npm - @acarmisc/backstage-plugin-litellm-backend - Versions diffs - 0.1.2 → 0.1.3 - Mend

@acarmisc/backstage-plugin-litellm-backend 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/config.d.ts CHANGED Viewed

@@ -1,6 +1,73 @@
 export interface Config {
   litellm: {
+    /**
+     * Base URL of the LiteLLM proxy instance.
+     * @visibility backend
+     */
     baseUrl: string;
+    /**
+     * LiteLLM master key for admin operations. Never exposed to the frontend.
+     * @visibility secret
+     */
     masterKey: string;
+    provisioning?: {
+      /**
+       * When true the backend automatically creates a LiteLLM user on first
+       * access if the Backstage user is not yet known to LiteLLM.
+       * Disabled by default — enable explicitly when you are ready.
+       * @default false
+       */
+      enabled?: boolean;
+      defaults?: {
+        /**
+         * Max lifetime spend in USD before the account is blocked.
+         * Set a conservative value; null means no hard cap.
+         * @default 10
+         */
+        maxBudget?: number;
+        /**
+         * Spend-reset period for maxBudget (e.g. "30d", "7d", "1h").
+         * After this period the spend counter resets.
+         * @default "30d"
+         */
+        budgetDuration?: string;
+        /**
+         * LiteLLM model IDs the new user is allowed to call.
+         * Empty array means all models configured in the proxy are allowed.
+         * @default []
+         */
+        models?: string[];
+        /**
+         * LiteLLM team IDs to add the new user to automatically.
+         * The user inherits team-level model and budget restrictions.
+         * @default []
+         */
+        teams?: string[];
+        /**
+         * Tokens per minute hard cap across all models.
+         * Omit for no limit (team or global limits still apply).
+         */
+        tpmLimit?: number;
+        /**
+         * Requests per minute hard cap across all models.
+         * Omit for no limit.
+         */
+        rpmLimit?: number;
+        /**
+         * Arbitrary key-value metadata stored on the LiteLLM user record.
+         * Useful for tracking source, cost centre, department, etc.
+         */
+        metadata?: Record<string, string>;
+      };
+    };
   };
-}
+}

package/dist/client.d.ts CHANGED Viewed

@@ -1,11 +1,16 @@
-import { LiteLLMConfig, UserInfo, VirtualKey, ModelInfo, UsageMetrics, TeamInfo, GenerateKeyRequest, GenerateKeyResponse, DeleteKeyRequest } from './types';
+import { LiteLLMConfig, UserInfo, VirtualKey, ModelInfo, UsageMetrics, TeamInfo, GenerateKeyRequest, GenerateKeyResponse, DeleteKeyRequest, CreateUserRequest, CreateUserResponse } from './types';
 export declare class LiteLLMClient {
     private baseUrl;
     private masterKey;
     private timeout;
     constructor(config: LiteLLMConfig, timeout?: number);
     private request;
-    getUserInfo(userId?: string): Promise<UserInfo>;
+    /**
+     * Returns null when the user is not found in LiteLLM (404).
+     * Throws on all other errors so callers know something went wrong.
+     */
+    getUserInfo(userId?: string): Promise<UserInfo | null>;
+    createUser(payload: CreateUserRequest): Promise<CreateUserResponse>;
     listKeys(userId?: string): Promise<VirtualKey[]>;
     generateKey(request: GenerateKeyRequest): Promise<GenerateKeyResponse>;
     deleteKeys(request: DeleteKeyRequest): Promise<{

package/dist/client.js CHANGED Viewed

@@ -23,7 +23,9 @@ class LiteLLMClient {
             });
             if (!response.ok) {
                 const errorBody = await response.text();
-                throw new Error(`LiteLLM API error: ${response.status} ${response.statusText} - ${errorBody}`);
+                const err = new Error(`LiteLLM API error: ${response.status} ${response.statusText} - ${errorBody}`);
+                err.status = response.status;
+                throw err;
             }
             return response.json();
         }
@@ -31,9 +33,26 @@ class LiteLLMClient {
             clearTimeout(timeoutId);
         }
     }
+    /**
+     * Returns null when the user is not found in LiteLLM (404).
+     * Throws on all other errors so callers know something went wrong.
+     */
     async getUserInfo(userId) {
         const query = userId ? `?user_id=${encodeURIComponent(userId)}` : '';
-        return this.request(`/user/info${query}`);
+        try {
+            return await this.request(`/user/info${query}`);
+        }
+        catch (err) {
+            if (err.status === 404)
+                return null;
+            throw err;
+        }
+    }
+    async createUser(payload) {
+        return this.request('/user/new', {
+            method: 'POST',
+            body: JSON.stringify(payload),
+        });
     }
     async listKeys(userId) {
         const query = userId ? `?user_id=${encodeURIComponent(userId)}` : '';

package/dist/index.cjs.js CHANGED Viewed

@@ -55,16 +55,33 @@ var LiteLLMClient = class {
       });
       if (!response.ok) {
         const errorBody = await response.text();
-        throw new Error(`LiteLLM API error: ${response.status} ${response.statusText} - ${errorBody}`);
+        const err = new Error(`LiteLLM API error: ${response.status} ${response.statusText} - ${errorBody}`);
+        err.status = response.status;
+        throw err;
       }
       return response.json();
     } finally {
       clearTimeout(timeoutId);
     }
   }
+  /**
+   * Returns null when the user is not found in LiteLLM (404).
+   * Throws on all other errors so callers know something went wrong.
+   */
   async getUserInfo(userId) {
     const query = userId ? `?user_id=${encodeURIComponent(userId)}` : "";
-    return this.request(`/user/info${query}`);
+    try {
+      return await this.request(`/user/info${query}`);
+    } catch (err) {
+      if (err.status === 404) return null;
+      throw err;
+    }
+  }
+  async createUser(payload) {
+    return this.request("/user/new", {
+      method: "POST",
+      body: JSON.stringify(payload)
+    });
   }
   async listKeys(userId) {
     const query = userId ? `?user_id=${encodeURIComponent(userId)}` : "";
@@ -103,6 +120,19 @@ var LiteLLMClient = class {
 };
 // src/router.ts
+function readProvisioningDefaults(config) {
+  const enabled = config.getOptionalBoolean("litellm.provisioning.enabled") ?? false;
+  const defaults = {
+    maxBudget: config.getOptionalNumber("litellm.provisioning.defaults.maxBudget") ?? 10,
+    budgetDuration: config.getOptionalString("litellm.provisioning.defaults.budgetDuration") ?? "30d",
+    models: config.getOptionalStringArray("litellm.provisioning.defaults.models") ?? [],
+    teams: config.getOptionalStringArray("litellm.provisioning.defaults.teams") ?? [],
+    tpmLimit: config.getOptionalNumber("litellm.provisioning.defaults.tpmLimit"),
+    rpmLimit: config.getOptionalNumber("litellm.provisioning.defaults.rpmLimit"),
+    metadata: config.getOptional("litellm.provisioning.defaults.metadata") ?? {}
+  };
+  return { enabled, defaults };
+}
 async function resolveUserId(req, auth) {
   const rawToken = req.headers.authorization?.slice(7);
   if (!rawToken) return void 0;
@@ -116,20 +146,64 @@ async function resolveUserId(req, auth) {
   }
   return void 0;
 }
+async function provisionUser(client, userId, defaults, logger) {
+  const payload = {
+    user_id: userId,
+    max_budget: defaults.maxBudget,
+    budget_duration: defaults.budgetDuration,
+    models: defaults.models,
+    teams: defaults.teams,
+    ...defaults.tpmLimit !== void 0 && { tpm_limit: defaults.tpmLimit },
+    ...defaults.rpmLimit !== void 0 && { rpm_limit: defaults.rpmLimit },
+    metadata: {
+      ...defaults.metadata,
+      provisioned_by: "backstage",
+      provisioned_at: (/* @__PURE__ */ new Date()).toISOString(),
+      backstage_entity: userId
+    }
+  };
+  logger.info(`Provisioning new LiteLLM user for Backstage identity: ${userId}`);
+  try {
+    await client.createUser(payload);
+    return await client.getUserInfo(userId);
+  } catch (err) {
+    logger.error(`Failed to provision LiteLLM user ${userId}: ${err.message}`);
+    return null;
+  }
+}
 async function createRouter(options) {
   const { config, logger, auth } = options;
   const baseUrl = config.getString("litellm.baseUrl");
   const masterKey = config.getString("litellm.masterKey");
   const client = new LiteLLMClient({ baseUrl, masterKey });
+  const { enabled: provisioningEnabled, defaults: provisioningDefaults } = readProvisioningDefaults(config);
+  if (provisioningEnabled) {
+    logger.info(
+      `LiteLLM auto-provisioning enabled \u2014 defaults: budget=$${provisioningDefaults.maxBudget}/${provisioningDefaults.budgetDuration}, models=${provisioningDefaults.models.length ? provisioningDefaults.models.join(",") : "all"}, teams=[${provisioningDefaults.teams.join(",")}]`
+    );
+  }
   const router = (0, import_express.Router)();
   router.get("/health", (_req, res) => {
-    res.json({ status: "ok" });
+    res.json({ status: "ok", provisioning: provisioningEnabled });
   });
   router.get("/user/info", async (req, res) => {
     try {
       const tokenUserId = await resolveUserId(req, auth);
       const userId = tokenUserId ?? req.query.user_id;
-      const userInfo = await client.getUserInfo(userId);
+      let userInfo = await client.getUserInfo(userId);
+      if (!userInfo) {
+        if (provisioningEnabled && userId) {
+          userInfo = await provisionUser(client, userId, provisioningDefaults, logger);
+        }
+        if (!userInfo) {
+          res.status(404).json({
+            error: "User not found in LiteLLM",
+            provisioning: provisioningEnabled,
+            hint: provisioningEnabled ? "Provisioning attempted but failed \u2014 check LiteLLM logs" : "Enable litellm.provisioning.enabled in app-config.yaml or create the user manually"
+          });
+          return;
+        }
+      }
       res.json(userInfo);
     } catch (error) {
       logger.error("Failed to fetch user info", error);
@@ -152,7 +226,6 @@ async function createRouter(options) {
       const tokenUserId = await resolveUserId(req, auth);
       const request = {
         ...req.body,
-        // Bind generated key to the authenticated user so LiteLLM enforces their limits.
         ...tokenUserId && { user_id: tokenUserId }
       };
       const result = await client.generateKey(request);
@@ -190,7 +263,7 @@ async function createRouter(options) {
       const tokenUserId = await resolveUserId(req, auth);
       const userId = tokenUserId ?? req.query.user_id;
       const userInfo = await client.getUserInfo(userId);
-      if (!userInfo.teams?.length) {
+      if (!userInfo?.teams?.length) {
         res.json([]);
         return;
       }
@@ -229,13 +302,13 @@ async function createRouter(options) {
   });
   router.get("/usage", async (req, res) => {
     try {
-      const { start_date, end_date, user_id, group_by } = req.query;
+      const { start_date, end_date, group_by } = req.query;
       if (!start_date || !end_date) {
         res.status(400).json({ error: "start_date and end_date are required" });
         return;
       }
       const tokenUserId = await resolveUserId(req, auth);
-      const userId = tokenUserId ?? user_id;
+      const userId = tokenUserId ?? req.query.user_id;
       const usage = await client.getUsage(
         start_date,
         end_date,

package/dist/index.cjs.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../src/index.ts", "../src/plugin.ts", "../src/router.ts", "../src/client.ts"],
-  "sourcesContent": ["export { litellmPlugin } from './plugin';\nexport { createRouter } from './router';\nexport * from './types';\nexport { LiteLLMClient } from './client';", "import { coreServices, createBackendPlugin } from '@backstage/backend-plugin-api';\nimport { createRouter } from './router';\n\nexport const litellmPlugin = createBackendPlugin({\n  pluginId: 'litellm',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        httpRouter: coreServices.httpRouter,\n        config: coreServices.rootConfig,\n        logger: coreServices.logger,\n        auth: coreServices.auth,\n        discovery: coreServices.discovery,\n      },\n      async init({ httpRouter, config, logger, auth }) {\n        const router = await createRouter({ config, logger, auth });\n        httpRouter.use(router);\n      },\n    });\n  },\n});\n", "import { Router, Request, Response } from 'express';\nimport { Config } from '@backstage/config';\nimport { AuthService } from '@backstage/backend-plugin-api';\nimport { LiteLLMClient } from './client';\nimport {\n  UserInfo,\n  VirtualKey,\n  ModelInfo,\n  UsageMetrics,\n  TeamInfo,\n  GenerateKeyRequest,\n  GenerateKeyResponse,\n} from './types';\n\nexport interface RouterOptions {\n  config: Config;\n  logger: any;\n  auth: AuthService;\n}\n\n/**\n * Extracts the authenticated Backstage user identity from the request token.\n * Returns the userEntityRef (e.g. \"user:default/john.doe\") or undefined if\n * the request carries no user credential (service-to-service calls).\n */\nasync function resolveUserId(req: Request, auth: AuthService): Promise<string | undefined> {\n  const rawToken = req.headers.authorization?.slice(7); // strip \"Bearer \"\n  if (!rawToken) return undefined;\n  try {\n    const credentials = await auth.authenticate(rawToken);\n    const principal = credentials.principal as any;\n    if (principal?.type === 'user') {\n      return principal.userEntityRef as string;\n    }\n  } catch {\n    // token invalid or service token \u2014 fall through\n  }\n  return undefined;\n}\n\nexport async function createRouter(options: RouterOptions): Promise<Router> {\n  const { config, logger, auth } = options;\n\n  const baseUrl = config.getString('litellm.baseUrl');\n  const masterKey = config.getString('litellm.masterKey');\n  const client = new LiteLLMClient({ baseUrl, masterKey });\n\n  const router = Router();\n\n  router.get('/health', (_req: Request, res: Response) => {\n    res.json({ status: 'ok' });\n  });\n\n  // Resolve user: prefer the identity extracted from the Backstage token so the\n  // caller cannot spoof another user_id. Falls back to the query param only when\n  // no user token is present (e.g. admin tooling using a service token).\n  router.get('/user/info', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n      const userInfo: UserInfo = await client.getUserInfo(userId);\n      res.json(userInfo);\n    } catch (error: any) {\n      logger.error('Failed to fetch user info', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/keys', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n      const keys: VirtualKey[] = await client.listKeys(userId);\n      res.json(keys);\n    } catch (error: any) {\n      logger.error('Failed to list keys', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.post('/keys/generate', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const request: GenerateKeyRequest = {\n        ...req.body,\n        // Bind generated key to the authenticated user so LiteLLM enforces their limits.\n        ...(tokenUserId && { user_id: tokenUserId }),\n      };\n      const result: GenerateKeyResponse = await client.generateKey(request);\n      res.json(result);\n    } catch (error: any) {\n      logger.error('Failed to generate key', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.delete('/keys/:keyId', async (req: Request, res: Response) => {\n    try {\n      const { keyId } = req.params;\n      if (!keyId) {\n        res.status(400).json({ error: 'keyId is required' });\n        return;\n      }\n      await client.deleteKeys({ keys: [keyId] });\n      res.json({ success: true });\n    } catch (error: any) {\n      logger.error('Failed to delete key', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/models', async (_req: Request, res: Response) => {\n    try {\n      const models: ModelInfo[] = await client.listModels();\n      res.json(models);\n    } catch (error: any) {\n      logger.error('Failed to list models', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  // Returns TeamInfo for every team the authenticated user belongs to.\n  // Team membership is read from /user/info .teams[], then each team is\n  // resolved in parallel via /team/info.\n  router.get('/teams', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n      const userInfo: UserInfo = await client.getUserInfo(userId);\n\n      if (!userInfo.teams?.length) {\n        res.json([]);\n        return;\n      }\n\n      const teams = await Promise.all(\n        userInfo.teams.map(teamId =>\n          client.getTeamInfo(teamId).catch(err => {\n            logger.warn(`Failed to fetch team ${teamId}: ${err.message}`);\n            return null;\n          }),\n        ),\n      );\n      res.json(teams.filter(Boolean) as TeamInfo[]);\n    } catch (error: any) {\n      logger.error('Failed to fetch teams', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/teams/:teamId/usage', async (req: Request, res: Response) => {\n    try {\n      const { teamId } = req.params;\n      const { start_date, end_date } = req.query;\n      if (!start_date || !end_date) {\n        res.status(400).json({ error: 'start_date and end_date are required' });\n        return;\n      }\n      const usage: UsageMetrics = await client.getTeamUsage(\n        teamId,\n        start_date as string,\n        end_date as string,\n      );\n      res.json(usage);\n    } catch (error: any) {\n      logger.error('Failed to fetch team usage', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/usage', async (req: Request, res: Response) => {\n    try {\n      const { start_date, end_date, user_id, group_by } = req.query;\n      if (!start_date || !end_date) {\n        res.status(400).json({ error: 'start_date and end_date are required' });\n        return;\n      }\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (user_id as string | undefined);\n      const usage: UsageMetrics = await client.getUsage(\n        start_date as string,\n        end_date as string,\n        userId,\n        group_by as string | undefined,\n      );\n      res.json(usage);\n    } catch (error: any) {\n      logger.error('Failed to fetch usage', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  return router;\n}\n", "import {\n  LiteLLMConfig,\n  UserInfo,\n  VirtualKey,\n  ModelInfo,\n  UsageMetrics,\n  TeamInfo,\n  GenerateKeyRequest,\n  GenerateKeyResponse,\n  DeleteKeyRequest,\n} from './types';\n\nconst DEFAULT_TIMEOUT = 30000;\n\nexport class LiteLLMClient {\n  private baseUrl: string;\n  private masterKey: string;\n  private timeout: number;\n\n  constructor(config: LiteLLMConfig, timeout = DEFAULT_TIMEOUT) {\n    this.baseUrl = config.baseUrl.replace(/\\/$/, '');\n    this.masterKey = config.masterKey;\n    this.timeout = timeout;\n  }\n\n  private async request<T>(path: string, options: RequestInit = {}): Promise<T> {\n    const controller = new AbortController();\n    const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n\n    try {\n      const response = await fetch(`${this.baseUrl}${path}`, {\n        ...options,\n        signal: controller.signal,\n        headers: {\n          'Content-Type': 'application/json',\n          'Authorization': `Bearer ${this.masterKey}`,\n          ...options.headers,\n        },\n      });\n\n      if (!response.ok) {\n        const errorBody = await response.text();\n        throw new Error(`LiteLLM API error: ${response.status} ${response.statusText} - ${errorBody}`);\n      }\n\n      return response.json();\n    } finally {\n      clearTimeout(timeoutId);\n    }\n  }\n\n  async getUserInfo(userId?: string): Promise<UserInfo> {\n    const query = userId ? `?user_id=${encodeURIComponent(userId)}` : '';\n    return this.request<UserInfo>(`/user/info${query}`);\n  }\n\n  async listKeys(userId?: string): Promise<VirtualKey[]> {\n    const query = userId ? `?user_id=${encodeURIComponent(userId)}` : '';\n    const response = await this.request<{ info: VirtualKey[] } | VirtualKey[]>(`/key/info${query}`);\n    return Array.isArray(response) ? response : (response.info ?? []);\n  }\n\n  async generateKey(request: GenerateKeyRequest): Promise<GenerateKeyResponse> {\n    return this.request<GenerateKeyResponse>('/key/generate', {\n      method: 'POST',\n      body: JSON.stringify(request),\n    });\n  }\n\n  async deleteKeys(request: DeleteKeyRequest): Promise<{ success: boolean }> {\n    return this.request<{ success: boolean }>('/key/delete', {\n      method: 'POST',\n      body: JSON.stringify(request),\n    });\n  }\n\n  async listModels(): Promise<ModelInfo[]> {\n    const response = await this.request<{ data: ModelInfo[] } | ModelInfo[]>('/models');\n    return Array.isArray(response) ? response : (response.data ?? []);\n  }\n\n  async getTeamInfo(teamId: string): Promise<TeamInfo> {\n    return this.request<TeamInfo>(`/team/info?team_id=${encodeURIComponent(teamId)}`);\n  }\n\n  async getUsage(startDate: string, endDate: string, userId?: string, groupBy?: string): Promise<UsageMetrics> {\n    const params = new URLSearchParams({ start_date: startDate, end_date: endDate });\n    if (userId) params.append('user_id', userId);\n    if (groupBy) params.append('group_by', groupBy);\n    return this.request<UsageMetrics>(`/usage/keys?${params.toString()}`);\n  }\n\n  async getTeamUsage(teamId: string, startDate: string, endDate: string): Promise<UsageMetrics> {\n    const params = new URLSearchParams({ start_date: startDate, end_date: endDate, team_id: teamId });\n    return this.request<UsageMetrics>(`/usage/keys?${params.toString()}`);\n  }\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,gCAAkD;;;ACAlD,qBAA0C;;;ACY1C,IAAM,kBAAkB;AAEjB,IAAM,gBAAN,MAAoB;AAAA,EAKzB,YAAY,QAAuB,UAAU,iBAAiB;AAC5D,SAAK,UAAU,OAAO,QAAQ,QAAQ,OAAO,EAAE;AAC/C,SAAK,YAAY,OAAO;AACxB,SAAK,UAAU;AAAA,EACjB;AAAA,EAEA,MAAc,QAAW,MAAc,UAAuB,CAAC,GAAe;AAC5E,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AAEnE,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI,IAAI;AAAA,QACrD,GAAG;AAAA,QACH,QAAQ,WAAW;AAAA,QACnB,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,iBAAiB,UAAU,KAAK,SAAS;AAAA,UACzC,GAAG,QAAQ;AAAA,QACb;AAAA,MACF,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,YAAY,MAAM,SAAS,KAAK;AACtC,cAAM,IAAI,MAAM,sBAAsB,SAAS,MAAM,IAAI,SAAS,UAAU,MAAM,SAAS,EAAE;AAAA,MAC/F;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,UAAE;AACA,mBAAa,SAAS;AAAA,IACxB;AAAA,EACF;AAAA,EAEA,MAAM,YAAY,QAAoC;AACpD,UAAM,QAAQ,SAAS,YAAY,mBAAmB,MAAM,CAAC,KAAK;AAClE,WAAO,KAAK,QAAkB,aAAa,KAAK,EAAE;AAAA,EACpD;AAAA,EAEA,MAAM,SAAS,QAAwC;AACrD,UAAM,QAAQ,SAAS,YAAY,mBAAmB,MAAM,CAAC,KAAK;AAClE,UAAM,WAAW,MAAM,KAAK,QAA+C,YAAY,KAAK,EAAE;AAC9F,WAAO,MAAM,QAAQ,QAAQ,IAAI,WAAY,SAAS,QAAQ,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,YAAY,SAA2D;AAC3E,WAAO,KAAK,QAA6B,iBAAiB;AAAA,MACxD,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,OAAO;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,WAAW,SAA0D;AACzE,WAAO,KAAK,QAA8B,eAAe;AAAA,MACvD,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,OAAO;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,aAAmC;AACvC,UAAM,WAAW,MAAM,KAAK,QAA6C,SAAS;AAClF,WAAO,MAAM,QAAQ,QAAQ,IAAI,WAAY,SAAS,QAAQ,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,YAAY,QAAmC;AACnD,WAAO,KAAK,QAAkB,sBAAsB,mBAAmB,MAAM,CAAC,EAAE;AAAA,EAClF;AAAA,EAEA,MAAM,SAAS,WAAmB,SAAiB,QAAiB,SAAyC;AAC3G,UAAM,SAAS,IAAI,gBAAgB,EAAE,YAAY,WAAW,UAAU,QAAQ,CAAC;AAC/E,QAAI,OAAQ,QAAO,OAAO,WAAW,MAAM;AAC3C,QAAI,QAAS,QAAO,OAAO,YAAY,OAAO;AAC9C,WAAO,KAAK,QAAsB,eAAe,OAAO,SAAS,CAAC,EAAE;AAAA,EACtE;AAAA,EAEA,MAAM,aAAa,QAAgB,WAAmB,SAAwC;AAC5F,UAAM,SAAS,IAAI,gBAAgB,EAAE,YAAY,WAAW,UAAU,SAAS,SAAS,OAAO,CAAC;AAChG,WAAO,KAAK,QAAsB,eAAe,OAAO,SAAS,CAAC,EAAE;AAAA,EACtE;AACF;;;ADvEA,eAAe,cAAc,KAAc,MAAgD;AACzF,QAAM,WAAW,IAAI,QAAQ,eAAe,MAAM,CAAC;AACnD,MAAI,CAAC,SAAU,QAAO;AACtB,MAAI;AACF,UAAM,cAAc,MAAM,KAAK,aAAa,QAAQ;AACpD,UAAM,YAAY,YAAY;AAC9B,QAAI,WAAW,SAAS,QAAQ;AAC9B,aAAO,UAAU;AAAA,IACnB;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAEA,eAAsB,aAAa,SAAyC;AAC1E,QAAM,EAAE,QAAQ,QAAQ,KAAK,IAAI;AAEjC,QAAM,UAAU,OAAO,UAAU,iBAAiB;AAClD,QAAM,YAAY,OAAO,UAAU,mBAAmB;AACtD,QAAM,SAAS,IAAI,cAAc,EAAE,SAAS,UAAU,CAAC;AAEvD,QAAM,aAAS,uBAAO;AAEtB,SAAO,IAAI,WAAW,CAAC,MAAe,QAAkB;AACtD,QAAI,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,EAC3B,CAAC;AAKD,SAAO,IAAI,cAAc,OAAO,KAAc,QAAkB;AAC9D,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AACzC,YAAM,WAAqB,MAAM,OAAO,YAAY,MAAM;AAC1D,UAAI,KAAK,QAAQ;AAAA,IACnB,SAAS,OAAY;AACnB,aAAO,MAAM,6BAA6B,KAAK;AAC/C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,SAAS,OAAO,KAAc,QAAkB;AACzD,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AACzC,YAAM,OAAqB,MAAM,OAAO,SAAS,MAAM;AACvD,UAAI,KAAK,IAAI;AAAA,IACf,SAAS,OAAY;AACnB,aAAO,MAAM,uBAAuB,KAAK;AACzC,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,KAAK,kBAAkB,OAAO,KAAc,QAAkB;AACnE,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,UAA8B;AAAA,QAClC,GAAG,IAAI;AAAA;AAAA,QAEP,GAAI,eAAe,EAAE,SAAS,YAAY;AAAA,MAC5C;AACA,YAAM,SAA8B,MAAM,OAAO,YAAY,OAAO;AACpE,UAAI,KAAK,MAAM;AAAA,IACjB,SAAS,OAAY;AACnB,aAAO,MAAM,0BAA0B,KAAK;AAC5C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,OAAO,gBAAgB,OAAO,KAAc,QAAkB;AACnE,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,IAAI;AACtB,UAAI,CAAC,OAAO;AACV,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,oBAAoB,CAAC;AACnD;AAAA,MACF;AACA,YAAM,OAAO,WAAW,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;AACzC,UAAI,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5B,SAAS,OAAY;AACnB,aAAO,MAAM,wBAAwB,KAAK;AAC1C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,WAAW,OAAO,MAAe,QAAkB;AAC5D,QAAI;AACF,YAAM,SAAsB,MAAM,OAAO,WAAW;AACpD,UAAI,KAAK,MAAM;AAAA,IACjB,SAAS,OAAY;AACnB,aAAO,MAAM,yBAAyB,KAAK;AAC3C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAKD,SAAO,IAAI,UAAU,OAAO,KAAc,QAAkB;AAC1D,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AACzC,YAAM,WAAqB,MAAM,OAAO,YAAY,MAAM;AAE1D,UAAI,CAAC,SAAS,OAAO,QAAQ;AAC3B,YAAI,KAAK,CAAC,CAAC;AACX;AAAA,MACF;AAEA,YAAM,QAAQ,MAAM,QAAQ;AAAA,QAC1B,SAAS,MAAM;AAAA,UAAI,YACjB,OAAO,YAAY,MAAM,EAAE,MAAM,SAAO;AACtC,mBAAO,KAAK,wBAAwB,MAAM,KAAK,IAAI,OAAO,EAAE;AAC5D,mBAAO;AAAA,UACT,CAAC;AAAA,QACH;AAAA,MACF;AACA,UAAI,KAAK,MAAM,OAAO,OAAO,CAAe;AAAA,IAC9C,SAAS,OAAY;AACnB,aAAO,MAAM,yBAAyB,KAAK;AAC3C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,wBAAwB,OAAO,KAAc,QAAkB;AACxE,QAAI;AACF,YAAM,EAAE,OAAO,IAAI,IAAI;AACvB,YAAM,EAAE,YAAY,SAAS,IAAI,IAAI;AACrC,UAAI,CAAC,cAAc,CAAC,UAAU;AAC5B,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,uCAAuC,CAAC;AACtE;AAAA,MACF;AACA,YAAM,QAAsB,MAAM,OAAO;AAAA,QACvC;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,UAAI,KAAK,KAAK;AAAA,IAChB,SAAS,OAAY;AACnB,aAAO,MAAM,8BAA8B,KAAK;AAChD,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,UAAU,OAAO,KAAc,QAAkB;AAC1D,QAAI;AACF,YAAM,EAAE,YAAY,UAAU,SAAS,SAAS,IAAI,IAAI;AACxD,UAAI,CAAC,cAAc,CAAC,UAAU;AAC5B,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,uCAAuC,CAAC;AACtE;AAAA,MACF;AACA,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB;AAC/B,YAAM,QAAsB,MAAM,OAAO;AAAA,QACvC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,UAAI,KAAK,KAAK;AAAA,IAChB,SAAS,OAAY;AACnB,aAAO,MAAM,yBAAyB,KAAK;AAC3C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO;AACT;;;AD9LO,IAAM,oBAAgB,+CAAoB;AAAA,EAC/C,UAAU;AAAA,EACV,SAAS,KAAK;AACZ,QAAI,aAAa;AAAA,MACf,MAAM;AAAA,QACJ,YAAY,uCAAa;AAAA,QACzB,QAAQ,uCAAa;AAAA,QACrB,QAAQ,uCAAa;AAAA,QACrB,MAAM,uCAAa;AAAA,QACnB,WAAW,uCAAa;AAAA,MAC1B;AAAA,MACA,MAAM,KAAK,EAAE,YAAY,QAAQ,QAAQ,KAAK,GAAG;AAC/C,cAAM,SAAS,MAAM,aAAa,EAAE,QAAQ,QAAQ,KAAK,CAAC;AAC1D,mBAAW,IAAI,MAAM;AAAA,MACvB;AAAA,IACF,CAAC;AAAA,EACH;AACF,CAAC;",
+  "sourcesContent": ["export { litellmPlugin } from './plugin';\nexport { createRouter } from './router';\nexport * from './types';\nexport { LiteLLMClient } from './client';", "import { coreServices, createBackendPlugin } from '@backstage/backend-plugin-api';\nimport { createRouter } from './router';\n\nexport const litellmPlugin = createBackendPlugin({\n  pluginId: 'litellm',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        httpRouter: coreServices.httpRouter,\n        config: coreServices.rootConfig,\n        logger: coreServices.logger,\n        auth: coreServices.auth,\n        discovery: coreServices.discovery,\n      },\n      async init({ httpRouter, config, logger, auth }) {\n        const router = await createRouter({ config, logger, auth });\n        httpRouter.use(router);\n      },\n    });\n  },\n});\n", "import { Router, Request, Response } from 'express';\nimport { Config } from '@backstage/config';\nimport { AuthService } from '@backstage/backend-plugin-api';\nimport { LiteLLMClient } from './client';\nimport {\n  UserInfo,\n  VirtualKey,\n  ModelInfo,\n  UsageMetrics,\n  TeamInfo,\n  GenerateKeyRequest,\n  GenerateKeyResponse,\n  ProvisioningDefaults,\n} from './types';\n\nexport interface RouterOptions {\n  config: Config;\n  logger: any;\n  auth: AuthService;\n}\n\n/**\n * Reads the provisioning block from config, applying safe defaults for every\n * field so the feature works out-of-the-box without any YAML required.\n *\n * Safe defaults rationale:\n *   maxBudget:      $10  \u2014 prevents runaway spend on a forgotten test account\n *   budgetDuration: 30d  \u2014 monthly reset, aligns with typical billing cycles\n *   models:         []   \u2014 empty means all proxy models are allowed;\n *                          restrict here or at team level for tighter control\n *   teams:          []   \u2014 no automatic team assignment; add IDs to enrol users\n *   tpmLimit:       none \u2014 LiteLLM global / team limits still apply\n *   rpmLimit:       none \u2014 same\n *   metadata:       backstage source tag only\n */\nfunction readProvisioningDefaults(config: Config): { enabled: boolean; defaults: ProvisioningDefaults } {\n  const enabled = config.getOptionalBoolean('litellm.provisioning.enabled') ?? false;\n  const defaults: ProvisioningDefaults = {\n    maxBudget: config.getOptionalNumber('litellm.provisioning.defaults.maxBudget') ?? 10,\n    budgetDuration: config.getOptionalString('litellm.provisioning.defaults.budgetDuration') ?? '30d',\n    models: config.getOptionalStringArray('litellm.provisioning.defaults.models') ?? [],\n    teams: config.getOptionalStringArray('litellm.provisioning.defaults.teams') ?? [],\n    tpmLimit: config.getOptionalNumber('litellm.provisioning.defaults.tpmLimit'),\n    rpmLimit: config.getOptionalNumber('litellm.provisioning.defaults.rpmLimit'),\n    metadata: (config.getOptional<Record<string, string>>('litellm.provisioning.defaults.metadata') ?? {}),\n  };\n  return { enabled, defaults };\n}\n\n/**\n * Extracts the authenticated Backstage user identity from the request token.\n * Returns the userEntityRef (e.g. \"user:default/john.doe\") or undefined when\n * the request carries no user credential (service-to-service calls).\n */\nasync function resolveUserId(req: Request, auth: AuthService): Promise<string | undefined> {\n  const rawToken = req.headers.authorization?.slice(7);\n  if (!rawToken) return undefined;\n  try {\n    const credentials = await auth.authenticate(rawToken);\n    const principal = credentials.principal as any;\n    if (principal?.type === 'user') {\n      return principal.userEntityRef as string;\n    }\n  } catch {\n    // invalid or service token \u2014 caller gets query-param fallback\n  }\n  return undefined;\n}\n\n/**\n * Creates a LiteLLM user for the given Backstage identity using the configured\n * defaults. Returns the UserInfo of the newly created account.\n */\nasync function provisionUser(\n  client: LiteLLMClient,\n  userId: string,\n  defaults: ProvisioningDefaults,\n  logger: any,\n): Promise<UserInfo | null> {\n  const payload = {\n    user_id: userId,\n    max_budget: defaults.maxBudget,\n    budget_duration: defaults.budgetDuration,\n    models: defaults.models,\n    teams: defaults.teams,\n    ...(defaults.tpmLimit !== undefined && { tpm_limit: defaults.tpmLimit }),\n    ...(defaults.rpmLimit !== undefined && { rpm_limit: defaults.rpmLimit }),\n    metadata: {\n      ...defaults.metadata,\n      provisioned_by: 'backstage',\n      provisioned_at: new Date().toISOString(),\n      backstage_entity: userId,\n    },\n  };\n\n  logger.info(`Provisioning new LiteLLM user for Backstage identity: ${userId}`);\n  try {\n    await client.createUser(payload);\n    // Fetch the freshly-created user record to return consistent UserInfo shape\n    return await client.getUserInfo(userId);\n  } catch (err: any) {\n    logger.error(`Failed to provision LiteLLM user ${userId}: ${err.message}`);\n    return null;\n  }\n}\n\nexport async function createRouter(options: RouterOptions): Promise<Router> {\n  const { config, logger, auth } = options;\n\n  const baseUrl = config.getString('litellm.baseUrl');\n  const masterKey = config.getString('litellm.masterKey');\n  const client = new LiteLLMClient({ baseUrl, masterKey });\n  const { enabled: provisioningEnabled, defaults: provisioningDefaults } = readProvisioningDefaults(config);\n\n  if (provisioningEnabled) {\n    logger.info(\n      `LiteLLM auto-provisioning enabled \u2014 defaults: budget=$${provisioningDefaults.maxBudget}/${provisioningDefaults.budgetDuration}, models=${provisioningDefaults.models.length ? provisioningDefaults.models.join(',') : 'all'}, teams=[${provisioningDefaults.teams.join(',')}]`,\n    );\n  }\n\n  const router = Router();\n\n  router.get('/health', (_req: Request, res: Response) => {\n    res.json({ status: 'ok', provisioning: provisioningEnabled });\n  });\n\n  router.get('/user/info', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n\n      let userInfo: UserInfo | null = await client.getUserInfo(userId);\n\n      if (!userInfo) {\n        if (provisioningEnabled && userId) {\n          userInfo = await provisionUser(client, userId, provisioningDefaults, logger);\n        }\n\n        if (!userInfo) {\n          res.status(404).json({\n            error: 'User not found in LiteLLM',\n            provisioning: provisioningEnabled,\n            hint: provisioningEnabled\n              ? 'Provisioning attempted but failed \u2014 check LiteLLM logs'\n              : 'Enable litellm.provisioning.enabled in app-config.yaml or create the user manually',\n          });\n          return;\n        }\n      }\n\n      res.json(userInfo);\n    } catch (error: any) {\n      logger.error('Failed to fetch user info', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/keys', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n      const keys: VirtualKey[] = await client.listKeys(userId);\n      res.json(keys);\n    } catch (error: any) {\n      logger.error('Failed to list keys', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.post('/keys/generate', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const request: GenerateKeyRequest = {\n        ...req.body,\n        ...(tokenUserId && { user_id: tokenUserId }),\n      };\n      const result: GenerateKeyResponse = await client.generateKey(request);\n      res.json(result);\n    } catch (error: any) {\n      logger.error('Failed to generate key', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.delete('/keys/:keyId', async (req: Request, res: Response) => {\n    try {\n      const { keyId } = req.params;\n      if (!keyId) {\n        res.status(400).json({ error: 'keyId is required' });\n        return;\n      }\n      await client.deleteKeys({ keys: [keyId] });\n      res.json({ success: true });\n    } catch (error: any) {\n      logger.error('Failed to delete key', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/models', async (_req: Request, res: Response) => {\n    try {\n      const models: ModelInfo[] = await client.listModels();\n      res.json(models);\n    } catch (error: any) {\n      logger.error('Failed to list models', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/teams', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n      const userInfo: UserInfo | null = await client.getUserInfo(userId);\n\n      if (!userInfo?.teams?.length) {\n        res.json([]);\n        return;\n      }\n\n      const teams = await Promise.all(\n        userInfo.teams.map(teamId =>\n          client.getTeamInfo(teamId).catch(err => {\n            logger.warn(`Failed to fetch team ${teamId}: ${err.message}`);\n            return null;\n          }),\n        ),\n      );\n      res.json(teams.filter(Boolean) as TeamInfo[]);\n    } catch (error: any) {\n      logger.error('Failed to fetch teams', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/teams/:teamId/usage', async (req: Request, res: Response) => {\n    try {\n      const { teamId } = req.params;\n      const { start_date, end_date } = req.query;\n      if (!start_date || !end_date) {\n        res.status(400).json({ error: 'start_date and end_date are required' });\n        return;\n      }\n      const usage: UsageMetrics = await client.getTeamUsage(\n        teamId,\n        start_date as string,\n        end_date as string,\n      );\n      res.json(usage);\n    } catch (error: any) {\n      logger.error('Failed to fetch team usage', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/usage', async (req: Request, res: Response) => {\n    try {\n      const { start_date, end_date, group_by } = req.query;\n      if (!start_date || !end_date) {\n        res.status(400).json({ error: 'start_date and end_date are required' });\n        return;\n      }\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n      const usage: UsageMetrics = await client.getUsage(\n        start_date as string,\n        end_date as string,\n        userId,\n        group_by as string | undefined,\n      );\n      res.json(usage);\n    } catch (error: any) {\n      logger.error('Failed to fetch usage', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  return router;\n}\n", "import {\n  LiteLLMConfig,\n  UserInfo,\n  VirtualKey,\n  ModelInfo,\n  UsageMetrics,\n  TeamInfo,\n  GenerateKeyRequest,\n  GenerateKeyResponse,\n  DeleteKeyRequest,\n  CreateUserRequest,\n  CreateUserResponse,\n} from './types';\n\nconst DEFAULT_TIMEOUT = 30000;\n\nexport class LiteLLMClient {\n  private baseUrl: string;\n  private masterKey: string;\n  private timeout: number;\n\n  constructor(config: LiteLLMConfig, timeout = DEFAULT_TIMEOUT) {\n    this.baseUrl = config.baseUrl.replace(/\\/$/, '');\n    this.masterKey = config.masterKey;\n    this.timeout = timeout;\n  }\n\n  private async request<T>(path: string, options: RequestInit = {}): Promise<T> {\n    const controller = new AbortController();\n    const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n\n    try {\n      const response = await fetch(`${this.baseUrl}${path}`, {\n        ...options,\n        signal: controller.signal,\n        headers: {\n          'Content-Type': 'application/json',\n          'Authorization': `Bearer ${this.masterKey}`,\n          ...options.headers,\n        },\n      });\n\n      if (!response.ok) {\n        const errorBody = await response.text();\n        const err = new Error(`LiteLLM API error: ${response.status} ${response.statusText} - ${errorBody}`);\n        (err as any).status = response.status;\n        throw err;\n      }\n\n      return response.json();\n    } finally {\n      clearTimeout(timeoutId);\n    }\n  }\n\n  /**\n   * Returns null when the user is not found in LiteLLM (404).\n   * Throws on all other errors so callers know something went wrong.\n   */\n  async getUserInfo(userId?: string): Promise<UserInfo | null> {\n    const query = userId ? `?user_id=${encodeURIComponent(userId)}` : '';\n    try {\n      return await this.request<UserInfo>(`/user/info${query}`);\n    } catch (err: any) {\n      if (err.status === 404) return null;\n      throw err;\n    }\n  }\n\n  async createUser(payload: CreateUserRequest): Promise<CreateUserResponse> {\n    return this.request<CreateUserResponse>('/user/new', {\n      method: 'POST',\n      body: JSON.stringify(payload),\n    });\n  }\n\n  async listKeys(userId?: string): Promise<VirtualKey[]> {\n    const query = userId ? `?user_id=${encodeURIComponent(userId)}` : '';\n    const response = await this.request<{ info: VirtualKey[] } | VirtualKey[]>(`/key/info${query}`);\n    return Array.isArray(response) ? response : (response.info ?? []);\n  }\n\n  async generateKey(request: GenerateKeyRequest): Promise<GenerateKeyResponse> {\n    return this.request<GenerateKeyResponse>('/key/generate', {\n      method: 'POST',\n      body: JSON.stringify(request),\n    });\n  }\n\n  async deleteKeys(request: DeleteKeyRequest): Promise<{ success: boolean }> {\n    return this.request<{ success: boolean }>('/key/delete', {\n      method: 'POST',\n      body: JSON.stringify(request),\n    });\n  }\n\n  async listModels(): Promise<ModelInfo[]> {\n    const response = await this.request<{ data: ModelInfo[] } | ModelInfo[]>('/models');\n    return Array.isArray(response) ? response : (response.data ?? []);\n  }\n\n  async getTeamInfo(teamId: string): Promise<TeamInfo> {\n    return this.request<TeamInfo>(`/team/info?team_id=${encodeURIComponent(teamId)}`);\n  }\n\n  async getUsage(startDate: string, endDate: string, userId?: string, groupBy?: string): Promise<UsageMetrics> {\n    const params = new URLSearchParams({ start_date: startDate, end_date: endDate });\n    if (userId) params.append('user_id', userId);\n    if (groupBy) params.append('group_by', groupBy);\n    return this.request<UsageMetrics>(`/usage/keys?${params.toString()}`);\n  }\n\n  async getTeamUsage(teamId: string, startDate: string, endDate: string): Promise<UsageMetrics> {\n    const params = new URLSearchParams({ start_date: startDate, end_date: endDate, team_id: teamId });\n    return this.request<UsageMetrics>(`/usage/keys?${params.toString()}`);\n  }\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,gCAAkD;;;ACAlD,qBAA0C;;;ACc1C,IAAM,kBAAkB;AAEjB,IAAM,gBAAN,MAAoB;AAAA,EAKzB,YAAY,QAAuB,UAAU,iBAAiB;AAC5D,SAAK,UAAU,OAAO,QAAQ,QAAQ,OAAO,EAAE;AAC/C,SAAK,YAAY,OAAO;AACxB,SAAK,UAAU;AAAA,EACjB;AAAA,EAEA,MAAc,QAAW,MAAc,UAAuB,CAAC,GAAe;AAC5E,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AAEnE,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI,IAAI;AAAA,QACrD,GAAG;AAAA,QACH,QAAQ,WAAW;AAAA,QACnB,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,iBAAiB,UAAU,KAAK,SAAS;AAAA,UACzC,GAAG,QAAQ;AAAA,QACb;AAAA,MACF,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,YAAY,MAAM,SAAS,KAAK;AACtC,cAAM,MAAM,IAAI,MAAM,sBAAsB,SAAS,MAAM,IAAI,SAAS,UAAU,MAAM,SAAS,EAAE;AACnG,QAAC,IAAY,SAAS,SAAS;AAC/B,cAAM;AAAA,MACR;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,UAAE;AACA,mBAAa,SAAS;AAAA,IACxB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAY,QAA2C;AAC3D,UAAM,QAAQ,SAAS,YAAY,mBAAmB,MAAM,CAAC,KAAK;AAClE,QAAI;AACF,aAAO,MAAM,KAAK,QAAkB,aAAa,KAAK,EAAE;AAAA,IAC1D,SAAS,KAAU;AACjB,UAAI,IAAI,WAAW,IAAK,QAAO;AAC/B,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,SAAyD;AACxE,WAAO,KAAK,QAA4B,aAAa;AAAA,MACnD,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,OAAO;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,SAAS,QAAwC;AACrD,UAAM,QAAQ,SAAS,YAAY,mBAAmB,MAAM,CAAC,KAAK;AAClE,UAAM,WAAW,MAAM,KAAK,QAA+C,YAAY,KAAK,EAAE;AAC9F,WAAO,MAAM,QAAQ,QAAQ,IAAI,WAAY,SAAS,QAAQ,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,YAAY,SAA2D;AAC3E,WAAO,KAAK,QAA6B,iBAAiB;AAAA,MACxD,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,OAAO;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,WAAW,SAA0D;AACzE,WAAO,KAAK,QAA8B,eAAe;AAAA,MACvD,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,OAAO;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,aAAmC;AACvC,UAAM,WAAW,MAAM,KAAK,QAA6C,SAAS;AAClF,WAAO,MAAM,QAAQ,QAAQ,IAAI,WAAY,SAAS,QAAQ,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,YAAY,QAAmC;AACnD,WAAO,KAAK,QAAkB,sBAAsB,mBAAmB,MAAM,CAAC,EAAE;AAAA,EAClF;AAAA,EAEA,MAAM,SAAS,WAAmB,SAAiB,QAAiB,SAAyC;AAC3G,UAAM,SAAS,IAAI,gBAAgB,EAAE,YAAY,WAAW,UAAU,QAAQ,CAAC;AAC/E,QAAI,OAAQ,QAAO,OAAO,WAAW,MAAM;AAC3C,QAAI,QAAS,QAAO,OAAO,YAAY,OAAO;AAC9C,WAAO,KAAK,QAAsB,eAAe,OAAO,SAAS,CAAC,EAAE;AAAA,EACtE;AAAA,EAEA,MAAM,aAAa,QAAgB,WAAmB,SAAwC;AAC5F,UAAM,SAAS,IAAI,gBAAgB,EAAE,YAAY,WAAW,UAAU,SAAS,SAAS,OAAO,CAAC;AAChG,WAAO,KAAK,QAAsB,eAAe,OAAO,SAAS,CAAC,EAAE;AAAA,EACtE;AACF;;;ADjFA,SAAS,yBAAyB,QAAsE;AACtG,QAAM,UAAU,OAAO,mBAAmB,8BAA8B,KAAK;AAC7E,QAAM,WAAiC;AAAA,IACrC,WAAW,OAAO,kBAAkB,yCAAyC,KAAK;AAAA,IAClF,gBAAgB,OAAO,kBAAkB,8CAA8C,KAAK;AAAA,IAC5F,QAAQ,OAAO,uBAAuB,sCAAsC,KAAK,CAAC;AAAA,IAClF,OAAO,OAAO,uBAAuB,qCAAqC,KAAK,CAAC;AAAA,IAChF,UAAU,OAAO,kBAAkB,wCAAwC;AAAA,IAC3E,UAAU,OAAO,kBAAkB,wCAAwC;AAAA,IAC3E,UAAW,OAAO,YAAoC,wCAAwC,KAAK,CAAC;AAAA,EACtG;AACA,SAAO,EAAE,SAAS,SAAS;AAC7B;AAOA,eAAe,cAAc,KAAc,MAAgD;AACzF,QAAM,WAAW,IAAI,QAAQ,eAAe,MAAM,CAAC;AACnD,MAAI,CAAC,SAAU,QAAO;AACtB,MAAI;AACF,UAAM,cAAc,MAAM,KAAK,aAAa,QAAQ;AACpD,UAAM,YAAY,YAAY;AAC9B,QAAI,WAAW,SAAS,QAAQ;AAC9B,aAAO,UAAU;AAAA,IACnB;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAMA,eAAe,cACb,QACA,QACA,UACA,QAC0B;AAC1B,QAAM,UAAU;AAAA,IACd,SAAS;AAAA,IACT,YAAY,SAAS;AAAA,IACrB,iBAAiB,SAAS;AAAA,IAC1B,QAAQ,SAAS;AAAA,IACjB,OAAO,SAAS;AAAA,IAChB,GAAI,SAAS,aAAa,UAAa,EAAE,WAAW,SAAS,SAAS;AAAA,IACtE,GAAI,SAAS,aAAa,UAAa,EAAE,WAAW,SAAS,SAAS;AAAA,IACtE,UAAU;AAAA,MACR,GAAG,SAAS;AAAA,MACZ,gBAAgB;AAAA,MAChB,iBAAgB,oBAAI,KAAK,GAAE,YAAY;AAAA,MACvC,kBAAkB;AAAA,IACpB;AAAA,EACF;AAEA,SAAO,KAAK,yDAAyD,MAAM,EAAE;AAC7E,MAAI;AACF,UAAM,OAAO,WAAW,OAAO;AAE/B,WAAO,MAAM,OAAO,YAAY,MAAM;AAAA,EACxC,SAAS,KAAU;AACjB,WAAO,MAAM,oCAAoC,MAAM,KAAK,IAAI,OAAO,EAAE;AACzE,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,aAAa,SAAyC;AAC1E,QAAM,EAAE,QAAQ,QAAQ,KAAK,IAAI;AAEjC,QAAM,UAAU,OAAO,UAAU,iBAAiB;AAClD,QAAM,YAAY,OAAO,UAAU,mBAAmB;AACtD,QAAM,SAAS,IAAI,cAAc,EAAE,SAAS,UAAU,CAAC;AACvD,QAAM,EAAE,SAAS,qBAAqB,UAAU,qBAAqB,IAAI,yBAAyB,MAAM;AAExG,MAAI,qBAAqB;AACvB,WAAO;AAAA,MACL,8DAAyD,qBAAqB,SAAS,IAAI,qBAAqB,cAAc,YAAY,qBAAqB,OAAO,SAAS,qBAAqB,OAAO,KAAK,GAAG,IAAI,KAAK,YAAY,qBAAqB,MAAM,KAAK,GAAG,CAAC;AAAA,IAC9Q;AAAA,EACF;AAEA,QAAM,aAAS,uBAAO;AAEtB,SAAO,IAAI,WAAW,CAAC,MAAe,QAAkB;AACtD,QAAI,KAAK,EAAE,QAAQ,MAAM,cAAc,oBAAoB,CAAC;AAAA,EAC9D,CAAC;AAED,SAAO,IAAI,cAAc,OAAO,KAAc,QAAkB;AAC9D,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AAEzC,UAAI,WAA4B,MAAM,OAAO,YAAY,MAAM;AAE/D,UAAI,CAAC,UAAU;AACb,YAAI,uBAAuB,QAAQ;AACjC,qBAAW,MAAM,cAAc,QAAQ,QAAQ,sBAAsB,MAAM;AAAA,QAC7E;AAEA,YAAI,CAAC,UAAU;AACb,cAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YACnB,OAAO;AAAA,YACP,cAAc;AAAA,YACd,MAAM,sBACF,gEACA;AAAA,UACN,CAAC;AACD;AAAA,QACF;AAAA,MACF;AAEA,UAAI,KAAK,QAAQ;AAAA,IACnB,SAAS,OAAY;AACnB,aAAO,MAAM,6BAA6B,KAAK;AAC/C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,SAAS,OAAO,KAAc,QAAkB;AACzD,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AACzC,YAAM,OAAqB,MAAM,OAAO,SAAS,MAAM;AACvD,UAAI,KAAK,IAAI;AAAA,IACf,SAAS,OAAY;AACnB,aAAO,MAAM,uBAAuB,KAAK;AACzC,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,KAAK,kBAAkB,OAAO,KAAc,QAAkB;AACnE,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,UAA8B;AAAA,QAClC,GAAG,IAAI;AAAA,QACP,GAAI,eAAe,EAAE,SAAS,YAAY;AAAA,MAC5C;AACA,YAAM,SAA8B,MAAM,OAAO,YAAY,OAAO;AACpE,UAAI,KAAK,MAAM;AAAA,IACjB,SAAS,OAAY;AACnB,aAAO,MAAM,0BAA0B,KAAK;AAC5C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,OAAO,gBAAgB,OAAO,KAAc,QAAkB;AACnE,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,IAAI;AACtB,UAAI,CAAC,OAAO;AACV,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,oBAAoB,CAAC;AACnD;AAAA,MACF;AACA,YAAM,OAAO,WAAW,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;AACzC,UAAI,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5B,SAAS,OAAY;AACnB,aAAO,MAAM,wBAAwB,KAAK;AAC1C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,WAAW,OAAO,MAAe,QAAkB;AAC5D,QAAI;AACF,YAAM,SAAsB,MAAM,OAAO,WAAW;AACpD,UAAI,KAAK,MAAM;AAAA,IACjB,SAAS,OAAY;AACnB,aAAO,MAAM,yBAAyB,KAAK;AAC3C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,UAAU,OAAO,KAAc,QAAkB;AAC1D,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AACzC,YAAM,WAA4B,MAAM,OAAO,YAAY,MAAM;AAEjE,UAAI,CAAC,UAAU,OAAO,QAAQ;AAC5B,YAAI,KAAK,CAAC,CAAC;AACX;AAAA,MACF;AAEA,YAAM,QAAQ,MAAM,QAAQ;AAAA,QAC1B,SAAS,MAAM;AAAA,UAAI,YACjB,OAAO,YAAY,MAAM,EAAE,MAAM,SAAO;AACtC,mBAAO,KAAK,wBAAwB,MAAM,KAAK,IAAI,OAAO,EAAE;AAC5D,mBAAO;AAAA,UACT,CAAC;AAAA,QACH;AAAA,MACF;AACA,UAAI,KAAK,MAAM,OAAO,OAAO,CAAe;AAAA,IAC9C,SAAS,OAAY;AACnB,aAAO,MAAM,yBAAyB,KAAK;AAC3C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,wBAAwB,OAAO,KAAc,QAAkB;AACxE,QAAI;AACF,YAAM,EAAE,OAAO,IAAI,IAAI;AACvB,YAAM,EAAE,YAAY,SAAS,IAAI,IAAI;AACrC,UAAI,CAAC,cAAc,CAAC,UAAU;AAC5B,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,uCAAuC,CAAC;AACtE;AAAA,MACF;AACA,YAAM,QAAsB,MAAM,OAAO;AAAA,QACvC;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,UAAI,KAAK,KAAK;AAAA,IAChB,SAAS,OAAY;AACnB,aAAO,MAAM,8BAA8B,KAAK;AAChD,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,UAAU,OAAO,KAAc,QAAkB;AAC1D,QAAI;AACF,YAAM,EAAE,YAAY,UAAU,SAAS,IAAI,IAAI;AAC/C,UAAI,CAAC,cAAc,CAAC,UAAU;AAC5B,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,uCAAuC,CAAC;AACtE;AAAA,MACF;AACA,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AACzC,YAAM,QAAsB,MAAM,OAAO;AAAA,QACvC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,UAAI,KAAK,KAAK;AAAA,IAChB,SAAS,OAAY;AACnB,aAAO,MAAM,yBAAyB,KAAK;AAC3C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO;AACT;;;ADnRO,IAAM,oBAAgB,+CAAoB;AAAA,EAC/C,UAAU;AAAA,EACV,SAAS,KAAK;AACZ,QAAI,aAAa;AAAA,MACf,MAAM;AAAA,QACJ,YAAY,uCAAa;AAAA,QACzB,QAAQ,uCAAa;AAAA,QACrB,QAAQ,uCAAa;AAAA,QACrB,MAAM,uCAAa;AAAA,QACnB,WAAW,uCAAa;AAAA,MAC1B;AAAA,MACA,MAAM,KAAK,EAAE,YAAY,QAAQ,QAAQ,KAAK,GAAG;AAC/C,cAAM,SAAS,MAAM,aAAa,EAAE,QAAQ,QAAQ,KAAK,CAAC;AAC1D,mBAAW,IAAI,MAAM;AAAA,MACvB;AAAA,IACF,CAAC;AAAA,EACH;AACF,CAAC;",
   "names": []
 }

package/dist/index.esm.js CHANGED Viewed

@@ -27,16 +27,33 @@ var LiteLLMClient = class {
       });
       if (!response.ok) {
         const errorBody = await response.text();
-        throw new Error(`LiteLLM API error: ${response.status} ${response.statusText} - ${errorBody}`);
+        const err = new Error(`LiteLLM API error: ${response.status} ${response.statusText} - ${errorBody}`);
+        err.status = response.status;
+        throw err;
       }
       return response.json();
     } finally {
       clearTimeout(timeoutId);
     }
   }
+  /**
+   * Returns null when the user is not found in LiteLLM (404).
+   * Throws on all other errors so callers know something went wrong.
+   */
   async getUserInfo(userId) {
     const query = userId ? `?user_id=${encodeURIComponent(userId)}` : "";
-    return this.request(`/user/info${query}`);
+    try {
+      return await this.request(`/user/info${query}`);
+    } catch (err) {
+      if (err.status === 404) return null;
+      throw err;
+    }
+  }
+  async createUser(payload) {
+    return this.request("/user/new", {
+      method: "POST",
+      body: JSON.stringify(payload)
+    });
   }
   async listKeys(userId) {
     const query = userId ? `?user_id=${encodeURIComponent(userId)}` : "";
@@ -75,6 +92,19 @@ var LiteLLMClient = class {
 };
 // src/router.ts
+function readProvisioningDefaults(config) {
+  const enabled = config.getOptionalBoolean("litellm.provisioning.enabled") ?? false;
+  const defaults = {
+    maxBudget: config.getOptionalNumber("litellm.provisioning.defaults.maxBudget") ?? 10,
+    budgetDuration: config.getOptionalString("litellm.provisioning.defaults.budgetDuration") ?? "30d",
+    models: config.getOptionalStringArray("litellm.provisioning.defaults.models") ?? [],
+    teams: config.getOptionalStringArray("litellm.provisioning.defaults.teams") ?? [],
+    tpmLimit: config.getOptionalNumber("litellm.provisioning.defaults.tpmLimit"),
+    rpmLimit: config.getOptionalNumber("litellm.provisioning.defaults.rpmLimit"),
+    metadata: config.getOptional("litellm.provisioning.defaults.metadata") ?? {}
+  };
+  return { enabled, defaults };
+}
 async function resolveUserId(req, auth) {
   const rawToken = req.headers.authorization?.slice(7);
   if (!rawToken) return void 0;
@@ -88,20 +118,64 @@ async function resolveUserId(req, auth) {
   }
   return void 0;
 }
+async function provisionUser(client, userId, defaults, logger) {
+  const payload = {
+    user_id: userId,
+    max_budget: defaults.maxBudget,
+    budget_duration: defaults.budgetDuration,
+    models: defaults.models,
+    teams: defaults.teams,
+    ...defaults.tpmLimit !== void 0 && { tpm_limit: defaults.tpmLimit },
+    ...defaults.rpmLimit !== void 0 && { rpm_limit: defaults.rpmLimit },
+    metadata: {
+      ...defaults.metadata,
+      provisioned_by: "backstage",
+      provisioned_at: (/* @__PURE__ */ new Date()).toISOString(),
+      backstage_entity: userId
+    }
+  };
+  logger.info(`Provisioning new LiteLLM user for Backstage identity: ${userId}`);
+  try {
+    await client.createUser(payload);
+    return await client.getUserInfo(userId);
+  } catch (err) {
+    logger.error(`Failed to provision LiteLLM user ${userId}: ${err.message}`);
+    return null;
+  }
+}
 async function createRouter(options) {
   const { config, logger, auth } = options;
   const baseUrl = config.getString("litellm.baseUrl");
   const masterKey = config.getString("litellm.masterKey");
   const client = new LiteLLMClient({ baseUrl, masterKey });
+  const { enabled: provisioningEnabled, defaults: provisioningDefaults } = readProvisioningDefaults(config);
+  if (provisioningEnabled) {
+    logger.info(
+      `LiteLLM auto-provisioning enabled \u2014 defaults: budget=$${provisioningDefaults.maxBudget}/${provisioningDefaults.budgetDuration}, models=${provisioningDefaults.models.length ? provisioningDefaults.models.join(",") : "all"}, teams=[${provisioningDefaults.teams.join(",")}]`
+    );
+  }
   const router = Router();
   router.get("/health", (_req, res) => {
-    res.json({ status: "ok" });
+    res.json({ status: "ok", provisioning: provisioningEnabled });
   });
   router.get("/user/info", async (req, res) => {
     try {
       const tokenUserId = await resolveUserId(req, auth);
       const userId = tokenUserId ?? req.query.user_id;
-      const userInfo = await client.getUserInfo(userId);
+      let userInfo = await client.getUserInfo(userId);
+      if (!userInfo) {
+        if (provisioningEnabled && userId) {
+          userInfo = await provisionUser(client, userId, provisioningDefaults, logger);
+        }
+        if (!userInfo) {
+          res.status(404).json({
+            error: "User not found in LiteLLM",
+            provisioning: provisioningEnabled,
+            hint: provisioningEnabled ? "Provisioning attempted but failed \u2014 check LiteLLM logs" : "Enable litellm.provisioning.enabled in app-config.yaml or create the user manually"
+          });
+          return;
+        }
+      }
       res.json(userInfo);
     } catch (error) {
       logger.error("Failed to fetch user info", error);
@@ -124,7 +198,6 @@ async function createRouter(options) {
       const tokenUserId = await resolveUserId(req, auth);
       const request = {
         ...req.body,
-        // Bind generated key to the authenticated user so LiteLLM enforces their limits.
         ...tokenUserId && { user_id: tokenUserId }
       };
       const result = await client.generateKey(request);
@@ -162,7 +235,7 @@ async function createRouter(options) {
       const tokenUserId = await resolveUserId(req, auth);
       const userId = tokenUserId ?? req.query.user_id;
       const userInfo = await client.getUserInfo(userId);
-      if (!userInfo.teams?.length) {
+      if (!userInfo?.teams?.length) {
         res.json([]);
         return;
       }
@@ -201,13 +274,13 @@ async function createRouter(options) {
   });
   router.get("/usage", async (req, res) => {
     try {
-      const { start_date, end_date, user_id, group_by } = req.query;
+      const { start_date, end_date, group_by } = req.query;
       if (!start_date || !end_date) {
         res.status(400).json({ error: "start_date and end_date are required" });
         return;
       }
       const tokenUserId = await resolveUserId(req, auth);
-      const userId = tokenUserId ?? user_id;
+      const userId = tokenUserId ?? req.query.user_id;
       const usage = await client.getUsage(
         start_date,
         end_date,

package/dist/index.esm.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../src/plugin.ts", "../src/router.ts", "../src/client.ts"],
-  "sourcesContent": ["import { coreServices, createBackendPlugin } from '@backstage/backend-plugin-api';\nimport { createRouter } from './router';\n\nexport const litellmPlugin = createBackendPlugin({\n  pluginId: 'litellm',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        httpRouter: coreServices.httpRouter,\n        config: coreServices.rootConfig,\n        logger: coreServices.logger,\n        auth: coreServices.auth,\n        discovery: coreServices.discovery,\n      },\n      async init({ httpRouter, config, logger, auth }) {\n        const router = await createRouter({ config, logger, auth });\n        httpRouter.use(router);\n      },\n    });\n  },\n});\n", "import { Router, Request, Response } from 'express';\nimport { Config } from '@backstage/config';\nimport { AuthService } from '@backstage/backend-plugin-api';\nimport { LiteLLMClient } from './client';\nimport {\n  UserInfo,\n  VirtualKey,\n  ModelInfo,\n  UsageMetrics,\n  TeamInfo,\n  GenerateKeyRequest,\n  GenerateKeyResponse,\n} from './types';\n\nexport interface RouterOptions {\n  config: Config;\n  logger: any;\n  auth: AuthService;\n}\n\n/**\n * Extracts the authenticated Backstage user identity from the request token.\n * Returns the userEntityRef (e.g. \"user:default/john.doe\") or undefined if\n * the request carries no user credential (service-to-service calls).\n */\nasync function resolveUserId(req: Request, auth: AuthService): Promise<string | undefined> {\n  const rawToken = req.headers.authorization?.slice(7); // strip \"Bearer \"\n  if (!rawToken) return undefined;\n  try {\n    const credentials = await auth.authenticate(rawToken);\n    const principal = credentials.principal as any;\n    if (principal?.type === 'user') {\n      return principal.userEntityRef as string;\n    }\n  } catch {\n    // token invalid or service token \u2014 fall through\n  }\n  return undefined;\n}\n\nexport async function createRouter(options: RouterOptions): Promise<Router> {\n  const { config, logger, auth } = options;\n\n  const baseUrl = config.getString('litellm.baseUrl');\n  const masterKey = config.getString('litellm.masterKey');\n  const client = new LiteLLMClient({ baseUrl, masterKey });\n\n  const router = Router();\n\n  router.get('/health', (_req: Request, res: Response) => {\n    res.json({ status: 'ok' });\n  });\n\n  // Resolve user: prefer the identity extracted from the Backstage token so the\n  // caller cannot spoof another user_id. Falls back to the query param only when\n  // no user token is present (e.g. admin tooling using a service token).\n  router.get('/user/info', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n      const userInfo: UserInfo = await client.getUserInfo(userId);\n      res.json(userInfo);\n    } catch (error: any) {\n      logger.error('Failed to fetch user info', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/keys', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n      const keys: VirtualKey[] = await client.listKeys(userId);\n      res.json(keys);\n    } catch (error: any) {\n      logger.error('Failed to list keys', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.post('/keys/generate', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const request: GenerateKeyRequest = {\n        ...req.body,\n        // Bind generated key to the authenticated user so LiteLLM enforces their limits.\n        ...(tokenUserId && { user_id: tokenUserId }),\n      };\n      const result: GenerateKeyResponse = await client.generateKey(request);\n      res.json(result);\n    } catch (error: any) {\n      logger.error('Failed to generate key', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.delete('/keys/:keyId', async (req: Request, res: Response) => {\n    try {\n      const { keyId } = req.params;\n      if (!keyId) {\n        res.status(400).json({ error: 'keyId is required' });\n        return;\n      }\n      await client.deleteKeys({ keys: [keyId] });\n      res.json({ success: true });\n    } catch (error: any) {\n      logger.error('Failed to delete key', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/models', async (_req: Request, res: Response) => {\n    try {\n      const models: ModelInfo[] = await client.listModels();\n      res.json(models);\n    } catch (error: any) {\n      logger.error('Failed to list models', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  // Returns TeamInfo for every team the authenticated user belongs to.\n  // Team membership is read from /user/info .teams[], then each team is\n  // resolved in parallel via /team/info.\n  router.get('/teams', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n      const userInfo: UserInfo = await client.getUserInfo(userId);\n\n      if (!userInfo.teams?.length) {\n        res.json([]);\n        return;\n      }\n\n      const teams = await Promise.all(\n        userInfo.teams.map(teamId =>\n          client.getTeamInfo(teamId).catch(err => {\n            logger.warn(`Failed to fetch team ${teamId}: ${err.message}`);\n            return null;\n          }),\n        ),\n      );\n      res.json(teams.filter(Boolean) as TeamInfo[]);\n    } catch (error: any) {\n      logger.error('Failed to fetch teams', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/teams/:teamId/usage', async (req: Request, res: Response) => {\n    try {\n      const { teamId } = req.params;\n      const { start_date, end_date } = req.query;\n      if (!start_date || !end_date) {\n        res.status(400).json({ error: 'start_date and end_date are required' });\n        return;\n      }\n      const usage: UsageMetrics = await client.getTeamUsage(\n        teamId,\n        start_date as string,\n        end_date as string,\n      );\n      res.json(usage);\n    } catch (error: any) {\n      logger.error('Failed to fetch team usage', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/usage', async (req: Request, res: Response) => {\n    try {\n      const { start_date, end_date, user_id, group_by } = req.query;\n      if (!start_date || !end_date) {\n        res.status(400).json({ error: 'start_date and end_date are required' });\n        return;\n      }\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (user_id as string | undefined);\n      const usage: UsageMetrics = await client.getUsage(\n        start_date as string,\n        end_date as string,\n        userId,\n        group_by as string | undefined,\n      );\n      res.json(usage);\n    } catch (error: any) {\n      logger.error('Failed to fetch usage', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  return router;\n}\n", "import {\n  LiteLLMConfig,\n  UserInfo,\n  VirtualKey,\n  ModelInfo,\n  UsageMetrics,\n  TeamInfo,\n  GenerateKeyRequest,\n  GenerateKeyResponse,\n  DeleteKeyRequest,\n} from './types';\n\nconst DEFAULT_TIMEOUT = 30000;\n\nexport class LiteLLMClient {\n  private baseUrl: string;\n  private masterKey: string;\n  private timeout: number;\n\n  constructor(config: LiteLLMConfig, timeout = DEFAULT_TIMEOUT) {\n    this.baseUrl = config.baseUrl.replace(/\\/$/, '');\n    this.masterKey = config.masterKey;\n    this.timeout = timeout;\n  }\n\n  private async request<T>(path: string, options: RequestInit = {}): Promise<T> {\n    const controller = new AbortController();\n    const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n\n    try {\n      const response = await fetch(`${this.baseUrl}${path}`, {\n        ...options,\n        signal: controller.signal,\n        headers: {\n          'Content-Type': 'application/json',\n          'Authorization': `Bearer ${this.masterKey}`,\n          ...options.headers,\n        },\n      });\n\n      if (!response.ok) {\n        const errorBody = await response.text();\n        throw new Error(`LiteLLM API error: ${response.status} ${response.statusText} - ${errorBody}`);\n      }\n\n      return response.json();\n    } finally {\n      clearTimeout(timeoutId);\n    }\n  }\n\n  async getUserInfo(userId?: string): Promise<UserInfo> {\n    const query = userId ? `?user_id=${encodeURIComponent(userId)}` : '';\n    return this.request<UserInfo>(`/user/info${query}`);\n  }\n\n  async listKeys(userId?: string): Promise<VirtualKey[]> {\n    const query = userId ? `?user_id=${encodeURIComponent(userId)}` : '';\n    const response = await this.request<{ info: VirtualKey[] } | VirtualKey[]>(`/key/info${query}`);\n    return Array.isArray(response) ? response : (response.info ?? []);\n  }\n\n  async generateKey(request: GenerateKeyRequest): Promise<GenerateKeyResponse> {\n    return this.request<GenerateKeyResponse>('/key/generate', {\n      method: 'POST',\n      body: JSON.stringify(request),\n    });\n  }\n\n  async deleteKeys(request: DeleteKeyRequest): Promise<{ success: boolean }> {\n    return this.request<{ success: boolean }>('/key/delete', {\n      method: 'POST',\n      body: JSON.stringify(request),\n    });\n  }\n\n  async listModels(): Promise<ModelInfo[]> {\n    const response = await this.request<{ data: ModelInfo[] } | ModelInfo[]>('/models');\n    return Array.isArray(response) ? response : (response.data ?? []);\n  }\n\n  async getTeamInfo(teamId: string): Promise<TeamInfo> {\n    return this.request<TeamInfo>(`/team/info?team_id=${encodeURIComponent(teamId)}`);\n  }\n\n  async getUsage(startDate: string, endDate: string, userId?: string, groupBy?: string): Promise<UsageMetrics> {\n    const params = new URLSearchParams({ start_date: startDate, end_date: endDate });\n    if (userId) params.append('user_id', userId);\n    if (groupBy) params.append('group_by', groupBy);\n    return this.request<UsageMetrics>(`/usage/keys?${params.toString()}`);\n  }\n\n  async getTeamUsage(teamId: string, startDate: string, endDate: string): Promise<UsageMetrics> {\n    const params = new URLSearchParams({ start_date: startDate, end_date: endDate, team_id: teamId });\n    return this.request<UsageMetrics>(`/usage/keys?${params.toString()}`);\n  }\n}\n"],
-  "mappings": ";AAAA,SAAS,cAAc,2BAA2B;;;ACAlD,SAAS,cAAiC;;;ACY1C,IAAM,kBAAkB;AAEjB,IAAM,gBAAN,MAAoB;AAAA,EAKzB,YAAY,QAAuB,UAAU,iBAAiB;AAC5D,SAAK,UAAU,OAAO,QAAQ,QAAQ,OAAO,EAAE;AAC/C,SAAK,YAAY,OAAO;AACxB,SAAK,UAAU;AAAA,EACjB;AAAA,EAEA,MAAc,QAAW,MAAc,UAAuB,CAAC,GAAe;AAC5E,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AAEnE,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI,IAAI;AAAA,QACrD,GAAG;AAAA,QACH,QAAQ,WAAW;AAAA,QACnB,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,iBAAiB,UAAU,KAAK,SAAS;AAAA,UACzC,GAAG,QAAQ;AAAA,QACb;AAAA,MACF,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,YAAY,MAAM,SAAS,KAAK;AACtC,cAAM,IAAI,MAAM,sBAAsB,SAAS,MAAM,IAAI,SAAS,UAAU,MAAM,SAAS,EAAE;AAAA,MAC/F;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,UAAE;AACA,mBAAa,SAAS;AAAA,IACxB;AAAA,EACF;AAAA,EAEA,MAAM,YAAY,QAAoC;AACpD,UAAM,QAAQ,SAAS,YAAY,mBAAmB,MAAM,CAAC,KAAK;AAClE,WAAO,KAAK,QAAkB,aAAa,KAAK,EAAE;AAAA,EACpD;AAAA,EAEA,MAAM,SAAS,QAAwC;AACrD,UAAM,QAAQ,SAAS,YAAY,mBAAmB,MAAM,CAAC,KAAK;AAClE,UAAM,WAAW,MAAM,KAAK,QAA+C,YAAY,KAAK,EAAE;AAC9F,WAAO,MAAM,QAAQ,QAAQ,IAAI,WAAY,SAAS,QAAQ,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,YAAY,SAA2D;AAC3E,WAAO,KAAK,QAA6B,iBAAiB;AAAA,MACxD,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,OAAO;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,WAAW,SAA0D;AACzE,WAAO,KAAK,QAA8B,eAAe;AAAA,MACvD,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,OAAO;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,aAAmC;AACvC,UAAM,WAAW,MAAM,KAAK,QAA6C,SAAS;AAClF,WAAO,MAAM,QAAQ,QAAQ,IAAI,WAAY,SAAS,QAAQ,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,YAAY,QAAmC;AACnD,WAAO,KAAK,QAAkB,sBAAsB,mBAAmB,MAAM,CAAC,EAAE;AAAA,EAClF;AAAA,EAEA,MAAM,SAAS,WAAmB,SAAiB,QAAiB,SAAyC;AAC3G,UAAM,SAAS,IAAI,gBAAgB,EAAE,YAAY,WAAW,UAAU,QAAQ,CAAC;AAC/E,QAAI,OAAQ,QAAO,OAAO,WAAW,MAAM;AAC3C,QAAI,QAAS,QAAO,OAAO,YAAY,OAAO;AAC9C,WAAO,KAAK,QAAsB,eAAe,OAAO,SAAS,CAAC,EAAE;AAAA,EACtE;AAAA,EAEA,MAAM,aAAa,QAAgB,WAAmB,SAAwC;AAC5F,UAAM,SAAS,IAAI,gBAAgB,EAAE,YAAY,WAAW,UAAU,SAAS,SAAS,OAAO,CAAC;AAChG,WAAO,KAAK,QAAsB,eAAe,OAAO,SAAS,CAAC,EAAE;AAAA,EACtE;AACF;;;ADvEA,eAAe,cAAc,KAAc,MAAgD;AACzF,QAAM,WAAW,IAAI,QAAQ,eAAe,MAAM,CAAC;AACnD,MAAI,CAAC,SAAU,QAAO;AACtB,MAAI;AACF,UAAM,cAAc,MAAM,KAAK,aAAa,QAAQ;AACpD,UAAM,YAAY,YAAY;AAC9B,QAAI,WAAW,SAAS,QAAQ;AAC9B,aAAO,UAAU;AAAA,IACnB;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAEA,eAAsB,aAAa,SAAyC;AAC1E,QAAM,EAAE,QAAQ,QAAQ,KAAK,IAAI;AAEjC,QAAM,UAAU,OAAO,UAAU,iBAAiB;AAClD,QAAM,YAAY,OAAO,UAAU,mBAAmB;AACtD,QAAM,SAAS,IAAI,cAAc,EAAE,SAAS,UAAU,CAAC;AAEvD,QAAM,SAAS,OAAO;AAEtB,SAAO,IAAI,WAAW,CAAC,MAAe,QAAkB;AACtD,QAAI,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,EAC3B,CAAC;AAKD,SAAO,IAAI,cAAc,OAAO,KAAc,QAAkB;AAC9D,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AACzC,YAAM,WAAqB,MAAM,OAAO,YAAY,MAAM;AAC1D,UAAI,KAAK,QAAQ;AAAA,IACnB,SAAS,OAAY;AACnB,aAAO,MAAM,6BAA6B,KAAK;AAC/C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,SAAS,OAAO,KAAc,QAAkB;AACzD,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AACzC,YAAM,OAAqB,MAAM,OAAO,SAAS,MAAM;AACvD,UAAI,KAAK,IAAI;AAAA,IACf,SAAS,OAAY;AACnB,aAAO,MAAM,uBAAuB,KAAK;AACzC,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,KAAK,kBAAkB,OAAO,KAAc,QAAkB;AACnE,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,UAA8B;AAAA,QAClC,GAAG,IAAI;AAAA;AAAA,QAEP,GAAI,eAAe,EAAE,SAAS,YAAY;AAAA,MAC5C;AACA,YAAM,SAA8B,MAAM,OAAO,YAAY,OAAO;AACpE,UAAI,KAAK,MAAM;AAAA,IACjB,SAAS,OAAY;AACnB,aAAO,MAAM,0BAA0B,KAAK;AAC5C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,OAAO,gBAAgB,OAAO,KAAc,QAAkB;AACnE,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,IAAI;AACtB,UAAI,CAAC,OAAO;AACV,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,oBAAoB,CAAC;AACnD;AAAA,MACF;AACA,YAAM,OAAO,WAAW,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;AACzC,UAAI,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5B,SAAS,OAAY;AACnB,aAAO,MAAM,wBAAwB,KAAK;AAC1C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,WAAW,OAAO,MAAe,QAAkB;AAC5D,QAAI;AACF,YAAM,SAAsB,MAAM,OAAO,WAAW;AACpD,UAAI,KAAK,MAAM;AAAA,IACjB,SAAS,OAAY;AACnB,aAAO,MAAM,yBAAyB,KAAK;AAC3C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAKD,SAAO,IAAI,UAAU,OAAO,KAAc,QAAkB;AAC1D,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AACzC,YAAM,WAAqB,MAAM,OAAO,YAAY,MAAM;AAE1D,UAAI,CAAC,SAAS,OAAO,QAAQ;AAC3B,YAAI,KAAK,CAAC,CAAC;AACX;AAAA,MACF;AAEA,YAAM,QAAQ,MAAM,QAAQ;AAAA,QAC1B,SAAS,MAAM;AAAA,UAAI,YACjB,OAAO,YAAY,MAAM,EAAE,MAAM,SAAO;AACtC,mBAAO,KAAK,wBAAwB,MAAM,KAAK,IAAI,OAAO,EAAE;AAC5D,mBAAO;AAAA,UACT,CAAC;AAAA,QACH;AAAA,MACF;AACA,UAAI,KAAK,MAAM,OAAO,OAAO,CAAe;AAAA,IAC9C,SAAS,OAAY;AACnB,aAAO,MAAM,yBAAyB,KAAK;AAC3C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,wBAAwB,OAAO,KAAc,QAAkB;AACxE,QAAI;AACF,YAAM,EAAE,OAAO,IAAI,IAAI;AACvB,YAAM,EAAE,YAAY,SAAS,IAAI,IAAI;AACrC,UAAI,CAAC,cAAc,CAAC,UAAU;AAC5B,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,uCAAuC,CAAC;AACtE;AAAA,MACF;AACA,YAAM,QAAsB,MAAM,OAAO;AAAA,QACvC;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,UAAI,KAAK,KAAK;AAAA,IAChB,SAAS,OAAY;AACnB,aAAO,MAAM,8BAA8B,KAAK;AAChD,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,UAAU,OAAO,KAAc,QAAkB;AAC1D,QAAI;AACF,YAAM,EAAE,YAAY,UAAU,SAAS,SAAS,IAAI,IAAI;AACxD,UAAI,CAAC,cAAc,CAAC,UAAU;AAC5B,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,uCAAuC,CAAC;AACtE;AAAA,MACF;AACA,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB;AAC/B,YAAM,QAAsB,MAAM,OAAO;AAAA,QACvC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,UAAI,KAAK,KAAK;AAAA,IAChB,SAAS,OAAY;AACnB,aAAO,MAAM,yBAAyB,KAAK;AAC3C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO;AACT;;;AD9LO,IAAM,gBAAgB,oBAAoB;AAAA,EAC/C,UAAU;AAAA,EACV,SAAS,KAAK;AACZ,QAAI,aAAa;AAAA,MACf,MAAM;AAAA,QACJ,YAAY,aAAa;AAAA,QACzB,QAAQ,aAAa;AAAA,QACrB,QAAQ,aAAa;AAAA,QACrB,MAAM,aAAa;AAAA,QACnB,WAAW,aAAa;AAAA,MAC1B;AAAA,MACA,MAAM,KAAK,EAAE,YAAY,QAAQ,QAAQ,KAAK,GAAG;AAC/C,cAAM,SAAS,MAAM,aAAa,EAAE,QAAQ,QAAQ,KAAK,CAAC;AAC1D,mBAAW,IAAI,MAAM;AAAA,MACvB;AAAA,IACF,CAAC;AAAA,EACH;AACF,CAAC;",
+  "sourcesContent": ["import { coreServices, createBackendPlugin } from '@backstage/backend-plugin-api';\nimport { createRouter } from './router';\n\nexport const litellmPlugin = createBackendPlugin({\n  pluginId: 'litellm',\n  register(reg) {\n    reg.registerInit({\n      deps: {\n        httpRouter: coreServices.httpRouter,\n        config: coreServices.rootConfig,\n        logger: coreServices.logger,\n        auth: coreServices.auth,\n        discovery: coreServices.discovery,\n      },\n      async init({ httpRouter, config, logger, auth }) {\n        const router = await createRouter({ config, logger, auth });\n        httpRouter.use(router);\n      },\n    });\n  },\n});\n", "import { Router, Request, Response } from 'express';\nimport { Config } from '@backstage/config';\nimport { AuthService } from '@backstage/backend-plugin-api';\nimport { LiteLLMClient } from './client';\nimport {\n  UserInfo,\n  VirtualKey,\n  ModelInfo,\n  UsageMetrics,\n  TeamInfo,\n  GenerateKeyRequest,\n  GenerateKeyResponse,\n  ProvisioningDefaults,\n} from './types';\n\nexport interface RouterOptions {\n  config: Config;\n  logger: any;\n  auth: AuthService;\n}\n\n/**\n * Reads the provisioning block from config, applying safe defaults for every\n * field so the feature works out-of-the-box without any YAML required.\n *\n * Safe defaults rationale:\n *   maxBudget:      $10  \u2014 prevents runaway spend on a forgotten test account\n *   budgetDuration: 30d  \u2014 monthly reset, aligns with typical billing cycles\n *   models:         []   \u2014 empty means all proxy models are allowed;\n *                          restrict here or at team level for tighter control\n *   teams:          []   \u2014 no automatic team assignment; add IDs to enrol users\n *   tpmLimit:       none \u2014 LiteLLM global / team limits still apply\n *   rpmLimit:       none \u2014 same\n *   metadata:       backstage source tag only\n */\nfunction readProvisioningDefaults(config: Config): { enabled: boolean; defaults: ProvisioningDefaults } {\n  const enabled = config.getOptionalBoolean('litellm.provisioning.enabled') ?? false;\n  const defaults: ProvisioningDefaults = {\n    maxBudget: config.getOptionalNumber('litellm.provisioning.defaults.maxBudget') ?? 10,\n    budgetDuration: config.getOptionalString('litellm.provisioning.defaults.budgetDuration') ?? '30d',\n    models: config.getOptionalStringArray('litellm.provisioning.defaults.models') ?? [],\n    teams: config.getOptionalStringArray('litellm.provisioning.defaults.teams') ?? [],\n    tpmLimit: config.getOptionalNumber('litellm.provisioning.defaults.tpmLimit'),\n    rpmLimit: config.getOptionalNumber('litellm.provisioning.defaults.rpmLimit'),\n    metadata: (config.getOptional<Record<string, string>>('litellm.provisioning.defaults.metadata') ?? {}),\n  };\n  return { enabled, defaults };\n}\n\n/**\n * Extracts the authenticated Backstage user identity from the request token.\n * Returns the userEntityRef (e.g. \"user:default/john.doe\") or undefined when\n * the request carries no user credential (service-to-service calls).\n */\nasync function resolveUserId(req: Request, auth: AuthService): Promise<string | undefined> {\n  const rawToken = req.headers.authorization?.slice(7);\n  if (!rawToken) return undefined;\n  try {\n    const credentials = await auth.authenticate(rawToken);\n    const principal = credentials.principal as any;\n    if (principal?.type === 'user') {\n      return principal.userEntityRef as string;\n    }\n  } catch {\n    // invalid or service token \u2014 caller gets query-param fallback\n  }\n  return undefined;\n}\n\n/**\n * Creates a LiteLLM user for the given Backstage identity using the configured\n * defaults. Returns the UserInfo of the newly created account.\n */\nasync function provisionUser(\n  client: LiteLLMClient,\n  userId: string,\n  defaults: ProvisioningDefaults,\n  logger: any,\n): Promise<UserInfo | null> {\n  const payload = {\n    user_id: userId,\n    max_budget: defaults.maxBudget,\n    budget_duration: defaults.budgetDuration,\n    models: defaults.models,\n    teams: defaults.teams,\n    ...(defaults.tpmLimit !== undefined && { tpm_limit: defaults.tpmLimit }),\n    ...(defaults.rpmLimit !== undefined && { rpm_limit: defaults.rpmLimit }),\n    metadata: {\n      ...defaults.metadata,\n      provisioned_by: 'backstage',\n      provisioned_at: new Date().toISOString(),\n      backstage_entity: userId,\n    },\n  };\n\n  logger.info(`Provisioning new LiteLLM user for Backstage identity: ${userId}`);\n  try {\n    await client.createUser(payload);\n    // Fetch the freshly-created user record to return consistent UserInfo shape\n    return await client.getUserInfo(userId);\n  } catch (err: any) {\n    logger.error(`Failed to provision LiteLLM user ${userId}: ${err.message}`);\n    return null;\n  }\n}\n\nexport async function createRouter(options: RouterOptions): Promise<Router> {\n  const { config, logger, auth } = options;\n\n  const baseUrl = config.getString('litellm.baseUrl');\n  const masterKey = config.getString('litellm.masterKey');\n  const client = new LiteLLMClient({ baseUrl, masterKey });\n  const { enabled: provisioningEnabled, defaults: provisioningDefaults } = readProvisioningDefaults(config);\n\n  if (provisioningEnabled) {\n    logger.info(\n      `LiteLLM auto-provisioning enabled \u2014 defaults: budget=$${provisioningDefaults.maxBudget}/${provisioningDefaults.budgetDuration}, models=${provisioningDefaults.models.length ? provisioningDefaults.models.join(',') : 'all'}, teams=[${provisioningDefaults.teams.join(',')}]`,\n    );\n  }\n\n  const router = Router();\n\n  router.get('/health', (_req: Request, res: Response) => {\n    res.json({ status: 'ok', provisioning: provisioningEnabled });\n  });\n\n  router.get('/user/info', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n\n      let userInfo: UserInfo | null = await client.getUserInfo(userId);\n\n      if (!userInfo) {\n        if (provisioningEnabled && userId) {\n          userInfo = await provisionUser(client, userId, provisioningDefaults, logger);\n        }\n\n        if (!userInfo) {\n          res.status(404).json({\n            error: 'User not found in LiteLLM',\n            provisioning: provisioningEnabled,\n            hint: provisioningEnabled\n              ? 'Provisioning attempted but failed \u2014 check LiteLLM logs'\n              : 'Enable litellm.provisioning.enabled in app-config.yaml or create the user manually',\n          });\n          return;\n        }\n      }\n\n      res.json(userInfo);\n    } catch (error: any) {\n      logger.error('Failed to fetch user info', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/keys', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n      const keys: VirtualKey[] = await client.listKeys(userId);\n      res.json(keys);\n    } catch (error: any) {\n      logger.error('Failed to list keys', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.post('/keys/generate', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const request: GenerateKeyRequest = {\n        ...req.body,\n        ...(tokenUserId && { user_id: tokenUserId }),\n      };\n      const result: GenerateKeyResponse = await client.generateKey(request);\n      res.json(result);\n    } catch (error: any) {\n      logger.error('Failed to generate key', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.delete('/keys/:keyId', async (req: Request, res: Response) => {\n    try {\n      const { keyId } = req.params;\n      if (!keyId) {\n        res.status(400).json({ error: 'keyId is required' });\n        return;\n      }\n      await client.deleteKeys({ keys: [keyId] });\n      res.json({ success: true });\n    } catch (error: any) {\n      logger.error('Failed to delete key', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/models', async (_req: Request, res: Response) => {\n    try {\n      const models: ModelInfo[] = await client.listModels();\n      res.json(models);\n    } catch (error: any) {\n      logger.error('Failed to list models', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/teams', async (req: Request, res: Response) => {\n    try {\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n      const userInfo: UserInfo | null = await client.getUserInfo(userId);\n\n      if (!userInfo?.teams?.length) {\n        res.json([]);\n        return;\n      }\n\n      const teams = await Promise.all(\n        userInfo.teams.map(teamId =>\n          client.getTeamInfo(teamId).catch(err => {\n            logger.warn(`Failed to fetch team ${teamId}: ${err.message}`);\n            return null;\n          }),\n        ),\n      );\n      res.json(teams.filter(Boolean) as TeamInfo[]);\n    } catch (error: any) {\n      logger.error('Failed to fetch teams', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/teams/:teamId/usage', async (req: Request, res: Response) => {\n    try {\n      const { teamId } = req.params;\n      const { start_date, end_date } = req.query;\n      if (!start_date || !end_date) {\n        res.status(400).json({ error: 'start_date and end_date are required' });\n        return;\n      }\n      const usage: UsageMetrics = await client.getTeamUsage(\n        teamId,\n        start_date as string,\n        end_date as string,\n      );\n      res.json(usage);\n    } catch (error: any) {\n      logger.error('Failed to fetch team usage', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  router.get('/usage', async (req: Request, res: Response) => {\n    try {\n      const { start_date, end_date, group_by } = req.query;\n      if (!start_date || !end_date) {\n        res.status(400).json({ error: 'start_date and end_date are required' });\n        return;\n      }\n      const tokenUserId = await resolveUserId(req, auth);\n      const userId = tokenUserId ?? (req.query.user_id as string | undefined);\n      const usage: UsageMetrics = await client.getUsage(\n        start_date as string,\n        end_date as string,\n        userId,\n        group_by as string | undefined,\n      );\n      res.json(usage);\n    } catch (error: any) {\n      logger.error('Failed to fetch usage', error);\n      res.status(500).json({ error: error.message });\n    }\n  });\n\n  return router;\n}\n", "import {\n  LiteLLMConfig,\n  UserInfo,\n  VirtualKey,\n  ModelInfo,\n  UsageMetrics,\n  TeamInfo,\n  GenerateKeyRequest,\n  GenerateKeyResponse,\n  DeleteKeyRequest,\n  CreateUserRequest,\n  CreateUserResponse,\n} from './types';\n\nconst DEFAULT_TIMEOUT = 30000;\n\nexport class LiteLLMClient {\n  private baseUrl: string;\n  private masterKey: string;\n  private timeout: number;\n\n  constructor(config: LiteLLMConfig, timeout = DEFAULT_TIMEOUT) {\n    this.baseUrl = config.baseUrl.replace(/\\/$/, '');\n    this.masterKey = config.masterKey;\n    this.timeout = timeout;\n  }\n\n  private async request<T>(path: string, options: RequestInit = {}): Promise<T> {\n    const controller = new AbortController();\n    const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n\n    try {\n      const response = await fetch(`${this.baseUrl}${path}`, {\n        ...options,\n        signal: controller.signal,\n        headers: {\n          'Content-Type': 'application/json',\n          'Authorization': `Bearer ${this.masterKey}`,\n          ...options.headers,\n        },\n      });\n\n      if (!response.ok) {\n        const errorBody = await response.text();\n        const err = new Error(`LiteLLM API error: ${response.status} ${response.statusText} - ${errorBody}`);\n        (err as any).status = response.status;\n        throw err;\n      }\n\n      return response.json();\n    } finally {\n      clearTimeout(timeoutId);\n    }\n  }\n\n  /**\n   * Returns null when the user is not found in LiteLLM (404).\n   * Throws on all other errors so callers know something went wrong.\n   */\n  async getUserInfo(userId?: string): Promise<UserInfo | null> {\n    const query = userId ? `?user_id=${encodeURIComponent(userId)}` : '';\n    try {\n      return await this.request<UserInfo>(`/user/info${query}`);\n    } catch (err: any) {\n      if (err.status === 404) return null;\n      throw err;\n    }\n  }\n\n  async createUser(payload: CreateUserRequest): Promise<CreateUserResponse> {\n    return this.request<CreateUserResponse>('/user/new', {\n      method: 'POST',\n      body: JSON.stringify(payload),\n    });\n  }\n\n  async listKeys(userId?: string): Promise<VirtualKey[]> {\n    const query = userId ? `?user_id=${encodeURIComponent(userId)}` : '';\n    const response = await this.request<{ info: VirtualKey[] } | VirtualKey[]>(`/key/info${query}`);\n    return Array.isArray(response) ? response : (response.info ?? []);\n  }\n\n  async generateKey(request: GenerateKeyRequest): Promise<GenerateKeyResponse> {\n    return this.request<GenerateKeyResponse>('/key/generate', {\n      method: 'POST',\n      body: JSON.stringify(request),\n    });\n  }\n\n  async deleteKeys(request: DeleteKeyRequest): Promise<{ success: boolean }> {\n    return this.request<{ success: boolean }>('/key/delete', {\n      method: 'POST',\n      body: JSON.stringify(request),\n    });\n  }\n\n  async listModels(): Promise<ModelInfo[]> {\n    const response = await this.request<{ data: ModelInfo[] } | ModelInfo[]>('/models');\n    return Array.isArray(response) ? response : (response.data ?? []);\n  }\n\n  async getTeamInfo(teamId: string): Promise<TeamInfo> {\n    return this.request<TeamInfo>(`/team/info?team_id=${encodeURIComponent(teamId)}`);\n  }\n\n  async getUsage(startDate: string, endDate: string, userId?: string, groupBy?: string): Promise<UsageMetrics> {\n    const params = new URLSearchParams({ start_date: startDate, end_date: endDate });\n    if (userId) params.append('user_id', userId);\n    if (groupBy) params.append('group_by', groupBy);\n    return this.request<UsageMetrics>(`/usage/keys?${params.toString()}`);\n  }\n\n  async getTeamUsage(teamId: string, startDate: string, endDate: string): Promise<UsageMetrics> {\n    const params = new URLSearchParams({ start_date: startDate, end_date: endDate, team_id: teamId });\n    return this.request<UsageMetrics>(`/usage/keys?${params.toString()}`);\n  }\n}\n"],
+  "mappings": ";AAAA,SAAS,cAAc,2BAA2B;;;ACAlD,SAAS,cAAiC;;;ACc1C,IAAM,kBAAkB;AAEjB,IAAM,gBAAN,MAAoB;AAAA,EAKzB,YAAY,QAAuB,UAAU,iBAAiB;AAC5D,SAAK,UAAU,OAAO,QAAQ,QAAQ,OAAO,EAAE;AAC/C,SAAK,YAAY,OAAO;AACxB,SAAK,UAAU;AAAA,EACjB;AAAA,EAEA,MAAc,QAAW,MAAc,UAAuB,CAAC,GAAe;AAC5E,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AAEnE,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI,IAAI;AAAA,QACrD,GAAG;AAAA,QACH,QAAQ,WAAW;AAAA,QACnB,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,iBAAiB,UAAU,KAAK,SAAS;AAAA,UACzC,GAAG,QAAQ;AAAA,QACb;AAAA,MACF,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,YAAY,MAAM,SAAS,KAAK;AACtC,cAAM,MAAM,IAAI,MAAM,sBAAsB,SAAS,MAAM,IAAI,SAAS,UAAU,MAAM,SAAS,EAAE;AACnG,QAAC,IAAY,SAAS,SAAS;AAC/B,cAAM;AAAA,MACR;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,UAAE;AACA,mBAAa,SAAS;AAAA,IACxB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAY,QAA2C;AAC3D,UAAM,QAAQ,SAAS,YAAY,mBAAmB,MAAM,CAAC,KAAK;AAClE,QAAI;AACF,aAAO,MAAM,KAAK,QAAkB,aAAa,KAAK,EAAE;AAAA,IAC1D,SAAS,KAAU;AACjB,UAAI,IAAI,WAAW,IAAK,QAAO;AAC/B,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,SAAyD;AACxE,WAAO,KAAK,QAA4B,aAAa;AAAA,MACnD,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,OAAO;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,SAAS,QAAwC;AACrD,UAAM,QAAQ,SAAS,YAAY,mBAAmB,MAAM,CAAC,KAAK;AAClE,UAAM,WAAW,MAAM,KAAK,QAA+C,YAAY,KAAK,EAAE;AAC9F,WAAO,MAAM,QAAQ,QAAQ,IAAI,WAAY,SAAS,QAAQ,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,YAAY,SAA2D;AAC3E,WAAO,KAAK,QAA6B,iBAAiB;AAAA,MACxD,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,OAAO;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,WAAW,SAA0D;AACzE,WAAO,KAAK,QAA8B,eAAe;AAAA,MACvD,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,OAAO;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,aAAmC;AACvC,UAAM,WAAW,MAAM,KAAK,QAA6C,SAAS;AAClF,WAAO,MAAM,QAAQ,QAAQ,IAAI,WAAY,SAAS,QAAQ,CAAC;AAAA,EACjE;AAAA,EAEA,MAAM,YAAY,QAAmC;AACnD,WAAO,KAAK,QAAkB,sBAAsB,mBAAmB,MAAM,CAAC,EAAE;AAAA,EAClF;AAAA,EAEA,MAAM,SAAS,WAAmB,SAAiB,QAAiB,SAAyC;AAC3G,UAAM,SAAS,IAAI,gBAAgB,EAAE,YAAY,WAAW,UAAU,QAAQ,CAAC;AAC/E,QAAI,OAAQ,QAAO,OAAO,WAAW,MAAM;AAC3C,QAAI,QAAS,QAAO,OAAO,YAAY,OAAO;AAC9C,WAAO,KAAK,QAAsB,eAAe,OAAO,SAAS,CAAC,EAAE;AAAA,EACtE;AAAA,EAEA,MAAM,aAAa,QAAgB,WAAmB,SAAwC;AAC5F,UAAM,SAAS,IAAI,gBAAgB,EAAE,YAAY,WAAW,UAAU,SAAS,SAAS,OAAO,CAAC;AAChG,WAAO,KAAK,QAAsB,eAAe,OAAO,SAAS,CAAC,EAAE;AAAA,EACtE;AACF;;;ADjFA,SAAS,yBAAyB,QAAsE;AACtG,QAAM,UAAU,OAAO,mBAAmB,8BAA8B,KAAK;AAC7E,QAAM,WAAiC;AAAA,IACrC,WAAW,OAAO,kBAAkB,yCAAyC,KAAK;AAAA,IAClF,gBAAgB,OAAO,kBAAkB,8CAA8C,KAAK;AAAA,IAC5F,QAAQ,OAAO,uBAAuB,sCAAsC,KAAK,CAAC;AAAA,IAClF,OAAO,OAAO,uBAAuB,qCAAqC,KAAK,CAAC;AAAA,IAChF,UAAU,OAAO,kBAAkB,wCAAwC;AAAA,IAC3E,UAAU,OAAO,kBAAkB,wCAAwC;AAAA,IAC3E,UAAW,OAAO,YAAoC,wCAAwC,KAAK,CAAC;AAAA,EACtG;AACA,SAAO,EAAE,SAAS,SAAS;AAC7B;AAOA,eAAe,cAAc,KAAc,MAAgD;AACzF,QAAM,WAAW,IAAI,QAAQ,eAAe,MAAM,CAAC;AACnD,MAAI,CAAC,SAAU,QAAO;AACtB,MAAI;AACF,UAAM,cAAc,MAAM,KAAK,aAAa,QAAQ;AACpD,UAAM,YAAY,YAAY;AAC9B,QAAI,WAAW,SAAS,QAAQ;AAC9B,aAAO,UAAU;AAAA,IACnB;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAMA,eAAe,cACb,QACA,QACA,UACA,QAC0B;AAC1B,QAAM,UAAU;AAAA,IACd,SAAS;AAAA,IACT,YAAY,SAAS;AAAA,IACrB,iBAAiB,SAAS;AAAA,IAC1B,QAAQ,SAAS;AAAA,IACjB,OAAO,SAAS;AAAA,IAChB,GAAI,SAAS,aAAa,UAAa,EAAE,WAAW,SAAS,SAAS;AAAA,IACtE,GAAI,SAAS,aAAa,UAAa,EAAE,WAAW,SAAS,SAAS;AAAA,IACtE,UAAU;AAAA,MACR,GAAG,SAAS;AAAA,MACZ,gBAAgB;AAAA,MAChB,iBAAgB,oBAAI,KAAK,GAAE,YAAY;AAAA,MACvC,kBAAkB;AAAA,IACpB;AAAA,EACF;AAEA,SAAO,KAAK,yDAAyD,MAAM,EAAE;AAC7E,MAAI;AACF,UAAM,OAAO,WAAW,OAAO;AAE/B,WAAO,MAAM,OAAO,YAAY,MAAM;AAAA,EACxC,SAAS,KAAU;AACjB,WAAO,MAAM,oCAAoC,MAAM,KAAK,IAAI,OAAO,EAAE;AACzE,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,aAAa,SAAyC;AAC1E,QAAM,EAAE,QAAQ,QAAQ,KAAK,IAAI;AAEjC,QAAM,UAAU,OAAO,UAAU,iBAAiB;AAClD,QAAM,YAAY,OAAO,UAAU,mBAAmB;AACtD,QAAM,SAAS,IAAI,cAAc,EAAE,SAAS,UAAU,CAAC;AACvD,QAAM,EAAE,SAAS,qBAAqB,UAAU,qBAAqB,IAAI,yBAAyB,MAAM;AAExG,MAAI,qBAAqB;AACvB,WAAO;AAAA,MACL,8DAAyD,qBAAqB,SAAS,IAAI,qBAAqB,cAAc,YAAY,qBAAqB,OAAO,SAAS,qBAAqB,OAAO,KAAK,GAAG,IAAI,KAAK,YAAY,qBAAqB,MAAM,KAAK,GAAG,CAAC;AAAA,IAC9Q;AAAA,EACF;AAEA,QAAM,SAAS,OAAO;AAEtB,SAAO,IAAI,WAAW,CAAC,MAAe,QAAkB;AACtD,QAAI,KAAK,EAAE,QAAQ,MAAM,cAAc,oBAAoB,CAAC;AAAA,EAC9D,CAAC;AAED,SAAO,IAAI,cAAc,OAAO,KAAc,QAAkB;AAC9D,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AAEzC,UAAI,WAA4B,MAAM,OAAO,YAAY,MAAM;AAE/D,UAAI,CAAC,UAAU;AACb,YAAI,uBAAuB,QAAQ;AACjC,qBAAW,MAAM,cAAc,QAAQ,QAAQ,sBAAsB,MAAM;AAAA,QAC7E;AAEA,YAAI,CAAC,UAAU;AACb,cAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YACnB,OAAO;AAAA,YACP,cAAc;AAAA,YACd,MAAM,sBACF,gEACA;AAAA,UACN,CAAC;AACD;AAAA,QACF;AAAA,MACF;AAEA,UAAI,KAAK,QAAQ;AAAA,IACnB,SAAS,OAAY;AACnB,aAAO,MAAM,6BAA6B,KAAK;AAC/C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,SAAS,OAAO,KAAc,QAAkB;AACzD,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AACzC,YAAM,OAAqB,MAAM,OAAO,SAAS,MAAM;AACvD,UAAI,KAAK,IAAI;AAAA,IACf,SAAS,OAAY;AACnB,aAAO,MAAM,uBAAuB,KAAK;AACzC,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,KAAK,kBAAkB,OAAO,KAAc,QAAkB;AACnE,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,UAA8B;AAAA,QAClC,GAAG,IAAI;AAAA,QACP,GAAI,eAAe,EAAE,SAAS,YAAY;AAAA,MAC5C;AACA,YAAM,SAA8B,MAAM,OAAO,YAAY,OAAO;AACpE,UAAI,KAAK,MAAM;AAAA,IACjB,SAAS,OAAY;AACnB,aAAO,MAAM,0BAA0B,KAAK;AAC5C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,OAAO,gBAAgB,OAAO,KAAc,QAAkB;AACnE,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,IAAI;AACtB,UAAI,CAAC,OAAO;AACV,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,oBAAoB,CAAC;AACnD;AAAA,MACF;AACA,YAAM,OAAO,WAAW,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;AACzC,UAAI,KAAK,EAAE,SAAS,KAAK,CAAC;AAAA,IAC5B,SAAS,OAAY;AACnB,aAAO,MAAM,wBAAwB,KAAK;AAC1C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,WAAW,OAAO,MAAe,QAAkB;AAC5D,QAAI;AACF,YAAM,SAAsB,MAAM,OAAO,WAAW;AACpD,UAAI,KAAK,MAAM;AAAA,IACjB,SAAS,OAAY;AACnB,aAAO,MAAM,yBAAyB,KAAK;AAC3C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,UAAU,OAAO,KAAc,QAAkB;AAC1D,QAAI;AACF,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AACzC,YAAM,WAA4B,MAAM,OAAO,YAAY,MAAM;AAEjE,UAAI,CAAC,UAAU,OAAO,QAAQ;AAC5B,YAAI,KAAK,CAAC,CAAC;AACX;AAAA,MACF;AAEA,YAAM,QAAQ,MAAM,QAAQ;AAAA,QAC1B,SAAS,MAAM;AAAA,UAAI,YACjB,OAAO,YAAY,MAAM,EAAE,MAAM,SAAO;AACtC,mBAAO,KAAK,wBAAwB,MAAM,KAAK,IAAI,OAAO,EAAE;AAC5D,mBAAO;AAAA,UACT,CAAC;AAAA,QACH;AAAA,MACF;AACA,UAAI,KAAK,MAAM,OAAO,OAAO,CAAe;AAAA,IAC9C,SAAS,OAAY;AACnB,aAAO,MAAM,yBAAyB,KAAK;AAC3C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,wBAAwB,OAAO,KAAc,QAAkB;AACxE,QAAI;AACF,YAAM,EAAE,OAAO,IAAI,IAAI;AACvB,YAAM,EAAE,YAAY,SAAS,IAAI,IAAI;AACrC,UAAI,CAAC,cAAc,CAAC,UAAU;AAC5B,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,uCAAuC,CAAC;AACtE;AAAA,MACF;AACA,YAAM,QAAsB,MAAM,OAAO;AAAA,QACvC;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,UAAI,KAAK,KAAK;AAAA,IAChB,SAAS,OAAY;AACnB,aAAO,MAAM,8BAA8B,KAAK;AAChD,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO,IAAI,UAAU,OAAO,KAAc,QAAkB;AAC1D,QAAI;AACF,YAAM,EAAE,YAAY,UAAU,SAAS,IAAI,IAAI;AAC/C,UAAI,CAAC,cAAc,CAAC,UAAU;AAC5B,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,uCAAuC,CAAC;AACtE;AAAA,MACF;AACA,YAAM,cAAc,MAAM,cAAc,KAAK,IAAI;AACjD,YAAM,SAAS,eAAgB,IAAI,MAAM;AACzC,YAAM,QAAsB,MAAM,OAAO;AAAA,QACvC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,UAAI,KAAK,KAAK;AAAA,IAChB,SAAS,OAAY;AACnB,aAAO,MAAM,yBAAyB,KAAK;AAC3C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,MAAM,QAAQ,CAAC;AAAA,IAC/C;AAAA,EACF,CAAC;AAED,SAAO;AACT;;;ADnRO,IAAM,gBAAgB,oBAAoB;AAAA,EAC/C,UAAU;AAAA,EACV,SAAS,KAAK;AACZ,QAAI,aAAa;AAAA,MACf,MAAM;AAAA,QACJ,YAAY,aAAa;AAAA,QACzB,QAAQ,aAAa;AAAA,QACrB,QAAQ,aAAa;AAAA,QACrB,MAAM,aAAa;AAAA,QACnB,WAAW,aAAa;AAAA,MAC1B;AAAA,MACA,MAAM,KAAK,EAAE,YAAY,QAAQ,QAAQ,KAAK,GAAG;AAC/C,cAAM,SAAS,MAAM,aAAa,EAAE,QAAQ,QAAQ,KAAK,CAAC;AAC1D,mBAAW,IAAI,MAAM;AAAA,MACvB;AAAA,IACF,CAAC;AAAA,EACH;AACF,CAAC;",
   "names": []
 }

package/dist/router.js CHANGED Viewed

@@ -3,13 +3,40 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createRouter = createRouter;
 const express_1 = require("express");
 const client_1 = require("./client");
+/**
+ * Reads the provisioning block from config, applying safe defaults for every
+ * field so the feature works out-of-the-box without any YAML required.
+ *
+ * Safe defaults rationale:
+ *   maxBudget:      $10  — prevents runaway spend on a forgotten test account
+ *   budgetDuration: 30d  — monthly reset, aligns with typical billing cycles
+ *   models:         []   — empty means all proxy models are allowed;
+ *                          restrict here or at team level for tighter control
+ *   teams:          []   — no automatic team assignment; add IDs to enrol users
+ *   tpmLimit:       none — LiteLLM global / team limits still apply
+ *   rpmLimit:       none — same
+ *   metadata:       backstage source tag only
+ */
+function readProvisioningDefaults(config) {
+    const enabled = config.getOptionalBoolean('litellm.provisioning.enabled') ?? false;
+    const defaults = {
+        maxBudget: config.getOptionalNumber('litellm.provisioning.defaults.maxBudget') ?? 10,
+        budgetDuration: config.getOptionalString('litellm.provisioning.defaults.budgetDuration') ?? '30d',
+        models: config.getOptionalStringArray('litellm.provisioning.defaults.models') ?? [],
+        teams: config.getOptionalStringArray('litellm.provisioning.defaults.teams') ?? [],
+        tpmLimit: config.getOptionalNumber('litellm.provisioning.defaults.tpmLimit'),
+        rpmLimit: config.getOptionalNumber('litellm.provisioning.defaults.rpmLimit'),
+        metadata: (config.getOptional('litellm.provisioning.defaults.metadata') ?? {}),
+    };
+    return { enabled, defaults };
+}
 /**
  * Extracts the authenticated Backstage user identity from the request token.
- * Returns the userEntityRef (e.g. "user:default/john.doe") or undefined if
+ * Returns the userEntityRef (e.g. "user:default/john.doe") or undefined when
  * the request carries no user credential (service-to-service calls).
  */
 async function resolveUserId(req, auth) {
-    const rawToken = req.headers.authorization?.slice(7); // strip "Bearer "
+    const rawToken = req.headers.authorization?.slice(7);
     if (!rawToken)
         return undefined;
     try {
@@ -20,27 +47,74 @@ async function resolveUserId(req, auth) {
         }
     }
     catch {
-        // token invalid or service token — fall through
+        // invalid or service token — caller gets query-param fallback
     }
     return undefined;
 }
+/**
+ * Creates a LiteLLM user for the given Backstage identity using the configured
+ * defaults. Returns the UserInfo of the newly created account.
+ */
+async function provisionUser(client, userId, defaults, logger) {
+    const payload = {
+        user_id: userId,
+        max_budget: defaults.maxBudget,
+        budget_duration: defaults.budgetDuration,
+        models: defaults.models,
+        teams: defaults.teams,
+        ...(defaults.tpmLimit !== undefined && { tpm_limit: defaults.tpmLimit }),
+        ...(defaults.rpmLimit !== undefined && { rpm_limit: defaults.rpmLimit }),
+        metadata: {
+            ...defaults.metadata,
+            provisioned_by: 'backstage',
+            provisioned_at: new Date().toISOString(),
+            backstage_entity: userId,
+        },
+    };
+    logger.info(`Provisioning new LiteLLM user for Backstage identity: ${userId}`);
+    try {
+        await client.createUser(payload);
+        // Fetch the freshly-created user record to return consistent UserInfo shape
+        return await client.getUserInfo(userId);
+    }
+    catch (err) {
+        logger.error(`Failed to provision LiteLLM user ${userId}: ${err.message}`);
+        return null;
+    }
+}
 async function createRouter(options) {
     const { config, logger, auth } = options;
     const baseUrl = config.getString('litellm.baseUrl');
     const masterKey = config.getString('litellm.masterKey');
     const client = new client_1.LiteLLMClient({ baseUrl, masterKey });
+    const { enabled: provisioningEnabled, defaults: provisioningDefaults } = readProvisioningDefaults(config);
+    if (provisioningEnabled) {
+        logger.info(`LiteLLM auto-provisioning enabled — defaults: budget=$${provisioningDefaults.maxBudget}/${provisioningDefaults.budgetDuration}, models=${provisioningDefaults.models.length ? provisioningDefaults.models.join(',') : 'all'}, teams=[${provisioningDefaults.teams.join(',')}]`);
+    }
     const router = (0, express_1.Router)();
     router.get('/health', (_req, res) => {
-        res.json({ status: 'ok' });
+        res.json({ status: 'ok', provisioning: provisioningEnabled });
     });
-    // Resolve user: prefer the identity extracted from the Backstage token so the
-    // caller cannot spoof another user_id. Falls back to the query param only when
-    // no user token is present (e.g. admin tooling using a service token).
     router.get('/user/info', async (req, res) => {
         try {
             const tokenUserId = await resolveUserId(req, auth);
             const userId = tokenUserId ?? req.query.user_id;
-            const userInfo = await client.getUserInfo(userId);
+            let userInfo = await client.getUserInfo(userId);
+            if (!userInfo) {
+                if (provisioningEnabled && userId) {
+                    userInfo = await provisionUser(client, userId, provisioningDefaults, logger);
+                }
+                if (!userInfo) {
+                    res.status(404).json({
+                        error: 'User not found in LiteLLM',
+                        provisioning: provisioningEnabled,
+                        hint: provisioningEnabled
+                            ? 'Provisioning attempted but failed — check LiteLLM logs'
+                            : 'Enable litellm.provisioning.enabled in app-config.yaml or create the user manually',
+                    });
+                    return;
+                }
+            }
             res.json(userInfo);
         }
         catch (error) {
@@ -65,7 +139,6 @@ async function createRouter(options) {
             const tokenUserId = await resolveUserId(req, auth);
             const request = {
                 ...req.body,
-                // Bind generated key to the authenticated user so LiteLLM enforces their limits.
                 ...(tokenUserId && { user_id: tokenUserId }),
             };
             const result = await client.generateKey(request);
@@ -101,15 +174,12 @@ async function createRouter(options) {
             res.status(500).json({ error: error.message });
         }
     });
-    // Returns TeamInfo for every team the authenticated user belongs to.
-    // Team membership is read from /user/info .teams[], then each team is
-    // resolved in parallel via /team/info.
     router.get('/teams', async (req, res) => {
         try {
             const tokenUserId = await resolveUserId(req, auth);
             const userId = tokenUserId ?? req.query.user_id;
             const userInfo = await client.getUserInfo(userId);
-            if (!userInfo.teams?.length) {
+            if (!userInfo?.teams?.length) {
                 res.json([]);
                 return;
             }
@@ -142,13 +212,13 @@ async function createRouter(options) {
     });
     router.get('/usage', async (req, res) => {
         try {
-            const { start_date, end_date, user_id, group_by } = req.query;
+            const { start_date, end_date, group_by } = req.query;
             if (!start_date || !end_date) {
                 res.status(400).json({ error: 'start_date and end_date are required' });
                 return;
             }
             const tokenUserId = await resolveUserId(req, auth);
-            const userId = tokenUserId ?? user_id;
+            const userId = tokenUserId ?? req.query.user_id;
             const usage = await client.getUsage(start_date, end_date, userId, group_by);
             res.json(usage);
         }

package/dist/types.cjs.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../src/types.ts"],
-  "sourcesContent": ["export interface UserInfo {\n  user_id: string;\n  user_email?: string;\n  email?: string;\n  teams?: string[];\n  models?: string[];\n  max_budget?: number;\n  spend?: number;\n  current_spend?: number;\n  soft_limit?: number;\n  hard_limit?: number;\n}\n\nexport interface TeamMember {\n  user_id: string;\n  role: 'admin' | 'user';\n}\n\nexport interface TeamInfo {\n  team_id: string;\n  team_alias?: string;\n  max_budget?: number;\n  spend: number;\n  members_with_roles?: TeamMember[];\n  models?: string[];\n  tpm_limit?: number;\n  rpm_limit?: number;\n}\n\nexport interface VirtualKey {\n  key: string;\n  key_alias?: string;\n  created_at: string;\n  expires_at?: string;\n  spend: number;\n  max_budget?: number;\n  tpm_limit?: number;\n  rpm_limit?: number;\n  models?: string[];\n  user_id?: string;\n}\n\nexport interface ModelInfo {\n  model_name: string;\n  mode: string;\n  supports_function_calling?: boolean;\n  supports_vision?: boolean;\n  input_cost_per_token?: number;\n  output_cost_per_token?: number;\n}\n\nexport interface UsageMetrics {\n  total_spend: number;\n  total_tokens: number;\n  prompt_tokens: number;\n  completion_tokens: number;\n  usage_by_model: Record<string, {\n    total_spend: number;\n    total_tokens: number;\n    prompt_tokens: number;\n    completion_tokens: number;\n  }>;\n  daily_usage: Array<{\n    date: string;\n    spend: number;\n    total_tokens: number;\n    prompt_tokens: number;\n    completion_tokens: number;\n  }>;\n}\n\nexport interface GenerateKeyRequest {\n  alias?: string;\n  models?: string[];\n  duration?: string;\n  max_budget?: number;\n  tpm_limit?: number;\n  rpm_limit?: number;\n  user_id?: string;\n}\n\nexport interface GenerateKeyResponse {\n  key: string;\n  key_alias?: string;\n  expires_at?: string;\n  max_budget?: number;\n  tpm_limit?: number;\n  rpm_limit?: number;\n  models?: string[];\n}\n\nexport interface DeleteKeyRequest {\n  keys: string[];\n}\n\nexport interface LiteLLMConfig {\n  baseUrl: string;\n  masterKey: string;\n}\n"],
+  "sourcesContent": ["export interface UserInfo {\n  user_id: string;\n  user_email?: string;\n  email?: string;\n  teams?: string[];\n  models?: string[];\n  max_budget?: number;\n  spend?: number;\n  current_spend?: number;\n  soft_limit?: number;\n  hard_limit?: number;\n}\n\nexport interface TeamMember {\n  user_id: string;\n  role: 'admin' | 'user';\n}\n\nexport interface TeamInfo {\n  team_id: string;\n  team_alias?: string;\n  max_budget?: number;\n  spend: number;\n  members_with_roles?: TeamMember[];\n  models?: string[];\n  tpm_limit?: number;\n  rpm_limit?: number;\n}\n\nexport interface VirtualKey {\n  key: string;\n  key_alias?: string;\n  created_at: string;\n  expires_at?: string;\n  spend: number;\n  max_budget?: number;\n  tpm_limit?: number;\n  rpm_limit?: number;\n  models?: string[];\n  user_id?: string;\n}\n\nexport interface ModelInfo {\n  model_name: string;\n  mode: string;\n  supports_function_calling?: boolean;\n  supports_vision?: boolean;\n  input_cost_per_token?: number;\n  output_cost_per_token?: number;\n}\n\nexport interface UsageMetrics {\n  total_spend: number;\n  total_tokens: number;\n  prompt_tokens: number;\n  completion_tokens: number;\n  usage_by_model: Record<string, {\n    total_spend: number;\n    total_tokens: number;\n    prompt_tokens: number;\n    completion_tokens: number;\n  }>;\n  daily_usage: Array<{\n    date: string;\n    spend: number;\n    total_tokens: number;\n    prompt_tokens: number;\n    completion_tokens: number;\n  }>;\n}\n\nexport interface GenerateKeyRequest {\n  alias?: string;\n  models?: string[];\n  duration?: string;\n  max_budget?: number;\n  tpm_limit?: number;\n  rpm_limit?: number;\n  user_id?: string;\n}\n\nexport interface GenerateKeyResponse {\n  key: string;\n  key_alias?: string;\n  expires_at?: string;\n  max_budget?: number;\n  tpm_limit?: number;\n  rpm_limit?: number;\n  models?: string[];\n}\n\nexport interface DeleteKeyRequest {\n  keys: string[];\n}\n\nexport interface LiteLLMConfig {\n  baseUrl: string;\n  masterKey: string;\n}\n\nexport interface ProvisioningDefaults {\n  maxBudget: number;\n  budgetDuration: string;\n  models: string[];\n  teams: string[];\n  tpmLimit?: number;\n  rpmLimit?: number;\n  metadata: Record<string, string>;\n}\n\nexport interface CreateUserRequest {\n  user_id: string;\n  user_email?: string;\n  max_budget?: number;\n  budget_duration?: string;\n  models?: string[];\n  teams?: string[];\n  tpm_limit?: number;\n  rpm_limit?: number;\n  metadata?: Record<string, string>;\n}\n\nexport interface CreateUserResponse {\n  user_id: string;\n  user_email?: string;\n  max_budget?: number;\n  models?: string[];\n  teams?: string[];\n}\n"],
   "mappings": ";;;;;;;;;;;;;;;;AAAA;AAAA;",
   "names": []
 }

package/dist/types.d.ts CHANGED Viewed

@@ -88,3 +88,30 @@ export interface LiteLLMConfig {
     baseUrl: string;
     masterKey: string;
 }
+export interface ProvisioningDefaults {
+    maxBudget: number;
+    budgetDuration: string;
+    models: string[];
+    teams: string[];
+    tpmLimit?: number;
+    rpmLimit?: number;
+    metadata: Record<string, string>;
+}
+export interface CreateUserRequest {
+    user_id: string;
+    user_email?: string;
+    max_budget?: number;
+    budget_duration?: string;
+    models?: string[];
+    teams?: string[];
+    tpm_limit?: number;
+    rpm_limit?: number;
+    metadata?: Record<string, string>;
+}
+export interface CreateUserResponse {
+    user_id: string;
+    user_email?: string;
+    max_budget?: number;
+    models?: string[];
+    teams?: string[];
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@acarmisc/backstage-plugin-litellm-backend",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "The Backstage backend plugin for LiteLLM governance",
   "backstage": {
     "role": "backend-plugin",