o ưi@sddZddlmZmZddlZddlmZmZmZmZddl Z ddl m Z ddl Tddl mZddlmZdd lmZmZdd lmZdd lmZeZejd d geegddejdd geegddefddZejdd geegddejdd geegddefddZdedeefddZde dee!de ddfdd Z"ejd!d gdeegd"ejd#d geegdeefded$e#fd%d&Z$ej%d'd geege!d(ej%d)d gdeegd"ej&d*d+fd,e'fd-d.Z(ejd/d geegdejd0d gdeegd"eefde)d$e#fd1d2Z*ejd3d geegdejd4d gdeegd"eefde+d$e#fd5d6Z,ej%d7d geegee!d(ej%d8d gdeegd"eefd9ed$e#fd:d;Z-ej%dd?deef d@ee'dAee'dBee'dCee'dDee'dEe.dFe.dGee'd$e#fdHdIZ/dS)Jz} CUSTOMER MANAGEMENT All /customer management endpoints /customer/new /customer/info /customer/update /customer/delete )ListOptionalN) APIRouterDepends HTTPExceptionRequest)verbose_proxy_logger)*)user_api_key_auth)get_daily_activity)_set_object_permission&handle_update_object_permission_common)handle_exception_on_proxy)SpendAnalyticsPaginatedResponsez/end_user/blockzCustomer ManagementF)tags dependenciesinclude_in_schemaz/customer/block)rrdatac sddlm}z5g}|dur0|jD]}|jjjd|i|ddddidd IdH}||qntd d d id d|iWSty\}zt dt |td d t |id d}~ww)a [BETA] Reject calls with this end-user id Parameters: - user_ids (List[str], required): The unique `user_id`s for the users to block (any /chat/completion call with this user={end-user-id} param, will be rejected.) ``` curl -X POST "http://0.0.0.0:8000/user/block" -H "Authorization: Bearer sk-1234" -d '{ "user_ids": [, ...] }' ``` r prisma_clientNuser_idT)rblockedr)createupdatewherererrorzPostgres DB Not connected status_codedetail blocked_userszAn error occurred - ) litellm.proxy.proxy_serverruser_idsdblitellm_endusertableZupsertappendr Exceptionrrstr)rrrecordsidrecorder-l/home/app/Keep/.python/lib/python3.10/site-packages/litellm/proxy/management_endpoints/customer_endpoints.py block_user!s0     r/z/end_user/unblockz/customer/unblockcszddlmWntytdddtjjidwtfddtj Dr.tj d ur6tdddidt tj t rI|j D]}tj |q?ntd dd idd tj iS) z [BETA] Unblock calls with this user id Example ``` curl -X POST "http://0.0.0.0:8000/user/unblock" -H "Authorization: Bearer sk-1234" -d '{ "user_ids": [, ...] }' ``` r_ENTERPRISE_BlockedUserListrz:Blocked user check was never set. This call has no effect.rc3s|]}t|VqdS)N) isinstance).0xr0r-r. |szunblock_user..NrzF`blocked_user_list` must be set as a list. Filepaths can't be updated.r!)Z-enterprise.enterprise_hooks.blocked_user_listr1 ImportErrorrCommonProxyErrorsZ!missing_enterprise_package_dockervalueanylitellm callbacksZblocked_user_listr3listr#remove)rr*r-r0r. unblock_userWs<      r?returncCsTtj}i}|D]}|dkrq t||d}|dur|||<q |r(tdi|SdS)zE Return a new budget object if new budget params are passed. budget_idNr-)BudgetNewRequest model_fieldskeysgetattr)rZ budget_paramsZbudget_kv_pairs field_namer9r-r-r.new_budget_requests  rGnon_default_valuesend_user_table_data_typedupdate_end_user_table_datacsLd|vr"|dur |jnd}t|||dIdH}|dur$||d<dSdSdS)a Handle object permission updates for customer endpoints. Updates the update_end_user_table_data dict in place with the new object_permission_id. Args: non_default_values: Dictionary containing the update values including object_permission end_user_table_data_typed: Existing end user table data update_end_user_table_data: Dictionary to update with new object_permission_id prisma_client: Prisma database client object_permissionN) data_jsonexisting_object_permission_idrobject_permission_id)rNr )rHrIrJrrMrNr-r-r.)_handle_customer_object_permission_updates   rOz /end_user/new)rrrz /customer/newuser_api_key_dictc sH ddlm}m}m}|durtddtjjidz|jdurF|dur.tddtj jid|j| vrFtddd |jt | idi}t |}|durz|jjji|jd d |jp`||jpd|d d IdH}Wnty}z tddt|idd}~ww|j|d <n |jdur|j|d <|jd d} | D]\} } | tjvr| || <qt||dIdH}d|vrtd|d|dd|jj j|d d ddIdH} | } | drdD] }| d|dq| WSty#}z"t!d t|dt|vrt"d|jdddddt#|d}~ww)aF Allow creating a new Customer Parameters: - user_id: str - The unique identifier for the user. - alias: Optional[str] - A human-friendly alias for the user. - blocked: bool - Flag to allow or disallow requests for this end-user. Default is False. - max_budget: Optional[float] - The maximum budget allocated to the user. Either 'max_budget' or 'budget_id' should be provided, not both. - budget_id: Optional[str] - The identifier for an existing budget allocated to the user. Either 'max_budget' or 'budget_id' should be provided, not both. - allowed_model_region: Optional[Union[Literal["eu"], Literal["us"]]] - Require all user requests to use models in this specific region. - default_model: Optional[str] - If no equivalent model in the allowed region, default all requests to this model. - metadata: Optional[dict] = Metadata for customer, store information for customer. Example metadata = {"data_training_opt_out": True} - budget_duration: Optional[str] - Budget is reset at the end of specified duration. If not set, budget is never reset. You can set duration as seconds ("30s"), minutes ("30m"), hours ("30h"), days ("30d"). - tpm_limit: Optional[int] - [Not Implemented Yet] Specify tpm limit for a given customer (Tokens per minute) - rpm_limit: Optional[int] - [Not Implemented Yet] Specify rpm limit for a given customer (Requests per minute) - model_max_budget: Optional[dict] - [Not Implemented Yet] Specify max budget for a given model. Example: {"openai/gpt-4o-mini": {"max_budget": 100.0, "budget_duration": "1d"}} - max_parallel_requests: Optional[int] - [Not Implemented Yet] Specify max parallel requests for a given customer. - soft_budget: Optional[float] - [Not Implemented Yet] Get alerts when customer crosses given budget, doesn't block requests. - spend: Optional[float] - Specify initial spend for a given customer. - budget_reset_at: Optional[str] - Specify the date and time when the budget should be reset. - object_permission: Optional[LiteLLM_ObjectPermissionBase] - Customer-specific object permissions to control access to resources. Supported fields: * mcp_servers: List[str] - List of allowed MCP server IDs * mcp_access_groups: List[str] - List of MCP access group names * mcp_tool_permissions: Dict[str, List[str]] - Map of server ID to allowed tool names (e.g., {"server_1": ["tool_a", "tool_b"]}) * vector_stores: List[str] - List of allowed vector store IDs * agents: List[str] - List of allowed agent IDs * agent_access_groups: List[str] - List of agent access group names Example: {"mcp_servers": ["server_1", "server_2"], "vector_stores": ["vector_store_1"], "agents": ["agent_1"]} IF null or {} then no object-level restrictions apply. - Allow specifying allowed regions - Allow specifying default model Example curl: ``` curl --location 'http://0.0.0.0:4000/customer/new' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "user_id" : "ishaan-jaff-3", "allowed_region": "eu", "budget_id": "free_tier", "default_model": "azure/gpt-3.5-turbo-eu" }' # With object permissions curl -L -X POST 'http://localhost:4000/customer/new' -H 'Authorization: Bearer sk-1234' -H 'Content-Type: application/json' -d '{ "user_id": "user_1", "object_permission": { "mcp_servers": ["server_1"], "mcp_access_groups": ["public_group"], "vector_stores": ["vector_store_1"] } }' # return end-user object ``` NOTE: This used to be called `/end_user/new`, we will still be maintaining compatibility for /end_user/XXX for these endpoints r)litellm_proxy_admin_name llm_routerrNrrrizmDefault Model not on proxy. Configure via `/model/new` or config.yaml. Default_model={}, proxy_model_names={}T)Z exclude_unsetZ created_byZ updated_by)rrAZ exclude_none)rLrrKzJobject_permission still in new_end_user_obj after _set_object_permission: litellm_budget_tablerKrincludeZteamsZverification_tokensZ organizationsZusers end_usersz\litellm.proxy.management_endpoints.customer_endpoints.new_end_user(): Exception occured - {}z3Unique constraint failed on the fields: (`user_id`)z(Customer already exists, passed user_id=z. Please pass a new user_id. bad_requestr2rmessagetypecodeparam)$r"rQrRrrr8db_not_connected_errorr9Z default_modelZ no_llm_routerZget_model_namesformatsetrGr$litellm_budgettabler model_dumprr'r(rAdictitemsrBrCrDr rwarninggetpopr% exceptionProxyExceptionr)rrPrQrRrZnew_end_user_objZ _new_budgetZ budget_recordr,Z _user_datakvZend_user_record response_dictfieldr-r-r. new_end_usersQ               rqz/customer/info)rrZresponse_modelz/end_user/infoz%End User ID in the request parameters) description end_user_idc szOddlm}|durtddtjjid|jjjd|iddd d IdH}|dur6t d |d d dd|j dd}| drNdD] }|d |dqC|WStyj}ztd t|t|d}~ww)ae Get information about an end-user. An `end_user` is a customer (external user) of the proxy. Parameters: - end_user_id (str, required): The unique identifier for the end-user Example curl: ``` curl -X GET 'http://localhost:4000/customer/info?end_user_id=test-litellm-user-4' -H 'Authorization: Bearer sk-1234' ``` rrNrrrrTrUrrX#End User Id={} does not exist in db not_foundrsr\rTrKrYz]litellm.proxy.management_endpoints.customer_endpoints.end_user_info(): Exception occured - {})r"rrr8rar9r$r% find_firstrlrbrerirjr'rrkr(r)rsrZ user_infororpr,r-r-r. end_user_infos@     ryz/customer/updatez/end_user/updatec sddlm}m}z?|}|durtdi}|D]\}}|dur0|gidfvr0|||<q|jjjd|j iddidIdH}|durRt d |j d d dd t di| } | j} i} i} |D]$\}}|d krs|| |<qf|tjvr|| |<qf|t jvr|| |<qft|| | |dIdH| r| dur|jjji| |j p||j p|dddidIdH} | j| d <n|jjjd | ji| dIdH} td|d| vrtd| d| dd|j durBt|j dkrB|j | d<td|jjjd|j i| ddddIdH}|durtd|j td|| }|dr?dD] }|d|dq3|WStd|j tyd}ztd t|t |d}~ww)a Example curl Parameters: - user_id: str - alias: Optional[str] = None # human-friendly alias - blocked: bool = False # allow/disallow requests for this end-user - max_budget: Optional[float] = None - budget_id: Optional[str] = None # give either a budget_id or max_budget - allowed_model_region: Optional[AllowedModelRegion] = ( None # require all user requests to use models in this specific region ) - default_model: Optional[str] = ( None # if no equivalent model in allowed region - default all requests to this model ) - object_permission: Optional[LiteLLM_ObjectPermissionBase] - Customer-specific object permissions to control access to resources. Supported fields: * mcp_servers: List[str] - List of allowed MCP server IDs * mcp_access_groups: List[str] - List of MCP access group names * mcp_tool_permissions: Dict[str, List[str]] - Map of server ID to allowed tool names * vector_stores: List[str] - List of allowed vector store IDs * agents: List[str] - List of allowed agent IDs * agent_access_groups: List[str] - List of agent access group names Example: {"mcp_servers": ["server_1"], "vector_stores": ["vector_store_1"]} IF null or {} then no object-level restrictions apply. Example curl: ``` curl --location 'http://0.0.0.0:4000/customer/update' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "user_id": "test-litellm-user-4", "budget_id": "paid_tier" }' # Updating object permissions curl -L -X POST 'http://localhost:4000/customer/update' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "user_id": "user_1", "object_permission": { "mcp_servers": ["server_3"], "vector_stores": ["vector_store_2", "vector_store_3"] } }' See below for all params ``` r)rQrNNot connected to DB!rrVTrtrurvrwr\rA)rHrIrJrrSrZrWrz$/customer/update: Received data = %srKz7object_permission still in update_end_user_table_data: z,In update customer, user_id condition block.rU)rrrXzEFailed updating customer data. User ID does not exist passed user_id=8received response from updating prisma client. response=rY&user_id is required, passed user_id = zDlitellm.proxy.proxy_server.update_end_user(): Exception occured - {}r-)!r"rQrjsonr'rgr$r%rxrrlrbLiteLLM_EndUserTablererVZLiteLLM_BudgetTablerCrDrOrdrrArrdebugrhrirjlen ValueErrorrkr(r)rrPrQrrLrHrmrnZend_user_table_datarIZend_user_budget_tableZbudget_table_datarJZbudget_table_data_recordresponserorpr,r-r-r.update_end_usersC               rz/customer/deletez/end_user/deletec s<ddlm}z||durtdtd||jdur|t|jtr|t|jdkr||j j j dd|jiidIdH}d d |Dfd d |jD}|rYt d d|dddd|j j jdd|jiidIdH}td||dt|jdWStd|jty}ztd t|t|d}~ww)a Delete multiple end-users. Parameters: - user_ids (List[str], required): The unique `user_id`s for the users to delete Example curl: ``` curl --location 'http://0.0.0.0:4000/customer/delete' --header 'Authorization: Bearer sk-1234' --header 'Content-Type: application/json' --data '{ "user_ids" :["ishaan-jaff-5"] }' See below for all params ``` rrNrzz$/customer/delete: Received data = %srinrcSsh|]}|jqSr-)r)r4userr-r-r. sz"delete_end_user..csg|]}|vr|qSr-r-)r4rZexisting_user_idsr-r. sz#delete_end_user..z$End User Id(s)={} do not exist in dbz, rvrwr#r\r{z)Successfully deleted customers with ids: )Zdeleted_customersr]r|zDlitellm.proxy.proxy_server.delete_end_user(): Exception occured - {})r"rr'rrr#r3r=rr$r% find_manyrlrbjoinZ delete_manyr(rrr)rrPrZexisting_usersZmissing_user_idsrr,r-rr.delete_end_users^ !        rz/customer/listz/end_user/list http_requestc szdddlm}|jtjkr |jtjkr tddd|jid|dur.tddtj j id|j j j d d d d IdH}g}|D]"}|}|d rXd D] }|d |dqM|tdi|q@|WSty}ztdt|t|d}~ww)z [Admin-only] List all available customers Example curl: ``` curl --location --request GET 'http://0.0.0.0:4000/customer/list' --header 'Authorization: Bearer sk-1234' ``` rrirz&Admin-only endpoint. Your user role={}rNr2TrU)rXrKrYz]litellm.proxy.management_endpoints.customer_endpoints.list_end_user(): Exception occured - {}r-)r"rZ user_roleZLitellmUserRolesZ PROXY_ADMINZPROXY_ADMIN_VIEW_ONLYrrbr8rar9r$r%rrerirjr&r~r'rrkr(r) rrPrrZreturned_responseitemZ item_dictrpr,r-r-r. list_end_usersJ       rz/customer/daily/activityz/end_user/daily/activity end_user_ids start_dateend_datemodelapi_keypage page_sizeexclude_end_user_idsc sddlm} | durtddtjjid|r|dnd} d} |r+|r)|dnd} i} | r7dt| i| d <| jj j | d IdH} d d | D}t | d d| || ||||||d IdHS)zX Get daily activity for specific organizations or all accessible organizations. rrNrrr,rrrcSsi|] }|jd|jiqS)alias)rr)r4r,r-r-r. ds z/get_customer_daily_activity..Zlitellm_dailyenduserspendrs) rZ table_nameZentity_id_fieldZ entity_idZentity_metadata_fieldZexclude_entity_idsrrrrrr) r"rrr8rar9splitr=r$r%rr )rrrrrrrrrPrZend_user_ids_listZexclude_end_user_ids_listZwhere_conditionZend_user_aliasesZend_user_alias_metadatar-r-r.get_customer_daily_activity1sF    r)0__doc__typingrrZfastapirrrrr;Zlitellm._loggingrZlitellm.proxy._typesZ$litellm.proxy.auth.user_api_key_authr Z8litellm.proxy.management_endpoints.common_daily_activityr Z8litellm.proxy.management_helpers.object_permission_utilsr r Zlitellm.proxy.utilsrZ>litellm.types.proxy.management_endpoints.common_daily_activityrZrouterpostZ BlockUsersr/r?ZNewCustomerRequestrBrGrfr~rOZUserAPIKeyAuthrqriZQueryr(ryZUpdateCustomerRequestrZDeleteCustomerRequestrrintrr-r-r-r.s`      +2  37AM: