BerriAI/litellm v1.89.0-rc.1

on GitHub

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.89.0-rc.1

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.89.0-rc.1/cosign.pub \
  ghcr.io/berriai/litellm:v1.89.0-rc.1

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

What's Changed

• test(responses): bump deprecated gemini-3-pro-preview to gemini-3.1-pro-preview by @mateo-berri in #29433
• fix: map mistral/ministral-8b-latest in model price map by @mateo-berri in #29453
• fix(datadog): split oversized batches on 413 instead of re-queueing forever by @yassin-berriai in #29444
• feat(otel): allowlist team_metadata sub-keys promoted to baggage by @yassin-berriai in #29442
• fix: stop use_chat_completions_api flag from leaking into provider request body by @mateo-berri in #29447
• fix(anthropic, fireworks): inline legacy $ref defs in tool schemas by @milan-berri in #28646
• fix(proxy): omit OpenAI [DONE] on google-genai streamGenerateContent by @Sameerlite in #29426
• ci(release): create stable/X.Y.x line branch on X.Y.0 tags by @yuneng-berri in #29457
• fix(vector-stores): support engines URL for Vertex AI Search by @ryan-crabbe-berri in #27885
• fix(ui): render caller-supplied filter options in caller order by @ryan-crabbe-berri in #29462
• fix(batches): skip unnecessary batch input file reads by @Sameerlite in #29114
• docs(agents): clarify when to create new test files by @Sameerlite in #29472
• Litellm OSS Staging by @Sameerlite in #29161
• fix(mcp): clear allowed_tools and tool overrides on MCP server edit by @Sameerlite in #29411
• Litellm OSS Staging 010626 by @Sameerlite in #29422
• fix(ci): make CircleCI rerun-failed-tests collect tests when 2+ test files fail by @mateo-berri in #29475
• feat(a2a): watsonx Orchestrate agent provider by @Sameerlite in #29410
• fix(azure_ai): strip tool-level extra fields on 400 and retry by @Sameerlite in #29479
• fix(docs): remove fixed dimensions from README hero image by @mateo-berri in #29496
• Litellm oss staging by @Sameerlite in #29492
• fix: small CLAUDE.md nits by @mateo-berri in #29504
• Add MCP semantic conventions to otelv2 by @yassin-berriai in #29468
• fix(passthrough): emit otel guardrail span when a guardrail blocks by @yassin-berriai in #29470
• fix(proxy): strip NUL bytes from spend log payloads to prevent PostgreSQL 22P05 by @milan-berri in #29515
• [internal copy of #28008] Support MCP OAuth passthrough and issuer-scoped JWT auth by @mateo-berri in #28356
• feat(vector-stores): forward per-request params to Vertex AI Search by @ryan-crabbe-berri in #29459
• feat(proxy): add per-MCP-server RPM rate limiting for keys and teams by @Sameerlite in #29482
• fix(tests): drop module-level test calls that break local_testing collection by @mateo-berri in #29520
• feat(agents): add LangFlow agent provider with A2A session bridging by @Sameerlite in #28963
• fix(ui/agents): make A2A skill tags enterable and validated by @ryan-crabbe-berri in #29512
• [internal copy of #29232] feat: route future Claude models to Anthropic provider via pattern matching by @mateo-berri in #29239
• fix(tests): drop import-time completion call in test_register_model by @mateo-berri in #29521
• test: stabilize batch VCR coverage and stop live upload/network leaks by @mateo-berri in #29477
• [internal copy of #29003] fix(vertex_ai): use user-supplied api_base as is for Model Garden OpenAI-compat path by @mateo-berri in #29530
• feat(proxy): native /health/drain preStop hook for graceful shutdown by @yassin-berriai in #29439
• fix(auth): preserve 401 status for expired JWTs in OTel traces by @ryan-crabbe-berri in #29510
• fix(otel): capture 401 error details in management endpoint spans by @ryan-crabbe-berri in #29535
• test(proxy/utils): pin bottom-of-file helper behavior by @yuneng-berri in #29509
• test(proxy/utils): pin PrismaClient and spend-update behavior by @yuneng-berri in #29488
• test(proxy/utils): pin ProxyLogging behavior by @yuneng-berri in #29485
• fix: missing span for guardrail passthrough by @yassin-berriai in #29552
• fix(auth): let internal users view search tools by @ryan-crabbe-berri in #29542
• fix: missing mcp otel attributes by @yassin-berriai in #29554
• fix(proxy): resolve managed video model ids for auth by @shivamrawat1 in #29545
• fix(key_generate): allow team members to create keys on org-scoped teams by @milan-berri in #29310
• test(pass-through): move Gemini pass-through tests to gemini-3.1-flash-lite by @mateo-berri in #29595
• Litellm oss staging 030626 by @Sameerlite in #29578
• Fix : a2a bugs 030626 by @Sameerlite in #29566
• [internal copy of #29533] fix(anthropic/adapter): emit thinking block for reasoning_content-only streaming chunks by @mateo-berri in #29600
• ci: reproduce default-Windows wheel install to guard MAX_PATH by @yuneng-berri in #29597
• fix(vertex): strip output_config.effort for Vertex Claude models that reject it (Haiku 4.5) by @mateo-berri in #29585
• Litellm websocket improvements by @Sameerlite in #29563
• feat(arize/phoenix): OpenInference rendering parity — tool_calls, cost, passthrough I/O, session/user, multimodal, cache tokens by @milan-berri in #28800
• [internal copy of #29550] fix: passthrough endpoints duplicate logs by @mateo-berri in #29598
• fix(ci): keep coverage rename green when a parallel node runs no tests by @mateo-berri in #29608
• test(vcr): close out the remaining VCR live-call leaks by @mateo-berri in #29603
• fix(key_generate): exempt UI/CLI session tokens from the budget ceiling for team keys by @yuneng-berri in #29612
• fix(realtime): allow null transcripts in stream logging payloads by @milan-berri in #29625
• build(ui): migrate eslint to flat config + bump eslint-config-next to 16 by @ryan-crabbe-berri in #29626
• fix(key_generate): scope session-token team-key budget exemption to caller-supplied team_id by @yuneng-berri in #29641
• fix(proxy): disable proxy buffering on streaming SSE responses by @mateo-berri in #29557
• fix(mcp): gate /public/mcp_hub strictly on litellm.public_mcp_servers by @michelligabriele in #27764
• ci(ui): frontend-lint job enforcing prettier + eslint on changed files by @ryan-crabbe-berri in #29633
• fix(gemini): googleSearch + server-side tools and googleMaps JSON schema by @Sameerlite in #29582
• fix(proxy): passthrough 404 when SERVER_ROOT_PATH is set by @Sameerlite in #29658
• fix(gemini-realtime): use GA event names for Pipecat 1.3.x compatibility by @Sameerlite in #29662
• Litellm oss staging 040626 by @Sameerlite in #29671
• style(ui): prettier formatting pass over the dashboard by @ryan-crabbe-berri in #29622
• chore: ignore prettier dashboard reformat in git blame by @ryan-crabbe-berri in #29695
• fix(helm): Enable Backend Deployment to mount Gateway config.yaml by @tin-berri in #29605
• [internal copy of #29277] fix(proxy): add default=None to LiteLLM_TeamMembership.litellm_budget_table by @mateo-berri in #29684
• test: make custom_tokenizer proxy tests hermetic by @yuneng-berri in #29643
• test(proxy): stop running real-DB tests in GitHub Actions unit jobs by @ryan-crabbe-berri in #29700
• chore(ui): remove the bare-fetch lint rule by @ryan-crabbe-berri in #29712
• Litellm jwt mapping virtualkeys by @shivamrawat1 in #28510
• refactor(ui): shared HTTP client + location-pinned fetch() lint rule by @ryan-crabbe-berri in #29723
• fix(proxy): stop team BYOK model name corruption on model edit by @yuneng-berri in #29731
• [internal copy of #29511] feat(guardrails): add sensitive data routing to on-premise models by @mateo-berri in #29531
• fix(proxy/hooks): populate llm_provider on internal rate-limit errors by @mateo-berri in #27707
• fix(vertex/anthropic): handle namespace tools and strip client_metadata for codex compatibility by @Sameerlite in #29489
• Support OAuth M2M for Databricks Apps A2A agents by @mateo-berri in #29586
• fix: small CLAUDE.md nit by @mateo-berri in #29749
• fix(anthropic): route Claude Opus 4.8 through adaptive thinking by @mateo-berri in #29702
• fix(proxy): persist oauth2_flow on MCP server registration by @michelligabriele in #29690
• [internal copy of #27491] fix(realtime): Fix Realtime Audio Token Cost Tracking by @mateo-berri in #29722
• fix(galileo): use ingest traces API and standard logging payload by @Sameerlite in #29651
• fix(auth): expand all-team-models sentinel in can_key_call_model for batch validation by @Sameerlite in #29746
• test(vcr): stop refreshing cassette TTL on read so cassettes lapse after 24h by @mateo-berri in #29784
• test(ci): record/replay OpenAI image gen so the spend E2E isn't outage-bound by @mateo-berri in #29787
• fix(ui): route MCP playground auth by oauth2 mode instead of token_url by @tin-berri in #29714
• refactor(ui): centralize proxy base URL resolution into tested resolver by @ryan-crabbe-berri in #29793
• Litellm oss staging 050626 by @Sameerlite in #29774
• test(google): add google-genai SDK proxy integration tests by @Sameerlite in #29781
• fix(jwt): use resolved DB user_id for spend on legacy email match by @milan-berri in #29217
• feat(ui): generate dashboard API types from the proxy OpenAPI spec by @ryan-crabbe-berri in #29816
• fix(proxy): drop deleted team BYOK model name from team.models by @yuneng-berri in #29820
• feat(mcp): per-server env vars with global + per-user scopes by @mateo-berri in #28917
• refactor(ui): route behavior-preserving networking calls through apiClient by @ryan-crabbe-berri in #29806
• fix(ui): persist Tools-tab MCP OAuth token to DB by @tin-berri in #29809
• fix(ui): require new expiration when regenerating an expired key by @milan-berri in #29838
• refactor(ui): route query-building networking calls through apiClient by @ryan-crabbe-berri in #29815
• Make the image-gen record/replay proxy report cache mode and per-request HIT/MISS by @mateo-berri in #29802
• feat(proxy): hot-reload .env in dev when running with --reload by @mateo-berri in #29783
• fix(ui): stop MCP playground tool calls from sending twice by @tin-berri in #29821
• feat(fal_ai): add Nano Banana / Gemini 2.5 Flash Image generation support by @mateo-berri in #29798
• Title: Fix managed batch cancel credential resolution by @shivamrawat1 in #29734
• Title: fix(proxy): resolve vector store file list credentials from team deployments by @shivamrawat1 in #29739
• refactor: convert AWS and GCP Terraform stacks into reusable modules … by @yassin-berriai in #28103
• chore(ui): build ui for release by @yuneng-berri in #29853
• fix(terraform/gcp): prompt for image_registry in DeployStack one-click by @yassin-berriai in #29852
• fix(terraform/gcp): abandon SQL user on destroy by @yassin-berriai in #29855
• Extend the record/replay proxy to chat, embeddings, moderations, rerank, and Anthropic by @mateo-berri in #29847
• chore(deps): bump deps by @yuneng-berri in #29860
• chore(ci): promote internal staging to main by @yuneng-berri in #29861
• fix: 400 on Anthropic context overflow; seed identity on failed auth by @yassin-berriai in #29848
• chore(ci): promote internal staging to main by @yuneng-berri in #29862

New Contributors

• @tin-berri made their first contribution in #29605

Full Changelog: v1.88.0-rc.1...v1.89.0-rc.1