Files
litellm/tests/test_litellm/llms/langflow
ae7ac72331 feat(agents): add LangFlow agent provider with A2A session bridging (#28963)
* feat(agents): add LangFlow agent provider with A2A session bridging

Register LangFlow as a completion provider and agent type (UI + /api/v1/run),
and map A2A contextId to LangFlow session_id for multi-turn conversations.

Co-authored-by: Cursor <cursoragent@cursor.com>

* docs(providers): document langflow in provider_endpoints_support.json

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(agents): address Greptile review for LangFlow integration

Move A2A contextId→session_id mapping into LangFlow A2A provider config,
add langflow.svg logo, remove live integration test, use model for token count.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(langflow): prevent flow_id override via request optional_params

Derive flow_id only from the authorized model name and reject flow_id
kwargs so callers cannot invoke a different LangFlow run endpoint.

Co-authored-by: Cursor <cursoragent@cursor.com>

* refactor(langflow): remove redundant flow_id branch in _get_flow_id

* fix(langflow): surface an error when the run response has no extractable message

Previously the response parser returned the raw JSON blob as the assistant
message when it could not find message text, silently presenting an
unparseable payload as a valid answer. It now returns None and the caller
raises a LangFlowError so the failure is visible to the client.

* fix(langflow): URL-encode flow_id path segment to prevent path injection

flow_id is taken from the model suffix and interpolated into
/api/v1/run/{flow_id}. Without path-segment encoding a model such as
langflow/../../x (or one containing ?) could move the request off the run
endpoint to another path on the configured LangFlow server using the
operator x-api-key. Encode the segment with quote(safe="") so it always
stays a single path segment.

* fix(langflow): reject empty flow_id from model name

* fix(langflow): return stripped flow_id so validation matches URL path

* fix(langflow): reject caller-supplied tweaks to prevent flow component override

* fix(langflow): reject caller-supplied tweaks injected via extra_body

The transform_request guard only inspected optional_params, but extra_body
is popped before transform_request runs and merged into the request body
afterward, letting a caller reintroduce tweaks and override the
operator-configured LangFlow flow components. Validate the final request
body in sign_request so tweaks cannot reach LangFlow through extra_body.

* test(langflow): move provider tests into mirrored coverage path

The langflow tests lived under tests/llm_translation/, whose CircleCI job
runs without --cov and uploads nothing to Codecov, so none of the new
langflow code counted toward patch coverage (codecov/patch reported 9.78%
of the diff hit against a 70.83% target).

Relocate them to tests/test_litellm/llms/langflow/, which the GitHub
Actions provider job runs with --cov=./litellm and uploads, and add
regression tests for the previously untested happy paths (transform_response
building the ModelResponse with usage, non-JSON body handling, last-user
message extraction, outputs-dict response shape, sign_request pass-through,
error class and stream flags). Patch coverage on the diff is now ~88%.

* fix(langflow): require litellm_params in A2A config instead of silent empty fallback

* fix(langflow): scope A2A session_id to the authenticated key

The LangFlow A2A bridge used the LangFlow session_id verbatim from the
client-controlled A2A contextId, so two distinct virtual keys authorized for
the same agent could read or append to each other's LangFlow conversation
memory by reusing a contextId.

Hand the authenticated key hash to the completion bridge through litellm_params
and namespace the forwarded session_id with it. The same key keeps a stable
session across turns, while different keys can no longer collide on a shared
contextId. The principal is hashed before it is embedded in the session_id, so
the stored token is never sent to the LangFlow backend; the original contextId
is preserved as a suffix for operator-side correlation.

* fix(langflow): wire authenticated key hash through A2A bridge and tests

Define A2A_USER_API_KEY_HASH_PARAM in the completion bridge handler, strip it
before litellm.acompletion, inject the authenticated key hash at the proxy A2A
endpoint, and add regression tests for per-key LangFlow session scoping.

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: mateo-berri <277851410+mateo-berri@users.noreply.github.com>
2026-06-02 14:45:56 -07:00
..