[Infra] Merge dev branch

[yuneng-berri]

Relevant issues

Pre-Submission checklist

Please complete all items before asking a LiteLLM maintainer to review your PR

• I have Added testing in the tests/test_litellm/ directory, Adding at least 1 test is a hard requirement - see details
• My PR passes all unit tests on make test-unit
• My PR's scope is as isolated as possible, it only solves 1 specific problem
• I have requested a Greptile review by commenting @greptileai and received a Confidence Score of at least 4/5 before requesting a maintainer review

Delays in PR merge?

If you're seeing a delay in your PR being merged, ping the LiteLLM Team on Slack (#pr-review).

CI (LiteLLM team)

CI status guideline:

• 50-55 passing tests: main is stable with minor issues.
• 45-49 passing tests: acceptable but needs attention
• <= 40 passing tests: unstable; be careful with your merges and assess the risk.

• Branch creation CI run
  Link:

• CI run for the last commit
  Link:

• Merge / cherry-pick CI run
  Links:

Screenshots / Proof of Fix

Type

🚄 Infrastructure

Changes

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
litellm	Ready	Preview, Comment	Apr 15, 2026 11:01pm

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
3 out of 4 committers have signed the CLA.

✅ yuneng-berri
✅ Lucas-Song-Dev
✅ milan-berri
❌ ATR-3
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[gitguardian]

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
29203053	Triggered	Generic Password	ef774a1	.circleci/config.yml	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secret safely. Learn here the best practices.
3. Revoke and rotate this secret.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

[greptile-apps]

Greptile Summary

This infrastructure merge bundles four independent fixes: (1) CORS security hardening — _get_cors_config() now defaults allow_credentials=False when wildcard origins are in use, with an explicit opt-in env var for backward compat; (2) create_views.py exception narrowing — real DB errors (auth failures, connection refused) are re-raised instead of being silently swallowed as "view not found"; (3) team-scoped key management enforcement — can_team_member_execute_key_management_endpoint now correctly blocks users who are not members of the key's team; (4) policy attachment deletion refactored to a useMutation hook with a DeleteResourceModal confirmation flow. All four changes ship with dedicated unit tests.

Confidence Score: 5/5

Safe to merge — all remaining findings are P2 style suggestions that do not affect runtime behaviour.

No P0/P1 issues found. The open threads from prior review rounds (raw SQL, Tremor imports) are pre-existing and acknowledged. The one new comment is a return-type annotation inaccuracy that carries no runtime risk. All four code changes are well-tested with mock-only unit tests.

litellm/proxy/management_helpers/team_member_permission_checks.py (minor return-type annotation fix)

Important Files Changed

Filename	Overview
litellm/proxy/proxy_server.py	Extracts _get_cors_config() helper to make CORS configuration testable and fixes the wildcard-origin + allow_credentials security misconfiguration; allow_credentials now defaults to False when "*" is in origins.
litellm/proxy/management_helpers/team_member_permission_checks.py	Enforces team membership before team-scoped key management operations; does_team_member_have_permissions_for_endpoint now returns False (rather than None) when user is not a team member, and the caller raises a 401 with a clear message. Return type annotation Optional[bool] is inaccurate since None is never returned.
litellm/proxy/db/db_transaction_queue/spend_log_cleanup.py	Adds batched deletion logic with pod-lock guard, configurable retention period (string/int), and safety-abort on non-int execute_raw returns. Uses raw SQL for LIMIT-constrained DELETE (noted in previous review thread).
litellm/proxy/db/create_views.py	Extracts view-not-found error markers into _VIEW_NOT_FOUND_MARKERS constant and re-raises real DB errors (connection failures, permission denied) instead of silently treating them as missing views.
ui/litellm-dashboard/src/components/policies/index.tsx	Wires attachment deletion to useDeletePolicyAttachment mutation with a DeleteResourceModal confirmation; still imports Button, TabGroup, etc. from @tremor/react (noted in previous review thread).
ui/litellm-dashboard/src/hooks/policies/useDeletePolicyAttachment.ts	New useMutation hook encapsulating policy attachment deletion, with success/error callbacks and MessageManager notifications.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Key management request] --> B{user_role == PROXY_ADMIN?}
    B -- Yes --> Z[Allow ✓]
    B -- No --> C{existing_key_row.team_id is None?}
    C -- Yes --> Z
    C -- No --> D[Fetch team object from DB]
    D --> E[_get_user_in_team for requesting user]
    E --> F{team_member_object is None?}
    F -- Yes --> G[Return False]
    G --> H[Raise 401: user does not belong to team]
    F -- No --> I{role == admin?}
    I -- Yes --> Z
    I -- No --> J[Get team member permissions + baseline]
    J --> K{RouteChecks.check_route_access?}
    K -- Passes --> Z
    K -- Fails --> L[Raise 401: no permission for endpoint]

Loading

_{Reviews (2): Last reviewed commit: "Merge remote-tracking branch 'origin/lit..." | Re-trigger Greptile}

[greptile-apps]

Raw SQL instead of Prisma model methods

CLAUDE.md requires using prisma_client.db.<model> methods rather than execute_raw/query_raw for proxy DB operations. Prisma's delete_many doesn't natively support LIMIT, so the batch-with-subquery pattern here is understandable — but that exception should be documented with a short comment explaining why delete_many is insufficient, so future readers don't silently expand the raw-SQL surface.

Context Used: CLAUDE.md (source)

[greptile-apps]

@tremor/react imports in modified file

CLAUDE.md says not to introduce new @tremor/react imports in any modified file — the project is migrating to antd. Button → antd's Button; TabGroup/TabList/Tab/TabPanels/TabPanel → antd's Tabs + Tabs.TabPane (or items prop). If these imports pre-date this PR and can't be migrated in this pass, a follow-up ticket to track the migration would be appropriate.

Context Used: CLAUDE.md (source)

[codecov]

Codecov Report

❌ Patch coverage is 57.62712% with 25 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
litellm/proxy/db/create_views.py	68.00%	16 Missing ⚠️
...proxy/db/db_transaction_queue/spend_log_cleanup.py	0.00%	6 Missing ⚠️
...anagement_helpers/team_member_permission_checks.py	0.00%	3 Missing ⚠️

📢 Thoughts on this report? Let us know!