feat(proxy): self-provision catch-all tenant when no default configured (Option B, no hardcoded id)#342
Merged
Conversation
…when no default configured (no hardcoded id) Tenant-less /v1 traffic (no X-LLMTrace-Tenant-ID and no derivable API key) is now attributed to a catch-all tenant rather than rejected with 401. At startup build_app_state resolves an effective catch-all tenant id via config::resolve_catch_all_tenant_id: - Option A: when LLMTRACE_DEFAULT_TENANT_ID is set (lifecycle-supplied), that id is used verbatim. - Option B (fallback): when unset, a fresh TenantId(Uuid::new_v4()) is GENERATED at runtime (never a hardcoded literal), stamped onto config.default_tenant_id, and logged. The resolved id is materialised as a real tenant row via the idempotent ensure_tenant_exists for BOTH cases so the catch-all surfaces in queries/dashboard. The request path reads config.default_tenant_id to stamp tenant-less traffic, so the 401 branch becomes a defensive guard.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proxy side of the catch-all design. Pairs with the lifecycle PR (#341, Option A primary).
Change
build_app_stateresolves an effective catch-all tenant viaresolve_catch_all_tenant_id:LLMTRACE_DEFAULT_TENANT_IDis set (lifecycle-supplied), use it verbatim.TenantId(Uuid::new_v4())at runtime (never hardcoded), log it, and use it.Then
ensure_tenant_exists(catch_all_id, "catch-all")(idempotent) so the catch-all is a real tenant row in both cases. Tenant-less/v1traffic is attributed to the catch-all; the 401 path remains only as a defensive guard.No hardcoded id
Option B is purely
Uuid::new_v4(); a test asserts the id is never nil / never the anonymous sentinel, and that two builds produce distinct ids (proving runtime generation).proxy.rschange is doc-comment only.Tests (7, all pass)
config.rs: configured-id-used, generated-when-unset, distinct-across-builds, never-nil/sentinel. main.rs: full
build_app_statefor configured + self-provisioned + distinct-across-builds (catch-all row present, name "catch-all").Verification
cargo fmt --all0;cargo clippy --workspace -- -D warnings0;cargo test -p llmtrace -p llmtrace-core -p llmtrace-storage0;cargo build --workspace0.