2025-07-05 11:34:28 -04:00
|
|
|
import { z } from 'zod';
|
2025-08-11 14:26:28 -04:00
|
|
|
import { ViolationTypes, ErrorTypes } from 'librechat-data-provider';
|
|
|
|
|
import type { Agent, TModelsConfig } from 'librechat-data-provider';
|
|
|
|
|
import type { Request, Response } from 'express';
|
2025-07-05 11:34:28 -04:00
|
|
|
|
|
|
|
|
/** Avatar schema shared between create and update */
|
|
|
|
|
export const agentAvatarSchema = z.object({
|
|
|
|
|
filepath: z.string(),
|
|
|
|
|
source: z.string(),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
/** Base resource schema for tool resources */
|
|
|
|
|
export const agentBaseResourceSchema = z.object({
|
|
|
|
|
file_ids: z.array(z.string()).optional(),
|
|
|
|
|
files: z.array(z.any()).optional(), // Files are populated at runtime, not from user input
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
/** File resource schema extends base with vector_store_ids */
|
|
|
|
|
export const agentFileResourceSchema = agentBaseResourceSchema.extend({
|
|
|
|
|
vector_store_ids: z.array(z.string()).optional(),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
/** Tool resources schema matching AgentToolResources interface */
|
|
|
|
|
export const agentToolResourcesSchema = z
|
|
|
|
|
.object({
|
|
|
|
|
image_edit: agentBaseResourceSchema.optional(),
|
|
|
|
|
execute_code: agentBaseResourceSchema.optional(),
|
|
|
|
|
file_search: agentFileResourceSchema.optional(),
|
2025-09-18 20:06:59 -04:00
|
|
|
context: agentBaseResourceSchema.optional(),
|
|
|
|
|
/** @deprecated Use context instead */
|
2025-07-05 11:34:28 -04:00
|
|
|
ocr: agentBaseResourceSchema.optional(),
|
|
|
|
|
})
|
|
|
|
|
.optional();
|
|
|
|
|
|
🏪 feat: Agent Marketplace
bugfix: Enhance Agent and AgentCategory schemas with new fields for category, support contact, and promotion status
refactored and moved agent category methods and schema to data-schema package
🔧 fix: Merge and Rebase Conflicts
- Move AgentCategory from api/models to @packages/data-schemas structure
- Add schema, types, methods, and model following codebase conventions
- Implement auto-seeding of default categories during AppService startup
- Update marketplace controller to use new data-schemas methods
- Remove old model file and standalone seed script
refactor: unify agent marketplace to single endpoint with cursor pagination
- Replace multiple marketplace routes with unified /marketplace endpoint
- Add query string controls: category, search, limit, cursor, promoted, requiredPermission
- Implement cursor-based pagination replacing page-based system
- Integrate ACL permissions for proper access control
- Fix ObjectId constructor error in Agent model
- Update React components to use unified useGetMarketplaceAgentsQuery hook
- Enhance type safety and remove deprecated useDynamicAgentQuery
- Update tests for new marketplace architecture
-Known issues:
see more button after category switching + Unit tests
feat: add icon property to ProcessedAgentCategory interface
- Add useMarketplaceAgentsInfiniteQuery and useGetAgentCategoriesQuery to client/src/data-provider/Agents/
- Replace manual pagination in AgentGrid with infinite query pattern
- Update imports to use local data provider instead of librechat-data-provider
- Add proper permission handling with PERMISSION_BITS.VIEW/EDIT constants
- Improve agent access control by adding requiredPermission validation in backend
- Remove manual cursor/state management in favor of infinite query built-ins
- Maintain existing search and category filtering functionality
refactor: consolidate agent marketplace endpoints into main agents API and improve data management consistency
- Remove dedicated marketplace controller and routes, merging functionality into main agents v1 API
- Add countPromotedAgents function to Agent model for promoted agents count
- Enhance getListAgents handler with marketplace filtering (category, search, promoted status)
- Move getAgentCategories from marketplace to v1 controller with same functionality
- Update agent mutations to invalidate marketplace queries and handle multiple permission levels
- Improve cache management by updating all agent query variants (VIEW/EDIT permissions)
- Consolidate agent data access patterns for better maintainability and consistency
- Remove duplicate marketplace route definitions and middleware
selected view only agents injected in the drop down
fix: remove minlength validation for support contact name in agent schema
feat: add validation and error messages for agent name in AgentConfig and AgentPanel
fix: update agent permission check logic in AgentPanel to simplify condition
Fix linting WIP
Fix Unit tests WIP
ESLint fixes
eslint fix
refactor: enhance isDuplicateVersion function in Agent model for improved comparison logic
- Introduced handling for undefined/null values in array and object comparisons.
- Normalized array comparisons to treat undefined/null as empty arrays.
- Added deep comparison for objects and improved handling of primitive values.
- Enhanced projectIds comparison to ensure consistent MongoDB ObjectId handling.
refactor: remove redundant properties from IAgent interface in agent schema
chore: update localization for agent detail component and clean up imports
ci: update access middleware tests
chore: remove unused PermissionTypes import from Role model
ci: update AclEntry model tests
ci: update button accessibility labels in AgentDetail tests
refactor: update exhaustive dep. lint warning
🔧 fix: Fixed agent actions access
feat: Add role-level permissions for agent sharing people picker
- Add PEOPLE_PICKER permission type with VIEW_USERS and VIEW_GROUPS permissions
- Create custom middleware for query-aware permission validation
- Implement permission-based type filtering in PeoplePicker component
- Hide people picker UI when user lacks permissions, show only public toggle
- Support granular access: users-only, groups-only, or mixed search modes
refactor: Replace marketplace interface config with permission-based system
- Add MARKETPLACE permission type to handle marketplace access control
- Update interface configuration to use role-based marketplace settings (admin/user)
- Replace direct marketplace boolean config with permission-based checks
- Modify frontend components to use marketplace permissions instead of interface config
- Update agent query hooks to use marketplace permissions for determining permission levels
- Add marketplace configuration structure similar to peoplePicker in YAML config
- Backend now sets MARKETPLACE permissions based on interface configuration
- When marketplace enabled: users get agents with EDIT permissions in dropdown lists (builder mode)
- When marketplace disabled: users get agents with VIEW permissions in dropdown lists (browse mode)
🔧 fix: Redirect to New Chat if No Marketplace Access and Required Agent Name Placeholder (#8213)
* Fix: Fix the redirect to new chat page if access to marketplace is denied
* Fixed the required agent name placeholder
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
chore: fix tests, remove unnecessary imports
refactor: Implement permission checks for file access via agents
- Updated `hasAccessToFilesViaAgent` to utilize permission checks for VIEW and EDIT access.
- Replaced project-based access validation with permission-based checks.
- Enhanced tests to cover new permission logic and ensure proper access control for files associated with agents.
- Cleaned up imports and initialized models in test files for consistency.
refactor: Enhance test setup and cleanup for file access control
- Introduced modelsToCleanup array to track models added during tests for proper cleanup.
- Updated afterAll hooks in test files to ensure all collections are cleared and only added models are deleted.
- Improved consistency in model initialization across test files.
- Added comments for clarity on cleanup processes and test data management.
chore: Update Jest configuration and test setup for improved timeout handling
- Added a global test timeout of 30 seconds in jest.config.js.
- Configured jest.setTimeout in jestSetup.js to allow individual test overrides if needed.
- Enhanced test reliability by ensuring consistent timeout settings across all tests.
refactor: Implement file access filtering based on agent permissions
- Introduced `filterFilesByAgentAccess` function to filter files based on user access through agents.
- Updated `getFiles` and `primeFiles` functions to utilize the new filtering logic.
- Moved `hasAccessToFilesViaAgent` function from the File model to permission services, adjusting imports accordingly
- Enhanced tests to ensure proper access control and filtering behavior for files associated with agents.
fix: make support_contact field a nested object rather than a sub-document
refactor: Update support_contact field initialization in agent model
- Removed handling for empty support_contact object in createAgent function.
- Changed default value of support_contact in agent schema to undefined.
test: Add comprehensive tests for support_contact field handling and versioning
refactor: remove unused avatar upload mutation field and add informational toast for success
chore: add missing SidePanelProvider for AgentMarketplace and organize imports
fix: resolve agent selection race condition in marketplace HandleStartChat
- Set agent in localStorage before newConversation to prevent useSelectorEffects from auto-selecting previous agent
fix: resolve agent dropdown showing raw ID instead of agent info from URL
- Add proactive agent fetching when agent_id is present in URL parameters
- Inject fetched agent into agents cache so dropdowns display proper name/avatar
- Use useAgentsMap dependency to ensure proper cache initialization timing
- Prevents raw agent IDs from showing in UI when visiting shared agent links
Fix: Agents endpoint renamed to "My Agent" for less confusion with the Marketplace agents.
chore: fix ESLint issues and Test Mocks
ci: update permissions structure in loadDefaultInterface tests
- Refactored permissions for MEMORY and added new permissions for MARKETPLACE and PEOPLE_PICKER.
- Ensured consistent structure for permissions across different types.
feat: support_contact validation to allow empty email strings
2025-06-11 22:55:07 +05:30
|
|
|
/** Support contact schema for agent */
|
|
|
|
|
export const agentSupportContactSchema = z
|
|
|
|
|
.object({
|
|
|
|
|
name: z.string().optional(),
|
|
|
|
|
email: z.union([z.literal(''), z.string().email()]).optional(),
|
|
|
|
|
})
|
|
|
|
|
.optional();
|
|
|
|
|
|
2025-11-05 17:15:17 -05:00
|
|
|
/** Graph edge schema for agent handoffs */
|
|
|
|
|
export const graphEdgeSchema = z.object({
|
|
|
|
|
from: z.union([z.string(), z.array(z.string())]),
|
|
|
|
|
to: z.union([z.string(), z.array(z.string())]),
|
|
|
|
|
description: z.string().optional(),
|
|
|
|
|
edgeType: z.enum(['handoff', 'direct']).optional(),
|
|
|
|
|
prompt: z.union([z.string(), z.function()]).optional(),
|
|
|
|
|
excludeResults: z.boolean().optional(),
|
|
|
|
|
promptKey: z.string().optional(),
|
|
|
|
|
});
|
|
|
|
|
|
2025-07-05 11:34:28 -04:00
|
|
|
/** Base agent schema with all common fields */
|
|
|
|
|
export const agentBaseSchema = z.object({
|
|
|
|
|
name: z.string().nullable().optional(),
|
|
|
|
|
description: z.string().nullable().optional(),
|
|
|
|
|
instructions: z.string().nullable().optional(),
|
|
|
|
|
avatar: agentAvatarSchema.nullable().optional(),
|
|
|
|
|
model_parameters: z.record(z.unknown()).optional(),
|
|
|
|
|
tools: z.array(z.string()).optional(),
|
2025-11-05 17:15:17 -05:00
|
|
|
/** @deprecated Use edges instead */
|
2025-07-05 11:34:28 -04:00
|
|
|
agent_ids: z.array(z.string()).optional(),
|
2025-11-05 17:15:17 -05:00
|
|
|
edges: z.array(graphEdgeSchema).optional(),
|
2025-07-05 11:34:28 -04:00
|
|
|
end_after_tools: z.boolean().optional(),
|
|
|
|
|
hide_sequential_outputs: z.boolean().optional(),
|
|
|
|
|
artifacts: z.string().optional(),
|
|
|
|
|
recursion_limit: z.number().optional(),
|
|
|
|
|
conversation_starters: z.array(z.string()).optional(),
|
|
|
|
|
tool_resources: agentToolResourcesSchema,
|
🏪 feat: Agent Marketplace
bugfix: Enhance Agent and AgentCategory schemas with new fields for category, support contact, and promotion status
refactored and moved agent category methods and schema to data-schema package
🔧 fix: Merge and Rebase Conflicts
- Move AgentCategory from api/models to @packages/data-schemas structure
- Add schema, types, methods, and model following codebase conventions
- Implement auto-seeding of default categories during AppService startup
- Update marketplace controller to use new data-schemas methods
- Remove old model file and standalone seed script
refactor: unify agent marketplace to single endpoint with cursor pagination
- Replace multiple marketplace routes with unified /marketplace endpoint
- Add query string controls: category, search, limit, cursor, promoted, requiredPermission
- Implement cursor-based pagination replacing page-based system
- Integrate ACL permissions for proper access control
- Fix ObjectId constructor error in Agent model
- Update React components to use unified useGetMarketplaceAgentsQuery hook
- Enhance type safety and remove deprecated useDynamicAgentQuery
- Update tests for new marketplace architecture
-Known issues:
see more button after category switching + Unit tests
feat: add icon property to ProcessedAgentCategory interface
- Add useMarketplaceAgentsInfiniteQuery and useGetAgentCategoriesQuery to client/src/data-provider/Agents/
- Replace manual pagination in AgentGrid with infinite query pattern
- Update imports to use local data provider instead of librechat-data-provider
- Add proper permission handling with PERMISSION_BITS.VIEW/EDIT constants
- Improve agent access control by adding requiredPermission validation in backend
- Remove manual cursor/state management in favor of infinite query built-ins
- Maintain existing search and category filtering functionality
refactor: consolidate agent marketplace endpoints into main agents API and improve data management consistency
- Remove dedicated marketplace controller and routes, merging functionality into main agents v1 API
- Add countPromotedAgents function to Agent model for promoted agents count
- Enhance getListAgents handler with marketplace filtering (category, search, promoted status)
- Move getAgentCategories from marketplace to v1 controller with same functionality
- Update agent mutations to invalidate marketplace queries and handle multiple permission levels
- Improve cache management by updating all agent query variants (VIEW/EDIT permissions)
- Consolidate agent data access patterns for better maintainability and consistency
- Remove duplicate marketplace route definitions and middleware
selected view only agents injected in the drop down
fix: remove minlength validation for support contact name in agent schema
feat: add validation and error messages for agent name in AgentConfig and AgentPanel
fix: update agent permission check logic in AgentPanel to simplify condition
Fix linting WIP
Fix Unit tests WIP
ESLint fixes
eslint fix
refactor: enhance isDuplicateVersion function in Agent model for improved comparison logic
- Introduced handling for undefined/null values in array and object comparisons.
- Normalized array comparisons to treat undefined/null as empty arrays.
- Added deep comparison for objects and improved handling of primitive values.
- Enhanced projectIds comparison to ensure consistent MongoDB ObjectId handling.
refactor: remove redundant properties from IAgent interface in agent schema
chore: update localization for agent detail component and clean up imports
ci: update access middleware tests
chore: remove unused PermissionTypes import from Role model
ci: update AclEntry model tests
ci: update button accessibility labels in AgentDetail tests
refactor: update exhaustive dep. lint warning
🔧 fix: Fixed agent actions access
feat: Add role-level permissions for agent sharing people picker
- Add PEOPLE_PICKER permission type with VIEW_USERS and VIEW_GROUPS permissions
- Create custom middleware for query-aware permission validation
- Implement permission-based type filtering in PeoplePicker component
- Hide people picker UI when user lacks permissions, show only public toggle
- Support granular access: users-only, groups-only, or mixed search modes
refactor: Replace marketplace interface config with permission-based system
- Add MARKETPLACE permission type to handle marketplace access control
- Update interface configuration to use role-based marketplace settings (admin/user)
- Replace direct marketplace boolean config with permission-based checks
- Modify frontend components to use marketplace permissions instead of interface config
- Update agent query hooks to use marketplace permissions for determining permission levels
- Add marketplace configuration structure similar to peoplePicker in YAML config
- Backend now sets MARKETPLACE permissions based on interface configuration
- When marketplace enabled: users get agents with EDIT permissions in dropdown lists (builder mode)
- When marketplace disabled: users get agents with VIEW permissions in dropdown lists (browse mode)
🔧 fix: Redirect to New Chat if No Marketplace Access and Required Agent Name Placeholder (#8213)
* Fix: Fix the redirect to new chat page if access to marketplace is denied
* Fixed the required agent name placeholder
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
chore: fix tests, remove unnecessary imports
refactor: Implement permission checks for file access via agents
- Updated `hasAccessToFilesViaAgent` to utilize permission checks for VIEW and EDIT access.
- Replaced project-based access validation with permission-based checks.
- Enhanced tests to cover new permission logic and ensure proper access control for files associated with agents.
- Cleaned up imports and initialized models in test files for consistency.
refactor: Enhance test setup and cleanup for file access control
- Introduced modelsToCleanup array to track models added during tests for proper cleanup.
- Updated afterAll hooks in test files to ensure all collections are cleared and only added models are deleted.
- Improved consistency in model initialization across test files.
- Added comments for clarity on cleanup processes and test data management.
chore: Update Jest configuration and test setup for improved timeout handling
- Added a global test timeout of 30 seconds in jest.config.js.
- Configured jest.setTimeout in jestSetup.js to allow individual test overrides if needed.
- Enhanced test reliability by ensuring consistent timeout settings across all tests.
refactor: Implement file access filtering based on agent permissions
- Introduced `filterFilesByAgentAccess` function to filter files based on user access through agents.
- Updated `getFiles` and `primeFiles` functions to utilize the new filtering logic.
- Moved `hasAccessToFilesViaAgent` function from the File model to permission services, adjusting imports accordingly
- Enhanced tests to ensure proper access control and filtering behavior for files associated with agents.
fix: make support_contact field a nested object rather than a sub-document
refactor: Update support_contact field initialization in agent model
- Removed handling for empty support_contact object in createAgent function.
- Changed default value of support_contact in agent schema to undefined.
test: Add comprehensive tests for support_contact field handling and versioning
refactor: remove unused avatar upload mutation field and add informational toast for success
chore: add missing SidePanelProvider for AgentMarketplace and organize imports
fix: resolve agent selection race condition in marketplace HandleStartChat
- Set agent in localStorage before newConversation to prevent useSelectorEffects from auto-selecting previous agent
fix: resolve agent dropdown showing raw ID instead of agent info from URL
- Add proactive agent fetching when agent_id is present in URL parameters
- Inject fetched agent into agents cache so dropdowns display proper name/avatar
- Use useAgentsMap dependency to ensure proper cache initialization timing
- Prevents raw agent IDs from showing in UI when visiting shared agent links
Fix: Agents endpoint renamed to "My Agent" for less confusion with the Marketplace agents.
chore: fix ESLint issues and Test Mocks
ci: update permissions structure in loadDefaultInterface tests
- Refactored permissions for MEMORY and added new permissions for MARKETPLACE and PEOPLE_PICKER.
- Ensured consistent structure for permissions across different types.
feat: support_contact validation to allow empty email strings
2025-06-11 22:55:07 +05:30
|
|
|
support_contact: agentSupportContactSchema,
|
|
|
|
|
category: z.string().optional(),
|
2025-07-05 11:34:28 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
/** Create schema extends base with required fields for creation */
|
|
|
|
|
export const agentCreateSchema = agentBaseSchema.extend({
|
|
|
|
|
provider: z.string(),
|
|
|
|
|
model: z.string().nullable(),
|
|
|
|
|
tools: z.array(z.string()).optional().default([]),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
/** Update schema extends base with all fields optional and additional update-only fields */
|
|
|
|
|
export const agentUpdateSchema = agentBaseSchema.extend({
|
|
|
|
|
provider: z.string().optional(),
|
|
|
|
|
model: z.string().nullable().optional(),
|
|
|
|
|
projectIds: z.array(z.string()).optional(),
|
|
|
|
|
removeProjectIds: z.array(z.string()).optional(),
|
|
|
|
|
isCollaborative: z.boolean().optional(),
|
|
|
|
|
});
|
2025-08-11 14:26:28 -04:00
|
|
|
|
|
|
|
|
interface ValidateAgentModelParams {
|
|
|
|
|
req: Request;
|
|
|
|
|
res: Response;
|
|
|
|
|
agent: Agent;
|
|
|
|
|
modelsConfig: TModelsConfig;
|
|
|
|
|
logViolation: (
|
|
|
|
|
req: Request,
|
|
|
|
|
res: Response,
|
|
|
|
|
type: string,
|
|
|
|
|
errorMessage: Record<string, unknown>,
|
|
|
|
|
score?: number | string,
|
|
|
|
|
) => Promise<void>;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
interface ValidateAgentModelResult {
|
|
|
|
|
isValid: boolean;
|
|
|
|
|
error?: {
|
|
|
|
|
message: string;
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Validates an agent's model against the available models configuration.
|
|
|
|
|
* This is a non-middleware version of validateModel that can be used
|
|
|
|
|
* in service initialization flows.
|
|
|
|
|
*
|
|
|
|
|
* @param params - Validation parameters
|
|
|
|
|
* @returns Object indicating whether the model is valid and any error details
|
|
|
|
|
*/
|
|
|
|
|
export async function validateAgentModel(
|
|
|
|
|
params: ValidateAgentModelParams,
|
|
|
|
|
): Promise<ValidateAgentModelResult> {
|
|
|
|
|
const { req, res, agent, modelsConfig, logViolation } = params;
|
|
|
|
|
const { model, provider: endpoint } = agent;
|
|
|
|
|
|
|
|
|
|
if (!model) {
|
|
|
|
|
return {
|
|
|
|
|
isValid: false,
|
|
|
|
|
error: {
|
|
|
|
|
message: `{ "type": "${ErrorTypes.MISSING_MODEL}", "info": "${endpoint}" }`,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!modelsConfig) {
|
|
|
|
|
return {
|
|
|
|
|
isValid: false,
|
|
|
|
|
error: {
|
|
|
|
|
message: `{ "type": "${ErrorTypes.MODELS_NOT_LOADED}" }`,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const availableModels = modelsConfig[endpoint];
|
|
|
|
|
if (!availableModels) {
|
|
|
|
|
return {
|
|
|
|
|
isValid: false,
|
|
|
|
|
error: {
|
|
|
|
|
message: `{ "type": "${ErrorTypes.ENDPOINT_MODELS_NOT_LOADED}", "info": "${endpoint}" }`,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const validModel = !!availableModels.find((availableModel) => availableModel === model);
|
|
|
|
|
|
|
|
|
|
if (validModel) {
|
|
|
|
|
return { isValid: true };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const { ILLEGAL_MODEL_REQ_SCORE: score = 1 } = process.env ?? {};
|
|
|
|
|
const type = ViolationTypes.ILLEGAL_MODEL_REQUEST;
|
|
|
|
|
const errorMessage = {
|
|
|
|
|
type,
|
|
|
|
|
model,
|
|
|
|
|
endpoint,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
await logViolation(req, res, type, errorMessage, score);
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
isValid: false,
|
|
|
|
|
error: {
|
|
|
|
|
message: `{ "type": "${ViolationTypes.ILLEGAL_MODEL_REQUEST}", "info": "${endpoint}|${model}" }`,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
}
|