feat: Add 'All Org Models' option for API key model access

[colesmcintosh]

Title

Add 'All Org Models' option for API key model access

Relevant issues

N/A - Feature enhancement

Pre-Submission checklist

Please complete all items before asking a LiteLLM maintainer to review your PR

• I have Added testing in the tests/litellm/ directory, Adding at least 1 test is a hard requirement - see details
• I have added a screenshot of my new test passing locally
• My PR passes all unit tests on make test-unit
• My PR's scope is as isolated as possible, it only solves 1 specific problem

Type

🆕 New Feature

Changes

Summary

This PR adds an "All Org Models" option that allows API keys to inherit all models available at the organization level. This provides better hierarchical model access control and makes it easier to manage model permissions across different teams and environments.

Demo Video

🎥 Watch the UI Demo on Loom

What Changed

Backend Changes:

• Added all_org_models = "all-org-models" to the SpecialModelNames enum in _types.py
• Created get_org_models() async function to fetch organization models from the database
• Created get_key_models_async() to handle async resolution of org models
• Updated can_key_call_model() to resolve org models during API calls
• Updated /v1/models and /v2/model/info endpoints to use async model resolution when needed

Frontend Changes:

• Updated create_key_button.tsx to show "All Org Models" option when creating API keys (only shown if team has an organization)
• Updated key_edit_view.tsx to show "All Org Models" option when editing API keys
• Updated getModelDisplayName() to display "All Org Models" properly

How It Works

1. When creating an API key, users can select "All Org Models" if their team belongs to an organization
2. This special model name is stored in the key's models array as ["all-org-models"]
3. During API calls, the system resolves "all-org-models" to the actual list of models the organization has access to
4. The resolution happens asynchronously to fetch the organization's models from the database

Benefits

• Better Organization Control: Organizations can manage model access centrally
• Simplified Team Management: Teams can use org-level permissions without duplicating model lists
• Environment Separation: Easy to manage different model access for production/development/QA teams
• Dynamic Updates: Changes to org models are immediately reflected for all keys using "all-org-models"

Testing Done

• Created 9 unit tests covering all core functionality
• Tests verify enum value, sync/async resolution, and authentication flow
• All tests passing locally:

$ python -m pytest tests/test_litellm/proxy/auth/test_all_org_models.py -v
============================== 9 passed in 0.64s ===============================

Test Coverage

• test_special_model_name_exists - Verifies the enum value exists
• test_get_key_models_recognizes_all_org_models - Tests sync recognition
• test_get_key_models_async_with_org_models - Tests async resolution
• test_auth_checks_integration - Tests full authentication flow
• Plus 5 additional tests for edge cases and other special model names

Notes

• The database schema already supported organization models (models field in LiteLLM_OrganizationTable)
• This implementation follows the same pattern as existing "All Team Models" and "All Proxy Models" features
• Organization models provide hierarchical access control: Org → Team → Key
• No breaking changes - fully backward compatible

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
litellm	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 23, 2025 8:31pm

[krrishdholakia]

if i select a team, which does not have access to all org models, will i still see 'all-org-models' as an option?

[krrishdholakia]

why do we need a new async implementation? if get_key_models worked for teams and keys, it should work for orgs as well