Commit Graph

8273 Commits

Author SHA1 Message Date
Darien Kindlund f54e4e664b fix(proxy): use _hash_token_if_needed for cache invalidation in bulk update and key rotation (#25552)
Two code paths in key_management_endpoints.py call hash_token()
unconditionally when invalidating the user_api_key_cache after a key
update.  When the caller passes a pre-hashed token ID (not an sk-
prefixed key), hash_token() double-hashes it, producing a cache key
that does not match the actual cached entry.  Cache invalidation
silently fails.

This is compounded by update_cache() which writes the stale cached key
object back with a fresh 60s TTL after every successful request,
preventing natural TTL expiry.  The stale entry (with outdated fields
like max_budget=None) persists indefinitely under load.

PR #24969 fixed this in update_key_fn but missed two other call sites:
- _process_single_key_update (bulk update path)
- _execute_virtual_key_regeneration (key rotation path)

Fix: replace hash_token() with _hash_token_if_needed() in both
locations, matching the pattern already used elsewhere in the file.

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 19:36:40 -07:00
Yuneng Jiang 909247785e Merge remote-tracking branch 'origin' into litellm_internal_staging_04_11_2026 2026-04-11 15:41:03 -07:00
yuneng-jiang 9a43e32d6e Merge pull request #25464 from BerriAI/litellm_passthrough_contenttype
fix(proxy): pass-through multipart uploads and Bedrock JSON body
2026-04-11 15:40:16 -07:00
yuneng-jiang 56e82451df Merge pull request #25458 from BerriAI/litellm_team_members_logs
Team member permission /spend/logs for team-wide spend logs (UI + RBAC)
2026-04-11 13:55:00 -07:00
ishaan-berri da75012a50 Merge pull request #25569 from BerriAI/litellm_harish_april11
Litellm harish april11
2026-04-11 13:26:18 -07:00
yuneng-jiang 150c37c47d Merge pull request #25568 from BerriAI/litellm_yj_apr_10_2026
[Infra] Merge dev with main
2026-04-11 13:03:52 -07:00
Yuneng Jiang 218daca867 [Fix] Address Greptile review: POST /organization/info auth bypass, inline imports, team access denial tests
- Add _verify_org_access to deprecated POST /organization/info endpoint
- Move get_user_object to module-level import in organization_endpoints.py
- Add tests for _verify_team_access 403 denial path
2026-04-11 12:40:55 -07:00
ishaan-berri c70a3c7093 Merge pull request #25450 from harish876/oom-file-fix-openai
Add file content streaming support for OpenAI and related utilities
2026-04-11 12:25:36 -07:00
ishaan-berri 5cb9b087ad Merge pull request #25545 from BerriAI/litellm_ishaan_april10
Litellm ishaan april10
2026-04-11 12:14:08 -07:00
harish876 69eb34597c Refactor file content streaming handling to improve routing and support
- Introduced a new method in `FileContentStreamingHandler` to resolve streaming request parameters, enhancing the routing logic based on credentials.
- Updated the `should_stream_file_content` method to check against supported providers.
- Cleaned up type hints and imports across multiple files for better organization and clarity.
- Added comprehensive tests to validate the new routing behavior and ensure original data integrity during streaming requests.
2026-04-11 18:56:15 +00:00
ryan-crabbe-berri eabb6a31f1 Merge pull request #25542 from BerriAI/litellm_fix-timestamp
fix(spend): session-TZ-independent date filtering for spend/error log queries
2026-04-11 10:57:25 -07:00
michelligabriele 363f9fe5da fix(proxy): preserve dict guardrail HTTPException.detail + bedrock context (#25558) 2026-04-11 09:40:39 -07:00
jimmychen-p72 2fe615b373 fix(s3): add retry with exponential backoff for transient S3 503/500 errors (#25530)
* fix(s3): add retry with exponential backoff for transient S3 503/500 errors

S3 occasionally returns 503 "Slow Down" during PUT operations when
request rates spike above partition limits. The current code makes a
single upload attempt via httpx — unlike boto3, httpx has no built-in
retry for transient S3 errors. Failed uploads permanently lose the
request's audit/logging data.

Add exponential backoff retry (3 attempts, 1s/2s delays) for S3
500/503 responses in both async_upload_data_to_s3 and
upload_data_to_s3. Logs a warning on each retry with the S3 object
key for observability.

In production we observed ~18 permanent S3 upload failures per day
(124 over 7 days) — all transient 503s that would have succeeded on
a single retry.

* test(s3): add unit tests for S3 upload retry logic

Tests cover:
- Async retry on 503 (succeeds on second attempt)
- Async retry on 500
- Exhausted retries on persistent 503 (calls handle_callback_failure)
- No retry on 4xx errors (403)
- Sync retry on 503

* style(s3): move time import to module level

Address review feedback: move `import time` from inside
upload_data_to_s3 to the top-level imports per project style guide.
2026-04-11 09:39:12 -07:00
Josh 7d2f069361 Reduce default latency histogram bucket cardinality (#25527)
* feat(prometheus): reduce default latency bucket cardinality and make configurable

* test(prometheus): add coverage for PrometheusServicesLogger latency buckets

* Revert "test(prometheus): add coverage for PrometheusServicesLogger latency buckets"

This reverts commit 1bfd004ad1797e212dfd9d1de502810f81a056a1.

* test(prometheus): add coverage for PrometheusServicesLogger latency buckets
2026-04-11 09:34:45 -07:00
michelligabriele c9e4949485 fix(logging): preserve proxy key-auth metadata on /v1/messages Langfuse traces (#25448)
* fix(logging): preserve proxy key-auth metadata on /v1/messages Langfuse traces

update_from_kwargs() overwrites proxy metadata (user_api_key_hash, etc.)
with Anthropic's native metadata when both exist. Merge instead of replace.

* fix(test): update stale assertion for new metadata merge semantics

* test: add explicit conflict-resolution test for metadata merge
2026-04-11 09:29:34 -07:00
Sameer Kankute d03ecedba1 feat(containers): Azure routing, managed container IDs, delete response parsing (#25287)
* feat(containers): Azure container routing, managed IDs, and delete response wire format

- Add AzureContainerConfig and safe URL joining for paths with api-version query
- Encode/decode managed container IDs in responses, streaming, and proxy handlers
- Accept OpenAI delete response object literal container.file.deleted
- Tests for Azure URL regression and DeleteContainerFileResponse parsing

Made-with: Cursor

* fix(responses): gate response id update on parsed_chunk having response

Delta stream events do not include a response body; Mock-based tests
(and any truthy synthetic .response on transforms) must not trigger
_update_responses_api_response_id_with_model_id. Fixes
test_stop_async_iteration_not_logged_as_failure (TypeError: Mock not iterable).

Made-with: Cursor

* feat(containers): encode container IDs in SDK responses for routing

- Add ContainerRequestUtils.encode_container_id_in_response utility
- Encode container_id in create/retrieve/delete responses (SDK path)
- Fix streaming iterator: gate response ID update on parsed_chunk key
- Follows responses API pattern (encode after handler, not in handler)

Made-with: Cursor

* fix(containers): module-level imports and managed cntr_ ID encoding

- Move ResponsesAPIRequestUtils imports to module scope (utils, main, handler_factory).
- Serialize absent model_id as empty segment instead of literal None; decode empty
  and legacy "None" segments as missing for router affinity.
- Add unit tests for build/decode round-trip and legacy IDs.

Made-with: Cursor

* fix(containers): decode managed IDs in endpoint_factory SDK path

- Add decode_managed_container_id_for_request in containers/utils and reuse from main.
- Strip LiteLLM cntr_ wrappers before generic_container_handler (64-char API limit).
- Resolve provider for logging/errors; add unit test for decode helper.
- Use resolved_custom_llm_provider after decode for mypy-safe provider typing.

Made-with: Cursor

* Fix p1 concern

* Fix p1 concern
2026-04-11 09:21:01 -07:00
Sameer Kankute 40d8a25df9 feat(bedrock): skip dummy user continue for assistant prefix prefill (#25419)
When modify_params is true, Bedrock Converse setup no longer prepends or
appends the default user message if the boundary assistant turn has
prefix: true, so OpenAI-style assistant prefill reaches the API unchanged.

Made-with: Cursor
2026-04-11 09:04:15 -07:00
Sameer Kankute c13be44e44 feat(guardrails): optional skip system message in unified guardrail inputs (#25481)
* feat(guardrails): optional skip system message in unified guardrail inputs

Made-with: Cursor

* feat(dashboard): skip_system_message_in_guardrail in guardrail UI

Add a tri-state control (inherit / yes / no) when creating or editing
guardrails so admins can set litellm_params.skip_system_message_in_guardrail
without YAML. Table edit merges existing litellm_params before PUT to avoid
wiping content-filter and other provider fields.

Document the dashboard flow in the guardrails quick start with a screenshot.

Made-with: Cursor

* fix(guardrails): type structured_messages as AllMessageValues for mypy

Use AllMessageValues in openai_messages_without_system and cast adapter
request messages so GenericGuardrailAPIInputs matches TypedDict.

Made-with: Cursor
2026-04-11 08:53:24 -07:00
Sameer Kankute dc200c34a2 fix(responses): map refusal stop_reason to incomplete status in streaming (#25498)
* fix(responses): map refusal stop_reason to incomplete status in streaming

Fixes streaming responses API translation where Anthropic's stop_reason="refusal"
was incorrectly translated to status="completed" instead of "incomplete".

Root cause: build_base_response was unconditionally overwriting finish_reason
with None from later chunks, losing the terminal content_filter value.

Changes:
- streaming_chunk_builder_utils: skip None finish_reason values in build_base_response
- streaming_iterator: snapshot chunks before returning pending events (sync path)
- streaming_handler: treat usage-only chunks as meaningful content
- transformation: map finish_reason=refusal to status=incomplete
- tests: add regression tests for refusal handling

Made-with: Cursor

* Fix test
2026-04-11 08:48:15 -07:00
Yuneng Jiang 09ffc87734 fix: align org and team endpoint permission checks with existing patterns
Brings organization info and team management endpoints in line with the
access-control patterns used elsewhere in the proxy.
2026-04-10 22:17:05 -07:00
harish876 f523ccb2fe Update import paths in tests for StorageBackendFileService
- Changed the import path for `upload_file_to_storage_backend` in test files to reflect the new module structure.
- Ensured consistency in mocking for storage backend service tests.
2026-04-11 00:07:52 +00:00
Ryan Crabbe c7934c460d fix(spend): session-TZ-independent date filtering for spend/error log queries
The raw SQL queries in spend_management_endpoints.py, spend_tracking_utils.py,
and analytics_endpoints.py cast date params to ::timestamptz while comparing
against the plain-timestamp "startTime" column. Postgres resolves the type
mismatch by promoting the column using the DB session timezone, which drifts
the filter window and date_trunc buckets whenever session TZ is not UTC —
silently dropping rows at UTC day boundaries and, for narrow windows, losing
rows entirely.

Wraps every such comparison with `AT TIME ZONE 'UTC'` so the param side
resolves to a plain timestamp matching the column type. Both sides end up
as plain timestamp, Postgres does no implicit conversion, and session TZ
plays no role in the query. The fix is constant-foldable so the existing
startTime index (PR #17504) remains usable.

Also marks strptime-produced datetimes as tz-aware UTC at the call sites
for intent clarity and consistency with parse_date.

Fixes #22529 (Logs page missing recent rows under non-UTC session TZ) and
the Global Usage single-day-returns-two-days symptom reported internally.
2026-04-10 17:04:52 -07:00
ishaan-berri 02b4934e87 Merge pull request #25424 from BerriAI/litellm_fix-websearch-interception-logging
fix(websearch_interception): ensure spend/cost logging runs when stream=True
2026-04-10 16:52:22 -07:00
ishaan-berri b049aadc96 Merge pull request #25514 from milan-berri/fix/a2a-create-a2a-client-default-timeout
fix: a2a create a2a client default 60 second timeout
2026-04-10 16:51:34 -07:00
ishaan-berri 831083b565 Merge pull request #25525 from BerriAI/feat/anthropic-advisor-tool
feat(anthropic): support advisor_20260301 tool type
2026-04-10 16:39:34 -07:00
harish876 c5d93e67f4 Enhance error handling in FileContentStreamingHandler for custom LLM provider routing
- Added validation to ensure credentials include a custom LLM provider before routing.
- Cleaned up type casting for better readability.
- Introduced a new test to verify behavior when a non-OpenAI provider is used, ensuring proper handling of streaming responses.
- Updated imports to include necessary modules for testing.
2026-04-10 23:29:44 +00:00
harish876 d1dda3d30b Enhance file content streaming handler to support custom LLM provider routing
- Updated `FileContentStreamingHandler` to utilize `custom_llm_provider` from credentials for routing.
- Added error handling for missing `custom_llm_provider` in credentials.
- Introduced new tests to validate streaming behavior with routed providers and non-OpenAI providers.
- Cleaned up imports and ensured proper type casting for improved clarity.
2026-04-10 23:29:16 +00:00
harish876 4e5e739559 resolve dependency cycle 2026-04-10 23:11:54 +00:00
harish876 ccf3dc3161 Code Comments incorporated.
- Static Methods for Streaming Handler Function

 - Remove the afile_content_streaming wrapper function. Enabled with a stream boolean in afile_content

 - Cleaned up test cases after refactor
2026-04-10 22:41:13 +00:00
yuneng-jiang d67b5f8b08 Merge pull request #25526 from BerriAI/litellm_yj_04_09_2026
[Infra] Merge Dev Branch with Main
2026-04-10 15:30:23 -07:00
Ishaan Jaffer 318196f793 test(advisor): add tests for auto-strip advisor_tool_result blocks 2026-04-10 13:15:51 -07:00
Ishaan Jaffer 55f0e6605b test(anthropic): add advisor tool tests for /messages beta header path 2026-04-10 12:39:30 -07:00
Ishaan Jaffer 0f9eba4de0 test(anthropic): add advisor tool transformation tests 2026-04-10 12:39:30 -07:00
Sameer Kankute bec448dd5d Merge pull request #25524 from BerriAI/main
merge main
2026-04-11 00:41:36 +05:30
harish876 1c74e17bed E2E test to assert response headers from the openai files change 2026-04-10 18:45:00 +00:00
Sameer Kankute f0d2d26301 fix(bedrock): avoid double-counting cache tokens in Anthropic Messages streaming usage
Made-with: Cursor
2026-04-11 00:03:45 +05:30
harish876 baba3ebed8 Refactor file content streaming implementation
- Removed unused imports and streamlined type hints in `litellm/utils.py` and `litellm/files/main.py`.
- Moved `FileContentStreamingResult` to a new `litellm/files/types.py` for better organization.
- Updated `FileContentStreamingResponse` in `litellm/files/streaming.py` to include asynchronous close methods and improved logging capabilities.
- Enhanced tests to ensure proper closure of streaming iterators in `tests/test_litellm/llms/openai/test_openai_file_content_streaming.py` and `tests/test_litellm/proxy/openai_files_endpoint/test_files_endpoint.py`.
2026-04-10 18:30:28 +00:00
Milan 824269d585 test(a2a): assert create_a2a_client default timeout uses DEFAULT_A2A_AGENT_TIMEOUT
Made-with: Cursor
2026-04-10 21:18:15 +03:00
Ryan Crabbe 3af7de4222 retain ui_routes enum alias for JWT config backwards compatibility 2026-04-10 08:55:32 -07:00
harish876 af4d4ab2ee Introduced Content-Length response headers into the streaming response. This provides a 1:1 behaviour mapping similar to the non streaming behaviour. 2026-04-10 06:54:08 +00:00
joereyna b7d7b93eb9 fix(responses-ws): use urllib.parse to append model param, fix test mocking 2026-04-09 21:49:06 -07:00
joereyna 1264bf3f8e fix(responses-ws): append ?model= to backend WebSocket URL 2026-04-09 21:49:06 -07:00
Chetan Soni 8dc5ab39f0 feat(mcp): add per-user OAuth token storage for interactive MCP flows 2026-04-09 21:49:06 -07:00
joereyna f8ae642736 format vertex test file 2026-04-09 21:49:06 -07:00
joereyna fb527ae250 fix(test): mock headers in test_completion_fine_tuned_model 2026-04-09 21:49:06 -07:00
Ryan Crabbe 26e99f22b3 refactor: consolidate route auth for UI and API tokens
Unify UI and API token authorization through the shared RBAC path
and backfill missing routes in role-based route lists.
2026-04-09 21:36:35 -07:00
yuneng-jiang aa0fa104ba Merge pull request #25437 from joereyna/litellm_fix_responses_websocket_model_query_param
fix(responses-ws): append ?model= to backend WebSocket URL
2026-04-09 20:46:47 -07:00
shivam 5c4915ad0d fix(proxy): pass-through multipart uploads and Bedrock custom body
- Route multipart forwarding on forward_multipart instead of empty _parsed_body
  so litellm_logging_obj no longer forces json= for file uploads.
- Remove custom_body from pass-through endpoint signatures; FastAPI treated it
  as a JSON body and rejected multipart before the handler ran. Bedrock passes
  JSON via request.state (LITELLM_PASS_THROUGH_CUSTOM_BODY_STATE_KEY).
- Use build_request + send(stream=True) for streaming multipart; httpx 0.28
  AsyncClient.request does not accept stream=.
- Add regression test for non-empty _parsed_body multipart path; update Bedrock
  custom-body test and query-params test for forward_multipart.

Made-with: Cursor
2026-04-09 19:43:57 -07:00
ishaan-berri 2c0d20b327 Merge pull request #25441 from csoni-cweave/per-user-mcp-oauth-token
feat(mcp): add per-user OAuth token storage for interactive MCP flows
2026-04-09 19:03:59 -07:00
shivam b6357cd986 fix(proxy): reject non-admin spend log detail when DB is unavailable
Non-admins previously skipped RBAC when prisma_client was None but could
still read payloads from custom loggers. Return 403 unless admin view.
Add test_ui_view_request_response_forbids_non_admin_without_db.

Made-with: Cursor
2026-04-09 18:39:33 -07:00