feat: governance plugin refactor

Author: Pratham-Mishra04

core/schemas/context.go

@@ -170,6 +170,9 @@ func (bc *BifrostContext) SetValue(key, value any) {
 	}
 	bc.valuesMu.Lock()
 	defer bc.valuesMu.Unlock()
+	if bc.userValues == nil {
+		bc.userValues = make(map[any]any)
+	}
 	bc.userValues[key] = value
 }
 

framework/configstore/rdb.go

@@ -1274,7 +1274,58 @@ func (s *RDBConfigStore) GetAllRedactedKeys(ctx context.Context, ids []string) (
 
 // DeleteVirtualKey deletes a virtual key from the database.
 func (s *RDBConfigStore) DeleteVirtualKey(ctx context.Context, id string) error {
-	return s.db.WithContext(ctx).Delete(&tables.TableVirtualKey{}, "id = ?", id).Error
+	if err := s.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
+		var virtualKey tables.TableVirtualKey
+		if err := tx.WithContext(ctx).Preload("ProviderConfigs").First(&virtualKey, "id = ?", id).Error; err != nil {
+			return err
+		}
+
+		// Delete provider config associated budgets and rate limits first
+		for _, pc := range virtualKey.ProviderConfigs {
+			// Delete the keys join table entries
+			if err := tx.WithContext(ctx).Exec("DELETE FROM governance_virtual_key_provider_config_keys WHERE table_virtual_key_provider_config_id = ?", pc.ID).Error; err != nil {
+				return err
+			}
+			// Delete the budget associated with the provider config
+			if pc.BudgetID != nil {
+				if err := tx.WithContext(ctx).Delete(&tables.TableBudget{}, "id = ?", *pc.BudgetID).Error; err != nil {
+					return err
+				}
+			}
+			// Delete the rate limit associated with the provider config
+			if pc.RateLimitID != nil {
+				if err := tx.WithContext(ctx).Delete(&tables.TableRateLimit{}, "id = ?", *pc.RateLimitID).Error; err != nil {
+					return err
+				}
+			}
+		}
+
+		// Delete all provider configs associated with the virtual key
+		if err := tx.WithContext(ctx).Delete(&tables.TableVirtualKeyProviderConfig{}, "virtual_key_id = ?", id).Error; err != nil {
+			return err
+		}
+		// Delete all MCP configs associated with the virtual key
+		if err := tx.WithContext(ctx).Delete(&tables.TableVirtualKeyMCPConfig{}, "virtual_key_id = ?", id).Error; err != nil {
+			return err
+		}
+		// Delete the budget associated with the virtual key
+		if virtualKey.BudgetID != nil {
+			if err := tx.WithContext(ctx).Delete(&tables.TableBudget{}, "id = ?", virtualKey.BudgetID).Error; err != nil {
+				return err
+			}
+		}
+		// Delete the rate limit associated with the virtual key
+		if virtualKey.RateLimitID != nil {
+			if err := tx.WithContext(ctx).Delete(&tables.TableRateLimit{}, "id = ?", virtualKey.RateLimitID).Error; err != nil {
+				return err
+			}
+		}
+		// Delete the virtual key
+		return tx.WithContext(ctx).Delete(&tables.TableVirtualKey{}, "id = ?", id).Error
+	}); err != nil {
+		return err
+	}
+	return nil
 }
 
 // GetVirtualKeyProviderConfigs retrieves all virtual key provider configs from the database.
@@ -1477,7 +1528,21 @@ func (s *RDBConfigStore) UpdateTeam(ctx context.Context, team *tables.TableTeam,
 
 // DeleteTeam deletes a team from the database.
 func (s *RDBConfigStore) DeleteTeam(ctx context.Context, id string) error {
-	return s.db.WithContext(ctx).Delete(&tables.TableTeam{}, "id = ?", id).Error
+	if err := s.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
+		var team tables.TableTeam
+		if err := tx.WithContext(ctx).First(&team, "id = ?", id).Error; err != nil {
+			return err
+		}
+		// Set team_id to null for all virtual keys associated with the team
+		if err := tx.WithContext(ctx).Model(&tables.TableVirtualKey{}).Where("team_id = ?", id).Update("team_id", nil).Error; err != nil {
+			return err
+		}
+		// Delete the team
+		return tx.WithContext(ctx).Delete(&tables.TableTeam{}, "id = ?", id).Error
+	}); err != nil {
+		return err
+	}
+	return nil
 }
 
 // GetCustomers retrieves all customers from the database.
@@ -1534,7 +1599,37 @@ func (s *RDBConfigStore) UpdateCustomer(ctx context.Context, customer *tables.Ta
 
 // DeleteCustomer deletes a customer from the database.
 func (s *RDBConfigStore) DeleteCustomer(ctx context.Context, id string) error {
-	return s.db.WithContext(ctx).Delete(&tables.TableCustomer{}, "id = ?", id).Error
+	if err := s.db.WithContext(ctx).Transaction(func(tx *gorm.DB) error {
+		var customer tables.TableCustomer
+		if err := tx.WithContext(ctx).First(&customer, "id = ?", id).Error; err != nil {
+			return err
+		}
+		// Set customer_id to null for all virtual keys associated with the customer
+		if err := tx.WithContext(ctx).Model(&tables.TableVirtualKey{}).Where("customer_id = ?", id).Update("customer_id", nil).Error; err != nil {
+			return err
+		}
+		// Set customer_id to null for all teams associated with the customer
+		if err := tx.WithContext(ctx).Model(&tables.TableTeam{}).Where("customer_id = ?", id).Update("customer_id", nil).Error; err != nil {
+			return err
+		}
+		// Delete the customer
+		return tx.WithContext(ctx).Delete(&tables.TableCustomer{}, "id = ?", id).Error
+	}); err != nil {
+		return err
+	}
+	return nil
+}
+
+// GetRateLimits retrieves all rate limits from the database.
+func (s *RDBConfigStore) GetRateLimits(ctx context.Context) ([]tables.TableRateLimit, error) {
+	var rateLimits []tables.TableRateLimit
+	if err := s.db.WithContext(ctx).Find(&rateLimits).Error; err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return nil, ErrNotFound
+		}
+		return nil, err
+	}
+	return rateLimits, nil
 }
 
 // GetRateLimit retrieves a specific rate limit from the database.

framework/configstore/store.go

@@ -100,6 +100,7 @@ type ConfigStore interface {
 	DeleteCustomer(ctx context.Context, id string) error
 
 	// Rate limit CRUD
+	GetRateLimits(ctx context.Context) ([]tables.TableRateLimit, error)
 	GetRateLimit(ctx context.Context, id string) (*tables.TableRateLimit, error)
 	CreateRateLimit(ctx context.Context, rateLimit *tables.TableRateLimit, tx ...*gorm.DB) error
 	UpdateRateLimit(ctx context.Context, rateLimit *tables.TableRateLimit, tx ...*gorm.DB) error

framework/configstore/tables/budget.go

@@ -23,11 +23,11 @@ type TableBudget struct {
 func (TableBudget) TableName() string { return "governance_budgets" }
 
 // BeforeSave hook for Budget to validate reset duration format and max limit
-func (b *TableBudget) BeforeSave(tx *gorm.DB) error {	
+func (b *TableBudget) BeforeSave(tx *gorm.DB) error {
 	// Validate that ResetDuration is in correct format (e.g., "30s", "5m", "1h", "1d", "1w", "1M", "1Y")
 	if d, err := ParseDuration(b.ResetDuration); err != nil {
 		return fmt.Errorf("invalid reset duration format: %s", b.ResetDuration)
-	}else if d <= 0 {
+	} else if d <= 0 {
 		return fmt.Errorf("reset duration must be > 0: %s", b.ResetDuration)
 	}
 	// Validate that MaxLimit is not negative (budgets should be positive)

plugins/governance/main.go

@@ -44,9 +44,9 @@ type GovernancePlugin struct {
 	wg         sync.WaitGroup // Track active goroutines
 
 	// Core components with clear separation of concerns
-	store    *GovernanceStore // Pure data access layer
-	resolver *BudgetResolver  // Pure decision engine for hierarchical governance
-	tracker  *UsageTracker    // Business logic owner (updates, resets, persistence)
+	store    GovernanceStore // Pure data access layer
+	resolver *BudgetResolver // Pure decision engine for hierarchical governance
+	tracker  *UsageTracker   // Business logic owner (updates, resets, persistence)
 
 	// Dependencies
 	configStore  configstore.ConfigStore
@@ -96,12 +96,12 @@ func Init(
 	ctx context.Context,
 	config *Config,
 	logger schemas.Logger,
-	store configstore.ConfigStore,
+	configStore configstore.ConfigStore,
 	governanceConfig *configstore.GovernanceConfig,
 	modelCatalog *modelcatalog.ModelCatalog,
 	inMemoryStore InMemoryStore,
 ) (*GovernancePlugin, error) {
-	if store == nil {
+	if configStore == nil {
 		logger.Warn("governance plugin requires config store to persist data, running in memory only mode")
 	}
 	if modelCatalog == nil {
@@ -114,7 +114,7 @@ func Init(
 		isVkMandatory = config.IsVkMandatory
 	}
 
-	governanceStore, err := NewGovernanceStore(ctx, logger, store, governanceConfig)
+	governanceStore, err := NewLocalGovernanceStore(ctx, logger, configStore, governanceConfig)
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize governance store: %w", err)
 	}
@@ -123,10 +123,10 @@ func Init(
 	resolver := NewBudgetResolver(governanceStore, logger)
 
 	// 3. Tracker (business logic owner, depends on store and resolver)
-	tracker := NewUsageTracker(ctx, governanceStore, resolver, store, logger)
+	tracker := NewUsageTracker(ctx, governanceStore, resolver, configStore, logger)
 
 	// 4. Perform startup reset check for any expired limits from downtime
-	if store != nil {
+	if configStore != nil {
 		if err := tracker.PerformStartupResets(ctx); err != nil {
 			logger.Warn("startup reset failed: %v", err)
 			// Continue initialization even if startup reset fails (non-critical)
@@ -139,7 +139,7 @@ func Init(
 		store:         governanceStore,
 		resolver:      resolver,
 		tracker:       tracker,
-		configStore:   store,
+		configStore:   configStore,
 		modelCatalog:  modelCatalog,
 		logger:        logger,
 		isVkMandatory: isVkMandatory,
@@ -148,6 +148,54 @@ func Init(
 	return plugin, nil
 }
 
+func InitFromStore(
+	ctx context.Context,
+	config *Config,
+	logger schemas.Logger,
+	governanceStore GovernanceStore,
+	configStore configstore.ConfigStore,
+	modelCatalog *modelcatalog.ModelCatalog,
+	inMemoryStore InMemoryStore,
+) (*GovernancePlugin, error) {
+	if configStore == nil {
+		logger.Warn("governance plugin requires config store to persist data, running in memory only mode")
+	}
+	if modelCatalog == nil {
+		logger.Warn("governance plugin requires model catalog to calculate cost, all cost calculations will be skipped.")
+	}
+	if governanceStore == nil {
+		return nil, fmt.Errorf("governance store is nil")
+	}
+	// Handle nil config - use safe default for IsVkMandatory
+	var isVkMandatory *bool
+	if config != nil {
+		isVkMandatory = config.IsVkMandatory
+	}
+	resolver := NewBudgetResolver(governanceStore, logger)
+	tracker := NewUsageTracker(ctx, governanceStore, resolver, configStore, logger)
+	// Perform startup reset check for any expired limits from downtime
+	if configStore != nil {
+		if err := tracker.PerformStartupResets(ctx); err != nil {
+			logger.Warn("startup reset failed: %v", err)
+			// Continue initialization even if startup reset fails (non-critical)
+		}
+	}
+	ctx, cancelFunc := context.WithCancel(ctx)
+	plugin := &GovernancePlugin{
+		ctx:           ctx,
+		cancelFunc:    cancelFunc,
+		store:         governanceStore,
+		resolver:      resolver,
+		tracker:       tracker,
+		configStore:   configStore,
+		modelCatalog:  modelCatalog,
+		logger:        logger,
+		inMemoryStore: inMemoryStore,
+		isVkMandatory: isVkMandatory,
+	}
+	return plugin, nil
+}
+
 // GetName returns the name of the plugin
 func (p *GovernancePlugin) GetName() string {
 	return PluginName
@@ -596,6 +644,6 @@ func (p *GovernancePlugin) postHookWorker(result *schemas.BifrostResponse, provi
 }
 
 // GetGovernanceStore returns the governance store
-func (p *GovernancePlugin) GetGovernanceStore() *GovernanceStore {
+func (p *GovernancePlugin) GetGovernanceStore() GovernanceStore {
 	return p.store
 }