDBConfigStore represents a configuration store that uses a relational database.

The runtime *gorm.DB is held behind an atomic.Pointer so RefreshConnectionPool can swap it out without tearing callers down. migrateOnFreshFn and refreshPoolFn are backend-specific hooks installed by the constructor (postgres vs sqlite).

func (*RDBConfigStore) AddProvider added in v1.1.0 

func (s *RDBConfigStore) AddProvider(ctx context.Context, provider schemas.ModelProvider, config ProviderConfig, tx ...*gorm.DB) error

AddProvider creates a new provider configuration in the database.

func (*RDBConfigStore) ClaimOauthUserSessionByState added in v1.3.1 

func (s *RDBConfigStore) ClaimOauthUserSessionByState(ctx context.Context, state string) (*tables.TableOauthUserSession, error)

ClaimOauthUserSessionByState atomically claims a pending per-user OAuth session by its state token. Returns nil if the session doesn't exist or has already been claimed by another request.

func (*RDBConfigStore) CleanupExpiredLockByKey added in v1.2.9 

func (s *RDBConfigStore) CleanupExpiredLockByKey(ctx context.Context, lockKey string) (bool, error)

CleanupExpiredLockByKey atomically deletes a specific lock only if it has expired. Returns true if an expired lock was deleted, false if the lock doesn't exist or hasn't expired.

func (*RDBConfigStore) CleanupExpiredLocks added in v1.2.9 

func (s *RDBConfigStore) CleanupExpiredLocks(ctx context.Context) (int64, error)

CleanupExpiredLocks removes all locks that have expired. Returns the number of locks cleaned up.

func (*RDBConfigStore) ClearRestartRequiredConfig added in v1.1.53 

func (s *RDBConfigStore) ClearRestartRequiredConfig(ctx context.Context) error

ClearRestartRequiredConfig clears the restart required configuration in the database.

func (*RDBConfigStore) Close added in v1.1.0 

func (s *RDBConfigStore) Close(ctx context.Context) error

Close closes the SQLite config store.

func (*RDBConfigStore) CreateBudget added in v1.1.0 

func (s *RDBConfigStore) CreateBudget(ctx context.Context, budget *tables.TableBudget, tx ...*gorm.DB) error

CreateBudget creates a new budget in the database.

func (*RDBConfigStore) CreateCustomer added in v1.1.0 

func (s *RDBConfigStore) CreateCustomer(ctx context.Context, customer *tables.TableCustomer, tx ...*gorm.DB) error

CreateCustomer creates a new customer in the database.

func (*RDBConfigStore) CreateFolder added in v1.2.27 

func (s *RDBConfigStore) CreateFolder(ctx context.Context, folder *tables.TableFolder) error

CreateFolder creates a new folder

func (*RDBConfigStore) CreateMCPClientConfig added in v1.1.10 

func (s *RDBConfigStore) CreateMCPClientConfig(ctx context.Context, clientConfig *schemas.MCPClientConfig) error

CreateMCPClientConfig creates a new MCP client configuration in the database.

func (*RDBConfigStore) CreateMCPPerUserHeaderFlow added in v1.3.14 

func (s *RDBConfigStore) CreateMCPPerUserHeaderFlow(ctx context.Context, flow *tables.TableMCPPerUserHeaderFlow) error

CreateMCPPerUserHeaderFlow persists a pending per-user-headers submission flow row. ID is set by the caller (typically a fresh UUID).

func (*RDBConfigStore) CreateModelConfig added in v1.2.13 

func (s *RDBConfigStore) CreateModelConfig(ctx context.Context, modelConfig *tables.TableModelConfig, tx ...*gorm.DB) error

CreateModelConfig creates a new model config in the database.

func (*RDBConfigStore) CreateOauthConfig added in v1.2.17 

func (s *RDBConfigStore) CreateOauthConfig(ctx context.Context, config *tables.TableOauthConfig) error

CreateOauthConfig creates a new OAuth config

func (*RDBConfigStore) CreateOauthToken added in v1.2.17 

func (s *RDBConfigStore) CreateOauthToken(ctx context.Context, token *tables.TableOauthToken) error

CreateOauthToken creates a new OAuth token

func (*RDBConfigStore) CreateOauthUserSession added in v1.3.1 

func (s *RDBConfigStore) CreateOauthUserSession(ctx context.Context, session *tables.TableOauthUserSession) error

CreateOauthUserSession creates a new per-user OAuth session

func (*RDBConfigStore) CreateOauthUserToken added in v1.3.1 

func (s *RDBConfigStore) CreateOauthUserToken(ctx context.Context, token *tables.TableOauthUserToken) error

CreateOauthUserToken creates or replaces a per-user OAuth token. Looks up any existing row matching the populated identity column + MCP client and reuses its ID, ensuring the partial-unique index never trips. SessionToken's hash is set in BeforeSave; the upsert lookup uses the hash column to match the unique index. Wrapped in a transaction so SELECT + CREATE/UPDATE is atomic under concurrent same-identity races.

func (*RDBConfigStore) CreatePlugin added in v1.1.0 

func (s *RDBConfigStore) CreatePlugin(ctx context.Context, plugin *tables.TablePlugin, tx ...*gorm.DB) error

CreatePlugin creates a new plugin in the database.

func (*RDBConfigStore) CreatePricingOverride added in v1.3.0 

func (s *RDBConfigStore) CreatePricingOverride(ctx context.Context, override *tables.TablePricingOverride, tx ...*gorm.DB) error

func (*RDBConfigStore) CreatePrompt added in v1.2.27 

func (s *RDBConfigStore) CreatePrompt(ctx context.Context, prompt *tables.TablePrompt, tx ...*gorm.DB) error

CreatePrompt creates a new prompt. The optional tx allows callers to chain the insert with follow-up writes in a single transaction (used by the enterprise wrapper to atomically stamp ownership columns).

func (*RDBConfigStore) CreatePromptSession added in v1.2.27 

func (s *RDBConfigStore) CreatePromptSession(ctx context.Context, session *tables.TablePromptSession) error

CreatePromptSession creates a new session

func (*RDBConfigStore) CreatePromptVersion added in v1.2.27 

func (s *RDBConfigStore) CreatePromptVersion(ctx context.Context, version *tables.TablePromptVersion) error

CreatePromptVersion creates a new version and marks it as latest. Retries on unique constraint conflict (concurrent version_number allocation).

func (*RDBConfigStore) CreateProviderKey added in v1.3.0 

func (s *RDBConfigStore) CreateProviderKey(ctx context.Context, provider schemas.ModelProvider, key schemas.Key, tx ...*gorm.DB) error

CreateProviderKey creates a new key for an existing provider.

func (*RDBConfigStore) CreateRateLimit added in v1.1.0 

func (s *RDBConfigStore) CreateRateLimit(ctx context.Context, rateLimit *tables.TableRateLimit, tx ...*gorm.DB) error

CreateRateLimit creates a new rate limit in the database.

func (*RDBConfigStore) CreateRoutingRule added in v1.2.17 

func (s *RDBConfigStore) CreateRoutingRule(ctx context.Context, rule *tables.TableRoutingRule, tx ...*gorm.DB) error

CreateRoutingRule creates a new routing rule in the database.

func (*RDBConfigStore) CreateSession added in v1.1.20 

func (s *RDBConfigStore) CreateSession(ctx context.Context, session *tables.SessionsTable) error

CreateSession creates a new session in the database.

func (*RDBConfigStore) CreateTeam added in v1.1.0 

func (s *RDBConfigStore) CreateTeam(ctx context.Context, team *tables.TableTeam, tx ...*gorm.DB) error

CreateTeam creates a new team in the database.

func (*RDBConfigStore) CreateTempToken added in v1.3.11 

func (s *RDBConfigStore) CreateTempToken(ctx context.Context, token *tables.TempToken, tx ...*gorm.DB) error

CreateTempToken inserts a new temp_tokens row. The plaintext token must be set on the struct; the BeforeSave hook populates token_hash and (when encryption is enabled) encrypts the plaintext in place. The optional tx lets callers fold this write into an existing transaction (mirrors the pattern used by other mutating configstore methods).

func (*RDBConfigStore) CreateVirtualKey added in v1.1.0 

func (s *RDBConfigStore) CreateVirtualKey(ctx context.Context, virtualKey *tables.TableVirtualKey, tx ...*gorm.DB) error

CreateVirtualKey creates a new virtual key in the database.

func (*RDBConfigStore) CreateVirtualKeyMCPConfig added in v1.1.10 

func (s *RDBConfigStore) CreateVirtualKeyMCPConfig(ctx context.Context, virtualKeyMCPConfig *tables.TableVirtualKeyMCPConfig, tx ...*gorm.DB) error

CreateVirtualKeyMCPConfig creates a new virtual key MCP config in the database.

func (*RDBConfigStore) CreateVirtualKeyProviderConfig added in v1.1.0 

func (s *RDBConfigStore) CreateVirtualKeyProviderConfig(ctx context.Context, virtualKeyProviderConfig *tables.TableVirtualKeyProviderConfig, tx ...*gorm.DB) error

CreateVirtualKeyProviderConfig creates a new virtual key provider config in the database.

func (*RDBConfigStore) DB added in v1.1.5 

func (s *RDBConfigStore) DB() *gorm.DB

DB returns the current runtime database connection. The returned pointer is only valid for the duration of the caller's operation — after a RefreshConnectionPool call, future DB() calls return a fresh *gorm.DB backed by a different *sql.DB pool. Callers that issue multiple operations should call DB() per operation rather than caching the pointer.

func (*RDBConfigStore) DeleteBudget added in v1.2.20 

func (s *RDBConfigStore) DeleteBudget(ctx context.Context, id string, tx ...*gorm.DB) error

DeleteBudget deletes a budget from the database.

func (*RDBConfigStore) DeleteCustomer added in v1.1.0 

func (s *RDBConfigStore) DeleteCustomer(ctx context.Context, id string) error

DeleteCustomer deletes a customer from the database.

func (*RDBConfigStore) DeleteExpiredMCPPerUserHeaderFlows added in v1.3.14 

func (s *RDBConfigStore) DeleteExpiredMCPPerUserHeaderFlows(ctx context.Context) (int64, error)

DeleteExpiredMCPPerUserHeaderFlows hard-deletes pending flow rows whose ExpiresAt has passed. Status filter excludes already-completed rows (which the submit path deletes immediately anyway).

func (*RDBConfigStore) DeleteExpiredOauthUserSessions added in v1.3.11 

func (s *RDBConfigStore) DeleteExpiredOauthUserSessions(ctx context.Context) (int64, error)

DeleteExpiredOauthUserSessions hard-deletes pending and claiming OAuth flow rows whose ExpiresAt has passed. Including 'claiming' covers callbacks that died after ClaimOauthUserSessionByState flipped the status — otherwise that row outlives its expiry and any new flow init for the same (mode, identity, mcp_client) binding keeps seeing the dead row.

func (*RDBConfigStore) DeleteExpiredTempTokens added in v1.3.11 

func (s *RDBConfigStore) DeleteExpiredTempTokens(ctx context.Context, before time.Time) (int64, error)

DeleteExpiredTempTokens hard-deletes rows whose expires_at is at or before the given cutoff. Returns the number of rows deleted.

func (*RDBConfigStore) DeleteFolder added in v1.2.27 

func (s *RDBConfigStore) DeleteFolder(ctx context.Context, id string) error

DeleteFolder deletes a folder and all its child prompts (with their versions, sessions, and messages). PostgreSQL uses native ON DELETE CASCADE; SQLite requires manual cascade because it cannot alter foreign key constraints after table creation.

func (*RDBConfigStore) DeleteMCPClientConfig added in v1.1.10 

func (s *RDBConfigStore) DeleteMCPClientConfig(ctx context.Context, id string) error

DeleteMCPClientConfig deletes an MCP client configuration from the database.

func (*RDBConfigStore) DeleteMCPPerUserHeaderCredential added in v1.3.14 

func (s *RDBConfigStore) DeleteMCPPerUserHeaderCredential(ctx context.Context, id string) error

DeleteMCPPerUserHeaderCredential removes a credential row by its primary key.

func (*RDBConfigStore) DeleteMCPPerUserHeaderFlow added in v1.3.14 

func (s *RDBConfigStore) DeleteMCPPerUserHeaderFlow(ctx context.Context, id string) error

DeleteMCPPerUserHeaderFlow hard-deletes a single flow row by primary key. Called on submit-success and on revoke; no-op when the row is absent so terminal-state transitions are idempotent.

func (*RDBConfigStore) DeleteMCPPerUserHeaderFlowsByModeIdentityAndMCPClient added in v1.3.14 

func (s *RDBConfigStore) DeleteMCPPerUserHeaderFlowsByModeIdentityAndMCPClient(ctx context.Context, mode schemas.MCPAuthMode, identity, mcpClientID string) error

DeleteMCPPerUserHeaderFlowsByModeIdentityAndMCPClient hard-deletes any flow rows matching the binding. Mirrors DeleteOauthUserSessionsByModeIdentityAndMCPClient.

func (*RDBConfigStore) DeleteModelConfig added in v1.2.13 

func (s *RDBConfigStore) DeleteModelConfig(ctx context.Context, id string) error

DeleteModelConfig deletes a model config from the database.

func (*RDBConfigStore) DeleteModelPrices added in v1.1.0 

func (s *RDBConfigStore) DeleteModelPrices(ctx context.Context, tx ...*gorm.DB) error

DeleteModelPrices deletes all model pricing records from the database.

func (*RDBConfigStore) DeleteOauthToken added in v1.2.17 

func (s *RDBConfigStore) DeleteOauthToken(ctx context.Context, id string) error

DeleteOauthToken deletes an OAuth token by its ID

func (*RDBConfigStore) DeleteOauthUserSession added in v1.3.11 

func (s *RDBConfigStore) DeleteOauthUserSession(ctx context.Context, id string) error

DeleteOauthUserSession hard-deletes a single flow row by primary key.

func (*RDBConfigStore) DeleteOauthUserSessionsByModeIdentityAndMCPClient added in v1.3.11 

func (s *RDBConfigStore) DeleteOauthUserSessionsByModeIdentityAndMCPClient(ctx context.Context, mode schemas.MCPAuthMode, identity, mcpClientID string) error

DeleteOauthUserSessionsByModeIdentityAndMCPClient hard-deletes any oauth_user_sessions (pending or completed flow) rows matching the given identity column + MCP client. Used by revoke so a subsequent OAuth init for the same identity starts from a clean slate instead of upserting the stale row (session mode) or accumulating dead flow rows over time (vk/user modes, whose flow rows have random server-generated session tokens and therefore never get reused, but linger as 'authorized').

identity meaning per mode:

  • AuthModeUser: user_id
  • AuthModeVK: virtual_key_id
  • AuthModeSession: raw session token (the store hashes for the lookup column)

func (*RDBConfigStore) DeleteOauthUserToken added in v1.3.1 

func (s *RDBConfigStore) DeleteOauthUserToken(ctx context.Context, id string) error

DeleteOauthUserToken deletes a per-user OAuth token by its ID

func (*RDBConfigStore) DeleteOrphanedMCPPerUserHeaderCredentials added in v1.3.14 

func (s *RDBConfigStore) DeleteOrphanedMCPPerUserHeaderCredentials(ctx context.Context, olderThan time.Duration) (int64, error)

DeleteOrphanedMCPPerUserHeaderCredentials hard-deletes rows in 'orphaned' state longer than olderThan. Skipped silently when olderThan is zero or negative.

func (*RDBConfigStore) DeleteOrphanedOauthUserTokens added in v1.3.11 

func (s *RDBConfigStore) DeleteOrphanedOauthUserTokens(ctx context.Context, olderThan time.Duration) (int64, error)

DeleteOrphanedOauthUserTokens hard-deletes token rows that have been in 'orphaned' state longer than olderThan. Skipped silently when olderThan is zero or negative.

func (*RDBConfigStore) DeletePlugin added in v1.1.0 

func (s *RDBConfigStore) DeletePlugin(ctx context.Context, name string, tx ...*gorm.DB) error

DeletePlugin deletes a plugin from the database.

func (*RDBConfigStore) DeletePricingOverride added in v1.3.0 

func (s *RDBConfigStore) DeletePricingOverride(ctx context.Context, id string, tx ...*gorm.DB) error

func (*RDBConfigStore) DeletePrompt added in v1.2.27 

func (s *RDBConfigStore) DeletePrompt(ctx context.Context, id string) error

DeletePrompt deletes a prompt and all its child versions, sessions, and messages. PostgreSQL uses native ON DELETE CASCADE; SQLite requires manual cascade because it cannot alter foreign key constraints after table creation.

func (*RDBConfigStore) DeletePromptSession added in v1.2.27 

func (s *RDBConfigStore) DeletePromptSession(ctx context.Context, id uint) error

DeletePromptSession deletes a session and its messages. PostgreSQL uses native ON DELETE CASCADE for messages; SQLite requires manual cascade.

func (*RDBConfigStore) DeletePromptVersion added in v1.2.27 

func (s *RDBConfigStore) DeletePromptVersion(ctx context.Context, id uint) error

DeletePromptVersion deletes a version and promotes the previous version to latest if needed. PostgreSQL uses native ON DELETE CASCADE for messages; SQLite requires manual cascade.

func (*RDBConfigStore) DeleteProvider added in v1.1.0 

func (s *RDBConfigStore) DeleteProvider(ctx context.Context, provider schemas.ModelProvider, tx ...*gorm.DB) error

DeleteProvider deletes a single provider and all its associated keys from the database.

func (*RDBConfigStore) DeleteProviderKey added in v1.3.0 

func (s *RDBConfigStore) DeleteProviderKey(ctx context.Context, provider schemas.ModelProvider, keyID string, tx ...*gorm.DB) error

DeleteProviderKey deletes a single key for an existing provider.

func (*RDBConfigStore) DeleteRateLimit added in v1.2.20 

func (s *RDBConfigStore) DeleteRateLimit(ctx context.Context, id string, tx ...*gorm.DB) error

DeleteRateLimit deletes a rate limit from the database.

func (*RDBConfigStore) DeleteRoutingRule added in v1.2.17 

func (s *RDBConfigStore) DeleteRoutingRule(ctx context.Context, id string, tx ...*gorm.DB) error

DeleteRoutingRule deletes a routing rule and its targets from the database.

func (*RDBConfigStore) DeleteSession added in v1.1.20 

func (s *RDBConfigStore) DeleteSession(ctx context.Context, token string) error

DeleteSession deletes a session from the database.

func (*RDBConfigStore) DeleteTeam added in v1.1.0 

func (s *RDBConfigStore) DeleteTeam(ctx context.Context, id string) error

DeleteTeam deletes a team from the database. Owned budgets cascade via the governance_budgets.team_id FK. Rate limit is a sibling row (team holds a FK to it) — deleted explicitly.

func (*RDBConfigStore) DeleteTempTokensByResourceID added in v1.3.11 

func (s *RDBConfigStore) DeleteTempTokensByResourceID(ctx context.Context, scope, resourceID string, tx ...*gorm.DB) (int64, error)

DeleteTempTokensByResourceID hard-deletes every row matching (scope, resource_id). Used by lifecycle owners (e.g. OAuth provider on flow termination) to invalidate the link as soon as the work it authorized completes. The (scope, resource_id) pair — not resource_id alone — keeps future scopes that happen to reuse the same opaque ID untouched. The optional tx lets callers fold the delete into an existing transaction.

func (*RDBConfigStore) DeleteVirtualKey added in v1.1.0 

func (s *RDBConfigStore) DeleteVirtualKey(ctx context.Context, id string, tx ...*gorm.DB) error

DeleteVirtualKey deletes a virtual key from the database.

func (*RDBConfigStore) DeleteVirtualKeyMCPConfig added in v1.1.10 

func (s *RDBConfigStore) DeleteVirtualKeyMCPConfig(ctx context.Context, id uint, tx ...*gorm.DB) error

DeleteVirtualKeyMCPConfig deletes a virtual key provider config from the database.

func (*RDBConfigStore) DeleteVirtualKeyProviderConfig added in v1.1.0 

func (s *RDBConfigStore) DeleteVirtualKeyProviderConfig(ctx context.Context, id uint, tx ...*gorm.DB) error

DeleteVirtualKeyProviderConfig deletes a virtual key provider config from the database.

func (*RDBConfigStore) EncryptPlaintextRows added in v1.2.22 

func (s *RDBConfigStore) EncryptPlaintextRows(ctx context.Context) error

EncryptPlaintextRows encrypts all rows with encryption_status='plain_text' across all sensitive tables. Called during startup when encryption is enabled. Each table's GORM BeforeSave hook handles the actual encryption.

func (*RDBConfigStore) ExecuteTransaction added in v1.1.0 

func (s *RDBConfigStore) ExecuteTransaction(ctx context.Context, fn func(tx *gorm.DB) error) error

ExecuteTransaction executes a transaction.

func (*RDBConfigStore) FlushSessions added in v1.1.59 

func (s *RDBConfigStore) FlushSessions(ctx context.Context) error

FlushSessions flushes all sessions from the database.

func (*RDBConfigStore) GetAllPromptVersions added in v1.3.1 

func (s *RDBConfigStore) GetAllPromptVersions(ctx context.Context) ([]tables.TablePromptVersion, error)

GetAllPromptVersions returns every version across all prompts in a single query.

func (*RDBConfigStore) GetAllRedactedKeys added in v1.1.24 

func (s *RDBConfigStore) GetAllRedactedKeys(ctx context.Context, ids []string) ([]schemas.Key, error)

GetAllRedactedKeys retrieves all redacted keys from the database.

func (*RDBConfigStore) GetAuthConfig added in v1.1.20 

func (s *RDBConfigStore) GetAuthConfig(ctx context.Context) (*AuthConfig, error)

GetAuthConfig retrieves the auth configuration from the database.

func (*RDBConfigStore) GetBudget added in v1.1.0 

func (s *RDBConfigStore) GetBudget(ctx context.Context, id string, tx ...*gorm.DB) (*tables.TableBudget, error)

GetBudget retrieves a specific budget from the database.

func (*RDBConfigStore) GetBudgets added in v1.1.0 

func (s *RDBConfigStore) GetBudgets(ctx context.Context) ([]tables.TableBudget, error)

GetBudgets retrieves all budgets from the database.

func (*RDBConfigStore) GetClientConfig added in v1.1.0 

func (s *RDBConfigStore) GetClientConfig(ctx context.Context) (*ClientConfig, error)

GetClientConfig retrieves the client configuration from the database.

func (*RDBConfigStore) GetClientMetadata added in v1.3.11 

func (s *RDBConfigStore) GetClientMetadata(ctx context.Context) (map[string]any, error)

GetClientMetadata returns the UI/admin-preferences blob stored on config_client. Returns an empty (non-nil) map if no row exists yet or the blob is unset, so callers can read keys without nil-checking.

func (*RDBConfigStore) GetConfig added in v1.1.0 

func (s *RDBConfigStore) GetConfig(ctx context.Context, key string) (*tables.TableGovernanceConfig, error)

GetConfig retrieves a specific config from the database.

func (*RDBConfigStore) GetCustomer added in v1.1.0 

func (s *RDBConfigStore) GetCustomer(ctx context.Context, id string) (*tables.TableCustomer, error)

GetCustomer retrieves a specific customer from the database.

When ctx carries a QueryScope, a customer that doesn't satisfy the scope returns ErrNotFound; the caller cannot distinguish "doesn't exist" from "not visible," matching the leak-prevention contract used by the other governance entities.

func (*RDBConfigStore) GetCustomers added in v1.1.0 

func (s *RDBConfigStore) GetCustomers(ctx context.Context) ([]tables.TableCustomer, error)

GetCustomers retrieves all customers from the database.

When ctx carries a QueryScope, the query is narrowed to customers the caller is allowed to see.

func (*RDBConfigStore) GetCustomersPaginated added in v1.2.28 

func (s *RDBConfigStore) GetCustomersPaginated(ctx context.Context, params CustomersQueryParams) ([]tables.TableCustomer, int64, error)

GetCustomersPaginated retrieves customers with pagination and optional search filtering.

When ctx carries a QueryScope, the query is narrowed to customers the caller is allowed to see.

func (*RDBConfigStore) GetExpiringOauthTokens added in v1.2.17 

func (s *RDBConfigStore) GetExpiringOauthTokens(ctx context.Context, before time.Time) ([]*tables.TableOauthToken, error)

GetExpiringOauthTokens retrieves tokens that are expiring before the given time

func (*RDBConfigStore) GetFolderByID added in v1.2.27 

func (s *RDBConfigStore) GetFolderByID(ctx context.Context, id string) (*tables.TableFolder, error)

GetFolderByID gets a folder by ID

func (*RDBConfigStore) GetFolders added in v1.2.27 

func (s *RDBConfigStore) GetFolders(ctx context.Context) ([]tables.TableFolder, error)

GetFolders gets all folders

func (*RDBConfigStore) GetFrameworkConfig added in v1.1.8 

func (s *RDBConfigStore) GetFrameworkConfig(ctx context.Context) (*tables.TableFrameworkConfig, error)

GetFrameworkConfig retrieves the framework configuration from the database.

func (*RDBConfigStore) GetGovernanceConfig added in v1.1.0 

func (s *RDBConfigStore) GetGovernanceConfig(ctx context.Context) (*GovernanceConfig, error)

GetGovernanceConfig retrieves the governance configuration from the database.

func (*RDBConfigStore) GetKeysByIDs added in v1.1.0 

func (s *RDBConfigStore) GetKeysByIDs(ctx context.Context, ids []string) ([]tables.TableKey, error)

GetKeysByIDs retrieves multiple keys by their IDs

func (*RDBConfigStore) GetKeysByProvider added in v1.1.40 

func (s *RDBConfigStore) GetKeysByProvider(ctx context.Context, provider string) ([]tables.TableKey, error)

GetKeysByProvider retrieves all keys for a specific provider

func (*RDBConfigStore) GetLatestPromptVersion added in v1.2.27 

func (s *RDBConfigStore) GetLatestPromptVersion(ctx context.Context, promptID string) (*tables.TablePromptVersion, error)

GetLatestPromptVersion gets the latest version for a prompt

func (*RDBConfigStore) GetLock added in v1.2.9 

func (s *RDBConfigStore) GetLock(ctx context.Context, lockKey string) (*tables.TableDistributedLock, error)

GetLock retrieves a lock by its key. Returns nil if the lock doesn't exist.

func (*RDBConfigStore) GetLogsStoreConfig added in v1.1.0 

func (s *RDBConfigStore) GetLogsStoreConfig(ctx context.Context) (*logstore.Config, error)

GetLogsStoreConfig retrieves the logs store configuration from the database.

func (*RDBConfigStore) GetMCPClientByID added in v1.2.17 

func (s *RDBConfigStore) GetMCPClientByID(ctx context.Context, id string) (*tables.TableMCPClient, error)

GetMCPClientByID retrieves an MCP client by ID from the database.

func (*RDBConfigStore) GetMCPClientByName added in v1.1.10 

func (s *RDBConfigStore) GetMCPClientByName(ctx context.Context, name string) (*tables.TableMCPClient, error)

GetMCPClientByName retrieves an MCP client by name from the database.

func (*RDBConfigStore) GetMCPClientConfigByID added in v1.3.3 

func (s *RDBConfigStore) GetMCPClientConfigByID(ctx context.Context, id string) (*schemas.MCPClientConfig, error)

GetMCPClientConfigByID retrieves an MCP client by ID and converts it to a schemas.MCPClientConfig. Unlike GetMCPClientByID, this includes DiscoveredTools and DiscoveredToolNameMapping.

func (*RDBConfigStore) GetMCPClientsPaginated added in v1.2.28 

func (s *RDBConfigStore) GetMCPClientsPaginated(ctx context.Context, params MCPClientsQueryParams) ([]tables.TableMCPClient, int64, error)

GetMCPClientsPaginated retrieves MCP clients with pagination and optional search.

func (*RDBConfigStore) GetMCPConfig added in v1.1.0 

func (s *RDBConfigStore) GetMCPConfig(ctx context.Context) (*schemas.MCPConfig, error)

GetMCPConfig retrieves the MCP configuration from the database.

func (*RDBConfigStore) GetMCPPerUserHeaderCredentialByID added in v1.3.14 

func (s *RDBConfigStore) GetMCPPerUserHeaderCredentialByID(ctx context.Context, id string) (*tables.TableMCPPerUserHeaderCredential, error)

GetMCPPerUserHeaderCredentialByID looks up a single row by primary key. Returns nil, nil when not found.

func (*RDBConfigStore) GetMCPPerUserHeaderCredentialByMode added in v1.3.14 

func (s *RDBConfigStore) GetMCPPerUserHeaderCredentialByMode(ctx context.Context, mode schemas.MCPAuthMode, identity, mcpClientID string) (*tables.TableMCPPerUserHeaderCredential, error)

GetMCPPerUserHeaderCredentialByMode looks up a usable per-user header credential by a single identity dimension. Returns both 'active' and 'needs_update' rows; the runtime resolver's missing-keys check distinguishes them — needs_update rows that genuinely lack keys for the current schema trigger the auth-required flow, while rows where the schema only narrowed still satisfy and get used. Orphaned rows are filtered at SQL because they mean the user lost grant: neither runtime resolution nor the flow-detail prefill UX should surface them. Mirrors GetOauthUserTokenByMode (which is stricter — OAuth has no needs_update equivalent because tokens are opaque and resubmission is the full IdP dance).

func (*RDBConfigStore) GetMCPPerUserHeaderFlowByID added in v1.3.14 

func (s *RDBConfigStore) GetMCPPerUserHeaderFlowByID(ctx context.Context, id string) (*tables.TableMCPPerUserHeaderFlow, error)

GetMCPPerUserHeaderFlowByID looks up a flow row by primary key. Returns nil, nil when not found.

func (*RDBConfigStore) GetMCPPerUserHeaderFlowByModeIdentityAndMCPClient added in v1.3.14 

func (s *RDBConfigStore) GetMCPPerUserHeaderFlowByModeIdentityAndMCPClient(ctx context.Context, mode schemas.MCPAuthMode, identity, mcpClientID string) (*tables.TableMCPPerUserHeaderFlow, error)

GetMCPPerUserHeaderFlowByModeIdentityAndMCPClient returns the canonical pending flow row for the (mode, identity, mcp_client) triple, or nil when none exists. Mirrors GetOauthUserSessionByModeIdentityAndMCPClient. Used by InitiateUserSubmissionFlow to keep at most one pending row per binding (re-init updates in place instead of inserting a duplicate).

func (*RDBConfigStore) GetModelConfig added in v1.2.13 

func (s *RDBConfigStore) GetModelConfig(ctx context.Context, modelName string, provider *string) (*tables.TableModelConfig, error)

GetModelConfig retrieves a specific model config from the database by model name and optional provider.

func (*RDBConfigStore) GetModelConfigByID added in v1.2.13 

func (s *RDBConfigStore) GetModelConfigByID(ctx context.Context, id string) (*tables.TableModelConfig, error)

GetModelConfigByID retrieves a specific model config from the database by ID.

func (*RDBConfigStore) GetModelConfigs added in v1.2.13 

func (s *RDBConfigStore) GetModelConfigs(ctx context.Context) ([]tables.TableModelConfig, error)

GetModelConfigs retrieves all model configs from the database.

func (*RDBConfigStore) GetModelConfigsPaginated added in v1.2.28 

func (s *RDBConfigStore) GetModelConfigsPaginated(ctx context.Context, params ModelConfigsQueryParams) ([]tables.TableModelConfig, int64, error)

GetModelConfigsPaginated retrieves model configs with pagination, filtering, and search support.

func (*RDBConfigStore) GetModelParameters added in v1.2.27 

func (s *RDBConfigStore) GetModelParameters(ctx context.Context) ([]tables.TableModelParameters, error)

GetModelParameters returns all stored model parameter rows.

func (*RDBConfigStore) GetModelParametersByModel added in v1.3.2 

func (s *RDBConfigStore) GetModelParametersByModel(ctx context.Context, model string) (*tables.TableModelParameters, error)

GetModelParametersByModel retrieves model parameters for a specific model.

func (*RDBConfigStore) GetModelPrices added in v1.1.0 

func (s *RDBConfigStore) GetModelPrices(ctx context.Context) ([]tables.TableModelPricing, error)

GetModelPrices retrieves all model pricing records from the database.

func (*RDBConfigStore) GetOauthConfigByID added in v1.2.17 

func (s *RDBConfigStore) GetOauthConfigByID(ctx context.Context, id string) (*tables.TableOauthConfig, error)

GetOauthConfigByID retrieves an OAuth config by its ID

func (*RDBConfigStore) GetOauthConfigByState added in v1.2.17 

func (s *RDBConfigStore) GetOauthConfigByState(ctx context.Context, state string) (*tables.TableOauthConfig, error)

GetOauthConfigByState retrieves an OAuth config by its state token State is unique per OAuth flow (used for CSRF protection on callback)

func (*RDBConfigStore) GetOauthConfigByTokenID added in v1.2.17 

func (s *RDBConfigStore) GetOauthConfigByTokenID(ctx context.Context, tokenID string) (*tables.TableOauthConfig, error)

GetOauthConfigByTokenID retrieves an OAuth config that references a specific token

func (*RDBConfigStore) GetOauthConfigsByIDs added in v1.3.8 

func (s *RDBConfigStore) GetOauthConfigsByIDs(ctx context.Context, ids []string) (map[string]*tables.TableOauthConfig, error)

GetOauthConfigsByIDs retrieves multiple OAuth configs by their IDs in a single query. Returns a map keyed by config ID for O(1) lookup.

func (*RDBConfigStore) GetOauthTokenByID added in v1.2.17 

func (s *RDBConfigStore) GetOauthTokenByID(ctx context.Context, id string) (*tables.TableOauthToken, error)

GetOauthTokenByID retrieves an OAuth token by its ID

func (*RDBConfigStore) GetOauthUserSessionByID added in v1.3.1 

func (s *RDBConfigStore) GetOauthUserSessionByID(ctx context.Context, id string) (*tables.TableOauthUserSession, error)

GetOauthUserSessionByID retrieves a per-user OAuth session by its ID

func (*RDBConfigStore) GetOauthUserSessionByModeIdentityAndMCPClient added in v1.3.11 

func (s *RDBConfigStore) GetOauthUserSessionByModeIdentityAndMCPClient(ctx context.Context, mode schemas.MCPAuthMode, identity, mcpClientID string) (*tables.TableOauthUserSession, error)

GetOauthUserSessionByModeIdentityAndMCPClient returns the single flow row bound to (mode, identity, mcp_client_id). This is the canonical lookup at flow-init time: there's exactly one flow row per binding, and reauth always updates it in place rather than inserting a new one.

identity per mode: AuthModeUser=user_id, AuthModeVK=virtual_key_id, AuthModeSession=raw session token (hashed for the lookup column).

func (*RDBConfigStore) GetOauthUserTokenByID added in v1.3.11 

func (s *RDBConfigStore) GetOauthUserTokenByID(ctx context.Context, id string) (*tables.TableOauthUserToken, error)

GetOauthUserTokenByID looks up a single token row by primary key. Returns nil, nil when not found.

func (*RDBConfigStore) GetOauthUserTokenByMode added in v1.3.11 

func (s *RDBConfigStore) GetOauthUserTokenByMode(ctx context.Context, mode schemas.MCPAuthMode, identity, mcpClientID string) (*tables.TableOauthUserToken, error)

GetOauthUserTokenByMode looks up an active per-user OAuth token by a single identity dimension. Filters status='active' so orphaned rows never satisfy a lookup. Also constrains on auth_mode so a row whose identity column was accidentally populated by a different mode's write path cannot leak into a mode it doesn't belong to.

func (*RDBConfigStore) GetPlugin added in v1.1.0 

func (s *RDBConfigStore) GetPlugin(ctx context.Context, name string) (*tables.TablePlugin, error)

func (*RDBConfigStore) GetPlugins added in v1.1.0 

func (s *RDBConfigStore) GetPlugins(ctx context.Context) ([]*tables.TablePlugin, error)

func (*RDBConfigStore) GetPricingOverrideByID added in v1.3.0 

func (s *RDBConfigStore) GetPricingOverrideByID(ctx context.Context, id string) (*tables.TablePricingOverride, error)

func (*RDBConfigStore) GetPricingOverrides added in v1.3.0 

func (s *RDBConfigStore) GetPricingOverrides(ctx context.Context, filters PricingOverrideFilters) ([]tables.TablePricingOverride, error)

func (*RDBConfigStore) GetPricingOverridesPaginated added in v1.3.0 

func (s *RDBConfigStore) GetPricingOverridesPaginated(ctx context.Context, params PricingOverridesQueryParams) ([]tables.TablePricingOverride, int64, error)

func (*RDBConfigStore) GetPromptByID added in v1.2.27 

func (s *RDBConfigStore) GetPromptByID(ctx context.Context, id string) (*tables.TablePrompt, error)

GetPromptByID gets a prompt by ID with latest version.

When ctx carries a QueryScope, a prompt that exists but falls outside the scope returns ErrNotFound so URL guessing cannot distinguish "hidden" from "absent".

func (*RDBConfigStore) GetPromptSessionByID added in v1.2.27 

func (s *RDBConfigStore) GetPromptSessionByID(ctx context.Context, id uint) (*tables.TablePromptSession, error)

GetPromptSessionByID gets a session by ID

func (*RDBConfigStore) GetPromptSessions added in v1.2.27 

func (s *RDBConfigStore) GetPromptSessions(ctx context.Context, promptID string) ([]tables.TablePromptSession, error)

GetPromptSessions gets all sessions for a prompt

func (*RDBConfigStore) GetPromptVersionByID added in v1.2.27 

func (s *RDBConfigStore) GetPromptVersionByID(ctx context.Context, id uint) (*tables.TablePromptVersion, error)

GetPromptVersionByID gets a version by ID

func (*RDBConfigStore) GetPromptVersions added in v1.2.27 

func (s *RDBConfigStore) GetPromptVersions(ctx context.Context, promptID string) ([]tables.TablePromptVersion, error)

GetPromptVersions gets all versions for a prompt

func (*RDBConfigStore) GetPrompts added in v1.2.27 

func (s *RDBConfigStore) GetPrompts(ctx context.Context, folderID *string) ([]tables.TablePrompt, error)

GetPrompts gets all prompts, optionally filtered by folder ID.

When ctx carries a QueryScope, the query is narrowed to prompts the caller is allowed to see.

func (*RDBConfigStore) GetProvider added in v1.2.15 

func (s *RDBConfigStore) GetProvider(ctx context.Context, provider schemas.ModelProvider) (*tables.TableProvider, error)

GetProvider retrieves a provider by name from the database with governance relationships.

func (*RDBConfigStore) GetProviderByName added in v1.2.13 

func (s *RDBConfigStore) GetProviderByName(ctx context.Context, name string) (*tables.TableProvider, error)

GetProviderByName retrieves a provider by name from the database with governance relationships.

func (*RDBConfigStore) GetProviderConfig added in v1.2.9 

func (s *RDBConfigStore) GetProviderConfig(ctx context.Context, provider schemas.ModelProvider) (*ProviderConfig, error)

GetProviderConfig retrieves the provider configuration from the database.

func (*RDBConfigStore) GetProviderKey added in v1.3.0 

func (s *RDBConfigStore) GetProviderKey(ctx context.Context, provider schemas.ModelProvider, keyID string) (*schemas.Key, error)

GetProviderKey retrieves a single key for a provider.

func (*RDBConfigStore) GetProviderKeys added in v1.3.0 

func (s *RDBConfigStore) GetProviderKeys(ctx context.Context, provider schemas.ModelProvider) ([]schemas.Key, error)

GetProviderKeys retrieves all keys for a provider ordered by creation time.

func (*RDBConfigStore) GetProviders added in v1.2.13 

func (s *RDBConfigStore) GetProviders(ctx context.Context) ([]tables.TableProvider, error)

GetProviders retrieves all providers from the database with their governance relationships.

func (*RDBConfigStore) GetProvidersConfig added in v1.1.0 

func (s *RDBConfigStore) GetProvidersConfig(ctx context.Context) (map[schemas.ModelProvider]ProviderConfig, error)

GetProvidersConfig retrieves the provider configuration from the database.

func (*RDBConfigStore) GetProxyConfig added in v1.1.44 

func (s *RDBConfigStore) GetProxyConfig(ctx context.Context) (*tables.GlobalProxyConfig, error)

GetProxyConfig retrieves the proxy configuration from the database.

func (*RDBConfigStore) GetRateLimit added in v1.1.0 

func (s *RDBConfigStore) GetRateLimit(ctx context.Context, id string, tx ...*gorm.DB) (*tables.TableRateLimit, error)

GetRateLimit retrieves a specific rate limit from the database.

func (*RDBConfigStore) GetRateLimits added in v1.2.0 

func (s *RDBConfigStore) GetRateLimits(ctx context.Context) ([]tables.TableRateLimit, error)

GetRateLimits retrieves all rate limits from the database.

func (*RDBConfigStore) GetRedactedRoutingRules added in v1.2.17 

func (s *RDBConfigStore) GetRedactedRoutingRules(ctx context.Context, ids []string) ([]tables.TableRoutingRule, error)

GetRedactedRoutingRules retrieves redacted routing rules from the database.

func (*RDBConfigStore) GetRedactedVirtualKeys added in v1.1.24 

func (s *RDBConfigStore) GetRedactedVirtualKeys(ctx context.Context, ids []string) ([]tables.TableVirtualKey, error)

GetRedactedVirtualKeys retrieves redacted virtual keys from the database.

func (*RDBConfigStore) GetRestartRequiredConfig added in v1.1.53 

func (s *RDBConfigStore) GetRestartRequiredConfig(ctx context.Context) (*tables.RestartRequiredConfig, error)

GetRestartRequiredConfig retrieves the restart required configuration from the database.

func (*RDBConfigStore) GetRoutingRule added in v1.2.17 

func (s *RDBConfigStore) GetRoutingRule(ctx context.Context, id string) (*tables.TableRoutingRule, error)

GetRoutingRule retrieves a specific routing rule by ID.

func (*RDBConfigStore) GetRoutingRules added in v1.2.17 

func (s *RDBConfigStore) GetRoutingRules(ctx context.Context) ([]tables.TableRoutingRule, error)

GetRoutingRules retrieves all routing rules from the database.

func (*RDBConfigStore) GetRoutingRulesByScope added in v1.2.17 

func (s *RDBConfigStore) GetRoutingRulesByScope(ctx context.Context, scope string, scopeID string) ([]tables.TableRoutingRule, error)

GetRoutingRulesByScope retrieves routing rules by scope and scope ID, ordered by priority ASC.

func (*RDBConfigStore) GetRoutingRulesPaginated added in v1.2.28 

func (s *RDBConfigStore) GetRoutingRulesPaginated(ctx context.Context, params RoutingRulesQueryParams) ([]tables.TableRoutingRule, int64, error)

GetRoutingRulesPaginated retrieves routing rules with pagination and optional search filtering.

When ctx carries a QueryScope, the query is narrowed to rules the caller is allowed to see; rules with scope='global' are always included by the scope builder.

func (*RDBConfigStore) GetSession added in v1.1.20 

func (s *RDBConfigStore) GetSession(ctx context.Context, token string) (*tables.SessionsTable, error)

GetSession retrieves a session from the database.

func (*RDBConfigStore) GetTeam added in v1.1.0 

func (s *RDBConfigStore) GetTeam(ctx context.Context, id string) (*tables.TableTeam, error)

GetTeam retrieves a specific team from the database.

When ctx carries a QueryScope, a team that doesn't satisfy the scope returns ErrNotFound; the caller cannot distinguish "doesn't exist" from "not visible," matching the leak-prevention contract used by the other governance entities.

func (*RDBConfigStore) GetTeamByName added in v1.3.8 

func (s *RDBConfigStore) GetTeamByName(ctx context.Context, name string, customerID string) (*tables.TableTeam, error)

GetTeamByName retrieves a team by name. When customerID is non-empty the lookup is scoped to that customer

func (*RDBConfigStore) GetTeamBySourceID added in v1.3.11 

func (s *RDBConfigStore) GetTeamBySourceID(ctx context.Context, sourceID string) (*tables.TableTeam, error)

GetTeamBySourceID retrieves a team by its source ID.

func (*RDBConfigStore) GetTeams added in v1.1.0 

func (s *RDBConfigStore) GetTeams(ctx context.Context, customerID string) ([]tables.TableTeam, error)

GetTeams retrieves all teams from the database.

When ctx carries a QueryScope, the query is narrowed to teams the caller is allowed to see.

func (*RDBConfigStore) GetTeamsPaginated added in v1.2.28 

func (s *RDBConfigStore) GetTeamsPaginated(ctx context.Context, params TeamsQueryParams) ([]tables.TableTeam, int64, error)

GetTeamsPaginated retrieves teams with pagination, filtering, and search support.

When ctx carries a QueryScope, the query is narrowed to teams the caller is allowed to see.

func (*RDBConfigStore) GetTempTokenByHash added in v1.3.11 

func (s *RDBConfigStore) GetTempTokenByHash(ctx context.Context, tokenHash string) (*tables.TempToken, error)

GetTempTokenByHash retrieves a temp_tokens row by the SHA-256 hash of its plaintext. Returns (nil, nil) when no row matches — callers should treat that as "no such token" rather than an error.

func (*RDBConfigStore) GetVectorStoreConfig added in v1.1.0 

func (s *RDBConfigStore) GetVectorStoreConfig(ctx context.Context) (*vectorstore.Config, error)

GetVectorStoreConfig retrieves the vector store configuration from the database.

func (*RDBConfigStore) GetVirtualKey added in v1.1.0 

func (s *RDBConfigStore) GetVirtualKey(ctx context.Context, id string) (*tables.TableVirtualKey, error)

GetVirtualKey retrieves a virtual key from the database.

When ctx carries a QueryScope, the query is narrowed to rows the caller is allowed to see. A row that exists but falls outside the scope returns ErrNotFound, the same response a genuinely-missing row produces, so URL guessing cannot distinguish "hidden" from "absent".

func (*RDBConfigStore) GetVirtualKeyByValue added in v1.1.0 

func (s *RDBConfigStore) GetVirtualKeyByValue(ctx context.Context, value string) (*tables.TableVirtualKey, error)

GetVirtualKeyByValue retrieves a virtual key by its value using hash-based lookup.

func (*RDBConfigStore) GetVirtualKeyMCPConfigs added in v1.1.10 

func (s *RDBConfigStore) GetVirtualKeyMCPConfigs(ctx context.Context, virtualKeyID string) ([]tables.TableVirtualKeyMCPConfig, error)

GetVirtualKeyMCPConfigs retrieves all virtual key MCP configs from the database.

func (*RDBConfigStore) GetVirtualKeyMCPConfigsByMCPClientID added in v1.3.0 

func (s *RDBConfigStore) GetVirtualKeyMCPConfigsByMCPClientID(ctx context.Context, mcpClientID uint) ([]tables.TableVirtualKeyMCPConfig, error)

GetVirtualKeyMCPConfigsByMCPClientID retrieves all VK MCP configs for a given MCP client.

func (*RDBConfigStore) GetVirtualKeyMCPConfigsByMCPClientIDs added in v1.3.0 

func (s *RDBConfigStore) GetVirtualKeyMCPConfigsByMCPClientIDs(ctx context.Context, mcpClientIDs []uint) ([]tables.TableVirtualKeyMCPConfig, error)

GetVirtualKeyMCPConfigsByMCPClientIDs retrieves all VK MCP configs for a set of MCP client IDs in one query.

func (*RDBConfigStore) GetVirtualKeyMCPConfigsByMCPClientStringIDs added in v1.3.3 

func (s *RDBConfigStore) GetVirtualKeyMCPConfigsByMCPClientStringIDs(ctx context.Context, clientIDs []string) ([]tables.TableVirtualKeyMCPConfig, error)

GetVirtualKeyMCPConfigsByMCPClientStringIDs retrieves all VK MCP configs for a set of string client IDs (the ClientID varchar column, not the DB primary key) in one query.

func (*RDBConfigStore) GetVirtualKeyProviderConfigs added in v1.1.0 

func (s *RDBConfigStore) GetVirtualKeyProviderConfigs(ctx context.Context, virtualKeyID string) ([]tables.TableVirtualKeyProviderConfig, error)

GetVirtualKeyProviderConfigs retrieves all virtual key provider configs from the database.

func (*RDBConfigStore) GetVirtualKeyQuotaByValue added in v1.3.3 

func (s *RDBConfigStore) GetVirtualKeyQuotaByValue(ctx context.Context, value string) (*tables.TableVirtualKey, error)

GetVirtualKeyQuotaByValue retrieves budget, rate limit, and provider-level limit data for a virtual key. This is a lean query that avoids loading Team, Customer, MCPConfigs, and provider Keys.

func (*RDBConfigStore) GetVirtualKeys added in v1.1.0 

func (s *RDBConfigStore) GetVirtualKeys(ctx context.Context) ([]tables.TableVirtualKey, error)

GetVirtualKeys retrieves all virtual keys from the database.

func (*RDBConfigStore) GetVirtualKeysPaginated added in v1.2.27 

func (s *RDBConfigStore) GetVirtualKeysPaginated(ctx context.Context, params VirtualKeyQueryParams) ([]tables.TableVirtualKey, int64, error)

GetVirtualKeysPaginated retrieves virtual keys with pagination, filtering, and search support.

func (*RDBConfigStore) ListFeatureFlags added in v1.3.11 

func (s *RDBConfigStore) ListFeatureFlags(ctx context.Context) ([]tables.TableFeatureFlag, error)

ListFeatureFlags returns every persisted feature-flag override. Flags at their code default are absent from this table by design.

func (*RDBConfigStore) ListMCPPerUserHeaderCredentials added in v1.3.14 

func (s *RDBConfigStore) ListMCPPerUserHeaderCredentials(ctx context.Context, params MCPSessionsFilterParams) ([]tables.TableMCPPerUserHeaderCredential, error)

ListMCPPerUserHeaderCredentials returns credential rows matching params, regardless of status. The sessions UI surfaces non-active states (needs_update / orphaned) with distinct affordances; default status filtering here would only hide rows the user needs to act on. Runtime lookups apply their own status='active' filter and don't go through this method.

func (*RDBConfigStore) ListOauthUserTokens added in v1.3.14 

func (s *RDBConfigStore) ListOauthUserTokens(ctx context.Context, params MCPSessionsFilterParams) ([]tables.TableOauthUserToken, error)

ListOauthUserTokens returns token rows matching params, regardless of status. The sessions tab UI renders distinct affordances per state; default status filtering here would only hide rows the user needs to see (especially needs_reauth). Runtime lookups apply their own status='active' filter and don't use this. Pagination is handler-side because cross-table de-dup with the pending-session list happens after the merge.

func (*RDBConfigStore) ListPendingMCPPerUserHeaderFlows added in v1.3.14 

func (s *RDBConfigStore) ListPendingMCPPerUserHeaderFlows(ctx context.Context, params MCPSessionsFilterParams) ([]tables.TableMCPPerUserHeaderFlow, error)

ListPendingMCPPerUserHeaderFlows returns pending header-submission flow rows matching params whose expiry is in the future. Uses ScopedDB so a query-scope stashed on ctx (if any) narrows the result; otherwise returns every matching pending row. Mirrors ListPendingOauthUserSessions.

func (*RDBConfigStore) ListPendingOauthUserSessions added in v1.3.14 

func (s *RDBConfigStore) ListPendingOauthUserSessions(ctx context.Context, params MCPSessionsFilterParams) ([]tables.TableOauthUserSession, error)

ListPendingOauthUserSessions returns pending OAuth flow rows matching params whose expiry is in the future. Companion to ListOauthUserTokens.

func (*RDBConfigStore) MarkMCPPerUserHeaderCredentialsNeedsUpdate added in v1.3.14 

func (s *RDBConfigStore) MarkMCPPerUserHeaderCredentialsNeedsUpdate(ctx context.Context, mcpClientID string) error

MarkMCPPerUserHeaderCredentialsNeedsUpdate flips status to 'needs_update' for every active row tied to mcpClientID. Called when the admin changes PerUserHeaderKeys on the MCP client config.

func (*RDBConfigStore) MarkOauthUserTokenNeedsReauthByID added in v1.3.11 

func (s *RDBConfigStore) MarkOauthUserTokenNeedsReauthByID(ctx context.Context, tokenID string) error

MarkOauthUserTokenNeedsReauthByID flips status to 'needs_reauth' on a single token row. Called by the refresh-failure path when the upstream credential is permanently rejected: the row stays (preserves audit + binding for re-auth), but is filtered from active lookups so the next inference triggers a fresh OAuth flow.

func (*RDBConfigStore) Ping added in v1.1.8 

func (s *RDBConfigStore) Ping(ctx context.Context) error

Ping checks if the database is reachable.

func (*RDBConfigStore) ReconcileMCPHeadersAfterMCPChange added in v1.3.14 

func (s *RDBConfigStore) ReconcileMCPHeadersAfterMCPChange(ctx context.Context, mcpClientID string) error

ReconcileMCPHeadersAfterMCPChange is the headers counterpart of ReconcileOauthAfterMCPChange.

func (*RDBConfigStore) ReconcileMCPHeadersAfterVKChange added in v1.3.14 

func (s *RDBConfigStore) ReconcileMCPHeadersAfterVKChange(ctx context.Context, vkID string) error

ReconcileMCPHeadersAfterVKChange is the headers counterpart of ReconcileOauthAfterVKChange.

func (*RDBConfigStore) ReconcileOauthAfterMCPChange added in v1.3.14 

func (s *RDBConfigStore) ReconcileOauthAfterMCPChange(ctx context.Context, mcpClientID string) error

ReconcileOauthAfterMCPChange re-evaluates every VK that holds an OAuth credential for the given MCP. Called when an MCP edit mutates who can access it (vk_configs diff or AllowOnAllVirtualKeys toggle).

func (*RDBConfigStore) ReconcileOauthAfterVKChange added in v1.3.14 

func (s *RDBConfigStore) ReconcileOauthAfterVKChange(ctx context.Context, vkID string) error

ReconcileOauthAfterVKChange orphans/reactivates vk-keyed OAuth rows against the VK's current effective allowlist. Called whenever a VK's MCP grants might have changed (AP propagation, direct dashboard edit, SCIM auto-assign).

func (*RDBConfigStore) RefreshConnectionPool added in v1.3.3 

func (s *RDBConfigStore) RefreshConnectionPool(ctx context.Context) error

RefreshConnectionPool closes the runtime pool and opens a fresh one against the same configuration. In-flight queries on the old pool complete before it closes; subsequent DB() calls return the new pool, whose connections carry no cached plans. SQLite is a no-op.

Returns an error if the store was constructed without a refresh hook wired (same rationale as RunMigration).

func (*RDBConfigStore) ReleaseLock added in v1.2.9 

func (s *RDBConfigStore) ReleaseLock(ctx context.Context, lockKey, holderID string) (bool, error)

ReleaseLock deletes a lock if the holder ID matches. Returns true if the lock was released, false if it wasn't held by the given holder.

func (*RDBConfigStore) RenamePromptSession added in v1.2.27 

func (s *RDBConfigStore) RenamePromptSession(ctx context.Context, id uint, name string) error

RenamePromptSession updates only the name of a session

func (*RDBConfigStore) RetryOnNotFound added in v1.2.0 

func (s *RDBConfigStore) RetryOnNotFound(ctx context.Context, fn func(ctx context.Context) (any, error), maxRetries int, retryDelay time.Duration) (any, error)

RetryOnNotFound retries a function up to 3 times with 1-second delays if it returns ErrNotFound

func (*RDBConfigStore) RunMigration added in v1.1.5 

func (s *RDBConfigStore) RunMigration(ctx context.Context, fn func(context.Context, *gorm.DB) error) error

RunMigration opens a throwaway connection against the same backing database, invokes fn with it, and closes the connection. Use this for DDL that must not leave cached prepared-statement plans on the runtime pool. After fn returns, callers should invoke RefreshConnectionPool if the migration altered tables the runtime pool has already queried.

For SQLite, the throwaway concept doesn't apply (no server-side plan cache, single-writer file lock), so this runs fn against the existing *gorm.DB.

Returns an error if the store was constructed without a migration hook wired — e.g. a direct `&RDBConfigStore{}` literal that skipped the newPostgresConfigStore / newSqliteConfigStore constructor. An explicit error is safer than a silent fallback to the runtime pool: running DDL on the runtime pool would reintroduce SQLSTATE 0A000.

func (*RDBConfigStore) ScopedDB added in v1.3.11 

func (s *RDBConfigStore) ScopedDB(ctx context.Context) *gorm.DB

ScopedDB returns the DB bound to ctx with any QueryScope on ctx pre-applied. Use this in read paths that should respect caller- driven row visibility. Use DB().WithContext(ctx) for writes and for internal lookups (e.g. inference VK auth) that must bypass scoping.

func (*RDBConfigStore) SetRestartRequiredConfig added in v1.1.53 

func (s *RDBConfigStore) SetRestartRequiredConfig(ctx context.Context, config *tables.RestartRequiredConfig) error

SetRestartRequiredConfig sets the restart required configuration in the database.

func (*RDBConfigStore) TryAcquireLock added in v1.2.9 

func (s *RDBConfigStore) TryAcquireLock(ctx context.Context, lock *tables.TableDistributedLock) (bool, error)

TryAcquireLock attempts to insert a lock row. Returns true if the lock was acquired. Uses INSERT ... ON CONFLICT DO NOTHING for atomic lock acquisition.

func (*RDBConfigStore) UpdateAuthConfig added in v1.1.20 

func (s *RDBConfigStore) UpdateAuthConfig(ctx context.Context, config *AuthConfig) error

UpdateAuthConfig updates the auth configuration in the database.

func (*RDBConfigStore) UpdateBudget added in v1.1.0 

func (s *RDBConfigStore) UpdateBudget(ctx context.Context, budget *tables.TableBudget, tx ...*gorm.DB) error

UpdateBudget updates a budget in the database.

func (*RDBConfigStore) UpdateBudgetUsage added in v1.2.13 

func (s *RDBConfigStore) UpdateBudgetUsage(ctx context.Context, id string, currentUsage float64) error

UpdateBudgetUsage updates only the current_usage field of a budget. Uses SkipHooks to avoid triggering BeforeSave validation since we're only updating usage.

func (*RDBConfigStore) UpdateBudgets added in v1.1.0 

func (s *RDBConfigStore) UpdateBudgets(ctx context.Context, budgets []*tables.TableBudget, tx ...*gorm.DB) error

UpdateBudgets updates multiple budgets in the database.

func (*RDBConfigStore) UpdateClientConfig added in v1.1.0 

func (s *RDBConfigStore) UpdateClientConfig(ctx context.Context, config *ClientConfig) error

UpdateClientConfig updates the client configuration in the database.

func (*RDBConfigStore) UpdateClientMetadata added in v1.3.11 

func (s *RDBConfigStore) UpdateClientMetadata(ctx context.Context, patch map[string]any) error

UpdateClientMetadata merges patch into the existing metadata blob and writes it back via a targeted UPDATE on metadata_json only — no DELETE+CREATE, no risk of clobbering other ClientConfig columns. The merge follows JSON Merge Patch semantics (RFC 7386): nested objects are merged recursively, and keys with a nil value in patch are removed from the blob (callers can pass {"key": nil} to clear, including nested keys).

func (*RDBConfigStore) UpdateConfig added in v1.1.0 

func (s *RDBConfigStore) UpdateConfig(ctx context.Context, config *tables.TableGovernanceConfig, tx ...*gorm.DB) error

UpdateConfig updates a specific config in the database.

func (*RDBConfigStore) UpdateCustomer added in v1.1.0 

func (s *RDBConfigStore) UpdateCustomer(ctx context.Context, customer *tables.TableCustomer, tx ...*gorm.DB) error

UpdateCustomer updates an existing customer in the database.

func (*RDBConfigStore) UpdateFolder added in v1.2.27 

func (s *RDBConfigStore) UpdateFolder(ctx context.Context, folder *tables.TableFolder) error

UpdateFolder updates a folder

func (*RDBConfigStore) UpdateFrameworkConfig added in v1.1.8 

func (s *RDBConfigStore) UpdateFrameworkConfig(ctx context.Context, config *tables.TableFrameworkConfig) error

UpdateFrameworkConfig updates the framework configuration in the database.

func (*RDBConfigStore) UpdateLockExpiry added in v1.2.9 

func (s *RDBConfigStore) UpdateLockExpiry(ctx context.Context, lockKey, holderID string, expiresAt time.Time) error

UpdateLockExpiry updates the expiration time for an existing lock. Only succeeds if the holder ID matches the current lock holder.

func (*RDBConfigStore) UpdateLogsStoreConfig added in v1.1.0 

func (s *RDBConfigStore) UpdateLogsStoreConfig(ctx context.Context, config *logstore.Config) error

UpdateLogsStoreConfig updates the logs store configuration in the database.

func (*RDBConfigStore) UpdateMCPClientConfig added in v1.1.10 

func (s *RDBConfigStore) UpdateMCPClientConfig(ctx context.Context, id string, clientConfig *tables.TableMCPClient) error

UpdateMCPClientConfig updates an existing MCP client configuration in the database.

func (*RDBConfigStore) UpdateMCPPerUserHeaderFlow added in v1.3.14 

func (s *RDBConfigStore) UpdateMCPPerUserHeaderFlow(ctx context.Context, flow *tables.TableMCPPerUserHeaderFlow) error

UpdateMCPPerUserHeaderFlow updates a flow row in place.

func (*RDBConfigStore) UpdateModelConfig added in v1.2.13 

func (s *RDBConfigStore) UpdateModelConfig(ctx context.Context, modelConfig *tables.TableModelConfig, tx ...*gorm.DB) error

UpdateModelConfig updates a model config in the database.

func (*RDBConfigStore) UpdateModelConfigs added in v1.2.13 

func (s *RDBConfigStore) UpdateModelConfigs(ctx context.Context, modelConfigs []*tables.TableModelConfig, tx ...*gorm.DB) error

UpdateModelConfigs updates multiple model configs in the database.

func (*RDBConfigStore) UpdateOauthConfig added in v1.2.17 

func (s *RDBConfigStore) UpdateOauthConfig(ctx context.Context, config *tables.TableOauthConfig) error

UpdateOauthConfig updates an existing OAuth config

func (*RDBConfigStore) UpdateOauthToken added in v1.2.17 

func (s *RDBConfigStore) UpdateOauthToken(ctx context.Context, token *tables.TableOauthToken) error

UpdateOauthToken updates an existing OAuth token

func (*RDBConfigStore) UpdateOauthUserSession added in v1.3.1 

func (s *RDBConfigStore) UpdateOauthUserSession(ctx context.Context, session *tables.TableOauthUserSession) error

UpdateOauthUserSession updates an existing per-user OAuth session

func (*RDBConfigStore) UpdateOauthUserToken added in v1.3.1 

func (s *RDBConfigStore) UpdateOauthUserToken(ctx context.Context, token *tables.TableOauthUserToken) error

UpdateOauthUserToken updates an existing per-user OAuth token

func (*RDBConfigStore) UpdatePlugin added in v1.1.0 

func (s *RDBConfigStore) UpdatePlugin(ctx context.Context, plugin *tables.TablePlugin, tx ...*gorm.DB) error

UpdatePlugin updates an existing plugin in the database.

func (*RDBConfigStore) UpdatePricingOverride added in v1.3.0 

func (s *RDBConfigStore) UpdatePricingOverride(ctx context.Context, override *tables.TablePricingOverride, tx ...*gorm.DB) error

func (*RDBConfigStore) UpdatePrompt added in v1.2.27 

func (s *RDBConfigStore) UpdatePrompt(ctx context.Context, prompt *tables.TablePrompt) error

UpdatePrompt updates a prompt

func (*RDBConfigStore) UpdatePromptSession added in v1.2.27 

func (s *RDBConfigStore) UpdatePromptSession(ctx context.Context, session *tables.TablePromptSession) error

UpdatePromptSession updates a session and its messages

func (*RDBConfigStore) UpdateProvider added in v1.1.0 

func (s *RDBConfigStore) UpdateProvider(ctx context.Context, provider schemas.ModelProvider, config ProviderConfig, tx ...*gorm.DB) error

UpdateProvider updates a single provider configuration in the database without deleting/recreating.

func (*RDBConfigStore) UpdateProviderKey added in v1.3.0 

func (s *RDBConfigStore) UpdateProviderKey(ctx context.Context, provider schemas.ModelProvider, keyID string, key schemas.Key, tx ...*gorm.DB) error

UpdateProviderKey updates a single key for an existing provider.

func (*RDBConfigStore) UpdateProvidersConfig added in v1.1.0 

func (s *RDBConfigStore) UpdateProvidersConfig(ctx context.Context, providers map[schemas.ModelProvider]ProviderConfig, tx ...*gorm.DB) error

UpdateProvidersConfig updates the client configuration in the database.

func (*RDBConfigStore) UpdateProxyConfig added in v1.1.44 

func (s *RDBConfigStore) UpdateProxyConfig(ctx context.Context, config *tables.GlobalProxyConfig) error

UpdateProxyConfig updates the proxy configuration in the database.

func (*RDBConfigStore) UpdateRateLimit added in v1.1.0 

func (s *RDBConfigStore) UpdateRateLimit(ctx context.Context, rateLimit *tables.TableRateLimit, tx ...*gorm.DB) error

UpdateRateLimit updates a rate limit in the database.

func (*RDBConfigStore) UpdateRateLimitUsage added in v1.2.13 

func (s *RDBConfigStore) UpdateRateLimitUsage(ctx context.Context, id string, tokenCurrentUsage int64, requestCurrentUsage int64) error

UpdateRateLimitUsage updates only the usage fields of a rate limit. Uses SkipHooks to avoid triggering BeforeSave validation since we're only updating usage.

func (*RDBConfigStore) UpdateRateLimits added in v1.1.0 

func (s *RDBConfigStore) UpdateRateLimits(ctx context.Context, rateLimits []*tables.TableRateLimit, tx ...*gorm.DB) error

UpdateRateLimits updates multiple rate limits in the database.

func (*RDBConfigStore) UpdateRoutingRule added in v1.2.17 

func (s *RDBConfigStore) UpdateRoutingRule(ctx context.Context, rule *tables.TableRoutingRule, tx ...*gorm.DB) error

UpdateRoutingRule updates an existing routing rule in the database. It enforces the same unique-priority-per-scope invariant as CreateRoutingRule.

func (*RDBConfigStore) UpdateStatus added in v1.2.21 

func (s *RDBConfigStore) UpdateStatus(ctx context.Context, provider schemas.ModelProvider, keyID string, status, description string) error

UpdateStatus updates the status for either a key or provider. - If keyID is non-empty: updates the key's status (for keyed providers) - If keyID is empty and provider is non-empty: updates the provider's status (for keyless providers)

func (*RDBConfigStore) UpdateTeam added in v1.1.0 

func (s *RDBConfigStore) UpdateTeam(ctx context.Context, team *tables.TableTeam, tx ...*gorm.DB) error

UpdateTeam updates an existing team in the database.

func (*RDBConfigStore) UpdateVectorStoreConfig added in v1.1.0 

func (s *RDBConfigStore) UpdateVectorStoreConfig(ctx context.Context, config *vectorstore.Config) error

UpdateVectorStoreConfig updates the vector store configuration in the database.

func (*RDBConfigStore) UpdateVirtualKey added in v1.1.0 

func (s *RDBConfigStore) UpdateVirtualKey(ctx context.Context, virtualKey *tables.TableVirtualKey, tx ...*gorm.DB) error

UpdateVirtualKey updates an existing virtual key in the database.

func (*RDBConfigStore) UpdateVirtualKeyMCPConfig added in v1.1.10 

func (s *RDBConfigStore) UpdateVirtualKeyMCPConfig(ctx context.Context, virtualKeyMCPConfig *tables.TableVirtualKeyMCPConfig, tx ...*gorm.DB) error

UpdateVirtualKeyMCPConfig updates a virtual key provider config in the database.

func (*RDBConfigStore) UpdateVirtualKeyProviderConfig added in v1.1.0 

func (s *RDBConfigStore) UpdateVirtualKeyProviderConfig(ctx context.Context, virtualKeyProviderConfig *tables.TableVirtualKeyProviderConfig, tx ...*gorm.DB) error

UpdateVirtualKeyProviderConfig updates a virtual key provider config in the database.

func (*RDBConfigStore) UpsertFeatureFlag added in v1.3.11 

func (s *RDBConfigStore) UpsertFeatureFlag(ctx context.Context, id string, enabled bool, updatedAt int64) error

UpsertFeatureFlag writes or replaces a single override row. ID is the primary key so concurrent writers cannot create duplicates. updatedAt is the caller-supplied logical timestamp used by gossip for last-write-wins.

func (*RDBConfigStore) UpsertMCPPerUserHeaderCredential added in v1.3.14 

func (s *RDBConfigStore) UpsertMCPPerUserHeaderCredential(ctx context.Context, cred *tables.TableMCPPerUserHeaderCredential) error

UpsertMCPPerUserHeaderCredential atomically inserts or updates a credential row keyed by (auth_mode, identity, mcp_client_id). Mirrors CreateOauthUserToken — the row represents the (identity, mcp_client) binding, so a re-submit preserves CreatedAt.

func (*RDBConfigStore) UpsertModelParameters added in v1.2.27 

func (s *RDBConfigStore) UpsertModelParameters(ctx context.Context, params *tables.TableModelParameters, tx ...*gorm.DB) error

UpsertModelParameters inserts or updates model parameters for a specific model. Uses a single atomic ON CONFLICT statement to avoid deadlocks in multinode deployments where multiple nodes may attempt concurrent upserts for the same model on startup.

func (*RDBConfigStore) UpsertModelPrices added in v1.2.9 

func (s *RDBConfigStore) UpsertModelPrices(ctx context.Context, pricing *tables.TableModelPricing, tx ...*gorm.DB) error

UpsertModelPrices creates or updates a model pricing record in the database. Uses a single atomic ON CONFLICT statement to avoid deadlocks in multinode deployments where multiple nodes may attempt concurrent upserts for the same model on startup.

The update list is intentionally explicit (pricingSyncUpdateColumns) rather than UpdateAll: every datasheet-sourced column is enumerated, but `additional_attributes` is omitted so the 24-hour pricing sync never overwrites editorial metadata set via UpsertModelPricingAttributes.

func (*RDBConfigStore) UpsertModelPricingAttributes added in v1.3.14 

func (s *RDBConfigStore) UpsertModelPricingAttributes(ctx context.Context, model, provider string, attrs map[string]string, tx ...*gorm.DB) (int64, error)

UpsertModelPricingAttributes writes only the additional_attributes column for the pricing row keyed by (model, provider). The row must already exist — callers may not seed pricing rows through this path; the management API enforces that. A nil/empty attrs map clears the column to an empty JSON object.

func (*RDBConfigStore) UpsertPlugin added in v1.1.40 

func (s *RDBConfigStore) UpsertPlugin(ctx context.Context, plugin *tables.TablePlugin, tx ...*gorm.DB) error

UpsertPlugin creates a new plugin in the database if it doesn't exist, otherwise updates it.

type RoutingRulesQueryParams added in v1.2.28 

type RoutingRulesQueryParams struct {
	Limit  int
	Offset int
	Search string
}

RoutingRulesQueryParams holds pagination, filtering, and search parameters for routing rules queries.

type SQLiteConfig 

type SQLiteConfig struct {
	Path string `json:"path"`
}

SQLiteConfig represents the configuration for a SQLite database.

type TeamsQueryParams added in v1.2.28 

type TeamsQueryParams struct {
	Limit      int
	Offset     int
	Search     string
	CustomerID string
}

TeamsQueryParams holds pagination, filtering, and search parameters for team queries.

type VirtualKeyHashInput added in v1.1.45 

type VirtualKeyHashInput struct {
	Name        string
	Description string
	IsActive    bool
	TeamID      *string
	CustomerID  *string
	RateLimitID *string
	// ProviderConfigs and MCPConfigs are hashed separately as they contain nested data
	ProviderConfigs []VirtualKeyProviderConfigHashInput
	MCPConfigs      []VirtualKeyMCPConfigHashInput
}

VirtualKeyHashInput represents the fields used for virtual key hash generation. This struct is used to create a consistent hash from TableVirtualKey, excluding dynamic fields like ID, timestamps, and relationship objects.

type VirtualKeyMCPConfigHashInput added in v1.1.45 

type VirtualKeyMCPConfigHashInput struct {
	MCPClientID    uint
	ToolsToExecute []string
}

VirtualKeyMCPConfigHashInput represents MCP config fields for hashing

type VirtualKeyProviderConfigHashInput added in v1.1.45 

type VirtualKeyProviderConfigHashInput struct {
	Provider      string
	Weight        *float64
	AllowedModels []string
	RateLimitID   *string
	KeyIDs        []string // Only key IDs, not full key objects
}

VirtualKeyProviderConfigHashInput represents provider config fields for hashing

type VirtualKeyQueryParams added in v1.2.27 

type VirtualKeyQueryParams struct {
	Limit                              int
	Offset                             int
	Search                             string
	CustomerID                         string
	TeamID                             string
	SortBy                             string // name, budget_spent, created_at, status (default: created_at)
	Order                              string // asc, desc (default: asc)
	Export                             bool   // When true, skip default pagination limits (caller controls limit)
	ExcludeAccessProfileManagedVirtual bool   // When true, exclude VKs managed through enterprise access profiles
}

VirtualKeyQueryParams holds pagination, filtering, and search parameters for virtual key queries.

Source Files

View all Source files

Directories

Path Synopsis
Package tables contains the database tables for the configstore.
 Package tables contains the database tables for the configstore.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.