Commit Graph

36688 Commits

Author SHA1 Message Date
Yuneng Jiang
ac9ebdf4d8
[Fix] Rename CI job to e2e_ui_testing and remove duplicate old job definition 2026-04-08 13:17:45 -07:00
Yuneng Jiang
a8f4f464ce
[Fix] Add missing test fixtures and address review feedback
- Add constants.ts with all required exports (key aliases, team IDs)
- Add fixtures/users.ts with all role definitions and storage paths
- Add fixtures/seed.sql for deterministic test database seeding
- Remove Firefox project from playwright config (only Chromium installed)
- Remove unused variable in teams.spec.ts
- Rename CircleCI job to e2e_ui_testing
2026-04-08 12:40:41 -07:00
Yuneng Jiang
d09d98a70a
[Feature] E2E UI tests: proxy-admin team and key management with CI integration
Add Playwright E2E tests covering proxy admin team and key management
workflows, with a self-contained test runner and CircleCI integration.

Tests cover: create team, invite user, edit/delete team members, create
key in team, regenerate key, update TPM/RPM limits, delete key, and
verify internal user keys are visible.

Infrastructure: run_e2e.sh builds the UI from source before starting
the proxy, ensuring tests always run against the latest UI changes.
Added data-testid attributes to key UI components for reliable selectors.
2026-04-08 11:51:15 -07:00
yuneng-jiang
2dac54b732
Merge pull request #25343 from BerriAI/litellm_fix-mcp-stdio-rce3
fix(mcp): block arbitrary command execution via stdio transport
2026-04-08 11:12:39 -07:00
Sameer Kankute
65829f79d7
docs: document LITELLM_MCP_STDIO_EXTRA_COMMANDS in env reference
Required by tests/documentation_tests/test_env_keys.py for os.getenv usage in constants.

Made-with: Cursor
2026-04-08 21:31:51 +05:30
Sameer Kankute
69be5be88b
fix(mcp): move inline imports to module level and enforce stdio allowlist
- Move os and MCP_STDIO_ALLOWED_COMMANDS imports to module level in mcp_server_manager.py
- Move MCP_STDIO_ALLOWED_COMMANDS import to module level in _types.py
- Change defense-in-depth warning to HTTPException 403 for legacy non-allowlisted commands
- Ensures arbitrary command execution is blocked for both new and legacy MCP servers

Addresses Greptile review comments:
- P2: Inline imports violate CLAUDE.md style guide
- P1 security: Defense-in-depth should block, not warn, for legacy commands

Made-with: Cursor
2026-04-08 21:28:43 +05:30
Sameer Kankute
ad31e79b97
fix(mcp): address Greptile review feedback
- Defense-in-depth: warn instead of hard-fail for legacy servers
- Move os import to module level in _types.py
- Document args residual risk in allowlist comment
- Add UpdateMCPServerRequest allowlist test

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 19:42:41 +05:30
Sameer Kankute
7b7f304675
fix(mcp): block arbitrary command execution via stdio transport
Add command allowlist for MCP stdio transport to prevent RCE via
/mcp-rest/test/* endpoints. Restrict test endpoints to PROXY_ADMIN
role. Fix docker/README.md MASTER_KEY -> LITELLM_MASTER_KEY.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 19:42:37 +05:30
shin-berri
62757ff48f
Merge pull request #25316 from BerriAI/litellm_yj_apr7
[Infra] Bump version 1.83.4 → 1.83.5
2026-04-07 18:53:11 -07:00
Yuneng Jiang
bd327dbe54
bump: version 1.83.4 → 1.83.5 2026-04-07 18:37:29 -07:00
yuneng-jiang
5f49f29f4e
Merge pull request #25048 from joereyna/fix/dockerfile-node-gyp-path
Fix node-gyp symlink path after npm upgrade in Dockerfile
2026-04-07 17:14:04 -07:00
joereyna
41407d0287
Fix node-gyp symlink path after npm upgrade in Dockerfile 2026-04-07 17:01:55 -07:00
yuneng-jiang
08f34aa3cc
Merge pull request #25313 from BerriAI/litellm_align_v2_key_info_with_v1
[Refactor] Align /v2/key/info response handling with v1
2026-04-07 15:54:12 -07:00
yuneng-jiang
096893ea97
Merge pull request #25273 from BerriAI/litellm_pin_cosign_pub_to_commit
[Infra] Pin cosign.pub verification to initial commit hash
2026-04-07 15:40:46 -07:00
Yuneng Jiang
021429b797
[Refactor] Align /v2/key/info response handling with v1
The /v2/key/info endpoint was missing response filtering that
the v1 /key/info endpoint already had. This aligns the two
endpoints so v2 applies the same per-key permission checks and
strips internal fields from the response. Also fixes the
key_aliases query path to resolve aliases before querying.
2026-04-07 15:21:42 -07:00
milan-berri
bf8b615b64
fix(auth): support selective jwt override oauth2 routing (#25252)
Allow JWT tokens matching routing_overrides to use OAuth2 introspection without enabling global OAuth2 while keeping OAuth2 routing limited to LLM/info routes. Add regression coverage for management-route boundary and tighten opaque-token assertions; update docs to reflect selective-mode route scope.

Made-with: Cursor
2026-04-07 13:52:47 -07:00
yuneng-jiang
f3bc20056d
Merge pull request #25307 from BerriAI/litellm_/fix_npmrc_dockerfile
[Fix] Dockerfile.non_root: handle missing .npmrc gracefully
2026-04-07 13:01:30 -07:00
Yuneng Jiang
537727f0da
[Fix] Dockerfile.non_root: handle missing .npmrc gracefully
The .npmrc file (ignore-scripts=true, min-release-age=3d) is temporarily
removed during the Docker build since lifecycle scripts are needed by
npm ci. However, the unconditional `mv` fails when the build context
doesn't include .npmrc (e.g. when LiteLLM is vendored in a subdirectory).

Make all .npmrc mv operations conditional. This is safe because npm ci
already installs from package-lock.json with pinned versions and
integrity hashes.
2026-04-07 12:44:04 -07:00
yuneng-jiang
23e1a7d7c2
Merge pull request #25126 from BerriAI/litellm_ui_e2e_psql_pr
[Test] UI - E2E: Add Playwright tests with local PostgreSQL
2026-04-07 11:59:11 -07:00
Yuneng Jiang
184050e2a1
Merge remote main into litellm_ui_e2e_psql_pr 2026-04-07 10:27:12 -07:00
Yuneng Jiang
ce75fde727
Merge remote main into litellm_pin_cosign_pub_to_commit 2026-04-07 10:27:00 -07:00
yuneng-jiang
730ba0f670
Merge pull request #25299 from BerriAI/litellm_fix_check_responses_cost_tests
[Fix] Update check_responses_cost tests for _expire_stale_rows
2026-04-07 10:22:58 -07:00
Yuneng Jiang
48a68230c8
fix(test): update check_responses_cost tests for _expire_stale_rows
PR #25258 changed _cleanup_stale_managed_objects from update_many to
execute_raw via _expire_stale_rows, but the tests were not updated.
The tests now mock _expire_stale_rows on the instance and assert
update_many calls only for job completion, not stale cleanup.
2026-04-07 10:09:11 -07:00
Yuneng Jiang
8c16bc0346
Merge remote-tracking branch 'origin/main' into litellm_ui_e2e_psql_pr 2026-04-07 09:12:33 -07:00
Shivam Rawat
2bb7387a83
Litellm aws gov cloud mode support (#25254)
* add us gov models

* added max tokens

* greptile fix

---------

Co-authored-by: mubashir1osmani <mubashir.osmani777@gmail.com>
2026-04-07 08:49:17 -07:00
Yuneng Jiang
54f4be6ab6
Merge remote-tracking branch 'origin/main' into litellm_ui_e2e_psql_pr 2026-04-06 23:18:35 -07:00
Yuneng Jiang
965879e74f
fix: address Greptile review comments
- team-admin: assert Admin Settings is not visible (role-specific check)
- proxy-admin: use users[Role.ProxyAdmin].password from constants instead of duplicating the env var fallback inline
2026-04-06 23:12:40 -07:00
Yuneng Jiang
30565581be
[Infra] Pin cosign.pub verification to initial commit hash
Pin all cosign public key references to the immutable commit hash
(0112e53) that first introduced the key, instead of fetching it from
the release tag. This addresses the concern that an attacker with push
access could replace the key on main/tags and re-sign tampered images.

Docs now show two verification methods: commit hash (recommended) and
release tag (convenience), with explanation of why the hash is stronger.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 22:53:23 -07:00
ishaan-berri
03d9746815
bump litellm version to 1.83.4 (#25266)
* bump litellm version to 1.83.4

* regenerate poetry.lock
2026-04-06 21:30:20 -07:00
ishaan-berri
4bcd4bef44
bump litellm-enterprise to 0.1.37 (#25265)
* bump litellm-enterprise to 0.1.37

* update poetry.lock for enterprise 0.1.37 bump
2026-04-06 21:23:25 -07:00
ishaan-berri
7a9a9f0c79
fix: batch-limit stale managed object cleanup to prevent 300K row UPD… (#25258)
* fix: batch-limit stale managed object cleanup to prevent 300K row UPDATE (#25257)

* Add STALE_OBJECT_CLEANUP_BATCH_SIZE constant

Configurable batch limit (default 1000) for stale managed object cleanup,
preventing unbounded UPDATE queries from hitting 300K+ rows at once.

* Batch-limit stale managed object cleanup with single bounded SQL query

Two fixes to _cleanup_stale_managed_objects:

1. Replace unbounded update_many with a single execute_raw using a
   subquery LIMIT, capping each poll cycle to STALE_OBJECT_CLEANUP_BATCH_SIZE
   rows. Zero rows loaded into Python memory — everything stays in Postgres.
   Uses the same PostgreSQL raw-SQL pattern as spend_log_cleanup.py
   (the proxy requires PostgreSQL per schema.prisma).

2. Extract _expire_stale_rows as a separate method for testability.

Keeps the file_purpose='response' filter to avoid incorrectly expiring
long-running batch or fine-tune jobs that legitimately exceed the
staleness cutoff.

* docs: add STALE_OBJECT_CLEANUP_BATCH_SIZE to env vars reference

* test: remove deprecated embed-english-v2.0 cohere embedding tests
2026-04-06 19:11:55 -07:00
ryan-crabbe-berri
3ac61a519b
Merge pull request #25239 from BerriAI/litellm_backfill-team-member-permissions
feat: add POST /team/permissions_bulk_update endpoint
2026-04-06 18:15:42 -07:00
Ryan Crabbe
fdd2672e93
feat: add POST /team/permissions_bulk_update endpoint
Adds a new endpoint to bulk-update team_member_permissions across
teams. Supports apply_to_all_teams (with cursor-based pagination)
or a specific list of team_ids. Merges new permissions into each
team's existing set rather than overwriting.

Also fixes test isolation bug in test_get_prompt_info_by_base_id
where leaked prisma_client state from other tests caused a
TypeError on await.
2026-04-06 17:45:35 -07:00
yuneng-jiang
d132b1bf51
[Infra] Remove Redundant Matrix Unit Test Workflow (#25251)
* Remove redundant matrix unit test workflow

All test paths in test-litellm-matrix.yml are fully covered by the
newer semantic unit test workflows (test-unit-*.yml), making the
matrix workflow redundant CI spend.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Add Codecov coverage reporting to semantic unit test workflows

Add coverage collection (--cov) and Codecov OIDC upload to both
reusable base workflows and all 12 caller workflows, replacing the
coverage reporting that was previously only in the matrix workflow.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Move id-token/pull-requests permissions to job level for multi-job workflows

For workflows with multiple jobs (llm-providers, proxy-db), move
id-token: write and pull-requests: write from workflow level to job
level so permissions are scoped to only the jobs that need them.
Removes zizmor inline suppressions that were masking the issue.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 16:52:38 -07:00
yuneng-jiang
d2d99aa082
[Docs] Enforce Black Formatting in Contributor Docs (#25135)
* [Docs] Enforce Black formatting in contributor docs

Black formatting is now enforced in CI. Update CLAUDE.md, AGENTS.md,
and CONTRIBUTING.md to instruct contributors and AI agents to run
`poetry run black .` before committing, and add VS Code setup guidance.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: fixes

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 16:51:25 -07:00
yuneng-jiang
a60e19aeb8
Remove flaky proxy_e2e_azure_batches_tests CI workflow (#25247)
The proxy_e2e_azure_batches_tests workflow is consistently flaky and
does not provide reliable signal on whether changes break anything.
Remove the workflow from both CircleCI and GitHub Actions, along with
the test directory it exclusively used.

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 16:49:14 -07:00
yuneng-jiang
39c1042258
[Docs] Add cosign Docker image verification steps to security blog posts (#25122)
* docs(blog): add cosign Docker image verification instructions

Add steps for verifying Docker images with cosign to three security blog posts:
CI/CD v2, Security Townhall, and Security Update.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* docs(proxy): add cosign verification to Docker/Helm/Terraform deploy page

Add image signature verification steps to the main deployment doc so
users pulling Docker images know how to verify them with cosign.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: fixes

* Update index.md

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* [Docs] Scope cosign signing docs to GHCR and specify starting version

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* [Docs] Add starting version callout to ci_cd_v2 blog post

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Krrish Dholakia <krrish+github@berri.ai>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-04-06 09:59:27 -07:00
Yuneng Jiang
1d3fb58752
chore: fixes 2026-04-05 01:36:02 -07:00
mubashir1osmani
d251238bd7
docs: week 1 checklist (#25083)
* week 1 checklist

* update railway url
2026-04-04 18:20:39 -07:00
ishaan-berri
c5686b9726
[Nit] Small docs fix, fixing img + folder name (#25171)
* fix toolsets img

* docs fix
2026-04-04 18:14:32 -07:00
ishaan-berri
9088b46b90
Litellm docs 1 83 3 (#25166)
* doc fix

* docs fix

* docs fix

* doc fix

* docs

* docs fix
2026-04-04 17:54:47 -07:00
ishaan-berri
cf045dc6d2
fix: regenerate poetry.lock to match pyproject.toml (#25169) 2026-04-04 17:42:09 -07:00
ishaan-berri
1e66050423
bump litellm-enterprise to 0.1.36 (#25164)
* bump litellm-enterprise version to 0.1.36

* bump litellm-enterprise==0.1.36 in pyproject.toml

* bump litellm-enterprise==0.1.36 in requirements.txt
2026-04-04 17:14:31 -07:00
ishaan-berri
d2102e992a
bump litellm-proxy-extras to 0.4.65 (#25163)
* bump litellm-proxy-extras version to 0.4.65

* bump litellm-proxy-extras==0.4.65 in pyproject.toml

* bump litellm-proxy-extras==0.4.65 in requirements.txt
2026-04-04 17:11:56 -07:00
yuneng-jiang
eed8a38eca
bump: version 1.83.2 → 1.83.3 (#25162) 2026-04-04 17:11:04 -07:00
yuneng-jiang
3e90565ca3
chore: update Next.js build artifacts (2026-04-04 23:58 UTC, node v22.16.0) (#25158) 2026-04-04 17:01:48 -07:00
ryan-crabbe-berri
6bc4b46e56
Merge pull request #25156 from BerriAI/litellm_ryan-apr-4
Litellm ryan apr 4
2026-04-04 16:56:03 -07:00
ryan-crabbe-berri
8ecbf757b2
Merge pull request #25038 from BerriAI/litellm_feat-add-guardrail
feat: allow adding team guardrails from the UI
2026-04-04 16:48:43 -07:00
ishaan-berri
61b295238b
cherry-pick: tag query fix + MCP metadata support (#25145)
* added support for metadata (#24261)

* added support for metadata

* fix: PR review - meta truthiness, BlobResourceContents mimeType, add Blob+empty meta tests

Made-with: Cursor

* pyproject to .25

* feat(teams): resolve access group models/MCPs/agents in team endpoints

Add access_group_models, access_group_mcp_server_ids, and
access_group_agent_ids to /team/info and /v2/team/list responses.
These fields contain resources inherited from access groups, kept
separate from direct assignments so the UI can distinguish the source.

Backend: _resolve_access_group_resources() helper resolves access
group resources via existing _get_*_from_access_groups() functions.

UI: Teams table and detail view show direct models as blue badges
and access-group-sourced models as green badges.

* perf(teams): single-pass access group resolution + asyncio.gather in list endpoint

- Fetch each access group object once and extract all 3 resource fields
  in a single pass instead of 3 separate calls (3N → N lookups)
- Use asyncio.gather to resolve access groups across teams concurrently
  in list_team_v2 instead of sequential awaits
- Add 5 unit tests for _resolve_access_group_resources

* docs: add default_team_params to config reference and update examples

- Add default_team_params to litellm_settings reference table in
  config_settings.md with all sub-fields documented
- Update self_serve.md and msft_sso.md examples to include
  team_member_permissions, tpm_limit, and rpm_limit
- Fix misleading comment that implied default_team_params only applies
  to SSO auto-created teams — it applies to all /team/new calls

* docs: clarify that models sub-field only applies to SSO auto-created teams

* fix: lazy import get_access_object to break cyclic import + short-circuit all-proxy-models display

- Remove get_access_object from module-level import in team_endpoints.py
  and use a lazy _get_access_object wrapper to avoid cyclic dependency
- Add _prisma_client is None early-exit guard in _resolve_access_group_resources
- Short-circuit UI to show "All Proxy Models" when team.models is empty
  or contains "all-proxy-models", skipping access group model resolution

* add: making organizations a select instead of read only badges

* fix(ui): only send organization_id when changed and use raw initial value

* fix(ui): add paginated team search to usage page filter

Replace the static team dropdown on the usage page with a new
TeamMultiSelect component that uses the paginated v2/team/list
endpoint with debounced server-side search and infinite scroll.

* fix(ui): fix imports and update placeholder for team multi select

* fix(ui): wire team_id filter to key alias dropdown on Virtual Keys tab

The Key Alias dropdown on the Virtual Keys page was showing aliases from
all teams regardless of which team was selected. The team_id was never
passed through the frontend chain to the backend /key/aliases endpoint.

- Backend: add optional team_id query param to /key/aliases endpoint
- networking.tsx: add team_id param to keyAliasesCall
- useKeyAliases: accept and forward team_id to API call and query key
- filter.tsx: pass allFilters context to custom filter components
- PaginatedKeyAliasSelect: read Team ID from allFilters and pass to hook

* fix(tests): correct mock targets in TestResolveAccessGroupResources

Three tests were patching the non-existent `get_access_object` instead
of `_get_access_object` (the lazy-import wrapper), causing AttributeError.
Also added missing `prisma_client` mock so tests get past the early-exit
guard and actually exercise the resolution logic.

* fix: use direct attribute access with or [] fallback in _resolve_access_group_resources

Replace getattr(ag, "field", []) with ag.field or [] for cleaner
access and safe handling if a field is None.

* fix(ui): remove model source legend from team detail view

The blue/green color distinction is self-explanatory; the legend added
visual clutter without providing enough value.

* fix(ui): add missing access_group fields to TeamData.team_info type

The TeamData interface was missing access_group_models,
access_group_mcp_server_ids, and access_group_agent_ids fields,
causing a TypeScript build failure.

* perf(teams): batch-fetch access groups in single DB query

Replace per-ID _resolve_access_group_resources loop with a single
find_many call that deduplicates IDs across all teams. Removes the
N+1 query pattern on cold cache for the team list endpoint.

* refactor(proxy): extract helpers to fix PLR0915 violations

Extract `_apply_non_admin_alias_scope` from `key_aliases`,
`_resolve_team_access_group_resources` from `team_info`, and
`_enforce_list_team_v2_access` from `list_team_v2` to bring each
function under ruff's 50-statement limit. No behavior changes.

* test(ui): update tests to match new team_id / access-group signatures

- useKeyAliases, PaginatedKeyAliasSelect: add trailing `undefined` to
  spy matchers for the new `team_id` param on `useInfiniteKeyAliases`
  and `keyAliasesCall`.
- EntityUsage: mock new `TeamMultiSelect` child so QueryClientProvider
  is not required for team-entity tests.
- ModelsCell: replace the overflow-accordion test with one that
  verifies the new collapse-on-`all-proxy-models` behavior (no
  accordion, single badge).

* fix(ui): send null (not '') for cleared organization_id on team update

AntD <Select allowClear> returns undefined when the user clears the
selection. Coalescing to "" caused the team-update payload to carry
organization_id: "" instead of null, relying on the backend to coerce
it. Send null directly so the intent is explicit at the source.

* poetry

* chore: regen poetry.lock for litellm-proxy-extras 0.4.64 bump

* chore: update Next.js build artifacts (2026-04-04 17:55 UTC, node v22.16.0)

---------

Co-authored-by: shivam <shivam@uni.minerva.edu>
Co-authored-by: Ryan Crabbe <ryan@berri.ai>
Co-authored-by: yuneng-jiang <yuneng@berri.ai>

* Tag query fix (#25094)

* feat(tag-spend): implement separate scheduler job for daily tag spend updates

* fix(docker): add g++ to build dependencies in Dockerfile

* initial test cases. TODO: check scheduler init and test cases in proxy_server related to it

* resolved QPS issue when redis transaction buffer is enabled

* resolving circular import error flagged by greptile

* fix(mypy): use Optional[str] for api_base in PydanticAI provider to match superclass signature

---------

Co-authored-by: Shivam Rawat <shivam@berri.ai>
Co-authored-by: shivam <shivam@uni.minerva.edu>
Co-authored-by: Ryan Crabbe <ryan@berri.ai>
Co-authored-by: yuneng-jiang <yuneng@berri.ai>
Co-authored-by: Harish <harishgokul01@gmail.com>
Co-authored-by: Ishaan Jaffer <ishaan@berri.ai>
2026-04-04 16:44:02 -07:00
Ryan Crabbe
e87f6cae5b
chore: poetry lock 2026-04-04 16:39:46 -07:00