🛡️ refactor: Scope Action Mutations by Parent Resource Ownership (#12237)

* 🛡️ fix: Scope action mutations by parent resource ownership

Prevent cross-tenant action overwrites by validating that an existing
action's agent_id/assistant_id matches the URL parameter before allowing
updates or deletes. Without this, a user with EDIT access on their own
agent could reference a foreign action_id to hijack another agent's
action record.

* 🛡️ fix: Harden action ownership checks and scope write filters

- Remove && short-circuit that bypassed the guard when agent_id or
  assistant_id was falsy (e.g. assistant-owned actions have no agent_id,
  so the check was skipped entirely on the agents route).
- Include agent_id / assistant_id in the updateAction and deleteAction
  query filters so the DB write itself enforces ownership atomically.
- Log a warning when deleteAction returns null (silent no-op from
  data-integrity mismatch).

* 📝 docs: Update Action model JSDoc to reflect scoped query params

* ✅ test: Add Action ownership scoping tests

Cover update, delete, and cross-type protection scenarios using
MongoMemoryServer to verify that scoped query filters (agent_id,
assistant_id) prevent cross-tenant overwrites and deletions at the
database level.

* 🛡️ fix: Scope updateAction filter in agent duplication handler

* 🐛 fix: Use action metadata domain instead of action_id when duplicating agent actions

The duplicate handler was splitting `action.action_id` by `actionDelimiter`
to extract the domain, but `action_id` is a bare nanoid that doesn't
contain the delimiter. This produced malformed entries in the duplicated
agent's actions array (nanoid_action_newNanoid instead of
domain_action_newNanoid). The domain is available on `action.metadata.domain`.

* ✅ test: Add integration tests for agent duplication action handling

Uses MongoMemoryServer with real Agent and Action models to verify:
- Duplicated actions use metadata.domain (not action_id) for the
  agent actions array entries
- Sensitive metadata fields are stripped from duplicated actions
- Original action documents are not modified

api/server/controllers/agents/__tests__/v1.duplicate-actions.spec.js

@@ -0,0 +1,159 @@
+jest.mock('~/server/services/PermissionService', () => ({
+  findPubliclyAccessibleResources: jest.fn(),
+  findAccessibleResources: jest.fn(),
+  hasPublicPermission: jest.fn(),
+  grantPermission: jest.fn().mockResolvedValue({}),
+}));
+
+jest.mock('~/server/services/Config', () => ({
+  getCachedTools: jest.fn(),
+  getMCPServerTools: jest.fn(),
+}));
+
+const mongoose = require('mongoose');
+const { actionDelimiter } = require('librechat-data-provider');
+const { agentSchema, actionSchema } = require('@librechat/data-schemas');
+const { MongoMemoryServer } = require('mongodb-memory-server');
+const { duplicateAgent } = require('../v1');
+
+let mongoServer;
+
+beforeAll(async () => {
+  mongoServer = await MongoMemoryServer.create();
+  const mongoUri = mongoServer.getUri();
+  if (!mongoose.models.Agent) {
+    mongoose.model('Agent', agentSchema);
+  }
+  if (!mongoose.models.Action) {
+    mongoose.model('Action', actionSchema);
+  }
+  await mongoose.connect(mongoUri);
+}, 20000);
+
+afterAll(async () => {
+  await mongoose.disconnect();
+  await mongoServer.stop();
+});
+
+beforeEach(async () => {
+  await mongoose.models.Agent.deleteMany({});
+  await mongoose.models.Action.deleteMany({});
+});
+
+describe('duplicateAgentHandler — action domain extraction', () => {
+  it('builds duplicated action entries using metadata.domain, not action_id', async () => {
+    const userId = new mongoose.Types.ObjectId();
+    const originalAgentId = `agent_original`;
+
+    const agent = await mongoose.models.Agent.create({
+      id: originalAgentId,
+      name: 'Test Agent',
+      author: userId.toString(),
+      provider: 'openai',
+      model: 'gpt-4',
+      tools: [],
+      actions: [`api.example.com${actionDelimiter}act_original`],
+      versions: [{ name: 'Test Agent', createdAt: new Date(), updatedAt: new Date() }],
+    });
+
+    await mongoose.models.Action.create({
+      user: userId,
+      action_id: 'act_original',
+      agent_id: originalAgentId,
+      metadata: { domain: 'api.example.com' },
+    });
+
+    const req = {
+      params: { id: agent.id },
+      user: { id: userId.toString() },
+    };
+    const res = {
+      status: jest.fn().mockReturnThis(),
+      json: jest.fn(),
+    };
+
+    await duplicateAgent(req, res);
+
+    expect(res.status).toHaveBeenCalledWith(201);
+
+    const { agent: newAgent, actions: newActions } = res.json.mock.calls[0][0];
+
+    expect(newAgent.id).not.toBe(originalAgentId);
+    expect(String(newAgent.author)).toBe(userId.toString());
+    expect(newActions).toHaveLength(1);
+    expect(newActions[0].metadata.domain).toBe('api.example.com');
+    expect(newActions[0].agent_id).toBe(newAgent.id);
+
+    for (const actionEntry of newAgent.actions) {
+      const [domain, actionId] = actionEntry.split(actionDelimiter);
+      expect(domain).toBe('api.example.com');
+      expect(actionId).toBeTruthy();
+      expect(actionId).not.toBe('act_original');
+    }
+
+    const allActions = await mongoose.models.Action.find({}).lean();
+    expect(allActions).toHaveLength(2);
+
+    const originalAction = allActions.find((a) => a.action_id === 'act_original');
+    expect(originalAction.agent_id).toBe(originalAgentId);
+
+    const duplicatedAction = allActions.find((a) => a.action_id !== 'act_original');
+    expect(duplicatedAction.agent_id).toBe(newAgent.id);
+    expect(duplicatedAction.metadata.domain).toBe('api.example.com');
+  });
+
+  it('strips sensitive metadata fields from duplicated actions', async () => {
+    const userId = new mongoose.Types.ObjectId();
+    const originalAgentId = 'agent_sensitive';
+
+    await mongoose.models.Agent.create({
+      id: originalAgentId,
+      name: 'Sensitive Agent',
+      author: userId.toString(),
+      provider: 'openai',
+      model: 'gpt-4',
+      tools: [],
+      actions: [`secure.api.com${actionDelimiter}act_secret`],
+      versions: [{ name: 'Sensitive Agent', createdAt: new Date(), updatedAt: new Date() }],
+    });
+
+    await mongoose.models.Action.create({
+      user: userId,
+      action_id: 'act_secret',
+      agent_id: originalAgentId,
+      metadata: {
+        domain: 'secure.api.com',
+        api_key: 'sk-secret-key-12345',
+        oauth_client_id: 'client_id_xyz',
+        oauth_client_secret: 'client_secret_xyz',
+      },
+    });
+
+    const req = {
+      params: { id: originalAgentId },
+      user: { id: userId.toString() },
+    };
+    const res = {
+      status: jest.fn().mockReturnThis(),
+      json: jest.fn(),
+    };
+
+    await duplicateAgent(req, res);
+
+    expect(res.status).toHaveBeenCalledWith(201);
+
+    const duplicatedAction = await mongoose.models.Action.findOne({
+      agent_id: { $ne: originalAgentId },
+    }).lean();
+
+    expect(duplicatedAction.metadata.domain).toBe('secure.api.com');
+    expect(duplicatedAction.metadata.api_key).toBeUndefined();
+    expect(duplicatedAction.metadata.oauth_client_id).toBeUndefined();
+    expect(duplicatedAction.metadata.oauth_client_secret).toBeUndefined();
+
+    const originalAction = await mongoose.models.Action.findOne({
+      action_id: 'act_secret',
+    }).lean();
+    expect(originalAction.metadata.api_key).toBe('sk-secret-key-12345');
+  });
+});