Changelog
An expanded v1.4.3 on a clean OSS base oftransports/v1.5.4 (v1.4.2 had pinned an untagged commit). Headline items: Data Access Control (DAC) goes fleet-wide so own-data / team-data / all-data scoping now governs API keys, access profiles, roles, guardrails, MCP clients and tool groups, customers, teams, business units, and OAuth tokens, with targeted per-entity cache hydration replacing broad reloads. Broker-mode clustering routes all inter-node traffic through a central gRPC relay, enabling deployment on platforms without inbound peer connectivity such as Cloud Run, and a new heartbeat-based ghost node detection and cluster health system classifies partitioned and dead nodes and recovers their budget usage. Temporary access tokens and MCP per-user OAuth add scoped, time-limited credentials and per-user MCP authorization. The release also brings three new guardrail providers (CrowdStrike AIDR, Patronus AI, and Google Model Armor), team and access-profile calendar alignment, cluster-gossiped feature flags, a dedicated Dashboard RBAC resource, role and access-profile duplication, and OTEL-parity attributes across the Datadog and BigQuery exporters.✨ Features
Data Access Control (DAC)
- Row-level DAC across governed entities : DAC scoping (
own-data/team-data/all-data, set per role) now governs visibility of API keys, access profiles and AP templates, roles, guardrails and their configs/rules, MCP clients and tool groups, customers, teams, and business units. Each resource tracks acreated_by_user_idowner, with backfill migrations attributing legacy rows to the oldest active admin. Unauthenticated and local-admin deployments bypass DAC filtering and are unaffected. - Hierarchical entity ownership : customers, teams, business units, MCP clients, and MCP tool groups carry creator ownership so DAC-scoped paginated listings filter them correctly under
own-dataandteam-dataroles. - OAuth token DAC scoping and lifecycle reconciliation :
oauth_user_tokensandoauth_user_sessionsare DAC-scoped; deleting a user or virtual key cascades token/session cleanup in a transaction, and virtual-key MCP allowlist changes reconcile both user-keyed and VK-keyed tokens. - Targeted DAC cache hydration : broad RBAC snapshot rebuilds are replaced with per-entity hydration for teams, virtual keys, and customers, narrowing the blast radius of each cluster gossip event and cutting database load.
- Role DAC level surfaced to the UI :
/api/users/me/permissionsnow returns the caller’srole_dac, letting the UI gate features such as manual user creation.
Clustering & Broker Mode
- Broker-mode clustering : a new
brokercluster type routes all inter-node traffic through a central gRPC relay instead of a peer-to-peer memberlist mesh, enabling deployment on platforms without inbound peer connectivity such as Cloud Run. Start the lightweight relay with-mode=broker(orBIFROST_MODE=broker); leader election, roster sync, diagnostics, optional TLS, and auth tokens are all supported. - Cluster controller interface : a
cluster.Controllerinterface and transport-neutralNodetype decouple the codebase from the concrete mesh implementation, letting mesh and broker controllers be swapped behind one boundary. - Cluster-aware logging : log metadata and per-node usage aggregation are now cluster-aware.
- Ghost node detection and cluster health monitoring : a heartbeat-based liveness system. Each node periodically upserts a row to the new
enterprise_cluster_node_heartbeatstable; the leader reads it to classify unknown or disconnected nodes as ghosts (alive but partitioned) or dead, and recovers their budget and rate-limit usage from the shared logs table using a monotonic cursor that never skips async-written log rows. Graceful shutdown writes ashutting_downheartbeat and broadcasts a notification so peers drop the node immediately instead of waiting for TTL expiry, and ghost usage snapshots plus cursor state are gossiped so followers stay consistent across leader failover. - Cluster health and governance introspection APIs :
GET /api/cluster/healthreturns node classifications, partition count, and timing configuration;GET /api/cluster/governance-introspectionreturns local and remote budget and rate-limit state plus ghost and dead node IDs. The existing/api/cluster/nodesendpoint is augmented with ghost, dead, and detecting status. - Cluster health visualization : the enterprise cluster UI renders ghost, dead, detecting, and orphan nodes with distinct visual styles and status badges, auto-polling the new health endpoints.
Access & Identity
- Temporary access tokens : short-lived, scoped access tokens for time-limited API access; the temp-token service is wired into Enterprise server bootstrap and accepted by the MCP per-user auth flow.
- MCP per-user OAuth : MCP OAuth refactored into a per-user flow, with new
PreMCPHook/PostMCPHookoverrides promoting the virtual-key owner onto request context so the MCP path resolvesUserIDidentically to the LLM path. - Tenant-wide Okta provisioning : Okta user and group sync drops app-assignment scoping in favor of tenant-wide endpoints, removing the per-user lookup loop and the requirement that every synced user or group be explicitly app-assigned.
- Stable team identity across renames : team attribute mappings track the raw IdP claim as a
source_id, and team lookup prefersGetTeamBySourceIDso renamed teams are matched instead of duplicated on resync. - User virtual-key lookup by email : new
GET /api/users/email/{email}/virtual-keysendpoint returns a user’s virtual keys by email, for MDM and credential-helper integrations. - Virtual key ownership : virtual keys now capture and display the
created_byuser. Acreated_by_user_idcolumn ongovernance_virtual_keysreplaces theenterprise_virtual_key_usersjunction table as the single source of truth for VK ownership, and DAC membership and scope queries read from it directly. - Role duplication : duplicate an existing role from the roles table; the new role copies the source role’s description, DAC level, and permissions, with its name suffixed
_copy. Available to users with role-create permission. - Duplicate access profile : a Duplicate action on each access profile opens the sheet pre-filled with the source profile’s provider configs, budgets, rate limits, and MCP settings, named
<original name> (copy)with the name field auto-focused for quick renaming.
Governance
- Calendar-aligned budgets at team and access-profile level : a
calendar_alignedtoggle resets budgets and rate limits at calendar boundaries (for example the 1st of the month) rather than rolling from the creation date. It is surfaced in the Create Team dialog, the Team Detail Sheet, and the access profile form, and is propagated through profile copy and virtual-key sync. - Feature flags with cluster gossip : feature flags toggled via UI or API are broadcast to all cluster nodes via gossip and persisted so late-joining nodes hydrate correctly; file-locked flags remain per-node. A new
FeatureFlagsRBAC resource gates view and update. - Virtual key rotation : rotate virtual keys from the UI and backend.
- Semantic cache wired as a direct dependency : the
semanticcacheplugin is promoted to a direct dependency and the client’s embedding executor is injected at bootstrap, so cache-key embeddings actually run.
Guardrails
- CrowdStrike AIDR guardrail provider : new guardrail provider support.
- Patronus AI guardrail provider : new guardrail provider support.
- Google Model Armor guardrail provider : new guardrail provider support.
- Responses API support in guardrails : guardrail content extraction and mapping handle the Responses API request and response shape, so Responses-format conversations are evaluated with full fidelity.
- Gray Swan tool-call support : the Gray Swan provider now forwards
tool_calls,tool_call_id, and thetoolsschema so function-calling conversations are evaluated with full fidelity; request header metadata is also forwarded. - Per-rule conversation-turn cap : a
maxTurnsToSendfield on guardrail rules limits how many historical turns are forwarded to a provider, with content extraction reworked to emit one block per message for role-aware payloads. - Rule-level guardrail timeouts : rule timeouts are passed to providers (Azure, Bedrock, Gray Swan) via context so each provider applies and reports the correct timeout.
Observability & Telemetry
- OTEL-parity Datadog metrics : the Datadog exporter now emits per-attempt request, latency, error, and success counters (tagged with
provider,model, andfallback_index), granular input and output token-detail breakdowns, retry counts, TTFT, and cache-hit metrics, matching the OTEL plugin’s dimension set. A request ID is stamped on root spans, and stream latency conversions were corrected. - OTEL-parity BigQuery schema : the BigQuery exporter schema gains granular input and output token-detail columns, response metadata fields (
response_id,response_object,service_tier,system_fingerprint, and more), and arequest_idcolumn. A startup schema sync detects and adds missing columns to existing tables automatically, with no manual migration or data rewrite.
Dashboard & UI
- Dedicated Dashboard RBAC resource : a
Dashboardresource with aViewoperation gates the analytics dashboard and its aggregate endpoints (/api/logs/stats,/api/logs/histogram,/api/logs/rankings) independently of raw log access. An upgrade migration grants it to roles already holdingObservability:VieworLogs:View. - Granular dashboard RBAC : finer RBAC for API keys, inference, metrics, and MCP logs, with inaccessible sidebar items filtered out.
- User rankings tab synced with extended log filters : the user rankings tab syncs its URL state with extended log filters and supports user filtering.
- Onboarding checklist widget : an onboarding setup checklist widget with backend support.
- Server-side filter search : filter sidebar checkbox lists perform server-side search and pagination via a debounced
qquery param. - UI action menus and chart polish : inline action buttons are replaced with pinned dropdown menus across teams, virtual keys, MCP clients, pricing overrides, routing rules, model limits, and logs; chart card headers gain animated totals and full-precision tooltips.
OSS Base (transports/v1.5.4)
- Bedrock Mantle inference engine : support for
gpt-ossmodels on Bedrock Mantle via an OpenAI-compatible SSE endpoint. - Azure realtime provider : Azure realtime provider with nested model normalization, plus enriched realtime routing, logging, cost, and session tracking.
- Bedrock system tools : system tool support for Bedrock models.
- Service tier mappings : service tier mappings for Gemini and Anthropic.
- Config file override of DB values : file values in
config.jsonoverride DB values when the file changes between restarts;model_parameters_urlis configurable via config JSON and the Helm chart. - OTEL plugin selection : custom selection of which plugins export OTEL trace spans.
- Semantic cache plugin rewrite : the semantic cache plugin was rewritten, and the
cleanup_on_shutdownconfig option was removed. - Virtual key blocked models : block specific models at the virtual-key provider-config level; blocked models take priority over allowed models and are enforced by governance.
- MCP log attribution : MCP tool logs are stamped with user, team, customer, and business unit IDs so MCP usage is traceable like LLM usage.
- Team and business unit filters : team and business unit filters across the dashboard and logs views.
- Sticky time filters : time-filter selections persist when navigating between sidebar items.
🐞 Fixed
DAC & Cluster
- Targeted access-profile broadcasts : access profile cluster broadcasts are split into template-level and user-level message types, each carrying the IDs peer nodes need to take the correct targeted action.
- DAC resolver cache burst on entity creation : a shared
reloadDACMembershiphelper refreshes RBAC and DAC membership caches after team, customer, and virtual-key reloads so in-memory permission state never goes stale. - Cluster node ID correlation : cluster node IDs are correlated with WebSocket node IDs to prevent an empty cluster state in the UI.
- MCP tool group scope : corrected subquery column references in the MCP tool group DAC scope.
- Streaming chunk context :
ProcessStreamingChunknow receives the requestBifrostContext.
Access & Identity
- SCIM and OIDC session lifecycle : OIDC session cleanup no longer deletes sessions when the access token expires; only orphaned sessions and sessions older than 30 days are removed, preventing forced re-login every hour. Cookie token selection is unified in a shared
ChooseAuthCookieToken, and Keycloak now uses the access token so itsrealm_accessandresource_accessrole claims resolve correctly.
Guardrails
- Sampling double-count fix : guardrail sampling merges the decide and record steps into a single atomic
ShouldExecuteAndRecordcall soboth-phase rules are sampled exactly once per request, and stale peer gossip is pruned.
Billing & UI
- Sheet layout : sticky footer buttons stay anchored at the bottom of the CEL rule and MCP tool group sheets, alongside assorted UI polish.
OSS Base (transports/v1.5.4)
- fasthttp panic : fixed a fasthttp panic on malformed requests.
- Streaming stability : fixed a remote-stream-close race on context cancel, a nil-pointer dereference in stream cancellations, idle stream timeouts, and context-cancel ordering before read errors.
- Bedrock fixes : Bedrock Mantle fixes, chat tool arguments, stop reason, missing lifecycle events, and Responses prefill handling.
- OpenAI Responses : preserve OpenAI responses stream metadata and add usage to the completed event in the Responses-to-Chat-Completions fallback.
- Anthropic fixes : set Anthropic beta headers on Vertex, emit a role chunk from message start, trim trailing whitespace, fix reasoning-content forwarding on Responses-to-Chat conversion, and preserve output schema refs.
- Streaming pricing overrides : virtual-key and provider-key level pricing overrides now apply to streaming requests.
- Secret redaction :
FullyRedacted()for proxy passwords andMarshalForStorage()forProxyConfigprevent partial value leakage in API responses. - Calendar-aligned migrations : multiple migration fixes for calendar-aligned budget tables.
- Semantic cache : dimension check on namespace creation, a double-close panic guard, request-time plugin resolution, and telemetry decoupling.
- Filter queries : removed the
defaultFilterDataLimitcap and skipped the pagination clamp on virtual-key export requests. - MCP logs : stale stats removed from the logs list response.
- configstore : clearer error message when an API key name conflicts across providers.
- DB safety : the unsafe inline jsonb cast was replaced with a
bifrost_safe_jsonbPL/pgSQL helper. - Azure batch : Azure blob fields are now included in batch responses.
- Idle timeout panic : fixed a panic in the streaming idle-timeout reader, with a guard to skip reads once the connection is closed.
- TTFT metric accuracy : corrected the request start-time so the time-to-first-token metric is accurate.
- Vertex service tier : the Vertex traffic type now maps to the correct Bifrost service tier.
- Keyless providers :
ListModelsworks for providers configured without an API key. - Anthropic tools : stopped forcing
type: customon Anthropic tool definitions, and preserved the tool-call stop reason in the Anthropic streaming fallback. - Node usage reconciliation : a monotonic log cursor stops reconciliation from skipping late async log writes.
- Fallback budget tracking : the stale governance rejection flag is cleared on a decision allow, so successful fallback retries count toward budgets and rate limits.
- UI fixes : OAuth popup message validation, constrained table column widths, provider API form padding, and image parameter passthrough; the virtual keys table fills available height with a sticky header and scrollable body; routing-rule and virtual-key sheet layout growth is fixed; toasts remain clickable above modal overlays.
📀 Base OSS version
transports/v1.5.4This release pins clean tagged OSS modules (v1.4.2 had pinned an untagged commit, bef816abe9c2):