2024-05-28 08:27:45 -04:00
|
|
|
const {
|
🗨️ feat: Prompts (#3131)
* 🗨️ feat: Prompts (#7)
* WIP: MERGE prompts/frontend (#1)
* added schema for prompt and promptgroup, added model methods for prompts, added routes for prompts
* * updated promptGroup Schema
* updated model methods for prompts (get, add, delete)
* slight fixes in prompt routes
* * Created Files Management components
* Created Vector Stores components
* Added file management route in the routes folder
* Completed UI for Files list, Compeleted UI for vector stores list, Completed UI for upload file modal, Completed UI for preview file, Completed UI for preview vector store
* Fixed style and UI fixes for file dashboard, file list and vector stores list
* added responsiveness classes for vector store page
* fixed responsiveness of file page, dashboard page, and main page
* fixed styling and responsiveness issues on dashboard page, file list page and vector store page
* added queries and mutations for prompts and promptGroups, added relevant endpoints in data-provider, added relevant components prompts, added and updated relevant APIs
* added types on mutation queries data service, updated prompt attributes
* feature: Prompts and prompt groups management, added relevant APIs, added types for data service/queries/mutations, added relevant mutation and queries
* chore: typing clarifications
* added drop down on prompts mgmt dashboard
* Fixes: fixed version switching issue on tags update or labels update, added cross button on create prompt group, fixed list updation on prompt group renaiming, added CSV upload button
* Feature: Added oneliner and category attributes in prompt group, added schema for categories, added schema methods and route for categories
* chore: typing and lint issues
* chore: more type and linter fixes
* chore: linting
* chore: prompt controller and backend typing example; MOVE TO CONTROLLER DIRECTORY
* chore: more type fixes
* style: prompt name changes
* chore: more type changes, and stateful prompt name change without flickering
* fix: Return result of savePrompt in patchPrompt API endpoint
* fix: navigation prompt queries; refactor: name 'prompt-groups' to just 'groups'
* refactor: fetch prompt groups rewrite
* refactor(prompts): query/mutation statefulness
* refactor: remove `isActive` field
* refactor: remove labels, consolidate logic
* style: width, layout shift
* refactor: improve hover toggle behavior and styling
* refactor: add useParams hook to PromptListItem for dynamic rendering and add timeout ref for blur timeout
* chore: hide upload button
* refactor: import Button component from correct location in PromptSidePanel
* style: prompt editor styling
* style: fix more layout shifts
* style: container scroll
* refactor: Rename CreatePrompt component to CreatePromptForm
* refactor: use react-hook-form
* refactor: Add Prompts components and routes to Dashboard
* style: skeletons for loading
* fix: optimize makePromptProduction
* refactor: consolidate variables
* feat: create prompt form validation
* refactor: Consolidate variables and update mutation hooks
* style: minor touchups
* chore: Update lucide-react npm dependency to version 0.394.0 and npm audit fix
* refactor: add a new icon for the Prompts heading.
* style: Update PromptsView heading to use h1 instead of h2 and other minor margin issues
* chore: wording
* refactor: Update PromptsView heading to use h1 instead of h2, consolidate variables, and add new icons
* refactor: Prompts Button for Mobile
* feature: added category field in prompt group, added relevant API and static data on BE to support FE UI for category in prompt group
* chore: template for prompt cards
---------
Co-authored-by: Fawadpot <contactfawada@gmail.com>
* WIP: Prompts/frontend Continued (#2)
* chore: loading style, remove unused component
* feat: Add CategorySelector component for prompt group category selection
* feat: add categories to create prompt
* feat: prompt versions styling
* feat: optimistic updates for prompt production state
* refactor: optimize form state and show if prompt field is dirty with cross icon, also other styling changes
* chore: remove unused code and localizations
* fix: light mode styling
* WIP: SidePanel Prompts
* refactor: move to groups directory
* refactor: rename GroupsSidePanel to GroupSidePanel and update imports
* style: ListCard
* refactor: isProduction changes
* refactor: infinite query with productionPrompt
* refactor: optimize snippets and prompts, and styling
* refactor: Update getSnippet function to accept a length parameter
* chore: localizations
* feat: prompts navigation to chat and vice versa
* fix: create prompt
* feat: remember last selected category for creating prompts
* fix(promptGroups): fix pagination and add usePromptGroupsNav hook
* Prompts/frontend 3 (#3)
* fix: stateful issues with prompt groups
* style: improved layout
* refactor: improve variable naming in Eng.ts
* refactor: theme selector styling improvements
* added prompt cards on chat new page, with dark mode, added API to fetch random prompts, added types for useQuery
Slightly improved usePromptGroupNav logic to fetch updated result for pageSize, updated prompt cards view with darkmode and responsiveness
fixed page size option buttons styling to match the theme
added dark mode on create prompt page and prompt edit/preview page
fixed page size option buttons styling to match the theme
added dark mode on create prompt page and prompt edit/preview page
* WIP: Prompts/frontend (#4)
* fix: optimize and fix paginated query
* fix: remove unique constraint on names
* refactor: button links and styling
* style: menu border light mode
* feat: Add Auto-Send Switch component for prompts groups
* refactor(ChatView): use form context for submission text
* chore: clear convo state on navigation to dashboard routes
* chore: save prompt edit name on tab, remove console log
* feat: basic prompt submission
* refactor: move Auto-Send Switch
* style(ListCard): border styling
* feat: Add function to detect variables in text
* feat: Add OriginalDialog component to UI library
* chore(ui): Update SelectDropDown options list class to use text-xs size
* refactor: submitMessage hook now includes submitPrompt, make compatible to document query selector
* WIP: Variable Dialog
* feat: variable submission working for both auto-send and non-autosend
* feat: dashboard breadcrumbs and prompts/chat navigation
* refactor: dashboard breadcrumb and dashboard link to chat navigation
* refactor: Update VariableDialog and VariableForm styles
* Prompts: Admin features (#5)
* fix: link issue
* fix: usePromptGroupsNav add missing dep.
* style: dashbreadcrumb and sidepanel text color
* temp fix: remove refetch on pageNumber change
* fix: handle multiple variable replacement
* WIP: create project schema and add project groups to fetch
* feat: Add functionality to add prompt group IDs to a project
* feat: Add caching for startup config in config route
* chore: remove prompt landing
* style: Update Skeleton component with additional background styling
* chore: styling and types
* WIP: SharePrompt first draft
* feat(SharePrompt): form validation
* feat: shared global indicators
* refactor: prompt details
* refactor: change NoPromptGroup directory
* feat: preview prompt
* feat: remove/add global prompts, add rbac-related enums
* refactor: manage prompts location
* WIP: first draft admin settings for prompts
* feat: SystemRoles enum
* refactor: update PromptDetails component styling
* style: ellipsis custom class for showing more preview text
* WIP: initial role schema and initialization
* style: improved margins for single unordered lists
* fix: use custom chat form context to prevent re-renders from FormProvider
* feat: Role mutations for Prompt Permissions
* feat: fetch user role
* feat: update AdminSettings form default values from user role values
* refactor: rename PromptPermissions to Permissions for general definitions
* feat: initial role checks
* feat: Add optional `bodyProps` parameter to generateCheckAccess middleware
* refactor: UI access checks
* Prompts: delete (#6)
* Fixed delete prompt version API, fixed types and logic for prompt version deletion, updated prompt delete mutation logic
* chore: Update return type of deletePrompt function in Prompt.js
---------
Co-authored-by: Fawadpot <contactfawada@gmail.com>
* chore: Update package-lock.json version to 0.7.4-rc1 and fast-xml-parser to 4.4.0
* feat: toast for saving admin settings, add timer no-access navigation
* feat: always make prod
* feat: Add localization to category labels in CategorySelector component
* feat: Update category label localization in CategorySelector component
* fix: Enable making prompt production in Prompt API
---------
Co-authored-by: Fawadpot <contactfawada@gmail.com>
* feat: Add helper fn for dark mode detection in ThemeProvider
* style: surface-primary definition
* fix(useHasAccess): utilize user.role and not just USER role
* fix: empty category and role fetch
* refactort: increase max height to options list and use label if no localization is found
* fix: update CategorySelector to handle empty category value and improve localization
* refactor: move prompts to own store/reactquery modules, add in filter WIP
* refactor: Rename AutoSendSwitch to AutoSendPrompt
* style: theming commit
* style: fix slight coloring issue for convos in dark mode
* style: better composition for prompts side panel
* style: remove gray-750 and make it gray-850
* chore: adjust theming
* feat: filter all prompt groups and properly remove prompts from projects
* refactor: optimize delete prompt groups further
* chore: localization
* feat: Add uniqueProperty filtering to normalizeData function
* WIP: filter prompts
* chore: Update FilterPrompts component to include User icon in FilterItem
* feat(FilterPrompts): set categories
* feat: more system filters and show selected category icon
* style: always make prod, flips switch to avoid mis-clicks
* style: ui/ux loading/no prompts
* chore: style FilterPrompts ChatView
* fix: handle missing role edge case
* style: special variables
* feat: special variables
* refactor: improve replaceSpecialVars function in prompts.ts
* feat: simple/advanced editor modes
* chore: bump versions
* feat: localizations and hide production button on simple mode
* fix: error connecting layout shift
* fix: prompts CRUD for admins
* fix: secure single group fetch
* style: sidepanel styling
* style(PromptName): bring edit button closer to name
* style: mobile prompts header
* style: mobile prompts header continued
* style: align send prompts switch right
* feat: description
* Update special variables description in Eng.ts
* feat: update/create/preview oneliner
* fix: allow empty oneliner update
* style: loading improvement and always make selected prompt Production if simple mode
* fix: production index set and remove unused props
* fix(ci): mock initializeRoles
* fix: address #3128
* fix: address #3128
* feat: add deletion confirmation dialog
* fix: mobile UI issues
* style: prompt library UI update
* style: focus, logcal tab order
* style: Refactor SelectDropDown component to improve code readability and maintainability
* chore: bump data-provider
* chore: fix labels
* refactor: confirm delete prompt version
---------
Co-authored-by: Marco Beretta <81851188+berry-13@users.noreply.github.com>
2024-06-20 20:24:32 -04:00
|
|
|
EModelEndpoint,
|
2024-05-28 08:27:45 -04:00
|
|
|
defaultOrderQuery,
|
🗨️ feat: Prompts (#3131)
* 🗨️ feat: Prompts (#7)
* WIP: MERGE prompts/frontend (#1)
* added schema for prompt and promptgroup, added model methods for prompts, added routes for prompts
* * updated promptGroup Schema
* updated model methods for prompts (get, add, delete)
* slight fixes in prompt routes
* * Created Files Management components
* Created Vector Stores components
* Added file management route in the routes folder
* Completed UI for Files list, Compeleted UI for vector stores list, Completed UI for upload file modal, Completed UI for preview file, Completed UI for preview vector store
* Fixed style and UI fixes for file dashboard, file list and vector stores list
* added responsiveness classes for vector store page
* fixed responsiveness of file page, dashboard page, and main page
* fixed styling and responsiveness issues on dashboard page, file list page and vector store page
* added queries and mutations for prompts and promptGroups, added relevant endpoints in data-provider, added relevant components prompts, added and updated relevant APIs
* added types on mutation queries data service, updated prompt attributes
* feature: Prompts and prompt groups management, added relevant APIs, added types for data service/queries/mutations, added relevant mutation and queries
* chore: typing clarifications
* added drop down on prompts mgmt dashboard
* Fixes: fixed version switching issue on tags update or labels update, added cross button on create prompt group, fixed list updation on prompt group renaiming, added CSV upload button
* Feature: Added oneliner and category attributes in prompt group, added schema for categories, added schema methods and route for categories
* chore: typing and lint issues
* chore: more type and linter fixes
* chore: linting
* chore: prompt controller and backend typing example; MOVE TO CONTROLLER DIRECTORY
* chore: more type fixes
* style: prompt name changes
* chore: more type changes, and stateful prompt name change without flickering
* fix: Return result of savePrompt in patchPrompt API endpoint
* fix: navigation prompt queries; refactor: name 'prompt-groups' to just 'groups'
* refactor: fetch prompt groups rewrite
* refactor(prompts): query/mutation statefulness
* refactor: remove `isActive` field
* refactor: remove labels, consolidate logic
* style: width, layout shift
* refactor: improve hover toggle behavior and styling
* refactor: add useParams hook to PromptListItem for dynamic rendering and add timeout ref for blur timeout
* chore: hide upload button
* refactor: import Button component from correct location in PromptSidePanel
* style: prompt editor styling
* style: fix more layout shifts
* style: container scroll
* refactor: Rename CreatePrompt component to CreatePromptForm
* refactor: use react-hook-form
* refactor: Add Prompts components and routes to Dashboard
* style: skeletons for loading
* fix: optimize makePromptProduction
* refactor: consolidate variables
* feat: create prompt form validation
* refactor: Consolidate variables and update mutation hooks
* style: minor touchups
* chore: Update lucide-react npm dependency to version 0.394.0 and npm audit fix
* refactor: add a new icon for the Prompts heading.
* style: Update PromptsView heading to use h1 instead of h2 and other minor margin issues
* chore: wording
* refactor: Update PromptsView heading to use h1 instead of h2, consolidate variables, and add new icons
* refactor: Prompts Button for Mobile
* feature: added category field in prompt group, added relevant API and static data on BE to support FE UI for category in prompt group
* chore: template for prompt cards
---------
Co-authored-by: Fawadpot <contactfawada@gmail.com>
* WIP: Prompts/frontend Continued (#2)
* chore: loading style, remove unused component
* feat: Add CategorySelector component for prompt group category selection
* feat: add categories to create prompt
* feat: prompt versions styling
* feat: optimistic updates for prompt production state
* refactor: optimize form state and show if prompt field is dirty with cross icon, also other styling changes
* chore: remove unused code and localizations
* fix: light mode styling
* WIP: SidePanel Prompts
* refactor: move to groups directory
* refactor: rename GroupsSidePanel to GroupSidePanel and update imports
* style: ListCard
* refactor: isProduction changes
* refactor: infinite query with productionPrompt
* refactor: optimize snippets and prompts, and styling
* refactor: Update getSnippet function to accept a length parameter
* chore: localizations
* feat: prompts navigation to chat and vice versa
* fix: create prompt
* feat: remember last selected category for creating prompts
* fix(promptGroups): fix pagination and add usePromptGroupsNav hook
* Prompts/frontend 3 (#3)
* fix: stateful issues with prompt groups
* style: improved layout
* refactor: improve variable naming in Eng.ts
* refactor: theme selector styling improvements
* added prompt cards on chat new page, with dark mode, added API to fetch random prompts, added types for useQuery
Slightly improved usePromptGroupNav logic to fetch updated result for pageSize, updated prompt cards view with darkmode and responsiveness
fixed page size option buttons styling to match the theme
added dark mode on create prompt page and prompt edit/preview page
fixed page size option buttons styling to match the theme
added dark mode on create prompt page and prompt edit/preview page
* WIP: Prompts/frontend (#4)
* fix: optimize and fix paginated query
* fix: remove unique constraint on names
* refactor: button links and styling
* style: menu border light mode
* feat: Add Auto-Send Switch component for prompts groups
* refactor(ChatView): use form context for submission text
* chore: clear convo state on navigation to dashboard routes
* chore: save prompt edit name on tab, remove console log
* feat: basic prompt submission
* refactor: move Auto-Send Switch
* style(ListCard): border styling
* feat: Add function to detect variables in text
* feat: Add OriginalDialog component to UI library
* chore(ui): Update SelectDropDown options list class to use text-xs size
* refactor: submitMessage hook now includes submitPrompt, make compatible to document query selector
* WIP: Variable Dialog
* feat: variable submission working for both auto-send and non-autosend
* feat: dashboard breadcrumbs and prompts/chat navigation
* refactor: dashboard breadcrumb and dashboard link to chat navigation
* refactor: Update VariableDialog and VariableForm styles
* Prompts: Admin features (#5)
* fix: link issue
* fix: usePromptGroupsNav add missing dep.
* style: dashbreadcrumb and sidepanel text color
* temp fix: remove refetch on pageNumber change
* fix: handle multiple variable replacement
* WIP: create project schema and add project groups to fetch
* feat: Add functionality to add prompt group IDs to a project
* feat: Add caching for startup config in config route
* chore: remove prompt landing
* style: Update Skeleton component with additional background styling
* chore: styling and types
* WIP: SharePrompt first draft
* feat(SharePrompt): form validation
* feat: shared global indicators
* refactor: prompt details
* refactor: change NoPromptGroup directory
* feat: preview prompt
* feat: remove/add global prompts, add rbac-related enums
* refactor: manage prompts location
* WIP: first draft admin settings for prompts
* feat: SystemRoles enum
* refactor: update PromptDetails component styling
* style: ellipsis custom class for showing more preview text
* WIP: initial role schema and initialization
* style: improved margins for single unordered lists
* fix: use custom chat form context to prevent re-renders from FormProvider
* feat: Role mutations for Prompt Permissions
* feat: fetch user role
* feat: update AdminSettings form default values from user role values
* refactor: rename PromptPermissions to Permissions for general definitions
* feat: initial role checks
* feat: Add optional `bodyProps` parameter to generateCheckAccess middleware
* refactor: UI access checks
* Prompts: delete (#6)
* Fixed delete prompt version API, fixed types and logic for prompt version deletion, updated prompt delete mutation logic
* chore: Update return type of deletePrompt function in Prompt.js
---------
Co-authored-by: Fawadpot <contactfawada@gmail.com>
* chore: Update package-lock.json version to 0.7.4-rc1 and fast-xml-parser to 4.4.0
* feat: toast for saving admin settings, add timer no-access navigation
* feat: always make prod
* feat: Add localization to category labels in CategorySelector component
* feat: Update category label localization in CategorySelector component
* fix: Enable making prompt production in Prompt API
---------
Co-authored-by: Fawadpot <contactfawada@gmail.com>
* feat: Add helper fn for dark mode detection in ThemeProvider
* style: surface-primary definition
* fix(useHasAccess): utilize user.role and not just USER role
* fix: empty category and role fetch
* refactort: increase max height to options list and use label if no localization is found
* fix: update CategorySelector to handle empty category value and improve localization
* refactor: move prompts to own store/reactquery modules, add in filter WIP
* refactor: Rename AutoSendSwitch to AutoSendPrompt
* style: theming commit
* style: fix slight coloring issue for convos in dark mode
* style: better composition for prompts side panel
* style: remove gray-750 and make it gray-850
* chore: adjust theming
* feat: filter all prompt groups and properly remove prompts from projects
* refactor: optimize delete prompt groups further
* chore: localization
* feat: Add uniqueProperty filtering to normalizeData function
* WIP: filter prompts
* chore: Update FilterPrompts component to include User icon in FilterItem
* feat(FilterPrompts): set categories
* feat: more system filters and show selected category icon
* style: always make prod, flips switch to avoid mis-clicks
* style: ui/ux loading/no prompts
* chore: style FilterPrompts ChatView
* fix: handle missing role edge case
* style: special variables
* feat: special variables
* refactor: improve replaceSpecialVars function in prompts.ts
* feat: simple/advanced editor modes
* chore: bump versions
* feat: localizations and hide production button on simple mode
* fix: error connecting layout shift
* fix: prompts CRUD for admins
* fix: secure single group fetch
* style: sidepanel styling
* style(PromptName): bring edit button closer to name
* style: mobile prompts header
* style: mobile prompts header continued
* style: align send prompts switch right
* feat: description
* Update special variables description in Eng.ts
* feat: update/create/preview oneliner
* fix: allow empty oneliner update
* style: loading improvement and always make selected prompt Production if simple mode
* fix: production index set and remove unused props
* fix(ci): mock initializeRoles
* fix: address #3128
* fix: address #3128
* feat: add deletion confirmation dialog
* fix: mobile UI issues
* style: prompt library UI update
* style: focus, logcal tab order
* style: Refactor SelectDropDown component to improve code readability and maintainability
* chore: bump data-provider
* chore: fix labels
* refactor: confirm delete prompt version
---------
Co-authored-by: Marco Beretta <81851188+berry-13@users.noreply.github.com>
2024-06-20 20:24:32 -04:00
|
|
|
defaultAssistantsVersion,
|
2024-05-28 08:27:45 -04:00
|
|
|
} = require('librechat-data-provider');
|
📜 feat: Implement System Grants for Capability-Based Authorization (#11896)
* feat: Implement System Grants for Role-Based Capabilities
- Added a new `systemGrant` model and associated methods to manage role-based capabilities within the application.
- Introduced middleware functions `hasCapability` and `requireCapability` to check user permissions based on their roles.
- Updated the database seeding process to include system grants for the ADMIN role, ensuring all necessary capabilities are assigned on startup.
- Enhanced type definitions and schemas to support the new system grant functionality, improving overall type safety and clarity in the codebase.
* test: Add unit tests for capabilities middleware and system grant methods
- Introduced comprehensive unit tests for the capabilities middleware, including `hasCapability` and `requireCapability`, ensuring proper permission checks based on user roles.
- Added tests for the `SystemGrant` methods, verifying the seeding of system grants, capability granting, and revocation processes.
- Enhanced test coverage for edge cases, including idempotency of grant operations and handling of unexpected errors in middleware.
- Utilized mocks for database interactions to isolate tests and improve reliability.
* refactor: Transition to Capability-Based Access Control
- Replaced role-based access checks with capability-based checks across various middleware and routes, enhancing permission management.
- Introduced `hasCapability` and `requireCapability` functions to streamline capability verification for user actions.
- Updated relevant routes and middleware to utilize the new capability system, ensuring consistent permission enforcement.
- Enhanced type definitions and added tests for the new capability functions, improving overall code reliability and maintainability.
* test: Enhance capability-based access tests for ADMIN role
- Updated tests to reflect the new capability-based access control, specifically for the ADMIN role.
- Modified test descriptions to clarify that users with the MANAGE_AGENTS capability can bypass permission checks.
- Seeded capabilities for the ADMIN role in multiple test files to ensure consistent permission checks across different routes and middleware.
- Improved overall test coverage for capability verification, ensuring robust permission management.
* test: Update capability tests for MCP server access
- Renamed test to reflect the correct capability for bypassing permission checks, changing from MANAGE_AGENTS to MANAGE_MCP_SERVERS.
- Updated seeding of capabilities for the ADMIN role to align with the new capability structure.
- Ensured consistency in capability definitions across tests and middleware for improved permission management.
* feat: Add hasConfigCapability for enhanced config access control
- Introduced `hasConfigCapability` function to check user permissions for managing or reading specific config sections.
- Updated middleware to export the new capability function, ensuring consistent access control across the application.
- Enhanced unit tests to cover various scenarios for the new capability, improving overall test coverage and reliability.
* fix: Update tenantId filter in createSystemGrantMethods
- Added a condition to set tenantId filter to { $exists: false } when tenantId is null, ensuring proper handling of cases where tenantId is not provided.
- This change improves the robustness of the system grant methods by explicitly managing the absence of tenantId in the filter logic.
* fix: account deletion capability check
- Updated the `canDeleteAccount` middleware to ensure that the `hasManageUsers` capability check only occurs if a user is present, preventing potential errors when the user object is undefined.
- This change improves the robustness of the account deletion logic by ensuring proper handling of user permissions.
* refactor: Optimize seeding of system grants for ADMIN role
- Replaced sequential capability granting with parallel execution using Promise.all in the seedSystemGrants function.
- This change improves performance and efficiency during the initialization of system grants, ensuring all capabilities are granted concurrently.
* refactor: Simplify systemGrantSchema index definition
- Removed the sparse option from the unique index on principalType, principalId, capability, and tenantId in the systemGrantSchema.
- This change streamlines the index definition, potentially improving query performance and clarity in the schema design.
* refactor: Reorganize role capability check in roles route
- Moved the capability check for reading roles to occur after parsing the roleName, improving code clarity and structure.
- This change ensures that the authorization logic is consistently applied before fetching role details, enhancing overall permission management.
* refactor: Remove unused ISystemGrant interface from systemCapabilities.ts
- Deleted the ISystemGrant interface as it was no longer needed, streamlining the code and improving clarity.
- This change helps reduce clutter in the file and focuses on relevant capabilities for the system.
* refactor: Migrate SystemCapabilities to data-schemas
- Replaced imports of SystemCapabilities from 'librechat-data-provider' with imports from '@librechat/data-schemas' across multiple files.
- This change centralizes the management of system capabilities, improving code organization and maintainability.
* refactor: Update account deletion middleware and capability checks
- Modified the `canDeleteAccount` middleware to ensure that the account deletion permission is only granted to users with the `MANAGE_USERS` capability, improving security and clarity in permission management.
- Enhanced error logging for unauthorized account deletion attempts, providing better insights into permission issues.
- Updated the `capabilities.ts` file to ensure consistent handling of user authentication checks, improving robustness in capability verification.
- Refined type definitions in `systemGrant.ts` and `systemGrantMethods.ts` to utilize the `PrincipalType` enum, enhancing type safety and code clarity.
* refactor: Extract principal ID normalization into a separate function
- Introduced `normalizePrincipalId` function to streamline the normalization of principal IDs based on their type, enhancing code clarity and reusability.
- Updated references in `createSystemGrantMethods` to utilize the new normalization function, improving maintainability and reducing code duplication.
* test: Add unit tests for principalId normalization in systemGrant
- Introduced tests for the `grantCapability`, `revokeCapability`, and `getCapabilitiesForPrincipal` methods to verify correct handling of principalId normalization between string and ObjectId formats.
- Enhanced the `capabilities.ts` middleware to utilize the `PrincipalType` enum for improved type safety.
- Added a new utility function `normalizePrincipalId` to streamline principal ID normalization logic, ensuring consistent behavior across the application.
* feat: Introduce capability implications and enhance system grant methods
- Added `CapabilityImplications` to define relationships between broader and implied capabilities, allowing for more intuitive permission checks.
- Updated `createSystemGrantMethods` to expand capability queries to include implied capabilities, improving authorization logic.
- Enhanced `systemGrantSchema` to include an `expiresAt` field for future TTL enforcement of grants, and added validation to ensure `tenantId` is not set to null.
- Documented authorization requirements for prompt group and prompt deletion methods to clarify access control expectations.
* test: Add unit tests for canDeleteAccount middleware
- Introduced unit tests for the `canDeleteAccount` middleware to verify account deletion permissions based on user roles and capabilities.
- Covered scenarios for both allowed and blocked account deletions, including checks for ADMIN users with the `MANAGE_USERS` capability and handling of undefined user cases.
- Enhanced test structure to ensure clarity and maintainability of permission checks in the middleware.
* fix: Add principalType enum validation to SystemGrant schema
Without enum validation, any string value was accepted for principalType
and silently stored. Invalid documents would never match capability
queries, creating phantom grants impossible to diagnose without raw DB
inspection. All other ACL models in the codebase validate this field.
* fix: Replace seedSystemGrants Promise.all with bulkWrite for concurrency safety
When two server instances start simultaneously (K8s rolling deploy, PM2
cluster), both call seedSystemGrants. With Promise.all + findOneAndUpdate
upsert, both instances may attempt to insert the same documents, causing
E11000 duplicate key errors that crash server startup.
bulkWrite with ordered:false handles concurrent upserts gracefully and
reduces 17 individual round trips to a single network call. The returned
documents (previously discarded) are no longer fetched.
* perf: Add AsyncLocalStorage per-request cache for capability checks
Every hasCapability call previously required 2 DB round trips
(getUserPrincipals + SystemGrant.exists) — replacing what were O(1)
string comparisons. Routes like patchPromptGroup triggered this twice,
and hasConfigCapability's fallback path resolved principals twice.
This adds a per-request AsyncLocalStorage cache that:
- Caches resolved principals (same for all checks within one request)
- Caches capability check results (same user+cap = same answer)
- Automatically scoped to request lifetime (no stale grants)
- Falls through to DB when no store exists (background jobs, tests)
- Requires no signature changes to hasCapability
The capabilityContextMiddleware is registered at the app level before
all routes, initializing a fresh store per request.
* fix: Add error handling for inline hasCapability calls
canDeleteAccount, fetchAssistants, and validateAuthor all call
hasCapability without try-catch. These were previously O(1) string
comparisons that could never throw. Now they hit the database and can
fail on connection timeout or transient errors.
Wrap each call in try-catch, defaulting to deny (false) on error.
This ensures a DB hiccup returns a clean 403 instead of an unhandled
500 with a stack trace.
* test: Add canDeleteAccount DB-error resilience test
Tests that hasCapability rejection (e.g., DB timeout) results in a clean
403 rather than an unhandled exception. Validates the error handling
added in the previous commit.
* refactor: Use barrel import for hasCapability in validateAuthor
Import from ~/server/middleware barrel instead of directly from
~/server/middleware/roles/capabilities for consistency with other
non-middleware consumers. Files within the middleware barrel itself
must continue using direct imports to avoid circular requires.
* refactor: Remove misleading pre('save') hook from SystemGrant schema
The pre('save') hook normalized principalId for USER/GROUP principals,
but the primary write path (grantCapability) uses findOneAndUpdate —
which does not trigger save hooks. The normalization was already handled
explicitly in grantCapability itself. The hook created a false impression
of schema-level enforcement that only covered save()/create() paths.
Replace with a comment documenting that all writes must go through
grantCapability.
* feat: Add READ_ASSISTANTS capability to complete manage/read pair
Every other managed resource had a paired READ_X / MANAGE_X capability
except assistants. This adds READ_ASSISTANTS and registers the
MANAGE_ASSISTANTS → READ_ASSISTANTS implication in CapabilityImplications,
enabling future read-only assistant visibility grants.
* chore: Reorder systemGrant methods for clarity
Moved hasCapabilityForPrincipals to a more logical position in the returned object of createSystemGrantMethods, improving code readability. This change also maintains the inclusion of seedSystemGrants in the export, ensuring all necessary methods are available.
* fix: Wrap seedSystemGrants in try-catch to avoid blocking startup
Seeding capabilities is idempotent and will succeed on the next restart.
A transient DB error during seeding should not prevent the server from
starting — log the error and continue.
* refactor: Improve capability check efficiency and add audit logging
Move hasCapability calls after cheap early-exits in validateAuthor and
fetchAssistants so the DB check only runs when its result matters. Add
logger.debug on every capability bypass grant across all 7 call sites
for auditability, and log errors in catch blocks instead of silently
swallowing them.
* test: Add integration tests for AsyncLocalStorage capability caching
Exercises the full vertical — ALS context, generateCapabilityCheck,
real getUserPrincipals, real hasCapabilityForPrincipals, real MongoDB
via MongoMemoryServer. Covers per-request caching, cross-context
isolation, concurrent request isolation, negative caching, capability
implications, tenant scoping, group-based grants, and requireCapability
middleware.
* test: Add systemGrant data-layer and ALS edge-case integration tests
systemGrant.spec.ts (51 tests): Full integration tests for all
systemGrant methods against real MongoDB — grant/revoke lifecycle,
principalId normalization (string→ObjectId for USER/GROUP, string for
ROLE), capability implications (both directions), tenant scoping,
schema validation (null tenantId, invalid enum, required fields,
unique compound index).
capabilities.integration.spec.ts (27 tests): Adds ALS edge cases —
missing context degrades gracefully with no caching (background jobs,
child processes), nested middleware creates independent inner context,
optional-chaining safety when store is undefined, mid-request grant
changes are invisible due to result caching, requireCapability works
without ALS, and interleaved concurrent contexts maintain isolation.
* fix: Add worker thread guards to capability ALS usage
Detect when hasCapability or capabilityContextMiddleware is called from
a worker thread (where ALS context does not propagate from the parent).
hasCapability logs a warn-once per factory instance; the middleware logs
an error since mounting Express middleware in a worker is likely a
misconfiguration. Both continue to function correctly — the guard is
observability, not a hard block.
* fix: Include tenantId in ALS principal cache key for tenant isolation
The principal cache key was user.id:user.role, which would reuse
cached principals across tenants for the same user within a request.
When getUserPrincipals gains tenant-scoped group resolution, principals
from tenant-a would incorrectly serve tenant-b checks. Changed to
user.id:user.role:user.tenantId to prevent cross-tenant cache hits.
Adds integration test proving separate principal lookups per tenantId.
* test: Remove redundant mocked capabilities.spec.js
The JS wrapper test (7 tests, all mocked) is a strict subset of
capabilities.integration.spec.ts (28 tests, real MongoDB). Every
scenario it covered — hasCapability true/false, tenantId passthrough,
requireCapability 403/500, error handling — is tested with higher
fidelity in the integration suite.
* test: Replace mocked canDeleteAccount tests with real MongoDB integration
Remove hasCapability mock — tests now exercise the full capability
chain against real MongoDB (getUserPrincipals, hasCapabilityForPrincipals,
SystemGrant collection). Only mocks remaining are logger and cache.
Adds new coverage: admin role without grant is blocked, user-level
grant bypasses deletion restriction, null user handling.
* test: Add comprehensive tests for ACL entry management and user group methods
Introduces new tests for `deleteAclEntries`, `bulkWriteAclEntries`, and `findPublicResourceIds` in `aclEntry.spec.ts`, ensuring proper functionality for deleting and bulk managing ACL entries. Additionally, enhances `userGroup.spec.ts` with tests for finding groups by ID and name pattern, including external ID matching and source filtering. These changes improve coverage and validate the integrity of ACL and user group operations against real MongoDB interactions.
* refactor: Update capability checks and logging for better clarity and error handling
Replaced `MANAGE_USERS` with `ACCESS_ADMIN` in the `canDeleteAccount` middleware and related tests to align with updated permission structure. Enhanced logging in various middleware functions to use `logger.warn` for capability check failures, providing clearer error messages. Additionally, refactored capability checks in the `patchPromptGroup` and `validateAuthor` functions to improve readability and maintainability. This commit also includes adjustments to the `systemGrant` methods to implement retry logic for transient failures during capability seeding, ensuring robustness in the face of database errors.
* refactor: Enhance logging and retry logic in seedSystemGrants method
Updated the logging format in the seedSystemGrants method to include error messages for better clarity. Improved the retry mechanism by explicitly mocking multiple failures in tests, ensuring robust error handling during transient database issues. Additionally, refined imports in the systemGrant schema for better type management.
* refactor: Consolidate imports in canDeleteAccount middleware
Merged logger and SystemCapabilities imports from the data-schemas module into a single line for improved readability and maintainability of the code. This change streamlines the import statements in the canDeleteAccount middleware.
* test: Enhance systemGrant tests for error handling and capability validation
Added tests to the systemGrant methods to handle various error scenarios, including E11000 race conditions, invalid ObjectId strings for USER and GROUP principals, and invalid capability strings. These enhancements improve the robustness of the capability granting and revoking logic, ensuring proper error propagation and validation of inputs.
* fix: Wrap hasCapability calls in deny-by-default try-catch at remaining sites
canAccessResource, files.js, and roles.js all had hasCapability inside
outer try-catch blocks that returned 500 on DB failure instead of
falling through to the regular ACL check. This contradicts the
deny-by-default pattern used everywhere else.
Also removes raw error.message from the roles.js 500 response to
prevent internal host/connection info leaking to clients.
* fix: Normalize user ID in canDeleteAccount before passing to hasCapability
requireCapability normalizes req.user.id via _id?.toString() fallback,
but canDeleteAccount passed raw req.user directly. If req.user.id is
absent (some auth layers only populate _id), getUserPrincipals received
undefined, silently returning empty principals and blocking the bypass.
* fix: Harden systemGrant schema and type safety
- Reject empty string tenantId in schema validator (was only blocking
null; empty string silently orphaned documents)
- Fix reverseImplications to use BaseSystemCapability[] instead of
string[], preserving the narrow discriminated type
- Document READ_ASSISTANTS as reserved/unenforced
* test: Use fake timers for seedSystemGrants retry tests and add tenantId validation
- Switch retry tests to jest.useFakeTimers() to eliminate 3+ seconds
of real setTimeout delays per test run
- Add regression test for empty-string tenantId rejection
* docs: Add TODO(#12091) comments for tenant-scoped capability gaps
In multi-tenant mode, platform-level grants (no tenantId) won't match
tenant-scoped queries, breaking admin access. getUserPrincipals also
returns cross-tenant group memberships. Both need fixes in #12091.
2026-03-07 13:56:32 -05:00
|
|
|
const { logger, SystemCapabilities } = require('@librechat/data-schemas');
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
const {
|
|
|
|
|
initializeClient: initAzureClient,
|
|
|
|
|
} = require('~/server/services/Endpoints/azureAssistants');
|
|
|
|
|
const { initializeClient } = require('~/server/services/Endpoints/assistants');
|
2024-12-19 13:04:48 -05:00
|
|
|
const { getEndpointsConfig } = require('~/server/services/Config');
|
📜 feat: Implement System Grants for Capability-Based Authorization (#11896)
* feat: Implement System Grants for Role-Based Capabilities
- Added a new `systemGrant` model and associated methods to manage role-based capabilities within the application.
- Introduced middleware functions `hasCapability` and `requireCapability` to check user permissions based on their roles.
- Updated the database seeding process to include system grants for the ADMIN role, ensuring all necessary capabilities are assigned on startup.
- Enhanced type definitions and schemas to support the new system grant functionality, improving overall type safety and clarity in the codebase.
* test: Add unit tests for capabilities middleware and system grant methods
- Introduced comprehensive unit tests for the capabilities middleware, including `hasCapability` and `requireCapability`, ensuring proper permission checks based on user roles.
- Added tests for the `SystemGrant` methods, verifying the seeding of system grants, capability granting, and revocation processes.
- Enhanced test coverage for edge cases, including idempotency of grant operations and handling of unexpected errors in middleware.
- Utilized mocks for database interactions to isolate tests and improve reliability.
* refactor: Transition to Capability-Based Access Control
- Replaced role-based access checks with capability-based checks across various middleware and routes, enhancing permission management.
- Introduced `hasCapability` and `requireCapability` functions to streamline capability verification for user actions.
- Updated relevant routes and middleware to utilize the new capability system, ensuring consistent permission enforcement.
- Enhanced type definitions and added tests for the new capability functions, improving overall code reliability and maintainability.
* test: Enhance capability-based access tests for ADMIN role
- Updated tests to reflect the new capability-based access control, specifically for the ADMIN role.
- Modified test descriptions to clarify that users with the MANAGE_AGENTS capability can bypass permission checks.
- Seeded capabilities for the ADMIN role in multiple test files to ensure consistent permission checks across different routes and middleware.
- Improved overall test coverage for capability verification, ensuring robust permission management.
* test: Update capability tests for MCP server access
- Renamed test to reflect the correct capability for bypassing permission checks, changing from MANAGE_AGENTS to MANAGE_MCP_SERVERS.
- Updated seeding of capabilities for the ADMIN role to align with the new capability structure.
- Ensured consistency in capability definitions across tests and middleware for improved permission management.
* feat: Add hasConfigCapability for enhanced config access control
- Introduced `hasConfigCapability` function to check user permissions for managing or reading specific config sections.
- Updated middleware to export the new capability function, ensuring consistent access control across the application.
- Enhanced unit tests to cover various scenarios for the new capability, improving overall test coverage and reliability.
* fix: Update tenantId filter in createSystemGrantMethods
- Added a condition to set tenantId filter to { $exists: false } when tenantId is null, ensuring proper handling of cases where tenantId is not provided.
- This change improves the robustness of the system grant methods by explicitly managing the absence of tenantId in the filter logic.
* fix: account deletion capability check
- Updated the `canDeleteAccount` middleware to ensure that the `hasManageUsers` capability check only occurs if a user is present, preventing potential errors when the user object is undefined.
- This change improves the robustness of the account deletion logic by ensuring proper handling of user permissions.
* refactor: Optimize seeding of system grants for ADMIN role
- Replaced sequential capability granting with parallel execution using Promise.all in the seedSystemGrants function.
- This change improves performance and efficiency during the initialization of system grants, ensuring all capabilities are granted concurrently.
* refactor: Simplify systemGrantSchema index definition
- Removed the sparse option from the unique index on principalType, principalId, capability, and tenantId in the systemGrantSchema.
- This change streamlines the index definition, potentially improving query performance and clarity in the schema design.
* refactor: Reorganize role capability check in roles route
- Moved the capability check for reading roles to occur after parsing the roleName, improving code clarity and structure.
- This change ensures that the authorization logic is consistently applied before fetching role details, enhancing overall permission management.
* refactor: Remove unused ISystemGrant interface from systemCapabilities.ts
- Deleted the ISystemGrant interface as it was no longer needed, streamlining the code and improving clarity.
- This change helps reduce clutter in the file and focuses on relevant capabilities for the system.
* refactor: Migrate SystemCapabilities to data-schemas
- Replaced imports of SystemCapabilities from 'librechat-data-provider' with imports from '@librechat/data-schemas' across multiple files.
- This change centralizes the management of system capabilities, improving code organization and maintainability.
* refactor: Update account deletion middleware and capability checks
- Modified the `canDeleteAccount` middleware to ensure that the account deletion permission is only granted to users with the `MANAGE_USERS` capability, improving security and clarity in permission management.
- Enhanced error logging for unauthorized account deletion attempts, providing better insights into permission issues.
- Updated the `capabilities.ts` file to ensure consistent handling of user authentication checks, improving robustness in capability verification.
- Refined type definitions in `systemGrant.ts` and `systemGrantMethods.ts` to utilize the `PrincipalType` enum, enhancing type safety and code clarity.
* refactor: Extract principal ID normalization into a separate function
- Introduced `normalizePrincipalId` function to streamline the normalization of principal IDs based on their type, enhancing code clarity and reusability.
- Updated references in `createSystemGrantMethods` to utilize the new normalization function, improving maintainability and reducing code duplication.
* test: Add unit tests for principalId normalization in systemGrant
- Introduced tests for the `grantCapability`, `revokeCapability`, and `getCapabilitiesForPrincipal` methods to verify correct handling of principalId normalization between string and ObjectId formats.
- Enhanced the `capabilities.ts` middleware to utilize the `PrincipalType` enum for improved type safety.
- Added a new utility function `normalizePrincipalId` to streamline principal ID normalization logic, ensuring consistent behavior across the application.
* feat: Introduce capability implications and enhance system grant methods
- Added `CapabilityImplications` to define relationships between broader and implied capabilities, allowing for more intuitive permission checks.
- Updated `createSystemGrantMethods` to expand capability queries to include implied capabilities, improving authorization logic.
- Enhanced `systemGrantSchema` to include an `expiresAt` field for future TTL enforcement of grants, and added validation to ensure `tenantId` is not set to null.
- Documented authorization requirements for prompt group and prompt deletion methods to clarify access control expectations.
* test: Add unit tests for canDeleteAccount middleware
- Introduced unit tests for the `canDeleteAccount` middleware to verify account deletion permissions based on user roles and capabilities.
- Covered scenarios for both allowed and blocked account deletions, including checks for ADMIN users with the `MANAGE_USERS` capability and handling of undefined user cases.
- Enhanced test structure to ensure clarity and maintainability of permission checks in the middleware.
* fix: Add principalType enum validation to SystemGrant schema
Without enum validation, any string value was accepted for principalType
and silently stored. Invalid documents would never match capability
queries, creating phantom grants impossible to diagnose without raw DB
inspection. All other ACL models in the codebase validate this field.
* fix: Replace seedSystemGrants Promise.all with bulkWrite for concurrency safety
When two server instances start simultaneously (K8s rolling deploy, PM2
cluster), both call seedSystemGrants. With Promise.all + findOneAndUpdate
upsert, both instances may attempt to insert the same documents, causing
E11000 duplicate key errors that crash server startup.
bulkWrite with ordered:false handles concurrent upserts gracefully and
reduces 17 individual round trips to a single network call. The returned
documents (previously discarded) are no longer fetched.
* perf: Add AsyncLocalStorage per-request cache for capability checks
Every hasCapability call previously required 2 DB round trips
(getUserPrincipals + SystemGrant.exists) — replacing what were O(1)
string comparisons. Routes like patchPromptGroup triggered this twice,
and hasConfigCapability's fallback path resolved principals twice.
This adds a per-request AsyncLocalStorage cache that:
- Caches resolved principals (same for all checks within one request)
- Caches capability check results (same user+cap = same answer)
- Automatically scoped to request lifetime (no stale grants)
- Falls through to DB when no store exists (background jobs, tests)
- Requires no signature changes to hasCapability
The capabilityContextMiddleware is registered at the app level before
all routes, initializing a fresh store per request.
* fix: Add error handling for inline hasCapability calls
canDeleteAccount, fetchAssistants, and validateAuthor all call
hasCapability without try-catch. These were previously O(1) string
comparisons that could never throw. Now they hit the database and can
fail on connection timeout or transient errors.
Wrap each call in try-catch, defaulting to deny (false) on error.
This ensures a DB hiccup returns a clean 403 instead of an unhandled
500 with a stack trace.
* test: Add canDeleteAccount DB-error resilience test
Tests that hasCapability rejection (e.g., DB timeout) results in a clean
403 rather than an unhandled exception. Validates the error handling
added in the previous commit.
* refactor: Use barrel import for hasCapability in validateAuthor
Import from ~/server/middleware barrel instead of directly from
~/server/middleware/roles/capabilities for consistency with other
non-middleware consumers. Files within the middleware barrel itself
must continue using direct imports to avoid circular requires.
* refactor: Remove misleading pre('save') hook from SystemGrant schema
The pre('save') hook normalized principalId for USER/GROUP principals,
but the primary write path (grantCapability) uses findOneAndUpdate —
which does not trigger save hooks. The normalization was already handled
explicitly in grantCapability itself. The hook created a false impression
of schema-level enforcement that only covered save()/create() paths.
Replace with a comment documenting that all writes must go through
grantCapability.
* feat: Add READ_ASSISTANTS capability to complete manage/read pair
Every other managed resource had a paired READ_X / MANAGE_X capability
except assistants. This adds READ_ASSISTANTS and registers the
MANAGE_ASSISTANTS → READ_ASSISTANTS implication in CapabilityImplications,
enabling future read-only assistant visibility grants.
* chore: Reorder systemGrant methods for clarity
Moved hasCapabilityForPrincipals to a more logical position in the returned object of createSystemGrantMethods, improving code readability. This change also maintains the inclusion of seedSystemGrants in the export, ensuring all necessary methods are available.
* fix: Wrap seedSystemGrants in try-catch to avoid blocking startup
Seeding capabilities is idempotent and will succeed on the next restart.
A transient DB error during seeding should not prevent the server from
starting — log the error and continue.
* refactor: Improve capability check efficiency and add audit logging
Move hasCapability calls after cheap early-exits in validateAuthor and
fetchAssistants so the DB check only runs when its result matters. Add
logger.debug on every capability bypass grant across all 7 call sites
for auditability, and log errors in catch blocks instead of silently
swallowing them.
* test: Add integration tests for AsyncLocalStorage capability caching
Exercises the full vertical — ALS context, generateCapabilityCheck,
real getUserPrincipals, real hasCapabilityForPrincipals, real MongoDB
via MongoMemoryServer. Covers per-request caching, cross-context
isolation, concurrent request isolation, negative caching, capability
implications, tenant scoping, group-based grants, and requireCapability
middleware.
* test: Add systemGrant data-layer and ALS edge-case integration tests
systemGrant.spec.ts (51 tests): Full integration tests for all
systemGrant methods against real MongoDB — grant/revoke lifecycle,
principalId normalization (string→ObjectId for USER/GROUP, string for
ROLE), capability implications (both directions), tenant scoping,
schema validation (null tenantId, invalid enum, required fields,
unique compound index).
capabilities.integration.spec.ts (27 tests): Adds ALS edge cases —
missing context degrades gracefully with no caching (background jobs,
child processes), nested middleware creates independent inner context,
optional-chaining safety when store is undefined, mid-request grant
changes are invisible due to result caching, requireCapability works
without ALS, and interleaved concurrent contexts maintain isolation.
* fix: Add worker thread guards to capability ALS usage
Detect when hasCapability or capabilityContextMiddleware is called from
a worker thread (where ALS context does not propagate from the parent).
hasCapability logs a warn-once per factory instance; the middleware logs
an error since mounting Express middleware in a worker is likely a
misconfiguration. Both continue to function correctly — the guard is
observability, not a hard block.
* fix: Include tenantId in ALS principal cache key for tenant isolation
The principal cache key was user.id:user.role, which would reuse
cached principals across tenants for the same user within a request.
When getUserPrincipals gains tenant-scoped group resolution, principals
from tenant-a would incorrectly serve tenant-b checks. Changed to
user.id:user.role:user.tenantId to prevent cross-tenant cache hits.
Adds integration test proving separate principal lookups per tenantId.
* test: Remove redundant mocked capabilities.spec.js
The JS wrapper test (7 tests, all mocked) is a strict subset of
capabilities.integration.spec.ts (28 tests, real MongoDB). Every
scenario it covered — hasCapability true/false, tenantId passthrough,
requireCapability 403/500, error handling — is tested with higher
fidelity in the integration suite.
* test: Replace mocked canDeleteAccount tests with real MongoDB integration
Remove hasCapability mock — tests now exercise the full capability
chain against real MongoDB (getUserPrincipals, hasCapabilityForPrincipals,
SystemGrant collection). Only mocks remaining are logger and cache.
Adds new coverage: admin role without grant is blocked, user-level
grant bypasses deletion restriction, null user handling.
* test: Add comprehensive tests for ACL entry management and user group methods
Introduces new tests for `deleteAclEntries`, `bulkWriteAclEntries`, and `findPublicResourceIds` in `aclEntry.spec.ts`, ensuring proper functionality for deleting and bulk managing ACL entries. Additionally, enhances `userGroup.spec.ts` with tests for finding groups by ID and name pattern, including external ID matching and source filtering. These changes improve coverage and validate the integrity of ACL and user group operations against real MongoDB interactions.
* refactor: Update capability checks and logging for better clarity and error handling
Replaced `MANAGE_USERS` with `ACCESS_ADMIN` in the `canDeleteAccount` middleware and related tests to align with updated permission structure. Enhanced logging in various middleware functions to use `logger.warn` for capability check failures, providing clearer error messages. Additionally, refactored capability checks in the `patchPromptGroup` and `validateAuthor` functions to improve readability and maintainability. This commit also includes adjustments to the `systemGrant` methods to implement retry logic for transient failures during capability seeding, ensuring robustness in the face of database errors.
* refactor: Enhance logging and retry logic in seedSystemGrants method
Updated the logging format in the seedSystemGrants method to include error messages for better clarity. Improved the retry mechanism by explicitly mocking multiple failures in tests, ensuring robust error handling during transient database issues. Additionally, refined imports in the systemGrant schema for better type management.
* refactor: Consolidate imports in canDeleteAccount middleware
Merged logger and SystemCapabilities imports from the data-schemas module into a single line for improved readability and maintainability of the code. This change streamlines the import statements in the canDeleteAccount middleware.
* test: Enhance systemGrant tests for error handling and capability validation
Added tests to the systemGrant methods to handle various error scenarios, including E11000 race conditions, invalid ObjectId strings for USER and GROUP principals, and invalid capability strings. These enhancements improve the robustness of the capability granting and revoking logic, ensuring proper error propagation and validation of inputs.
* fix: Wrap hasCapability calls in deny-by-default try-catch at remaining sites
canAccessResource, files.js, and roles.js all had hasCapability inside
outer try-catch blocks that returned 500 on DB failure instead of
falling through to the regular ACL check. This contradicts the
deny-by-default pattern used everywhere else.
Also removes raw error.message from the roles.js 500 response to
prevent internal host/connection info leaking to clients.
* fix: Normalize user ID in canDeleteAccount before passing to hasCapability
requireCapability normalizes req.user.id via _id?.toString() fallback,
but canDeleteAccount passed raw req.user directly. If req.user.id is
absent (some auth layers only populate _id), getUserPrincipals received
undefined, silently returning empty principals and blocking the bypass.
* fix: Harden systemGrant schema and type safety
- Reject empty string tenantId in schema validator (was only blocking
null; empty string silently orphaned documents)
- Fix reverseImplications to use BaseSystemCapability[] instead of
string[], preserving the narrow discriminated type
- Document READ_ASSISTANTS as reserved/unenforced
* test: Use fake timers for seedSystemGrants retry tests and add tenantId validation
- Switch retry tests to jest.useFakeTimers() to eliminate 3+ seconds
of real setTimeout delays per test run
- Add regression test for empty-string tenantId rejection
* docs: Add TODO(#12091) comments for tenant-scoped capability gaps
In multi-tenant mode, platform-level grants (no tenantId) won't match
tenant-scoped queries, breaking admin access. getUserPrincipals also
returns cross-tenant group memberships. Both need fixes in #12091.
2026-03-07 13:56:32 -05:00
|
|
|
const { hasCapability } = require('~/server/middleware');
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
|
|
|
|
|
/**
|
2025-08-26 12:10:18 -04:00
|
|
|
* @param {ServerRequest} req
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
* @param {string} [endpoint]
|
|
|
|
|
* @returns {Promise<string>}
|
|
|
|
|
*/
|
|
|
|
|
const getCurrentVersion = async (req, endpoint) => {
|
|
|
|
|
const index = req.baseUrl.lastIndexOf('/v');
|
|
|
|
|
let version = index !== -1 ? req.baseUrl.substring(index + 1, index + 3) : null;
|
|
|
|
|
if (!version && req.body.version) {
|
|
|
|
|
version = `v${req.body.version}`;
|
|
|
|
|
}
|
|
|
|
|
if (!version && endpoint) {
|
2024-12-19 13:04:48 -05:00
|
|
|
const endpointsConfig = await getEndpointsConfig(req);
|
|
|
|
|
version = `v${endpointsConfig?.[endpoint]?.version ?? defaultAssistantsVersion[endpoint]}`;
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
}
|
|
|
|
|
if (!version?.startsWith('v') && version.length !== 2) {
|
|
|
|
|
throw new Error(`[${req.baseUrl}] Invalid version: ${version}`);
|
|
|
|
|
}
|
|
|
|
|
return version;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Asynchronously lists assistants based on provided query parameters.
|
|
|
|
|
*
|
|
|
|
|
* Initializes the client with the current request and response objects and lists assistants
|
|
|
|
|
* according to the query parameters. This function abstracts the logic for non-Azure paths.
|
|
|
|
|
*
|
2024-05-28 08:27:45 -04:00
|
|
|
* @deprecated
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
* @async
|
|
|
|
|
* @param {object} params - The parameters object.
|
|
|
|
|
* @param {object} params.req - The request object, used for initializing the client.
|
|
|
|
|
* @param {object} params.res - The response object, used for initializing the client.
|
|
|
|
|
* @param {string} params.version - The API version to use.
|
|
|
|
|
* @param {object} params.query - The query parameters to list assistants (e.g., limit, order).
|
|
|
|
|
* @returns {Promise<object>} A promise that resolves to the response from the `openai.beta.assistants.list` method call.
|
|
|
|
|
*/
|
2024-05-28 08:27:45 -04:00
|
|
|
const _listAssistants = async ({ req, res, version, query }) => {
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
const { openai } = await getOpenAIClient({ req, res, version });
|
|
|
|
|
return openai.beta.assistants.list(query);
|
|
|
|
|
};
|
|
|
|
|
|
2024-05-28 08:27:45 -04:00
|
|
|
/**
|
|
|
|
|
* Fetches all assistants based on provided query params, until `has_more` is `false`.
|
|
|
|
|
*
|
|
|
|
|
* @async
|
|
|
|
|
* @param {object} params - The parameters object.
|
|
|
|
|
* @param {object} params.req - The request object, used for initializing the client.
|
|
|
|
|
* @param {object} params.res - The response object, used for initializing the client.
|
|
|
|
|
* @param {string} params.version - The API version to use.
|
|
|
|
|
* @param {Omit<AssistantListParams, 'endpoint'>} params.query - The query parameters to list assistants (e.g., limit, order).
|
2024-08-31 13:42:20 -04:00
|
|
|
* @returns {Promise<Array<Assistant>>} A promise that resolves to the response from the `openai.beta.assistants.list` method call.
|
2024-05-28 08:27:45 -04:00
|
|
|
*/
|
|
|
|
|
const listAllAssistants = async ({ req, res, version, query }) => {
|
2025-11-25 15:20:07 -05:00
|
|
|
/** @type {{ openai: OpenAI }} */
|
2024-05-28 08:27:45 -04:00
|
|
|
const { openai } = await getOpenAIClient({ req, res, version });
|
|
|
|
|
const allAssistants = [];
|
|
|
|
|
|
|
|
|
|
let first_id;
|
|
|
|
|
let last_id;
|
|
|
|
|
let afterToken = query.after;
|
|
|
|
|
let hasMore = true;
|
|
|
|
|
|
|
|
|
|
while (hasMore) {
|
|
|
|
|
const response = await openai.beta.assistants.list({
|
|
|
|
|
...query,
|
|
|
|
|
after: afterToken,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const { body } = response;
|
|
|
|
|
|
|
|
|
|
allAssistants.push(...body.data);
|
|
|
|
|
hasMore = body.has_more;
|
|
|
|
|
|
|
|
|
|
if (!first_id) {
|
|
|
|
|
first_id = body.first_id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (hasMore) {
|
|
|
|
|
afterToken = body.last_id;
|
|
|
|
|
} else {
|
|
|
|
|
last_id = body.last_id;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
data: allAssistants,
|
|
|
|
|
body: {
|
|
|
|
|
data: allAssistants,
|
|
|
|
|
has_more: false,
|
|
|
|
|
first_id,
|
|
|
|
|
last_id,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
/**
|
|
|
|
|
* Asynchronously lists assistants for Azure configured groups.
|
|
|
|
|
*
|
|
|
|
|
* Iterates through Azure configured assistant groups, initializes the client with the current request and response objects,
|
|
|
|
|
* lists assistants based on the provided query parameters, and merges their data alongside the model information into a single array.
|
|
|
|
|
*
|
|
|
|
|
* @async
|
|
|
|
|
* @param {object} params - The parameters object.
|
|
|
|
|
* @param {object} params.req - The request object, used for initializing the client and manipulating the request body.
|
|
|
|
|
* @param {object} params.res - The response object, used for initializing the client.
|
|
|
|
|
* @param {string} params.version - The API version to use.
|
|
|
|
|
* @param {TAzureConfig} params.azureConfig - The Azure configuration object containing assistantGroups and groupMap.
|
|
|
|
|
* @param {object} params.query - The query parameters to list assistants (e.g., limit, order).
|
|
|
|
|
* @returns {Promise<AssistantListResponse>} A promise that resolves to an array of assistant data merged with their respective model information.
|
|
|
|
|
*/
|
|
|
|
|
const listAssistantsForAzure = async ({ req, res, version, azureConfig = {}, query }) => {
|
|
|
|
|
/** @type {Array<[string, TAzureModelConfig]>} */
|
|
|
|
|
const groupModelTuples = [];
|
|
|
|
|
const promises = [];
|
|
|
|
|
/** @type {Array<TAzureGroup>} */
|
|
|
|
|
const groups = [];
|
|
|
|
|
|
|
|
|
|
const { groupMap, assistantGroups } = azureConfig;
|
|
|
|
|
|
|
|
|
|
for (const groupName of assistantGroups) {
|
|
|
|
|
const group = groupMap[groupName];
|
|
|
|
|
groups.push(group);
|
|
|
|
|
|
|
|
|
|
const currentModelTuples = Object.entries(group?.models);
|
|
|
|
|
groupModelTuples.push(currentModelTuples);
|
|
|
|
|
|
|
|
|
|
/* The specified model is only necessary to
|
|
|
|
|
fetch assistants for the shared instance */
|
2025-11-25 17:01:19 -05:00
|
|
|
req.body = req.body || {}; // Express 5: req.body is undefined instead of {} when no body parser runs
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
req.body.model = currentModelTuples[0][0];
|
2024-05-28 08:27:45 -04:00
|
|
|
promises.push(listAllAssistants({ req, res, version, query }));
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const resolvedQueries = await Promise.all(promises);
|
|
|
|
|
const data = resolvedQueries.flatMap((res, i) =>
|
|
|
|
|
res.data.map((assistant) => {
|
|
|
|
|
const deploymentName = assistant.model;
|
|
|
|
|
const currentGroup = groups[i];
|
|
|
|
|
const currentModelTuples = groupModelTuples[i];
|
|
|
|
|
const firstModel = currentModelTuples[0][0];
|
|
|
|
|
|
|
|
|
|
if (currentGroup.deploymentName === deploymentName) {
|
|
|
|
|
return { ...assistant, model: firstModel };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (const [model, modelConfig] of currentModelTuples) {
|
|
|
|
|
if (modelConfig.deploymentName === deploymentName) {
|
|
|
|
|
return { ...assistant, model };
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return { ...assistant, model: firstModel };
|
|
|
|
|
}),
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
first_id: data[0]?.id,
|
|
|
|
|
last_id: data[data.length - 1]?.id,
|
|
|
|
|
object: 'list',
|
|
|
|
|
has_more: false,
|
|
|
|
|
data,
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2025-08-02 12:19:58 -04:00
|
|
|
/**
|
|
|
|
|
* Initializes the OpenAI client.
|
|
|
|
|
* @param {object} params - The parameters object.
|
|
|
|
|
* @param {ServerRequest} params.req - The request object.
|
|
|
|
|
* @param {ServerResponse} params.res - The response object.
|
|
|
|
|
* @param {TEndpointOption} params.endpointOption - The endpoint options.
|
|
|
|
|
* @param {boolean} params.initAppClient - Whether to initialize the app client.
|
|
|
|
|
* @param {string} params.overrideEndpoint - The endpoint to override.
|
2025-11-25 15:20:07 -05:00
|
|
|
* @returns {Promise<{ openai: OpenAI, openAIApiKey: string }>} - The initialized OpenAI SDK client.
|
2025-08-02 12:19:58 -04:00
|
|
|
*/
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
async function getOpenAIClient({ req, res, endpointOption, initAppClient, overrideEndpoint }) {
|
2025-12-12 14:04:28 -05:00
|
|
|
let endpoint = overrideEndpoint ?? req.body?.endpoint ?? req.query?.endpoint;
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
const version = await getCurrentVersion(req, endpoint);
|
|
|
|
|
if (!endpoint) {
|
|
|
|
|
throw new Error(`[${req.baseUrl}] Endpoint is required`);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let result;
|
|
|
|
|
if (endpoint === EModelEndpoint.assistants) {
|
|
|
|
|
result = await initializeClient({ req, res, version, endpointOption, initAppClient });
|
|
|
|
|
} else if (endpoint === EModelEndpoint.azureAssistants) {
|
|
|
|
|
result = await initAzureClient({ req, res, version, endpointOption, initAppClient });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-28 08:27:45 -04:00
|
|
|
/**
|
|
|
|
|
* Returns a list of assistants.
|
|
|
|
|
* @param {object} params
|
|
|
|
|
* @param {object} params.req - Express Request
|
|
|
|
|
* @param {AssistantListParams} [params.req.query] - The assistant list parameters for pagination and sorting.
|
|
|
|
|
* @param {object} params.res - Express Response
|
|
|
|
|
* @param {string} [params.overrideEndpoint] - The endpoint to override the request endpoint.
|
|
|
|
|
* @returns {Promise<AssistantListResponse>} 200 - success response - application/json
|
|
|
|
|
*/
|
|
|
|
|
const fetchAssistants = async ({ req, res, overrideEndpoint }) => {
|
2025-08-26 12:10:18 -04:00
|
|
|
const appConfig = req.config;
|
2024-05-28 08:27:45 -04:00
|
|
|
const {
|
|
|
|
|
limit = 100,
|
|
|
|
|
order = 'desc',
|
|
|
|
|
after,
|
|
|
|
|
before,
|
|
|
|
|
endpoint,
|
|
|
|
|
} = req.query ?? {
|
|
|
|
|
endpoint: overrideEndpoint,
|
|
|
|
|
...defaultOrderQuery,
|
|
|
|
|
};
|
|
|
|
|
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
const version = await getCurrentVersion(req, endpoint);
|
|
|
|
|
const query = { limit, order, after, before };
|
|
|
|
|
|
|
|
|
|
/** @type {AssistantListResponse} */
|
|
|
|
|
let body;
|
|
|
|
|
|
|
|
|
|
if (endpoint === EModelEndpoint.assistants) {
|
2024-05-28 08:27:45 -04:00
|
|
|
({ body } = await listAllAssistants({ req, res, version, query }));
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
} else if (endpoint === EModelEndpoint.azureAssistants) {
|
2025-08-26 12:10:18 -04:00
|
|
|
const azureConfig = appConfig.endpoints?.[EModelEndpoint.azureOpenAI];
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
body = await listAssistantsForAzure({ req, res, version, azureConfig, query });
|
|
|
|
|
}
|
|
|
|
|
|
📜 feat: Implement System Grants for Capability-Based Authorization (#11896)
* feat: Implement System Grants for Role-Based Capabilities
- Added a new `systemGrant` model and associated methods to manage role-based capabilities within the application.
- Introduced middleware functions `hasCapability` and `requireCapability` to check user permissions based on their roles.
- Updated the database seeding process to include system grants for the ADMIN role, ensuring all necessary capabilities are assigned on startup.
- Enhanced type definitions and schemas to support the new system grant functionality, improving overall type safety and clarity in the codebase.
* test: Add unit tests for capabilities middleware and system grant methods
- Introduced comprehensive unit tests for the capabilities middleware, including `hasCapability` and `requireCapability`, ensuring proper permission checks based on user roles.
- Added tests for the `SystemGrant` methods, verifying the seeding of system grants, capability granting, and revocation processes.
- Enhanced test coverage for edge cases, including idempotency of grant operations and handling of unexpected errors in middleware.
- Utilized mocks for database interactions to isolate tests and improve reliability.
* refactor: Transition to Capability-Based Access Control
- Replaced role-based access checks with capability-based checks across various middleware and routes, enhancing permission management.
- Introduced `hasCapability` and `requireCapability` functions to streamline capability verification for user actions.
- Updated relevant routes and middleware to utilize the new capability system, ensuring consistent permission enforcement.
- Enhanced type definitions and added tests for the new capability functions, improving overall code reliability and maintainability.
* test: Enhance capability-based access tests for ADMIN role
- Updated tests to reflect the new capability-based access control, specifically for the ADMIN role.
- Modified test descriptions to clarify that users with the MANAGE_AGENTS capability can bypass permission checks.
- Seeded capabilities for the ADMIN role in multiple test files to ensure consistent permission checks across different routes and middleware.
- Improved overall test coverage for capability verification, ensuring robust permission management.
* test: Update capability tests for MCP server access
- Renamed test to reflect the correct capability for bypassing permission checks, changing from MANAGE_AGENTS to MANAGE_MCP_SERVERS.
- Updated seeding of capabilities for the ADMIN role to align with the new capability structure.
- Ensured consistency in capability definitions across tests and middleware for improved permission management.
* feat: Add hasConfigCapability for enhanced config access control
- Introduced `hasConfigCapability` function to check user permissions for managing or reading specific config sections.
- Updated middleware to export the new capability function, ensuring consistent access control across the application.
- Enhanced unit tests to cover various scenarios for the new capability, improving overall test coverage and reliability.
* fix: Update tenantId filter in createSystemGrantMethods
- Added a condition to set tenantId filter to { $exists: false } when tenantId is null, ensuring proper handling of cases where tenantId is not provided.
- This change improves the robustness of the system grant methods by explicitly managing the absence of tenantId in the filter logic.
* fix: account deletion capability check
- Updated the `canDeleteAccount` middleware to ensure that the `hasManageUsers` capability check only occurs if a user is present, preventing potential errors when the user object is undefined.
- This change improves the robustness of the account deletion logic by ensuring proper handling of user permissions.
* refactor: Optimize seeding of system grants for ADMIN role
- Replaced sequential capability granting with parallel execution using Promise.all in the seedSystemGrants function.
- This change improves performance and efficiency during the initialization of system grants, ensuring all capabilities are granted concurrently.
* refactor: Simplify systemGrantSchema index definition
- Removed the sparse option from the unique index on principalType, principalId, capability, and tenantId in the systemGrantSchema.
- This change streamlines the index definition, potentially improving query performance and clarity in the schema design.
* refactor: Reorganize role capability check in roles route
- Moved the capability check for reading roles to occur after parsing the roleName, improving code clarity and structure.
- This change ensures that the authorization logic is consistently applied before fetching role details, enhancing overall permission management.
* refactor: Remove unused ISystemGrant interface from systemCapabilities.ts
- Deleted the ISystemGrant interface as it was no longer needed, streamlining the code and improving clarity.
- This change helps reduce clutter in the file and focuses on relevant capabilities for the system.
* refactor: Migrate SystemCapabilities to data-schemas
- Replaced imports of SystemCapabilities from 'librechat-data-provider' with imports from '@librechat/data-schemas' across multiple files.
- This change centralizes the management of system capabilities, improving code organization and maintainability.
* refactor: Update account deletion middleware and capability checks
- Modified the `canDeleteAccount` middleware to ensure that the account deletion permission is only granted to users with the `MANAGE_USERS` capability, improving security and clarity in permission management.
- Enhanced error logging for unauthorized account deletion attempts, providing better insights into permission issues.
- Updated the `capabilities.ts` file to ensure consistent handling of user authentication checks, improving robustness in capability verification.
- Refined type definitions in `systemGrant.ts` and `systemGrantMethods.ts` to utilize the `PrincipalType` enum, enhancing type safety and code clarity.
* refactor: Extract principal ID normalization into a separate function
- Introduced `normalizePrincipalId` function to streamline the normalization of principal IDs based on their type, enhancing code clarity and reusability.
- Updated references in `createSystemGrantMethods` to utilize the new normalization function, improving maintainability and reducing code duplication.
* test: Add unit tests for principalId normalization in systemGrant
- Introduced tests for the `grantCapability`, `revokeCapability`, and `getCapabilitiesForPrincipal` methods to verify correct handling of principalId normalization between string and ObjectId formats.
- Enhanced the `capabilities.ts` middleware to utilize the `PrincipalType` enum for improved type safety.
- Added a new utility function `normalizePrincipalId` to streamline principal ID normalization logic, ensuring consistent behavior across the application.
* feat: Introduce capability implications and enhance system grant methods
- Added `CapabilityImplications` to define relationships between broader and implied capabilities, allowing for more intuitive permission checks.
- Updated `createSystemGrantMethods` to expand capability queries to include implied capabilities, improving authorization logic.
- Enhanced `systemGrantSchema` to include an `expiresAt` field for future TTL enforcement of grants, and added validation to ensure `tenantId` is not set to null.
- Documented authorization requirements for prompt group and prompt deletion methods to clarify access control expectations.
* test: Add unit tests for canDeleteAccount middleware
- Introduced unit tests for the `canDeleteAccount` middleware to verify account deletion permissions based on user roles and capabilities.
- Covered scenarios for both allowed and blocked account deletions, including checks for ADMIN users with the `MANAGE_USERS` capability and handling of undefined user cases.
- Enhanced test structure to ensure clarity and maintainability of permission checks in the middleware.
* fix: Add principalType enum validation to SystemGrant schema
Without enum validation, any string value was accepted for principalType
and silently stored. Invalid documents would never match capability
queries, creating phantom grants impossible to diagnose without raw DB
inspection. All other ACL models in the codebase validate this field.
* fix: Replace seedSystemGrants Promise.all with bulkWrite for concurrency safety
When two server instances start simultaneously (K8s rolling deploy, PM2
cluster), both call seedSystemGrants. With Promise.all + findOneAndUpdate
upsert, both instances may attempt to insert the same documents, causing
E11000 duplicate key errors that crash server startup.
bulkWrite with ordered:false handles concurrent upserts gracefully and
reduces 17 individual round trips to a single network call. The returned
documents (previously discarded) are no longer fetched.
* perf: Add AsyncLocalStorage per-request cache for capability checks
Every hasCapability call previously required 2 DB round trips
(getUserPrincipals + SystemGrant.exists) — replacing what were O(1)
string comparisons. Routes like patchPromptGroup triggered this twice,
and hasConfigCapability's fallback path resolved principals twice.
This adds a per-request AsyncLocalStorage cache that:
- Caches resolved principals (same for all checks within one request)
- Caches capability check results (same user+cap = same answer)
- Automatically scoped to request lifetime (no stale grants)
- Falls through to DB when no store exists (background jobs, tests)
- Requires no signature changes to hasCapability
The capabilityContextMiddleware is registered at the app level before
all routes, initializing a fresh store per request.
* fix: Add error handling for inline hasCapability calls
canDeleteAccount, fetchAssistants, and validateAuthor all call
hasCapability without try-catch. These were previously O(1) string
comparisons that could never throw. Now they hit the database and can
fail on connection timeout or transient errors.
Wrap each call in try-catch, defaulting to deny (false) on error.
This ensures a DB hiccup returns a clean 403 instead of an unhandled
500 with a stack trace.
* test: Add canDeleteAccount DB-error resilience test
Tests that hasCapability rejection (e.g., DB timeout) results in a clean
403 rather than an unhandled exception. Validates the error handling
added in the previous commit.
* refactor: Use barrel import for hasCapability in validateAuthor
Import from ~/server/middleware barrel instead of directly from
~/server/middleware/roles/capabilities for consistency with other
non-middleware consumers. Files within the middleware barrel itself
must continue using direct imports to avoid circular requires.
* refactor: Remove misleading pre('save') hook from SystemGrant schema
The pre('save') hook normalized principalId for USER/GROUP principals,
but the primary write path (grantCapability) uses findOneAndUpdate —
which does not trigger save hooks. The normalization was already handled
explicitly in grantCapability itself. The hook created a false impression
of schema-level enforcement that only covered save()/create() paths.
Replace with a comment documenting that all writes must go through
grantCapability.
* feat: Add READ_ASSISTANTS capability to complete manage/read pair
Every other managed resource had a paired READ_X / MANAGE_X capability
except assistants. This adds READ_ASSISTANTS and registers the
MANAGE_ASSISTANTS → READ_ASSISTANTS implication in CapabilityImplications,
enabling future read-only assistant visibility grants.
* chore: Reorder systemGrant methods for clarity
Moved hasCapabilityForPrincipals to a more logical position in the returned object of createSystemGrantMethods, improving code readability. This change also maintains the inclusion of seedSystemGrants in the export, ensuring all necessary methods are available.
* fix: Wrap seedSystemGrants in try-catch to avoid blocking startup
Seeding capabilities is idempotent and will succeed on the next restart.
A transient DB error during seeding should not prevent the server from
starting — log the error and continue.
* refactor: Improve capability check efficiency and add audit logging
Move hasCapability calls after cheap early-exits in validateAuthor and
fetchAssistants so the DB check only runs when its result matters. Add
logger.debug on every capability bypass grant across all 7 call sites
for auditability, and log errors in catch blocks instead of silently
swallowing them.
* test: Add integration tests for AsyncLocalStorage capability caching
Exercises the full vertical — ALS context, generateCapabilityCheck,
real getUserPrincipals, real hasCapabilityForPrincipals, real MongoDB
via MongoMemoryServer. Covers per-request caching, cross-context
isolation, concurrent request isolation, negative caching, capability
implications, tenant scoping, group-based grants, and requireCapability
middleware.
* test: Add systemGrant data-layer and ALS edge-case integration tests
systemGrant.spec.ts (51 tests): Full integration tests for all
systemGrant methods against real MongoDB — grant/revoke lifecycle,
principalId normalization (string→ObjectId for USER/GROUP, string for
ROLE), capability implications (both directions), tenant scoping,
schema validation (null tenantId, invalid enum, required fields,
unique compound index).
capabilities.integration.spec.ts (27 tests): Adds ALS edge cases —
missing context degrades gracefully with no caching (background jobs,
child processes), nested middleware creates independent inner context,
optional-chaining safety when store is undefined, mid-request grant
changes are invisible due to result caching, requireCapability works
without ALS, and interleaved concurrent contexts maintain isolation.
* fix: Add worker thread guards to capability ALS usage
Detect when hasCapability or capabilityContextMiddleware is called from
a worker thread (where ALS context does not propagate from the parent).
hasCapability logs a warn-once per factory instance; the middleware logs
an error since mounting Express middleware in a worker is likely a
misconfiguration. Both continue to function correctly — the guard is
observability, not a hard block.
* fix: Include tenantId in ALS principal cache key for tenant isolation
The principal cache key was user.id:user.role, which would reuse
cached principals across tenants for the same user within a request.
When getUserPrincipals gains tenant-scoped group resolution, principals
from tenant-a would incorrectly serve tenant-b checks. Changed to
user.id:user.role:user.tenantId to prevent cross-tenant cache hits.
Adds integration test proving separate principal lookups per tenantId.
* test: Remove redundant mocked capabilities.spec.js
The JS wrapper test (7 tests, all mocked) is a strict subset of
capabilities.integration.spec.ts (28 tests, real MongoDB). Every
scenario it covered — hasCapability true/false, tenantId passthrough,
requireCapability 403/500, error handling — is tested with higher
fidelity in the integration suite.
* test: Replace mocked canDeleteAccount tests with real MongoDB integration
Remove hasCapability mock — tests now exercise the full capability
chain against real MongoDB (getUserPrincipals, hasCapabilityForPrincipals,
SystemGrant collection). Only mocks remaining are logger and cache.
Adds new coverage: admin role without grant is blocked, user-level
grant bypasses deletion restriction, null user handling.
* test: Add comprehensive tests for ACL entry management and user group methods
Introduces new tests for `deleteAclEntries`, `bulkWriteAclEntries`, and `findPublicResourceIds` in `aclEntry.spec.ts`, ensuring proper functionality for deleting and bulk managing ACL entries. Additionally, enhances `userGroup.spec.ts` with tests for finding groups by ID and name pattern, including external ID matching and source filtering. These changes improve coverage and validate the integrity of ACL and user group operations against real MongoDB interactions.
* refactor: Update capability checks and logging for better clarity and error handling
Replaced `MANAGE_USERS` with `ACCESS_ADMIN` in the `canDeleteAccount` middleware and related tests to align with updated permission structure. Enhanced logging in various middleware functions to use `logger.warn` for capability check failures, providing clearer error messages. Additionally, refactored capability checks in the `patchPromptGroup` and `validateAuthor` functions to improve readability and maintainability. This commit also includes adjustments to the `systemGrant` methods to implement retry logic for transient failures during capability seeding, ensuring robustness in the face of database errors.
* refactor: Enhance logging and retry logic in seedSystemGrants method
Updated the logging format in the seedSystemGrants method to include error messages for better clarity. Improved the retry mechanism by explicitly mocking multiple failures in tests, ensuring robust error handling during transient database issues. Additionally, refined imports in the systemGrant schema for better type management.
* refactor: Consolidate imports in canDeleteAccount middleware
Merged logger and SystemCapabilities imports from the data-schemas module into a single line for improved readability and maintainability of the code. This change streamlines the import statements in the canDeleteAccount middleware.
* test: Enhance systemGrant tests for error handling and capability validation
Added tests to the systemGrant methods to handle various error scenarios, including E11000 race conditions, invalid ObjectId strings for USER and GROUP principals, and invalid capability strings. These enhancements improve the robustness of the capability granting and revoking logic, ensuring proper error propagation and validation of inputs.
* fix: Wrap hasCapability calls in deny-by-default try-catch at remaining sites
canAccessResource, files.js, and roles.js all had hasCapability inside
outer try-catch blocks that returned 500 on DB failure instead of
falling through to the regular ACL check. This contradicts the
deny-by-default pattern used everywhere else.
Also removes raw error.message from the roles.js 500 response to
prevent internal host/connection info leaking to clients.
* fix: Normalize user ID in canDeleteAccount before passing to hasCapability
requireCapability normalizes req.user.id via _id?.toString() fallback,
but canDeleteAccount passed raw req.user directly. If req.user.id is
absent (some auth layers only populate _id), getUserPrincipals received
undefined, silently returning empty principals and blocking the bypass.
* fix: Harden systemGrant schema and type safety
- Reject empty string tenantId in schema validator (was only blocking
null; empty string silently orphaned documents)
- Fix reverseImplications to use BaseSystemCapability[] instead of
string[], preserving the narrow discriminated type
- Document READ_ASSISTANTS as reserved/unenforced
* test: Use fake timers for seedSystemGrants retry tests and add tenantId validation
- Switch retry tests to jest.useFakeTimers() to eliminate 3+ seconds
of real setTimeout delays per test run
- Add regression test for empty-string tenantId rejection
* docs: Add TODO(#12091) comments for tenant-scoped capability gaps
In multi-tenant mode, platform-level grants (no tenantId) won't match
tenant-scoped queries, breaking admin access. getUserPrincipals also
returns cross-tenant group memberships. Both need fixes in #12091.
2026-03-07 13:56:32 -05:00
|
|
|
if (!appConfig.endpoints?.[endpoint]) {
|
2024-05-28 08:27:45 -04:00
|
|
|
return body;
|
📜 feat: Implement System Grants for Capability-Based Authorization (#11896)
* feat: Implement System Grants for Role-Based Capabilities
- Added a new `systemGrant` model and associated methods to manage role-based capabilities within the application.
- Introduced middleware functions `hasCapability` and `requireCapability` to check user permissions based on their roles.
- Updated the database seeding process to include system grants for the ADMIN role, ensuring all necessary capabilities are assigned on startup.
- Enhanced type definitions and schemas to support the new system grant functionality, improving overall type safety and clarity in the codebase.
* test: Add unit tests for capabilities middleware and system grant methods
- Introduced comprehensive unit tests for the capabilities middleware, including `hasCapability` and `requireCapability`, ensuring proper permission checks based on user roles.
- Added tests for the `SystemGrant` methods, verifying the seeding of system grants, capability granting, and revocation processes.
- Enhanced test coverage for edge cases, including idempotency of grant operations and handling of unexpected errors in middleware.
- Utilized mocks for database interactions to isolate tests and improve reliability.
* refactor: Transition to Capability-Based Access Control
- Replaced role-based access checks with capability-based checks across various middleware and routes, enhancing permission management.
- Introduced `hasCapability` and `requireCapability` functions to streamline capability verification for user actions.
- Updated relevant routes and middleware to utilize the new capability system, ensuring consistent permission enforcement.
- Enhanced type definitions and added tests for the new capability functions, improving overall code reliability and maintainability.
* test: Enhance capability-based access tests for ADMIN role
- Updated tests to reflect the new capability-based access control, specifically for the ADMIN role.
- Modified test descriptions to clarify that users with the MANAGE_AGENTS capability can bypass permission checks.
- Seeded capabilities for the ADMIN role in multiple test files to ensure consistent permission checks across different routes and middleware.
- Improved overall test coverage for capability verification, ensuring robust permission management.
* test: Update capability tests for MCP server access
- Renamed test to reflect the correct capability for bypassing permission checks, changing from MANAGE_AGENTS to MANAGE_MCP_SERVERS.
- Updated seeding of capabilities for the ADMIN role to align with the new capability structure.
- Ensured consistency in capability definitions across tests and middleware for improved permission management.
* feat: Add hasConfigCapability for enhanced config access control
- Introduced `hasConfigCapability` function to check user permissions for managing or reading specific config sections.
- Updated middleware to export the new capability function, ensuring consistent access control across the application.
- Enhanced unit tests to cover various scenarios for the new capability, improving overall test coverage and reliability.
* fix: Update tenantId filter in createSystemGrantMethods
- Added a condition to set tenantId filter to { $exists: false } when tenantId is null, ensuring proper handling of cases where tenantId is not provided.
- This change improves the robustness of the system grant methods by explicitly managing the absence of tenantId in the filter logic.
* fix: account deletion capability check
- Updated the `canDeleteAccount` middleware to ensure that the `hasManageUsers` capability check only occurs if a user is present, preventing potential errors when the user object is undefined.
- This change improves the robustness of the account deletion logic by ensuring proper handling of user permissions.
* refactor: Optimize seeding of system grants for ADMIN role
- Replaced sequential capability granting with parallel execution using Promise.all in the seedSystemGrants function.
- This change improves performance and efficiency during the initialization of system grants, ensuring all capabilities are granted concurrently.
* refactor: Simplify systemGrantSchema index definition
- Removed the sparse option from the unique index on principalType, principalId, capability, and tenantId in the systemGrantSchema.
- This change streamlines the index definition, potentially improving query performance and clarity in the schema design.
* refactor: Reorganize role capability check in roles route
- Moved the capability check for reading roles to occur after parsing the roleName, improving code clarity and structure.
- This change ensures that the authorization logic is consistently applied before fetching role details, enhancing overall permission management.
* refactor: Remove unused ISystemGrant interface from systemCapabilities.ts
- Deleted the ISystemGrant interface as it was no longer needed, streamlining the code and improving clarity.
- This change helps reduce clutter in the file and focuses on relevant capabilities for the system.
* refactor: Migrate SystemCapabilities to data-schemas
- Replaced imports of SystemCapabilities from 'librechat-data-provider' with imports from '@librechat/data-schemas' across multiple files.
- This change centralizes the management of system capabilities, improving code organization and maintainability.
* refactor: Update account deletion middleware and capability checks
- Modified the `canDeleteAccount` middleware to ensure that the account deletion permission is only granted to users with the `MANAGE_USERS` capability, improving security and clarity in permission management.
- Enhanced error logging for unauthorized account deletion attempts, providing better insights into permission issues.
- Updated the `capabilities.ts` file to ensure consistent handling of user authentication checks, improving robustness in capability verification.
- Refined type definitions in `systemGrant.ts` and `systemGrantMethods.ts` to utilize the `PrincipalType` enum, enhancing type safety and code clarity.
* refactor: Extract principal ID normalization into a separate function
- Introduced `normalizePrincipalId` function to streamline the normalization of principal IDs based on their type, enhancing code clarity and reusability.
- Updated references in `createSystemGrantMethods` to utilize the new normalization function, improving maintainability and reducing code duplication.
* test: Add unit tests for principalId normalization in systemGrant
- Introduced tests for the `grantCapability`, `revokeCapability`, and `getCapabilitiesForPrincipal` methods to verify correct handling of principalId normalization between string and ObjectId formats.
- Enhanced the `capabilities.ts` middleware to utilize the `PrincipalType` enum for improved type safety.
- Added a new utility function `normalizePrincipalId` to streamline principal ID normalization logic, ensuring consistent behavior across the application.
* feat: Introduce capability implications and enhance system grant methods
- Added `CapabilityImplications` to define relationships between broader and implied capabilities, allowing for more intuitive permission checks.
- Updated `createSystemGrantMethods` to expand capability queries to include implied capabilities, improving authorization logic.
- Enhanced `systemGrantSchema` to include an `expiresAt` field for future TTL enforcement of grants, and added validation to ensure `tenantId` is not set to null.
- Documented authorization requirements for prompt group and prompt deletion methods to clarify access control expectations.
* test: Add unit tests for canDeleteAccount middleware
- Introduced unit tests for the `canDeleteAccount` middleware to verify account deletion permissions based on user roles and capabilities.
- Covered scenarios for both allowed and blocked account deletions, including checks for ADMIN users with the `MANAGE_USERS` capability and handling of undefined user cases.
- Enhanced test structure to ensure clarity and maintainability of permission checks in the middleware.
* fix: Add principalType enum validation to SystemGrant schema
Without enum validation, any string value was accepted for principalType
and silently stored. Invalid documents would never match capability
queries, creating phantom grants impossible to diagnose without raw DB
inspection. All other ACL models in the codebase validate this field.
* fix: Replace seedSystemGrants Promise.all with bulkWrite for concurrency safety
When two server instances start simultaneously (K8s rolling deploy, PM2
cluster), both call seedSystemGrants. With Promise.all + findOneAndUpdate
upsert, both instances may attempt to insert the same documents, causing
E11000 duplicate key errors that crash server startup.
bulkWrite with ordered:false handles concurrent upserts gracefully and
reduces 17 individual round trips to a single network call. The returned
documents (previously discarded) are no longer fetched.
* perf: Add AsyncLocalStorage per-request cache for capability checks
Every hasCapability call previously required 2 DB round trips
(getUserPrincipals + SystemGrant.exists) — replacing what were O(1)
string comparisons. Routes like patchPromptGroup triggered this twice,
and hasConfigCapability's fallback path resolved principals twice.
This adds a per-request AsyncLocalStorage cache that:
- Caches resolved principals (same for all checks within one request)
- Caches capability check results (same user+cap = same answer)
- Automatically scoped to request lifetime (no stale grants)
- Falls through to DB when no store exists (background jobs, tests)
- Requires no signature changes to hasCapability
The capabilityContextMiddleware is registered at the app level before
all routes, initializing a fresh store per request.
* fix: Add error handling for inline hasCapability calls
canDeleteAccount, fetchAssistants, and validateAuthor all call
hasCapability without try-catch. These were previously O(1) string
comparisons that could never throw. Now they hit the database and can
fail on connection timeout or transient errors.
Wrap each call in try-catch, defaulting to deny (false) on error.
This ensures a DB hiccup returns a clean 403 instead of an unhandled
500 with a stack trace.
* test: Add canDeleteAccount DB-error resilience test
Tests that hasCapability rejection (e.g., DB timeout) results in a clean
403 rather than an unhandled exception. Validates the error handling
added in the previous commit.
* refactor: Use barrel import for hasCapability in validateAuthor
Import from ~/server/middleware barrel instead of directly from
~/server/middleware/roles/capabilities for consistency with other
non-middleware consumers. Files within the middleware barrel itself
must continue using direct imports to avoid circular requires.
* refactor: Remove misleading pre('save') hook from SystemGrant schema
The pre('save') hook normalized principalId for USER/GROUP principals,
but the primary write path (grantCapability) uses findOneAndUpdate —
which does not trigger save hooks. The normalization was already handled
explicitly in grantCapability itself. The hook created a false impression
of schema-level enforcement that only covered save()/create() paths.
Replace with a comment documenting that all writes must go through
grantCapability.
* feat: Add READ_ASSISTANTS capability to complete manage/read pair
Every other managed resource had a paired READ_X / MANAGE_X capability
except assistants. This adds READ_ASSISTANTS and registers the
MANAGE_ASSISTANTS → READ_ASSISTANTS implication in CapabilityImplications,
enabling future read-only assistant visibility grants.
* chore: Reorder systemGrant methods for clarity
Moved hasCapabilityForPrincipals to a more logical position in the returned object of createSystemGrantMethods, improving code readability. This change also maintains the inclusion of seedSystemGrants in the export, ensuring all necessary methods are available.
* fix: Wrap seedSystemGrants in try-catch to avoid blocking startup
Seeding capabilities is idempotent and will succeed on the next restart.
A transient DB error during seeding should not prevent the server from
starting — log the error and continue.
* refactor: Improve capability check efficiency and add audit logging
Move hasCapability calls after cheap early-exits in validateAuthor and
fetchAssistants so the DB check only runs when its result matters. Add
logger.debug on every capability bypass grant across all 7 call sites
for auditability, and log errors in catch blocks instead of silently
swallowing them.
* test: Add integration tests for AsyncLocalStorage capability caching
Exercises the full vertical — ALS context, generateCapabilityCheck,
real getUserPrincipals, real hasCapabilityForPrincipals, real MongoDB
via MongoMemoryServer. Covers per-request caching, cross-context
isolation, concurrent request isolation, negative caching, capability
implications, tenant scoping, group-based grants, and requireCapability
middleware.
* test: Add systemGrant data-layer and ALS edge-case integration tests
systemGrant.spec.ts (51 tests): Full integration tests for all
systemGrant methods against real MongoDB — grant/revoke lifecycle,
principalId normalization (string→ObjectId for USER/GROUP, string for
ROLE), capability implications (both directions), tenant scoping,
schema validation (null tenantId, invalid enum, required fields,
unique compound index).
capabilities.integration.spec.ts (27 tests): Adds ALS edge cases —
missing context degrades gracefully with no caching (background jobs,
child processes), nested middleware creates independent inner context,
optional-chaining safety when store is undefined, mid-request grant
changes are invisible due to result caching, requireCapability works
without ALS, and interleaved concurrent contexts maintain isolation.
* fix: Add worker thread guards to capability ALS usage
Detect when hasCapability or capabilityContextMiddleware is called from
a worker thread (where ALS context does not propagate from the parent).
hasCapability logs a warn-once per factory instance; the middleware logs
an error since mounting Express middleware in a worker is likely a
misconfiguration. Both continue to function correctly — the guard is
observability, not a hard block.
* fix: Include tenantId in ALS principal cache key for tenant isolation
The principal cache key was user.id:user.role, which would reuse
cached principals across tenants for the same user within a request.
When getUserPrincipals gains tenant-scoped group resolution, principals
from tenant-a would incorrectly serve tenant-b checks. Changed to
user.id:user.role:user.tenantId to prevent cross-tenant cache hits.
Adds integration test proving separate principal lookups per tenantId.
* test: Remove redundant mocked capabilities.spec.js
The JS wrapper test (7 tests, all mocked) is a strict subset of
capabilities.integration.spec.ts (28 tests, real MongoDB). Every
scenario it covered — hasCapability true/false, tenantId passthrough,
requireCapability 403/500, error handling — is tested with higher
fidelity in the integration suite.
* test: Replace mocked canDeleteAccount tests with real MongoDB integration
Remove hasCapability mock — tests now exercise the full capability
chain against real MongoDB (getUserPrincipals, hasCapabilityForPrincipals,
SystemGrant collection). Only mocks remaining are logger and cache.
Adds new coverage: admin role without grant is blocked, user-level
grant bypasses deletion restriction, null user handling.
* test: Add comprehensive tests for ACL entry management and user group methods
Introduces new tests for `deleteAclEntries`, `bulkWriteAclEntries`, and `findPublicResourceIds` in `aclEntry.spec.ts`, ensuring proper functionality for deleting and bulk managing ACL entries. Additionally, enhances `userGroup.spec.ts` with tests for finding groups by ID and name pattern, including external ID matching and source filtering. These changes improve coverage and validate the integrity of ACL and user group operations against real MongoDB interactions.
* refactor: Update capability checks and logging for better clarity and error handling
Replaced `MANAGE_USERS` with `ACCESS_ADMIN` in the `canDeleteAccount` middleware and related tests to align with updated permission structure. Enhanced logging in various middleware functions to use `logger.warn` for capability check failures, providing clearer error messages. Additionally, refactored capability checks in the `patchPromptGroup` and `validateAuthor` functions to improve readability and maintainability. This commit also includes adjustments to the `systemGrant` methods to implement retry logic for transient failures during capability seeding, ensuring robustness in the face of database errors.
* refactor: Enhance logging and retry logic in seedSystemGrants method
Updated the logging format in the seedSystemGrants method to include error messages for better clarity. Improved the retry mechanism by explicitly mocking multiple failures in tests, ensuring robust error handling during transient database issues. Additionally, refined imports in the systemGrant schema for better type management.
* refactor: Consolidate imports in canDeleteAccount middleware
Merged logger and SystemCapabilities imports from the data-schemas module into a single line for improved readability and maintainability of the code. This change streamlines the import statements in the canDeleteAccount middleware.
* test: Enhance systemGrant tests for error handling and capability validation
Added tests to the systemGrant methods to handle various error scenarios, including E11000 race conditions, invalid ObjectId strings for USER and GROUP principals, and invalid capability strings. These enhancements improve the robustness of the capability granting and revoking logic, ensuring proper error propagation and validation of inputs.
* fix: Wrap hasCapability calls in deny-by-default try-catch at remaining sites
canAccessResource, files.js, and roles.js all had hasCapability inside
outer try-catch blocks that returned 500 on DB failure instead of
falling through to the regular ACL check. This contradicts the
deny-by-default pattern used everywhere else.
Also removes raw error.message from the roles.js 500 response to
prevent internal host/connection info leaking to clients.
* fix: Normalize user ID in canDeleteAccount before passing to hasCapability
requireCapability normalizes req.user.id via _id?.toString() fallback,
but canDeleteAccount passed raw req.user directly. If req.user.id is
absent (some auth layers only populate _id), getUserPrincipals received
undefined, silently returning empty principals and blocking the bypass.
* fix: Harden systemGrant schema and type safety
- Reject empty string tenantId in schema validator (was only blocking
null; empty string silently orphaned documents)
- Fix reverseImplications to use BaseSystemCapability[] instead of
string[], preserving the narrow discriminated type
- Document READ_ASSISTANTS as reserved/unenforced
* test: Use fake timers for seedSystemGrants retry tests and add tenantId validation
- Switch retry tests to jest.useFakeTimers() to eliminate 3+ seconds
of real setTimeout delays per test run
- Add regression test for empty-string tenantId rejection
* docs: Add TODO(#12091) comments for tenant-scoped capability gaps
In multi-tenant mode, platform-level grants (no tenantId) won't match
tenant-scoped queries, breaking admin access. getUserPrincipals also
returns cross-tenant group memberships. Both need fixes in #12091.
2026-03-07 13:56:32 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let canManageAssistants = false;
|
|
|
|
|
try {
|
|
|
|
|
canManageAssistants = await hasCapability(req.user, SystemCapabilities.MANAGE_ASSISTANTS);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
logger.warn(`[fetchAssistants] capability check failed, denying bypass: ${err.message}`);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (canManageAssistants) {
|
|
|
|
|
logger.debug(`[fetchAssistants] MANAGE_ASSISTANTS bypass for user ${req.user.id}`);
|
2024-05-28 08:27:45 -04:00
|
|
|
return body;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
body.data = filterAssistants({
|
|
|
|
|
userId: req.user.id,
|
|
|
|
|
assistants: body.data,
|
2025-08-26 12:10:18 -04:00
|
|
|
assistantsConfig: appConfig.endpoints?.[endpoint],
|
2024-05-28 08:27:45 -04:00
|
|
|
});
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
return body;
|
|
|
|
|
};
|
|
|
|
|
|
2024-05-28 08:27:45 -04:00
|
|
|
/**
|
|
|
|
|
* Filter assistants based on configuration.
|
|
|
|
|
*
|
|
|
|
|
* @param {object} params - The parameters object.
|
|
|
|
|
* @param {string} params.userId - The user ID to filter private assistants.
|
|
|
|
|
* @param {Assistant[]} params.assistants - The list of assistants to filter.
|
|
|
|
|
* @param {Partial<TAssistantEndpoint>} params.assistantsConfig - The assistant configuration.
|
|
|
|
|
* @returns {Assistant[]} - The filtered list of assistants.
|
|
|
|
|
*/
|
|
|
|
|
function filterAssistants({ assistants, userId, assistantsConfig }) {
|
|
|
|
|
const { supportedIds, excludedIds, privateAssistants } = assistantsConfig;
|
|
|
|
|
if (privateAssistants) {
|
|
|
|
|
return assistants.filter((assistant) => userId === assistant.metadata?.author);
|
|
|
|
|
} else if (supportedIds?.length) {
|
|
|
|
|
return assistants.filter((assistant) => supportedIds.includes(assistant.id));
|
|
|
|
|
} else if (excludedIds?.length) {
|
|
|
|
|
return assistants.filter((assistant) => !excludedIds.includes(assistant.id));
|
|
|
|
|
}
|
|
|
|
|
return assistants;
|
|
|
|
|
}
|
|
|
|
|
|
🤖 feat: OpenAI Assistants v2 (initial support) (#2781)
* 🤖 Assistants V2 Support: Part 1
- Separated Azure Assistants to its own endpoint
- File Search / Vector Store integration is incomplete, but can toggle and use storage from playground
- Code Interpreter resource files can be added but not deleted
- GPT-4o is supported
- Many improvements to the Assistants Endpoint overall
data-provider v2 changes
copy existing route as v1
chore: rename new endpoint to reduce comparison operations and add new azure filesource
api: add azureAssistants part 1
force use of version for assistants/assistantsAzure
chore: switch name back to azureAssistants
refactor type version: string | number
Ensure assistants endpoints have version set
fix: isArchived type issue in ConversationListParams
refactor: update assistants mutations/queries with endpoint/version definitions, update Assistants Map structure
chore: FilePreview component ExtendedFile type assertion
feat: isAssistantsEndpoint helper
chore: remove unused useGenerations
chore(buildTree): type issue
chore(Advanced): type issue (unused component, maybe in future)
first pass for multi-assistant endpoint rewrite
fix(listAssistants): pass params correctly
feat: list separate assistants by endpoint
fix(useTextarea): access assistantMap correctly
fix: assistant endpoint switching, resetting ID
fix: broken during rewrite, selecting assistant mention
fix: set/invalidate assistants endpoint query data correctly
feat: Fix issue with assistant ID not being reset correctly
getOpenAIClient helper function
feat: add toast for assistant deletion
fix: assistants delete right after create issue for azure
fix: assistant patching
refactor: actions to use getOpenAIClient
refactor: consolidate logic into helpers file
fix: issue where conversation data was not initially available
v1 chat support
refactor(spendTokens): only early return if completionTokens isNaN
fix(OpenAIClient): ensure spendTokens has all necessary params
refactor: route/controller logic
fix(assistants/initializeClient): use defaultHeaders field
fix: sanitize default operation id
chore: bump openai package
first pass v2 action service
feat: retroactive domain parsing for actions added via v1
feat: delete db records of actions/assistants on openai assistant deletion
chore: remove vision tools from v2 assistants
feat: v2 upload and delete assistant vision images
WIP first pass, thread attachments
fix: show assistant vision files (save local/firebase copy)
v2 image continue
fix: annotations
fix: refine annotations
show analyze as error if is no longer submitting before progress reaches 1 and show file_search as retrieval tool
fix: abort run, undefined endpoint issue
refactor: consolidate capabilities logic and anticipate versioning
frontend version 2 changes
fix: query selection and filter
add endpoint to unknown filepath
add file ids to resource, deleting in progress
enable/disable file search
remove version log
* 🤖 Assistants V2 Support: Part 2
🎹 fix: Autocompletion Chrome Bug on Action API Key Input
chore: remove `useOriginNavigate`
chore: set correct OpenAI Storage Source
fix: azure file deletions, instantiate clients by source for deletion
update code interpret files info
feat: deleteResourceFileId
chore: increase poll interval as azure easily rate limits
fix: openai file deletions, TODO: evaluate rejected deletion settled promises to determine which to delete from db records
file source icons
update table file filters
chore: file search info and versioning
fix: retrieval update with necessary tool_resources if specified
fix(useMentions): add optional chaining in case listMap value is undefined
fix: force assistant avatar roundedness
fix: azure assistants, check correct flag
chore: bump data-provider
* fix: merge conflict
* ci: fix backend tests due to new updates
* chore: update .env.example
* meilisearch improvements
* localization updates
* chore: update comparisons
* feat: add additional metadata: endpoint, author ID
* chore: azureAssistants ENDPOINTS exclusion warning
2024-05-19 12:56:55 -04:00
|
|
|
module.exports = {
|
|
|
|
|
getOpenAIClient,
|
|
|
|
|
fetchAssistants,
|
|
|
|
|
getCurrentVersion,
|
|
|
|
|
};
|