@acarmisc/backstage-plugin-litellm-backend 0.2.0 → 0.2.2

package/dist/client.d.ts

@@ -8,15 +8,61 @@ export declare class LiteLLMClient {
     /**
      * Returns null when the user is not found in LiteLLM (404).
      * Throws on all other errors so callers know something went wrong.
+     *
+     * LiteLLM's `/user/info` wraps the user row inside `user_info` and returns
+     * `teams` as an array of full team objects, not team_id strings. We flatten
+     * `user_info` onto the top level and reduce `teams` to a string[] of ids so
+     * the rest of the code can rely on the UserInfo contract.
      */
     getUserInfo(userId?: string): Promise<UserInfo | null>;
     createUser(payload: CreateUserRequest): Promise<CreateUserResponse>;
+    /**
+     * Updates an existing LiteLLM user record. Used as a defensive follow-up
+     * after /user/new because the upsert path of /user/new has been observed
+     * to silently drop fields like user_role under concurrent inserts.
+     */
+    updateUser(payload: Partial<CreateUserRequest> & {
+        user_id: string;
+    }): Promise<unknown>;
+    /**
+     * Returns the keys belonging to a user.
+     *
+     * Implementation note: LiteLLM's `/key/info` endpoint requires a `key`
+     * hash and returns 404 when only `user_id` is passed. The correct way
+     * to enumerate a user's keys is `/user/info?user_id=X`, which embeds
+     * a `keys` array with per-key metadata. We unwrap that array and
+     * normalise field names to match the frontend VirtualKey shape
+     * (LiteLLM exposes `key_name` for the masked display value and
+     * `expires` instead of `expires_at`).
+     */
     listKeys(userId?: string): Promise<VirtualKey[]>;
+    private toVirtualKey;
+    /**
+     * Creates a new virtual key on the LiteLLM proxy.
+     *
+     * Implementation notes — both required to avoid silently-empty keys:
+     *   1. The body must be the plain payload. An earlier version wrapped
+     *      it as `{ json: request }`; LiteLLM doesn't unwrap that envelope
+     *      and treats the request as having no fields, returning a key
+     *      with null alias / models / budget / limits.
+     *   2. LiteLLM expects `key_alias`, not `alias`. Without the rename,
+     *      the alias the user typed is dropped on the floor.
+     */
     generateKey(request: GenerateKeyRequest): Promise<GenerateKeyResponse>;
     updateKey(request: UpdateKeyRequest): Promise<VirtualKey>;
     deleteKeys(request: DeleteKeyRequest): Promise<{
         success: boolean;
     }>;
+    /**
+     * Returns the proxy's model catalogue normalised to the ModelInfo shape.
+     *
+     * Prefers `/model/info` which exposes `model_name`, `mode`, capability flags
+     * and per-token costs. Falls back to OpenAI-compatible `/models` (which only
+     * returns `{id}`) so the dropdown still works on installs where `/model/info`
+     * isn't reachable. Without this normalisation the UI saw blank labels and
+     * a single "other" group because `/models` doesn't populate `model_name`
+     * or `mode`.
+     */
     listModels(): Promise<ModelInfo[]>;
     getTeamInfo(teamId: string): Promise<TeamInfo>;
     private emptyUsage;

package/dist/client.js

@@ -17,7 +17,7 @@ class LiteLLMClient {
                 signal: controller.signal,
                 headers: {
                     'Content-Type': 'application/json',
-                    'Authorization': `Bearer ${this.masterKey}`,
+                    Authorization: `Bearer ${this.masterKey}`,
                     ...options.headers,
                 },
             });
@@ -36,11 +36,34 @@ class LiteLLMClient {
     /**
      * Returns null when the user is not found in LiteLLM (404).
      * Throws on all other errors so callers know something went wrong.
+     *
+     * LiteLLM's `/user/info` wraps the user row inside `user_info` and returns
+     * `teams` as an array of full team objects, not team_id strings. We flatten
+     * `user_info` onto the top level and reduce `teams` to a string[] of ids so
+     * the rest of the code can rely on the UserInfo contract.
      */
     async getUserInfo(userId) {
         const query = userId ? `?user_id=${encodeURIComponent(userId)}` : '';
         try {
-            return await this.request(`/user/info${query}`);
+            const raw = await this.request(`/user/info${query}`);
+            const inner = raw?.user_info ?? {};
+            const teamIds = Array.isArray(raw?.teams)
+                ? raw.teams
+                    .map((t) => (typeof t === 'string' ? t : t?.team_id))
+                    .filter((t) => typeof t === 'string')
+                : [];
+            return {
+                user_id: raw?.user_id ?? inner.user_id ?? userId ?? '',
+                user_email: inner.user_email ?? raw?.user_email,
+                email: inner.email ?? raw?.email,
+                teams: teamIds,
+                models: inner.models ?? raw?.models,
+                max_budget: inner.max_budget ?? raw?.max_budget,
+                spend: inner.spend ?? raw?.spend,
+                current_spend: inner.current_spend ?? raw?.current_spend,
+                soft_limit: inner.soft_limit ?? raw?.soft_limit,
+                hard_limit: inner.hard_limit ?? raw?.hard_limit,
+            };
         }
         catch (err) {
             if (err.status === 404)
@@ -54,11 +77,35 @@ class LiteLLMClient {
             body: JSON.stringify(payload),
         });
     }
+    /**
+     * Updates an existing LiteLLM user record. Used as a defensive follow-up
+     * after /user/new because the upsert path of /user/new has been observed
+     * to silently drop fields like user_role under concurrent inserts.
+     */
+    async updateUser(payload) {
+        return this.request('/user/update', {
+            method: 'POST',
+            body: JSON.stringify(payload),
+        });
+    }
+    /**
+     * Returns the keys belonging to a user.
+     *
+     * Implementation note: LiteLLM's `/key/info` endpoint requires a `key`
+     * hash and returns 404 when only `user_id` is passed. The correct way
+     * to enumerate a user's keys is `/user/info?user_id=X`, which embeds
+     * a `keys` array with per-key metadata. We unwrap that array and
+     * normalise field names to match the frontend VirtualKey shape
+     * (LiteLLM exposes `key_name` for the masked display value and
+     * `expires` instead of `expires_at`).
+     */
     async listKeys(userId) {
-        const query = userId ? `?user_id=${encodeURIComponent(userId)}` : '';
+        if (!userId)
+            return [];
         try {
-            const response = await this.request(`/key/info${query}`);
-            return Array.isArray(response) ? response : (response.info ?? []);
+            const response = await this.request(`/user/info?user_id=${encodeURIComponent(userId)}`);
+            const rawKeys = response.keys ?? [];
+            return rawKeys.map(this.toVirtualKey);
         }
         catch (err) {
             if (err.status === 404 || err.message.includes('not found')) {
@@ -67,10 +114,44 @@ class LiteLLMClient {
             throw err;
         }
     }
+    toVirtualKey(k) {
+        return {
+            // The hashed `token` never leaves LiteLLM in a usable form; the
+            // masked `key_name` ("sk-...XXXX") is what the UI displays. Fall
+            // back to `token` only when `key_name` is missing.
+            key: k.key_name ?? k.token,
+            token: k.token,
+            key_alias: k.key_alias ?? undefined,
+            created_at: k.created_at,
+            expires_at: k.expires ?? undefined,
+            spend: k.spend ?? 0,
+            max_budget: k.max_budget ?? undefined,
+            tpm_limit: k.tpm_limit ?? undefined,
+            rpm_limit: k.rpm_limit ?? undefined,
+            models: k.models ?? [],
+            user_id: k.user_id ?? undefined,
+        };
+    }
+    /**
+     * Creates a new virtual key on the LiteLLM proxy.
+     *
+     * Implementation notes — both required to avoid silently-empty keys:
+     *   1. The body must be the plain payload. An earlier version wrapped
+     *      it as `{ json: request }`; LiteLLM doesn't unwrap that envelope
+     *      and treats the request as having no fields, returning a key
+     *      with null alias / models / budget / limits.
+     *   2. LiteLLM expects `key_alias`, not `alias`. Without the rename,
+     *      the alias the user typed is dropped on the floor.
+     */
     async generateKey(request) {
+        const { alias, ...rest } = request;
+        const payload = {
+            ...rest,
+            ...(alias && { key_alias: alias }),
+        };
         return this.request('/key/generate', {
             method: 'POST',
-            body: JSON.stringify({ json: request }),
+            body: JSON.stringify(payload),
         });
     }
     async updateKey(request) {
@@ -85,9 +166,53 @@ class LiteLLMClient {
             body: JSON.stringify(request),
         });
     }
+    /**
+     * Returns the proxy's model catalogue normalised to the ModelInfo shape.
+     *
+     * Prefers `/model/info` which exposes `model_name`, `mode`, capability flags
+     * and per-token costs. Falls back to OpenAI-compatible `/models` (which only
+     * returns `{id}`) so the dropdown still works on installs where `/model/info`
+     * isn't reachable. Without this normalisation the UI saw blank labels and
+     * a single "other" group because `/models` doesn't populate `model_name`
+     * or `mode`.
+     */
     async listModels() {
-        const response = await this.request('/models');
-        return Array.isArray(response) ? response : (response.data ?? []);
+        try {
+            const response = await this.request('/model/info');
+            const data = Array.isArray(response?.data) ? response.data : [];
+            const normalised = data.map((m) => {
+                const info = m.model_info ?? {};
+                const params = m.litellm_params ?? {};
+                return {
+                    model_name: m.model_name ?? params.model ?? info.id ?? '',
+                    mode: info.mode ?? m.mode ?? 'chat',
+                    supports_function_calling: info.supports_function_calling ?? m.supports_function_calling,
+                    supports_vision: info.supports_vision ?? m.supports_vision,
+                    input_cost_per_token: info.input_cost_per_token ?? params.input_cost_per_token,
+                    output_cost_per_token: info.output_cost_per_token ?? params.output_cost_per_token,
+                };
+            });
+            const filtered = normalised.filter(m => m.model_name);
+            if (filtered.length)
+                return filtered;
+        }
+        catch {
+            // fall through to /models
+        }
+        const fallback = await this.request('/models');
+        const data = Array.isArray(fallback)
+            ? fallback
+            : Array.isArray(fallback?.data)
+                ? fallback.data
+                : [];
+        return data
+            .map((m) => ({
+            model_name: m.model_name ?? m.id ?? '',
+            mode: m.mode ?? 'chat',
+            supports_function_calling: m.supports_function_calling,
+            supports_vision: m.supports_vision,
+        }))
+            .filter((m) => m.model_name);
     }
     async getTeamInfo(teamId) {
         return this.request(`/team/info?team_id=${encodeURIComponent(teamId)}`);
@@ -120,7 +245,9 @@ class LiteLLMClient {
      *   - usage_by_key    → which keys drove cost / traffic (with key_alias + team_id from metadata)
      */
     transformDailyActivity(response) {
-        const results = Array.isArray(response?.results) ? response.results : [];
+        const results = Array.isArray(response?.results)
+            ? response.results
+            : [];
         const meta = response?.metadata ?? {};
         const daily_usage = results
             .map(r => ({

package/dist/index.cjs.js

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,6 +17,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
@@ -22,6 +32,7 @@ var index_exports = {};
 __export(index_exports, {
   LiteLLMClient: () => LiteLLMClient,
   createRouter: () => createRouter,
+  default: () => litellmPlugin,
   litellmPlugin: () => litellmPlugin
 });
 module.exports = __toCommonJS(index_exports);
@@ -30,7 +41,7 @@ module.exports = __toCommonJS(index_exports);
 var import_backend_plugin_api = require("@backstage/backend-plugin-api");
 
 // src/router.ts
-var import_express = require("express");
+var import_express = __toESM(require("express"));
 var import_catalog_client = require("@backstage/catalog-client");
 
 // src/client.ts
@@ -50,13 +61,15 @@ var LiteLLMClient = class {
         signal: controller.signal,
         headers: {
           "Content-Type": "application/json",
-          "Authorization": `Bearer ${this.masterKey}`,
+          Authorization: `Bearer ${this.masterKey}`,
           ...options.headers
         }
       });
       if (!response.ok) {
         const errorBody = await response.text();
-        const err = new Error(`LiteLLM API error: ${response.status} ${response.statusText} - ${errorBody}`);
+        const err = new Error(
+          `LiteLLM API error: ${response.status} ${response.statusText} - ${errorBody}`
+        );
         err.status = response.status;
         throw err;
       }
@@ -68,11 +81,30 @@ var LiteLLMClient = class {
   /**
    * Returns null when the user is not found in LiteLLM (404).
    * Throws on all other errors so callers know something went wrong.
+   *
+   * LiteLLM's `/user/info` wraps the user row inside `user_info` and returns
+   * `teams` as an array of full team objects, not team_id strings. We flatten
+   * `user_info` onto the top level and reduce `teams` to a string[] of ids so
+   * the rest of the code can rely on the UserInfo contract.
    */
   async getUserInfo(userId) {
     const query = userId ? `?user_id=${encodeURIComponent(userId)}` : "";
     try {
-      return await this.request(`/user/info${query}`);
+      const raw = await this.request(`/user/info${query}`);
+      const inner = raw?.user_info ?? {};
+      const teamIds = Array.isArray(raw?.teams) ? raw.teams.map((t) => typeof t === "string" ? t : t?.team_id).filter((t) => typeof t === "string") : [];
+      return {
+        user_id: raw?.user_id ?? inner.user_id ?? userId ?? "",
+        user_email: inner.user_email ?? raw?.user_email,
+        email: inner.email ?? raw?.email,
+        teams: teamIds,
+        models: inner.models ?? raw?.models,
+        max_budget: inner.max_budget ?? raw?.max_budget,
+        spend: inner.spend ?? raw?.spend,
+        current_spend: inner.current_spend ?? raw?.current_spend,
+        soft_limit: inner.soft_limit ?? raw?.soft_limit,
+        hard_limit: inner.hard_limit ?? raw?.hard_limit
+      };
     } catch (err) {
       if (err.status === 404) return null;
       throw err;
@@ -84,11 +116,36 @@ var LiteLLMClient = class {
       body: JSON.stringify(payload)
     });
   }
+  /**
+   * Updates an existing LiteLLM user record. Used as a defensive follow-up
+   * after /user/new because the upsert path of /user/new has been observed
+   * to silently drop fields like user_role under concurrent inserts.
+   */
+  async updateUser(payload) {
+    return this.request("/user/update", {
+      method: "POST",
+      body: JSON.stringify(payload)
+    });
+  }
+  /**
+   * Returns the keys belonging to a user.
+   *
+   * Implementation note: LiteLLM's `/key/info` endpoint requires a `key`
+   * hash and returns 404 when only `user_id` is passed. The correct way
+   * to enumerate a user's keys is `/user/info?user_id=X`, which embeds
+   * a `keys` array with per-key metadata. We unwrap that array and
+   * normalise field names to match the frontend VirtualKey shape
+   * (LiteLLM exposes `key_name` for the masked display value and
+   * `expires` instead of `expires_at`).
+   */
   async listKeys(userId) {
-    const query = userId ? `?user_id=${encodeURIComponent(userId)}` : "";
+    if (!userId) return [];
     try {
-      const response = await this.request(`/key/info${query}`);
-      return Array.isArray(response) ? response : response.info ?? [];
+      const response = await this.request(
+        `/user/info?user_id=${encodeURIComponent(userId)}`
+      );
+      const rawKeys = response.keys ?? [];
+      return rawKeys.map(this.toVirtualKey);
     } catch (err) {
       if (err.status === 404 || err.message.includes("not found")) {
         return [];
@@ -96,10 +153,44 @@ var LiteLLMClient = class {
       throw err;
     }
   }
+  toVirtualKey(k) {
+    return {
+      // The hashed `token` never leaves LiteLLM in a usable form; the
+      // masked `key_name` ("sk-...XXXX") is what the UI displays. Fall
+      // back to `token` only when `key_name` is missing.
+      key: k.key_name ?? k.token,
+      token: k.token,
+      key_alias: k.key_alias ?? void 0,
+      created_at: k.created_at,
+      expires_at: k.expires ?? void 0,
+      spend: k.spend ?? 0,
+      max_budget: k.max_budget ?? void 0,
+      tpm_limit: k.tpm_limit ?? void 0,
+      rpm_limit: k.rpm_limit ?? void 0,
+      models: k.models ?? [],
+      user_id: k.user_id ?? void 0
+    };
+  }
+  /**
+   * Creates a new virtual key on the LiteLLM proxy.
+   *
+   * Implementation notes — both required to avoid silently-empty keys:
+   *   1. The body must be the plain payload. An earlier version wrapped
+   *      it as `{ json: request }`; LiteLLM doesn't unwrap that envelope
+   *      and treats the request as having no fields, returning a key
+   *      with null alias / models / budget / limits.
+   *   2. LiteLLM expects `key_alias`, not `alias`. Without the rename,
+   *      the alias the user typed is dropped on the floor.
+   */
   async generateKey(request) {
+    const { alias, ...rest } = request;
+    const payload = {
+      ...rest,
+      ...alias && { key_alias: alias }
+    };
     return this.request("/key/generate", {
       method: "POST",
-      body: JSON.stringify({ json: request })
+      body: JSON.stringify(payload)
     });
   }
   async updateKey(request) {
@@ -114,12 +205,49 @@ var LiteLLMClient = class {
       body: JSON.stringify(request)
     });
   }
+  /**
+   * Returns the proxy's model catalogue normalised to the ModelInfo shape.
+   *
+   * Prefers `/model/info` which exposes `model_name`, `mode`, capability flags
+   * and per-token costs. Falls back to OpenAI-compatible `/models` (which only
+   * returns `{id}`) so the dropdown still works on installs where `/model/info`
+   * isn't reachable. Without this normalisation the UI saw blank labels and
+   * a single "other" group because `/models` doesn't populate `model_name`
+   * or `mode`.
+   */
   async listModels() {
-    const response = await this.request("/models");
-    return Array.isArray(response) ? response : response.data ?? [];
+    try {
+      const response = await this.request("/model/info");
+      const data2 = Array.isArray(response?.data) ? response.data : [];
+      const normalised = data2.map((m) => {
+        const info = m.model_info ?? {};
+        const params = m.litellm_params ?? {};
+        return {
+          model_name: m.model_name ?? params.model ?? info.id ?? "",
+          mode: info.mode ?? m.mode ?? "chat",
+          supports_function_calling: info.supports_function_calling ?? m.supports_function_calling,
+          supports_vision: info.supports_vision ?? m.supports_vision,
+          input_cost_per_token: info.input_cost_per_token ?? params.input_cost_per_token,
+          output_cost_per_token: info.output_cost_per_token ?? params.output_cost_per_token
+        };
+      });
+      const filtered = normalised.filter((m) => m.model_name);
+      if (filtered.length) return filtered;
+    } catch {
+    }
+    const fallback = await this.request("/models");
+    const data = Array.isArray(fallback) ? fallback : Array.isArray(fallback?.data) ? fallback.data : [];
+    return data.map((m) => ({
+      model_name: m.model_name ?? m.id ?? "",
+      mode: m.mode ?? "chat",
+      supports_function_calling: m.supports_function_calling,
+      supports_vision: m.supports_vision
+    })).filter((m) => m.model_name);
   }
   async getTeamInfo(teamId) {
-    return this.request(`/team/info?team_id=${encodeURIComponent(teamId)}`);
+    return this.request(
+      `/team/info?team_id=${encodeURIComponent(teamId)}`
+    );
   }
   emptyUsage() {
     return {
@@ -243,7 +371,9 @@ var LiteLLMClient = class {
     });
     if (userId) params.append("user_id", userId);
     try {
-      const response = await this.request(`/user/daily/activity?${params.toString()}`);
+      const response = await this.request(
+        `/user/daily/activity?${params.toString()}`
+      );
       return this.transformDailyActivity(response);
     } catch (err) {
       if (err.status === 404 || err.message.includes("not found")) {
@@ -260,7 +390,9 @@ var LiteLLMClient = class {
       page_size: "100"
     });
     try {
-      const response = await this.request(`/team/daily/activity?${params.toString()}`);
+      const response = await this.request(
+        `/team/daily/activity?${params.toString()}`
+      );
       return this.transformDailyActivity(response);
     } catch (err) {
       if (err.status === 404 || err.message.includes("not found")) {
@@ -370,6 +502,7 @@ async function provisionUser(client, userId, defaults, profile, backstageEntity,
     ...defaults.tpmLimit !== void 0 && { tpm_limit: defaults.tpmLimit },
     ...defaults.rpmLimit !== void 0 && { rpm_limit: defaults.rpmLimit },
     ...defaults.userRole && { user_role: defaults.userRole },
+    auto_create_key: false,
     metadata: {
       ...defaults.metadata,
       provisioned_by: "backstage",
@@ -537,6 +670,7 @@ async function createRouter(options) {
     );
   }
   const router = (0, import_express.Router)();
+  router.use(import_express.default.json());
   router.get("/health", (_req, res) => {
     res.json({ status: "ok", provisioning: provisioningEnabled });
   });
@@ -593,6 +727,19 @@ async function createRouter(options) {
   });
   router.post("/keys/generate", async (req, res) => {
     try {
+      const body = req.body ?? {};
+      const missing = [];
+      if (!body.alias?.trim()) missing.push("alias");
+      if (typeof body.max_budget !== "number" || body.max_budget <= 0) {
+        missing.push("max_budget (positive number)");
+      }
+      if (missing.length) {
+        res.status(400).json({
+          error: "Missing required fields",
+          hint: `Required: ${missing.join(", ")}`
+        });
+        return;
+      }
       const tokenEntityRef = await resolveUserId(req, auth);
       const resolvedUserId = tokenEntityRef ? toLiteLLMUserId(tokenEntityRef, userIdDomain) : void 0;
       if (resolvedUserId) {
@@ -608,8 +755,20 @@ async function createRouter(options) {
           logger
         );
       }
+      const profile = tokenEntityRef ? await resolveUserProfile(tokenEntityRef, catalogClient, auth, logger) : {};
+      const enrichedMetadata = {
+        ...body.metadata ?? {},
+        created_by_backstage_user: tokenEntityRef ?? "unknown",
+        ...profile.email && { created_by_email: profile.email },
+        ...profile.displayName && {
+          created_by_display_name: profile.displayName
+        },
+        created_via: "backstage",
+        created_at_iso: (/* @__PURE__ */ new Date()).toISOString()
+      };
       const request = {
-        ...req.body,
+        ...body,
+        metadata: enrichedMetadata,
         ...resolvedUserId && { user_id: resolvedUserId }
       };
       const result = await client.generateKey(request);