Changelog
bifrost.client.mcpServerAuthMode(headers|both|oauth) andbifrost.client.oauth2ServerConfig(issuerUrl,authCodeTtl,accessTokenTtl,disableVkIdentity) to control how/mcpauthenticates inbound MCP clients.authCodeTtlis capped at 900 seconds. Render intoclient.mcp_server_auth_modeandclient.oauth2_server_config.- ClickHouse logs store: set
storage.logsStore.type: clickhousewith astorage.logsStore.clickhouseblock (hostrequired; optionalport,database,username,password,protocol,secure,dialTimeout,cluster). bedrock_mantleprovider withbedrock_mantle_key_config(regionrequired; optionalaccess_key,secret_key,session_token,role_arn,external_id,session_name).deepseekprovider support via the generic provider passthrough.toolExecutionTimeoutonbifrost.mcp.clientConfigs[]— a per-server override of the globaltoolManagerConfig.toolExecutionTimeout. Accepts a Go duration string (e.g."30s") or a bare integer treated as seconds.expires_atonbifrost.governance.virtualKeys[]— optional RFC3339 timestamp after which requests using the virtual key are rejected. Omit for a key that never expires.

