Commit Graph
6553 Commits
Author SHA1 Message Date
yuneng-jiang c7fe400d4d [Fix] Service account visibility for team members
Regular team members could not see service accounts belonging to their
team. Additionally, former team members could still see service accounts
they created via the created_by filter after leaving the team.

- Add get_member_team_ids() to retrieve all teams a user belongs to
- Regular members now see team service accounts (user_id=NULL) but not
  other members' personal keys
- Scope created_by filter to the user's current team memberships
- Add 7 unit tests covering the new visibility rules
2026-02-19 16:29:43 -08:00
Ishaan JaffandGitHub 3d8c042ca5 feat: prompt injection guardrail policy template (#21520)
* add semantic guard constants

* add SEMANTIC_GUARD enum value

* add keyword-based prompt injection policy template

* add semantic prompt injection route template

* add semantic guard route loader

* add semantic guard guardrail

* add semantic guard registration

* add semantic guard tests

* enhance SQL injection keyword category with more patterns and exceptions

* add standalone SQL injection policy template

* add SQL injection semantic guard route template

* add SQL injection guardrail tests

* remove standalone sql_injection policy template, use categories/prompt_injection_sql.yaml instead
2026-02-19 15:06:06 -08:00
jquinterandGitHub f106c97bf2 Merge pull request #21609 from BerriAI/fix/delete-keys-return-failed-tokens
fix(key management): return failed_tokens in delete_verification_tokens response
2026-02-19 19:31:39 -03:00
Julio Quinteros ProandClaude Sonnet 4.6 b9f36645f3 fix(key management): populate failed_tokens for admin partial-delete path
The admin bulk-delete path (prisma_client.delete_data) was never comparing
the DB return value against the requested tokens, so failed_tokens was
always empty for admins even when the DB silently skipped some tokens.

Adds the same mismatch check as the non-admin path, and a new test that
exercises admin bulk-delete returning fewer tokens than requested.

Fixes gap identified by Greptile review on #21609.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-19 19:28:03 -03:00
Julio Quinteros ProandClaude Sonnet 4.6 079bc364bb fix(key management): return failed_tokens in delete_verification_tokens response
Instead of raising an exception when some requested tokens are not found
in the DB, populate `failed_tokens` in the return dict so callers can
inspect which keys were not deleted without catching a generic Exception.

Supersedes #12577.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-19 19:10:55 -03:00
Ishaan JaffandGitHub c9cdce96fa feat(policy): test playground for AI policy suggestions (#21608)
* fix aviation safety topic filter: remove overly broad exceptions, add cockpit access block words

* fix airline brand protection filter: add identifier words, competitor/ops block words, tighten exceptions

* feat(policy): add POST /policy/templates/test endpoint for testing guardrails before creating them

* feat(ui): add testPolicyTemplate networking function

* feat(ui): add test playground to AI policy suggestion modal

* test(policy): add tests for POST /policy/templates/test endpoint
2026-02-19 14:09:20 -08:00
Ishaan JaffandGitHub 779c355f1e feat: add airline off-topic restriction policy template (#21607)
* fix aviation safety topic filter: remove overly broad exceptions, add cockpit access block words

* fix airline brand protection filter: add identifier words, competitor/ops block words, tighten exceptions

* feat: add airline off-topic restriction policy template

* feat: register airline off-topic restriction in policy templates backup

* test: add tests for airline off-topic restriction policy template

* fix: remove overly broad block words (explain, recommend, suggest, best) to reduce false positives

* test: add false-positive tests for recommend/explain airline queries
2026-02-19 13:45:59 -08:00
Ishaan JaffandGitHub e9a07347dc fix: reduce proxy overhead for large base64 payloads (#21594)
* fix aviation safety topic filter: remove overly broad exceptions, add cockpit access block words

* fix airline brand protection filter: add identifier words, competitor/ops block words, tighten exceptions

* add constants for large payload handling and detailed timing

* add base64 truncation for logging payloads

* use shallow copy for messages, track copy and callback timing

* add callback duration and detailed timing to response metadata

* add callback duration header, size-gate debug logging, detailed timing headers

* add tests for callback timing, base64 truncation, and detailed timing

* fix code quality: extract helpers, fix regex, clean up imports

* rewrite _truncate_base64_in_value iteratively to satisfy recursive detector
2026-02-19 12:10:52 -08:00
Ishaan JaffandGitHub b209b11522 feat: AI policy template suggestions (#21589)
* fix aviation safety topic filter: remove overly broad exceptions, add cockpit access block words

* fix airline brand protection filter: add identifier words, competitor/ops block words, tighten exceptions

* add example_sentences to all policy templates + topic-filtering and prompt-injection templates

* add policy_endpoints package with AI policy suggester

* update test patch targets for policy_endpoints package move

* add unit tests for AI policy suggester

* add suggestPolicyTemplates networking function

* add AI suggestion modal component

* add Use AI button and template loading callback to PolicyTemplates

* wire up AI suggestion modal in policies page

* fix policy_templates_backup.json path after package move

* add estimated_latency field to all policy templates

* use llm_router and accept model parameter in ai_policy_suggester

* add model param to suggest templates endpoint

* pass model param in suggestPolicyTemplates

* polish ai suggestion modal: model selector, auto-growing textareas, latency badges

* add template queue for processing multiple AI-suggested templates

* show template progress badge in guardrail selection modal
2026-02-19 12:00:26 -08:00
michelligabrieleandGitHub 16cfdccc7b fix(bedrock): add Accept header for AgentCore MCP server requests (#21551)
AgentCore MCP server endpoints require the Accept header to contain
both application/json and text/event-stream per the MCP specification
(Streamable HTTP transport). Without this header, requests are rejected
with a 406 Not Acceptable error (JSON-RPC code -32011).

Sets the Accept header at the top of sign_request() so both JWT/Bearer
and SigV4 authentication paths include it.
2026-02-19 11:35:14 -08:00
milan-berriandGitHub 506d1dff43 fix: handle deprovisioning operations without path field (#21571)
* fix(scim): handle deprovisioning operations without path field

When SCIM providers send deprovisioning requests without a path field
(e.g., {"op": "replace", "value": {"active": false}}), the code was
storing the value under an empty string key in metadata.

This fix:
- Detects operations with no path where value is a dict
- Extracts and handles known fields like 'active' correctly
- Sets metadata["scim_active"] = false instead of metadata[""] = {"active": false}

Fixes: SCIM deprovisioning creating empty string keys in user metadata

* fix(scim): handle all known fields in operations without path

Extended the fix to handle all SCIM fields (not just active) when
operations have no path field:
- active -> scim_active
- displayName -> user_alias
- externalId -> user_id
- name.givenName/familyName -> scim_metadata

Added comprehensive test for multiple fields without path.

Addresses Greptile review feedback on RFC 7644 compliance.

* trigger PR update
2026-02-19 11:09:04 -08:00
yuneng-jiang c911cfbabf Merge remote-tracking branch 'origin' into litellm_key_last_active_tracking 2026-02-19 10:27:48 -08:00
Sameer Kankute 9f66a4c122 Fix test_reasoning_effort_dict_format_gemini_3 2026-02-19 22:14:20 +05:30
michelligabrieleandGitHub 053ee4826f fix(websearch_interception): fix pre_call_deployment_hook not triggering via proxy router (#21433)
* fix(websearch_interception): fix pre_call_deployment_hook not triggering via proxy router

Fix provider lookup (check top-level kwargs + fallback to get_llm_provider),
return full kwargs dict instead of partial, and use OpenAI-format tool definition.

* remove unnecessary inline import
2026-02-19 06:38:45 -08:00
Sameer KankuteandGitHub ca34e9a3f9 Merge pull request #21543 from BerriAI/litellm_passthrough_endpoint_method
Add method based routing for passthrough endpoints
2026-02-19 19:34:04 +05:30
Sameer KankuteandCursor f2393fc9cb Merge main into litellm_passthrough_endpoint_method
Resolved conflicts in pass_through_endpoints.py by:
- Accepting main's formatting and mypy fixes
- Preserving branch's method support feature
- Preserving branch's default_query_params feature

Combined changes include:
- Method filtering for passthrough endpoints
- Default query parameters support
- Updated route key format to include methods
- Code formatting improvements from main
- Fixed type annotations

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-19 19:22:41 +05:30
Sameer KankuteandGitHub 647e5237a7 Merge pull request #21555 from BerriAI/litellm_server_side_compaction_trans
[Feat] Add server side compaction translation from openai to anthropic
2026-02-19 19:14:37 +05:30
Sameer KankuteandGitHub 8bcca905a7 Merge pull request #21539 from BerriAI/litellm_fix_azure_store_param
Fix: add stop param as supported for openai and azure
2026-02-19 19:12:43 +05:30
Sameer KankuteandGitHub 1ad9d26c6f Merge pull request #21559 from BerriAI/fix_openai/bge-multilingual-gemma2
Fix usage in xai
2026-02-19 19:07:09 +05:30
Sameer KankuteandGitHub 308cdb2720 Merge pull request #21557 from SherifWaly/sherif.waly/add-reasoning-multi-turn-hosted-vllm
Convert thinking_blocks to content blocks for hosted_vllm multi-turn
2026-02-19 18:56:09 +05:30
Sameer Kankute fc7fa73b6f Fix usage in xai 2026-02-19 18:48:30 +05:30
Sameer KankuteandGitHub 0bea9c1dbc Merge pull request #21497 from SolitudePy/fix/github-provider-match-openai-metadata
fix: allow github aliases to reuse upstream model metadata
2026-02-19 18:30:33 +05:30
Sameer KankuteandGitHub ea8c8ebc05 Merge pull request #21547 from ZeroAurora/remove-dashscope-str-transformation
fix: remove list-to-str transformation from dashscope
2026-02-19 18:20:06 +05:30
sherif.walyandClaude Opus 4.6 5774c845d8 Convert thinking_blocks to content blocks for hosted_vllm multi-turn
For multi-turn conversations, convert thinking_blocks on assistant
messages into content blocks prepended before the rest of the content,
so reasoning context is passed back to the hosted_vllm API.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-19 12:25:18 +00:00
Sameer KankuteandGitHub 02e10c9a74 Merge branch 'main' into litellm_server_side_compaction_trans 2026-02-19 16:45:53 +05:30
Sameer Kankute a52fc738af Add server side compaction translation from openai to anthropic 2026-02-19 16:44:35 +05:30
Harshit JainandGitHub 9a71ba3505 Merge pull request #21078 from Harshit28j/litellm_project_management_apis
Litellm project management apis
2026-02-19 14:26:11 +05:30
ZeroAurora 64c916b37b fix: remove list-to-str transformation from dashscope 2026-02-19 07:30:13 +00:00
yuneng-jiangandClaude Opus 4.6 6097905e55 [Feature] Track key last active timestamp
Virtual keys only track created_at and updated_at, which don't indicate
when a key was last used. This adds a last_active field that gets updated
during the async batch spend update, giving admins visibility into which
keys are actively being used.

Changes:
- Add last_active DateTime? to VerificationToken and
  DeletedVerificationToken in all 3 schema files and Python types
- Set last_active in the batch key spend update alongside spend increment
- Add Last Active column to virtual keys UI table with info popover
  and hover tooltip showing full date/time with timezone

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-18 23:11:58 -08:00
Sameer Kankute 4e111d4372 Add test got method speicifc routing 2026-02-19 11:58:48 +05:30
yuneng-jiangandGitHub 70d5281b52 Merge pull request #21537 from BerriAI/litellm_team_member_usage_permission
[Feature] Allow team members to view entire team usage
2026-02-18 22:01:13 -08:00
Sameer Kankute 44a68cf1c6 Fix: add stop param as supported for openai and azure 2026-02-19 11:26:38 +05:30
Ishaan JaffandGitHub 1a5133f229 Competitor guardrails: streaming discovery, variations, pre/post split (#21533)
* fix aviation safety topic filter: remove overly broad exceptions, add cockpit access block words

* fix airline brand protection filter: add identifier words, competitor/ops block words, tighten exceptions

* update policy templates with competitor pre/post guardrails and streaming enrichment

* sync policy_templates_backup.json with policy_templates.json

* add streaming enrichment endpoint, competitor variations, and model selection

* add streaming enrichPolicyTemplate networking function

* rewrite template parameter modal with streaming tags, AI/manual toggle, model selector

* update policies panel to pass enrichment options and show discovered competitors

* show discovered competitors as tags in guardrail selection modal

* use llm_router instead of litellm.acompletion, extract helpers, move constants

* validate competitors list size, cap variation prompt input

* add refinement instruction support for competitor discovery

* add instruction and existingCompetitors params to streaming enrichment

* add refinement input for iterating on competitor list with AI

* emit status events during variation generation so UI shows progress

* add onStatus callback to streaming enrichment

* show status spinner during variation generation, widen modal to 700px

* add tests for competitor enrichment helper functions
2026-02-18 21:39:19 -08:00
yuneng-jiangandClaude Opus 4.6 528b21ad1d [Feature] Allow team members to view entire team usage
Add a new team member permission `/team/daily/activity` that allows
non-admin team members to see all team usage data, not just their own.

## Changes
- Add `TEAM_DAILY_ACTIVITY` to `KeyManagementRoutes` enum and available
  team member permissions
- Add `_team_member_has_permission` helper in `common_utils.py`
- Modify `/team/daily/activity` endpoint to skip API key filtering when
  the member has this permission
- Add permission description and method detection in the UI
- Add backend and frontend tests

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-18 21:38:40 -08:00
jquinterandGitHub abc4603675 Merge pull request #21476 from BerriAI/fix/test-log-record-message-attr
fix(tests): use record.getMessage() instead of record.message for LogRecord
2026-02-19 02:21:54 -03:00
jquinterandGitHub 2c1d2fa948 Merge pull request #21439 from BerriAI/fix/restore-default-internal-user-params
fix(test): restore default_internal_user_params to None instead of delattr
2026-02-19 02:19:10 -03:00
jquinterandGitHub 53cfb93a06 Merge pull request #21536 from BerriAI/fix/mcp-test-failures-from-user-permissions
fix(tests): update MCP tests broken by user permissions commit (#21462)
2026-02-19 02:17:49 -03:00
Julio Quinteros ProandClaude Sonnet 4.6 a9d3c49572 fix(tests): update MCP tests broken by user permissions commit (#21462)
Four tests were broken by commit e00c181f0c (Mcp user permissions #21462):

1. test_list_tools_single_server_unprefixed_names: The commit changed
   _get_tools_from_mcp_servers to always add server prefixes (add_prefix=True),
   removing the conditional that skipped prefixing for single servers.
   Updated assertion from "toolA" → "zapier-toolA".

2. test_mcp_get_prompt_success: mcp_get_prompt now extracts the server name
   from a prefixed prompt name via split_server_prefix_from_name(). Passing
   unprefixed "hello" returns server_name="" which matches no server → 403.
   Updated call to use "server_a-hello" so the server lookup succeeds.

3. test_e2e_jwt_team_mcp_permissions_enforced &
4. test_e2e_jwt_team_mcp_key_intersection:
   The commit replaced `from typing import List` with
   `from litellm.proxy.proxy_server import general_settings` in
   MCPRequestHandler.get_allowed_mcp_servers(). Both tests mock
   litellm.proxy.proxy_server with a types.ModuleType that lacked
   general_settings, causing ImportError. Added general_settings={} to
   both mock modules.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-19 02:09:11 -03:00
jquinterandGitHub d106393394 Merge pull request #21505 from BerriAI/fix/spend-test-model-cost-contamination
fix(tests): restore litellm.model_cost after TestPriceDataReloadIntegration tests
2026-02-19 02:06:13 -03:00
jquinterandGitHub 01ff53822c Merge pull request #21440 from BerriAI/fix/langfuse-test-sys-modules-mock
fix: prevent sys.modules["langfuse"] import failures in langfuse unit tests
2026-02-19 01:47:07 -03:00
Julio Quinteros ProandClaude Sonnet 4.6 063238a789 chore: resolve merge conflict with main
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-19 01:46:13 -03:00
Julio Quinteros ProandClaude Sonnet 4.6 68b83b1376 fix(tests): restore litellm.model_cost after TestPriceDataReloadIntegration tests
test_complete_reload_flow and test_distributed_reload_check_function both
trigger code paths that assign a minimal stub dict to litellm.model_cost
(via the /reload/model_cost_map endpoint and _check_and_reload_model_cost_map).
Without restoring, subsequent tests in the same worker can't find gpt-4o
pricing and calculate spend=0.0 instead of the expected value.

Added try/finally save-and-restore of litellm.model_cost in both tests,
matching the pattern used in test_reload_model_cost_map_admin_access.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-19 01:42:48 -03:00
Harshit JainandGitHub 66ce7513f6 Merge branch 'main' into litellm_project_management_apis 2026-02-19 08:40:12 +05:30
Sameer Kankute 51146c4c94 Fix:test_anthropic_messages_with_all_beta_headers 2026-02-19 08:35:38 +05:30
e00c181f0c Mcp user permissions (#21462)
* feat(schema.prisma): add object permissions for end users

allows controlling if end user can call specific mcp servers

* feat: cleanup for customer_endpoints support of object permission id

* fix: cleanup str

* feat(customers/): enforce end user can only call allowed mcps - if configured

* docs: document customer/end user object permission usage

* feat: enforce end user permissions on MCP tool calls

This commit implements end user permission enforcement for MCP servers:

1. Always add server prefixes to MCP tool names
   - Removed conditional logic that only added prefixes when multiple servers existed
   - Now always adds server prefix for consistent tool naming across all scenarios
   - Updated 5 locations in server.py (list_tools, get_prompts, get_resources,
     get_resource_templates, get_prompt)

2. Created MCP End User Permission Guardrail Hook
   - New guardrail hook: litellm/proxy/guardrails/guardrail_hooks/mcp_end_user_permission.py
   - Runs on post_call to validate tool calls in LLM responses
   - Extracts MCP server name from tool names (splits on first '-')
   - Checks if end_user_id has permissions for the MCP server
   - Raises GuardrailRaisedException if end user lacks permission
   - Supports both streaming and non-streaming responses

3. Added comprehensive tests
   - Test file: tests/test_litellm/proxy/guardrails/guardrail_hooks/test_mcp_end_user_permission.py
   - Tests cover: authorized/unauthorized tools, non-MCP tools, no end_user scenarios
   - Tests permission checking logic and exception raising

The hook integrates with the existing MCPRequestHandler._get_allowed_mcp_servers_for_end_user
to fetch end user permissions and enforce access control at the response level.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* refactor: remove redundant add_prefix variable assignments

Simplified the code by removing intermediate `add_prefix` variable
assignments and passing `True` directly to function calls since
we now always add server prefixes.

Changes:
- Removed `add_prefix = True` variable assignments in 5 locations
- Changed `add_prefix=add_prefix` to `add_prefix=True` in function calls
- Added inline comments to clarify the behavior

This makes the code more concise and clearer in intent.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* feat(auth_utils.py): support safety_identifier as a valid way of passing the end user id for responses api

* feat(llms): ensure 'tools' is correctly updated for responses api

* fix: fix greptile feedback

* feat: transformation.py

proper responses api tool handling for guardrail translation layer

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-18 18:53:59 -08:00
Krish DholakiaandIshaan Jaffer a385126a7c Litellm dev compliance UI (#21457)
* feat(ui/): initial commit adding a compliance testing playground

allow proxy admins to test policies and guardrails against datasets

* feat(ui/): make score more friendly

* feat(policy_endpoints.py): new helper function for testing policies

* feat(policy_endpoints.py): expose new endpoint for testing policies and guardrails

enables compliance playground to work as expected

* feat(complianceui.tsx): show returned text
2026-02-18 18:22:43 -08:00
Ishaan JaffandGitHub 323aed7211 fix: CI failures - missing env key doc + streaming test (#21510)
* docs: add DATABRICKS_API_KEY to environment settings reference

* fix: streaming test usage check on Pydantic model

* fix: mock litellm.proxy.proxy_server in test_skip_server_startup
2026-02-18 18:20:32 -08:00
yuneng-jiangandGitHub 2c6095bdf2 Merge pull request #21511 from BerriAI/litellm_store_model_in_db_from_database
[Feature] Allow store_model_in_db to be set via database
2026-02-18 17:43:56 -08:00
yuneng-jiangandGitHub 64fe3a502e Merge pull request #21503 from BerriAI/litellm_sso_role_map
fix(sso): preserve SSO role regardless of role_mappings config
2026-02-18 17:31:49 -08:00
yuneng-jiangandClaude Opus 4.6 6356db560d [Feature] Allow store_model_in_db to be set via database
Users had to set store_model_in_db in the config YAML and restart the proxy,
causing service downtime. This change allows the value to be written to the
LiteLLM_Config table and read from the database at runtime, with DB values
overriding config file values.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-18 17:25:39 -08:00