feat: enabled a key without deleting

[slyang08]

Summary

Implemented a feature that user can disable or enable a key without deleting the key on the website.

Type of change

• Bug fix
• Feature
• Refactor
• Documentation
• Chore/CI

Affected areas

• Core (Go)
• Transports (HTTP)
• Providers/Integrations
• Plugins
• UI (Next.js)
• Docs

If adding new configs or environment variables, document them here.

Added Enabled in core/schemas/account.go

type Key struct {
	ID               string            `json:"id"`                           // The unique identifier for the key (used by bifrost to identify the key)
	Name             string            `json:"name"`                         // The name of the key (used by users to identify the key, not used by bifrost)
	Value            string            `json:"value"`                        // The actual API key value
	Models           []string          `json:"models"`                       // List of models this key can access
	Weight           float64           `json:"weight"`                       // Weight for load balancing between multiple keys
	AzureKeyConfig   *AzureKeyConfig   `json:"azure_key_config,omitempty"`   // Azure-specific key configuration
	VertexKeyConfig  *VertexKeyConfig  `json:"vertex_key_config,omitempty"`  // Vertex-specific key configuration
	BedrockKeyConfig *BedrockKeyConfig `json:"bedrock_key_config,omitempty"` // AWS Bedrock-specific key configuration
	Enabled          *bool             `json:"enabled,omitempty"`            // Whether the key is active (default: true)
}

Before

After

Breaking changes

• Yes
• No

Related issues

Closes #831

Checklist

• I read docs/contributing/README.md and followed the guidelines
• I added/updated tests where appropriate
• I updated documentation where needed
• I verified builds succeed (Go and UI)
• I verified the CI pipeline passes locally if applicable

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

Release Notes

• New Features

  • Added ability to enable or disable API keys without deleting them from your provider configuration.
  • Disabled keys are automatically excluded from model selection.
  • New toggle control in the provider keys table for managing key status.

• Chores

  • Database migration added to support the new key status feature.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

Adds an optional Enabled flag for provider API keys across schema, storage, transport, core selection logic, migrations, and UI; disabled keys are persisted, shown in redacted outputs, can be toggled in the UI, and are excluded during provider key selection.

Changes

Cohort / File(s)	Summary
Schema core/schemas/account.go	Added Enabled *bool \json:"enabled,omitempty"`toKey`.
Storage (ORM & Migrations) framework/configstore/tables/key.go, framework/configstore/migrations.go	Added Enabled *bool to TableKey with GORM default true; BeforeSave/AfterFind default nil to true; new migration migrationAddEnabledColumnToKeyTable to add/backfill/drop the enabled column and wired into triggerMigrations.
Core selection logic core/bifrost.go	Updated selectKeyFromProviderForModel to skip keys whose Enabled (or key.Enabled) is explicitly false in all selection paths.
HTTP transport / redaction transports/bifrost-http/lib/config.go	Included Enabled in redacted provider key objects returned by GetProviderConfigRedacted (shape of redacted key objects changed).
Frontend types ui/lib/types/config.ts	Added optional enabled?: boolean to ModelProviderKey; DefaultModelProviderKey now sets enabled: true.
Frontend UI ui/app/workspace/providers/views/modelProviderKeysTableView.tsx	Added an "Enabled" column with a Switch per row that toggles key.enabled, updates provider keys, shows success/error toasts, and disables the Edit action for disabled keys.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant User as User (Browser)
    participant UI as Frontend
    participant API as Bifrost HTTP
    participant DB as Config Store
    participant Core as Core (selection)

    User->>UI: Toggle key Enabled switch
    UI->>API: PATCH provider keys (enabled flag)
    API->>DB: Persist updated TableKey.enabled
    DB-->>API: OK
    API-->>UI: Success response
    UI-->>User: Show success toast

    note over Core,DB: Request-time key selection
    API->>Core: Request needing provider key
    Core->>DB: List provider keys for provider
    DB-->>Core: Return keys (include Enabled)
    Core->>Core: Filter out keys where Enabled == false
    Core-->>API: Return selected key or error

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Verify all selection branches in core/bifrost.go consistently treat Enabled == nil as true and skip only when explicitly false.
• Inspect the new migration for safe backfill, idempotence, and correct placement in triggerMigrations.
• Confirm GORM BeforeSave/AfterFind nil-handling and JSON/GORM tags in framework/configstore/tables/key.go.
• Validate redacted output shape change in transports/bifrost-http/lib/config.go for API compatibility.
• Review UI state handling, optimistic updates, permission gating, and error/toast flows in modelProviderKeysTableView.tsx.

Poem

🐇🔑 I nibble keys both day and night,
A gentle switch to dim their light.
Not tossed away, just tucked to rest,
A quiet hop—it's for the best.
Toggles set, the burrow's blessed.

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: enabled a key without deleting' directly reflects the main feature added—allowing users to disable/enable keys without deletion.
Description check	✅ Passed	The description covers the main points: feature summary, type of change, affected areas, code changes documented, before/after UI screenshots included, and linked issue #831.
Linked Issues check	✅ Passed	The PR successfully implements all objectives from issue #831: added Enabled field to Key schema, implemented backend logic to skip disabled keys, added UI toggle to enable/disable keys, and covered all affected areas (Core, Transports HTTP, UI).
Out of Scope Changes check	✅ Passed	All changes are directly related to implementing the key enable/disable feature. Database migration, schema updates, UI controls, and backend logic changes are all within scope of issue #831.
Docstring Coverage	✅ Passed	Docstring coverage is 87.50% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4cd551e and 78c4962.

📒 Files selected for processing (7)

• core/bifrost.go (1 hunks)
• core/schemas/account.go (1 hunks)
• framework/configstore/migrations.go (4 hunks)
• framework/configstore/tables/key.go (3 hunks)
• transports/bifrost-http/lib/config.go (1 hunks)
• ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (4 hunks)
• ui/lib/types/config.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• ui/lib/types/config.ts
• core/bifrost.go
• framework/configstore/tables/key.go
• core/schemas/account.go

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

always check the stack if there is one for the current PR. do not give localized reviews for the PR, always see all changes in the light of the whole stack of PRs (if there is a stack, if there is no stack you can continue to make localized suggestions/reviews)

Files:

• framework/configstore/migrations.go
• ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
• transports/bifrost-http/lib/config.go

🧬 Code graph analysis (2)

framework/configstore/migrations.go (2)

framework/migrator/migrator.go (3)

• New (131-149)
• DefaultOptions (100-106)
• Migration (62-69)

framework/configstore/tables/key.go (2)

• TableKey (13-51)
• TableKey (54-54)

ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (2)

ui/components/ui/table.tsx (5)

• TableHead (71-71)
• TableRow (71-71)
• TableHeader (71-71)
• TableBody (71-71)
• TableCell (71-71)

ui/components/ui/switch.tsx (1)

• Switch (36-36)

🔇 Additional comments (6)

ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (3)

120-122: LGTM - Correct default handling for enabled state.

The key.enabled ?? true pattern correctly aligns with the backend's default-enabled behavior where nil/undefined means enabled.

---

134-154: LGTM - Switch toggle implementation looks good.

The Switch correctly uses isKeyEnabled for the checked state and properly updates the provider configuration via updateProvider. Error handling with toast notifications is appropriate.

---

168-168: Verify: Disabling Edit for disabled keys may confuse users.

The Edit action is disabled when !isKeyEnabled. This prevents users from editing a disabled key's properties (name, weight, models, etc.) without first re-enabling it. Consider whether this is the intended UX - users might want to edit a disabled key before re-enabling it.

framework/configstore/migrations.go (2)

1085-1126: LGTM - Migration follows established patterns.

The migration correctly:

• Checks if the column exists before adding (idempotent)
• Backfills existing rows with TRUE to match the default-enabled behavior
• Provides a proper rollback that conditionally drops the column
• Uses consistent error wrapping with fmt.Errorf

---

82-84: LGTM - Migration ordering is appropriate.

The new migration is placed after migrationAddLogRetentionDaysColumn and before migrationAddBatchAndCachePricingColumns, which is a reasonable position in the migration sequence.

transports/bifrost-http/lib/config.go (1)

1385-1391: LGTM - Enabled field correctly included in redacted output.

The Enabled field is appropriately included in the redacted key output since it's not sensitive data and the UI needs this information to display and manage the key's enabled state.

Note: The key.Enabled is a *bool pointer, so this copies the pointer reference. Since the redacted config is read-only and the source data is protected by RLock, this is safe.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (1)

106-170: Treat undefined as enabled in the UI to match backend default semantics.

Right now:

• checked={!!key.enabled} means keys with no enabled field (backend omits it when Enabled == nil) render as unchecked/disabled.
• disabled={!key.enabled} on the Edit action means those same keys have Edit disabled (!undefined === true).

But the backend treats Enabled == nil as “enabled” (default true), so existing/config‑file keys will show up as disabled+non‑editable in the UI while still being usable at runtime.

You can fix this by normalizing the enabled state in the row:

{provider.keys.map((key, index) => {
	const isEnabled = key.enabled !== false; // nil/undefined => true

	return (
		<TableRow key={index} /* ... */>
			{/* ... */}
			<TableCell>
				<Switch
					checked={isEnabled}
					disabled={!hasUpdateProviderAccess}
					onCheckedChange={(checked) => {
						updateProvider({
							...provider,
							keys: provider.keys.map((k, i) =>
								i === index ? { ...k, enabled: checked } : k,
							),
						})
							.unwrap()
							.then(() => {
								toast.success(`Key ${checked ? "enabled" : "disabled"} successfully`);
							})
							.catch((err) => {
								toast.error("Failed to update key", {
									description: getErrorMessage(err),
								});
							});
					}}
				/>
			</TableCell>
			{/* ... */}
			<DropdownMenuItem
				onClick={() => setShowAddNewKeyDialog({ show: true, keyIndex: index })}
				disabled={!isEnabled}
			>
				<PencilIcon className="mr-1 h-4 w-4" />
				Edit
			</DropdownMenuItem>
			{/* ... */}
		</TableRow>
	);
})}

This keeps defaults consistent: keys without an explicit flag stay enabled in the UI, and only explicitly disabled keys block editing.

🧹 Nitpick comments (3)

core/schemas/account.go (1)

9-18: Ensure persistence ↔ schema mapping correctly sets Enabled for disabled keys.

Treating Enabled *bool with omitempty and “nil means enabled” is a good fit for backward compatibility and for not emitting the field when it isn’t explicitly set.

Just make sure all conversions into schemas.Key set Enabled when a key is disabled (e.g., when reading from configstore / TableKey.Enabled or other storage structs). If those mappings don’t populate Enabled yet, disabled state could be silently dropped and the key would behave as enabled at runtime even if the DB says otherwise.

Worth double‑checking the provider-config → schemas.Key conversions (e.g., in transports/bifrost-http/lib/config.go and any configstore adapters) to confirm Enabled is wired through.

core/bifrost.go (1)

2465-2539: Disabled-key filtering looks correct, but ListModels path may still use disabled keys.

The added checks:

if requestType == schemas.ListModelsRequest {
	for _, k := range keys {
		// Skip disabled keys
		if k.Enabled != nil && !*k.Enabled {
			continue
		}
		// existing value check...
	}
} else {
	for _, key := range keys {
		// Skip disabled keys
		if key.Enabled != nil && !*key.Enabled {
			continue
		}
		// existing model/deployment checks...
	}
}

are consistent with Enabled *bool semantics (nil == enabled) and correctly prevent disabled keys from being chosen for non‑ListModels requests.

However, ListModelsRequest currently uses getAllSupportedKeys:

if providerRequiresKey(baseProvider, config.CustomProviderConfig) {
	keys, err = bifrost.getAllSupportedKeys(&ctx, req.Provider, baseProvider)
	// ...
}

and getAllSupportedKeys does not filter by Enabled at all. That means disabled keys can still be used when listing models, even though they’re excluded from actual inference traffic.

Two follow‑ups to consider:

1. Decide whether ListModels should also honor the Enabled flag. If yes, either:

   • Filter in getAllSupportedKeys similarly, or
   • Reuse selectKeyFromProviderForModel (or a shared helper) for ListModels key selection.

2. Double‑check call sites to ensure the ListModelsRequest branch in selectKeyFromProviderForModel is actually reachable; if ListModels never uses this helper, that branch is effectively dead code.

Aligning the ListModels code path with the new Enabled semantics will avoid surprises where a “disabled” key is still exercised for list‑models calls.

transports/bifrost-http/lib/config.go (1)

1145-1151: Including Enabled in redacted provider keys aligns HTTP output with core/UISchema.

Adding:

redactedConfig.Keys[i] = schemas.Key{
	ID:      key.ID,
	Name:    key.Name,
	Models:  key.Models,
	Weight:  key.Weight,
	Enabled: key.Enabled,
}

ensures the redacted provider config exposes the Enabled flag end‑to‑end, matching schemas.Key and the frontend ModelProviderKey.enabled field.

Because Enabled is a *bool with omitempty, existing configs without an explicit flag will still omit the field from JSON (backward compatible). Combined with the UI change to treat undefined as “enabled” (see table view comment), this gives consistent semantics across storage, core, and transport.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 71676b6 and dce3e0c.

📒 Files selected for processing (6)

• core/bifrost.go (1 hunks)
• core/schemas/account.go (1 hunks)
• framework/configstore/tables/key.go (1 hunks)
• transports/bifrost-http/lib/config.go (2 hunks)
• ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (4 hunks)
• ui/lib/types/config.ts (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

transports/bifrost-http/lib/config.go (1)

framework/configstore/tables/key.go (2)

• TableKey (13-51)
• TableKey (54-54)

🔇 Additional comments (2)

ui/lib/types/config.ts (1)

72-93: ModelProviderKey.enabled shape and default align with Go schema.

The optional enabled?: boolean plus enabled: true in DefaultModelProviderKey cleanly mirror Enabled *bool "omitempty" on the Go side and ensure newly created keys are enabled by default. The remaining behavior questions are in how callers interpret undefined vs false (covered in the view component).

transports/bifrost-http/lib/config.go (1)

775-797: Virtual key key‑lookup behavior is reasonable and failure modes are explicit.

The new lookup:

if keyRef.KeyID != "" {
	var existingKey configstoreTables.TableKey
	if err := tx.Where("key_id = ?", keyRef.KeyID).First(&existingKey).Error; err != nil {
		if errors.Is(err, gorm.ErrRecordNotFound) {
			logger.Warn("referenced key %s not found for virtual key %s", keyRef.KeyID, virtualKey.ID)
			continue
		}
		return fmt.Errorf("failed to lookup key %s for virtual key %s: %w", keyRef.KeyID, virtualKey.ID, err)
	}
	existingKeys = append(existingKeys, existingKey)
}

gives a good balance:

• Missing referenced keys are logged and skipped without killing the whole governance bootstrap.
• Unexpected DB errors abort the transaction with a clear error.

This should make virtual‑key initialization robust in the presence of stale references.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dce3e0c and a128370.

📒 Files selected for processing (3)

• core/bifrost.go (1 hunks)
• core/schemas/account.go (1 hunks)
• framework/configstore/tables/key.go (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• core/schemas/account.go

🔇 Additional comments (2)

core/bifrost.go (2)

2507-2510: LGTM: Disabled keys correctly skipped in ListModels path.

The logic properly checks for explicitly disabled keys (Enabled != nil && !*Enabled) and treats unset values as enabled by default, which aligns with the feature objectives.

---

2517-2521: LGTM: Disabled keys correctly skipped in model selection path.

The implementation consistently filters out disabled keys across both the ListModels path and the regular model selection path, correctly treating nil as enabled by default.

[akshaydeo]

@slyang08 thanks for the PR ❤️ . Have a look at CodeRabbit comments. Ill review as soon as these comments are resolved

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

core/bifrost.go (2)

2505-2515: Enabled flag handling for ListModelsRequest looks correct; consider consistency with getAllSupportedKeys

The Enabled != nil && !*Enabled guard is nil‑safe and preserves “nil means enabled” semantics, which matches the new field’s documented default. That part looks good.

One thing to double‑check: List‑models requests that go through getAllSupportedKeys (used in ListModelsRequest) still ignore the Enabled flag, while this ListModels branch in selectKeyFromProviderForModel skips disabled keys. If the product expectation is “disabled keys are never used anywhere”, you may also want to filter them out in getAllSupportedKeys for consistency; if list‑models is intentionally allowed to use disabled keys, a short comment here or on getAllSupportedKeys explaining the distinction would help future readers.

---

2517-2523: Skipping disabled keys in main selection path is correct; small DRY helper could reduce duplication

This guard correctly excludes disabled keys from consideration for normal requests while treating Enabled == nil as enabled. That aligns with the new flag’s semantics.

Given the same check now appears in both branches of this function (and may appear elsewhere later), consider extracting a tiny helper like func isKeyEnabled(k schemas.Key) bool and using it in both loops to keep the logic in one place. Not required, but it would reduce duplication and make future tweaks to enablement behavior safer.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a128370 and 713254a.

📒 Files selected for processing (6)

• core/bifrost.go (1 hunks)
• core/schemas/account.go (1 hunks)
• framework/configstore/tables/key.go (1 hunks)
• transports/bifrost-http/lib/config.go (1 hunks)
• ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (4 hunks)
• ui/lib/types/config.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (5)

• framework/configstore/tables/key.go
• ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
• ui/lib/types/config.ts
• core/schemas/account.go
• transports/bifrost-http/lib/config.go

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

always check the stack if there is one for the current PR. do not give localized reviews for the PR, always see all changes in the light of the whole stack of PRs (if there is a stack, if there is no stack you can continue to make localized suggestions/reviews)

Files:

• core/bifrost.go

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (1)

105-118: Update colSpan to account for the new Enabled column

The table now has four columns (API Key, Weight, Enabled, actions), but the “No keys found.” row still uses colSpan={3}, which will misalign the empty state with the header.

You can fix this by updating the colSpan:

-              <TableRow>
-                <TableCell colSpan={3} className="py-6 text-center">
+              <TableRow>
+                <TableCell colSpan={4} className="py-6 text-center">
                   No keys found.
                 </TableCell>
               </TableRow>

🧹 Nitpick comments (1)

ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (1)

133-153: Normalize enabled state once per row and reuse it for Switch and Edit gating

Right now !!key.enabled is used directly, and disabled={!key.enabled} on the Edit action. If key.enabled is ever undefined while the backend treats “missing” as default true, this would render the key as disabled in the UI and also block editing.

Consider deriving an isKeyEnabled per row with a default-true semantic, and reusing it for both the Switch and the Edit menu item (and optionally RBAC gating), e.g.:

-          {provider.keys.map((key, index) => {
-            return (
+          {provider.keys.map((key, index) => {
+            const isKeyEnabled = key.enabled ?? true;
+            return (
               <TableRow key={index} className="text-sm transition-colors hover:bg-white" onClick={() => {}}>
@@
-              <TableCell>
-                <Switch
-                  checked={!!key.enabled}
-                  disabled={!hasUpdateProviderAccess}
+              <TableCell>
+                <Switch
+                  checked={isKeyEnabled}
+                  disabled={!hasUpdateProviderAccess}
                   onCheckedChange={(checked) => {
                     updateProvider({
                       ...provider,
                       keys: provider.keys.map((k, i) =>
                         i === index ? { ...k, enabled: checked } : k
                       ),
                     })
@@
-                    <DropdownMenuItem
+                    <DropdownMenuItem
                       onClick={() => {
                         setShowAddNewKeyDialog({ show: true, keyIndex: index });
                       }}
-                      disabled={!key.enabled}
+                      disabled={!hasUpdateProviderAccess || !isKeyEnabled}
                     >

(Optionally, you could also add || isUpdatingProvider to the Switch’s disabled prop to prevent rapid re-toggles during an in‑flight update.)

Also applies to: 167-167

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 713254a and ff082f8.

📒 Files selected for processing (6)

• core/bifrost.go (1 hunks)
• core/schemas/account.go (1 hunks)
• framework/configstore/tables/key.go (3 hunks)
• transports/bifrost-http/lib/config.go (1 hunks)
• ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (4 hunks)
• ui/lib/types/config.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (5)

• framework/configstore/tables/key.go
• core/bifrost.go
• core/schemas/account.go
• transports/bifrost-http/lib/config.go
• ui/lib/types/config.ts

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

always check the stack if there is one for the current PR. do not give localized reviews for the PR, always see all changes in the light of the whole stack of PRs (if there is a stack, if there is no stack you can continue to make localized suggestions/reviews)

Files:

• ui/app/workspace/providers/views/modelProviderKeysTableView.tsx

🔇 Additional comments (1)

ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (1)

17-17: Switch import is correct and appropriately scoped

The Switch import from your shared UI library is consistent with its usage below; no issues here.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (1)

163-171: Add permission check to Edit menu item.

The Edit menu item is only disabled based on !key.enabled but doesn't check hasUpdateProviderAccess. A user without update permission could see the Edit option enabled (if the key is enabled) and potentially click it.

Apply this diff to also gate the Edit option by user permissions:

 <DropdownMenuItem
   onClick={() => {
     setShowAddNewKeyDialog({ show: true, keyIndex: index });
   }}
-  disabled={!key.enabled}
+  disabled={!key.enabled || !hasUpdateProviderAccess}
 >
   <PencilIcon className="mr-1 h-4 w-4" />
   Edit
 </DropdownMenuItem>

This ensures consistency with other UI elements that check hasUpdateProviderAccess.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ff082f8 and 4cd551e.

📒 Files selected for processing (6)

• core/bifrost.go (1 hunks)
• core/schemas/account.go (1 hunks)
• framework/configstore/tables/key.go (3 hunks)
• transports/bifrost-http/lib/config.go (1 hunks)
• ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (4 hunks)
• ui/lib/types/config.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• ui/lib/types/config.ts
• core/bifrost.go
• core/schemas/account.go

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

always check the stack if there is one for the current PR. do not give localized reviews for the PR, always see all changes in the light of the whole stack of PRs (if there is a stack, if there is no stack you can continue to make localized suggestions/reviews)

Files:

• framework/configstore/tables/key.go
• transports/bifrost-http/lib/config.go
• ui/app/workspace/providers/views/modelProviderKeysTableView.tsx

🔇 Additional comments (5)

framework/configstore/tables/key.go (2)

68-71: LGTM!

The defaulting logic correctly ensures that Enabled is always set to true when nil before saving to the database, maintaining consistency with the GORM default and preventing any ambiguity in the persisted state.

---

177-180: LGTM!

The AfterFind hook correctly applies the default true value when Enabled is nil after loading from the database, providing a safety net and ensuring consistent in-memory representation.

ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (1)

115-115: LGTM!

The colSpan correctly updated to 4 to match the new column count (API Key, Weight, Enabled, Actions).

transports/bifrost-http/lib/config.go (2)

1386-1390: LGTM!

Correctly includes the Enabled field in the redacted provider key output. The boolean/pointer value is not sensitive and does not require redaction.

---

342-352: Critical: Enabled field not copied during database-to-schema conversion.

When loading provider configurations from the database, the Enabled field is not copied from dbKey (type TableKey) to the schemas.Key struct. This causes enabled keys to lose their enabled state in memory, and they will be treated as disabled (nil) throughout the system.

Apply this diff to include the Enabled field in the conversion:

 keys[i] = schemas.Key{
   ID:               dbKey.ID,
   Name:             dbKey.Name,
   Value:            dbKey.Value,
   Models:           dbKey.Models,
   Weight:           dbKey.Weight,
+  Enabled:          dbKey.Enabled,
   AzureKeyConfig:   dbKey.AzureKeyConfig,
   VertexKeyConfig:  dbKey.VertexKeyConfig,
   BedrockKeyConfig: dbKey.BedrockKeyConfig,
 }

[slyang08]

@slyang08 thanks for the PR ❤️ . Have a look at CodeRabbit comments. Ill review as soon as these comments are resolved

Hi akshaydeo, thank you for the response, I think I have followed the comments from CodeRabbit and fixed the problems.

[Pratham-Mishra04]

Hey @slyang08, the PR looks good - only one piece remaining in adding a migration in framework/configstore/migrations.go for adding this new column since we do all migrations manually.

[slyang08]

only one piece remaining in adding a migration in framework/configstore/migrations.go for adding this new column since we do all migrations manually.

Hi @Pratham-Mishra04, I followed what you mentioned and tried to fix the problem, I think it is okay. However, if there is anything that I should improve, please let me know, thank you.