[litellm-agent] Staging → litellm_internal_staging (5/11/2026)

[oss-pr-review-agent-shin]

Automated staging PR created by litellm-agent.

This branch collects PRs approved by the agent on 5/11/2026.

⚠️ Human review required before CI. Convert from draft to ready when you've reviewed the diff.

[oss-pr-review-agent-shin]

@greptile please review

[codecov]

Codecov Report

❌ Patch coverage is 93.33333% with 44 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
litellm/types/proxy/mavvrik_endpoints.py	86.76%	9 Missing ⚠️
litellm/integrations/mavvrik/exporter.py	89.47%	8 Missing ⚠️
litellm/integrations/mavvrik/orchestrator.py	91.95%	7 Missing ⚠️
litellm/integrations/mavvrik/uploader.py	92.63%	7 Missing ⚠️
litellm/proxy/spend_tracking/mavvrik_endpoints.py	92.85%	5 Missing ⚠️
litellm/ocr/main.py	0.00%	3 Missing ⚠️
litellm/litellm_core_utils/audio_utils/utils.py	84.61%	2 Missing ⚠️
.../proxy/pass_through_endpoints/streaming_handler.py	80.00%	2 Missing ⚠️
...oxy/pass_through_endpoints/anthropic_sse_filter.py	98.11%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[greptile-apps]

Greptile Summary

This staging PR merges the new Mavvrik cost-data integration (full export pipeline: settings, exporter, uploader, orchestrator, REST endpoints), security hardening that rejects bare str file inputs in audio/OCR/file-extraction helpers to prevent LFI via proxy request handlers, an AnthropicSSENoiseFilter that strips OpenRouter keep-alives and [DONE] terminators from Anthropic pass-through streams, and an extension of the Responses API bridge to handle reasoningSummary / reasoning_summary aliases for GPT-5 models.

• Mavvrik integration: Full export pipeline with encrypted credential storage, GCS resumable upload, APScheduler background job, and six admin REST endpoints. Two findings from the previous review round (exception details leaked via str(exc) in the 500 handler and Service() re-created per request) remain unaddressed in mavvrik_endpoints.py.
• Security hardening: extract_file_data, process_audio_file, calculate_request_duration, and convert_file_document_to_url_document now raise ValueError for bare str inputs, with pathlib.Path preserved for SDK callers. Corresponding tests updated correctly.
• Reasoning-summary bridge: peek_reasoning_summary_aliases / strip_reasoning_summary_aliases_from_optional_params use key-membership checks to preserve falsy values; the elif cleanup path correctly strips aliases for non-bridged GPT-5 chat calls.

Confidence Score: 4/5

Safe to merge with awareness that two open issues in mavvrik_endpoints.py from the previous round are still present.

The Mavvrik endpoints handler still forwards raw exception messages (including potential DB connection strings) to HTTP clients, and creates a fresh Service object on every admin request. Both were flagged in the prior review and remain in the code. The rest of the change — security hardening for file input paths, the SSE noise filter, the reasoning-summary bridge extension — is well-implemented and has good test coverage.

litellm/proxy/spend_tracking/mavvrik_endpoints.py — exception detail leakage and per-request Service instantiation remain from the previous review.

Important Files Changed

Filename	Overview
litellm/proxy/spend_tracking/mavvrik_endpoints.py	New FastAPI admin endpoints; the base Exception handler leaks internal details via str(exc) and a new Service() is created on every request — both flagged in previous review and still unaddressed.
litellm/integrations/mavvrik/init.py	New Mavvrik integration Service facade; core logic is sound, though delete() silently swallows all exceptions (noted in previous review).
litellm/integrations/mavvrik/uploader.py	GCS resumable upload logic is well-structured; _stream_upload correctly cancels open sessions on failure, but upload() does not cancel the session if _finalize_upload fails after a successful _initiate_resumable_upload.
litellm/proxy/proxy_server.py	Mavvrik background job startup code duplicates credential extraction and Client/Orchestrator construction already in Service.initialize(); the _build_client() helper goes unused in this path.
litellm/proxy/pass_through_endpoints/anthropic_sse_filter.py	New chunk-boundary-safe filter for Anthropic SSE noise; _is_noise_event logic and _find_separator correctly handle CRLF/LF separators and mixed-separator streams.
litellm/proxy/pass_through_endpoints/streaming_handler.py	AnthropicSSENoiseFilter correctly integrated; flush() tail bytes are yielded to the client but not appended to raw_bytes, so they are absent from post-stream logging (only matters for malformed streams).
litellm/main.py	Responses API bridge extended to handle reasoning_summary aliases; peek/strip helpers preserve falsy values via key-membership checks, and the elif cleanup path correctly strips aliases for non-bridged GPT-5 chat calls.
litellm/litellm_core_utils/audio_utils/utils.py	Security hardening: bare str inputs now raise ValueError instead of being opened as file paths, preventing LFI in proxy request handlers. PathLike branch preserved for SDK convenience.

_{Reviews (3): Last reviewed commit: "chore: reject bare str at file-input sin..." | Re-trigger Greptile}

[greptile-apps]

Silent swallowing of all exceptions during DB deletion returns false success

The bare except Exception: pass is intentional for env-var-only deployments (where no DB row exists), but it also silently absorbs genuine transient failures — network errors, Prisma constraint violations, or permission issues — and returns "status": "success" to the caller. The user thinks the integration was torn down when in fact the LiteLLM_Config row still exists and the background job will restart on the next proxy boot. Only the LookupError (no row) case warrants silent suppression; other exceptions should be re-raised so the caller sees the actual failure.

[oss-pr-review-agent-shin]

@greptile please review

[oss-pr-review-agent-shin]

@greptile please review

[greptile-apps]

Want your agent to iterate on Greptile's feedback? Try greploops.