Skip to content

feat(llm): support litellm LLM provider#178

Merged
imbajin merged 21 commits intomainfrom
support_litellm
Feb 27, 2025
Merged

feat(llm): support litellm LLM provider#178
imbajin merged 21 commits intomainfrom
support_litellm

Conversation

@coderzc
Copy link
Member

@coderzc coderzc commented Feb 25, 2025

Add litellm to support more LLM providers

package update

openai~=1.61.0
...
litellm~=1.61.13

@dosubot dosubot bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Feb 25, 2025
@github-actions github-actions bot added the llm label Feb 25, 2025
@github-actions
Copy link

github-actions bot commented Feb 25, 2025

Dependency Review

The following issues were found:
  • ❌ 1 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

Vulnerabilities

hugegraph-llm/poetry.lock

NameVersionVulnerabilitySeverity
litellm1.30.7LiteLLM has Server-Side Template Injection vulnerability in /completions endpointcritical
litellm vulnerable to remote code execution based on using eval unsafelycritical
Arbitrary file deletion in litellmhigh
LiteLLM Server-Side Request Forgery (SSRF) vulnerabilityhigh
SQL injection in litellmmoderate
litellm vulnerable to improper access control in team managementmoderate

License Issues

hugegraph-llm/pyproject.toml

PackageVersionLicenseIssue Type
litellm~ 1.61.13NullUnknown License

hugegraph-llm/requirements.txt

PackageVersionLicenseIssue Type
litellm~> 1.61.13NullUnknown License
Denied Licenses: GPL-3.0, AGPL-1.0, AGPL-3.0, LGPL-2.0, CC-BY-3.0

OpenSSF Scorecard

PackageVersionScoreDetails
pip/litellm 1.30.7 UnknownUnknown
pip/importlib-metadata 8.6.1 🟢 6.1
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 1Found 4/24 approved changesets -- score normalized to 1
Binary-Artifacts🟢 8binaries present in source code
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Maintained🟢 65 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/tokenizers 0.21.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 7Found 21/29 approved changesets -- score normalized to 7
Maintained🟢 1015 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging🟢 10packaging workflow detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
pip/zipp 3.21.0 🟢 5.6
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Code-Review⚠️ 0Found 1/28 approved changesets -- score normalized to 0
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/litellm ~ 1.61.13 UnknownUnknown
pip/openai ~ 1.61.0 🟢 6.2
Details
CheckScoreReason
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ -1Found no human activity in the last 8 changesets
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/litellm ~> 1.61.13 UnknownUnknown
pip/openai ~> 1.61.0 🟢 6.2
Details
CheckScoreReason
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ -1Found no human activity in the last 8 changesets
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • hugegraph-llm/poetry.lock
  • hugegraph-llm/pyproject.toml
  • hugegraph-llm/requirements.txt

@dosubot dosubot bot added the enhancement New feature or request label Feb 25, 2025
@coderzc coderzc changed the title feat: support litellm LLM provider feat(llm): support litellm LLM provider Feb 25, 2025
return 4096 # Default to 4096 if model not found

def get_llm_type(self) -> str:
return "litellm" No newline at end of file
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return "litellm"
return "litellm"

if np.all(emb1 == 0) or np.all(emb2 == 0):
return 0.0
# Calculate cosine similarity
return float(np.dot(emb1, emb2) / (np.linalg.norm(emb1) * np.linalg.norm(emb2))) No newline at end of file
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return float(np.dot(emb1, emb2) / (np.linalg.norm(emb1) * np.linalg.norm(emb2)))
return float(np.dot(emb1, emb2) / (np.linalg.norm(emb1) * np.linalg.norm(emb2)))

src/hugegraph_llm/resources/demo/questions.xlsx
src/hugegraph_llm/resources/backup-graph-data-4020/

uv.lock No newline at end of file
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
uv.lock
uv.lock

Copy link
Member

@imbajin imbajin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: we could unity LLM configs to one

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Feb 27, 2025
@imbajin imbajin merged commit 3e0bf46 into main Feb 27, 2025
11 checks passed
@imbajin imbajin deleted the support_litellm branch February 27, 2025 08:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request lgtm This PR has been approved by a maintainer llm size:L This PR changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants