Add gateway implementation to handle llm deployment

[Arshardh]

Purpose

Add gateway implementation to handle llm deployment

Summary by CodeRabbit

• New Features
  • Added support for LLM provider deployment lifecycle events, enabling the system to recognize and process LLM provider deployments and undeployments through WebSocket messaging.
  • Extended control plane capabilities to manage LLM provider configurations with enhanced event handling and integration with existing API deployment workflows.

[coderabbitai]

Walkthrough

The changes extend the control plane client to support LLM provider deployment lifecycle management. New event types capture LLM provider deployed and undeployed events, while the client now accepts a lazy resource manager and template definitions to initialize an LLM deployment service. Event handlers process LLM provider events by fetching provider definitions and delegating to the deployment service. Utility functions support fetching provider definitions and creating deployments from YAML. All test call sites are updated to pass the extended parameter signatures.

Changes

Cohort / File(s)	Summary
Controller Initialization cmd/controller/main.go	Updated NewClient call to pass lazyResourceXDSManager and templateDefinitions parameters to match the expanded signature.
LLM Deployment Service Integration pkg/controlplane/client.go	Added llmDeploymentService field to Client struct. Extended NewClient signature with lazyResourceManager and templateDefinitions parameters. Integrated event handling for llmprovider.deployed and llmprovider.undeployed lifecycle events with corresponding handler methods that fetch provider definitions and manage deployments.
Event Type Definitions pkg/controlplane/events.go	Added four new exported types: LLMProviderDeployedEventPayload, LLMProviderDeployedEvent, LLMProviderUndeployedEventPayload, and LLMProviderUndeployedEvent to represent LLM provider lifecycle events.
Utility Functions for LLM Operations pkg/utils/api_utils.go	Added FetchLLMProviderDefinition method to retrieve LLM provider definitions via HTTP GET with API key authentication. Added CreateLLMProviderFromYAML method to create LLM provider deployments from YAML data.
Test Updates pkg/controlplane/client_integration_test.go, pkg/controlplane/controlplane_test.go	Updated all NewClient call sites to supply additional nil arguments, matching the extended parameter list required by the updated constructor signature.

Sequence Diagram

sequenceDiagram
    participant WS as WebSocket Connection
    participant CM as Client (handleMessage)
    participant LH as LLM Event Handler
    participant AU as API Utils Service
    participant LDS as LLM Deployment Service
    
    WS->>CM: Receive llmprovider.deployed event
    CM->>LH: handleLLMProviderDeployedEvent(payload)
    LH->>AU: FetchLLMProviderDefinition(providerID)
    AU-->>LH: Return provider definition (bytes)
    LH->>AU: CreateLLMProviderFromYAML(yamlData, providerID, correlationID)
    AU->>LDS: DeployLLMProviderConfiguration(...)
    LDS-->>AU: Deployment result
    AU-->>LH: Return deployment result
    LH->>LH: Log deployment completion

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 Events hop through the gateway with care,
LLM providers deployed everywhere,
New handlers catch what websockets send,
YAML blooms as deployments transcend,
Lifecycle events, a rabbit's delight! 🚀

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is severely incomplete, containing only a Purpose section with minimal detail and missing all other required sections (Goals, Approach, User stories, Documentation, Automation tests, Security checks, Samples, Related PRs, Test environment).	Complete the PR description by filling in all required sections: Goals, Approach, User stories, Documentation, Automation tests (with coverage details), Security checks, Samples, Related PRs, and Test environment details.
Docstring Coverage	⚠️ Warning	Docstring coverage is 22.22% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main purpose of the changes: adding gateway implementation for LLM deployment handling.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@gateway/gateway-controller/pkg/utils/api_utils.go`:
- Around line 132-140: The tls.Config used when constructing the HTTP client
(see the tls.Config in the client := &http.Client{...} block) and the tls.Config
used in FetchAPIDefinition must explicitly set MinVersion (e.g., MinVersion:
tls.VersionTLS12 or tls.VersionTLS13) to avoid falling back to legacy TLS
versions; update both locations to include MinVersion and, if possible, factor
creation of the TLS config into a shared helper (e.g., newTLSConfig or
getTLSConfig) used by the HTTP client construction and FetchAPIDefinition so the
MinVersion is consistently applied.

🧹 Nitpick comments (2)

gateway/gateway-controller/pkg/utils/api_utils.go (1)

122-177: Consider extracting common HTTP fetch logic to reduce duplication.

FetchLLMProviderDefinition is nearly identical to FetchAPIDefinition (lines 66–120) — only the URL path segment and log/error messages differ. A shared private helper (e.g., fetchDefinition(resourceType, id string)) would eliminate ~50 lines of duplication and make future changes (e.g., adding TLS MinVersion, retry logic, or shared headers) easier to maintain.

♻️ Sketch of a shared helper

+// fetchResourceDefinition downloads a resource definition (API or LLM provider) from the control plane.
+func (s *APIUtilsService) fetchResourceDefinition(resourcePath, resourceID, resourceLabel string) ([]byte, error) {
+	url := s.config.BaseURL + "/" + resourcePath + "/" + resourceID
+
+	s.logger.Info("Fetching "+resourceLabel+" definition",
+		slog.String("id", resourceID),
+		slog.String("url", url),
+	)
+
+	client := &http.Client{
+		Timeout: s.config.Timeout,
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: s.config.InsecureSkipVerify,
+				MinVersion:         tls.VersionTLS12,
+			},
+		},
+	}
+
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create request: %w", err)
+	}
+	req.Header.Add("api-key", s.config.Token)
+	req.Header.Add("Accept", "application/zip")
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to fetch %s definition: %w", resourceLabel, err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		bodyBytes, _ := io.ReadAll(resp.Body)
+		return nil, fmt.Errorf("%s request failed with status %d: %s", resourceLabel, resp.StatusCode, string(bodyBytes))
+	}
+
+	bodyBytes, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read response body: %w", err)
+	}
+
+	s.logger.Info("Successfully fetched "+resourceLabel+" definition",
+		slog.String("id", resourceID),
+		slog.Int("size_bytes", len(bodyBytes)),
+	)
+	return bodyBytes, nil
+}
+
 func (s *APIUtilsService) FetchAPIDefinition(apiID string) ([]byte, error) {
-	// ... current implementation ...
+	return s.fetchResourceDefinition("apis", apiID, "API")
 }
 
 func (s *APIUtilsService) FetchLLMProviderDefinition(providerID string) ([]byte, error) {
-	// ... current implementation ...
+	return s.fetchResourceDefinition("llm-providers", providerID, "LLM provider")
 }

gateway/gateway-controller/cmd/controller/main.go (1)

315-315: NewClient now takes 14 positional parameters — consider a config/options struct.

This single call is hard to read and fragile (easy to swap adjacent nil-able arguments). A dedicated ClientDeps or options struct would improve readability and make future extensions safer. This isn't blocking, but worth tracking.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Missing TLS MinVersion — flagged by static analysis.

The tls.Config lacks a MinVersion, defaulting to TLS 1.0 on older Go versions. The same issue exists in FetchAPIDefinition (line 79). Consider setting MinVersion: tls.VersionTLS12 (or tls.VersionTLS13) in both places — ideally in the shared helper suggested above.

🧰 Tools

🪛 ast-grep (0.40.5)

[warning] 135-137: MinVersionis missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. AddMinVersion: tls.VersionTLS13' to the TLS configuration to bump the minimum version to TLS 1.3.
Context: tls.Config{
InsecureSkipVerify: s.config.InsecureSkipVerify,
}
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
https://owasp.org/Top10/A02_2021-Cryptographic_Failures

(missing-ssl-minversion-go)

🤖 Prompt for AI Agents

In `@gateway/gateway-controller/pkg/utils/api_utils.go` around lines 132 - 140,
The tls.Config used when constructing the HTTP client (see the tls.Config in the
client := &http.Client{...} block) and the tls.Config used in FetchAPIDefinition
must explicitly set MinVersion (e.g., MinVersion: tls.VersionTLS12 or
tls.VersionTLS13) to avoid falling back to legacy TLS versions; update both
locations to include MinVersion and, if possible, factor creation of the TLS
config into a shared helper (e.g., newTLSConfig or getTLSConfig) used by the
HTTP client construction and FetchAPIDefinition so the MinVersion is
consistently applied.