mirror of
https://github.com/tiennm99/litellm.git
synced 2026-07-16 18:16:34 +00:00
team.object_permission.mcp_servers (and the per-key equivalent) previously only accepted server_id strings. For config-loaded MCP servers, the id is derived from a hash that includes the server URL, so the same logical server in two regions ends up with two different ids in a shared database. Permission lists had to enumerate every region's id. Add a single MCPServerManager.expand_permission_list() helper that resolves each entry against the current region's config + DB registry union: entries that match a server_id pass through, entries that match an alias/server_name/ name expand to every matching id, and unresolved entries drop with a debug log so stale or typo entries are diagnosable. Wire it into the four _get_allowed_mcp_servers_for_* helpers so direct server entries and mcp_tool_permissions dict keys are both expanded before the intersection. Access-check outcomes are unchanged for existing id-based permissions; name-based entries now resolve instead of being silently denied.