Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.getbifrost.ai/llms.txt

Use this file to discover all available pages before exploring further.

Bifrost Enterprise
v1.4.2
Breaking changes in v1.4.0. See the v1.4.0 Migration Guide for full before/after examples, automatic migration details, and a step-by-step checklist before upgrading.

Changelog

A focused patch on top of v1.4.1. Headline items: Entra app-role propagation in SCIM provisioning (App Registration roles are now fetched via Microsoft Graph and attached to each provisioned user, so role-based RBAC mappings finally work end-to-end), RequiredHeaders and RoutingChainMaxDepth plumbed into the governance plugin loader, and security dependency bumps for four open Dependabot alerts. Picks up an OSS base sitting just past transports/v1.5.2 (commit bef816a), which adds Chat ↔ Responses response_format round-trip conversion, separate push/pull telemetry toggles with a plugin hot-reload fix, MCP tool-manager config-hash sync, plus a batch of Gemini, Bedrock, Anthropic, and compat-plugin fixes.

✨ Features

RBAC & Identity

  • Entra App-Role Propagation in SCIM Sync - App Registration roles configured on the Entra app are now fetched via Microsoft Graph and attached to each provisioned user (both direct user assignments and group-member assignments). Role values populate the user’s Roles set so Entra roles-claim based role mappings can be matched against actual app-role assignments instead of being unverified.
  • Entra Role Filter Options in Sync UI - FetchFilterOptions now returns the enabled App Registration roles (display name, value, description) as selectable role filters, removing the previous placeholder where Entra role options were always empty.
  • Application.Read.All Probed at Setup - CheckGraphPermissions now probes the App Registration appRoles endpoint and surfaces a warning if the configured client lacks Application.Read.All, so admins find out at config time rather than during a silent role-sync failure.
  • Group-Member Fetch Memoization - fetchUsersFromAppAssignments caches group-member lookups per group ID within a single sync pass, avoiding repeated Graph round-trips when multiple app-role assignments target the same group.

Governance

  • RequiredHeaders and RoutingChainMaxDepth Wired to Governance Plugin - Both fields existed on the enterprise client config but were not reaching the governance plugin loader; they are now forwarded so header-based identity requirements and routing-chain depth limits take effect in governance evaluation.

OSS Base (post-transports/v1.5.2)

  • Chat ↔ Responses response_format Round-Trip - response_format (json_object, text, json_schema with full name / description / strict / schema) is now bidirectionally mapped to text.format between the Chat and Responses request schemas; previously it was silently dropped on conversion. A new SupportsResponseSchema capability flag in the model catalog registers both response_format and text as supported parameters when set.
  • Separate Push/Pull Telemetry Toggles + Plugin Hot-Reload Fix - Push-based and pull-based telemetry can now be toggled independently, and the plugin hot-reload path is fixed.
  • MCP Tool Manager Config in Client Hash - mcp.tool_manager_config is now included in the client config hash and synced on reload, so changes to tool-manager config are picked up by reload-driven flows.
  • Mistral Reasoning Effort in Model Catalog - Mistral reasoning effort entries added to the model catalog.

🐞 Fixed

Security & Dependencies

  • CVE Bumps for Dependabot Alerts - Bumped aws-sdk-go-v2/service/bedrockruntime v1.50.1 to v1.50.6 (eventstream DoS panic), ulikunitz/xz v0.5.12 to v0.5.15 (memory leak on corrupted LZMA), nwaples/rardecode/v2 v2.1.0 to v2.2.2 (RAR dictionary DoS), and jackc/pgx/v5 v5.9.1 to v5.9.2 (SQL injection via placeholder confusion).

OSS Base (post-transports/v1.5.2)

  • Gemini fallbacks Key Removed from Requests - The fallbacks key is no longer included in outgoing Gemini requests (it is not a Gemini-native field and was causing schema rejections).
  • Gemini Fallback Propagation in GenAI - Fixed fallback propagation in the GenAI integration so configured fallbacks are honored.
  • Gemini Raw Request Scoping - Raw-request handling is now applied only for the Gemini provider, not leaked across providers.
  • Anthropic Advisor Model Passthrough - Fixed prefix stripping in the advisor tool for Anthropic so model passthrough resolves correctly.
  • Empty Text / Signature Messages on Bedrock OpenAI - Drops messages with empty text or signature and converts thinking blocks for OpenAI Bedrock models.
  • Anthropic Trailing Assistant Message Drop + Mistral Reasoning Effort Conversion - Drops the last assistant message for Anthropic models and converts unsupported reasoning effort values for Mistral.
  • Compat Plugin Defaults Enabled - All compat plugin settings are now enabled by default.
  • System-Only Message Role Conversion - Converts role system to role user when only a system message is present for non-OpenAI models.
  • Compat cachePoint Drop - Compat plugin now drops cachePoint for unsupported Bedrock models and non-Bedrock models.
  • OTEL Plugin Metrics - Resolved issues in the OTEL plugin metrics path.
  • AWS SDK Patch Bumps (OSS) - aws-sdk-go-v2 v1.41.5 to v1.41.7 and related internal modules.

📀 Base OSS version

This release pins an OSS commit, not a tagged release. All five OSS modules (transports, core, framework, plugins/governance, plugins/logging) are pinned to commit bef816abe9c2 (2026-05-13), which is transports/v1.5.2 + 3 additional fixes:
  • 14df900a Chat ↔ Responses response_format conversion + supports_response_schema capability flag (#3454)
  • 725f2cb7 AWS SDK patch bumps (#3461)
  • bef816ab Remove fallbacks key from Gemini requests (#3464)
Effective pseudo-versions in go.mod:
github.com/maximhq/bifrost/core                 v1.5.11-0.20260513124702-bef816abe9c2
github.com/maximhq/bifrost/framework            v1.3.11-0.20260513124702-bef816abe9c2
github.com/maximhq/bifrost/plugins/governance   v1.5.11-0.20260513124702-bef816abe9c2
github.com/maximhq/bifrost/plugins/logging      v1.5.11-0.20260513124702-bef816abe9c2
github.com/maximhq/bifrost/transports           v1.5.3-0.20260513124702-bef816abe9c2

🔌 If you are compiling plugin against this release - use following deps

module github.com/maximhq/bifrost-enterprise

go 1.26.2

require (
	cloud.google.com/go/bigquery v1.74.0
	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0
	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1
	github.com/DataDog/datadog-go/v5 v5.6.0
	github.com/DataDog/dd-trace-go/v2 v2.4.0
	github.com/aws/aws-sdk-go-v2 v1.41.7
	github.com/aws/aws-sdk-go-v2/config v1.32.11
	github.com/aws/aws-sdk-go-v2/credentials v1.19.14
	github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.50.6
	github.com/aws/aws-sdk-go-v2/service/sts v1.41.10
	github.com/bytedance/sonic v1.15.0
	github.com/coreos/go-oidc/v3 v3.12.0
	github.com/fasthttp/router v1.5.4
	github.com/golang-jwt/jwt/v5 v5.3.0
	github.com/google/cel-go v0.26.1
	github.com/google/uuid v1.6.0
	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674
	github.com/grandcat/zeroconf v1.0.0
	github.com/hashicorp/consul/api v1.28.2
	github.com/hashicorp/memberlist v0.5.4
	github.com/maximhq/bifrost/core v1.5.11-0.20260513124702-bef816abe9c2
	github.com/maximhq/bifrost/framework v1.3.11-0.20260513124702-bef816abe9c2
	github.com/maximhq/bifrost/plugins/governance v1.5.11-0.20260513124702-bef816abe9c2
	github.com/maximhq/bifrost/plugins/prompts v1.0.11-0.20260513124702-bef816abe9c2
	github.com/maximhq/bifrost/transports v1.5.3-0.20260513124702-bef816abe9c2
	github.com/nakabonne/tstorage v0.3.6
	github.com/stretchr/testify v1.11.1
	github.com/testcontainers/testcontainers-go v0.40.0
	github.com/tetratelabs/wazero v1.11.0
	github.com/valyala/fasthttp v1.68.0
	github.com/zricethezav/gitleaks/v8 v8.30.1
	go.etcd.io/etcd/client/v3 v3.6.6
	golang.org/x/crypto v0.49.0
	golang.org/x/oauth2 v0.36.0
	google.golang.org/api v0.274.0
	google.golang.org/grpc v1.80.0
	google.golang.org/protobuf v1.36.11
	gorm.io/driver/sqlite v1.6.0
	gorm.io/gorm v1.31.1
	k8s.io/api v0.34.1
	k8s.io/apimachinery v0.34.1
	k8s.io/client-go v0.34.1
)