BerriAI/litellm v1.91.0-dev.1

on GitHub

Verify Docker Image Signature

All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit 0112e53.

Verify using the pinned commit hash (recommended):

A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \
  ghcr.io/berriai/litellm:v1.91.0-dev.1

Verify using the release tag (convenience):

Tags are protected in this repository and resolve to the same key. This option is easier to read but relies on tag protection rules:

cosign verify \
  --key https://raw.githubusercontent.com/BerriAI/litellm/v1.91.0-dev.1/cosign.pub \
  ghcr.io/berriai/litellm:v1.91.0-dev.1

Expected output:

The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

What's Changed

• feat(auth): resolve caller identity once into a Principal at the auth seam by @yassin-berriai in #30887
• feat(fireworks_ai): sync chat completions endpoint with full API surface by @mateo-berri in #30885
• feat: litellm plugin architecture v2 by @krrish-berri-2 in #30688
• feat(sandbox): code interpreter interceptor on the Responses API by @krrish-berri-2 in #30905
• refactor(exceptions): extract exception_type provider dispatch so basedpyright can analyze it by @mateo-berri in #30802
• refactor(streaming): extract chunk_creator dispatch so basedpyright can analyze it by @mateo-berri in #30793
• test(interactions): drop role from Interaction output fields to match Google spec by @tin-berri in #30986
• fix(mcp): stop exposing MCP server URLs on the AI Hub and public hub API by @tin-berri in #30902
• perf(otel): resolve LITELLM_OTEL_V2 flag once instead of rebuilding settings per call by @yassin-berriai in #30989
• fix(ui): stop per-model usage export from duplicating user spend across models by @yassin-berriai in #30980
• fix: reject model_list in proxy body and gate advisor client credentials by @yucheng-berri in #30585
• feat(scim): drive global proxy role from a SCIM admin group by @yassin-berriai in #30895
• feat(scim): ingest enterprise extension attributes into user metadata by @yassin-berriai in #30893
• fix(ui): resolve user_id to email in Spend Per User usage chart by @yassin-berriai in #30992
• fix: prevent key-level metadata.tags from leaking into Bedrock passthrough body by @mateo-berri in #30985
• fix(proxy): scope team BYOK models by key team_id in /model/info by @ryan-crabbe-berri in #31009
• fix(bedrock): only expand config-sourced AWS credential references by @yucheng-berri in #30867
• feat(mcp): scope a key to zero MCP servers with no-mcp-servers sentinel by @ryan-crabbe-berri in #31029
• feat(ui): add Amazon Bedrock Mantle to the Add Model provider dropdown by @ryan-crabbe-berri in #31034
• feat(proxy): allow llm_api_routes virtual keys to list MCP tools via /v1/mcp/tools by @ryan-crabbe-berri in #31031
• fix(ui): label request logs column "Key Alias" to match filter by @ryan-crabbe-berri in #31037
• test(ui): scrub stale return-url cookie from e2e storageState by @ryan-crabbe-berri in #30317
• docs: add MCP server change guidelines by @krrish-berri-2 in #31038
• fix(passthrough,streaming): recover cost on interrupted and agentic Anthropic streams by @yassin-berriai in #31035
• fix(ui): clarify OpenAI-compatible provider dropdown labels (chat vs legacy completions) by @mateo-berri in #31046
• fix(proxy): serialize team budget_limits to JSON in jsonify_team_object by @yuneng-berri in #31045
• fix(realtime): stop revalidating realtime events at the logging boundary by @yassin-berriai in #31054
• feat(mcp): scaffold outbound_credentials package with typed Result by @tin-berri in #31047
• fix(router): isolate all per-deployment pricing overrides from sibling deployments by @mubashir1osmani in #31021
• fix(mcp): stop auth failures on the /mcp path surfacing as cancelled tool calls by @tin-berri in #31011
• refactor(completion): extract provider dispatch into typed helpers so basedpyright can analyze it by @mateo-berri in #30813
• chore: litellm oss staging by @Sameerlite in #30968
• fix(typing): bring reportReturnType back under the basedpyright budget by @mateo-berri in #31103
• fix(realtime): post-tool-call function_response id omission by @Sameerlite in #30446
• feat: add opensandbox sandbox provider by @krrish-berri-2 in #31024
• feat(mcp): add resolve_credentials dispatch skeleton by @tin-berri in #31056
• fix(router): guard num_retries=None in async_function_with_retries by @milan-berri in #30036
• fix(ui): keep team Organization optional for proxy admins in single-org setups by @yuneng-berri in #30861
• feat(cloudflare): add current Workers AI text-generation models to the cost map by @mateo-berri in #31051
• ci: make the basedpyright budget gate delta-vs-base by @mateo-berri in #31106
• fix(cloudflare): route native Workers AI provider through OpenAI-compatible endpoint by @mateo-berri in #31053
• feat: add chat completions code interpreter loop by @krrish-berri-2 in #31027
• fix(search): block server credential leak to caller-supplied api_base by @tin-berri in #30682
• feat: add LiteLLM Rust workspace with Mistral OCR bridge by @ishaan-berri in #31033
• fix(router): honor litellm_settings.request_timeout as an independent per-attempt timeout by @mateo-berri in #31119
• fix: tighten role-based visibility of config and MCP fields by @yucheng-berri in #30587
• feat: add openai realtime translation layer to litellm-rust (1/2) by @ishaan-berri in #31129
• fix(deps): bump osv-flagged dependencies to clear known CVEs by @yucheng-berri in #31122
• fix(model_prices): correct regional processing uplift to gpt-5.4/5.5 series only by @mateo-berri in #31136
• chore(ci): bump litellm version by @yuneng-berri in #31139
• chore(ci): promote internal staging to main by @yuneng-berri in #31140

Full Changelog: v1.90.0-rc.1...v1.91.0-dev.1