* fix(initial-commit): adding a way to get the right response type based on the api route
* feat(unified_guardrail.py): support streaming guardrails
* test: update tests
* fix: fix linting errors
* test: update tests
* test: add failing tests for organization budget enforcement bug
Add comprehensive tests exposing that organization-level budgets are
retrieved but never enforced during request authentication. Tests verify:
1. Basic org budget exceeded scenario (team under budget, org over)
2. Multiple teams collectively exceeding org budget
3. Organization budget fields exist but are never checked
4. Inconsistency between team budget enforcement (works) and org (doesn't)
Tests intentionally fail to document the bug. Will be fixed in next commit.
Related to organization_max_budget not being enforced in auth_checks.py
* fix: enforce organization budget in auth checks
Add organization budget enforcement to common_checks() in auth_checks.py.
Previously, organization_max_budget was retrieved from DB but never checked,
allowing teams to collectively exceed their organization's budget limit.
Changes:
- Add _organization_max_budget_check() function following team budget pattern
- Call org budget check after team budget check in common_checks()
- Add "organization_budget" to budget_alerts type literals
- Update tests to verify org budget is enforced
Budget hierarchy is now properly enforced:
Organization Budget (hard ceiling)
└─ Team Budget (sub-allocation)
└─ Team Member Budget (per-user within team)
└─ Key Budget (per-key)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: add organization_id to budget alerts, fix enum comparison and linting of newly added code
- Add organization_id field to CallInfo class for better alert context
- Include organization_id in budget alerts (token, soft, team, org)
- Fix event_group enum comparison (was comparing enum to string)
- Add OrganizationBudgetAlert class for organization budget alerting
- Add organization_budget to test parameterizations
- Apply Black formatting to slack_alerting.py
---------
Co-authored-by: Claude <noreply@anthropic.com>
* refactor(generic_guardrail_api.py): refactor to update to new guardrail api logic
* refactor: refactor llm api integrations to support passing in text as a list[str] instead of one at a time
* refactor: fix linting errors
* refactor: pass request type to guardrail api
allows request vs. response processing to occur
* feat: pass user api key dict information to the guardrail api
* fix: pass user api key dict information to the guardrail api
* feat: pass litellm call id + trace id, if present
* docs: update docs
Handle the case where metadata is explicitly set to null/None in the
request body. This was causing a 401 error with "'NoneType' object
has no attribute 'get'" when calling /v1/batches with metadata: null.
The fix uses `or {}` instead of a default dict value since the key
exists but has a None value.
* test: add failing tests for SSO user not added to Entra-synced teams bug
Adds tests reproducing the bug where new SSO users with teams=None
(from NewUserResponse) are not added to Entra ID synced teams because
add_missing_team_member() returns early when teams is None.
Tests demonstrate:
- NewUserResponse with teams=None fails to add user to teams (bug)
- LiteLLM_UserTable with teams=[] correctly adds user to teams (control)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: treat None as empty list in add_missing_team_member for new SSO users
Fixed bug where new SSO users logging in via Microsoft SSO were not added
to their Entra-synced teams. The issue was an early return when
user_info.teams is None (default for NewUserResponse). Now treats None
as an empty list so new users are properly added to all their SSO teams.
Location: litellm/proxy/management_endpoints/ui_sso.py:438-440
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
* fix: skip user budget/model validation for org-scoped teams
When creating a team with organization_id, budget and model constraints
should be validated against the organization's limits, not the user's
personal limits. This allows org admins with restrictive personal
budgets to create teams within their organization's more generous limits.
Adds 4 unit tests to verify:
- Org-scoped teams bypass user budget validation
- Org-scoped teams bypass user model validation
- Standalone teams still validate against user limits
* fix: enforce user budget/model limits for standalone teams in update_team
- Add user-level budget and model validation to update_team endpoint for standalone teams,
matching the existing pattern in new_team
- Org-scoped teams correctly bypass user validation and use organization limits instead
- Add 5 new comprehensive tests covering standalone/org team budget/model validation
* fix: Add direct TPM/RPM org limit validation and consolidate user team limit checks
- Add direct TPM/RPM comparison against org limits in _check_org_team_limits()
- Consolidate budget/models/TPM/RPM user validation into _check_user_team_limits() helper
- Ensure user limits only apply to standalone teams (organization_id=None)
- Org-scoped teams now validate TPM/RPM against org limits (not user limits)
- Add 8 tests for TPM/RPM validation scenarios (org and user limits)
- Reduce code duplication between new_team() and update_team()
* feat: allow fetching OIDC user info
* test: use test_auth_builder_with_oidc_userinfo_enabled gets user info when enabled
* fix tool permission doc
* docs fix diagram
* store and fetch lasso-conversation id from cache
* include gateway/v# in the baseUrl to allow simpler version migrations in the future
* add tests for cached conversation ID
* propagate model id on errors too
* make it work for messages and streaming
* fix
* cleanup
* cleanup
* final
* cleanup
* clean up method name and fix responses api streaming
* remove comment
* add prompt security guardrails provider
* cosmetic
* small
* add file sanitization and update context window
* add pdf and OOXML files support
* add system prompt support
* add tests and documentation
* remove print
* fix PLR0915 Too many statements (96 > 50)
* cosmetic
* fix mypy error
* Fix failed tests due to naming conflict of responses directory with same-named pip package
* Fix mypy error: use 'aembedding' instead of 'embeddings' for async embedding call type
* Fix: Install enterprise package into Poetry virtualenv for tests
The GitHub Actions workflow was installing litellm-enterprise to system Python
using 'python -m pip install -e .', but tests run in Poetry's virtualenv using
'poetry run pytest'. This caused ImportError for enterprise package types.
Changed to 'poetry run pip install -e .' so the package is available in the
same virtualenv where pytest executes.
Fixes enterprise test collection errors in GitHub Actions CI.
* Move Prompt Security guardrail tests to tests/test_litellm/
Per reviewer feedback, move test_prompt_security_guardrails.py from
tests/guardrails_tests/ to tests/test_litellm/proxy/guardrails/ so
it will be executed by GitHub Actions workflow test-litellm.yml.
This ensures the Prompt Security integration tests run in CI.
---------
Co-authored-by: Ori Tabac <oritabac@prompt.security>
Co-authored-by: Vitaly Neyman <vitaly@prompt.security>
* Add fallback in sort to prevent NoneType and str comparison
* Hide Default Team Settings from Proxy Admin Viewers
---------
Co-authored-by: Krish Dholakia <krrishdholakia@gmail.com>
yuneng-jiang