feat(bedrock_mantle): Add support for native Responses API route

[Sameerlite]

Summary

• Add BedrockMantleResponsesAPIConfig so litellm.responses() and proxy /v1/responses call Bedrock Mantle's native /openai/v1/responses instead of falling back to chat completions.
• Fix default bedrock_mantle api_base from .../v1 to .../openai/v1 (chat and responses).

Test plan

• poetry run pytest tests/test_litellm/llms/bedrock_mantle/test_bedrock_mantle_transformation.py -q
• Proxy /v1/responses with bedrock_mantle/<model> logs https://bedrock-mantle.{region}.api.aws/openai/v1/responses

Fixes #29463

[greptile-apps]

Greptile Summary

This PR adds native Responses API support for the Bedrock Mantle provider by introducing BedrockMantleResponsesAPIConfig, and fixes the default API base URL from .../v1 to .../openai/v1 for both chat and responses routes.

• Adds BedrockMantleResponsesAPIConfig (inheriting from OpenAIResponsesAPIConfig) with a get_complete_url that maps various api_base suffix patterns to the correct /openai/v1/responses endpoint, and registers it in ProviderConfigManager, __init__.py, and the lazy-imports registry.
• Corrects the default BedrockMantleChatConfig base URL from .../v1 to .../openai/v1, updating all related tests to reflect the new default.

Confidence Score: 4/5

Safe to merge once the /v1-suffix routing in get_complete_url is confirmed or corrected.

The bare-host and standard-path cases are correctly handled and tested. However, when BEDROCK_MANTLE_API_BASE ends with /v1 (the old default format), the responses URL resolves to {base}/responses rather than {base}/../openai/v1/responses, which would 404 on Bedrock Mantle's Responses endpoint. This affects any user who still has the old-style API base set and attempts to use the responses route.

litellm/llms/bedrock_mantle/responses/transformation.py — specifically the /v1 suffix branch in get_complete_url.

Important Files Changed

Filename	Overview
litellm/llms/bedrock_mantle/responses/transformation.py	New Responses API config; URL-routing logic for the /v1 suffix case produces an incorrect endpoint for Bedrock Mantle.
litellm/llms/bedrock_mantle/chat/transformation.py	Corrects default API base from /v1 to /openai/v1; straightforward and safe.
litellm/utils.py	Registers BedrockMantleResponsesAPIConfig with ProviderConfigManager; minimal and correct.
tests/test_litellm/llms/bedrock_mantle/test_bedrock_mantle_transformation.py	Adds mock-only tests for responses config; covers default and bare-host cases, but misses the /v1-suffixed API base scenario.

_{Reviews (2): Last reviewed commit: "fix(bedrock_mantle): correct responses U..." | Re-trigger Greptile}

[codecov]

Codecov Report

❌ Patch coverage is 67.74194% with 10 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
...lm/llms/bedrock_mantle/responses/transformation.py	65.51%	10 Missing ⚠️

📢 Thoughts on this report? Let us know!

[Sameerlite]

@greptileai addressed both review points: fixed bare-host Bedrock Mantle Responses URL fallback to include /openai/v1 and removed the unreachable api_base guard. Added a regression test for bare BEDROCK_MANTLE_API_BASE.

[greptile-apps]

/v1 fallback produces wrong Bedrock Mantle URL

When BEDROCK_MANTLE_API_BASE is set to a URL ending in /v1 (e.g. https://bedrock-mantle.us-east-1.api.aws/v1 — the old default format before this PR's fix), get_complete_url returns {base}/responses instead of the correct /openai/v1/responses path. The Bedrock Mantle Responses endpoint lives at /openai/v1/responses, so any user whose BEDROCK_MANTLE_API_BASE still carries the old /v1 suffix will receive a 404 when calling responses. A dedicated test for this case (api_base ending in /v1) is also missing.

[veria-ai]

High: Bedrock Mantle key can be sent to caller-controlled api_base

An authenticated proxy caller can POST to /v1/responses with a Bedrock Mantle model and an api_base pointing at their server while omitting api_key. validate_environment() still attaches BEDROCK_MANTLE_API_KEY, and this URL builder sends the request to the caller's host, exposing the provider bearer token. Only use operator-configured base URLs when using the environment credential, or require/allowlist per-request api_base before attaching the proxy's Bedrock Mantle key.

[veria-ai]

PR overview

This PR adds native Bedrock Mantle support for the Responses API route, including transformation logic for handling /v1/responses requests. It appears to extend the provider integration so Bedrock Mantle models can be used through that API path.

There is one open security issue with a clear credential-exposure impact: an authenticated proxy caller can influence the request base URL while the proxy attaches the operator-configured Bedrock Mantle API key. That could send the provider bearer token to a caller-controlled host if not constrained. No issues have been fixed yet, so the PR still carries a significant open security risk.

Open issues (1)

• High: Bedrock Mantle key can be sent to caller-controlled api_base — litellm/llms/bedrock_mantle/responses/transformation.py:45

Fixed/addressed: 0 · PR risk: 8/10