mirror of
https://github.com/tiennm99/litellm.git
synced 2026-07-13 17:10:08 +00:00
19db79db17
* fix(mcp): OAuth2 chat connect - tools fetch, auth flow, and status fixes - schema.prisma: add missing MCP table fields (approval_status, submitted_by, submitted_at, reviewed_at, review_notes) to prevent destructive migrations - rest_endpoints.py: inject user OAuth token via extra_headers for OAuth2 servers so tools list is populated; add server name->UUID resolution so MCPConnectPicker name lookups work - mcp_registry.json: fix Atlassian defaults (transport: http, url: .../v1/mcp) - ChatPage.tsx: read mcpOauthReturn param to init sidebarView="apps" on OAuth return, clean up param after mount - MCPAppsPanel.tsx: auto-add OAuth2 servers to selectedServers when credential detected; onConnect also enables server for chat; disconnect removes from selectedServers - mcp_servers.tsx: sort servers by created_at DESC - useUserMcpOAuthFlow.tsx: append mcpOauthReturn=apps to return URL so Apps panel is mounted on return * address greptile review feedback (greploop iteration 1) * fix(mcp): inject stored OAuth2 token when fetching tools via /responses API When a user has connected an OAuth2 MCP server (e.g. Atlassian) and then uses the /responses endpoint with that server, tool listing was failing because the stored per-user OAuth token was never injected. Two fixes: 1. server.py: add _get_user_oauth_extra_headers_from_db() helper; call it in _get_tools_from_mcp_servers when oauth2_headers is None for an OAuth2 server, falling back to the user's stored token in LiteLLM_MCPUserCredentials 2. litellm_proxy_mcp_handler.py: also intercept MCP tools whose server_url matches */mcp/<server_name> (e.g. http://localhost:4000/mcp/atlassian_test) by rewriting them to litellm_proxy/mcp/<server_name> so they go through the internal handler (and get the OAuth token injected) instead of being forwarded to OpenAI raw where localhost is unreachable * address greptile review feedback (greploop iteration 2) * test(mcp): add unit test for OAuth2 token injection in _get_tools_from_mcp_servers Verifies that when _get_tools_from_mcp_servers is called for an OAuth2 MCP server without oauth2_headers in the request, the implementation: - calls _prefetch_oauth_creds_for_user once (not per-server) to avoid N+1 queries - passes the stored token as extra_headers={"Authorization": "Bearer ..."} to _get_tools_from_server so the upstream OAuth2 MCP server authenticates correctly * address greptile review feedback (greploop iteration 3) * address greptile review feedback (greploop iteration 4) * address greptile review feedback (greploop iteration 5) * redesign credentials table to use Tremor table layout matching Keys page * fix: /server/oauth authorize 422 - make client_id optional, fall back to real DB server * fix: mcp_token client_id optional, resolve from server record * fix: look up real server by UUID (get_mcp_server_by_id) before falling back to name * Update litellm/responses/mcp/litellm_proxy_mcp_handler.py Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * fix: address greptile feedback - client_id guards, dict spread, helper refactor, tests - mcp_management_endpoints: raise 400 when resolved_client_id is empty in mcp_authorize and mcp_token instead of forwarding "" to upstream - litellm_proxy_mcp_handler: use {**tool, "server_url": ...} spread instead of dict(tool) + mutation for shallow copy safety - rest_endpoints: extract _oauth2_server_ids set comprehension to a named _get_oauth2_server_ids() helper for clarity; add Set to typing imports - test_rest_endpoints: add tests for name→UUID resolution path, access-denied when resolved UUID not in allowed list, and OAuth2 user token injection for single-server requests; fix fake_get_tools signature to accept extra_headers kwarg --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Additional files for the proxy. Reduces the size of the main litellm package.
Currently, only stores the migration.sql files for litellm-proxy.
To install, run:
pip install litellm-proxy-extras
OR
pip install litellm[proxy] # installs litellm-proxy-extras and other proxy dependencies
To use the migrations, run:
litellm --use_prisma_migrate