h S UdZddlZddlmZmZmZmZmZddlm Z m Z m Z m Z m Z mZddlmZddlZddlmZmZddlmZddlmZe d d g Zd Zeed < ej:d erddl!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(ddl)m*Z*ddl+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1ddl2m3Z3ddl4m5Z5ddl6m7Z7de8fdZ9dee,de8defdZ:ejwdd ge e3ge e3fde1fdZejwd&d'e e3ge,$e e3fd(e8de1fd)Z?ejd"d*e e3ge,ej+e7e e3e dd,-fd.e.de1d/ee8fd0ZBejd&d1e e3geej2e7e e3e dd,-fd(e8de1d/ee8fd3ZEejd"d1e e3ge,ej+e7e e3e dd,-fd.e0de1d/ee8fd4ZGyy#e$r"Zej@dedZYdZ[dZ[wwxYw)5aV 1. Allow proxy admin to perform create, update, and delete operations on MCP servers in the db. 2. Allows users to view the mcp servers they have access to. Endpoints here: - GET `/v1/mcp/server` - Returns all of the configured mcp servers in the db filtered by requestor's access - GET `/v1/mcp/server/{server_id}` - Returns the the specific mcp server in the db given `server_id` filtered by requestor's access - GET `/v1/mcp/server/{server_id}/tools` - Get all the tools from the mcp server specified by the `server_id` - POST `/v1/mcp/server` - Add a new external mcp server. - PUT `/v1/mcp/server` - Edits an existing mcp server. - DELETE `/v1/mcp/server/{server_id}` - Deletes the mcp server given `server_id`. - GET `/v1/mcp/tools - lists all the tools available for a key - GET `/v1/mcp/access_groups` - lists all available MCP access groups N)DictIterableListOptionalcast) APIRouterDependsHeader HTTPExceptionResponsestatus) JSONResponse)verbose_loggerverbose_proxy_logger)LITELLM_PROXY_ADMIN_NAME))validate_and_normalize_mcp_server_payloadz/v1/mcpmcp)prefixtagsT MCP_AVAILABLEzMCP module not found: F)create_mcp_serverdelete_mcp_serverget_all_mcp_serversget_all_mcp_servers_for_userget_mcp_serverget_mcp_serversupdate_mcp_serverglobal_mcp_server_manager)LiteLLM_MCPServerTableLitellmUserRolesNewMCPServerRequestSpecialMCPServerNameUpdateMCPServerRequestUserAPIKeyAuthuser_api_key_auth)_user_has_admin_view)management_endpoint_wrappermessagecPddlm}|ttjd|i|S)Nr prisma_clienterror status_codedetail)litellm.proxy.proxy_serverr-r r HTTP_500_INTERNAL_SERVER_ERROR)r*r-s w/var/www/Befach/backend/env/lib/python3.12/site-packages/litellm/proxy/management_endpoints/mcp_management_endpoints.pyget_prisma_client_or_throwr5@s1<  "AA) mcp_server_records mcp_server_idreturnc4|D]}|j|k(syy)za Check if the mcp server with the given id exists in the iterable of mcp servers TF) server_id)r7r8mcp_server_records r4does_mcp_server_existr=Js% "4  **m;"4r6z/tools)r dependenciesuser_api_key_dictcKddlm}ddlm}|j |d{}g}|D]+}|j |j |d{-tjd|d|iS7R7(w)ze Get all MCP tools available for the current key, including those from access groups r)MCPRequestHandlerrNzAvailable tools: tools) Alitellm.proxy._experimental.mcp_server.auth.user_api_key_auth_mcprA9litellm.proxy._experimental.mcp_server.mcp_server_managerr _get_allowed_mcp_servers_for_keyextendget_tools_for_serverrdebug)r?rAr server_idsrBr;s r4 get_mcp_toolsrJXs  -MMN_`` #I LLM8MMiXX Y$ ""%6ug#>?aYs!!A:A6+A:A8 'A:8A:z/access_groupsc,Kddlm}ddlm}t }|j j D]*}|js|j|j,|j |jjjd{}|D]7}t|ds|js|j|j9 t#t%|}d|iS7Y#t$r"}tj d|Yd}~@d}~wwxYww)zR Get all available MCP access groups from the database AND config rr,rNmcp_access_groupsz!Error getting MCP access groups: access_groups)r2r-rDrsetconfig_mcp_serversvaluesrMupdatedblitellm_mcpservertable find_manyhasattrrL ExceptionrrHsortedlist)r?r-rrMserver mcp_serverseaccess_groups_lists r4get_mcp_access_groupsr]us =g 0BBIIKF##$$V%9%9:L  $ T$1$4$4$K$K$U$U$WW )Fv':;@X@X%,,V-E-EF*$D$78!344X T$**-Nqc+RSS TsTADD#'C& C$ C&! C&.C& D$C&& D/D D DDz/serverz1Returns the mcp server list with associated teams) descriptionr>response_modelcxKddlm}td}g}|jjj ddid{}t |r|}nT|D]O}|j s|j D]1}d|vs|d|d|jk(s!|j|3Qi}|D]}|js|jjs'|jjD]A}||vrg||<||j|j|j|jd Cg} |D]K}|js|jjs'| j|jjMt|| d{} t |r:t!|d{} | D]"} | j"| vs| j| $t%j&| d{} t$j(}|j+D]\}}|| vs | jt-||j.|j0|j2|j4|j6|j8|j;|j;|j<t?|d dt?|d dxsgt?|d dxsi | D cgc]D} t-did| j"d| j@d| j0d| jBd| j2d| j4d| j6d| j8d| jDd| jFd| jHd| jJd| jL | jLngd| j<dtOtPtRtTtTdzf|jW| j"gd t?| d dd t?| d dxsgd t?| d dxsiG} } | S7777?cc} ww)z Get all of the configured mcp servers for the user in the db with their associated teams ``` curl --location 'http://localhost:4000/v1/mcp/server' --header 'Authorization: Bearer your_api_key_here' ``` r)datetime8Database not connected. Connect a database to your proxyobject_permissionT)includeNuser_id)team_id team_aliasorganization_idr&commandargsenv) r; server_namealiasurl transport spec_version auth_type created_at updated_atmcp_inforirjrkr;rlrmr^rnrorprqrr created_byrs updated_byrLrtteams),rar5rRlitellm_teamtablerTr(members_with_rolesreappendrcrZrfrgrhrFrrr;rget_allowed_mcp_serversrOitemsr namermrnrorprqnowrtgetattrrlr^rrrursrvrLrrrstrget)r?rar- user_teamsrwteammemberserver_to_teams_mapr;mcp_server_idsLIST_MCP_SERVERSall_mcp_serversrYALLOWED_MCP_SERVER_IDSALL_CONFIG_MCP_SERVERS _server_id_server_configs r4fetch_all_mcp_serversrsf &2 F  #&&88BB'C 1 2J**"&"9"9%/ &y 1 = &y 15F5N5N N&--d3 #:@BD%%$*@*@*L*L!%!7!7!C!CI (;;9;+I6' 299#'<<&*oo+/+?+?;"DD%%$*@*@*L*L%%d&<&<&H&HI"1!OO  1 2$7 $FFO)##>9$++F3* ,CC"3   ";!M!M*@*F*F*H &J33 ''*",$2$7$7,22*.."0":":%3%@%@"0":":#+<<>#+<<>!/!8!8 ' 4 H$^VTBHb#NE4@FB+IX+- ,+ #  ** ".. ll #..   JJ   !**  $00 !** ",, ",, ",, ",, ?E>V>V>b&":":hj   4S#*_ 568K8O8OPVP`P`bd8ef "  48# $VVT28b% &FE406B'   2 OPPG 6 s?P:P)#P:&P::P:P:(P:<P:A/P:P:6P:P,P:.P//P:,P:3P24.P:#B8P:E P5%P:,P:/P:2P:5P:z/server/{server_id}zReturns the mcp server infor;cdKtd}t||d{}|!ttjdd|dit |r|St ||d{}t||}|rtj||Sttjdd|di77Lw) aY Get the info on the mcp server specified by the `server_id` Parameters: - server_id: str - Required. The unique identifier of the mcp server to get info on. ``` curl --location 'http://localhost:4000/v1/mcp/server/server_id' --header 'Authorization: Bearer your_api_key_here' ``` rbNr.MCP Server with id z not foundr/z9User does not have permission to view mcp server with id z8. You can only view mcp servers that you have access to.) r5rr r HTTP_404_NOT_FOUNDr(rr=radd_update_serverHTTP_403_FORBIDDEN)r;r?r- mcp_serverr7existss r4fetch_mcp_serverrs&3 F *-CC  "55#6yk!LM  1 2 $@ ,$  ''99E  % 7 7 C "55XYbXcd\] +D s#B0B,AB0!B."A B0.B0zAllows creation of mcp servers)r^r>r_r0zThe litellm-changed-by header enables tracking of actions performed by authorized users on behalf of other users, providing an audit trail for accountability)r^payloadlitellm_changed_byc `Ktd}t|tj|jk7rt t jddi|jKt||jd{}|t t jdd|jditj|jk(stj|jk(r+t t jdd|jdi t|||jxst d{}t#j$||S77#t&$rO}t)j*d t-|t t j.dd t-|id}~wwxYww) z? Allow users to add a new external mcp server. rbr.znUser does not have permission to create mcp servers. You can only create mcp servers if you are a PROXY_ADMIN.r/Nrz' already exists. Cannot create another.z is special and cannot be used. touched_byzError creating mcp server: )r5rr! PROXY_ADMIN user_roler r rr;rHTTP_400_BAD_REQUESTr#all_team_serversall_proxy_serversrrerrrrVr exceptionrr3)rr?rr-rnew_mcp_serverr[s r4add_mcp_serverrNs&3 F 2':  ' '+<+F+F F"55N     *-mW=N=NOOJ%# & ; ;#6w7H7H6IIp!q ! 1 1W5F5F F#559J9JJ"77273D3D2EEde  #4,44P8P$N & 7 7 GGP.   * *-HQ+Q R"AA#>s1vh!GH  sJA6F.8E9BF.#E3E4E F.E F+A F&&F++F.z$Allows deleting mcp serves in the db)r^r>response_classr0cKtd}tj|jk7r,t t j ddjdit||d{}| t t jdd|itj|tjr tt jS7fw) ak Delete MCP Server from db and associated MCP related server entities. Parameters: - server_id: str - Required. The unique identifier of the mcp server to delete. ``` curl -X "DELETE" --location 'http://localhost:4000/v1/mcp/server/server_id' --header 'Authorization: Bearer your_api_key_here' ``` Database not connected. Connect a database to your proxy - https://docs.litellm.ai/docs/simple_proxy#managing-auth---virtual-keysr.zJCall not allowed to delete MCP server. User is not a proxy admin. route={}zDELETE /v1/mcp/serverr/N'MCP Server not found, passed server_id=)r0)r5r!rrr r rformatrrr remove_serverlitellmstore_audit_logsr HTTP_202_ACCEPTED)r;r?rr-mcp_server_record_deleteds r4remove_mcp_serverrs43 P  ' '+<+F+F F"55ipp/ +rs 77OO*A6b )5' 2 tIE" GTRC $%;< MP    ZZW/01 188I0J -   0 ZZW/01 188I0J5-5  5> ZZG/0123 -44E,Fy )y  y v ZZ1/01- -44E,F,,),  ,\ [[4/01-++ !-44E,F,2 x- ?$?)?%SM?!?B ]]:/01#,, !-44E,F,2 x- 5>5>)5>%SM5>!5>n ZZ:/01-,, !-44E,F,2 x- 8)'8))8)%SM8)!8)o  N1!56MsIJ I==J