o ưic@s dZddlZddlZddlZddlmZmZddlmZmZm Z m Z m Z m Z m Z ddlZddlmZmZmZmZmZmZddlmZddlZddlmZddlmZdd lmZdd lmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;mZ>m?Z?m@Z@mAZAmBZBdd lCmDZDmEZEmFZFmGZGmHZHdd lImJZJdd lKmLZLmMZMmNZNmOZOmPZPmQZQmRZRddlSmTZTddlUmVZVmWZWddlXmYZYddlZm[Z[m\Z\ddl]m^Z^m_Z_ddl`maZaddlbmcZcddldmeZemfZfmgZgmhZhmiZimjZjeZkGdddZldemdeBdenfddZo dde^de emde emde e)fd d!Zpd"e e*d#e e1eAfd$e eqd%e eqd&eemeqfd'eemeqfd(emddfd)d*Zrd"e e*d#e e1eAfd$e eqd%e eqd(emddf d+d,Zsd"e e*d-e'd#e e1eAfddfd.d/Ztd"e e*d-e'd#e e1eAfddfd0d1Zud-e'd#e e1eAfde^ddfd2d3Zvd#e e1eAfdeBde^d4eddf d5d6Zwekjxd7d8geeJge*d9e\eeJedd:d;fd#e1dd?Zyd@e*dAezdemd=e emdeBdBemddfdCdDZ{d#eAdEe emde^deBdBemde emf dFdGZ|dHemd@edIe eadedef dJdKZ}dLe*dMe(dIeadenfdNdOZ~ekjxdPd8geeJgdQe\eeJedd:d;fd#eAdd9e\eeJfd#e=dlitellm.proxy.management_endpoints.budget_management_endpointsrf team_aliasreplaceruuid4hexrj max_budget rpm_limit tpm_limitgetrirV_clean_team_member_fields) rarbrcrWrXrYrZrerfribudget_requestteam_member_budget_tabler^r^r_create_team_member_budget_tables>    z7TeamMemberBudgetHandler.create_team_member_budget_table team_table updated_kvc sddlm}ddlm}|jduri|_|jd} | durst| trs|| d} |dur0|| _|dur7|| _ |dur>|| _ |durE|| _ || |dIdH} t d| jd |d |d ||d durki|d <| j|d d<ntj|||||||d IdH}t||S)z4Upsert team member budget table with provided limitsrrd) update_budgetNrm)rirkz"Updated team member budget table: z, with team_member_budget=z, team_member_rpm_limit=z, team_member_tpm_limit=rl)rarbrcrWrXrYrZ)rnreror~rlrw isinstancestrrtrurvrjrinforirVr{rx) r|rcr}rWrXrYrZrer~rmryZ budget_rowr^r^r_upsert_team_member_budget_tablesJ      z7TeamMemberBudgetHandler.upsert_team_member_budget_table data_dictcCs4|dd|dd|dd|dddS)z.Remove team member fields from data dictionaryrWNrZrXrY)pop)rr^r^r_rxs   z1TeamMemberBudgetHandler._clean_team_member_fields)NNNN)__name__ __module__ __qualname____doc__ staticmethodrfloatintrboolr`r r'r dictr8r{rrxr^r^r^r_rVps   6 :rVteam_idrcr[cCs*tjdurdSdtjvr|tjdvSdS)NFavailable_teams)litellmdefault_internal_user_paramsrrcr^r^r__is_available_teams  r prisma_clientteam_idsuser_idcsjdd|ii}|durd|gi|d<|jjj|ddidIdH}g}|D]}|tdi|q$|S) z)Get all team memberships for a given userrinNrlitellm_budget_tableTwhereincluder^)dblitellm_teammembership find_manyappendr model_dump)rrrZ where_objteam_memberships returned_tmtmr^r^r_get_all_team_membershipss  rteamsraentity_rpm_limitentity_tpm_limitentity_model_rpm_limit_dictentity_model_tpm_limit_dict entity_typec Cszt|ddp|jr|jddnd}t|ddp#|jr"|jddnd}|dur.|dur.dSi} i} |D]J} | jrZ| jdddurZ| jdiD]\} } | | d| | | <qK| jr~| jdddur~| jdiD]\} }| | d|| | <qoq4|dur|D]Q\} } |dur| | d| |krtdd| | dd| d|d |d |r|| }|r| | d| |krtdd| | dd| d|d |d q|dur9|D]X\} }|dur | | d||kr tdd | | dd |d|d |d |r8|| }|r8| | d||kr8tdd | | dd |d|d |d qdSdS)z Generic function to check if a team is allocating model specific limits. Raises an error if we're overallocating. model_rpm_limitNmodel_tpm_limitrAllocated RPM limit= + Team RPM limit= is greater than RPM limit= status_codedetailAllocated TPM limit= + Team TPM limit= TPM limit=)getattrrlrwitemsr)rrarrrrrrrZmodel_specific_rpm_limitZmodel_specific_tpm_limitteammodelrurvZentity_model_specific_rpm_limitZentity_model_specific_tpm_limitr^r^r_!_check_team_model_specific_limits s  " "  " "rc Cs|durt|dkrtdd|D}tdd|D}nd}d}|jdurD|durD|j||krDtdd|d|jd |d |d |jdurg|duri|j||krktdd |d |jd |d|d dSdSdS)zx Generic function to check if a team is allocating rpm/tpm limits. Raises an error if we're overallocating. Nrcs |] }|jdur|jVqdSN)rv.0rr^r^r_ z-_check_team_rpm_tpm_limits..csrr)rurr^r^r_rrrrrrrrrrr)lensumrvrru)rrarrrZ allocated_tpmZ allocated_rpmr^r^r__check_team_rpm_tpm_limitsus4    r org_tablec Csfd}d}i}i}|jdur|jj}|jj}|jr&|jdi}|jdi}t||||||dddS)z| Check if the organization team is allocating model specific limits. If so, raise an error if we're overallocating. Nrr organization)rrarrrrr)rrurvrlrwr)rrrarrrrr^r^r_$check_org_team_model_specific_limitss&   rcCs8d}d}|jdur|jj}|jj}t||||dddS)zu Check if the organization team is allocating rpm/tpm limits. If so, raise an error if we're overallocating. Nr)rrarrr)rrurvr)rrrarrr^r^r_check_org_team_rpm_tpm_limitss   rc s,|jdur-|jdur-|jjdur-|j|jjkr-tddd|jd|jjd|jid|jdur_t|jdkr_tjj|jvrAn|jD]}||jvr^tddd |d |jd |jidqD|j dur|jdur|jj dur|j |jj krtddd |j d |jj d|jid|j dur|jdur|jj dur|j |jj krtddd|j d|jj d|jidt |ddp|j r|j ddnd}t |ddp|j r|j ddnd}|dkr|dkrdS|jjjd|jidIdH}g}|D]}|tdi|qt|||dt|||ddS)z Check organization team limits including: - Team budget vs organization's max_budget - Team models vs organization's allowed models - Guaranteed throughput limits (tpm/rpm) if applicable NrerrorzTeam max_budget (z%) exceeds organization's max_budget (z). Organization: rrzModel 'zD' not in organization's allowed models. Organization allowed models=z. Organization: zTeam tpm_limit (z$) exceeds organization's tpm_limit (zTeam rpm_limit (z$) exceeds organization's rpm_limit (rpm_limit_typetpm_limit_typeZguaranteed_throughputorganization_idr)rrrar^)rtrrrmodelsrr+all_proxy_modelsvaluervrurrlrwrlitellm_teamtablerrr rrr) rrarmrrrZ team_objsrr^r^r__check_org_team_limitss              ruser_api_key_cachecsF|jdur6|jdur6t|j||ddIdH}|dur6|jdur6|j|jkr6tddd|jd|jid|jdur]t|jd kr]|jD]}||jvr\tddd |jd |jidqE|jdur}|jdur}|j|jkr}tddd |jd|jid|jdur|jdur|j|jkrtddd |jd|jiddSdSdS)a> Check user team limits for standalone teams (not org-scoped). This validates: - Team budget vs user's max_budget - Team models vs user's allowed models Should only be called for standalone teams (when organization_id is None). For org-scoped teams, use _check_org_team_limits() instead. NF)rrruser_id_upsertrrz1max budget higher than user max. User max budget=z . User role=rrz6Model not in allowed user models. User allowed models=z . User id=z/tpm limit higher than user max. User tpm limit=z/rpm limit higher than user max. User rpm limit=) rtrr=r user_rolerrrvru)rarcrrZuser_objrr^r^r__check_user_team_limitsDsX          rz /team/newzteam management)tags dependenciesresponse_modelzThe litellm-changed-by header enables tracking of actions performed by authorized users on behalf of other users, providing an audit trail for accountability) description http_requestlitellm_changed_bycszddlm}m}m}m}m}|durtdddid|jdur3|jdkr3tddd |jid|jdurI|jdkrItddd |jid|j dur_|j dkr_tddd |j id|j dur|jdur|j |jkrtddd |j d |jdid|j j IdH} | r|j | drtddd|jdurtt|_n|j|jdddIdH} | durtddd|jdid|jdur|durt|j||dIdH} | durtdd|jdt| ||dIdH|jdurttjtrttjdkrttjdtrtjd} | d} | dur| |_|jdus*|jtjkr;|jdur;t ||||dIdH|j!durcd}|j"D] }|j!|j!krQd}qF|durc|j"#t$d|j!dd}|j%durt|j%trt&t'(|j%|j!p}||j!p|d }|j j)*i|j'dd!IdH}|j+}|'}t,||d"IdH}t-j.|j|j/|j0d#rt-j1||||j|j/|j0d$IdH}t2d3i|d%|i}t3D]}t4||ddurt5||t4||d&qt6D]}t4||ddurt5||t4||d&q|j7durdd'l8m9}||j7d(|_:g}|j"dur |j"}g|_"|j;dd!}t4|d)d}|dur5t<|nt|j|d-}t?|||||d.IdHtj@dur|j'dd!}t'j(|td/}tAB|tCtttDEtFjG|p|j!p||jHtIjJ|jd0|dd1 d2z|;WWStKy|YWSwtKy}ztL|d}~ww)4u Allow users to create a new team. Apply user permissions to their team. 👉 [Detailed Doc on setting team budgets](https://docs.litellm.ai/docs/proxy/team_budgets) Parameters: - team_alias: Optional[str] - User defined team alias - team_id: Optional[str] - The team id of the user. If none passed, we'll generate it. - members_with_roles: List[{"role": "admin" or "user", "user_id": ""}] - A list of users and their roles in the team. Get user_id when making a new user via `/user/new`. - team_member_permissions: Optional[List[str]] - A list of routes that non-admin team members can access. example: ["/key/generate", "/key/update", "/key/delete"] - metadata: Optional[dict] - Metadata for team, store information for team. Example metadata = {"extra_info": "some info"} - model_rpm_limit: Optional[Dict[str, int]] - The RPM (Requests Per Minute) limit for this team - applied across all keys for this team. - model_tpm_limit: Optional[Dict[str, int]] - The TPM (Tokens Per Minute) limit for this team - applied across all keys for this team. - tpm_limit: Optional[int] - The TPM (Tokens Per Minute) limit for this team - all keys with this team_id will have at max this TPM limit - rpm_limit: Optional[int] - The RPM (Requests Per Minute) limit for this team - all keys associated with this team_id will have at max this RPM limit - rpm_limit_type: Optional[Literal["guaranteed_throughput", "best_effort_throughput"]] - The type of RPM limit enforcement. Use "guaranteed_throughput" to raise an error if overallocating RPM, or "best_effort_throughput" for best effort enforcement. - tpm_limit_type: Optional[Literal["guaranteed_throughput", "best_effort_throughput"]] - The type of TPM limit enforcement. Use "guaranteed_throughput" to raise an error if overallocating TPM, or "best_effort_throughput" for best effort enforcement. - max_budget: Optional[float] - The maximum budget allocated to the team - all keys for this team_id will have at max this max_budget - soft_budget: Optional[float] - The soft budget threshold for the team. If max_budget is set, soft_budget must be strictly lower than max_budget. Can be set independently if max_budget is not set. - budget_duration: Optional[str] - The duration of the budget for the team. Doc [here](https://docs.litellm.ai/docs/proxy/team_budgets) - models: Optional[list] - A list of models associated with the team - all keys for this team_id will have at most, these models. If empty, assumes all models are allowed. - blocked: bool - Flag indicating if the team is blocked or not - will stop all calls from keys with this team_id. - members: Optional[List] - Control team members via `/team/member/add` and `/team/member/delete`. - tags: Optional[List[str]] - Tags for [tracking spend](https://litellm.vercel.app/docs/proxy/enterprise#tracking-spend-for-custom-tags) and/or doing [tag-based routing](https://litellm.vercel.app/docs/proxy/tag_routing). - prompts: Optional[List[str]] - List of prompts that the team is allowed to use. - organization_id: Optional[str] - The organization id of the team. Default is None. Create via `/organization/new`. - model_aliases: Optional[dict] - Model aliases for the team. [Docs](https://docs.litellm.ai/docs/proxy/team_based_routing#create-team-with-model-alias) - guardrails: Optional[List[str]] - Guardrails for the team. [Docs](https://docs.litellm.ai/docs/proxy/guardrails) - policies: Optional[List[str]] - Policies for the team. [Docs](https://docs.litellm.ai/docs/proxy/guardrails/guardrail_policies) - disable_global_guardrails: Optional[bool] - Whether to disable global guardrails for the key. - object_permission: Optional[LiteLLM_ObjectPermissionBase] - team-specific object permission. Example - {"vector_stores": ["vector_store_1", "vector_store_2"], "agents": ["agent_1", "agent_2"], "agent_access_groups": ["dev_group"]}. IF null or {} then no object permission. - team_member_budget: Optional[float] - The maximum budget allocated to an individual team member. - team_member_rpm_limit: Optional[int] - The RPM (Requests Per Minute) limit for individual team members. - team_member_tpm_limit: Optional[int] - The TPM (Tokens Per Minute) limit for individual team members. - team_member_key_duration: Optional[str] - The duration for a team member's key. e.g. "1d", "1w", "1mo" - allowed_passthrough_routes: Optional[List[str]] - List of allowed pass through routes for the team. - allowed_vector_store_indexes: Optional[List[dict]] - List of allowed vector store indexes for the key. Example - [{"index_name": "my-index", "index_permissions": ["write", "read"]}]. If specified, the key will only be able to use these specific vector store indexes. Create index, using `/v1/indexes` endpoint. - secret_manager_settings: Optional[dict] - Secret manager settings for the team. [Docs](https://docs.litellm.ai/docs/secret_managers/overview) - router_settings: Optional[UpdateRouterConfig] - team-specific router settings. Example - {"model_group_retry_policy": {"max_retries": 5}}. IF null or {} then no router settings. - access_group_ids: Optional[List[str]] - List of access group IDs to associate with the team. Access groups define which models the team can access. Example - ["access_group_1", "access_group_2"]. - enforced_file_expires_after: Optional[dict] - Enforced file expiration policy for the team. Keys created under this team will inherit this policy for file uploads. Example - {"anchor": "created_at", "days": 30}. - enforced_batch_output_expires_after: Optional[dict] - Enforced batch output file expiration policy for the team. Keys created under this team will inherit this policy for batch output files. Example - {"anchor": "created_at", "days": 30}. Returns: - team_id: (str) Unique team id - used for tracking spend across multiple keys for same team id. _deprecated_params: - admins: list - A list of user_id's for the admin role - users: list - A list of user_id's for the user role Example Request: ``` curl --location 'http://0.0.0.0:4000/team/new' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "team_alias": "my-new-team_2", "members_with_roles": [{"role": "admin", "user_id": "user-1234"}, {"role": "user", "user_id": "user-2434"}] }' ``` ``` curl --location 'http://0.0.0.0:4000/team/new' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "team_alias": "QA Prod Bot", "max_budget": 0.000000001, "budget_duration": "1d" }' ``` r)_license_checkcreate_audit_log_for_updatelitellm_proxy_admin_namerrNrNo db connectedrr)max_budget cannot be negative. Received: 1team_member_budget cannot be negative. Received: *soft_budget cannot be negative. Received: soft_budget (*) must be strictly lower than max_budget ())Z team_countzOLicense is over limit. Please contact support@berri.ai to upgrade your license.r find_uniquer table_name query_typez Team id = z0 already exists. Please use a different team id.Zorg_idrrz+Organization not found for organization_id=rrarrtrarcrrFTadmin)roler model_aliasesZ created_byZ updated_byZ exclude_none) data_jsonr)rWrXrY)rarbrcrWrXrYmodel_id)Z object_data field_namerget_budget_reset_timerjrouter_settingsZdb_datalitellm_model_table)rar)rmemberracomplete_team_datarrcrdefaultcreated idZ updated_atZ changed_byZchanged_by_api_keyrZ object_idactionZupdated_valuesZ before_valueZ request_datar^)Mlitellm.proxy.proxy_serverrrrrrrrtrW soft_budgetrrcountZis_team_count_over_limitrrrrrget_datarr;rrrZdefault_team_settingslistrrrwrr% PROXY_ADMINrrmembers_with_rolesrr&rrjsondumpslitellm_modeltablecreaterrGrVr`rXrYr{r rrrArrj)litellm.proxy.common_utils.timezone_utilsrbudget_reset_atrrjsonify_team_objectr1_add_team_members_to_teamstore_audit_logsasyncio create_taskrrnowrutcapi_keyr$TEAM_TABLE_NAME ExceptionrM)rarrcrrrrrrZ total_teamsZ_existing_team_idrZdefault_settingsZdefault_budgetZcreating_user_in_listr _model_idr model_dictrrfieldrrZcomplete_team_data_dictZrouter_settings_valueZrouter_settings_jsonteam_rowZteam_member_add_requestZ_updated_valueser^r^r_new_teams[                                   r&existing_team_rowr}rc s~ddlm}|jdd}tj|td}tj|td}t|ttt t t j |p/|jp/||jtj|d||d dd S) a Create an audit log entry for team update operations. Args: existing_team_row: The team row before the update updated_kv: Dictionary of updated key-value pairs team_id: The ID of the team being updated litellm_changed_by: Optional header indicating who made the change user_api_key_dict: User API key authentication details litellm_proxy_admin_name: Name of the proxy admin r)rTrrupdatedrr N)Z+litellm.proxy.management_helpers.audit_logsrrrrrrrrrrrrrrrrr$r) r'r}rrrcrrZ _before_valueZ _after_valuer^r^r__create_team_update_audit_logs.    r)rcs|}|jdurUt|jtrUtt|j|jp||jp|d}|dur5|jjj i|jdddIdH}n|jjj d|ii|jddi|jddddIdH}|j }|S) z4 Upsert model table and return the model id NrTrrar)updaterrra) rrrrrrrrrrZupsertr)rarrrcrr!rr"r^r^r__update_model_tables(   r-r llm_routercs|durtddtjjid|jjjd|idddddIdH}|dur0td dd |idttd i| t d i| |d |S) a Fetch and validate an organization for team update operations. Args: organization_id: The organization ID to fetch existing_team_row: The existing team row being updated llm_router: The LLM router instance prisma_client: The Prisma database client Returns: The organization row from the database Raises: HTTPException: If llm_router is None, organization not found, or validation fails NrrrrT)rmembersrrz/Organization not found, passed organization_id=)rrr.r^) rrZ no_llm_routerrrZlitellm_organizationtablervalidate_team_org_changer rr)rr'r.rZorganization_rowr^r^r_fetch_and_validate_organization;s*    r2rrcs|j|jkrdSt|jdkr8tjj|jvrn!|jdus#t|jdkr+tdddid|jD] }t|||dq.|jr[|j r[|j jr[|j|j jkr[tddd |jd |j jd idd d |j D}|j rndd |j Dngfdd |D}t|dkrtddd|did|j r|j r|j j r|j |j j krtddd|j d|j j d id|j r|j r|j j r|j |j j krtddd|j d|j j d iddS)a2 Validate that a team can be moved to an organization. - The org must have access to the team's models - The team budget cannot be greater than the org max_budget - The team's user_id must be a member of the org - The team's tpm/rpm limit must be less than the org's tpm/rpm limit TrNrrzeCannot move team to organization. Team has access to all proxy models, but the organization does not.r)rZ org_objectr.z6Cannot move team to organization. Team has max_budget z4 that is greater than the organization's max_budget .cSg|]}|jqSr^rrrr^r^r_ z,validate_team_org_change..cSr4r^r5r6r^r^r_r7r8cs$g|]}|vr|tjjkr|qSr^)r,Zdefault_user_idrr6Z org_membersr^r_r7s z3Cannot move team to organization. Team has user_id z* that is not a member of the organization.z5Cannot move team to organization. Team has tpm_limit z3 that is greater than the organization's tpm_limit z5Cannot move team to organization. Team has rpm_limit z3 that is greater than the organization's rpm_limit )rrrr+rrrr:rtrrr/rvru)rrr.r team_membersZ not_in_orgr^r9r_r1ks      r1z /team/update)rrc szNddlm}ddlm}m}m}m}m} |dur%tddt j j id|j dur2tddd idt d ||jdurN|jdkrNtddd |jid|jdurd|jdkrdtddd |jid|jdurz|jdkrztddd |jid|jjjd|j idIdH} | durtddd|j id|jdur|jdur|jn| j} | dur|j| krtddd|jd| did|jdurt| dd} |jdur|jn| } | durt| ttfr|j| krtddd|jd| did|jdurt|jdkrt|j| ||dIdHn|jdur"t|jdkr"d|_|jdur+|jn| j}|durWt|trW|durWt|| |dIdH}|durWt|||dIdH|jdusd|jt j!krt|durtt"|||| dIdH|j#dd}t$||t%j&|j|j'|j(|j)drt%j*| |||j|j'|j(|j)dIdH}nt%+||j,durt-|| d IdH}t.|d!d"|vr|/d"t0|| j1|||d#IdH}|dur||d$<d%|vr|d%durt2|d%|d%<|j3|d&}|jjj4d|j i|d'did(IdH}|dus|j durtddd)5|idt 6d*|j ||j t7d.i|8| |d+IdHt9j:durJt;| ||j |||d,IdH|j |d-WSt<ya}zt=|d}~ww)/a Use `/team/member_add` AND `/team/member/delete` to add/remove new team members You can now update team budget / rate limits via /team/update Parameters: - team_id: str - The team id of the user. Required param. - team_alias: Optional[str] - User defined team alias - team_member_permissions: Optional[List[str]] - A list of routes that non-admin team members can access. example: ["/key/generate", "/key/update", "/key/delete"] - metadata: Optional[dict] - Metadata for team, store information for team. Example metadata = {"team": "core-infra", "app": "app2", "email": "ishaan@berri.ai" } - tpm_limit: Optional[int] - The TPM (Tokens Per Minute) limit for this team - all keys with this team_id will have at max this TPM limit - rpm_limit: Optional[int] - The RPM (Requests Per Minute) limit for this team - all keys associated with this team_id will have at max this RPM limit - max_budget: Optional[float] - The maximum budget allocated to the team - all keys for this team_id will have at max this max_budget - soft_budget: Optional[float] - The soft budget threshold for the team. If max_budget is set (either in the request or existing), soft_budget must be strictly lower than max_budget. Can be set independently if max_budget is not set. - budget_duration: Optional[str] - The duration of the budget for the team. Doc [here](https://docs.litellm.ai/docs/proxy/team_budgets) - models: Optional[list] - A list of models associated with the team - all keys for this team_id will have at most, these models. If empty, assumes all models are allowed. - prompts: Optional[List[str]] - List of prompts that the team is allowed to use. - blocked: bool - Flag indicating if the team is blocked or not - will stop all calls from keys with this team_id. - tags: Optional[List[str]] - Tags for [tracking spend](https://litellm.vercel.app/docs/proxy/enterprise#tracking-spend-for-custom-tags) and/or doing [tag-based routing](https://litellm.vercel.app/docs/proxy/tag_routing). - organization_id: Optional[str] - The organization id of the team. Default is None. Create via `/organization/new`. - model_aliases: Optional[dict] - Model aliases for the team. [Docs](https://docs.litellm.ai/docs/proxy/team_based_routing#create-team-with-model-alias) - guardrails: Optional[List[str]] - Guardrails for the team. [Docs](https://docs.litellm.ai/docs/proxy/guardrails) - policies: Optional[List[str]] - Policies for the team. [Docs](https://docs.litellm.ai/docs/proxy/guardrails/guardrail_policies) - disable_global_guardrails: Optional[bool] - Whether to disable global guardrails for the key. - object_permission: Optional[LiteLLM_ObjectPermissionBase] - team-specific object permission. Example - {"vector_stores": ["vector_store_1", "vector_store_2"], "agents": ["agent_1", "agent_2"], "agent_access_groups": ["dev_group"]}. IF null or {} then no object permission. - team_member_budget: Optional[float] - The maximum budget allocated to an individual team member. - team_member_budget_duration: Optional[str] - The duration of the budget for the team member. Doc [here](https://docs.litellm.ai/docs/proxy/team_budgets) - team_member_rpm_limit: Optional[int] - The RPM (Requests Per Minute) limit for individual team members. - team_member_tpm_limit: Optional[int] - The TPM (Tokens Per Minute) limit for individual team members. - team_member_key_duration: Optional[str] - The duration for a team member's key. e.g. "1d", "1w", "1mo" - allowed_passthrough_routes: Optional[List[str]] - List of allowed pass through routes for the team. - model_rpm_limit: Optional[Dict[str, int]] - The RPM (Requests Per Minute) limit per model for this team. Example: {"gpt-4": 100, "gpt-3.5-turbo": 200} - model_tpm_limit: Optional[Dict[str, int]] - The TPM (Tokens Per Minute) limit per model for this team. Example: {"gpt-4": 10000, "gpt-3.5-turbo": 20000} Example - update team TPM Limit - allowed_vector_store_indexes: Optional[List[dict]] - List of allowed vector store indexes for the key. Example - [{"index_name": "my-index", "index_permissions": ["write", "read"]}]. If specified, the key will only be able to use these specific vector store indexes. Create index, using `/v1/indexes` endpoint. - secret_manager_settings: Optional[dict] - Secret manager settings for the team. [Docs](https://docs.litellm.ai/docs/secret_managers/overview) - router_settings: Optional[UpdateRouterConfig] - team-specific router settings. Example - {"model_group_retry_policy": {"max_retries": 5}}. IF null or {} then no router settings. - access_group_ids: Optional[List[str]] - List of access group IDs to associate with the team. Access groups define which models the team can access. Example - ["access_group_1", "access_group_2"]. - enforced_file_expires_after: Optional[dict] - Enforced file expiration policy for the team. Keys created under this team will inherit this policy for file uploads. Example - {"anchor": "created_at", "days": 30}. - enforced_batch_output_expires_after: Optional[dict] - Enforced batch output file expiration policy for the team. Keys created under this team will inherit this policy for batch output files. Example - {"anchor": "created_at", "days": 30}. ``` curl --location 'http://0.0.0.0:4000/team/update' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data-raw '{ "team_id": "8d916b1c-510d-4894-a334-1c16a93344f5", "tpm_limit": 100 }' ``` Example - Update Team `max_budget` budget ``` curl --location 'http://0.0.0.0:4000/team/update' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data-raw '{ "team_id": "8d916b1c-510d-4894-a334-1c16a93344f5", "max_budget": 10 }' ``` r)_cache_team_object)rr.rproxy_logging_objrNrrrrNo team id passed inz/team/update - %srrrrrr0Team not found, passed team_id=rrrr z max_budget (z-) must be strictly greater than soft_budget ()rr'r.rrrrT)Z exclude_unsetr])r|rcr}rWrXrYrZ)rr')r}r)rarrrcrrrrr)rrarzTeam doesn't exist. Got={}z$Successfully updated team - %s, info)rr|rr<)r'r}rrrcr)rrar^)>litellm.proxy.auth.auth_checksr;r rr.rr<rrrdb_not_connected_errorrrrdebugrtrWr rrrrrrrrrr2rr;rrr%rrr_set_budget_reset_atrVr`rXrYrZrrxobject_permissionhandle_update_object_permissionrCrr-rrrr+formatrr!rrrr)r rM)rarrcrr;rr.rr<rr'Zmax_budget_to_checkZexisting_soft_budgetZsoft_budget_to_checkZorg_id_to_checkrr}r!r$r%r^r^r_ update_teamsBK                             rFcCs2|jdurddlm}||jd}||d<dSdS)zASet budget_reset_at in updated_kv if budget_duration is provided.Nrrrr)rjrr)rar}rZreset_atr^r^r_rBs    rBrcsHddlm}t||j|dIdH}|dur"||d<td||S)a Handle the update of object permission for a team. - IF there's no object_permission_id, then create a new entry in LiteLLM_ObjectPermissionTable - IF there's an object_permission_id, then update the entry in LiteLLM_ObjectPermissionTable rr)rZexisting_object_permission_idrNobject_permission_idzupdated object_permission_id: )r rrHrHrrA)rr'rrHr^r^r_rDs  rDr premium_usercCszt|tr|jdkr|durtdtjjdSt|tr9|D]}|jdkr8|dur8td|dtjjdq dSdS)NrTz,Assigning team admins is a premium feature. z0Assigning team admins is a premium feature. Got=z. )rr&r ValueErrorrZnot_premium_userrr)rrIrr^r^r__check_team_member_admin_add s    rKc Cs|dur tdddid|jdurtdddid|jdur&tdddidz t|j|dWdStyF}z tddt|idd}~ww) Nrrrrrr=zNo member/members passed in)rrI)rrrrKr r)rrarIr%r^r^r_team_call_validation_checkss"   rLcsgdtffdd }t|jtr||jnt|jtr(|jD]}||q!t|jtrDtt|jkrDtdjtj dddt|jtrgtdkrgtd|jj d |jj d jtj dddtd kr{t d jd dSdS)z Check if a member already exists in the team. This check is done BEFORE we create/fetch the user, so it only prevents obvious duplicates where both user_id and user_email match exactly. rcs`|jdurjD] }|j|jkr|q|jdur,jD]}|j|jkr+|qdSdSr)rrr user_email)rexisting_memberr'Zinvalid_team_membersr^r__check_member_duplicationBs        zDteam_member_add_duplication_check.._check_member_duplicationz0All users are already in team. Existing members=Z400messagetypeparamcodez&User already in team. Member: user_id=z , user_email=z. Existing members=rz1Some users are already in team. Existing members=z. Duplicate members=N)r&rrrrrr)rr(Zteam_member_already_in_teamrrMrr)rar'rPrr^rOr_!team_member_add_duplication_check6s4       rWrcstt|dr0|jtjjkr2t||ds4t||dIdHs6t|j|ds8t ddd d|jid dSdSdSdSdS) z;Validate if user has permission to add members to the team.rrcteam_objNrrrJCall not allowed. User not proxy admin OR team admin. route={}, team_id={}/team/member_addr) hasattrrr%rrr@r?rrrrErcrr^r^r_%_validate_team_member_add_permissionsjs6  r^c sXg}g}|jdur|jdnd}t|jtr]zt|j|j||||j|dIdH\}} WntyJ} zt ddd |j|jt | idd} ~ ww| || durY| | ||fSt|jt r|jD]A} zt| |j||||j|dIdH\}} Wnty} zt ddd | |jt | idd} ~ ww| || dur| | qf||fS)z!Process and add new team members.Nrm) new_membermax_budget_in_teamrrcrrdefault_team_budget_idrrz6Unable to add user - {}, to team - {}, for reason - {}r)rlrwrrr&rJr`rr rrErrr) rarrrcr updated_usersupdated_team_membershipsra updated_userZ updated_tmr%rr^r^r__process_team_memberssv           rerbcs`t|jtrX|j}|jdur*|jdur*|D]}|jdur)|j|jkr)|j|_qd}|jD]}|jdur<|j|jksG|jdurK|j|jkrKd}nq/|sV|j|dSdSt|jtr|jD]L}|jdur|jdur|D]}|jdur|j|jkr|j|_qod}|jD]}|jdur|j|jks|jdur|j|jkrd}nq|s|j|qadSdS)z*Update the team's members_with_roles list.NFT) rrr&Z model_copyrrMrrr)rarrbr_userZmember_already_existsrNnmr^r^r__update_team_members_listsR               rhc stt|||||dIdH\}}t|||dIdHdd|jD}|jjjd|jidt|idIdH}|||fS) zAdd team members to the team.rN)rarrbcSg|]}|qSr^rr6r^r^r_r7z-_add_team_members_to_team..rrr,) rerhrrrr+rrr) rarrrcrrbrc_db_team_members updated_teamr^r^r_rs&     rcs|jdur|jdurtdddid|jdurq|jdurq|jd|jiddd IdH}|dus:t|tr.rr,rrMrset)rr$_persist_deleted_verification_tokensr)rrkeysrrcrr^)&r rrrrrMrrrrEr rrr%rrr@r?r{rr+rrrsrrrrrremoveraddrrZ delete_many;litellm.proxy.management_endpoints.key_management_endpointsrlitellm_verificationtoken)rarcr_existing_team_rowr'ryrzZ_db_new_team_members_roZexisting_user_rowsZ existing_user team_listZuser_ids_to_deleteZ_uidrkeys_to_deleter^r^r_team_member_deletes                           rz/team/member_updatec sddlm}m}|durtdddid|jdur"tddd id|jd kr/|s/tdd d|jdurA|jdurAtddd id|jj j d |jidIdH}|dur_tddd |jidt di| }|jtjjkrt||dst||dIdHstddd d|jidt||j|dIdH}|d}d} |jdur|j} n|jdur|djD]} | jdur| j|jkr| j} nq| durtddd |idd} |dD] } | j| kr| j} nq|j4IdH} t| |j| |j| ||j|jdIdHWdIdHn 1IdHswY|jdurbg}|jD]!} | j| kr=|t| j|j|jp7| jdq"|| q"||_dd|D}|jj jd |jidt |idIdHt!|j| |j|j|j|jdS) zE [BETA] Update team member budgets and team member role r)rIrNrrrrrr=ra Assigning team admins is a premium feature. You must be a LiteLLM Enterprise user to use this feature. If you have a license please set `LITELLM_LICENSE` in your env. Get a 7 day trial key here: https://www.litellm.ai/#trial. Pricing: https://www.litellm.ai/#pricingr}rrr~rXrrZr|)rrrc team_infoz,User id doesn't exist in team table. Data={}r)txrrrtZexisting_budget_idrcrvru)rrrMcSrir^rjr6r^r^r_r7D rkz&team_member_update..rr,)rrrMr`rvrur^)"r rIrrrrrrMrrrrEr rrr%rrr@r?rrrirrDr`rvrurr&r+rrr4)rarrcrIrrr'Zreturned_team_infor|Zreceived_user_idrZidentified_budget_idrrr:rlr^r^r_team_member_updates          *      rr/responsec Csg}|D]G}d}|jD]}|jr|j|jks|jr%|j|jkr%|}nq d}|jD]}|jr<|j|jkr<|}nq+|t|j|jd||dq|S)zS Convert TeamAddMemberResponse into individual TeamMemberAddResult objects NT)rrMsuccessrdupdated_team_membership)rbrrMrrcrrT)r/rresultsrrdrfrrr^r^r__create_results_from_responseT s6    rz/team/bulk_member_addc shddlm}ddlm}|durtdd|jjid|jr3|jj j dd id IdH}d d |D|_ |j s>td ddidd}t |j |krStd dd|didz*t t|j|j |jd|dIdH}t|j |}t|j|t |j t |d|dWSty}z*t|t|fdd |j D}t|j|t |j dt |j ddWYd}~Sd}~ww)a" Bulk add multiple members to a team at once. This endpoint reuses the same logic as /team/member_add but provides a bulk-friendly response format. Parameters: - team_id: str - The ID of the team to add members to - members: List[Member] - List of members to add to the team - all_users: Optional[bool] - Flag to add all users on Proxy to the team - max_budget_in_team: Optional[float] - Maximum budget allocated to each user within the team Returns: - results: List of individual member addition results - total_requested: Total number of members requested for addition - successful_additions: Number of successful additions - failed_additions: Number of failed additions - updated_team: The updated team object Example request: ```bash curl --location 'http://0.0.0.0:4000/team/bulk_member_add' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "team_id": "team-1234", "members": [ { "user_id": "user1", "role": "user" }, { "user_email": "user2@example.com", "role": "admin" } ], "max_budget_in_team": 100.0 }' ``` r)rrGNrrr created_atdesc)ordercSsg|] }t|j|jddqS)rf)rrMr)r&rrM)rrfr^r^r_r7 sz(bulk_team_member_add..rzAt least one member is requiredzMaximum z members can be added at once)rrr`rarc)rrZtotal_requestedZsuccessful_additionsZfailed_additionsrmcs g|] }t|j|jddqS)F)rrMrr)rTrrM)rr error_messager^r_r7 s)rnrr rrr@rZ all_usersrrsrr/rrxr1rr`rrQrr r exceptionr) rarcrrZall_users_in_dbZMAX_BATCH_SIZErrr%r^rr_bulk_team_member_add{ sx 2        rz /team/deletecs&ddlm}m}m}|durtdddid|jdur$tddd idg}|jD]8}z|jjjd |id IdH} | dur?t Wnt yRtd dd |idwt di| } | | q)t ||||dIdHtjdur|jD]:}|j|dddIdH} | durqu| jdd} t|tttttj|p|jp||jtj|dd| d dquddl m!} |jj"j#d d|jiid IdH}|r| ||||dIdH|j$|jddIdH|D]%} | j%}g}|D]}| t&t'| j(|j|j)d|dqtj*|IdHq|j$|jddIdH}|S) a delete team and associated team keys Parameters: - team_ids: List[str] - Required. List of team IDs to delete. Example: ["team-1234", "team-5678"] ``` curl --location 'http://0.0.0.0:4000/team/delete' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data-raw '{ "team_ids": ["8d916b1c-510d-4894-a334-1c16a93344f5"] }' ``` r)rrrNrrrrrr=rrr0r>)rrrcrTrrrrdeletedz{}rr rrrkey)Z team_id_listr)rrrMrr^)+r rrrrrrrrr r rr_persist_deleted_team_recordsrrr rrrrrrrrrrrrrrr$rrrrrZ delete_datarrr2rrMgather)rarrcrrrrZ team_rowsrZ team_row_baseZteam_row_pydanticr$Z _team_rowrrr:tasksZ team_memberZ deleted_teamsr^r^r_ delete_team s                 rc Cs|sgSttj}g}|D]B}|}tdi|||j|j|d}|}dD]} | |vr?|| dur?t || || <q*dD]} | | dqB| |q|S)z@Transform teams into deleted team records ready for persistence.) deleted_atZ deleted_byZdeleted_by_api_keyr)rrlZ model_spendZmodel_max_budgetrN)rrCrr^) rrrrrrrrrrrr) rrcrrrecordsrZ team_payloadZdeleted_recordrecordZ json_fieldZrel_keyr^r^r_#_transform_teams_to_deleted_records s.   rrcs$|sdS|jjj|dIdHdS)z*Save deleted team records to the database.Nr*)rlitellm_deletedteamtableZ create_manyrrr^r^r__save_deleted_team_records s rcs&t|||d}t||dIdHdS)z=Persist deleted team records by transforming and saving them.)rrcrrN)rr)rrrcrrr^r^r_r srr|cs|jtjjks|jtjjkrdS|j|jkrdS|jdur=|jdur1tddd|j|jidtddd|jid|jdd|j DvrJdSt ||dIdHrUdStddd |j|jid) Nrrz:Team key for team={} not authorized to access this team={}rz^API key not authorized to access this team={}. No user_id or team_id associated with this key.cSr4r^r5r6r^r^r_r7 sz'validate_membership..rXz-User={} not authorized to access this team={}) rr%rrZPROXY_ADMIN_VIEW_ONLYrrrrErr?rcr|r^r^r_validate_membership sJ      rrmteam_info_response_objectcsNz|jjjd|idIdH}||_W|Sty&td|Y|Sw)NrirzATeam member budget table not found, passed team_member_budget_id=)rZlitellm_budgettablerrzr rr)rmrrZ team_budgetr^r^r__add_team_member_budget_table s  rz /team/infoz!Team ID in the request parameters)rrc sddlm}ddlm}z|durttjddid|dur(ttjdd idz|jj j d |id d id IdH}|dur?t Wnt yTttj dd|didwt |td#i|dIdH|j|ddtdIdH}|duryg}|durd}|D] }|t|dd7}qd|i}|D]} z| } Wn t y| } Ynw| ddqt||gddIdH} t|tr|d#i|} nt|tr|d#i|} n|} | jdur| jdnd} | durt| || dIdH} t|| || d} | WSt yR}zGtd|t !t|tr4t"t|ddt#|dt$j%t|ddt|d tj&d!t|t"r<|t"d"t#|t$j%t|ddtj&d!d}~ww)$a# get info on team + related keys Parameters: - team_id: str - Required. The unique identifier of the team to get info on. ``` curl --location 'http://localhost:4000/team/info?team_id=your_team_id_here' --header 'Authorization: Bearer your_api_key_here' ``` r)r/rGNrzDatabase not connected. Connect a database to your proxy - https://docs.litellm.ai/docs/simple_proxy#managing-auth---virtual-keysrrRz(Malformed request. No team id passed in.rrCTrz Team not found, passed team id: r3rrrn)rrrexpiresspendtokenr5rm)rmrr)rrrrz\litellm.proxy.management_endpoints.team_endpoints.py::team_info - Exception occurred - {} {}rzAuthentication Error(rrTNonerrQzAuthentication Error, r^)'rnr/r rrrZHTTP_500_INTERNAL_SERVER_ERRORZHTTP_422_UNPROCESSABLE_ENTITYrrrr ZHTTP_404_NOT_FOUNDrr rr rrrrrrrrrlrwrr.rrrE traceback format_excr)rr(Z auth_errorZHTTP_400_BAD_REQUEST)rrrcr/rrrrkrrZ _team_informZresponse_objectr%r^r^r_r" s                    rz /team/blockcdddlm}|durtd|jjjd|jiddidIdH}|dur0td d d |jid |S) a Blocks all calls from keys with this team id. Parameters: - team_id: str - Required. The unique identifier of the team to block. Example: ``` curl --location 'http://0.0.0.0:4000/team/block' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "team_id": "team-1234" }' ``` Returns: - The updated team record with blocked=True rrGNNo DB Connected.rblockedTr,r0rr>rr rr rrr+rrrarrcrrr^r^r_ block_team s  rz /team/unblockcr) ay Blocks all calls from keys with this team id. Parameters: - team_id: str - Required. The unique identifier of the team to unblock. Example: ``` curl --location 'http://0.0.0.0:4000/team/unblock' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "team_id": "team-1234" }' ``` rrGNrrrFr,r0rr>rrrr^r^r_ unblock_team s  rz/team/availablecsddlm}|durtddtjjidtttt t j dur&t j dnd}|dur/gS|j jjd|jidIdH}|durItd dd idtdi|fd d |D}|j jjd d|iidIdH}dd |D}|S)NrrGrrrrrrr0zUser not foundcg|] }|jvr|qSr^)rrZuser_info_correct_typer^r_r7/ z(list_available_teams..rrcSsg|] }tdi|qS)r^)r rrr^r^r_r77 sr^)r rrrr@rr rrrrrrwrrsrrr"rrr)rrcrrr user_infoZavailable_teams_dbZavailable_teams_correct_typer^rr_list_available_teams sD         rrpuse_deleted_tablec si}|r ||d<|r|dd|d<|r||d<|rz|jjjd|idIdH}Wnty;td d d |id w|durKtd d d |id tdi|}|r^d |i|d<|S|durkd|ji|d<|S||jvrv||d<|Std d d|id |S)z+Build where conditions for team list query.rrpcontainsrrrprrrNr0rzUser not found, passed user_id=rhasr/rz User is not a member of team_id=r^)rrsrr rr"rr) rrrprrrwhere_conditionsZ user_objectZuser_object_correct_typer^r^r_!_build_team_list_where_conditions> sR         rc Cslg}|r4|D]-}z|}Wn ty|}Ynw|r)|tdi|q|tdi|q|S)z)Convert Prisma models to Pydantic models.Nr^)rr rrrr )rrrrZ team_dictr^r^r__convert_teams_to_responsev s   rz /v2/team/list)rrrz1Only return teams which this 'user_id' belongs toz9Only return teams which this 'organization_id' belongs toz1Only return teams which this 'team_id' belongs tozPOnly return teams which this 'team_alias' belongs to. Supports partial matching.rVzPage number for pagination)rrge zNumber of teams per paged)rrrlez>Column to sort by (e.g. 'team_id', 'team_alias', 'created_at')asczSort order ('asc' or 'desc')z!Filter by status (e.g. 'deleted')page page_sizesort_by sort_orderrc sddlm} | durtddd| idt| |ds(td dd | jid|dur5| jtjkr5| j}| durE| d krEtd dd id| d k} |d|} t | ||||| dIdH}gd}d}|rv||vrv| dvrpd}|| i}| r| j j j || ||r|nddidIdH}| j j j|dIdH}n| j jj || ||r|nddidIdH}| j jj|dIdH}| | }t|| }|||||dS)aU Get a paginated list of teams with filtering and sorting options. Parameters: user_id: Optional[str] Only return teams which this user belongs to organization_id: Optional[str] Only return teams which belong to this organization team_id: Optional[str] Filter teams by exact team_id match team_alias: Optional[str] Filter teams by partial team_alias match page: int The page number to return page_size: int The number of items per page sort_by: Optional[str] Column to sort by (e.g. 'team_id', 'team_alias', 'created_at') sort_order: str Sort order ('asc' or 'desc') status: Optional[str] Filter by status. Currently supports "deleted" to query deleted teams. rrGNrrzNo db connected. prisma client=r)rcZrequested_user_idCOnly admin users can query all teams/other teams. Your user role={}rrz.rrrrrrrTrcSsh|]}|jqSr^rrr^r^r_ d r8z._authorize_and_filter_teams..rZnot_inc3|] }|dkVqdSrNrwr6r5r^r_rl s z._authorize_and_filter_teams..)rcs.g|]}|jrtfdd|jDr|qS)c3rrrr6r5r^r_rz sz9_authorize_and_filter_teams...)rr\rr5r^r_r7v s)rErr=Zorganization_membershipsrrErrrrrrr\r)rcrrrr<Zis_proxy_adminZallowed_org_idsZ is_own_queryZ caller_userZ org_teamsZ seen_team_idsZ all_teamsZ member_teamsrrr^r5r__authorize_and_filter_teams& s~          rz /team/listc srddlm}m}m}|durtddtjjidt|||||dIdH}dd |D}t |||d IdH} g} |D]X} g} | D] } | j | j krM| | q@|j j jd | j id IdH}z| tdi| | |d Wq:ty}zd| j | t|}t|WYd}~q:d}~ww| jddddurtjjkrdd | D} | Sfdd | D} | S)a ``` curl --location --request GET 'http://0.0.0.0:4000/team/list' --header 'Authorization: Bearer sk-1234' ``` Parameters: - user_id: str - Optional. If passed will only return teams that the user_id is a member of. - organization_id: str - Optional. If passed will only return teams that belong to the organization_id. Pass 'default_organization' to get all teams without organization_id. rrr<rNrrr)rcrrrr<cSr4r^rrr^r^r_r7 r8zlist_team..r5rr)rrzWInvalid team object for team_id: {}. team_object={}. Error: {} cSst|ddpdS)Nrp)r)xr^r^r_ szlist_team..)rcSsg|] }|jdur|qSrrrr^r^r_r7 rcsg|] }|jkr|qSr^rrrr^r_r7 s  r^)r rr<rrrr@rrrrrrrrr0rr rErrrsortr*ZDEFAULT_ORGANIZATION)rrrrcrr<rZfiltered_responseZ _team_idsrZreturned_responsesrZ_team_membershipsrrr%Zteam_exceptionr^rr_ list_team st           rc sz#|d|}|jjIdH}|jjj||ddidIdH}||fWStyB}ztd|gdfWYd}~Sd}~ww)a5 Get paginated list of teams from team table Parameters: prisma_client: PrismaClient - The database client page_size: int - Number of teams per page page: int - Page number (1-based) Returns: Tuple[List[LiteLLM_TeamTable], int] - (list of teams, total count) rVNrpr)rrrz.[Non-Blocking] Error getting paginated teams: r)rrr rr rr)rrrrrrr%r^r^r_get_paginated_teams s   rz/team/filter/uiFr)rrZinclude_in_schema responsesz$Team alias in the request parameters2zNumber of items per pagec sddlm}|durtdddidz2|d|}i}|r%|d d |d <|r.|d d |d <|jjj|||d didIdH}|sCgWS|WSty\} z tddt| dd} ~ ww)a [PROXY-ADMIN ONLY] Filter teams based on partial match of team_id or team_alias with pagination. Args: user_id (Optional[str]): Partial user ID to search for user_email (Optional[str]): Partial email to search for page (int): Page number for pagination (starts at 1) page_size (int): Number of items per page (max 100) user_api_key_dict (UserAPIKeyAuth): User authentication information Returns: List[LiteLLM_SpendLogs]: Paginated list of matching user records rrGNrrrrrVrprrrprrrzError searching teams: )r rrrrrr r) rrprrrcrrrrr%r^r^r_ ui_view_teamss8 %    rrY new_modelscCs@|j}|durt|dkrtjjg}n|j}tt||}|S)z8 Add new models to a team's allowed model list. Nr)rrr+rrrr)rYrcurrent_modelsupdated_modelsr^r^r_add_new_models_to_teamRs  rz/team/model/addcsddlm}|durtdddid|jjjd|jid IdH}|dur1td dd |jidtdi|}|j t j j krXt ||d sXt||d IdHsXtd ddidt||jd}|jjjd|jid|idIdH}|S)a  Add models to a team's allowed model list. Only proxy admin or team admin can add models. Parameters: - team_id: str - Required. The team to add models to - models: List[str] - Required. List of models to add to the team Example Request: ``` curl --location 'http://0.0.0.0:4000/team/model/add' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "team_id": "team-1234", "models": ["gpt-4", "claude-2"] }' ``` rrGNrrrrrrr0r>rXr5Only proxy admin or team admin can modify team models)rYrrr,r^)r rrrrrrr rrr%rrr@r?rrr+)rarrcrr$rYrrmr^r^r_team_model_addcs>    rz/team/model/deletec sddlm}|durtdddid|jjjdjid IdH}|dur1td dd jidtdi|}|j t j j krXt ||d sXt||d IdHsXtd ddid|jp\g}fdd|D}|jjjdjid|idIdH}|S)a Remove models from a team's allowed model list. Only proxy admin or team admin can remove models. Parameters: - team_id: str - Required. The team to remove models from - models: List[str] - Required. List of models to remove from the team Example Request: ``` curl --location 'http://0.0.0.0:4000/team/model/delete' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "team_id": "team-1234", "models": ["gpt-4"] }' ``` rrGNrrrrrrr0r>rXrrcrr^)rr6r*r^r_r7sz%team_model_delete..rr,r^)r rrrrrrr rrr%rrr@r?rr+) rarrcrr$rYrrrmr^r*r_team_model_deletes@     rz/team/permissions_listc sddlm}m}m}|durtdddidt|||d|dd d IdH}tdi|}t|d r]|j t j j kr]t ||d s]t||d IdHs]t|j|d s]tdddd|jid|jdurgt|_t||jtdS)z4 Get the team member permissions for a team rrNrrrrFTrurrXrrrZr[)rteam_member_permissionsZall_available_permissionsr^)r rr<rrr<r rr\rr%rrr@r?rrrErrIZdefault_team_member_permissionsrRZ)get_all_available_team_member_permissions)rrcrr<rr'rr^r^r_rs\     rz/team/permissions_updatec sddlm}m}m}|durtdddidt|j||d|dd d IdH}tdi|}t |d r^|j t j j kr^t||d s^t||d IdHs^t|j|d s^tdddd|jid|jjjd|jid|jidIdH}|S)z7 Update the team member permissions for a team rrNrrrrFTrurrXrrrZr[rrr,r^)r rr<rrr<rr rr\rr%rrr@r?rrErrr+r) rarrcrr<rr'rrmr^r^r_update_team_member_permissions?sV       r/team/daily/activity)rr start_dateend_daterexclude_team_idsc sddlm} m} m} | durtddtjjid|r |dnd} d} |r/|r-|dnd} t |spt |j | d| |j | d d IdH}|durStd dd |j id| dur[|j} n| D]}||jvrotd dd |idq]i}| r|dt| i|d<| jjj|dIdH}dd|D}d}t |s| r|rd}|D] }tdi|}t||drd }n t||ddrd }nq|s| jjjd|j idIdH}dd|D}|sdg}|}|dur|dur|}t| dd| || ||||||d IdHS)a Get daily activity for specific teams or all teams. Args: team_ids (Optional[str]): Comma-separated list of team IDs to filter by. If not provided, returns data for all teams. start_date (Optional[str]): Start date for the activity period (YYYY-MM-DD). end_date (Optional[str]): End date for the activity period (YYYY-MM-DD). model (Optional[str]): Filter by model name. api_key (Optional[str]): Filter by API key. page (int): Page number for pagination. page_size (int): Number of items per page. exclude_team_ids (Optional[str]): Comma-separated list of team IDs to exclude. Returns: SpendAnalyticsPaginatedResponse: Paginated response containing daily activity data. rrNrrr,FT)rrrrrvr<rwr0zUser= {} not foundzGUser does not belong to Team= {}. Call `/user/info` to see user's teamsrrrcSsi|] }|jd|jiqS)rp)rrp)rtr^r^r_ sz+get_team_daily_activity..rXr)rcrYZ permissionrcSsg|]}|jr|jqSr^)r)rrr^r^r_r7sz+get_team_daily_activity..rZlitellm_dailyteamspend) rrZentity_id_fieldZ entity_idZentity_metadata_fieldZexclude_entity_idsrrrrrrr^)r rr<rrrr@rsplitrEr=rrvrErrrrrr rr@rBrrF)rrrrrrrrrcrr<rZ team_ids_listZexclude_team_ids_listrrZwhere_conditionZ team_aliasesZteam_alias_metadataZ user_api_keysZhas_full_team_viewrprYZ user_keysZfinal_api_key_filterr^r^r_get_team_daily_activitys          rr)rrV)rrrrrrtypingrrrrrr r Zfastapir r r rrrZpydanticrrZlitellm._loggingrZ litellm._uuidrZ*litellm.litellm_core_utils.safe_json_dumpsrrnrrrrrrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,r-r.r/r0r1r2r3r4r5r6r7r8r?r9r:r;r<r=Z$litellm.proxy.auth.user_api_key_authr>Z/litellm.proxy.management_endpoints.common_utilsr?r@rArBrCrDrEZ;litellm.proxy.management_endpoints.tag_management_endpointsrFZ8litellm.proxy.management_helpers.object_permission_utilsrGrHZ>litellm.proxy.management_helpers.team_member_permission_checksrIZ&litellm.proxy.management_helpers.utilsrJrKZlitellm.proxy.utilsrLrMZlitellm.routerrNZ>litellm.types.proxy.management_endpoints.common_daily_activityrOZ7litellm.types.proxy.management_endpoints.team_endpointsrPrQrRrSrTrUZrouterrVrrrrrrrrrrrpostr&rr)r-r2r1rFrBrDrKrLrWr^rerhrrtrxr{rrrrrrrrrrrwZQueryrrrrrrrrrrrrrrrrrrr^r^r^r_s $     & $            U  *  "    j  KW , $ 0 ^     4  D 9 " kg #  ' "   ;  -' 2  8     _[ "    E AFC >