h, dZddlZddlZddlZddlmZmZmZmZm Z m Z m Z m Z ddl mZmZddlmZddlZddlmZddlmZddlmZdd lmZmZmZdd lmZdd lm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1dd l2m3Z3dd l4m5Z5ddl6m7Z7m8Z8m9Z9ddl:m;Z;ddlm?Z?ddl@mAZAerddlBmCZDe eDefZCneZCedZEeZFe+jje+jjzZJdeKde e(de e*de e"de eLdeKdeMde e;de8d e e1d!ed"eNfd#ZO ddeMd$e e*d"eNfd%ZPd$e e*d"e e,fd&ZQ ddeMd!ed'eKd e e1d$e e*d"eNf d(ZRd$e e*fd)ZS ddeMd*e d+d!ed'eKd e e1d$e e*d"eNfd,ZTd-eMd.eUd"eNfd/ZVd0e e,je,je,jfd-eMd1e$d"eNfd2ZZd3e1d4e eMd"eNfd5Z[d.eUd"eUfd6Z\e9 dd7e eMd8e e7d9ed:e eCde e8d"e e"f d;Z]dZ^d?eMd@edAe_d"eNfdBZ`d?eMdCe ed@efdDZadEe deKd?e dFd"e eeMfdGZbdEe deKd"e eeMfdHZcdEe deKd"e eeMfdIZd dd8e7dJe eMdKe eMd"e e*fdLZee9 ddMe eMd8e e7d9edNeNd:e eCde e8dJe eMdKe eMdOe eNd"e e*fdPZfd?eMdCed9ede e8fdQZgdReMdSe)d9ede e8fdTZhdUeMdVe1d9ede e8fdWZidUeMd9ede e8fdXZje9 ddReMd8e7dYe eNfdZZkdReMd8e7fd[Zl ddReMd8e7d9ed@edAe_de e8d?eMdYe eNd"e)fd\Zmd?eMde e8d9ed:e eCd"e e)f d]Zn ddReMd8e e7d9ed:e eCde e8d^e eNdOe eNdYe eNd"e)fd_ZoGd`daZpe9 ddUeMd8e e7d9ed:e eCde e8d^e eNd"e1fdbZqe9 ddceMd8e e7d9ed:e eCde e8d"e e'f ddZr dd0), is proxy under budget 8. [OPTIONAL] If guardrails modified - is request allowed to change this 9. Check if request body is safe 10. [OPTIONAL] Organization checks - is user_object.organization_id is set, run these checks 11. [OPTIONAL] Vector store checks - is the object allowed to access the vector store NTzTeam=z6 is blocked. Update via `/team/unblock` if your admin.modelr6r<team_model_aliasesz'Team not allowed to access model. Team=z, Model=z. Allowed team models = rCmessagetypeparamcoderCr<r7)r6r=r>zExceededBudget: User=z over budget. Spend=z , Budget= current_cost max_budgetrFzExceededBudget: End User=enforce_user_param)r;userz1'user' param not passed in. 'enforce_user_param'=rz /v1/modelsz/modelsrLrMmetadata guardrails)can_modify_guardrailsF) HTTPExceptionierrorz8Your team does not have permission to modify guardrails.) status_codedetail)r7r;r5team_idlitellm-dashboarduiapi)r; token_typeuser_objr? request_datar>)r5r6r>)r1blocked ExceptionrXcan_team_access_modelrDr#modelsr"team_model_access_deniedr HTTP_401_UNAUTHORIZEDcan_user_call_model_team_max_budget_checkrMspendlitellmBudgetExceededErroruser_idlitellm_budget_tablegetr'is_llm_api_route*litellm.proxy.guardrails.guardrail_helpersrSfastapirTr0getattr_is_allowed_routevector_store_access_check)r5r6r7r8r9r:r;r<r=r>r?_model user_budgetend_user_budget_request_metadatarS can_modifyrT token_teamr\_is_route_alloweds Z/var/www/Befach/backend/env/lib/python3.12/site-packages/litellm/proxy/auth/auth_checks.py common_checksr{Hs8/Ee/F ;#6#6$#>K''((^ _  +$#!AL{==RV  !A+BUBUAVV^_e^ff~@K@R@RST$==11  +%+*A!!#    !+    3 3 ;  #  " " .!,, ** *--(..&/ 0C0C/DDXYdYjYjXkktvAuBC "'K'K'W)>>II  &?+@+@?+R--,22*3O4K4K3LL`apavav`wxABQARS  148D 1 2d :  ' 'e 4|9SCDTUiDjCkl  Q  *  ( (u 5 \ ! Y   2 2 2--/GD"\*T0=   -W )u<i6J&:9L+LRW*!  $!  Q vs7B6L8L9LL H2LL L L Lr]ctjj}%ttrt fd|Dryt fd|Dryy)z1 - Check if the route is a UI used route c3@K|]}j|ywN) startswith.0 allowed_router;s rz z_is_ui_route..sTM  /TsTc3LK|]}tj|yw))r;patternN)r'_route_matches_patternrs rzrz_is_ui_route..s)   ** NN s!$F)r ui_routesvalue isinstancestrany)r;r]allowed_routess` rz _is_ui_routersX#,,22N  uc " T^T T  +   c~|y|}|j} t|}|S#t$rtjcYSwxYwr~) user_roler! ValueError INTERNAL_USER)r]_user _user_roleroles rz_get_user_rolersN EJ. + K .---.s <<r^ct|}| tdtj||t |stj ||||||y)z< - Route b/w api token check and normal token check r]z4Invalid proxy server token passed. valid_token=None.)r;r>)r]rr;r?r^r>T)rr`r'should_call_route_is_user_proxy_admin$non_proxy_admin_allowed_routes_check)r;r?r^r>r]rs rz_is_api_route_allowedrs_ 2JNOO!!;G  288!%#   rc|y|j(|jtjjk(ry|j(|jtjjk(ryy)NFT)rr! PROXY_ADMINrrs rzrr2sf &   "2">">"D"D D &   "2">">"D"D D rr\)rZr[cH|dk(rt||ryt|||||S)z; - Route b/w ui token check and normal token check rZ)r;r]T)r;r?r^r>r])rr)r;r\r?r^r>r]s rzrqrqEs4TlJ$%#   r user_routercr|D]2}|tjvr|t|jvry||k(s2yy)a  Return if a user is allowed to access route. Helper function for `allowed_routes_check`. Parameters: - user_route: str - the route the user is trying to call - allowed_routes: List[str|LiteLLMRoutes] - the list of allowed routes for the user. TF)r __members__r)rrrs rz_allowed_routes_checkr]sB( ]66 6mM:@@@ j (( rrlitellm_proxy_rolesc|tjk(rt||j}|S|tjk(rC|j  t|ddg}|S|j t||j }|Sy)zE Check if user -> not admin - allowed to access these routes )rr openai_routes info_routesF)r!rradmin_allowed_routesTEAMteam_allowed_routes)rrr is_alloweds rzallowed_routes_checkrqs$000*!.CC  &++ +  2 2 : /% 6VJ  4 4 @.%2FFJ  ruser_api_key_dictrequested_user_idcd}|jtjk7r|jtjk7rd}||j|j|k(rd}|S)NTF)rr!rPROXY_ADMIN_VIEW_ONLYrj)rrret_vals rz allowed_route_check_inside_routerscG##'7'C'CC  ' '+;+Q+Q Q$):)B)B)N  $ $(9 9G Nrcg}|D]R} t|j}t|tr|j t |n|j |T|S#t $r|j|YswxYwr~)r rrsetextendlistKeyErrorappend)r actual_routes route_name route_values rzget_actual_routesrsyM$  -' 399K+s+$$T+%67$$[1 %  -   , -sAAA98A9 end_user_id prisma_clientuser_api_key_cacheparent_otel_spancK| td|ydj|}dtfd}|j|d{}|Ct |t rtd i|}|||St |tr |}|||S |j jjd|id d i d{} | t|jdj|| d{td i| j } || | S77\7,#t$r&} t | tjr| Yd} ~ yd} ~ wwxYww)af Returns end user object, if in db. Do a isolated check for end user in table vs. doing a combined key + team + user + end-user check, as key might come in frequently for different end-users. Larger call will slowdown query time. This way we get to cache the constant (key/team/user info) and only update based on the changing value (end-user). NNo db connectedzend_user_id:{} end_user_objc|jy|jj}|1|j|kDr!tj|j|yy)NrP)rkrMrgrhri)rrus rzcheck_in_budgetz,get_end_user_object..check_in_budgets\  , , 4 &;;FF  &<+=+=+O--)//O ,P &rkey)rrjrkTwhereinclude)rr) r`formatrasync_get_cacherdictdblitellm_endusertable find_uniqueasync_set_cacherhri) rrrrr=_keyrcached_user_obj return_objresponse _responsees rzget_end_user_objectrsw)**  " "; /D&:/>>4>HHO" ot ,-@@J  4  )= >(J  4 &))>>JJk*+T2K    O!00 '' 4H1   );8==?; Y/;I    a44 5GsaAEDA E.D<D=1D.D/'DEDD E &EEE  ErC team_modelscddlm}|y||vry|t}|r|j|}t |dkDrt |D] \}}||vs y|Dcgc] }||vs| }}||vryycc}w)Nr defaultdictT model_nameF) collectionsrrget_model_access_groupslen enumerate)rCrr<r access_groupsidxmfiltered_modelss rzmodel_in_access_grouprs( *5d*;M"::e:L  =A  FCM!  #.HQ-1GqHOH   Is  A0$A0rlast_db_access_timedb_cache_expirycptj}||vry||dy||d |||z |k\ryy)zM Prevent calling db repeatedly for items that don't exist in the db. TrFtime)rrr current_times rz_should_check_dbrsW 99;L %%C #/ S !! $ , -c2 2o E rrc6|tjf||<yr~rrrrs rz_update_last_db_access_timer*s!&tyy{3r rbac_role)rbroutesctttt|j dg}|y|D]}|j |k(st ||cSy)zC Get the role based permissions from the general settings. role_permissionsN)r rrr$rlrrp)rr:rrole_based_permissionsrole_based_permissions rz_get_role_based_permissionsr0se"*+,/4%!7 % % 20#6 6"8 rct||dS)zH Get the models allowed for a user role. Used by JWT Auth. rbrr:rrrr:s rzget_role_based_modelsrFs ')  rct||dS)z1 Get the routes allowed for a user role. rrrrs rzget_role_based_routesrWs ')  r sso_user_id user_emailcKd}|3|jjjd|iddid{}|||jjjd|iddid{}|J|Ht j |jjj d|jid|i|S77Tw) a< Checks if sso user is in db. Called when user id match is not found in db. - Check if sso_user_id is user_id in db - Check if sso_user_id is sso_user_id in db - Check if user_email is user_email in db - If not, create new user with user_email and sso_user_id and user_id = sso_user_id Nrorganization_membershipsTrrrj)rdata)rlitellm_usertabler find_firstasyncio create_taskupdaterj)rrrrs rz_get_fuzzy_user_objectr fs H&));;GG +./6H   J2&));;FF,/6G    K$;     2299$h&6&67'5:  O'  s"3CB?6C,C-ACCrjuser_id_upsert check_db_onlyc `K|y|sI|j|d{} | -t| tr tdi| St| tr| S| t d dj |} t | tt} | rL|jjjd|iddi d{} | t||| d{} nd} | m|red|i} tj| jtj|jjj!| ddi d{} nt| j"Qt%| j"d kDr9| j"Dcgc]}|t'di|j)}}|| _tdit| }|j)}|j+||t, d{t/| |t|S77G727cc}w7(#t$r}t1d|d|d}~wwxYww)z - Check if user id in proxy User Table - if valid, return LiteLLM_UserTable object with defined limits - if not, then raise an error Nrrz user_id:{}rrrrjrTr)rrr)rrrrrttlrz$User doesn't exist in db. 'user_id'=z0. Create user via `/user/new` call. Got error - r)rrrrr`rrrrrrrr rhdefault_internal_user_paramsr createrrr model_dumprrrr)rjrrr rr=rrr rdb_access_time_keyshould_check_dbrnew_user_params membership_dumped_membershipsr response_dictrs rzget_user_objectrs$  2 B Bw B OO  &/40(;?;;O->?&&)**G )009*" 3+  *--??KK '*5OQU4VLH!7"/ +)"H  w377C#**7+O+OP!.!1!1!C!C!J!J(7>"K"    - - 9H556: #+"C"C#)4Nj6K6K6MN# # 1DH -%7X7 !,,. !00=1    $" 3 YP$ "#   27);klmkn o   sH.G:AH.AH 6G=7H HA*H 9H:=H 7"HAH !H "H 9H.=H H H H H+H&&H++H.cPK|j||td{y7w)Nr)rrrrrr=s rz_cache_management_objectrs-  , , u"O - s &$&rX team_tablecKdj|}tj|_t||||d{y7w)N team_id:{}r)rrlast_refreshed_atr)rXrrr=rs rz_cache_team_objectr#sF   g &C$(99;J " -+  s=AAA hashed_tokenuser_api_key_objctK|}tj|_t||||d{y7w)Nr)rr"r)r$r%rr=rs rz_cache_key_objectr's< C*.& " -+  s .868cK|}|j||/|jjj|d{yy7w)Nr) delete_cacheinternal_usage_cache dual_cacheasync_delete_cache)r$rr=rs rz_delete_cache_key_objectr-)s] C###,$44??RRS   % sAA A A team_id_upsertcK|jjjd|id{}|2|r0|jjjd|id{}|S7:7w)NrXr)r)rlitellm_teamtablerr)rXrr.rs rz_get_team_db_checkr29s#%%77CC'"DHN&));;BBW%C   O  s!,A-A)3A-"A+#A-+A-cnK|jjjd|id{S7w)NrXr0)rr1r)rXrs rz_get_team_object_from_dbr4Is=!!33??'"@  s ,535cK|}t|||} | rt|||d{} nd} | ttdi| j } t || ||d{t || || S7O7w)Nr)rXrr.)rXrrr=rr)rr2r`rrr#r) rXrrrrr=rr.rrrrs rz(_get_team_object_from_user_api_key_cacher6Os& /'O +=  *=X]]_=I -+   / 3 s!$A:A6:A:!A8"A:8A:c<Kd}|E|jjr/|jjj||d{}||j|d{}|-t|tr t di|St|t r|Sy7P76w)N)rrrr)r*r+rrrr)rr=rrcached_team_objs rz_get_team_object_from_cacher9|s =AO %  2 2 = =$88CCSS*:T    2 B Bs B KK" ot ,-@@ @ )C D" "   Ls$ABBB#B$5BBcheck_cache_onlyc *K| tddj|}|s,t||||d{} | | S|rtd|d t||||tt ||d{S7=7#t$rtd|d wxYww) z - Check if team id in proxy Team Table - if valid, return LiteLLM_TeamTable object with defined limits - if not, then raise an error Raises: - Exception: If team doesn't exist in db or cache NFNo DB Connected. See - https://docs.litellm.ai/docs/proxy/virtual_keysr!)rr=rrz:Team doesn't exist in cache + check_cache_only=True. Team=.)rXrrr=rrrr.zTeam doesn't exist in db. Team=z#. Create team via `/team/new` call.)r`rr9r6rr) rXrrrr=r:r r.rr8s rzget_team_objectr>s$ T    g &C  ;/1- !    &" " LWIUVW   ='1/ 3+)   # "    -gY6Y Z   s93BA3BA7.A5/A72B5A77BBcFeZdZededefdZededeefdZ y)ExperimentalUIJWTToken user_infor@cdddlm}ddlm}|j t dt |dz}|jdddd z}td d d tjd ||jd |jdt|j }||jdS)Nr) timedelta)encrypt_value_helperz/User role is required for experimental UI login )minutesz%Y-%m-%dT%H:%M:%S.%fz+00:00zui-tokenr3rY) tokenkey_name key_aliasrM rpm_limitexpiresrjrXrbmax_parallel_requestsrT exclude_none)datetimerC0litellm.proxy.common_utils.encrypt_decrypt_utilsrDrr`r.strftimer&rhmax_ui_session_budgetrjrbr!model_dump_json)rArCrDexpiration_timerLr>s rz(get_experimental_ui_login_jwt_auth_tokenz?ExperimentalUIJWTToken.get_experimental_ui_login_jwt_auth_tokens&     &MN N+,y/DD"**+AB3BG(R$ 44%%'##"&&y':':;  $K$?$?T$?$RSSrr$c ddl}ddlm}ddlm}||dd}|y |d i|j |S#t $r}t d|d|d |d}~wwxYw) Nr)r&)decrypt_value_helper ui_hash_keydebug)rexception_typezInvalid hash key. Hash key=z. Decrypted token=z . Error: r)json$litellm.proxy.auth.user_api_key_authr&rQrXloadsr`)r$r\r&rXdecrypted_tokenrs rzget_key_object_from_ui_hash_keyz6ExperimentalUIJWTToken.get_key_object_from_ui_hash_keys G / mG   " !@DJJ$?@ @ -l^;MoM^^ghigjk  s7 AAAN) __name__ __module__ __qualname__ staticmethodrrrVrr&r`rrrzr@r@sRT~> > (A B! !  &))CCOO$f-P    O   =fXEx y   s0AB9!+B B BB9BB66B9rbrD object_type)rOteamrorgfallback_depthTc |tk\rtdj|t|tr|D]}t ||||||dzy|t jvrt j|}n%|r#||jvr|j|}|r|}ddl m }|t} |r|j|} t| dkDr|t|D] \} }|| vs y|Dcgc] }|| vs| } }t||ryt!|| ryd } t| dk(rt|dk(sd | vrd} t"j$j&| vrd} |D|| vr@| d urPQ2" O!c&kQ&63/;Q))//?B U/9>NRW>W"m#F{mSklrkstFGLFMN GG'--    #O#4JvhG ?Ds . F>8F>c|r||vryy)a Returns True if `model` being accessed is an alias of a team model - `model=gpt-4o` - `team_model_aliases={"gpt-4o": "gpt-4o-team-1"}` - returns True - `model=gp-4o` - `team_model_aliases={"o-3": "o3-preview"}` - returns False TFrrxs rzrrs & & rllm_model_listcRKt|||j|jdSw)z Checks if token can call a given model Returns: - True: if token allowed to call model Raises: - Exception: If token not allowed to call model rrCr<rbrDrs)r|rbrD)rCrr>r<s rzcan_key_call_modelrs0 "!!&99  s%' org_objectc>t|||r |jng|dS)@ Returns True if the team can access a specific model. rurr|rb)rCrr<rDs rzcan_org_access_modelrs* "$.z  B-  rc>t|||r |jng|dS)rrtrrrBs rzrara"s* "%0{!!b-  rcK|ytjj|jvr.t d|t j dtjt|||jdSw)NTzeUser not allowed to access model. No default model access, only team models allowed. Tried to access rCrErO)rCr<rbrs) r%no_default_modelsrrbr#r"key_model_access_deniedr rdr|rJs rzrere5s **00K4F4FF{}B|CD 88--    "!!  sA1A3 user_modelcLKt|dddgd||dd{y7w) z Try to route the fallback model request. Validate if it can't be routed. Help catch invalid fallback models. rOzWho was Alexander?)rcontent)rCmessages acompletion)rr<r route_typeNTr()rCr<rs rzis_valid_fallback_modelrMsC "(5IJK    s $"$c K|j|jd}| |j}t|j|j|j|j |j ||jtj}tj|jd||j|jk\r+tj|j|jyyyw)z Raises: BudgetExceededError if the token is over it's max budget. Triggers a budget alert if the token is over it's max budget. N)rHrgrMrjrXrrJ event_group token_budgetrGrArP)rgrMrrrHrjrXrJrKEYrr  budget_alertsrhri)r>r=r]r call_infos rz_virtual_key_max_budget_checkrfs$)?)?)K   !,,J####"--''''!!++*..     + +## ,      6 6 6--(..&11  7?*L$sC3C5c K|jr|j|jk\rtjd|j|j|jt |j|j|j |j|j|j|jd|jtj }tj|jd|yyyw)zI Triggers a budget alert if the token is over it's soft budget. z:Crossed Soft Budget for token %s, spend %s, soft_budget %sN) rHrgrM soft_budgetrjrX team_aliasrrJrrr)rrgrrZrHrrMrjrXrrJrrrr r)r>r=rs rz_virtual_key_soft_budget_checkrs;#4#4 8O8O#O"" H        # #  ####"--#//''''"--!++*..     + +"# ,  '$PsC8C:c (K| |j|j|j|jkDr|rt|j|j|j|j|j |j tj}tj|jd|tj|j|jd|j d|jd|jyyyyw) z Check if the team is over it's max budget. Raises: BudgetExceededError if the team is over it's max budget. Triggers a budget alert if the team is over it's max budget. N)rHrgrMrjrXrr team_budgetrzBudget has been exceeded! Team=z Current cost: z, Max budget: rK)rMrgrrHrjrXrrrrr rrhri)r6r>r=rs rzrfrfs+   " " .    )    6 6 6  !''!''&11#++#++&11.33I   !//&'0 ))$**"--5k6I6I5J/ZeZkZkYllz|G|R|R{ST  ' 7 * / sDDallowed_model_patterncvd|vr5d|jddd}ttj||Sy)a~ Check if a model matches an allowed pattern. Handles exact matches and wildcard patterns. Args: model (str): The model to check (e.g., "bedrock/anthropic.claude-3-5-sonnet-20240620") allowed_model_pattern (str): The allowed pattern (e.g., "bedrock/*", "*", "openai/*") Returns: bool: True if model matches the pattern, False otherwise r{^z.*$F)replaceboolrematch)rCrrs rzis_model_allowed_by_patternrsC ##+33C>?qABHHWe,-- rrzcZtfd|Drytfd|Dryy)ae Returns True if a model matches any wildcard pattern in a list. eg. - model=`bedrock/us.amazon.nova-micro-v1:0`, allowed_models=`bedrock/*` returns True - model=`bedrock/us.amazon.nova-micro-v1:0`, allowed_models=`bedrock/us.*` returns True - model=`bedrockzzzz/us.amazon.nova-micro-v1:0`, allowed_models=`bedrock/*` returns False c3RK|]}t|xr t| ywrCrN)_is_wildcard_patternrrrrCs rzrz>_model_matches_any_wildcard_pattern_in_list..s9  " 23 '/D   $'Tc3RK|]}t|xr t| ywr)r3_model_custom_llm_provider_matches_wildcard_patternrs rzrz>_model_matches_any_wildcard_pattern_in_list.. s9  " 23 ?/D   rF)rrys` rzrrs@   &8     &8   rch t|\}}}}t|d||S#t$rYywxYw)z Returns True for this scenario: - `model=gpt-4o` - `allowed_model_pattern=openai/*` or - `model=claude-3-5-sonnet-20240620` - `allowed_model_pattern=anthropic/*` )rCF/r)rr`r)rCrcustom_llm_provider_s rzrrsP+;%+H("Aq '$%Qug.3  s % 11c d|vS)zb Returns True if the pattern is a wildcard pattern. Checks if `*` is in the pattern. r{r)rs rzrr0s ' ''rcKddlm}|tjdytj tjdytj j ||jdd}|tjd y|V|jJ|jjjd |ji d{}|td || |V|jJ|jjjd |ji d{}|td|| y7m7w)z Checks if the object (key, team, org) has access to the vector store. Raises ProxyException if the object (key, team, org) cannot access the specific vector store. r)rNz;Prisma client not found, skipping vector store access checkTzCVector store registry not found, skipping vector store access checktools)non_default_paramsrzAVector store to run not found, skipping vector store access checkobject_permission_idr0r)rsvector_store_ids_to_runobject_permissionsrt) litellm.proxy.proxy_serverrrrZrhvector_store_registryget_vector_store_ids_to_runrlrrlitellm_objectpermissiontabler_can_object_call_vector_stores)r5r6r>rrkey_object_permissionteam_object_permissions rzrrrr9sp9 "" I $$,"" Q %;;WW'|/?/?/NX&"" O  ;#C#C#O""@@LL-{/O/OPM   ! , *!(?#8 ;#C#C#O""@@LL-{/O/OPM   " - *"(?#9  1  s%CEEAE+E,EE)rrtrurrc|y|jyt|jdk(ry|D]P}||jvstd|d|jtj|dt j y)zg Raises ProxyException if the object (key, team, org) cannot access the specific vector store. Trz9User not allowed to access vector store. Tried to access z. Only allowed to access vector_storerE) vector_storesrr#r"-get_vector_store_access_error_type_for_objectr rd)rsrrvector_store_ids rzrr~s!''/  + +,12 "4"B"B B STcSdd}Q__~`a$RR%11  3 rr~)NN)NNNNN)NNN)NrOr)__doc__rrrtypingrrrrrrr r ror r pydanticr rhlitellm._loggingrlitellm.caching.cachingrlitellm.caching.dual_cacherlitellm.constantsrrr1litellm.litellm_core_utils.get_llm_provider_logicrlitellm.proxy._typesrrrrrrrrrrrr r!r"r#r$r%r&litellm.proxy.auth.route_checksr'litellm.proxy.route_llm_requestr)litellm.proxy.utilsr*r+r,litellm.routerr- litellm.utilsr.auth_checks_organizationr0 auth_utilsr1opentelemetry.tracer2_Spanrrrrmanagement_routes all_routesrfloatrrr{rrrrrqrrrrrrrrrrintrrrrrr rrr#r'r-r2r4r6r9r>r@rlrrr|rrrrarerrrrfrrrrrrrrrrzrs  QQQ#1-= O(89JJ!*J.1  D D-c:'  ( ( . .1P1P1V1V V __+,_+,_23 _ ! _  _ _ _$_.)__ _H-1 () 2() ,-1   .)  ()   <8,=#>2-1    $    .)  ()    0c4D(#$$&& (#  #)# #L % }    d t  (,04 >#>L)>">tn >  - > "# >>B %d3i0>Fv>N < #9LO (4 4c]49O4  # $d3i ,d3i"   d3i ""& $%%#% % %P (,04!% $$(f c]f L)f "f  f tn f  - f #f  f D>f  f f R  " -  *" - &$" - &    !   -  PT   !- ?G~  C &** **"*0 *  *  - * *TN* *Z  -"tn  () F(,04'+$(%)9 9 L)9 "9 tn 9  - 9 tn 9 D>9 TN9  9 x77t (,04'+ @@L)@"@tn @  - @ tn @@@F (,04 % % L)% "% tn %  - % '( % % X489? b d3i b b Ib!c3h0 b 56 b  b T]bL@D $,T#s(^$< ( d3i TN (   T] 848  23 !c3h0   T] .48  d3i +, !c3h0   T] & d3i  +, T] 0    T] 8-1..#.().b! ! #! H' +,' .)' $' Ts34& $( B '* .(((BB+,B.)BJ-.!#Y!!>?r