Commit Graph
37607 Commits
Author SHA1 Message Date
shin-berriandGitHub b6fdd46636 Merge pull request #26270 from BerriAI/litellm_/lucid-kowalevski-de832f
[Fix] Stabilize flaky spend accuracy tests + patch Redis buffer data-loss path
2026-04-22 15:02:24 -07:00
shin-berriandGitHub 8340f6fc47 Merge pull request #26261 from BerriAI/litellm_code_quality_to_gha
[Infra] Migrate more CI jobs from CircleCI to GitHub Actions
2026-04-22 14:37:25 -07:00
yuneng-jiangandGitHub 41145e2205 Merge pull request #26266 from BerriAI/litellm_bedrock_guardrail_spend_logging_reapply
fix(proxy): Bedrock guardrail spend logs - hook mode, match redaction, streaming request_data
2026-04-22 14:32:10 -07:00
Yuneng Jiang 3f42295d93 [Fix] Satisfy mypy on spend buffer restore helper
The daily queue parameter types on _restore_spend_updates_to_in_memory_queues
were narrowed to specific subtypes (DailyUserSpendTransaction, etc), but
the caller passes Dict[str, BaseDailySpendTransaction] — the return type
of flush_and_get_aggregated_daily_spend_update_transactions. Widen the
parameters to the base type.

Also replace dynamic TypedDict key lookup (which returned object) with
explicit literal-keyed get() calls so mypy can type-narrow each field.
2026-04-22 14:31:25 -07:00
Milan 3df9780c02 fix(core_helpers): make redact_nested_match_and_regex_keys iterative
Replace recursive `_walk` helper with a stack-based traversal so the
recursive_detector CI check passes without adding to the ignore list,
and avoid Python recursion limits on deeply nested payloads.

Made-with: Cursor
2026-04-23 00:12:30 +03:00
Yuneng Jiang 288d403529 [Fix] Preserve in-memory spend updates when Redis rpush fails
store_in_memory_spend_updates_in_redis drained the in-memory queues
into local variables before the rpush pipeline. If rpush raised (cloud
Redis hiccup, timeout, connection blip), those already-drained
transactions were garbage-collected with the scheduler job, silently
losing all spend aggregated during that tick.

Wrap the rpush in try/except. On failure, re-enqueue the aggregated
transactions into their respective in-memory queues so the next
scheduler tick retries.

Add a unit test that seeds real queues, simulates an rpush failure,
and asserts the transactions land back in-memory.
2026-04-22 14:10:40 -07:00
Yuneng Jiang 5445297da9 [Fix] Stabilize flaky spend accuracy tests with local ground truth
Replace the calibration step (one request + 10-minute poll) with an
independent ground truth computed from response usage via
litellm.cost_per_token. All N requests are made up front, so a single
dropped Redis write no longer kills the test.

Add /health/readiness checks at test start and on poll timeout so the
failure message surfaces proxy state (db, cache) instead of "calibration
timed out".

Set PROXY_BATCH_WRITE_AT=2 in the spend tracking CI job to shorten the
scheduler flush window.
2026-04-22 13:45:00 -07:00
Yuneng Jiang 1b74c35b89 [Infra] Move non-API-key CCI jobs to GitHub Actions
Principle: GHA handles work that doesn't need external API keys; CCI
stays for integration tests that hit real API endpoints.

Four CCI jobs moved to new or extended GHA workflows:

1. check_code_and_doc_quality (was 25 runs: ruff + import-safety +
   21 code_coverage_tests + 3 documentation_tests + circular-imports).
   - The 21 tests/code_coverage_tests/*.py scripts and the 3
     tests/documentation_tests/*.py scripts run in the new
     .github/workflows/test-code-quality.yml workflow.
   - ruff, import-safety, and circular-imports were already run by
     .github/workflows/test-linting.yml — no new migration needed.
   - The 3 documentation_tests scripts read
     docs/my-website/docs/proxy/config_settings.md. Since docs have
     moved to BerriAI/litellm-docs, the GHA workflow checks out that
     repo and symlinks docs/my-website -> the checkout so the
     existing hardcoded paths resolve without touching the scripts.
     The stale local docs/my-website/ copy in this repo will be
     removed in a separate PR.

2. semgrep (custom-rule SAST against .semgrep/rules).
   - New .github/workflows/test-semgrep.yml.

3. installing_litellm_on_python + installing_litellm_on_python_3_13
   (pip install compat checks on Python 3.12 and 3.13).
   - New .github/workflows/test-install-litellm.yml as a matrix job.
   - 3.12 run also verifies litellm_enterprise import; 3.13 run
     skips that check (matches previous CCI behavior).
   - installing_litellm_on_python_v2_migration_resolver stays in CCI
     because it requires a postgres service.

CCI .circleci/config.yml: -112 lines, 4 jobs and their workflow refs
removed.
2026-04-22 13:38:00 -07:00
Milan 9577d87158 fix(proxy): guardrail header dedupe, mypy during_call, test mock kwargs
- Dedupe names in add_guardrail_to_applied_guardrails_header (matches policies).
- Inline unified during_call condition so mypy narrows UserAPIKeyAuth.
- Extend bedrock guardrails test mock for logging_event_type.

Made-with: Cursor
2026-04-22 23:22:35 +03:00
Milan ec735074a2 fix(proxy): reapply Bedrock guardrail spend logging (#25854)
Restore guardrail spend/UI event_type wiring, request_data on streaming
OUTPUT paths, and centralized match redaction after the upstream revert.

Made-with: Cursor
2026-04-22 23:00:45 +03:00
shin-berriandGitHub c95cac5d46 Merge pull request #26226 from BerriAI/litellm_/stoic-shamir-0ab13f
[Infra] CircleCI config cleanup and consolidation
2026-04-22 12:06:59 -07:00
yuneng-jiangandGitHub fc4fe34512 Merge pull request #26201 from BerriAI/litellm_prismaCacheRuntime
[Fix] Docker: restore pre-uv Prisma cache path
2026-04-22 11:33:27 -07:00
yuneng-jiangandGitHub 24aec61e4b Merge pull request #26049 from BerriAI/litellm_adaptive_routing
Litellm adaptive routing
2026-04-22 08:52:51 -07:00
Yuneng Jiang 61fd4e985e [Infra] CCI config cleanup — dead step, filter dupe, cache keys, machine image
Follow-up cleanup after an independent review pass surfaced a few
loose ends:

- Delete a 6x-duplicated filter block in litellm_mapped_tests_proxy_part2
  (same kind of copy-paste residue we fixed earlier in
  langfuse_logging_unit_tests).
- Delete the empty "Install Semgrep" run step in the semgrep job — the
  command body was empty because semgrep is installed on-demand via
  uv tool run in the next step.
- Standardize machine-executor image: one job was on ubuntu-2204:2023.10.1
  while build_docker_database_image was already on ubuntu-2204:2024.04.1.
  Bumped everything to 2024.04.1.
- Remove the legacy "version: 2" inside the workflows: block — CircleCI
  2.1 top-level already declares the version.
- Drop `{{ checksum ".circleci/config.yml" }}` from cache keys (13 sites).
  It was busting the cache on every unrelated config edit; the uv.lock
  checksum alone is the right dependency cache key.
- Add partial-restore fallbacks to every restore_cache with a single
  templated key (10 sites). Jobs now fall back to the latest cache with
  a matching prefix if the exact uv.lock hash isn't cached yet.

Net: -14 lines.
2026-04-21 23:31:01 -07:00
Yuneng Jiang 0a65d2c535 [Infra] Standardize default Python to 3.12 and remove miniconda setup
Docker-executor jobs:
- Consolidate base images on cimg/python:3.12. Jobs previously on
  3.11 (26 jobs), 3.9 (1 historical: upload-coverage), and an
  incidental 3.13.1 (litellm_assistants_api_testing) now use 3.12.
- installing_litellm_on_python_3_13 keeps cimg/python:3.13.1 as its
  explicit "latest Python supported" install-check matrix job.

Machine-executor jobs:
- Delete the miniconda install step from 10 jobs. uv now manages
  Python directly: uv sync --python 3.12 auto-downloads a
  python-build-standalone interpreter if the ubuntu-2204 base
  image's default python doesn't match.
- Remove 37 "if [ -f conda.sh ]; then conda activate myenv" wrappers
  and 2 unconditional conda activate blocks left behind from the
  conda days.
- proxy_build_from_pip_tests keeps its 3.13 target (it was
  conda create -n myenv python=3.13) via uv sync --python 3.13.

Net: -301 lines.
2026-04-21 23:19:21 -07:00
Yuneng Jiang 344be27e83 [Refactor] Add start_postgres reusable command and migrate call sites
Add a start_postgres command parameterized on db_name (default
circle_test) that runs the postgres-db container and waits for port
5432 to accept connections. Replace all 11 inline docker run /
wait_for_service blocks with a single - start_postgres call.

The helm chart test overrides db_name to litellm_test; everything
else uses the default.

One of the 11 sites previously used a bespoke pg_isready loop instead
of wait_for_service; it now goes through the same TCP-probe path
everyone else uses, which is sufficient for test ordering purposes.

Net: -112 lines.
2026-04-21 23:14:46 -07:00
Yuneng Jiang f490340a52 [Refactor] Add install_uv reusable command and migrate all call sites
Add a single install_uv command in the commands: section that encodes
the uv version (0.10.9) and its SHA256 in one place, then replace all
42 inline curl|sha256|install blocks across every job that needs uv.

setup_litellm_test_deps now calls install_uv too, so the shared
test-dep bootstrap goes through the same path.

Bumping uv version or SHA is now a one-line change instead of 43.

Net: -203 lines.
2026-04-21 23:13:42 -07:00
Yuneng Jiang 439bbd223b [Infra] Clean up unused CCI jobs and pin docker images by digest
- Remove mypy_linting job (GHA test-linting.yml already runs this)
- Remove three redundant "Install curl" apt-get steps (curl is
  already present on the ubuntu-2204 machine image and used
  successfully earlier in each affected job)
- Dedupe langfuse_logging_unit_tests filter block (6x copy of the
  same two branch filters collapsed to 1)
- Pin all docker image references by @sha256 digest so builds stay
  reproducible when upstream tags are updated:
  cimg/python:3.9, 3.11, 3.12, 3.12-browsers, 3.13.1, cimg/node:20.19,
  cimg/postgres:16.0, and postgres:14 used via docker run

Net: -62 lines, 49 image references pinned.
2026-04-21 23:09:41 -07:00
0e42d4cb08 April 21st Ishaan Branch (#26213)
* fix(otel): preserve Splunk Observability Cloud trace OTLP endpoint (#26183)

* fix(otel): preserve Splunk Observability Cloud trace OTLP URL

Splunk ingest uses /v2/trace/otlp; _normalize_otel_endpoint must not append /v1/traces.

- Return trace endpoints unchanged when they match Splunk OTLP path patterns
- Add unit tests for observability.splunkcloud.com, signalfx.com, and /trace/otlp suffix
- Set OTEL_EXPORTER_OTLP_PROTOCOL in protocol selection tests (from_env precedence over OTEL_EXPORTER)

Made-with: Cursor

* test(otel): use parameterized.expand for Splunk OTLP URL cases

Made-with: Cursor

* fix(otel): narrow Splunk trace URL guard to /v2/trace/otlp only

Made-with: Cursor

* test(otel): cover OTEL_EXPORTER fallback when OTLP protocol env unset

Made-with: Cursor

* Add Openrouter Opus 4.7 Entry (#26130)

---------

Co-authored-by: milan-berri <milan@berri.ai>
Co-authored-by: Matt Greathouse <matt5316@gmail.com>
2026-04-21 20:18:56 -07:00
ishaan-berriandGitHub e6897f5510 add moonshot/kimi-k2.6 to model registry (#26203)
* add moonshot/kimi-k2.6 to model registry

* add moonshot/kimi-k2.6 to backup model registry

* add tests for moonshot/kimi-k2.6 model registry

* fix moonshot/kimi-k2.6 pricing and add reasoning support

* fix moonshot/kimi-k2.6 pricing and add reasoning support in backup

* update kimi-k2.6 tests: fix pricing, add tool_choice and reasoning checks

* fix: load kimi-k2.6 registry tests from local backup instead of remote cost map
2026-04-21 19:58:43 -07:00
shin-berriandGitHub 09cd7e383e Merge pull request #26211 from BerriAI/litellm_internal_staging
[Infra] Promote internal staging to main
v1.83.11-nightly
2026-04-21 18:57:59 -07:00
yuneng-jiangandGitHub eebb80fbef Merge pull request #26208 from BerriAI/litellm_individual-team-member-budgets
Litellm individual team member budgets
2026-04-21 18:38:00 -07:00
yuneng-jiangandGitHub e3ed136f52 Merge pull request #26209 from BerriAI/yj_bump_apr21_2
[Infra] Bump version
2026-04-21 18:29:41 -07:00
Yuneng Jiang e65d547c4d adding uv lock 2026-04-21 18:10:47 -07:00
Yuneng Jiang 5837d4a9ac bump: version 1.83.10 → 1.83.11 2026-04-21 18:10:31 -07:00
Krrish DholakiaandClaude Opus 4.7 e50f945ef7 refactor(adaptive_router): move update_queue out of litellm.proxy
P1 review: adaptive_router.py had a top-level import of
AdaptiveRouterUpdateQueue from litellm.proxy.db, which broke the
SDK/proxy boundary that every other router strategy respects. No
other router_strategy module imports from litellm.proxy at module
level.

The queue only depends on litellm._logging — it never needed to
live under litellm.proxy. Moved:

  litellm/proxy/db/db_transaction_queue/adaptive_router_update_queue.py
  → litellm/router_strategy/adaptive_router/update_queue.py

  tests/test_litellm/proxy/db/db_transaction_queue/
    test_adaptive_router_update_queue.py
  → tests/test_litellm/router_strategy/adaptive_router/test_update_queue.py

Also switched the queue's logger from verbose_proxy_logger to
verbose_router_logger to match the new module's ownership.

P2 review: drop unused constant STAGNATION_JACCARD_EXACT from
config.py — it was defined but never referenced.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 18:02:44 -07:00
shivam 5770af0068 Merge branch 'litellm_internal_staging' into litellm_individual-team-member-budgets 2026-04-21 17:59:29 -07:00
shivam 27a105bcf9 fix: give each team member an independent budget instead of sharing the team default
Previously, members added to a team without an explicit per-member budget were
all linked to the same `litellm_budgettable` row referenced by the team's
`metadata.team_member_budget_id`. Updating one member's budget via
`/team/member_update` mutated the shared row and silently changed every other
member's budget too.

Now both write paths produce a private, per-member budget:

- `add_new_member` clones the team's default budget into a fresh row when a
  member is added without `max_budget_in_team`/`allowed_models`. If no team
  default exists, the membership is created with no budget.
- `_upsert_budget_and_membership` detects when an existing membership still
  points at the team's default budget id and clones-on-write, relinking the
  membership to the new private budget before applying the update.
- `team_member_update` reads `team_member_budget_id` from team metadata and
  passes it through so the helper can make this distinction.

Adds unit tests for clone-on-write, in-place update of a private budget, and
the no-default-no-budget add path.

Made-with: Cursor
2026-04-21 17:58:50 -07:00
Krrish Dholakia 1965c67e8f style: black format signals.py 2026-04-21 17:56:49 -07:00
Krrish DholakiaandClaude Opus 4.7 37fc6f623b fix(adaptive_router/signals): rename 'args' to 'call_args' in _signature
The prevent_key_leaks_in_exceptions CI check forbids '{args}' in
f-strings because it's a common shape for accidental API key leaks
in exception messages. _signature() uses an entirely local variable
named 'args' for tool-call arguments (loop-detection signatures, no
exception path), but the grep is substring-based. Rename to 'call_args'.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 17:54:31 -07:00
yuneng-jiangandGitHub d9494b6990 Merge pull request #26144 from BerriAI/litellm_post_call_non_streaming
fix(bedrock_guardrails): use Bedrock OUTPUT source for apply_guardrail when scanning model responses
2026-04-21 17:50:16 -07:00
Krrish DholakiaandClaude Opus 4.7 f1da202d9e fix(adaptive_router): P1 flusher hot-reload + P2 hook accumulation + CI
P1: start the adaptive-router flusher loop unconditionally at proxy boot
instead of gating on 'adaptive_routers is non-empty'. Adaptive routers
added via /config/reload after boot now have their queues drained.
State is lazy-loaded per router on first flush tick (new _state_loaded
flag on AdaptiveRouter) so hot-reloaded routers still get their
persisted priors.

P2: _finalize_adaptive_router_if_configured now prunes stale
AdaptiveRouterPostCallHook callbacks from every litellm callback list
before registering new ones. Without this, every Router replacement
left the old hooks wired up in litellm.callbacks and double-fired
signal recording for every request. Uses
logging_callback_manager.remove_callbacks_by_type (same pattern as the
semantic tool filter).

CI fixes:
- black --check failure: reformatted litellm/router.py
- schema migration diff: aligned @@index with the explicit index name
  ('idx_adaptive_router_session_activity') from the original migration
  by adding 'map:' to all three schema.prisma copies. No new migration
  needed.

Tests: 1 new covering the prune-on-hot-reload path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 17:49:38 -07:00
yuneng-jiangandGitHub 5dc2926a1e Merge pull request #26194 from BerriAI/litellm_fix_migration_thrashing
[Feature] Proxy: opt-in v2 migration resolver
2026-04-21 16:55:54 -07:00
yuneng-jiangandGitHub 93cb0657d7 Merge pull request #26197 from BerriAI/litellm_yj_apr20
[Infra] Merge dev branch
2026-04-21 16:55:00 -07:00
Krrish DholakiaandClaude Opus 4.7 ecd9a83e61 fix(adaptive_router): P2 review items — @updatedAt + snapshot samples
- Mark last_updated_at (AdaptiveRouterState) and last_activity_at
  (AdaptiveRouterSession) with @updatedAt so Prisma refreshes the
  timestamps on every write. Without this the fields stayed frozen at
  INSERT time and the last_activity_at index was misleading for any
  future TTL/eviction logic. Applied to all three schema.prisma copies;
  no migration SQL change needed (Prisma @updatedAt is a client-side
  annotation that doesn't touch DDL).

- get_state_snapshot: report cell.total_samples instead of alpha+beta
  for the 'samples' field. The previous value inflated every cell by
  the COLD_START_MASS prior (e.g. showed 10.0 before any real traffic
  arrived), which confused operators reading /adaptive_router/.../state.
  Updated docs + the snapshot test to match.

Also fixes two pre-existing merge-break syntax errors in router.py
(missing ')' on the AdaptiveRouter TYPE_CHECKING import; truncated
async_pre_routing_hook dispatch call for the adaptive router branch)
that were masking the rest of the file from the interpreter.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 16:27:01 -07:00
Krrish DholakiaandGitHub c7342bdc4f Merge branch 'litellm_internal_staging' into litellm_adaptive_routing 2026-04-21 16:22:38 -07:00
Yuneng Jiang 220a5acbcc Merge remote-tracking branch 'origin/litellm_internal_staging' into litellm_prismaCacheRuntime 2026-04-21 16:21:13 -07:00
Yuneng Jiang 8d52b1edd1 Merge remote-tracking branch 'origin/litellm_internal_staging' into litellm_yj_apr20 2026-04-21 16:21:10 -07:00
Yuneng Jiang 2b8b9502d9 [Fix] v2 resolver: swallow non-connection DB errors; wrap resolve failures
Addresses two further Greptile findings:

- `_warn_if_db_ahead_of_head` only caught `psycopg.OperationalError`.
  Non-connection DB errors (e.g. `InsufficientPrivilege` / 42501 if the
  runtime DB user lacks SELECT on `_prisma_migrations`) would propagate
  uncaught and crash startup — contradicting the docstring's
  "informational only, never blocks" guarantee. Widen the catch to
  `psycopg.DatabaseError` so all DB-layer errors are swallowed.

- In the P3009 and P3018 idempotent-recovery paths, the call to
  `_resolve_specific_migration(name)` was not wrapped in its own
  try/except. Being inside an active `except CalledProcessError`
  handler, a new `CalledProcessError` from the resolve call would NOT
  re-enter the same handler — it would propagate out as
  `CalledProcessError`, past `proxy_cli.py`'s `except RuntimeError`,
  crashing startup with an unhandled traceback instead of the intended
  clean `sys.exit(2)`. Wrap both call sites to convert to RuntimeError.

Adds unit tests for both behaviors.
2026-04-21 15:53:07 -07:00
Yuneng Jiang ce755048e5 Docker: drop env overrides from builder, COPY /root/.cache to runtime
Follow-up on review feedback: the previous commit had the builder
download the query engine into /app/.cache, then threw it away in
the runtime stage and re-downloaded into /root/.cache. That doubled
the build-time network fetch.

Remove PRISMA_BINARY_CACHE_DIR and XDG_CACHE_HOME from the builder
stage as well, so its prisma generate lands in /root/.cache with the
correct path layout on its own. Drop the runtime-stage prisma generate
and instead COPY --from=builder /root/.cache /root/.cache. Single
download, smaller image.
2026-04-21 15:46:47 -07:00
ishaan-berriandGitHub a302613eb5 feat(bedrock): add support for bedrock-mantle endpoint (Claude Mythos Preview) (#26196)
* add anthropic.claude-mythos-preview to model_prices_and_context_window.json

* add mantle route to bedrock common_utils: route detection, chat config, messages config dispatch

* add AmazonMantleConfig for bedrock/mantle /chat/completions endpoint

* add AmazonMantleMessagesConfig for bedrock/mantle /messages endpoint

* register AmazonMantleMessagesConfig in __init__.py and lazy imports registry

* add unit tests for bedrock mantle route and config dispatch

* add e2e tests for bedrock mantle: URL, body, SigV4 header, region routing
2026-04-21 15:41:58 -07:00
Yuneng Jiang 9049f37864 [Fix] v2 migration resolver: address Greptile review findings
- Open the psycopg connection in `_warn_if_db_ahead_of_head` with
  autocommit=True. Without it, psycopg3's `with conn` calls COMMIT on
  clean exit, which fails after the `UndefinedTable` (fresh-DB) branch
  left the transaction in an aborted state — crashing first-run startups.

- Wrap the v2 `prisma db push` path in try/except and raise RuntimeError
  on CalledProcessError/TimeoutExpired. Otherwise these propagate past
  proxy_cli.py's `except RuntimeError` as unhandled tracebacks.

- Reword the loop-exhaustion error to cover the non-timeout exit path
  (repeated P3005/P3009/P3018 idempotent-recovery `continue`s), not
  just persistent timeouts.

Adds a unit test for the db_push error wrapping.
2026-04-21 15:34:24 -07:00
Yuneng Jiang 731c549876 [Fix] Docker: restore pre-uv Prisma cache path for /app/.cache mounts
The uv migration added PRISMA_BINARY_CACHE_DIR=/app/.cache/... and
XDG_CACHE_HOME=/app/.cache to the runtime stages of Dockerfile and
Dockerfile.database. BINARY_PATHS in the generated prisma client was
baked to point into /app/.cache, so any deployment that mounts a volume
there (common with securityContext.readOnlyRootFilesystem: true and an
emptyDir/tmpfs for a writable cache) wipes the pre-downloaded query
engine at pod startup, producing BinaryNotFoundError during connect().

Before the uv migration, prisma-python defaulted to $HOME/.cache =
/root/.cache (runtime stage runs as root), which was unaffected by any
/app/* volume mounts. Restore that behaviour: drop the env vars from
the runtime stage, re-run prisma generate there so the query engine
AND the baked BINARY_PATHS both land in /root/.cache, and remove the
stale builder-stage /app/.cache (~800 MB).

Dockerfile.non_root is intentionally left alone — its /app/.cache
location is by design for the hardened offline-install flow.
2026-04-21 15:30:42 -07:00
ishaan-berriandGitHub 8a4a775b1b fix(logging): add litellm_call_id to StandardLoggingPayload and OTel span (#26133)
* add litellm_call_id field to StandardLoggingPayload

* populate litellm_call_id in get_standard_logging_object_payload

* emit litellm.call_id span attribute in OTel integration

* test: litellm_call_id is present in StandardLoggingPayload

* test: litellm.call_id emitted as OTel span attribute

* test: allow litellm. prefix attributes in redacted span validator
2026-04-21 15:24:32 -07:00
Yuneng Jiang 88b1823f51 [Test] Fix setup_database call-signature assertions for v2 flag
Existing tests pinned exact kwargs on `PrismaManager.setup_database`,
but the opt-in v2 resolver added `use_v2_resolver=False` to every call.
Update the three assertions to reflect the new signature.

Fixes:
- TestHealthAppFactory::test_use_prisma_db_push_flag_behavior
- TestHealthAppFactory::test_startup_fails_when_db_setup_fails
2026-04-21 14:45:29 -07:00
yuneng-jiangandGitHub 7752683e4b Merge pull request #26185 from BerriAI/litellm_/interesting-wright-958880
[Infra] Add freshness and destructive guards to migration workflow
2026-04-21 14:42:17 -07:00
Yuneng Jiang ee550e1949 [Test] CI: add v2 migration resolver coverage with local Postgres
Adds end-to-end CI coverage for `--use_v2_migration_resolver` via a new
job `installing_litellm_on_python_v2_migration_resolver`:

- Clones the pytest smoke path from `installing_litellm_on_python` but
  uses a local Postgres sidecar instead of the shared DB to prevent
  collisions with the v1 variant.
- Runs only the new `test_litellm_proxy_server_config_no_general_settings_v2_resolver`
  which spawns the proxy with `--use_v2_migration_resolver` and smoke-tests
  `/health/liveliness` and `/chat/completions`.

Refactors `test_basic_python_version.py`:

- Extracts the proxy spawn + smoke-test body into `_run_proxy_server_smoke_test`
  so the v1 and v2 tests share the same code path.
- The existing `test_litellm_proxy_server_config_no_general_settings` is
  now a thin wrapper that passes no extra args (v1 default, unchanged).
- Adds `..._v2_resolver` variant that passes `--use_v2_migration_resolver`.

The existing `installing_litellm_on_python` / `installing_litellm_on_python_3_13`
jobs filter out the v2 variant via `-k "not v2_resolver"` so they keep
running only against their shared DB, unchanged behavior.
2026-04-21 14:40:11 -07:00
Yuneng Jiang a16c00e22c [Feature] Proxy: opt-in v2 migration resolver (--use_v2_migration_resolver)
Default behavior (v1) is unchanged. Users who have seen schema thrashing
during rolling deploys can opt into the v2 resolver with
`--use_v2_migration_resolver`.

Why v2 is safer:
- Runs `prisma migrate deploy` only.
- Recovers from P3005 (baseline) and idempotent P3009/P3018 errors, same
  as v1.
- Never calls `_resolve_all_migrations`, which generates a schema diff
  between the live DB and the shipped schema.prisma and applies it via
  `prisma db execute`. That path bypassed every migration's SQL and was
  the root cause of thrashing when two LiteLLM versions contended for
  the same DB.
- Logs a non-blocking warning when the DB has migrations applied that
  are newer than anything this build ships (ahead-of-HEAD). It does not
  refuse to start — many users have unusual ledger state from past
  thrashing, and blocking startup would be a breaking change.

Also prints a message on startup when the default (v1) resolver is in
use, pointing operators at the opt-in flag.

Adds unit tests covering the v2 fail-fast paths, the stripping of
Prisma-specific query params from DATABASE_URL (needed for psycopg),
the timestamp helpers, and pins the default: v1 still invokes
`_resolve_all_migrations`, v2 must not.
2026-04-21 14:20:35 -07:00
Mateo WangandGitHub df9d6c7da3 Merge pull request #26148 from BerriAI/litellm_fix-bedrock-invoke-allowlist
fix(bedrock): allowlist Bedrock Invoke body fields and filter all anthropic-beta values
2026-04-21 13:22:50 -07:00
shivam e0cc158860 Merge remote-tracking branch 'upstream/litellm_internal_staging' into litellm_post_call_non_streaming 2026-04-21 13:03:13 -07:00