Add a self-contained Playwright E2E test suite that runs against a local
PostgreSQL database instead of Neon. Tests cover role-based access for all
5 user roles (proxy admin, admin viewer, internal user, internal viewer,
team admin) and authentication flows.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
cryptography 46.0.5 excludes Python 3.9.0 and 3.9.1, which conflicts
with pyproject.toml's python = ">=3.9,<4.0" range. Docker still uses
46.0.5 via requirements.txt.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
aioboto3 was listed as a dependency for async sagemaker calls but is not
imported anywhere in the codebase — async calls use httpx + botocore SigV4
instead. Removing it eliminates the unresolvable botocore version conflict
between boto3 and aiobotocore, along with all grep -v / --no-deps workarounds
across Dockerfiles and CI.
Also addresses Greptile review feedback: collapse redundant grpcio
python-version markers, bump pyproject.toml cryptography to 46.0.5 to
match Docker (GHSA-r6ph-v2qm-q3c2), and fix misleading .npmrc comment.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Both are transitive deps of aiobotocore, added to requirements.txt in
the previous commit. aioitertools is MIT, wrapt is BSD.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
boto3==1.42.80 and aioboto3==15.5.0 have incompatible botocore version
ranges. No aioboto3 release supports botocore 1.42.x yet. Both uv and
pip 26.0.1 reject the resolution.
Fix: filter aioboto3 out of requirements.txt at install time, then
install aioboto3+aiobotocore with --no-deps to bypass resolution.
Added wrapt and aioitertools to requirements.txt as pinned transitive
deps of aiobotocore (skipped by --no-deps). Fixed pip stdin handling
(/dev/stdin). Applied to all 5 Dockerfiles and all CircleCI install
paths.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
boto3==1.42.80 and aioboto3==15.5.0 have incompatible botocore ranges.
Both uv and pip 26.0.1 reject the resolution. Fix: filter aioboto3 out
of requirements.txt at install time, then install aioboto3+aiobotocore
separately with --no-deps to bypass resolution. Removes uv-overrides.txt
which only partially addressed the conflict.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
aiobotocore[boto3] pins both boto3<1.40.62 and botocore<1.40.62.
The previous commit only overrode botocore. Added boto3 override too.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
boto3==1.42.80 requires botocore>=1.42.80 but aioboto3==15.5.0 (via
aiobotocore==2.25.1) requires botocore<1.40.62. No aioboto3 release
supports botocore 1.42.x yet. pip's lenient resolver handles this for
Docker builds, but uv's strict resolver rejects it in CI. Added
uv-overrides.txt to force botocore to match boto3 during uv installs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CircleCI had stale version pins (e.g. boto3==1.36.0, aioboto3==13.4.0) that
conflict with requirements.txt (boto3==1.42.80, aioboto3==15.5.0), causing
uv resolution failures. Updated all mismatched pins across config.yml and
.circleci/requirements.txt to match requirements.txt as the source of truth.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
After merging main, pyproject.toml had updated dependency versions but
requirements.txt still had the old pins. The Dockerfile builds litellm
from source (using pyproject.toml) then installs deps from
requirements.txt, so version mismatches cause pip resolution failures.
Updated 21 packages to match: openai, fastuuid, tiktoken,
importlib-metadata, tokenizers, click, jsonschema, fastapi, pyyaml,
uvicorn, boto3, mcp, orjson, polars, apscheduler, fastapi-sso, pyjwt,
python-multipart, azure-identity, rich, aiohttp.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Resolve conflicts between pinned versions and main's caret ranges,
keeping exact pins. Add pytest-cov==5.0.0 from main. Regenerate
poetry.lock.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
hf-xet is Apache 2.0 licensed but PyPI metadata doesn't expose the
license string, so the automated checker can't determine it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pytest-asyncio 1.x no longer provides an implicit event loop in sync
fixtures/tests. Make async-dependent fixtures and tests async, and
replace deprecated asyncio.get_event_loop() in tests. Switch
Dockerfile.build_from_pip from Alpine to Debian slim since
pyroscope-io 0.8.x has no musl wheels.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
asyncio.create_task in CSW.__anext__ scheduled the deferred logging
callback as an independent task that raced with unified_guardrail's
end-of-stream block. For short-stream providers (Vertex AI, Azure,
Anthropic), the logging fired before guardrail_information was written,
causing post_call guardrail entries to be missing from
StandardLoggingPayload.
Move the deferred callback trigger from CSW.__anext__ to
ProxyLogging.async_post_call_streaming_iterator_hook (after the full
streaming pipeline completes). CSW now stores the assembled response
args; the outer consumer fires the callback after all guardrail
end-of-stream blocks finish. Also skip apply_guardrail guardrails in
_run_deferred_stream_guardrails to eliminate duplicate API calls.
Pin pyproject.toml deps from PyPI resolution of `pip install litellm[proxy]==1.83.0`
instead of Docker freeze versions. Docker builds (requirements.txt) and PyPI installs
(pyproject.toml) are independent dependency paths. Some packages pinned to 3.9-compatible
versions where latest requires >=3.10.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Pin every dependency across all Docker builds so upgrades are intentional.
Verified by building all 3 production images and diffing pip freeze against
known-good v1.83.0-nightly baselines — zero version drift.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Use nullish coalescing for potentially null response body
- Create release as draft first, then publish atomically to avoid partial-release state
- Pin cosign.pub URL to release tag instead of main branch
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Source fixes:
- page.tsx: add explicit isValidReturnUrl() check at redirect site
- public_model_hub.tsx: replace() → replaceAll() for all wildcard occurrences
- CodeSnippets.tsx: escape backslashes before quotes in generated Python
- TeamGuardrailsTab.tsx: escape backslashes before quotes in generated YAML
CodeQL suppressions for false positives:
- ChatUI.tsx: sessionStorage for apiKey/apiKeySource (sessionStorage is
correct per project policy — scoped to tab, cleared on close)
- ChatUI.tsx: setInputMessage(prompt) where prompt is a hardcoded literal
- mcp_server_edit.tsx, create_mcp_server.tsx: sessionStorage for OAuth state
- useMcpOAuthFlow.tsx, useUserMcpOAuthFlow.tsx: sessionStorage wrappers
- LoginPage.tsx: localStorage.getItem for worker URL in SSO flow
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prepend Docker image signature verification instructions to auto-generated
release notes, using the cosign public key committed to the repo.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>