Commit Graph

31 Commits

Author SHA1 Message Date
Alexsander Hamir 5534038e93 Fix CI: Revert security scan changes and add GitGuardian ignore rules (#18358) 2025-12-22 17:03:53 -08:00
Ishaan Jaffer 6112160a16 Revert "[Fix] Security - Remove example API keys with high entropy (#18255)"
This reverts commit 24edbccf5c.
2025-12-20 20:48:11 +05:30
Alexsander Hamir 24edbccf5c [Fix] Security - Remove example API keys with high entropy (#18255) 2025-12-19 10:09:50 -08:00
Yuta Saito 847bbd4fda fix: prefer _get_key_object_permission for key lookups and remove redundant checks 2025-12-18 09:50:56 +09:00
Ishaan Jaffer c4022ade49 test mapped tests MCP 2025-10-08 18:34:30 -07:00
Ishaan Jaff 36c971a6fd [MCP Gateway] QA/Fixes - Ensure Team/Key level enforcement works for MCPs (#15305)
* fix: _set_object_permission

* fix: _set_object_permission on teams

* fix: _set_object_permission

* fixes for team/key permissions

* statsh: object permission view

* fix: MCPServerPermissions

* fix: _get_team_object_permission

* test mcp checks for permissions

* fix server checks with prefix names

* test_list_tools_strips_prefix_when_matching_permissions

* ruff fix

* docs - refactor MCP

* docs update MCP docs

* docs allowed tools
2025-10-07 17:34:48 -07:00
Krrish Dholakia 0cd61a6a6a fix: simplify testing 2025-09-30 12:37:25 -07:00
Krrish Dholakia f32b0364c4 fix: fix tests 2025-09-28 17:55:46 -07:00
Krrish Dholakia 53d0cbb1b7 fix: update tests + logic for passing multiple headers 2025-09-28 09:09:11 -07:00
Krrish Dholakia 0ff7177373 feat(user_api_key_auth_mcp.py): pass extra headers from clientside straight through - allow multiple clientside headers
Closes LIT-952
2025-09-27 17:11:06 -07:00
Krrish Dholakia 5cdeb63cdd test: fix tests 2025-09-27 11:09:25 -07:00
Krrish Dholakia 7278ae5305 test: fix tests 2025-09-27 10:03:54 -07:00
Yuta Saito 7f8b1d0708 test: fix failing tests after conflict resolution 2025-09-19 07:48:37 +09:00
Yuta Saito 6c291093e9 fix: remove adding Mcp-Protocol-Version header (#14069)
The Mcp-Protocol-Version header is already handled in the MCP Python SDK, so the explicit addition on LiteLLM Proxy was redundant.
2025-09-19 07:05:20 +09:00
Krrish Dholakia 00d8dedd16 test: update test 2025-09-17 17:44:14 -07:00
Krrish Dholakia 1954bbffc0 test: fix test on ci/cd 2025-09-17 16:53:07 -07:00
Jugal D. Bhatt b8fe5f7b17 [MCP Gateway] LiteLLM Fix MCP gateway key auth (#13630)
* Fix - add safe divide by 0 for most places to prevent crash

* Enhance MCPRequestHandler to support permission inheritance and intersection logic for access groups. Added integration tests to verify behavior when keys have no permissions and when both keys and teams have overlapping permissions.

* Remove redundant assertions for permission checks in test_user_api_key_auth_mcp.py to streamline test logic.

* Refactor integration tests for MCPRequestHandler to simplify mocking. Replace complex database mocks with direct function mocks for permission inheritance and intersection scenarios, improving test clarity and maintainability.

* Revert "Fix - add safe divide by 0 for most places to prevent crash"

This reverts commit 265d40e39051e148996b9fb7f354730c57ff23ac.
2025-08-14 16:32:18 -07:00
Ishaan Jaff 1af0743e58 Revert "Revert "[MCP Gateway] Add protocol headers (#13062)""
This reverts commit acd915f2db.
2025-07-29 18:14:31 -07:00
Ishaan Jaff acd915f2db Revert "[MCP Gateway] Add protocol headers (#13062)"
This reverts commit 8de24bab7c.
2025-07-29 17:26:00 -07:00
Jugal D. Bhatt 8de24bab7c [MCP Gateway] Add protocol headers (#13062)
* Add protocol headers

* fix mypy

* fix tests

* fix tests
2025-07-29 16:03:23 -07:00
Jugal D. Bhatt b921e22594 [MCP Gateway] Litellm mcp multi header propagation (#13003)
* change alias-> server_name

* add server alias uses

* add tests

* schema

* ruff fix

* fix alias for config

* fix tests

* add alias

* fix tests

* add multi server header support

* add and fix tests

* fix tests

* fix tests

* add a common util

* ruff fix

* fix ruff

* fix tests

* fix migration

* mypy fix

* change server py
2025-07-26 11:45:14 -07:00
Jugal D. Bhatt 83b0c4cba7 [MCP Gateway] Allow MCP sse and http to have namespaced url for better segregation LIT-304 (#12658)
* fix tools fetch for keys

* Add namespacing in url

* add test for namespacing url

* helper method

* fix test
2025-07-16 14:47:45 -07:00
Ishaan Jaff 50b106be11 [MCP Gateway] Ensure we use the same param for specifying groups (#12561)
* just use 1 param for mcp groups

* fix just use 1 param for access groups

* test_get_tools_from_mcp_servers

* docs access groups

* group MCPs

* test fix

* fix screenshots on docs

* TestMCPAccessGroupsE2E

* update img

* fix MCP connect
2025-07-12 16:41:58 -07:00
Jugal D. Bhatt 9fe9e1cd6e [MCP Gateway] Allow mcp access groups on test key and tool calls (#12529)
* added mcp tools on internal user and divide it by teams

* add support for server api call

* Added frontend for test key

* added tools used output

* fix ui for servers

* All servers to personal

* change columns format

* revert ui logic

* Added vertical align

* fix mapped tests

* fix lint

* fix lint

* remove extra file

* fix ui test

* comments fixes

* change query type

* change query type

* mcp acces group init

* add ability to change server display on ui through access groups

* Mcp access group names UI (#12486)

* Added ui changes to reflect mcp_access_groups

* fix edit mcp page

* change to string array (#12491)

* change to string array

* Remove print

* add ability to change server display on ui through access groups

* Litellm mcp access groups accesses (#12498)

* added mcp access groups for keys and teams

* added access groups above servers

* fixed ruff

* fixed mypy

* revert couple changes

* fix test

* fixed double asterisks

* Litellm mcp groups UI (#12522)

* add ui for teams

* fix object permissions

* fix mcp servers test object permission

* remove print

* add helper method

* add tests + remove logs

* add mcp access group servers to test key

* add mcp access group support for headers

* lint fix

* add tests and helper  function

* fixed test

* change list -> List

* tests
2025-07-12 10:36:42 -07:00
Jugal D. Bhatt 1b10dda2f4 Litellm mcp access group (#12514)
* added mcp tools on internal user and divide it by teams

* add support for server api call

* Added frontend for test key

* added tools used output

* fix ui for servers

* All servers to personal

* change columns format

* revert ui logic

* Added vertical align

* fix mapped tests

* fix lint

* fix lint

* remove extra file

* fix ui test

* comments fixes

* change query type

* change query type

* mcp acces group init

* add ability to change server display on ui through access groups

* Mcp access group names UI (#12486)

* Added ui changes to reflect mcp_access_groups

* fix edit mcp page

* change to string array (#12491)

* change to string array

* Remove print

* add ability to change server display on ui through access groups

* Litellm mcp access groups accesses (#12498)

* added mcp access groups for keys and teams

* added access groups above servers

* fixed ruff

* fixed mypy

* revert couple changes

* fix test

* fixed double asterisks
2025-07-11 07:50:18 -07:00
Ishaan Jaff afd382d09f [Feat] MCP Gateway - Allow customizing what client side header to use (#12460)
* add _get_mcp_auth_header_from_headers

* test_process_mcp_request_with_custom_auth_header

* Using a different Authentication Header

* fix customize MCP Auth header name
2025-07-09 12:30:20 -07:00
Krish Dholakia e7f1fa26ab UI - Azure Content Guardrails (#12341)
* build(model_prices_and_context_window.json): remove 'supports_tool_choice' for specific mistral models

Closes https://github.com/BerriAI/litellm/issues/11750

* feat: initial commit adding cleaner ui for azure text moderation guardrails

* feat(guardrail_endpoints.py): add discoverable guardrail configs and improve converting base model to dict with types

* fix(guardrail_provider_fields.tsx): render from api endpoint correctly

* fix(guardrail_provider_fields.tsx): cleanup

* refactor(guardrail_endpoints.py): refactor to handle dictionaries with literal - allows multiselect

* feat(ui/): render dictionary with known keys correctly

* feat(ui/): render optional params on separate page

* style(ui/): style improvements to rendering optional params on the UI

* feat(azure/prompt_shield.py): add azure prompt shield back on UI

* fix(add_guardrail_form.tsx): fix form to handle updated api

* fix(guardrail_optional_params.tsx): ensure values are nested correctly for writing to api

* fix: fix linting error

* feat(text_moderation.py): handle str to int conversion

* fix(guardrail_info.tsx): only render pii settings if guardrail is presidio

* fix(guardrail_info.tsx): add guardrail specific fields to update settings

allows updating guardrail fields (e.g. severity threshold) post-create

* fix(guardrail_endpoints.py): set guardrail_id in guardrail object

ensures duplicate objects not created on guardrail update

* fix(guardrail_endpoints.py): allow provider specific fields to be updated on patch update

* refactor(guardrail_endpoints.py): remove duplicate info endpoint

* fix(guardrail_endpoints.py): mask sensitive keys on returning via guardrail `/info`

Prevent leaking keys

* fix(guardrail_optional_params.tsx): return numerical input when numerical component used

fixes issue where output was a str

* fix(guardrail_optional_params.tsx): render dict keys correctly

* fix(text_moderation.py): fix severity by category check

* fix(proxy/utils.py): check if guardrail should run for post call streaming hook

Prevents invalid guardrails from running if not requested

* test: fix import

* fix: fix linting error

* test: update test

* fix: fix tests

* fix: fix code qa errors

* fix(guardrail_endpoints.py): set max depth for function

* test: update recursive_detector.py

* test: update list

* build: merge main

* fix: fix ruff check errors
2025-07-05 10:19:29 -07:00
Jugal D. Bhatt 529f67f544 Add mcp server segregation comma separated support (#12326)
* add mcp comma separated support

* dont support legacy json array

* lint
2025-07-05 00:08:43 -07:00
Jugal D. Bhatt 5fe01b9a2b Add MCP servers header to the scope of header (#12266)
* add mcp header param

* rename class

* fix tests

* fix tests

* added ruff fixes

* fix ruff checks

* added mypy type checking
2025-07-02 20:22:14 -07:00
Ishaan Jaff b90d3ca8d0 [Feat] MCP - Allow connecting to MCP with authentication headers + Allow clients to specify MCP headers (#11890) (#11891)
* initial mcp auth with special header (#11890)

Co-authored-by: wagnerjt <wagnerjt@github.com>

* add mcp auth header

* fixes MCP client for litellm proxy

* fixes loc of MCP types

* fixes use MCP client for auth to MCPs

* fix organization

* fix mcp auth header

* add MCP auth header to litellm auth

* fixes for MCP auth

* Add MCP auth to list tools

* fix MCP call tool

* fixes for MCP auth header

* tests for MCP transport

* TestMCPClientUnitTests

* docs MCP auth

* fix types

* docs fix

* fix MCP auth import

* fix code qa check

* test fix mcp auth token check

---------

Co-authored-by: wagnerjt <wagnerjt@github.com>
2025-06-19 20:07:08 -07:00
Ishaan Jaff 19a8b23644 [Feat] Add Authentication + Permission Management for MCP List, Call Tool Ops (#11682)
* add basic auth checks for MCP

* working MCP auth

* fix MCP

* add get_allowed_mcp_servers for key, team

* add get_allowed_mcp_servers

* TOOLS FROM MCP SERVERS

* fix - working context vars for handling auth to MCPs

* fix imports

* working _get_allowed_mcp_servers_for_key

* TestUserAPIKeyAuthMCP

* test_user_api_key_auth_mcp

* fix code qa check

* fix imports

* test_mcp_server.py

* fix: fix - working permission mgmt

* Update litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-06-13 10:13:51 -07:00