Commit Graph
33212 Commits
Author SHA1 Message Date
Ryan Crabbe bbbec23c8b fix: update tests to match tuple return type for cached init params 2026-02-21 13:18:03 -08:00
Ryan Crabbe 72e75c1122 Merge origin/main into litellm_fix_openai_init_params_immutable
Resolve conflict: keep Tuple types, incorporate type: ignore comment
and alphabetical typing import order from main.
2026-02-21 13:15:30 -08:00
Ryan Crabbe 20a685fe7f fix: make cached OpenAI init params immutable and fix import ordering
- Move `import inspect` to stdlib import group
- Change _OPENAI_INIT_PARAMS and _AZURE_OPENAI_INIT_PARAMS from
  mutable lists to immutable tuples to prevent accidental mutation
- Update return type and helper to use Tuple[str, ...]
2026-02-21 13:10:49 -08:00
Ishaan JaffandGitHub 8483477512 fix(test): add asyncio.sleep(0) before flush() to prevent hang in test_async_no_duplicate_spend_logs (#21813) 2026-02-21 13:09:36 -08:00
Ishaan JaffandGitHub 0a0768b3df fix(ci): resolve mypy and check_code_and_doc_quality CI failures (#21812)
- fix(mypy): suppress [misc] type error in common_utils.py for cls.__init__ access
- fix(mypy): move type: ignore comment to correct line in test_eval.py (line 232 not 231)
- fix(mypy): suppress [misc] and pre-existing pyright errors in vertex_ai_non_gemini.py
- fix(check_licenses): strip inline comments before parsing requirements.txt lines so CVE comments don't break packaging.requirements.Requirement()
- fix(router_coverage): add _merge_tools_from_deployment and _invalidate_access_groups_cache to ignored list (private helpers tested indirectly)
2026-02-21 13:08:47 -08:00
github-actions[bot]GitHubgithub-actions[bot] <github-actions[bot]@users.noreply.github.com>
22704b0176 chore: regenerate poetry.lock to match pyproject.toml (#21811)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-21 21:07:29 +00:00
ryan-crabbeandGitHub 336ecd6267 Merge pull request #21003 from BerriAI/litellm_perf_skip_usage_roundtrip
perf: skip Usage Pydantic round-trip in logging payload
2026-02-21 12:56:33 -08:00
Ryan Crabbe 75bc8329e2 Merge origin/main into litellm_perf_skip_usage_roundtrip
Resolve conflict in litellm_logging.py: take main's version and
re-apply get_usage_as_dict optimization on top.
2026-02-21 12:55:55 -08:00
Ishaan JaffandGitHub b281181448 fix(tests): isolate auth in spend logs and vertex passthrough tests (#21810)
* fix(tests): add app.dependency_overrides for auth in spend logs tests

test_ui_view_spend_logs_with_status, test_ui_view_spend_logs_with_model,
test_ui_view_spend_logs_with_model_id, and test_view_spend_logs_summarize_parameter
all send Bearer sk-test without mocking user_api_key_auth. When a prior test
in the same xdist worker sets master_key, the auth check fails for sk-test
and the test fails intermittently.

Fix: use app.dependency_overrides[ps.user_api_key_auth] to bypass auth,
same pattern as other tests in the same file.

* fix(tests): mock user_api_key_auth in test_vertex_passthrough_with_no_default_credentials

vertex_proxy_route calls user_api_key_auth internally. When a prior test in the
same xdist worker sets master_key, the auth check fails for the test request
and create_pass_through_route is never called, causing assert_called_once_with to fail.

Fix: patch user_api_key_auth as an AsyncMock in the with mock.patch() block.
2026-02-21 12:51:38 -08:00
Ishaan JaffandGitHub 1ed529092f fix(test): replace flaky test_vertex_ai_gemini_audio_ogg with mocked version (#21807)
Previously made a real Vertex AI call with a Wikimedia URL that intermittently
failed with URL_REJECTED-REJECTED_FC_TIMEOUT.

Now mocks HTTPHandler.post and VertexBase._ensure_access_token so the test
verifies the translation (OGG -> file_data with audio/ogg mime_type) without
any real network calls. Runs in ~0.36s instead of ~60s.
2026-02-21 12:49:06 -08:00
ryan-crabbeandGitHub da8f038178 Merge pull request #20789 from ryan-crabbe/perf/cache-openai-init-params
perf: pre-compute OpenAI client __init__ params at module load
2026-02-21 12:47:54 -08:00
Ishaan JaffandGitHub d928588de0 docs: mark v1.81.12 as stable (#21809)
* docs: mark v1.81.12 as stable, point to stable docker image and pip

* docs: fix v1.81.12 docker image to point to stable
2026-02-21 12:45:41 -08:00
ryan-crabbeandGitHub 4c393de216 Merge pull request #21213 from BerriAI/litellm_fix_streaming_connection_pool_leak
fix: close streaming connections to prevent connection pool exhaustion
2026-02-21 12:45:18 -08:00
Ryan Crabbe 5bcaeabfd8 Merge origin/main into litellm_fix_streaming_connection_pool_leak
Resolve conflict in test_proxy_server.py: keep both async_data_generator
cleanup tests and store_model_in_db DB config override tests.
2026-02-21 12:44:50 -08:00
ryan-crabbeandGitHub 53f3dfa989 Merge pull request #20354 from ryan-crabbe/perf/callback-registration-routing
perf: move async/sync callback separation from per-request to registration
2026-02-21 12:41:28 -08:00
Ishaan JaffandGitHub 086ced1f6a add missing sql_injection.yaml policy template (#21806) 2026-02-21 12:40:44 -08:00
Ryan Crabbe ea32ad72c6 Merge origin/main into perf/callback-registration-routing
Resolve conflicts:
- logging_callback_manager.py: keep PR's MAX_CALLBACKS, _is_async_callable, Callable type
- test_utils.py: keep both TestCallbackAsyncSyncSeparation and TestMetadataNoneHandling
2026-02-21 12:40:23 -08:00
Ishaan JaffandGitHub 02670582c5 fix(tests): replace asyncio.sleep(1) with event-based wait in metadata callback tests (#21805) 2026-02-21 12:40:06 -08:00
0fe3145e83 Fix/presidio controls (#21798)
* check should_run_guardrail in sync logging hook path

* Add tests for CustomGuardrail logging behavior

Added tests to ensure CustomGuardrail logging behavior based on the guardrail execution state.

---------

Co-authored-by: Miguel Armenta <ma826r@att.com>
2026-02-21 12:39:17 -08:00
ryan-crabbeandGitHub f5139716a1 Merge pull request #20882 from ryan-crabbe/perf/optimize-model-dump-preserved-fields
perf: optimize model_dump_with_preserved_fields
2026-02-21 12:36:02 -08:00
Ishaan JaffandGitHub daa682e125 fix(tests): add missing start_db_health_watchdog_task mock (#21804)
* fix(tests): add missing start_db_health_watchdog_task mock in test_proxy_server_prisma_setup

* fix(tests): add missing start_db_health_watchdog_task mock in test_health_check_not_called_when_disabled
2026-02-21 12:31:52 -08:00
Ishaan Jaffer 0b69c21eca Revert "fix(http_handler): bypass cache when shared_session is provided for aiohttp tracing (#20630)"
This reverts commit 7ee36c2a3a.
2026-02-21 12:27:46 -08:00
ryan-crabbeandGitHub d7b3b2eb9e Merge pull request #20374 from ryan-crabbe/perf/cache-access-groups
perf: cache get_model_access_groups() no-args result on Router
2026-02-21 12:25:45 -08:00
ryan-crabbeandGitHub 469951466e Merge pull request #20541 from ryan-crabbe/perf/cost-calculator-optimizations
Perf/cost calculator optimizations
2026-02-21 12:18:38 -08:00
ryan-crabbeandGitHub a8dbcb1a30 Merge pull request #20526 from ryan-crabbe/perf/add-litellm-data-to-request-optimizations
Perf: add_litellm_data_to_request optimizations
2026-02-21 12:16:05 -08:00
ryan-crabbeandGitHub d04e5c6a3e Merge pull request #20448 from ryan-crabbe/perf/optimize-completion-cost
perf: optimize completion_cost()
2026-02-21 12:15:48 -08:00
Ishaan JaffandGitHub 08ae43ace1 fix(migrations): add ensure_project_id migration + bump litellm-proxy-extras to 0.4.46 (#21800)
* fix(migrations): add ensure_project_id_verification_token migration

Ensures project_id column exists on LiteLLM_VerificationToken. The original
migration (20251113000000_add_project_table) adds this column, but may have
been skipped if LiteLLM_ProjectTable already existed and the migration was
resolved as idempotent. Uses IF NOT EXISTS for safety.

* bump: litellm-proxy-extras 0.4.45 → 0.4.46
2026-02-21 12:15:21 -08:00
Ryan Crabbe dc2c835e7b perf: optimize completion_cost() — eliminate enum overhead, reduce function call indirection
Pre-resolve CallTypes enum values into module-level frozensets to avoid
repeated .value attribute access in the elif chain. Inline the hot-path
_store_cost_breakdown_in_logging_obj as a direct dict literal. Remove
unnecessary cast(CallTypesLiteral, call_type) call. Guard
_get_additional_costs() with azure_ai-only check since no other provider
implements additional costs.

Line profile shows 20.5% reduction in completion_cost() total time
(7.14s → 5.68s across 6,006 calls). The four targeted bottlenecks
dropped from 2.82s to 0.28s combined.
2026-02-21 12:14:55 -08:00
ryan-crabbeandGitHub d8dda93bba Merge pull request #20593 from ryan-crabbe/perf/reuse-litellm-params
perf: reuse LiteLLM_Params
2026-02-21 12:11:02 -08:00
ryan-crabbeandGitHub be016b683b Merge pull request #20440 from ryan-crabbe/perf/skip-duplicate-logging-payload
perf: skip duplicate get_standard_logging_object_payload for non-streaming req's
2026-02-21 12:07:31 -08:00
ryan-crabbeandGitHub 1ab11396f0 Merge pull request #20434 from ryan-crabbe/perf/prometheus-asgi-middleware
Perf/prometheus asgi middleware
2026-02-21 12:07:07 -08:00
Ryan Crabbe 498dad0af1 test: add backwards compatibility tests for PrometheusAuthMiddleware
Add tests verifying non-metrics requests pass through unaffected and
don't trigger auth even when auth is enabled.
2026-02-21 12:06:31 -08:00
Ryan Crabbe 6ae2d6e73b perf: convert PrometheusAuthMiddleware from BaseHTTPMiddleware to pure ASGI
BaseHTTPMiddleware creates a new asyncio task, wraps the response in a
StreamingResponse, and coordinates via events on every request — even for
non-/metrics paths where this middleware is a pure passthrough. This added
~3.8s of overhead in profiled benchmarks (15.3s total attributed time).

The pure ASGI implementation checks scope["path"] directly and passes
through to the inner app with zero object construction for non-/metrics
requests. A Request object is only created when auth is actually needed.
2026-02-21 12:06:31 -08:00
Ishaan JaffandGitHub 87feca0b4a fix: 2 failing CI tests in litellm_mapped_tests_proxy_part2 (#21797)
* fix(test): remove deprecated Click mix_stderr param in test_use_prisma_db_push_flag_behavior

Click 8.2+ removed the mix_stderr parameter from CliRunner. Use CliRunner() without it.

* fix(test): use app.dependency_overrides for auth mock in test_role_mappings_stored_and_retrieved

monkeypatch.setattr doesn't affect FastAPI's Depends() resolution in parallel
test execution. Use app.dependency_overrides which is the proper FastAPI pattern.
2026-02-21 12:04:58 -08:00
Ishaan JaffandGitHub a939fa37ae fix(proxy): restore broad is_database_connection_error; add is_database_transport_error for reconnect (#21796)
Any PrismaError should be treated as a DB connection error for the
allow_requests_on_db_unavailable feature and 503 responses. The narrow
keyword-based check is now in is_database_transport_error, which is
what the reconnect logic in auth_checks.py should use.

Fixes test_delete_access_group_503_on_db_connection_error and
test_handle_authentication_error_db_unavailable failures caused by
PR #21706 narrowing is_database_connection_error.
2026-02-21 12:04:00 -08:00
Ryan Crabbe 461a01311b perf: skip duplicate get_standard_logging_object_payload for non-streaming requests
- Add early return in _get_assembled_streaming_response for non-streaming
  requests, preventing duplicate standard_logging_object computation
- Move emit_standard_logging_payload into _process_hidden_params_and_response_cost
  so non-streaming requests still emit the debug payload
- Add emit_standard_logging_payload for dict/list result edge cases
2026-02-21 12:01:21 -08:00
Ishaan JaffandGitHub 74ef034110 fix(tests): add flaky retries to flaky CI tests (#21795)
* fix(tests): add flaky retries and error handling to test_create_eval

* fix(tests): add flaky retries to test_cohere_v2_conversation_history

* fix(tests): add flaky retries to test_gemini_url_context
2026-02-21 11:56:29 -08:00
Ishaan JaffandGitHub a0e76f4f25 fix(tests): mock httpx in RPM limit pass-through tests (#21793)
* fix(tests): isolate flaky files endpoint tests from global proxy state

* test(secret_managers): add mocked unit test for write/read JSON secret cycle

* fix(tests): mock httpx in rpm limit pass-through tests to avoid real Cohere API calls
2026-02-21 11:55:48 -08:00
Ryan Crabbe f976a01fce fix: use precise tuple[str, str] type annotation for _PRESERVED_NONE_FIELDS 2026-02-21 11:34:30 -08:00
Ishaan JaffandGitHub 349516280f fix(ui): fix failing ui_unit_tests (#21792)
- TeamMemberTab: pass canEditTeam=true so Add Member button renders
- UsagePageView: remove stale banner assertions (org/customer/agent banners were removed from source)
- LogDetailContent: scope '-' query to Provider description item using within() to avoid multiple-match error
2026-02-21 11:33:28 -08:00
Ishaan JaffandGitHub c6a8034184 fix(tests): isolate flaky tests - restore global state in setup/teardown (#21791)
* fix(tests): isolate flaky files endpoint tests from global proxy state

* test(secret_managers): add mocked unit test for write/read JSON secret cycle

* fix(tests): restore litellm.callbacks in TestSpendLogsPayload setup/teardown

* fix(tests): clear app.openapi_schema in TestSwaggerChatCompletions setup/teardown

* fix(tests): add flaky marker to test_async_increment_tokens_with_ttl_preservation
2026-02-21 11:30:35 -08:00
Ishaan JaffandGitHub 21a549d78d fix(tests): isolate flaky files endpoint tests from global proxy state (#21788)
* fix(tests): isolate flaky files endpoint tests from global proxy state

* test(secret_managers): add mocked unit test for write/read JSON secret cycle
2026-02-21 11:20:32 -08:00
Ishaan JaffandGitHub 2acc5cc457 fix(security): fix CVE-2025-69873, CVE-2026-26996 in docs deps; allowlist nodejs_wheel CVEs in Grype scan (#21787)
* fix(security): fix CVE-2025-69873 and CVE-2026-26996 in docs dependencies

Use npm overrides to pin patched versions:
- ajv@6.12.6 → 6.14.0 (fixes ReDoS CVE-2025-69873)
- ajv@8.17.1 → 8.18.0 (fixes ReDoS CVE-2025-69873)
- minimatch@3.1.2 → 10.2.1 (fixes DoS CVE-2026-26996)

serve-handler only calls minimatch(path, pattern) so the 3.x→10.x
upgrade is safe.

* fix(ruff): add missing Set and Dict imports to fix F821 errors

* fix(security): scope ajv overrides to avoid top-level version conflict

Replacing global 'ajv: 8.18.0' override with scoped 'schema-utils@4'
override. The global override conflicted with the nested file-loader/
null-loader/url-loader overrides, causing npm to install ajv@6 at the
top level where ajv-keywords@5.x requires ajv@8 (ajv/dist/compile/codegen).

Now:
- schema-utils@3 + loaders → ajv@6.14.0 (safe minor bump)
- schema-utils@4 → ajv@8.18.0 (safe minor bump)
- top-level ajv unmodified (stays at 8.x for ajv-keywords@5)

* fix(security): allowlist minimatch and tar CVEs from nodejs_wheel, bump tar override to >=7.5.8
2026-02-21 11:18:52 -08:00
Ishaan JaffandGitHub d95c3e9cd4 fix(ruff): add missing Set and Dict imports (F821) (#21785)
* fix(ruff): add missing Set and Dict imports to fix F821 errors

* fix(ci): add semantic_router dep to guardrails_testing job

The test_build_routes_combined_templates test calls build_routes() which
imports from semantic_router, but the guardrails_testing CI job didn't
install it.
2026-02-21 10:56:27 -08:00
Ishaan JaffandGitHub 8a145da793 fix(security): fix CVE-2025-69873 and CVE-2026-26996 in docs dependencies (#21782)
* fix(security): fix CVE-2025-69873 and CVE-2026-26996 in docs dependencies

Use npm overrides to pin patched versions:
- ajv@6.12.6 → 6.14.0 (fixes ReDoS CVE-2025-69873)
- ajv@8.17.1 → 8.18.0 (fixes ReDoS CVE-2025-69873)
- minimatch@3.1.2 → 10.2.1 (fixes DoS CVE-2026-26996)

serve-handler only calls minimatch(path, pattern) so the 3.x→10.x
upgrade is safe.

* fix(ruff): add missing Set and Dict imports to fix F821 errors

* fix(security): scope ajv overrides to avoid top-level version conflict

Replacing global 'ajv: 8.18.0' override with scoped 'schema-utils@4'
override. The global override conflicted with the nested file-loader/
null-loader/url-loader overrides, causing npm to install ajv@6 at the
top level where ajv-keywords@5.x requires ajv@8 (ajv/dist/compile/codegen).

Now:
- schema-utils@3 + loaders → ajv@6.14.0 (safe minor bump)
- schema-utils@4 → ajv@8.18.0 (safe minor bump)
- top-level ajv unmodified (stays at 8.x for ajv-keywords@5)
2026-02-21 10:56:11 -08:00
Ryan Crabbe c071e01fb6 fix: address PR review comments for model_dump_with_preserved_fields
- Restore preserve_fields param for backward compatibility (deprecated)
- Use zip() instead of index-based iteration to prevent IndexError
- Add backward compatibility test
2026-02-21 10:48:10 -08:00
Ishaan JaffandGitHub a5e886de79 fix(tests): read CI_CD_DEFAULT_ANTHROPIC_MODEL env var instead of hardcoding model (#21781)
* fix(tests): read CI_CD_DEFAULT_ANTHROPIC_MODEL env var in bedrock KB tests

* fix(tests): read CI_CD_DEFAULT_ANTHROPIC_MODEL env var in test_router

* fix(tests): read CI_CD_DEFAULT_ANTHROPIC_MODEL env var in test_router_retries

* fix(tests): read CI_CD_DEFAULT_ANTHROPIC_MODEL env var in test_router_timeout
2026-02-21 10:46:49 -08:00
Ishaan JaffandGitHub 0726bdb67c fix(tests): update gcs pubsub v1 fixture with new SpendLogsMetadata fields (#21779)
SpendLogsMetadata added new fields (user_api_key, status, error_information,
etc.) that weren't in the expected spend_logs_payload.json fixture, causing
test_async_gcs_pub_sub_v1 to fail.
2026-02-21 10:40:26 -08:00
32b09b29fc feat(ui): add forward_client_headers_to_llm_api toggle to general settings (#21776)
* feat(ui): add forward_client_headers_to_llm_api toggle to general settings

* feat(ui): add forward_client_headers_to_llm_api toggle to UI Settings tab

- Add toggle to UISettings.tsx frontend (switch + label + description)
- Add field to UISettings model and ALLOWED_UI_SETTINGS_FIELDS
- Sync setting to general_settings on get/update so proxy picks it up at runtime

---------

Co-authored-by: shin-bot-litellm <shin-bot-litellm@users.noreply.github.com>
2026-02-21 10:38:40 -08:00
Ishaan JaffandGitHub c5b695e71c fix(test): skip 'projects' field in team update assertion (#21777) 2026-02-21 10:24:53 -08:00