Commit Graph

37495 Commits

Author SHA1 Message Date
Cursor Agent e24c02f478 [Infra] Dockerfile.non_root: add BuildKit uv cache mount
Mount /app/.cache/uv as a BuildKit type=cache on both 'uv sync' steps.
The cache persists across builds on the same builder (and, when used
with type=gha in CI, across CI runs) so repeat builds don't re-download
every wheel.

Side-effect: because the cache lives outside the image layer, the
~742MB of downloaded wheel archives that were previously baked into
/app/.cache/uv drop out of the final image. Compressed image size
goes from ~5.0GB to ~3.7GB, and the 'USER nobody' prisma-generate
layer is 1.7GB vs 2.4GB.

Warm-build timing: a uv-sync-invalidating edit now takes ~1m30s vs
~2m39s without the cache mount, on this dev VM.

API parity and UI visual regression continue to match baseline.
Trivy HIGH/CRITICAL: 6 at baseline -> 2 now, no new CVEs.

Co-authored-by: yuneng-jiang <yuneng-berri@users.noreply.github.com>
2026-04-19 06:35:39 +00:00
Cursor Agent ca52e346b0 [Infra] Dockerfile.non_root: slim C toolchain in builder stage
After Task 2.1 removed the in-image Next.js build, the builder stage no
longer needs a full C/C++ + Clang toolchain. Keep gcc + python3-dev
(required to compile ml-dtypes 0.4.1 from source — no wheel published
for Python 3.13 yet). Drop everything else.

Removed from apk: clang, llvm, lld, linux-headers, build-base,
openssl-dev, npm. Removed NVM_DIR env and /root/.nvm from PATH
(no nvm-based Node install anymore).

Kept: python3, python3-dev, gcc, bash, coreutils, curl, openssl,
libsndfile, nodejs. gcc (15.2) serves both C and C++; the separate
g++ package doesn't exist in Wolfi.

Image size unchanged (builder stage doesn't end up in the runtime);
cold builds slightly slower due to ml-dtypes source compile, but that
will be recovered in the next task via a BuildKit uv cache mount.
API parity and UI visual regression both match baseline, Trivy
HIGH/CRITICAL CVE count unchanged from opt-2 (4 CVEs, none new).

Co-authored-by: yuneng-jiang <yuneng-berri@users.noreply.github.com>
2026-04-19 05:59:31 +00:00
Cursor Agent 78485f5a32 [Infra] Dockerfile.non_root: remove unused npm from runtime stage
npm was installed in the runtime only to globally install vulnerability
patched versions of tar/glob/brace-expansion/minimatch/diff and to
in-place rewrite npm's own bundled package.json. Both were to silence
CVE scanners against modules that ship with npm itself.

Since we no longer run npm anywhere in the runtime (Prisma uses the
node binary directly for migrate deploy and generate), we can just
skip installing npm in the first place. This eliminates both the
~25-line CVE-patch shuffle AND the underlying CVE surface.

Kept: nodejs (needed by prisma-python's CLI and migrate deploy).
Removed: npm apk package, all 'npm install -g', all find+sed patching,
the redundant 'apk upgrade --no-cache nodejs' (already covered by the
preceding 'apk upgrade').

Image: 4.97GB (opt-1) -> 4.97GB (opt-2); the real win is that two
CVEs (CVE-2026-33671 and GHSA-q4gf-8mx6-v5v3) drop off the Trivy
HIGH/CRITICAL list. No new CVEs introduced. API parity and UI
visual regression both match baseline.

Co-authored-by: yuneng-jiang <yuneng-berri@users.noreply.github.com>
2026-04-19 05:11:06 +00:00
Cursor Agent 004c6b1b3e [Infra] Dockerfile.non_root: stage pre-built UI from _experimental/out
The checked-in Next.js static export at litellm/proxy/_experimental/out/
is kept fresh by the UI Drift Guard CI workflow. Stage it directly
instead of re-running npm ci + npm run build inside the image.

This removes: nvm install, node 20.20.2 install, npm ci (801 pkgs),
next build, and the resulting intermediate node_modules/out tree.

Build time: ~6m25s -> ~2m (fuse-overlayfs DinD); image 6.57GB -> 5.0GB.
Behavior parity verified: API endpoints, UI screenshots (all 10 routes
pixel-perfect), and Trivy HIGH/CRITICAL CVE count (6 -> 5, one npm
GHSA removed) all match or improve over baseline.

Co-authored-by: yuneng-jiang <yuneng-berri@users.noreply.github.com>
2026-04-19 04:21:46 +00:00
Cursor Agent 65a60dbe35 [Infra] CI: add UI drift guard + regenerate _experimental/out
Adds a CI job that rebuilds the admin UI from source and fails if the
committed static export at litellm/proxy/_experimental/out/ has drifted
from what npm run build produces. This prevents silently shipping stale
UI bytes and is a prerequisite for the non_root Dockerfile streamlining
work, which will stage the UI from _experimental/out/ directly instead
of rebuilding it inside the image.

Also regenerates litellm/proxy/_experimental/out/ to match a fresh
npm run build (Node 20.20.2) — the committed tree had drifted from
source prior to this commit.

Co-authored-by: yuneng-jiang <yuneng-berri@users.noreply.github.com>
2026-04-19 04:03:10 +00:00
ishaan-berri 2f22a1293e bump litellm-proxy-extras to 0.4.67 (#26043)
* bump litellm-proxy-extras version to 0.4.67

* bump litellm-proxy-extras pin to 0.4.67 in litellm pyproject

* regenerate uv.lock for litellm-proxy-extras 0.4.67

* bump litellm-enterprise version to 0.1.38

* bump litellm-enterprise pin to 0.1.38 in litellm pyproject

* regenerate uv.lock for litellm-enterprise 0.1.38
2026-04-18 19:03:56 -07:00
yuneng-jiang 9e77e25107 Merge pull request #26038 from BerriAI/yj_bump_apr18
bump: version 1.83.9 → 1.83.10
2026-04-18 18:54:11 -07:00
Yuneng Jiang 49ba6b8160 add uv lock 2026-04-18 18:43:09 -07:00
yuneng-jiang e16bd158c3 Merge pull request #26033 from BerriAI/yj_ui_build_apr18
[Infra] Build UI
2026-04-18 18:37:01 -07:00
Yuneng Jiang 4d63a1367e bump: version 1.83.9 → 1.83.10 2026-04-18 18:31:24 -07:00
Yuneng Jiang 0278d73cd9 Merge remote-tracking branch 'origin/litellm_internal_staging' into yj_ui_build_apr18 2026-04-18 16:48:19 -07:00
Yuneng Jiang aab3ef8988 chore: update Next.js build artifacts (2026-04-18 23:46 UTC, node v22.16.0) 2026-04-18 16:46:25 -07:00
Yuneng Jiang ba24e4a1b3 remove next env 2026-04-18 16:45:32 -07:00
ryan-crabbe-berri 67bf18dfe0 Merge pull request #25989 from BerriAI/litellm_feat-multi_threshold_budget_alerts
feat: configurable multi-threshold budget alerts for virtual keys
2026-04-18 16:21:29 -07:00
Ryan Crabbe c8b7c1bafa Merge remote-tracking branch 'origin/litellm_internal_staging' into litellm_feat-multi_threshold_budget_alerts 2026-04-18 15:26:02 -07:00
Ryan Crabbe eb6fd98611 Merge remote-tracking branch 'origin/main' into litellm_feat-multi_threshold_budget_alerts 2026-04-18 14:54:26 -07:00
ishaan-berri ecff06df65 Merge pull request #26032 from BerriAI/litellm_mcp_pkce_fix_v2
fix(mcp): restore PKCE-triggering 401 when no stored per-user token exists
2026-04-18 14:52:31 -07:00
Yuneng Jiang de790fd273 chore: update Next.js build artifacts (2026-04-18 21:49 UTC, node v22.16.0) 2026-04-18 14:49:27 -07:00
shin-berri 85b1b93661 Merge pull request #26022 from BerriAI/litellm_/reverent-kirch-7cf0a6
[Infra] Bump proxy dependencies and raise minimum Python to 3.10
2026-04-18 14:44:24 -07:00
yuneng-jiang e69051916e Merge pull request #25983 from BerriAI/litellm_yj_apr17
[Infra] Merge dev branch
2026-04-18 14:43:04 -07:00
yuneng-jiang 63313bcd77 Merge pull request #25994 from BerriAI/litellm_project_rate_limiting
fix: enforce project-level model-specific rate limits in parallel_req…
2026-04-18 14:31:08 -07:00
Ryan Crabbe 0a4b02fe76 fix: tighten recipient_emails guard to reject empty list
send_max_budget_alert_email previously guarded with `is not None`, which
accepts `[]` and then crashes on `recipient_emails[0]` inside
_get_email_params. The current caller (_handle_multi_threshold_max_budget_alert)
already filters empty lists upstream, but the public method signature makes
no such guarantee — a future caller passing [] would hit IndexError.

Switch to truthiness so both None and [] fall through to the single-recipient
path.
2026-04-18 14:07:18 -07:00
Ishaan Jaffer b7813aad41 fix(mcp): restore PKCE-triggering 401 when no stored per-user token exists
Per-user OAuth MCP requests now only skip pre-emptive 401 when a stored token is available, preserving token-reuse behavior while restoring fast PKCE kickoff for first-time or missing-token users.
2026-04-18 14:04:22 -07:00
Ryan Crabbe 029d9bcfc7 refactor: inline _parse_email_list in auth_checks to drop enterprise dep
The lazy import from litellm_enterprise inside _normalize_alert_emails
coupled the core proxy auth path to an optional package. Core should not
depend on enterprise, even lazily — it hides the dependency from static
analysis and inverts the intended layering.

Duplicate the 7-line parser locally. It's pure and unlikely to drift; the
enterprise copy stays where it is for its own callers.
2026-04-18 13:51:00 -07:00
Ryan Crabbe 8b86a3b041 fix: normalize alert-email configs at merge boundary
_merge_budget_alert_email_configs previously called list() directly on each
threshold's value, which raised TypeError on null YAML values and silently
split bare strings into single characters. Both are reachable from user-
supplied global config and per-key metadata, so the crash could fire on
every authenticated request once the metadata was in place.

Route both inputs through a _normalize_alert_emails helper that delegates
to the existing _parse_email_list parser (lazy-imported, matching the
enterprise import pattern used elsewhere in proxy/). The merge body keeps
its tight Dict[str, List[str]] contract.
2026-04-18 13:48:48 -07:00
Ryan Crabbe 09a524a351 fix: narrow CallInfo.max_budget_alert_emails to Dict[str, List[str]]
The Union[str, List[str]] value type was speculative — _merge_budget_alert_email_configs
always returns List[str] values, and no caller produces bare strings. Narrowing to
match the runtime guarantee resolves a mypy invariance error at auth_checks.py:3021
without adding casts or Mapping covariance.
2026-04-18 13:39:33 -07:00
shivam dbf4f9637f Merge remote-tracking branch 'upstream/litellm_internal_staging' into litellm_project_rate_limiting 2026-04-18 13:26:24 -07:00
Yuneng Jiang f483f1e800 Merge remote-tracking branch 'origin/litellm_internal_staging' into litellm_yj_apr17 2026-04-18 13:19:16 -07:00
Yuneng Jiang ec590f938b Merge remote-tracking branch 'origin/litellm_internal_staging' into litellm_/reverent-kirch-7cf0a6 2026-04-18 13:18:45 -07:00
yuneng-jiang 643e941b64 Merge pull request #26026 from BerriAI/litellm_fixPrometheusHelpersPackageCollision
[Fix] Resolve prometheus_helpers file/package shadow breaking /global/spend/logs
2026-04-18 13:18:04 -07:00
Yuneng Jiang cfdf893226 [Fix] Merge prometheus_helpers.py into prometheus_helpers/__init__.py to resolve file/package collision
A previous refactor added `litellm/integrations/prometheus_helpers.py` as a
sibling to the existing `litellm/integrations/prometheus_helpers/` directory
(which contains `prometheus_api.py` and has no `__init__.py`). The file
shadowed the namespace-package directory, so any deferred
`from litellm.integrations.prometheus_helpers.prometheus_api import ...`
raised `ModuleNotFoundError: 'litellm.integrations.prometheus_helpers' is
not a package` at request time.

Two runtime call sites hit that path:
- /global/spend/logs (spend_management_endpoints.py) returned plain-text 500
  "Internal Server Error" for every call, breaking the Admin UI Usage tab
  and programmatic consumers.
- SlackAlerting.send_fallback_stats_from_prometheus silently failed inside
  its own try/except.

Fix: move prometheus_helpers.py content into prometheus_helpers/__init__.py
and delete the stray .py. The directory becomes a regular package, so both
the package-root import (from ...prometheus_helpers import X) and the
submodule import (from ...prometheus_helpers.prometheus_api import X)
resolve correctly. No call sites change.
2026-04-18 13:04:32 -07:00
yuneng-jiang 8e00f61026 Merge pull request #26023 from BerriAI/litellm_/eloquent-feistel-b346ec
[Fix] UI - Keys: strip empty premium fields from key update payload
2026-04-18 13:01:38 -07:00
Yuneng Jiang f24c8dbf79 chore: bump CircleCI conda envs from python 3.9 to 3.10
Six CI jobs create a miniconda env with python=3.9 before installing
the project; these jobs now fail resolution because the project
requires-python is >=3.10. Bump the conda env python to 3.10 to match
the new floor.
2026-04-18 13:00:03 -07:00
Yuneng Jiang 9bdb3b1772 chore: lower python floor from 3.11 to 3.10
All three dependency bumps in this PR resolve on Python 3.10, so there
is no need to jump the floor all the way to 3.11. Also restore the
py3.10-specific lunary==1.4.36 pin that was collapsed when the floor
was temporarily at 3.11.
2026-04-18 12:50:04 -07:00
Yuneng Jiang d1e665742b chore: drop stale python_version markers after floor raise
Now that requires-python starts at 3.11, the "python_version >= '3.9'"
and ">= '3.10'" markers are unconditionally true, and the "< '3.10'"
entries for psycopg, Pillow, pyarrow, langchain, lunary, and pylint can
never resolve. Drop the dead markers and remove the unreachable pins so
the dependency list reflects what actually gets installed.
2026-04-18 12:31:53 -07:00
Yuneng Jiang cae8b74b0b Fall back to top-level keyData when resolving previous premium value
Premium fields like policies are echoed at the top level of the
/key/update response, not necessarily mirrored into metadata. Read
metadata first then fall back to the top-level property so an
intentional clear is preserved in either shape.
2026-04-18 12:23:58 -07:00
Yuneng Jiang 2c41f3c291 [Fix] UI - Keys: strip empty premium fields from key update payload
The /key/update response echoes top-level defaults like policies:[] into
client state. On a subsequent edit, the form resends policies:[], which
the backend treats as "user is setting policies" and blocks with a 403
enterprise check regardless of value.

Drop premium metadata fields from the update payload when the current
form value and the previously persisted value are both empty. Genuine
clears (non-empty -> empty) still pass through so premium users can
clear policies as intended.
2026-04-18 12:17:45 -07:00
Yuneng Jiang 1c29c5e903 chore: bump proxy deps and raise python floor to 3.11
Bumps orjson, fastapi-sso, and python-multipart to their latest releases
in the proxy extra, and raises the project python floor to 3.11 so the
updated pins can resolve. CI already runs on 3.11 / 3.12 / 3.13 and the
Docker images ship python 3.13, so the floor change aligns the declared
support range with what is actually tested and shipped.
2026-04-18 12:16:35 -07:00
ryan-crabbe-berri fc35c68108 Merge pull request #26003 from BerriAI/litellm_fix-extra-headers-not-persisting
fix(ui): extra_headers not persisting on MCP server edit
2026-04-18 12:08:35 -07:00
Shivam Rawat f870095f3f Merge pull request #25991 from BerriAI/litellm_persist_default_router_end_budget
Litellm persist default router end budget.
2026-04-18 11:52:20 -07:00
shivam 0d950612f4 refactor: extract success pipeline ops to fix PLR0915 in parallel_request_limiter_v3
Move async_log_success_event pipeline construction into
_build_success_event_pipeline_operations so the async hook stays
under Ruff's max-statement limit.

Made-with: Cursor
2026-04-18 11:38:05 -07:00
ishaan-berri d03c301c79 Merge pull request #25936 from BerriAI/litellm_health-check-reasoning-tokens
fix(proxy): prioritize reasoning health-check max token precedence
2026-04-18 11:35:04 -07:00
ishaan-berri f476447875 Merge pull request #25846 from BerriAI/litellm_bedrock_cache_start_negative_cost
fix(bedrock): prevent negative streaming costs for start-only cache usage
2026-04-18 11:30:07 -07:00
Yuneng Jiang 9c0b73e5f4 [Fix] should_create_missing_views returns False for reltuples=0 (falsy zero bug)
`should_create_missing_views()` had `and result[0]["reltuples"]` which is
falsy when reltuples=0. On a fresh empty PostgreSQL table, CREATE INDEX sets
reltuples=0, causing the guard to return False and skip view creation entirely.
Views like MonthlyGlobalSpendPerKey are never created, and the
/global/spend/logs endpoint returns 500.

Fix: change to `and result[0]["reltuples"] is not None` so reltuples=0
(empty table) and reltuples=-1 (unanalyzed table) both correctly return True.

Also harden test_vertex_ai.py to return None instead of crashing with
JSONDecodeError when the spend-logs endpoint returns a non-JSON 500 response,
and add unit tests covering all three reltuples branches (0, -1, positive).
2026-04-18 11:00:09 -07:00
shivam 46a04e26f1 fix: increment model_per_project TPM counter in async_log_success_event
Without this, project-level model_tpm_limit was silently acting as an
RPM cap — the pre-call +1 sentinel was tracked but the actual token
count was never added after a successful call.

Extracts user_api_key_project_id from standard_logging_metadata and
adds a model_per_project pipeline operation matching the existing
model_per_team and model_per_organization patterns.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-18 10:41:06 -07:00
Ishaan Jaffer 6bf90fb10a fix(mypy): cast msg and pending_delta in _promote_message_stop_usage to resolve union-attr and assignment errors 2026-04-18 10:37:30 -07:00
ishaan-berri 319839d8d6 Merge pull request #25494 from jlav/jl/helm-tpl-extra-containers
feat(helm): add tpl support to extraContainers and extraInitContainers
2026-04-18 10:31:37 -07:00
ishaan-berri d042b4418a Merge pull request #25929 from BerriAI/litellm_pages_support_for_ocr
feat(ocr/azure-di): support Mistral-style pages param via analyze query string
2026-04-18 10:26:59 -07:00
ryan-crabbe-berri 55d3229a63 Merge pull request #25879 from BerriAI/litellm_chore-migrate-router-settings-page-off-of-tremor
chore(ui): migrate router_settings page from Tremor to antd
2026-04-18 10:23:10 -07:00
ryan-crabbe-berri 2a76f10991 Merge pull request #25749 from BerriAI/litellm_chore-migrate-guardrail-test-playground-off-tremor
chore(ui): migrate GuardrailTestPlayground off @tremor/react to antd
2026-04-18 10:14:47 -07:00