Commit Graph

20 Commits

Author SHA1 Message Date
Yuneng Jiang 7100ed5d0a [Fix] Test isolation for agent health checks and documentation test path resolution
Fix agent health check tests failing with 500 errors in parallel CI by
mocking prisma_client to None. Fix documentation validation tests using
CWD-relative paths that break depending on the working directory.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 11:00:22 -07:00
Joe Reyna 36e04b6efe fix(tests): restore litellm_params=None on mock agent in a2a invoke test (#23125) 2026-03-09 07:16:02 -07:00
Joe Reyna 0bc1bd6871 fix(tests): use AsyncMock for prisma find_unique in agent get-by-id test (#23122) 2026-03-09 07:13:50 -07:00
Krish Dholakia 03ca98123f Agents health checks (#23044)
* feat: add health check toggle to agents page

Backend:
- Add health_check query parameter to GET /v1/agents endpoint
- When health_check=true, performs concurrent GET requests to each agent's
  URL and filters out agents with unreachable URLs (5s timeout)
- Agents returning HTTP <500 are considered healthy; 5xx and connection
  errors mark agents as unhealthy

UI:
- Add Health Check toggle (Switch) to agents panel header
- Toggle triggers re-fetch with health_check=true, filtering the agent list
- Icon color changes (green/gray) to indicate toggle state
- Tooltip explains behavior: 'only agents with reachable URLs are shown'

Networking:
- Update getAgentsList to accept optional healthCheck boolean parameter

Tests:
- Backend: 9 new tests covering health check filtering, _check_agent_url_health
  helper (no URL, 200, 404, 500, connection error cases)
- UI: 3 new tests verifying toggle renders, initial fetch without health check,
  and fetch with health check after toggle click

Co-authored-by: Krish Dholakia <krrishdholakia@gmail.com>

* fix: fix greptile comment re: security issue

* fix: fix based on greptile feedback

* fix: align health check tests with implementation

- Rename test_should_return_unhealthy_when_no_url to
  test_should_return_healthy_when_no_url (implementation returns
  healthy=True for agents without a URL)
- Patch get_async_httpx_client instead of httpx.AsyncClient so mocks
  actually intercept the HTTP calls made by _check_agent_url_health
- Remove unnecessary __aenter__/__aexit__ context-manager mocks

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* chore: undo _experimental/out renames from cherry-pick

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Update litellm/proxy/agent_endpoints/endpoints.py

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

---------

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-03-07 18:32:47 -08:00
Sameer Kankute 501671aa43 fix(agents): PUT update_agent_in_db clears static_headers and extra_headers when omitted
For full-replace PUT semantics, always include static_headers and extra_headers
in update_data, defaulting to {} and [] when not supplied. Previously,
omitting these fields left stale DB values intact (e.g. auth headers).

Made-with: Cursor
2026-03-05 16:16:21 +05:30
Sameer Kankute 594499e806 Add tests 2026-03-05 15:14:45 +05:30
Sameer Kankute fd53678898 test(agents): add tests for A2A custom header forwarding
Covers:
- Static headers forwarded to backend
- Dynamic headers extracted by name (extra_headers config)
- Convention-based x-a2a-{agent_id/name}-{header} forwarding
- Static headers win over dynamic on conflict
- Unrelated x-a2a- prefixes are not forwarded
- No-header case leaves existing behaviour unchanged
- merge_agent_headers utility unit tests

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-05 14:28:48 +05:30
Ishaan Jaff 8ce358e303 [Feat] Agent RBAC Permission Fix - Ensure Internal Users cannot create agents (#22329)
* fix: enforce RBAC on agent endpoints — block non-admin create/update/delete

- Add /v1/agents/{agent_id} to agent_routes so internal users can
  access GET-by-ID (previously returned 403 due to missing route pattern)
- Add _check_agent_management_permission() guard to POST, PUT, PATCH,
  DELETE agent endpoints — only PROXY_ADMIN may mutate agents
- Add user_api_key_dict param to delete_agent so the role check works
- Add comprehensive unit tests for RBAC enforcement across all roles

Co-authored-by: Ishaan Jaff <ishaan-jaff@users.noreply.github.com>

* fix: mock prisma_client in internal user get-agent-by-id test

Co-authored-by: Ishaan Jaff <ishaan-jaff@users.noreply.github.com>

* feat(ui): hide agent create/delete controls for non-admin users

Match MCP servers pattern: wrap '+ Add New Agent' button in
isAdmin conditional so internal users see a read-only agents view.
Delete buttons in card and table were already gated.
Update empty-state copy for non-admin users.
Add 7 Vitest tests covering role-based visibility.

Co-authored-by: Ishaan Jaff <ishaan-jaff@users.noreply.github.com>

---------

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Ishaan Jaff <ishaan-jaff@users.noreply.github.com>
2026-02-27 18:32:39 -08:00
yuneng-jiang 5a78486a15 tests 2026-02-13 22:01:28 -08:00
shin-bot-litellm 1477b4b46b fix(tests): Add missing mocks for MCP IP filtering and updated APIs (#20652)
Fixes 15 failing tests in the MCP test suite:

1. **OAuth discoverable endpoints** (test_discoverable_endpoints.py):
   - Added autouse fixture to mock IPAddressUtils.get_mcp_client_ip
   - This bypasses IP-based access control which was blocking server lookup
   - Fixes: test_authorize_*, test_token_*, test_oauth_*, test_register_*

2. **A2A endpoints** (test_a2a_endpoints.py):
   - Fixed mock path for add_litellm_data_to_request
   - Was patching litellm_pre_call_utils but function is called from common_request_processing

3. **MCP guardrail handler** (test_mcp_guardrail_handler.py):
   - Updated tests to match new handler behavior
   - Handler now passes tools (not texts) to guardrail
   - Handler checks for mcp_tool_name (not messages array)

4. **MCP path-based segregation** (test_user_api_key_auth_mcp.py):
   - Added client_ip to get_auth_context unpacking (7 values now)
   - get_auth_context was updated to include client_ip

5. **MCP registry** (test_mcp_management_endpoints.py):
   - Added mock for get_filtered_registry (not just get_registry)
   - Registry endpoint uses get_filtered_registry for IP filtering

Co-authored-by: Shin <shin@openclaw.ai>
2026-02-07 11:30:49 -08:00
Ishaan Jaff 6a73e5bd37 Revert "fix(a2a): use text/event-stream SSE format for message/stream endpoin…" (#20446)
This reverts commit 0209b214ac.
2026-02-04 16:08:22 -08:00
shin-bot-litellm 0209b214ac fix(a2a): use text/event-stream SSE format for message/stream endpoint (#20365)
* fix(a2a): use text/event-stream SSE format for message/stream endpoint

The A2A gateway's streaming response was using application/x-ndjson
Content-Type and raw NDJSON body format. The A2A protocol spec requires
text/event-stream with SSE framing (data: ...\n\n).

The official a2a-sdk client validates the Content-Type header and raises
SSEError when it doesn't contain text/event-stream.

Changes:
- Changed media_type from application/x-ndjson to text/event-stream
- Updated response body to use SSE framing (data: prefix + \n\n suffix)
- Added tests validating Content-Type and SSE body format

Fixes #20278

* Potential fix for code scanning alert no. 4045: Information exposure through an exception

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* test(a2a): add manual SSE format validation script

Adds a manual test script that:
1. Starts a real A2A agent on port 10001
2. Starts LiteLLM proxy with the agent registered
3. Makes a streaming request to the proxy's A2A gateway
4. Validates Content-Type header is text/event-stream
5. Validates body uses SSE framing (data: ...\n\n)

Run: python tests/a2a_manual/test_a2a_sse_manual.py

---------

Co-authored-by: shin-bot-litellm <shin-bot-litellm@users.noreply.github.com>
Co-authored-by: Ishaan Jaff <ishaanjaffer0324@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-02-04 16:07:17 -08:00
Ishaan Jaff d267c69086 [Feat] Use A2A registered agents with /chat/completions (#20362)
* test_a2a_registry_integration

* fix: render agents on model dropdown on UI

* init append_agents_to_model_group

* route_a2a_agent_request

* is_a2a_agent_model

* route_a2a_agent_request

* fix: error handling

* docs A2A usage

* docs fix

* feat: working A2a streaming

* fix transform
2026-02-03 15:25:38 -08:00
Harshit Jain 866bd46748 chore: resolve ModuleNotFoundError for Microsoft Foundry Agents (#18991) 2026-01-17 04:56:52 +05:30
yuneng-jiang de9a195d8c Merge pull request #17781 from BerriAI/litellm_daily_agent_table
[Feature] Daily Agent Usage Backend
2025-12-11 15:01:50 -08:00
Alexsander Hamir e9baa83a0f [Fix] CI/CD – Clean Up Performance PR Changes & others (#17838) 2025-12-11 12:50:03 -08:00
yuneng-jiang 1cad479297 Daily Agent Usage Table WIP 2025-12-10 11:50:52 -08:00
Ishaan Jaff 8f592088ed [Feat] Agent Access Control - Enforce Allowed agents by key, team + add agent access groups on backend (#17502)
* init schema.prisma

* init LiteLLM_ObjectPermissionTable with agents and agent_access_groups

* TestAgentRequestHandler

* refatctor agent list

* add AgentRequestHandler

* fix agent access controls by key/team

* feat - new migration for LiteLLM_AgentsTable

* fix add LiteLLM_ObjectPermissionBase with agent and agent groups

* add agent routes to llm api routes

* add agent routes as llm route
2025-12-04 16:31:00 -08:00
Ishaan Jaffer 8a824b7c17 fix mypy linting 2025-12-03 19:43:29 -08:00
Ishaan Jaff 585aee2ae4 [Feat] Agent Gateway - Allow tracking request / response in "Logs" Page (#17449)
* init litellm A2a client

* simpler a2a client interface

* test a2a

* move a2a invoking tests

* test fix

* ensure a2a send message is tracked n logs

* rename tags

* add streaming handlng

* add a2a invocation

* add a2a invocation i cost calc

* test_a2a_logging_payload

* update invoke_agent_a2a

* test_invoke_agent_a2a_adds_litellm_data

* add A2a agent
2025-12-03 18:57:18 -08:00