Commit Graph

6548 Commits

Author SHA1 Message Date
Ishaan Jaff c9cdce96fa feat(policy): test playground for AI policy suggestions (#21608)
* fix aviation safety topic filter: remove overly broad exceptions, add cockpit access block words

* fix airline brand protection filter: add identifier words, competitor/ops block words, tighten exceptions

* feat(policy): add POST /policy/templates/test endpoint for testing guardrails before creating them

* feat(ui): add testPolicyTemplate networking function

* feat(ui): add test playground to AI policy suggestion modal

* test(policy): add tests for POST /policy/templates/test endpoint
2026-02-19 14:09:20 -08:00
Ishaan Jaff 779c355f1e feat: add airline off-topic restriction policy template (#21607)
* fix aviation safety topic filter: remove overly broad exceptions, add cockpit access block words

* fix airline brand protection filter: add identifier words, competitor/ops block words, tighten exceptions

* feat: add airline off-topic restriction policy template

* feat: register airline off-topic restriction in policy templates backup

* test: add tests for airline off-topic restriction policy template

* fix: remove overly broad block words (explain, recommend, suggest, best) to reduce false positives

* test: add false-positive tests for recommend/explain airline queries
2026-02-19 13:45:59 -08:00
Ishaan Jaff e9a07347dc fix: reduce proxy overhead for large base64 payloads (#21594)
* fix aviation safety topic filter: remove overly broad exceptions, add cockpit access block words

* fix airline brand protection filter: add identifier words, competitor/ops block words, tighten exceptions

* add constants for large payload handling and detailed timing

* add base64 truncation for logging payloads

* use shallow copy for messages, track copy and callback timing

* add callback duration and detailed timing to response metadata

* add callback duration header, size-gate debug logging, detailed timing headers

* add tests for callback timing, base64 truncation, and detailed timing

* fix code quality: extract helpers, fix regex, clean up imports

* rewrite _truncate_base64_in_value iteratively to satisfy recursive detector
2026-02-19 12:10:52 -08:00
Ishaan Jaff b209b11522 feat: AI policy template suggestions (#21589)
* fix aviation safety topic filter: remove overly broad exceptions, add cockpit access block words

* fix airline brand protection filter: add identifier words, competitor/ops block words, tighten exceptions

* add example_sentences to all policy templates + topic-filtering and prompt-injection templates

* add policy_endpoints package with AI policy suggester

* update test patch targets for policy_endpoints package move

* add unit tests for AI policy suggester

* add suggestPolicyTemplates networking function

* add AI suggestion modal component

* add Use AI button and template loading callback to PolicyTemplates

* wire up AI suggestion modal in policies page

* fix policy_templates_backup.json path after package move

* add estimated_latency field to all policy templates

* use llm_router and accept model parameter in ai_policy_suggester

* add model param to suggest templates endpoint

* pass model param in suggestPolicyTemplates

* polish ai suggestion modal: model selector, auto-growing textareas, latency badges

* add template queue for processing multiple AI-suggested templates

* show template progress badge in guardrail selection modal
2026-02-19 12:00:26 -08:00
michelligabriele 16cfdccc7b fix(bedrock): add Accept header for AgentCore MCP server requests (#21551)
AgentCore MCP server endpoints require the Accept header to contain
both application/json and text/event-stream per the MCP specification
(Streamable HTTP transport). Without this header, requests are rejected
with a 406 Not Acceptable error (JSON-RPC code -32011).

Sets the Accept header at the top of sign_request() so both JWT/Bearer
and SigV4 authentication paths include it.
2026-02-19 11:35:14 -08:00
milan-berri 506d1dff43 fix: handle deprovisioning operations without path field (#21571)
* fix(scim): handle deprovisioning operations without path field

When SCIM providers send deprovisioning requests without a path field
(e.g., {"op": "replace", "value": {"active": false}}), the code was
storing the value under an empty string key in metadata.

This fix:
- Detects operations with no path where value is a dict
- Extracts and handles known fields like 'active' correctly
- Sets metadata["scim_active"] = false instead of metadata[""] = {"active": false}

Fixes: SCIM deprovisioning creating empty string keys in user metadata

* fix(scim): handle all known fields in operations without path

Extended the fix to handle all SCIM fields (not just active) when
operations have no path field:
- active -> scim_active
- displayName -> user_alias
- externalId -> user_id
- name.givenName/familyName -> scim_metadata

Added comprehensive test for multiple fields without path.

Addresses Greptile review feedback on RFC 7644 compliance.

* trigger PR update
2026-02-19 11:09:04 -08:00
yuneng-jiang c911cfbabf Merge remote-tracking branch 'origin' into litellm_key_last_active_tracking 2026-02-19 10:27:48 -08:00
Sameer Kankute 9f66a4c122 Fix test_reasoning_effort_dict_format_gemini_3 2026-02-19 22:14:20 +05:30
michelligabriele 053ee4826f fix(websearch_interception): fix pre_call_deployment_hook not triggering via proxy router (#21433)
* fix(websearch_interception): fix pre_call_deployment_hook not triggering via proxy router

Fix provider lookup (check top-level kwargs + fallback to get_llm_provider),
return full kwargs dict instead of partial, and use OpenAI-format tool definition.

* remove unnecessary inline import
2026-02-19 06:38:45 -08:00
Sameer Kankute ca34e9a3f9 Merge pull request #21543 from BerriAI/litellm_passthrough_endpoint_method
Add method based routing for passthrough endpoints
2026-02-19 19:34:04 +05:30
Sameer Kankute f2393fc9cb Merge main into litellm_passthrough_endpoint_method
Resolved conflicts in pass_through_endpoints.py by:
- Accepting main's formatting and mypy fixes
- Preserving branch's method support feature
- Preserving branch's default_query_params feature

Combined changes include:
- Method filtering for passthrough endpoints
- Default query parameters support
- Updated route key format to include methods
- Code formatting improvements from main
- Fixed type annotations

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-19 19:22:41 +05:30
Sameer Kankute 647e5237a7 Merge pull request #21555 from BerriAI/litellm_server_side_compaction_trans
[Feat] Add server side compaction translation from openai to anthropic
2026-02-19 19:14:37 +05:30
Sameer Kankute 8bcca905a7 Merge pull request #21539 from BerriAI/litellm_fix_azure_store_param
Fix: add stop param as supported for openai and azure
2026-02-19 19:12:43 +05:30
Sameer Kankute 1ad9d26c6f Merge pull request #21559 from BerriAI/fix_openai/bge-multilingual-gemma2
Fix usage in xai
2026-02-19 19:07:09 +05:30
Sameer Kankute 308cdb2720 Merge pull request #21557 from SherifWaly/sherif.waly/add-reasoning-multi-turn-hosted-vllm
Convert thinking_blocks to content blocks for hosted_vllm multi-turn
2026-02-19 18:56:09 +05:30
Sameer Kankute fc7fa73b6f Fix usage in xai 2026-02-19 18:48:30 +05:30
Sameer Kankute 0bea9c1dbc Merge pull request #21497 from SolitudePy/fix/github-provider-match-openai-metadata
fix: allow github aliases to reuse upstream model metadata
2026-02-19 18:30:33 +05:30
Sameer Kankute ea8c8ebc05 Merge pull request #21547 from ZeroAurora/remove-dashscope-str-transformation
fix: remove list-to-str transformation from dashscope
2026-02-19 18:20:06 +05:30
sherif.waly 5774c845d8 Convert thinking_blocks to content blocks for hosted_vllm multi-turn
For multi-turn conversations, convert thinking_blocks on assistant
messages into content blocks prepended before the rest of the content,
so reasoning context is passed back to the hosted_vllm API.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-19 12:25:18 +00:00
Sameer Kankute 02e10c9a74 Merge branch 'main' into litellm_server_side_compaction_trans 2026-02-19 16:45:53 +05:30
Sameer Kankute a52fc738af Add server side compaction translation from openai to anthropic 2026-02-19 16:44:35 +05:30
Harshit Jain 9a71ba3505 Merge pull request #21078 from Harshit28j/litellm_project_management_apis
Litellm project management apis
2026-02-19 14:26:11 +05:30
ZeroAurora 64c916b37b fix: remove list-to-str transformation from dashscope 2026-02-19 07:30:13 +00:00
yuneng-jiang 6097905e55 [Feature] Track key last active timestamp
Virtual keys only track created_at and updated_at, which don't indicate
when a key was last used. This adds a last_active field that gets updated
during the async batch spend update, giving admins visibility into which
keys are actively being used.

Changes:
- Add last_active DateTime? to VerificationToken and
  DeletedVerificationToken in all 3 schema files and Python types
- Set last_active in the batch key spend update alongside spend increment
- Add Last Active column to virtual keys UI table with info popover
  and hover tooltip showing full date/time with timezone

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-18 23:11:58 -08:00
Sameer Kankute 4e111d4372 Add test got method speicifc routing 2026-02-19 11:58:48 +05:30
yuneng-jiang 70d5281b52 Merge pull request #21537 from BerriAI/litellm_team_member_usage_permission
[Feature] Allow team members to view entire team usage
2026-02-18 22:01:13 -08:00
Sameer Kankute 44a68cf1c6 Fix: add stop param as supported for openai and azure 2026-02-19 11:26:38 +05:30
Ishaan Jaff 1a5133f229 Competitor guardrails: streaming discovery, variations, pre/post split (#21533)
* fix aviation safety topic filter: remove overly broad exceptions, add cockpit access block words

* fix airline brand protection filter: add identifier words, competitor/ops block words, tighten exceptions

* update policy templates with competitor pre/post guardrails and streaming enrichment

* sync policy_templates_backup.json with policy_templates.json

* add streaming enrichment endpoint, competitor variations, and model selection

* add streaming enrichPolicyTemplate networking function

* rewrite template parameter modal with streaming tags, AI/manual toggle, model selector

* update policies panel to pass enrichment options and show discovered competitors

* show discovered competitors as tags in guardrail selection modal

* use llm_router instead of litellm.acompletion, extract helpers, move constants

* validate competitors list size, cap variation prompt input

* add refinement instruction support for competitor discovery

* add instruction and existingCompetitors params to streaming enrichment

* add refinement input for iterating on competitor list with AI

* emit status events during variation generation so UI shows progress

* add onStatus callback to streaming enrichment

* show status spinner during variation generation, widen modal to 700px

* add tests for competitor enrichment helper functions
2026-02-18 21:39:19 -08:00
yuneng-jiang 528b21ad1d [Feature] Allow team members to view entire team usage
Add a new team member permission `/team/daily/activity` that allows
non-admin team members to see all team usage data, not just their own.

## Changes
- Add `TEAM_DAILY_ACTIVITY` to `KeyManagementRoutes` enum and available
  team member permissions
- Add `_team_member_has_permission` helper in `common_utils.py`
- Modify `/team/daily/activity` endpoint to skip API key filtering when
  the member has this permission
- Add permission description and method detection in the UI
- Add backend and frontend tests

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-18 21:38:40 -08:00
jquinter abc4603675 Merge pull request #21476 from BerriAI/fix/test-log-record-message-attr
fix(tests): use record.getMessage() instead of record.message for LogRecord
2026-02-19 02:21:54 -03:00
jquinter 2c1d2fa948 Merge pull request #21439 from BerriAI/fix/restore-default-internal-user-params
fix(test): restore default_internal_user_params to None instead of delattr
2026-02-19 02:19:10 -03:00
jquinter 53cfb93a06 Merge pull request #21536 from BerriAI/fix/mcp-test-failures-from-user-permissions
fix(tests): update MCP tests broken by user permissions commit (#21462)
2026-02-19 02:17:49 -03:00
Julio Quinteros Pro a9d3c49572 fix(tests): update MCP tests broken by user permissions commit (#21462)
Four tests were broken by commit e00c181f0c (Mcp user permissions #21462):

1. test_list_tools_single_server_unprefixed_names: The commit changed
   _get_tools_from_mcp_servers to always add server prefixes (add_prefix=True),
   removing the conditional that skipped prefixing for single servers.
   Updated assertion from "toolA" → "zapier-toolA".

2. test_mcp_get_prompt_success: mcp_get_prompt now extracts the server name
   from a prefixed prompt name via split_server_prefix_from_name(). Passing
   unprefixed "hello" returns server_name="" which matches no server → 403.
   Updated call to use "server_a-hello" so the server lookup succeeds.

3. test_e2e_jwt_team_mcp_permissions_enforced &
4. test_e2e_jwt_team_mcp_key_intersection:
   The commit replaced `from typing import List` with
   `from litellm.proxy.proxy_server import general_settings` in
   MCPRequestHandler.get_allowed_mcp_servers(). Both tests mock
   litellm.proxy.proxy_server with a types.ModuleType that lacked
   general_settings, causing ImportError. Added general_settings={} to
   both mock modules.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-19 02:09:11 -03:00
jquinter d106393394 Merge pull request #21505 from BerriAI/fix/spend-test-model-cost-contamination
fix(tests): restore litellm.model_cost after TestPriceDataReloadIntegration tests
2026-02-19 02:06:13 -03:00
jquinter 01ff53822c Merge pull request #21440 from BerriAI/fix/langfuse-test-sys-modules-mock
fix: prevent sys.modules["langfuse"] import failures in langfuse unit tests
2026-02-19 01:47:07 -03:00
Julio Quinteros Pro 063238a789 chore: resolve merge conflict with main
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-19 01:46:13 -03:00
Julio Quinteros Pro 68b83b1376 fix(tests): restore litellm.model_cost after TestPriceDataReloadIntegration tests
test_complete_reload_flow and test_distributed_reload_check_function both
trigger code paths that assign a minimal stub dict to litellm.model_cost
(via the /reload/model_cost_map endpoint and _check_and_reload_model_cost_map).
Without restoring, subsequent tests in the same worker can't find gpt-4o
pricing and calculate spend=0.0 instead of the expected value.

Added try/finally save-and-restore of litellm.model_cost in both tests,
matching the pattern used in test_reload_model_cost_map_admin_access.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-19 01:42:48 -03:00
Harshit Jain 66ce7513f6 Merge branch 'main' into litellm_project_management_apis 2026-02-19 08:40:12 +05:30
Sameer Kankute 51146c4c94 Fix:test_anthropic_messages_with_all_beta_headers 2026-02-19 08:35:38 +05:30
Krish Dholakia e00c181f0c Mcp user permissions (#21462)
* feat(schema.prisma): add object permissions for end users

allows controlling if end user can call specific mcp servers

* feat: cleanup for customer_endpoints support of object permission id

* fix: cleanup str

* feat(customers/): enforce end user can only call allowed mcps - if configured

* docs: document customer/end user object permission usage

* feat: enforce end user permissions on MCP tool calls

This commit implements end user permission enforcement for MCP servers:

1. Always add server prefixes to MCP tool names
   - Removed conditional logic that only added prefixes when multiple servers existed
   - Now always adds server prefix for consistent tool naming across all scenarios
   - Updated 5 locations in server.py (list_tools, get_prompts, get_resources,
     get_resource_templates, get_prompt)

2. Created MCP End User Permission Guardrail Hook
   - New guardrail hook: litellm/proxy/guardrails/guardrail_hooks/mcp_end_user_permission.py
   - Runs on post_call to validate tool calls in LLM responses
   - Extracts MCP server name from tool names (splits on first '-')
   - Checks if end_user_id has permissions for the MCP server
   - Raises GuardrailRaisedException if end user lacks permission
   - Supports both streaming and non-streaming responses

3. Added comprehensive tests
   - Test file: tests/test_litellm/proxy/guardrails/guardrail_hooks/test_mcp_end_user_permission.py
   - Tests cover: authorized/unauthorized tools, non-MCP tools, no end_user scenarios
   - Tests permission checking logic and exception raising

The hook integrates with the existing MCPRequestHandler._get_allowed_mcp_servers_for_end_user
to fetch end user permissions and enforce access control at the response level.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* refactor: remove redundant add_prefix variable assignments

Simplified the code by removing intermediate `add_prefix` variable
assignments and passing `True` directly to function calls since
we now always add server prefixes.

Changes:
- Removed `add_prefix = True` variable assignments in 5 locations
- Changed `add_prefix=add_prefix` to `add_prefix=True` in function calls
- Added inline comments to clarify the behavior

This makes the code more concise and clearer in intent.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* feat(auth_utils.py): support safety_identifier as a valid way of passing the end user id for responses api

* feat(llms): ensure 'tools' is correctly updated for responses api

* fix: fix greptile feedback

* feat: transformation.py

proper responses api tool handling for guardrail translation layer

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-18 18:53:59 -08:00
Krish Dholakia a385126a7c Litellm dev compliance UI (#21457)
* feat(ui/): initial commit adding a compliance testing playground

allow proxy admins to test policies and guardrails against datasets

* feat(ui/): make score more friendly

* feat(policy_endpoints.py): new helper function for testing policies

* feat(policy_endpoints.py): expose new endpoint for testing policies and guardrails

enables compliance playground to work as expected

* feat(complianceui.tsx): show returned text
2026-02-18 18:22:43 -08:00
Ishaan Jaff 323aed7211 fix: CI failures - missing env key doc + streaming test (#21510)
* docs: add DATABRICKS_API_KEY to environment settings reference

* fix: streaming test usage check on Pydantic model

* fix: mock litellm.proxy.proxy_server in test_skip_server_startup
2026-02-18 18:20:32 -08:00
yuneng-jiang 2c6095bdf2 Merge pull request #21511 from BerriAI/litellm_store_model_in_db_from_database
[Feature] Allow store_model_in_db to be set via database
2026-02-18 17:43:56 -08:00
yuneng-jiang 64fe3a502e Merge pull request #21503 from BerriAI/litellm_sso_role_map
fix(sso): preserve SSO role regardless of role_mappings config
2026-02-18 17:31:49 -08:00
yuneng-jiang 6356db560d [Feature] Allow store_model_in_db to be set via database
Users had to set store_model_in_db in the config YAML and restart the proxy,
causing service downtime. This change allows the value to be written to the
LiteLLM_Config table and read from the database at runtime, with DB values
overriding config file values.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-18 17:25:39 -08:00
Shivam Rawat 9ceaa2cbb0 tests and route permissions (#21508) 2026-02-18 16:58:38 -08:00
Ishaan Jaff 6486db3646 fix: improve streaming proxy throughput by fixing middleware and logging bottlenecks (#21501)
* fix(middleware): replace BaseHTTPMiddleware with pure ASGI middleware

BaseHTTPMiddleware wraps streaming responses with receive_or_disconnect
per chunk, blocking the event loop and causing severe throughput
degradation under concurrent streaming load (53% of CPU in profiling).

Converts PrometheusAuthMiddleware to a pure ASGI middleware using the
__call__(scope, receive, send) protocol.

* fix(streaming): remove expensive debug logging and optimize usage stripping

- Remove print_verbose calls that format chunk/response Pydantic objects,
  triggering millions of __repr__ calls (8% of CPU in profiling)
- Guard remaining verbose_logger.debug with isEnabledFor(DEBUG) and use
  lazy %s formatting instead of f-strings
- Replace usage stripping round-trip (model_dump + delete + reconstruct)
  with a _usage_stripped flag, deferring exclusion to serialization time

* fix(proxy): remove per-chunk debug log and use _usage_stripped flag

- Remove verbose_proxy_logger.debug that formatted every streaming chunk
- Honor _usage_stripped flag from streaming handler to exclude usage
  during model_dump_json serialization instead of reconstructing objects

* fix(proxy): remove per-chunk debug log in async_data_generator

Remove verbose_proxy_logger.debug that formatted every streaming chunk,
which triggered expensive Pydantic serialization on the hot path.

* fix indentation and add clarifying comment for usage stripping

* fix: guard calculate_total_usage against None usage in chunks

* fix: store chunk copy to preserve usage for calculate_total_usage
2026-02-18 16:16:49 -08:00
yuneng-jiang e445694a40 fix(sso): preserve SSO role regardless of role_mappings configuration
When `default_internal_user_params` was set, `insert_sso_user()` only
preserved SSO-provided roles if `role_mappings` was explicitly configured.
Roles from other valid SSO sources (Microsoft app_roles,
GENERIC_USER_ROLE_ATTRIBUTE, custom SSO handlers) were silently
overwritten with the default "internal_user" role, causing admin users
to be downgraded on first login or after user deletion.

Replace the `role_mappings_configured` gate with `_should_use_role_from_sso_response()`
which validates the role is a recognized LitellmUserRoles value regardless
of origin. Also removes an unnecessary DB round-trip to litellm_ssoconfig
on every new SSO user creation.

Fixes: admin users seeing internal-user UI after SSO login
Fixes: test_get_redirect_url_for_sso flaking due to local env vars

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-18 15:24:18 -08:00
Julio Quinteros Pro db615cd721 chore: resolve merge conflict with main
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-18 19:10:36 -03:00
Julio Quinteros Pro 5fe1dd3ec8 fix(tests): restore initialized_langfuse_clients counter after test
Save and restore litellm.initialized_langfuse_clients around
test_max_langfuse_clients_limit to prevent ordering-dependent failures
in other tests that rely on the counter's value.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-18 19:09:35 -03:00