Commit Graph
539 Commits
Author SHA1 Message Date
Igal BoxermanandGitHub e6e1e8fca4 feat(pillar): add automatic LiteLLM context headers (#17076)
- Automatically pass LiteLLM virtual key context as X-LiteLLM-* headers
- Includes key_alias, user_id, team_id, org_id, and user_email
- No configuration required - always enabled for application/user tracking
- Excludes sensitive data (metadata, API tokens) for security
- Add comprehensive tests (30 tests, all passing)
- Update documentation with header details
2025-11-25 19:35:39 -08:00
00e17c81a1 Add enforce user param functionality (#17088)
* feat: Add reject_metadata_tags to proxy config

Co-authored-by: krrishdholakia <krrishdholakia@gmail.com>

* Refactor: Rename reject_metadata_tags to reject_clientside_metadata_tags

Co-authored-by: krrishdholakia <krrishdholakia@gmail.com>

---------

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
2025-11-25 09:36:24 -08:00
Saar wintrovandGitHub cfd35d3b14 Metadata: fix 401 when audio/transcriptions (#17023)
* Metadata: fix 401 when audio/transcriptions

* check if str, CR fixes
2025-11-24 20:56:27 -08:00
yuneng-jiangandGitHub 3f5a34d72c Deleting a user from team deletes key user created for team (#17057) 2025-11-24 20:47:43 -08:00
Raghav JhavarandGitHub bd8196f982 (fix) propagate x-litellm-model-id in responses (#16986)
* propagate model id on errors too

* make it work for messages and streaming

* fix

* cleanup

* cleanup

* final

* cleanup

* clean up method name and fix responses api streaming

* remove comment
2025-11-24 20:40:43 -08:00
Sameer KankuteandGitHub c6fbdc7dc5 fix bedrock passthrough auth issue (#16879) 2025-11-24 18:44:59 -08:00
Sameer KankuteandGitHub 629404a100 Add cost tracking for cohere embed passthrough endpoint (#17029)
* Add cost tracking for cohere embed passthrough endpoint

* update passthrough code

* update passthrough code

* fixed lint and mypy errors
2025-11-24 17:39:26 -08:00
62b84d6aad Prompt security litellm (#16365)
* add prompt security guardrails provider

* cosmetic

* small

* add file sanitization and update context window

* add pdf and OOXML files support

* add system prompt support

* add tests and documentation

* remove print

* fix PLR0915 Too many statements (96 > 50)

* cosmetic

* fix mypy error

* Fix failed tests due to naming conflict of responses directory with same-named pip package

* Fix mypy error: use 'aembedding' instead of 'embeddings' for async embedding call type

* Fix: Install enterprise package into Poetry virtualenv for tests

The GitHub Actions workflow was installing litellm-enterprise to system Python
using 'python -m pip install -e .', but tests run in Poetry's virtualenv using
'poetry run pytest'. This caused ImportError for enterprise package types.

Changed to 'poetry run pip install -e .' so the package is available in the
same virtualenv where pytest executes.

Fixes enterprise test collection errors in GitHub Actions CI.

* Move Prompt Security guardrail tests to tests/test_litellm/

Per reviewer feedback, move test_prompt_security_guardrails.py from
tests/guardrails_tests/ to tests/test_litellm/proxy/guardrails/ so
it will be executed by GitHub Actions workflow test-litellm.yml.

This ensures the Prompt Security integration tests run in CI.

---------

Co-authored-by: Ori Tabac <oritabac@prompt.security>
Co-authored-by: Vitaly Neyman <vitaly@prompt.security>
2025-11-24 11:44:20 -08:00
adfdcf1d61 [Fix] UI - Hide Default Team Settings From Proxy Admin Viewers (#16900)
* Add fallback in sort to prevent NoneType and str comparison

* Hide Default Team Settings from Proxy Admin Viewers

---------

Co-authored-by: Krish Dholakia <krrishdholakia@gmail.com>
2025-11-23 22:01:38 -08:00
yuneng-jiangandGitHub 013dcd837f Change provider create fields to JSON (#16985) 2025-11-23 21:57:22 -08:00
YutaSaitoandGitHub b72b49757e feat: add backend support for OAuth2 auth_type registration via UI (#17006) 2025-11-23 21:52:18 -08:00
YutaSaitoandGitHub 06f2ecef42 feat: tool permission argument check (#16982) 2025-11-22 19:21:25 -08:00
yuneng-jiangandGitHub 825f61b452 Remove expired proxy admin keys from cache (#16894) 2025-11-22 14:23:28 -08:00
yuneng-jiangandGitHub 22fd323d6b Calling team/permissions_list and team/permissions_update now returns 404 with non-existent team (#16835) 2025-11-22 14:21:58 -08:00
Ishaan Jaffer b2812af0a0 fix MCP tests 2025-11-22 10:02:15 -08:00
bbaf0af907 Grayswan guardrail passthrough on flagged (#16891)
* attempt to implement the passthrough feature

* Formatting and small change

* Fix formatting

* Format test file

---------

Co-authored-by: Xiaohan Fu <xiaohan@grayswan.ai>
2025-11-21 20:01:35 -08:00
yuneng-jiangandGitHub b074c79734 Allow partial matches for user id in user table (#16952) 2025-11-21 19:12:16 -08:00
yuneng-jiangandGitHub 6881594632 [Fix] Exclude litellm_credential_name from Sensitive Data Masker (Updated) (#16958)
* Exclude litellm_credential_name from sensitive masker

* Adding missing file
2025-11-21 19:09:48 -08:00
yuneng-jiangandGitHub eb48d5cc42 Revert "Exclude litellm_credential_name from sensitive masker (#16950)" (#16956)
This reverts commit 5cfacb96e6.
2025-11-21 18:09:54 -08:00
yuneng-jiangandGitHub 5cfacb96e6 Exclude litellm_credential_name from sensitive masker (#16950) 2025-11-21 16:40:17 -08:00
Ishaan Jaffer 4a9f163db1 TestPromptVersionsEndpoint 2025-11-21 16:21:13 -08:00
yuneng-jiangandGitHub 0abfb07ab8 Remove UI Session Token from user/info return (#16851) 2025-11-21 16:11:58 -08:00
Ishaan JaffandGitHub 6ae22908b7 [Feat] Prompt Versioning - Allow specifying prompt version in code (#16929)
* add _get_prompt_data_from_dotprompt_content

* fix pre call hook for prompt template

* fix: get_latest_version_prompt_id

* fix get_latest_version_prompt_id

* test_get_latest_version_prompt_id
2025-11-21 13:58:49 -08:00
Ishaan JaffandGitHub 97d9da93e0 [Feat] Prompt Management - Allow viewing version history (#16901)
* TestPromptRequest

* add prompts/test endpoint for testing prompt

* TestPromptTestEndpoint

* feat: working v1 of this ui

* workig prompt endpoints

* add chat ui for prompts

* add conversation panel

* add init chat ui

* allow clicking edit prompt

* fix use get_base_prompt_id

* add endpoints for viewing prompt versions

* TestPromptVersioning

* add getPromptVersions

* add VersionHistorySidePanel

* allow viewing version history

* add version history
2025-11-21 08:54:52 -08:00
YutaSaitoandGitHub 041ac054b6 feat: allow custom violation message for tool-permission guardrail (#16916) 2025-11-21 08:52:01 -08:00
yuneng-jiangandGitHub 7225fc066f Fix key model alias (#16896) 2025-11-20 16:05:49 -08:00
YutaSaitoandGitHub 93affcb732 [Feat] mcp resources support (#16800)
* feat: mcp prompts support

* feat: mcp resources support
2025-11-20 14:53:44 -08:00
idola9andGitHub e1005cb9d3 Use LiteLLM key alias as fallback Noma applicationId in NomaGuardrail (#16832)
* Use auth key name if there are no app id in in headers or in extra_data

* use key alias instead of key name

* Fix

* last priority key alias

* Fix

* Add tests
2025-11-19 17:44:23 -08:00
Ishaan JaffandGitHub c7cf18cf67 [Feat] Prompt Management - Allow storing prompt version in DB (#16848)
* test_dotprompt_auto_detection_with_model_only

* fix _auto_detect_prompt_management_logger

* test_dotprompt_with_prompt_version

* add v1, v2 tests

* add _compile_prompt_helper

* fix _compile_prompt_helper

* test_dotprompt_with_prompt_version

* test_dotprompt_with_prompt_version, test_get_prompt_with_version

* add version in schema

* feat add _get_prompt_spec_for_db_prompt

* add _get_prompt_spec_for_db_prompt

* feat add _get_prompt_spec_for_db_prompt

* update prompt table

* add version in prompt DB

* test_get_prompt_spec_for_db_prompt_with_versions
2025-11-19 13:19:56 -08:00
Alexsander HamirandGitHub 2e007505da fix(spend-logs): trim logged response strings (#16654)
* fix(spend-logs): trim logged response strings

- route spend-log responses through the existing string sanitizer so oversized base64/text fields are truncated before persistence
- add unit tests covering the truncation path and the feature flag

Note: embeddings-specific truncation (numeric vectors) is still pending and will be handled separately.

* remove unnecessary comment

* add: sanitization unit test for embeddings

* fix: simplify sanatization logic

I overcomplicated a simple change for lack of understanding, fixed.
2025-11-18 20:12:49 -08:00
Ishaan JaffandGitHub c3c6cef6d8 [Fix] Fixes Swagger UI resolver errors for chat completion endpoints caused by Pydantic v2 $defs not being properly exposed in the OpenAPI schema. (#16784)
* fix add_request_body_to_paths

* test_move_defs_to_components
2025-11-18 17:39:28 -08:00
Ishaan JaffandGitHub 2880cb45a2 [Fix] AI Gateway Auth - Ensure Team Tags works when using JWT Auth (#16797)
* fix setting team_metadata

* test_team_metadata_with_tags_flows_through_jwt_auth
2025-11-18 17:36:38 -08:00
Ishaan JaffandGitHub e2fc225201 [Feat] SSO - Ensure role from SSO provider is used when a user is inserted onto LiteLLM (#16794)
* test_apply_user_info_values_sso_role_takes_precedence

* fix SSO
2025-11-18 15:35:38 -08:00
yuneng-jiangandGitHub f9ec353b80 [Feature] UI - Allow setting base_url in API reference docs (#16674)
* Allow setting base_url in API reference docs

* Add logic to change base url for test key page
2025-11-18 11:27:28 -08:00
YutaSaitoandGitHub 86ada061ec fix: prompt injection not working (#16701) 2025-11-17 20:04:57 -08:00
Ishaan JaffandGitHub bdb1e16dcf [Feat] AI Gateway Auth - Allow using JWTs for signing in with Proxy CLI (#16756)
* fix auth

* get_cli_jwt_auth_token

* fix linting

* test fixes

* docs

* test fixes

* fix refactor
2025-11-17 19:47:29 -08:00
YutaSaitoandGitHub 0b586d26fc refactor: drop MCPClient.connect and use run_with_session lifecycle (#16696)
Surface detailed connection errors by handling HTTP failures
2025-11-15 17:54:27 -08:00
Ishaan JaffandGitHub 25cb873467 [UI] expose backend endpoint for callbacks settings (#16698)
* init json for

* add SQS fields

* fix params

* return callbacks configs

* test_get_callback_configs

* test_get_callback_configs

* vercel build fix
2025-11-15 16:44:17 -08:00
a2e3b942dc Vector store files Stable Release (#16643)
* Add support for vector store files endpoints (#16490)

* Add base code for vector store integration

* fix azure related tests and linting error

* fix mypy errors

* Add vector store files documentation

* fix mapped tests

* Add bytedance and ideogram support in fal ai (#16636)

* Add fal ai flux pro v1.1 support (#16578)

* Add fal ai flux pro v1.1 support

* Add tests and docs

---------

Co-authored-by: Ishaan Jaffer <ishaanjaffer0324@gmail.com>
2025-11-15 13:00:33 -08:00
Ishaan Jaffer abe3fcc7e7 test_ui_view_spend_logs_with_team_id 2025-11-15 10:12:47 -08:00
Ishaan Jaffer 0699430206 test logging tests + mcp server QA checks 2025-11-15 08:58:46 -08:00
YutaSaitoandGitHub f487f4e3a9 feat: add dynamic OAuth2 metadata discovery for MCP servers (#16676)
* feat: add dynamic OAuth2 metadata discovery for MCP servers

* fix: lint error
2025-11-14 18:14:43 -08:00
Ishaan JaffandGitHub b360cc957e [Feat] Model Management API - Add API Endpoint for creating model access group (#16663)
* add NewModelGroupRequest

* add endpoint for create_model_group

* fix model_access_group_management_router

* add UpdateModelGroupRequest, info and delete

* fix model management tag

* fix validate_models_exist

* fix get_all_access_groups_from_db

* test_create_duplicate_access_group_fails

* test fixes

* fix working create access groups

* fix access group management endpoints

* add is db model checks for model access groups
2025-11-14 16:40:43 -08:00
yuneng-jiangandGitHub f1ff195bd8 Add Model uses endpoint info (#16664) 2025-11-14 16:08:27 -08:00
Alexsander HamirandGitHub c7847125c2 [Perf] Embeddings: Use router's O(1) lookup and shared sessions (#16344)
* Refactor proxy embeddings to use shared processor

- allow ProxyBaseLLMRequestProcessing to accept the aembedding route so embeddings requests reuse the base pipeline hooks

- route embeddings requests through base_process_llm_request, sharing logging, hook execution, retries, and header handling with chat/responses

- tighten token array decoding logic by using router deployment lookups and the unified error handler

* Fix: Correctly process embedding requests with token arrays

The `test_embedding_input_array_of_tokens` test was failing due to a regression that caused embedding requests with token arrays to be processed incorrectly. This prevented the `aembedding` function from being called as expected.

This was caused by a combination of three distinct issues:

1.  In `litellm/proxy/common_request_processing.py`, the `function_setup` utility was called with `aembedding` as the `original_function` for embedding routes. This has been corrected to `embedding` to ensure proper request setup.

2.  In `litellm/proxy/proxy_server.py`, a `TypeError` occurred because the `get_deployment` method was called with the `model_name` keyword argument instead of the expected `model_id`. This has been corrected. Additionally, the check for token arrays was improved to validate that all elements in the input subarray are integers.

3.  In `litellm/proxy/litellm_pre_call_utils.py`, the check for the `enforced_params` enterprise feature was too strict. It blocked valid requests even when the `enforced_params` list was empty. The condition has been adjusted to trigger the check only for non-empty lists.

Finally, the `test_embedding_input_array_of_tokens` assertion was updated to be more robust. The previous `assert_called_once_with` was overly strict, causing failures when unrelated internal parameters were added to the function call. The test now first asserts that `aembedding` is called and then separately verifies the `model` and `input` arguments. This makes the test more resilient to future changes without sacrificing its ability to catch regressions.

* test: align proxy embedding assertions

Update the embedding proxy test to match the new request pipeline: keep the data the proxy builds, expect the extra control kwargs, let the post-call hook return the actual response, and assert the normalized 'embeddings' hook type. This proves the refactor still forwards metadata and returns the mocked payload.

* Update proxy exception test

The proxy now forwards additional kwargs (request_timeout, litellm_call_id, litellm_logging_obj) to llm_router.aembedding. The test needs to accept these to match the real call signature and keep validating the error path instead of the kwargs list.

* testing: unsure of this change

I don't remember why I changed this, will revert and see if any tests fail since the manual test isn't failing without it.

* fix: remove unrelated change

This change was not related to the embeddings refactor and actually belonged to a different branch.
2025-11-14 09:21:45 -08:00
yuneng-jiangandGitHub 379aa7b79a Pagination for /spend/logs/session/ui endpoint (#16603) 2025-11-13 22:03:00 -08:00
YutaSaitoandGitHub 331be4f57b fix: avoid crashing when MCP server record lacks credentials (#16601) 2025-11-13 22:01:11 -08:00
yuneng-jiangandGitHub 792339200a Migrate Add Model Fields to backend (#16620) 2025-11-13 21:48:57 -08:00
yuneng-jiangandGitHub 8bf491c939 [Fix] /spend/logs/ui Access Control (#16446)
* RBAC for /spend/logs/ui

* Addressing comments
2025-11-12 18:44:21 -08:00
yuneng-jiangandGitHub cb27d6c456 [Fix] UI - Delete Callbacks Failing (#16473)
* Temp commit for branch switching

* Created normalize callback name util function and tests
2025-11-12 18:43:37 -08:00