Commit Graph

836 Commits

Author SHA1 Message Date
yuneng-jiang 140ce5fce2 Merge remote-tracking branch 'origin' into litellm_key_team_routing_config 2026-01-07 11:08:01 -08:00
yuneng-jiang 943445dd0f Adding test 2026-01-07 11:00:07 -08:00
yuneng-jiang 9a49bb293f Merge remote-tracking branch 'origin' into litellm_key_team_routing_config 2026-01-07 10:55:38 -08:00
yuneng-jiang 7da8d5fcd5 Merge remote-tracking branch 'origin' into litellm_endpoint_usage_breakdown 2026-01-07 10:25:43 -08:00
yuneng-jiang 2a6f2a3fb8 add team member budget duration in team/update 2026-01-06 17:43:17 -08:00
yuneng-jiang ccfffc5de9 Add endpoint to aggregate activity tables 2026-01-06 15:54:03 -08:00
Sameer Kankute 865c7a2215 fix: test_update_ui_settings_allowlisted_value 2026-01-06 13:58:37 +05:30
Sameer Kankute 9d59d3eef6 fix: test_secret_manager_failure_does_not_block_email 2026-01-06 13:58:15 +05:30
Sameer Kankute 9f65f82c56 Fix: ImportError: qualifire package is required for QualifireGuardrail. Install it with: pip install qualifire 2026-01-06 13:52:26 +05:30
YutaSaito a774e7899c Merge pull request #18281 from Eric84626/main
Fix: fixed some MCP gateway oauth2 auth issues and ClosedResourceError
2026-01-06 13:22:46 +09:00
YutaSaito 31470032ad Merge pull request #18681 from BerriAI/litellm_feat_mcp-server-visibility-configurable
[feat] mcp server visibility configurable
2026-01-06 12:53:07 +09:00
Yuta Saito 694bcb6186 feat: add user_mcp_management_mode for view_all visibility 2026-01-06 11:22:28 +09:00
yuneng-jiang 1b7b42628d Add/update for router_settings in keys / teams 2026-01-05 16:19:42 -08:00
Eric84626 f59e9cef55 Merge branch 'main' into main 2026-01-06 06:57:25 +08:00
Yuta Saito a8092ab4c4 fix: ensure_async_clients_test error 2026-01-06 07:13:13 +09:00
yuneng-jiang 7937c8674b Merge pull request #18666 from BerriAI/litellm_keys_create_hour_fix
[Fix] Use timedelta to Calculate Key Expiry on Generate
2026-01-05 12:57:53 -08:00
yuneng-jiang c7345e4bfd Use timedelta to calculate key expiry 2026-01-05 12:24:34 -08:00
Urain Ahmad Shah bf33e639ef Fix User Invite & Key Generation Email Notification Logic (#18524)
* Fix email notification

* Update email notification tests

* moved test file
2026-01-06 01:35:52 +05:30
drorIvry b6a64ff99a feature/ add qualifire guardrails (#18594)
* init guardrails

* init guardrails

* some fixes

* some fixes

* ruff

* some fixes

* some fixes

* some fixes

* some fixes

* some fixes

* some fixes

* docs
2026-01-06 01:34:43 +05:30
Krish Dholakia b5aa7d1838 feat: Add api_key to GenericGuardrailAPI and set x-api-key header (#18647)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
2026-01-06 01:05:51 +05:30
Alexsander Hamir 0b0a9abd90 fix: normalize case for tool permission guardrail fields to prevent validation errors (#18662)
This fixes a critical issue where capitalized values in tool_permission guardrail
configurations (e.g., "Deny" instead of "deny") caused Pydantic validation errors
during proxy startup, leading to repeated initialization failures and latency issues.

Problem:
- Users could save guardrails with capitalized values through UI/API
- Data was written to database without validation (e.g., default_action: "Deny")
- On proxy startup, loading from DB triggered strict Pydantic validation
- ValidationError caused guardrail initialization to fail in a retry loop
- This resulted in startup delays and repeated error logging

Root Cause:
- Write path had no case normalization
- Read path enforced strict lowercase Literal validation
- Asymmetry between write and read caused latent data corruption

Solution:
Added field validators to normalize case before Pydantic validation:

1. ToolPermissionRule.decision ("allow"/"deny")
   - Normalizes decision field in rules array

2. ToolPermissionGuardrailConfigModel.default_action ("allow"/"deny")
   - Normalizes default fallback action

3. ToolPermissionGuardrailConfigModel.on_disallowed_action ("block"/"rewrite")
   - Normalizes disallowed tool behavior

4. ToolPermissionGuardrail.__init__ normalization
   - Defensive normalization for direct instantiation
   - Ensures normalization regardless of code path

Impact:
- Prevents validation errors during guardrail initialization
- Eliminates startup retry loops and latency issues
- Handles existing database records with capitalized values
- Accepts case-insensitive input from all sources (UI, API, direct calls)
- Fully backward compatible with existing lowercase configurations

Testing:
- Added 3 comprehensive tests for case-insensitive handling
- All 27 existing tests still pass
- Tests verify normalization across all affected fields

Files Changed:
- litellm/types/proxy/guardrails/guardrail_hooks/tool_permission.py
  Added @field_validator decorators for case normalization
- litellm/proxy/guardrails/guardrail_hooks/tool_permission.py
  Added runtime normalization in __init__ method
- tests/test_litellm/proxy/guardrails/guardrail_hooks/test_tool_permission.py
  Added case-insensitive validation tests
2026-01-05 11:24:19 -08:00
Yuta Saito f1d77ae14d feat: allow_all_keys to mcp server 2026-01-05 15:49:09 +09:00
hamzaq453 9ca7b1ad9b Resolve merge conflicts: integrate path validation with **kwargs approach
- Keep **kwargs approach (no exec()) for security
- Integrate path traversal validation from main branch
- Add URL encoding for path parameters
- Merge both test suites (edge cases + security tests)
- All 14 tests passing
2026-01-05 10:20:26 +05:00
Yuta Saito 0509fc79da fix: move code from litellm/llms to the mcp_server dir 2026-01-05 12:05:16 +09:00
Yuta Saito c8c73e6fa5 fix: MCP handling in unified guardrail 2026-01-05 10:41:24 +09:00
YutaSaito 61e666c457 Merge pull request #18597 from BerriAI/litellm_fix_openapi_to_mcp
fix openapi to mcp
2026-01-03 09:43:06 +09:00
Yuta Saito 8e633ab513 fix: reuse shared async client in mcp openapi generator 2026-01-03 09:33:12 +09:00
Yuta Saito 6168e500a8 fix: add checking path param 2026-01-03 08:57:54 +09:00
kevinpauer 705b54bf04 Feat/add watsonx fields (#18569) 2026-01-03 02:53:17 +05:30
Alex Gertz 3bd309f808 fix: return empty data array instead of 500 when no models configured (#18556)
- /v2/model/info now returns {"data": []} when llm_router is None or model_list is empty
- /model_group/info now returns {"data": []} when llm_model_list is None or empty
- Fixes UI crash on fresh installs with STORE_MODEL_IN_DB=True
- Added 4 unit tests for empty model list scenarios
2026-01-02 23:36:05 +05:30
Sameer Kankute 5ed83756eb Merge pull request #18583 from BerriAI/litellm_block_negative_budget
Add validation for negative budget
2026-01-02 21:52:15 +05:30
Sameer Kankute 233ba9d4b8 fix mock tests 2026-01-02 21:40:27 +05:30
YutaSaito e9365c496d Merge pull request #18580 from BerriAI/litellm_feat_support_metaurl_on_ui
feat: add UI support for configuring meta URLs
2026-01-02 17:54:26 +09:00
Lukas de Boer edc8413f1e Add Kubernetes ServiceAccount JWT authentication support (#18055)
* Allow get_nested_value dot notation to support escaping for Kubernetes JWT Support

* Add support for team and org alias fields, add docs, tests

* Fix lint issue with max statements in handle jwt logic
2026-01-02 14:02:31 +05:30
Yuta Saito 89ce8091bb fix: test 2026-01-02 16:32:33 +09:00
Sameer Kankute 57c373c5d8 Add validation for negative budget 2026-01-02 12:57:39 +05:30
Yuta Saito 35f9a75d55 feat: add UI support for configuring meta URLs 2026-01-02 15:07:37 +09:00
Alexsander Hamir d2f2fe1be5 [Fix] CI/CD - litellm_mapped_tests_proxy (#18572) 2026-01-01 15:27:51 -08:00
yuneng-jiang 269bc5b26b Expire Previous UI Session Tokens 2025-12-31 19:26:59 -08:00
YutaSaito cc8e310736 Merge pull request #18530 from BerriAI/litellm_refactor_mcp_health_check
feat: optimize MCP server listing by separating health checks
2025-12-31 08:03:12 +09:00
Yuta Saito 7fdea85b5c feat: optimize MCP server listing by separating health checks 2025-12-31 06:55:47 +09:00
hamzaq453 4573ab326b refactor: remove to_safe_identifier mapping from OpenAPI MCP generator 2025-12-30 14:04:15 +05:00
yuneng-jiang ff4e16b306 Merge pull request #18502 from BerriAI/litellm_key_list_user_object
[Feature] Add Optional Query Param "expand" to /key/list
2025-12-29 15:02:38 -08:00
YutaSaito b9e8b38cd3 Merge branch 'main' into fix/mcp-rest-auth-ssrf 2025-12-30 07:22:01 +09:00
yuneng-jiang de551889f3 Add optional field expand to /key/list 2025-12-29 14:20:04 -08:00
hamzaq453 b33f1ec2b2 Fix: Remove exec() usage and handle invalid OpenAPI parameter names
- Add to_safe_identifier() to convert any parameter name to valid Python identifier
- Refactor create_tool_function() to use closure with **kwargs instead of exec()
- Handle edge cases: hyphens, dots, leading digits, Python keywords, special chars
- Add comprehensive test suite covering all edge cases
- Fixes #18471: OpenAPI MCP server crashes on invalid parameter names
- Security: Eliminates arbitrary code execution risk from untrusted OpenAPI specs
2025-12-28 19:28:11 +05:00
Yuta Saito c25ceb5596 refactor: MCP health check 2025-12-26 16:55:51 +09:00
Andrew Bernat 6daddbcdab add license endpoint (#18311)
* Add license health endpoint

* Address review feedback for license endpoint

* Refactor license health endpoint helpers

* Remove unused timezone import from health_endpoints.py

---------

Co-authored-by: Plan42.ai <robot@plan42.ai>
2025-12-25 11:11:17 +05:30
Ishaan Jaff 1123cfa928 [Feat] AI Gateway - Add support for Platform Fee / Margins (#18427)
* init cost_margin_config

* feat: add cost margin

* init types

* LITELLM_SETTINGS_SAFE_DB_OVERRIDES

* feat _apply_cost_margin

* ui endpoint

* ui provider margins

* add margin

* refactored ui

* test cost margins

* refactored ui

* provider discounts

* add cost_breakdown to spendLogs

* add CostBreakdownViewer

* fix cost breakdown

* docs fix

* doc margins

* docs margins
2025-12-25 11:07:27 +05:30
yuneng-jiang 5a20edf0fa Allow org admins to view org info 2025-12-24 11:43:36 -08:00