Commit Graph

7385 Commits

Author SHA1 Message Date
Harshit28j ce052d07be Fix test helper hour=23 bug and add row-count batching test
- Use timedelta(hours=1) instead of replace(hour=hour+1) in _window()
  to avoid ValueError when hour=23
- Add test_should_batch_by_row_count covering the >10K rows batching
  path (previously only the 2 MB size-limit path was tested)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 18:12:27 +05:30
Harshit28j 69a94a873c Add Vantage integration for FOCUS CSV export
Adds a pluggable Vantage destination to the existing FOCUS export pipeline,
enabling LiteLLM to export spend data in FOCUS format directly to Vantage's
cost-import API. Supports automatic hourly exports via scheduled background job,
with admin API endpoints for manual control and configuration. Includes CSV
serializer, batching for 10K row / 2MB API limits, and enriched Tags JSON with
team/user/key metadata for Vantage Token Allocation feature.

- Add CSV serializer (FocusCsvSerializer) for FOCUS data
- Add Vantage API destination with automatic batching
- Add VantageLogger that wraps FocusLogger with Vantage defaults
- Add proxy endpoints: /vantage/{init,settings,export,dry-run,delete}
- Register "vantage" callback in logger registry and literal type
- Wire up background job in proxy_server.py startup
- Populate Tags column with JSON metadata (team_id, user_id, user_email, etc.)
- Add 14 unit tests covering serializer, destination, and factory

All tests pass (23 focus tests total, no regressions).

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-03-11 13:51:36 +05:30
Sameer Kankute a788b21092 Merge pull request #23243 from BerriAI/litellm_bedrock-completion-tokens-details
fix(bedrock): populate completion_tokens_details in Responses API
2026-03-10 18:19:28 +05:30
Sameer Kankute cd80213f1c Merge pull request #23151 from BerriAI/litellm_preserve-reasoning-summary-for-responses-api
fix(openai): preserve reasoning_effort summary field for Responses API
2026-03-10 18:18:46 +05:30
Sameer Kankute b3c4326845 Merge pull request #23131 from BerriAI/litellm_vertex_ai_extra_body_cache_fix
fix(vertex_ai): strip LiteLLM-internal keys from extra_body before merging to Gemini request
2026-03-10 18:17:29 +05:30
Sameer Kankute 9bc7357e7c Merge pull request #23222 from BerriAI/litellm_oss_staging_02_18_2026
Litellm oss staging 02 18 2026
2026-03-10 17:46:06 +05:30
Sameer Kankute b211b67cea Merge pull request #23164 from BerriAI/litellm_oss_staging_03_09_2026
oss staging 03/09/2026
2026-03-10 17:45:17 +05:30
Sameer Kankute 9bee76c30d Merge pull request #23253 from BerriAI/main
merge main
2026-03-10 17:25:01 +05:30
Sameer Kankute 72fc2f77cf Merge pull request #23252 from BerriAI/main
merge main
2026-03-10 17:24:19 +05:30
Sameer Kankute 3f17a63b81 Merge branch 'main' into litellm_oss_staging_03_02_2026 2026-03-10 17:19:37 +05:30
Sameer Kankute 88c4079b16 fix(skills): match zip folder name to skill name in SKILL.md for Anthropic API
Made-with: Cursor
2026-03-10 14:11:11 +05:30
Sameer Kankute 0122abfa2b fix(bedrock): populate completion_tokens_details in converse _transform_usage
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-03-10 13:17:28 +05:30
Sameer Kankute 3e1f343d1a Merge pull request #23242 from BerriAI/litellm_fix_redaction_and_charity_engine_provider
fix(tests): update cache hit redaction assertion to expect choices fo…
2026-03-10 12:27:59 +05:30
Sameer Kankute f33f446476 Merge pull request #23240 from BerriAI/litellm_bedrock-nova-output-config-spend-tracking
fix(bedrock): strip output_config from Converse requests; fix spend tracking redaction test
2026-03-10 12:15:06 +05:30
Sameer Kankute 30fde1de7f fix(tests): update cache hit redaction assertion to expect choices format
Made-with: Cursor
2026-03-10 12:14:24 +05:30
yuneng-jiang b8886568f0 Merge pull request #23236 from BerriAI/litellm_/flamboyant-leakey
[Fix] All Proxy Models Not Including Model Access Groups in Key Creation
2026-03-09 23:27:38 -07:00
Sameer Kankute 200b001633 fix(bedrock): strip output_config from Converse requests; fix spend tracking redaction test
Made-with: Cursor
2026-03-10 11:53:36 +05:30
Sameer Kankute db99fdeff3 fix(mcp): OpenAPI tool listing and execution for relative URLs and camelCase
- Fix case-insensitive tool name matching in _tool_name_matches() so that
  OpenAPI operationIds (camelCase) match lowercase registered tool names
  when filtering by allowed_tools
- Fix get_base_url() to resolve relative server URLs (e.g. /api/v3) by
  deriving full base URL from spec_path when OpenAPI spec has relative URLs
- Add tests for case-insensitive matching and filter_tools_by_allowed_tools

Made-with: Cursor
2026-03-10 11:34:23 +05:30
yuneng-jiang 1755a281bd Fix mutation bug: copy lists in get_key_models to prevent corrupting cached UserAPIKeyAuth
`all_models = user_api_key_dict.models` was creating an alias, so
`_get_models_from_access_groups` (which uses `.pop()`/`.extend()`) would
mutate the cached object in-place. Now both `.models` and `.team_models`
assignments create copies via `list()`.

Added test to verify the input is not mutated.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 22:55:53 -07:00
yuneng-jiang 1cf191d9ad [Fix] Deduplicate model lists and remove dead assignment
Adds dedup to get_key_models and get_team_models to prevent duplicate
entries when access group member models overlap with proxy_model_list.
Removes dead assignment of all_models in get_team_models.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 22:44:45 -07:00
Sameer Kankute cf84072662 Merge pull request #23235 from BerriAI/litellm_fix_redaction_and_charity_engine_provider
fix(logging): preserve ModelResponse choices format in redacted standard_logging_object + add Charity Engine provider endpoint
2026-03-10 11:00:24 +05:30
yuneng-jiang c829733200 [Fix] Include model access groups when expanding All Proxy Models
When a team has "all-proxy-models", the model list expansion now includes
model access group names so they appear in the UI key creation form.
Also fixes get_key_models not forwarding include_model_access_groups to
_get_models_from_access_groups, and removes unused _unfurl_all_proxy_models.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 22:30:07 -07:00
Sameer Kankute b08445837b fix(logging): preserve ModelResponse choices format in redacted standard_logging_object + add Charity Engine provider endpoint
- Fix perform_redaction to handle dict representation of ModelResponse (from model_dump())
- Preserve full choices structure when redacting, redact content/audio in place
- Add _redact_standard_logging_object helper for standard_logging_object field
- Update test_logging_redaction_e2e_test assertions to expect choices format
- Add charity_engine to provider_endpoints_support.json

Fixes: test_standard_logging_payload, test_standard_logging_payload_audio
Made-with: Cursor
2026-03-10 10:22:57 +05:30
Sameer Kankute 504e66ccd4 Revert "fix: forward recognized OpenAI params from kwargs in completion() (#2…"
This reverts commit dd6f0d6c55.
2026-03-10 10:22:00 +05:30
Sameer Kankute c1b860b3c1 Revert "fix: strip empty text content blocks in /v1/messages endpoint (#23097)"
This reverts commit 2c738cc939.
2026-03-10 09:53:19 +05:30
jymmi 33d4b93bee fix(sagemaker): Add role assumption support for embedding endpoint (#20435)
The SageMaker embedding handler was not using _load_credentials(),
which meant aws_role_name and aws_session_name parameters were
ignored. This prevented cross-account role assumption for embeddings
while it worked for completions.

Changes:
- Replace direct boto3 client creation with _load_credentials() call
- Create boto3.Session with assumed credentials
- Add comprehensive unit tests for role assumption

This aligns the embedding handler behavior with the completion handler,
which already supports role assumption via the BaseAWSLLM.get_credentials()
method.

Fixes cross-account SageMaker embedding access where users need to
assume a role in another account to invoke endpoints.
2026-03-09 20:58:14 -07:00
Krish Dholakia dd6f0d6c55 fix: forward recognized OpenAI params from kwargs in completion() (#23224)
Any param in DEFAULT_CHAT_COMPLETION_PARAM_VALUES that arrives via
completion(**kwargs) is now automatically forwarded to
get_optional_params(), even if it's not a named parameter of
completion().

Previously, get_non_default_completion_params() excluded params in
OPENAI_CHAT_COMPLETION_PARAMS (assuming they'd be forwarded via the
named-param path), while optional_param_args only contained explicitly
named params. Params like 'store' that were in the known-params list
but not named params fell through both paths and were silently dropped.

The fix adds a 7-line loop after building optional_param_args that
forwards any kwargs present in DEFAULT_CHAT_COMPLETION_PARAM_VALUES.
This means new OpenAI params only need to be added to the constants
dict — no boilerplate changes to 3+ function signatures required.

Fixes #23087

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
2026-03-09 20:56:27 -07:00
tristanolive 30b82c3a0c feat(charity_engine): add Charity Engine provider (#23223)
* feat(charity_engine): add Charity Engine provider

Charity Engine is a crowdsourced distributed computing platform that
donates processing power to charitable causes. Its inference API
provides OpenAI-compatible chat, completions, and embeddings endpoints.

* test(charity_engine): add provider config and resolution tests

Verify JSONProviderRegistry config, provider list membership,
model routing for charity_engine/<model>, and Router compatibility.

* feat(charity_engine): add Charity Engine to LlmProviders enum

Enables provider_list membership and LlmProviders.CHARITY_ENGINE
resolution required by the provider and test suite.

* fix(charity_engine): remove api_base_env to fix non-deterministic test

The CHARITY_ENGINE_API_BASE env var could override the base_url in CI,
causing test_charity_engine_provider_resolution to fail intermittently.

* fix(charity_engine): remove trailing slash from base_url
2026-03-09 20:46:43 -07:00
Maxwell Calkin 2c738cc939 fix: strip empty text content blocks in /v1/messages endpoint (#23097)
Claude's API returns assistant messages with empty text blocks
({"type": "text", "text": ""}) alongside tool_use blocks during
multi-turn tool-use conversations. These blocks are rejected when
sent back to the API with "text content blocks must be non-empty".

Sanitization already exists for other code paths (/v1/chat/completions
for both Anthropic and Bedrock), but NOT for the /v1/messages native
path. This adds the same treatment by stripping empty text blocks
from messages in async_anthropic_messages_handler before they are
forwarded to the provider.

Fixes #22930
2026-03-09 19:51:25 -07:00
zxshen 9314963697 fix(fireworks): strip duplicate /v1 from models endpoint URL (#23113)
_get_openai_compatible_provider_info already returns an api_base
ending in /v1, but get_models prepended another /v1, producing
.../inference/v1/v1/accounts/... which 404s.

Strip the trailing /v1 from api_base before re-adding it so that
both the default and any user-supplied base work correctly.

Add parametrized tests covering the default URL, trailing-slash,
custom base with /v1, and custom base without /v1.

Fixes #23106
2026-03-09 19:49:58 -07:00
Krish Dholakia 992510154c Merge branch 'main' into litellm_oss_staging_02_18_2026 2026-03-09 19:48:46 -07:00
Krish Dholakia 9500fc18d1 Fix TypeError: LiteLLM_Params.__init__() got multiple values for argument 'self' (#23220)
The bug occurred when user data inadvertently contained reserved Python
keywords like 'self', 'params', or '__class__' as keys. When such a dict
was unpacked via **kwargs to LiteLLM_Params() or GenericLiteLLMParams(),
Python raised TypeError because 'self' was passed both implicitly and
as a keyword argument.

The fix:
- Add a Pydantic model_validator(mode='before') to GenericLiteLLMParams
  that filters out reserved keys ('self', 'params', '__class__') before
  validation
- Move the max_retries str-to-int conversion into the same validator
- Remove the custom __init__ methods from both GenericLiteLLMParams and
  LiteLLM_Params, since the validator now handles the preprocessing
- Clean up unused VERTEX_CREDENTIALS_TYPES import

This fix applies to all classes that inherit from GenericLiteLLMParams,
including LiteLLM_Params and updateLiteLLMParams.

Added comprehensive tests in tests/test_litellm/test_litellm_params_reserved_keys.py

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
2026-03-09 19:33:52 -07:00
yuneng-jiang c1d042c2a3 Fix flaky test_stream_chunk_builder_openai_audio_output_usage
The test calls OpenAI's gpt-4o-audio-preview model which sometimes
doesn't return usage data in the streaming response. Fixed by:
- Adding @pytest.mark.flaky(retries=5, delay=2) for retry handling
- Fixing usage_obj loop to check chunk.usage is not None
- Skipping gracefully when OpenAI doesn't return usage data

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 17:18:00 -07:00
yuneng-jiang 6fe82d3886 Merge pull request #23211 from BerriAI/litellm_/sharp-keller
[Fix] Skills API test failing with duplicate skill name 500
2026-03-09 17:13:29 -07:00
yuneng-jiang af8f91ef66 [Fix] Use unique skill names in Skills API test to avoid duplicate-name 500s
The test_create_skill test was consistently failing in CI with a 500 from
Anthropic because the SKILL.md frontmatter always used the same hardcoded
name (test-skill-litellm). Since test_delete_skill is permanently skipped,
skills accumulate in the CI account, and re-creating with a duplicate name
triggers an Internal Server Error on Anthropic's side.

Fix: pass a timestamp-based unique_suffix to create_skill_zip so each run
produces a distinct skill name in the zip's SKILL.md frontmatter.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 17:09:15 -07:00
yuneng-jiang 4c3f873bde Merge pull request #23198 from BerriAI/litellm_fix_nova_pro_max_tokens
[Fix] Claude Agent SDK E2E Test Nova Pro max_tokens Limit
2026-03-09 15:54:00 -07:00
yuneng-jiang d719c8a53c Merge branch 'main' into litellm_fix_nova_pro_max_tokens 2026-03-09 15:47:53 -07:00
yuneng-jiang 2a836c7103 Fix Claude Agent SDK E2E test for Nova Pro max_tokens limit
The Claude Agent SDK sends max_tokens=32000 for unrecognized model names
(like "bedrock-nova-pro"), which exceeds Nova Pro's 10,000 limit. Enable
modify_params in the test proxy config so LiteLLM clamps max_tokens to the
model's actual limit. Also swap nova-premier to nova-pro since premier
requires provisioned throughput unavailable in CI.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 15:45:24 -07:00
yuneng-jiang ffd1eb18e0 Merge remote main and resolve conflicts
Kept our sync test fix, accepted upstream's xdist_group marker on
the async handler test.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 15:34:50 -07:00
yuneng-jiang 74ed6a16ac Fix flaky test_watsonx_gpt_oss_prompt_transformation
The test was flaky under pytest-xdist parallel execution because it used
async acompletion (which runs completion() in a thread pool via
run_in_executor) and relied on shared global state (known_tokenizer_config,
iam_token_cache, module_level_client) that could be modified by other tests
running in parallel. Failures were silently swallowed by a broad try/except,
causing mock_post.call_count to remain 0.

Fix:
- Convert from async acompletion to sync completion, matching every other
  test in the file. The test's intent is verifying prompt transformation,
  not async behavior.
- Use monkeypatch.setitem for known_tokenizer_config to ensure proper
  teardown isolation.
- Remove unnecessary mock layers (async template fetchers, iam_token_cache
  pre-population, mock completion response) that were only needed for the
  async code path.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 15:32:30 -07:00
yuneng-jiang 29ca052064 Merge remote main, resolve conflict keeping new unit tests
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 15:20:20 -07:00
yuneng-jiang b7ac688b2b Replace SearXNG integration tests with unit tests for request/response transformation
The SearXNG search tests were failing in CI because they depend on a live
SearXNG instance that returns results. Since this provider is used by a
very small subset of customers, replace the flaky integration tests with
deterministic unit tests that validate request payloads, URL construction,
response parsing, and header configuration without requiring external infra.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 15:13:58 -07:00
yuneng-jiang 8ecac84789 Revert "feat(proxy): add Prisma DB pool and engine health metrics to Promethe…"
This reverts commit 0bb26c3f1b.
2026-03-09 14:55:11 -07:00
yuneng-jiang be9d1798b2 Merge pull request #23182 from BerriAI/litellm_/exciting-swanson
[Fix] Model pricing schema test missing output_cost_per_image_token_batches
2026-03-09 14:26:21 -07:00
yuneng-jiang 379ce1aae5 [Fix] Add output_cost_per_image_token_batches to model pricing schema test
The gemini-3.1-flash-image-preview model introduced a new pricing field
that was missing from the test's validation schema and cost_fields list.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 14:17:52 -07:00
michelligabriele c47f77a348 fix(agentcore): handle JSON responses from agents using sync return (#23165)
* fix(agentcore): handle JSON responses from agents using sync return

BedrockAgentCoreApp agents that use synchronous `return` (instead of
async `yield`) respond with Content-Type: application/json instead of
text/event-stream. The streaming parser only handles SSE format, silently
discarding the JSON body and returning empty content to the client.

This adds Content-Type detection in both sync and async streaming
wrappers — when application/json is received, the response is parsed
and converted to a single-chunk stream. Also extends _parse_json_response
with a fallback chain supporting multiple agent response schemas (standard
AgentCore, Strands framework, plain string, raw JSON fallback).

* fix(agentcore): add dict-type guard to _parse_json_response

Prevent AttributeError when json.loads() returns a non-dict
(e.g. JSON array or primitive) by adding an isinstance check
at the top of _parse_json_response. Non-dict values fall back
to raw JSON string content.

* fix(agentcore): handle malformed JSON and split streaming chunks

- Wrap json.loads() in try/except in both sync and async streaming
  wrappers so malformed JSON bodies raise a structured BedrockError
  instead of a raw JSONDecodeError
- Split the JSON-fallback streaming path into two chunks (content
  chunk with finish_reason=None, then stop sentinel with empty delta)
  to match the SSE path convention

* fix(agentcore): catch IO errors in streaming JSON path + async error test

- Broaden except clause to catch both json.JSONDecodeError and IO-level
  exceptions (httpx.ReadError, etc.) from response.read()/aread(), so
  all failures surface as structured BedrockError
- Add async malformed-JSON test to mirror the sync test coverage
2026-03-09 10:22:36 -07:00
Varad Khonde 9b15f639a4 fix(responses): merge parallel function_call items into single assistant message (#23116) 2026-03-09 09:01:31 -07:00
Aarish Alam e21b06265a fix fkey violation on deleting user (#23115) 2026-03-09 08:53:11 -07:00
ohadgur 0bb26c3f1b feat(proxy): add Prisma DB pool and engine health metrics to Prometheus (#22655)
* feat(proxy): add Prisma DB pool and engine health metrics to Prometheus

Add a PrismaMetricsCollector that periodically queries pg_stat_activity
and the Prisma engine process to expose connection pool and engine health
as Prometheus gauges/counters. Auto-enabled when prometheus_system is in
service_callback.

New metrics:
- litellm_db_pool_active_connections (Gauge)
- litellm_db_pool_idle_connections (Gauge)
- litellm_db_pool_total_connections (Gauge)
- litellm_db_pool_waiting_connections (Gauge)
- litellm_db_engine_up (Gauge)
- litellm_db_engine_restarts_total (Counter)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address Greptile review feedback

- Only increment engine_restarts counter on heavy reconnects (engine
  actually dead), not lightweight network-blip reconnects
- Fix potential KeyError in _get_or_create_gauge/counter fallback path
  when REGISTRY._names_to_collectors is absent
- Rename litellm_db_pool_waiting_connections to
  litellm_db_pool_lock_waiting_connections to clarify it measures lock
  contention, not pool slot queuing

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: warn when prometheus_system enabled but watchdog disabled

Log a warning when users have prometheus_system in service_callback
but PRISMA_HEALTH_WATCHDOG_ENABLED=false, since DB pool and engine
metrics won't be collected in that configuration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* ci: retrigger CI checks

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: use labeled gauge for DB pool connection metrics

Replace 3 separate pool gauges (active, idle, total) with a single
`litellm_db_pool_connections` gauge using a `state` label. This is more
Prometheus-idiomatic and exposes all pg_stat_activity states (active,
idle, idle in transaction, etc.) without ambiguity about what "total"
includes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address Greptile review — stale labels and fallback re-registration

- Zero out known pg_stat_activity states that are absent from the current
  query result, preventing stale gauge values from persisting.
- Simplify _get_or_create_gauge/counter by removing the fallback loop
  that could re-register an already-registered metric (ValueError).
- Add test for stale label clearing across collection cycles.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: include "unknown" in _PG_STATES for stale label clearing

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: collect immediately on start and consolidate into single query

- Move sleep to end of loop so metrics appear on /metrics immediately
  after startup instead of after a 30s delay.
- Combine pool state and lock waiting queries into a single SQL query
  using conditional aggregation, halving per-cycle DB overhead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: prevent tight spin loop on collection error

Move asyncio.sleep outside the try/except so it always executes even
when _collect_engine_health() or _collect_pool_metrics() raises.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add multiprocess_mode to _get_or_create_gauge initialization

- Include `multiprocess_mode` parameter to properly support multiprocessing in Gauge creation.
- Ensure consistent behavior for labeled and unlabeled Gauges.

* fix: handle invalid env var and document watchdog prerequisite

- Add try/except ValueError for PRISMA_METRICS_COLLECTION_INTERVAL_SECONDS
  to prevent proxy startup crash on non-numeric values (e.g. "30s")
- Document that DB metrics require both prometheus_system callback and
  PRISMA_HEALTH_WATCHDOG_ENABLED=true

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use defensive null coalescing for query_raw row values

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* test: add invalid env var fallback test and fix mock signature

- Add test for non-numeric PRISMA_METRICS_COLLECTION_INTERVAL_SECONDS
- Add **kwargs to mock _patched_get_or_create_gauge for forward compat

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 08:49:46 -07:00
milan-berri df2e1bca46 feat: allow JWT and OAuth2 auth to coexist on the same instance (#23153)
When both enable_jwt_auth and enable_oauth2_auth are True, the proxy now
routes tokens based on their format:
- JWT tokens (3 dot-separated parts) -> JWT auth handler
- Opaque tokens -> OAuth2 auth handler

This enables using JWT for human users and OAuth2 for M2M (machine) clients
on the same LiteLLM instance. Previously, enabling OAuth2 would intercept
all tokens on LLM API routes before JWT auth could run.

When only one auth method is enabled, behavior is unchanged (backward compatible).
2026-03-09 08:41:27 -07:00