Add _depth/_max_depth guards (default 20) so the nested dict masking
cannot run away, and allowlist the function in the recursive_detector
CI check alongside the other bounded recursive helpers.
Use the standard depth/max_depth pattern with DEFAULT_MAX_RECURSE_DEPTH
to guard the recursive list-unwrapping in _read_image_bytes, matching
the existing pattern used by _read_all_bytes in vertex_imagen.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(guardrails/): allow custom code execution for guardrails
first step in allowing teams to submit custom code for guardrails
* feat: custom_code_guardrail.md
support passing custom code for guardrails
* feat: initial commit adding ui for custom code guardrails
allows users to write guardrails based on custom code
* feat: expose new test custom code guardrail endpoint
allows ui testing playground to sanity check if guardrail is working as expected
* fix: fix linting errors
* fix: fix max recursion check
* fix: fix linting error
* fix(bedrock): filter non-serializable objects from request params
- Enhanced filter_exceptions_from_params() to filter callable objects (functions) and Logging objects
- Applied filtering in Bedrock's _prepare_request_params() before deepcopy
- Applied filtering to additional_request_params before JSON serialization
- Prevents TypeError during deepcopy (APIConnectionError objects) and JSON serialization (functions, Logging objects)
- Fixes test_bedrock_tool_calling test failures
Root cause: MCP-related functions (handle_chat_completion_with_mcp, completion_callable) and litellm_logging_obj were incorrectly added to optional_params via add_provider_specific_params_to_optional_params(), which then ended up in additional_request_params. These objects should be in litellm_params, not optional_params.
* fix(bedrock): filter internal MCP parameters from API requests
Filter out LiteLLM internal/MCP-related parameters (skip_mcp_handler,
mcp_handler_context, _skip_mcp_handler) from additional_request_params
before sending to Bedrock API to prevent 'extraneous key' errors.
- Added filter_internal_params() helper function in core_helpers.py
- Applied filtering in Bedrock's _prepare_request_params() method
- Fixes test_bedrock_completion.py::test_bedrock_tool_calling
* fix: mypy type error
* fix: add filter_exceptions_from_params to recursive function ignore list
- Add filter_exceptions_from_params to IGNORE_FUNCTIONS in recursive_detector.py
- Function is safe: has max_depth parameter (default 20) to prevent infinite recursion
The _delete_nested_value_custom function is recursive but has bounded depth
(limited by the number of path segments), preventing infinite recursion.
This is necessary for nested field removal in additional_drop_params.
* Attempt CI/CD Fix
* Adding test for coverage
* Adding max depth to copilot and vertex
* Fixing mypy lint and docker database
* Fixing UI build issues
* Update playwright test
* build(model_prices_and_context_window.json): remove 'supports_tool_choice' for specific mistral models
Closes https://github.com/BerriAI/litellm/issues/11750
* feat: initial commit adding cleaner ui for azure text moderation guardrails
* feat(guardrail_endpoints.py): add discoverable guardrail configs and improve converting base model to dict with types
* fix(guardrail_provider_fields.tsx): render from api endpoint correctly
* fix(guardrail_provider_fields.tsx): cleanup
* refactor(guardrail_endpoints.py): refactor to handle dictionaries with literal - allows multiselect
* feat(ui/): render dictionary with known keys correctly
* feat(ui/): render optional params on separate page
* style(ui/): style improvements to rendering optional params on the UI
* feat(azure/prompt_shield.py): add azure prompt shield back on UI
* fix(add_guardrail_form.tsx): fix form to handle updated api
* fix(guardrail_optional_params.tsx): ensure values are nested correctly for writing to api
* fix: fix linting error
* feat(text_moderation.py): handle str to int conversion
* fix(guardrail_info.tsx): only render pii settings if guardrail is presidio
* fix(guardrail_info.tsx): add guardrail specific fields to update settings
allows updating guardrail fields (e.g. severity threshold) post-create
* fix(guardrail_endpoints.py): set guardrail_id in guardrail object
ensures duplicate objects not created on guardrail update
* fix(guardrail_endpoints.py): allow provider specific fields to be updated on patch update
* refactor(guardrail_endpoints.py): remove duplicate info endpoint
* fix(guardrail_endpoints.py): mask sensitive keys on returning via guardrail `/info`
Prevent leaking keys
* fix(guardrail_optional_params.tsx): return numerical input when numerical component used
fixes issue where output was a str
* fix(guardrail_optional_params.tsx): render dict keys correctly
* fix(text_moderation.py): fix severity by category check
* fix(proxy/utils.py): check if guardrail should run for post call streaming hook
Prevents invalid guardrails from running if not requested
* test: fix import
* fix: fix linting error
* test: update test
* fix: fix tests
* fix: fix code qa errors
* fix(guardrail_endpoints.py): set max depth for function
* test: update recursive_detector.py
* test: update list
* build: merge main
* fix: fix ruff check errors
* fix(auth_checks.py): enforce auth checks on target model names
ensures user has access to models they are trying to call
* test(test_auth_utils.py): add unit tests for auth check
* fix(exception_mapping_utils.py): handle mistral 429 exception
* fix: fix linting error
* fix(auth_checks.py): add max fallback depth
* fix(vertex_ai.py): common_utils.py
move to only passing in accepted keys by vertex ai
prevent json schema compatible keys like $id, and $comment from causing vertex ai openapi calls to fail
* fix(test_vertex.py): add testing to ensure only accepted schema params passed in
* fix(common_utils.py): fix linting error
* test: update test
* test: accept function
* fix(caching_routes.py): mask redis password on `/cache/ping` route
* fix(caching_routes.py): fix linting erro
* fix(caching_routes.py): fix linting error on caching routes
* fix: fix test - ignore mask_dict - has a breakpoint
* fix(azure.py): add timeout param + elapsed time in azure timeout error
* fix(http_handler.py): add elapsed time to http timeout request
makes it easier to debug how long request took before failing
Yuneng Jiang