mirror of
https://github.com/tiennm99/litellm.git
synced 2026-07-15 16:19:45 +00:00
Two Greptile P2s addressed: 1. (security) The audit-log row for an ``add_team_callbacks`` call would serialize the entire ``callback_vars`` block — including ``langfuse_secret_key``, ``langsmith_api_key``, and the GCS service account path — verbatim into ``LiteLLM_AuditLogs``. Anyone with read access to the audit table could harvest team callback credentials. Same risk for ``disable_team_logging`` when the team's existing row has populated ``callback_settings.callback_vars``. Add ``_redact_callback_secrets``: deep-copies the metadata snapshot and replaces every ``callback_vars`` value with ``***REDACTED***``. The keys are kept so an auditor can still see *which* fields changed. Applied to both before and after snapshots. 2. ``asyncio.create_task`` is fire-and-forget; if the audit-log write raises (transient DB error etc.) the exception is silently discarded by the event loop and the audit row is just missing — the exact gap this PR is closing. Attach a ``done_callback`` that logs the exception at warning level via ``verbose_proxy_logger`` so the operator sees there's a gap. Tests assert that callback values are not present in the serialized audit payload (both for ``add_team_callbacks`` and for ``disable_team_logging`` when the team's existing row has populated secrets).
In total litellm runs 1000+ tests
[02/20/2025] Update:
To make it easier to contribute and map what behavior is tested,
we've started mapping the litellm directory in tests/test_litellm
This folder can only run mock tests.