feat: complexity router : adds complexity_tier CEL routing

[Madhuvod]

Summary

Briefly explain the purpose of this PR and the problem it solves.

Changes

• What was changed and why
• Any notable design decisions or trade-offs

Type of change

• Bug fix
• Feature
• Refactor
• Documentation
• Chore/CI

Affected areas

• Core (Go)
• Transports (HTTP)
• Providers/Integrations
• Plugins
• UI (React)
• Docs

How to test

Describe the steps to validate this change. Include commands and expected outcomes.

# Core/Transports
go version
go test ./...

# UI
cd ui
pnpm i || npm i
pnpm test || npm test
pnpm build || npm run build

If adding new configs or environment variables, document them here.

Screenshots/Recordings

If UI changes, add before/after screenshots or short clips.

Breaking changes

• Yes
• No

If yes, describe impact and migration instructions.

Related issues

Link related issues and discussions. Example: Closes #123

Security considerations

Note any security implications (auth, secrets, PII, sandboxing, etc.).

Checklist

• I read docs/contributing/README.md and followed the guidelines
• I added/updated tests where appropriate
• I updated documentation where needed
• I verified builds succeed (Go and UI)
• I verified the CI pipeline passes locally if applicable

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: c60a2a73-563a-49db-bc52-7588e2f1c703

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a complexity analyzer that extracts lexical signals from requests and prior user turns, computes a blended complexity score and tier, extracts inputs from multiple API payload shapes, and wires a lazily-computed complexity_tier into routing-rule CEL evaluation with tests covering integration and edge cases.

Changes

Request Complexity Scoring and Governance Routing

Layer / File(s)	Summary
Complexity scoring engine plugins/governance/complexity/config.go, plugins/governance/complexity/keywords.go, plugins/governance/complexity/matcher.go, plugins/governance/complexity/utils.go, plugins/governance/complexity/analyzer.go, plugins/governance/complexity/analyzer_test.go	Analyzer computes complexity by extracting and weighting lexical signals (code, reasoning, technical, simple) from last user text and system prompts, applies conversation-context blending and conditional dampeners, enforces output-complexity floors, and classifies into tiers. Matcher uses whole-word, boundary-substring, and plain-substring strategies. Tests cover tiers, helper functions, and edge cases.
Request payload extraction plugins/governance/complexity_extract.go, plugins/governance/complexity_extract_test.go	Parses and normalizes ComplexityInput from Responses/chat/Gemini/Bedrock/text-completion shapes, enforces text-only user content, concatenates system/developer text, and extracts last/prior user turns. Tests validate mixed-modality rejection, streaming, and unsupported types.
CEL expression reference detection plugins/governance/routing_cel_refs.go	Memoized utilities to detect whether a CEL expression references an identifier (e.g., complexity_tier) by parsing ASTs and traversing nodes with comprehension scoping to avoid false positives.
Routing CEL integration plugins/governance/routing.go, plugins/governance/store.go, plugins/governance/routing_complexity_test.go	Wires complexity_tier as a CEL variable; RoutingContext carries a lazy computeComplexity function. EvaluateRoutingRules checks rule ASTs and computes complexity on-demand (at most once per evaluation chain). CEL evaluation supports partial unknown attributes; unknown results are treated as non-matches. GetRoutingProgram enables partial evaluation only when needed. Tests validate partial evaluation, short-circuit behavior, and literal non-trigger cases.
Plugin lifecycle and integration plugins/governance/main.go, plugins/governance/httptransportprehook_test.go	GovernancePlugin initializes ComplexityAnalyzer in Init/InitFromStore. applyRoutingRules creates a lazy computeComplexity closure that builds input, runs analyzer, logs tier/score/word-count, and appends routing logs; closure is wired into RoutingContext. End-to-end tests verify complexity analyzer feeds CEL variables when referenced and is skipped otherwise.

Sequence Diagram

sequenceDiagram
  participant HTTP as HTTPTransportPreHook
  participant Apply as ApplyRoutingRules
  participant EvalRules as EvaluateRoutingRules
  participant CELRef as CELRefsChecker
  participant Analyzer as ComplexityAnalyzer
  participant CELExec as evaluateCELExpression
  HTTP->>Apply: incoming request
  Apply->>Apply: build RoutingContext with lazy computeComplexity
  Apply->>EvalRules: start rule evaluation
  loop per routing rule
    EvalRules->>CELRef: does rule reference complexity_tier?
    alt references
      EvalRules->>Analyzer: computeComplexity() (lazy, cached)
      Analyzer->>Analyzer: extract ComplexityInput and analyze
      Analyzer->>EvalRules: ComplexityResult (tier, score, word count)
      EvalRules->>CELExec: evaluate rule with complexity_tier value
    else not referenced
      EvalRules->>CELExec: evaluate rule with complexity_tier unknown (partial)
    end
    CELExec->>EvalRules: boolean match result
  end
  EvalRules->>Apply: matched routing decision
  Apply->>HTTP: rewritten model/provider

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Suggested reviewers

• roroghost17

Poem

A rabbit hops through signals bright,
Counting tokens, code, and light,
Blending past with present plea,
Tiers decide the route you’ll be,
Hooray — complexity set free! 🐰✨

🚥 Pre-merge checks | ✅ 2 | ❌ 3

❌ Failed checks (3 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is a blank template with all sections unfilled; it provides no actual summary, implementation details, testing instructions, or any concrete information about the changes.	Complete all required sections: provide a clear summary of the feature, explain the implementation rationale, specify affected areas, detail testing steps, and describe any breaking changes or security implications.
Linked Issues check	⚠️ Warning	The linked issue #123 concerns Files API support (uploads, RAG, fine-tuning), which is unrelated to the complexity_tier CEL routing feature described in this PR.	Either link the correct issues related to complexity routing or remove the incorrect reference to #123 if no relevant issue exists.
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.62% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: complexity router : adds complexity_tier CEL routing' accurately describes the main feature addition: implementing complexity_tier as a CEL routing variable.
Out of Scope Changes check	✅ Passed	The PR adds a comprehensive complexity analysis and routing system across multiple new files (analyzer, config, keywords, matcher, utils, extraction, routing integration) that coherently implements the complexity_tier feature with extensive test coverage.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 05-24-feat_complexity_router_adds_complexity_tier_cel_routing

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Madhuvod]

• feat(helm): add complexity analyzer config values support #3948
• docs for complexity router and openapi reference #3716
• feat(ui): add complexity router config UI and CEL support #3715
• complexity router : add complexity analyzer config DB and API changes #3712
• feat: complexity router : adds complexity_tier CEL routing #3711 👈 (View in Graphite)
• feat: enforce routing allowlist in core and propagate VK provider constraints via context key #3936 : 1 other dependent PR (#4014 )
• docs: document PreRequestHook routing phase, per-request vs per-attempt semantics, and updated plugin sequencing #3935
• refactor: move model-catalog provider resolution into a modelcatalogresolver PreRequestHook plugin #3934
• refactor: migrate governance routing from HTTPTransportPreHook to PreRequestHook #3933
• feat: add PreRequestHook to LLMPlugin interface as a once-per-request routing phase before PreLLMHook #3932
• dev

This stack of pull requests is managed by Graphite. Learn more about stacking.

[greptile-apps]

Confidence Score: 5/5

Safe to merge — the lazy-computation, partial-evaluation, and fail-closed unknown handling are all correct; no existing routing paths are affected when rules do not reference complexity_tier.

The core routing logic is unchanged for non-complexity rules. Complexity computation runs at most once per request, the CEL partial-evaluation path is correctly gated at program-creation time in the store, and the test suite covers the boundary conditions (negative predicates, unavailable complexity, chain steps, mixed-modality opt-out) thoroughly.

routingcelrefs.go (unbounded package-level cache) and complexityextract.go (whole-request opt-out on any prior non-text user turn) have minor design trade-offs worth revisiting before scaling to high rule-churn deployments.

Important Files Changed

Filename	Overview
plugins/governance/complexity/analyzer.go	New stateless complexity scorer with weighted keyword signals, conversation blending, and referential-followup detection; well-tested, no shared mutable state.
plugins/governance/routingcelrefs.go	New CEL AST walker that detects whether an expression references complexity_tier as an identifier; scoping logic for comprehensions is correct, but the package-level identity-ref cache has unbounded lifetime.
plugins/governance/routing.go	Adds lazy complexity computation per-rule, partial-evaluation unknowns when complexity is unavailable, and complexity_tier CEL variable; chain-step re-application of cached result is correct.
plugins/governance/complexityextract.go	Text extraction from chat/responses/text-completion requests; correctly skips unsupported types and mixed-modality user turns, but the early-return on any non-text prior user message opts out the entire request.
plugins/governance/store.go	Programs for complexity-referencing rules compiled with cel.OptPartialEval; correctly gated on celASTReferencesIdentifier check.
plugins/governance/main.go	Adds complexityAnalyzer to GovernancePlugin, initialized in both Init and InitFromStore; lazy closure correctly guards logger with nil check.

_{Reviews (15): Last reviewed commit: "feat: complexity router : adds complexit..." | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

plugins/governance/routing.go (1)

191-202: ⚡ Quick win

Defer complexity analysis until after CEL compilation succeeds.

computeComplexity() runs before GetRoutingProgram, so a malformed rule that mentions complexity_tier still pays the request-time extraction/scoring cost even though the rule is skipped immediately afterward.

♻️ Suggested change

 				re.logger.Debug("[RoutingEngine] Evaluating rule: name=%s, expression=%s", rule.Name, rule.CelExpression)

 				referencesComplexity := celExpressionReferencesIdentifier(rule.CelExpression, "complexity_tier")

-				// Lazy complexity: compute only when a rule references complexity and it hasn't been computed yet
-				if complexityResult == nil && computeComplexity != nil && referencesComplexity {
-					complexityResult = computeComplexity()
-					computeComplexity = nil // compute at most once
-					if complexityResult != nil {
-						variables["complexity_tier"] = complexityResult.Tier
-					}
-				}
-
 				program, err := re.store.GetRoutingProgram(ctx, rule)
 				if err != nil {
 					re.logger.Warn("[RoutingEngine] Failed to compile rule %s: %v", rule.Name, err)
 					ctx.AppendRoutingEngineLog(schemas.RoutingEngineRoutingRule, schemas.LogLevelError, fmt.Sprintf("Rule '%s' skipped: compile error: %v", rule.Name, err))
 					continue
 				}
+
+				// Lazy complexity: compute only when a valid rule references complexity
+				// and it hasn't been computed yet.
+				if complexityResult == nil && computeComplexity != nil && referencesComplexity {
+					complexityResult = computeComplexity()
+					computeComplexity = nil // compute at most once
+					if complexityResult != nil {
+						variables["complexity_tier"] = complexityResult.Tier
+					}
+				}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugins/governance/routing.go` around lines 191 - 202, The code eagerly calls
computeComplexity() before attempting CEL compilation, causing wasted work for
malformed rules; change the flow so referencesComplexity is still detected but
delay calling computeComplexity() (and setting
complexityResult/variables["complexity_tier"]) until after
re.store.GetRoutingProgram(ctx, rule) returns successfully (no err). Keep the
existing guard (computeComplexity != nil and complexityResult == nil) and the
once-only behavior (set computeComplexity = nil after running) and use the same
symbols (referencesComplexity, computeComplexity, complexityResult,
re.store.GetRoutingProgram, rule.CelExpression) so complexity extraction/scoring
only occurs for rules that compile.

plugins/governance/main.go (1)

1003-1028: 💤 Low value

Inconsistent nil-guard on p.logger.

Line 1009 guards p.logger.Debug with if p.logger != nil, but line 1024 calls p.logger.Debug unconditionally. For consistency (and defensive safety if logger could ever be nil), add the same guard on line 1024.

♻️ Suggested fix

         return result
     }
-    p.logger.Debug("[Governance] Complexity analysis skipped: unsupported request type")
+    if p.logger != nil {
+        p.logger.Debug("[Governance] Complexity analysis skipped: unsupported request type")
+    }
     ctx.AppendRoutingEngineLog(schemas.RoutingEngineRoutingRule, schemas.LogLevelInfo, "Complexity analysis skipped: no supported text-bearing input detected")
     return nil

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugins/governance/main.go` around lines 1003 - 1028, The code in the
computeComplexity closure uses p.logger.Debug guarded once but later calls
p.logger.Debug at the end unguarded; update the closure used by
computeComplexity to check p.logger != nil before calling p.logger.Debug on the
"Complexity analysis skipped" path (the same nil-guard used earlier), so wrap
that second p.logger.Debug call in an if p.logger != nil { ... } block to avoid
potential nil dereference in the computeComplexity function/method.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@plugins/governance/httptransportprehook_test.go`:
- Around line 480-486: The test's loop over bfCtx.GetRoutingEngineLogs()
currently looks for the substring "Complexity analysis" which misses success
logs like "Complexity: tier=..."; update the assertion to search for the broader
substring "Complexity" when comparing entry.Message for entries with Engine ==
schemas.RoutingEngineRoutingRule so any complexity-related log (both skip and
success) fails the test, e.g., change the strings.Contains check to use
"Complexity" and keep the same failure message and routing engine filter.

---

Nitpick comments:
In `@plugins/governance/main.go`:
- Around line 1003-1028: The code in the computeComplexity closure uses
p.logger.Debug guarded once but later calls p.logger.Debug at the end unguarded;
update the closure used by computeComplexity to check p.logger != nil before
calling p.logger.Debug on the "Complexity analysis skipped" path (the same
nil-guard used earlier), so wrap that second p.logger.Debug call in an if
p.logger != nil { ... } block to avoid potential nil dereference in the
computeComplexity function/method.

In `@plugins/governance/routing.go`:
- Around line 191-202: The code eagerly calls computeComplexity() before
attempting CEL compilation, causing wasted work for malformed rules; change the
flow so referencesComplexity is still detected but delay calling
computeComplexity() (and setting complexityResult/variables["complexity_tier"])
until after re.store.GetRoutingProgram(ctx, rule) returns successfully (no err).
Keep the existing guard (computeComplexity != nil and complexityResult == nil)
and the once-only behavior (set computeComplexity = nil after running) and use
the same symbols (referencesComplexity, computeComplexity, complexityResult,
re.store.GetRoutingProgram, rule.CelExpression) so complexity extraction/scoring
only occurs for rules that compile.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 851f02ff-74bb-40bc-8c32-a4bbad63851f

📥 Commits

Reviewing files that changed from the base of the PR and between ff463d9 and 89613dd.

📒 Files selected for processing (14)

• plugins/governance/complexity/analyzer.go
• plugins/governance/complexity/analyzer_test.go
• plugins/governance/complexity/config.go
• plugins/governance/complexity/keywords.go
• plugins/governance/complexity/matcher.go
• plugins/governance/complexity/utils.go
• plugins/governance/complexity_extract.go
• plugins/governance/complexity_extract_test.go
• plugins/governance/httptransportprehook_test.go
• plugins/governance/main.go
• plugins/governance/routing.go
• plugins/governance/routing_cel_refs.go
• plugins/governance/routing_complexity_test.go
• plugins/governance/store.go

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

plugins/governance/httptransportprehook_test.go (1)

389-390: ⚡ Quick win

Use bifrost.Ptr(...) for routing target pointers in these tests.

Please replace &provider / &model with bifrost.Ptr(provider) / bifrost.Ptr(model) to stay consistent with repository pointer-construction conventions.

♻️ Proposed fix

-						{Provider: &provider, Model: &model, Weight: 1.0},
+						{Provider: bifrost.Ptr(provider), Model: bifrost.Ptr(model), Weight: 1.0},
...
-						{Provider: &provider, Model: &model, Weight: 1.0},
+						{Provider: bifrost.Ptr(provider), Model: bifrost.Ptr(model), Weight: 1.0},

Based on learnings: "prefer using bifrost.Ptr() to create pointers instead of the address operator (&) ... including test utilities."

Also applies to: 449-450

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugins/governance/httptransportprehook_test.go` around lines 389 - 390,
Replace uses of the address operator for routing target pointers with the
repository helper: change occurrences of &provider and &model to
bifrost.Ptr(provider) and bifrost.Ptr(model) in the test so routing entries use
bifrost.Ptr(...) consistently (look for the table entries constructing routing
targets where Provider and Model fields are set). Ensure you update all
occurrences mentioned (including the ones around lines indicated) so tests use
bifrost.Ptr for pointer construction.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@plugins/governance/complexity_extract.go`:
- Around line 177-193: The branch handling case []interface{} incorrectly
concatenates multiple prompt entries into one synthetic prompt (variable p) and
sets ComplexityInput.LastUserText, which merges separate prompts; instead, treat
batched prompts as unsupported for single-text complexity extraction by
returning complexity.ComplexityInput{} and false (i.e., do not build
LastUserText) so callers can handle batch prompts explicitly or fail closed;
update the case []interface{} branch to avoid joining items (remove the
strings.Builder logic) and simply return an empty ComplexityInput and false when
p is a []interface{}.

---

Nitpick comments:
In `@plugins/governance/httptransportprehook_test.go`:
- Around line 389-390: Replace uses of the address operator for routing target
pointers with the repository helper: change occurrences of &provider and &model
to bifrost.Ptr(provider) and bifrost.Ptr(model) in the test so routing entries
use bifrost.Ptr(...) consistently (look for the table entries constructing
routing targets where Provider and Model fields are set). Ensure you update all
occurrences mentioned (including the ones around lines indicated) so tests use
bifrost.Ptr for pointer construction.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: eadf37b9-8a48-4090-9437-ac4a49de104c

📥 Commits

Reviewing files that changed from the base of the PR and between 89613dd and 7a674e4.

📒 Files selected for processing (14)

• plugins/governance/complexity/analyzer.go
• plugins/governance/complexity/analyzer_test.go
• plugins/governance/complexity/config.go
• plugins/governance/complexity/keywords.go
• plugins/governance/complexity/matcher.go
• plugins/governance/complexity/utils.go
• plugins/governance/complexity_extract.go
• plugins/governance/complexity_extract_test.go
• plugins/governance/httptransportprehook_test.go
• plugins/governance/main.go
• plugins/governance/routing.go
• plugins/governance/routing_cel_refs.go
• plugins/governance/routing_complexity_test.go
• plugins/governance/store.go

[CLAassistant]

All committers have signed the CLA.

[Madhuvod]

`@coderabbitai` approve

[coderabbitai]

@Madhuvod — Approving the PR now! 🐇 ✨

✅ Action performed

Comments resolved. Approval is disabled; enable reviews.request_changes_workflow to allow explicit top-level @coderabbitai resolve or @coderabbitai approve commands.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@Madhuvod — Confirmed. Your .coderabbit.yaml has request_changes_workflow: false, which is why the approval command has no effect.

To fix it, update the single line in .coderabbit.yaml:

reviews:
  request_changes_workflow: true   # change from false → true

Once that change is merged into your default branch (dev), the @coderabbitai approve command will submit an official GitHub approval on future PRs. After merging, come back here and post @coderabbitai approve again and I'll approve this PR right away. 🐇

[akshaydeo]

Merge activity

• Jun 10, 1:30 PM UTC: A user started a stack merge that includes this pull request via Graphite.
• Jun 10, 1:31 PM UTC: @akshaydeo merged this pull request with Graphite.