refactor: remove support for direct api keys

Author: Pratham-Mishra04

.github/workflows/configs/withpostgresmcpclientsinconfig/config.json

@@ -1,7 +1,6 @@
 {
   "$schema": "https://www.getbifrost.ai/schema",
   "client": {
-    "allow_direct_keys": false,
     "allowed_origins": [
       "*"
     ],

core/bifrost.go

@@ -5795,7 +5795,7 @@ func (bifrost *Bifrost) requestWorker(provider schemas.Provider, config *schemas
 					if len(supportedKeys) == 0 {
 						// SkipKeySelection path — keyProvider stays nil, zero Key is used.
 					} else if !canRotate {
-						// Fixed key (DirectKey, explicit ID/name, session stickiness): always
+						// Fixed key (explicit ID/name, session stickiness): always
 						// return the same key regardless of usedKeyIDs.
 						fixedKey := supportedKeys[0]
 						keyProvider = func(_ map[string]bool) (schemas.Key, error) {
@@ -7145,18 +7145,6 @@ func (bifrost *Bifrost) releaseMCPRequest(req *schemas.BifrostMCPRequest) {
 // getAllSupportedKeys retrieves all valid keys for a ListModels request.
 // allowing the provider to aggregate results from multiple keys.
 func (bifrost *Bifrost) getAllSupportedKeys(ctx *schemas.BifrostContext, providerKey schemas.ModelProvider, baseProviderType schemas.ModelProvider) ([]schemas.Key, error) {
-	// Check if key has been set in the context explicitly
-	if ctx != nil {
-		key, ok := ctx.Value(schemas.BifrostContextKeyDirectKey).(schemas.Key)
-		if ok {
-			if err := validateKey(baseProviderType, &key); err != nil {
-				return nil, fmt.Errorf("invalid direct key for provider %v: %w", baseProviderType, err)
-			}
-			// If a direct key is specified, return it as a single-element slice
-			return []schemas.Key{key}, nil
-		}
-	}
-
 	keys, err := bifrost.account.GetKeysForProvider(ctx, providerKey)
 	if err != nil {
 		return nil, err
@@ -7195,18 +7183,6 @@ func (bifrost *Bifrost) getAllSupportedKeys(ctx *schemas.BifrostContext, provide
 // For batch operations, only keys with UseForBatchAPI enabled are included.
 // Model filtering: if model is specified and key has model restrictions, only include if model is in list.
 func (bifrost *Bifrost) getKeysForBatchAndFileOps(ctx *schemas.BifrostContext, providerKey schemas.ModelProvider, baseProviderType schemas.ModelProvider, model *string, isBatchOp bool) ([]schemas.Key, error) {
-	// Check if key has been set in the context explicitly
-	if ctx != nil {
-		key, ok := ctx.Value(schemas.BifrostContextKeyDirectKey).(schemas.Key)
-		if ok {
-			if err := validateKey(baseProviderType, &key); err != nil {
-				return nil, fmt.Errorf("invalid direct key for provider %v: %w", baseProviderType, err)
-			}
-			// If a direct key is specified, return it as a single-element slice
-			return []schemas.Key{key}, nil
-		}
-	}
-
 	keys, err := bifrost.account.GetKeysForProvider(ctx, providerKey)
 	if err != nil {
 		return nil, err
@@ -7278,7 +7254,6 @@ func (bifrost *Bifrost) getKeysForBatchAndFileOps(ctx *schemas.BifrostContext, p
 // via the keyProvider closure built by the caller.
 //
 // canRotate=false is returned for cases where the caller must always use the same key:
-//   - DirectKey (caller-supplied key bypasses all selection)
 //   - SkipKeySelection (provider allows keyless requests; empty slice returned)
 //   - Explicit BifrostContextKeyAPIKeyID / APIKeyName (user pinned a specific key)
 //   - Session stickiness (key persisted in KV store for the session lifetime)
@@ -7287,15 +7262,6 @@ func (bifrost *Bifrost) getKeysForBatchAndFileOps(ctx *schemas.BifrostContext, p
 // canRotate=true is returned when there are two or more eligible keys and no pinning
 // or stickiness constraint is in effect.
 func (bifrost *Bifrost) selectKeyFromProviderForModelWithPool(ctx *schemas.BifrostContext, requestType schemas.RequestType, providerKey schemas.ModelProvider, model string, baseProviderType schemas.ModelProvider) ([]schemas.Key, bool, error) {
-	// DirectKey: caller supplied a key directly — no pool, no rotation.
-	if ctx != nil {
-		if key, ok := ctx.Value(schemas.BifrostContextKeyDirectKey).(schemas.Key); ok {
-			if err := validateKey(baseProviderType, &key); err != nil {
-				return nil, false, fmt.Errorf("invalid direct key for provider %v: %w", baseProviderType, err)
-			}
-			return []schemas.Key{key}, false, nil
-		}
-	}
 	// SkipKeySelection: provider allows keyless requests — return empty pool, no rotation.
 	if skipKeySelection, ok := ctx.Value(schemas.BifrostContextKeySkipKeySelection).(bool); ok && skipKeySelection && isKeySkippingAllowed(providerKey) {
 		return []schemas.Key{}, false, nil

core/internal/llmtests/account.go

@@ -204,12 +204,6 @@ func replicateProviderTestKeys() []schemas.Key {
 	}
 }
 
-// ReplicateDirectKeyForListModels returns the key used for Replicate ListModels (deployments endpoint).
-// List-models tests set it on the context as schemas.BifrostContextKeyDirectKey so Bifrost passes only this key.
-func ReplicateDirectKeyForListModels() schemas.Key {
-	return replicateProviderTestKeys()[0]
-}
-
 // GetKeysForProvider returns the API keys and associated models for a given provider.
 func (account *ComprehensiveTestAccount) GetKeysForProvider(ctx context.Context, providerKey schemas.ModelProvider) ([]schemas.Key, error) {
 	switch providerKey {

core/internal/llmtests/list_models.go

@@ -9,13 +9,14 @@ import (
 	"github.com/maximhq/bifrost/core/schemas"
 )
 
-// listModelsBifrostContext returns a context for ListModels. For Replicate, sets BifrostContextKeyDirectKey
-// so only the deployments key is used (see replicateProviderTestKeys in account.go). That key must not use an
-// empty Models allowlist, or ListModelsPipeline.ShouldEarlyExit returns no models before the API runs.
+// listModelsBifrostContext returns a context for ListModels. For Replicate, pins the deployments-endpoint
+// key by name (see replicateProviderTestKeys in account.go) so the test always exercises that specific key.
+// That key must not use an empty Models allowlist, or ListModelsPipeline.ShouldEarlyExit returns no models
+// before the API runs.
 func listModelsBifrostContext(parent context.Context, provider schemas.ModelProvider) *schemas.BifrostContext {
 	bfCtx := schemas.NewBifrostContext(parent, schemas.NoDeadline)
 	if provider == schemas.Replicate {
-		bfCtx.SetValue(schemas.BifrostContextKeyDirectKey, ReplicateDirectKeyForListModels())
+		bfCtx.SetValue(schemas.BifrostContextKeyAPIKeyName, ReplicateKeyNameListModels)
 	}
 	return bfCtx
 }

core/providers/utils/utils.go

@@ -2786,11 +2786,11 @@ func completeDeferredSpan(ctx *schemas.BifrostContext, result *schemas.BifrostRe
 
 // CheckAndSetDefaultProvider checks if the default provider should be used based on the context.
 // It returns the default provider if it should be used, otherwise it returns an empty string.
-// Checks if the direct key is set in the context, or if key selection is skipped.
-// Or if the available providers are set in the context and the default provider is in the list.
+// Checks if key selection is skipped, or if the available providers are set in the context
+// and the default provider is in the list.
 func CheckAndSetDefaultProvider(ctx *schemas.BifrostContext, defaultProvider schemas.ModelProvider) schemas.ModelProvider {
 	if ctx != nil {
-		if ctx.Value(schemas.BifrostContextKeyDirectKey) != nil || ctx.Value(schemas.BifrostContextKeySkipKeySelection) != nil {
+		if ctx.Value(schemas.BifrostContextKeySkipKeySelection) != nil {
 			return defaultProvider
 		}
 		if ctx.Value(schemas.BifrostContextKeyAvailableProviders) != nil {

core/schemas/bifrost.go

@@ -172,7 +172,6 @@ const (
 	BifrostContextKeyAPIKeyID          BifrostContextKey = "x-bf-api-key-id"       // string (explicit key ID selection, takes priority over name)
 	BifrostContextKeyRequestID         BifrostContextKey = "request-id"            // string
 	BifrostContextKeyFallbackRequestID BifrostContextKey = "fallback-request-id"   // string
-	BifrostContextKeyDirectKey         BifrostContextKey = "bifrost-direct-key"    // Key struct
 
 	// NOTE: []string is used for both keys, and by default all clients/tools are included (when nil).
 	// If "*" is present, all clients/tools are included, and [] means no clients/tools are included.

core/schemas/context.go

@@ -16,7 +16,6 @@ var reservedKeys = []any{
 	BifrostContextKeyAPIKeyID,
 	BifrostContextKeyRequestID,
 	BifrostContextKeyFallbackRequestID,
-	BifrostContextKeyDirectKey,
 	BifrostContextKeySelectedKeyID,
 	BifrostContextKeySelectedKeyName,
 	BifrostContextKeyNumberOfRetries,

docs/deployment-guides/config-json.mdx

@@ -136,7 +136,6 @@ A production-ready file with PostgreSQL storage, multi-provider setup, governanc
     "enable_logging": true,
     "log_retention_days": 90,
     "enforce_auth_on_inference": true,
-    "allow_direct_keys": false,
     "allowed_origins": ["https://app.yourcompany.com"]
   },
 

docs/deployment-guides/config-json/client.mdx

@@ -127,7 +127,6 @@ These settings are also configurable via the UI (**MCP Gateway → MCP Settings*
 | Field | Type | Default | Description |
 |-------|------|---------|-------------|
 | `allowed_origins` | array | `["*"]` | CORS allowed origins (use URIs or `"*"`) |
-| `allow_direct_keys` | boolean | `false` | Allow callers to pass provider keys directly in requests |
 | `enforce_auth_on_inference` | boolean | `false` | Require auth (virtual key, API key, or user token) on `/v1/*` inference routes |
 | `max_request_body_size_mb` | integer | `100` | Maximum allowed request body size in MB |
 | `whitelisted_routes` | array of strings | `[]` | Routes that bypass auth middleware |
@@ -140,7 +139,6 @@ These settings are also configurable via the UI (**MCP Gateway → MCP Settings*
       "https://app.yourcompany.com",
       "https://admin.yourcompany.com"
     ],
-    "allow_direct_keys": false,
     "enforce_auth_on_inference": true,
     "max_request_body_size_mb": 50,
     "whitelisted_routes": ["/health", "/metrics"]
@@ -324,7 +322,6 @@ A top-level `auth_config` is also accepted for backwards compatibility, but `gov
     "mcp_external_client_url": "env.BIFROST_EXTERNAL_URL",
 
     "allowed_origins": ["https://app.yourcompany.com"],
-    "allow_direct_keys": false,
     "enforce_auth_on_inference": true,
     "max_request_body_size_mb": 100,
 

docs/deployment-guides/config-json/schema-reference.mdx

@@ -61,7 +61,6 @@ Controls the worker pool, logging pipeline, security, and SDK shims. All fields
 | `log_retention_days` | integer | `365` | Days to retain log entries |
 | `logging_headers` | array | `[]` | HTTP headers to capture in log metadata |
 | `enforce_auth_on_inference` | boolean | `false` | Require a virtual key on every `/v1/*` request |
-| `allow_direct_keys` | boolean | `false` | Allow callers to pass provider API keys directly |
 | `allowed_origins` | array | `["*"]` | CORS allowed origins |
 | `max_request_body_size_mb` | integer | `100` | Maximum request body in MB |
 | `whitelisted_routes` | array | `[]` | Routes that bypass auth middleware |