Files
litellm/tests/test_litellm/proxy/vector_store_endpoints
Shivam Rawat fdade8a84e Title: fix(proxy): resolve vector store file list credentials from team deployments (#29739)
* fix(proxy): resolve vector store file list credentials from team deployments

GET /v1/vector_stores/{id}/files now uses the same router credential routing as POST, including JWT team model hints and wildcard model selectors, so list requests no longer call OpenAI with Bearer None.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(proxy): authorize model hints and fix credential routing for vector store file list

Resolves three review findings on the vector store file list path.

Authorize user-controlled model hints (?model= query param and the
x-litellm-model header) against the key's and team's allowed models via
can_key_call_model / _can_object_call_model before any deployment
credentials are resolved, closing a model access bypass where a normal
key could file-list using a restricted deployment's provider credentials.

Run the managed vector store registry resolution before the model routing
hint so the managed store sets the routing model first; the hint resolver
then selects credentials matching that model instead of a team fallback
deployment, avoiding a credential/model mismatch across deployments.

Skip team-fallback deployments whose provider cannot be determined instead
of treating them as OpenAI, so a deployment without an explicit
custom_llm_provider or "openai/" prefix no longer has its credentials
injected.

* fix(proxy): enforce vector store file model auth

Ensure vector store file listing routes authorize explicit and inferred model routing before resolving deployment credentials.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(proxy): type guard vector store model hints

Keep vector store model hint authorization typed to string-only values so static checks pass.

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-06 12:36:05 -07:00
..