[Feat] A2a Gateway - allow using bedrock agentcore, langgraph agents with A2a Gateway

[ishaan-jaff]

[Feat] A2a Gateway - allow using bedrock agentcore, langgraph agents with A2a Gateway

Relevant issues

Pre-Submission checklist

Please complete all items before asking a LiteLLM maintainer to review your PR

• I have Added testing in the tests/litellm/ directory, Adding at least 1 test is a hard requirement - see details
• I have added a screenshot of my new test passing locally
• My PR passes all unit tests on make test-unit
• My PR's scope is as isolated as possible, it only solves 1 specific problem

Type

🆕 New Feature
✅ Test

Changes

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
litellm	Error			Dec 10, 2025 8:56pm

To fix this issue, we must avoid logging sensitive fields (such as any kind of API key, tokens, or likely-secret values) as part of the raw payload. The proper way is to sanitize the payload before logging by removing or masking sensitive information. Specifically, prior to logging, we should create a sanitized copy of the payload dictionary with potentially sensitive fields either removed or replaced with a placeholder (e.g., "***"). This includes, at a minimum, theoretically sensitive standard fields such as "api_key" (if present) and any other field known to possibly contain secrets (e.g., "Authorization", "assistant_id" if it can be secret, or any user-defined metadata/config fields as appropriate). The replacement should only apply to the logger call, returning the original payload object normally.
Edits should occur directly in the transform_request method (around line 220) in litellm/llms/langgraph/chat/transformation.py, possibly adding a small utility method in this file for clarity if multiple log sanitizations are needed, or just inlining it for one-off use. This change does not require new imports or definitions from outside the provided snippet.

---

To resolve the issue, avoid logging sensitive data (such as API endpoints that could include credentials or secrets) as clear text.

• General approach: Never log full endpoints or URL values which could, in some deployments, contain sensitive query string parameters, credentials, tokens, or keys.
• Best practice: If you need to log requests for debugging purposes, you should sanitize any user/configuration-derived values before logging, or alternatively, omit these values from logs altogether.
• Specific fix for this code:
  • In litellm/llms/langgraph/chat/transformation.py, within the get_sync_custom_stream_wrapper method, remove or sanitize the verbose_logger.debug(f"Making sync streaming request to: {api_base}") logging statement.
  • If you still want to log activity for observability, replace it with a generic message, e.g., "Making sync streaming request," without exposing the endpoint.
  • No new methods or complex imports are required; only edit the logging statement.

To remediate this vulnerability, we should avoid logging the complete api_base value, as it may contain embedded secrets or sensitive keys. Instead, log only generic information, or completely omit logging sensitive connection endpoints. In this context, replacing:

verbose_logger.debug(f"Making async streaming request to: {api_base}")

with:

verbose_logger.debug("Making async streaming request to LangGraph endpoint.")

or, at most, logging only the scheme and domain (i.e. stripping path and query). This guarantees sensitive information is not printed.
Make the same change for similar sync handler (line 296), for complete coverage.

No new imports are needed, and existing logger usage remains unchanged. Only the log statement context string needs to be changed.