Hidden Assumptions in litellm

Cache system assumes cached ModelResponse objects remain valid and compatible with current response schema, but doesn't version cache entries or validate schema on retrieval

If this fails: When ModelResponse structure changes between versions, clients receive cached responses with missing or wrongly-typed fields, causing silent data corruption

Model health tracking assumes in-memory success/failure counters won't overflow or consume unbounded memory, but doesn't implement cleanup for inactive models or cap the number of tracked deployments

If this fails: Long-running proxy servers with many model deployments experience memory leaks as health metrics accumulate indefinitely, eventually causing OOM crashes

Database operations assume UserAPIKeyAuth records are updated atomically for usage tracking, but concurrent requests can race to update the same user's budget/usage counters

If this fails: Multiple simultaneous requests from the same API key can cause budget enforcement to fail, allowing users to exceed spending limits until the next database sync

Request transformation assumes message content and parameters fit within reasonable size limits, but doesn't validate total request payload size before sending to LLM providers

If this fails: Extremely large requests (multi-MB prompts) get sent to providers that reject them with cryptic errors, wasting API quota and causing confusing timeouts

Provider-specific classes assume environment variables and API keys are available when making requests, but don't validate credentials are valid or have sufficient permissions until the actual API call

If this fails: Invalid or expired provider API keys cause authentication failures that surface as generic HTTP 401/403 errors, making it hard to diagnose which specific provider credential is broken

Success callbacks in CustomLogger assume the ModelResponse object passed to them is complete and immutable, but there's no enforcement preventing callbacks from modifying the response object

If this fails: Poorly written logging callbacks can accidentally modify response data, causing later callbacks or the final client response to contain corrupted usage metrics or response content

Failover logic assumes fallback models in the configuration are always available and healthy when primary models fail, but doesn't validate fallback model health before attempting the retry

If this fails: When primary and all fallback models are simultaneously unhealthy, requests fail with the last fallback's error message instead of a clear 'all models unavailable' error

YAML configuration parsing assumes all environment variable references (${OPENAI_API_KEY}) have corresponding env vars set, but only validates this at runtime when the config value is actually used

If this fails: Missing environment variables cause startup to succeed but requests fail with unclear 'None' API key errors when that specific model deployment is selected

Cache key generation assumes request parameters can be serialized to a reasonable string length for Redis keys, but doesn't limit or hash extremely long prompts

If this fails: Very long prompts generate cache keys that exceed Redis key length limits (512MB), causing cache operations to silently fail and degrading performance

Request/response middleware assumes callbacks execute in a consistent order, but the callback list can be modified by other threads during request processing

If this fails: Concurrent modification of the callback list can cause callbacks to be skipped or executed multiple times, leading to incorrect usage metrics or duplicate log entries