Skip to main content
The client block controls how Bifrost manages its internal worker pool, request logging, authentication enforcement, header policies, SDK compatibility shims, and MCP agent behaviour.

Connection Pool

FieldTypeDefaultDescription
initial_pool_sizeinteger300Pre-allocated worker goroutines per provider queue
drop_excess_requestsbooleanfalseDrop requests when queue is full instead of waiting (returns HTTP 429)
A larger pool reduces latency spikes under burst load at the cost of higher baseline memory. 500–1000 is a common starting point for production workloads with multiple providers. 
{
  "client": {
    "initial_pool_size": 1000,
    "drop_excess_requests": true
  }
}

Request & Response Logging

FieldTypeDefaultDescription
enable_loggingbooleanLog all LLM requests and responses
disable_content_loggingbooleanfalseStrip message content from logs (keeps metadata only)
log_retention_daysinteger365Days to retain log entries in the store
logging_headersarray of strings[]HTTP request headers to capture in log metadata
Set disable_content_logging: true for HIPAA / PCI compliance workloads where message content must not be persisted. 
{
  "client": {
    "enable_logging": true,
    "disable_content_logging": true,
    "log_retention_days": 90,
    "logging_headers": ["x-request-id", "x-user-id"]
  }
}

Security & CORS

FieldTypeDefaultDescription
allowed_originsarray["*"]CORS allowed origins (use URIs or "*")
allow_direct_keysbooleanfalseAllow callers to pass provider keys directly in requests
enforce_auth_on_inferencebooleanfalseRequire auth (virtual key, API key, or user token) on /v1/* inference routes
max_request_body_size_mbinteger100Maximum allowed request body size in MB
whitelisted_routesarray of strings[]Routes that bypass auth middleware
allowed_headersarray of strings[]Additional headers permitted for CORS and WebSocket
{
  "client": {
    "allowed_origins": [
      "https://app.yourcompany.com",
      "https://admin.yourcompany.com"
    ],
    "allow_direct_keys": false,
    "enforce_auth_on_inference": true,
    "max_request_body_size_mb": 50,
    "whitelisted_routes": ["/health", "/metrics"]
  }
}

Header Filtering

Controls which x-bf-eh-* extra headers are forwarded to upstream LLM providers.
FieldTypeDefaultDescription
header_filter_config.allowlistarray of strings[]Only these headers are forwarded (whitelist mode)
header_filter_config.denylistarray of strings[]These headers are always blocked
required_headersarray of strings[]Headers that must be present on every request (rejected with 400 if missing)
When both allowlist and denylist are empty, all x-bf-eh-* headers pass through. Specifying an allowlist enables strict whitelist mode — only listed headers are forwarded. 
{
  "client": {
    "header_filter_config": {
      "allowlist": [
        "x-bf-eh-anthropic-version",
        "x-bf-eh-openai-beta"
      ],
      "denylist": []
    },
    "required_headers": ["x-request-id"]
  }
}

Compat Shims

Compatibility flags that let Bifrost silently adapt request/response shapes for SDK integrations.
FieldTypeDefaultDescription
compat.convert_text_to_chatbooleanfalseWrap legacy /v1/completions text requests as chat messages
compat.convert_chat_to_responsesbooleanfalseTranslate chat completions to Responses API format
compat.should_drop_paramsbooleanfalseSilently drop unsupported parameters instead of erroring
compat.should_convert_paramsbooleanfalseAuto-convert parameter values across provider schemas
{
  "client": {
    "compat": {
      "should_drop_params": true,
      "convert_text_to_chat": true
    }
  }
}

MCP Agent Settings

FieldTypeDefaultDescription
mcp_agent_depthinteger10Maximum tool-call recursion depth for MCP agent mode
mcp_tool_execution_timeoutinteger30Timeout per MCP tool execution in seconds
mcp_code_mode_binding_levelstringCode mode binding level: "server" or "tool"
mcp_tool_sync_intervalinteger10Global tool sync interval in minutes (0 = disabled)
mcp_disable_auto_tool_injectbooleanfalseWhen true, MCP tools are not automatically injected into requests
{
  "client": {
    "mcp_agent_depth": 15,
    "mcp_tool_execution_timeout": 60,
    "mcp_tool_sync_interval": 10
  }
}

Async Jobs

FieldTypeDefaultDescription
async_job_result_ttlinteger3600TTL (seconds) for async job results
disable_db_pings_in_healthbooleanfalseExclude database connectivity from /health endpoint checks

Prometheus Labels

Add custom labels to every Prometheus metric emitted by Bifrost: 
{
  "client": {
    "prometheus_labels": ["environment=production", "region=us-east-1"]
  }
}

Authentication

governance.auth_config protects the Bifrost dashboard and management API with username/password auth.
FieldTypeDefaultDescription
is_enabledbooleanfalseEnable username/password auth
admin_usernamestringAdmin username
admin_passwordstringAdmin password (use env. reference)
disable_auth_on_inferencebooleanfalseSkip auth check on /v1/* inference routes
{
  "governance": {
    "auth_config": {
      "is_enabled": true,
      "admin_username": "env.BIFROST_ADMIN_USERNAME",
      "admin_password": "env.BIFROST_ADMIN_PASSWORD",
      "disable_auth_on_inference": false
    }
  }
}
A top-level auth_config is also accepted for backwards compatibility, but governance.auth_config is the preferred location.

Encryption Key

{
  "encryption_key": "env.BIFROST_ENCRYPTION_KEY"
}
Notes
Accepts any string; Bifrost derives a 32-byte AES-256 key using Argon2id
Can also be set via the BIFROST_ENCRYPTION_KEY environment variable
Once set and the database is populated, the key cannot be changed without clearing the database
Omitting the key stores data in plain text — not recommended for production

Full Example

{
  "$schema": "https://www.getbifrost.ai/schema",
  "encryption_key": "env.BIFROST_ENCRYPTION_KEY",

  "governance": {
    "auth_config": {
      "is_enabled": true,
      "admin_username": "env.BIFROST_ADMIN_USERNAME",
      "admin_password": "env.BIFROST_ADMIN_PASSWORD",
      "disable_auth_on_inference": false
    }
  },

  "client": {
    "initial_pool_size": 1000,
    "drop_excess_requests": true,

    "enable_logging": true,
    "disable_content_logging": false,
    "log_retention_days": 90,
    "logging_headers": ["x-request-id", "x-user-id"],

    "allowed_origins": ["https://app.yourcompany.com"],
    "allow_direct_keys": false,
    "enforce_auth_on_inference": true,
    "max_request_body_size_mb": 100,

    "header_filter_config": {
      "allowlist": [],
      "denylist": []
    },
    "required_headers": [],

    "compat": {
      "should_drop_params": false
    },

    "prometheus_labels": ["environment=production"],

    "mcp_agent_depth": 10,
    "mcp_tool_execution_timeout": 30,

    "async_job_result_ttl": 3600
  }
}