Skip to content

guardrails and audit logs #595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 11, 2025
Merged

guardrails and audit logs #595

merged 1 commit into from
Oct 11, 2025

Conversation

@akshaydeo
Copy link
Contributor

@akshaydeo akshaydeo commented Oct 10, 2025
edited
Loading

Add Enterprise Guardrails and Audit Logs Features

This PR adds two new enterprise features: Guardrails for content safety and security validation, and Audit Logs for comprehensive security event tracking. It also improves documentation for these features and makes minor UI adjustments to support them.

Changes

  • Added comprehensive documentation for Guardrails with support for AWS Bedrock, Azure Content Safety, and Patronus AI
  • Added detailed documentation for Audit Logs with examples of configuration, querying, and SIEM integration
  • Updated the sidebar to include new enterprise feature links
  • Renamed "Teams & Customers" to "Users & Groups" for better clarity
  • Added placeholder UI components for the new enterprise features
  • Updated BifrostRequest documentation with clearer comments
  • Updated Maxim Go dependency to v0.1.13
  • Added provider logos for Azure, Bedrock, Mistral, and Patronus

Type of change

  • Feature
  • Documentation

Affected areas

  • Core (Go)
  • UI (Next.js)
  • Docs

How to test

# Core
go version
go test ./...

# UI
cd ui
pnpm i
pnpm build

Navigate to the new enterprise features in the UI:

  1. Check the sidebar for new "Guardrails" and "Audit Logs" links
  2. Verify the placeholder UI components load correctly
  3. Review the documentation for the new features

Breaking changes

  • No

Related issues

Implements enterprise feature roadmap items

Security considerations

These features enhance security by providing content safety validation and comprehensive audit logging capabilities.

Checklist

  • I added/updated tests where appropriate
  • I updated documentation where needed
  • I verified builds succeed (Go and UI)

This was referenced Oct 10, 2025
Merged
Merged
@akshaydeo akshaydeo marked this pull request as ready for review October 10, 2025 13:29
@akshaydeo akshaydeo mentioned this pull request Oct 10, 2025
Merged
10 tasks
@akshaydeo Graphite App
Copy link
Contributor Author

akshaydeo commented Oct 10, 2025
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@akshaydeo akshaydeo mentioned this pull request Oct 10, 2025
Open
15 tasks
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 10, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Summary by CodeRabbit

  • New Features

    • Added Enterprise Guardrails and Audit Logs pages.
    • Introduced Users & Groups area with tabbed views (Users, Teams, Customers).

  • UI

    • Sidebar updates: added Guardrails, Audit Logs, and User Provisioning; renamed Teams & Customers to Users & Groups; refreshed icons.
    • New enterprise fallback views and minor layout height tweaks.

  • Documentation

    • New Enterprise Guardrails and Audit Logs guides.
    • Documentation navigation updated to include new pages.

  • Chores

    • Improved startup/bootstrap and plugin loading reliability in background configuration.

Walkthrough

Adds a public BifrostRequest one‑of wrapper to core schemas. Adds enterprise Guardrails and Audit Logs docs, pages, and fallback views. Updates sidebar and tabbed users page, wires a guardrail slice and enterprise shims into the UI store, initializes plugin pointer in Bifrost HTTP config, and bumps a dependency.

Changes

Cohort / File(s) Summary
Core schema
core/schemas/bifrost.go		 Adds exported BifrostRequest struct with Provider, Model, Fallbacks, RequestType and one‑of pointers for TextCompletion, Chat, Responses, Embedding, Speech, and Transcription requests.
Documentation
docs/docs.json, docs/enterprise/guardrails.mdx, docs/enterprise/audit-logs.mdx		 Adds enterprise Guardrails and Audit Logs pages and updates documentation navigation.
Enterprise fallback views
ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx, ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx, ui/app/_fallbacks/enterprise/components/scim/scimView.tsx, ui/app/_fallbacks/enterprise/components/*/clusterView.tsx, ui/app/_fallbacks/enterprise/components/*/adaptiveRoutingView.tsx, ui/app/_fallbacks/enterprise/components/user-groups/usersView.tsx, ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx		 Adds Guardrails and Audit Logs fallback components, new UsersView, updates icons/titles and layout className changes; removes min-height from ContactUsView outer container.
Enterprise store shims
ui/app/_fallbacks/enterprise/lib/store/apis/index.ts, ui/app/_fallbacks/enterprise/lib/store/slices/index.ts		 Adds placeholder exports (scimApi, userApi, apis), noop userReducer and guardrailReducer, reducers map, and EnterpriseState shim for compatibility when enterprise package is absent.
UI pages & navigation
ui/components/sidebar.tsx, ui/app/guardrails/page.tsx, ui/app/audit-logs/page.tsx, ui/app/user-groups/page.tsx, ui/app/cluster/page.tsx		 Sidebar updated (Guardrails, User Provisioning, Audit Logs, renames). Adds Guardrails and Audit Logs pages; user-groups page refactored to tabbed UI; cluster import path adjusted.
UI store & types
ui/lib/store/store.ts, ui/lib/store/slices/index.ts, ui/lib/types/guardrail.ts, ui/lib/store/apis/baseApi.ts		 Wires guardrail reducer into store, sources enterprise reducers/apis dynamically, updates RootState typing to include enterprise type, adds GuardrailProvider interface, and adds "Guardrails" to baseApi tagTypes. Minor export formatting change.
Transports / plugins / config
transports/bifrost-http/lib/config.go, transports/bifrost-http/lib/middleware.go, transports/go.mod, plugins/governance/main.go, plugins/maxim/go.mod		 Initializes Plugins atomic.Pointer[[]schemas.Plugin] in Bifrost HTTP config; comment rename in middleware; bumps github.com/maximhq/maxim-go to v0.1.13 in relevant go.mod files; minor newline cleanup and bootstrap enhancements when config missing.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Client
  participant BifrostHandler as Bifrost HTTP Handler
  participant Router
  participant TextSvc as TextCompletionHandler
  participant ChatSvc as ChatHandler
  participant EmbedSvc as EmbeddingHandler
  participant SpeechSvc as SpeechHandler
  participant TranscribeSvc as TranscriptionHandler

  Client->>BifrostHandler: POST /bifrost { BifrostRequest }
  BifrostHandler->>Router: inspect RequestType & one‑of fields
  alt TextCompletion
    Router->>TextSvc: BifrostTextCompletionRequest
    TextSvc-->>Client: completion response
  else Chat
    Router->>ChatSvc: BifrostChatRequest
    ChatSvc-->>Client: chat response
  else Embedding
    Router->>EmbedSvc: BifrostEmbeddingRequest
    EmbedSvc-->>Client: embedding response
  else Speech
    Router->>SpeechSvc: BifrostSpeechRequest
    SpeechSvc-->>Client: speech response
  else Transcription
    Router->>TranscribeSvc: BifrostTranscriptionRequest
    TranscribeSvc-->>Client: transcription response
  end
Loading 
sequenceDiagram
  autonumber
  actor User
  participant App as Next.js App
  participant Store as UI Store
  participant Enterprise as Enterprise Module (optional)

  User->>App: load app
  App->>Store: configureStore()
  Store->>Store: register base reducers & APIs
  Store->>Enterprise: try dynamic import("@enterprise/...")
  alt enterprise available
    Enterprise-->>Store: { reducers, apis }
    Store->>Store: inject enterprise reducers (incl. guardrail)
    Store->>Store: baseApi.injectEndpoints(enterprise.apis)
  else not available
    Store-->>Store: use fallback shims (noop reducers, empty apis)
  end
  Store-->>App: store ready
  App-->>User: UI rendered (enterprise routes -> fallback views if absent)
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I twitch my whiskers, code in paw,
Bifrost binds the world I saw.
Guardrails stand while audits scroll,
New requests hop toward one goal.
Hop, hop — unified and small. 🐇

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 14.29% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
Title Check ❓ Inconclusive The pull request title "guardrails and audit logs" consists solely of the feature names without an imperative verb or contextual detail and does not clearly indicate that these features are being added or implemented. Although it references the actual changes, it is overly generic and lacks the clarity needed for a teammate to understand the nature of the update at a glance. Therefore it does not fully meet the criteria for a concise, descriptive PR title. Please revise the title to an imperative and descriptive sentence such as "Add enterprise guardrails and audit logs features" so it clearly conveys the purpose and scope of the pull request.
✅ Passed checks (1 passed)
Check name Status Explanation
Description Check ✅ Passed The pull request description covers most of the required template sections by providing a clear summary, detailed list of changes, type of change, affected areas, testing instructions, breaking changes, related issues, security considerations, and a checklist. It closely adheres to the repository template, only differing slightly in heading naming and the omission of an optional screenshots section, but all critical information for review and testing is present.
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between af45392 and a09ab6b.

⛔ Files ignored due to path filters (7)
  • plugins/maxim/go.sum is excluded by !**/*.sum
  • transports/go.sum is excluded by !**/*.sum
  • ui/public/images/azure.png is excluded by !**/*.png
  • ui/public/images/bedrock.png is excluded by !**/*.png
  • ui/public/images/mistral.png is excluded by !**/*.png
  • ui/public/images/pangea.svg is excluded by !**/*.svg
  • ui/public/images/patronus.svg is excluded by !**/*.svg
📒 Files selected for processing (27)
  • core/schemas/bifrost.go (1 hunks)
  • docs/docs.json (1 hunks)
  • docs/enterprise/audit-logs.mdx (1 hunks)
  • docs/enterprise/guardrails.mdx (1 hunks)
  • plugins/governance/main.go (0 hunks)
  • plugins/maxim/go.mod (1 hunks)
  • transports/bifrost-http/lib/config.go (1 hunks)
  • transports/bifrost-http/lib/middleware.go (1 hunks)
  • transports/go.mod (1 hunks)
  • ui/app/_fallbacks/enterprise/components/adaptive-routing/adaptiveRoutingView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/cluster/clusterView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/scim/scimView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/user-groups/usersView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/lib/store/apis/index.ts (1 hunks)
  • ui/app/_fallbacks/enterprise/lib/store/slices/index.ts (1 hunks)
  • ui/app/audit-logs/page.tsx (1 hunks)
  • ui/app/cluster/page.tsx (1 hunks)
  • ui/app/guardrails/page.tsx (1 hunks)
  • ui/app/user-groups/page.tsx (3 hunks)
  • ui/components/sidebar.tsx (5 hunks)
  • ui/lib/store/apis/baseApi.ts (1 hunks)
  • ui/lib/store/slices/index.ts (1 hunks)
  • ui/lib/store/store.ts (2 hunks)
  • ui/lib/types/guardrail.ts (1 hunks)

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 10, 2025
edited
Loading

📝 Walkthrough

Summary by CodeRabbit

  • New Features

    • Added Enterprise Guardrails and Audit Logs pages with in-app views linking to documentation.
    • Introduced sidebar entries for Guardrails, User Provisioning, and Audit Logs.

  • UI/Style

    • Renamed “Teams & Customers” to “Users & Groups” with updated description.
    • Updated SCIM section title and icon.

  • Documentation

    • Added new enterprise docs: Guardrails and Audit Logs.

  • Chores

    • Updated dependencies and minor formatting adjustments.

Walkthrough

Adds a new core request schema (BifrostRequest), updates docs and navigation for Guardrails and Audit Logs, introduces enterprise fallback UI views and store placeholders, adjusts sidebar/menu and routes, integrates guardrail reducer into the store with optional enterprise loading, and bumps a Go dependency. Minor formatting/import tweaks included.

Changes

Cohort / File(s) Summary
Core Schema
core/schemas/bifrost.go		 Introduces BifrostRequest struct supporting multiple request types with a single active request field.
Docs: Navigation & Pages
docs/docs.json, docs/enterprise/guardrails.mdx, docs/enterprise/audit-logs.mdx		 Adds Enterprise docs pages (Guardrails, Audit Logs) and updates navigation to include them.
Plugins & Dependencies
plugins/governance/main.go, plugins/maxim/go.mod, transports/go.mod		 Removes a blank line in governance plugin; bumps github.com/maximhq/maxim-go to v0.1.13 (direct/indirect).
UI: Enterprise Fallback Components
ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx, ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx, ui/app/_fallbacks/enterprise/components/scim/scimView.tsx		 Adds placeholder views for Audit Logs and Guardrails; updates SCIM icon and title text.
UI: Enterprise Store Placeholders
ui/app/_fallbacks/enterprise/lib/store/apis/index.ts, ui/app/_fallbacks/enterprise/lib/store/slices/index.ts		 Exports placeholder enterprise APIs and reducers (scimApi, userApi, apis, userReducer, guardrailReducer, reducers, EnterpriseState).
UI: Pages & Navigation
ui/app/guardrails/page.tsx, ui/app/cluster/page.tsx, ui/components/sidebar.tsx		 Adds Guardrails page; adjusts cluster import alias; updates sidebar with Users & Groups, Guardrails, User Provisioning, and Audit Logs items.
UI: Store Integration
ui/lib/store/store.ts, ui/lib/store/slices/index.ts		 Integrates guardrailReducer; switches to aggregated enterprise reducers/APIs loading; updates RootState typing to include enterprise state.
Types
ui/lib/types/guardrail.ts		 Adds GuardrailProvider interface for guardrail provider metadata.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant App as App Startup
  participant Store as Redux Store
  participant EntSlices as Enterprise Slices (optional)
  participant EntAPIs as Enterprise APIs (optional)

  App->>Store: configureStore({ reducers })
  Store->>EntSlices: Attempt to import reducers (guardrail, user, scim)
  alt Enterprise available
    EntSlices-->>Store: reducers map (incl. guardrailReducer)
    Store->>Store: register enterprise reducers
    Store->>EntAPIs: Access apis array
    EntAPIs-->>Store: API endpoints (if any)
    Store->>Store: inject enterprise APIs
  else Fallback
    EntSlices-->>Store: empty reducers map
    EntAPIs-->>Store: empty apis array
    Store->>Store: proceed with core reducers only
  end
  App-->>Store: RootState includes enterprise state (if present)
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

A hop, a skip, through schemas I glide,
New guardrails posted, with docs by my side.
Audit burrows keep footprints in line,
The store learns new tricks—reducers combine.
With deps nibbled fresh and pages anew,
I thump out a merge—carrots for the crew! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (3 warnings)
Check name Status Explanation Resolution
Linked Issues Check ⚠️ Warning The only linked issue (#123) calls for File API support including file upload endpoints for RAG and fine-tuning, but this PR exclusively implements Guardrails and Audit Logs features without adding any file upload functionality or related endpoints. Implement the Files API support as described in issue #123, including the POST /v1/files endpoint and provider integrations, or update the linked issues to match the actual scope of this PR.
Out of Scope Changes Check ⚠️ Warning All changes in this PR—adding enterprise Guardrails and Audit Logs documentation, UI placeholders, and schema types—are unrelated to the file upload objectives specified in the linked issue and therefore lie outside the defined scope. Either split the enterprise feature work into a separate PR and focus this one on File API support or adjust the linked issues to reflect the intended enhancements and then implement any missing file upload functionality.
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Title Check ✅ Passed The title succinctly captures the two core features being introduced—Guardrails and Audit Logs—both of which are the primary changes in this PR, making it a clear and specific summary of the main update.
Description Check ✅ Passed The PR description closely follows the repository template by providing a clear summary, a detailed list of changes with motivations, type and area checkboxes, testing instructions, breaking change declaration, related issues, security considerations, and a checklist; only the optional Screenshots/Recordings section and a couple of checklist items are omitted.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch 10-10-guardrails_and_audit_logs

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot requested changes Oct 10, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
core/schemas/bifrost.go (1)

25-37: Data duplication risk: top-level fields duplicate nested struct fields.

The BifrostRequest struct defines top-level Provider, Model, and Fallbacks fields, but all six specialized request types (BifrostTextCompletionRequest, BifrostChatRequest, etc.) already contain identical fields. This creates a risk of inconsistency if the top-level values differ from the nested struct values.

For example:

req := BifrostRequest{
    Provider: "openai",
    Model: "gpt-4",
    ChatRequest: &BifrostChatRequest{
        Provider: "anthropic",  // Which one should be used?
        Model: "claude-3",
    },
}

Consider one of the following approaches:

  1. Remove the top-level Provider, Model, Fallbacks fields and access them from the nested request
  2. Add clear documentation explaining which fields take precedence
  3. Add a validation method that ensures consistency between top-level and nested fields

Apply this diff to add a validation method:

+// Validate ensures exactly one request type is set and fields are consistent
+func (r *BifrostRequest) Validate() error {
+	setCount := 0
+	var nestedProvider ModelProvider
+	var nestedModel string
+	
+	if r.TextCompletionRequest != nil {
+		setCount++
+		nestedProvider = r.TextCompletionRequest.Provider
+		nestedModel = r.TextCompletionRequest.Model
+	}
+	if r.ChatRequest != nil {
+		setCount++
+		nestedProvider = r.ChatRequest.Provider
+		nestedModel = r.ChatRequest.Model
+	}
+	if r.ResponsesRequest != nil {
+		setCount++
+		nestedProvider = r.ResponsesRequest.Provider
+		nestedModel = r.ResponsesRequest.Model
+	}
+	if r.EmbeddingRequest != nil {
+		setCount++
+		nestedProvider = r.EmbeddingRequest.Provider
+		nestedModel = r.EmbeddingRequest.Model
+	}
+	if r.SpeechRequest != nil {
+		setCount++
+		nestedProvider = r.SpeechRequest.Provider
+		nestedModel = r.SpeechRequest.Model
+	}
+	if r.TranscriptionRequest != nil {
+		setCount++
+		nestedProvider = r.TranscriptionRequest.Provider
+		nestedModel = r.TranscriptionRequest.Model
+	}
+	
+	if setCount != 1 {
+		return fmt.Errorf("exactly one request type must be set, got %d", setCount)
+	}
+	
+	if r.Provider != "" && r.Provider != nestedProvider {
+		return fmt.Errorf("provider mismatch: top-level=%s, nested=%s", r.Provider, nestedProvider)
+	}
+	if r.Model != "" && r.Model != nestedModel {
+		return fmt.Errorf("model mismatch: top-level=%s, nested=%s", r.Model, nestedModel)
+	}
+	
+	return nil
+}
🧹 Nitpick comments (3)
ui/lib/types/guardrail.ts (1)

1-9: Consider improving type safety for the config field.

The GuardrailProvider interface is well-structured, but the config field uses Record<string, any> which bypasses type checking. Consider using unknown instead of any to maintain type safety while preserving flexibility, or define specific config types for known guardrail providers.

Apply this diff to improve type safety:

 export interface GuardrailProvider {
   id: string
   name: string
   type: string
   enabled: boolean
-  config?: Record<string, any>
+  config?: Record<string, unknown>
   createdAt?: string
   updatedAt?: string
 }

Alternatively, consider defining provider-specific config types:

export type GuardrailConfig =
  | { type: 'aws_bedrock'; config: BedrockConfig }
  | { type: 'azure_content_safety'; config: AzureConfig }
  | { type: 'patronus_ai'; config: PatronusConfig }
ui/lib/store/store.ts (2)

6-8: Address the ts-ignore directive for type safety.

The @ts-ignore directive suppresses TypeScript errors for the EnterpriseState type intersection, which indicates a type compatibility issue that's being bypassed rather than properly resolved.

Consider one of these approaches:

  1. Define a proper conditional type that safely handles missing enterprise modules:
type EnterpriseState = typeof import("@enterprise/lib/store/slices") extends { EnterpriseState: infer T } 
  ? T 
  : {};
  1. Or use a more explicit type assertion:
type EnterpriseState = {} & (typeof import("@enterprise/lib/store/slices")["EnterpriseState"] | {});
  1. Or define an explicit fallback interface:
interface BaseEnterpriseState {}
type EnterpriseState = BaseEnterpriseState & Partial<import("@enterprise/lib/store/slices").EnterpriseState>;

23-33: Clarify the enterprise APIs loading mechanism.

The code and comment suggest that "accessing the array ensures all APIs are loaded," but the implementation only checks for the existence of enterpriseApis.apis without actually iterating or accessing its contents. This pattern is unclear and fragile.

Consider making the intent explicit:

-	//@ts-ignore
 	const enterpriseApis = require("@enterprise/lib/store/apis");
-	// Access the apis array to ensure all API modules are loaded
-	// APIs are already injected into baseApi via injectEndpoints
-	if (enterpriseApis.apis) {
-		// Just accessing the array ensures all APIs are loaded
-	}
+	// APIs are injected into baseApi via injectEndpoints during module load
+	// The require() itself triggers the injection, so no further action needed

Additionally, remove the @ts-ignore and use proper typing:

const enterpriseApis = require("@enterprise/lib/store/apis") as { apis?: unknown[] };
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ed9cd2d and a0759f4.

⛔ Files ignored due to path filters (7)
  • plugins/maxim/go.sum is excluded by !**/*.sum
  • transports/go.sum is excluded by !**/*.sum
  • ui/public/images/azure.png is excluded by !**/*.png
  • ui/public/images/bedrock.png is excluded by !**/*.png
  • ui/public/images/mistral.png is excluded by !**/*.png
  • ui/public/images/pangea.svg is excluded by !**/*.svg
  • ui/public/images/patronus.svg is excluded by !**/*.svg
📒 Files selected for processing (18)
  • core/schemas/bifrost.go (1 hunks)
  • docs/docs.json (1 hunks)
  • docs/enterprise/audit-logs.mdx (1 hunks)
  • docs/enterprise/guardrails.mdx (1 hunks)
  • plugins/governance/main.go (0 hunks)
  • plugins/maxim/go.mod (1 hunks)
  • transports/go.mod (1 hunks)
  • ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/scim/scimView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/lib/store/apis/index.ts (1 hunks)
  • ui/app/_fallbacks/enterprise/lib/store/slices/index.ts (1 hunks)
  • ui/app/cluster/page.tsx (1 hunks)
  • ui/app/guardrails/page.tsx (1 hunks)
  • ui/components/sidebar.tsx (5 hunks)
  • ui/lib/store/slices/index.ts (1 hunks)
  • ui/lib/store/store.ts (2 hunks)
  • ui/lib/types/guardrail.ts (1 hunks)
💤 Files with no reviewable changes (1)
  • plugins/governance/main.go
🧰 Additional context used
🧬 Code graph analysis (5)
ui/app/guardrails/page.tsx (1)
ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1)
  • GuardrailsView (5-17)
ui/app/_fallbacks/enterprise/components/scim/scimView.tsx (1)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
  • ContactUsView (15-46)
ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
  • ContactUsView (15-46)
ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
  • ContactUsView (15-46)
ui/lib/store/store.ts (1)
ui/app/_fallbacks/enterprise/lib/store/slices/index.ts (2)
  • EnterpriseState (12-12)
  • guardrailReducer (6-6)
🪛 Gitleaks (8.28.0)
docs/enterprise/audit-logs.mdx

[high] 196-197: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 202-203: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 208-209: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 214-215: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 221-223: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 379-381: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
  • GitHub Check: Graphite / mergeability_check
  • GitHub Check: Graphite / mergeability_check
  • GitHub Check: Graphite / mergeability_check
  • GitHub Check: Graphite / mergeability_check
  • GitHub Check: Graphite / mergeability_check
🔇 Additional comments (18)
core/schemas/bifrost.go (1)

25-37: Confirm JSON serialization intent for BifrostRequest
No direct JSON (Un)Marshal calls for BifrostRequest were found. Please confirm whether this struct is meant to be serialized/deserialized as JSON; if so, add appropriate json tags to all fields.

docs/enterprise/guardrails.mdx (2)

1-866: Excellent comprehensive documentation!

The guardrails documentation is thorough and well-organized, covering:

  • Multi-provider support (AWS Bedrock, Azure Content Safety, Patronus AI)
  • Detailed configuration examples with Web UI, API, and config.json tabs
  • Clear explanations of capabilities and detection types
  • Practical request/response examples

The documentation will be valuable for users implementing enterprise guardrails.

800-829: Custom HTTP status codes not implemented in codebase. The docs reference 446 and 246, but no usages were found; confirm the backend supports these codes or update the documentation to reflect the actual status codes used.

docs/docs.json (1)

111-111: LGTM! Navigation entries align with new documentation.

The addition of enterprise/guardrails and enterprise/audit-logs pages to the Enterprise Features section is consistent with the new documentation files introduced in this PR.

Also applies to: 119-119

ui/app/guardrails/page.tsx (1)

1-7: LGTM! Clean page component.

The GuardrailsPage component follows a simple, clean pattern by delegating to the enterprise GuardrailsView component. The implementation is straightforward and consistent with other page components in the codebase.

ui/app/_fallbacks/enterprise/components/scim/scimView.tsx (1)

1-1: LGTM! Icon and title updates improve clarity.

The changes appropriately update the SCIM view:

  • Replacing Shield with BookUser icon better represents user provisioning functionality
  • Adding "for user provisioning" to the title clarifies the feature's purpose

These changes align with the enterprise navigation updates introduced in this PR.

Also applies to: 9-10

ui/lib/store/slices/index.ts (1)

15-15: LGTM! Formatting consistency improvement.

Adding the semicolon aligns with the formatting style of other export statements in the file (lines 2, 3, 7, 11).

ui/app/_fallbacks/enterprise/lib/store/apis/index.ts (1)

4-8: Approve fallback exports; verify null safety
Fallback exports (null for scimApi/userApi, empty apis array) are acceptable. Manually confirm all consumers guard against null before using scimApi or userApi.

ui/app/_fallbacks/enterprise/lib/store/slices/index.ts (1)

1-12: LGTM! Clean fallback implementation.

The noop reducers and empty type provide appropriate fallback behavior when enterprise features are unavailable. The pattern of returning unchanged state ensures the application remains functional.

ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1)

9-12: LGTM! Well-structured enterprise fallback UI.

The component correctly uses ContactUsView with appropriate props including the ScrollText icon, enterprise-specific messaging, and a link to the audit logs documentation.

ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1)

5-16: LGTM! Clean enterprise fallback implementation.

The component follows the same pattern as other enterprise fallbacks, properly using ContactUsView with the Construction icon and appropriate messaging for the guardrails feature.

ui/components/sidebar.tsx (3)

3-18: Icon imports updated appropriately.

The icon changes align with the enterprise feature additions: BookUser for User Provisioning, Construction for Guardrails, and ScrollText for Audit Logs. The removed Shield icon is no longer used.

111-139: Enterprise navigation reorganization looks good.

The restructuring separates SCIM functionality (now "User Provisioning" at /scim) from the new Guardrails feature at /guardrails, and adds Audit Logs at /audit-logs. This provides clearer organization of enterprise features.

89-92: No impact from navigation URL change Verified no lingering “Teams & Customers” references and confirmed the /user-groups route is defined under ui/app/user-groups.

docs/enterprise/audit-logs.mdx (1)

1-408: Comprehensive audit logs documentation.

The documentation is well-structured and covers all essential aspects: overview, logged events, configuration, querying, SIEM integrations, and compliance reporting. The examples and code snippets are clear and helpful.

Note: The Gitleaks warnings about Bearer tokens in curl examples (lines 196-381) are false positives—these are placeholder tokens for documentation purposes, not actual secrets.

ui/lib/store/store.ts (3)

3-3: LGTM! Guardrail reducer added to imports.

The guardrailReducer import is correctly added alongside other slice imports.

13-20: LGTM! Enterprise reducers refactored to use a map.

The change from individual reducer imports to a reducers map simplifies the enterprise integration pattern and makes it easier to add new enterprise reducers.

45-46: Guardrail state slice successfully integrated.

The guardrailReducer is correctly added to the store's reducer configuration, enabling guardrail state management across the application.

coderabbitai[bot]
coderabbitai bot requested changes Oct 10, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

♻️ Duplicate comments (1)
transports/go.mod (1)

75-75: Dependency version bump is consistent with plugins/maxim/go.mod.

The upgrade to v0.1.13 aligns with the same dependency bump in plugins/maxim/go.mod. Verification of the version validity and changes is covered in the review of that file.

🧹 Nitpick comments (4)
core/schemas/bifrost.go (1)

17-37: Consider adding validation or using a safer union pattern.

The comment states "only ONE of the following fields should be set", but there's no enforcement mechanism to prevent multiple request pointer fields from being set simultaneously. This design is error-prone and relies on developer discipline.

Consider one of these approaches:

Option 1: Add a validation method

// Validate ensures only one request type is set
func (r *BifrostRequest) Validate() error {
	setCount := 0
	if r.TextCompletionRequest != nil { setCount++ }
	if r.ChatRequest != nil { setCount++ }
	if r.ResponsesRequest != nil { setCount++ }
	if r.EmbeddingRequest != nil { setCount++ }
	if r.SpeechRequest != nil { setCount++ }
	if r.TranscriptionRequest != nil { setCount++ }
	
	if setCount == 0 {
		return fmt.Errorf("no request type set")
	}
	if setCount > 1 {
		return fmt.Errorf("multiple request types set, only one allowed")
	}
	return nil
}

Option 2: Use an interface-based approach

type BifrostRequest struct {
	Provider    ModelProvider
	Model       string
	Fallbacks   []Fallback
	RequestType RequestType
	Request     BifrostRequestPayload  // interface type
}

type BifrostRequestPayload interface {
	isBifrostRequest()
}

// Implement interface on each request type
func (*BifrostTextCompletionRequest) isBifrostRequest() {}
func (*BifrostChatRequest) isBifrostRequest() {}
// ... etc

This approach enforces the constraint at compile time rather than relying on runtime validation or documentation.

ui/app/guardrails/page.tsx (1)

3-4: Remove excessive blank lines.

The two extra blank lines between the import and the component definition reduce code density unnecessarily.

Apply this diff to remove the extra whitespace:

 import GuardrailsView from "@enterprise/components/guardrails/guardrailsView";
-
-

+
 export default function GuardrailsPage() {
 	return <GuardrailsView />;
 }
ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (2)

3-4: Remove excessive blank lines.

The two extra blank lines between the imports and the component definition are unnecessary and reduce code density.

Apply this diff to remove the extra whitespace:

 import { Construction } from "lucide-react";
 import ContactUsView from "../views/contactUsView";
-
-

+
 export default function GuardrailsView() {

16-16: Add semicolon for consistency.

The return statement is missing a semicolon at the end, which is inconsistent with the coding style used elsewhere in the codebase.

Apply this diff to add the semicolon:

         </div>
-    )
+    );
 }
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ed9cd2d and a0759f4.

⛔ Files ignored due to path filters (7)
  • plugins/maxim/go.sum is excluded by !**/*.sum
  • transports/go.sum is excluded by !**/*.sum
  • ui/public/images/azure.png is excluded by !**/*.png
  • ui/public/images/bedrock.png is excluded by !**/*.png
  • ui/public/images/mistral.png is excluded by !**/*.png
  • ui/public/images/pangea.svg is excluded by !**/*.svg
  • ui/public/images/patronus.svg is excluded by !**/*.svg
📒 Files selected for processing (18)
  • core/schemas/bifrost.go (1 hunks)
  • docs/docs.json (1 hunks)
  • docs/enterprise/audit-logs.mdx (1 hunks)
  • docs/enterprise/guardrails.mdx (1 hunks)
  • plugins/governance/main.go (0 hunks)
  • plugins/maxim/go.mod (1 hunks)
  • transports/go.mod (1 hunks)
  • ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/scim/scimView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/lib/store/apis/index.ts (1 hunks)
  • ui/app/_fallbacks/enterprise/lib/store/slices/index.ts (1 hunks)
  • ui/app/cluster/page.tsx (1 hunks)
  • ui/app/guardrails/page.tsx (1 hunks)
  • ui/components/sidebar.tsx (5 hunks)
  • ui/lib/store/slices/index.ts (1 hunks)
  • ui/lib/store/store.ts (2 hunks)
  • ui/lib/types/guardrail.ts (1 hunks)
💤 Files with no reviewable changes (1)
  • plugins/governance/main.go
🧰 Additional context used
🧬 Code graph analysis (5)
ui/app/_fallbacks/enterprise/components/scim/scimView.tsx (1)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
  • ContactUsView (15-46)
ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
  • ContactUsView (15-46)
ui/app/guardrails/page.tsx (1)
ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1)
  • GuardrailsView (5-17)
ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
  • ContactUsView (15-46)
ui/lib/store/store.ts (1)
ui/app/_fallbacks/enterprise/lib/store/slices/index.ts (2)
  • EnterpriseState (12-12)
  • guardrailReducer (6-6)
🪛 Gitleaks (8.28.0)
docs/enterprise/audit-logs.mdx

[high] 196-197: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 202-203: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 208-209: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 214-215: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 221-223: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 379-381: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
  • GitHub Check: Graphite / mergeability_check
  • GitHub Check: Graphite / mergeability_check
  • GitHub Check: Graphite / mergeability_check
  • GitHub Check: Graphite / mergeability_check
  • GitHub Check: Graphite / mergeability_check
🔇 Additional comments (17)
ui/app/cluster/page.tsx (1)

1-1: Verify the @enterprise alias and component path

• Confirm @enterprise is mapped in your TypeScript/Next.js config (tsconfig.json/jsconfig.json).
• Ensure clusterView.tsx exists under ui/app/enterprise/components/cluster/ (or the correct new path) and exports ClusterView.
• Check other @enterprise/ imports for consistency and verify the build succeeds.

docs/enterprise/audit-logs.mdx (2)

196-381: Static analysis warnings for example tokens are false positives.

The static analysis tool flagged the Bearer tokens in the curl command examples (e.g., Bearer admin-token) as potential security issues. These are placeholder tokens used for documentation purposes and are not real credentials.

To clarify for readers that these are example values, you could optionally add a note at the beginning of the "Querying Audit Logs" section:

> **Note:** The examples below use placeholder tokens like `admin-token`. Replace these with your actual authentication tokens when running the commands.

However, the current examples are clear enough in context, so this is optional.

1-408: Documentation structure and content look comprehensive.

The audit logs documentation provides thorough coverage of enterprise features including configuration, querying, SIEM integration, and compliance reporting. The examples are clear and well-structured.

Optional improvements to consider:

  • Add a note clarifying that localhost:8080 in API examples should be replaced with your actual Bifrost instance URL
  • Consider adding a version note indicating when this feature was introduced
  • Could add a troubleshooting section for common issues

These are minor enhancements and not blockers.

ui/lib/store/slices/index.ts (1)

13-15: Formatting improvements enhance readability.

The added blank line before the enterprise slice exports and the semicolon at the end improve code organization and consistency.

Minor note: For complete consistency, you could optionally add semicolons to the other export statements (lines 3, 7, 11), though this is purely a stylistic choice.

ui/app/_fallbacks/enterprise/components/scim/scimView.tsx (1)

1-10: Icon and title updates improve semantic clarity.

The change from Shield to BookUser icon better represents user provisioning functionality, and the updated title text provides clearer context about SCIM's purpose.

plugins/maxim/go.mod (1)

9-9: Dependency bump is valid. github.com/maximhq/maxim-go v0.1.13 exists, includes non-breaking enhancements, and has no security advisories.

docs/docs.json (1)

111-111: LGTM!

The documentation navigation entries for enterprise guardrails and audit logs are correctly placed within the Enterprise Features group. The structure follows the existing pattern and aligns with the new MDX documentation files introduced in this PR.

Also applies to: 119-119

ui/lib/types/guardrail.ts (1)

1-9: LGTM!

The GuardrailProvider interface is well-structured and follows TypeScript conventions. The use of Record<string, any> for the config field provides flexibility for provider-specific configurations, though it trades some type safety for extensibility.

ui/app/_fallbacks/enterprise/lib/store/apis/index.ts (1)

1-8: LGTM!

The placeholder module correctly provides safe default exports when enterprise features are unavailable. The null values and empty array prevent runtime errors when the store attempts to access enterprise APIs, aligning with the conditional loading pattern in ui/lib/store/store.ts.

docs/enterprise/guardrails.mdx (1)

1-866: LGTM!

The guardrails documentation is comprehensive and well-structured. It covers all three supported providers (AWS Bedrock, Azure Content Safety, Patronus AI) with detailed configuration examples, API usage patterns, and response handling. The multi-tab approach (Web UI, API, config.json) makes the documentation accessible for different user preferences.

ui/app/_fallbacks/enterprise/lib/store/slices/index.ts (1)

1-12: LGTM!

The placeholder reducers and empty EnterpriseState type provide appropriate fallback implementations when enterprise features are unavailable. The noop reducers safely return the current state unchanged, preventing runtime errors while maintaining a consistent API surface.

ui/components/sidebar.tsx (2)

89-92: LGTM!

The terminology change from "Teams & Customers" to "Users & Groups" provides clearer and more standard naming. The URL and description updates are consistent with this change.

111-139: LGTM!

The enterprise navigation updates properly integrate the new guardrails and audit logs features. Moving SCIM to "User Provisioning" provides clearer naming, and the new items follow the existing navigation pattern with appropriate icons and descriptions.

ui/lib/store/store.ts (4)

3-3: LGTM!

The addition of guardrailReducer to the store imports and configuration properly integrates the new guardrails feature state management. The reducer is correctly added to the store's reducer map.

Also applies to: 45-46

24-30: Simplified API loading looks correct.

The refactored API loading logic is cleaner by accessing enterpriseApis.apis directly rather than checking individual APIs. The comment correctly notes that APIs are injected via injectEndpoints elsewhere.

73-73: No property conflicts in RootState intersection.
EnterpriseState is defined as an empty object, so intersecting it with ReturnType<typeof store.getState> introduces no overlapping keys.

6-8: @enterprise/ alias is properly configured.* tsconfig.json maps @enterprise/* to both ./app/enterprise/* and ./app/_fallbacks/enterprise/*, ensuring optional enterprise imports resolve to the fallback.

@Pratham-Mishra04 Pratham-Mishra04 changed the base branch from 10-09-feat_transport_interceptor_method_added_to_plugin_schema_new to graphite-base/595 October 10, 2025 16:38
@akshaydeo akshaydeo force-pushed the 10-10-guardrails_and_audit_logs branch from a0759f4 to cc16448 Compare October 11, 2025 07:15
@akshaydeo akshaydeo changed the base branch from graphite-base/595 to 10-09-feat_transport_interceptor_method_added_to_plugin_schema_new October 11, 2025 07:15
@akshaydeo akshaydeo force-pushed the 10-10-guardrails_and_audit_logs branch from cc16448 to 087d2c1 Compare October 11, 2025 07:23
@akshaydeo akshaydeo force-pushed the 10-09-feat_transport_interceptor_method_added_to_plugin_schema_new branch 2 times, most recently from 273f5c2 to c67b125 Compare October 11, 2025 07:33
@akshaydeo akshaydeo force-pushed the 10-10-guardrails_and_audit_logs branch from 087d2c1 to af45392 Compare October 11, 2025 07:33
coderabbitai[bot]
coderabbitai bot requested changes Oct 11, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
core/schemas/bifrost.go (1)

17-37: Add validation to enforce the "only ONE request field" constraint.

The documentation states that only one of the six request type fields should be set, but there is no runtime validation to enforce this constraint. This could lead to undefined behavior if multiple request fields are populated.

Consider adding a validation method to the struct:

// Validate ensures that exactly one request type field is set
func (r *BifrostRequest) Validate() error {
	setCount := 0
	if r.TextCompletionRequest != nil {
		setCount++
	}
	if r.ChatRequest != nil {
		setCount++
	}
	if r.ResponsesRequest != nil {
		setCount++
	}
	if r.EmbeddingRequest != nil {
		setCount++
	}
	if r.SpeechRequest != nil {
		setCount++
	}
	if r.TranscriptionRequest != nil {
		setCount++
	}
	
	if setCount == 0 {
		return fmt.Errorf("no request type set in BifrostRequest")
	}
	if setCount > 1 {
		return fmt.Errorf("multiple request types set in BifrostRequest (expected exactly one)")
	}
	
	return nil
}

This validation method should be called wherever BifrostRequest is instantiated or processed to prevent runtime errors from violating the documented invariant.

🧹 Nitpick comments (3)
core/schemas/bifrost.go (1)

29-29: Consider if RequestType field is redundant.

The RequestType field appears redundant since the type can be determined by checking which of the six request pointers is non-nil. This introduces potential for inconsistency if RequestType doesn't match the actual set pointer.

If RequestType is required for performance or API contract reasons, consider adding validation in the Validate() method suggested above to ensure it matches the non-nil request pointer. Otherwise, consider deriving the request type dynamically:

// GetRequestType returns the request type based on which field is set
func (r *BifrostRequest) GetRequestType() (RequestType, error) {
	if r.TextCompletionRequest != nil {
		return TextCompletionRequest, nil
	}
	if r.ChatRequest != nil {
		return ChatCompletionRequest, nil
	}
	if r.ResponsesRequest != nil {
		return ResponsesRequest, nil
	}
	if r.EmbeddingRequest != nil {
		return EmbeddingRequest, nil
	}
	if r.SpeechRequest != nil {
		return SpeechRequest, nil
	}
	if r.TranscriptionRequest != nil {
		return TranscriptionRequest, nil
	}
	return "", fmt.Errorf("no request type set")
}
ui/lib/types/guardrail.ts (1)

6-6: Tighten the config typing

Record<string, any> punts on type safety; prefer unknown (or a dedicated interface) so consumers must narrow the shape instead of inheriting any through the codebase.

ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)

17-17: Height consistency across enterprise views.

The min-h-[80vh] removal delegates height control to callers. However, UsersView (line 9 in ui/app/_fallbacks/enterprise/components/user-groups/usersView.tsx) doesn't pass this class, while AuditLogsView (line 8) and GuardrailsView (line 9) do. This creates layout inconsistency across enterprise feature pages.

Consider adding min-h-[80vh] to UsersView's className prop:

 export default function UsersView() {
     return (
         <div className="w-full">
             <ContactUsView
-                className="mx-auto"
+                className="mx-auto min-h-[80vh]"
                 icon={<Users className="h-[5.5rem] w-[5.5rem]" strokeWidth={1} />}
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a0759f4 and af45392.

⛔ Files ignored due to path filters (7)
  • plugins/maxim/go.sum is excluded by !**/*.sum
  • transports/go.sum is excluded by !**/*.sum
  • ui/public/images/azure.png is excluded by !**/*.png
  • ui/public/images/bedrock.png is excluded by !**/*.png
  • ui/public/images/mistral.png is excluded by !**/*.png
  • ui/public/images/pangea.svg is excluded by !**/*.svg
  • ui/public/images/patronus.svg is excluded by !**/*.svg
📒 Files selected for processing (27)
  • core/schemas/bifrost.go (1 hunks)
  • docs/docs.json (1 hunks)
  • docs/enterprise/audit-logs.mdx (1 hunks)
  • docs/enterprise/guardrails.mdx (1 hunks)
  • plugins/governance/main.go (0 hunks)
  • plugins/maxim/go.mod (1 hunks)
  • transports/bifrost-http/lib/config.go (1 hunks)
  • transports/bifrost-http/lib/middleware.go (1 hunks)
  • transports/go.mod (1 hunks)
  • ui/app/_fallbacks/enterprise/components/adaptive-routing/adaptiveRoutingView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/cluster/clusterView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/scim/scimView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/user-groups/usersView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/lib/store/apis/index.ts (1 hunks)
  • ui/app/_fallbacks/enterprise/lib/store/slices/index.ts (1 hunks)
  • ui/app/audit-logs/page.tsx (1 hunks)
  • ui/app/cluster/page.tsx (1 hunks)
  • ui/app/guardrails/page.tsx (1 hunks)
  • ui/app/user-groups/page.tsx (3 hunks)
  • ui/components/sidebar.tsx (5 hunks)
  • ui/lib/store/apis/baseApi.ts (1 hunks)
  • ui/lib/store/slices/index.ts (1 hunks)
  • ui/lib/store/store.ts (2 hunks)
  • ui/lib/types/guardrail.ts (1 hunks)
💤 Files with no reviewable changes (1)
  • plugins/governance/main.go
✅ Files skipped from review due to trivial changes (3)
  • docs/enterprise/guardrails.mdx
  • transports/bifrost-http/lib/middleware.go
  • ui/app/_fallbacks/enterprise/components/adaptive-routing/adaptiveRoutingView.tsx
🚧 Files skipped from review as they are similar to previous changes (6)
  • ui/app/_fallbacks/enterprise/lib/store/apis/index.ts
  • ui/app/_fallbacks/enterprise/components/scim/scimView.tsx
  • transports/go.mod
  • ui/lib/store/slices/index.ts
  • ui/components/sidebar.tsx
  • ui/app/guardrails/page.tsx
🧰 Additional context used
🧬 Code graph analysis (8)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
ui/lib/utils.ts (1)
  • cn (4-6)
ui/app/_fallbacks/enterprise/components/user-groups/usersView.tsx (1)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
  • ContactUsView (15-46)
ui/app/audit-logs/page.tsx (1)
ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1)
  • AuditLogsView (4-16)
transports/bifrost-http/lib/config.go (2)
framework/configstore/clientconfig.go (2)
  • EnvKeyInfo (18-24)
  • ProviderConfig (43-50)
core/schemas/plugin.go (1)
  • Plugin (45-71)
ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
  • ContactUsView (15-46)
ui/app/user-groups/page.tsx (2)
ui/lib/utils.ts (1)
  • cn (4-6)
ui/app/_fallbacks/enterprise/components/user-groups/usersView.tsx (1)
  • UsersView (5-17)
ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
  • ContactUsView (15-46)
ui/lib/store/store.ts (1)
ui/app/_fallbacks/enterprise/lib/store/slices/index.ts (2)
  • EnterpriseState (12-12)
  • guardrailReducer (6-6)
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: Graphite / mergeability_check
  • GitHub Check: Graphite / mergeability_check
🔇 Additional comments (9)
transports/bifrost-http/lib/config.go (1)

180-185: LGTM! Clear initialization pattern.

The explicit initialization of the Plugins atomic pointer is consistent with the initialization pattern for other fields (EnvKeys, Providers) and improves code clarity. While the atomic pointer's zero value would also be nil, being explicit is good documentation and matches the surrounding style.

plugins/maxim/go.mod (1)

9-9: maxim-go v0.1.13 update is valid Release notes show only a non-breaking enhancement to MessagePayload and no security advisories were found.

ui/lib/store/apis/baseApi.ts (1)

82-82: LGTM!

The Guardrails tag addition properly supports cache invalidation for the new enterprise Guardrails feature.

docs/docs.json (1)

111-119: LGTM!

The documentation navigation correctly integrates the new Guardrails and Audit Logs enterprise features into the Enterprise Features group.

ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1)

4-16: LGTM!

The component follows the established enterprise view pattern and correctly uses AuditLogsView as the name (past review comments about naming appear to have been addressed). The use of ScrollText icon and min-h-[80vh] className maintains consistency with GuardrailsView.

ui/app/_fallbacks/enterprise/components/user-groups/usersView.tsx (1)

5-17: LGTM!

The component follows the established enterprise view pattern with appropriate icon and messaging. Note the height inconsistency mentioned in the review of contactUsView.tsx.

ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1)

5-17: LGTM!

The component follows the established enterprise view pattern with appropriate Construction icon and min-h-[80vh] className for consistent layout across enterprise features.

docs/enterprise/audit-logs.mdx (1)

1-408: LGTM!

The documentation is comprehensive and well-structured, covering configuration, API usage, SIEM integrations, and compliance reporting with clear examples. The content aligns with the enterprise Audit Logs feature implementation.

ui/app/user-groups/page.tsx (1)

14-14: NuqsAdapter correctly configured
NuqsAdapter is imported and used in ui/app/layout.tsx (lines 12, 62–64); no further changes required.

coderabbitai[bot]
coderabbitai bot requested changes Oct 11, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (2)
ui/app/cluster/page.tsx (1)

1-1: Verify the @enterprise alias is properly configured.

The import uses the @enterprise path alias. As noted in previous reviews, ensure that this alias is defined in tsconfig.json with a proper baseUrl (e.g., ".") to prevent module resolution errors.

ui/lib/store/store.ts (1)

14-17: Verify the enterprise reducers map is populated.

A previous review identified that the enterprise.reducers map exported from ui/app/_fallbacks/enterprise/lib/store/slices/index.ts is currently an empty object. While this passes the check, no enterprise reducers will be registered. Ensure that the enterprise reducers map includes all necessary slice reducers before merging.

Run the following script to verify the enterprise reducers export:

#!/bin/bash
# Check the enterprise reducers export
cat ui/app/_fallbacks/enterprise/lib/store/slices/index.ts | grep -A 10 "export.*reducers"

# Search for any reducer exports in enterprise slices
fd -e ts -e tsx . ui/app/_fallbacks/enterprise/lib/store/slices/ --exec grep -l "Reducer"
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a0759f4 and af45392.

⛔ Files ignored due to path filters (7)
  • plugins/maxim/go.sum is excluded by !**/*.sum
  • transports/go.sum is excluded by !**/*.sum
  • ui/public/images/azure.png is excluded by !**/*.png
  • ui/public/images/bedrock.png is excluded by !**/*.png
  • ui/public/images/mistral.png is excluded by !**/*.png
  • ui/public/images/pangea.svg is excluded by !**/*.svg
  • ui/public/images/patronus.svg is excluded by !**/*.svg
📒 Files selected for processing (27)
  • core/schemas/bifrost.go (1 hunks)
  • docs/docs.json (1 hunks)
  • docs/enterprise/audit-logs.mdx (1 hunks)
  • docs/enterprise/guardrails.mdx (1 hunks)
  • plugins/governance/main.go (0 hunks)
  • plugins/maxim/go.mod (1 hunks)
  • transports/bifrost-http/lib/config.go (1 hunks)
  • transports/bifrost-http/lib/middleware.go (1 hunks)
  • transports/go.mod (1 hunks)
  • ui/app/_fallbacks/enterprise/components/adaptive-routing/adaptiveRoutingView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/cluster/clusterView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/scim/scimView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/user-groups/usersView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1 hunks)
  • ui/app/_fallbacks/enterprise/lib/store/apis/index.ts (1 hunks)
  • ui/app/_fallbacks/enterprise/lib/store/slices/index.ts (1 hunks)
  • ui/app/audit-logs/page.tsx (1 hunks)
  • ui/app/cluster/page.tsx (1 hunks)
  • ui/app/guardrails/page.tsx (1 hunks)
  • ui/app/user-groups/page.tsx (3 hunks)
  • ui/components/sidebar.tsx (5 hunks)
  • ui/lib/store/apis/baseApi.ts (1 hunks)
  • ui/lib/store/slices/index.ts (1 hunks)
  • ui/lib/store/store.ts (2 hunks)
  • ui/lib/types/guardrail.ts (1 hunks)
💤 Files with no reviewable changes (1)
  • plugins/governance/main.go
✅ Files skipped from review due to trivial changes (3)
  • ui/lib/store/apis/baseApi.ts
  • ui/app/audit-logs/page.tsx
  • transports/bifrost-http/lib/middleware.go
🚧 Files skipped from review as they are similar to previous changes (6)
  • ui/app/_fallbacks/enterprise/components/scim/scimView.tsx
  • ui/lib/types/guardrail.ts
  • ui/lib/store/slices/index.ts
  • core/schemas/bifrost.go
  • ui/app/_fallbacks/enterprise/lib/store/apis/index.ts
  • docs/docs.json
🧰 Additional context used
🧬 Code graph analysis (8)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
ui/lib/utils.ts (1)
  • cn (4-6)
ui/app/guardrails/page.tsx (1)
ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1)
  • GuardrailsView (5-17)
ui/app/user-groups/page.tsx (2)
ui/lib/utils.ts (1)
  • cn (4-6)
ui/app/_fallbacks/enterprise/components/user-groups/usersView.tsx (1)
  • UsersView (5-17)
ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
  • ContactUsView (15-46)
ui/app/_fallbacks/enterprise/components/user-groups/usersView.tsx (1)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
  • ContactUsView (15-46)
transports/bifrost-http/lib/config.go (1)
core/schemas/plugin.go (1)
  • Plugin (45-71)
ui/lib/store/store.ts (1)
ui/app/_fallbacks/enterprise/lib/store/slices/index.ts (2)
  • EnterpriseState (12-12)
  • guardrailReducer (6-6)
ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1)
ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)
  • ContactUsView (15-46)
🪛 Gitleaks (8.28.0)
docs/enterprise/audit-logs.mdx

[high] 196-197: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 202-203: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 208-209: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 214-215: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 221-223: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

[high] 379-381: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: Graphite / mergeability_check
  • GitHub Check: Graphite / mergeability_check
🔇 Additional comments (16)
transports/bifrost-http/lib/config.go (2)

139-139: LGTM - Atomic pointer field for lock-free plugin access.

The atomic.Pointer[[]schemas.Plugin] type is appropriate for lock-free reads on the hot path, and the comment clearly documents the intended CAS update pattern.

185-185: Plugin population logic exists in handlers/server.go
transports/bifrost-http/handlers/server.go:303 calls config.Plugins.Store(&plugins), so the Plugins pointer is populated as expected. No changes required.

ui/app/_fallbacks/enterprise/components/cluster/clusterView.tsx (1)

8-8: LGTM! Consistent styling pattern.

Adding min-h-[80vh] aligns with other enterprise fallback views in this PR and ensures the contact form maintains adequate vertical space.

ui/app/_fallbacks/enterprise/components/views/contactUsView.tsx (1)

17-17: LGTM! Flexible layout refactor.

Removing the hard-coded min-h-[80vh] from the base component and allowing callers to specify it via className improves flexibility. The cn() utility properly merges the provided classes.

ui/app/_fallbacks/enterprise/components/adaptive-routing/adaptiveRoutingView.tsx (1)

8-8: LGTM! Consistent styling pattern.

The min-h-[80vh] addition is consistent with other enterprise fallback views and ensures proper vertical spacing.

ui/app/_fallbacks/enterprise/lib/store/slices/index.ts (1)

4-12: LGTM! Appropriate fallback pattern.

The no-op reducers and empty exports are consistent with the existing scimReducer pattern and provide appropriate fallbacks when enterprise features are unavailable.

ui/app/_fallbacks/enterprise/components/user-groups/usersView.tsx (1)

9-9: Verify the intentional omission of min-h-[80vh].

Unlike other enterprise fallback views (ClusterView, AdaptiveRoutingView, GuardrailsView, AuditLogsView), this component uses className="mx-auto" without min-h-[80vh]. This inconsistency might affect the vertical layout and centering of the contact form.

Apply this diff if the min-height constraint should be consistent with other enterprise fallbacks:

-				className="mx-auto"
+				className="mx-auto min-h-[80vh]"
ui/app/_fallbacks/enterprise/components/audit-logs/auditLogsView.tsx (1)

4-16: LGTM! Correctly named and implemented.

The component name matches the file and purpose (previous naming issue has been resolved), and the implementation is consistent with other enterprise fallback views.

ui/components/sidebar.tsx (1)

5-17: LGTM! Navigation updates align with enterprise features.

The sidebar changes correctly reflect the new enterprise features (Guardrails, Audit Logs, User Provisioning) with appropriate icons and updated navigation structure. The renaming of "Teams & Customers" to "Users & Groups" improves clarity.

Also applies to: 89-139

ui/app/_fallbacks/enterprise/components/guardrails/guardrailsView.tsx (1)

1-17: LGTM! Consistent enterprise fallback pattern.

The GuardrailsView component follows the established ContactUsView pattern used by other enterprise fallback components, with appropriate icon, messaging, and documentation link.

ui/app/user-groups/page.tsx (1)

14-14: LGTM! Clean refactor with URL state management.

The migration to useQueryState from nuqs properly persists the active tab in the URL, improving sharability and navigation. The tabs configuration array is well-structured and the initialization effect correctly sets a default tab when none is present.

Also applies to: 20-42, 89-93

docs/enterprise/audit-logs.mdx (2)

196-197: Documentation examples use placeholder tokens correctly.

The static analysis tool flagged admin-token in the curl examples as a potential security issue, but these are intentional placeholder values in documentation. The examples appropriately demonstrate the expected API usage pattern.

Note: If this documentation will be published publicly, ensure that users understand these are example tokens that must be replaced with actual credentials. Consider adding a note clarifying this at the beginning of the API examples section.

Also applies to: 202-203, 208-209, 214-215, 221-223, 379-381

1-408: LGTM! Comprehensive and well-structured documentation.

The Audit Logs documentation is thorough, covering configuration, querying, SIEM integration, and compliance reporting with clear examples and detailed descriptions. The structure and content align well with enterprise feature requirements.

docs/enterprise/guardrails.mdx (1)

1-866: LGTM! Excellent multi-provider guardrails documentation.

The Guardrails documentation is comprehensive and well-structured, providing clear guidance for AWS Bedrock, Azure Content Safety, and Patronus AI integrations. The examples cover configuration, testing, and usage patterns effectively.

ui/lib/store/store.ts (2)

3-3: LGTM! Guardrail reducer properly integrated.

The guardrailReducer is correctly imported from slices and wired into the store reducer map, enabling guardrails state management in the application.

Also applies to: 46-47

24-30: LGTM! Enterprise API loading pattern is correct.

The dynamic loading of enterprise APIs via enterpriseApis.apis with proper error handling ensures the application functions correctly regardless of enterprise module availability.

@akshaydeo akshaydeo force-pushed the 10-10-guardrails_and_audit_logs branch from af45392 to 5a4a8ba Compare October 11, 2025 07:54
@akshaydeo akshaydeo force-pushed the 10-10-guardrails_and_audit_logs branch from 5a4a8ba to a09ab6b Compare October 11, 2025 07:55
@akshaydeo akshaydeo force-pushed the 10-09-feat_transport_interceptor_method_added_to_plugin_schema_new branch from c67b125 to 701d610 Compare October 11, 2025 07:55
@akshaydeo Graphite App
Copy link
Contributor Author

akshaydeo commented Oct 11, 2025
edited
Loading

Merge activity

  • Oct 11, 7:56 AM UTC: A user started a stack merge that includes this pull request via Graphite.
  • Oct 11, 7:59 AM UTC: @akshaydeo merged this pull request with Graphite.

@akshaydeo akshaydeo changed the base branch from 10-09-feat_transport_interceptor_method_added_to_plugin_schema_new to graphite-base/595 October 11, 2025 07:58
@akshaydeo akshaydeo changed the base branch from graphite-base/595 to main October 11, 2025 07:58
@akshaydeo akshaydeo merged commit 38338a2 into main Oct 11, 2025
2 of 4 checks passed
@akshaydeo akshaydeo deleted the 10-10-guardrails_and_audit_logs branch October 11, 2025 07:59
This was referenced Nov 2, 2025
Closed
Merged
Merged
akshaydeo added a commit that referenced this pull request Nov 17, 2025
@akshaydeo
guardrails and audit logs (#595)
a144b19 
## Add Enterprise Guardrails and Audit Logs Features

This PR adds two new enterprise features: Guardrails for content safety and security validation, and Audit Logs for comprehensive security event tracking. It also improves documentation for these features and makes minor UI adjustments to support them.

## Changes

- Added comprehensive documentation for Guardrails with support for AWS Bedrock, Azure Content Safety, and Patronus AI
- Added detailed documentation for Audit Logs with examples of configuration, querying, and SIEM integration
- Updated the sidebar to include new enterprise feature links
- Renamed "Teams & Customers" to "Users & Groups" for better clarity
- Added placeholder UI components for the new enterprise features
- Updated BifrostRequest documentation with clearer comments
- Updated Maxim Go dependency to v0.1.13
- Added provider logos for Azure, Bedrock, Mistral, and Patronus

## Type of change

- [x] Feature
- [x] Documentation

## Affected areas

- [x] Core (Go)
- [x] UI (Next.js)
- [x] Docs

## How to test

```sh
# Core
go version
go test ./...

# UI
cd ui
pnpm i
pnpm build
```

Navigate to the new enterprise features in the UI:
1. Check the sidebar for new "Guardrails" and "Audit Logs" links
2. Verify the placeholder UI components load correctly
3. Review the documentation for the new features

## Breaking changes

- [x] No

## Related issues

Implements enterprise feature roadmap items

## Security considerations

These features enhance security by providing content safety validation and comprehensive audit logging capabilities.

## Checklist

- [x] I added/updated tests where appropriate
- [x] I updated documentation where needed
- [x] I verified builds succeed (Go and UI)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@akshaydeo