Commit Graph

851 Commits

Author SHA1 Message Date
yuneng-jiang c29d042df4 Case insensitive email login 2026-01-09 12:51:00 -08:00
Harshit Jain 8a683d9a6a Add fix for bedrock_cache, metadata and max_model_budget (#18872) 2026-01-10 01:09:00 +05:30
Harshit Jain 819468554f fix(security): prevent expired key plaintext leak in error response (#18860) 2026-01-09 22:27:39 +05:30
Sameer Kankute bb9347207b Merge pull request #18833 from BerriAI/litellm_staging_01_08_2026
Litellm staging 01 08 2026
2026-01-09 17:04:29 +05:30
Sameer Kankute 844c766c65 Merge pull request #18763 from BerriAI/litellm_staging_01_07_2026
Staging - 01/07/2026
2026-01-09 17:01:58 +05:30
Yuta Saito 022db6c9ed feat: add mcp registry 2026-01-09 15:07:39 +09:00
yuneng-jiang 1b9c7deec6 Merge remote-tracking branch 'origin' into litellm_key_team_routing_3 2026-01-08 10:39:12 -08:00
yuneng-jiang 864e8c6543 Merge pull request #18775 from BerriAI/litellm_fs_callback_fix
[Fix] Normalize Proxy Config Callback
2026-01-08 10:37:21 -08:00
Harshit Jain 516e4f8b96 fix: proactive RDS IAM token refresh to prevent 15-min connection failed (#18795)
* fix: proactive RDS IAM token refresh to prevent 15-min connection failures (#16220)

* fix: add noqa for PLR0915 in proxy_startup_event
2026-01-08 23:53:36 +05:30
Sameer Kankute b6e011309a Fix: test_spend_logs_payload_success_log_with_router 2026-01-08 16:07:00 +05:30
yuneng-jiang 51759424a6 Key and Team Routing Setting 2026-01-07 17:17:30 -08:00
yuneng-jiang 1c84af8ae4 normalize proxy config callbacks 2026-01-07 12:22:57 -08:00
yuneng-jiang 140ce5fce2 Merge remote-tracking branch 'origin' into litellm_key_team_routing_config 2026-01-07 11:08:01 -08:00
yuneng-jiang 943445dd0f Adding test 2026-01-07 11:00:07 -08:00
yuneng-jiang 9a49bb293f Merge remote-tracking branch 'origin' into litellm_key_team_routing_config 2026-01-07 10:55:38 -08:00
yuneng-jiang 7da8d5fcd5 Merge remote-tracking branch 'origin' into litellm_endpoint_usage_breakdown 2026-01-07 10:25:43 -08:00
kothamah 1b8708fccc Litellm embeddings calltype fix for guardrail precallhook (#18740)
* adding signoz integration to observability docs

* Fixing build

* Adding timeout for flaky test

* Fixing e2e

* add team member budget duration in team/update

* Reusable Duration Select and update team member budget UI

* feat: allow configuring project name for OpenTelemetry service name

* docs: sets ARIZE_PROJECT_NAME

* added valid callType for bedrock guardrail pre hook

This is to resolve the error when bedrock guardrails are enabled and invoke the embedding models.   {"error":{"message":"'embeddings' is not a valid CallTypes","type":"None","param":"None","code":"500"}}*

* updated the test case to reflect valid callType

---------

Co-authored-by: Goutham Karthi <goutham@signoz.io>
Co-authored-by: yuneng-jiang <yuneng.jiang@gmail.com>
Co-authored-by: YutaSaito <36355491+uc4w6c@users.noreply.github.com>
Co-authored-by: Yuta Saito <uc4w6c@bma.biglobe.ne.jp>
2026-01-07 21:40:36 +05:30
Kris Xia 91b5c66cf2 fix(proxy): return json error response instead of sse format for initial streaming errors (#18757)
* adding signoz integration to observability docs

* Fixing build

* Adding timeout for flaky test

* Fixing e2e

* fix(proxy): return json error response instead of sse format for initial streaming errors

when the first chunk of a streaming response contains an error,
return a standard json error response instead of sse format.
this ensures clients receive properly formatted error responses
before the stream actually begins.

- rename create_streaming_response to create_response
- add logic to detect error in first chunk and return JSONResponse
- add _extract_error_from_sse_chunk helper function
- update all call sites to use the new function name
- update tests to reflect the function rename

* test(proxy): add comprehensive tests for error extraction from sse chunks

- Add new test class TestExtractErrorFromSSEChunk with 10 test cases
- Update existing tests to verify JSONResponse returned for initial streaming errors
- Add tests for error code as string, bytes input, invalid JSON, and edge cases
- Verify correct error format extraction from SSE chunks

---------

Co-authored-by: Goutham Karthi <goutham@signoz.io>
Co-authored-by: yuneng-jiang <yuneng.jiang@gmail.com>
Co-authored-by: YutaSaito <36355491+uc4w6c@users.noreply.github.com>
2026-01-07 21:26:47 +05:30
drorIvry 000913fa12 Hotfix - docs qualifire (#18724)
* Hotfix - docs qualifire

* Hotfix - docs qualifire

* Hotfix - docs qualifire

* Hotfix - docs qualifire

* Hotfix - docs qualifire

* Hotfix - docs qualifire

* Hotfix - docs qualifire
2026-01-07 17:23:12 +05:30
yuneng-jiang 2a6f2a3fb8 add team member budget duration in team/update 2026-01-06 17:43:17 -08:00
yuneng-jiang ccfffc5de9 Add endpoint to aggregate activity tables 2026-01-06 15:54:03 -08:00
Sameer Kankute 865c7a2215 fix: test_update_ui_settings_allowlisted_value 2026-01-06 13:58:37 +05:30
Sameer Kankute 9d59d3eef6 fix: test_secret_manager_failure_does_not_block_email 2026-01-06 13:58:15 +05:30
Sameer Kankute 9f65f82c56 Fix: ImportError: qualifire package is required for QualifireGuardrail. Install it with: pip install qualifire 2026-01-06 13:52:26 +05:30
YutaSaito a774e7899c Merge pull request #18281 from Eric84626/main
Fix: fixed some MCP gateway oauth2 auth issues and ClosedResourceError
2026-01-06 13:22:46 +09:00
YutaSaito 31470032ad Merge pull request #18681 from BerriAI/litellm_feat_mcp-server-visibility-configurable
[feat] mcp server visibility configurable
2026-01-06 12:53:07 +09:00
Yuta Saito 694bcb6186 feat: add user_mcp_management_mode for view_all visibility 2026-01-06 11:22:28 +09:00
yuneng-jiang 1b7b42628d Add/update for router_settings in keys / teams 2026-01-05 16:19:42 -08:00
Eric84626 f59e9cef55 Merge branch 'main' into main 2026-01-06 06:57:25 +08:00
Yuta Saito a8092ab4c4 fix: ensure_async_clients_test error 2026-01-06 07:13:13 +09:00
yuneng-jiang 7937c8674b Merge pull request #18666 from BerriAI/litellm_keys_create_hour_fix
[Fix] Use timedelta to Calculate Key Expiry on Generate
2026-01-05 12:57:53 -08:00
yuneng-jiang c7345e4bfd Use timedelta to calculate key expiry 2026-01-05 12:24:34 -08:00
Urain Ahmad Shah bf33e639ef Fix User Invite & Key Generation Email Notification Logic (#18524)
* Fix email notification

* Update email notification tests

* moved test file
2026-01-06 01:35:52 +05:30
drorIvry b6a64ff99a feature/ add qualifire guardrails (#18594)
* init guardrails

* init guardrails

* some fixes

* some fixes

* ruff

* some fixes

* some fixes

* some fixes

* some fixes

* some fixes

* some fixes

* docs
2026-01-06 01:34:43 +05:30
Krish Dholakia b5aa7d1838 feat: Add api_key to GenericGuardrailAPI and set x-api-key header (#18647)
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
2026-01-06 01:05:51 +05:30
Alexsander Hamir 0b0a9abd90 fix: normalize case for tool permission guardrail fields to prevent validation errors (#18662)
This fixes a critical issue where capitalized values in tool_permission guardrail
configurations (e.g., "Deny" instead of "deny") caused Pydantic validation errors
during proxy startup, leading to repeated initialization failures and latency issues.

Problem:
- Users could save guardrails with capitalized values through UI/API
- Data was written to database without validation (e.g., default_action: "Deny")
- On proxy startup, loading from DB triggered strict Pydantic validation
- ValidationError caused guardrail initialization to fail in a retry loop
- This resulted in startup delays and repeated error logging

Root Cause:
- Write path had no case normalization
- Read path enforced strict lowercase Literal validation
- Asymmetry between write and read caused latent data corruption

Solution:
Added field validators to normalize case before Pydantic validation:

1. ToolPermissionRule.decision ("allow"/"deny")
   - Normalizes decision field in rules array

2. ToolPermissionGuardrailConfigModel.default_action ("allow"/"deny")
   - Normalizes default fallback action

3. ToolPermissionGuardrailConfigModel.on_disallowed_action ("block"/"rewrite")
   - Normalizes disallowed tool behavior

4. ToolPermissionGuardrail.__init__ normalization
   - Defensive normalization for direct instantiation
   - Ensures normalization regardless of code path

Impact:
- Prevents validation errors during guardrail initialization
- Eliminates startup retry loops and latency issues
- Handles existing database records with capitalized values
- Accepts case-insensitive input from all sources (UI, API, direct calls)
- Fully backward compatible with existing lowercase configurations

Testing:
- Added 3 comprehensive tests for case-insensitive handling
- All 27 existing tests still pass
- Tests verify normalization across all affected fields

Files Changed:
- litellm/types/proxy/guardrails/guardrail_hooks/tool_permission.py
  Added @field_validator decorators for case normalization
- litellm/proxy/guardrails/guardrail_hooks/tool_permission.py
  Added runtime normalization in __init__ method
- tests/test_litellm/proxy/guardrails/guardrail_hooks/test_tool_permission.py
  Added case-insensitive validation tests
2026-01-05 11:24:19 -08:00
Yuta Saito f1d77ae14d feat: allow_all_keys to mcp server 2026-01-05 15:49:09 +09:00
hamzaq453 9ca7b1ad9b Resolve merge conflicts: integrate path validation with **kwargs approach
- Keep **kwargs approach (no exec()) for security
- Integrate path traversal validation from main branch
- Add URL encoding for path parameters
- Merge both test suites (edge cases + security tests)
- All 14 tests passing
2026-01-05 10:20:26 +05:00
Yuta Saito 0509fc79da fix: move code from litellm/llms to the mcp_server dir 2026-01-05 12:05:16 +09:00
Yuta Saito c8c73e6fa5 fix: MCP handling in unified guardrail 2026-01-05 10:41:24 +09:00
YutaSaito 61e666c457 Merge pull request #18597 from BerriAI/litellm_fix_openapi_to_mcp
fix openapi to mcp
2026-01-03 09:43:06 +09:00
Yuta Saito 8e633ab513 fix: reuse shared async client in mcp openapi generator 2026-01-03 09:33:12 +09:00
Yuta Saito 6168e500a8 fix: add checking path param 2026-01-03 08:57:54 +09:00
kevinpauer 705b54bf04 Feat/add watsonx fields (#18569) 2026-01-03 02:53:17 +05:30
Alex Gertz 3bd309f808 fix: return empty data array instead of 500 when no models configured (#18556)
- /v2/model/info now returns {"data": []} when llm_router is None or model_list is empty
- /model_group/info now returns {"data": []} when llm_model_list is None or empty
- Fixes UI crash on fresh installs with STORE_MODEL_IN_DB=True
- Added 4 unit tests for empty model list scenarios
2026-01-02 23:36:05 +05:30
Sameer Kankute 5ed83756eb Merge pull request #18583 from BerriAI/litellm_block_negative_budget
Add validation for negative budget
2026-01-02 21:52:15 +05:30
Sameer Kankute 233ba9d4b8 fix mock tests 2026-01-02 21:40:27 +05:30
YutaSaito e9365c496d Merge pull request #18580 from BerriAI/litellm_feat_support_metaurl_on_ui
feat: add UI support for configuring meta URLs
2026-01-02 17:54:26 +09:00
Lukas de Boer edc8413f1e Add Kubernetes ServiceAccount JWT authentication support (#18055)
* Allow get_nested_value dot notation to support escaping for Kubernetes JWT Support

* Add support for team and org alias fields, add docs, tests

* Fix lint issue with max statements in handle jwt logic
2026-01-02 14:02:31 +05:30
Yuta Saito 89ce8091bb fix: test 2026-01-02 16:32:33 +09:00