Skip to content

[Feat] Add Authentication + Permission Management for MCP List, Call Tool Ops #11682

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Jun 13, 2025
Merged

[Feat] Add Authentication + Permission Management for MCP List, Call Tool Ops #11682

merged 17 commits into from
Jun 13, 2025

Conversation

ishaan-jaff
Copy link
Contributor

@ishaan-jaff ishaan-jaff commented Jun 13, 2025
edited
Loading

[Feat] Add Authentication + Permission Management for MCP List, Call Tool Ops

Relevant issues

Pre-Submission checklist

Please complete all items before asking a LiteLLM maintainer to review your PR

  • I have Added testing in the tests/litellm/ directory, Adding at least 1 test is a hard requirement - see details
  • I have added a screenshot of my new test passing locally
  • My PR passes all unit tests on make test-unit
  • My PR's scope is as isolated as possible, it only solves 1 specific problem

Type

🆕 New Feature
✅ Test

Changes

@vercel Vercel
Copy link

vercel bot commented Jun 13, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
litellm ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 13, 2025 4:57pm

@ishaan-jaff ishaan-jaff requested a review from Copilot June 13, 2025 16:38
Copilot
Copilot AI reviewed Jun 13, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds authentication and permission filtering for MCP tool listing and invocation by integrating API key checks and team-based permissions into the MCP server and its management components.

  • Introduces UserAPIKeyAuthMCP for extracting and validating API keys from ASGI scopes, and retrieval of allowed MCP servers.
  • Updates MCP server routes (list_tools, call_tool, HTTP/SSE handlers) to set and use an authentication context via middleware.
  • Modifies MCPServerManager to filter available tools based on per-key and per-team permissions.

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
tests/test_litellm/proxy/_experimental/mcp_server/auth/test_user_api_key_auth_mcp.py Adds parametrized tests covering key‐ and team‐based server permissions and header parsing.
tests/mcp_tests/test_mcp_server.py Extends streamable HTTP and SSE handler tests with a full ASGI scope.
litellm/proxy/_experimental/mcp_server/server.py Injects auth context middleware, updates list_tools and HTTP/SSE handlers to retrieve and set auth context, and adds helper functions.
litellm/proxy/_experimental/mcp_server/mcp_server_manager.py Adds get_allowed_mcp_servers and updates list_tools to only query permitted servers.
litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py Implements header extraction, API key dispatch, and permission queries for keys and teams.
litellm/proxy/_experimental/mcp_server/auth/litellm_auth_handler.py Wraps UserAPIKeyAuth to conform with MCP’s AuthenticatedUser.
Comments suppressed due to low confidence (2)

litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py:105

  • There are no unit tests covering the team‐based permission code path in get_allowed_mcp_servers. Add tests for scenarios where user_api_key_auth.team_id provides allowed servers to verify correct intersection and set behavior.
async def get_allowed_mcp_servers(

litellm/proxy/_experimental/mcp_server/server.py:169

  • The functions get_auth_context and set_auth_context are defined inside get_mcp_server_enabled() and thus not visible at module scope. This will cause NameError when used in list_tools and the HTTP/SSE handlers. Move their definitions to the module top level or before any usage.
user_api_key_auth = get_auth_context()

@ishaan-jaff @Copilot
Update litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_…
ebe3e49 
…mcp.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@ishaan-jaff ishaan-jaff merged commit 19a8b23 into main Jun 13, 2025
34 of 46 checks passed
X4tar pushed a commit to X4tar/litellm that referenced this pull request Jun 17, 2025
@ishaan-jaff @Copilot @wickhu
[Feat] Add Authentication + Permission Management for MCP List, Call …
85d52b5 
…Tool Ops (BerriAI#11682)

* add basic auth checks for MCP

* working MCP auth

* fix MCP

* add get_allowed_mcp_servers for key, team

* add get_allowed_mcp_servers

* TOOLS FROM MCP SERVERS

* fix - working context vars for handling auth to MCPs

* fix imports

* working _get_allowed_mcp_servers_for_key

* TestUserAPIKeyAuthMCP

* test_user_api_key_auth_mcp

* fix code qa check

* fix imports

* test_mcp_server.py

* fix: fix - working permission mgmt

* Update litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ishaan-jaff