* init schema with TAGS
* ui: add policy test
* resolvePoliciesCall
* add_policy_sources_to_metadata + headers
* types Policy
* preview Impact
* def _describe_match_reason(
* match based on TAGs
* TestTagBasedAttachments
* test fixes
* add policy_resolve_router
* add_guardrails_from_policy_engine
* TestMatchAttribution
* refactor
* fix
* fix: address Greptile review feedback on policy resolve endpoints
- Track unnamed keys/teams as separate counts instead of inflating
affected_keys_count with duplicate "(unnamed key)" placeholders.
Added unnamed_keys_count and unnamed_teams_count to response.
- Push alias pattern matching to DB via _build_alias_where() which
converts exact patterns to Prisma "in" and suffix wildcards to
"startsWith" filters.
- Gate sync_policies_from_db/sync_attachments_from_db behind
force_sync query param (default false) to avoid 2 DB round-trips
on every /policies/resolve request.
- Remove worktree-only conftest.py that cleared sys.modules at import
time — no longer needed since code moved to main repo.
- Rename MAX_ESTIMATE_IMPACT_ROWS → MAX_POLICY_ESTIMATE_IMPACT_ROWS.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: eliminate duplicate DB queries and fix header delimiter ambiguity
- Fetch teams table once in estimate_attachment_impact and reuse for
both tag-based and alias-based lookups (was querying teams twice when
both tag_patterns and team_patterns were provided).
- Convert tag/team filter functions from async DB queries to sync
filters that operate on pre-fetched data (_filter_keys_by_tags,
_filter_teams_by_tags).
- Fix comma ambiguity in x-litellm-policy-sources header: use '; '
as entry delimiter since matched_via values can contain commas.
- Use '+' as the within-value separator in matched_via reason strings
(e.g. "tag:healthcare+team:health-team") to avoid conflict with
header delimiters.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs v1 guide with UI imgs
* docs fix
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Add chat completion support for websearch
* Add chat completion tool calls support and response transformation
* Add new methods in chat completion
* Add chat completion tool format
* Add callback for websearch in completion method
* Add test for web search
* Potential fix for code scanning alert no. 4046: Clear-text logging of sensitive information
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* Update litellm/integrations/websearch_interception/tools.py
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* fix: empty guardrails/policies arrays should not trigger enterprise license check (#20567)
* fix: empty guardrails/policies arrays should not trigger enterprise license check (#20304)
The UI sends empty arrays for enterprise-only fields (guardrails, policies,
logging) even when the user has not configured these features. The backend
`is not None` check treated `[]` as a truthy intent to use the feature,
falsely requiring an enterprise license for basic team operations.
Backend: Add `and updated_kv[field] != [] and updated_kv[field] != {}`
guards in `_update_metadata_fields` so empty collections are skipped.
UI: Conditionally omit guardrails, logging, and policies from the
payload when empty instead of defaulting to `[]`.
Fixes#20304
* fix: allow clearing fields with empty collections while skipping enterprise check
Address PR review feedback:
1. Move the empty-collection guard into _update_metadata_field (singular)
so that empty lists/dicts skip only the premium license check but still
get written into metadata. This lets users intentionally clear a
previously-set field (e.g. guardrails: []) without being blocked, while
the UI's default empty arrays still don't trigger a false enterprise
error.
2. Remove sys.path hack from test file; use standard imports that work
with pytest discovery.
3. Add tests verifying that empty collections are moved into metadata
(field clearing works) even though they bypass the premium check.
Fixes#20304
* fix critical CVE vulnerabliltes (#20683)
* fix: add hook to handle db case (#20635)
* Add team policy mapping for zguard (#20608)
* support policy mapping on team key level
* update document
* update document
* address comments
* update document
* add unit test for new feature
* add more test case
* feat: add support for anthropic_messages call type in prompt caching (#19233)
* feat: add support for anthropic_messages call type in prompt caching
* test: move anthropic_messages prompt caching test to main router test file
* add tutorial on using claude code with prompt cache routing
* docs: add SDK proxy authentication (OAuth2/JWT auto-refresh) documentation (#20680)
Adds documentation for the litellm.proxy_auth feature that automatically
obtains and refreshes OAuth2/JWT tokens when connecting to a LiteLLM Proxy.
* Fixes#20582 (#20663)
* fix: show error details instead of Data Not Available for failed requests (#20656)
* fix(ui): add null guard for models in API keys table (#20655)
The VirtualKeysTable crashed when rendering keys with null or undefined
models field. The className expression tried to access .length on null,
throwing a TypeError that broke the entire keys table.
Added Array.isArray() guard before accessing .length on the models value.
Fixes#20611
* Fix: Spend logs pickle error with Pydantic models and redaction (#20685)
* docs: add callback registration optimization to v1.81.9 release notes (#20681)
* docs: add callback registration optimization to v1.81.9 release notes
* Update v1.81.9.md
---------
Co-authored-by: Alexsander Hamir <alexsanderhamirgomesbaptista@gmail.com>
* Fix spend logs pickle error with Pydantic models
Replace copy.deepcopy() with Pydantic-safe serialization to avoid
"cannot pickle '_thread.RLock' object" errors when request/response
redaction is enabled.
Changes:
- Add _convert_to_json_serializable_dict() helper that uses
model_dump() for Pydantic models instead of pickle
- Replace copy.deepcopy() calls in request and response redaction
paths with the new helper function
- Recursively handles nested dicts, lists, and Pydantic models
Root cause: Pydantic v2 BaseModel instances contain internal
_thread.RLock objects for thread-safety. When copy.deepcopy()
attempts to pickle these objects, it fails because threading
primitives cannot be pickled.
Fixes#20647
* chore: remove unused copy import
Remove unused copy import that was causing lint failure. The copy.deepcopy()
calls were replaced with _convert_to_json_serializable_dict() helper function
in the previous commit, making the copy module no longer needed.
---------
Co-authored-by: ryan-crabbe <128659760+ryan-crabbe@users.noreply.github.com>
Co-authored-by: Alexsander Hamir <alexsanderhamirgomesbaptista@gmail.com>
* fix(vertex_ai): propagate extra_headers anthropic-beta to request body (#20666)
Vertex AI requires Anthropic beta flags in the request body
(anthropic_beta array), not as HTTP headers. The Bedrock handler
already extracts user-specified beta headers from the headers dict,
but the Vertex handler was missing this, causing extra_headers like
interleaved-thinking-2025-05-14 to be silently dropped.
This extracts anthropic-beta values from optional_params extra_headers
and merges them into the anthropic_beta request body field, and also
removes extra_headers from the request body since the parent's
transform_request spreads optional_params into data.
* fix(streaming): preserve interleaved thinking/redacted blocks
* test(streaming): build thinking chunks with typed Delta/StreamingChoices
* Fix video list pagination cursors not encoded with provider metadata
first_id and last_id in the video list response were returned as raw
provider IDs while data[].id was properly wrapped with
encode_video_id_with_provider(). This caused pagination to break when
clients passed unencoded cursors back as the `after` parameter.
- Encode first_id/last_id in transform_video_list_response
- Decode the `after` param in transform_video_list_request via
extract_original_video_id()
- Add 6 unit tests covering encoding, decoding, passthrough, and
full round-trip pagination
Fixes#20708
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(responses): preserve streamed tool deltas when id is omitted
* fix(responses): guard ambiguous tool-call index reuse
* Add compaction for vertex ai
* Add all new feat for v1/messages
* Add inference_geo as supported messages param
* Add inference based costing
* Add inference_geo as supported messages param
* Add support for fast param
* Add fast mode for other providers
* Add documentation for Fast Mode
* add missing indexes on VerificationToken table
* Fix structured response of tool call
* Add tests for WebSearch interception with chat completions API
* Add doc for chat completion web search
* Fix: is_web_search_tool_chat_completion
* Fix double json import
* Add new vercel ai anthropic models
* Fix: base_model name for body and deplyment name in URL
* Add output_config as supported param
* Add response schema for vercel ai sonnet 4.5
* handle when litellm_parrams might be none
* Fix : litellm/tests/test_litellm/llms/bedrock/chat/invoke_transformations/test_bedrock_chat_invoke_transformations_anthropic_claude3_transformation.py
* fix: Missing return statement for async streaming
* Fix: get_supported_anthropic_messages_params
* Fix mypy issues
* Fix mypy issues
* Add support for extra fields in Generic SSO via GENERIC_USER_EXTRA_ATTRIBUTES
Enables extraction of additional fields from the Generic SSO userinfo endpoint response beyond the standard 8 fields (id, email, name, etc.). Custom handlers can now access these fields via CustomOpenID.extra_fields dict.
Changes:
- Add extra_fields: Optional[Dict[str, Any]] to CustomOpenID type
- Add GENERIC_USER_EXTRA_ATTRIBUTES env var (comma-separated field names)
- Extract specified fields using get_nested_value() with dot notation support
- Add 4 test cases covering basic, nested, and missing field scenarios
- Update custom_sso.py example showing how to access extra_fields
Backward compatible: extra_fields is None when env var not set
* docs: Add documentation for GENERIC_USER_EXTRA_ATTRIBUTES
Document the new GENERIC_USER_EXTRA_ATTRIBUTES environment variable for Generic SSO
- Add to admin_ui_sso.md: explanation and usage examples
- Add to config_settings.md: environment variable reference
- Add to custom_sso.md: code example showing how to access extra_fields
- Includes examples for nested field paths with dot notation
---------
Co-authored-by: Sameer Kankute <sameer@berri.ai>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Varun Chawla <34209028+veeceey@users.noreply.github.com>
Co-authored-by: Harshit Jain <48647625+Harshit28j@users.noreply.github.com>
Co-authored-by: jwang-gif <j.wang@zscaler.com>
Co-authored-by: nuernber <benjamin.nuernberger@jpl.nasa.gov>
Co-authored-by: Cesar Garcia <128240629+Chesars@users.noreply.github.com>
Co-authored-by: John Lathouwers <john.lathouwers@oracle.com>
Co-authored-by: ryan-crabbe <128659760+ryan-crabbe@users.noreply.github.com>
Co-authored-by: Alexsander Hamir <alexsanderhamirgomesbaptista@gmail.com>
Co-authored-by: Elias Högbom Aronsson <elias.aronson@gmail.com>
Co-authored-by: Emerson Gomes <emerson.gomes@thalesgroup.com>
Co-authored-by: tshushan <tshushan@outbrain.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Carlo Alberto Ferraris <cafxx@mercari.com>
* fix(callbacks): allow MAX_CALLBACKS override via env var (#20778)
* fix(callbacks): allow MAX_CALLBACKS override via env var
- Move MAX_CALLBACKS from logging_callback_manager.py to constants.py
- Add LITELLM_MAX_CALLBACKS env var override (default: 30)
- Add troubleshooting doc explaining the limit and override
Fixes issue where large deployments with 60+ teams using guardrails
would hit the hardcoded MAX_CALLBACKS=30 limit and fail to start.
* docs: add max_callbacks to sidebar navigation
---------
Co-authored-by: shin-bot-litellm <shin-bot-litellm@users.noreply.github.com>
* fix callbacks issue
---------
Co-authored-by: shin-bot-litellm <shin-bot-litellm@berri.ai>
Co-authored-by: shin-bot-litellm <shin-bot-litellm@users.noreply.github.com>
* docs: add callback registration optimization to v1.81.9 release notes (#20681)
* docs: add callback registration optimization to v1.81.9 release notes
* Update v1.81.9.md
---------
Co-authored-by: Alexsander Hamir <alexsanderhamirgomesbaptista@gmail.com>
* Fix spend logs pickle error with Pydantic models
Replace copy.deepcopy() with Pydantic-safe serialization to avoid
"cannot pickle '_thread.RLock' object" errors when request/response
redaction is enabled.
Changes:
- Add _convert_to_json_serializable_dict() helper that uses
model_dump() for Pydantic models instead of pickle
- Replace copy.deepcopy() calls in request and response redaction
paths with the new helper function
- Recursively handles nested dicts, lists, and Pydantic models
Root cause: Pydantic v2 BaseModel instances contain internal
_thread.RLock objects for thread-safety. When copy.deepcopy()
attempts to pickle these objects, it fails because threading
primitives cannot be pickled.
Fixes#20647
* chore: remove unused copy import
Remove unused copy import that was causing lint failure. The copy.deepcopy()
calls were replaced with _convert_to_json_serializable_dict() helper function
in the previous commit, making the copy module no longer needed.
---------
Co-authored-by: ryan-crabbe <128659760+ryan-crabbe@users.noreply.github.com>
Co-authored-by: Alexsander Hamir <alexsanderhamirgomesbaptista@gmail.com>
* feat: add support for anthropic_messages call type in prompt caching
* test: move anthropic_messages prompt caching test to main router test file
* add tutorial on using claude code with prompt cache routing
* support policy mapping on team key level
* update document
* update document
* address comments
* update document
* add unit test for new feature
* add more test case
- Add paragraph on release validation, extensibility, and 100% coverage goal
- Include OOMs and CPU regressions as issues surfaced under sustained load
* fix: fix styling
* fix(custom_code_guardrail.py): add http support for custom code guardrails
allows users to call external guardrails on litellm with minimal code changes (no custom handlers)
Test guardrail integrations more easily
* feat(a2a/): add guardrails for agent interactions
allows the same guardrails for llm's to be applied to agents as well
* fix(a2a/): support passing guardrails to a2a from the UI
* style(code-editor): allow editing custom code guardrails on ui + add examples of pre/post calls for custom code guardrails
* feat(mcp/): support custom code guardrails for mcp calls
allows custom code guardrails to work on mcp input
* feat(chatui.tsx): support guardrails on mcp tool calls on playground
Sameer Kankute