Skip to content

feat: add policy-driven grant routing#88

Merged
steipete merged 8 commits into
mainfrom
feat/issue-59-grant-routing-policies
Jul 7, 2026
Merged

feat: add policy-driven grant routing#88
steipete merged 8 commits into
mainfrom
feat/issue-59-grant-routing-policies

Conversation

@steipete

@steipete steipete commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add manifest-declared response-header and on-demand quota collectors for OpenAI and Anthropic
  • add policy-controlled priority, round-robin, least-used, most-remaining, weighted, identity-sticky, and session-sticky grant selection
  • add atomic selection counters, explicit eligibility and stale-state gates, bounded same-provider failover, OAuth weight propagation, and fail-closed pool behavior
  • expose grant routing, weight, quota windows, selection statistics, and quota refresh in the admin console; document the policy and provider-manifest contracts

Validation

  • pnpm check (62 worker, 26 admin, 43 script tests)
  • pnpm build
  • pnpm worker:e2e
  • source-blind behavior contract: all 9 clauses passed, covering round-robin, least-used, stickiness, eligibility, stale denial, disabled failover, quota probes, legacy defaults, and invalid policy rejection
  • local browser demo: JSON eligibility refs round-trip without delimiter loss; Upstream renders weight, counters, quota windows, refresh-token, and refresh-quota controls
  • structured review clean after fixes

Closes #59

@clawsweeper

clawsweeper Bot commented Jul 7, 2026

Copy link
Copy Markdown

ClawSweeper status: review started.

I am starting a fresh review of this pull request: feat: add policy-driven grant routing This is item 1/1 in the current shard. Shard 0/1.

This placeholder means the worker is alive and reading the current context. I will edit this same comment with the actual review when the claws are done clicking.

Crustacean status: shell secured, claws on keyboard, evidence pebbles being sorted.

@steipete steipete merged commit a49b48f into main Jul 7, 2026
6 checks passed
@steipete steipete deleted the feat/issue-59-grant-routing-policies branch July 7, 2026 03:47

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 738dc38470

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread worker/grant-selection.ts
for (const entry of entries) {
const tenant = entry.policy.tenantId ?? tenantId;
if (await selectGrant(providerId, entry.policyId, tenant, providerId, env)) return entry;
if ((await resolveGrantSelection(providerId, entry.policyId, tenant, providerId, env, new Set(), entry.policy.grantRouting, null, false)).selected) return entry;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Honor fail-closed policies during Access selection

When a Cloudflare Access identity has multiple matching policies, this checks only .selected and skips a higher-priority policy whose routing intentionally returns no grant while hasConfiguredGrant is true, e.g. eligibleGrants: { openai: [] } or staleState: "deny" with no fresh state. The request can then run under a lower-priority policy with an available grant, bypassing the new fail-closed/allowlist contract for browser Access flows; proxy-key flows still enforce it because they use the credential's single policy directly.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Feature Requests: quota-aware grant pools, live provider quota tracking, and same-provider failover

1 participant