* fix(ui/): add mcp input as an example for custom code guardrails
* feat(a2a/): ensure a2a guardrails works on response output
* feat(a2a/): support streaming guardrails
* fix(ui/): add mcp input as an example for custom code guardrails
The __init__ method was trying to access self.__annotations__ before
super().__init__() was called, resulting in an empty annotations dict.
Changed to use the class annotations directly: LiteLLM_JWTAuth.__annotations__
instead of self.__annotations__.
This fixes the ValueError:
"Invalid arguments provided: user_email_jwt_field, user_id_upsert,
user_allowed_email_domain. Allowed arguments are: ."
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixes issue where users with disallowed email domains receive a
generic "user doesn't exist" error instead of a clear message
about the email domain not being allowed.
Changes:
- Add explicit check for valid_user_email before get_user_object
- Raise ProxyException with clear error message when email domain
is not in the allowed list
- Prevents confusing error message for email domain restrictions
This fixes the test_allow_access_by_email test failure.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixes PLR0915 linting error (too many statements: 64 > 50) by extracting
repeated logic into four helper methods:
- _handle_conditional_match
- _handle_category_keyword_match
- _handle_pattern_match
- _handle_blocked_word_match
This improves code organization and maintainability while preserving
all existing functionality.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Restructure comments to make the intent clearer:
- First function: matches/tracks policies (may find nothing)
- Second function: always runs independent resolution (may find inherited guardrails)
This makes it clear why both functions must always be called.
Remove early return when applied_policy_names is empty to preserve
original behavior where PolicyResolver.resolve_guardrails_for_context()
is always called. The resolver does its own independent matching and
inheritance resolution, which can apply guardrails from parent policies
even when child policies fail their conditions.
This ensures no guardrails are silently dropped due to the refactoring.
Addresses Greptile review feedback on behavioral change.
Add PolicyMatchContext to TYPE_CHECKING block to fix F821 undefined
name errors in helper function type hints.
Fixes:
- proxy/litellm_pre_call_utils.py:1524:15: F821
- proxy/litellm_pre_call_utils.py:1596:15: F821
Refactor add_guardrails_from_policy_engine by extracting two helper
functions to reduce the statement count from 52 to under 50:
- _match_and_track_policies: Handles policy matching and tracking
- _apply_resolved_guardrails_to_metadata: Handles guardrail resolution
Fixes Ruff PLR0915 linting error (too many statements).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix(content_filter.py): fix filter on toxic keywords
* feat: improve toxic/abusive language detection
* fix: additional improvements to nsfw filters
* feat: more improvements to nsfw filter
* feat(content_filter.json): add new australia specific nsfw content filter
ensure complete coverage for australia nsfw
* fix: cleanup policy templates
* fix(index.tsx): alert notice
* fix(index.tsx): add disclaimer notice
* feat(harmful_child_safety.yaml): new child safety content filter
ensure we catch inappropriate, child-specific content
* feat(policy_templates.json): add child safety and self harm filters
* fix(content_filter.py): improve racial bias filter to use a similar identifier + block word pattern and cover a wider range of ethnicities
* feat(policy_templates.json): add racial bias to nsfw policy template
* feat: add json content viewer
Remove unused local variable 'original_guardrails' that was assigned
but never used in the _execute_guardrail_step method.
Fixes Ruff F841 linting error.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix(model_cost): add missing supports_system_messages and supports_tool_choice to bedrock/moonshotai.kimi-k2.5
* fix(streaming): ensure role=assistant is set on first streaming chunk via strip_role_from_delta
* fix(vertex_ai): ensure role=assistant on first streaming chunk for Llama models
Add VertexAILlama3StreamingHandler that injects role='assistant' into the
first streaming chunk delta when the Vertex AI Llama API omits it.
* fix(anthropic): filter unsupported JSON schema constraints for structured outputs
Fixes 400 error when using Anthropic models with structured outputs that have
min/max constraints.
The Anthropic API doesn't support these JSON schema constraints:
- minimum/maximum (numeric)
- exclusiveMinimum/exclusiveMaximum (numeric)
- minLength/maxLength (string)
- minItems/maxItems (array)
This mirrors the transformation done by the official Anthropic Python SDK.
See: https://platform.claude.com/docs/en/build-with-claude/structured-outputs#how-sdk-transformation-works
Adds tests for the schema filtering function.
* fix: update descriptions with removed constraint info in filter_anthropic_output_schema
Address review feedback: the function now appends removed constraint
information to the description field (matching Anthropic SDK behavior),
rather than silently dropping constraints.
---------
Co-authored-by: OpenClaw <openclaw@users.noreply.github.com>
* Add pipeline type definitions for guardrail pipelines
PipelineStep, GuardrailPipeline, PipelineStepResult, PipelineExecutionResult
with validation for actions (allow/block/next/modify_response) and modes.
* Export pipeline types from policy_engine types package
* Add optional pipeline field to Policy model
* Add pipeline executor for sequential guardrail execution
* Parse pipeline config in policy registry
* Add pipeline validation in policy validator
* Add pipeline resolution and managed guardrail tracking
* Resolve pipelines and exclude managed guardrails in pre-call
* Integrate pipeline execution into proxy pre_call_hook
* Add test guardrails for pipeline E2E testing
* Add example pipeline config YAML
* Add unit tests for pipeline type definitions
* Add unit tests for pipeline executor
* Add pipeline column to LiteLLM_PolicyTable schema
* Add pipeline field to policy CRUD request/response types
* Add pipeline support to policy DB CRUD operations
* Add PipelineStep and GuardrailPipeline TypeScript types
* Add Zapier-style pipeline flow builder UI component
* Integrate pipeline flow builder with mode toggle in policy form
* Add pipeline display section to policy info view
* Add unit tests for pipeline in policy CRUD types
* Refactor policy form to show mode picker first with icon cards
* Add full-screen FlowBuilderPage component for pipeline editing
* Wire up full-screen flow builder in PoliciesPanel with edit routing
* Restyle flow builder to match dev-tool UI aesthetic
* Restyle flow builder cards to match reference design
* Update step card to expanded layout with stacked ON PASS / ON FAIL sections
* Add end card to flow builder showing return to normal control flow
* Add PipelineTestRequest type for test-pipeline endpoint
* Export PipelineTestRequest from policy_engine types
* Add POST /policies/test-pipeline endpoint
* Add testPipelineCall networking function
* Add PipelineStepResult and PipelineTestResult types
* Add test pipeline panel to flow builder with run button and results display
* Fix pipeline executor: inject guardrail name into metadata so should_run_guardrail allows execution
* Update litellm/proxy/policy_engine/pipeline_executor.py
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Update litellm/proxy/utils.py
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Update litellm/proxy/policy_engine/policy_endpoints.py
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Update litellm/proxy/policy_engine/pipeline_executor.py
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
- vertex_ai/gemini/transformation.py: Fix TypedDict assignment via dict alias
- mcp_server/server.py: Convert ASGI scope to dict for type compatibility
- pass_through_endpoints.py: Add explicit Optional[dict] type annotation
- vector_store_endpoints/endpoints.py: Add Any type for dynamic proxy hook
- responses transformation.py: Use dict(Reasoning()) and setattr for compatibility
- zscaler_ai_guard.py: Add assert for api_base nullability
Co-authored-by: OpenClaw <openclaw@users.noreply.github.com>
- vertex_ai/gemini: fix TypedDict assignment via explicit dict cast
- mcp_server: convert MutableMapping scope to dict for type safety
- pass_through_endpoints: simplify custom_body logic to fix type narrowing
- vector_store_endpoints: add Any annotation for dynamic hook return
- responses transformation: use dict() for Reasoning and setattr for dynamic field
- zscaler_ai_guard: add assert for api_base None check
Co-authored-by: shin-bot-litellm <shin-bot-litellm@users.noreply.github.com>
* Pyroscope: require PYROSCOPE_APP_NAME and PYROSCOPE_SERVER_ADDRESS, add UTF-8 locale hint
- No defaults for PYROSCOPE_APP_NAME or PYROSCOPE_SERVER_ADDRESS; fail at startup if unset when Pyroscope is enabled
- Set LANG/LC_ALL to C.UTF-8 when unset to reduce malformed_profile (invalid UTF-8) rejections
- Startup message suggests PYTHONUTF8=1 if server rejects profiles
- Simplify LITELLM_ENABLE_PYROSCOPE in config_settings; document Pyroscope env vars as required with no default
- Add pyroscope_profiling to sidebar (Alerting & Monitoring)
- pyproject.toml: pyroscope-io as required dep on non-Windows (marker), in proxy extra
* proxy: add PYROSCOPE_SAMPLE_RATE env, use verbose logging, fix int type
- Add optional PYROSCOPE_SAMPLE_RATE env (integer, no default)
- Pass sample_rate to pyroscope.configure() as int for pyroscope-io
- Replace print with verbose_proxy_logger (info/warning)
- Document PYROSCOPE_SAMPLE_RATE in config_settings.md
* Address Greptile PR feedback: Pyroscope optional, docs, tests, docstring
- pyproject.toml: mark pyroscope-io as optional=true (proxy extra only)
- Add docs/my-website/docs/proxy/pyroscope_profiling.md (fix broken sidebar link)
- Add tests/test_litellm/proxy/test_pyroscope.py for _init_pyroscope()
- proxy_server: fix _init_pyroscope docstring (required server/app name, sample rate as int)
* Update litellm/proxy/proxy_server.py
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* fix: populate identity fields in proxy admin JWT early-return path
When is_proxy_admin is True, the UserAPIKeyAuth early-return now includes
user_id, team_id, team_alias, team_metadata, org_id, and end_user_id
resolved from the JWT. Previously only user_role and parent_otel_span
were set, causing blank Team Name and Internal User in Request Logs UI.
* test: add unit tests for proxy admin JWT identity fields