chore(release): backport #30380, #30503, #30558, #30130, #30588, #30495, #30690 to stable/1.89.x and cut 1.89.2

[yuneng-berri]

Relevant issues

Backports seven already-merged fixes onto stable/1.89.x and cuts 1.89.2. The tip of the line, 1.89.1, has already been released, so this PR carries the next patch bump. Every commit is a git cherry-pick -x of the corresponding staging squash; the only non-pick commits are the version bump and the uv.lock refresh.

What is included, in merge order:

• fix(otel): record full error message on standard exception event in otel v2 #30380 fix(otel): record the full error message on the standard exception event in otel v2, so backends that dynamic-map unknown fields stop truncating it
• fix(proxy): allow internal roles to access vector store CRUD routes #30503 fix(proxy): classify the bare /vector_stores/{vector_store_id} and /v1/vector_stores/{vector_store_id} routes as LLM API routes so internal user and internal viewer roles can retrieve, update, and delete vector stores, consistent with search
• fix(anthropic): price and surface response service_tier in cost tracking #30558 fix(anthropic): read service_tier off the Anthropic response usage, surface it in the usage block, and price tier-specific costs through the anthropic cost path
• feat: add opt-in healthy_only filter to GET /v1/models #30130 feat: add the opt-in healthy_only filter to GET /v1/models; included here as the prerequisite for fix(proxy): list public team model name in /v1/models #30588, which calls Router.async_get_fully_unhealthy_model_names introduced by this PR. Without it, GET /v1/models/{id}?healthy_only=true would raise an AttributeError on this line. See the provenance note below
• fix(proxy): list public team model name in /v1/models #30588 fix(proxy): surface the public team model name in /v1/models and /v1/models/{id} for team-scoped (BYOK) deployments, while routing and metadata lookups stay on the internal key
• fix(proxy): resolve list files credentials from team BYOK deployments #30495 fix(proxy): resolve list-files credentials from the team's own BYOK deployment for GET /v1/files, scoped to the team allowlist, instead of falling back to shared global provider keys
• fix(cost): stop non-string service_tier from silently dropping cost tracking #30690 fix(cost): coerce a non-string service_tier to None in completion_cost so a dict/int/list value can no longer raise AttributeError and silently drop cost tracking; builds on fix(anthropic): price and surface response service_tier in cost tracking #30558 and sits on top of it

Plus bump: version 1.89.1 -> 1.89.2 and chore: refresh uv.lock for 1.89.2.

Linear ticket

N/A

Pre-Submission checklist

• I have added meaningful tests
• My PR passes all unit tests
• My PR's scope is as isolated as possible; it only solves 1 specific problem
• I have requested a Greptile review

Screenshots / Proof of Fix

All run against a live proxy on this branch (worktree loads the picked 1.89.x source). Targeted unit tests for every picked PR, run as a delta against the line baseline: the targeted files on stable/1.89.x before any pick were 760 passed and test_router.py was 91 passed (851 total, 0 failed); after the seven picks the full set, including the new test_model_list_healthy_only.py, is 908 passed / 2 skipped / 0 failed. Zero new failures.

#30130 / #30588 prerequisite -- GET /v1/models/{id}?healthy_only=true no longer raises AttributeError, driven against the real endpoint function with a real Router:

model_info(healthy_only=True) -> OK, id= gpt-x   (no AttributeError; the method async_get_fully_unhealthy_model_names is defined by #30130)

#30558 -- Anthropic response surfaces service_tier and tracks cost:

curl -s -D - "http://localhost:4001/v1/chat/completions" -H "Authorization: Bearer $KEY" -H "Content-Type: application/json" \
  -d '{"model":"claude-haiku-4-5","messages":[{"role":"user","content":"say ok"}],"max_tokens":5}'
# content= ok
# usage.service_tier= standard
# x-litellm-response-cost: 2.9e-05

#30503 -- internal_user role reaches the vector store retrieve handler (auth allowed) while still blocked on an admin route:

# internal_user key created via /key/generate {"user_role":"internal_user"}
curl -s -o - -w "\nHTTP %{http_code}\n" "http://localhost:4001/v1/vector_stores/vs_demo123" -H "Authorization: Bearer $IUKEY"
# {"error":{"message":"No vector store found with id 'vs_demo123'."...}}  HTTP 200   (auth passed; before the fix this route was not classified as an LLM API route)
curl -s -o /dev/null -w "HTTP %{http_code}\n" -X POST "http://localhost:4001/global/spend/reset" -H "Authorization: Bearer $IUKEY"
# HTTP 401   (admin route stays blocked for the same key)

#30690 -- the non-string service_tier guard is a cost-calculation path: real providers reject a dict service_tier at the API boundary (Anthropic returns "service_tier: Input should be 'auto' or 'standard_only'"), so the regression is exercised by the added unit test that drives a dict service_tier straight through completion_cost (raises AttributeError before the fix, prices at the served tier after). That test passes in the post-pick run.

#30380, #30495 are proven by their added unit tests in the same 908-passed delta (otel telemetry, and team BYOK file-credential resolution, need specific backend/team wiring to show live; their behaviour is covered by the picked tests).

Gauntlet (behavioral, deep, universal): SURVIVED. All three sub-claims held: every referenced identifier resolves (including Router.async_get_fully_unhealthy_model_names from #30130, so model_info(healthy_only=True) returns cleanly), every added test passes as a delta with zero new failures, and no existing caller of a modified function breaks. Zero verdict-flipping findings. The run surfaced one pre-existing condition for transparency: a non-string service_tier carried on the response usage object (not request optional_params) can still raise in _get_service_tier_cost_key; this was verified to predate all seven picks on stable/1.89.x, so it is upstream-equivalent and not introduced by this backport, and it sits outside #30690's request-side scope.

Type

🐛 Bug Fix

Changes

Seven cherry-picks (five verbatim, two adapted) plus the bump and lock. #30130 is the prerequisite for #30588 and carries a provenance note; the two adapted picks differ from staging only in test-file context drift from intermediate staging commits not on this line, never in a pick's own logic.

Provenance note -- #30130

#30130 merged to an oss-staging branch (litellm_oss_110626); its merge commit is not directly reachable from litellm_internal_staging (its content reached internal staging via an aggregator squash). The discrete oss commit was cherry-picked and content-verified against internal staging: Router.async_get_fully_unhealthy_model_names is byte-identical to staging, and test_model_list_healthy_only.py is the same blob. Runtime closure was confirmed on the branch: the method resolves on a real Router and model_info(healthy_only=True) returns cleanly.

Adaptation notes

#30558: in test_spend_management_endpoints.py the ignored_keys conflict was resolved by adding only #30558's own metadata.additional_usage_values.service_tier entry and dropping the neighbouring ...iterations entry, which is not part of #30558 and whose handling does not exist in this line's anthropic transformation. All source hunks applied verbatim.

#30588: applied verbatim once #30130 precedes it (the prior blocked_names vs hidden_names divergence was entirely an artifact of the missing prerequisite).

#30495: in test_files_endpoint.py the 5 new test_list_files_* functions were kept verbatim and re-anchored after this line's actual last test; the 5 staging-only test_require_managed_files_* functions the merge pulled into the conflict (added to staging by an unpicked PR, absent here) were dropped. Both source files applied verbatim and all router-method dependencies resolve on this line.

Known noise on this line

The targeted baseline on stable/1.89.x was clean (851 passed / 0 failed across the existing files), so there is no pre-existing red to discount. One pre-existing ruff PLR0915 in litellm/types/utils.py (a long __init__ untouched by these picks) is present on the line before and after; the picks add no new lint violations.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
4 out of 6 committers have signed the CLA.

✅ shivamrawat1
✅ yuneng-berri
✅ mateo-berri
✅ nix-tkobayashi
❌ yassin-berriai
❌ ishaan-berri
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[greptile-apps]

Greptile Summary

This is a well-structured stable-branch backport that cherry-picks seven already-merged fixes onto stable/1.89.x and cuts 1.89.2. Each pick is narrowly scoped to its declared fix, tested with mock-only unit tests, and verified against the live proxy.

• Cost/pricing fixes (fix(anthropic): price and surface response service_tier in cost tracking #30558, fix(cost): stop non-string service_tier from silently dropping cost tracking #30690): service_tier is now read from the Anthropic response usage block and threaded through anthropic_cost_per_token; a prior-stage guard in completion_cost coerces non-string or "auto" values to None before pricing, preventing AttributeError from dict/int tier values on the response.
• Model listing (feat: add opt-in healthy_only filter to GET /v1/models #30130, fix(proxy): list public team model name in /v1/models #30588): GET /v1/models and GET /v1/models/{id} now surface the public team_public_model_name for BYOK team deployments (with a backward-compat opt-out flag), and support the new ?healthy_only=true filter backed by Router.async_get_fully_unhealthy_model_names. Hidden names are computed once as blocked_names | unhealthy_names and applied identically in both the expand-scope and normal listing paths.
• Auth/credentials fixes (fix(proxy): allow internal roles to access vector store CRUD routes #30503, fix(proxy): resolve list files credentials from team BYOK deployments #30495): Bare /v1/vector_stores/{vector_store_id} routes are added to the LLM API route set so internal roles can reach CRUD operations; GET /v1/files now resolves credentials from the team's own BYOK deployment (scoped to the team's allowlist) rather than falling back to shared global provider keys.

Confidence Score: 5/5

Safe to merge — all seven cherry-picks are narrowly scoped bugfixes, each backed by dedicated mock-only unit tests, with zero new failures in the 908-test delta run.

Every changed code path has a direct test. The service_tier coercion guard, vector store route classification, team-name translation, healthy_only filter, and BYOK credential resolution all follow the existing codebase conventions and are well-isolated. No backwards-incompatible changes, no new DB queries in the critical path, and no FastAPI imports outside the proxy directory. health_state_cache is always initialized in Router.init so async_get_fully_unhealthy_model_names cannot raise AttributeError. The team_id query parameter added to model_info is secured by validate_membership when the database is present, and has no access-expansion effect when it is not.

No files require special attention.

Important Files Changed

Filename	Overview
litellm/cost_calculator.py	Adds service_tier passthrough to anthropic_cost_per_token and guards non-string/auto service_tier values with a null coercion before pricing; logic is correct and well-tested.
litellm/integrations/otel/emitter.py	Adds a standard OTel exception event so backends don't truncate error messages via dynamic keyword mapping; clean additive change.
litellm/proxy/proxy_server.py	Adds healthy_only filter and team-public-model-name translation to /v1/models and /v1/models/{id}; logic is correct, membership check on team_id is properly guarded by DB availability.
litellm/proxy/common_utils/model_listing_utils.py	New TeamModelNameTranslator utility mapping internal routing keys to public team names; stateless, well-tested, includes backward-compat opt-out flag.
litellm/proxy/openai_files_endpoints/common_utils.py	Adds get_team_provider_credentials that resolves BYOK credentials scoped to the team's allowlist; priority order (own BYOK → team-accessible) is correct and access is gated to team models.
litellm/router.py	Adds async_get_fully_unhealthy_model_names; correctly uses health_state_cache (always initialized in init), aggregates both model_name and team_public_model_name, fails open when no health state exists.
litellm/proxy/_types.py	Adds /vector_stores/{vector_store_id} and /v1/vector_stores/{vector_store_id} to LLM API routes so internal roles can reach CRUD operations.

_{Reviews (2): Last reviewed commit: "chore: refresh uv.lock for 1.89.2" | Re-trigger Greptile}

[greptile-apps]

build_internal_to_public_map (which calls llm_router.get_model_list()) is invoked twice on every GET /v1/models/{id} request: once explicitly to populate internal_to_public, and again inside resolve_public_name. You can pass the already-built map into resolve_public_name to avoid the redundant traversal, or simply reuse the first map to drive the public-name lookup directly.

Suggested change

	internal_to_public = TeamModelNameTranslator.build_internal_to_public_map(
	llm_router, settings
	)
	resolved_model_id = TeamModelNameTranslator.resolve_public_name(
	model_id=model_id,
	available_models=all_models,
	llm_router=llm_router,
	general_settings=settings,
	)
	internal_to_public = TeamModelNameTranslator.build_internal_to_public_map(
	llm_router, settings
	)
	# Re-use the already-built map instead of rebuilding it inside resolve_public_name.
	public_to_internal = TeamModelNameTranslator._response_to_lookup_map(
	all_models, internal_to_public
	)
	resolved_model_id = public_to_internal.get(model_id, model_id)

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

[greptile-apps]

healthy_only is silently a no-op on this stable branch (1.89.x lacks async_get_fully_unhealthy_model_names on Router). Callers passing ?healthy_only=true will receive a 200 with no filtering, which is silent rather than explicit. The PR notes document this intentionally, but a comment in the function body (similar to the existing docstring note) would help future maintainers avoid accidentally wiring this param to a stub that raises.

[codecov]

Codecov Report

❌ Patch coverage is 42.15247% with 129 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
litellm/proxy/common_utils/model_listing_utils.py	35.29%	33 Missing ⚠️
litellm/proxy/proxy_server.py	26.82%	30 Missing ⚠️
...tellm/proxy/openai_files_endpoints/common_utils.py	40.90%	26 Missing ⚠️
litellm/router.py	55.55%	16 Missing ⚠️
...lm/proxy/openai_files_endpoints/files_endpoints.py	0.00%	11 Missing ⚠️
litellm/proxy/utils.py	41.66%	7 Missing ⚠️
litellm/integrations/otel/emitter.py	16.66%	5 Missing ⚠️
litellm/llms/anthropic/cost_calculation.py	66.66%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[veria-ai]

High: Key model restrictions bypassed for provider file listing

get_team_provider_credentials() is only given team_models, so a virtual key restricted to a subset of the team's models can call GET /v1/files?provider=openai without target_model_names and still have credentials selected from the team's OpenAI deployment. Use the effective key-scoped model set here, or require and validate a target model before resolving provider credentials.

[veria-ai]

Medium: View-only users can mutate vector stores

Adding the bare vector-store route to openai_routes makes RouteChecks.is_llm_api_route() return true for GET, POST, and DELETE on /v1/vector_stores/{vector_store_id}. That path is allowed before the view-only write checks run, so an INTERNAL_USER_VIEW_ONLY key can now update or delete vector stores it can access; keep this out of the blanket LLM route group or make the route check method-aware so only reads are allowed for view-only roles.

[veria-ai]

PR overview

This release backport pulls several changes into stable/1.89.x for the 1.89.2 cut, including updates around OpenAI-compatible file/provider handling and vector store route definitions in the proxy.

There are still open authorization issues in the proxy paths touched by this backport. A key scoped to limited models may be able to use provider file listing through broader team credentials, and view-only users may be able to update or delete accessible vector stores due to route classification. No issues have been addressed yet, so these access-control gaps remain the current security focus before release.

Open issues (2)

• High: Key model restrictions bypassed for provider file listing — litellm/proxy/openai_files_endpoints/files_endpoints.py:1378
• Medium: View-only users can mutate vector stores — litellm/proxy/_types.py:379

Fixed/addressed: 0 · PR risk: 7/10

[yuneng-berri]

@greptile

[yuneng-berri]

@veria-ai review