mirror of
https://github.com/tiennm99/litellm.git
synced 2026-06-19 01:42:33 +00:00
user
294ac8383e
Three issues surfaced in review of the previous commit: 1. **Veria — Medium**: ``litellm_params`` carries a nested ``litellm_embedding_config`` dict (auto-resolved from the model registry on create / update) which itself holds ``api_key`` / ``aws_*`` / ``vertex_credentials``. The previous redactor only inspected top-level keys, so the nested values passed through unredacted. Recurse into nested dicts. 2. **Greptile — P2**: when ``litellm_params`` is a JSON-serialized string (the in-memory registry occasionally stores it that way), the previous redactor silently no-op'd via the ``isinstance(..., dict)`` guard and echoed the raw payload back. Now: parse, redact, re-serialize. If the string is not valid JSON, replace it with the redaction sentinel rather than echo it. 3. **mypy** flagged ``_redact_sensitive_litellm_params``'s ``Optional[Dict[str, Any]]`` signature as incompatible with the ``object``-typed call site. Widened to ``Any -> Any`` to reflect the actual contract (the function now handles dict / str / None / other). Also fixes a related test regression in ``test_remove_sensitive_info_from_deployment_with_excluded_keys``: the ``"credentials"`` plural addition to ``SensitiveDataMasker`` defaults caused the first call (without ``excluded_keys``) to mutate the input dict's ``litellm_credentials_name`` to a masked value. The second call (with ``excluded_keys``) then saw the already-masked value rather than the original. Construct fresh input for each call. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>