Add live Redis-backed admin key propagation across replicas

[Iweisc]

• ADMIN_KEY is bootstrapped into a scoped Redis slot with SETNX
• running instances poll that Redis slot every 500ms
• when the value changes, the in-memory admin key is updated without restart
• /api auth continues using in-memory state, so request handling does not hit Redis

[Iweisc]

I have some cool safety features in my mind that requires the ADMIN_KEY to hot-reload WITHOUT the deployments restarting.

[Iweisc]

One of those features could be like a fail-safe that triggers when certain actions are invoked, and you can rotate the ADMIN_KEY on the fly without any disruptions. The feature opens up a door to wide range of features. Oh and it has some nice performance boosts too.

[Iweisc]

You can even count admin/internal key matches with near-zero hot-path cost because the match logic is precomputed.

[cla-assistant]

All committers have signed the CLA.

[Iweisc]

Here are some cool use cases and features this opens up the door to, while i may not open follow up PRs with these features, i plan to follow up on some:

• Zero-downtime ADMIN_KEY rotation across all replicas.
• Instant cluster-wide revocation of a compromised admin credential.
• Break-glass admin cutovers during incidents without restarts.
• External control-plane driven admin-secret rollout.
• Secret-manager or automation-driven key updates without pod recycling.
• Auto-convergence of new or restarted replicas onto the active admin key.
• Action-triggered fail-safe workflows that rotate privileged access immediately.
• Kill-switch or maintenance workflows gated by a live-rotatable admin credential.
• Temporary elevated admin-access windows with fast rollback.
• Future dual-key or grace-period rotations with the same central auth state model.
• Unified privileged auth behavior across /api, /v1, and /mcp.
• Format-tolerant privileged auth for raw, Bearer, sk-, and Bearer sk- forms.
• Easier future support for more privileged token formats without touching every middleware path.
• Centralized privileged-auth policy instead of scattered per-handler parsing logic.
• Hot-swappable in-memory auth state using atomic reads instead of restart-time env reloads.
• Lower hot-path overhead for privileged auth because token variants are precomputed once.
• Easier rollout of admin-backed runtime controls and operator APIs.
• Easier implementation of scoped or derived privileged credentials later.
• Easier auditing, metrics, and hooks around privileged-key changes.
• Safer rolling deploys when privileged credentials change mid-rollout.

I believe, since we are pre-computing tokenVariants, adminKeyState, internalTokenState, etc etc. I believe with the speed enhancements, it'll allow for EVEN more features, that were previously impractical before because of the speed.

[zijiren233]

Thank you for your contribution; please sign the CLA.

[Iweisc]

@zijiren233 doesn't seem to be working for me, but i'll try again.

[zijiren233]

A commit has two contributors; sertdev has not signed the CLA, preventing CI execution.

[Iweisc]

A commit has two contributors; sertdev has not signed the CLA, preventing CI execution.

No. So, the thing is that "sertdev" is actually me, i am assuming the bot is detecting two contributors because i set my git config to the name sertdev instead of it matching the github name.....i can't really sign as sertdev.

[zijiren233]

You may have used an incorrect commit email/username. Please sign the CLA correctly and resolve the conflicts.

[Iweisc]

@zijiren233 yup, umm how do i sign the CLA as sertdev?

[zijiren233]

you can use git commit --amend to edit all commits https://github.com/labring/aiproxy/pull/527/commits

[Iweisc]

@zijiren233 Ow, then i'd have to force push but i am assuming that is allowed.

[Iweisc]

fixed the issue.

[zijiren233]

Great! You’ve succeeded. Next, you need to resolve the conflicts.

[Iweisc]

@zijiren233 on it.

[Iweisc]

@zijiren233 fixed

[Iweisc]

@zijiren233 fixed in 35c872b. Moved the admin-key cache sync/watch out of Redis initialization and into the task lifecycle. Startup now runs the first admin-key cache init synchronously after Redis init, before the background task starts; Redis init itself only sets up the client. I kept the Redis client setup in common and scoped the task change to admin-key cache state.

[Iweisc]

@zijiren233 fixed

[Copilot]

Pull request overview

Adds a Redis-backed, live-updating admin key cache so running instances can pick up admin key rotations without restart while keeping request auth fully in-memory.

Changes:

• Introduces task.AdminKeyCacheTask + InitAdminKeyCache to bootstrap/load the effective admin key from Redis (SETNX + polling).
• Updates auth middleware and config to support dynamic “effective” admin key matching (including Bearer/sk- variants) without Redis reads per request.
• Adds unit tests for admin key cache behavior and token normalization helpers; adds miniredis test dependency.

Reviewed changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
core/task/admin_key_cache.go	Implements Redis-backed admin key bootstrap + periodic sync into in-memory config state.
core/task/admin_key_cache_test.go	Adds tests using miniredis to validate bootstrap/load/update behavior and key stability.
core/common/config/env.go	Adds atomic-backed admin/internal token state, effective admin key selection, and variant matching helpers.
core/middleware/auth.go	Switches auth checks to MatchEffectiveAdminKey/MatchInternalToken and centralizes token extraction/normalization.
core/middleware/mcp.go	Aligns MCP auth to new matching + normalization helpers.
core/middleware/auth_test.go	Tests request token precedence, normalization, and effective admin key behavior.
core/startup.go	Initializes admin key cache during service initialization and updates admin key generation to use getters/setters.
core/main.go	Starts the admin key cache polling task when Redis is enabled.
core/go.mod / core/go.sum	Adds github.com/alicebob/miniredis/v2 (and indirect deps) for Redis-backed tests.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Iweisc]

@zijiren233 fixed.