Commit Graph

1073 Commits

Author SHA1 Message Date
Ishaan Jaff d2bd029fa4 [Fix] 404 Not Found on /api/event_logging/batch endpoint (#20504)
* fix typing

* add event_logging_batch

* TestEventLoggingBatchEndpoint
2026-02-05 10:58:08 -08:00
Sameer Kankute 453d1bd5e1 Merge branch 'main' into litellm_oss_staging_02_04_2026 2026-02-05 12:19:03 +05:30
Sameer Kankute 5422a5962e Fix test_route_a2a_model_bypasses_router 2026-02-05 09:47:05 +05:30
Ishaan Jaff 6a73e5bd37 Revert "fix(a2a): use text/event-stream SSE format for message/stream endpoin…" (#20446)
This reverts commit 0209b214ac.
2026-02-04 16:08:22 -08:00
shin-bot-litellm 0209b214ac fix(a2a): use text/event-stream SSE format for message/stream endpoint (#20365)
* fix(a2a): use text/event-stream SSE format for message/stream endpoint

The A2A gateway's streaming response was using application/x-ndjson
Content-Type and raw NDJSON body format. The A2A protocol spec requires
text/event-stream with SSE framing (data: ...\n\n).

The official a2a-sdk client validates the Content-Type header and raises
SSEError when it doesn't contain text/event-stream.

Changes:
- Changed media_type from application/x-ndjson to text/event-stream
- Updated response body to use SSE framing (data: prefix + \n\n suffix)
- Added tests validating Content-Type and SSE body format

Fixes #20278

* Potential fix for code scanning alert no. 4045: Information exposure through an exception

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* test(a2a): add manual SSE format validation script

Adds a manual test script that:
1. Starts a real A2A agent on port 10001
2. Starts LiteLLM proxy with the agent registered
3. Makes a streaming request to the proxy's A2A gateway
4. Validates Content-Type header is text/event-stream
5. Validates body uses SSE framing (data: ...\n\n)

Run: python tests/a2a_manual/test_a2a_sse_manual.py

---------

Co-authored-by: shin-bot-litellm <shin-bot-litellm@users.noreply.github.com>
Co-authored-by: Ishaan Jaff <ishaanjaffer0324@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-02-04 16:07:17 -08:00
yuneng-jiang a16faa9e0a Merge pull request #20394 from BerriAI/litellm_spend_fix_2
[Fix] Unique Constraint on Daily Tables + Logging When Updates Fail
2026-02-04 09:42:46 -08:00
Sameer Kankute a86e501632 Merge pull request #20407 from BerriAI/litellm_key_mcp_permissions
Add Key info endpoint object permission data
2026-02-04 17:56:05 +05:30
Sameer Kankute b2feedc469 Merge pull request #20318 from BerriAI/litellm_oss_staging_02_03_2026
feat(guardrails): implement team-based isolation guardrails mgmnt (#1…
2026-02-04 17:49:30 +05:30
Sameer Kankute 54b5c7d2cd Fix: litellm/tests/test_litellm/proxy/guardrails/guardrail_hooks/test_grayswan.py 2026-02-04 17:35:26 +05:30
Sameer Kankute fc873d8867 Fix mypy issues 2026-02-04 14:40:08 +05:30
Sameer Kankute 42561729ee Add Key info endpoint object permission data 2026-02-04 14:21:19 +05:30
akraines 774a015aad fix: Preserve streaming content on guardrail-sampled chunks (#20027)
The unified guardrail's streaming iterator hook processes every Nth
chunk (sampling_rate, default 5). On each sampled chunk it calls
process_output_streaming_response, which combines all accumulated text
into the first chunk and clears all subsequent chunks to "".

The hook then yielded `processed_items[-1]` — the last item, whose
content had been cleared to "". This permanently lost every Nth
chunk's content, causing random missing words/tokens in the client
output (observed in Roo Code, Open WebUI, etc.).

Fix: deep-copy the current chunk before guardrail processing runs,
then yield the original (unmodified) chunk. The guardrail validation
still executes and can block if it detects a problem, but the stream
content is preserved.

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 22:44:30 -08:00
Krish Dholakia ca34b4ee13 Revert "feat(guardrails): implement team-based isolation guardrails mgmnt (#1…" (#20393)
This reverts commit 76a399ba69.
2026-02-03 20:55:46 -08:00
yuneng-jiang 9ce55057ab Adding logging for when batching fails 2026-02-03 20:54:40 -08:00
yuneng-jiang 30027d2928 save empty endpoint as string 2026-02-03 20:26:57 -08:00
yuneng-jiang dc07a6922f Merge pull request #20371 from BerriAI/litellm_config_search_tools
[Feature] Include Config Defined Search Tools in /search_tools/list
2026-02-03 20:00:21 -08:00
Sameer Kankute 25fa1ad4e7 Merge pull request #20386 from naaa760/fix/extra-head-chat-comp-brid
fix(proxy): forward extra headers in chat
2026-02-04 09:11:43 +05:30
Ishaan Jaff 66eadfabe4 [Bug] Ensure MCP permissions are enforced when using JWT Auth (#20383)
* fix: enforce team MCP permissions when using JWT authentication

Root cause: When JWT auth was used with teams in groups (via team_ids_jwt_field),
the team's MCP permissions were not being enforced because:

1. The default team_allowed_routes did not include mcp_routes
2. allowed_routes_check() failed for MCP endpoints like /mcp/tools/list
3. find_team_with_model_access() skipped the team due to failed route check
4. team_id was None in UserAPIKeyAuth
5. MCPRequestHandler._get_allowed_mcp_servers_for_team() returned empty list

Fix: Add 'mcp_routes' to the default team_allowed_routes in LiteLLM_JWTAuth.

This ensures that teams can access MCP endpoints by default, allowing the
team's MCP server permissions to be properly enforced.

Added tests:
- test_reproduce_jwt_mcp_enforcement_issue: Reproduces the exact bug scenario
- test_verify_mcp_routes_in_default_team_allowed_routes: Verifies fix
- test_mcp_route_check_passes_for_team: Verifies route check works

Co-authored-by: ishaan <ishaan@berri.ai>

* test: add comprehensive E2E tests for JWT + team MCP permission enforcement

Added tests:
- test_e2e_jwt_team_mcp_permissions_enforced: Full E2E test verifying JWT auth
  with teams in groups properly sets team_id and MCPRequestHandler returns
  the team's MCP servers
- test_e2e_jwt_without_team_no_mcp_servers: Verifies no MCP servers returned
  when JWT has no teams
- test_e2e_jwt_team_mcp_key_intersection: Verifies intersection logic when
  both key and team have MCP permissions (result = intersection)

These tests verify the complete flow:
1. JWT token with team in groups field
2. JWT auth properly sets team_id on UserAPIKeyAuth
3. MCPRequestHandler.get_allowed_mcp_servers() returns team's MCP servers
4. Key/team permission intersection works correctly

Co-authored-by: ishaan <ishaan@berri.ai>

* test: add simple tests for JWT + MCP permission enforcement

Simple, focused tests that validate:
1. test_simple_jwt_mcp_permissions_enforced: JWT user with team gets team's MCP servers
2. test_simple_jwt_no_team_no_mcp_servers: JWT user without team gets no MCP servers
3. test_simple_jwt_team_id_required_for_mcp_permissions: Verifies team_id is required
4. test_jwt_auth_sets_team_id_for_mcp_route: JWT auth sets team_id for MCP routes

These tests directly verify the core MCP permission enforcement logic works
when using JWT authentication with teams.

Co-authored-by: ishaan <ishaan@berri.ai>

* Add test: MCP route without model still returns team_id

Co-authored-by: ishaan <ishaan@berri.ai>

* Add 2 debug logs for JWT+MCP troubleshooting

- handle_jwt.py: Log team route check result (team_id, route, is_allowed)
- user_api_key_auth_mcp.py: Log team_id when looking up MCP permissions

Co-authored-by: ishaan <ishaan@berri.ai>

---------

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: ishaan <ishaan@berri.ai>
2026-02-03 19:13:13 -08:00
yuneng-jiang cf256c742f allow max_budget reset 2026-02-03 16:32:21 -08:00
yuneng-jiang 3e3b21e6c3 masking sensitive values 2026-02-03 16:09:37 -08:00
yuneng-jiang 23d9a89793 search tools list includes config defined search tools 2026-02-03 15:57:13 -08:00
Ishaan Jaff d267c69086 [Feat] Use A2A registered agents with /chat/completions (#20362)
* test_a2a_registry_integration

* fix: render agents on model dropdown on UI

* init append_agents_to_model_group

* route_a2a_agent_request

* is_a2a_agent_model

* route_a2a_agent_request

* fix: error handling

* docs A2A usage

* docs fix

* feat: working A2a streaming

* fix transform
2026-02-03 15:25:38 -08:00
Xiaohan Fu 2b25d03046 Fix fail-open for grayswan and pass metadata to cygnal api endpoint (#19837)
* fix fail-open for grayswan; pass metadata to cygnal api endpoint; update docs

* pass litellm_metadata to cygnal in payload

* switch error msg to const, and clean exception handling.

* update pyproject.toml as requested

* Revert "update pyproject.toml as requested"

This reverts commit 4eece154d056ba33689a5584c86c8fc352bb7cdd.
2026-02-03 14:41:31 -08:00
Sameer Kankute b7f0d05dfd Merge pull request #20337 from BerriAI/main
update 02 staging PR
2026-02-03 17:08:01 +05:30
Sameer Kankute 9a6bafe89e Fix litellm/tests/test_litellm/proxy/_experimental/mcp_server/test_semantic_tool_filter.py tests 2026-02-03 15:01:10 +05:30
Harshit Jain 76a399ba69 feat(guardrails): implement team-based isolation guardrails mgmnt (#19889)
* feat(guardrails): implement team-based isolation guardrails mgmnt

* fix lint errors

* add allow_team_guardrail_config for admin permissions
2026-02-02 19:14:55 -08:00
Ishaan Jaff 079f49ff6a [Feat] - MCP Semantic Filtering Support (#20296)
* init: SemanticMCPToolFilter

* init: SemanticToolFilterHook

* test_e2e_semantic_filter

* mock tests: test_semantic_filter_basic_filtering

* Update litellm/proxy/_experimental/mcp_server/semantic_tool_filter.py

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* refactor folder/file organization

* docs fix

* fix filter

* fix: filter_tools

* fix linting tool filrer

* initialize_from_config

* fix: _expand_mcp_tools

* _initialize_semantic_tool_filter

* working: async_post_call_response_headers_hook

* clean up semantic tool filter

* add _initialize_semantic_tool_filter

* build_router_from_mcp_registry

* _get_tools_by_names

* fiix config

* async_post_call_response_headers_hook

---------

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-02-02 18:28:53 -08:00
yuneng-jiang edfe2394b9 reset_spend endpoint 2026-02-02 15:52:30 -08:00
shin-bot-litellm 31241416d4 feat: add base /scim/v2 endpoint for SCIM resource discovery (#20301)
Add the following SCIM v2 discovery endpoints per RFC 7643/7644:

- GET /scim/v2 - Base resource discovery (ListResponse of ResourceTypes)
- GET /scim/v2/ResourceTypes - List all supported resource types
- GET /scim/v2/ResourceTypes/{id} - Get a specific resource type (User/Group)
- GET /scim/v2/Schemas - List all supported schemas
- GET /scim/v2/Schemas/{uri} - Get a specific schema by URI

These endpoints are required by identity providers (Okta, Azure AD, etc.)
for SCIM resource discovery. Previously, GET /scim/v2 returned 404.

Also adds SCIMResourceType, SCIMSchema, and SCIMSchemaAttribute Pydantic
models to the SCIM types module.

Fixes #20295
2026-02-02 14:27:00 -08:00
yuneng-jiang f1227ce5a8 Merge pull request #20111 from BerriAI/litellm_sso_map_teams
[Feature] SSO Config Team Mappings
2026-02-02 14:18:25 -08:00
shin-bot-litellm 923b1cfd92 fix: MCP "Session not found" error on VSCode reconnect (#20298)
* fix: strip stale mcp-session-id header to prevent 'Session not found' error loop

When VSCode reconnects to LiteLLM's MCP endpoint after a reload, it sends
a stale mcp-session-id header. The session was already cleaned up, causing
a 404 'Session not found' error. VSCode retries with the same stale ID,
creating an infinite error loop.

Before forwarding requests to the StreamableHTTP session manager, check if
the mcp-session-id header references a valid session. If the session doesn't
exist, strip the header so a new session is created automatically.

Fixes #20292

* refactor: extract stale session handling into _strip_stale_mcp_session_header helper
2026-02-02 14:15:31 -08:00
yuneng-jiang 1f51f067eb Merge remote-tracking branch 'origin' into litellm_sso_map_teams 2026-02-02 12:40:12 -08:00
yuneng-jiang b30c17c72d Merge pull request #20210 from BerriAI/litellm_key_block_rev
[Fix] Remove Key Blocking on Login
2026-02-02 12:00:26 -08:00
Hi120ki c9757cd0d7 fix(guardrails): populate applied_guardrails when Model Armor blocks content (#20034)
Previously, when Model Armor guardrail blocked a request/response,
the `applied_guardrails` field was not populated in the logs because
`add_guardrail_to_applied_guardrails_header()` was called after the
HTTPException was raised.

This fix moves the `add_guardrail_to_applied_guardrails_header()` call
to before the blocking check in all hooks:
- async_pre_call_hook (pre_call mode)
- async_moderation_hook (during_call mode)
- async_post_call_success_hook (post_call mode)
- async_post_call_streaming_iterator_hook (streaming)

This ensures that even when a guardrail blocks content, the guardrail
name is properly recorded in the logs for observability.

Added regression tests to verify applied_guardrails is populated when
content is blocked.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-02 18:21:44 +05:30
Ishaan Jaffer 35e29c2bcd Revert "Merge pull request #18790 from BerriAI/litellm_key_team_routing_3"
This reverts commit ae26d8e68a, reversing
changes made to 864e8c6543.
2026-01-31 17:58:46 -08:00
yuneng-jiang 2e8732c5e0 remove key blocking 2026-01-31 16:46:17 -08:00
Ishaan Jaffer 38f5ae8f05 test_budget_reset_and_expires_at_first_of_month 2026-01-31 12:36:53 -08:00
yuneng-jiang b7c45991d8 Fix health endpoints 2026-01-31 12:25:04 -08:00
Ishaan Jaffer 66c7233f61 test_get_session_iterator_thread_safety 2026-01-31 12:05:09 -08:00
Ishaan Jaffer f1b16d240e test_delete_vector_store_checks_access 2026-01-31 12:05:09 -08:00
Ishaan Jaffer 280e8a9cd7 test_get_image_non_root_uses_var_lib_assets_dir 2026-01-31 12:05:09 -08:00
yuneng-jiang c9261c9f37 fix model name during fallback 2026-01-31 11:46:58 -08:00
yuneng-jiang c4a2745983 Merge pull request #20031 from BerriAI/litellm_new_badge_dot
[Fix] UI - Vector Store: Allow Config Defined Models to Be Selected
2026-01-31 09:13:29 -08:00
yuneng-jiang 395ccac651 team mapping 2026-01-30 21:06:03 -08:00
Ishaan Jaff 6897d5f59e [Feat] Add async_post_call_response_headers_hook to CustomLogger (#20083)
* Add async_post_call_response_headers_hook to CustomLogger (#20070)

Allow CustomLogger callbacks to inject custom HTTP response headers
into streaming, non-streaming, and failure responses via a new
async_post_call_response_headers_hook method.

* async_post_call_response_headers_hook

---------

Co-authored-by: michelligabriele <gabriele.michelli@icloud.com>
2026-01-30 12:44:44 -08:00
Sameer Kankute 8d485f2403 Merge pull request #19986 from BerriAI/litellm_batch_cost_tracking_jan29
[Feat]Add cost tracking and usage object in aretrieve_batch call type
2026-01-30 17:00:42 +05:30
Sameer Kankute a8054264ae Merge pull request #19975 from BerriAI/litellm_oss_staging_01_29_2026
Litellm oss staging 01 29 2026
2026-01-30 16:58:28 +05:30
Sameer Kankute eb50c780e9 Merge branch 'main' into litellm_oss_staging_01_29_2026 2026-01-30 09:03:05 +05:30
Sameer Kankute c509ffcea8 Merge pull request #20042 from BerriAI/main
merge main in passthrough
2026-01-30 08:44:00 +05:30
yuneng-jiang 0b6bacb6d3 adding tests 2026-01-29 16:34:21 -08:00