* chore(admin-ui): regenerate static export with trailingSlash: true
Rebuilds litellm/proxy/_experimental/out/ from ui/litellm-dashboard with
`trailingSlash: true` enabled in next.config.mjs. Next.js now emits every
route as <dir>/index.html (e.g. mcp/oauth/callback/index.html) instead of
<dir>.html with a sibling metadata-only directory, which fixes the 404 on
extensionless URLs served through FastAPI's StaticFiles(html=True) mount.
This is the build artifact half of the fix; the config change, Dockerfile
cleanup, and regression test live in the follow-up source PR that stacks
on top of this branch.
* fix(admin-ui): emit nested routes as <dir>/index.html (#28106)
Linear and other OAuth providers redirect the user back to
/ui/mcp/oauth/callback?code=...&state=... after the consent step. The
packaged Next.js static export only produced /ui/mcp/oauth/callback.html,
so FastAPI's StaticFiles served a 404 on the extensionless URL and the
OAuth handshake never completed.
The Dockerfile.non_root build step tried to paper over this at image-build
time with `for html_file in *.html; do ...`, but that shell glob does not
recurse, so nested routes like mcp/oauth/callback.html were left stranded
next to an empty mcp/oauth/callback/ directory containing only Next.js
metadata. The runtime restructure step in proxy_server.py was then skipped
because the .litellm_ui_ready marker had already been dropped.
Set trailingSlash: true in the dashboard's Next.js config so the export
emits every nested route as <dir>/index.html natively. The Dockerfile loop
is now a no-op for the bundled UI and has been removed; the
.litellm_ui_ready marker is still written so the proxy keeps skipping the
redundant Python restructure step at startup. Stacks on top of the static
export regeneration in the parent branch.
* chore: restore origin/litellm_internal_staging out files
Store search tool allowlists only on object permissions, wire auth/management/UI flows to object_permission.search_tools, and remove legacy team-metadata search credential code and tests.
Made-with: Cursor
* fix(proxy_server.py): working swagger on custom base
removes the swagger monkey patch - this seems to render the swagger on custom base paths
* fix(ui/): working custom auth uptil login success event
* fix(ui/): working custom server root path for login
* fix(proxy_server.py): create typed dict for ui returned token
allows better documentation of expected params
* refactor(proxy_server.py): refactor all ui login endpoints to use same returned ui token object
* feat(ui_sso.py): add server root path to ui token
* feat(ui_sso.py): allows ui to call correct endpoint
* fix(networking.tsx): update proxy base url with custom root path
* fix(networking.tsx): handle updating proxy base url for non-local instances
* refactor: remove uneccessary references to proxybaseurl in ui code - reduce potential for errors
* fix: fix linting error
* fix(onboarding_link.tsx): fix onboarding link when custom server path is set
* feat(ui_discovery_endpoints.py): add new public .well-known/ route for litellm ui config
returns the server root path and proxy base url for constructing api calls
* feat(_types.py): add litellm well known config as public route
allows ui to query it
* fix(/_types.py): add .well-known config to as public route
* fix(page.tsx): create pattern for loading in ui config before making network requests
ensures requests are formatted correctly
* fix(page.tsx): call credential endpoint once ui config is loaded
* fix(page.tsx): route correctly to litellm dashboard from new user login
* fix(page.tsx): remove hardcoded `/litellm` for /sso/key/generate request
* fix(proxy_server.py): re-add moderations endpoint
* fix(proxy_server.py): mount __next__ at / and /litellm
allows it to work when proxy is mounted on root
* docs(contributing.md): remove /ui on ui doc - it will now run on root
* docs(custom_root_ui.md): add docs on custom root path