Changelog
- Added
bifrost.scim.config.provisioningTokenandclaimScimAttributesto the Okta, Entra, SailPoint, and generic OIDC SCIM providers, so inbound SCIM provisioning can be seeded declaratively instead of via the dashboard. Both render intoscim_config.config. Generate a token withopenssl rand -base64 32 | tr '+/' '-_' | tr -d '='(supportsenv.prefix). - Added
request_headersto the OTEL plugin config (bifrost.plugins.otel.config.request_headersandprofiles[*].request_headers) to capture request headers as span attributes. Renders intorequest_headers. - Added
bifrost.client.dualCredentialConflictBehaviorto control what happens when an inference request presents both an IDP access token and a virtual key (x-bf-vk). Accepts"error"(reject with 400),"prefer_vk"(drop IDP token, use VK), or"prefer_idp"(default, IDP token wins). Renders intoclient.dual_credential_conflict_behavior.

