Commit Graph

110 Commits

Author SHA1 Message Date
jay prajapati 0e738a5027 fix(mcp): forward static_headers to MCP servers (#19341) (#19366)
Forward static_headers from /mcp-rest/test/* routes into the MCP client so headers are present during session.initialize() and tool discovery.

Also add a shared merge_mcp_headers() helper to keep header precedence consistent and ensure OpenAPI-to-MCP generated tools include static_headers.

Tests:
- pytest tests/test_litellm/proxy/_experimental/mcp_server/test_rest_endpoints.py
- pytest tests/test_litellm/proxy/_experimental/mcp_server/test_mcp_server_manager.py -k register_openapi_tools_includes_static_headers

Fixes #19341

Co-authored-by: Krish Dholakia <krrishdholakia@gmail.com>
2026-01-21 19:30:55 -08:00
Yuta Saito caf5f7f8ae test: add test 2026-01-21 14:51:56 +09:00
Yuta Saito 05d9fb6fd6 feat: SEP-986 2026-01-20 07:24:39 +09:00
YutaSaito eec4ed640b Revert "Stabilise mock tests" 2026-01-17 06:26:18 +09:00
Sameer Kankute 83e33944ef Fix: mock test tests 2026-01-15 22:02:42 +05:30
Sameer Kankute 4bdda9cc28 Fix: tests/test_litellm/proxy/test_proxy_server.py::test_embedding_input_array_of_tokens 2026-01-15 19:46:35 +05:30
Yuta Saito df37770a70 test: add permission test 2026-01-14 07:58:21 +09:00
Yuta Saito 76f79610b3 fix: forward MCP extra headers case-insensitively 2026-01-12 10:32:51 +09:00
Yuta Saito 5927a557fb tests: add test 2026-01-09 17:25:21 +09:00
Eric84626 f59e9cef55 Merge branch 'main' into main 2026-01-06 06:57:25 +08:00
Yuta Saito a8092ab4c4 fix: ensure_async_clients_test error 2026-01-06 07:13:13 +09:00
Yuta Saito f1d77ae14d feat: allow_all_keys to mcp server 2026-01-05 15:49:09 +09:00
hamzaq453 9ca7b1ad9b Resolve merge conflicts: integrate path validation with **kwargs approach
- Keep **kwargs approach (no exec()) for security
- Integrate path traversal validation from main branch
- Add URL encoding for path parameters
- Merge both test suites (edge cases + security tests)
- All 14 tests passing
2026-01-05 10:20:26 +05:00
Yuta Saito 0509fc79da fix: move code from litellm/llms to the mcp_server dir 2026-01-05 12:05:16 +09:00
YutaSaito 61e666c457 Merge pull request #18597 from BerriAI/litellm_fix_openapi_to_mcp
fix openapi to mcp
2026-01-03 09:43:06 +09:00
Yuta Saito 8e633ab513 fix: reuse shared async client in mcp openapi generator 2026-01-03 09:33:12 +09:00
Yuta Saito 6168e500a8 fix: add checking path param 2026-01-03 08:57:54 +09:00
Yuta Saito 35f9a75d55 feat: add UI support for configuring meta URLs 2026-01-02 15:07:37 +09:00
Alexsander Hamir d2f2fe1be5 [Fix] CI/CD - litellm_mapped_tests_proxy (#18572) 2026-01-01 15:27:51 -08:00
hamzaq453 4573ab326b refactor: remove to_safe_identifier mapping from OpenAPI MCP generator 2025-12-30 14:04:15 +05:00
YutaSaito b9e8b38cd3 Merge branch 'main' into fix/mcp-rest-auth-ssrf 2025-12-30 07:22:01 +09:00
hamzaq453 b33f1ec2b2 Fix: Remove exec() usage and handle invalid OpenAPI parameter names
- Add to_safe_identifier() to convert any parameter name to valid Python identifier
- Refactor create_tool_function() to use closure with **kwargs instead of exec()
- Handle edge cases: hyphens, dots, leading digits, Python keywords, special chars
- Add comprehensive test suite covering all edge cases
- Fixes #18471: OpenAPI MCP server crashes on invalid parameter names
- Security: Eliminates arbitrary code execution risk from untrusted OpenAPI specs
2025-12-28 19:28:11 +05:00
Yuta Saito c25ceb5596 refactor: MCP health check 2025-12-26 16:55:51 +09:00
YutaSaito 55bfb24ef8 Merge pull request #18324 from BerriAI/litellm_feat_dynamic_env_propagation_for_stdio_MCP_server
feat: support MCP stdio header env overrides
2025-12-24 06:29:53 +09:00
Alexsander Hamir 5534038e93 Fix CI: Revert security scan changes and add GitGuardian ignore rules (#18358) 2025-12-22 17:03:53 -08:00
Yuta Saito 34b500c7f5 feat: support MCP stdio header env overrides 2025-12-22 12:58:31 +09:00
Emerson Gomes acce6b9c83 Apply suggestion from @Copilot
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-12-20 15:56:46 -06:00
Emerson Gomes 9002f75277 Require auth for MCP connection test 2025-12-20 11:01:41 -06:00
Ishaan Jaffer 6112160a16 Revert "[Fix] Security - Remove example API keys with high entropy (#18255)"
This reverts commit 24edbccf5c.
2025-12-20 20:48:11 +05:30
Eric84626 0306f02e74 fix: removed initialize the tool name to MCP server name mapping(oauth2) on startup for avoiding 401 error 2025-12-20 14:13:18 +08:00
Eric84626 684fba42ea fix: added RFC RECOMMENDED property(scopes_supported) to protected resource and authorization server metadata 2025-12-20 13:22:29 +08:00
Eric84626 3a2ab6b0d1 fix: added additional grant type into oauth_authorization_server response for fixing mcp auth register bad request issue 2025-12-20 11:55:12 +08:00
Alexsander Hamir 24edbccf5c [Fix] Security - Remove example API keys with high entropy (#18255) 2025-12-19 10:09:50 -08:00
Yuta Saito 847bbd4fda fix: prefer _get_key_object_permission for key lookups and remove redundant checks 2025-12-18 09:50:56 +09:00
Yuta Saito defea8b887 fix: mcp deepcopy error 2025-12-16 07:02:07 +09:00
Yuta Saito 73e00c1382 fix: add MCP auth header propagation 2025-12-15 07:45:35 +09:00
YutaSaito 5b926ae2c6 fix: resolve UI session MCP permissions across real teams (#17620)
* fix: resolve UI session MCP permissions across real teams

* fix: remove user from logs
2025-12-08 19:03:01 -08:00
Yuta Saito 21a18128ec fix: mcp test 2025-12-06 10:54:22 +09:00
YutaSaito b5133c4c7d Feat/mcp preserve tool metadata calltoolresult (#17561)
* feat(mcp): preserve tool metadata and full CallToolResult in MCP gateway

This PR fixes two issues that prevented ChatGPT from rendering MCP UI widgets
when proxied through LiteLLM:

1. Preserve Tool Metadata in tools/list
   - Modified _create_prefixed_tools() to mutate tools in place instead of
     reconstructing them, preserving all fields including metadata/_meta
   - This ensures ChatGPT can see 'openai/outputTemplate' URIs in tools/list
     and will call resources/read to fetch widgets

2. Preserve Full CallToolResult (structuredContent + metadata)
   - Changed call_mcp_tool() and _handle_managed_mcp_tool() to return full
     CallToolResult objects instead of just content
   - Updated error handlers to return CallToolResult with isError flag
   - Wrapped local tool results in CallToolResult objects
   - This preserves structuredContent and metadata fields needed for widget rendering

Files changed:
- litellm/proxy/_experimental/mcp_server/mcp_server_manager.py
- litellm/proxy/_experimental/mcp_server/server.py

Fixes issues where ChatGPT could not render MCP UI widgets when using
LiteLLM as an MCP gateway.

* feat(mcp): Preserve tool metadata and return full CallToolResult for ChatGPT UI widgets

- Preserve metadata and _meta fields when creating prefixed tools
- Return full CallToolResult instead of just content list
- Ensures ChatGPT can discover and render UI widgets via openai/outputTemplate
- Fixes metadata stripping that prevented widget rendering in ChatGPT

Changes:
- mcp_server_manager.py: Mutate tools in place to preserve all fields including metadata
- server.py: Return CallToolResult with structuredContent and metadata preserved
- Added test to verify metadata preservation

* fix: guard cost calculator when BaseModel lacks _hidden_params

---------

Co-authored-by: Afroz Ahmad <aahmad@Afrozs-MacBook-Pro.local>
Co-authored-by: Afroz Ahmad <aahmad@KNDMCPTMZH3.sephoraus.com>
2025-12-05 16:15:22 -08:00
Sameer Kankute 082c8af37f Fix: litellm user auth not passing issue 2025-12-02 11:25:32 +05:30
YutaSaito b72b49757e feat: add backend support for OAuth2 auth_type registration via UI (#17006) 2025-11-23 21:52:18 -08:00
Ishaan Jaffer b2812af0a0 fix MCP tests 2025-11-22 10:02:15 -08:00
YutaSaito 93affcb732 [Feat] mcp resources support (#16800)
* feat: mcp prompts support

* feat: mcp resources support
2025-11-20 14:53:44 -08:00
YutaSaito 0b586d26fc refactor: drop MCPClient.connect and use run_with_session lifecycle (#16696)
Surface detailed connection errors by handling HTTP failures
2025-11-15 17:54:27 -08:00
Ishaan Jaffer 0699430206 test logging tests + mcp server QA checks 2025-11-15 08:58:46 -08:00
YutaSaito f487f4e3a9 feat: add dynamic OAuth2 metadata discovery for MCP servers (#16676)
* feat: add dynamic OAuth2 metadata discovery for MCP servers

* fix: lint error
2025-11-14 18:14:43 -08:00
YutaSaito 2843dab7fe fix: allow tool call even when server name prefix is missing (#16425)
* fix: allow tool call even when server name prefix is missing

* fix: test

* fix: test

* fix: test
2025-11-12 13:50:52 -08:00
YutaSaito 8e27b6c0b4 [MCP] configure static mcp header (#16179)
* feat: configure extra mcp headers in ui

* doc: static header

* build: add new migration file

* chore: add missing image file

* fix: test
2025-11-03 21:06:36 -08:00
Talal 5e10ea4136 Improve(mcp): respect X-Forwarded- headers in OAuth endpoints (#16036)
* fix(mcp): respect X-Forwarded-Proto header in OAuth endpoints

When LiteLLM proxy is deployed behind a reverse proxy (like nginx or a load balancer) that terminates SSL/TLS, the proxy receives HTTP requests internally but should expose HTTPS URLs externally. This change detects the X-Forwarded-Proto header and uses it to construct correct redirect URIs and endpoint URLs.

Changes:
- Added X-Forwarded-Proto detection to authorize, token, oauth_protected_resource_mcp, oauth_authorization_server_mcp, and register_client endpoints
- Added comprehensive tests for X-Forwarded-Proto header support across all affected endpoints
- Fixed existing tests to properly mock request.headers

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* fix formatting

* feat(mcp): support X-Forwarded-Host for proxy base URL reconstruction

Extended X-Forwarded-Proto support to also handle X-Forwarded-Host and X-Forwarded-Port headers. This allows LiteLLM to correctly construct redirect URIs and endpoint URLs when deployed behind a reverse proxy that changes the host/port.

Example scenario:
- Internal URL: http://localhost:8888/github/mcp
- External URL: https://proxy.abc.com/github/mcp
- Proxy sets: X-Forwarded-Proto: https, X-Forwarded-Host: proxy.abc.com

Changes:
- Added get_request_base_url() helper function to centralize X-Forwarded-* header handling
- Replaced all inline X-Forwarded-Proto checks with calls to the helper function
- Helper handles X-Forwarded-Proto, X-Forwarded-Host, and X-Forwarded-Port
- Added tests for X-Forwarded-Host scenarios in authorize and token endpoints

Fixes issue where protected resource URL mismatch occurred:
  Error: Protected resource http://proxy.abc.com:8888/github/mcp
  does not match expected https://proxy.abc.com/github/mcp

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* chore: replace Yelp-specific hostnames with generic examples

Changed all references from chatproxy.yelpcorp.com to proxy.example.com in:
- test_proxy_forwarding.py (default host parameter)
- TEST_PROXY_FORWARDING.md (documentation examples)
- discoverable_endpoints.py (docstring example)
- test_discoverable_endpoints.py (test mock data)

This makes the code more generic and suitable for open source.
All 13 tests still passing.

* remove accidentally added files

* fix formatting

* add new test for get_base_url

---------

Co-authored-by: Claude <noreply@anthropic.com>
2025-10-29 19:11:32 -07:00
YutaSaito c0890e7d33 [Feat] add support for dynamic client registration (#15921) (enables Atlassian MCP to work via Oauth on LiteLLM)
* feat: add support for dynamic client registration #13856

* fix: test

* feat: return 401 when oauth2_header is missing for OAuth2-based MCP servers
2025-10-26 10:13:46 -07:00