Commit Graph

7510 Commits

Author SHA1 Message Date
Sameer Kankute 49d653c3aa Revert "chore: cleanup deprecated models from pricing JSON" 2026-03-12 09:27:40 +05:30
yuneng-jiang ce80e16755 Merge pull request #23419 from BerriAI/litellm_audit_log_admin_viewer
[Feature] Allow Admin Viewers to Access Audit Logs
2026-03-11 20:40:48 -07:00
yuneng-jiang 76cff9ae0e Allow proxy_admin_viewer to access audit log endpoints
Add /audit and /audit/{id} to admin_viewer_routes so read-only admins
can view audit logs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 20:07:51 -07:00
yuneng-jiang 5d7bfe6260 Merge pull request #23407 from BerriAI/cursor/litellm-ci-stability-4513
LiteLLM CI stability
2026-03-11 20:03:07 -07:00
ryan-crabbe 6229e73dfc Merge pull request #23415 from BerriAI/litellm_style-created-by-not-uuid
style: make virtual keys tables' created by not a UUID
2026-03-11 19:53:39 -07:00
Joe Reyna 36819ffb6f fix: null AWS SigV4 fields on MagicMock in TestTemporaryMCPSessionEndpoints (#23408)
* fix(test): null AWS SigV4 fields on MagicMock in test_inherit_credentials_from_existing_server

* fix(test): null AWS SigV4 fields on MagicMock in test_add_session_mcp_server_caches_and_redacts_credentials
2026-03-11 19:46:08 -07:00
Ryan Crabbe dfda7c10fc fix: set created_by on mock keys in test_list_keys_with_expand_user 2026-03-11 19:45:04 -07:00
Ryan Crabbe 4973311070 test: add tests for created_by_user expansion in key list 2026-03-11 19:16:09 -07:00
Shivam Rawat 4e7003afef Fix 404 when fetching config-based MCP servers by ID (#22711)
* fixed mcp api

* added non-admin test

* resolved greptile comemnt

* fix: add IP filtering to get_mcp_server_by_id path in fetch_mcp_server

Apply _is_server_accessible_from_ip check after get_mcp_server_by_id lookup
to prevent external callers from accessing MCP servers configured with
available_on_public_internet=False when they know the server_id.

Made-with: Cursor
2026-03-11 18:30:30 -07:00
Cursor Agent 49dc391a46 fix(ci): remove unused is_expired variable (ruff F841) and handle ModelDeprecated in image gen test
- Remove dead code: is_expired was assigned but never used in
  mcp_management_endpoints.py (the raw expires_at timestamp is passed
  directly to the client per existing comment)
- Handle Azure DALL-E 3 ModelDeprecated (HTTP 410) error gracefully in
  base_image_generation_test.py so CI doesn't fail on deprecated model
  deployments

Co-authored-by: yuneng-jiang <yuneng-jiang@users.noreply.github.com>
2026-03-12 01:27:42 +00:00
yuneng-jiang 56557bfae1 Merge pull request #23400 from BerriAI/litellm_/elated-hoover
[Fix] Replace deprecated models in tests
2026-03-11 17:25:37 -07:00
yuneng-jiang 82de82f1b6 Fix test_completion_cost_prompt_caching gemini parametrization
gemini/gemini-2.5-flash lacks cache_creation_input_token_cost in the
model cost map, causing a TypeError when the test multiplies
cache_creation_input_tokens by None. Use claude-haiku-4-5 instead,
which has the required prompt caching cost fields.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 17:12:15 -07:00
yuneng-jiang c9f7075690 Replace additional deprecated models across test files
- tests/local_testing/test_completion_cost.py:
  - claude-3-5-sonnet-20240620 -> claude-sonnet-4-6
  - gemini/gemini-1.5-flash-001 -> gemini/gemini-2.5-flash

- tests/test_litellm/test_utils.py:
  - claude-3-5-sonnet-20240620 -> claude-sonnet-4-6 (VertexAI config test, proxy tests)
  - gemini-1.5-pro -> gemini-2.5-pro (pre_process_non_default_params)
  - gemini/gemini-1.5-pro -> gemini/gemini-2.5-pro (proxy tests)

- tests/litellm_utils_tests/test_utils.py:
  - claude-3-opus-20240229 -> claude-sonnet-4-6 (trimming, vision tests)
  - gemini-pro -> gemini-2.5-pro (function calling test)
  - gemini-pro-vision -> gemini-2.5-flash (vision test)
  - gemini-1.5-pro -> gemini-2.5-pro (response schema test)
  - gemini/gemini-1.5-flash -> gemini/gemini-2.5-flash (function calling test)
  - gemini-1.5-pro -> gemini-2.5-pro (vision gemini test)
  - gpt-4-vision-preview -> gpt-4o (vision test)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 17:03:54 -07:00
ryan-crabbe fdfb65c204 Merge pull request #23395 from BerriAI/litellm_fix-default-user-perms-respected-through-SCIM
fix: fix default user perms respected through SCIM
2026-03-11 16:57:29 -07:00
yuneng-jiang 9379cb1038 [Fix] Replace deprecated models in function calling tests
Replace deprecated model references in test_proxy_function_calling_support_consistency:
- claude-3-5-sonnet-20240620 -> claude-sonnet-4-6
- gemini-pro -> gemini-2.5-pro
- gemini/gemini-1.5-pro -> gemini/gemini-2.5-pro
- gemini/gemini-1.5-flash -> gemini/gemini-2.5-flash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 16:46:56 -07:00
Ishaan Jaff f5e5d17e4a fix(mcp): fix OpenAPI OAuth flow — transport mapping, error messages, and discovery bypass (#23315)
* fix(mcp): fix OpenAPI OAuth flow — transport mapping, error messages, and discovery bypass

Three bugs fixed to make the end-to-end OAuth flow work for OpenAPI MCP servers:

1. **Transport mapping in getTemporaryPayload**: `TRANSPORT.OPENAPI` is a UI-only concept;
   the backend only accepts `"http"`, `"sse"`, or `"stdio"`. The pre-OAuth temp-session
   call was sending `transport: "openapi"` and getting a 422. Fixed by mapping to `"http"`.

2. **deriveErrorMessage handles FastAPI 422 arrays**: FastAPI validation errors return
   `detail` as an array of `{loc, msg, type}` objects. The shared error extractor was
   returning the array directly, causing `Error: [object Object]`. Fixed to map each
   item to its `.msg` field.

3. **Skip OAuth discovery when authorization_url already provided**: `build_mcp_server_from_table`
   was unconditionally calling `_descovery_metadata(server_url)` for OAuth servers. For
   OpenAPI servers the url is the spec JSON file, not the API base — this caused a timeout
   fetching e.g. the GitHub spec (2 MB). Fixed by skipping discovery when `authorization_url`
   is already set.

Also: collapsible auth section in MCP server form, "Create OAuth App →" link next to
Client ID when a docs URL is available (e.g. GitHub OAuth App creation page), and
`extractErrorMessage` helper in `useMcpOAuthFlow` for cleaner error display.

* refactor(mcp): extract needs_discovery flag and reduceStaticHeaders helper

* feat(mcp): user OAuth connect flow — OAuthConnectModal, MCPCredentialsTab, useUserMcpOAuthFlow

Adds the user-facing MCP OAuth2 PKCE connect flow:

- OAuthConnectModal: modal that launches the PKCE flow for a user to connect to an MCP server
- MCPCredentialsTab: credentials management tab in the MCP apps panel
- useUserMcpOAuthFlow: hook that handles the full PKCE auth code exchange for user-level connections
- MCPAppsPanel: wires up the new credentials tab and connect modal
- ChatPage: further cleanup after responses-API revert
- db.py / mcp_management_endpoints.py / _types.py: backend support for storing user MCP credentials

* fix(mcp): make client_id optional in /authorize — use server's stored client_id when not provided

* address greptile review feedback

* fix(mcp): narrow bare except to RecordNotFoundError in BYOK credential delete

* refactor(mcp): move inline imports to module level in db.py

* docs(claude): add MCP OAuth, transport mapping, and browser storage patterns

* fix(security): remove accessToken from sessionStorage in OAuth flow state

The LiteLLM API key was being serialised into sessionStorage as part of
StoredFlowState. After the OAuth redirect the component re-mounts with the
same accessToken prop, so it never needed to be stored. Read it from props
in resumeOAuthFlow instead.

* fix(ui): remove duplicate extractErrorMessage, sessionStorage-only in admin OAuth hook, call delete API on disconnect

* fix(ui): guard resumeOAuthFlow against wrong hook instance consuming OAuth result

* fix(ui): separate OAuth result keys per flow, sessionStorage-only, surface revoke errors

* fix(ui): remove dead OAuthConnectModal, revert tsconfig jsx mode to preserve

* fix(mcp): guard BYOK overwrite in oauth credential store, raise clear error when client_id absent

* fix: forward OAuth error params in callback, fix BYOK guard exception handling in db.py
2026-03-11 16:16:08 -07:00
Ryan Crabbe 18c0e8843c test: unit test for mkaing sure that user being created with correct value 2026-03-11 15:20:17 -07:00
yuneng-jiang 896e7b7623 Merge pull request #23367 from BerriAI/litellm_auto_redirect_sso_config
[Feature] Support auto_redirect_ui_login_to_sso in config.yaml
2026-03-11 14:37:24 -07:00
yuneng-jiang 3968146f67 Merge pull request #23363 from BerriAI/litellm_fix_is_master_key_none_api_key
[Fix] TypeError in spend tracking when request has no API key
2026-03-11 14:34:44 -07:00
yuneng-jiang b5dfde892c Merge pull request #23377 from BerriAI/litellm_fix_flaky_mcp_and_agentcore_tests
[Fix] Flaky MCP Server and AgentCore Streaming Tests
2026-03-11 13:20:59 -07:00
yuneng-jiang 64d3d7626f [Fix] Flaky MCP server and AgentCore streaming tests in CI
- MCP tests: set mock_mcp_server.oauth2_flow = None to prevent MagicMock
  leaking into Pydantic Literal validation for MCPServer
- AgentCore tests: pass api_key="test-jwt-token" to bypass SigV4 credential
  lookup that fails in CI without AWS credentials

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 13:08:48 -07:00
yuneng-jiang e5245adae6 Support auto_redirect_ui_login_to_sso in config.yaml general_settings
Previously this setting was only honored via the AUTO_REDIRECT_UI_LOGIN_TO_SSO
environment variable. Now it can also be set in config.yaml under general_settings,
matching the pattern used by other proxy settings.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 11:34:17 -07:00
Chesars 1a3fdc7ae3 fix: align Vertex AI Claude deprecations with Google's schedule
- Restore vertex_ai/claude-3-7-sonnet@20250219 (Vertex AI shutdown is
  May 11, 2026, still active — was incorrectly removed based on
  Anthropic API retirement date)
- Remove vertex_ai/claude-3-5-sonnet-v2 and
  vertex_ai/claude-3-5-sonnet-v2@20241022 (Vertex AI shutdown was
  Feb 19, 2026, already past)
- Remove deprecated claude-3-7-sonnet-20250219 from web search test,
  use only non-deprecated models

Source: https://docs.google.com/vertex-ai/generative-ai/docs/deprecations/partner-models
2026-03-11 15:11:07 -03:00
yuneng-jiang 1a08ac6619 Fix TypeError in _is_master_key when api_key is None
When a request arrives without an API key, auth fails and the failure
hook triggers spend tracking. _is_master_key was called with api_key=None,
causing secrets.compare_digest to raise TypeError. Add a None guard for
api_key matching the existing guard for _master_key.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 11:01:29 -07:00
Chesars d81d751af0 fix(tests): update tests to use models still present in pricing JSON
Replace removed deprecated models (claude-3-5-sonnet-20241022,
claude-3-5-haiku-20241022, claude-3-5-haiku-latest) with current
models in web_search and cost calculation tests.
2026-03-11 14:50:47 -03:00
michelligabriele 24ad510617 feat(mcp): add AWS SigV4 auth support in UI and fix credential merge on edit (#23282) 2026-03-11 09:43:28 -07:00
Harshit Jain 7db34e3179 Merge pull request #23257 from Harshit28j/litellm_fix-client-close-evict
fix: fail proxy startup if prisma migrate fails
2026-03-11 19:45:13 +05:30
Sameer Kankute 8e32919074 Merge branch 'main' into litellm_fix_multipart_passthrough 2026-03-11 19:30:45 +05:30
Sameer Kankute 20980f6c26 Merge pull request #23322 from BerriAI/litellm_gemini_embedding_2_support
[Feat]: Add support for gemini embedding 2 preview
2026-03-11 19:30:09 +05:30
Sameer Kankute f243e5615f Merge branch 'main' into litellm_oss_staging_03_10_2026 2026-03-11 18:50:03 +05:30
Sameer Kankute 43217c8a4b Merge branch 'main' into litellm_oss_staging_03_10_2026 2026-03-11 18:32:17 +05:30
Sameer Kankute 3dab62023c Merge branch 'main' into litellm_oss_staging_03_04_2026 2026-03-11 18:31:20 +05:30
Sameer Kankute c2fca1124b fix(proxy): preserve multipart/form-data boundary in passthrough endpoints
Fixes issue where multipart file uploads through passthrough endpoints failed with RequestValidationError. The proxy was consuming the request body stream and FastAPI was trying to parse multipart bodies as JSON dicts.

Changes:
- Try JSON parsing first for multipart content-type (handles misconfigured clients)
- Skip multipart parsing if JSON succeeds to avoid stream consumption
- Remove custom_body parameter from endpoint_func to prevent FastAPI auto-parsing
- Check for parsed body before using multipart handler
- Add regression test for multipart boundary preservation

Handles both actual multipart uploads and JSON bodies with incorrect multipart content-type headers.

Made-with: Cursor
2026-03-11 16:52:02 +05:30
Sameer Kankute a6fb16aea0 Merge pull request #23103 from netbrah/fix/anthropic-tool-schema-type-enforcement
fix(anthropic): enforce type:"object" on tool input schemas in _map_tool_helper
2026-03-11 13:06:59 +05:30
Sameer Kankute b9a311743f Merge pull request #23104 from netbrah/fix/anthropic-deduplicate-tool-results
fix(anthropic): deduplicate tool_result messages by tool_call_id
2026-03-11 13:04:59 +05:30
yuneng-jiang ff2f96d09e Fix mcp_tool_permissions JSON string deserialization in _resolve_team_allowed_mcp_servers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 00:23:40 -07:00
yuneng-jiang 860cb17571 Fix cross-team MCP server info disclosure and restricted key bypass
The GET /v1/mcp/server endpoint allowed any authenticated user to pass
an arbitrary team_id and enumerate another team's MCP server config.
Restricted virtual keys could also use the team_id param to bypass
their access limitations. Add team membership check for non-admins
and block restricted keys from using the team_id filter.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 23:48:30 -07:00
yuneng-jiang c362ae5095 Add team-scoped MCP server filtering for key creation and fix UnboundLocalError
When creating a key, the MCP server list now filters by the selected team's
allowed servers. Also fixes UnboundLocalError on `is_restricted_virtual_key`
when `team_id` query param was provided to GET /v1/mcp/server.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 23:15:14 -07:00
Sameer Kankute 2a9bcf2530 Fix greptile reviews 2026-03-11 11:41:29 +05:30
Sameer Kankute d25b8e6d00 Add support for gcs url for vertex ai embeddings 2026-03-11 10:58:04 +05:30
Sameer Kankute b108c02fd7 Add support for gemini multimodal embedings 2026-03-11 10:08:17 +05:30
Cesar Garcia 260c37d670 Merge pull request #21398 from Chesars/feat/openai-like-responses-api
feat(openai_like): add Responses API support to JSON providers
2026-03-11 00:15:06 -03:00
Chesars da76e1738a fix(perplexity): restore type='message' safety net for list inputs
Perplexity requires type='message' on input items. Add _ensure_message_type
to automatically set it when missing, matching the old _format_input behavior.
2026-03-11 00:14:13 -03:00
Chesars 636b474a8a fix(perplexity): remove redundant dict-cost check in Usage and add streaming cost test
Remove the isinstance(cost, dict) guard from Usage.__init__ — ResponseAPIUsage.parse_cost
validator already converts Perplexity's cost dict to float before it reaches Usage.

Add test_streaming_cost_dict_to_float_via_validator to verify the dict→float conversion
works end-to-end through transform_streaming_response (pydantic recursive construction).
2026-03-10 23:52:17 -03:00
Chesars 8b385120b9 fix: add isinstance guard for aliases field and remove unused helper 2026-03-10 22:58:31 -03:00
Cesar Garcia 2ed4119542 Update tests/test_litellm/test_model_cost_aliases.py
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-10 22:56:08 -03:00
Ishaan Jaff 82a9b0ea03 feat(chat-ui): responses API + MCP tool execution in /chat (#23297)
* feat(ui): add Chat UI v0 — standalone LiteLLM-branded chat window

Adds a full chat UI accessible from the sidebar Chat link (opens in new tab).
- Standalone route at /chat (outside dashboard layout — no Navbar/Sidebar chrome)
- Claude.ai-style layout: model selector top-left, LiteLLM logo center, settings top-right
- Greeting with time-of-day, centered input card, suggestion chips (Write/Learn/Code/Brainstorm)
- Sliding conversation history sidebar with Cmd+K search, rename, delete, date grouping
- localStorage-backed conversation persistence (litellm_chat_history_v1)
- Streaming completions via makeOpenAIChatCompletionRequest with AbortController stop support
- MCP server picker (toggle servers on/off per conversation)
- LiteLLM aesthetic: white/light-gray background, Ant Design blue (#1677ff) primary, system font
- Sidebar2: Chat menu item opens in new tab via window.open

* feat(chat-ui): responses API + MCP tool execution display

- Switch /chat from chat completions to responses API (previous_response_id session chaining)
- Add MCP server picker with search filter in chat input bar
- Show MCP tool call events (list_tools + call_tool) inline in chat via MCPEventsDisplay
- Add tool chip strip showing available tools when MCP servers are selected
- Non-blocking MCP toggle: server added immediately, verification in background (works for no-auth MCPs like deepwiki)
- Add truncateAfterMessage to useChatHistory for edit/retry
- Sync activeConversationId on URL change (fixes stale conversation on new chat)
- Add "Open Chat" shortcut button to sidebar

* fix(chat-ui): switch to responses API, remove dead code, add tests

- Switch handleSend from makeOpenAIChatCompletionRequest to makeOpenAIResponsesRequest with previous_response_id session chaining
- Add responsesSessionId state; reset to null when starting a new conversation
- Remove unused ChatInputBar.tsx and ModelSelector.tsx (dead code)
- Add tests/test_litellm/test_chat_ui_responses_session.py covering previous_response_id forwarding and signature validation

* fix(chat-ui): address greptile review issues

- Reset responsesSessionId when activeConversationId changes (not just on new conversation)
- Wire onMCPEvent callback into makeOpenAIResponsesRequest; render MCPEventsDisplay below messages
- Clear mcpEvents on each new send
- Explicitly filter history to user/assistant roles only (no tool-role casting)
- Remove duplicate "Chat" menu item from sidebar (pinned button serves same purpose)
- Make Sider a flex column so "Open Chat" button actually pins to bottom
- Fix tests to intercept real HTTP requests and assert previous_response_id in body

* fix(chat-ui): address greptile review feedback (greploop iteration 1)

- Fix duplicate context: when responsesSessionId is set, only send the
  new user message as input (prior context is already server-side via
  session chaining). Full history is still sent on the first turn.
- Fix ephemeral MCP events: store events per-message in ChatMessage.mcpEvents
  instead of ephemeral component state. Events now survive across turns
  and render inline below each assistant response via MCPEventsDisplay.
- Remove stale mcpEvents useState and ephemeral panel at bottom of chat.

* fix(chat-ui): address greptile review feedback (greploop iteration 2)

- Fix stale session on edit/retry: derive previousResponseId as null when
  historyOverride is set so edit/retry always starts a fresh Responses API
  session rather than chaining off a now-invalid prior session
- Fix unsafe MCPEvent cast: import MCPEvent directly from MCPEventsDisplay
  into types.ts and type ChatMessage.mcpEvents as MCPEvent[], eliminating
  the bare 'as MCPEvent[]' cast in ChatMessages.tsx

* fix(chat-ui): fix MCPEvent layering, batch localStorage writes, module-level test imports

- Move MCPEvent interface definition into chat/types.ts (single source of truth)
- MCPEventsDisplay.tsx now imports MCPEvent from types.ts instead of defining it locally
- Batch MCP event localStorage writes: accumulate during stream, persist once in finally
- Move test imports to module level per PEP 8 convention

* fix(chat-ui): fix MCPEvent import path and rename truncateFromMessage

- responses_api.tsx now imports MCPEvent directly from chat/types (not via MCPEventsDisplay re-export)
- Remove the now-unnecessary MCPEvent re-export from MCPEventsDisplay.tsx
- Rename truncateAfterMessage → truncateFromMessage: the function removes the target message and all subsequent ones (not just what comes after), so the new name accurately describes the behavior

* fix(responses-api): fix whitespace token filter and MCP server URL construction

- Drop the delta.trim() whitespace filter that was silently swallowing spaces
  and newlines during streaming, causing words to concatenate and paragraphs
  to collapse. Only skip truly empty strings (delta.length > 0).
- Use proxyBaseUrl for MCP server_url construction instead of the hardcoded
  relative path "litellm_proxy/mcp", so non-root deployments route correctly.

* fix(responses-api): use unique server_label per MCP server to prevent tool routing collisions

* fix(chat-ui): move MCPEvent to shared mcp_tools/types, skip partial events on abort

- Move MCPEvent interface to mcp_tools/types.tsx (shared with MCPServer/MCPTool),
  eliminating the playground→chat cross-module dependency. chat/types.ts and
  both playground components now import from mcp_tools/types.
- Only persist accumulated MCP events when the stream completes cleanly; aborted
  or errored turns drop partial events to avoid showing incomplete tool calls.

* fix(responses-api): use server_name for MCP URL routing, fix test path

- Use server_name (not alias) as the URL path segment for MCP server_url;
  alias is a display name that may differ from the registered proxy route.
  URL-encode the path to handle names with spaces/special characters.
- Fix sys.path.insert in tests to use __file__-relative path so tests pass
  regardless of which directory pytest is invoked from.

* fix(chat-ui): fix stale session after failed edit, clean MCP event persistence, unique server_label

- Eagerly call setResponsesSessionId(null) when historyOverride is set so a
  failed/aborted edit does not leave a stale session contaminating the next turn
- Replace abort-signal check with streamCompletedCleanly flag to correctly skip
  MCP event persistence on both abort and non-abort errors (network/API failures)
- Use server_name (unique) as server_label instead of alias to prevent silent
  tool-routing failures when two MCP servers share the same display name
2026-03-10 18:53:54 -07:00
Cesar Garcia f51a5b9c3e Update tests/test_litellm/test_model_cost_aliases.py
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-10 22:53:02 -03:00
Chesars 18a48d0a0b fix(tests): add missing assertions for alias conflict warning and aliases key removal 2026-03-10 22:46:21 -03:00
Chesars b00e507574 fix: address Greptile review feedback
- Clean up aliases key from entries with empty aliases list
- Strengthen test assertion for alias conflict warning
2026-03-10 22:42:18 -03:00