fix(noma-v2): fall back to key_alias for application_id in Noma dashboard#25795
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
bse-ai
force-pushed
the
fix/noma-v2-key-alias-application-id
branch
from
604c6ce to
62cfbae
Compare
|
Brendan Smith-Elion seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
Greptile SummaryThis PR ports the Confidence Score: 5/5Safe to merge — minimal, well-targeted change with no regressions and comprehensive test coverage. The fix is a 9-line addition that correctly ports v1 behavior to v2, uses the existing _get_non_empty_str helper for safe type handling, matches the established resolution pattern in prompt_security.py, and is backed by four new unit tests covering every branch of the fallback chain. No P0/P1 issues found. No files require special attention.
|
| Filename | Overview |
|---|---|
| litellm/proxy/guardrails/guardrail_hooks/noma/noma_v2.py | Adds user_api_key_alias fallback in apply_guardrail() after checking dynamic_params and self.application_id; correctly uses _get_non_empty_str and matches the resolution order in prompt_security.py. |
| tests/test_litellm/proxy/guardrails/guardrail_hooks/test_noma_v2.py | Replaces one test that was asserting the broken behavior (key alias is ignored) with four tests covering all new branches (litellm_metadata fallback, metadata fallback, config precedence, and no-fallback omission). Remaining changes are Black reformats. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[apply_guardrail called] --> B{dynamic_params\napplication_id?}
B -- non-empty string --> E[use dynamic_params value]
B -- None/empty --> C{self.application_id?}
C -- non-empty string --> E
C -- None/empty --> D{litellm_metadata\nuser_api_key_alias?}
D -- non-empty string --> E
D -- None/empty --> F{metadata\nuser_api_key_alias?}
F -- non-empty string --> E
F -- None/empty --> G[omit application_id\nfrom payload]
E --> H[_build_scan_payload with application_id]
G --> H
Reviews (3): Last reviewed commit: "fix(noma-v2): fall back to key_alias for..." | Re-trigger Greptile
…oard Noma v1 resolved application_id from user_api_key_alias when no explicit value was set (PR #16832). Noma v2 (PR #21400) was rewritten from scratch and this fallback was not ported, causing all requests from shared LiteLLM instances to appear as a single generic "litellm" application in the Noma dashboard — breaking per-user traceability. Fix: after checking dynamic_params and self.application_id, fall back to user_api_key_alias from litellm_metadata or metadata. This matches the pattern used by PromptSecurityGuardrail._resolve_key_alias_from_request_data() and restores the v1 behavior where each API key gets its own application entry in the Noma dashboard. Fixes #25794 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
bse-ai
force-pushed
the
fix/noma-v2-key-alias-application-id
branch
from
62cfbae to
48b3a1b
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
krrish-berri-2
changed the base branch from
main
to
litellm_oss_staging_04_15_2026_p1
krrish-berri-2
merged commit d73ea15
into
BerriAI:litellm_oss_staging_04_15_2026_p1
…oard (#25795) Noma v1 resolved application_id from user_api_key_alias when no explicit value was set (PR #16832). Noma v2 (PR #21400) was rewritten from scratch and this fallback was not ported, causing all requests from shared LiteLLM instances to appear as a single generic "litellm" application in the Noma dashboard — breaking per-user traceability. Fix: after checking dynamic_params and self.application_id, fall back to user_api_key_alias from litellm_metadata or metadata. This matches the pattern used by PromptSecurityGuardrail._resolve_key_alias_from_request_data() and restores the v1 behavior where each API key gets its own application entry in the Noma dashboard. Fixes #25794 Co-authored-by: Brendan Smith-Elion <brendan.smith-elion@arcadia.io> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
3 participants
Relevant issues
Fixes #25794
Summary
Noma v1 resolved
application_idfromuser_api_key_aliaswhen no explicit value was set (PR #16832). Noma v2 (PR #21400) was rewritten from scratch and this fallback was not ported, causing all requests from shared LiteLLM instances to appear as a single generic "litellm" application in the Noma dashboard.This matters for closed-source clients (e.g. Claude Code) that can't inject
application_idper-request, and for shared LiteLLM instances where a global env var doesn't distinguish between users/services.Fix: In
apply_guardrail(), after checkingdynamic_params.application_idandself.application_id, fall back touser_api_key_aliasfromlitellm_metadataormetadata— matching the resolution pattern inPromptSecurityGuardrail._resolve_key_alias_from_request_data().Fallback chain (after fix):
dynamic_params["application_id"](per-request override)self.application_id(config/env var)litellm_metadata["user_api_key_alias"](set by guardrail framework)metadata["user_api_key_alias"](set byproxy_server.py)Pre-Submission checklist
tests/litellm/directory (4 tests: litellm_metadata fallback, metadata fallback, config precedence, no-fallback omission)29 passed in 1.04sType
🐛 Bug Fix