keyconfig

package

v1.3.21 Latest Latest Go to latest Published: Jun 16, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/maximhq/bifrost

Links

Open Source Insights

Documentation ¶

Overview ¶

Package keyconfig caches per-key configuration (allowed/blacklisted models, aliases) for every configured provider. It is a pure transformation: callers push raw schemas.Key slices in via SetProvider / Replace, and the store exposes derived views (aggregated allow/block lists, alias-owner index, per-key entries) for routing-time queries.

The store performs no I/O — it does not know about configstore, the network, or persistence. The composer (ModelCatalog) owns fetching keys from the config store and pushing them in.

Aggregation semantics — provider-level blacklist as the intersection across enabled keys, last-enabled-key-wins on alias collisions — are ported from bifrost-enterprise/core/loadbalancing/plugin.go and extended with per-key alias retention so routing can resolve (provider, model) → (keyID, AliasConfig).

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AliasOwner ¶

type AliasOwner struct {
	KeyID  string
	Config schemas.AliasConfig
}

AliasOwner identifies which key owns an alias and carries its AliasConfig. Routing uses KeyID to pick credentials; Config carries the deployment / region overrides that must be applied alongside.

type KeyEntry ¶

type KeyEntry struct {
	KeyID       string
	Enabled     bool
	Allowed     schemas.WhiteList
	Blacklisted schemas.BlackList
	Aliases     schemas.KeyAliases
}

KeyEntry is the per-key configuration snapshot the store maintains. Slice and map fields are owned by the store; callers must not mutate.

type Store ¶

type Store struct {
	// contains filtered or unexported fields
}

func New ¶

func New(logger schemas.Logger) *Store

New constructs an empty Store.

func (*Store) AllowedFor ¶

func (s *Store) AllowedFor(provider schemas.ModelProvider) schemas.WhiteList

AllowedFor returns the aggregated whitelist: union of enabled keys' Models minus per-key Blacklisted, or ["*"] when any enabled key is unrestricted or the provider is keyless non-standard.

func (*Store) BlacklistedFor ¶

func (s *Store) BlacklistedFor(provider schemas.ModelProvider) schemas.BlackList

BlacklistedFor returns the intersection of enabled keys' BlacklistedModels. A model is provider-wide blocked only when *every* enabled key blacklists it — matching the LB semantics that a model is only fully unavailable when no key can serve it. Entries preserve the original casing of the first key that blacklisted the model (the intersection itself is case-insensitive), consistent with AllowedFor.

func (*Store) EntriesFor ¶

func (s *Store) EntriesFor(provider schemas.ModelProvider) []KeyEntry

EntriesFor returns all per-key entries for the provider (including individually-disabled keys), or nil when the provider has no routable keys at all and was dropped from the store. Returns a defensive slice copy; KeyEntry fields share underlying memory with the store and must not be mutated.

func (*Store) EntryFor ¶

func (s *Store) EntryFor(provider schemas.ModelProvider, keyID string) (KeyEntry, bool)

EntryFor returns the entry for one (provider, keyID), or false if absent.

func (*Store) IsAllowed ¶

func (s *Store) IsAllowed(provider schemas.ModelProvider, model string) bool

IsAllowed reports whether at least one enabled key can actually serve the model on this provider — a key whose allow-list permits it and whose blacklist does not block it. Returns false for unknown providers (no state ⇒ no allowance). This mirrors KeysAllowingModel (true ⇔ KeysAllowingModel returns a non-empty set), so it is safe to use as a routing pre-filter: a true result guarantees a routable key exists. Keyless unrestricted providers (custom providers configured without keys) allow everything, since there is no per-key allow-list to route through.

func (*Store) KeysAllowingModel ¶

func (s *Store) KeysAllowingModel(provider schemas.ModelProvider, model string) []string

KeysAllowingModel returns the IDs of enabled keys whose Allowed list includes the model and whose Blacklisted list does not block it. Used by routing to skip keys that cannot serve the request without scanning each key's Models slice itself.

func (*Store) Providers ¶

func (s *Store) Providers() []schemas.ModelProvider

Providers returns every provider with cached state. Used by callers (notably the load balancer) that need to enumerate the routing-eligible provider set.

func (*Store) RemoveProvider ¶

func (s *Store) RemoveProvider(provider schemas.ModelProvider)

RemoveProvider drops all state for the provider. Call on provider delete.

func (*Store) Replace ¶

func (s *Store) Replace(snapshot map[schemas.ModelProvider][]schemas.Key)

Replace resets the store to reflect the snapshot. Providers present in the previous state but absent from snapshot are dropped. The new map is swapped in atomically under the write lock: readers see either the full old snapshot or the full new one, never an interleaving. Use on initial load and on full cross-pod resyncs.

func (*Store) ResolveAlias ¶

func (s *Store) ResolveAlias(provider schemas.ModelProvider, model string) (AliasOwner, bool)

ResolveAlias returns which key owns the alias on this provider and its AliasConfig. AliasConfig is a value copy — safe to mutate without affecting store state (though inner pointer fields like Region remain shared; treat the returned Config as read-only).

func (*Store) SetProvider ¶

func (s *Store) SetProvider(provider schemas.ModelProvider, keys []schemas.Key)

SetProvider replaces the cached state for one provider. Call after a successful key add / update / delete for that provider.

Source Files ¶

View all Source files

store.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL