2025-12-04 21:37:23 +01:00
|
|
|
import { Types } from 'mongoose';
|
|
|
|
|
import {
|
2026-01-23 09:06:29 -05:00
|
|
|
ResourceType,
|
2025-12-04 21:37:23 +01:00
|
|
|
AccessRoleIds,
|
|
|
|
|
PrincipalType,
|
2026-01-23 09:06:29 -05:00
|
|
|
PermissionBits,
|
2025-12-04 21:37:23 +01:00
|
|
|
} from 'librechat-data-provider';
|
2026-01-23 09:06:29 -05:00
|
|
|
import { logger, encryptV2, decryptV2, createMethods } from '@librechat/data-schemas';
|
|
|
|
|
import type { AllMethods, MCPServerDocument } from '@librechat/data-schemas';
|
2025-12-01 00:57:46 +01:00
|
|
|
import type { IServerConfigsRepositoryInterface } from '~/mcp/registry/ServerConfigsRepositoryInterface';
|
2025-12-04 21:37:23 +01:00
|
|
|
import type { ParsedServerConfig, AddServerResult } from '~/mcp/types';
|
2026-01-23 09:06:29 -05:00
|
|
|
import { AccessControlService } from '~/acl/accessControlService';
|
|
|
|
|
|
|
|
|
|
/**
|
🗝️ feat: Credential Variables for DB-Sourced MCP Servers (#12044)
* feat: Allow Credential Variables in Headers for DB-sourced MCP Servers
- Removed the hasCustomUserVars check from ToolService.js, directly retrieving userMCPAuthMap.
- Updated MCPConnectionFactory and related classes to include a dbSourced flag for better handling of database-sourced configurations.
- Added integration tests to ensure proper behavior of dbSourced servers, verifying that sensitive placeholders are not resolved while allowing customUserVars.
- Adjusted various MCP-related files to accommodate the new dbSourced logic, ensuring consistent handling across the codebase.
* chore: MCPConnectionFactory Tests with Additional Flow Metadata for typing
- Updated MCPConnectionFactory tests to include new fields in flowMetadata: serverUrl and state.
- Enhanced mockFlowData in multiple test cases to reflect the updated structure, ensuring comprehensive coverage of the OAuth flow scenarios.
- Added authorization_endpoint to metadata in the test setup for improved validation of the OAuth process.
* refactor: Simplify MCPManager Configuration Handling
- Removed unnecessary type assertions and streamlined the retrieval of server configuration in MCPManager.
- Enhanced the handling of OAuth and database-sourced flags for improved clarity and efficiency.
- Updated tests to reflect changes in user object structure and ensure proper processing of MCP environment variables.
* refactor: Optimize User MCP Auth Map Retrieval in ToolService
- Introduced conditional loading of userMCPAuthMap based on the presence of MCP-delimited tools, improving efficiency by avoiding unnecessary calls.
- Updated the loadToolDefinitionsWrapper and loadAgentTools functions to reflect this change, enhancing overall performance and clarity.
* test: Add userMCPAuthMap gating tests in ToolService
- Introduced new tests to validate the logic for determining if MCP tools are present in the agent's tool list.
- Implemented various scenarios to ensure accurate detection of MCP tools, including edge cases for empty, undefined, and null tool lists.
- Enhanced clarity and coverage of the ToolService capability checking logic.
* refactor: Enhance MCP Environment Variable Processing
- Simplified the handling of the dbSourced parameter in the processMCPEnv function.
- Introduced a failsafe mechanism to derive dbSourced from options if not explicitly provided, improving robustness and clarity in MCP environment variable processing.
* refactor: Update Regex Patterns for Credential Placeholders in ServerConfigsDB
- Modified regex patterns to include additional credential/env placeholders that should not be allowed in user-provided configurations.
- Clarified comments to emphasize the security risks associated with credential exfiltration when MCP servers are shared between users.
* chore: field order
* refactor: Clean Up dbSourced Parameter Handling in processMCPEnv
- Reintroduced the failsafe mechanism for deriving the dbSourced parameter from options, ensuring clarity and robustness in MCP environment variable processing.
- Enhanced code readability by maintaining consistent comment structure.
* refactor: Update MCPOptions Type to Include Optional dbId
- Modified the processMCPEnv function to extend the MCPOptions type, allowing for an optional dbId property.
- Simplified the logic for deriving the dbSourced parameter by directly checking the dbId property, enhancing code clarity and maintainability.
2026-03-03 18:02:37 -05:00
|
|
|
* Regex patterns for credential/env placeholders that should not be allowed in user-provided configs.
|
|
|
|
|
* These would substitute server credentials or the CALLING user's data, creating exfiltration risks
|
|
|
|
|
* when MCP servers are shared between users.
|
2026-01-23 09:06:29 -05:00
|
|
|
*
|
|
|
|
|
* Safe placeholders like {{MCP_API_KEY}} are allowed as they resolve from the user's own plugin auth.
|
|
|
|
|
*/
|
|
|
|
|
const DANGEROUS_CREDENTIAL_PATTERNS = [
|
🗝️ feat: Credential Variables for DB-Sourced MCP Servers (#12044)
* feat: Allow Credential Variables in Headers for DB-sourced MCP Servers
- Removed the hasCustomUserVars check from ToolService.js, directly retrieving userMCPAuthMap.
- Updated MCPConnectionFactory and related classes to include a dbSourced flag for better handling of database-sourced configurations.
- Added integration tests to ensure proper behavior of dbSourced servers, verifying that sensitive placeholders are not resolved while allowing customUserVars.
- Adjusted various MCP-related files to accommodate the new dbSourced logic, ensuring consistent handling across the codebase.
* chore: MCPConnectionFactory Tests with Additional Flow Metadata for typing
- Updated MCPConnectionFactory tests to include new fields in flowMetadata: serverUrl and state.
- Enhanced mockFlowData in multiple test cases to reflect the updated structure, ensuring comprehensive coverage of the OAuth flow scenarios.
- Added authorization_endpoint to metadata in the test setup for improved validation of the OAuth process.
* refactor: Simplify MCPManager Configuration Handling
- Removed unnecessary type assertions and streamlined the retrieval of server configuration in MCPManager.
- Enhanced the handling of OAuth and database-sourced flags for improved clarity and efficiency.
- Updated tests to reflect changes in user object structure and ensure proper processing of MCP environment variables.
* refactor: Optimize User MCP Auth Map Retrieval in ToolService
- Introduced conditional loading of userMCPAuthMap based on the presence of MCP-delimited tools, improving efficiency by avoiding unnecessary calls.
- Updated the loadToolDefinitionsWrapper and loadAgentTools functions to reflect this change, enhancing overall performance and clarity.
* test: Add userMCPAuthMap gating tests in ToolService
- Introduced new tests to validate the logic for determining if MCP tools are present in the agent's tool list.
- Implemented various scenarios to ensure accurate detection of MCP tools, including edge cases for empty, undefined, and null tool lists.
- Enhanced clarity and coverage of the ToolService capability checking logic.
* refactor: Enhance MCP Environment Variable Processing
- Simplified the handling of the dbSourced parameter in the processMCPEnv function.
- Introduced a failsafe mechanism to derive dbSourced from options if not explicitly provided, improving robustness and clarity in MCP environment variable processing.
* refactor: Update Regex Patterns for Credential Placeholders in ServerConfigsDB
- Modified regex patterns to include additional credential/env placeholders that should not be allowed in user-provided configurations.
- Clarified comments to emphasize the security risks associated with credential exfiltration when MCP servers are shared between users.
* chore: field order
* refactor: Clean Up dbSourced Parameter Handling in processMCPEnv
- Reintroduced the failsafe mechanism for deriving the dbSourced parameter from options, ensuring clarity and robustness in MCP environment variable processing.
- Enhanced code readability by maintaining consistent comment structure.
* refactor: Update MCPOptions Type to Include Optional dbId
- Modified the processMCPEnv function to extend the MCPOptions type, allowing for an optional dbId property.
- Simplified the logic for deriving the dbSourced parameter by directly checking the dbId property, enhancing code clarity and maintainability.
2026-03-03 18:02:37 -05:00
|
|
|
/\$\{[^}]+\}/g,
|
2026-01-23 09:06:29 -05:00
|
|
|
/\{\{LIBRECHAT_OPENID_[^}]+\}\}/g,
|
|
|
|
|
/\{\{LIBRECHAT_USER_[^}]+\}\}/g,
|
🗝️ feat: Credential Variables for DB-Sourced MCP Servers (#12044)
* feat: Allow Credential Variables in Headers for DB-sourced MCP Servers
- Removed the hasCustomUserVars check from ToolService.js, directly retrieving userMCPAuthMap.
- Updated MCPConnectionFactory and related classes to include a dbSourced flag for better handling of database-sourced configurations.
- Added integration tests to ensure proper behavior of dbSourced servers, verifying that sensitive placeholders are not resolved while allowing customUserVars.
- Adjusted various MCP-related files to accommodate the new dbSourced logic, ensuring consistent handling across the codebase.
* chore: MCPConnectionFactory Tests with Additional Flow Metadata for typing
- Updated MCPConnectionFactory tests to include new fields in flowMetadata: serverUrl and state.
- Enhanced mockFlowData in multiple test cases to reflect the updated structure, ensuring comprehensive coverage of the OAuth flow scenarios.
- Added authorization_endpoint to metadata in the test setup for improved validation of the OAuth process.
* refactor: Simplify MCPManager Configuration Handling
- Removed unnecessary type assertions and streamlined the retrieval of server configuration in MCPManager.
- Enhanced the handling of OAuth and database-sourced flags for improved clarity and efficiency.
- Updated tests to reflect changes in user object structure and ensure proper processing of MCP environment variables.
* refactor: Optimize User MCP Auth Map Retrieval in ToolService
- Introduced conditional loading of userMCPAuthMap based on the presence of MCP-delimited tools, improving efficiency by avoiding unnecessary calls.
- Updated the loadToolDefinitionsWrapper and loadAgentTools functions to reflect this change, enhancing overall performance and clarity.
* test: Add userMCPAuthMap gating tests in ToolService
- Introduced new tests to validate the logic for determining if MCP tools are present in the agent's tool list.
- Implemented various scenarios to ensure accurate detection of MCP tools, including edge cases for empty, undefined, and null tool lists.
- Enhanced clarity and coverage of the ToolService capability checking logic.
* refactor: Enhance MCP Environment Variable Processing
- Simplified the handling of the dbSourced parameter in the processMCPEnv function.
- Introduced a failsafe mechanism to derive dbSourced from options if not explicitly provided, improving robustness and clarity in MCP environment variable processing.
* refactor: Update Regex Patterns for Credential Placeholders in ServerConfigsDB
- Modified regex patterns to include additional credential/env placeholders that should not be allowed in user-provided configurations.
- Clarified comments to emphasize the security risks associated with credential exfiltration when MCP servers are shared between users.
* chore: field order
* refactor: Clean Up dbSourced Parameter Handling in processMCPEnv
- Reintroduced the failsafe mechanism for deriving the dbSourced parameter from options, ensuring clarity and robustness in MCP environment variable processing.
- Enhanced code readability by maintaining consistent comment structure.
* refactor: Update MCPOptions Type to Include Optional dbId
- Modified the processMCPEnv function to extend the MCPOptions type, allowing for an optional dbId property.
- Simplified the logic for deriving the dbSourced parameter by directly checking the dbId property, enhancing code clarity and maintainability.
2026-03-03 18:02:37 -05:00
|
|
|
/\{\{LIBRECHAT_GRAPH_[^}]+\}\}/g,
|
|
|
|
|
/\{\{LIBRECHAT_BODY_[^}]+\}\}/g,
|
2026-01-23 09:06:29 -05:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Sanitizes headers by removing dangerous credential placeholders.
|
|
|
|
|
* This prevents credential exfiltration when MCP servers are shared between users.
|
|
|
|
|
*
|
|
|
|
|
* @param headers - The headers object to sanitize
|
|
|
|
|
* @returns Sanitized headers with dangerous placeholders removed
|
|
|
|
|
*/
|
|
|
|
|
function sanitizeCredentialPlaceholders(
|
|
|
|
|
headers?: Record<string, string>,
|
|
|
|
|
): Record<string, string> | undefined {
|
|
|
|
|
if (!headers) {
|
|
|
|
|
return headers;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const sanitized: Record<string, string> = {};
|
|
|
|
|
for (const [key, value] of Object.entries(headers)) {
|
|
|
|
|
let sanitizedValue = value;
|
|
|
|
|
for (const pattern of DANGEROUS_CREDENTIAL_PATTERNS) {
|
|
|
|
|
sanitizedValue = sanitizedValue.replace(pattern, '');
|
|
|
|
|
}
|
|
|
|
|
sanitized[key] = sanitizedValue;
|
|
|
|
|
}
|
|
|
|
|
return sanitized;
|
|
|
|
|
}
|
2025-11-28 16:07:09 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* DB backed config storage
|
|
|
|
|
* Handles CRUD Methods of dynamic mcp servers
|
|
|
|
|
* Will handle Permission ACL
|
|
|
|
|
*/
|
|
|
|
|
export class ServerConfigsDB implements IServerConfigsRepositoryInterface {
|
2025-12-01 00:57:46 +01:00
|
|
|
private _dbMethods: AllMethods;
|
2025-12-04 21:37:23 +01:00
|
|
|
private _aclService: AccessControlService;
|
|
|
|
|
private _mongoose: typeof import('mongoose');
|
|
|
|
|
|
2025-12-01 00:57:46 +01:00
|
|
|
constructor(mongoose: typeof import('mongoose')) {
|
|
|
|
|
if (!mongoose) {
|
|
|
|
|
throw new Error('ServerConfigsDB requires mongoose instance');
|
|
|
|
|
}
|
2025-12-04 21:37:23 +01:00
|
|
|
this._mongoose = mongoose;
|
2025-12-01 00:57:46 +01:00
|
|
|
this._dbMethods = createMethods(mongoose);
|
2025-12-04 21:37:23 +01:00
|
|
|
this._aclService = new AccessControlService(mongoose);
|
2025-12-01 00:57:46 +01:00
|
|
|
}
|
|
|
|
|
|
2025-12-04 21:37:23 +01:00
|
|
|
/**
|
|
|
|
|
* Checks if user has access to an MCP server via an agent they can VIEW.
|
|
|
|
|
* @param serverName - The MCP server name to check
|
|
|
|
|
* @param userId - The user ID (optional - if not provided, checks publicly accessible agents)
|
|
|
|
|
* @returns true if user has VIEW access to at least one agent that has this MCP server
|
|
|
|
|
*/
|
|
|
|
|
private async hasAccessViaAgent(serverName: string, userId?: string): Promise<boolean> {
|
|
|
|
|
let accessibleAgentIds: Types.ObjectId[];
|
|
|
|
|
|
|
|
|
|
if (!userId) {
|
2026-01-23 09:06:29 -05:00
|
|
|
/** Publicly accessible agents */
|
2025-12-04 21:37:23 +01:00
|
|
|
accessibleAgentIds = await this._aclService.findPubliclyAccessibleResources({
|
|
|
|
|
resourceType: ResourceType.AGENT,
|
|
|
|
|
requiredPermissions: PermissionBits.VIEW,
|
|
|
|
|
});
|
|
|
|
|
} else {
|
2026-01-23 09:06:29 -05:00
|
|
|
/** User-accessible agents */
|
2025-12-04 21:37:23 +01:00
|
|
|
accessibleAgentIds = await this._aclService.findAccessibleResources({
|
|
|
|
|
userId,
|
|
|
|
|
requiredPermissions: PermissionBits.VIEW,
|
|
|
|
|
resourceType: ResourceType.AGENT,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (accessibleAgentIds.length === 0) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const Agent = this._mongoose.model('Agent');
|
|
|
|
|
const exists = await Agent.exists({
|
|
|
|
|
_id: { $in: accessibleAgentIds },
|
|
|
|
|
mcpServerNames: serverName,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
return exists !== null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Creates a new MCP server and grants owner permissions to the user.
|
|
|
|
|
* @param serverName - Temporary server name (not persisted) will be replaced by the nano id generated by the db method
|
|
|
|
|
* @param config - Server configuration to store
|
|
|
|
|
* @param userId - ID of the user creating the server (required)
|
|
|
|
|
* @returns The created server result with serverName and config (including dbId)
|
|
|
|
|
* @throws Error if userId is not provided
|
|
|
|
|
*/
|
|
|
|
|
public async add(
|
|
|
|
|
serverName: string,
|
|
|
|
|
config: ParsedServerConfig,
|
|
|
|
|
userId?: string,
|
|
|
|
|
): Promise<AddServerResult> {
|
|
|
|
|
logger.debug(
|
|
|
|
|
`[ServerConfigsDB.add] Starting Creating server with temp servername: ${serverName} for the user with the ID ${userId}`,
|
|
|
|
|
);
|
|
|
|
|
if (!userId) {
|
|
|
|
|
throw new Error(
|
|
|
|
|
'[ServerConfigsDB.add] User ID is required to create a database-stored MCP server.',
|
|
|
|
|
);
|
|
|
|
|
}
|
2026-01-23 09:06:29 -05:00
|
|
|
|
|
|
|
|
const sanitizedConfig = {
|
|
|
|
|
...config,
|
|
|
|
|
headers: sanitizeCredentialPlaceholders(
|
|
|
|
|
(config as ParsedServerConfig & { headers?: Record<string, string> }).headers,
|
|
|
|
|
),
|
|
|
|
|
} as ParsedServerConfig;
|
|
|
|
|
|
|
|
|
|
/** Transformed user-provided API key config (adds customUserVars and headers) */
|
|
|
|
|
const transformedConfig = this.transformUserApiKeyConfig(sanitizedConfig);
|
|
|
|
|
/** Encrypted config before storing in database */
|
2025-12-12 19:51:49 +01:00
|
|
|
const encryptedConfig = await this.encryptConfig(transformedConfig);
|
2025-12-10 02:10:56 +01:00
|
|
|
const createdServer = await this._dbMethods.createMCPServer({
|
|
|
|
|
config: encryptedConfig,
|
|
|
|
|
author: userId,
|
|
|
|
|
});
|
2025-12-04 21:37:23 +01:00
|
|
|
await this._aclService.grantPermission({
|
|
|
|
|
principalType: PrincipalType.USER,
|
|
|
|
|
principalId: userId,
|
|
|
|
|
resourceType: ResourceType.MCPSERVER,
|
|
|
|
|
resourceId: createdServer._id,
|
|
|
|
|
accessRoleId: AccessRoleIds.MCPSERVER_OWNER,
|
|
|
|
|
grantedBy: userId,
|
|
|
|
|
});
|
|
|
|
|
return {
|
|
|
|
|
serverName: createdServer.serverName,
|
2025-12-10 02:10:56 +01:00
|
|
|
config: await this.mapDBServerToParsedConfig(createdServer),
|
2025-12-04 21:37:23 +01:00
|
|
|
};
|
2025-11-28 16:07:09 +01:00
|
|
|
}
|
|
|
|
|
|
2025-12-04 21:37:23 +01:00
|
|
|
/**
|
|
|
|
|
*
|
|
|
|
|
* @param serverName mcp server unique identifier "serverName"
|
|
|
|
|
* @param config new Configuration to update
|
|
|
|
|
* @param userId user id required to update DB server config
|
|
|
|
|
*/
|
2025-11-28 16:07:09 +01:00
|
|
|
public async update(
|
|
|
|
|
serverName: string,
|
|
|
|
|
config: ParsedServerConfig,
|
|
|
|
|
userId?: string,
|
|
|
|
|
): Promise<void> {
|
2025-12-04 21:37:23 +01:00
|
|
|
if (!userId) {
|
|
|
|
|
throw new Error(
|
|
|
|
|
'[ServerConfigsDB.update] User ID is required to update a database-stored MCP server.',
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-12 21:04:25 -05:00
|
|
|
const existingServer = await this._dbMethods.findMCPServerByServerName(serverName);
|
2025-12-10 02:10:56 +01:00
|
|
|
|
2026-01-23 09:06:29 -05:00
|
|
|
let configToSave: ParsedServerConfig = {
|
|
|
|
|
...config,
|
|
|
|
|
headers: sanitizeCredentialPlaceholders(
|
|
|
|
|
(config as ParsedServerConfig & { headers?: Record<string, string> }).headers,
|
|
|
|
|
),
|
|
|
|
|
} as ParsedServerConfig;
|
|
|
|
|
|
|
|
|
|
/** Transformed user-provided API key config (adds customUserVars and headers) */
|
2025-12-12 19:51:49 +01:00
|
|
|
configToSave = this.transformUserApiKeyConfig(configToSave);
|
|
|
|
|
|
2026-01-23 09:06:29 -05:00
|
|
|
/** Encrypted config before storing in database */
|
2025-12-12 19:51:49 +01:00
|
|
|
configToSave = await this.encryptConfig(configToSave);
|
|
|
|
|
|
2025-12-10 02:10:56 +01:00
|
|
|
if (!config.oauth?.client_secret && existingServer?.config?.oauth?.client_secret) {
|
|
|
|
|
configToSave = {
|
2025-12-12 19:51:49 +01:00
|
|
|
...configToSave,
|
2025-12-04 21:37:23 +01:00
|
|
|
oauth: {
|
2025-12-12 19:51:49 +01:00
|
|
|
...configToSave.oauth,
|
2025-12-04 21:37:23 +01:00
|
|
|
client_secret: existingServer.config.oauth.client_secret,
|
|
|
|
|
},
|
|
|
|
|
};
|
2025-12-12 19:51:49 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (
|
|
|
|
|
config.apiKey?.source === 'admin' &&
|
|
|
|
|
!config.apiKey?.key &&
|
|
|
|
|
existingServer?.config?.apiKey?.source === 'admin' &&
|
|
|
|
|
existingServer?.config?.apiKey?.key
|
|
|
|
|
) {
|
|
|
|
|
configToSave = {
|
|
|
|
|
...configToSave,
|
|
|
|
|
apiKey: {
|
|
|
|
|
source: configToSave.apiKey!.source,
|
|
|
|
|
authorization_type: configToSave.apiKey!.authorization_type,
|
|
|
|
|
custom_header: configToSave.apiKey?.custom_header,
|
|
|
|
|
key: existingServer.config.apiKey.key,
|
|
|
|
|
},
|
|
|
|
|
};
|
2025-12-04 21:37:23 +01:00
|
|
|
}
|
|
|
|
|
|
2026-03-24 16:31:34 +00:00
|
|
|
// Retain existing encrypted values for secret headers that were submitted with blank values.
|
|
|
|
|
// A blank value means "don't change this secret header" (same pattern as oauth.client_secret).
|
|
|
|
|
// Only preserve when:
|
|
|
|
|
// 1. The key is explicitly present with an empty string (not omitted entirely)
|
|
|
|
|
// 2. The key was already secret in the existing config (to avoid copying plaintext as encrypted)
|
|
|
|
|
const newSecretKeys = configToSave.secretHeaderKeys;
|
|
|
|
|
if (newSecretKeys?.length && existingServer?.config) {
|
|
|
|
|
const existingHeaders = (
|
|
|
|
|
existingServer.config as ParsedServerConfig & { headers?: Record<string, string> }
|
|
|
|
|
).headers;
|
|
|
|
|
const existingSecretKeys = new Set(
|
|
|
|
|
(existingServer.config as ParsedServerConfig & { secretHeaderKeys?: string[] })
|
|
|
|
|
.secretHeaderKeys ?? [],
|
|
|
|
|
);
|
|
|
|
|
const currentHeaders = (
|
|
|
|
|
configToSave as ParsedServerConfig & { headers?: Record<string, string> }
|
|
|
|
|
).headers;
|
|
|
|
|
if (existingHeaders && currentHeaders) {
|
|
|
|
|
const retainedHeaders = { ...currentHeaders };
|
|
|
|
|
for (const secretKey of newSecretKeys) {
|
|
|
|
|
// Check if the header key exists in the payload with an explicitly blank string value.
|
|
|
|
|
// If the key is omitted entirely, allow removal; only preserve on blank string (masked).
|
|
|
|
|
// Also verify this key was already secret to avoid treating plaintext as encrypted.
|
|
|
|
|
if (
|
|
|
|
|
Object.prototype.hasOwnProperty.call(retainedHeaders, secretKey) &&
|
|
|
|
|
retainedHeaders[secretKey] === '' &&
|
|
|
|
|
existingSecretKeys.has(secretKey)
|
|
|
|
|
) {
|
|
|
|
|
const existingValue = existingHeaders[secretKey];
|
|
|
|
|
if (existingValue) {
|
|
|
|
|
retainedHeaders[secretKey] = existingValue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
(configToSave as ParsedServerConfig & { headers?: Record<string, string> }).headers =
|
|
|
|
|
retainedHeaders;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-10 02:10:56 +01:00
|
|
|
await this._dbMethods.updateMCPServer(serverName, { config: configToSave });
|
2025-11-28 16:07:09 +01:00
|
|
|
}
|
|
|
|
|
|
🏗️ feat: 3-Tier MCP Server Architecture with Config-Source Lazy Init (#12435)
* feat: add MCPServerSource type, tenantMcpPolicy schema, and source-based dbSourced wiring
- Add `tenantMcpPolicy` to `mcpSettings` in YAML config schema with
`enabled`, `maxServersPerTenant`, `allowedTransports`, and `allowedDomains`
- Add `MCPServerSource` type ('yaml' | 'config' | 'user') and `source`
field to `ParsedServerConfig`
- Change `dbSourced` determination from `!!config.dbId` to
`config.source === 'user'` across MCPManager, ConnectionsRepository,
UserConnectionManager, and MCPServerInspector
- Set `source: 'user'` on all DB-sourced servers in ServerConfigsDB
* feat: three-layer MCPServersRegistry with config cache and lazy init
- Add `configCacheRepo` as third repository layer between YAML cache and
DB for admin-defined config-source MCP servers
- Implement `ensureConfigServers()` that identifies config-override servers
from resolved `getAppConfig()` mcpConfig, lazily inspects them, and
caches parsed configs with `source: 'config'`
- Add `lazyInitConfigServer()` with timeout, stub-on-failure, and
concurrent-init deduplication via `pendingConfigInits` map
- Extend `getAllServerConfigs()` with optional `configServers` param for
three-way merge: YAML → Config → User
- Add `getServerConfig()` lookup through config cache layer
- Add `invalidateConfigCache()` for clearing config-source inspection
results on admin config mutations
- Tag `source: 'yaml'` on CACHE-stored servers and `source: 'user'` on
DB-stored servers in `addServer()` and `addServerStub()`
* feat: wire tenant context into MCP controllers, services, and cache invalidation
- Resolve config-source servers via `getAppConfig({ role, tenantId })`
in `getMCPTools()` and `getMCPServersList()` controllers
- Pass `ensureConfigServers()` results through `getAllServerConfigs()`
for three-way merge of YAML + Config + User servers
- Add tenant/role context to `getMCPSetupData()` and connection status
routes via `getTenantId()` from ALS
- Add `clearMcpConfigCache()` to `invalidateConfigCaches()` so admin
config mutations trigger re-inspection of config-source MCP servers
* feat: enforce tenantMcpPolicy on admin config mcpServers mutations
- Add `validateMcpServerPolicy()` helper that checks mcpServers against
operator-defined `tenantMcpPolicy` (enabled, maxServersPerTenant,
allowedTransports, allowedDomains)
- Wire validation into `upsertConfigOverrides` and `patchConfigField`
handlers — rejects with 403 when policy is violated
- Infer transport type from config shape (command → stdio, url protocol
→ websocket/sse, type field → streamable-http)
- Validate server domains against policy allowlist when configured
* revert: remove tenantMcpPolicy schema and enforcement
The existing admin config CRUD routes already provide the mechanism
for granular MCP server prepopulation (groups, roles, users). The
tenantMcpPolicy gating adds unnecessary complexity that can be
revisited if needed in the future.
- Remove tenantMcpPolicy from mcpSettings Zod schema
- Remove validateMcpServerPolicy helper and TenantMcpPolicy interface
- Remove policy enforcement from upsertConfigOverrides and
patchConfigField handlers
* test: update test assertions for source field and config-server wiring
- Use objectContaining in MCPServersRegistry reset test to account for
new source: 'yaml' field on CACHE-stored configs
- Add getTenantId and ensureConfigServers mocks to MCP route tests
- Add getAppConfig mock to route test Config service mock
- Update getMCPSetupData assertion to expect second options argument
- Update getAllServerConfigs assertions for new configServers parameter
* fix: disconnect active connections when config-source servers are evicted
When admin config overrides change and config-source MCP servers are
removed, the invalidation now proactively disconnects active connections
for evicted servers instead of leaving them lingering until timeout.
- Return evicted server names from invalidateConfigCache()
- Disconnect app-level connections for evicted servers in
clearMcpConfigCache() via MCPManager.appConnections.disconnect()
* fix: address code review findings (CRITICAL, MAJOR, MINOR)
CRITICAL fixes:
- Scope configCacheRepo keys by config content hash to prevent
cross-tenant cache poisoning when two tenants define the same
server name with different configurations
- Change dbSourced checks from `source === 'user'` to
`source !== 'yaml' && source !== 'config'` so undefined source
(pre-upgrade cached configs) fails closed to restricted mode
MAJOR fixes:
- Derive OAuth servers from already-computed mcpConfig instead of
calling getOAuthServers() separately — config-source OAuth servers
are now properly detected
- Add parseInt radix (10) and NaN guard with fallback to 30_000
for CONFIG_SERVER_INIT_TIMEOUT_MS
- Add CONFIG_CACHE_NAMESPACE to aggregate-key branch in
ServerConfigsCacheFactory to avoid SCAN-based Redis stalls
- Remove `if (role || tenantId)` guard in getMCPSetupData — config
servers now always resolve regardless of tenant context
MINOR fixes:
- Extract resolveAllMcpConfigs() helper in mcp controller to
eliminate 3x copy-pasted config resolution boilerplate
- Distinguish "not initialized" from real errors in
clearMcpConfigCache — log actual failures instead of swallowing
- Remove narrative inline comments per style guide
- Remove dead try/catch inside Promise.allSettled in
ensureConfigServers (inner method never throws)
- Memoize YAML server names to avoid repeated cacheConfigsRepo.getAll()
calls per request
Test updates:
- Add ensureConfigServers mock to registry test fixtures
- Update getMCPSetupData assertions for inline OAuth derivation
* fix: address code review findings (CRITICAL, MAJOR, MINOR)
CRITICAL fixes:
- Break circular dependency: move CONFIG_CACHE_NAMESPACE from
MCPServersRegistry to ServerConfigsCacheFactory
- Fix dbSourced fail-closed: use source field when present, fall back to
legacy dbId check when absent (backward-compatible with pre-upgrade
cached configs that lack source field)
MAJOR fixes:
- Add CONFIG_CACHE_NAMESPACE to aggregate-key set in
ServerConfigsCacheFactory to avoid SCAN-based Redis stalls
- Add comprehensive test suite (ensureConfigServers.test.ts, 18 tests)
covering lazy init, stub-on-failure, cross-tenant isolation via config
hash keys, concurrent deduplication, merge order, and cache invalidation
MINOR fixes:
- Update MCPServerInspector test assertion for dbSourced change
* fix: restore getServerConfig lookup for config-source servers (NEW-1)
Add configNameToKey map that indexes server name → hash-based cache key
for O(1) lookup by name in getServerConfig. This restores the config
cache layer that was dropped when hash-based keys were introduced.
Without this fix, config-source servers appeared in tool listings
(via getAllServerConfigs) but getServerConfig returned undefined,
breaking all connection and tool call paths.
- Populate configNameToKey in ensureSingleConfigServer
- Clear configNameToKey in invalidateConfigCache and reset
- Clear stale read-through cache entries after lazy init
- Remove dead code in invalidateConfigCache (config.title, key parsing)
- Add getServerConfig tests for config-source server lookup
* fix: eliminate configNameToKey race via caller-provided configServers param
Replace the process-global configNameToKey map (last-writer-wins under
concurrent multi-tenant load) with a configServers parameter on
getServerConfig. Callers pass the pre-resolved config servers map
directly — no shared mutable state, no cross-tenant race.
- Add optional configServers param to getServerConfig; when provided,
returns matching config directly without any global lookup
- Remove configNameToKey map entirely (was the source of the race)
- Extract server names from cache keys via lastIndexOf in
invalidateConfigCache (safe for names containing colons)
- Use mcpConfig[serverName] directly in getMCPTools instead of a
redundant getServerConfig call
- Add cross-tenant isolation test for getServerConfig
* fix: populate read-through cache after config server lazy init
After lazyInitConfigServer succeeds, write the parsed config to
readThroughCache keyed by serverName so that getServerConfig calls
from ConnectionsRepository, UserConnectionManager, and
MCPManager.callTool find the config without needing configServers.
Without this, config-source servers appeared in tool listings but
every connection attempt and tool call returned undefined.
* fix: user-scoped getServerConfig fallback to server-only cache key
When getServerConfig is called with a userId (e.g., from callTool or
UserConnectionManager), the cache key is serverName::userId. Config-source
servers are cached under the server-only key (no userId). Add a fallback
so user-scoped lookups find config-source servers in the read-through cache.
* fix: configCacheRepo fallback, isUserSourced DRY, cross-process race
CRITICAL: Add findInConfigCache fallback in getServerConfig so
config-source servers remain reachable after readThroughCache TTL
expires (5s). Without this, every tool call after 5s returned
undefined for config-source servers.
MAJOR: Extract isUserSourced() helper to mcp/utils.ts and replace
all 5 inline dbSourced ternary expressions (MCPManager x2,
ConnectionsRepository, UserConnectionManager, MCPServerInspector).
MAJOR: Fix cross-process Redis race in lazyInitConfigServer — when
configCacheRepo.add throws (key exists from another process), fall
back to reading the existing entry instead of returning undefined.
MINOR: Parallelize invalidateConfigCache awaits with Promise.all.
Remove redundant .catch(() => {}) inside Promise.allSettled.
Tighten dedup test assertion to toBe(1).
Add TTL-expiry tests for getServerConfig (with and without userId).
* feat: thread configServers through getAppToolFunctions and formatInstructionsForContext
Add optional configServers parameter to getAppToolFunctions,
getInstructions, and formatInstructionsForContext so config-source
server tools and instructions are visible to agent initialization
and context injection paths.
Existing callers (boot-time init, tests) pass no argument and
continue to work unchanged. Agent runtime paths can now thread
resolved config servers from request context.
* fix: stale failure stubs retry after 5 min, upsert for cross-process races
- Add CONFIG_STUB_RETRY_MS (5 min) — stale failure stubs are retried
instead of permanently disabling config-source servers after transient
errors (DNS outage, cold-start race)
- Extract upsertConfigCache() helper that tries add then falls back to
update, preventing cross-process Redis races where a second instance's
successful inspection result was discarded
- Add test for stale-stub retry after CONFIG_STUB_RETRY_MS
* fix: stamp updatedAt on failure stubs, null-guard callTool config, test cleanup
- Add updatedAt: Date.now() to failure stubs in lazyInitConfigServer so
CONFIG_STUB_RETRY_MS (5 min) window works correctly — without it, stubs
were always considered stale (updatedAt ?? 0 → epoch → always expired)
- Add null guard for rawConfig in MCPManager.callTool before passing to
preProcessGraphTokens — prevents unsafe `as` cast on undefined
- Log double-failure in upsertConfigCache instead of silently swallowing
- Replace module-scope Date.now monkey-patch with jest.useFakeTimers /
jest.setSystemTime / jest.useRealTimers in ensureConfigServers tests
* fix: server-only readThrough fallback only returns truthy values
Prevents a cached undefined from a prior no-userId lookup from
short-circuiting the DB query on a subsequent userId-scoped lookup.
* fix: remove findInConfigCache to eliminate cross-tenant config leakage
The findInConfigCache prefix scan (serverName:*) could return any
tenant's config after readThrough TTL expires, violating tenant
isolation. Config-source servers are now ONLY resolvable through:
1. The configServers param (callers with tenant context from ALS)
2. The readThrough cache (populated by ensureSingleConfigServer,
5s TTL, repopulated on every HTTP request via resolveAllMcpConfigs)
Connection/tool-call paths without tenant context rely exclusively on
the readThrough cache. If it expires before the next HTTP request
repopulates it, the server is not found — which is correct because
there is no tenant context to determine which config to return.
- Remove findInConfigCache method and its call in getServerConfig
- Update server-only readThrough fallback to only return truthy values
(prevents cached undefined from short-circuiting user-scoped DB lookup)
- Update tests to document tenant isolation behavior after cache expiry
* style: fix import order per AGENTS.md conventions
Sort package imports shortest-to-longest, local imports longest-to-shortest
across MCPServersRegistry, ConnectionsRepository, MCPManager,
UserConnectionManager, and MCPServerInspector.
* fix: eliminate cross-tenant readThrough contamination and TTL-expiry tool failures
Thread pre-resolved serverConfig from tool creation context into
callTool, removing dependency on the readThrough cache for config-source
servers. This fixes two issues:
- Cross-tenant contamination: the readThrough cache key was unscoped
(just serverName), so concurrent multi-tenant requests for same-named
servers would overwrite each other's entries
- TTL expiry: tool calls happening >5s after config resolution would
fail with "Configuration not found" because the readThrough entry
had expired
Changes:
- Add optional serverConfig param to MCPManager.callTool — uses
provided config directly, falling back to getServerConfig lookup
for YAML/user servers
- Thread serverConfig from createMCPTool through createToolInstance
closure to callTool
- Remove readThrough write from ensureSingleConfigServer — config-source
servers are only accessible via configServers param (tenant-scoped)
- Remove server-only readThrough fallback from getServerConfig
- Increase config cache hash from 8 to 16 hex chars (64-bit)
- Add isUserSourced boundary tests for all source/dbId combinations
- Fix double Object.keys call in getMCPTools controller
- Update test assertions for new getServerConfig behavior
* fix: cache base configs for config-server users; narrow upsertConfigCache error handling
- Refactor getAllServerConfigs to separate base config fetch (YAML + DB)
from config-server layering. Base configs are cached via readThroughCacheAll
regardless of whether configServers is provided, eliminating uncached
MongoDB queries per request for config-server users
- Narrow upsertConfigCache catch to duplicate-key errors only;
infrastructure errors (Redis timeouts, network failures) now propagate
instead of being silently swallowed, preventing inspection storms
during outages
* fix: restore correct merge order and document upsert error matching
- Restore YAML → Config → User DB precedence in getAllServerConfigs
(user DB servers have highest precedence, matching the JSDoc contract)
- Add source comment on upsertConfigCache duplicate-key detection
linking to the two cache implementations that define the error message
* feat: complete config-source server support across all execution paths
Wire configServers through the entire agent execution pipeline so
config-source MCP servers are fully functional — not just visible in
listings but executable in agent sessions.
- Thread configServers into handleTools.js agent tool pipeline: resolve
config servers from tenant context before MCP tool iteration, pass to
getServerConfig, createMCPTools, and createMCPTool
- Thread configServers into agent instructions pipeline:
applyContextToAgent → getMCPInstructionsForServers →
formatInstructionsForContext, resolved in client.js before agent
context application
- Add configServers param to createMCPTool and createMCPTools for
reconnect path fallback
- Add source field to redactServerSecrets allowlist for client UI
differentiation of server tiers
- Narrow invalidateConfigCache to only clear readThroughCacheAll (merged
results), preserving YAML individual-server readThrough entries
- Update context.spec.ts assertions for new configServers parameter
* fix: add missing mocks for config-source server dependencies in client.test.js
Mock getMCPServersRegistry, getAppConfig, and getTenantId that were added
to client.js but not reflected in the test file's jest.mock declarations.
* fix: update formatInstructionsForContext assertions for configServers param
The test assertions expected formatInstructionsForContext to be called with
only the server names array, but it now receives configServers as a second
argument after the config-source server feature wiring.
* fix: move configServers resolution before MCP tool loop to avoid TDZ
configServers was declared with `let` after the first tool loop but
referenced inside it via getServerConfig(), causing a ReferenceError
temporal dead zone. Move declaration and resolution before the loop,
using tools.some(mcpToolPattern) to gate the async resolution.
* fix: address review findings — cache bypass, discoverServerTools gap, DRY
- #2: getAllServerConfigs now always uses getBaseServerConfigs (cached via
readThroughCacheAll) instead of bypassing it when configServers is present.
Extracts user-DB entries from cached base by diffing against YAML keys
to maintain YAML → Config → User DB merge order without extra MongoDB calls.
- #3: Add configServers param to ToolDiscoveryOptions and thread it through
discoverServerTools → getServerConfig so config-source servers are
discoverable during OAuth reconnection flows.
- #6: Replace inline import() type annotations in context.ts with proper
import type { ParsedServerConfig } per AGENTS.md conventions.
- #7: Extract resolveConfigServers(req) helper in MCP.js and use it from
handleTools.js and client.js, eliminating the duplicated 6-line config
resolution pattern.
- #10: Restore removed "why" comment explaining getLoaded() vs getAll()
choice in getMCPSetupData — documents non-obvious correctness constraint.
- #11: Fix incomplete JSDoc param type on resolveAllMcpConfigs.
* fix: consolidate imports, reorder constants, fix YAML-DB merge edge case
- Merge duplicate @librechat/data-schemas requires in MCP.js into one
- Move resolveConfigServers after module-level constants
- Fix getAllServerConfigs edge case where user-DB entry overriding a
YAML entry with the same name was excluded from userDbConfigs; now
uses reference equality check to detect DB-overwritten YAML keys
* fix: replace fragile string-match error detection with proper upsert method
Add upsert() to IServerConfigsRepositoryInterface and all implementations
(InMemory, Redis, RedisAggregateKey, DB). This eliminates the brittle
error message string match ('already exists in cache') in upsertConfigCache
that was the only thing preventing cross-process init races from silently
discarding inspection results.
Each implementation handles add-or-update atomically:
- InMemory: direct Map.set()
- Redis: direct cache.set()
- RedisAggregateKey: read-modify-write under write lock
- DB: delegates to update() (DB servers use explicit add() with ACL setup)
* fix: wire configServers through remaining HTTP endpoints
- getMCPServerById: use resolveAllMcpConfigs instead of bare getServerConfig
- reinitialize route: resolve configServers before getServerConfig
- auth-values route: resolve configServers before getServerConfig
- getOAuthHeaders: accept configServers param, thread from callers
- Update mcp.spec.js tests to mock getAllServerConfigs for GET by name
* fix: thread serverConfig through getConnection for config-source servers
Config-source servers exist only in configCacheRepo, not in YAML cache or
DB. When callTool → getConnection → getUserConnection → getServerConfig
runs without configServers, it returns undefined and throws. Fix by
threading the pre-resolved serverConfig (providedConfig) from callTool
through getConnection → getUserConnection → createUserConnectionInternal,
using it as a fallback before the registry lookup.
* fix: thread configServers through reinit, reconnect, and tool definition paths
Wire configServers through every remaining call chain that creates or
reconnects MCP server connections:
- reinitMCPServer: accepts serverConfig and configServers, uses them for
getServerConfig fallback, getConnection, and discoverServerTools
- reconnectServer: accepts and passes configServers to reinitMCPServer
- createMCPTools/createMCPTool: pass configServers to reconnectServer
- ToolService.loadToolDefinitionsWrapper: resolves configServers from req,
passes to both reinitMCPServer call sites
- reinitialize route: passes serverConfig and configServers to reinitMCPServer
* fix: address review findings — simplify merge, harden error paths, fix log labels
- Simplify getAllServerConfigs merge: replace fragile reference-equality
loop with direct spread { ...yamlConfigs, ...configServers, ...base }
- Guard upsertConfigCache in lazyInitConfigServer catch block so cache
failures don't mask the original inspection error
- Deduplicate getYamlServerNames cold-start with promise dedup pattern
- Remove dead `if (!mcpConfig)` guard in getMCPSetupData
- Fix hardcoded "App server" in ServerConfigsCacheRedisAggregateKey error
messages — now uses this.namespace for correct Config/App labeling
- Remove misleading OAuth callback comment about readThrough cache
- Move resolveConfigServers after module-level constants in MCP.js
* fix: clear rejected yamlServerNames promise, fix config-source reinspect, fix reset log label
- Clear yamlServerNamesPromise on rejection so transient cache errors
don't permanently prevent ensureConfigServers from working
- Skip reinspectServer for config-source servers (source: 'config') in
reinitMCPServer — they lack a CACHE/DB storage location; retry is
handled by CONFIG_STUB_RETRY_MS in ensureConfigServers
- Use source field instead of dbId for storageLocation derivation
- Fix remaining hardcoded "App" in reset() leaderCheck message
* fix: persist oauthHeaders in flow state for config-source OAuth servers
The OAuth callback route has no JWT auth context and cannot resolve
config-source server configs. Previously, getOAuthHeaders would silently
return {} for config-source servers, dropping custom token exchange headers.
Now oauthHeaders are persisted in MCPOAuthFlowMetadata during flow
initiation (which has auth context), and the callback reads them from
the stored flow state with a fallback to the registry lookup for
YAML/user-DB servers.
* fix: update tests for getMCPSetupData null guard removal and ToolService mock
- MCP.spec.js: update test to expect graceful handling of null mcpConfig
instead of a throw (getAllServerConfigs always returns an object)
- MCP.js: add defensive || {} for Object.entries(mcpConfig) in case of
null from test mocks
- ToolService.spec.js: add missing mock for ~/server/services/MCP
(resolveConfigServers)
* fix: address review findings — DRY, naming, logging, dead code, defensive guards
- #1: Simplify getAllServerConfigs to single getBaseServerConfigs call,
eliminating redundant double-fetch of cacheConfigsRepo.getAll()
- #2: Add warning log when oauthHeaders absent from OAuth callback flow state
- #3: Extract resolveAllMcpConfigs to MCP.js service layer; controller
imports shared helper instead of reimplementing
- #4: Rename _serverConfig/_provider to capturedServerConfig/capturedProvider
in createToolInstance — these are actively used, not unused
- #5: Log rejected results from ensureConfigServers Promise.allSettled
so cache errors are visible instead of silently dropped
- #6: Remove dead 'MCP config not found' error handlers from routes
- #7: Document circular-dependency reason for dynamic require in clearMcpConfigCache
- #8: Remove logger.error from withTimeout to prevent double-logging timeouts
- #10: Add explicit userId guard in ServerConfigsDB.upsert with clear error message
- #12: Use spread instead of mutation in addServer for immutability consistency
- Add upsert mock to ensureConfigServers.test.ts DB mock
- Update route tests for resolveAllMcpConfigs import change
* fix: restore correct merge priority, use immutable spread, fix test mock
- getAllServerConfigs: { ...configServers, ...base } so userDB wins over
configServers, matching documented "User DB (highest)" priority
- lazyInitConfigServer: use immutable spread instead of direct mutation
for parsedConfig.source, consistent with addServer fix
- Fix test to mock getAllServerConfigs as {} instead of null, remove
unnecessary || {} defensive guard in getMCPSetupData
* fix: error handling, stable hashing, flatten nesting, remove dead param
- Wrap resolveConfigServers/resolveAllMcpConfigs in try/catch with
graceful {} fallback so transient DB/cache errors don't crash tool pipeline
- Sort keys in configCacheKey JSON.stringify for deterministic hashing
regardless of object property insertion order
- Flatten clearMcpConfigCache from 3 nested try-catch to early returns;
document that user connections are cleaned up lazily (accepted tradeoff)
- Remove dead configServers param from getAppToolFunctions (never passed)
- Add security rationale comment for source field in redactServerSecrets
* fix: use recursive key-sorting replacer in configCacheKey to prevent cross-tenant cache collision
The array replacer in JSON.stringify acts as a property allowlist at
every nesting depth, silently dropping nested keys like headers['X-API-Key'],
oauth.client_secret, etc. Two configs with different nested values but
identical top-level structure produced the same hash, causing cross-tenant
cache hits and potential credential contamination.
Switch to a function replacer that recursively sorts keys at all depths
without dropping any properties.
Also document the known gap in getOAuthServers: config-source OAuth
servers are not covered by auto-reconnection or uninstall cleanup
because callers lack request context.
* fix: move clearMcpConfigCache to packages/api to eliminate circular dependency
The function only depends on MCPServersRegistry and MCPManager, both of
which live in packages/api. Import it directly from @librechat/api in
the CJS layer instead of using dynamic require('~/config').
* chore: imports/fields ordering
* fix: address review findings — error handling, targeted lookup, test gaps
- Narrow resolveAllMcpConfigs catch to only wrap ensureConfigServers so
getAppConfig/getAllServerConfigs failures propagate instead of masking
infrastructure errors as empty server lists.
- Use targeted getServerConfig in getMCPServerById instead of fetching
all server configs for a single-server lookup.
- Forward configServers to inner createMCPTool calls so reconnect path
works for config-source servers.
- Update getAllServerConfigs JSDoc to document disjoint-key design.
- Add OAuth callback oauthHeaders fallback tests (flow state present
vs registry fallback).
- Add resolveConfigServers/resolveAllMcpConfigs unit tests covering
happy path and error propagation.
* fix: add getOAuthReconnectionManager mock to OAuth callback tests
* chore: imports ordering
2026-03-28 10:36:43 -04:00
|
|
|
/**
|
|
|
|
|
* Atomic add-or-update. For DB-backed servers this delegates to update since
|
|
|
|
|
* DB servers are always created via the explicit add() flow with ACL setup.
|
|
|
|
|
* Config-source servers should use configCacheRepo, not dbConfigsRepo.
|
|
|
|
|
*/
|
|
|
|
|
public async upsert(
|
|
|
|
|
serverName: string,
|
|
|
|
|
config: ParsedServerConfig,
|
|
|
|
|
userId?: string,
|
|
|
|
|
): Promise<void> {
|
|
|
|
|
if (!userId) {
|
|
|
|
|
throw new Error(
|
|
|
|
|
`[ServerConfigsDB.upsert] User ID is required for DB-backed MCP server upsert of "${serverName}". ` +
|
|
|
|
|
'Config-source servers should use configCacheRepo, not dbConfigsRepo.',
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
return this.update(serverName, config, userId);
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-04 21:37:23 +01:00
|
|
|
/**
|
|
|
|
|
* Deletes an MCP server and removes all associated ACL entries.
|
|
|
|
|
* @param serverName - The serverName of the server to remove
|
|
|
|
|
* @param userId - User performing the deletion (for logging)
|
|
|
|
|
*/
|
2025-11-28 16:07:09 +01:00
|
|
|
public async remove(serverName: string, userId?: string): Promise<void> {
|
2025-12-04 21:37:23 +01:00
|
|
|
logger.debug(`[ServerConfigsDB.remove] removing ${serverName}. UserId: ${userId}`);
|
|
|
|
|
const deletedServer = await this._dbMethods.deleteMCPServer(serverName);
|
|
|
|
|
if (deletedServer && deletedServer._id) {
|
|
|
|
|
logger.debug(`[ServerConfigsDB.remove] removing all permissions entries of ${serverName}.`);
|
|
|
|
|
await this._aclService.removeAllPermissions({
|
|
|
|
|
resourceType: ResourceType.MCPSERVER,
|
|
|
|
|
resourceId: deletedServer._id!,
|
|
|
|
|
});
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
logger.warn(`[ServerConfigsDB.remove] server with serverName ${serverName} does not exist`);
|
2025-11-28 16:07:09 +01:00
|
|
|
}
|
|
|
|
|
|
2025-12-04 21:37:23 +01:00
|
|
|
/**
|
|
|
|
|
* Retrieves a single MCP server configuration by its serverName.
|
|
|
|
|
* @param serverName - The serverName of the server to retrieve
|
|
|
|
|
* @param userId - the user id provide the scope of the request. If the user Id is not provided, only publicly visible servers are returned.
|
|
|
|
|
* @returns The parsed server config or undefined if not found. If accessed via agent, consumeOnly will be true.
|
|
|
|
|
*/
|
2025-11-28 16:07:09 +01:00
|
|
|
public async get(serverName: string, userId?: string): Promise<ParsedServerConfig | undefined> {
|
2026-01-12 21:04:25 -05:00
|
|
|
const server = await this._dbMethods.findMCPServerByServerName(serverName);
|
2025-12-04 21:37:23 +01:00
|
|
|
if (!server) return undefined;
|
|
|
|
|
|
|
|
|
|
if (!userId) {
|
|
|
|
|
const directlyAccessibleMCPIds = (
|
|
|
|
|
await this._aclService.findPubliclyAccessibleResources({
|
|
|
|
|
resourceType: ResourceType.MCPSERVER,
|
|
|
|
|
requiredPermissions: PermissionBits.VIEW,
|
|
|
|
|
})
|
|
|
|
|
).map((id) => id.toString());
|
|
|
|
|
if (directlyAccessibleMCPIds.indexOf(server._id.toString()) > -1) {
|
2025-12-10 02:10:56 +01:00
|
|
|
return await this.mapDBServerToParsedConfig(server);
|
2025-12-04 21:37:23 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const hasAgentAccess = await this.hasAccessViaAgent(serverName);
|
|
|
|
|
if (hasAgentAccess) {
|
|
|
|
|
logger.debug(
|
|
|
|
|
`[ServerConfigsDB.get] accessing ${serverName} via public agent (consumeOnly)`,
|
|
|
|
|
);
|
|
|
|
|
return {
|
2025-12-10 02:10:56 +01:00
|
|
|
...(await this.mapDBServerToParsedConfig(server)),
|
2025-12-04 21:37:23 +01:00
|
|
|
consumeOnly: true,
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return undefined;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const userHasDirectAccess = await this._aclService.checkPermission({
|
|
|
|
|
userId,
|
|
|
|
|
resourceType: ResourceType.MCPSERVER,
|
|
|
|
|
requiredPermission: PermissionBits.VIEW,
|
|
|
|
|
resourceId: server._id,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (userHasDirectAccess) {
|
|
|
|
|
logger.debug(
|
|
|
|
|
`[ServerConfigsDB.get] getting ${serverName} for user with the UserId: ${userId}`,
|
|
|
|
|
);
|
2025-12-10 02:10:56 +01:00
|
|
|
return await this.mapDBServerToParsedConfig(server);
|
2025-12-04 21:37:23 +01:00
|
|
|
}
|
|
|
|
|
|
2026-01-23 09:06:29 -05:00
|
|
|
/** Check agent access (user can VIEW an agent that has this MCP server) */
|
2025-12-04 21:37:23 +01:00
|
|
|
const hasAgentAccess = await this.hasAccessViaAgent(serverName, userId);
|
|
|
|
|
if (hasAgentAccess) {
|
|
|
|
|
logger.debug(
|
|
|
|
|
`[ServerConfigsDB.get] user ${userId} accessing ${serverName} via agent (consumeOnly)`,
|
|
|
|
|
);
|
|
|
|
|
return {
|
2025-12-10 02:10:56 +01:00
|
|
|
...(await this.mapDBServerToParsedConfig(server)),
|
2025-12-04 21:37:23 +01:00
|
|
|
consumeOnly: true,
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return undefined;
|
2025-11-28 16:07:09 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Return all DB stored configs (scoped by user Id if provided)
|
|
|
|
|
* @param userId optional user id. if not provided only publicly shared mcp configs will be returned
|
|
|
|
|
* @returns record of parsed configs
|
|
|
|
|
*/
|
|
|
|
|
public async getAll(userId?: string): Promise<Record<string, ParsedServerConfig>> {
|
2025-12-04 21:37:23 +01:00
|
|
|
let directlyAccessibleMCPIds: Types.ObjectId[] = [];
|
|
|
|
|
if (!userId) {
|
|
|
|
|
logger.debug(`[ServerConfigsDB.getAll] fetching all publicly shared mcp servers`);
|
|
|
|
|
directlyAccessibleMCPIds = await this._aclService.findPubliclyAccessibleResources({
|
|
|
|
|
resourceType: ResourceType.MCPSERVER,
|
|
|
|
|
requiredPermissions: PermissionBits.VIEW,
|
|
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
logger.debug(
|
|
|
|
|
`[ServerConfigsDB.getAll] fetching mcp servers directly shared with the user with ID: ${userId}`,
|
|
|
|
|
);
|
|
|
|
|
directlyAccessibleMCPIds = await this._aclService.findAccessibleResources({
|
|
|
|
|
userId,
|
|
|
|
|
requiredPermissions: PermissionBits.VIEW,
|
|
|
|
|
resourceType: ResourceType.MCPSERVER,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let agentMCPServerNames: string[] = [];
|
|
|
|
|
let accessibleAgentIds: Types.ObjectId[] = [];
|
|
|
|
|
|
|
|
|
|
if (!userId) {
|
|
|
|
|
accessibleAgentIds = await this._aclService.findPubliclyAccessibleResources({
|
|
|
|
|
resourceType: ResourceType.AGENT,
|
|
|
|
|
requiredPermissions: PermissionBits.VIEW,
|
|
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
accessibleAgentIds = await this._aclService.findAccessibleResources({
|
|
|
|
|
userId,
|
|
|
|
|
requiredPermissions: PermissionBits.VIEW,
|
|
|
|
|
resourceType: ResourceType.AGENT,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (accessibleAgentIds.length > 0) {
|
|
|
|
|
const Agent = this._mongoose.model('Agent');
|
|
|
|
|
const agentsWithMCP = await Agent.find(
|
|
|
|
|
{
|
|
|
|
|
_id: { $in: accessibleAgentIds },
|
|
|
|
|
mcpServerNames: { $exists: true, $not: { $size: 0 } },
|
|
|
|
|
},
|
|
|
|
|
{ mcpServerNames: 1 },
|
|
|
|
|
).lean();
|
|
|
|
|
|
|
|
|
|
agentMCPServerNames = [
|
|
|
|
|
...new Set(
|
|
|
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
|
|
|
agentsWithMCP.flatMap((a: any) => a.mcpServerNames || []),
|
|
|
|
|
),
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const directResults = await this._dbMethods.getListMCPServersByIds({
|
|
|
|
|
ids: directlyAccessibleMCPIds,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const parsedConfigs: Record<string, ParsedServerConfig> = {};
|
2025-12-10 02:10:56 +01:00
|
|
|
const directData = directResults.data || [];
|
📦 refactor: Consolidate DB models, encapsulating Mongoose usage in `data-schemas` (#11830)
* chore: move database model methods to /packages/data-schemas
* chore: add TypeScript ESLint rule to warn on unused variables
* refactor: model imports to streamline access
- Consolidated model imports across various files to improve code organization and reduce redundancy.
- Updated imports for models such as Assistant, Message, Conversation, and others to a unified import path.
- Adjusted middleware and service files to reflect the new import structure, ensuring functionality remains intact.
- Enhanced test files to align with the new import paths, maintaining test coverage and integrity.
* chore: migrate database models to packages/data-schemas and refactor all direct Mongoose Model usage outside of data-schemas
* test: update agent model mocks in unit tests
- Added `getAgent` mock to `client.test.js` to enhance test coverage for agent-related functionality.
- Removed redundant `getAgent` and `getAgents` mocks from `openai.spec.js` and `responses.unit.spec.js` to streamline test setup and reduce duplication.
- Ensured consistency in agent mock implementations across test files.
* fix: update types in data-schemas
* refactor: enhance type definitions in transaction and spending methods
- Updated type definitions in `checkBalance.ts` to use specific request and response types.
- Refined `spendTokens.ts` to utilize a new `SpendTxData` interface for better clarity and type safety.
- Improved transaction handling in `transaction.ts` by introducing `TransactionResult` and `TxData` interfaces, ensuring consistent data structures across methods.
- Adjusted unit tests in `transaction.spec.ts` to accommodate new type definitions and enhance robustness.
* refactor: streamline model imports and enhance code organization
- Consolidated model imports across various controllers and services to a unified import path, improving code clarity and reducing redundancy.
- Updated multiple files to reflect the new import structure, ensuring all functionalities remain intact.
- Enhanced overall code organization by removing duplicate import statements and optimizing the usage of model methods.
* feat: implement loadAddedAgent and refactor agent loading logic
- Introduced `loadAddedAgent` function to handle loading agents from added conversations, supporting multi-convo parallel execution.
- Created a new `load.ts` file to encapsulate agent loading functionalities, including `loadEphemeralAgent` and `loadAgent`.
- Updated the `index.ts` file to export the new `load` module instead of the deprecated `loadAgent`.
- Enhanced type definitions and improved error handling in the agent loading process.
- Adjusted unit tests to reflect changes in the agent loading structure and ensure comprehensive coverage.
* refactor: enhance balance handling with new update interface
- Introduced `IBalanceUpdate` interface to streamline balance update operations across the codebase.
- Updated `upsertBalanceFields` method signatures in `balance.ts`, `transaction.ts`, and related tests to utilize the new interface for improved type safety.
- Adjusted type imports in `balance.spec.ts` to include `IBalanceUpdate`, ensuring consistency in balance management functionalities.
- Enhanced overall code clarity and maintainability by refining type definitions related to balance operations.
* feat: add unit tests for loadAgent functionality and enhance agent loading logic
- Introduced comprehensive unit tests for the `loadAgent` function, covering various scenarios including null and empty agent IDs, loading of ephemeral agents, and permission checks.
- Enhanced the `initializeClient` function by moving `getConvoFiles` to the correct position in the database method exports, ensuring proper functionality.
- Improved test coverage for agent loading, including handling of non-existent agents and user permissions.
* chore: reorder memory method exports for consistency
- Moved `deleteAllUserMemories` to the correct position in the exported memory methods, ensuring a consistent and logical order of method exports in `memory.ts`.
2026-02-17 18:23:44 -05:00
|
|
|
const directServerNames = new Set(directData.map((s: MCPServerDocument) => s.serverName));
|
2025-12-04 21:37:23 +01:00
|
|
|
|
2025-12-10 02:10:56 +01:00
|
|
|
const directParsed = await Promise.all(
|
📦 refactor: Consolidate DB models, encapsulating Mongoose usage in `data-schemas` (#11830)
* chore: move database model methods to /packages/data-schemas
* chore: add TypeScript ESLint rule to warn on unused variables
* refactor: model imports to streamline access
- Consolidated model imports across various files to improve code organization and reduce redundancy.
- Updated imports for models such as Assistant, Message, Conversation, and others to a unified import path.
- Adjusted middleware and service files to reflect the new import structure, ensuring functionality remains intact.
- Enhanced test files to align with the new import paths, maintaining test coverage and integrity.
* chore: migrate database models to packages/data-schemas and refactor all direct Mongoose Model usage outside of data-schemas
* test: update agent model mocks in unit tests
- Added `getAgent` mock to `client.test.js` to enhance test coverage for agent-related functionality.
- Removed redundant `getAgent` and `getAgents` mocks from `openai.spec.js` and `responses.unit.spec.js` to streamline test setup and reduce duplication.
- Ensured consistency in agent mock implementations across test files.
* fix: update types in data-schemas
* refactor: enhance type definitions in transaction and spending methods
- Updated type definitions in `checkBalance.ts` to use specific request and response types.
- Refined `spendTokens.ts` to utilize a new `SpendTxData` interface for better clarity and type safety.
- Improved transaction handling in `transaction.ts` by introducing `TransactionResult` and `TxData` interfaces, ensuring consistent data structures across methods.
- Adjusted unit tests in `transaction.spec.ts` to accommodate new type definitions and enhance robustness.
* refactor: streamline model imports and enhance code organization
- Consolidated model imports across various controllers and services to a unified import path, improving code clarity and reducing redundancy.
- Updated multiple files to reflect the new import structure, ensuring all functionalities remain intact.
- Enhanced overall code organization by removing duplicate import statements and optimizing the usage of model methods.
* feat: implement loadAddedAgent and refactor agent loading logic
- Introduced `loadAddedAgent` function to handle loading agents from added conversations, supporting multi-convo parallel execution.
- Created a new `load.ts` file to encapsulate agent loading functionalities, including `loadEphemeralAgent` and `loadAgent`.
- Updated the `index.ts` file to export the new `load` module instead of the deprecated `loadAgent`.
- Enhanced type definitions and improved error handling in the agent loading process.
- Adjusted unit tests to reflect changes in the agent loading structure and ensure comprehensive coverage.
* refactor: enhance balance handling with new update interface
- Introduced `IBalanceUpdate` interface to streamline balance update operations across the codebase.
- Updated `upsertBalanceFields` method signatures in `balance.ts`, `transaction.ts`, and related tests to utilize the new interface for improved type safety.
- Adjusted type imports in `balance.spec.ts` to include `IBalanceUpdate`, ensuring consistency in balance management functionalities.
- Enhanced overall code clarity and maintainability by refining type definitions related to balance operations.
* feat: add unit tests for loadAgent functionality and enhance agent loading logic
- Introduced comprehensive unit tests for the `loadAgent` function, covering various scenarios including null and empty agent IDs, loading of ephemeral agents, and permission checks.
- Enhanced the `initializeClient` function by moving `getConvoFiles` to the correct position in the database method exports, ensuring proper functionality.
- Improved test coverage for agent loading, including handling of non-existent agents and user permissions.
* chore: reorder memory method exports for consistency
- Moved `deleteAllUserMemories` to the correct position in the exported memory methods, ensuring a consistent and logical order of method exports in `memory.ts`.
2026-02-17 18:23:44 -05:00
|
|
|
directData.map((s: MCPServerDocument) => this.mapDBServerToParsedConfig(s)),
|
2025-12-10 02:10:56 +01:00
|
|
|
);
|
📦 refactor: Consolidate DB models, encapsulating Mongoose usage in `data-schemas` (#11830)
* chore: move database model methods to /packages/data-schemas
* chore: add TypeScript ESLint rule to warn on unused variables
* refactor: model imports to streamline access
- Consolidated model imports across various files to improve code organization and reduce redundancy.
- Updated imports for models such as Assistant, Message, Conversation, and others to a unified import path.
- Adjusted middleware and service files to reflect the new import structure, ensuring functionality remains intact.
- Enhanced test files to align with the new import paths, maintaining test coverage and integrity.
* chore: migrate database models to packages/data-schemas and refactor all direct Mongoose Model usage outside of data-schemas
* test: update agent model mocks in unit tests
- Added `getAgent` mock to `client.test.js` to enhance test coverage for agent-related functionality.
- Removed redundant `getAgent` and `getAgents` mocks from `openai.spec.js` and `responses.unit.spec.js` to streamline test setup and reduce duplication.
- Ensured consistency in agent mock implementations across test files.
* fix: update types in data-schemas
* refactor: enhance type definitions in transaction and spending methods
- Updated type definitions in `checkBalance.ts` to use specific request and response types.
- Refined `spendTokens.ts` to utilize a new `SpendTxData` interface for better clarity and type safety.
- Improved transaction handling in `transaction.ts` by introducing `TransactionResult` and `TxData` interfaces, ensuring consistent data structures across methods.
- Adjusted unit tests in `transaction.spec.ts` to accommodate new type definitions and enhance robustness.
* refactor: streamline model imports and enhance code organization
- Consolidated model imports across various controllers and services to a unified import path, improving code clarity and reducing redundancy.
- Updated multiple files to reflect the new import structure, ensuring all functionalities remain intact.
- Enhanced overall code organization by removing duplicate import statements and optimizing the usage of model methods.
* feat: implement loadAddedAgent and refactor agent loading logic
- Introduced `loadAddedAgent` function to handle loading agents from added conversations, supporting multi-convo parallel execution.
- Created a new `load.ts` file to encapsulate agent loading functionalities, including `loadEphemeralAgent` and `loadAgent`.
- Updated the `index.ts` file to export the new `load` module instead of the deprecated `loadAgent`.
- Enhanced type definitions and improved error handling in the agent loading process.
- Adjusted unit tests to reflect changes in the agent loading structure and ensure comprehensive coverage.
* refactor: enhance balance handling with new update interface
- Introduced `IBalanceUpdate` interface to streamline balance update operations across the codebase.
- Updated `upsertBalanceFields` method signatures in `balance.ts`, `transaction.ts`, and related tests to utilize the new interface for improved type safety.
- Adjusted type imports in `balance.spec.ts` to include `IBalanceUpdate`, ensuring consistency in balance management functionalities.
- Enhanced overall code clarity and maintainability by refining type definitions related to balance operations.
* feat: add unit tests for loadAgent functionality and enhance agent loading logic
- Introduced comprehensive unit tests for the `loadAgent` function, covering various scenarios including null and empty agent IDs, loading of ephemeral agents, and permission checks.
- Enhanced the `initializeClient` function by moving `getConvoFiles` to the correct position in the database method exports, ensuring proper functionality.
- Improved test coverage for agent loading, including handling of non-existent agents and user permissions.
* chore: reorder memory method exports for consistency
- Moved `deleteAllUserMemories` to the correct position in the exported memory methods, ensuring a consistent and logical order of method exports in `memory.ts`.
2026-02-17 18:23:44 -05:00
|
|
|
directData.forEach((s: MCPServerDocument, i: number) => {
|
2025-12-10 02:10:56 +01:00
|
|
|
parsedConfigs[s.serverName] = directParsed[i];
|
|
|
|
|
});
|
2025-12-04 21:37:23 +01:00
|
|
|
|
|
|
|
|
const agentOnlyServerNames = agentMCPServerNames.filter((name) => !directServerNames.has(name));
|
|
|
|
|
|
|
|
|
|
if (agentOnlyServerNames.length > 0) {
|
|
|
|
|
const agentServers = await this._dbMethods.getListMCPServersByNames({
|
|
|
|
|
names: agentOnlyServerNames,
|
|
|
|
|
});
|
|
|
|
|
|
2025-12-10 02:10:56 +01:00
|
|
|
const agentData = agentServers.data || [];
|
|
|
|
|
const agentParsed = await Promise.all(
|
📦 refactor: Consolidate DB models, encapsulating Mongoose usage in `data-schemas` (#11830)
* chore: move database model methods to /packages/data-schemas
* chore: add TypeScript ESLint rule to warn on unused variables
* refactor: model imports to streamline access
- Consolidated model imports across various files to improve code organization and reduce redundancy.
- Updated imports for models such as Assistant, Message, Conversation, and others to a unified import path.
- Adjusted middleware and service files to reflect the new import structure, ensuring functionality remains intact.
- Enhanced test files to align with the new import paths, maintaining test coverage and integrity.
* chore: migrate database models to packages/data-schemas and refactor all direct Mongoose Model usage outside of data-schemas
* test: update agent model mocks in unit tests
- Added `getAgent` mock to `client.test.js` to enhance test coverage for agent-related functionality.
- Removed redundant `getAgent` and `getAgents` mocks from `openai.spec.js` and `responses.unit.spec.js` to streamline test setup and reduce duplication.
- Ensured consistency in agent mock implementations across test files.
* fix: update types in data-schemas
* refactor: enhance type definitions in transaction and spending methods
- Updated type definitions in `checkBalance.ts` to use specific request and response types.
- Refined `spendTokens.ts` to utilize a new `SpendTxData` interface for better clarity and type safety.
- Improved transaction handling in `transaction.ts` by introducing `TransactionResult` and `TxData` interfaces, ensuring consistent data structures across methods.
- Adjusted unit tests in `transaction.spec.ts` to accommodate new type definitions and enhance robustness.
* refactor: streamline model imports and enhance code organization
- Consolidated model imports across various controllers and services to a unified import path, improving code clarity and reducing redundancy.
- Updated multiple files to reflect the new import structure, ensuring all functionalities remain intact.
- Enhanced overall code organization by removing duplicate import statements and optimizing the usage of model methods.
* feat: implement loadAddedAgent and refactor agent loading logic
- Introduced `loadAddedAgent` function to handle loading agents from added conversations, supporting multi-convo parallel execution.
- Created a new `load.ts` file to encapsulate agent loading functionalities, including `loadEphemeralAgent` and `loadAgent`.
- Updated the `index.ts` file to export the new `load` module instead of the deprecated `loadAgent`.
- Enhanced type definitions and improved error handling in the agent loading process.
- Adjusted unit tests to reflect changes in the agent loading structure and ensure comprehensive coverage.
* refactor: enhance balance handling with new update interface
- Introduced `IBalanceUpdate` interface to streamline balance update operations across the codebase.
- Updated `upsertBalanceFields` method signatures in `balance.ts`, `transaction.ts`, and related tests to utilize the new interface for improved type safety.
- Adjusted type imports in `balance.spec.ts` to include `IBalanceUpdate`, ensuring consistency in balance management functionalities.
- Enhanced overall code clarity and maintainability by refining type definitions related to balance operations.
* feat: add unit tests for loadAgent functionality and enhance agent loading logic
- Introduced comprehensive unit tests for the `loadAgent` function, covering various scenarios including null and empty agent IDs, loading of ephemeral agents, and permission checks.
- Enhanced the `initializeClient` function by moving `getConvoFiles` to the correct position in the database method exports, ensuring proper functionality.
- Improved test coverage for agent loading, including handling of non-existent agents and user permissions.
* chore: reorder memory method exports for consistency
- Moved `deleteAllUserMemories` to the correct position in the exported memory methods, ensuring a consistent and logical order of method exports in `memory.ts`.
2026-02-17 18:23:44 -05:00
|
|
|
agentData.map((s: MCPServerDocument) => this.mapDBServerToParsedConfig(s)),
|
2025-12-10 02:10:56 +01:00
|
|
|
);
|
📦 refactor: Consolidate DB models, encapsulating Mongoose usage in `data-schemas` (#11830)
* chore: move database model methods to /packages/data-schemas
* chore: add TypeScript ESLint rule to warn on unused variables
* refactor: model imports to streamline access
- Consolidated model imports across various files to improve code organization and reduce redundancy.
- Updated imports for models such as Assistant, Message, Conversation, and others to a unified import path.
- Adjusted middleware and service files to reflect the new import structure, ensuring functionality remains intact.
- Enhanced test files to align with the new import paths, maintaining test coverage and integrity.
* chore: migrate database models to packages/data-schemas and refactor all direct Mongoose Model usage outside of data-schemas
* test: update agent model mocks in unit tests
- Added `getAgent` mock to `client.test.js` to enhance test coverage for agent-related functionality.
- Removed redundant `getAgent` and `getAgents` mocks from `openai.spec.js` and `responses.unit.spec.js` to streamline test setup and reduce duplication.
- Ensured consistency in agent mock implementations across test files.
* fix: update types in data-schemas
* refactor: enhance type definitions in transaction and spending methods
- Updated type definitions in `checkBalance.ts` to use specific request and response types.
- Refined `spendTokens.ts` to utilize a new `SpendTxData` interface for better clarity and type safety.
- Improved transaction handling in `transaction.ts` by introducing `TransactionResult` and `TxData` interfaces, ensuring consistent data structures across methods.
- Adjusted unit tests in `transaction.spec.ts` to accommodate new type definitions and enhance robustness.
* refactor: streamline model imports and enhance code organization
- Consolidated model imports across various controllers and services to a unified import path, improving code clarity and reducing redundancy.
- Updated multiple files to reflect the new import structure, ensuring all functionalities remain intact.
- Enhanced overall code organization by removing duplicate import statements and optimizing the usage of model methods.
* feat: implement loadAddedAgent and refactor agent loading logic
- Introduced `loadAddedAgent` function to handle loading agents from added conversations, supporting multi-convo parallel execution.
- Created a new `load.ts` file to encapsulate agent loading functionalities, including `loadEphemeralAgent` and `loadAgent`.
- Updated the `index.ts` file to export the new `load` module instead of the deprecated `loadAgent`.
- Enhanced type definitions and improved error handling in the agent loading process.
- Adjusted unit tests to reflect changes in the agent loading structure and ensure comprehensive coverage.
* refactor: enhance balance handling with new update interface
- Introduced `IBalanceUpdate` interface to streamline balance update operations across the codebase.
- Updated `upsertBalanceFields` method signatures in `balance.ts`, `transaction.ts`, and related tests to utilize the new interface for improved type safety.
- Adjusted type imports in `balance.spec.ts` to include `IBalanceUpdate`, ensuring consistency in balance management functionalities.
- Enhanced overall code clarity and maintainability by refining type definitions related to balance operations.
* feat: add unit tests for loadAgent functionality and enhance agent loading logic
- Introduced comprehensive unit tests for the `loadAgent` function, covering various scenarios including null and empty agent IDs, loading of ephemeral agents, and permission checks.
- Enhanced the `initializeClient` function by moving `getConvoFiles` to the correct position in the database method exports, ensuring proper functionality.
- Improved test coverage for agent loading, including handling of non-existent agents and user permissions.
* chore: reorder memory method exports for consistency
- Moved `deleteAllUserMemories` to the correct position in the exported memory methods, ensuring a consistent and logical order of method exports in `memory.ts`.
2026-02-17 18:23:44 -05:00
|
|
|
agentData.forEach((s: MCPServerDocument, i: number) => {
|
2025-12-10 02:10:56 +01:00
|
|
|
parsedConfigs[s.serverName] = { ...agentParsed[i], consumeOnly: true };
|
|
|
|
|
});
|
2025-12-04 21:37:23 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return parsedConfigs;
|
2025-11-28 16:07:09 +01:00
|
|
|
}
|
|
|
|
|
|
2025-12-04 21:37:23 +01:00
|
|
|
/** No-op for DB storage; logs a warning if called. */
|
2025-11-28 16:07:09 +01:00
|
|
|
public async reset(): Promise<void> {
|
|
|
|
|
logger.warn('Attempt to reset the DB config storage');
|
|
|
|
|
return;
|
|
|
|
|
}
|
2025-12-04 21:37:23 +01:00
|
|
|
|
2025-12-10 02:10:56 +01:00
|
|
|
/**
|
|
|
|
|
* Maps a MongoDB server document to the ParsedServerConfig format.
|
|
|
|
|
* Decrypts sensitive fields (oauth.client_secret) after retrieval.
|
|
|
|
|
*/
|
|
|
|
|
private async mapDBServerToParsedConfig(
|
|
|
|
|
serverDBDoc: MCPServerDocument,
|
|
|
|
|
): Promise<ParsedServerConfig> {
|
|
|
|
|
const config: ParsedServerConfig = {
|
2025-12-04 21:37:23 +01:00
|
|
|
...serverDBDoc.config,
|
|
|
|
|
dbId: (serverDBDoc._id as Types.ObjectId).toString(),
|
🏗️ feat: 3-Tier MCP Server Architecture with Config-Source Lazy Init (#12435)
* feat: add MCPServerSource type, tenantMcpPolicy schema, and source-based dbSourced wiring
- Add `tenantMcpPolicy` to `mcpSettings` in YAML config schema with
`enabled`, `maxServersPerTenant`, `allowedTransports`, and `allowedDomains`
- Add `MCPServerSource` type ('yaml' | 'config' | 'user') and `source`
field to `ParsedServerConfig`
- Change `dbSourced` determination from `!!config.dbId` to
`config.source === 'user'` across MCPManager, ConnectionsRepository,
UserConnectionManager, and MCPServerInspector
- Set `source: 'user'` on all DB-sourced servers in ServerConfigsDB
* feat: three-layer MCPServersRegistry with config cache and lazy init
- Add `configCacheRepo` as third repository layer between YAML cache and
DB for admin-defined config-source MCP servers
- Implement `ensureConfigServers()` that identifies config-override servers
from resolved `getAppConfig()` mcpConfig, lazily inspects them, and
caches parsed configs with `source: 'config'`
- Add `lazyInitConfigServer()` with timeout, stub-on-failure, and
concurrent-init deduplication via `pendingConfigInits` map
- Extend `getAllServerConfigs()` with optional `configServers` param for
three-way merge: YAML → Config → User
- Add `getServerConfig()` lookup through config cache layer
- Add `invalidateConfigCache()` for clearing config-source inspection
results on admin config mutations
- Tag `source: 'yaml'` on CACHE-stored servers and `source: 'user'` on
DB-stored servers in `addServer()` and `addServerStub()`
* feat: wire tenant context into MCP controllers, services, and cache invalidation
- Resolve config-source servers via `getAppConfig({ role, tenantId })`
in `getMCPTools()` and `getMCPServersList()` controllers
- Pass `ensureConfigServers()` results through `getAllServerConfigs()`
for three-way merge of YAML + Config + User servers
- Add tenant/role context to `getMCPSetupData()` and connection status
routes via `getTenantId()` from ALS
- Add `clearMcpConfigCache()` to `invalidateConfigCaches()` so admin
config mutations trigger re-inspection of config-source MCP servers
* feat: enforce tenantMcpPolicy on admin config mcpServers mutations
- Add `validateMcpServerPolicy()` helper that checks mcpServers against
operator-defined `tenantMcpPolicy` (enabled, maxServersPerTenant,
allowedTransports, allowedDomains)
- Wire validation into `upsertConfigOverrides` and `patchConfigField`
handlers — rejects with 403 when policy is violated
- Infer transport type from config shape (command → stdio, url protocol
→ websocket/sse, type field → streamable-http)
- Validate server domains against policy allowlist when configured
* revert: remove tenantMcpPolicy schema and enforcement
The existing admin config CRUD routes already provide the mechanism
for granular MCP server prepopulation (groups, roles, users). The
tenantMcpPolicy gating adds unnecessary complexity that can be
revisited if needed in the future.
- Remove tenantMcpPolicy from mcpSettings Zod schema
- Remove validateMcpServerPolicy helper and TenantMcpPolicy interface
- Remove policy enforcement from upsertConfigOverrides and
patchConfigField handlers
* test: update test assertions for source field and config-server wiring
- Use objectContaining in MCPServersRegistry reset test to account for
new source: 'yaml' field on CACHE-stored configs
- Add getTenantId and ensureConfigServers mocks to MCP route tests
- Add getAppConfig mock to route test Config service mock
- Update getMCPSetupData assertion to expect second options argument
- Update getAllServerConfigs assertions for new configServers parameter
* fix: disconnect active connections when config-source servers are evicted
When admin config overrides change and config-source MCP servers are
removed, the invalidation now proactively disconnects active connections
for evicted servers instead of leaving them lingering until timeout.
- Return evicted server names from invalidateConfigCache()
- Disconnect app-level connections for evicted servers in
clearMcpConfigCache() via MCPManager.appConnections.disconnect()
* fix: address code review findings (CRITICAL, MAJOR, MINOR)
CRITICAL fixes:
- Scope configCacheRepo keys by config content hash to prevent
cross-tenant cache poisoning when two tenants define the same
server name with different configurations
- Change dbSourced checks from `source === 'user'` to
`source !== 'yaml' && source !== 'config'` so undefined source
(pre-upgrade cached configs) fails closed to restricted mode
MAJOR fixes:
- Derive OAuth servers from already-computed mcpConfig instead of
calling getOAuthServers() separately — config-source OAuth servers
are now properly detected
- Add parseInt radix (10) and NaN guard with fallback to 30_000
for CONFIG_SERVER_INIT_TIMEOUT_MS
- Add CONFIG_CACHE_NAMESPACE to aggregate-key branch in
ServerConfigsCacheFactory to avoid SCAN-based Redis stalls
- Remove `if (role || tenantId)` guard in getMCPSetupData — config
servers now always resolve regardless of tenant context
MINOR fixes:
- Extract resolveAllMcpConfigs() helper in mcp controller to
eliminate 3x copy-pasted config resolution boilerplate
- Distinguish "not initialized" from real errors in
clearMcpConfigCache — log actual failures instead of swallowing
- Remove narrative inline comments per style guide
- Remove dead try/catch inside Promise.allSettled in
ensureConfigServers (inner method never throws)
- Memoize YAML server names to avoid repeated cacheConfigsRepo.getAll()
calls per request
Test updates:
- Add ensureConfigServers mock to registry test fixtures
- Update getMCPSetupData assertions for inline OAuth derivation
* fix: address code review findings (CRITICAL, MAJOR, MINOR)
CRITICAL fixes:
- Break circular dependency: move CONFIG_CACHE_NAMESPACE from
MCPServersRegistry to ServerConfigsCacheFactory
- Fix dbSourced fail-closed: use source field when present, fall back to
legacy dbId check when absent (backward-compatible with pre-upgrade
cached configs that lack source field)
MAJOR fixes:
- Add CONFIG_CACHE_NAMESPACE to aggregate-key set in
ServerConfigsCacheFactory to avoid SCAN-based Redis stalls
- Add comprehensive test suite (ensureConfigServers.test.ts, 18 tests)
covering lazy init, stub-on-failure, cross-tenant isolation via config
hash keys, concurrent deduplication, merge order, and cache invalidation
MINOR fixes:
- Update MCPServerInspector test assertion for dbSourced change
* fix: restore getServerConfig lookup for config-source servers (NEW-1)
Add configNameToKey map that indexes server name → hash-based cache key
for O(1) lookup by name in getServerConfig. This restores the config
cache layer that was dropped when hash-based keys were introduced.
Without this fix, config-source servers appeared in tool listings
(via getAllServerConfigs) but getServerConfig returned undefined,
breaking all connection and tool call paths.
- Populate configNameToKey in ensureSingleConfigServer
- Clear configNameToKey in invalidateConfigCache and reset
- Clear stale read-through cache entries after lazy init
- Remove dead code in invalidateConfigCache (config.title, key parsing)
- Add getServerConfig tests for config-source server lookup
* fix: eliminate configNameToKey race via caller-provided configServers param
Replace the process-global configNameToKey map (last-writer-wins under
concurrent multi-tenant load) with a configServers parameter on
getServerConfig. Callers pass the pre-resolved config servers map
directly — no shared mutable state, no cross-tenant race.
- Add optional configServers param to getServerConfig; when provided,
returns matching config directly without any global lookup
- Remove configNameToKey map entirely (was the source of the race)
- Extract server names from cache keys via lastIndexOf in
invalidateConfigCache (safe for names containing colons)
- Use mcpConfig[serverName] directly in getMCPTools instead of a
redundant getServerConfig call
- Add cross-tenant isolation test for getServerConfig
* fix: populate read-through cache after config server lazy init
After lazyInitConfigServer succeeds, write the parsed config to
readThroughCache keyed by serverName so that getServerConfig calls
from ConnectionsRepository, UserConnectionManager, and
MCPManager.callTool find the config without needing configServers.
Without this, config-source servers appeared in tool listings but
every connection attempt and tool call returned undefined.
* fix: user-scoped getServerConfig fallback to server-only cache key
When getServerConfig is called with a userId (e.g., from callTool or
UserConnectionManager), the cache key is serverName::userId. Config-source
servers are cached under the server-only key (no userId). Add a fallback
so user-scoped lookups find config-source servers in the read-through cache.
* fix: configCacheRepo fallback, isUserSourced DRY, cross-process race
CRITICAL: Add findInConfigCache fallback in getServerConfig so
config-source servers remain reachable after readThroughCache TTL
expires (5s). Without this, every tool call after 5s returned
undefined for config-source servers.
MAJOR: Extract isUserSourced() helper to mcp/utils.ts and replace
all 5 inline dbSourced ternary expressions (MCPManager x2,
ConnectionsRepository, UserConnectionManager, MCPServerInspector).
MAJOR: Fix cross-process Redis race in lazyInitConfigServer — when
configCacheRepo.add throws (key exists from another process), fall
back to reading the existing entry instead of returning undefined.
MINOR: Parallelize invalidateConfigCache awaits with Promise.all.
Remove redundant .catch(() => {}) inside Promise.allSettled.
Tighten dedup test assertion to toBe(1).
Add TTL-expiry tests for getServerConfig (with and without userId).
* feat: thread configServers through getAppToolFunctions and formatInstructionsForContext
Add optional configServers parameter to getAppToolFunctions,
getInstructions, and formatInstructionsForContext so config-source
server tools and instructions are visible to agent initialization
and context injection paths.
Existing callers (boot-time init, tests) pass no argument and
continue to work unchanged. Agent runtime paths can now thread
resolved config servers from request context.
* fix: stale failure stubs retry after 5 min, upsert for cross-process races
- Add CONFIG_STUB_RETRY_MS (5 min) — stale failure stubs are retried
instead of permanently disabling config-source servers after transient
errors (DNS outage, cold-start race)
- Extract upsertConfigCache() helper that tries add then falls back to
update, preventing cross-process Redis races where a second instance's
successful inspection result was discarded
- Add test for stale-stub retry after CONFIG_STUB_RETRY_MS
* fix: stamp updatedAt on failure stubs, null-guard callTool config, test cleanup
- Add updatedAt: Date.now() to failure stubs in lazyInitConfigServer so
CONFIG_STUB_RETRY_MS (5 min) window works correctly — without it, stubs
were always considered stale (updatedAt ?? 0 → epoch → always expired)
- Add null guard for rawConfig in MCPManager.callTool before passing to
preProcessGraphTokens — prevents unsafe `as` cast on undefined
- Log double-failure in upsertConfigCache instead of silently swallowing
- Replace module-scope Date.now monkey-patch with jest.useFakeTimers /
jest.setSystemTime / jest.useRealTimers in ensureConfigServers tests
* fix: server-only readThrough fallback only returns truthy values
Prevents a cached undefined from a prior no-userId lookup from
short-circuiting the DB query on a subsequent userId-scoped lookup.
* fix: remove findInConfigCache to eliminate cross-tenant config leakage
The findInConfigCache prefix scan (serverName:*) could return any
tenant's config after readThrough TTL expires, violating tenant
isolation. Config-source servers are now ONLY resolvable through:
1. The configServers param (callers with tenant context from ALS)
2. The readThrough cache (populated by ensureSingleConfigServer,
5s TTL, repopulated on every HTTP request via resolveAllMcpConfigs)
Connection/tool-call paths without tenant context rely exclusively on
the readThrough cache. If it expires before the next HTTP request
repopulates it, the server is not found — which is correct because
there is no tenant context to determine which config to return.
- Remove findInConfigCache method and its call in getServerConfig
- Update server-only readThrough fallback to only return truthy values
(prevents cached undefined from short-circuiting user-scoped DB lookup)
- Update tests to document tenant isolation behavior after cache expiry
* style: fix import order per AGENTS.md conventions
Sort package imports shortest-to-longest, local imports longest-to-shortest
across MCPServersRegistry, ConnectionsRepository, MCPManager,
UserConnectionManager, and MCPServerInspector.
* fix: eliminate cross-tenant readThrough contamination and TTL-expiry tool failures
Thread pre-resolved serverConfig from tool creation context into
callTool, removing dependency on the readThrough cache for config-source
servers. This fixes two issues:
- Cross-tenant contamination: the readThrough cache key was unscoped
(just serverName), so concurrent multi-tenant requests for same-named
servers would overwrite each other's entries
- TTL expiry: tool calls happening >5s after config resolution would
fail with "Configuration not found" because the readThrough entry
had expired
Changes:
- Add optional serverConfig param to MCPManager.callTool — uses
provided config directly, falling back to getServerConfig lookup
for YAML/user servers
- Thread serverConfig from createMCPTool through createToolInstance
closure to callTool
- Remove readThrough write from ensureSingleConfigServer — config-source
servers are only accessible via configServers param (tenant-scoped)
- Remove server-only readThrough fallback from getServerConfig
- Increase config cache hash from 8 to 16 hex chars (64-bit)
- Add isUserSourced boundary tests for all source/dbId combinations
- Fix double Object.keys call in getMCPTools controller
- Update test assertions for new getServerConfig behavior
* fix: cache base configs for config-server users; narrow upsertConfigCache error handling
- Refactor getAllServerConfigs to separate base config fetch (YAML + DB)
from config-server layering. Base configs are cached via readThroughCacheAll
regardless of whether configServers is provided, eliminating uncached
MongoDB queries per request for config-server users
- Narrow upsertConfigCache catch to duplicate-key errors only;
infrastructure errors (Redis timeouts, network failures) now propagate
instead of being silently swallowed, preventing inspection storms
during outages
* fix: restore correct merge order and document upsert error matching
- Restore YAML → Config → User DB precedence in getAllServerConfigs
(user DB servers have highest precedence, matching the JSDoc contract)
- Add source comment on upsertConfigCache duplicate-key detection
linking to the two cache implementations that define the error message
* feat: complete config-source server support across all execution paths
Wire configServers through the entire agent execution pipeline so
config-source MCP servers are fully functional — not just visible in
listings but executable in agent sessions.
- Thread configServers into handleTools.js agent tool pipeline: resolve
config servers from tenant context before MCP tool iteration, pass to
getServerConfig, createMCPTools, and createMCPTool
- Thread configServers into agent instructions pipeline:
applyContextToAgent → getMCPInstructionsForServers →
formatInstructionsForContext, resolved in client.js before agent
context application
- Add configServers param to createMCPTool and createMCPTools for
reconnect path fallback
- Add source field to redactServerSecrets allowlist for client UI
differentiation of server tiers
- Narrow invalidateConfigCache to only clear readThroughCacheAll (merged
results), preserving YAML individual-server readThrough entries
- Update context.spec.ts assertions for new configServers parameter
* fix: add missing mocks for config-source server dependencies in client.test.js
Mock getMCPServersRegistry, getAppConfig, and getTenantId that were added
to client.js but not reflected in the test file's jest.mock declarations.
* fix: update formatInstructionsForContext assertions for configServers param
The test assertions expected formatInstructionsForContext to be called with
only the server names array, but it now receives configServers as a second
argument after the config-source server feature wiring.
* fix: move configServers resolution before MCP tool loop to avoid TDZ
configServers was declared with `let` after the first tool loop but
referenced inside it via getServerConfig(), causing a ReferenceError
temporal dead zone. Move declaration and resolution before the loop,
using tools.some(mcpToolPattern) to gate the async resolution.
* fix: address review findings — cache bypass, discoverServerTools gap, DRY
- #2: getAllServerConfigs now always uses getBaseServerConfigs (cached via
readThroughCacheAll) instead of bypassing it when configServers is present.
Extracts user-DB entries from cached base by diffing against YAML keys
to maintain YAML → Config → User DB merge order without extra MongoDB calls.
- #3: Add configServers param to ToolDiscoveryOptions and thread it through
discoverServerTools → getServerConfig so config-source servers are
discoverable during OAuth reconnection flows.
- #6: Replace inline import() type annotations in context.ts with proper
import type { ParsedServerConfig } per AGENTS.md conventions.
- #7: Extract resolveConfigServers(req) helper in MCP.js and use it from
handleTools.js and client.js, eliminating the duplicated 6-line config
resolution pattern.
- #10: Restore removed "why" comment explaining getLoaded() vs getAll()
choice in getMCPSetupData — documents non-obvious correctness constraint.
- #11: Fix incomplete JSDoc param type on resolveAllMcpConfigs.
* fix: consolidate imports, reorder constants, fix YAML-DB merge edge case
- Merge duplicate @librechat/data-schemas requires in MCP.js into one
- Move resolveConfigServers after module-level constants
- Fix getAllServerConfigs edge case where user-DB entry overriding a
YAML entry with the same name was excluded from userDbConfigs; now
uses reference equality check to detect DB-overwritten YAML keys
* fix: replace fragile string-match error detection with proper upsert method
Add upsert() to IServerConfigsRepositoryInterface and all implementations
(InMemory, Redis, RedisAggregateKey, DB). This eliminates the brittle
error message string match ('already exists in cache') in upsertConfigCache
that was the only thing preventing cross-process init races from silently
discarding inspection results.
Each implementation handles add-or-update atomically:
- InMemory: direct Map.set()
- Redis: direct cache.set()
- RedisAggregateKey: read-modify-write under write lock
- DB: delegates to update() (DB servers use explicit add() with ACL setup)
* fix: wire configServers through remaining HTTP endpoints
- getMCPServerById: use resolveAllMcpConfigs instead of bare getServerConfig
- reinitialize route: resolve configServers before getServerConfig
- auth-values route: resolve configServers before getServerConfig
- getOAuthHeaders: accept configServers param, thread from callers
- Update mcp.spec.js tests to mock getAllServerConfigs for GET by name
* fix: thread serverConfig through getConnection for config-source servers
Config-source servers exist only in configCacheRepo, not in YAML cache or
DB. When callTool → getConnection → getUserConnection → getServerConfig
runs without configServers, it returns undefined and throws. Fix by
threading the pre-resolved serverConfig (providedConfig) from callTool
through getConnection → getUserConnection → createUserConnectionInternal,
using it as a fallback before the registry lookup.
* fix: thread configServers through reinit, reconnect, and tool definition paths
Wire configServers through every remaining call chain that creates or
reconnects MCP server connections:
- reinitMCPServer: accepts serverConfig and configServers, uses them for
getServerConfig fallback, getConnection, and discoverServerTools
- reconnectServer: accepts and passes configServers to reinitMCPServer
- createMCPTools/createMCPTool: pass configServers to reconnectServer
- ToolService.loadToolDefinitionsWrapper: resolves configServers from req,
passes to both reinitMCPServer call sites
- reinitialize route: passes serverConfig and configServers to reinitMCPServer
* fix: address review findings — simplify merge, harden error paths, fix log labels
- Simplify getAllServerConfigs merge: replace fragile reference-equality
loop with direct spread { ...yamlConfigs, ...configServers, ...base }
- Guard upsertConfigCache in lazyInitConfigServer catch block so cache
failures don't mask the original inspection error
- Deduplicate getYamlServerNames cold-start with promise dedup pattern
- Remove dead `if (!mcpConfig)` guard in getMCPSetupData
- Fix hardcoded "App server" in ServerConfigsCacheRedisAggregateKey error
messages — now uses this.namespace for correct Config/App labeling
- Remove misleading OAuth callback comment about readThrough cache
- Move resolveConfigServers after module-level constants in MCP.js
* fix: clear rejected yamlServerNames promise, fix config-source reinspect, fix reset log label
- Clear yamlServerNamesPromise on rejection so transient cache errors
don't permanently prevent ensureConfigServers from working
- Skip reinspectServer for config-source servers (source: 'config') in
reinitMCPServer — they lack a CACHE/DB storage location; retry is
handled by CONFIG_STUB_RETRY_MS in ensureConfigServers
- Use source field instead of dbId for storageLocation derivation
- Fix remaining hardcoded "App" in reset() leaderCheck message
* fix: persist oauthHeaders in flow state for config-source OAuth servers
The OAuth callback route has no JWT auth context and cannot resolve
config-source server configs. Previously, getOAuthHeaders would silently
return {} for config-source servers, dropping custom token exchange headers.
Now oauthHeaders are persisted in MCPOAuthFlowMetadata during flow
initiation (which has auth context), and the callback reads them from
the stored flow state with a fallback to the registry lookup for
YAML/user-DB servers.
* fix: update tests for getMCPSetupData null guard removal and ToolService mock
- MCP.spec.js: update test to expect graceful handling of null mcpConfig
instead of a throw (getAllServerConfigs always returns an object)
- MCP.js: add defensive || {} for Object.entries(mcpConfig) in case of
null from test mocks
- ToolService.spec.js: add missing mock for ~/server/services/MCP
(resolveConfigServers)
* fix: address review findings — DRY, naming, logging, dead code, defensive guards
- #1: Simplify getAllServerConfigs to single getBaseServerConfigs call,
eliminating redundant double-fetch of cacheConfigsRepo.getAll()
- #2: Add warning log when oauthHeaders absent from OAuth callback flow state
- #3: Extract resolveAllMcpConfigs to MCP.js service layer; controller
imports shared helper instead of reimplementing
- #4: Rename _serverConfig/_provider to capturedServerConfig/capturedProvider
in createToolInstance — these are actively used, not unused
- #5: Log rejected results from ensureConfigServers Promise.allSettled
so cache errors are visible instead of silently dropped
- #6: Remove dead 'MCP config not found' error handlers from routes
- #7: Document circular-dependency reason for dynamic require in clearMcpConfigCache
- #8: Remove logger.error from withTimeout to prevent double-logging timeouts
- #10: Add explicit userId guard in ServerConfigsDB.upsert with clear error message
- #12: Use spread instead of mutation in addServer for immutability consistency
- Add upsert mock to ensureConfigServers.test.ts DB mock
- Update route tests for resolveAllMcpConfigs import change
* fix: restore correct merge priority, use immutable spread, fix test mock
- getAllServerConfigs: { ...configServers, ...base } so userDB wins over
configServers, matching documented "User DB (highest)" priority
- lazyInitConfigServer: use immutable spread instead of direct mutation
for parsedConfig.source, consistent with addServer fix
- Fix test to mock getAllServerConfigs as {} instead of null, remove
unnecessary || {} defensive guard in getMCPSetupData
* fix: error handling, stable hashing, flatten nesting, remove dead param
- Wrap resolveConfigServers/resolveAllMcpConfigs in try/catch with
graceful {} fallback so transient DB/cache errors don't crash tool pipeline
- Sort keys in configCacheKey JSON.stringify for deterministic hashing
regardless of object property insertion order
- Flatten clearMcpConfigCache from 3 nested try-catch to early returns;
document that user connections are cleaned up lazily (accepted tradeoff)
- Remove dead configServers param from getAppToolFunctions (never passed)
- Add security rationale comment for source field in redactServerSecrets
* fix: use recursive key-sorting replacer in configCacheKey to prevent cross-tenant cache collision
The array replacer in JSON.stringify acts as a property allowlist at
every nesting depth, silently dropping nested keys like headers['X-API-Key'],
oauth.client_secret, etc. Two configs with different nested values but
identical top-level structure produced the same hash, causing cross-tenant
cache hits and potential credential contamination.
Switch to a function replacer that recursively sorts keys at all depths
without dropping any properties.
Also document the known gap in getOAuthServers: config-source OAuth
servers are not covered by auto-reconnection or uninstall cleanup
because callers lack request context.
* fix: move clearMcpConfigCache to packages/api to eliminate circular dependency
The function only depends on MCPServersRegistry and MCPManager, both of
which live in packages/api. Import it directly from @librechat/api in
the CJS layer instead of using dynamic require('~/config').
* chore: imports/fields ordering
* fix: address review findings — error handling, targeted lookup, test gaps
- Narrow resolveAllMcpConfigs catch to only wrap ensureConfigServers so
getAppConfig/getAllServerConfigs failures propagate instead of masking
infrastructure errors as empty server lists.
- Use targeted getServerConfig in getMCPServerById instead of fetching
all server configs for a single-server lookup.
- Forward configServers to inner createMCPTool calls so reconnect path
works for config-source servers.
- Update getAllServerConfigs JSDoc to document disjoint-key design.
- Add OAuth callback oauthHeaders fallback tests (flow state present
vs registry fallback).
- Add resolveConfigServers/resolveAllMcpConfigs unit tests covering
happy path and error propagation.
* fix: add getOAuthReconnectionManager mock to OAuth callback tests
* chore: imports ordering
2026-03-28 10:36:43 -04:00
|
|
|
source: 'user',
|
2025-12-04 21:37:23 +01:00
|
|
|
updatedAt: serverDBDoc.updatedAt?.getTime(),
|
|
|
|
|
};
|
2025-12-10 02:10:56 +01:00
|
|
|
return await this.decryptConfig(config);
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-12 19:51:49 +01:00
|
|
|
/**
|
|
|
|
|
* Transforms user-provided API key config by auto-generating customUserVars and headers.
|
|
|
|
|
* This is a config transformation, not encryption.
|
|
|
|
|
* @param config - The server config to transform
|
|
|
|
|
* @returns The transformed config with customUserVars and headers set up
|
|
|
|
|
*/
|
|
|
|
|
private transformUserApiKeyConfig(config: ParsedServerConfig): ParsedServerConfig {
|
|
|
|
|
if (!config.apiKey || config.apiKey.source !== 'user') {
|
|
|
|
|
return config;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const result = { ...config };
|
|
|
|
|
const headerName =
|
|
|
|
|
result.apiKey!.authorization_type === 'custom'
|
|
|
|
|
? result.apiKey!.custom_header || 'X-Api-Key'
|
|
|
|
|
: 'Authorization';
|
|
|
|
|
|
|
|
|
|
let headerValue: string;
|
|
|
|
|
if (result.apiKey!.authorization_type === 'basic') {
|
|
|
|
|
headerValue = 'Basic {{MCP_API_KEY}}';
|
|
|
|
|
} else if (result.apiKey!.authorization_type === 'bearer') {
|
|
|
|
|
headerValue = 'Bearer {{MCP_API_KEY}}';
|
|
|
|
|
} else {
|
|
|
|
|
headerValue = '{{MCP_API_KEY}}';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result.customUserVars = {
|
|
|
|
|
...result.customUserVars,
|
|
|
|
|
MCP_API_KEY: {
|
|
|
|
|
title: 'API Key',
|
|
|
|
|
description: 'Your API key for this MCP server',
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
|
2026-01-23 09:06:29 -05:00
|
|
|
/** Cast to access headers property (not available on Stdio type) */
|
2025-12-12 19:51:49 +01:00
|
|
|
const resultWithHeaders = result as ParsedServerConfig & {
|
|
|
|
|
headers?: Record<string, string>;
|
|
|
|
|
};
|
|
|
|
|
resultWithHeaders.headers = {
|
|
|
|
|
...resultWithHeaders.headers,
|
|
|
|
|
[headerName]: headerValue,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Remove key field since it's user-provided (destructure to omit, not set to undefined)
|
🗝️ feat: Credential Variables for DB-Sourced MCP Servers (#12044)
* feat: Allow Credential Variables in Headers for DB-sourced MCP Servers
- Removed the hasCustomUserVars check from ToolService.js, directly retrieving userMCPAuthMap.
- Updated MCPConnectionFactory and related classes to include a dbSourced flag for better handling of database-sourced configurations.
- Added integration tests to ensure proper behavior of dbSourced servers, verifying that sensitive placeholders are not resolved while allowing customUserVars.
- Adjusted various MCP-related files to accommodate the new dbSourced logic, ensuring consistent handling across the codebase.
* chore: MCPConnectionFactory Tests with Additional Flow Metadata for typing
- Updated MCPConnectionFactory tests to include new fields in flowMetadata: serverUrl and state.
- Enhanced mockFlowData in multiple test cases to reflect the updated structure, ensuring comprehensive coverage of the OAuth flow scenarios.
- Added authorization_endpoint to metadata in the test setup for improved validation of the OAuth process.
* refactor: Simplify MCPManager Configuration Handling
- Removed unnecessary type assertions and streamlined the retrieval of server configuration in MCPManager.
- Enhanced the handling of OAuth and database-sourced flags for improved clarity and efficiency.
- Updated tests to reflect changes in user object structure and ensure proper processing of MCP environment variables.
* refactor: Optimize User MCP Auth Map Retrieval in ToolService
- Introduced conditional loading of userMCPAuthMap based on the presence of MCP-delimited tools, improving efficiency by avoiding unnecessary calls.
- Updated the loadToolDefinitionsWrapper and loadAgentTools functions to reflect this change, enhancing overall performance and clarity.
* test: Add userMCPAuthMap gating tests in ToolService
- Introduced new tests to validate the logic for determining if MCP tools are present in the agent's tool list.
- Implemented various scenarios to ensure accurate detection of MCP tools, including edge cases for empty, undefined, and null tool lists.
- Enhanced clarity and coverage of the ToolService capability checking logic.
* refactor: Enhance MCP Environment Variable Processing
- Simplified the handling of the dbSourced parameter in the processMCPEnv function.
- Introduced a failsafe mechanism to derive dbSourced from options if not explicitly provided, improving robustness and clarity in MCP environment variable processing.
* refactor: Update Regex Patterns for Credential Placeholders in ServerConfigsDB
- Modified regex patterns to include additional credential/env placeholders that should not be allowed in user-provided configurations.
- Clarified comments to emphasize the security risks associated with credential exfiltration when MCP servers are shared between users.
* chore: field order
* refactor: Clean Up dbSourced Parameter Handling in processMCPEnv
- Reintroduced the failsafe mechanism for deriving the dbSourced parameter from options, ensuring clarity and robustness in MCP environment variable processing.
- Enhanced code readability by maintaining consistent comment structure.
* refactor: Update MCPOptions Type to Include Optional dbId
- Modified the processMCPEnv function to extend the MCPOptions type, allowing for an optional dbId property.
- Simplified the logic for deriving the dbSourced parameter by directly checking the dbId property, enhancing code clarity and maintainability.
2026-03-03 18:02:37 -05:00
|
|
|
|
2025-12-12 19:51:49 +01:00
|
|
|
const { key: _removed, ...apiKeyWithoutKey } = result.apiKey!;
|
|
|
|
|
result.apiKey = apiKeyWithoutKey;
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-10 02:10:56 +01:00
|
|
|
/**
|
|
|
|
|
* Encrypts sensitive fields in config before database storage.
|
2026-03-24 16:31:34 +00:00
|
|
|
* Encrypts oauth.client_secret, apiKey.key (when source === 'admin'),
|
|
|
|
|
* and header values listed in secretHeaderKeys.
|
2025-12-10 02:10:56 +01:00
|
|
|
* Throws on failure to prevent storing plaintext secrets.
|
|
|
|
|
*/
|
|
|
|
|
private async encryptConfig(config: ParsedServerConfig): Promise<ParsedServerConfig> {
|
2025-12-12 19:51:49 +01:00
|
|
|
let result = { ...config };
|
|
|
|
|
|
|
|
|
|
if (result.apiKey?.source === 'admin' && result.apiKey.key) {
|
|
|
|
|
try {
|
|
|
|
|
result.apiKey = {
|
|
|
|
|
...result.apiKey,
|
|
|
|
|
key: await encryptV2(result.apiKey.key),
|
|
|
|
|
};
|
|
|
|
|
} catch (error) {
|
|
|
|
|
logger.error('[ServerConfigsDB.encryptConfig] Failed to encrypt apiKey.key', error);
|
|
|
|
|
throw new Error('Failed to encrypt MCP server configuration');
|
|
|
|
|
}
|
2025-12-10 02:10:56 +01:00
|
|
|
}
|
2025-12-12 19:51:49 +01:00
|
|
|
|
|
|
|
|
if (result.oauth?.client_secret) {
|
|
|
|
|
try {
|
|
|
|
|
result = {
|
|
|
|
|
...result,
|
|
|
|
|
oauth: {
|
|
|
|
|
...result.oauth,
|
|
|
|
|
client_secret: await encryptV2(result.oauth.client_secret),
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
} catch (error) {
|
|
|
|
|
logger.error('[ServerConfigsDB.encryptConfig] Failed to encrypt client_secret', error);
|
|
|
|
|
throw new Error('Failed to encrypt MCP server configuration');
|
|
|
|
|
}
|
2025-12-10 02:10:56 +01:00
|
|
|
}
|
2025-12-12 19:51:49 +01:00
|
|
|
|
2026-03-24 16:31:34 +00:00
|
|
|
const secretHeaderKeys = result.secretHeaderKeys;
|
|
|
|
|
if (secretHeaderKeys?.length) {
|
|
|
|
|
const resultWithHeaders = result as ParsedServerConfig & { headers?: Record<string, string> };
|
|
|
|
|
if (resultWithHeaders.headers) {
|
|
|
|
|
const encryptedHeaders = { ...resultWithHeaders.headers };
|
|
|
|
|
// Deduplicate to avoid double-encryption
|
|
|
|
|
const uniqueSecretKeys = Array.from(new Set(secretHeaderKeys));
|
|
|
|
|
for (const secretKey of uniqueSecretKeys) {
|
|
|
|
|
const val = encryptedHeaders[secretKey];
|
|
|
|
|
if (val) {
|
|
|
|
|
try {
|
|
|
|
|
encryptedHeaders[secretKey] = await encryptV2(val);
|
|
|
|
|
} catch (error) {
|
|
|
|
|
logger.error(
|
|
|
|
|
`[ServerConfigsDB.encryptConfig] Failed to encrypt header "${secretKey}"`,
|
|
|
|
|
error,
|
|
|
|
|
);
|
|
|
|
|
throw new Error('Failed to encrypt MCP server configuration');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
resultWithHeaders.headers = encryptedHeaders;
|
|
|
|
|
// Normalize secretHeaderKeys to the deduped list for consistency
|
|
|
|
|
result.secretHeaderKeys = uniqueSecretKeys;
|
|
|
|
|
result = resultWithHeaders as ParsedServerConfig;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-12 19:51:49 +01:00
|
|
|
return result;
|
2025-12-10 02:10:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Decrypts sensitive fields in config after database retrieval.
|
2026-03-24 16:31:34 +00:00
|
|
|
* Decrypts oauth.client_secret, apiKey.key (when source === 'admin'),
|
|
|
|
|
* and header values listed in secretHeaderKeys.
|
2025-12-10 02:10:56 +01:00
|
|
|
* Returns config without secret on failure (graceful degradation).
|
|
|
|
|
*/
|
|
|
|
|
private async decryptConfig(config: ParsedServerConfig): Promise<ParsedServerConfig> {
|
2025-12-12 19:51:49 +01:00
|
|
|
let result = { ...config };
|
|
|
|
|
|
|
|
|
|
if (result.apiKey?.source === 'admin' && result.apiKey.key) {
|
|
|
|
|
try {
|
|
|
|
|
result.apiKey = {
|
|
|
|
|
...result.apiKey,
|
|
|
|
|
key: await decryptV2(result.apiKey.key),
|
|
|
|
|
};
|
|
|
|
|
} catch (error) {
|
|
|
|
|
logger.warn(
|
|
|
|
|
'[ServerConfigsDB.decryptConfig] Failed to decrypt apiKey.key, returning config without key',
|
|
|
|
|
error,
|
|
|
|
|
);
|
🗝️ feat: Credential Variables for DB-Sourced MCP Servers (#12044)
* feat: Allow Credential Variables in Headers for DB-sourced MCP Servers
- Removed the hasCustomUserVars check from ToolService.js, directly retrieving userMCPAuthMap.
- Updated MCPConnectionFactory and related classes to include a dbSourced flag for better handling of database-sourced configurations.
- Added integration tests to ensure proper behavior of dbSourced servers, verifying that sensitive placeholders are not resolved while allowing customUserVars.
- Adjusted various MCP-related files to accommodate the new dbSourced logic, ensuring consistent handling across the codebase.
* chore: MCPConnectionFactory Tests with Additional Flow Metadata for typing
- Updated MCPConnectionFactory tests to include new fields in flowMetadata: serverUrl and state.
- Enhanced mockFlowData in multiple test cases to reflect the updated structure, ensuring comprehensive coverage of the OAuth flow scenarios.
- Added authorization_endpoint to metadata in the test setup for improved validation of the OAuth process.
* refactor: Simplify MCPManager Configuration Handling
- Removed unnecessary type assertions and streamlined the retrieval of server configuration in MCPManager.
- Enhanced the handling of OAuth and database-sourced flags for improved clarity and efficiency.
- Updated tests to reflect changes in user object structure and ensure proper processing of MCP environment variables.
* refactor: Optimize User MCP Auth Map Retrieval in ToolService
- Introduced conditional loading of userMCPAuthMap based on the presence of MCP-delimited tools, improving efficiency by avoiding unnecessary calls.
- Updated the loadToolDefinitionsWrapper and loadAgentTools functions to reflect this change, enhancing overall performance and clarity.
* test: Add userMCPAuthMap gating tests in ToolService
- Introduced new tests to validate the logic for determining if MCP tools are present in the agent's tool list.
- Implemented various scenarios to ensure accurate detection of MCP tools, including edge cases for empty, undefined, and null tool lists.
- Enhanced clarity and coverage of the ToolService capability checking logic.
* refactor: Enhance MCP Environment Variable Processing
- Simplified the handling of the dbSourced parameter in the processMCPEnv function.
- Introduced a failsafe mechanism to derive dbSourced from options if not explicitly provided, improving robustness and clarity in MCP environment variable processing.
* refactor: Update Regex Patterns for Credential Placeholders in ServerConfigsDB
- Modified regex patterns to include additional credential/env placeholders that should not be allowed in user-provided configurations.
- Clarified comments to emphasize the security risks associated with credential exfiltration when MCP servers are shared between users.
* chore: field order
* refactor: Clean Up dbSourced Parameter Handling in processMCPEnv
- Reintroduced the failsafe mechanism for deriving the dbSourced parameter from options, ensuring clarity and robustness in MCP environment variable processing.
- Enhanced code readability by maintaining consistent comment structure.
* refactor: Update MCPOptions Type to Include Optional dbId
- Modified the processMCPEnv function to extend the MCPOptions type, allowing for an optional dbId property.
- Simplified the logic for deriving the dbSourced parameter by directly checking the dbId property, enhancing code clarity and maintainability.
2026-03-03 18:02:37 -05:00
|
|
|
|
2025-12-12 19:51:49 +01:00
|
|
|
const { key: _removedKey, ...apiKeyWithoutKey } = result.apiKey;
|
|
|
|
|
result.apiKey = apiKeyWithoutKey;
|
|
|
|
|
}
|
2025-12-10 02:10:56 +01:00
|
|
|
}
|
2025-12-12 19:51:49 +01:00
|
|
|
|
|
|
|
|
if (result.oauth?.client_secret) {
|
|
|
|
|
const oauthConfig = result.oauth as { client_secret: string } & typeof result.oauth;
|
|
|
|
|
try {
|
|
|
|
|
result = {
|
|
|
|
|
...result,
|
|
|
|
|
oauth: {
|
|
|
|
|
...oauthConfig,
|
|
|
|
|
client_secret: await decryptV2(oauthConfig.client_secret),
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
} catch (error) {
|
|
|
|
|
logger.warn(
|
|
|
|
|
'[ServerConfigsDB.decryptConfig] Failed to decrypt client_secret, returning config without secret',
|
|
|
|
|
error,
|
|
|
|
|
);
|
🗝️ feat: Credential Variables for DB-Sourced MCP Servers (#12044)
* feat: Allow Credential Variables in Headers for DB-sourced MCP Servers
- Removed the hasCustomUserVars check from ToolService.js, directly retrieving userMCPAuthMap.
- Updated MCPConnectionFactory and related classes to include a dbSourced flag for better handling of database-sourced configurations.
- Added integration tests to ensure proper behavior of dbSourced servers, verifying that sensitive placeholders are not resolved while allowing customUserVars.
- Adjusted various MCP-related files to accommodate the new dbSourced logic, ensuring consistent handling across the codebase.
* chore: MCPConnectionFactory Tests with Additional Flow Metadata for typing
- Updated MCPConnectionFactory tests to include new fields in flowMetadata: serverUrl and state.
- Enhanced mockFlowData in multiple test cases to reflect the updated structure, ensuring comprehensive coverage of the OAuth flow scenarios.
- Added authorization_endpoint to metadata in the test setup for improved validation of the OAuth process.
* refactor: Simplify MCPManager Configuration Handling
- Removed unnecessary type assertions and streamlined the retrieval of server configuration in MCPManager.
- Enhanced the handling of OAuth and database-sourced flags for improved clarity and efficiency.
- Updated tests to reflect changes in user object structure and ensure proper processing of MCP environment variables.
* refactor: Optimize User MCP Auth Map Retrieval in ToolService
- Introduced conditional loading of userMCPAuthMap based on the presence of MCP-delimited tools, improving efficiency by avoiding unnecessary calls.
- Updated the loadToolDefinitionsWrapper and loadAgentTools functions to reflect this change, enhancing overall performance and clarity.
* test: Add userMCPAuthMap gating tests in ToolService
- Introduced new tests to validate the logic for determining if MCP tools are present in the agent's tool list.
- Implemented various scenarios to ensure accurate detection of MCP tools, including edge cases for empty, undefined, and null tool lists.
- Enhanced clarity and coverage of the ToolService capability checking logic.
* refactor: Enhance MCP Environment Variable Processing
- Simplified the handling of the dbSourced parameter in the processMCPEnv function.
- Introduced a failsafe mechanism to derive dbSourced from options if not explicitly provided, improving robustness and clarity in MCP environment variable processing.
* refactor: Update Regex Patterns for Credential Placeholders in ServerConfigsDB
- Modified regex patterns to include additional credential/env placeholders that should not be allowed in user-provided configurations.
- Clarified comments to emphasize the security risks associated with credential exfiltration when MCP servers are shared between users.
* chore: field order
* refactor: Clean Up dbSourced Parameter Handling in processMCPEnv
- Reintroduced the failsafe mechanism for deriving the dbSourced parameter from options, ensuring clarity and robustness in MCP environment variable processing.
- Enhanced code readability by maintaining consistent comment structure.
* refactor: Update MCPOptions Type to Include Optional dbId
- Modified the processMCPEnv function to extend the MCPOptions type, allowing for an optional dbId property.
- Simplified the logic for deriving the dbSourced parameter by directly checking the dbId property, enhancing code clarity and maintainability.
2026-03-03 18:02:37 -05:00
|
|
|
|
2025-12-12 19:51:49 +01:00
|
|
|
const { client_secret: _removed, ...oauthWithoutSecret } = oauthConfig;
|
|
|
|
|
result = {
|
|
|
|
|
...result,
|
|
|
|
|
oauth: oauthWithoutSecret,
|
|
|
|
|
};
|
|
|
|
|
}
|
2025-12-10 02:10:56 +01:00
|
|
|
}
|
2025-12-12 19:51:49 +01:00
|
|
|
|
2026-03-24 16:31:34 +00:00
|
|
|
const secretHeaderKeys = result.secretHeaderKeys;
|
|
|
|
|
if (secretHeaderKeys?.length) {
|
|
|
|
|
const resultWithHeaders = result as ParsedServerConfig & { headers?: Record<string, string> };
|
|
|
|
|
if (resultWithHeaders.headers) {
|
|
|
|
|
const decryptedHeaders = { ...resultWithHeaders.headers };
|
|
|
|
|
// Deduplicate to avoid double-decryption
|
|
|
|
|
const uniqueSecretKeys = Array.from(new Set(secretHeaderKeys));
|
|
|
|
|
for (const secretKey of uniqueSecretKeys) {
|
|
|
|
|
const val = decryptedHeaders[secretKey];
|
|
|
|
|
if (val) {
|
|
|
|
|
try {
|
|
|
|
|
decryptedHeaders[secretKey] = await decryptV2(val);
|
|
|
|
|
} catch (error) {
|
|
|
|
|
logger.warn(
|
|
|
|
|
`[ServerConfigsDB.decryptConfig] Failed to decrypt header "${secretKey}", returning empty value`,
|
|
|
|
|
error,
|
|
|
|
|
);
|
|
|
|
|
decryptedHeaders[secretKey] = '';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
resultWithHeaders.headers = decryptedHeaders;
|
|
|
|
|
// Normalize secretHeaderKeys to the deduped list for consistency
|
|
|
|
|
result.secretHeaderKeys = uniqueSecretKeys;
|
|
|
|
|
result = resultWithHeaders as ParsedServerConfig;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-12 19:51:49 +01:00
|
|
|
return result;
|
2025-12-04 21:37:23 +01:00
|
|
|
}
|
2025-11-28 16:07:09 +01:00
|
|
|
}
|