diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000000..725ac8b6bd
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,3 @@
+# Force LF line endings for shell scripts and git hooks (required for cross-platform compatibility)
+.husky/* text eol=lf
+*.sh text eol=lf
diff --git a/.github/workflows/backend-review.yml b/.github/workflows/backend-review.yml
index 038c90627e..9dd3905c0e 100644
--- a/.github/workflows/backend-review.yml
+++ b/.github/workflows/backend-review.yml
@@ -97,6 +97,65 @@ jobs:
           path: packages/api/dist
           retention-days: 2
 
+  typecheck:
+    name: TypeScript type checks
+    needs: build
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js 20.19
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.19'
+
+      - name: Restore node_modules cache
+        id: cache-node-modules
+        uses: actions/cache@v4
+        with:
+          path: |
+            node_modules
+            api/node_modules
+            packages/api/node_modules
+            packages/data-provider/node_modules
+            packages/data-schemas/node_modules
+          key: node-modules-backend-${{ runner.os }}-20.19-${{ hashFiles('package-lock.json') }}
+
+      - name: Install dependencies
+        if: steps.cache-node-modules.outputs.cache-hit != 'true'
+        run: npm ci
+
+      - name: Download data-provider build
+        uses: actions/download-artifact@v4
+        with:
+          name: build-data-provider
+          path: packages/data-provider/dist
+
+      - name: Download data-schemas build
+        uses: actions/download-artifact@v4
+        with:
+          name: build-data-schemas
+          path: packages/data-schemas/dist
+
+      - name: Download api build
+        uses: actions/download-artifact@v4
+        with:
+          name: build-api
+          path: packages/api/dist
+
+      - name: Type check data-provider
+        run: npx tsc --noEmit -p packages/data-provider/tsconfig.json
+
+      - name: Type check data-schemas
+        run: npx tsc --noEmit -p packages/data-schemas/tsconfig.json
+
+      - name: Type check @librechat/api
+        run: npx tsc --noEmit -p packages/api/tsconfig.json
+
+      - name: Type check @librechat/client
+        run: npx tsc --noEmit -p packages/client/tsconfig.json
+
   circular-deps:
     name: Circular dependency checks
     needs: build
diff --git a/.gitignore b/.gitignore
index ff2ae59633..e302d15a46 100644
--- a/.gitignore
+++ b/.gitignore
@@ -63,6 +63,7 @@ bower_components/
 .clineignore
 .cursor
 .aider*
+.bg-shell/
 
 # Floobits
 .floo
@@ -129,6 +130,7 @@ helm/**/charts/
 helm/**/.values.yaml
 
 !/client/src/@types/i18next.d.ts
+!/client/src/@types/react.d.ts
 
 # SAML Idp cert
 *.cert
@@ -143,7 +145,6 @@ helm/**/.values.yaml
 /.codeium
 *.local.md
 
-
 # Removed Windows wrapper files per user request
 hive-mind-prompt-*.txt
 
@@ -175,3 +176,4 @@ claude-flow
 # Removed Windows wrapper files per user request
 hive-mind-prompt-*.txt
 CLAUDE.md
+.gsd
diff --git a/AGENTS.md b/AGENTS.md
index ec44607aa7..ceb2b988dc 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,166 +1 @@
-# LibreChat
-
-## Project Overview
-
-LibreChat is a monorepo with the following key workspaces:
-
-| Workspace | Language | Side | Dependency | Purpose |
-|---|---|---|---|---|
-| `/api` | JS (legacy) | Backend | `packages/api`, `packages/data-schemas`, `packages/data-provider`, `@librechat/agents` | Express server — minimize changes here |
-| `/packages/api` | **TypeScript** | Backend | `packages/data-schemas`, `packages/data-provider` | New backend code lives here (TS only, consumed by `/api`) |
-| `/packages/data-schemas` | TypeScript | Backend | `packages/data-provider` | Database models/schemas, shareable across backend projects |
-| `/packages/data-provider` | TypeScript | Shared | — | Shared API types, endpoints, data-service — used by both frontend and backend |
-| `/client` | TypeScript/React | Frontend | `packages/data-provider`, `packages/client` | Frontend SPA |
-| `/packages/client` | TypeScript | Frontend | `packages/data-provider` | Shared frontend utilities |
-
-The source code for `@librechat/agents` (major backend dependency, same team) is at `/home/danny/agentus`.
-
----
-
-## Workspace Boundaries
-
-- **All new backend code must be TypeScript** in `/packages/api`.
-- Keep `/api` changes to the absolute minimum (thin JS wrappers calling into `/packages/api`).
-- Database-specific shared logic goes in `/packages/data-schemas`.
-- Frontend/backend shared API logic (endpoints, types, data-service) goes in `/packages/data-provider`.
-- Build data-provider from project root: `npm run build:data-provider`.
-
----
-
-## Code Style
-
-### Structure and Clarity
-
-- **Never-nesting**: early returns, flat code, minimal indentation. Break complex operations into well-named helpers.
-- **Functional first**: pure functions, immutable data, `map`/`filter`/`reduce` over imperative loops. Only reach for OOP when it clearly improves domain modeling or state encapsulation.
-- **No dynamic imports** unless absolutely necessary.
-
-### DRY
-
-- Extract repeated logic into utility functions.
-- Reusable hooks / higher-order components for UI patterns.
-- Parameterized helpers instead of near-duplicate functions.
-- Constants for repeated values; configuration objects over duplicated init code.
-- Shared validators, centralized error handling, single source of truth for business rules.
-- Shared typing system with interfaces/types extending common base definitions.
-- Abstraction layers for external API interactions.
-
-### Iteration and Performance
-
-- **Minimize looping** — especially over shared data structures like message arrays, which are iterated frequently throughout the codebase. Every additional pass adds up at scale.
-- Consolidate sequential O(n) operations into a single pass whenever possible; never loop over the same collection twice if the work can be combined.
-- Choose data structures that reduce the need to iterate (e.g., `Map`/`Set` for lookups instead of `Array.find`/`Array.includes`).
-- Avoid unnecessary object creation; consider space-time tradeoffs.
-- Prevent memory leaks: careful with closures, dispose resources/event listeners, no circular references.
-
-### Type Safety
-
-- **Never use `any`**. Explicit types for all parameters, return values, and variables.
-- **Limit `unknown`** — avoid `unknown`, `Record<string, unknown>`, and `as unknown as T` assertions. A `Record<string, unknown>` almost always signals a missing explicit type definition.
-- **Don't duplicate types** — before defining a new type, check whether it already exists in the project (especially `packages/data-provider`). Reuse and extend existing types rather than creating redundant definitions.
-- Use union types, generics, and interfaces appropriately.
-- All TypeScript and ESLint warnings/errors must be addressed — do not leave unresolved diagnostics.
-
-### Comments and Documentation
-
-- Write self-documenting code; no inline comments narrating what code does.
-- JSDoc only for complex/non-obvious logic or intellisense on public APIs.
-- Single-line JSDoc for brief docs, multi-line for complex cases.
-- Avoid standalone `//` comments unless absolutely necessary.
-
-### Import Order
-
-Imports are organized into three sections:
-
-1. **Package imports** — sorted shortest to longest line length (`react` always first).
-2. **`import type` imports** — sorted longest to shortest (package types first, then local types; length resets between sub-groups).
-3. **Local/project imports** — sorted longest to shortest.
-
-Multi-line imports count total character length across all lines. Consolidate value imports from the same module. Always use standalone `import type { ... }` — never inline `type` inside value imports.
-
-### JS/TS Loop Preferences
-
-- **Limit looping as much as possible.** Prefer single-pass transformations and avoid re-iterating the same data.
-- `for (let i = 0; ...)` for performance-critical or index-dependent operations.
-- `for...of` for simple array iteration.
-- `for...in` only for object property enumeration.
-
----
-
-## Frontend Rules (`client/src/**/*`)
-
-### Localization
-
-- All user-facing text must use `useLocalize()`.
-- Only update English keys in `client/src/locales/en/translation.json` (other languages are automated externally).
-- Semantic key prefixes: `com_ui_`, `com_assistants_`, etc.
-
-### Components
-
-- TypeScript for all React components with proper type imports.
-- Semantic HTML with ARIA labels (`role`, `aria-label`) for accessibility.
-- Group related components in feature directories (e.g., `SidePanel/Memories/`).
-- Use index files for clean exports.
-
-### Data Management
-
-- Feature hooks: `client/src/data-provider/[Feature]/queries.ts` → `[Feature]/index.ts` → `client/src/data-provider/index.ts`.
-- React Query (`@tanstack/react-query`) for all API interactions; proper query invalidation on mutations.
-- QueryKeys and MutationKeys in `packages/data-provider/src/keys.ts`.
-
-### Data-Provider Integration
-
-- Endpoints: `packages/data-provider/src/api-endpoints.ts`
-- Data service: `packages/data-provider/src/data-service.ts`
-- Types: `packages/data-provider/src/types/queries.ts`
-- Use `encodeURIComponent` for dynamic URL parameters.
-
-### Performance
-
-- Prioritize memory and speed efficiency at scale.
-- Cursor pagination for large datasets.
-- Proper dependency arrays to avoid unnecessary re-renders.
-- Leverage React Query caching and background refetching.
-
----
-
-## Development Commands
-
-| Command | Purpose |
-|---|---|
-| `npm run smart-reinstall` | Install deps (if lockfile changed) + build via Turborepo |
-| `npm run reinstall` | Clean install — wipe `node_modules` and reinstall from scratch |
-| `npm run backend` | Start the backend server |
-| `npm run backend:dev` | Start backend with file watching (development) |
-| `npm run build` | Build all compiled code via Turborepo (parallel, cached) |
-| `npm run frontend` | Build all compiled code sequentially (legacy fallback) |
-| `npm run frontend:dev` | Start frontend dev server with HMR (port 3090, requires backend running) |
-| `npm run build:data-provider` | Rebuild `packages/data-provider` after changes |
-
-- Node.js: v20.19.0+ or ^22.12.0 or >= 23.0.0
-- Database: MongoDB
-- Backend runs on `http://localhost:3080/`; frontend dev server on `http://localhost:3090/`
-
----
-
-## Testing
-
-- Framework: **Jest**, run per-workspace.
-- Run tests from their workspace directory: `cd api && npx jest <pattern>`, `cd packages/api && npx jest <pattern>`, etc.
-- Frontend tests: `__tests__` directories alongside components; use `test/layout-test-utils` for rendering.
-- Cover loading, success, and error states for UI/data flows.
-
-### Philosophy
-
-- **Real logic over mocks.** Exercise actual code paths with real dependencies. Mocking is a last resort.
-- **Spies over mocks.** Assert that real functions are called with expected arguments and frequency without replacing underlying logic.
-- **MongoDB**: use `mongodb-memory-server` for a real in-memory MongoDB instance. Test actual queries and schema validation, not mocked DB calls.
-- **MCP**: use real `@modelcontextprotocol/sdk` exports for servers, transports, and tool definitions. Mirror real scenarios, don't stub SDK internals.
-- Only mock what you cannot control: external HTTP APIs, rate-limited services, non-deterministic system calls.
-- Heavy mocking is a code smell, not a testing strategy.
-
----
-
-## Formatting
-
-Fix all formatting lint errors (trailing spaces, tabs, newlines, indentation) using auto-fix when available. All TypeScript/ESLint warnings and errors **must** be resolved.
+CLAUDE.md
diff --git a/CLAUDE.md b/CLAUDE.md
deleted file mode 120000
index 47dc3e3d86..0000000000
--- a/CLAUDE.md
+++ /dev/null
@@ -1 +0,0 @@
-AGENTS.md
\ No newline at end of file
diff --git a/CLAUDE.md b/CLAUDE.md
new file mode 100644
index 0000000000..81362cfc57
--- /dev/null
+++ b/CLAUDE.md
@@ -0,0 +1,172 @@
+# LibreChat
+
+## Project Overview
+
+LibreChat is a monorepo with the following key workspaces:
+
+| Workspace | Language | Side | Dependency | Purpose |
+|---|---|---|---|---|
+| `/api` | JS (legacy) | Backend | `packages/api`, `packages/data-schemas`, `packages/data-provider`, `@librechat/agents` | Express server — minimize changes here |
+| `/packages/api` | **TypeScript** | Backend | `packages/data-schemas`, `packages/data-provider` | New backend code lives here (TS only, consumed by `/api`) |
+| `/packages/data-schemas` | TypeScript | Backend | `packages/data-provider` | Database models/schemas, shareable across backend projects |
+| `/packages/data-provider` | TypeScript | Shared | — | Shared API types, endpoints, data-service — used by both frontend and backend |
+| `/client` | TypeScript/React | Frontend | `packages/data-provider`, `packages/client` | Frontend SPA |
+| `/packages/client` | TypeScript | Frontend | `packages/data-provider` | Shared frontend utilities |
+
+The source code for `@librechat/agents` (major backend dependency, same team) is at `/home/danny/agentus`.
+
+---
+
+## Workspace Boundaries
+
+- **All new backend code must be TypeScript** in `/packages/api`.
+- Keep `/api` changes to the absolute minimum (thin JS wrappers calling into `/packages/api`).
+- Database-specific shared logic goes in `/packages/data-schemas`.
+- Frontend/backend shared API logic (endpoints, types, data-service) goes in `/packages/data-provider`.
+- Build data-provider from project root: `npm run build:data-provider`.
+
+---
+
+## Code Style
+
+### Naming and File Organization
+
+- **Single-word file names** whenever possible (e.g., `permissions.ts`, `capabilities.ts`, `service.ts`).
+- When multiple words are needed, prefer grouping related modules under a **single-word directory** rather than using multi-word file names (e.g., `admin/capabilities.ts` not `adminCapabilities.ts`).
+- The directory already provides context — `app/service.ts` not `app/appConfigService.ts`.
+
+### Structure and Clarity
+
+- **Never-nesting**: early returns, flat code, minimal indentation. Break complex operations into well-named helpers.
+- **Functional first**: pure functions, immutable data, `map`/`filter`/`reduce` over imperative loops. Only reach for OOP when it clearly improves domain modeling or state encapsulation.
+- **No dynamic imports** unless absolutely necessary.
+
+### DRY
+
+- Extract repeated logic into utility functions.
+- Reusable hooks / higher-order components for UI patterns.
+- Parameterized helpers instead of near-duplicate functions.
+- Constants for repeated values; configuration objects over duplicated init code.
+- Shared validators, centralized error handling, single source of truth for business rules.
+- Shared typing system with interfaces/types extending common base definitions.
+- Abstraction layers for external API interactions.
+
+### Iteration and Performance
+
+- **Minimize looping** — especially over shared data structures like message arrays, which are iterated frequently throughout the codebase. Every additional pass adds up at scale.
+- Consolidate sequential O(n) operations into a single pass whenever possible; never loop over the same collection twice if the work can be combined.
+- Choose data structures that reduce the need to iterate (e.g., `Map`/`Set` for lookups instead of `Array.find`/`Array.includes`).
+- Avoid unnecessary object creation; consider space-time tradeoffs.
+- Prevent memory leaks: careful with closures, dispose resources/event listeners, no circular references.
+
+### Type Safety
+
+- **Never use `any`**. Explicit types for all parameters, return values, and variables.
+- **Limit `unknown`** — avoid `unknown`, `Record<string, unknown>`, and `as unknown as T` assertions. A `Record<string, unknown>` almost always signals a missing explicit type definition.
+- **Don't duplicate types** — before defining a new type, check whether it already exists in the project (especially `packages/data-provider`). Reuse and extend existing types rather than creating redundant definitions.
+- Use union types, generics, and interfaces appropriately.
+- All TypeScript and ESLint warnings/errors must be addressed — do not leave unresolved diagnostics.
+
+### Comments and Documentation
+
+- Write self-documenting code; no inline comments narrating what code does.
+- JSDoc only for complex/non-obvious logic or intellisense on public APIs.
+- Single-line JSDoc for brief docs, multi-line for complex cases.
+- Avoid standalone `//` comments unless absolutely necessary.
+
+### Import Order
+
+Imports are organized into three sections:
+
+1. **Package imports** — sorted shortest to longest line length (`react` always first).
+2. **`import type` imports** — sorted longest to shortest (package types first, then local types; length resets between sub-groups).
+3. **Local/project imports** — sorted longest to shortest.
+
+Multi-line imports count total character length across all lines. Consolidate value imports from the same module. Always use standalone `import type { ... }` — never inline `type` inside value imports.
+
+### JS/TS Loop Preferences
+
+- **Limit looping as much as possible.** Prefer single-pass transformations and avoid re-iterating the same data.
+- `for (let i = 0; ...)` for performance-critical or index-dependent operations.
+- `for...of` for simple array iteration.
+- `for...in` only for object property enumeration.
+
+---
+
+## Frontend Rules (`client/src/**/*`)
+
+### Localization
+
+- All user-facing text must use `useLocalize()`.
+- Only update English keys in `client/src/locales/en/translation.json` (other languages are automated externally).
+- Semantic key prefixes: `com_ui_`, `com_assistants_`, etc.
+
+### Components
+
+- TypeScript for all React components with proper type imports.
+- Semantic HTML with ARIA labels (`role`, `aria-label`) for accessibility.
+- Group related components in feature directories (e.g., `SidePanel/Memories/`).
+- Use index files for clean exports.
+
+### Data Management
+
+- Feature hooks: `client/src/data-provider/[Feature]/queries.ts` → `[Feature]/index.ts` → `client/src/data-provider/index.ts`.
+- React Query (`@tanstack/react-query`) for all API interactions; proper query invalidation on mutations.
+- QueryKeys and MutationKeys in `packages/data-provider/src/keys.ts`.
+
+### Data-Provider Integration
+
+- Endpoints: `packages/data-provider/src/api-endpoints.ts`
+- Data service: `packages/data-provider/src/data-service.ts`
+- Types: `packages/data-provider/src/types/queries.ts`
+- Use `encodeURIComponent` for dynamic URL parameters.
+
+### Performance
+
+- Prioritize memory and speed efficiency at scale.
+- Cursor pagination for large datasets.
+- Proper dependency arrays to avoid unnecessary re-renders.
+- Leverage React Query caching and background refetching.
+
+---
+
+## Development Commands
+
+| Command | Purpose |
+|---|---|
+| `npm run smart-reinstall` | Install deps (if lockfile changed) + build via Turborepo |
+| `npm run reinstall` | Clean install — wipe `node_modules` and reinstall from scratch |
+| `npm run backend` | Start the backend server |
+| `npm run backend:dev` | Start backend with file watching (development) |
+| `npm run build` | Build all compiled code via Turborepo (parallel, cached) |
+| `npm run frontend` | Build all compiled code sequentially (legacy fallback) |
+| `npm run frontend:dev` | Start frontend dev server with HMR (port 3090, requires backend running) |
+| `npm run build:data-provider` | Rebuild `packages/data-provider` after changes |
+
+- Node.js: v20.19.0+ or ^22.12.0 or >= 23.0.0
+- Database: MongoDB
+- Backend runs on `http://localhost:3080/`; frontend dev server on `http://localhost:3090/`
+
+---
+
+## Testing
+
+- Framework: **Jest**, run per-workspace.
+- Run tests from their workspace directory: `cd api && npx jest <pattern>`, `cd packages/api && npx jest <pattern>`, etc.
+- Frontend tests: `__tests__` directories alongside components; use `test/layout-test-utils` for rendering.
+- Cover loading, success, and error states for UI/data flows.
+
+### Philosophy
+
+- **Real logic over mocks.** Exercise actual code paths with real dependencies. Mocking is a last resort.
+- **Spies over mocks.** Assert that real functions are called with expected arguments and frequency without replacing underlying logic.
+- **MongoDB**: use `mongodb-memory-server` for a real in-memory MongoDB instance. Test actual queries and schema validation, not mocked DB calls.
+- **MCP**: use real `@modelcontextprotocol/sdk` exports for servers, transports, and tool definitions. Mirror real scenarios, don't stub SDK internals.
+- Only mock what you cannot control: external HTTP APIs, rate-limited services, non-deterministic system calls.
+- Heavy mocking is a code smell, not a testing strategy.
+
+---
+
+## Formatting
+
+Fix all formatting lint errors (trailing spaces, tabs, newlines, indentation) using auto-fix when available. All TypeScript/ESLint warnings and errors **must** be resolved.
diff --git a/README.md b/README.md
index 7da34974e3..a7f68d9a92 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@
 </p>
 
 <p align="center">
-<a href="https://railway.com/deploy/b5k2mn?referralCode=HI9hWz">
+<a href="https://railway.com/deploy/librechat-official?referralCode=HI9hWz&utm_medium=integration&utm_source=readme&utm_campaign=librechat">
   <img src="https://railway.com/button.svg" alt="Deploy on Railway" height="30">
 </a>
 <a href="https://zeabur.com/templates/0X2ZY8">
diff --git a/README.zh.md b/README.zh.md
index cc9cb5a205..7f74057413 100644
--- a/README.zh.md
+++ b/README.zh.md
@@ -1,4 +1,4 @@
-<!-- Last synced with README.md: 2026-03-20 (e442984364db02163f3cc3ecb7b2ee5efba66fb9) -->
+<!-- Last synced with README.md: 2026-03-28 (cae3888) -->
 
 <p align="center">
   <a href="https://librechat.ai">
@@ -34,7 +34,7 @@
 </p>
 
 <p align="center">
-<a href="https://railway.com/deploy/b5k2mn?referralCode=HI9hWz">
+<a href="https://railway.com/deploy/librechat-official?referralCode=HI9hWz&utm_medium=integration&utm_source=readme&utm_campaign=librechat">
   <img src="https://railway.com/button.svg" alt="Deploy on Railway" height="30">
 </a>
 <a href="https://zeabur.com/templates/0X2ZY8">
diff --git a/api/app/clients/BaseClient.js b/api/app/clients/BaseClient.js
index ae2d362773..905cadfd23 100644
--- a/api/app/clients/BaseClient.js
+++ b/api/app/clients/BaseClient.js
@@ -17,11 +17,13 @@ const {
   ContentTypes,
   excludedKeys,
   EModelEndpoint,
+  mergeFileConfig,
   isParamEndpoint,
   isAgentsEndpoint,
   isEphemeralAgentId,
   supportsBalanceCheck,
   isBedrockDocumentType,
+  getEndpointFileConfig,
 } = require('librechat-data-provider');
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
 const { logViolation } = require('~/cache');
@@ -32,7 +34,6 @@ class BaseClient {
   constructor(apiKey, options = {}) {
     this.apiKey = apiKey;
     this.sender = options.sender ?? 'AI';
-    this.contextStrategy = null;
     this.currentDateString = new Date().toLocaleDateString('en-us', {
       year: 'numeric',
       month: 'long',
@@ -72,6 +73,10 @@ class BaseClient {
     this.currentMessages = [];
     /** @type {import('librechat-data-provider').VisionModes | undefined} */
     this.visionMode;
+    /** @type {import('librechat-data-provider').FileConfig | undefined} */
+    this._mergedFileConfig;
+    /** @type {import('librechat-data-provider').EndpointFileConfig | undefined} */
+    this._endpointFileConfig;
   }
 
   setOptions() {
@@ -487,7 +492,12 @@ class BaseClient {
         }
         delete userMessage.image_urls;
       }
-      userMessagePromise = this.saveMessageToDatabase(userMessage, saveOptions, user);
+      userMessagePromise = this.saveMessageToDatabase(userMessage, saveOptions, user).catch(
+        (err) => {
+          logger.error('[BaseClient] Failed to save user message:', err);
+          return {};
+        },
+      );
       this.savedMessageIds.add(userMessage.messageId);
       if (typeof opts?.getReqData === 'function') {
         opts.getReqData({
@@ -519,6 +529,8 @@ class BaseClient {
           getMultiplier: db.getMultiplier,
           findBalanceByUser: db.findBalanceByUser,
           createAutoRefillTransaction: db.createAutoRefillTransaction,
+          balanceConfig,
+          upsertBalanceFields: db.upsertBalanceFields,
         },
       );
     }
@@ -727,21 +739,30 @@ class BaseClient {
    * @param {string | null} user
    */
   async saveMessageToDatabase(message, endpointOptions, user = null) {
+    // Snapshot options before any await; disposeClient may set client.options = null
+    // while this method is suspended at an I/O boundary, but the local reference
+    // remains valid (disposeClient nulls the property, not the object itself).
+    const options = this.options;
+    if (!options) {
+      logger.error('[BaseClient] saveMessageToDatabase: client disposed before save, skipping');
+      return {};
+    }
+
     if (this.user && user !== this.user) {
       throw new Error('User mismatch.');
     }
 
-    const hasAddedConvo = this.options?.req?.body?.addedConvo != null;
+    const hasAddedConvo = options?.req?.body?.addedConvo != null;
     const reqCtx = {
-      userId: this.options?.req?.user?.id,
-      isTemporary: this.options?.req?.body?.isTemporary,
-      interfaceConfig: this.options?.req?.config?.interfaceConfig,
+      userId: options?.req?.user?.id,
+      isTemporary: options?.req?.body?.isTemporary,
+      interfaceConfig: options?.req?.config?.interfaceConfig,
     };
     const savedMessage = await db.saveMessage(
       reqCtx,
       {
         ...message,
-        endpoint: this.options.endpoint,
+        endpoint: options.endpoint,
         unfinished: false,
         user,
         ...(hasAddedConvo && { addedConvo: true }),
@@ -755,20 +776,20 @@ class BaseClient {
 
     const fieldsToKeep = {
       conversationId: message.conversationId,
-      endpoint: this.options.endpoint,
-      endpointType: this.options.endpointType,
+      endpoint: options.endpoint,
+      endpointType: options.endpointType,
       ...endpointOptions,
     };
 
     const existingConvo =
       this.fetchedConvo === true
         ? null
-        : await db.getConvo(this.options?.req?.user?.id, message.conversationId);
+        : await db.getConvo(options?.req?.user?.id, message.conversationId);
 
     const unsetFields = {};
     const exceptions = new Set(['spec', 'iconURL']);
     const hasNonEphemeralAgent =
-      isAgentsEndpoint(this.options.endpoint) &&
+      isAgentsEndpoint(options.endpoint) &&
       endpointOptions?.agent_id &&
       !isEphemeralAgentId(endpointOptions.agent_id);
     if (hasNonEphemeralAgent) {
@@ -1072,6 +1093,7 @@ class BaseClient {
         provider: this.options.agent?.provider ?? this.options.endpoint,
         endpoint: this.options.agent?.endpoint ?? this.options.endpoint,
         useResponsesApi: this.options.agent?.model_parameters?.useResponsesApi,
+        model: this.modelOptions?.model ?? this.model,
       },
       getStrategyFunctions,
     );
@@ -1144,6 +1166,16 @@ class BaseClient {
     const provider = this.options.agent?.provider ?? this.options.endpoint;
     const isBedrock = provider === EModelEndpoint.bedrock;
 
+    if (!this._mergedFileConfig && this.options.req?.config?.fileConfig) {
+      this._mergedFileConfig = mergeFileConfig(this.options.req.config.fileConfig);
+      const endpoint = this.options.agent?.endpoint ?? this.options.endpoint;
+      this._endpointFileConfig = getEndpointFileConfig({
+        fileConfig: this._mergedFileConfig,
+        endpoint,
+        endpointType: this.options.endpointType,
+      });
+    }
+
     for (const file of attachments) {
       /** @type {FileSources} */
       const source = file.source ?? FileSources.local;
@@ -1170,6 +1202,14 @@ class BaseClient {
       } else if (file.type.startsWith('audio/')) {
         categorizedAttachments.audios.push(file);
         allFiles.push(file);
+      } else if (
+        file.type &&
+        this._mergedFileConfig &&
+        this._endpointFileConfig?.supportedMimeTypes &&
+        this._mergedFileConfig.checkType(file.type, this._endpointFileConfig.supportedMimeTypes)
+      ) {
+        categorizedAttachments.documents.push(file);
+        allFiles.push(file);
       }
     }
 
diff --git a/api/app/clients/specs/BaseClient.test.js b/api/app/clients/specs/BaseClient.test.js
index edbbcaa87b..3ce910948c 100644
--- a/api/app/clients/specs/BaseClient.test.js
+++ b/api/app/clients/specs/BaseClient.test.js
@@ -38,7 +38,7 @@ jest.mock('~/models', () => ({
   updateFileUsage: jest.fn(),
 }));
 
-const { getConvo, saveConvo } = require('~/models');
+const { getConvo, saveConvo, saveMessage } = require('~/models');
 
 jest.mock('@librechat/agents', () => {
   const actual = jest.requireActual('@librechat/agents');
@@ -906,6 +906,52 @@ describe('BaseClient', () => {
       );
     });
 
+    test('saveMessageToDatabase returns early when this.options is null (client disposed)', async () => {
+      const savedOptions = TestClient.options;
+      TestClient.options = null;
+      saveMessage.mockClear();
+
+      const result = await TestClient.saveMessageToDatabase(
+        { messageId: 'msg-1', conversationId: 'conv-1', isCreatedByUser: true, text: 'hi' },
+        {},
+        null,
+      );
+
+      expect(result).toEqual({});
+      expect(saveMessage).not.toHaveBeenCalled();
+
+      TestClient.options = savedOptions;
+    });
+
+    test('saveMessageToDatabase uses snapshot of options, immune to mid-await disposal', async () => {
+      const savedOptions = TestClient.options;
+      saveMessage.mockClear();
+      saveConvo.mockClear();
+
+      // Make db.saveMessage yield, simulating I/O suspension during which disposal occurs
+      saveMessage.mockImplementation(async (_reqCtx, msgData) => {
+        // Simulate disposeClient nullifying client.options while awaiting
+        TestClient.options = null;
+        return msgData;
+      });
+      saveConvo.mockResolvedValue({ conversationId: 'conv-1' });
+
+      const result = await TestClient.saveMessageToDatabase(
+        { messageId: 'msg-1', conversationId: 'conv-1', isCreatedByUser: true, text: 'hi' },
+        { endpoint: 'openAI' },
+        null,
+      );
+
+      // Should complete without TypeError, using the snapshotted options
+      expect(result).toHaveProperty('message');
+      expect(result).toHaveProperty('conversation');
+      expect(saveMessage).toHaveBeenCalled();
+
+      TestClient.options = savedOptions;
+      saveMessage.mockReset();
+      saveConvo.mockReset();
+    });
+
     test('userMessagePromise is awaited before saving response message', async () => {
       // Mock the saveMessageToDatabase method
       TestClient.saveMessageToDatabase = jest.fn().mockImplementation(() => {
diff --git a/api/app/clients/tools/util/handleTools.js b/api/app/clients/tools/util/handleTools.js
index 4b86101425..8adb43f945 100644
--- a/api/app/clients/tools/util/handleTools.js
+++ b/api/app/clients/tools/util/handleTools.js
@@ -14,7 +14,6 @@ const {
   buildImageToolContext,
   buildWebSearchContext,
 } = require('@librechat/api');
-const { getMCPServersRegistry } = require('~/config');
 const {
   Tools,
   Constants,
@@ -39,12 +38,13 @@ const {
   createGeminiImageTool,
   createOpenAIImageTools,
 } = require('../');
-const { primeFiles: primeCodeFiles } = require('~/server/services/Files/Code/process');
+const { createMCPTool, createMCPTools, resolveConfigServers } = require('~/server/services/MCP');
 const { createFileSearchTool, primeFiles: primeSearchFiles } = require('./fileSearch');
+const { primeFiles: primeCodeFiles } = require('~/server/services/Files/Code/process');
 const { getUserPluginAuthValue } = require('~/server/services/PluginService');
-const { createMCPTool, createMCPTools } = require('~/server/services/MCP');
 const { loadAuthValues } = require('~/server/services/Tools/credentials');
 const { getMCPServerTools } = require('~/server/services/Config');
+const { getMCPServersRegistry } = require('~/config');
 const { getRoleByName } = require('~/models');
 
 /**
@@ -256,6 +256,12 @@ const loadTools = async ({
   const toolContextMap = {};
   const requestedMCPTools = {};
 
+  /** Resolve config-source servers for the current user/tenant context */
+  let configServers;
+  if (tools.some((tool) => tool && mcpToolPattern.test(tool))) {
+    configServers = await resolveConfigServers(options.req);
+  }
+
   for (const tool of tools) {
     if (tool === Tools.execute_code) {
       requestedTools[tool] = async () => {
@@ -341,7 +347,7 @@ const loadTools = async ({
         continue;
       }
       const serverConfig = serverName
-        ? await getMCPServersRegistry().getServerConfig(serverName, user)
+        ? await getMCPServersRegistry().getServerConfig(serverName, user, configServers)
         : null;
       if (!serverConfig) {
         logger.warn(
@@ -419,6 +425,7 @@ const loadTools = async ({
   let index = -1;
   const failedMCPServers = new Set();
   const safeUser = createSafeUser(options.req?.user);
+
   for (const [serverName, toolConfigs] of Object.entries(requestedMCPTools)) {
     index++;
     /** @type {LCAvailableTools} */
@@ -433,6 +440,7 @@ const loadTools = async ({
           signal,
           user: safeUser,
           userMCPAuthMap,
+          configServers,
           res: options.res,
           streamId: options.req?._resumableStreamId || null,
           model: agent?.model ?? model,
diff --git a/api/db/index.js b/api/db/index.js
index 5c29902f69..f4359c8adf 100644
--- a/api/db/index.js
+++ b/api/db/index.js
@@ -1,8 +1,13 @@
 const mongoose = require('mongoose');
 const { createModels } = require('@librechat/data-schemas');
 const { connectDb } = require('./connect');
-const indexSync = require('./indexSync');
 
+// createModels MUST run before requiring indexSync.
+// indexSync.js captures mongoose.models.Message and mongoose.models.Conversation
+// at module load time. If those models are not registered first, all MeiliSearch
+// sync operations will silently fail on every startup.
 createModels(mongoose);
 
+const indexSync = require('./indexSync');
+
 module.exports = { connectDb, indexSync };
diff --git a/api/db/index.spec.js b/api/db/index.spec.js
new file mode 100644
index 0000000000..e1ebe176dc
--- /dev/null
+++ b/api/db/index.spec.js
@@ -0,0 +1,26 @@
+describe('api/db/index.js', () => {
+  test('createModels is called before indexSync is loaded', () => {
+    jest.resetModules();
+
+    const callOrder = [];
+
+    jest.mock('@librechat/data-schemas', () => ({
+      createModels: jest.fn((m) => {
+        callOrder.push('createModels');
+        m.models.Message = { name: 'Message' };
+        m.models.Conversation = { name: 'Conversation' };
+      }),
+    }));
+
+    jest.mock('./indexSync', () => {
+      callOrder.push('indexSync');
+      return jest.fn();
+    });
+
+    jest.mock('./connect', () => ({ connectDb: jest.fn() }));
+
+    require('./index');
+
+    expect(callOrder).toEqual(['createModels', 'indexSync']);
+  });
+});
diff --git a/api/db/indexSync.js b/api/db/indexSync.js
index 130cde77b8..13059033fb 100644
--- a/api/db/indexSync.js
+++ b/api/db/indexSync.js
@@ -6,9 +6,6 @@ const { isEnabled, FlowStateManager } = require('@librechat/api');
 const { getLogStores } = require('~/cache');
 const { batchResetMeiliFlags } = require('./utils');
 
-const Conversation = mongoose.models.Conversation;
-const Message = mongoose.models.Message;
-
 const searchEnabled = isEnabled(process.env.SEARCH);
 const indexingDisabled = isEnabled(process.env.MEILI_NO_SYNC);
 let currentTimeout = null;
@@ -200,6 +197,14 @@ async function performSync(flowManager, flowId, flowType) {
       return { messagesSync: false, convosSync: false };
     }
 
+    const Message = mongoose.models.Message;
+    const Conversation = mongoose.models.Conversation;
+    if (!Message || !Conversation) {
+      throw new Error(
+        '[indexSync] Models not registered. Ensure createModels() has been called before indexSync.',
+      );
+    }
+
     const client = MeiliSearchClient.getInstance();
 
     const { status } = await client.health();
@@ -349,6 +354,13 @@ async function indexSync() {
       logger.debug('[indexSync] Creating indices...');
       currentTimeout = setTimeout(async () => {
         try {
+          const Message = mongoose.models.Message;
+          const Conversation = mongoose.models.Conversation;
+          if (!Message || !Conversation) {
+            throw new Error(
+              '[indexSync] Models not registered. Ensure createModels() has been called before indexSync.',
+            );
+          }
           await Message.syncWithMeili();
           await Conversation.syncWithMeili();
         } catch (err) {
diff --git a/api/package.json b/api/package.json
index 8b2f156cd3..86b0f22c0b 100644
--- a/api/package.json
+++ b/api/package.json
@@ -35,7 +35,7 @@
   "homepage": "https://librechat.ai",
   "dependencies": {
     "@anthropic-ai/vertex-sdk": "^0.14.3",
-    "@aws-sdk/client-bedrock-runtime": "^3.980.0",
+    "@aws-sdk/client-bedrock-runtime": "^3.1013.0",
     "@aws-sdk/client-s3": "^3.980.0",
     "@aws-sdk/s3-request-presigner": "^3.758.0",
     "@azure/identity": "^4.7.0",
@@ -44,7 +44,7 @@
     "@google/genai": "^1.19.0",
     "@keyv/redis": "^4.3.3",
     "@langchain/core": "^0.3.80",
-    "@librechat/agents": "^3.1.62",
+    "@librechat/agents": "^3.1.63",
     "@librechat/api": "*",
     "@librechat/data-schemas": "*",
     "@microsoft/microsoft-graph-client": "^3.0.7",
@@ -52,7 +52,7 @@
     "@node-saml/passport-saml": "^5.1.0",
     "@smithy/node-http-handler": "^4.4.5",
     "ai-tokenizer": "^1.0.6",
-    "axios": "^1.13.5",
+    "axios": "1.13.6",
     "bcryptjs": "^2.4.3",
     "compression": "^1.8.1",
     "connect-redis": "^8.1.0",
@@ -70,7 +70,7 @@
     "file-type": "^21.3.2",
     "firebase": "^11.0.2",
     "form-data": "^4.0.4",
-    "handlebars": "^4.7.7",
+    "handlebars": "^4.7.9",
     "https-proxy-agent": "^7.0.6",
     "ioredis": "^5.3.2",
     "js-yaml": "^4.1.1",
@@ -91,7 +91,7 @@
     "multer": "^2.1.1",
     "nanoid": "^3.3.7",
     "node-fetch": "^2.7.0",
-    "nodemailer": "^7.0.11",
+    "nodemailer": "^8.0.4",
     "ollama": "^0.5.0",
     "openai": "5.8.2",
     "openid-client": "^6.5.0",
diff --git a/api/server/cleanup.js b/api/server/cleanup.js
index 364c02cd8a..c27814292d 100644
--- a/api/server/cleanup.js
+++ b/api/server/cleanup.js
@@ -123,9 +123,6 @@ function disposeClient(client) {
     if (client.maxContextTokens) {
       client.maxContextTokens = null;
     }
-    if (client.contextStrategy) {
-      client.contextStrategy = null;
-    }
     if (client.currentDateString) {
       client.currentDateString = null;
     }
diff --git a/api/server/controllers/ModelController.js b/api/server/controllers/ModelController.js
index 805d9eef27..4738d45111 100644
--- a/api/server/controllers/ModelController.js
+++ b/api/server/controllers/ModelController.js
@@ -1,40 +1,12 @@
 const { logger } = require('@librechat/data-schemas');
-const { CacheKeys } = require('librechat-data-provider');
 const { loadDefaultModels, loadConfigModels } = require('~/server/services/Config');
-const { getLogStores } = require('~/cache');
 
-/**
- * @param {ServerRequest} req
- * @returns {Promise<TModelsConfig>} The models config.
- */
-const getModelsConfig = async (req) => {
-  const cache = getLogStores(CacheKeys.CONFIG_STORE);
-  let modelsConfig = await cache.get(CacheKeys.MODELS_CONFIG);
-  if (!modelsConfig) {
-    modelsConfig = await loadModels(req);
-  }
+const getModelsConfig = (req) => loadModels(req);
 
-  return modelsConfig;
-};
-
-/**
- * Loads the models from the config.
- * @param {ServerRequest} req - The Express request object.
- * @returns {Promise<TModelsConfig>} The models config.
- */
 async function loadModels(req) {
-  const cache = getLogStores(CacheKeys.CONFIG_STORE);
-  const cachedModelsConfig = await cache.get(CacheKeys.MODELS_CONFIG);
-  if (cachedModelsConfig) {
-    return cachedModelsConfig;
-  }
   const defaultModelsConfig = await loadDefaultModels(req);
   const customModelsConfig = await loadConfigModels(req);
-
-  const modelConfig = { ...defaultModelsConfig, ...customModelsConfig };
-
-  await cache.set(CacheKeys.MODELS_CONFIG, modelConfig);
-  return modelConfig;
+  return { ...defaultModelsConfig, ...customModelsConfig };
 }
 
 async function modelController(req, res) {
diff --git a/api/server/controllers/PluginController.js b/api/server/controllers/PluginController.js
index 279ffb15fd..c5d5c5b888 100644
--- a/api/server/controllers/PluginController.js
+++ b/api/server/controllers/PluginController.js
@@ -1,61 +1,37 @@
 const { logger } = require('@librechat/data-schemas');
-const { CacheKeys } = require('librechat-data-provider');
 const { getToolkitKey, checkPluginAuth, filterUniquePlugins } = require('@librechat/api');
 const { getCachedTools, setCachedTools } = require('~/server/services/Config');
 const { availableTools, toolkits } = require('~/app/clients/tools');
 const { getAppConfig } = require('~/server/services/Config');
-const { getLogStores } = require('~/cache');
 
 const getAvailablePluginsController = async (req, res) => {
   try {
-    const cache = getLogStores(CacheKeys.TOOL_CACHE);
-    const cachedPlugins = await cache.get(CacheKeys.PLUGINS);
-    if (cachedPlugins) {
-      res.status(200).json(cachedPlugins);
-      return;
-    }
-
-    const appConfig = await getAppConfig({ role: req.user?.role });
-    /** @type {{ filteredTools: string[], includedTools: string[] }} */
+    const appConfig = await getAppConfig({ role: req.user?.role, tenantId: req.user?.tenantId });
     const { filteredTools = [], includedTools = [] } = appConfig;
-    /** @type {import('@librechat/api').LCManifestTool[]} */
-    const pluginManifest = availableTools;
 
-    const uniquePlugins = filterUniquePlugins(pluginManifest);
-    let authenticatedPlugins = [];
+    const uniquePlugins = filterUniquePlugins(availableTools);
+    const includeSet = new Set(includedTools);
+    const filterSet = new Set(filteredTools);
+
+    /** includedTools takes precedence — filteredTools ignored when both are set. */
+    const plugins = [];
     for (const plugin of uniquePlugins) {
-      authenticatedPlugins.push(
-        checkPluginAuth(plugin) ? { ...plugin, authenticated: true } : plugin,
-      );
+      if (includeSet.size > 0) {
+        if (!includeSet.has(plugin.pluginKey)) {
+          continue;
+        }
+      } else if (filterSet.has(plugin.pluginKey)) {
+        continue;
+      }
+      plugins.push(checkPluginAuth(plugin) ? { ...plugin, authenticated: true } : plugin);
     }
 
-    let plugins = authenticatedPlugins;
-
-    if (includedTools.length > 0) {
-      plugins = plugins.filter((plugin) => includedTools.includes(plugin.pluginKey));
-    } else {
-      plugins = plugins.filter((plugin) => !filteredTools.includes(plugin.pluginKey));
-    }
-
-    await cache.set(CacheKeys.PLUGINS, plugins);
     res.status(200).json(plugins);
   } catch (error) {
     res.status(500).json({ message: error.message });
   }
 };
 
-/**
- * Retrieves and returns a list of available tools, either from a cache or by reading a plugin manifest file.
- *
- * This function first attempts to retrieve the list of tools from a cache. If the tools are not found in the cache,
- * it reads a plugin manifest file, filters for unique plugins, and determines if each plugin is authenticated.
- * Only plugins that are marked as available in the application's local state are included in the final list.
- * The resulting list of tools is then cached and sent to the client.
- *
- * @param {object} req - The request object, containing information about the HTTP request.
- * @param {object} res - The response object, used to send back the desired HTTP response.
- * @returns {Promise<void>} A promise that resolves when the function has completed.
- */
 const getAvailableTools = async (req, res) => {
   try {
     const userId = req.user?.id;
@@ -63,18 +39,10 @@ const getAvailableTools = async (req, res) => {
       logger.warn('[getAvailableTools] User ID not found in request');
       return res.status(401).json({ message: 'Unauthorized' });
     }
-    const cache = getLogStores(CacheKeys.TOOL_CACHE);
-    const cachedToolsArray = await cache.get(CacheKeys.TOOLS);
 
-    const appConfig = req.config ?? (await getAppConfig({ role: req.user?.role }));
+    const appConfig =
+      req.config ?? (await getAppConfig({ role: req.user?.role, tenantId: req.user?.tenantId }));
 
-    // Return early if we have cached tools
-    if (cachedToolsArray != null) {
-      res.status(200).json(cachedToolsArray);
-      return;
-    }
-
-    /** @type {Record<string, FunctionTool> | null} Get tool definitions to filter which tools are actually available */
     let toolDefinitions = await getCachedTools();
 
     if (toolDefinitions == null && appConfig?.availableTools != null) {
@@ -83,26 +51,17 @@ const getAvailableTools = async (req, res) => {
       toolDefinitions = appConfig.availableTools;
     }
 
-    /** @type {import('@librechat/api').LCManifestTool[]} */
-    let pluginManifest = availableTools;
+    const uniquePlugins = filterUniquePlugins(availableTools);
+    const toolDefKeysList = toolDefinitions ? Object.keys(toolDefinitions) : null;
+    const toolDefKeys = toolDefKeysList ? new Set(toolDefKeysList) : null;
 
-    /** @type {TPlugin[]} Deduplicate and authenticate plugins */
-    const uniquePlugins = filterUniquePlugins(pluginManifest);
-    const authenticatedPlugins = uniquePlugins.map((plugin) => {
-      if (checkPluginAuth(plugin)) {
-        return { ...plugin, authenticated: true };
-      } else {
-        return plugin;
-      }
-    });
-
-    /** Filter plugins based on availability */
     const toolsOutput = [];
-    for (const plugin of authenticatedPlugins) {
-      const isToolDefined = toolDefinitions?.[plugin.pluginKey] !== undefined;
+    for (const plugin of uniquePlugins) {
+      const isToolDefined = toolDefKeys?.has(plugin.pluginKey) === true;
       const isToolkit =
         plugin.toolkit === true &&
-        Object.keys(toolDefinitions ?? {}).some(
+        toolDefKeysList != null &&
+        toolDefKeysList.some(
           (key) => getToolkitKey({ toolkits, toolName: key }) === plugin.pluginKey,
         );
 
@@ -110,13 +69,10 @@ const getAvailableTools = async (req, res) => {
         continue;
       }
 
-      toolsOutput.push(plugin);
+      toolsOutput.push(checkPluginAuth(plugin) ? { ...plugin, authenticated: true } : plugin);
     }
 
-    const finalTools = filterUniquePlugins(toolsOutput);
-    await cache.set(CacheKeys.TOOLS, finalTools);
-
-    res.status(200).json(finalTools);
+    res.status(200).json(toolsOutput);
   } catch (error) {
     logger.error('[getAvailableTools]', error);
     res.status(500).json({ message: error.message });
diff --git a/api/server/controllers/PluginController.spec.js b/api/server/controllers/PluginController.spec.js
index 06a51a3bd6..9288680567 100644
--- a/api/server/controllers/PluginController.spec.js
+++ b/api/server/controllers/PluginController.spec.js
@@ -1,6 +1,4 @@
-const { CacheKeys } = require('librechat-data-provider');
 const { getCachedTools, getAppConfig } = require('~/server/services/Config');
-const { getLogStores } = require('~/cache');
 
 jest.mock('@librechat/data-schemas', () => ({
   logger: {
@@ -19,22 +17,15 @@ jest.mock('~/server/services/Config', () => ({
   setCachedTools: jest.fn(),
 }));
 
-// loadAndFormatTools mock removed - no longer used in PluginController
-// getMCPManager mock removed - no longer used in PluginController
-
 jest.mock('~/app/clients/tools', () => ({
   availableTools: [],
   toolkits: [],
 }));
 
-jest.mock('~/cache', () => ({
-  getLogStores: jest.fn(),
-}));
-
 const { getAvailableTools, getAvailablePluginsController } = require('./PluginController');
 
 describe('PluginController', () => {
-  let mockReq, mockRes, mockCache;
+  let mockReq, mockRes;
 
   beforeEach(() => {
     jest.clearAllMocks();
@@ -46,17 +37,12 @@ describe('PluginController', () => {
       },
     };
     mockRes = { status: jest.fn().mockReturnThis(), json: jest.fn() };
-    mockCache = { get: jest.fn(), set: jest.fn() };
-    getLogStores.mockReturnValue(mockCache);
 
-    // Clear availableTools and toolkits arrays before each test
     require('~/app/clients/tools').availableTools.length = 0;
     require('~/app/clients/tools').toolkits.length = 0;
 
-    // Reset getCachedTools mock to ensure clean state
     getCachedTools.mockReset();
 
-    // Reset getAppConfig mock to ensure clean state with default values
     getAppConfig.mockReset();
     getAppConfig.mockResolvedValue({
       filteredTools: [],
@@ -64,31 +50,8 @@ describe('PluginController', () => {
     });
   });
 
-  describe('cache namespace', () => {
-    it('getAvailablePluginsController should use TOOL_CACHE namespace', async () => {
-      mockCache.get.mockResolvedValue([]);
-      await getAvailablePluginsController(mockReq, mockRes);
-      expect(getLogStores).toHaveBeenCalledWith(CacheKeys.TOOL_CACHE);
-    });
-
-    it('getAvailableTools should use TOOL_CACHE namespace', async () => {
-      mockCache.get.mockResolvedValue([]);
-      await getAvailableTools(mockReq, mockRes);
-      expect(getLogStores).toHaveBeenCalledWith(CacheKeys.TOOL_CACHE);
-    });
-
-    it('should NOT use CONFIG_STORE namespace for tool/plugin operations', async () => {
-      mockCache.get.mockResolvedValue([]);
-      await getAvailablePluginsController(mockReq, mockRes);
-      await getAvailableTools(mockReq, mockRes);
-      const allCalls = getLogStores.mock.calls.flat();
-      expect(allCalls).not.toContain(CacheKeys.CONFIG_STORE);
-    });
-  });
-
   describe('getAvailablePluginsController', () => {
     it('should use filterUniquePlugins to remove duplicate plugins', async () => {
-      // Add plugins with duplicates to availableTools
       const mockPlugins = [
         { name: 'Plugin1', pluginKey: 'key1', description: 'First' },
         { name: 'Plugin1', pluginKey: 'key1', description: 'First duplicate' },
@@ -97,9 +60,6 @@ describe('PluginController', () => {
 
       require('~/app/clients/tools').availableTools.push(...mockPlugins);
 
-      mockCache.get.mockResolvedValue(null);
-
-      // Configure getAppConfig to return the expected config
       getAppConfig.mockResolvedValueOnce({
         filteredTools: [],
         includedTools: [],
@@ -109,21 +69,16 @@ describe('PluginController', () => {
 
       expect(mockRes.status).toHaveBeenCalledWith(200);
       const responseData = mockRes.json.mock.calls[0][0];
-      // The real filterUniquePlugins should have removed the duplicate
       expect(responseData).toHaveLength(2);
       expect(responseData[0].pluginKey).toBe('key1');
       expect(responseData[1].pluginKey).toBe('key2');
     });
 
     it('should use checkPluginAuth to verify plugin authentication', async () => {
-      // checkPluginAuth returns false for plugins without authConfig
-      // so authenticated property won't be added
       const mockPlugin = { name: 'Plugin1', pluginKey: 'key1', description: 'First' };
 
       require('~/app/clients/tools').availableTools.push(mockPlugin);
-      mockCache.get.mockResolvedValue(null);
 
-      // Configure getAppConfig to return the expected config
       getAppConfig.mockResolvedValueOnce({
         filteredTools: [],
         includedTools: [],
@@ -132,23 +87,9 @@ describe('PluginController', () => {
       await getAvailablePluginsController(mockReq, mockRes);
 
       const responseData = mockRes.json.mock.calls[0][0];
-      // The real checkPluginAuth returns false for plugins without authConfig, so authenticated property is not added
       expect(responseData[0].authenticated).toBeUndefined();
     });
 
-    it('should return cached plugins when available', async () => {
-      const cachedPlugins = [
-        { name: 'CachedPlugin', pluginKey: 'cached', description: 'Cached plugin' },
-      ];
-
-      mockCache.get.mockResolvedValue(cachedPlugins);
-
-      await getAvailablePluginsController(mockReq, mockRes);
-
-      // When cache is hit, we return immediately without processing
-      expect(mockRes.json).toHaveBeenCalledWith(cachedPlugins);
-    });
-
     it('should filter plugins based on includedTools', async () => {
       const mockPlugins = [
         { name: 'Plugin1', pluginKey: 'key1', description: 'First' },
@@ -156,9 +97,7 @@ describe('PluginController', () => {
       ];
 
       require('~/app/clients/tools').availableTools.push(...mockPlugins);
-      mockCache.get.mockResolvedValue(null);
 
-      // Configure getAppConfig to return config with includedTools
       getAppConfig.mockResolvedValueOnce({
         filteredTools: [],
         includedTools: ['key1'],
@@ -170,6 +109,47 @@ describe('PluginController', () => {
       expect(responseData).toHaveLength(1);
       expect(responseData[0].pluginKey).toBe('key1');
     });
+
+    it('should exclude plugins in filteredTools', async () => {
+      const mockPlugins = [
+        { name: 'Plugin1', pluginKey: 'key1', description: 'First' },
+        { name: 'Plugin2', pluginKey: 'key2', description: 'Second' },
+      ];
+
+      require('~/app/clients/tools').availableTools.push(...mockPlugins);
+
+      getAppConfig.mockResolvedValueOnce({
+        filteredTools: ['key2'],
+        includedTools: [],
+      });
+
+      await getAvailablePluginsController(mockReq, mockRes);
+
+      const responseData = mockRes.json.mock.calls[0][0];
+      expect(responseData).toHaveLength(1);
+      expect(responseData[0].pluginKey).toBe('key1');
+    });
+
+    it('should ignore filteredTools when includedTools is set', async () => {
+      const mockPlugins = [
+        { name: 'Plugin1', pluginKey: 'key1', description: 'First' },
+        { name: 'Plugin2', pluginKey: 'key2', description: 'Second' },
+        { name: 'Plugin3', pluginKey: 'key3', description: 'Third' },
+      ];
+
+      require('~/app/clients/tools').availableTools.push(...mockPlugins);
+
+      getAppConfig.mockResolvedValueOnce({
+        includedTools: ['key1', 'key2'],
+        filteredTools: ['key2'],
+      });
+
+      await getAvailablePluginsController(mockReq, mockRes);
+
+      const responseData = mockRes.json.mock.calls[0][0];
+      expect(responseData).toHaveLength(2);
+      expect(responseData.map((p) => p.pluginKey)).toEqual(['key1', 'key2']);
+    });
   });
 
   describe('getAvailableTools', () => {
@@ -185,12 +165,11 @@ describe('PluginController', () => {
         },
       };
 
-      const mockCachedPlugins = [
+      require('~/app/clients/tools').availableTools.push(
         { name: 'user-tool', pluginKey: 'user-tool', description: 'Duplicate user tool' },
         { name: 'ManifestTool', pluginKey: 'manifest-tool', description: 'Manifest tool' },
-      ];
+      );
 
-      mockCache.get.mockResolvedValue(mockCachedPlugins);
       getCachedTools.mockResolvedValueOnce(mockUserTools);
       mockReq.config = {
         mcpConfig: null,
@@ -202,24 +181,19 @@ describe('PluginController', () => {
       expect(mockRes.status).toHaveBeenCalledWith(200);
       const responseData = mockRes.json.mock.calls[0][0];
       expect(Array.isArray(responseData)).toBe(true);
-      // The real filterUniquePlugins should have deduplicated tools with same pluginKey
       const userToolCount = responseData.filter((tool) => tool.pluginKey === 'user-tool').length;
       expect(userToolCount).toBe(1);
     });
 
     it('should use checkPluginAuth to verify authentication status', async () => {
-      // Add a plugin to availableTools that will be checked
       const mockPlugin = {
         name: 'Tool1',
         pluginKey: 'tool1',
         description: 'Tool 1',
-        // No authConfig means checkPluginAuth returns false
       };
 
       require('~/app/clients/tools').availableTools.push(mockPlugin);
 
-      mockCache.get.mockResolvedValue(null);
-      // getCachedTools returns the tool definitions
       getCachedTools.mockResolvedValueOnce({
         tool1: {
           type: 'function',
@@ -242,7 +216,6 @@ describe('PluginController', () => {
       expect(Array.isArray(responseData)).toBe(true);
       const tool = responseData.find((t) => t.pluginKey === 'tool1');
       expect(tool).toBeDefined();
-      // The real checkPluginAuth returns false for plugins without authConfig, so authenticated property is not added
       expect(tool.authenticated).toBeUndefined();
     });
 
@@ -256,15 +229,12 @@ describe('PluginController', () => {
 
       require('~/app/clients/tools').availableTools.push(mockToolkit);
 
-      // Mock toolkits to have a mapping
       require('~/app/clients/tools').toolkits.push({
         name: 'Toolkit1',
         pluginKey: 'toolkit1',
         tools: ['toolkit1_function'],
       });
 
-      mockCache.get.mockResolvedValue(null);
-      // getCachedTools returns the tool definitions
       getCachedTools.mockResolvedValueOnce({
         toolkit1_function: {
           type: 'function',
@@ -292,7 +262,7 @@ describe('PluginController', () => {
 
   describe('helper function integration', () => {
     it('should handle error cases gracefully', async () => {
-      mockCache.get.mockRejectedValue(new Error('Cache error'));
+      getCachedTools.mockRejectedValue(new Error('Cache error'));
 
       await getAvailableTools(mockReq, mockRes);
 
@@ -302,17 +272,7 @@ describe('PluginController', () => {
   });
 
   describe('edge cases with undefined/null values', () => {
-    it('should handle undefined cache gracefully', async () => {
-      getLogStores.mockReturnValue(undefined);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(500);
-    });
-
-    it('should handle null cachedTools and cachedUserTools', async () => {
-      mockCache.get.mockResolvedValue(null);
-      // getCachedTools returns empty object instead of null
+    it('should handle null cachedTools', async () => {
       getCachedTools.mockResolvedValueOnce({});
       mockReq.config = {
         mcpConfig: null,
@@ -321,51 +281,40 @@ describe('PluginController', () => {
 
       await getAvailableTools(mockReq, mockRes);
 
-      // Should handle null values gracefully
       expect(mockRes.status).toHaveBeenCalledWith(200);
       expect(mockRes.json).toHaveBeenCalledWith([]);
     });
 
     it('should handle when getCachedTools returns undefined', async () => {
-      mockCache.get.mockResolvedValue(null);
       mockReq.config = {
         mcpConfig: null,
         paths: { structuredTools: '/mock/path' },
       };
 
-      // Mock getCachedTools to return undefined
       getCachedTools.mockReset();
       getCachedTools.mockResolvedValueOnce(undefined);
 
       await getAvailableTools(mockReq, mockRes);
 
-      // Should handle undefined values gracefully
       expect(mockRes.status).toHaveBeenCalledWith(200);
       expect(mockRes.json).toHaveBeenCalledWith([]);
     });
 
     it('should handle empty toolDefinitions object', async () => {
-      mockCache.get.mockResolvedValue(null);
-      // Reset getCachedTools to ensure clean state
       getCachedTools.mockReset();
       getCachedTools.mockResolvedValue({});
-      mockReq.config = {}; // No mcpConfig at all
+      mockReq.config = {};
 
-      // Ensure no plugins are available
       require('~/app/clients/tools').availableTools.length = 0;
 
       await getAvailableTools(mockReq, mockRes);
 
-      // With empty tool definitions, no tools should be in the final output
       expect(mockRes.json).toHaveBeenCalledWith([]);
     });
 
     it('should handle undefined filteredTools and includedTools', async () => {
       mockReq.config = {};
-      mockCache.get.mockResolvedValue(null);
 
-      // Configure getAppConfig to return config with undefined properties
-      // The controller will use default values [] for filteredTools and includedTools
       getAppConfig.mockResolvedValueOnce({});
 
       await getAvailablePluginsController(mockReq, mockRes);
@@ -382,13 +331,8 @@ describe('PluginController', () => {
         toolkit: true,
       };
 
-      // No need to mock app.locals anymore as it's not used
-
-      // Add the toolkit to availableTools
       require('~/app/clients/tools').availableTools.push(mockToolkit);
 
-      mockCache.get.mockResolvedValue(null);
-      // getCachedTools returns empty object to avoid null reference error
       getCachedTools.mockResolvedValueOnce({});
       mockReq.config = {
         mcpConfig: null,
@@ -397,43 +341,32 @@ describe('PluginController', () => {
 
       await getAvailableTools(mockReq, mockRes);
 
-      // Should handle null toolDefinitions gracefully
       expect(mockRes.status).toHaveBeenCalledWith(200);
     });
 
-    it('should handle undefined toolDefinitions when checking isToolDefined (traversaal_search bug)', async () => {
-      // This test reproduces the bug where toolDefinitions is undefined
-      // and accessing toolDefinitions[plugin.pluginKey] causes a TypeError
+    it('should handle undefined toolDefinitions when checking isToolDefined', async () => {
       const mockPlugin = {
         name: 'Traversaal Search',
         pluginKey: 'traversaal_search',
         description: 'Search plugin',
       };
 
-      // Add the plugin to availableTools
       require('~/app/clients/tools').availableTools.push(mockPlugin);
 
-      mockCache.get.mockResolvedValue(null);
-
       mockReq.config = {
         mcpConfig: null,
         paths: { structuredTools: '/mock/path' },
       };
 
-      // CRITICAL: getCachedTools returns undefined
-      // This is what causes the bug when trying to access toolDefinitions[plugin.pluginKey]
       getCachedTools.mockResolvedValueOnce(undefined);
 
-      // This should not throw an error with the optional chaining fix
       await getAvailableTools(mockReq, mockRes);
 
-      // Should handle undefined toolDefinitions gracefully and return empty array
       expect(mockRes.status).toHaveBeenCalledWith(200);
       expect(mockRes.json).toHaveBeenCalledWith([]);
     });
 
     it('should re-initialize tools from appConfig when cache returns null', async () => {
-      // Setup: Initial state with tools in appConfig
       const mockAppTools = {
         tool1: {
           type: 'function',
@@ -453,15 +386,12 @@ describe('PluginController', () => {
         },
       };
 
-      // Add matching plugins to availableTools
       require('~/app/clients/tools').availableTools.push(
         { name: 'Tool 1', pluginKey: 'tool1', description: 'Tool 1' },
         { name: 'Tool 2', pluginKey: 'tool2', description: 'Tool 2' },
       );
 
-      // Simulate cache cleared state (returns null)
-      mockCache.get.mockResolvedValue(null);
-      getCachedTools.mockResolvedValueOnce(null); // Global tools (cache cleared)
+      getCachedTools.mockResolvedValueOnce(null);
 
       mockReq.config = {
         filteredTools: [],
@@ -469,15 +399,12 @@ describe('PluginController', () => {
         availableTools: mockAppTools,
       };
 
-      // Mock setCachedTools to verify it's called to re-initialize
       const { setCachedTools } = require('~/server/services/Config');
 
       await getAvailableTools(mockReq, mockRes);
 
-      // Should have re-initialized the cache with tools from appConfig
       expect(setCachedTools).toHaveBeenCalledWith(mockAppTools);
 
-      // Should still return tools successfully
       expect(mockRes.status).toHaveBeenCalledWith(200);
       const responseData = mockRes.json.mock.calls[0][0];
       expect(responseData).toHaveLength(2);
@@ -486,29 +413,22 @@ describe('PluginController', () => {
     });
 
     it('should handle cache clear without appConfig.availableTools gracefully', async () => {
-      // Setup: appConfig without availableTools
       getAppConfig.mockResolvedValue({
         filteredTools: [],
         includedTools: [],
-        // No availableTools property
       });
 
-      // Clear availableTools array
       require('~/app/clients/tools').availableTools.length = 0;
 
-      // Cache returns null (cleared state)
-      mockCache.get.mockResolvedValue(null);
-      getCachedTools.mockResolvedValueOnce(null); // Global tools (cache cleared)
+      getCachedTools.mockResolvedValueOnce(null);
 
       mockReq.config = {
         filteredTools: [],
         includedTools: [],
-        // No availableTools
       };
 
       await getAvailableTools(mockReq, mockRes);
 
-      // Should handle gracefully without crashing
       expect(mockRes.status).toHaveBeenCalledWith(200);
       expect(mockRes.json).toHaveBeenCalledWith([]);
     });
diff --git a/api/server/controllers/UserController.js b/api/server/controllers/UserController.js
index 301c6d2f76..16b68968d9 100644
--- a/api/server/controllers/UserController.js
+++ b/api/server/controllers/UserController.js
@@ -26,7 +26,7 @@ const { getLogStores } = require('~/cache');
 const db = require('~/models');
 
 const getUserController = async (req, res) => {
-  const appConfig = await getAppConfig({ role: req.user?.role });
+  const appConfig = await getAppConfig({ role: req.user?.role, tenantId: req.user?.tenantId });
   /** @type {IUser} */
   const userData = req.user.toObject != null ? req.user.toObject() : { ...req.user };
   /**
@@ -165,7 +165,7 @@ const deleteUserMcpServers = async (userId) => {
 };
 
 const updateUserPluginsController = async (req, res) => {
-  const appConfig = await getAppConfig({ role: req.user?.role });
+  const appConfig = await getAppConfig({ role: req.user?.role, tenantId: req.user?.tenantId });
   const { user } = req;
   const { pluginKey, action, auth, isEntityTool } = req.body;
   try {
diff --git a/api/server/controllers/agents/__tests__/openai.spec.js b/api/server/controllers/agents/__tests__/openai.spec.js
index c2f13f7837..c959be6cf4 100644
--- a/api/server/controllers/agents/__tests__/openai.spec.js
+++ b/api/server/controllers/agents/__tests__/openai.spec.js
@@ -3,6 +3,7 @@
  * Tests that recordCollectedUsage is called correctly for token spending
  */
 
+const mockProcessStream = jest.fn().mockResolvedValue(undefined);
 const mockSpendTokens = jest.fn().mockResolvedValue({});
 const mockSpendStructuredTokens = jest.fn().mockResolvedValue({});
 const mockRecordCollectedUsage = jest
@@ -35,7 +36,7 @@ jest.mock('@librechat/agents', () => ({
 jest.mock('@librechat/api', () => ({
   writeSSE: jest.fn(),
   createRun: jest.fn().mockResolvedValue({
-    processStream: jest.fn().mockResolvedValue(undefined),
+    processStream: mockProcessStream,
   }),
   createChunk: jest.fn().mockReturnValue({}),
   buildToolSet: jest.fn().mockReturnValue(new Set()),
@@ -68,6 +69,7 @@ jest.mock('@librechat/api', () => ({
     toolCalls: new Map(),
     usage: { promptTokens: 100, completionTokens: 50, reasoningTokens: 0 },
   }),
+  resolveRecursionLimit: jest.fn().mockReturnValue(50),
   createToolExecuteHandler: jest.fn().mockReturnValue({ handle: jest.fn() }),
   isChatCompletionValidationFailure: jest.fn().mockReturnValue(false),
 }));
@@ -286,4 +288,36 @@ describe('OpenAIChatCompletionController', () => {
       );
     });
   });
+
+  describe('recursionLimit resolution', () => {
+    it('should pass resolveRecursionLimit result to processStream config', async () => {
+      const { resolveRecursionLimit } = require('@librechat/api');
+      resolveRecursionLimit.mockReturnValueOnce(75);
+
+      await OpenAIChatCompletionController(req, res);
+
+      expect(mockProcessStream).toHaveBeenCalledWith(
+        expect.anything(),
+        expect.objectContaining({ recursionLimit: 75 }),
+        expect.anything(),
+      );
+    });
+
+    it('should call resolveRecursionLimit with agentsEConfig and agent', async () => {
+      const { resolveRecursionLimit } = require('@librechat/api');
+      const { getAgent } = require('~/models');
+      const mockAgent = { id: 'agent-123', name: 'Test', recursion_limit: 200 };
+      getAgent.mockResolvedValueOnce(mockAgent);
+
+      req.config = {
+        endpoints: {
+          agents: { recursionLimit: 100, maxRecursionLimit: 150, allowedProviders: [] },
+        },
+      };
+
+      await OpenAIChatCompletionController(req, res);
+
+      expect(resolveRecursionLimit).toHaveBeenCalledWith(req.config.endpoints.agents, mockAgent);
+    });
+  });
 });
diff --git a/api/server/controllers/agents/client.js b/api/server/controllers/agents/client.js
index 47a10165e3..3c1f91bd60 100644
--- a/api/server/controllers/agents/client.js
+++ b/api/server/controllers/agents/client.js
@@ -21,6 +21,7 @@ const {
   recordCollectedUsage,
   GenerationJobManager,
   getTransactionsConfig,
+  resolveRecursionLimit,
   createMemoryProcessor,
   loadAgent: loadAgentFn,
   createMultiAgentMapper,
@@ -50,6 +51,7 @@ const {
 const { filterFilesByAgentAccess } = require('~/server/services/Files/permissions');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
 const { createContextHandlers } = require('~/app/clients/prompts');
+const { resolveConfigServers } = require('~/server/services/MCP');
 const { getMCPServerTools } = require('~/server/services/Config');
 const BaseClient = require('~/app/clients/BaseClient');
 const { getMCPManager } = require('~/config');
@@ -377,6 +379,9 @@ class AgentClient extends BaseClient {
      */
     const ephemeralAgent = this.options.req.body.ephemeralAgent;
     const mcpManager = getMCPManager();
+
+    const configServers = await resolveConfigServers(this.options.req);
+
     await Promise.all(
       allAgents.map(({ agent, agentId }) =>
         applyContextToAgent({
@@ -384,6 +389,7 @@ class AgentClient extends BaseClient {
           agentId,
           logger,
           mcpManager,
+          configServers,
           sharedRunContext,
           ephemeralAgent: agentId === this.options.agent.id ? ephemeralAgent : undefined,
         }),
@@ -728,7 +734,7 @@ class AgentClient extends BaseClient {
           },
           user: createSafeUser(this.options.req.user),
         },
-        recursionLimit: agentsEConfig?.recursionLimit ?? 50,
+        recursionLimit: resolveRecursionLimit(agentsEConfig, this.options.agent),
         signal: abortController.signal,
         streamMode: 'values',
         version: 'v2',
@@ -776,17 +782,6 @@ class AgentClient extends BaseClient {
           agents.push(...this.agentConfigs.values());
         }
 
-        if (agents[0].recursion_limit && typeof agents[0].recursion_limit === 'number') {
-          config.recursionLimit = agents[0].recursion_limit;
-        }
-
-        if (
-          agentsEConfig?.maxRecursionLimit &&
-          config.recursionLimit > agentsEConfig?.maxRecursionLimit
-        ) {
-          config.recursionLimit = agentsEConfig?.maxRecursionLimit;
-        }
-
         // TODO: needs to be added as part of AgentContext initialization
         // const noSystemModelRegex = [/\b(o1-preview|o1-mini|amazon\.titan-text)\b/gi];
         // const noSystemMessages = noSystemModelRegex.some((regex) =>
diff --git a/api/server/controllers/agents/client.test.js b/api/server/controllers/agents/client.test.js
index 41a806f66d..1595f652f7 100644
--- a/api/server/controllers/agents/client.test.js
+++ b/api/server/controllers/agents/client.test.js
@@ -22,6 +22,10 @@ jest.mock('~/server/services/Config', () => ({
   getMCPServerTools: jest.fn(),
 }));
 
+jest.mock('~/server/services/MCP', () => ({
+  resolveConfigServers: jest.fn().mockResolvedValue({}),
+}));
+
 jest.mock('~/models', () => ({
   getAgent: jest.fn(),
   getRoleByName: jest.fn(),
@@ -1315,7 +1319,7 @@ describe('AgentClient - titleConvo', () => {
       });
 
       // Verify formatInstructionsForContext was called with correct server names
-      expect(mockFormatInstructions).toHaveBeenCalledWith(['server1', 'server2']);
+      expect(mockFormatInstructions).toHaveBeenCalledWith(['server1', 'server2'], {});
 
       // Verify the instructions do NOT contain [object Promise]
       expect(client.options.agent.instructions).not.toContain('[object Promise]');
@@ -1355,10 +1359,10 @@ describe('AgentClient - titleConvo', () => {
       });
 
       // Verify formatInstructionsForContext was called with ephemeral server names
-      expect(mockFormatInstructions).toHaveBeenCalledWith([
-        'ephemeral-server1',
-        'ephemeral-server2',
-      ]);
+      expect(mockFormatInstructions).toHaveBeenCalledWith(
+        ['ephemeral-server1', 'ephemeral-server2'],
+        {},
+      );
 
       // Verify no [object Promise] in instructions
       expect(client.options.agent.instructions).not.toContain('[object Promise]');
diff --git a/api/server/controllers/agents/filterAuthorizedTools.spec.js b/api/server/controllers/agents/filterAuthorizedTools.spec.js
index e215fdc1fc..e6b41aef16 100644
--- a/api/server/controllers/agents/filterAuthorizedTools.spec.js
+++ b/api/server/controllers/agents/filterAuthorizedTools.spec.js
@@ -22,6 +22,10 @@ jest.mock('~/config', () => ({
   })),
 }));
 
+jest.mock('~/server/services/MCP', () => ({
+  resolveConfigServers: jest.fn().mockResolvedValue({}),
+}));
+
 jest.mock('~/server/services/Files/strategies', () => ({
   getStrategyFunctions: jest.fn(),
 }));
@@ -223,7 +227,27 @@ describe('MCP Tool Authorization', () => {
         availableTools,
       });
 
-      expect(mockGetAllServerConfigs).toHaveBeenCalledWith('specific-user-id');
+      expect(mockGetAllServerConfigs).toHaveBeenCalledWith('specific-user-id', undefined);
+    });
+
+    test('should pass configServers to getAllServerConfigs and allow config-override servers', async () => {
+      const configServers = {
+        'config-override-server': { type: 'sse', url: 'https://override.example.com' },
+      };
+      mockGetAllServerConfigs.mockResolvedValue({
+        'config-override-server': configServers['config-override-server'],
+      });
+
+      const result = await filterAuthorizedTools({
+        tools: [`tool${d}config-override-server`, `tool${d}unauthorizedServer`],
+        userId,
+        availableTools,
+        configServers,
+      });
+
+      expect(mockGetAllServerConfigs).toHaveBeenCalledWith(userId, configServers);
+      expect(result).toContain(`tool${d}config-override-server`);
+      expect(result).not.toContain(`tool${d}unauthorizedServer`);
     });
 
     test('should only call getAllServerConfigs once even with multiple MCP tools', async () => {
diff --git a/api/server/controllers/agents/openai.js b/api/server/controllers/agents/openai.js
index b649058806..9fa3af82c3 100644
--- a/api/server/controllers/agents/openai.js
+++ b/api/server/controllers/agents/openai.js
@@ -15,6 +15,7 @@ const {
   createErrorResponse,
   recordCollectedUsage,
   getTransactionsConfig,
+  resolveRecursionLimit,
   createToolExecuteHandler,
   buildNonStreamingResponse,
   createOpenAIStreamTracker,
@@ -194,10 +195,8 @@ const OpenAIChatCompletionController = async (req, res) => {
     const conversationId = request.conversation_id ?? nanoid();
     const parentMessageId = request.parent_message_id ?? null;
 
-    // Build allowed providers set
-    const allowedProviders = new Set(
-      appConfig?.endpoints?.[EModelEndpoint.agents]?.allowedProviders,
-    );
+    const agentsEConfig = appConfig?.endpoints?.[EModelEndpoint.agents];
+    const allowedProviders = new Set(agentsEConfig?.allowedProviders);
 
     // Create tool loader
     const loadTools = createToolLoader(abortController.signal);
@@ -491,7 +490,6 @@ const OpenAIChatCompletionController = async (req, res) => {
       throw new Error('Failed to create agent run');
     }
 
-    // Process the stream
     const config = {
       runName: 'AgentRun',
       configurable: {
@@ -504,6 +502,7 @@ const OpenAIChatCompletionController = async (req, res) => {
         },
         ...(userMCPAuthMap != null && { userMCPAuthMap }),
       },
+      recursionLimit: resolveRecursionLimit(agentsEConfig, agent),
       signal: abortController.signal,
       streamMode: 'values',
       version: 'v2',
diff --git a/api/server/controllers/agents/v1.js b/api/server/controllers/agents/v1.js
index 17985f97ce..e365b232e4 100644
--- a/api/server/controllers/agents/v1.js
+++ b/api/server/controllers/agents/v1.js
@@ -38,6 +38,7 @@ const { resizeAvatar } = require('~/server/services/Files/images/avatar');
 const { getFileStrategy } = require('~/server/utils/getFileStrategy');
 const { filterFile } = require('~/server/services/Files/process');
 const { getCachedTools } = require('~/server/services/Config');
+const { resolveConfigServers } = require('~/server/services/MCP');
 const { getMCPServersRegistry } = require('~/config');
 const { getLogStores } = require('~/cache');
 const db = require('~/models');
@@ -101,9 +102,16 @@ const validateEdgeAgentAccess = async (edges, userId, userRole) => {
  * @param {string} params.userId - Requesting user ID for MCP server access check
  * @param {Record<string, unknown>} params.availableTools - Global non-MCP tool cache
  * @param {string[]} [params.existingTools] - Tools already persisted on the agent document
+ * @param {Record<string, unknown>} [params.configServers] - Config-source MCP servers resolved from appConfig overrides
  * @returns {Promise<string[]>} Only the authorized subset of tools
  */
-const filterAuthorizedTools = async ({ tools, userId, availableTools, existingTools }) => {
+const filterAuthorizedTools = async ({
+  tools,
+  userId,
+  availableTools,
+  existingTools,
+  configServers,
+}) => {
   const filteredTools = [];
   let mcpServerConfigs;
   let registryUnavailable = false;
@@ -121,7 +129,8 @@ const filterAuthorizedTools = async ({ tools, userId, availableTools, existingTo
 
     if (mcpServerConfigs === undefined) {
       try {
-        mcpServerConfigs = (await getMCPServersRegistry().getAllServerConfigs(userId)) ?? {};
+        mcpServerConfigs =
+          (await getMCPServersRegistry().getAllServerConfigs(userId, configServers)) ?? {};
       } catch (e) {
         logger.warn(
           '[filterAuthorizedTools] MCP registry unavailable, filtering all MCP tools',
@@ -192,8 +201,17 @@ const createAgentHandler = async (req, res) => {
     agentData.author = userId;
     agentData.tools = [];
 
-    const availableTools = (await getCachedTools()) ?? {};
-    agentData.tools = await filterAuthorizedTools({ tools, userId, availableTools });
+    const hasMCPTools = tools.some((t) => t?.includes(Constants.mcp_delimiter));
+    const [availableTools, configServers] = await Promise.all([
+      getCachedTools().then((t) => t ?? {}),
+      hasMCPTools ? resolveConfigServers(req) : Promise.resolve(undefined),
+    ]);
+    agentData.tools = await filterAuthorizedTools({
+      tools,
+      userId,
+      availableTools,
+      configServers,
+    });
 
     const agent = await db.createAgent(agentData);
 
@@ -376,11 +394,15 @@ const updateAgentHandler = async (req, res) => {
       );
 
       if (newMCPTools.length > 0) {
-        const availableTools = (await getCachedTools()) ?? {};
+        const [availableTools, configServers] = await Promise.all([
+          getCachedTools().then((t) => t ?? {}),
+          resolveConfigServers(req),
+        ]);
         const approvedNew = await filterAuthorizedTools({
           tools: newMCPTools,
           userId: req.user.id,
           availableTools,
+          configServers,
         });
         const rejectedSet = new Set(newMCPTools.filter((t) => !approvedNew.includes(t)));
         if (rejectedSet.size > 0) {
@@ -533,12 +555,16 @@ const duplicateAgentHandler = async (req, res) => {
     newAgentData.actions = agentActions;
 
     if (newAgentData.tools?.length) {
-      const availableTools = (await getCachedTools()) ?? {};
+      const [availableTools, configServers] = await Promise.all([
+        getCachedTools().then((t) => t ?? {}),
+        resolveConfigServers(req),
+      ]);
       newAgentData.tools = await filterAuthorizedTools({
         tools: newAgentData.tools,
         userId,
         availableTools,
         existingTools: newAgentData.tools,
+        configServers,
       });
     }
 
@@ -873,12 +899,16 @@ const revertAgentVersionHandler = async (req, res) => {
     let updatedAgent = await db.revertAgentVersion({ id }, version_index);
 
     if (updatedAgent.tools?.length) {
-      const availableTools = (await getCachedTools()) ?? {};
+      const [availableTools, configServers] = await Promise.all([
+        getCachedTools().then((t) => t ?? {}),
+        resolveConfigServers(req),
+      ]);
       const filteredTools = await filterAuthorizedTools({
         tools: updatedAgent.tools,
         userId: req.user.id,
         availableTools,
         existingTools: updatedAgent.tools,
+        configServers,
       });
       if (filteredTools.length !== updatedAgent.tools.length) {
         updatedAgent = await db.updateAgent(
diff --git a/api/server/controllers/assistants/chatV1.js b/api/server/controllers/assistants/chatV1.js
index e4a20c2a5e..631831e617 100644
--- a/api/server/controllers/assistants/chatV1.js
+++ b/api/server/controllers/assistants/chatV1.js
@@ -40,6 +40,7 @@ const { sendResponse } = require('~/server/middleware/error');
 const {
   createAutoRefillTransaction,
   findBalanceByUser,
+  upsertBalanceFields,
   getTransactions,
   getMultiplier,
   getConvo,
@@ -296,7 +297,14 @@ const chatV1 = async (req, res) => {
             amount: promptTokens,
           },
         },
-        { findBalanceByUser, getMultiplier, createAutoRefillTransaction, logViolation },
+        {
+          findBalanceByUser,
+          getMultiplier,
+          createAutoRefillTransaction,
+          logViolation,
+          balanceConfig,
+          upsertBalanceFields,
+        },
       );
     };
 
diff --git a/api/server/controllers/assistants/chatV2.js b/api/server/controllers/assistants/chatV2.js
index 559d9d8953..237af1b11a 100644
--- a/api/server/controllers/assistants/chatV2.js
+++ b/api/server/controllers/assistants/chatV2.js
@@ -37,6 +37,7 @@ const {
   getMultiplier,
   getTransactions,
   findBalanceByUser,
+  upsertBalanceFields,
   createAutoRefillTransaction,
 } = require('~/models');
 const { logViolation, getLogStores } = require('~/cache');
@@ -169,7 +170,14 @@ const chatV2 = async (req, res) => {
             amount: promptTokens,
           },
         },
-        { findBalanceByUser, getMultiplier, createAutoRefillTransaction, logViolation },
+        {
+          findBalanceByUser,
+          getMultiplier,
+          createAutoRefillTransaction,
+          logViolation,
+          balanceConfig,
+          upsertBalanceFields,
+        },
       );
     };
 
diff --git a/api/server/controllers/auth/oauth.js b/api/server/controllers/auth/oauth.js
index 80c2ced002..917e9e2bef 100644
--- a/api/server/controllers/auth/oauth.js
+++ b/api/server/controllers/auth/oauth.js
@@ -47,9 +47,15 @@ function createOAuthHandler(redirectUri = domains.client) {
         const refreshToken =
           req.user.tokenset?.refresh_token || req.user.federatedTokens?.refresh_token;
 
-        const exchangeCode = await generateAdminExchangeCode(cache, req.user, token, refreshToken);
-
         const callbackUrl = new URL(redirectUri);
+        const exchangeCode = await generateAdminExchangeCode(
+          cache,
+          req.user,
+          token,
+          refreshToken,
+          callbackUrl.origin,
+          req.pkceChallenge,
+        );
         callbackUrl.searchParams.set('code', exchangeCode);
         logger.info(`[OAuth] Admin panel redirect with exchange code for user: ${req.user.email}`);
         return res.redirect(callbackUrl.toString());
diff --git a/api/server/controllers/mcp.js b/api/server/controllers/mcp.js
index 729f01da9d..e31bb93bc6 100644
--- a/api/server/controllers/mcp.js
+++ b/api/server/controllers/mcp.js
@@ -14,6 +14,7 @@ const {
   isMCPInspectionFailedError,
 } = require('@librechat/api');
 const { Constants, MCPServerUserInputSchema } = require('librechat-data-provider');
+const { resolveConfigServers, resolveAllMcpConfigs } = require('~/server/services/MCP');
 const { cacheMCPServerTools, getMCPServerTools } = require('~/server/services/Config');
 const { getMCPManager, getMCPServersRegistry } = require('~/config');
 
@@ -57,7 +58,7 @@ function handleMCPError(error, res) {
 }
 
 /**
- * Get all MCP tools available to the user
+ * Get all MCP tools available to the user.
  */
 const getMCPTools = async (req, res) => {
   try {
@@ -67,10 +68,10 @@ const getMCPTools = async (req, res) => {
       return res.status(401).json({ message: 'Unauthorized' });
     }
 
-    const mcpConfig = await getMCPServersRegistry().getAllServerConfigs(userId);
-    const configuredServers = mcpConfig ? Object.keys(mcpConfig) : [];
+    const mcpConfig = await resolveAllMcpConfigs(userId, req.user);
+    const configuredServers = Object.keys(mcpConfig);
 
-    if (!mcpConfig || Object.keys(mcpConfig).length == 0) {
+    if (!configuredServers.length) {
       return res.status(200).json({ servers: {} });
     }
 
@@ -115,14 +116,11 @@ const getMCPTools = async (req, res) => {
       try {
         const serverTools = serverToolsMap.get(serverName);
 
-        // Get server config once
         const serverConfig = mcpConfig[serverName];
-        const rawServerConfig = await getMCPServersRegistry().getServerConfig(serverName, userId);
 
-        // Initialize server object with all server-level data
         const server = {
           name: serverName,
-          icon: rawServerConfig?.iconPath || '',
+          icon: serverConfig?.iconPath || '',
           authenticated: true,
           authConfig: [],
           tools: [],
@@ -183,7 +181,7 @@ const getMCPServersList = async (req, res) => {
       return res.status(401).json({ message: 'Unauthorized' });
     }
 
-    const serverConfigs = await getMCPServersRegistry().getAllServerConfigs(userId);
+    const serverConfigs = await resolveAllMcpConfigs(userId, req.user);
     return res.json(redactAllServerSecrets(serverConfigs));
   } catch (error) {
     logger.error('[getMCPServersList]', error);
@@ -237,7 +235,12 @@ const getMCPServerById = async (req, res) => {
     if (!serverName) {
       return res.status(400).json({ message: 'Server name is required' });
     }
-    const parsedConfig = await getMCPServersRegistry().getServerConfig(serverName, userId);
+    const configServers = await resolveConfigServers(req);
+    const parsedConfig = await getMCPServersRegistry().getServerConfig(
+      serverName,
+      userId,
+      configServers,
+    );
 
     if (!parsedConfig) {
       return res.status(404).json({ message: 'MCP server not found' });
diff --git a/api/server/experimental.js b/api/server/experimental.js
index 8982b69afb..ff023b4504 100644
--- a/api/server/experimental.js
+++ b/api/server/experimental.js
@@ -19,6 +19,7 @@ const {
   performStartupChecks,
   handleJsonParseError,
   initializeFileStorage,
+  preAuthTenantMiddleware,
 } = require('@librechat/api');
 const { connectDb, indexSync } = require('~/db');
 const initializeOAuthReconnectManager = require('./services/initializeOAuthReconnectManager');
@@ -31,6 +32,7 @@ const initializeMCPs = require('./services/initializeMCPs');
 const configureSocialLogins = require('./socialLogins');
 const { getAppConfig } = require('./services/Config');
 const staticCache = require('./utils/staticCache');
+const optionalJwtAuth = require('./middleware/optionalJwtAuth');
 const noIndex = require('./middleware/noIndex');
 const routes = require('./routes');
 
@@ -312,7 +314,7 @@ if (cluster.isMaster) {
     app.use('/api/endpoints', routes.endpoints);
     app.use('/api/balance', routes.balance);
     app.use('/api/models', routes.models);
-    app.use('/api/config', routes.config);
+    app.use('/api/config', preAuthTenantMiddleware, optionalJwtAuth, routes.config);
     app.use('/api/assistants', routes.assistants);
     app.use('/api/files', await routes.files.initialize());
     app.use('/images/', createValidateImageRequest(appConfig.secureImageLinks), routes.staticRoute);
diff --git a/api/server/index.js b/api/server/index.js
index ba376ab335..d26a203c0a 100644
--- a/api/server/index.js
+++ b/api/server/index.js
@@ -8,8 +8,8 @@ const express = require('express');
 const passport = require('passport');
 const compression = require('compression');
 const cookieParser = require('cookie-parser');
-const { logger } = require('@librechat/data-schemas');
 const mongoSanitize = require('express-mongo-sanitize');
+const { logger, runAsSystem } = require('@librechat/data-schemas');
 const {
   isEnabled,
   apiNotFound,
@@ -21,6 +21,7 @@ const {
   createStreamServices,
   initializeFileStorage,
   updateInterfacePermissions,
+  preAuthTenantMiddleware,
 } = require('@librechat/api');
 const { connectDb, indexSync } = require('~/db');
 const initializeOAuthReconnectManager = require('./services/initializeOAuthReconnectManager');
@@ -33,6 +34,7 @@ const initializeMCPs = require('./services/initializeMCPs');
 const configureSocialLogins = require('./socialLogins');
 const { getAppConfig } = require('./services/Config');
 const staticCache = require('./utils/staticCache');
+const optionalJwtAuth = require('./middleware/optionalJwtAuth');
 const noIndex = require('./middleware/noIndex');
 const routes = require('./routes');
 
@@ -59,11 +61,20 @@ const startServer = async () => {
   app.disable('x-powered-by');
   app.set('trust proxy', trusted_proxy);
 
-  await seedDatabase();
-  const appConfig = await getAppConfig();
+  if (isEnabled(process.env.TENANT_ISOLATION_STRICT)) {
+    logger.warn(
+      '[Security] TENANT_ISOLATION_STRICT is active. Ensure your reverse proxy strips or sets ' +
+        'the X-Tenant-Id header — untrusted clients must not be able to set it directly.',
+    );
+  }
+
+  await runAsSystem(seedDatabase);
+  const appConfig = await getAppConfig({ baseOnly: true });
   initializeFileStorage(appConfig);
-  await performStartupChecks(appConfig);
-  await updateInterfacePermissions({ appConfig, getRoleByName, updateAccessPermissions });
+  await runAsSystem(async () => {
+    await performStartupChecks(appConfig);
+    await updateInterfacePermissions({ appConfig, getRoleByName, updateAccessPermissions });
+  });
 
   const indexPath = path.join(appConfig.paths.dist, 'index.html');
   let indexHTML = fs.readFileSync(indexPath, 'utf8');
@@ -137,10 +148,17 @@ const startServer = async () => {
   /* Per-request capability cache — must be registered before any route that calls hasCapability */
   app.use(capabilityContextMiddleware);
 
-  app.use('/oauth', routes.oauth);
+  /* Pre-auth tenant context for unauthenticated routes that need tenant scoping.
+   * The reverse proxy / auth gateway sets `X-Tenant-Id` header for multi-tenant deployments. */
+  app.use('/oauth', preAuthTenantMiddleware, routes.oauth);
   /* API Endpoints */
-  app.use('/api/auth', routes.auth);
+  app.use('/api/auth', preAuthTenantMiddleware, routes.auth);
   app.use('/api/admin', routes.adminAuth);
+  app.use('/api/admin/config', routes.adminConfig);
+  app.use('/api/admin/grants', routes.adminGrants);
+  app.use('/api/admin/groups', routes.adminGroups);
+  app.use('/api/admin/roles', routes.adminRoles);
+  app.use('/api/admin/users', routes.adminUsers);
   app.use('/api/actions', routes.actions);
   app.use('/api/keys', routes.keys);
   app.use('/api/api-keys', routes.apiKeys);
@@ -154,11 +172,11 @@ const startServer = async () => {
   app.use('/api/endpoints', routes.endpoints);
   app.use('/api/balance', routes.balance);
   app.use('/api/models', routes.models);
-  app.use('/api/config', routes.config);
+  app.use('/api/config', preAuthTenantMiddleware, optionalJwtAuth, routes.config);
   app.use('/api/assistants', routes.assistants);
   app.use('/api/files', await routes.files.initialize());
   app.use('/images/', createValidateImageRequest(appConfig.secureImageLinks), routes.staticRoute);
-  app.use('/api/share', routes.share);
+  app.use('/api/share', preAuthTenantMiddleware, routes.share);
   app.use('/api/roles', routes.roles);
   app.use('/api/agents', routes.agents);
   app.use('/api/banner', routes.banner);
@@ -204,8 +222,10 @@ const startServer = async () => {
       logger.info(`Server listening at http://${host == '0.0.0.0' ? 'localhost' : host}:${port}`);
     }
 
-    await initializeMCPs();
-    await initializeOAuthReconnectManager();
+    await runAsSystem(async () => {
+      await initializeMCPs();
+      await initializeOAuthReconnectManager();
+    });
     await checkMigrations();
 
     // Configure stream services (auto-detects Redis from USE_REDIS env var)
diff --git a/api/server/middleware/__tests__/requireJwtAuth.spec.js b/api/server/middleware/__tests__/requireJwtAuth.spec.js
new file mode 100644
index 0000000000..bc288e5dab
--- /dev/null
+++ b/api/server/middleware/__tests__/requireJwtAuth.spec.js
@@ -0,0 +1,116 @@
+/**
+ * Integration test: verifies that requireJwtAuth chains tenantContextMiddleware
+ * after successful passport authentication, so ALS tenant context is set for
+ * all downstream middleware and route handlers.
+ *
+ * requireJwtAuth must chain tenantContextMiddleware after passport populates
+ * req.user (not at global app.use() scope where req.user is undefined).
+ * If the chaining is removed, these tests fail.
+ */
+
+const { getTenantId } = require('@librechat/data-schemas');
+
+// ── Mocks ──────────────────────────────────────────────────────────────
+
+let mockPassportError = null;
+
+jest.mock('passport', () => ({
+  authenticate: jest.fn(() => {
+    return (req, _res, done) => {
+      if (mockPassportError) {
+        return done(mockPassportError);
+      }
+      if (req._mockUser) {
+        req.user = req._mockUser;
+      }
+      done();
+    };
+  }),
+}));
+
+// Mock @librechat/api — the real tenantContextMiddleware is TS and cannot be
+// required directly from CJS tests. This thin wrapper mirrors the real logic
+// (read req.user.tenantId, call tenantStorage.run) using the same data-schemas
+// primitives. The real implementation is covered by packages/api tenant.spec.ts.
+jest.mock('@librechat/api', () => {
+  const { tenantStorage } = require('@librechat/data-schemas');
+  return {
+    isEnabled: jest.fn(() => false),
+    tenantContextMiddleware: (req, res, next) => {
+      const tenantId = req.user?.tenantId;
+      if (!tenantId) {
+        return next();
+      }
+      return tenantStorage.run({ tenantId }, async () => next());
+    },
+  };
+});
+
+// ── Helpers ─────────────────────────────────────────────────────────────
+
+const requireJwtAuth = require('../requireJwtAuth');
+
+function mockReq(user) {
+  return { headers: {}, _mockUser: user };
+}
+
+function mockRes() {
+  return { status: jest.fn().mockReturnThis(), json: jest.fn().mockReturnThis() };
+}
+
+/** Runs requireJwtAuth and returns the tenantId observed inside next(). */
+function runAuth(user) {
+  return new Promise((resolve) => {
+    const req = mockReq(user);
+    const res = mockRes();
+    requireJwtAuth(req, res, () => {
+      resolve(getTenantId());
+    });
+  });
+}
+
+// ── Tests ──────────────────────────────────────────────────────────────
+
+describe('requireJwtAuth tenant context chaining', () => {
+  afterEach(() => {
+    mockPassportError = null;
+  });
+
+  it('forwards passport errors to next() without entering tenant middleware', async () => {
+    mockPassportError = new Error('JWT signature invalid');
+    const req = mockReq(undefined);
+    const res = mockRes();
+    const err = await new Promise((resolve) => {
+      requireJwtAuth(req, res, (e) => resolve(e));
+    });
+    expect(err).toBeInstanceOf(Error);
+    expect(err.message).toBe('JWT signature invalid');
+    expect(getTenantId()).toBeUndefined();
+  });
+
+  it('sets ALS tenant context after passport auth succeeds', async () => {
+    const tenantId = await runAuth({ tenantId: 'tenant-abc', role: 'user' });
+    expect(tenantId).toBe('tenant-abc');
+  });
+
+  it('ALS tenant context is NOT set when user has no tenantId', async () => {
+    const tenantId = await runAuth({ role: 'user' });
+    expect(tenantId).toBeUndefined();
+  });
+
+  it('ALS tenant context is NOT set when user is undefined', async () => {
+    const tenantId = await runAuth(undefined);
+    expect(tenantId).toBeUndefined();
+  });
+
+  it('concurrent requests get isolated tenant contexts', async () => {
+    const results = await Promise.all(
+      ['tenant-1', 'tenant-2', 'tenant-3'].map((tid) => runAuth({ tenantId: tid, role: 'user' })),
+    );
+    expect(results).toEqual(['tenant-1', 'tenant-2', 'tenant-3']);
+  });
+
+  it('ALS context is not set at top-level scope (outside any request)', () => {
+    expect(getTenantId()).toBeUndefined();
+  });
+});
diff --git a/api/server/middleware/__tests__/validateModel.spec.js b/api/server/middleware/__tests__/validateModel.spec.js
new file mode 100644
index 0000000000..634baeed11
--- /dev/null
+++ b/api/server/middleware/__tests__/validateModel.spec.js
@@ -0,0 +1,178 @@
+const { ViolationTypes } = require('librechat-data-provider');
+
+jest.mock('@librechat/api', () => ({
+  handleError: jest.fn(),
+}));
+
+jest.mock('~/server/controllers/ModelController', () => ({
+  getModelsConfig: jest.fn(),
+}));
+
+jest.mock('~/server/services/Config', () => ({
+  getEndpointsConfig: jest.fn(),
+}));
+
+jest.mock('~/cache', () => ({
+  logViolation: jest.fn(),
+}));
+
+const { handleError } = require('@librechat/api');
+const { getModelsConfig } = require('~/server/controllers/ModelController');
+const { getEndpointsConfig } = require('~/server/services/Config');
+const { logViolation } = require('~/cache');
+const validateModel = require('../validateModel');
+
+describe('validateModel', () => {
+  let req, res, next;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    req = { body: { model: 'gpt-4o', endpoint: 'openAI' } };
+    res = {};
+    next = jest.fn();
+    getEndpointsConfig.mockResolvedValue({
+      openAI: { userProvide: false },
+    });
+    getModelsConfig.mockResolvedValue({
+      openAI: ['gpt-4o', 'gpt-4o-mini'],
+    });
+  });
+
+  describe('format validation', () => {
+    it('rejects missing model', async () => {
+      req.body.model = undefined;
+      await validateModel(req, res, next);
+      expect(handleError).toHaveBeenCalledWith(res, { text: 'Model not provided' });
+      expect(next).not.toHaveBeenCalled();
+    });
+
+    it('rejects non-string model', async () => {
+      req.body.model = 12345;
+      await validateModel(req, res, next);
+      expect(handleError).toHaveBeenCalledWith(res, { text: 'Model not provided' });
+      expect(next).not.toHaveBeenCalled();
+    });
+
+    it('rejects model exceeding 256 chars', async () => {
+      req.body.model = 'a'.repeat(257);
+      await validateModel(req, res, next);
+      expect(handleError).toHaveBeenCalledWith(res, { text: 'Invalid model identifier' });
+    });
+
+    it('rejects model with leading special character', async () => {
+      req.body.model = '.bad-model';
+      await validateModel(req, res, next);
+      expect(handleError).toHaveBeenCalledWith(res, { text: 'Invalid model identifier' });
+    });
+
+    it('rejects model with script injection', async () => {
+      req.body.model = '<script>alert(1)</script>';
+      await validateModel(req, res, next);
+      expect(handleError).toHaveBeenCalledWith(res, { text: 'Invalid model identifier' });
+    });
+
+    it('trims whitespace before validation', async () => {
+      req.body.model = '  gpt-4o  ';
+      getModelsConfig.mockResolvedValue({ openAI: ['gpt-4o'] });
+      await validateModel(req, res, next);
+      expect(next).toHaveBeenCalled();
+      expect(handleError).not.toHaveBeenCalled();
+    });
+
+    it('rejects model with spaces in the middle', async () => {
+      req.body.model = 'gpt 4o';
+      await validateModel(req, res, next);
+      expect(handleError).toHaveBeenCalledWith(res, { text: 'Invalid model identifier' });
+    });
+
+    it('accepts standard model IDs', async () => {
+      const validModels = [
+        'gpt-4o',
+        'claude-3-5-sonnet-20241022',
+        'us.amazon.nova-pro-v1:0',
+        'qwen/qwen3.6-plus-preview:free',
+        'Meta-Llama-3-8B-Instruct-4bit',
+      ];
+      for (const model of validModels) {
+        jest.clearAllMocks();
+        req.body.model = model;
+        getEndpointsConfig.mockResolvedValue({ openAI: { userProvide: false } });
+        getModelsConfig.mockResolvedValue({ openAI: [model] });
+        next.mockClear();
+
+        await validateModel(req, res, next);
+        expect(next).toHaveBeenCalled();
+        expect(handleError).not.toHaveBeenCalled();
+      }
+    });
+  });
+
+  describe('userProvide early-return', () => {
+    it('calls next() immediately for userProvide endpoints without checking model list', async () => {
+      getEndpointsConfig.mockResolvedValue({
+        openAI: { userProvide: true },
+      });
+      req.body.model = 'any-model-from-user-key';
+
+      await validateModel(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+      expect(getModelsConfig).not.toHaveBeenCalled();
+    });
+
+    it('does not call getModelsConfig for userProvide endpoints', async () => {
+      getEndpointsConfig.mockResolvedValue({
+        CustomEndpoint: { userProvide: true },
+      });
+      req.body = { model: 'custom-model', endpoint: 'CustomEndpoint' };
+
+      await validateModel(req, res, next);
+
+      expect(getModelsConfig).not.toHaveBeenCalled();
+      expect(next).toHaveBeenCalled();
+    });
+  });
+
+  describe('system endpoint list validation', () => {
+    it('rejects a model not in the available list', async () => {
+      req.body.model = 'not-in-list';
+
+      await validateModel(req, res, next);
+
+      expect(logViolation).toHaveBeenCalledWith(
+        req,
+        res,
+        ViolationTypes.ILLEGAL_MODEL_REQUEST,
+        expect.any(Object),
+        expect.anything(),
+      );
+      expect(handleError).toHaveBeenCalledWith(res, { text: 'Illegal model request' });
+      expect(next).not.toHaveBeenCalled();
+    });
+
+    it('accepts a model in the available list', async () => {
+      req.body.model = 'gpt-4o';
+
+      await validateModel(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+      expect(handleError).not.toHaveBeenCalled();
+    });
+
+    it('rejects when endpoint has no models loaded', async () => {
+      getModelsConfig.mockResolvedValue({ openAI: undefined });
+
+      await validateModel(req, res, next);
+
+      expect(handleError).toHaveBeenCalledWith(res, { text: 'Endpoint models not loaded' });
+    });
+
+    it('rejects when modelsConfig is null', async () => {
+      getModelsConfig.mockResolvedValue(null);
+
+      await validateModel(req, res, next);
+
+      expect(handleError).toHaveBeenCalledWith(res, { text: 'Models not loaded' });
+    });
+  });
+});
diff --git a/api/server/middleware/checkDomainAllowed.js b/api/server/middleware/checkDomainAllowed.js
index 754eb9c127..f7a3f00e68 100644
--- a/api/server/middleware/checkDomainAllowed.js
+++ b/api/server/middleware/checkDomainAllowed.js
@@ -18,6 +18,7 @@ const checkDomainAllowed = async (req, res, next) => {
     const email = req?.user?.email;
     const appConfig = await getAppConfig({
       role: req?.user?.role,
+      tenantId: req?.user?.tenantId,
     });
 
     if (email && !isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
diff --git a/api/server/middleware/config/app.js b/api/server/middleware/config/app.js
index bca3c8f71d..fb5f89b229 100644
--- a/api/server/middleware/config/app.js
+++ b/api/server/middleware/config/app.js
@@ -4,7 +4,9 @@ const { getAppConfig } = require('~/server/services/Config');
 const configMiddleware = async (req, res, next) => {
   try {
     const userRole = req.user?.role;
-    req.config = await getAppConfig({ role: userRole });
+    const userId = req.user?.id;
+    const tenantId = req.user?.tenantId;
+    req.config = await getAppConfig({ role: userRole, userId, tenantId });
 
     next();
   } catch (error) {
diff --git a/api/server/middleware/optionalJwtAuth.js b/api/server/middleware/optionalJwtAuth.js
index 2f59fdda4a..d46478d36e 100644
--- a/api/server/middleware/optionalJwtAuth.js
+++ b/api/server/middleware/optionalJwtAuth.js
@@ -1,9 +1,10 @@
 const cookies = require('cookie');
 const passport = require('passport');
-const { isEnabled } = require('@librechat/api');
+const { isEnabled, tenantContextMiddleware } = require('@librechat/api');
 
 // This middleware does not require authentication,
-// but if the user is authenticated, it will set the user object.
+// but if the user is authenticated, it will set the user object
+// and establish tenant ALS context.
 const optionalJwtAuth = (req, res, next) => {
   const cookieHeader = req.headers.cookie;
   const tokenProvider = cookieHeader ? cookies.parse(cookieHeader).token_provider : null;
@@ -13,6 +14,7 @@ const optionalJwtAuth = (req, res, next) => {
     }
     if (user) {
       req.user = user;
+      return tenantContextMiddleware(req, res, next);
     }
     next();
   };
diff --git a/api/server/middleware/requireJwtAuth.js b/api/server/middleware/requireJwtAuth.js
index 16b107aefc..b13e991b23 100644
--- a/api/server/middleware/requireJwtAuth.js
+++ b/api/server/middleware/requireJwtAuth.js
@@ -1,20 +1,29 @@
 const cookies = require('cookie');
 const passport = require('passport');
-const { isEnabled } = require('@librechat/api');
+const { isEnabled, tenantContextMiddleware } = require('@librechat/api');
 
 /**
- * Custom Middleware to handle JWT authentication, with support for OpenID token reuse
- * Switches between JWT and OpenID authentication based on cookies and environment settings
+ * Custom Middleware to handle JWT authentication, with support for OpenID token reuse.
+ * Switches between JWT and OpenID authentication based on cookies and environment settings.
+ *
+ * After successful authentication (req.user populated), automatically chains into
+ * `tenantContextMiddleware` to propagate `req.user.tenantId` into AsyncLocalStorage
+ * for downstream Mongoose tenant isolation.
  */
 const requireJwtAuth = (req, res, next) => {
   const cookieHeader = req.headers.cookie;
   const tokenProvider = cookieHeader ? cookies.parse(cookieHeader).token_provider : null;
 
-  if (tokenProvider === 'openid' && isEnabled(process.env.OPENID_REUSE_TOKENS)) {
-    return passport.authenticate('openidJwt', { session: false })(req, res, next);
-  }
+  const strategy =
+    tokenProvider === 'openid' && isEnabled(process.env.OPENID_REUSE_TOKENS) ? 'openidJwt' : 'jwt';
 
-  return passport.authenticate('jwt', { session: false })(req, res, next);
+  passport.authenticate(strategy, { session: false })(req, res, (err) => {
+    if (err) {
+      return next(err);
+    }
+    // req.user is now populated by passport — set up tenant ALS context
+    tenantContextMiddleware(req, res, next);
+  });
 };
 
 module.exports = requireJwtAuth;
diff --git a/api/server/middleware/validateModel.js b/api/server/middleware/validateModel.js
index 40f6e67bfb..71a931f0d1 100644
--- a/api/server/middleware/validateModel.js
+++ b/api/server/middleware/validateModel.js
@@ -1,7 +1,12 @@
 const { handleError } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
 const { getModelsConfig } = require('~/server/controllers/ModelController');
+const { getEndpointsConfig } = require('~/server/services/Config');
 const { logViolation } = require('~/cache');
+
+const MAX_MODEL_STRING_LENGTH = 256;
+const MODEL_PATTERN = /^[a-zA-Z0-9][a-zA-Z0-9_.:/@+-]*$/;
+
 /**
  * Validates the model of the request.
  *
@@ -11,11 +16,27 @@ const { logViolation } = require('~/cache');
  * @param {Function} next - The Express next function.
  */
 const validateModel = async (req, res, next) => {
-  const { model, endpoint } = req.body;
-  if (!model) {
+  const { endpoint } = req.body;
+  const rawModel = req.body.model;
+
+  if (!rawModel || typeof rawModel !== 'string') {
     return handleError(res, { text: 'Model not provided' });
   }
 
+  const model = rawModel.trim();
+  if (!model || model.length > MAX_MODEL_STRING_LENGTH || !MODEL_PATTERN.test(model)) {
+    return handleError(res, { text: 'Invalid model identifier' });
+  }
+
+  req.body.model = model;
+
+  const endpointsConfig = await getEndpointsConfig(req);
+  const endpointConfig = endpointsConfig?.[endpoint];
+
+  if (endpointConfig?.userProvide) {
+    return next();
+  }
+
   const modelsConfig = await getModelsConfig(req);
 
   if (!modelsConfig) {
diff --git a/api/server/routes/__tests__/config.spec.js b/api/server/routes/__tests__/config.spec.js
index 7d7d3ea13a..54315a7798 100644
--- a/api/server/routes/__tests__/config.spec.js
+++ b/api/server/routes/__tests__/config.spec.js
@@ -1,25 +1,73 @@
 jest.mock('~/cache/getLogStores');
+
+const mockGetAppConfig = jest.fn();
+jest.mock('~/server/services/Config/app', () => ({
+  getAppConfig: (...args) => mockGetAppConfig(...args),
+}));
+
+jest.mock('~/server/services/Config/ldap', () => ({
+  getLdapConfig: jest.fn(() => null),
+}));
+
+const mockGetTenantId = jest.fn(() => undefined);
+jest.mock('@librechat/data-schemas', () => ({
+  ...jest.requireActual('@librechat/data-schemas'),
+  getTenantId: (...args) => mockGetTenantId(...args),
+}));
+
 const request = require('supertest');
 const express = require('express');
 const configRoute = require('../config');
-// file deepcode ignore UseCsurfForExpress/test: test
-const app = express();
-app.disable('x-powered-by');
-app.use('/api/config', configRoute);
+
+function createApp(user) {
+  const app = express();
+  app.disable('x-powered-by');
+  if (user) {
+    app.use((req, _res, next) => {
+      req.user = user;
+      next();
+    });
+  }
+  app.use('/api/config', configRoute);
+  return app;
+}
+
+const baseAppConfig = {
+  registration: { socialLogins: ['google', 'github'] },
+  interfaceConfig: {
+    privacyPolicy: { externalUrl: 'https://example.com/privacy' },
+    termsOfService: { externalUrl: 'https://example.com/tos' },
+    modelSelect: true,
+  },
+  turnstileConfig: { siteKey: 'test-key' },
+  modelSpecs: { list: [{ name: 'test-spec' }] },
+  webSearch: { searchProvider: 'tavily' },
+};
+
+const mockUser = {
+  id: 'user123',
+  role: 'USER',
+  tenantId: undefined,
+};
 
 afterEach(() => {
+  jest.resetAllMocks();
   delete process.env.APP_TITLE;
+  delete process.env.CHECK_BALANCE;
+  delete process.env.START_BALANCE;
+  delete process.env.SANDPACK_BUNDLER_URL;
+  delete process.env.SANDPACK_STATIC_BUNDLER_URL;
+  delete process.env.CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES;
+  delete process.env.ALLOW_REGISTRATION;
+  delete process.env.ALLOW_SOCIAL_LOGIN;
+  delete process.env.ALLOW_PASSWORD_RESET;
+  delete process.env.DOMAIN_SERVER;
   delete process.env.GOOGLE_CLIENT_ID;
   delete process.env.GOOGLE_CLIENT_SECRET;
-  delete process.env.FACEBOOK_CLIENT_ID;
-  delete process.env.FACEBOOK_CLIENT_SECRET;
   delete process.env.OPENID_CLIENT_ID;
   delete process.env.OPENID_CLIENT_SECRET;
   delete process.env.OPENID_ISSUER;
   delete process.env.OPENID_SESSION_SECRET;
-  delete process.env.OPENID_BUTTON_LABEL;
-  delete process.env.OPENID_AUTO_REDIRECT;
-  delete process.env.OPENID_AUTH_URL;
   delete process.env.GITHUB_CLIENT_ID;
   delete process.env.GITHUB_CLIENT_SECRET;
   delete process.env.DISCORD_CLIENT_ID;
@@ -28,78 +76,215 @@ afterEach(() => {
   delete process.env.SAML_ISSUER;
   delete process.env.SAML_CERT;
   delete process.env.SAML_SESSION_SECRET;
-  delete process.env.SAML_BUTTON_LABEL;
-  delete process.env.SAML_IMAGE_URL;
-  delete process.env.DOMAIN_SERVER;
-  delete process.env.ALLOW_REGISTRATION;
-  delete process.env.ALLOW_SOCIAL_LOGIN;
-  delete process.env.ALLOW_PASSWORD_RESET;
-  delete process.env.LDAP_URL;
-  delete process.env.LDAP_BIND_DN;
-  delete process.env.LDAP_BIND_CREDENTIALS;
-  delete process.env.LDAP_USER_SEARCH_BASE;
-  delete process.env.LDAP_SEARCH_FILTER;
 });
 
-//TODO: This works/passes locally but http request tests fail with 404 in CI. Need to figure out why.
+describe('GET /api/config', () => {
+  describe('unauthenticated (no req.user)', () => {
+    it('should call getAppConfig with baseOnly when no tenant context', async () => {
+      mockGetAppConfig.mockResolvedValue(baseAppConfig);
+      mockGetTenantId.mockReturnValue(undefined);
+      const app = createApp(null);
 
-describe.skip('GET /', () => {
-  it('should return 200 and the correct body', async () => {
-    process.env.APP_TITLE = 'Test Title';
-    process.env.GOOGLE_CLIENT_ID = 'Test Google Client Id';
-    process.env.GOOGLE_CLIENT_SECRET = 'Test Google Client Secret';
-    process.env.FACEBOOK_CLIENT_ID = 'Test Facebook Client Id';
-    process.env.FACEBOOK_CLIENT_SECRET = 'Test Facebook Client Secret';
-    process.env.OPENID_CLIENT_ID = 'Test OpenID Id';
-    process.env.OPENID_CLIENT_SECRET = 'Test OpenID Secret';
-    process.env.OPENID_ISSUER = 'Test OpenID Issuer';
-    process.env.OPENID_SESSION_SECRET = 'Test Secret';
-    process.env.OPENID_BUTTON_LABEL = 'Test OpenID';
-    process.env.OPENID_AUTH_URL = 'http://test-server.com';
-    process.env.GITHUB_CLIENT_ID = 'Test Github client Id';
-    process.env.GITHUB_CLIENT_SECRET = 'Test Github client Secret';
-    process.env.DISCORD_CLIENT_ID = 'Test Discord client Id';
-    process.env.DISCORD_CLIENT_SECRET = 'Test Discord client Secret';
-    process.env.SAML_ENTRY_POINT = 'http://test-server.com';
-    process.env.SAML_ISSUER = 'Test SAML Issuer';
-    process.env.SAML_CERT = 'saml.pem';
-    process.env.SAML_SESSION_SECRET = 'Test Secret';
-    process.env.SAML_BUTTON_LABEL = 'Test SAML';
-    process.env.SAML_IMAGE_URL = 'http://test-server.com';
-    process.env.DOMAIN_SERVER = 'http://test-server.com';
-    process.env.ALLOW_REGISTRATION = 'true';
-    process.env.ALLOW_SOCIAL_LOGIN = 'true';
-    process.env.ALLOW_PASSWORD_RESET = 'true';
-    process.env.LDAP_URL = 'Test LDAP URL';
-    process.env.LDAP_BIND_DN = 'Test LDAP Bind DN';
-    process.env.LDAP_BIND_CREDENTIALS = 'Test LDAP Bind Credentials';
-    process.env.LDAP_USER_SEARCH_BASE = 'Test LDAP User Search Base';
-    process.env.LDAP_SEARCH_FILTER = 'Test LDAP Search Filter';
+      await request(app).get('/api/config');
 
-    const response = await request(app).get('/');
+      expect(mockGetAppConfig).toHaveBeenCalledWith({ baseOnly: true });
+    });
 
-    expect(response.statusCode).toBe(200);
-    expect(response.body).toEqual({
-      appTitle: 'Test Title',
-      socialLogins: ['google', 'facebook', 'openid', 'github', 'discord', 'saml'],
-      discordLoginEnabled: true,
-      facebookLoginEnabled: true,
-      githubLoginEnabled: true,
-      googleLoginEnabled: true,
-      openidLoginEnabled: true,
-      openidLabel: 'Test OpenID',
-      openidImageUrl: 'http://test-server.com',
-      samlLoginEnabled: true,
-      samlLabel: 'Test SAML',
-      samlImageUrl: 'http://test-server.com',
-      ldap: {
-        enabled: true,
-      },
-      serverDomain: 'http://test-server.com',
-      emailLoginEnabled: 'true',
-      registrationEnabled: 'true',
-      passwordResetEnabled: 'true',
-      socialLoginEnabled: 'true',
+    it('should call getAppConfig with tenantId when tenant context is present', async () => {
+      mockGetAppConfig.mockResolvedValue(baseAppConfig);
+      mockGetTenantId.mockReturnValue('tenant-abc');
+      const app = createApp(null);
+
+      await request(app).get('/api/config');
+
+      expect(mockGetAppConfig).toHaveBeenCalledWith({ tenantId: 'tenant-abc' });
+    });
+
+    it('should map tenant-scoped config fields in unauthenticated response', async () => {
+      const tenantConfig = {
+        ...baseAppConfig,
+        registration: { socialLogins: ['saml'] },
+        turnstileConfig: { siteKey: 'tenant-key' },
+      };
+      mockGetAppConfig.mockResolvedValue(tenantConfig);
+      mockGetTenantId.mockReturnValue('tenant-abc');
+      const app = createApp(null);
+
+      const response = await request(app).get('/api/config');
+
+      expect(response.statusCode).toBe(200);
+      expect(response.body.socialLogins).toEqual(['saml']);
+      expect(response.body.turnstile).toEqual({ siteKey: 'tenant-key' });
+      expect(response.body).not.toHaveProperty('modelSpecs');
+    });
+
+    it('should return minimal payload without authenticated-only fields', async () => {
+      mockGetAppConfig.mockResolvedValue(baseAppConfig);
+      const app = createApp(null);
+
+      const response = await request(app).get('/api/config');
+
+      expect(response.statusCode).toBe(200);
+      expect(response.body).not.toHaveProperty('modelSpecs');
+      expect(response.body).not.toHaveProperty('balance');
+      expect(response.body).not.toHaveProperty('webSearch');
+      expect(response.body).not.toHaveProperty('bundlerURL');
+      expect(response.body).not.toHaveProperty('staticBundlerURL');
+      expect(response.body).not.toHaveProperty('sharePointFilePickerEnabled');
+      expect(response.body).not.toHaveProperty('conversationImportMaxFileSize');
+    });
+
+    it('should include socialLogins and turnstile from base config', async () => {
+      mockGetAppConfig.mockResolvedValue(baseAppConfig);
+      const app = createApp(null);
+
+      const response = await request(app).get('/api/config');
+
+      expect(response.body.socialLogins).toEqual(['google', 'github']);
+      expect(response.body.turnstile).toEqual({ siteKey: 'test-key' });
+    });
+
+    it('should include only privacyPolicy and termsOfService from interface config', async () => {
+      mockGetAppConfig.mockResolvedValue(baseAppConfig);
+      const app = createApp(null);
+
+      const response = await request(app).get('/api/config');
+
+      expect(response.body.interface).toEqual({
+        privacyPolicy: { externalUrl: 'https://example.com/privacy' },
+        termsOfService: { externalUrl: 'https://example.com/tos' },
+      });
+      expect(response.body.interface).not.toHaveProperty('modelSelect');
+    });
+
+    it('should not include interface if no privacyPolicy or termsOfService', async () => {
+      mockGetAppConfig.mockResolvedValue({
+        ...baseAppConfig,
+        interfaceConfig: { modelSelect: true },
+      });
+      const app = createApp(null);
+
+      const response = await request(app).get('/api/config');
+
+      expect(response.body).not.toHaveProperty('interface');
+    });
+
+    it('should include shared env var fields', async () => {
+      mockGetAppConfig.mockResolvedValue(baseAppConfig);
+      process.env.APP_TITLE = 'Test App';
+      const app = createApp(null);
+
+      const response = await request(app).get('/api/config');
+
+      expect(response.body.appTitle).toBe('Test App');
+      expect(response.body).toHaveProperty('emailLoginEnabled');
+      expect(response.body).toHaveProperty('serverDomain');
+    });
+
+    it('should return 500 when getAppConfig throws', async () => {
+      mockGetAppConfig.mockRejectedValue(new Error('Config service failure'));
+      const app = createApp(null);
+
+      const response = await request(app).get('/api/config');
+
+      expect(response.statusCode).toBe(500);
+      expect(response.body).toHaveProperty('error');
+    });
+  });
+
+  describe('authenticated (req.user exists)', () => {
+    it('should call getAppConfig with role, userId, and tenantId', async () => {
+      mockGetAppConfig.mockResolvedValue(baseAppConfig);
+      mockGetTenantId.mockReturnValue('fallback-tenant');
+      const app = createApp(mockUser);
+
+      await request(app).get('/api/config');
+
+      expect(mockGetAppConfig).toHaveBeenCalledWith({
+        role: 'USER',
+        userId: 'user123',
+        tenantId: 'fallback-tenant',
+      });
+    });
+
+    it('should prefer user tenantId over getTenantId fallback', async () => {
+      mockGetAppConfig.mockResolvedValue(baseAppConfig);
+      mockGetTenantId.mockReturnValue('fallback-tenant');
+      const app = createApp({ ...mockUser, tenantId: 'user-tenant' });
+
+      await request(app).get('/api/config');
+
+      expect(mockGetAppConfig).toHaveBeenCalledWith({
+        role: 'USER',
+        userId: 'user123',
+        tenantId: 'user-tenant',
+      });
+    });
+
+    it('should include modelSpecs, balance, and webSearch', async () => {
+      mockGetAppConfig.mockResolvedValue(baseAppConfig);
+      process.env.CHECK_BALANCE = 'true';
+      process.env.START_BALANCE = '10000';
+      const app = createApp(mockUser);
+
+      const response = await request(app).get('/api/config');
+
+      expect(response.body.modelSpecs).toEqual({ list: [{ name: 'test-spec' }] });
+      expect(response.body.balance).toEqual({ enabled: true, startBalance: 10000 });
+      expect(response.body.webSearch).toEqual({ searchProvider: 'tavily' });
+    });
+
+    it('should include full interface config', async () => {
+      mockGetAppConfig.mockResolvedValue(baseAppConfig);
+      const app = createApp(mockUser);
+
+      const response = await request(app).get('/api/config');
+
+      expect(response.body.interface).toEqual(baseAppConfig.interfaceConfig);
+    });
+
+    it('should include authenticated-only env var fields', async () => {
+      mockGetAppConfig.mockResolvedValue(baseAppConfig);
+      process.env.SANDPACK_BUNDLER_URL = 'https://bundler.test';
+      process.env.SANDPACK_STATIC_BUNDLER_URL = 'https://static-bundler.test';
+      process.env.CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES = '5000000';
+      const app = createApp(mockUser);
+
+      const response = await request(app).get('/api/config');
+
+      expect(response.body.bundlerURL).toBe('https://bundler.test');
+      expect(response.body.staticBundlerURL).toBe('https://static-bundler.test');
+      expect(response.body.conversationImportMaxFileSize).toBe(5000000);
+    });
+
+    it('should merge per-user balance override into config', async () => {
+      mockGetAppConfig.mockResolvedValue({
+        ...baseAppConfig,
+        balance: {
+          enabled: true,
+          startBalance: 50000,
+        },
+      });
+      const app = createApp(mockUser);
+
+      const response = await request(app).get('/api/config');
+
+      expect(response.body.balance).toEqual(
+        expect.objectContaining({
+          enabled: true,
+          startBalance: 50000,
+        }),
+      );
+    });
+
+    it('should return 500 when getAppConfig throws', async () => {
+      mockGetAppConfig.mockRejectedValue(new Error('Config service failure'));
+      const app = createApp(mockUser);
+
+      const response = await request(app).get('/api/config');
+
+      expect(response.statusCode).toBe(500);
+      expect(response.body).toHaveProperty('error');
     });
   });
 });
diff --git a/api/server/routes/__tests__/grants.spec.js b/api/server/routes/__tests__/grants.spec.js
new file mode 100644
index 0000000000..c7b5b6bdda
--- /dev/null
+++ b/api/server/routes/__tests__/grants.spec.js
@@ -0,0 +1,185 @@
+const express = require('express');
+const request = require('supertest');
+const mongoose = require('mongoose');
+const { MongoMemoryServer } = require('mongodb-memory-server');
+const { createModels, createMethods } = require('@librechat/data-schemas');
+const { PrincipalType, SystemRoles } = require('librechat-data-provider');
+
+/**
+ * Integration test for the admin grants routes.
+ *
+ * Validates the full Express wiring: route registration → middleware →
+ * handler → real MongoDB. Auth middleware is injected (matching the repo
+ * pattern in keys.spec.js) so we can control the caller identity without
+ * a real JWT, while the handler DI deps use real DB methods.
+ */
+
+jest.mock('~/server/middleware', () => ({
+  requireJwtAuth: (_req, _res, next) => next(),
+}));
+
+jest.mock('~/server/middleware/roles/capabilities', () => ({
+  requireCapability: () => (_req, _res, next) => next(),
+}));
+
+let mongoServer;
+let db;
+
+beforeAll(async () => {
+  mongoServer = await MongoMemoryServer.create();
+  await mongoose.connect(mongoServer.getUri());
+  createModels(mongoose);
+  db = createMethods(mongoose);
+  await db.seedSystemGrants();
+  await db.initializeRoles();
+  await db.seedDefaultRoles();
+});
+
+afterAll(async () => {
+  await mongoose.disconnect();
+  await mongoServer.stop();
+});
+
+afterEach(async () => {
+  const SystemGrant = mongoose.models.SystemGrant;
+  // Clean non-seed grants (keep admin seed)
+  await SystemGrant.deleteMany({
+    $or: [
+      { principalId: { $ne: SystemRoles.ADMIN } },
+      { principalType: { $ne: PrincipalType.ROLE } },
+    ],
+  });
+});
+
+function createApp(user) {
+  const { createAdminGrantsHandlers, getCachedPrincipals } = require('@librechat/api');
+
+  const handlers = createAdminGrantsHandlers({
+    listGrants: db.listGrants,
+    countGrants: db.countGrants,
+    getCapabilitiesForPrincipal: db.getCapabilitiesForPrincipal,
+    getCapabilitiesForPrincipals: db.getCapabilitiesForPrincipals,
+    grantCapability: db.grantCapability,
+    revokeCapability: db.revokeCapability,
+    getUserPrincipals: db.getUserPrincipals,
+    hasCapabilityForPrincipals: db.hasCapabilityForPrincipals,
+    getHeldCapabilities: db.getHeldCapabilities,
+    getCachedPrincipals,
+    checkRoleExists: async (name) => (await db.getRoleByName(name)) != null,
+  });
+
+  const app = express();
+  app.use(express.json());
+  app.use((req, _res, next) => {
+    req.user = user;
+    next();
+  });
+
+  const router = express.Router();
+  router.get('/', handlers.listGrants);
+  router.get('/effective', handlers.getEffectiveCapabilities);
+  router.get('/:principalType/:principalId', handlers.getPrincipalGrants);
+  router.post('/', handlers.assignGrant);
+  router.delete('/:principalType/:principalId/:capability', handlers.revokeGrant);
+  app.use('/api/admin/grants', router);
+
+  return app;
+}
+
+describe('Admin Grants Routes — Integration', () => {
+  const adminUserId = new mongoose.Types.ObjectId();
+  const adminUser = {
+    _id: adminUserId,
+    id: adminUserId.toString(),
+    role: SystemRoles.ADMIN,
+  };
+
+  it('GET / returns seeded admin grants', async () => {
+    const app = createApp(adminUser);
+    const res = await request(app).get('/api/admin/grants').expect(200);
+
+    expect(res.body).toHaveProperty('grants');
+    expect(res.body).toHaveProperty('total');
+    expect(res.body.grants.length).toBeGreaterThan(0);
+    // Seeded grants are for the ADMIN role
+    expect(res.body.grants[0].principalType).toBe(PrincipalType.ROLE);
+  });
+
+  it('GET /effective returns capabilities for admin', async () => {
+    const app = createApp(adminUser);
+    const res = await request(app).get('/api/admin/grants/effective').expect(200);
+
+    expect(res.body).toHaveProperty('capabilities');
+    expect(res.body.capabilities).toContain('access:admin');
+    expect(res.body.capabilities).toContain('manage:roles');
+  });
+
+  it('POST / assigns a grant and DELETE / revokes it', async () => {
+    const app = createApp(adminUser);
+
+    // Assign
+    const assignRes = await request(app)
+      .post('/api/admin/grants')
+      .send({
+        principalType: PrincipalType.ROLE,
+        principalId: SystemRoles.USER,
+        capability: 'read:users',
+      })
+      .expect(201);
+
+    expect(assignRes.body.grant).toMatchObject({
+      principalType: PrincipalType.ROLE,
+      principalId: SystemRoles.USER,
+      capability: 'read:users',
+    });
+
+    // Verify via GET
+    const getRes = await request(app)
+      .get(`/api/admin/grants/${PrincipalType.ROLE}/${SystemRoles.USER}`)
+      .expect(200);
+
+    expect(getRes.body.grants.some((g) => g.capability === 'read:users')).toBe(true);
+
+    // Revoke
+    await request(app)
+      .delete(`/api/admin/grants/${PrincipalType.ROLE}/${SystemRoles.USER}/read:users`)
+      .expect(200);
+
+    // Verify revoked
+    const afterRes = await request(app)
+      .get(`/api/admin/grants/${PrincipalType.ROLE}/${SystemRoles.USER}`)
+      .expect(200);
+
+    expect(afterRes.body.grants.some((g) => g.capability === 'read:users')).toBe(false);
+  });
+
+  it('POST / returns 400 for non-existent role when checkRoleExists is wired', async () => {
+    const app = createApp(adminUser);
+
+    const res = await request(app)
+      .post('/api/admin/grants')
+      .send({
+        principalType: PrincipalType.ROLE,
+        principalId: 'nonexistent-role',
+        capability: 'read:users',
+      })
+      .expect(400);
+
+    expect(res.body.error).toBe('Role not found');
+  });
+
+  it('POST / returns 401 without authenticated user', async () => {
+    const app = createApp(undefined);
+
+    const res = await request(app)
+      .post('/api/admin/grants')
+      .send({
+        principalType: PrincipalType.ROLE,
+        principalId: SystemRoles.USER,
+        capability: 'read:users',
+      })
+      .expect(401);
+
+    expect(res.body).toHaveProperty('error', 'Authentication required');
+  });
+});
diff --git a/api/server/routes/__tests__/mcp.spec.js b/api/server/routes/__tests__/mcp.spec.js
index 1ad8cac087..f194f361d3 100644
--- a/api/server/routes/__tests__/mcp.spec.js
+++ b/api/server/routes/__tests__/mcp.spec.js
@@ -18,6 +18,7 @@ const mockRegistryInstance = {
   getServerConfig: jest.fn(),
   getOAuthServers: jest.fn(),
   getAllServerConfigs: jest.fn(),
+  ensureConfigServers: jest.fn().mockResolvedValue({}),
   addServer: jest.fn(),
   updateServer: jest.fn(),
   removeServer: jest.fn(),
@@ -58,6 +59,7 @@ jest.mock('@librechat/api', () => {
 });
 
 jest.mock('@librechat/data-schemas', () => ({
+  getTenantId: jest.fn(),
   logger: {
     debug: jest.fn(),
     info: jest.fn(),
@@ -93,14 +95,18 @@ jest.mock('~/server/services/Config', () => ({
   getCachedTools: jest.fn(),
   getMCPServerTools: jest.fn(),
   loadCustomConfig: jest.fn(),
+  getAppConfig: jest.fn().mockResolvedValue({ mcpConfig: {} }),
 }));
 
 jest.mock('~/server/services/Config/mcp', () => ({
   updateMCPServerTools: jest.fn(),
 }));
 
+const mockResolveAllMcpConfigs = jest.fn().mockResolvedValue({});
 jest.mock('~/server/services/MCP', () => ({
   getMCPSetupData: jest.fn(),
+  resolveConfigServers: jest.fn().mockResolvedValue({}),
+  resolveAllMcpConfigs: (...args) => mockResolveAllMcpConfigs(...args),
   getServerConnectionStatus: jest.fn(),
 }));
 
@@ -579,6 +585,112 @@ describe('MCP Routes', () => {
       );
     });
 
+    it('should use oauthHeaders from flow state when present', async () => {
+      const mockFlowManager = {
+        getFlowState: jest.fn().mockResolvedValue({ status: 'PENDING' }),
+        completeFlow: jest.fn().mockResolvedValue(),
+        deleteFlow: jest.fn().mockResolvedValue(true),
+      };
+      const mockFlowState = {
+        serverName: 'test-server',
+        userId: 'test-user-id',
+        metadata: { toolFlowId: 'tool-flow-123' },
+        clientInfo: {},
+        codeVerifier: 'test-verifier',
+        oauthHeaders: { 'X-Custom-Auth': 'header-value' },
+      };
+      const mockTokens = { access_token: 'tok', refresh_token: 'ref' };
+
+      MCPOAuthHandler.getFlowState.mockResolvedValue(mockFlowState);
+      MCPOAuthHandler.completeOAuthFlow.mockResolvedValue(mockTokens);
+      MCPTokenStorage.storeTokens.mockResolvedValue();
+      getLogStores.mockReturnValue({});
+      require('~/config').getFlowStateManager.mockReturnValue(mockFlowManager);
+      require('~/config').getOAuthReconnectionManager.mockReturnValue({
+        clearReconnection: jest.fn(),
+      });
+      require('~/config').getMCPManager.mockReturnValue({
+        getUserConnection: jest.fn().mockResolvedValue({
+          fetchTools: jest.fn().mockResolvedValue([]),
+        }),
+      });
+      const { getCachedTools, setCachedTools } = require('~/server/services/Config');
+      getCachedTools.mockResolvedValue({});
+      setCachedTools.mockResolvedValue();
+
+      const flowId = 'test-user-id:test-server';
+      const csrfToken = generateTestCsrfToken(flowId);
+
+      await request(app)
+        .get('/api/mcp/test-server/oauth/callback')
+        .set('Cookie', [`oauth_csrf=${csrfToken}`])
+        .query({ code: 'auth-code', state: flowId });
+
+      expect(MCPOAuthHandler.completeOAuthFlow).toHaveBeenCalledWith(
+        flowId,
+        'auth-code',
+        mockFlowManager,
+        { 'X-Custom-Auth': 'header-value' },
+      );
+      expect(mockRegistryInstance.getServerConfig).not.toHaveBeenCalled();
+    });
+
+    it('should fall back to registry oauth_headers when flow state lacks them', async () => {
+      const mockFlowManager = {
+        getFlowState: jest.fn().mockResolvedValue({ status: 'PENDING' }),
+        completeFlow: jest.fn().mockResolvedValue(),
+        deleteFlow: jest.fn().mockResolvedValue(true),
+      };
+      const mockFlowState = {
+        serverName: 'test-server',
+        userId: 'test-user-id',
+        metadata: { toolFlowId: 'tool-flow-123' },
+        clientInfo: {},
+        codeVerifier: 'test-verifier',
+      };
+      const mockTokens = { access_token: 'tok', refresh_token: 'ref' };
+
+      MCPOAuthHandler.getFlowState.mockResolvedValue(mockFlowState);
+      MCPOAuthHandler.completeOAuthFlow.mockResolvedValue(mockTokens);
+      MCPTokenStorage.storeTokens.mockResolvedValue();
+      mockRegistryInstance.getServerConfig.mockResolvedValue({
+        oauth_headers: { 'X-Registry-Header': 'from-registry' },
+      });
+      getLogStores.mockReturnValue({});
+      require('~/config').getFlowStateManager.mockReturnValue(mockFlowManager);
+      require('~/config').getOAuthReconnectionManager.mockReturnValue({
+        clearReconnection: jest.fn(),
+      });
+      require('~/config').getMCPManager.mockReturnValue({
+        getUserConnection: jest.fn().mockResolvedValue({
+          fetchTools: jest.fn().mockResolvedValue([]),
+        }),
+      });
+      const { getCachedTools, setCachedTools } = require('~/server/services/Config');
+      getCachedTools.mockResolvedValue({});
+      setCachedTools.mockResolvedValue();
+
+      const flowId = 'test-user-id:test-server';
+      const csrfToken = generateTestCsrfToken(flowId);
+
+      await request(app)
+        .get('/api/mcp/test-server/oauth/callback')
+        .set('Cookie', [`oauth_csrf=${csrfToken}`])
+        .query({ code: 'auth-code', state: flowId });
+
+      expect(MCPOAuthHandler.completeOAuthFlow).toHaveBeenCalledWith(
+        flowId,
+        'auth-code',
+        mockFlowManager,
+        { 'X-Registry-Header': 'from-registry' },
+      );
+      expect(mockRegistryInstance.getServerConfig).toHaveBeenCalledWith(
+        'test-server',
+        'test-user-id',
+        undefined,
+      );
+    });
+
     it('should redirect to error page when callback processing fails', async () => {
       MCPOAuthHandler.getFlowState.mockRejectedValue(new Error('Callback error'));
       const flowId = 'test-user-id:test-server';
@@ -1350,19 +1462,10 @@ describe('MCP Routes', () => {
         },
       });
 
-      expect(getMCPSetupData).toHaveBeenCalledWith('test-user-id');
+      expect(getMCPSetupData).toHaveBeenCalledWith('test-user-id', expect.any(Object));
       expect(getServerConnectionStatus).toHaveBeenCalledTimes(2);
     });
 
-    it('should return 404 when MCP config is not found', async () => {
-      getMCPSetupData.mockRejectedValue(new Error('MCP config not found'));
-
-      const response = await request(app).get('/api/mcp/connection/status');
-
-      expect(response.status).toBe(404);
-      expect(response.body).toEqual({ error: 'MCP config not found' });
-    });
-
     it('should return 500 when connection status check fails', async () => {
       getMCPSetupData.mockRejectedValue(new Error('Database error'));
 
@@ -1437,15 +1540,6 @@ describe('MCP Routes', () => {
       });
     });
 
-    it('should return 404 when MCP config is not found', async () => {
-      getMCPSetupData.mockRejectedValue(new Error('MCP config not found'));
-
-      const response = await request(app).get('/api/mcp/connection/status/test-server');
-
-      expect(response.status).toBe(404);
-      expect(response.body).toEqual({ error: 'MCP config not found' });
-    });
-
     it('should return 500 when connection status check fails', async () => {
       getMCPSetupData.mockRejectedValue(new Error('Database connection failed'));
 
@@ -1704,7 +1798,7 @@ describe('MCP Routes', () => {
         },
       };
 
-      mockRegistryInstance.getAllServerConfigs.mockResolvedValue(mockServerConfigs);
+      mockResolveAllMcpConfigs.mockResolvedValue(mockServerConfigs);
 
       const response = await request(app).get('/api/mcp/servers');
 
@@ -1721,11 +1815,14 @@ describe('MCP Routes', () => {
       });
       expect(response.body['server-1'].headers).toBeUndefined();
       expect(response.body['server-2'].headers).toBeUndefined();
-      expect(mockRegistryInstance.getAllServerConfigs).toHaveBeenCalledWith('test-user-id');
+      expect(mockResolveAllMcpConfigs).toHaveBeenCalledWith(
+        'test-user-id',
+        expect.objectContaining({ id: 'test-user-id' }),
+      );
     });
 
     it('should return empty object when no servers are configured', async () => {
-      mockRegistryInstance.getAllServerConfigs.mockResolvedValue({});
+      mockResolveAllMcpConfigs.mockResolvedValue({});
 
       const response = await request(app).get('/api/mcp/servers');
 
@@ -1749,7 +1846,7 @@ describe('MCP Routes', () => {
     });
 
     it('should return 500 when server config retrieval fails', async () => {
-      mockRegistryInstance.getAllServerConfigs.mockRejectedValue(new Error('Database error'));
+      mockResolveAllMcpConfigs.mockRejectedValue(new Error('Database error'));
 
       const response = await request(app).get('/api/mcp/servers');
 
@@ -1939,11 +2036,12 @@ describe('MCP Routes', () => {
       expect(mockRegistryInstance.getServerConfig).toHaveBeenCalledWith(
         'test-server',
         'test-user-id',
+        {},
       );
     });
 
     it('should return 404 when server not found', async () => {
-      mockRegistryInstance.getServerConfig.mockResolvedValue(null);
+      mockRegistryInstance.getServerConfig.mockResolvedValue(undefined);
 
       const response = await request(app).get('/api/mcp/servers/non-existent-server');
 
diff --git a/api/server/routes/admin/auth.js b/api/server/routes/admin/auth.js
index 530764852b..72f23b7d52 100644
--- a/api/server/routes/admin/auth.js
+++ b/api/server/routes/admin/auth.js
@@ -1,9 +1,8 @@
 const express = require('express');
 const passport = require('passport');
-const { randomState } = require('openid-client');
-const { logger } = require('@librechat/data-schemas');
+const crypto = require('node:crypto');
 const { CacheKeys } = require('librechat-data-provider');
-const { SystemCapabilities } = require('@librechat/data-schemas');
+const { logger, SystemCapabilities } = require('@librechat/data-schemas');
 const { getAdminPanelUrl, exchangeAdminCode, createSetBalanceConfig } = require('@librechat/api');
 const { loginController } = require('~/server/controllers/auth/LoginController');
 const { requireCapability } = require('~/server/middleware/roles/capabilities');
@@ -24,6 +23,28 @@ const setBalanceConfig = createSetBalanceConfig({
 
 const router = express.Router();
 
+function resolveRequestOrigin(req) {
+  const originHeader = req.get('origin');
+  if (originHeader) {
+    try {
+      return new URL(originHeader).origin;
+    } catch {
+      return undefined;
+    }
+  }
+
+  const refererHeader = req.get('referer');
+  if (!refererHeader) {
+    return undefined;
+  }
+
+  try {
+    return new URL(refererHeader).origin;
+  } catch {
+    return undefined;
+  }
+}
+
 router.post(
   '/login/local',
   middleware.logHeaders,
@@ -52,28 +73,340 @@ router.get('/oauth/openid/check', (req, res) => {
   res.status(200).json({ message: 'OpenID check successful' });
 });
 
-router.get('/oauth/openid', (req, res, next) => {
+/** PKCE challenge cache TTL: 5 minutes (enough for user to authenticate with IdP) */
+const PKCE_CHALLENGE_TTL = 5 * 60 * 1000;
+/** Regex pattern for valid PKCE challenges: 64 hex characters (SHA-256 hex digest) */
+const PKCE_CHALLENGE_PATTERN = /^[a-f0-9]{64}$/;
+
+/**
+ * Generates a random hex state string for OAuth flows.
+ * @returns {string} A 32-byte random hex string.
+ */
+function generateState() {
+  return crypto.randomBytes(32).toString('hex');
+}
+
+/**
+ * Stores a PKCE challenge in cache keyed by state.
+ * @param {string} state - The OAuth state value.
+ * @param {string | undefined} codeChallenge - The PKCE code_challenge from query params.
+ * @param {string} provider - Provider name for logging.
+ * @returns {Promise<boolean>} True if stored successfully or no challenge provided.
+ */
+async function storePkceChallenge(state, codeChallenge, provider) {
+  if (typeof codeChallenge !== 'string' || !PKCE_CHALLENGE_PATTERN.test(codeChallenge)) {
+    return true;
+  }
+  try {
+    const cache = getLogStores(CacheKeys.ADMIN_OAUTH_EXCHANGE);
+    await cache.set(`pkce:${state}`, codeChallenge, PKCE_CHALLENGE_TTL);
+    return true;
+  } catch (err) {
+    logger.error(`[admin/oauth/${provider}] Failed to store PKCE challenge:`, err);
+    return false;
+  }
+}
+
+/**
+ * Middleware to retrieve PKCE challenge from cache using the OAuth state.
+ * Reads state from req.oauthState (set by a preceding middleware).
+ * @param {string} provider - Provider name for logging.
+ * @returns {Function} Express middleware.
+ */
+function retrievePkceChallenge(provider) {
+  return async (req, res, next) => {
+    if (!req.oauthState) {
+      return next();
+    }
+    try {
+      const cache = getLogStores(CacheKeys.ADMIN_OAUTH_EXCHANGE);
+      const challenge = await cache.get(`pkce:${req.oauthState}`);
+      if (challenge) {
+        req.pkceChallenge = challenge;
+        await cache.delete(`pkce:${req.oauthState}`);
+      } else {
+        logger.warn(
+          `[admin/oauth/${provider}/callback] State present but no PKCE challenge found; PKCE will not be enforced for this request`,
+        );
+      }
+    } catch (err) {
+      logger.error(
+        `[admin/oauth/${provider}/callback] Failed to retrieve PKCE challenge, aborting:`,
+        err,
+      );
+      return res.redirect(
+        `${getAdminPanelUrl()}/auth/${provider}/callback?error=pkce_retrieval_failed&error_description=Failed+to+retrieve+PKCE+challenge`,
+      );
+    }
+    next();
+  };
+}
+
+/* ──────────────────────────────────────────────
+ * OpenID Admin Routes
+ * ────────────────────────────────────────────── */
+
+router.get('/oauth/openid', async (req, res, next) => {
+  const state = generateState();
+  const stored = await storePkceChallenge(state, req.query.code_challenge, 'openid');
+  if (!stored) {
+    return res.redirect(
+      `${getAdminPanelUrl()}/auth/openid/callback?error=pkce_store_failed&error_description=Failed+to+store+PKCE+challenge`,
+    );
+  }
+
   return passport.authenticate('openidAdmin', {
     session: false,
-    state: randomState(),
+    state,
   })(req, res, next);
 });
 
 router.get(
   '/oauth/openid/callback',
+  (req, res, next) => {
+    req.oauthState = typeof req.query.state === 'string' ? req.query.state : undefined;
+    next();
+  },
   passport.authenticate('openidAdmin', {
     failureRedirect: `${getAdminPanelUrl()}/auth/openid/callback?error=auth_failed&error_description=Authentication+failed`,
     failureMessage: true,
     session: false,
   }),
+  retrievePkceChallenge('openid'),
   requireAdminAccess,
   setBalanceConfig,
   middleware.checkDomainAllowed,
   createOAuthHandler(`${getAdminPanelUrl()}/auth/openid/callback`),
 );
 
+/* ──────────────────────────────────────────────
+ * SAML Admin Routes
+ * ────────────────────────────────────────────── */
+
+router.get('/oauth/saml', async (req, res, next) => {
+  const state = generateState();
+  const stored = await storePkceChallenge(state, req.query.code_challenge, 'saml');
+  if (!stored) {
+    return res.redirect(
+      `${getAdminPanelUrl()}/auth/saml/callback?error=pkce_store_failed&error_description=Failed+to+store+PKCE+challenge`,
+    );
+  }
+
+  return passport.authenticate('samlAdmin', {
+    session: false,
+    additionalParams: { RelayState: state },
+  })(req, res, next);
+});
+
+router.post(
+  '/oauth/saml/callback',
+  (req, res, next) => {
+    req.oauthState = typeof req.body.RelayState === 'string' ? req.body.RelayState : undefined;
+    next();
+  },
+  passport.authenticate('samlAdmin', {
+    failureRedirect: `${getAdminPanelUrl()}/auth/saml/callback?error=auth_failed&error_description=Authentication+failed`,
+    failureMessage: true,
+    session: false,
+  }),
+  retrievePkceChallenge('saml'),
+  requireAdminAccess,
+  setBalanceConfig,
+  middleware.checkDomainAllowed,
+  createOAuthHandler(`${getAdminPanelUrl()}/auth/saml/callback`),
+);
+
+/* ──────────────────────────────────────────────
+ * Google Admin Routes
+ * ────────────────────────────────────────────── */
+
+router.get('/oauth/google', async (req, res, next) => {
+  const state = generateState();
+  const stored = await storePkceChallenge(state, req.query.code_challenge, 'google');
+  if (!stored) {
+    return res.redirect(
+      `${getAdminPanelUrl()}/auth/google/callback?error=pkce_store_failed&error_description=Failed+to+store+PKCE+challenge`,
+    );
+  }
+
+  return passport.authenticate('googleAdmin', {
+    scope: ['openid', 'profile', 'email'],
+    session: false,
+    state,
+  })(req, res, next);
+});
+
+router.get(
+  '/oauth/google/callback',
+  (req, res, next) => {
+    req.oauthState = typeof req.query.state === 'string' ? req.query.state : undefined;
+    next();
+  },
+  passport.authenticate('googleAdmin', {
+    failureRedirect: `${getAdminPanelUrl()}/auth/google/callback?error=auth_failed&error_description=Authentication+failed`,
+    failureMessage: true,
+    session: false,
+  }),
+  retrievePkceChallenge('google'),
+  requireAdminAccess,
+  setBalanceConfig,
+  middleware.checkDomainAllowed,
+  createOAuthHandler(`${getAdminPanelUrl()}/auth/google/callback`),
+);
+
+/* ──────────────────────────────────────────────
+ * GitHub Admin Routes
+ * ────────────────────────────────────────────── */
+
+router.get('/oauth/github', async (req, res, next) => {
+  const state = generateState();
+  const stored = await storePkceChallenge(state, req.query.code_challenge, 'github');
+  if (!stored) {
+    return res.redirect(
+      `${getAdminPanelUrl()}/auth/github/callback?error=pkce_store_failed&error_description=Failed+to+store+PKCE+challenge`,
+    );
+  }
+
+  return passport.authenticate('githubAdmin', {
+    scope: ['user:email', 'read:user'],
+    session: false,
+    state,
+  })(req, res, next);
+});
+
+router.get(
+  '/oauth/github/callback',
+  (req, res, next) => {
+    req.oauthState = typeof req.query.state === 'string' ? req.query.state : undefined;
+    next();
+  },
+  passport.authenticate('githubAdmin', {
+    failureRedirect: `${getAdminPanelUrl()}/auth/github/callback?error=auth_failed&error_description=Authentication+failed`,
+    failureMessage: true,
+    session: false,
+  }),
+  retrievePkceChallenge('github'),
+  requireAdminAccess,
+  setBalanceConfig,
+  middleware.checkDomainAllowed,
+  createOAuthHandler(`${getAdminPanelUrl()}/auth/github/callback`),
+);
+
+/* ──────────────────────────────────────────────
+ * Discord Admin Routes
+ * ────────────────────────────────────────────── */
+
+router.get('/oauth/discord', async (req, res, next) => {
+  const state = generateState();
+  const stored = await storePkceChallenge(state, req.query.code_challenge, 'discord');
+  if (!stored) {
+    return res.redirect(
+      `${getAdminPanelUrl()}/auth/discord/callback?error=pkce_store_failed&error_description=Failed+to+store+PKCE+challenge`,
+    );
+  }
+
+  return passport.authenticate('discordAdmin', {
+    scope: ['identify', 'email'],
+    session: false,
+    state,
+  })(req, res, next);
+});
+
+router.get(
+  '/oauth/discord/callback',
+  (req, res, next) => {
+    req.oauthState = typeof req.query.state === 'string' ? req.query.state : undefined;
+    next();
+  },
+  passport.authenticate('discordAdmin', {
+    failureRedirect: `${getAdminPanelUrl()}/auth/discord/callback?error=auth_failed&error_description=Authentication+failed`,
+    failureMessage: true,
+    session: false,
+  }),
+  retrievePkceChallenge('discord'),
+  requireAdminAccess,
+  setBalanceConfig,
+  middleware.checkDomainAllowed,
+  createOAuthHandler(`${getAdminPanelUrl()}/auth/discord/callback`),
+);
+
+/* ──────────────────────────────────────────────
+ * Facebook Admin Routes
+ * ────────────────────────────────────────────── */
+
+router.get('/oauth/facebook', async (req, res, next) => {
+  const state = generateState();
+  const stored = await storePkceChallenge(state, req.query.code_challenge, 'facebook');
+  if (!stored) {
+    return res.redirect(
+      `${getAdminPanelUrl()}/auth/facebook/callback?error=pkce_store_failed&error_description=Failed+to+store+PKCE+challenge`,
+    );
+  }
+
+  return passport.authenticate('facebookAdmin', {
+    scope: ['public_profile'],
+    session: false,
+    state,
+  })(req, res, next);
+});
+
+router.get(
+  '/oauth/facebook/callback',
+  (req, res, next) => {
+    req.oauthState = typeof req.query.state === 'string' ? req.query.state : undefined;
+    next();
+  },
+  passport.authenticate('facebookAdmin', {
+    failureRedirect: `${getAdminPanelUrl()}/auth/facebook/callback?error=auth_failed&error_description=Authentication+failed`,
+    failureMessage: true,
+    session: false,
+  }),
+  retrievePkceChallenge('facebook'),
+  requireAdminAccess,
+  setBalanceConfig,
+  middleware.checkDomainAllowed,
+  createOAuthHandler(`${getAdminPanelUrl()}/auth/facebook/callback`),
+);
+
+/* ──────────────────────────────────────────────
+ * Apple Admin Routes (POST callback)
+ * ────────────────────────────────────────────── */
+
+router.get('/oauth/apple', async (req, res, next) => {
+  const state = generateState();
+  const stored = await storePkceChallenge(state, req.query.code_challenge, 'apple');
+  if (!stored) {
+    return res.redirect(
+      `${getAdminPanelUrl()}/auth/apple/callback?error=pkce_store_failed&error_description=Failed+to+store+PKCE+challenge`,
+    );
+  }
+
+  return passport.authenticate('appleAdmin', {
+    session: false,
+    state,
+  })(req, res, next);
+});
+
+router.post(
+  '/oauth/apple/callback',
+  (req, res, next) => {
+    req.oauthState = typeof req.body.state === 'string' ? req.body.state : undefined;
+    next();
+  },
+  passport.authenticate('appleAdmin', {
+    failureRedirect: `${getAdminPanelUrl()}/auth/apple/callback?error=auth_failed&error_description=Authentication+failed`,
+    failureMessage: true,
+    session: false,
+  }),
+  retrievePkceChallenge('apple'),
+  requireAdminAccess,
+  setBalanceConfig,
+  middleware.checkDomainAllowed,
+  createOAuthHandler(`${getAdminPanelUrl()}/auth/apple/callback`),
+);
+
 /** Regex pattern for valid exchange codes: 64 hex characters */
-const EXCHANGE_CODE_PATTERN = /^[a-f0-9]{64}$/i;
+const EXCHANGE_CODE_PATTERN = /^[a-f0-9]{64}$/;
 
 /**
  * Exchange OAuth authorization code for tokens.
@@ -81,12 +414,12 @@ const EXCHANGE_CODE_PATTERN = /^[a-f0-9]{64}$/i;
  * The code is one-time-use and expires in 30 seconds.
  *
  * POST /api/admin/oauth/exchange
- * Body: { code: string }
+ * Body: { code: string, code_verifier?: string }
  * Response: { token: string, refreshToken: string, user: object }
  */
 router.post('/oauth/exchange', middleware.loginLimiter, async (req, res) => {
   try {
-    const { code } = req.body;
+    const { code, code_verifier: codeVerifier } = req.body;
 
     if (!code) {
       logger.warn('[admin/oauth/exchange] Missing authorization code');
@@ -104,8 +437,20 @@ router.post('/oauth/exchange', middleware.loginLimiter, async (req, res) => {
       });
     }
 
+    if (
+      codeVerifier !== undefined &&
+      (typeof codeVerifier !== 'string' || codeVerifier.length < 1 || codeVerifier.length > 512)
+    ) {
+      logger.warn('[admin/oauth/exchange] Invalid code_verifier format');
+      return res.status(400).json({
+        error: 'Invalid code_verifier',
+        error_code: 'INVALID_VERIFIER',
+      });
+    }
+
     const cache = getLogStores(CacheKeys.ADMIN_OAUTH_EXCHANGE);
-    const result = await exchangeAdminCode(cache, code);
+    const requestOrigin = resolveRequestOrigin(req);
+    const result = await exchangeAdminCode(cache, code, requestOrigin, codeVerifier);
 
     if (!result) {
       return res.status(401).json({
diff --git a/api/server/routes/admin/config.js b/api/server/routes/admin/config.js
new file mode 100644
index 0000000000..0632077ea9
--- /dev/null
+++ b/api/server/routes/admin/config.js
@@ -0,0 +1,40 @@
+const express = require('express');
+const { createAdminConfigHandlers } = require('@librechat/api');
+const { SystemCapabilities } = require('@librechat/data-schemas');
+const {
+  hasConfigCapability,
+  requireCapability,
+} = require('~/server/middleware/roles/capabilities');
+const { getAppConfig, invalidateConfigCaches } = require('~/server/services/Config');
+const { requireJwtAuth } = require('~/server/middleware');
+const db = require('~/models');
+
+const router = express.Router();
+
+const requireAdminAccess = requireCapability(SystemCapabilities.ACCESS_ADMIN);
+
+const handlers = createAdminConfigHandlers({
+  listAllConfigs: db.listAllConfigs,
+  findConfigByPrincipal: db.findConfigByPrincipal,
+  upsertConfig: db.upsertConfig,
+  patchConfigFields: db.patchConfigFields,
+  unsetConfigField: db.unsetConfigField,
+  deleteConfig: db.deleteConfig,
+  toggleConfigActive: db.toggleConfigActive,
+  hasConfigCapability,
+  getAppConfig,
+  invalidateConfigCaches,
+});
+
+router.use(requireJwtAuth, requireAdminAccess);
+
+router.get('/', handlers.listConfigs);
+router.get('/base', handlers.getBaseConfig);
+router.get('/:principalType/:principalId', handlers.getConfig);
+router.put('/:principalType/:principalId', handlers.upsertConfigOverrides);
+router.patch('/:principalType/:principalId/fields', handlers.patchConfigField);
+router.delete('/:principalType/:principalId/fields', handlers.deleteConfigField);
+router.delete('/:principalType/:principalId', handlers.deleteConfigOverrides);
+router.patch('/:principalType/:principalId/active', handlers.toggleConfig);
+
+module.exports = router;
diff --git a/api/server/routes/admin/grants.js b/api/server/routes/admin/grants.js
new file mode 100644
index 0000000000..a0fa73dc43
--- /dev/null
+++ b/api/server/routes/admin/grants.js
@@ -0,0 +1,35 @@
+const express = require('express');
+const { createAdminGrantsHandlers, getCachedPrincipals } = require('@librechat/api');
+const { SystemCapabilities } = require('@librechat/data-schemas');
+const { requireCapability } = require('~/server/middleware/roles/capabilities');
+const { requireJwtAuth } = require('~/server/middleware');
+const db = require('~/models');
+
+const router = express.Router();
+
+const requireAdminAccess = requireCapability(SystemCapabilities.ACCESS_ADMIN);
+
+const handlers = createAdminGrantsHandlers({
+  listGrants: db.listGrants,
+  countGrants: db.countGrants,
+  getCapabilitiesForPrincipal: db.getCapabilitiesForPrincipal,
+  getCapabilitiesForPrincipals: db.getCapabilitiesForPrincipals,
+  grantCapability: db.grantCapability,
+  revokeCapability: db.revokeCapability,
+  getUserPrincipals: db.getUserPrincipals,
+  hasCapabilityForPrincipals: db.hasCapabilityForPrincipals,
+  getHeldCapabilities: db.getHeldCapabilities,
+  getCachedPrincipals,
+  checkRoleExists: async (name) => (await db.getRoleByName(name)) != null,
+});
+
+router.use(requireJwtAuth, requireAdminAccess);
+
+router.get('/', handlers.listGrants);
+router.get('/effective', handlers.getEffectiveCapabilities);
+router.get('/:principalType/:principalId', handlers.getPrincipalGrants);
+router.post('/', handlers.assignGrant);
+/** Callers should encodeURIComponent the capability for client compatibility (e.g. manage%3Aconfigs%3Aendpoints). */
+router.delete('/:principalType/:principalId/:capability', handlers.revokeGrant);
+
+module.exports = router;
diff --git a/api/server/routes/admin/groups.js b/api/server/routes/admin/groups.js
new file mode 100644
index 0000000000..11ed59737e
--- /dev/null
+++ b/api/server/routes/admin/groups.js
@@ -0,0 +1,40 @@
+const express = require('express');
+const { createAdminGroupsHandlers } = require('@librechat/api');
+const { SystemCapabilities } = require('@librechat/data-schemas');
+const { requireCapability } = require('~/server/middleware/roles/capabilities');
+const { requireJwtAuth } = require('~/server/middleware');
+const db = require('~/models');
+
+const router = express.Router();
+
+const requireAdminAccess = requireCapability(SystemCapabilities.ACCESS_ADMIN);
+const requireReadGroups = requireCapability(SystemCapabilities.READ_GROUPS);
+const requireManageGroups = requireCapability(SystemCapabilities.MANAGE_GROUPS);
+
+const handlers = createAdminGroupsHandlers({
+  listGroups: db.listGroups,
+  countGroups: db.countGroups,
+  findGroupById: db.findGroupById,
+  createGroup: db.createGroup,
+  updateGroupById: db.updateGroupById,
+  deleteGroup: db.deleteGroup,
+  addUserToGroup: db.addUserToGroup,
+  removeUserFromGroup: db.removeUserFromGroup,
+  removeMemberById: db.removeMemberById,
+  findUsers: db.findUsers,
+  deleteConfig: db.deleteConfig,
+  deleteAclEntries: db.deleteAclEntries,
+});
+
+router.use(requireJwtAuth, requireAdminAccess);
+
+router.get('/', requireReadGroups, handlers.listGroups);
+router.post('/', requireManageGroups, handlers.createGroup);
+router.get('/:id', requireReadGroups, handlers.getGroup);
+router.patch('/:id', requireManageGroups, handlers.updateGroup);
+router.delete('/:id', requireManageGroups, handlers.deleteGroup);
+router.get('/:id/members', requireReadGroups, handlers.getGroupMembers);
+router.post('/:id/members', requireManageGroups, handlers.addGroupMember);
+router.delete('/:id/members/:userId', requireManageGroups, handlers.removeGroupMember);
+
+module.exports = router;
diff --git a/api/server/routes/admin/roles.js b/api/server/routes/admin/roles.js
new file mode 100644
index 0000000000..f2bbd7f7ea
--- /dev/null
+++ b/api/server/routes/admin/roles.js
@@ -0,0 +1,46 @@
+const express = require('express');
+const { createAdminRolesHandlers } = require('@librechat/api');
+const { SystemCapabilities } = require('@librechat/data-schemas');
+const { requireCapability } = require('~/server/middleware/roles/capabilities');
+const { requireJwtAuth } = require('~/server/middleware');
+const db = require('~/models');
+
+const router = express.Router();
+
+const requireAdminAccess = requireCapability(SystemCapabilities.ACCESS_ADMIN);
+const requireReadRoles = requireCapability(SystemCapabilities.READ_ROLES);
+const requireManageRoles = requireCapability(SystemCapabilities.MANAGE_ROLES);
+
+const handlers = createAdminRolesHandlers({
+  listRoles: db.listRoles,
+  countRoles: db.countRoles,
+  getRoleByName: db.getRoleByName,
+  createRoleByName: db.createRoleByName,
+  updateRoleByName: db.updateRoleByName,
+  updateAccessPermissions: db.updateAccessPermissions,
+  deleteRoleByName: db.deleteRoleByName,
+  findUser: db.findUser,
+  updateUser: db.updateUser,
+  updateUsersByRole: db.updateUsersByRole,
+  findUserIdsByRole: db.findUserIdsByRole,
+  updateUsersRoleByIds: db.updateUsersRoleByIds,
+  listUsersByRole: db.listUsersByRole,
+  countUsersByRole: db.countUsersByRole,
+  deleteConfig: db.deleteConfig,
+  deleteAclEntries: db.deleteAclEntries,
+  deleteGrantsForPrincipal: db.deleteGrantsForPrincipal,
+});
+
+router.use(requireJwtAuth, requireAdminAccess);
+
+router.get('/', requireReadRoles, handlers.listRoles);
+router.post('/', requireManageRoles, handlers.createRole);
+router.get('/:name', requireReadRoles, handlers.getRole);
+router.patch('/:name', requireManageRoles, handlers.updateRole);
+router.delete('/:name', requireManageRoles, handlers.deleteRole);
+router.patch('/:name/permissions', requireManageRoles, handlers.updateRolePermissions);
+router.get('/:name/members', requireReadRoles, handlers.getRoleMembers);
+router.post('/:name/members', requireManageRoles, handlers.addRoleMember);
+router.delete('/:name/members/:userId', requireManageRoles, handlers.removeRoleMember);
+
+module.exports = router;
diff --git a/api/server/routes/admin/users.js b/api/server/routes/admin/users.js
new file mode 100644
index 0000000000..20d4eb1797
--- /dev/null
+++ b/api/server/routes/admin/users.js
@@ -0,0 +1,28 @@
+const express = require('express');
+const { createAdminUsersHandlers } = require('@librechat/api');
+const { SystemCapabilities } = require('@librechat/data-schemas');
+const { requireCapability } = require('~/server/middleware/roles/capabilities');
+const { requireJwtAuth } = require('~/server/middleware');
+const db = require('~/models');
+
+const router = express.Router();
+
+const requireAdminAccess = requireCapability(SystemCapabilities.ACCESS_ADMIN);
+const requireReadUsers = requireCapability(SystemCapabilities.READ_USERS);
+// const requireManageUsers = requireCapability(SystemCapabilities.MANAGE_USERS);
+
+const handlers = createAdminUsersHandlers({
+  findUsers: db.findUsers,
+  countUsers: db.countUsers,
+  deleteUserById: db.deleteUserById,
+  deleteConfig: db.deleteConfig,
+  deleteAclEntries: db.deleteAclEntries,
+});
+
+router.use(requireJwtAuth, requireAdminAccess);
+
+router.get('/', requireReadUsers, handlers.listUsers);
+router.get('/search', requireReadUsers, handlers.searchUsers);
+// router.delete('/:id', requireManageUsers, handlers.deleteUser);
+
+module.exports = router;
diff --git a/api/server/routes/agents/__tests__/streamTenant.spec.js b/api/server/routes/agents/__tests__/streamTenant.spec.js
new file mode 100644
index 0000000000..1f89953186
--- /dev/null
+++ b/api/server/routes/agents/__tests__/streamTenant.spec.js
@@ -0,0 +1,186 @@
+const express = require('express');
+const request = require('supertest');
+
+const mockGenerationJobManager = {
+  getJob: jest.fn(),
+  subscribe: jest.fn(),
+  getResumeState: jest.fn(),
+  abortJob: jest.fn(),
+  getActiveJobIdsForUser: jest.fn().mockResolvedValue([]),
+};
+
+jest.mock('@librechat/data-schemas', () => ({
+  ...jest.requireActual('@librechat/data-schemas'),
+  logger: {
+    debug: jest.fn(),
+    warn: jest.fn(),
+    error: jest.fn(),
+    info: jest.fn(),
+  },
+}));
+
+jest.mock('@librechat/api', () => ({
+  ...jest.requireActual('@librechat/api'),
+  isEnabled: jest.fn().mockReturnValue(false),
+  GenerationJobManager: mockGenerationJobManager,
+}));
+
+jest.mock('~/models', () => ({
+  saveMessage: jest.fn(),
+}));
+
+let mockUserId = 'user-123';
+let mockTenantId;
+
+jest.mock('~/server/middleware', () => ({
+  uaParser: (req, res, next) => next(),
+  checkBan: (req, res, next) => next(),
+  requireJwtAuth: (req, res, next) => {
+    req.user = { id: mockUserId, tenantId: mockTenantId };
+    next();
+  },
+  messageIpLimiter: (req, res, next) => next(),
+  configMiddleware: (req, res, next) => next(),
+  messageUserLimiter: (req, res, next) => next(),
+}));
+
+jest.mock('~/server/routes/agents/chat', () => require('express').Router());
+jest.mock('~/server/routes/agents/v1', () => ({
+  v1: require('express').Router(),
+}));
+jest.mock('~/server/routes/agents/openai', () => require('express').Router());
+jest.mock('~/server/routes/agents/responses', () => require('express').Router());
+
+const agentsRouter = require('../index');
+const app = express();
+app.use(express.json());
+app.use('/agents', agentsRouter);
+
+function mockSubscribeSuccess() {
+  mockGenerationJobManager.subscribe.mockImplementation((_streamId, _writeEvent, onDone) => {
+    process.nextTick(() => onDone({ done: true }));
+    return { unsubscribe: jest.fn() };
+  });
+}
+
+describe('SSE stream tenant isolation', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    mockUserId = 'user-123';
+    mockTenantId = undefined;
+  });
+
+  describe('GET /chat/stream/:streamId', () => {
+    it('returns 403 when a user from a different tenant accesses a stream', async () => {
+      mockUserId = 'user-456';
+      mockTenantId = 'tenant-b';
+
+      mockGenerationJobManager.getJob.mockResolvedValue({
+        metadata: { userId: 'user-456', tenantId: 'tenant-a' },
+        status: 'running',
+      });
+
+      const res = await request(app).get('/agents/chat/stream/stream-123');
+      expect(res.status).toBe(403);
+      expect(res.body.error).toBe('Unauthorized');
+    });
+
+    it('returns 404 when stream does not exist', async () => {
+      mockGenerationJobManager.getJob.mockResolvedValue(null);
+
+      const res = await request(app).get('/agents/chat/stream/nonexistent');
+      expect(res.status).toBe(404);
+    });
+
+    it('proceeds past tenant guard when tenant matches', async () => {
+      mockUserId = 'user-123';
+      mockTenantId = 'tenant-a';
+      mockSubscribeSuccess();
+
+      mockGenerationJobManager.getJob.mockResolvedValue({
+        metadata: { userId: 'user-123', tenantId: 'tenant-a' },
+        status: 'running',
+      });
+
+      const res = await request(app).get('/agents/chat/stream/stream-123');
+      expect(res.status).toBe(200);
+      expect(mockGenerationJobManager.subscribe).toHaveBeenCalledTimes(1);
+    });
+
+    it('proceeds past tenant guard when job has no tenantId (single-tenant mode)', async () => {
+      mockUserId = 'user-123';
+      mockTenantId = undefined;
+      mockSubscribeSuccess();
+
+      mockGenerationJobManager.getJob.mockResolvedValue({
+        metadata: { userId: 'user-123' },
+        status: 'running',
+      });
+
+      const res = await request(app).get('/agents/chat/stream/stream-123');
+      expect(res.status).toBe(200);
+      expect(mockGenerationJobManager.subscribe).toHaveBeenCalledTimes(1);
+    });
+
+    it('returns 403 when job has tenantId but user has no tenantId', async () => {
+      mockUserId = 'user-123';
+      mockTenantId = undefined;
+
+      mockGenerationJobManager.getJob.mockResolvedValue({
+        metadata: { userId: 'user-123', tenantId: 'some-tenant' },
+        status: 'running',
+      });
+
+      const res = await request(app).get('/agents/chat/stream/stream-123');
+      expect(res.status).toBe(403);
+    });
+  });
+
+  describe('GET /chat/status/:conversationId', () => {
+    it('returns 403 when tenant does not match', async () => {
+      mockUserId = 'user-123';
+      mockTenantId = 'tenant-b';
+
+      mockGenerationJobManager.getJob.mockResolvedValue({
+        metadata: { userId: 'user-123', tenantId: 'tenant-a' },
+        status: 'running',
+      });
+
+      const res = await request(app).get('/agents/chat/status/conv-123');
+      expect(res.status).toBe(403);
+      expect(res.body.error).toBe('Unauthorized');
+    });
+
+    it('returns status when tenant matches', async () => {
+      mockUserId = 'user-123';
+      mockTenantId = 'tenant-a';
+
+      mockGenerationJobManager.getJob.mockResolvedValue({
+        metadata: { userId: 'user-123', tenantId: 'tenant-a' },
+        status: 'running',
+        createdAt: Date.now(),
+      });
+      mockGenerationJobManager.getResumeState.mockResolvedValue(null);
+
+      const res = await request(app).get('/agents/chat/status/conv-123');
+      expect(res.status).toBe(200);
+      expect(res.body.active).toBe(true);
+    });
+  });
+
+  describe('POST /chat/abort', () => {
+    it('returns 403 when tenant does not match', async () => {
+      mockUserId = 'user-123';
+      mockTenantId = 'tenant-b';
+
+      mockGenerationJobManager.getJob.mockResolvedValue({
+        metadata: { userId: 'user-123', tenantId: 'tenant-a' },
+        status: 'running',
+      });
+
+      const res = await request(app).post('/agents/chat/abort').send({ streamId: 'stream-123' });
+      expect(res.status).toBe(403);
+      expect(res.body.error).toBe('Unauthorized');
+    });
+  });
+});
diff --git a/api/server/routes/agents/index.js b/api/server/routes/agents/index.js
index 86966a3f3e..eb42046bed 100644
--- a/api/server/routes/agents/index.js
+++ b/api/server/routes/agents/index.js
@@ -17,6 +17,11 @@ const chat = require('./chat');
 
 const { LIMIT_MESSAGE_IP, LIMIT_MESSAGE_USER } = process.env ?? {};
 
+/** Untenanted jobs (pre-multi-tenancy) remain accessible if the userId check passes. */
+function hasTenantMismatch(job, user) {
+  return job.metadata?.tenantId != null && job.metadata.tenantId !== user.tenantId;
+}
+
 const router = express.Router();
 
 /**
@@ -67,6 +72,10 @@ router.get('/chat/stream/:streamId', async (req, res) => {
     return res.status(403).json({ error: 'Unauthorized' });
   }
 
+  if (hasTenantMismatch(job, req.user)) {
+    return res.status(403).json({ error: 'Unauthorized' });
+  }
+
   res.setHeader('Content-Encoding', 'identity');
   res.setHeader('Content-Type', 'text/event-stream');
   res.setHeader('Cache-Control', 'no-cache, no-transform');
@@ -150,7 +159,10 @@ router.get('/chat/stream/:streamId', async (req, res) => {
  * @returns { activeJobIds: string[] }
  */
 router.get('/chat/active', async (req, res) => {
-  const activeJobIds = await GenerationJobManager.getActiveJobIdsForUser(req.user.id);
+  const activeJobIds = await GenerationJobManager.getActiveJobIdsForUser(
+    req.user.id,
+    req.user.tenantId,
+  );
   res.json({ activeJobIds });
 });
 
@@ -174,6 +186,10 @@ router.get('/chat/status/:conversationId', async (req, res) => {
     return res.status(403).json({ error: 'Unauthorized' });
   }
 
+  if (hasTenantMismatch(job, req.user)) {
+    return res.status(403).json({ error: 'Unauthorized' });
+  }
+
   // Get resume state which contains aggregatedContent
   // Avoid calling both getStreamInfo and getResumeState (both fetch content)
   const resumeState = await GenerationJobManager.getResumeState(conversationId);
@@ -213,7 +229,10 @@ router.post('/chat/abort', async (req, res) => {
   // This handles the case where frontend sends "new" but job was created with a UUID
   if (!job && userId) {
     logger.debug(`[AgentStream] Job not found by ID, checking active jobs for user: ${userId}`);
-    const activeJobIds = await GenerationJobManager.getActiveJobIdsForUser(userId);
+    const activeJobIds = await GenerationJobManager.getActiveJobIdsForUser(
+      userId,
+      req.user.tenantId,
+    );
     if (activeJobIds.length > 0) {
       // Abort the most recent active job for this user
       jobStreamId = activeJobIds[0];
@@ -230,6 +249,10 @@ router.post('/chat/abort', async (req, res) => {
       return res.status(403).json({ error: 'Unauthorized' });
     }
 
+    if (hasTenantMismatch(job, req.user)) {
+      return res.status(403).json({ error: 'Unauthorized' });
+    }
+
     logger.debug(`[AgentStream] Job found, aborting: ${jobStreamId}`);
     const abortResult = await GenerationJobManager.abortJob(jobStreamId);
     logger.debug(`[AgentStream] Job aborted successfully: ${jobStreamId}`, {
diff --git a/api/server/routes/config.js b/api/server/routes/config.js
index 12961d3ff5..e63812f5ba 100644
--- a/api/server/routes/config.js
+++ b/api/server/routes/config.js
@@ -1,10 +1,9 @@
 const express = require('express');
-const { logger } = require('@librechat/data-schemas');
 const { isEnabled, getBalanceConfig } = require('@librechat/api');
-const { CacheKeys, defaultSocialLogins } = require('librechat-data-provider');
+const { defaultSocialLogins } = require('librechat-data-provider');
+const { logger, getTenantId } = require('@librechat/data-schemas');
 const { getLdapConfig } = require('~/server/services/Config/ldap');
 const { getAppConfig } = require('~/server/services/Config/app');
-const { getLogStores } = require('~/cache');
 
 const router = express.Router();
 const emailLoginEnabled =
@@ -20,128 +19,159 @@ const publicSharedLinksEnabled =
 const sharePointFilePickerEnabled = isEnabled(process.env.ENABLE_SHAREPOINT_FILEPICKER);
 const openidReuseTokens = isEnabled(process.env.OPENID_REUSE_TOKENS);
 
-router.get('/', async function (req, res) {
-  const cache = getLogStores(CacheKeys.CONFIG_STORE);
+function isBirthday() {
+  const today = new Date();
+  return today.getMonth() === 1 && today.getDate() === 11;
+}
 
-  const cachedStartupConfig = await cache.get(CacheKeys.STARTUP_CONFIG);
-  if (cachedStartupConfig) {
-    res.send(cachedStartupConfig);
-    return;
-  }
+function buildSharedPayload() {
+  const isOpenIdEnabled =
+    !!process.env.OPENID_CLIENT_ID &&
+    (isEnabled(process.env.OPENID_USE_PKCE) || !!process.env.OPENID_CLIENT_SECRET?.trim()) &&
+    !!process.env.OPENID_ISSUER &&
+    !!process.env.OPENID_SESSION_SECRET;
 
-  const isBirthday = () => {
-    const today = new Date();
-    return today.getMonth() === 1 && today.getDate() === 11;
-  };
+  const isSamlEnabled =
+    !!process.env.SAML_ENTRY_POINT &&
+    !!process.env.SAML_ISSUER &&
+    !!process.env.SAML_CERT &&
+    !!process.env.SAML_SESSION_SECRET;
 
   const ldap = getLdapConfig();
 
+  /** @type {Partial<TStartupConfig>} */
+  const payload = {
+    appTitle: process.env.APP_TITLE || 'LibreChat',
+    discordLoginEnabled: !!process.env.DISCORD_CLIENT_ID && !!process.env.DISCORD_CLIENT_SECRET,
+    facebookLoginEnabled: !!process.env.FACEBOOK_CLIENT_ID && !!process.env.FACEBOOK_CLIENT_SECRET,
+    githubLoginEnabled: !!process.env.GITHUB_CLIENT_ID && !!process.env.GITHUB_CLIENT_SECRET,
+    googleLoginEnabled: !!process.env.GOOGLE_CLIENT_ID && !!process.env.GOOGLE_CLIENT_SECRET,
+    appleLoginEnabled:
+      !!process.env.APPLE_CLIENT_ID &&
+      !!process.env.APPLE_TEAM_ID &&
+      !!process.env.APPLE_KEY_ID &&
+      !!process.env.APPLE_PRIVATE_KEY_PATH,
+    openidLoginEnabled: isOpenIdEnabled,
+    openidLabel: process.env.OPENID_BUTTON_LABEL || 'Continue with OpenID',
+    openidImageUrl: process.env.OPENID_IMAGE_URL,
+    openidAutoRedirect: isEnabled(process.env.OPENID_AUTO_REDIRECT),
+    samlLoginEnabled: !isOpenIdEnabled && isSamlEnabled,
+    samlLabel: process.env.SAML_BUTTON_LABEL,
+    samlImageUrl: process.env.SAML_IMAGE_URL,
+    serverDomain: process.env.DOMAIN_SERVER || 'http://localhost:3080',
+    emailLoginEnabled,
+    registrationEnabled: !ldap?.enabled && isEnabled(process.env.ALLOW_REGISTRATION),
+    socialLoginEnabled: isEnabled(process.env.ALLOW_SOCIAL_LOGIN),
+    emailEnabled:
+      (!!process.env.EMAIL_SERVICE || !!process.env.EMAIL_HOST) &&
+      !!process.env.EMAIL_USERNAME &&
+      !!process.env.EMAIL_PASSWORD &&
+      !!process.env.EMAIL_FROM,
+    passwordResetEnabled,
+    showBirthdayIcon:
+      isBirthday() ||
+      isEnabled(process.env.SHOW_BIRTHDAY_ICON) ||
+      process.env.SHOW_BIRTHDAY_ICON === '',
+    helpAndFaqURL: process.env.HELP_AND_FAQ_URL || 'https://librechat.ai',
+    sharedLinksEnabled,
+    publicSharedLinksEnabled,
+    analyticsGtmId: process.env.ANALYTICS_GTM_ID,
+    openidReuseTokens,
+  };
+
+  const minPasswordLength = parseInt(process.env.MIN_PASSWORD_LENGTH, 10);
+  if (minPasswordLength && !isNaN(minPasswordLength)) {
+    payload.minPasswordLength = minPasswordLength;
+  }
+
+  if (ldap) {
+    payload.ldap = ldap;
+  }
+
+  if (typeof process.env.CUSTOM_FOOTER === 'string') {
+    payload.customFooter = process.env.CUSTOM_FOOTER;
+  }
+
+  return payload;
+}
+
+function buildWebSearchConfig(appConfig) {
+  const ws = appConfig?.webSearch;
+  if (!ws) {
+    return undefined;
+  }
+  const { searchProvider, scraperProvider, rerankerType } = ws;
+  if (!searchProvider && !scraperProvider && !rerankerType) {
+    return undefined;
+  }
+  return {
+    ...(searchProvider && { searchProvider }),
+    ...(scraperProvider && { scraperProvider }),
+    ...(rerankerType && { rerankerType }),
+  };
+}
+
+router.get('/', async function (req, res) {
   try {
-    const appConfig = await getAppConfig({ role: req.user?.role });
+    const sharedPayload = buildSharedPayload();
 
-    const isOpenIdEnabled =
-      !!process.env.OPENID_CLIENT_ID &&
-      (isEnabled(process.env.OPENID_USE_PKCE) || !!process.env.OPENID_CLIENT_SECRET?.trim()) &&
-      !!process.env.OPENID_ISSUER &&
-      !!process.env.OPENID_SESSION_SECRET;
+    if (!req.user) {
+      const tenantId = getTenantId();
+      const baseConfig = await getAppConfig(tenantId ? { tenantId } : { baseOnly: true });
 
-    const isSamlEnabled =
-      !!process.env.SAML_ENTRY_POINT &&
-      !!process.env.SAML_ISSUER &&
-      !!process.env.SAML_CERT &&
-      !!process.env.SAML_SESSION_SECRET;
+      /** @type {Partial<TStartupConfig>} */
+      const payload = {
+        ...sharedPayload,
+        socialLogins: baseConfig?.registration?.socialLogins ?? defaultSocialLogins,
+        turnstile: baseConfig?.turnstileConfig,
+      };
+
+      const interfaceConfig = baseConfig?.interfaceConfig;
+      if (interfaceConfig?.privacyPolicy || interfaceConfig?.termsOfService) {
+        payload.interface = {};
+        if (interfaceConfig.privacyPolicy) {
+          payload.interface.privacyPolicy = interfaceConfig.privacyPolicy;
+        }
+        if (interfaceConfig.termsOfService) {
+          payload.interface.termsOfService = interfaceConfig.termsOfService;
+        }
+      }
+
+      return res.status(200).send(payload);
+    }
+
+    const appConfig = await getAppConfig({
+      role: req.user.role,
+      userId: req.user.id,
+      tenantId: req.user.tenantId || getTenantId(),
+    });
 
     const balanceConfig = getBalanceConfig(appConfig);
 
     /** @type {TStartupConfig} */
     const payload = {
-      appTitle: process.env.APP_TITLE || 'LibreChat',
+      ...sharedPayload,
       socialLogins: appConfig?.registration?.socialLogins ?? defaultSocialLogins,
-      discordLoginEnabled: !!process.env.DISCORD_CLIENT_ID && !!process.env.DISCORD_CLIENT_SECRET,
-      facebookLoginEnabled:
-        !!process.env.FACEBOOK_CLIENT_ID && !!process.env.FACEBOOK_CLIENT_SECRET,
-      githubLoginEnabled: !!process.env.GITHUB_CLIENT_ID && !!process.env.GITHUB_CLIENT_SECRET,
-      googleLoginEnabled: !!process.env.GOOGLE_CLIENT_ID && !!process.env.GOOGLE_CLIENT_SECRET,
-      appleLoginEnabled:
-        !!process.env.APPLE_CLIENT_ID &&
-        !!process.env.APPLE_TEAM_ID &&
-        !!process.env.APPLE_KEY_ID &&
-        !!process.env.APPLE_PRIVATE_KEY_PATH,
-      openidLoginEnabled: isOpenIdEnabled,
-      openidLabel: process.env.OPENID_BUTTON_LABEL || 'Continue with OpenID',
-      openidImageUrl: process.env.OPENID_IMAGE_URL,
-      openidAutoRedirect: isEnabled(process.env.OPENID_AUTO_REDIRECT),
-      samlLoginEnabled: !isOpenIdEnabled && isSamlEnabled,
-      samlLabel: process.env.SAML_BUTTON_LABEL,
-      samlImageUrl: process.env.SAML_IMAGE_URL,
-      serverDomain: process.env.DOMAIN_SERVER || 'http://localhost:3080',
-      emailLoginEnabled,
-      registrationEnabled: !ldap?.enabled && isEnabled(process.env.ALLOW_REGISTRATION),
-      socialLoginEnabled: isEnabled(process.env.ALLOW_SOCIAL_LOGIN),
-      emailEnabled:
-        (!!process.env.EMAIL_SERVICE || !!process.env.EMAIL_HOST) &&
-        !!process.env.EMAIL_USERNAME &&
-        !!process.env.EMAIL_PASSWORD &&
-        !!process.env.EMAIL_FROM,
-      passwordResetEnabled,
-      showBirthdayIcon:
-        isBirthday() ||
-        isEnabled(process.env.SHOW_BIRTHDAY_ICON) ||
-        process.env.SHOW_BIRTHDAY_ICON === '',
-      helpAndFaqURL: process.env.HELP_AND_FAQ_URL || 'https://librechat.ai',
       interface: appConfig?.interfaceConfig,
       turnstile: appConfig?.turnstileConfig,
       modelSpecs: appConfig?.modelSpecs,
       balance: balanceConfig,
-      sharedLinksEnabled,
-      publicSharedLinksEnabled,
-      analyticsGtmId: process.env.ANALYTICS_GTM_ID,
       bundlerURL: process.env.SANDPACK_BUNDLER_URL,
       staticBundlerURL: process.env.SANDPACK_STATIC_BUNDLER_URL,
       sharePointFilePickerEnabled,
       sharePointBaseUrl: process.env.SHAREPOINT_BASE_URL,
       sharePointPickerGraphScope: process.env.SHAREPOINT_PICKER_GRAPH_SCOPE,
       sharePointPickerSharePointScope: process.env.SHAREPOINT_PICKER_SHAREPOINT_SCOPE,
-      openidReuseTokens,
       conversationImportMaxFileSize: process.env.CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES
         ? parseInt(process.env.CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES, 10)
         : 0,
     };
 
-    const minPasswordLength = parseInt(process.env.MIN_PASSWORD_LENGTH, 10);
-    if (minPasswordLength && !isNaN(minPasswordLength)) {
-      payload.minPasswordLength = minPasswordLength;
+    const webSearch = buildWebSearchConfig(appConfig);
+    if (webSearch) {
+      payload.webSearch = webSearch;
     }
 
-    const webSearchConfig = appConfig?.webSearch;
-    if (
-      webSearchConfig != null &&
-      (webSearchConfig.searchProvider ||
-        webSearchConfig.scraperProvider ||
-        webSearchConfig.rerankerType)
-    ) {
-      payload.webSearch = {};
-    }
-
-    if (webSearchConfig?.searchProvider) {
-      payload.webSearch.searchProvider = webSearchConfig.searchProvider;
-    }
-    if (webSearchConfig?.scraperProvider) {
-      payload.webSearch.scraperProvider = webSearchConfig.scraperProvider;
-    }
-    if (webSearchConfig?.rerankerType) {
-      payload.webSearch.rerankerType = webSearchConfig.rerankerType;
-    }
-
-    if (ldap) {
-      payload.ldap = ldap;
-    }
-
-    if (typeof process.env.CUSTOM_FOOTER === 'string') {
-      payload.customFooter = process.env.CUSTOM_FOOTER;
-    }
-
-    await cache.set(CacheKeys.STARTUP_CONFIG, payload);
     return res.status(200).send(payload);
   } catch (err) {
     logger.error('Error in startup config', err);
diff --git a/api/server/routes/convos.js b/api/server/routes/convos.js
index 1964075ed3..ded7d835d7 100644
--- a/api/server/routes/convos.js
+++ b/api/server/routes/convos.js
@@ -267,7 +267,11 @@ router.post(
   async (req, res) => {
     try {
       /* TODO: optimize to return imported conversations and add manually */
-      await importConversations({ filepath: req.file.path, requestUserId: req.user.id });
+      await importConversations({
+        filepath: req.file.path,
+        requestUserId: req.user.id,
+        userRole: req.user.role,
+      });
       res.status(201).json({ message: 'Conversation(s) imported successfully' });
     } catch (error) {
       logger.error('Error processing file', error);
diff --git a/api/server/routes/endpoints.js b/api/server/routes/endpoints.js
index 794abde0c2..e7ff1c7000 100644
--- a/api/server/routes/endpoints.js
+++ b/api/server/routes/endpoints.js
@@ -1,7 +1,9 @@
 const express = require('express');
+const requireJwtAuth = require('~/server/middleware/requireJwtAuth');
 const endpointController = require('~/server/controllers/EndpointController');
 
 const router = express.Router();
-router.get('/', endpointController);
+/** Auth required for role/tenant-scoped endpoint config resolution. */
+router.get('/', requireJwtAuth, endpointController);
 
 module.exports = router;
diff --git a/api/server/routes/index.js b/api/server/routes/index.js
index 6a48919db3..1feaf63fdb 100644
--- a/api/server/routes/index.js
+++ b/api/server/routes/index.js
@@ -2,6 +2,11 @@ const accessPermissions = require('./accessPermissions');
 const assistants = require('./assistants');
 const categories = require('./categories');
 const adminAuth = require('./admin/auth');
+const adminConfig = require('./admin/config');
+const adminGrants = require('./admin/grants');
+const adminGroups = require('./admin/groups');
+const adminRoles = require('./admin/roles');
+const adminUsers = require('./admin/users');
 const endpoints = require('./endpoints');
 const staticRoute = require('./static');
 const messages = require('./messages');
@@ -31,6 +36,11 @@ module.exports = {
   mcp,
   auth,
   adminAuth,
+  adminConfig,
+  adminGrants,
+  adminGroups,
+  adminRoles,
+  adminUsers,
   keys,
   apiKeys,
   user,
diff --git a/api/server/routes/mcp.js b/api/server/routes/mcp.js
index d6d7ed5ea0..c6496ad4b4 100644
--- a/api/server/routes/mcp.js
+++ b/api/server/routes/mcp.js
@@ -1,5 +1,5 @@
 const { Router } = require('express');
-const { logger } = require('@librechat/data-schemas');
+const { logger, getTenantId } = require('@librechat/data-schemas');
 const {
   CacheKeys,
   Constants,
@@ -36,7 +36,11 @@ const {
   getFlowStateManager,
   getMCPManager,
 } = require('~/config');
-const { getMCPSetupData, getServerConnectionStatus } = require('~/server/services/MCP');
+const {
+  getServerConnectionStatus,
+  resolveConfigServers,
+  getMCPSetupData,
+} = require('~/server/services/MCP');
 const { requireJwtAuth, canAccessMCPServerResource } = require('~/server/middleware');
 const { getUserPluginAuthValue } = require('~/server/services/PluginService');
 const { updateMCPServerTools } = require('~/server/services/Config/mcp');
@@ -101,7 +105,8 @@ router.get('/:serverName/oauth/initiate', requireJwtAuth, setOAuthSession, async
       return res.status(400).json({ error: 'Invalid flow state' });
     }
 
-    const oauthHeaders = await getOAuthHeaders(serverName, userId);
+    const configServers = await resolveConfigServers(req);
+    const oauthHeaders = await getOAuthHeaders(serverName, userId, configServers);
     const {
       authorizationUrl,
       flowId: oauthFlowId,
@@ -233,7 +238,14 @@ router.get('/:serverName/oauth/callback', async (req, res) => {
     }
 
     logger.debug('[MCP OAuth] Completing OAuth flow');
-    const oauthHeaders = await getOAuthHeaders(serverName, flowState.userId);
+    if (!flowState.oauthHeaders) {
+      logger.warn(
+        '[MCP OAuth] oauthHeaders absent from flow state — config-source server oauth_headers will be empty',
+        { serverName, flowId },
+      );
+    }
+    const oauthHeaders =
+      flowState.oauthHeaders ?? (await getOAuthHeaders(serverName, flowState.userId));
     const tokens = await MCPOAuthHandler.completeOAuthFlow(flowId, code, flowManager, oauthHeaders);
     logger.info('[MCP OAuth] OAuth flow completed, tokens received in callback route');
 
@@ -497,7 +509,12 @@ router.post(
       logger.info(`[MCP Reinitialize] Reinitializing server: ${serverName}`);
 
       const mcpManager = getMCPManager();
-      const serverConfig = await getMCPServersRegistry().getServerConfig(serverName, user.id);
+      const configServers = await resolveConfigServers(req);
+      const serverConfig = await getMCPServersRegistry().getServerConfig(
+        serverName,
+        user.id,
+        configServers,
+      );
       if (!serverConfig) {
         return res.status(404).json({
           error: `MCP server '${serverName}' not found in configuration`,
@@ -522,6 +539,8 @@ router.post(
       const result = await reinitMCPServer({
         user,
         serverName,
+        serverConfig,
+        configServers,
         userMCPAuthMap,
       });
 
@@ -564,6 +583,7 @@ router.get('/connection/status', requireJwtAuth, async (req, res) => {
 
     const { mcpConfig, appConnections, userConnections, oauthServers } = await getMCPSetupData(
       user.id,
+      { role: user.role, tenantId: getTenantId() },
     );
     const connectionStatus = {};
 
@@ -593,9 +613,6 @@ router.get('/connection/status', requireJwtAuth, async (req, res) => {
       connectionStatus,
     });
   } catch (error) {
-    if (error.message === 'MCP config not found') {
-      return res.status(404).json({ error: error.message });
-    }
     logger.error('[MCP Connection Status] Failed to get connection status', error);
     res.status(500).json({ error: 'Failed to get connection status' });
   }
@@ -616,6 +633,7 @@ router.get('/connection/status/:serverName', requireJwtAuth, async (req, res) =>
 
     const { mcpConfig, appConnections, userConnections, oauthServers } = await getMCPSetupData(
       user.id,
+      { role: user.role, tenantId: getTenantId() },
     );
 
     if (!mcpConfig[serverName]) {
@@ -640,9 +658,6 @@ router.get('/connection/status/:serverName', requireJwtAuth, async (req, res) =>
       requiresOAuth: serverStatus.requiresOAuth,
     });
   } catch (error) {
-    if (error.message === 'MCP config not found') {
-      return res.status(404).json({ error: error.message });
-    }
     logger.error(
       `[MCP Per-Server Status] Failed to get connection status for ${req.params.serverName}`,
       error,
@@ -664,7 +679,12 @@ router.get('/:serverName/auth-values', requireJwtAuth, checkMCPUsePermissions, a
       return res.status(401).json({ error: 'User not authenticated' });
     }
 
-    const serverConfig = await getMCPServersRegistry().getServerConfig(serverName, user.id);
+    const configServers = await resolveConfigServers(req);
+    const serverConfig = await getMCPServersRegistry().getServerConfig(
+      serverName,
+      user.id,
+      configServers,
+    );
     if (!serverConfig) {
       return res.status(404).json({
         error: `MCP server '${serverName}' not found in configuration`,
@@ -703,8 +723,12 @@ router.get('/:serverName/auth-values', requireJwtAuth, checkMCPUsePermissions, a
   }
 });
 
-async function getOAuthHeaders(serverName, userId) {
-  const serverConfig = await getMCPServersRegistry().getServerConfig(serverName, userId);
+async function getOAuthHeaders(serverName, userId, configServers) {
+  const serverConfig = await getMCPServersRegistry().getServerConfig(
+    serverName,
+    userId,
+    configServers,
+  );
   return serverConfig?.oauth_headers ?? {};
 }
 
diff --git a/api/server/services/AuthService.js b/api/server/services/AuthService.js
index ef50a365b9..816a0eac5b 100644
--- a/api/server/services/AuthService.js
+++ b/api/server/services/AuthService.js
@@ -13,6 +13,7 @@ const {
   checkEmailConfig,
   isEmailDomainAllowed,
   shouldUseSecureCookie,
+  resolveAppConfigForUser,
 } = require('@librechat/api');
 const {
   findUser,
@@ -189,7 +190,7 @@ const registerUser = async (user, additionalData = {}) => {
 
   let newUserId;
   try {
-    const appConfig = await getAppConfig();
+    const appConfig = await getAppConfig({ baseOnly: true });
     if (!isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
       const errorMessage =
         'The email address provided cannot be used. Please use a different email address.';
@@ -255,19 +256,52 @@ const registerUser = async (user, additionalData = {}) => {
 };
 
 /**
- * Request password reset
+ * Request password reset.
+ *
+ * Uses a two-phase domain check: fast-fail with the memory-cached base config
+ * (zero DB queries) to block globally denied domains before user lookup, then
+ * re-check with tenant-scoped config after user lookup so tenant-specific
+ * restrictions are enforced.
+ *
+ * Phase 1 (base check) returns an Error (HTTP 400) — this intentionally reveals
+ * that the domain is globally blocked, but fires before any DB lookup so it
+ * cannot confirm user existence. Phase 2 (tenant check) returns the generic
+ * success message (HTTP 200) to prevent user-enumeration via status codes.
+ *
  * @param {ServerRequest} req
  */
 const requestPasswordReset = async (req) => {
   const { email } = req.body;
-  const appConfig = await getAppConfig();
-  if (!isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
+
+  const baseConfig = await getAppConfig({ baseOnly: true });
+  if (!isEmailDomainAllowed(email, baseConfig?.registration?.allowedDomains)) {
+    logger.warn(
+      `[requestPasswordReset] Blocked - email domain not allowed [Email: ${email}] [IP: ${req.ip}]`,
+    );
     const error = new Error(ErrorTypes.AUTH_FAILED);
     error.code = ErrorTypes.AUTH_FAILED;
     error.message = 'Email domain not allowed';
     return error;
   }
-  const user = await findUser({ email }, 'email _id');
+
+  const user = await findUser({ email }, 'email _id role tenantId');
+  let appConfig = baseConfig;
+  if (user?.tenantId) {
+    try {
+      appConfig = await resolveAppConfigForUser(getAppConfig, user);
+    } catch (err) {
+      logger.error('[requestPasswordReset] Failed to resolve tenant config, using base:', err);
+    }
+  }
+
+  if (!isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
+    logger.warn(
+      `[requestPasswordReset] Tenant config blocked domain [Email: ${email}] [IP: ${req.ip}]`,
+    );
+    return {
+      message: 'If an account with that email exists, a password reset link has been sent to it.',
+    };
+  }
   const emailEnabled = checkEmailConfig();
 
   logger.warn(`[requestPasswordReset] [Password reset request initiated] [Email: ${email}]`);
diff --git a/api/server/services/AuthService.spec.js b/api/server/services/AuthService.spec.js
index da78f8d775..c8abafdbe5 100644
--- a/api/server/services/AuthService.spec.js
+++ b/api/server/services/AuthService.spec.js
@@ -14,6 +14,7 @@ jest.mock('@librechat/api', () => ({
   isEmailDomainAllowed: jest.fn(),
   math: jest.fn((val, fallback) => (val ? Number(val) : fallback)),
   shouldUseSecureCookie: jest.fn(() => false),
+  resolveAppConfigForUser: jest.fn(async (_getAppConfig, _user) => ({})),
 }));
 jest.mock('~/models', () => ({
   findUser: jest.fn(),
@@ -35,8 +36,14 @@ jest.mock('~/strategies/validators', () => ({ registerSchema: { parse: jest.fn()
 jest.mock('~/server/services/Config', () => ({ getAppConfig: jest.fn() }));
 jest.mock('~/server/utils', () => ({ sendEmail: jest.fn() }));
 
-const { shouldUseSecureCookie } = require('@librechat/api');
-const { setOpenIDAuthTokens } = require('./AuthService');
+const {
+  shouldUseSecureCookie,
+  isEmailDomainAllowed,
+  resolveAppConfigForUser,
+} = require('@librechat/api');
+const { findUser } = require('~/models');
+const { getAppConfig } = require('~/server/services/Config');
+const { setOpenIDAuthTokens, requestPasswordReset } = require('./AuthService');
 
 /** Helper to build a mock Express response */
 function mockResponse() {
@@ -267,3 +274,68 @@ describe('setOpenIDAuthTokens', () => {
     });
   });
 });
+
+describe('requestPasswordReset', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    isEmailDomainAllowed.mockReturnValue(true);
+    getAppConfig.mockResolvedValue({
+      registration: { allowedDomains: ['example.com'] },
+    });
+    resolveAppConfigForUser.mockResolvedValue({
+      registration: { allowedDomains: ['example.com'] },
+    });
+  });
+
+  it('should fast-fail with base config before DB lookup for blocked domains', async () => {
+    isEmailDomainAllowed.mockReturnValue(false);
+
+    const req = { body: { email: 'blocked@evil.com' }, ip: '127.0.0.1' };
+    const result = await requestPasswordReset(req);
+
+    expect(getAppConfig).toHaveBeenCalledWith({ baseOnly: true });
+    expect(findUser).not.toHaveBeenCalled();
+    expect(result).toBeInstanceOf(Error);
+  });
+
+  it('should call resolveAppConfigForUser for tenant user', async () => {
+    const user = {
+      _id: 'user-tenant',
+      email: 'user@example.com',
+      tenantId: 'tenant-x',
+      role: 'USER',
+    };
+    findUser.mockResolvedValue(user);
+
+    const req = { body: { email: 'user@example.com' }, ip: '127.0.0.1' };
+    await requestPasswordReset(req);
+
+    expect(resolveAppConfigForUser).toHaveBeenCalledWith(getAppConfig, user);
+  });
+
+  it('should reuse baseConfig for non-tenant user without calling resolveAppConfigForUser', async () => {
+    findUser.mockResolvedValue({ _id: 'user-no-tenant', email: 'user@example.com' });
+
+    const req = { body: { email: 'user@example.com' }, ip: '127.0.0.1' };
+    await requestPasswordReset(req);
+
+    expect(resolveAppConfigForUser).not.toHaveBeenCalled();
+  });
+
+  it('should return generic response when tenant config blocks the domain (non-enumerable)', async () => {
+    const user = {
+      _id: 'user-tenant',
+      email: 'user@example.com',
+      tenantId: 'tenant-x',
+      role: 'USER',
+    };
+    findUser.mockResolvedValue(user);
+    isEmailDomainAllowed.mockReturnValueOnce(true).mockReturnValueOnce(false);
+
+    const req = { body: { email: 'user@example.com' }, ip: '127.0.0.1' };
+    const result = await requestPasswordReset(req);
+
+    expect(result).not.toBeInstanceOf(Error);
+    expect(result.message).toContain('If an account with that email exists');
+  });
+});
diff --git a/api/server/services/Config/__tests__/invalidateConfigCaches.spec.js b/api/server/services/Config/__tests__/invalidateConfigCaches.spec.js
new file mode 100644
index 0000000000..ddc97042b9
--- /dev/null
+++ b/api/server/services/Config/__tests__/invalidateConfigCaches.spec.js
@@ -0,0 +1,122 @@
+// ── Mocks ──────────────────────────────────────────────────────────────
+
+const mockClearAppConfigCache = jest.fn().mockResolvedValue(undefined);
+const mockClearOverrideCache = jest.fn().mockResolvedValue(undefined);
+
+jest.mock('~/cache/getLogStores', () => {
+  return jest.fn(() => ({}));
+});
+
+jest.mock('~/server/services/start/tools', () => ({
+  loadAndFormatTools: jest.fn(() => ({})),
+}));
+
+jest.mock('../loadCustomConfig', () => jest.fn().mockResolvedValue({}));
+
+jest.mock('@librechat/data-schemas', () => {
+  const actual = jest.requireActual('@librechat/data-schemas');
+  return { ...actual, AppService: jest.fn(() => ({ availableTools: {} })) };
+});
+
+jest.mock('~/models', () => ({
+  getApplicableConfigs: jest.fn().mockResolvedValue([]),
+  getUserPrincipals: jest.fn().mockResolvedValue([]),
+}));
+
+const mockInvalidateCachedTools = jest.fn().mockResolvedValue(undefined);
+jest.mock('../getCachedTools', () => ({
+  setCachedTools: jest.fn().mockResolvedValue(undefined),
+  invalidateCachedTools: mockInvalidateCachedTools,
+}));
+
+const mockClearMcpConfigCache = jest.fn().mockResolvedValue(undefined);
+jest.mock('@librechat/api', () => ({
+  createAppConfigService: jest.fn(() => ({
+    getAppConfig: jest.fn().mockResolvedValue({ availableTools: {} }),
+    clearAppConfigCache: mockClearAppConfigCache,
+    clearOverrideCache: mockClearOverrideCache,
+  })),
+  clearMcpConfigCache: mockClearMcpConfigCache,
+}));
+
+// ── Tests ──────────────────────────────────────────────────────────────
+
+const { invalidateConfigCaches } = require('../app');
+
+describe('invalidateConfigCaches', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('clears all caches', async () => {
+    await invalidateConfigCaches();
+
+    expect(mockClearAppConfigCache).toHaveBeenCalledTimes(1);
+    expect(mockClearOverrideCache).toHaveBeenCalledTimes(1);
+    expect(mockInvalidateCachedTools).toHaveBeenCalledWith({ invalidateGlobal: true });
+    expect(mockClearMcpConfigCache).toHaveBeenCalledTimes(1);
+  });
+
+  it('passes tenantId through to clearOverrideCache', async () => {
+    await invalidateConfigCaches('tenant-a');
+
+    expect(mockClearOverrideCache).toHaveBeenCalledWith('tenant-a');
+    expect(mockClearAppConfigCache).toHaveBeenCalledTimes(1);
+    expect(mockInvalidateCachedTools).toHaveBeenCalledWith({ invalidateGlobal: true });
+  });
+
+  it('all operations run in parallel (not sequentially)', async () => {
+    const order = [];
+
+    mockClearAppConfigCache.mockImplementation(
+      () =>
+        new Promise((r) =>
+          setTimeout(() => {
+            order.push('base');
+            r();
+          }, 10),
+        ),
+    );
+    mockClearOverrideCache.mockImplementation(
+      () =>
+        new Promise((r) =>
+          setTimeout(() => {
+            order.push('override');
+            r();
+          }, 10),
+        ),
+    );
+    mockInvalidateCachedTools.mockImplementation(
+      () =>
+        new Promise((r) =>
+          setTimeout(() => {
+            order.push('tools');
+            r();
+          }, 10),
+        ),
+    );
+    mockClearMcpConfigCache.mockImplementation(
+      () =>
+        new Promise((r) =>
+          setTimeout(() => {
+            order.push('mcp');
+            r();
+          }, 10),
+        ),
+    );
+
+    await invalidateConfigCaches();
+
+    expect(order).toHaveLength(4);
+    expect(new Set(order)).toEqual(new Set(['base', 'override', 'tools', 'mcp']));
+  });
+
+  it('resolves even when clearAppConfigCache throws (partial failure)', async () => {
+    mockClearAppConfigCache.mockRejectedValueOnce(new Error('cache connection lost'));
+
+    await expect(invalidateConfigCaches()).resolves.not.toThrow();
+
+    expect(mockClearOverrideCache).toHaveBeenCalledTimes(1);
+    expect(mockInvalidateCachedTools).toHaveBeenCalledWith({ invalidateGlobal: true });
+  });
+});
diff --git a/api/server/services/Config/app.js b/api/server/services/Config/app.js
index 75a5cbe56d..7aa913e636 100644
--- a/api/server/services/Config/app.js
+++ b/api/server/services/Config/app.js
@@ -1,12 +1,12 @@
 const { CacheKeys } = require('librechat-data-provider');
-const { logger, AppService } = require('@librechat/data-schemas');
+const { AppService, logger } = require('@librechat/data-schemas');
+const { createAppConfigService, clearMcpConfigCache } = require('@librechat/api');
+const { setCachedTools, invalidateCachedTools } = require('./getCachedTools');
 const { loadAndFormatTools } = require('~/server/services/start/tools');
 const loadCustomConfig = require('./loadCustomConfig');
-const { setCachedTools } = require('./getCachedTools');
 const getLogStores = require('~/cache/getLogStores');
 const paths = require('~/config/paths');
-
-const BASE_CONFIG_KEY = '_BASE_';
+const db = require('~/models');
 
 const loadBaseConfig = async () => {
   /** @type {TCustomConfig} */
@@ -20,65 +20,43 @@ const loadBaseConfig = async () => {
   return AppService({ config, paths, systemTools });
 };
 
-/**
- * Get the app configuration based on user context
- * @param {Object} [options]
- * @param {string} [options.role] - User role for role-based config
- * @param {boolean} [options.refresh] - Force refresh the cache
- * @returns {Promise<AppConfig>}
- */
-async function getAppConfig(options = {}) {
-  const { role, refresh } = options;
-
-  const cache = getLogStores(CacheKeys.APP_CONFIG);
-  const cacheKey = role ? role : BASE_CONFIG_KEY;
-
-  if (!refresh) {
-    const cached = await cache.get(cacheKey);
-    if (cached) {
-      return cached;
-    }
-  }
-
-  let baseConfig = await cache.get(BASE_CONFIG_KEY);
-  if (!baseConfig) {
-    logger.info('[getAppConfig] App configuration not initialized. Initializing AppService...');
-    baseConfig = await loadBaseConfig();
-
-    if (!baseConfig) {
-      throw new Error('Failed to initialize app configuration through AppService.');
-    }
-
-    if (baseConfig.availableTools) {
-      await setCachedTools(baseConfig.availableTools);
-    }
-
-    await cache.set(BASE_CONFIG_KEY, baseConfig);
-  }
-
-  // For now, return the base config
-  // In the future, this is where we'll apply role-based modifications
-  if (role) {
-    // TODO: Apply role-based config modifications
-    // const roleConfig = await applyRoleBasedConfig(baseConfig, role);
-    // await cache.set(cacheKey, roleConfig);
-    // return roleConfig;
-  }
-
-  return baseConfig;
-}
+const { getAppConfig, clearAppConfigCache, clearOverrideCache } = createAppConfigService({
+  loadBaseConfig,
+  setCachedTools,
+  getCache: getLogStores,
+  cacheKeys: CacheKeys,
+  getApplicableConfigs: db.getApplicableConfigs,
+  getUserPrincipals: db.getUserPrincipals,
+});
 
 /**
- * Clear the app configuration cache
- * @returns {Promise<boolean>}
+ * Invalidate all config-related caches after an admin config mutation.
+ * Clears the base config, per-principal override caches, tool caches,
+ * and the MCP config-source server cache.
+ * @param {string} [tenantId] - Optional tenant ID to scope override cache clearing.
  */
-async function clearAppConfigCache() {
-  const cache = getLogStores(CacheKeys.CONFIG_STORE);
-  const cacheKey = CacheKeys.APP_CONFIG;
-  return await cache.delete(cacheKey);
+async function invalidateConfigCaches(tenantId) {
+  const results = await Promise.allSettled([
+    clearAppConfigCache(),
+    clearOverrideCache(tenantId),
+    invalidateCachedTools({ invalidateGlobal: true }),
+    clearMcpConfigCache(),
+  ]);
+  const labels = [
+    'clearAppConfigCache',
+    'clearOverrideCache',
+    'invalidateCachedTools',
+    'clearMcpConfigCache',
+  ];
+  for (let i = 0; i < results.length; i++) {
+    if (results[i].status === 'rejected') {
+      logger.error(`[invalidateConfigCaches] ${labels[i]} failed:`, results[i].reason);
+    }
+  }
 }
 
 module.exports = {
   getAppConfig,
   clearAppConfigCache,
+  invalidateConfigCaches,
 };
diff --git a/api/server/services/Config/getEndpointsConfig.js b/api/server/services/Config/getEndpointsConfig.js
index bb22584851..d09b45626c 100644
--- a/api/server/services/Config/getEndpointsConfig.js
+++ b/api/server/services/Config/getEndpointsConfig.js
@@ -1,133 +1,10 @@
-const { loadCustomEndpointsConfig } = require('@librechat/api');
-const {
-  CacheKeys,
-  EModelEndpoint,
-  isAgentsEndpoint,
-  orderEndpointsConfig,
-  defaultAgentCapabilities,
-} = require('librechat-data-provider');
+const { createEndpointsConfigService } = require('@librechat/api');
 const loadDefaultEndpointsConfig = require('./loadDefaultEConfig');
-const getLogStores = require('~/cache/getLogStores');
 const { getAppConfig } = require('./app');
 
-/**
- *
- * @param {ServerRequest} req
- * @returns {Promise<TEndpointsConfig>}
- */
-async function getEndpointsConfig(req) {
-  const cache = getLogStores(CacheKeys.CONFIG_STORE);
-  const cachedEndpointsConfig = await cache.get(CacheKeys.ENDPOINT_CONFIG);
-  if (cachedEndpointsConfig) {
-    if (cachedEndpointsConfig.gptPlugins) {
-      await cache.delete(CacheKeys.ENDPOINT_CONFIG);
-    } else {
-      return cachedEndpointsConfig;
-    }
-  }
-
-  const appConfig = req.config ?? (await getAppConfig({ role: req.user?.role }));
-  const defaultEndpointsConfig = await loadDefaultEndpointsConfig(appConfig);
-  const customEndpointsConfig = loadCustomEndpointsConfig(appConfig?.endpoints?.custom);
-
-  /** @type {TEndpointsConfig} */
-  const mergedConfig = {
-    ...defaultEndpointsConfig,
-    ...customEndpointsConfig,
-  };
-
-  if (appConfig.endpoints?.[EModelEndpoint.azureOpenAI]) {
-    /** @type {Omit<TConfig, 'order'>} */
-    mergedConfig[EModelEndpoint.azureOpenAI] = {
-      userProvide: false,
-    };
-  }
-
-  // Enable Anthropic endpoint when Vertex AI is configured in YAML
-  if (appConfig.endpoints?.[EModelEndpoint.anthropic]?.vertexConfig?.enabled) {
-    /** @type {Omit<TConfig, 'order'>} */
-    mergedConfig[EModelEndpoint.anthropic] = {
-      userProvide: false,
-    };
-  }
-
-  if (appConfig.endpoints?.[EModelEndpoint.azureOpenAI]?.assistants) {
-    /** @type {Omit<TConfig, 'order'>} */
-    mergedConfig[EModelEndpoint.azureAssistants] = {
-      userProvide: false,
-    };
-  }
-
-  if (
-    mergedConfig[EModelEndpoint.assistants] &&
-    appConfig?.endpoints?.[EModelEndpoint.assistants]
-  ) {
-    const { disableBuilder, retrievalModels, capabilities, version, ..._rest } =
-      appConfig.endpoints[EModelEndpoint.assistants];
-
-    mergedConfig[EModelEndpoint.assistants] = {
-      ...mergedConfig[EModelEndpoint.assistants],
-      version,
-      retrievalModels,
-      disableBuilder,
-      capabilities,
-    };
-  }
-  if (mergedConfig[EModelEndpoint.agents] && appConfig?.endpoints?.[EModelEndpoint.agents]) {
-    const { disableBuilder, capabilities, allowedProviders, ..._rest } =
-      appConfig.endpoints[EModelEndpoint.agents];
-
-    mergedConfig[EModelEndpoint.agents] = {
-      ...mergedConfig[EModelEndpoint.agents],
-      allowedProviders,
-      disableBuilder,
-      capabilities,
-    };
-  }
-
-  if (
-    mergedConfig[EModelEndpoint.azureAssistants] &&
-    appConfig?.endpoints?.[EModelEndpoint.azureAssistants]
-  ) {
-    const { disableBuilder, retrievalModels, capabilities, version, ..._rest } =
-      appConfig.endpoints[EModelEndpoint.azureAssistants];
-
-    mergedConfig[EModelEndpoint.azureAssistants] = {
-      ...mergedConfig[EModelEndpoint.azureAssistants],
-      version,
-      retrievalModels,
-      disableBuilder,
-      capabilities,
-    };
-  }
-
-  if (mergedConfig[EModelEndpoint.bedrock] && appConfig?.endpoints?.[EModelEndpoint.bedrock]) {
-    const { availableRegions } = appConfig.endpoints[EModelEndpoint.bedrock];
-    mergedConfig[EModelEndpoint.bedrock] = {
-      ...mergedConfig[EModelEndpoint.bedrock],
-      availableRegions,
-    };
-  }
-
-  const endpointsConfig = orderEndpointsConfig(mergedConfig);
-
-  await cache.set(CacheKeys.ENDPOINT_CONFIG, endpointsConfig);
-  return endpointsConfig;
-}
-
-/**
- * @param {ServerRequest} req
- * @param {import('librechat-data-provider').AgentCapabilities} capability
- * @returns {Promise<boolean>}
- */
-const checkCapability = async (req, capability) => {
-  const isAgents = isAgentsEndpoint(req.body?.endpointType || req.body?.endpoint);
-  const endpointsConfig = await getEndpointsConfig(req);
-  const capabilities =
-    isAgents || endpointsConfig?.[EModelEndpoint.agents]?.capabilities != null
-      ? (endpointsConfig?.[EModelEndpoint.agents]?.capabilities ?? [])
-      : defaultAgentCapabilities;
-  return capabilities.includes(capability);
-};
+const { getEndpointsConfig, checkCapability } = createEndpointsConfigService({
+  getAppConfig,
+  loadDefaultEndpointsConfig,
+});
 
 module.exports = { getEndpointsConfig, checkCapability };
diff --git a/api/server/services/Config/loadConfigModels.js b/api/server/services/Config/loadConfigModels.js
index 2bc83ecc3a..93212cd030 100644
--- a/api/server/services/Config/loadConfigModels.js
+++ b/api/server/services/Config/loadConfigModels.js
@@ -1,117 +1,11 @@
-const { isUserProvided, fetchModels } = require('@librechat/api');
-const {
-  EModelEndpoint,
-  extractEnvVariable,
-  normalizeEndpointName,
-} = require('librechat-data-provider');
+const { createLoadConfigModels, fetchModels } = require('@librechat/api');
 const { getAppConfig } = require('./app');
+const db = require('~/models');
 
-/**
- * Load config endpoints from the cached configuration object
- * @function loadConfigModels
- * @param {ServerRequest} req - The Express request object.
- */
-async function loadConfigModels(req) {
-  const appConfig = await getAppConfig({ role: req.user?.role });
-  if (!appConfig) {
-    return {};
-  }
-  const modelsConfig = {};
-  const azureConfig = appConfig.endpoints?.[EModelEndpoint.azureOpenAI];
-  const { modelNames } = azureConfig ?? {};
-
-  if (modelNames && azureConfig) {
-    modelsConfig[EModelEndpoint.azureOpenAI] = modelNames;
-  }
-
-  if (azureConfig?.assistants && azureConfig.assistantModels) {
-    modelsConfig[EModelEndpoint.azureAssistants] = azureConfig.assistantModels;
-  }
-
-  const bedrockConfig = appConfig.endpoints?.[EModelEndpoint.bedrock];
-  if (bedrockConfig?.models && Array.isArray(bedrockConfig.models)) {
-    modelsConfig[EModelEndpoint.bedrock] = bedrockConfig.models;
-  }
-
-  if (!Array.isArray(appConfig.endpoints?.[EModelEndpoint.custom])) {
-    return modelsConfig;
-  }
-
-  const customEndpoints = appConfig.endpoints[EModelEndpoint.custom].filter(
-    (endpoint) =>
-      endpoint.baseURL &&
-      endpoint.apiKey &&
-      endpoint.name &&
-      endpoint.models &&
-      (endpoint.models.fetch || endpoint.models.default),
-  );
-
-  /**
-   * @type {Record<string, Promise<string[]>>}
-   * Map for promises keyed by unique combination of baseURL and apiKey */
-  const fetchPromisesMap = {};
-  /**
-   * @type {Record<string, string[]>}
-   * Map to associate unique keys with endpoint names; note: one key may can correspond to multiple endpoints */
-  const uniqueKeyToEndpointsMap = {};
-  /**
-   * @type {Record<string, Partial<TEndpoint>>}
-   * Map to associate endpoint names to their configurations */
-  const endpointsMap = {};
-
-  for (let i = 0; i < customEndpoints.length; i++) {
-    const endpoint = customEndpoints[i];
-    const { models, name: configName, baseURL, apiKey, headers: endpointHeaders } = endpoint;
-    const name = normalizeEndpointName(configName);
-    endpointsMap[name] = endpoint;
-
-    const API_KEY = extractEnvVariable(apiKey);
-    const BASE_URL = extractEnvVariable(baseURL);
-
-    const uniqueKey = `${BASE_URL}__${API_KEY}`;
-
-    modelsConfig[name] = [];
-
-    if (models.fetch && !isUserProvided(API_KEY) && !isUserProvided(BASE_URL)) {
-      fetchPromisesMap[uniqueKey] =
-        fetchPromisesMap[uniqueKey] ||
-        fetchModels({
-          name,
-          apiKey: API_KEY,
-          baseURL: BASE_URL,
-          user: req.user.id,
-          userObject: req.user,
-          headers: endpointHeaders,
-          direct: endpoint.directEndpoint,
-          userIdQuery: models.userIdQuery,
-        });
-      uniqueKeyToEndpointsMap[uniqueKey] = uniqueKeyToEndpointsMap[uniqueKey] || [];
-      uniqueKeyToEndpointsMap[uniqueKey].push(name);
-      continue;
-    }
-
-    if (Array.isArray(models.default)) {
-      modelsConfig[name] = models.default.map((model) =>
-        typeof model === 'string' ? model : model.name,
-      );
-    }
-  }
-
-  const fetchedData = await Promise.all(Object.values(fetchPromisesMap));
-  const uniqueKeys = Object.keys(fetchPromisesMap);
-
-  for (let i = 0; i < fetchedData.length; i++) {
-    const currentKey = uniqueKeys[i];
-    const modelData = fetchedData[i];
-    const associatedNames = uniqueKeyToEndpointsMap[currentKey];
-
-    for (const name of associatedNames) {
-      const endpoint = endpointsMap[name];
-      modelsConfig[name] = !modelData?.length ? (endpoint.models.default ?? []) : modelData;
-    }
-  }
-
-  return modelsConfig;
-}
+const loadConfigModels = createLoadConfigModels({
+  getAppConfig,
+  getUserKeyValues: db.getUserKeyValues,
+  fetchModels,
+});
 
 module.exports = loadConfigModels;
diff --git a/api/server/services/Config/loadConfigModels.spec.js b/api/server/services/Config/loadConfigModels.spec.js
index 6ffb8ba522..d3ec0309ae 100644
--- a/api/server/services/Config/loadConfigModels.spec.js
+++ b/api/server/services/Config/loadConfigModels.spec.js
@@ -7,6 +7,13 @@ jest.mock('@librechat/api', () => ({
   fetchModels: jest.fn(),
 }));
 jest.mock('./app');
+jest.mock('@librechat/data-schemas', () => ({
+  ...jest.requireActual('@librechat/data-schemas'),
+  logger: { debug: jest.fn(), error: jest.fn(), warn: jest.fn() },
+}));
+jest.mock('~/models', () => ({
+  getUserKeyValues: jest.fn(),
+}));
 
 const exampleConfig = {
   endpoints: {
@@ -68,11 +75,11 @@ describe('loadConfigModels', () => {
   const originalEnv = process.env;
 
   beforeEach(() => {
-    jest.resetAllMocks();
-    jest.resetModules();
+    jest.clearAllMocks();
+    fetchModels.mockReset();
+    require('~/models').getUserKeyValues.mockReset();
     process.env = { ...originalEnv };
 
-    // Default mock for getAppConfig
     getAppConfig.mockResolvedValue({});
   });
 
@@ -337,6 +344,168 @@ describe('loadConfigModels', () => {
     expect(result.FalsyFetchModel).toEqual(['defaultModel1', 'defaultModel2']);
   });
 
+  describe('user-provided API key model fetching', () => {
+    it('fetches models using user-provided API key when key is stored', async () => {
+      const { getUserKeyValues } = require('~/models');
+      getUserKeyValues.mockResolvedValueOnce({
+        apiKey: 'sk-user-key',
+        baseURL: 'https://api.x.com/v1',
+      });
+      getAppConfig.mockResolvedValue({
+        endpoints: {
+          custom: [
+            {
+              name: 'UserEndpoint',
+              apiKey: 'user_provided',
+              baseURL: 'user_provided',
+              models: { fetch: true, default: ['fallback-model'] },
+            },
+          ],
+        },
+      });
+      fetchModels.mockResolvedValue(['fetched-model-a', 'fetched-model-b']);
+
+      const result = await loadConfigModels(mockRequest);
+
+      expect(getUserKeyValues).toHaveBeenCalledWith({ userId: 'testUserId', name: 'UserEndpoint' });
+      expect(fetchModels).toHaveBeenCalledWith(
+        expect.objectContaining({
+          apiKey: 'sk-user-key',
+          baseURL: 'https://api.x.com/v1',
+          skipCache: true,
+        }),
+      );
+      expect(result.UserEndpoint).toEqual(['fetched-model-a', 'fetched-model-b']);
+    });
+
+    it('falls back to defaults when getUserKeyValues returns no apiKey', async () => {
+      const { getUserKeyValues } = require('~/models');
+      getUserKeyValues.mockResolvedValueOnce({ baseURL: 'https://api.x.com/v1' });
+      getAppConfig.mockResolvedValue({
+        endpoints: {
+          custom: [
+            {
+              name: 'NoKeyEndpoint',
+              apiKey: 'user_provided',
+              baseURL: 'https://api.x.com/v1',
+              models: { fetch: true, default: ['default-model'] },
+            },
+          ],
+        },
+      });
+
+      const result = await loadConfigModels(mockRequest);
+
+      expect(fetchModels).not.toHaveBeenCalled();
+      expect(result.NoKeyEndpoint).toEqual(['default-model']);
+    });
+
+    it('falls back to defaults and logs warn when getUserKeyValues throws infra error', async () => {
+      const { getUserKeyValues } = require('~/models');
+      const { logger } = require('@librechat/data-schemas');
+      getUserKeyValues.mockRejectedValueOnce(new Error('DB connection timeout'));
+      getAppConfig.mockResolvedValue({
+        endpoints: {
+          custom: [
+            {
+              name: 'ErrorEndpoint',
+              apiKey: 'user_provided',
+              baseURL: 'https://api.example.com/v1',
+              models: { fetch: true, default: ['fallback'] },
+            },
+          ],
+        },
+      });
+
+      const result = await loadConfigModels(mockRequest);
+
+      expect(fetchModels).not.toHaveBeenCalled();
+      expect(result.ErrorEndpoint).toEqual(['fallback']);
+      expect(logger.warn).toHaveBeenCalledWith(
+        expect.stringContaining(
+          'Failed to retrieve user key for "ErrorEndpoint": DB connection timeout',
+        ),
+      );
+      expect(logger.debug).not.toHaveBeenCalledWith(expect.stringContaining('No user key stored'));
+    });
+
+    it('logs debug (not warn) for NO_USER_KEY errors', async () => {
+      const { getUserKeyValues } = require('~/models');
+      const { logger } = require('@librechat/data-schemas');
+      getUserKeyValues.mockRejectedValueOnce(new Error(JSON.stringify({ type: 'no_user_key' })));
+      getAppConfig.mockResolvedValue({
+        endpoints: {
+          custom: [
+            {
+              name: 'MissingKeyEndpoint',
+              apiKey: 'user_provided',
+              baseURL: 'https://api.example.com/v1',
+              models: { fetch: true, default: ['default-model'] },
+            },
+          ],
+        },
+      });
+
+      const result = await loadConfigModels(mockRequest);
+
+      expect(result.MissingKeyEndpoint).toEqual(['default-model']);
+      expect(logger.debug).toHaveBeenCalledWith(expect.stringContaining('No user key stored'));
+      expect(logger.warn).not.toHaveBeenCalledWith(
+        expect.stringContaining('Failed to retrieve user key'),
+      );
+    });
+
+    it('skips user key lookup when req.user.id is undefined', async () => {
+      const { getUserKeyValues } = require('~/models');
+      getAppConfig.mockResolvedValue({
+        endpoints: {
+          custom: [
+            {
+              name: 'NoUserEndpoint',
+              apiKey: 'user_provided',
+              baseURL: 'https://api.x.com/v1',
+              models: { fetch: true, default: ['anon-model'] },
+            },
+          ],
+        },
+      });
+
+      const result = await loadConfigModels({ user: {} });
+
+      expect(getUserKeyValues).not.toHaveBeenCalled();
+      expect(result.NoUserEndpoint).toEqual(['anon-model']);
+    });
+
+    it('uses stored baseURL only when baseURL is user_provided', async () => {
+      const { getUserKeyValues } = require('~/models');
+      getUserKeyValues.mockResolvedValueOnce({ apiKey: 'sk-key' });
+      getAppConfig.mockResolvedValue({
+        endpoints: {
+          custom: [
+            {
+              name: 'KeyOnly',
+              apiKey: 'user_provided',
+              baseURL: 'https://fixed-base.com/v1',
+              models: { fetch: true, default: ['default'] },
+            },
+          ],
+        },
+      });
+      fetchModels.mockResolvedValue(['model-from-fixed-base']);
+
+      const result = await loadConfigModels(mockRequest);
+
+      expect(fetchModels).toHaveBeenCalledWith(
+        expect.objectContaining({
+          apiKey: 'sk-key',
+          baseURL: 'https://fixed-base.com/v1',
+          skipCache: true,
+        }),
+      );
+      expect(result.KeyOnly).toEqual(['model-from-fixed-base']);
+    });
+  });
+
   it('normalizes Ollama endpoint name to lowercase', async () => {
     const testCases = [
       {
diff --git a/api/server/services/Config/loadDefaultModels.js b/api/server/services/Config/loadDefaultModels.js
index 31aa831a70..85f2c42a33 100644
--- a/api/server/services/Config/loadDefaultModels.js
+++ b/api/server/services/Config/loadDefaultModels.js
@@ -16,7 +16,8 @@ const { getAppConfig } = require('./app');
  */
 async function loadDefaultModels(req) {
   try {
-    const appConfig = req.config ?? (await getAppConfig({ role: req.user?.role }));
+    const appConfig =
+      req.config ?? (await getAppConfig({ role: req.user?.role, tenantId: req.user?.tenantId }));
     const vertexConfig = appConfig?.endpoints?.[EModelEndpoint.anthropic]?.vertexConfig;
 
     const [openAI, anthropic, azureOpenAI, assistants, azureAssistants, google, bedrock] =
diff --git a/api/server/services/Config/mcp.js b/api/server/services/Config/mcp.js
index cc4e98b59e..fa37e223f5 100644
--- a/api/server/services/Config/mcp.js
+++ b/api/server/services/Config/mcp.js
@@ -1,97 +1,10 @@
-const { logger } = require('@librechat/data-schemas');
-const { CacheKeys, Constants } = require('librechat-data-provider');
+const { createMCPToolCacheService } = require('@librechat/api');
 const { getCachedTools, setCachedTools } = require('./getCachedTools');
-const { getLogStores } = require('~/cache');
 
-/**
- * Updates MCP tools in the cache for a specific server
- * @param {Object} params - Parameters for updating MCP tools
- * @param {string} params.userId - User ID for user-specific caching
- * @param {string} params.serverName - MCP server name
- * @param {Array} params.tools - Array of tool objects from MCP server
- * @returns {Promise<LCAvailableTools>}
- */
-async function updateMCPServerTools({ userId, serverName, tools }) {
-  try {
-    const serverTools = {};
-    const mcpDelimiter = Constants.mcp_delimiter;
-
-    if (tools == null || tools.length === 0) {
-      logger.debug(`[MCP Cache] No tools to update for server ${serverName} (user: ${userId})`);
-      return serverTools;
-    }
-
-    for (const tool of tools) {
-      const name = `${tool.name}${mcpDelimiter}${serverName}`;
-      serverTools[name] = {
-        type: 'function',
-        ['function']: {
-          name,
-          description: tool.description,
-          parameters: tool.inputSchema,
-        },
-      };
-    }
-
-    await setCachedTools(serverTools, { userId, serverName });
-
-    const cache = getLogStores(CacheKeys.TOOL_CACHE);
-    await cache.delete(CacheKeys.TOOLS);
-    logger.debug(
-      `[MCP Cache] Updated ${tools.length} tools for server ${serverName} (user: ${userId})`,
-    );
-    return serverTools;
-  } catch (error) {
-    logger.error(`[MCP Cache] Failed to update tools for ${serverName} (user: ${userId}):`, error);
-    throw error;
-  }
-}
-
-/**
- * Merges app-level tools with global tools
- * @param {import('@librechat/api').LCAvailableTools} appTools
- * @returns {Promise<void>}
- */
-async function mergeAppTools(appTools) {
-  try {
-    const count = Object.keys(appTools).length;
-    if (!count) {
-      return;
-    }
-    const cachedTools = await getCachedTools();
-    const mergedTools = { ...cachedTools, ...appTools };
-    await setCachedTools(mergedTools);
-    const cache = getLogStores(CacheKeys.TOOL_CACHE);
-    await cache.delete(CacheKeys.TOOLS);
-    logger.debug(`Merged ${count} app-level tools`);
-  } catch (error) {
-    logger.error('Failed to merge app-level tools:', error);
-    throw error;
-  }
-}
-
-/**
- * Caches MCP server tools (no longer merges with global)
- * @param {object} params
- * @param {string} params.userId - User ID for user-specific caching
- * @param {string} params.serverName
- * @param {import('@librechat/api').LCAvailableTools} params.serverTools
- * @returns {Promise<void>}
- */
-async function cacheMCPServerTools({ userId, serverName, serverTools }) {
-  try {
-    const count = Object.keys(serverTools).length;
-    if (!count) {
-      return;
-    }
-    // Only cache server-specific tools, no merging with global
-    await setCachedTools(serverTools, { userId, serverName });
-    logger.debug(`Cached ${count} MCP server tools for ${serverName} (user: ${userId})`);
-  } catch (error) {
-    logger.error(`Failed to cache MCP server tools for ${serverName} (user: ${userId}):`, error);
-    throw error;
-  }
-}
+const { mergeAppTools, cacheMCPServerTools, updateMCPServerTools } = createMCPToolCacheService({
+  getCachedTools,
+  setCachedTools,
+});
 
 module.exports = {
   mergeAppTools,
diff --git a/api/server/services/Files/Audio/STTService.js b/api/server/services/Files/Audio/STTService.js
index 4ba62a7eeb..c9a35c35ea 100644
--- a/api/server/services/Files/Audio/STTService.js
+++ b/api/server/services/Files/Audio/STTService.js
@@ -142,6 +142,7 @@ class STTService {
       req.config ??
       (await getAppConfig({
         role: req?.user?.role,
+        tenantId: req?.user?.tenantId,
       }));
     const sttSchema = appConfig?.speech?.stt;
     if (!sttSchema) {
diff --git a/api/server/services/Files/Audio/TTSService.js b/api/server/services/Files/Audio/TTSService.js
index 2c932968c6..1125dd74ed 100644
--- a/api/server/services/Files/Audio/TTSService.js
+++ b/api/server/services/Files/Audio/TTSService.js
@@ -297,6 +297,7 @@ class TTSService {
       req.config ??
       (await getAppConfig({
         role: req.user?.role,
+        tenantId: req.user?.tenantId,
       }));
     try {
       res.setHeader('Content-Type', 'audio/mpeg');
@@ -365,6 +366,7 @@ class TTSService {
       req.config ??
       (await getAppConfig({
         role: req.user?.role,
+        tenantId: req.user?.tenantId,
       }));
     const provider = this.getProvider(appConfig);
     const ttsSchema = appConfig?.speech?.tts?.[provider];
diff --git a/api/server/services/Files/Audio/getCustomConfigSpeech.js b/api/server/services/Files/Audio/getCustomConfigSpeech.js
index d0d0b51ac2..b438771ec1 100644
--- a/api/server/services/Files/Audio/getCustomConfigSpeech.js
+++ b/api/server/services/Files/Audio/getCustomConfigSpeech.js
@@ -17,6 +17,7 @@ async function getCustomConfigSpeech(req, res) {
   try {
     const appConfig = await getAppConfig({
       role: req.user?.role,
+      tenantId: req.user?.tenantId,
     });
 
     if (!appConfig) {
diff --git a/api/server/services/Files/Audio/getVoices.js b/api/server/services/Files/Audio/getVoices.js
index f2f8e100c3..22bd7cea6e 100644
--- a/api/server/services/Files/Audio/getVoices.js
+++ b/api/server/services/Files/Audio/getVoices.js
@@ -18,6 +18,7 @@ async function getVoices(req, res) {
       req.config ??
       (await getAppConfig({
         role: req.user?.role,
+        tenantId: req.user?.tenantId,
       }));
 
     const ttsSchema = appConfig?.speech?.tts;
diff --git a/api/server/services/Files/Audio/streamAudio.js b/api/server/services/Files/Audio/streamAudio.js
index c28a96edff..7120399b5e 100644
--- a/api/server/services/Files/Audio/streamAudio.js
+++ b/api/server/services/Files/Audio/streamAudio.js
@@ -1,3 +1,4 @@
+const { scopedCacheKey } = require('@librechat/data-schemas');
 const {
   Time,
   CacheKeys,
@@ -67,6 +68,8 @@ function createChunkProcessor(user, messageId) {
   }
 
   const messageCache = getLogStores(CacheKeys.MESSAGES);
+  // Captured at creation time — must be called within an active request ALS scope
+  const cacheKey = scopedCacheKey(messageId);
 
   /**
    * @returns {Promise<{ text: string, isFinished: boolean }[] | string>}
@@ -81,7 +84,7 @@ function createChunkProcessor(user, messageId) {
     }
 
     /** @type { string | { text: string; complete: boolean } } */
-    let message = await messageCache.get(messageId);
+    let message = await messageCache.get(cacheKey);
     if (!message) {
       message = await getMessage({ user, messageId });
     }
@@ -92,7 +95,7 @@ function createChunkProcessor(user, messageId) {
     } else {
       const text = message.content?.length > 0 ? parseTextParts(message.content) : message.text;
       messageCache.set(
-        messageId,
+        cacheKey,
         {
           text,
           complete: true,
diff --git a/api/server/services/Files/Citations/index.js b/api/server/services/Files/Citations/index.js
index 008e21d7c4..a1d9322467 100644
--- a/api/server/services/Files/Citations/index.js
+++ b/api/server/services/Files/Citations/index.js
@@ -47,7 +47,10 @@ async function processFileCitations({ user, appConfig, toolArtifact, toolCallId,
         logger.error(
           `[processFileCitations] Permission check failed for FILE_CITATIONS: ${error.message}`,
         );
-        logger.debug(`[processFileCitations] Proceeding with citations due to permission error`);
+        logger.warn(
+          '[processFileCitations] Returning null citations due to permission check error — citations will not be shown for this message',
+        );
+        return null;
       }
     }
 
@@ -145,6 +148,8 @@ async function enhanceSourcesWithMetadata(sources, appConfig) {
       metadata: {
         ...source.metadata,
         storageType: configuredStorageType,
+        fileType: fileRecord.type || undefined,
+        fileBytes: fileRecord.bytes || undefined,
       },
     };
   });
diff --git a/api/server/services/MCP.js b/api/server/services/MCP.js
index 5d97891c55..dbb44740a9 100644
--- a/api/server/services/MCP.js
+++ b/api/server/services/MCP.js
@@ -1,5 +1,5 @@
 const { tool } = require('@langchain/core/tools');
-const { logger } = require('@librechat/data-schemas');
+const { logger, getTenantId } = require('@librechat/data-schemas');
 const {
   Providers,
   StepTypes,
@@ -14,6 +14,7 @@ const {
   normalizeJsonSchema,
   GenerationJobManager,
   resolveJsonSchemaRefs,
+  buildOAuthToolCallName,
 } = require('@librechat/api');
 const { Time, CacheKeys, Constants, isAssistantsEndpoint } = require('librechat-data-provider');
 const {
@@ -53,6 +54,53 @@ function evictStale(map, ttl) {
 const unavailableMsg =
   "This tool's MCP server is temporarily unavailable. Please try again shortly.";
 
+/**
+ * Resolves config-source MCP servers from admin Config overrides for the current
+ * request context. Returns the parsed configs keyed by server name.
+ * @param {import('express').Request} req - Express request with user context
+ * @returns {Promise<Record<string, import('@librechat/api').ParsedServerConfig>>}
+ */
+async function resolveConfigServers(req) {
+  try {
+    const registry = getMCPServersRegistry();
+    const user = req?.user;
+    const appConfig = await getAppConfig({
+      role: user?.role,
+      tenantId: getTenantId(),
+      userId: user?.id,
+    });
+    return await registry.ensureConfigServers(appConfig?.mcpConfig || {});
+  } catch (error) {
+    logger.warn(
+      '[resolveConfigServers] Failed to resolve config servers, degrading to empty:',
+      error,
+    );
+    return {};
+  }
+}
+
+/**
+ * Resolves config-source servers and merges all server configs (YAML + config + user DB)
+ * for the given user context. Shared helper for controllers needing the full merged config.
+ * @param {string} userId
+ * @param {{ id?: string, role?: string }} [user]
+ * @returns {Promise<Record<string, import('@librechat/api').ParsedServerConfig>>}
+ */
+async function resolveAllMcpConfigs(userId, user) {
+  const registry = getMCPServersRegistry();
+  const appConfig = await getAppConfig({ role: user?.role, tenantId: getTenantId(), userId });
+  let configServers = {};
+  try {
+    configServers = await registry.ensureConfigServers(appConfig?.mcpConfig || {});
+  } catch (error) {
+    logger.warn(
+      '[resolveAllMcpConfigs] Config server resolution failed, continuing without:',
+      error,
+    );
+  }
+  return await registry.getAllServerConfigs(userId, configServers);
+}
+
 /**
  * @param {string} toolName
  * @param {string} serverName
@@ -248,6 +296,7 @@ async function reconnectServer({
   index,
   signal,
   serverName,
+  configServers,
   userMCPAuthMap,
   streamId = null,
 }) {
@@ -271,7 +320,7 @@ async function reconnectServer({
   const stepId = 'step_oauth_login_' + serverName;
   const toolCall = {
     id: flowId,
-    name: serverName,
+    name: buildOAuthToolCallName(serverName),
     type: 'tool_call_chunk',
   };
 
@@ -316,6 +365,7 @@ async function reconnectServer({
       user,
       signal,
       serverName,
+      configServers,
       oauthStart,
       flowManager,
       userMCPAuthMap,
@@ -358,15 +408,14 @@ async function createMCPTools({
   config,
   provider,
   serverName,
+  configServers,
   userMCPAuthMap,
   streamId = null,
 }) {
-  // Early domain validation before reconnecting server (avoid wasted work on disallowed domains)
-  // Use getAppConfig() to support per-user/role domain restrictions
   const serverConfig =
-    config ?? (await getMCPServersRegistry().getServerConfig(serverName, user?.id));
+    config ?? (await getMCPServersRegistry().getServerConfig(serverName, user?.id, configServers));
   if (serverConfig?.url) {
-    const appConfig = await getAppConfig({ role: user?.role });
+    const appConfig = await getAppConfig({ role: user?.role, tenantId: user?.tenantId });
     const allowedDomains = appConfig?.mcpSettings?.allowedDomains;
     const isDomainAllowed = await isMCPDomainAllowed(serverConfig, allowedDomains);
     if (!isDomainAllowed) {
@@ -381,6 +430,7 @@ async function createMCPTools({
     index,
     signal,
     serverName,
+    configServers,
     userMCPAuthMap,
     streamId,
   });
@@ -400,6 +450,7 @@ async function createMCPTools({
       user,
       provider,
       userMCPAuthMap,
+      configServers,
       streamId,
       availableTools: result.availableTools,
       toolKey: `${tool.name}${Constants.mcp_delimiter}${serverName}`,
@@ -439,16 +490,15 @@ async function createMCPTool({
   userMCPAuthMap,
   availableTools,
   config,
+  configServers,
   streamId = null,
 }) {
   const [toolName, serverName] = toolKey.split(Constants.mcp_delimiter);
 
-  // Runtime domain validation: check if the server's domain is still allowed
-  // Use getAppConfig() to support per-user/role domain restrictions
   const serverConfig =
-    config ?? (await getMCPServersRegistry().getServerConfig(serverName, user?.id));
+    config ?? (await getMCPServersRegistry().getServerConfig(serverName, user?.id, configServers));
   if (serverConfig?.url) {
-    const appConfig = await getAppConfig({ role: user?.role });
+    const appConfig = await getAppConfig({ role: user?.role, tenantId: user?.tenantId });
     const allowedDomains = appConfig?.mcpSettings?.allowedDomains;
     const isDomainAllowed = await isMCPDomainAllowed(serverConfig, allowedDomains);
     if (!isDomainAllowed) {
@@ -477,6 +527,7 @@ async function createMCPTool({
       index,
       signal,
       serverName,
+      configServers,
       userMCPAuthMap,
       streamId,
     });
@@ -500,6 +551,7 @@ async function createMCPTool({
     provider,
     toolName,
     serverName,
+    serverConfig,
     toolDefinition,
     streamId,
   });
@@ -509,13 +561,14 @@ function createToolInstance({
   res,
   toolName,
   serverName,
+  serverConfig: capturedServerConfig,
   toolDefinition,
-  provider: _provider,
+  provider: capturedProvider,
   streamId = null,
 }) {
   /** @type {LCTool} */
   const { description, parameters } = toolDefinition;
-  const isGoogle = _provider === Providers.VERTEXAI || _provider === Providers.GOOGLE;
+  const isGoogle = capturedProvider === Providers.VERTEXAI || capturedProvider === Providers.GOOGLE;
 
   let schema = parameters ? normalizeJsonSchema(resolveJsonSchemaRefs(parameters)) : null;
 
@@ -544,7 +597,7 @@ function createToolInstance({
       const flowManager = getFlowStateManager(flowsCache);
       derivedSignal = config?.signal ? AbortSignal.any([config.signal]) : undefined;
       const mcpManager = getMCPManager(userId);
-      const provider = (config?.metadata?.provider || _provider)?.toLowerCase();
+      const provider = (config?.metadata?.provider || capturedProvider)?.toLowerCase();
 
       const { args: _args, stepId, ...toolCall } = config.toolCall ?? {};
       const flowId = `${serverName}:oauth_login:${config.metadata.thread_id}:${config.metadata.run_id}`;
@@ -576,6 +629,7 @@ function createToolInstance({
 
       const result = await mcpManager.callTool({
         serverName,
+        serverConfig: capturedServerConfig,
         toolName,
         provider,
         toolArguments,
@@ -643,30 +697,36 @@ function createToolInstance({
 }
 
 /**
- * Get MCP setup data including config, connections, and OAuth servers
+ * Get MCP setup data including config, connections, and OAuth servers.
+ * Resolves config-source servers from admin Config overrides when tenant context is available.
  * @param {string} userId - The user ID
+ * @param {{ role?: string, tenantId?: string }} [options] - Optional role/tenant context
  * @returns {Object} Object containing mcpConfig, appConnections, userConnections, and oauthServers
  */
-async function getMCPSetupData(userId) {
-  const mcpConfig = await getMCPServersRegistry().getAllServerConfigs(userId);
-
-  if (!mcpConfig) {
-    throw new Error('MCP config not found');
-  }
+async function getMCPSetupData(userId, options = {}) {
+  const registry = getMCPServersRegistry();
+  const { role, tenantId } = options;
 
+  const appConfig = await getAppConfig({ role, tenantId, userId });
+  const configServers = await registry.ensureConfigServers(appConfig?.mcpConfig || {});
+  const mcpConfig = await registry.getAllServerConfigs(userId, configServers);
   const mcpManager = getMCPManager(userId);
   /** @type {Map<string, import('@librechat/api').MCPConnection>} */
   let appConnections = new Map();
   try {
-    // Use getLoaded() instead of getAll() to avoid forcing connection creation
+    // Use getLoaded() instead of getAll() to avoid forcing connection creation.
     // getAll() creates connections for all servers, which is problematic for servers
-    // that require user context (e.g., those with {{LIBRECHAT_USER_ID}} placeholders)
+    // that require user context (e.g., those with {{LIBRECHAT_USER_ID}} placeholders).
     appConnections = (await mcpManager.appConnections?.getLoaded()) || new Map();
   } catch (error) {
     logger.error(`[MCP][User: ${userId}] Error getting app connections:`, error);
   }
   const userConnections = mcpManager.getUserConnections(userId) || new Map();
-  const oauthServers = await getMCPServersRegistry().getOAuthServers(userId);
+  const oauthServers = new Set(
+    Object.entries(mcpConfig)
+      .filter(([, config]) => config.requiresOAuth)
+      .map(([name]) => name),
+  );
 
   return {
     mcpConfig,
@@ -788,6 +848,8 @@ module.exports = {
   createMCPTool,
   createMCPTools,
   getMCPSetupData,
+  resolveConfigServers,
+  resolveAllMcpConfigs,
   checkOAuthFlowStatus,
   getServerConnectionStatus,
   createUnavailableToolStub,
diff --git a/api/server/services/MCP.spec.js b/api/server/services/MCP.spec.js
index 14a9ef90ed..c9925827f8 100644
--- a/api/server/services/MCP.spec.js
+++ b/api/server/services/MCP.spec.js
@@ -14,6 +14,7 @@ const mockRegistryInstance = {
   getOAuthServers: jest.fn(() => Promise.resolve(new Set())),
   getAllServerConfigs: jest.fn(() => Promise.resolve({})),
   getServerConfig: jest.fn(() => Promise.resolve(null)),
+  ensureConfigServers: jest.fn(() => Promise.resolve({})),
 };
 
 // Create isMCPDomainAllowed mock that can be configured per-test
@@ -113,38 +114,43 @@ describe('tests for the new helper functions used by the MCP connection status e
     });
 
     it('should successfully return MCP setup data', async () => {
-      mockRegistryInstance.getAllServerConfigs.mockResolvedValue(mockConfig);
+      const mockConfigWithOAuth = {
+        server1: { type: 'stdio' },
+        server2: { type: 'http', requiresOAuth: true },
+      };
+      mockRegistryInstance.getAllServerConfigs.mockResolvedValue(mockConfigWithOAuth);
 
       const mockAppConnections = new Map([['server1', { status: 'connected' }]]);
       const mockUserConnections = new Map([['server2', { status: 'disconnected' }]]);
-      const mockOAuthServers = new Set(['server2']);
 
       const mockMCPManager = {
         appConnections: { getLoaded: jest.fn(() => Promise.resolve(mockAppConnections)) },
         getUserConnections: jest.fn(() => mockUserConnections),
       };
       mockGetMCPManager.mockReturnValue(mockMCPManager);
-      mockRegistryInstance.getOAuthServers.mockResolvedValue(mockOAuthServers);
 
       const result = await getMCPSetupData(mockUserId);
 
-      expect(mockRegistryInstance.getAllServerConfigs).toHaveBeenCalledWith(mockUserId);
+      expect(mockRegistryInstance.ensureConfigServers).toHaveBeenCalled();
+      expect(mockRegistryInstance.getAllServerConfigs).toHaveBeenCalledWith(
+        mockUserId,
+        expect.any(Object),
+      );
       expect(mockGetMCPManager).toHaveBeenCalledWith(mockUserId);
       expect(mockMCPManager.appConnections.getLoaded).toHaveBeenCalled();
       expect(mockMCPManager.getUserConnections).toHaveBeenCalledWith(mockUserId);
-      expect(mockRegistryInstance.getOAuthServers).toHaveBeenCalledWith(mockUserId);
 
-      expect(result).toEqual({
-        mcpConfig: mockConfig,
-        appConnections: mockAppConnections,
-        userConnections: mockUserConnections,
-        oauthServers: mockOAuthServers,
-      });
+      expect(result.mcpConfig).toEqual(mockConfigWithOAuth);
+      expect(result.appConnections).toEqual(mockAppConnections);
+      expect(result.userConnections).toEqual(mockUserConnections);
+      expect(result.oauthServers).toEqual(new Set(['server2']));
     });
 
-    it('should throw error when MCP config not found', async () => {
-      mockRegistryInstance.getAllServerConfigs.mockResolvedValue(null);
-      await expect(getMCPSetupData(mockUserId)).rejects.toThrow('MCP config not found');
+    it('should return empty data when no servers are configured', async () => {
+      mockRegistryInstance.getAllServerConfigs.mockResolvedValue({});
+      const result = await getMCPSetupData(mockUserId);
+      expect(result.mcpConfig).toEqual({});
+      expect(result.oauthServers).toEqual(new Set());
     });
 
     it('should handle null values from MCP manager gracefully', async () => {
diff --git a/api/server/services/ToolService.js b/api/server/services/ToolService.js
index ca75e7eb4f..b4d948eda4 100644
--- a/api/server/services/ToolService.js
+++ b/api/server/services/ToolService.js
@@ -19,6 +19,7 @@ const {
   buildWebSearchContext,
   buildImageToolContext,
   buildToolClassification,
+  buildOAuthToolCallName,
 } = require('@librechat/api');
 const {
   Time,
@@ -30,6 +31,7 @@ const {
   imageGenTools,
   EModelEndpoint,
   EToolResources,
+  isActionTool,
   actionDelimiter,
   ImageVisionTool,
   openapiToFunction,
@@ -59,6 +61,7 @@ const { manifestToolMap, toolkits } = require('~/app/clients/tools/manifest');
 const { createOnSearchResults } = require('~/server/services/Tools/search');
 const { loadAuthValues } = require('~/server/services/Tools/credentials');
 const { reinitMCPServer } = require('~/server/services/Tools/mcp');
+const { resolveConfigServers } = require('~/server/services/MCP');
 const { recordUsage } = require('~/server/services/Threads');
 const { loadTools } = require('~/app/clients/tools/util');
 const { redactMessage } = require('~/config/parsers');
@@ -488,7 +491,7 @@ async function loadToolDefinitionsWrapper({ req, res, agent, streamId = null, to
     if (tool === Tools.web_search) {
       return checkCapability(AgentCapabilities.web_search);
     }
-    if (tool.includes(actionDelimiter)) {
+    if (isActionTool(tool)) {
       return actionsEnabled;
     }
     if (!areToolsEnabled) {
@@ -513,6 +516,7 @@ async function loadToolDefinitionsWrapper({ req, res, agent, streamId = null, to
 
   const flowsCache = getLogStores(CacheKeys.FLOWS);
   const flowManager = getFlowStateManager(flowsCache);
+  const configServers = await resolveConfigServers(req);
   const pendingOAuthServers = new Set();
 
   const createOAuthEmitter = (serverName) => {
@@ -521,7 +525,7 @@ async function loadToolDefinitionsWrapper({ req, res, agent, streamId = null, to
       const stepId = 'step_oauth_login_' + serverName;
       const toolCall = {
         id: flowId,
-        name: serverName,
+        name: buildOAuthToolCallName(serverName),
         type: 'tool_call_chunk',
       };
 
@@ -578,6 +582,7 @@ async function loadToolDefinitionsWrapper({ req, res, agent, streamId = null, to
       oauthStart,
       flowManager,
       serverName,
+      configServers,
       userMCPAuthMap,
     });
 
@@ -665,6 +670,7 @@ async function loadToolDefinitionsWrapper({ req, res, agent, streamId = null, to
         const result = await reinitMCPServer({
           user: req.user,
           serverName,
+          configServers,
           userMCPAuthMap,
           flowManager,
           returnOnOAuth: false,
@@ -866,7 +872,7 @@ async function loadAgentTools({
     } else if (tool === Tools.web_search) {
       includesWebSearch = checkCapability(AgentCapabilities.web_search);
       return includesWebSearch;
-    } else if (tool.includes(actionDelimiter)) {
+    } else if (isActionTool(tool)) {
       return actionsEnabled;
     } else if (!areToolsEnabled) {
       return false;
@@ -973,7 +979,7 @@ async function loadAgentTools({
 
   agentTools.push(...additionalTools);
 
-  const hasActionTools = _agentTools.some((t) => t.includes(actionDelimiter));
+  const hasActionTools = _agentTools.some((t) => isActionTool(t));
   if (!hasActionTools) {
     return {
       toolRegistry,
@@ -1232,8 +1238,11 @@ async function loadToolsForExecution({
     ? [...new Set([...requestedNonSpecialToolNames, ...ptcOrchestratedToolNames])]
     : requestedNonSpecialToolNames;
 
-  const actionToolNames = allToolNamesToLoad.filter((name) => name.includes(actionDelimiter));
-  const regularToolNames = allToolNamesToLoad.filter((name) => !name.includes(actionDelimiter));
+  const actionToolNames = [];
+  const regularToolNames = [];
+  for (const name of allToolNamesToLoad) {
+    (isActionTool(name) ? actionToolNames : regularToolNames).push(name);
+  }
 
   if (regularToolNames.length > 0) {
     const includesWebSearch = regularToolNames.includes(Tools.web_search);
diff --git a/api/server/services/Tools/mcp.js b/api/server/services/Tools/mcp.js
index 7589043e10..f1ebcf9796 100644
--- a/api/server/services/Tools/mcp.js
+++ b/api/server/services/Tools/mcp.js
@@ -25,11 +25,13 @@ async function reinitMCPServer({
   signal,
   forceNew,
   serverName,
+  configServers,
   userMCPAuthMap,
   connectionTimeout,
   returnOnOAuth = true,
   oauthStart: _oauthStart,
   flowManager: _flowManager,
+  serverConfig: providedConfig,
 }) {
   /** @type {MCPConnection | null} */
   let connection = null;
@@ -42,13 +44,28 @@ async function reinitMCPServer({
 
   try {
     const registry = getMCPServersRegistry();
-    const serverConfig = await registry.getServerConfig(serverName, user?.id);
+    const serverConfig =
+      providedConfig ?? (await registry.getServerConfig(serverName, user?.id, configServers));
     if (serverConfig?.inspectionFailed) {
+      if (serverConfig.source === 'config') {
+        logger.info(
+          `[MCP Reinitialize] Config-source server ${serverName} has inspectionFailed — retry handled by config cache`,
+        );
+        return {
+          availableTools: null,
+          success: false,
+          message: `MCP server '${serverName}' is still unreachable`,
+          oauthRequired: false,
+          serverName,
+          oauthUrl: null,
+          tools: null,
+        };
+      }
       logger.info(
         `[MCP Reinitialize] Server ${serverName} had failed inspection, attempting reinspection`,
       );
       try {
-        const storageLocation = serverConfig.dbId ? 'DB' : 'CACHE';
+        const storageLocation = serverConfig.source === 'user' ? 'DB' : 'CACHE';
         await registry.reinspectServer(serverName, storageLocation, user?.id);
         logger.info(`[MCP Reinitialize] Reinspection succeeded for server: ${serverName}`);
       } catch (reinspectError) {
@@ -93,6 +110,7 @@ async function reinitMCPServer({
         returnOnOAuth,
         customUserVars,
         connectionTimeout,
+        serverConfig,
       });
 
       logger.info(`[MCP Reinitialize] Successfully established connection for ${serverName}`);
@@ -125,6 +143,7 @@ async function reinitMCPServer({
             oauthStart,
             customUserVars,
             connectionTimeout,
+            configServers,
           });
 
           if (discoveryResult.tools && discoveryResult.tools.length > 0) {
diff --git a/api/server/services/__tests__/MCP.spec.js b/api/server/services/__tests__/MCP.spec.js
new file mode 100644
index 0000000000..39e99d54ac
--- /dev/null
+++ b/api/server/services/__tests__/MCP.spec.js
@@ -0,0 +1,131 @@
+const mockRegistry = {
+  ensureConfigServers: jest.fn(),
+  getAllServerConfigs: jest.fn(),
+};
+
+jest.mock('~/config', () => ({
+  getMCPServersRegistry: jest.fn(() => mockRegistry),
+  getMCPManager: jest.fn(),
+  getFlowStateManager: jest.fn(),
+  getOAuthReconnectionManager: jest.fn(),
+}));
+
+jest.mock('@librechat/data-schemas', () => ({
+  getTenantId: jest.fn(() => 'tenant-1'),
+  logger: { debug: jest.fn(), info: jest.fn(), warn: jest.fn(), error: jest.fn() },
+}));
+
+jest.mock('~/server/services/Config', () => ({
+  getAppConfig: jest.fn(),
+  setCachedTools: jest.fn(),
+  getCachedTools: jest.fn(),
+  getMCPServerTools: jest.fn(),
+  loadCustomConfig: jest.fn(),
+}));
+
+jest.mock('~/cache', () => ({ getLogStores: jest.fn() }));
+jest.mock('~/models', () => ({
+  findToken: jest.fn(),
+  createToken: jest.fn(),
+  updateToken: jest.fn(),
+}));
+jest.mock('~/server/services/GraphTokenService', () => ({
+  getGraphApiToken: jest.fn(),
+}));
+jest.mock('~/server/services/Tools/mcp', () => ({
+  reinitMCPServer: jest.fn(),
+}));
+
+const { getAppConfig } = require('~/server/services/Config');
+const { resolveConfigServers, resolveAllMcpConfigs } = require('../MCP');
+
+describe('resolveConfigServers', () => {
+  beforeEach(() => jest.clearAllMocks());
+
+  it('resolves config servers for the current request context', async () => {
+    getAppConfig.mockResolvedValue({ mcpConfig: { srv: { url: 'http://a' } } });
+    mockRegistry.ensureConfigServers.mockResolvedValue({ srv: { name: 'srv' } });
+
+    const result = await resolveConfigServers({ user: { id: 'u1', role: 'admin' } });
+
+    expect(result).toEqual({ srv: { name: 'srv' } });
+    expect(getAppConfig).toHaveBeenCalledWith(
+      expect.objectContaining({ role: 'admin', userId: 'u1' }),
+    );
+    expect(mockRegistry.ensureConfigServers).toHaveBeenCalledWith({ srv: { url: 'http://a' } });
+  });
+
+  it('returns {} when ensureConfigServers throws', async () => {
+    getAppConfig.mockResolvedValue({ mcpConfig: { srv: {} } });
+    mockRegistry.ensureConfigServers.mockRejectedValue(new Error('inspect failed'));
+
+    const result = await resolveConfigServers({ user: { id: 'u1' } });
+
+    expect(result).toEqual({});
+  });
+
+  it('returns {} when getAppConfig throws', async () => {
+    getAppConfig.mockRejectedValue(new Error('db timeout'));
+
+    const result = await resolveConfigServers({ user: { id: 'u1' } });
+
+    expect(result).toEqual({});
+  });
+
+  it('passes empty mcpConfig when appConfig has none', async () => {
+    getAppConfig.mockResolvedValue({});
+    mockRegistry.ensureConfigServers.mockResolvedValue({});
+
+    await resolveConfigServers({ user: { id: 'u1' } });
+
+    expect(mockRegistry.ensureConfigServers).toHaveBeenCalledWith({});
+  });
+});
+
+describe('resolveAllMcpConfigs', () => {
+  beforeEach(() => jest.clearAllMocks());
+
+  it('merges config servers with base servers', async () => {
+    getAppConfig.mockResolvedValue({ mcpConfig: { cfg_srv: {} } });
+    mockRegistry.ensureConfigServers.mockResolvedValue({ cfg_srv: { name: 'cfg_srv' } });
+    mockRegistry.getAllServerConfigs.mockResolvedValue({
+      cfg_srv: { name: 'cfg_srv' },
+      yaml_srv: { name: 'yaml_srv' },
+    });
+
+    const result = await resolveAllMcpConfigs('u1', { id: 'u1', role: 'user' });
+
+    expect(result).toEqual({
+      cfg_srv: { name: 'cfg_srv' },
+      yaml_srv: { name: 'yaml_srv' },
+    });
+    expect(mockRegistry.getAllServerConfigs).toHaveBeenCalledWith('u1', {
+      cfg_srv: { name: 'cfg_srv' },
+    });
+  });
+
+  it('continues with empty configServers when ensureConfigServers fails', async () => {
+    getAppConfig.mockResolvedValue({ mcpConfig: { srv: {} } });
+    mockRegistry.ensureConfigServers.mockRejectedValue(new Error('inspect failed'));
+    mockRegistry.getAllServerConfigs.mockResolvedValue({ yaml_srv: { name: 'yaml_srv' } });
+
+    const result = await resolveAllMcpConfigs('u1', { id: 'u1' });
+
+    expect(result).toEqual({ yaml_srv: { name: 'yaml_srv' } });
+    expect(mockRegistry.getAllServerConfigs).toHaveBeenCalledWith('u1', {});
+  });
+
+  it('propagates getAllServerConfigs failures', async () => {
+    getAppConfig.mockResolvedValue({ mcpConfig: {} });
+    mockRegistry.ensureConfigServers.mockResolvedValue({});
+    mockRegistry.getAllServerConfigs.mockRejectedValue(new Error('redis down'));
+
+    await expect(resolveAllMcpConfigs('u1', { id: 'u1' })).rejects.toThrow('redis down');
+  });
+
+  it('propagates getAppConfig failures', async () => {
+    getAppConfig.mockRejectedValue(new Error('mongo down'));
+
+    await expect(resolveAllMcpConfigs('u1', { id: 'u1' })).rejects.toThrow('mongo down');
+  });
+});
diff --git a/api/server/services/__tests__/ToolService.spec.js b/api/server/services/__tests__/ToolService.spec.js
index a468a88eb3..740bb06e5a 100644
--- a/api/server/services/__tests__/ToolService.spec.js
+++ b/api/server/services/__tests__/ToolService.spec.js
@@ -2,6 +2,7 @@ const {
   Tools,
   Constants,
   EModelEndpoint,
+  isActionTool,
   actionDelimiter,
   AgentCapabilities,
   defaultAgentCapabilities,
@@ -64,6 +65,9 @@ jest.mock('~/models', () => ({
 jest.mock('~/config', () => ({
   getFlowStateManager: jest.fn(() => ({})),
 }));
+jest.mock('~/server/services/MCP', () => ({
+  resolveConfigServers: jest.fn().mockResolvedValue({}),
+}));
 jest.mock('~/cache', () => ({
   getLogStores: jest.fn(() => ({})),
 }));
@@ -140,6 +144,42 @@ describe('ToolService - Action Capability Gating', () => {
     });
   });
 
+  describe('isActionTool — cross-delimiter collision guard', () => {
+    it('should identify real action tools', () => {
+      expect(isActionTool(`get_weather${actionDelimiter}api_example_com`)).toBe(true);
+      expect(isActionTool(`fetch_data${actionDelimiter}my---domain---com`)).toBe(true);
+    });
+
+    it('should identify action tools whose operationId contains _mcp_', () => {
+      expect(isActionTool(`sync_mcp_state${actionDelimiter}api---example---com`)).toBe(true);
+      expect(isActionTool(`get_mcp_config${actionDelimiter}internal---api---com`)).toBe(true);
+    });
+
+    it('should reject MCP tools whose name ends with _action', () => {
+      expect(isActionTool(`get_action${Constants.mcp_delimiter}myserver`)).toBe(false);
+      expect(isActionTool(`fetch_action${Constants.mcp_delimiter}server_name`)).toBe(false);
+      expect(isActionTool(`retrieve_action${Constants.mcp_delimiter}srv`)).toBe(false);
+    });
+
+    it('should reject MCP tools with _action_ in the middle of their name', () => {
+      expect(isActionTool(`get_action_data${Constants.mcp_delimiter}myserver`)).toBe(false);
+      expect(isActionTool(`create_action_item${Constants.mcp_delimiter}server`)).toBe(false);
+    });
+
+    it('should reject tools without the action delimiter', () => {
+      expect(isActionTool('calculator')).toBe(false);
+      expect(isActionTool(`web_search${Constants.mcp_delimiter}myserver`)).toBe(false);
+    });
+
+    it('known limitation: non-RFC domain with _mcp_ substring yields false negative', () => {
+      // RFC 952/1123 prohibit underscores in hostnames, so this is not expected in practice.
+      // Encoded domain `api_mcp_internal_com` places `_mcp_` after `_action_`, which
+      // the guard interprets as the MCP suffix.
+      const edgeCaseTool = `getData${actionDelimiter}api_mcp_internal_com`;
+      expect(isActionTool(edgeCaseTool)).toBe(false);
+    });
+  });
+
   describe('loadAgentTools (definitionsOnly=true) — action tool filtering', () => {
     const actionToolName = `get_weather${actionDelimiter}api_example_com`;
     const regularTool = 'calculator';
@@ -180,6 +220,25 @@ describe('ToolService - Action Capability Gating', () => {
       expect(callArgs.tools).toContain(actionToolName);
     });
 
+    it('should not filter MCP tools whose name contains _action (cross-delimiter collision)', async () => {
+      const mcpToolWithAction = `get_action${Constants.mcp_delimiter}myserver`;
+      const capabilities = [AgentCapabilities.tools];
+      const req = createMockReq(capabilities);
+      mockGetEndpointsConfig.mockResolvedValue(createEndpointsConfig(capabilities));
+
+      await loadAgentTools({
+        req,
+        res: {},
+        agent: { id: 'agent_123', tools: [regularTool, mcpToolWithAction] },
+        definitionsOnly: true,
+      });
+
+      expect(mockLoadToolDefinitions).toHaveBeenCalledTimes(1);
+      const [callArgs] = mockLoadToolDefinitions.mock.calls[0];
+      expect(callArgs.tools).toContain(mcpToolWithAction);
+      expect(callArgs.tools).toContain(regularTool);
+    });
+
     it('should return actionsEnabled in the result', async () => {
       const capabilities = [AgentCapabilities.tools];
       const req = createMockReq(capabilities);
diff --git a/api/server/services/initializeMCPs.js b/api/server/services/initializeMCPs.js
index c7f27acd0e..5728730131 100644
--- a/api/server/services/initializeMCPs.js
+++ b/api/server/services/initializeMCPs.js
@@ -7,7 +7,7 @@ const { createMCPServersRegistry, createMCPManager } = require('~/config');
  * Initialize MCP servers
  */
 async function initializeMCPs() {
-  const appConfig = await getAppConfig();
+  const appConfig = await getAppConfig({ baseOnly: true });
   const mcpServers = appConfig.mcpConfig;
 
   try {
diff --git a/api/server/socialLogins.js b/api/server/socialLogins.js
index 79ede61778..78f0e82a32 100644
--- a/api/server/socialLogins.js
+++ b/api/server/socialLogins.js
@@ -6,11 +6,16 @@ const { logger, DEFAULT_SESSION_EXPIRY } = require('@librechat/data-schemas');
 const {
   openIdJwtLogin,
   facebookLogin,
+  facebookAdminLogin,
   discordLogin,
+  discordAdminLogin,
   setupOpenId,
   googleLogin,
+  googleAdminLogin,
   githubLogin,
+  githubAdminLogin,
   appleLogin,
+  appleAdminLogin,
   setupSaml,
 } = require('~/strategies');
 const { getLogStores } = require('~/cache');
@@ -58,18 +63,23 @@ const configureSocialLogins = async (app) => {
 
   if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
     passport.use(googleLogin());
+    passport.use('googleAdmin', googleAdminLogin());
   }
   if (process.env.FACEBOOK_CLIENT_ID && process.env.FACEBOOK_CLIENT_SECRET) {
     passport.use(facebookLogin());
+    passport.use('facebookAdmin', facebookAdminLogin());
   }
   if (process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET) {
     passport.use(githubLogin());
+    passport.use('githubAdmin', githubAdminLogin());
   }
   if (process.env.DISCORD_CLIENT_ID && process.env.DISCORD_CLIENT_SECRET) {
     passport.use(discordLogin());
+    passport.use('discordAdmin', discordAdminLogin());
   }
   if (process.env.APPLE_CLIENT_ID && process.env.APPLE_PRIVATE_KEY_PATH) {
     passport.use(appleLogin());
+    passport.use('appleAdmin', appleAdminLogin());
   }
   if (
     process.env.OPENID_CLIENT_ID &&
diff --git a/api/server/utils/import/importConversations.js b/api/server/utils/import/importConversations.js
index e56176c609..ad2d743f01 100644
--- a/api/server/utils/import/importConversations.js
+++ b/api/server/utils/import/importConversations.js
@@ -7,10 +7,10 @@ const maxFileSize = resolveImportMaxFileSize();
 
 /**
  * Job definition for importing a conversation.
- * @param {{ filepath, requestUserId }} job - The job object.
+ * @param {{ filepath: string, requestUserId: string, userRole?: string }} job
  */
 const importConversations = async (job) => {
-  const { filepath, requestUserId } = job;
+  const { filepath, requestUserId, userRole } = job;
   try {
     logger.debug(`user: ${requestUserId} | Importing conversation(s) from file...`);
 
@@ -24,7 +24,7 @@ const importConversations = async (job) => {
     const fileData = await fs.readFile(filepath, 'utf8');
     const jsonData = JSON.parse(fileData);
     const importer = getImporter(jsonData);
-    await importer(jsonData, requestUserId);
+    await importer(jsonData, requestUserId, undefined, userRole);
     logger.debug(`user: ${requestUserId} | Finished importing conversations`);
   } catch (error) {
     logger.error(`user: ${requestUserId} | Failed to import conversation: `, error);
diff --git a/api/server/utils/import/importers-timestamp.spec.js b/api/server/utils/import/importers-timestamp.spec.js
index 09021a9ccd..e12c099abb 100644
--- a/api/server/utils/import/importers-timestamp.spec.js
+++ b/api/server/utils/import/importers-timestamp.spec.js
@@ -8,17 +8,16 @@ jest.mock('~/models', () => ({
   bulkSaveConvos: jest.fn(),
   bulkSaveMessages: jest.fn(),
 }));
-jest.mock('~/cache/getLogStores');
-const getLogStores = require('~/cache/getLogStores');
-const mockedCacheGet = jest.fn();
-getLogStores.mockImplementation(() => ({
-  get: mockedCacheGet,
+
+const mockGetEndpointsConfig = jest.fn().mockResolvedValue(null);
+jest.mock('~/server/services/Config', () => ({
+  getEndpointsConfig: (...args) => mockGetEndpointsConfig(...args),
 }));
 
 describe('Import Timestamp Ordering', () => {
   beforeEach(() => {
     jest.clearAllMocks();
-    mockedCacheGet.mockResolvedValue(null);
+    mockGetEndpointsConfig.mockResolvedValue(null);
   });
 
   describe('LibreChat Import - Timestamp Issues', () => {
diff --git a/api/server/utils/import/importers.js b/api/server/utils/import/importers.js
index 39734c181c..7bcca41e04 100644
--- a/api/server/utils/import/importers.js
+++ b/api/server/utils/import/importers.js
@@ -1,9 +1,9 @@
 const { v4: uuidv4 } = require('uuid');
-const { logger } = require('@librechat/data-schemas');
-const { EModelEndpoint, Constants, openAISettings, CacheKeys } = require('librechat-data-provider');
+const { logger, getTenantId } = require('@librechat/data-schemas');
+const { EModelEndpoint, Constants, openAISettings } = require('librechat-data-provider');
+const { getEndpointsConfig } = require('~/server/services/Config');
 const { createImportBatchBuilder } = require('./importBatchBuilder');
 const { cloneMessagesWithTimestamps } = require('./fork');
-const getLogStores = require('~/cache/getLogStores');
 
 /**
  * Returns the appropriate importer function based on the provided JSON data.
@@ -194,6 +194,7 @@ async function importLibreChatConvo(
   jsonData,
   requestUserId,
   builderFactory = createImportBatchBuilder,
+  userRole,
 ) {
   try {
     /** @type {ImportBatchBuilder} */
@@ -202,8 +203,9 @@ async function importLibreChatConvo(
 
     /* Endpoint configuration */
     let endpoint = jsonData.endpoint ?? options.endpoint ?? EModelEndpoint.openAI;
-    const cache = getLogStores(CacheKeys.CONFIG_STORE);
-    const endpointsConfig = await cache.get(CacheKeys.ENDPOINT_CONFIG);
+    const endpointsConfig = await getEndpointsConfig({
+      user: { id: requestUserId, role: userRole, tenantId: getTenantId() },
+    });
     const endpointConfig = endpointsConfig?.[endpoint];
     if (!endpointConfig && endpointsConfig) {
       endpoint = Object.keys(endpointsConfig)[0];
diff --git a/api/server/utils/import/importers.spec.js b/api/server/utils/import/importers.spec.js
index 7984144cbc..6e712881fc 100644
--- a/api/server/utils/import/importers.spec.js
+++ b/api/server/utils/import/importers.spec.js
@@ -4,12 +4,13 @@ const { EModelEndpoint, Constants, openAISettings } = require('librechat-data-pr
 const { getImporter, processAssistantMessage } = require('./importers');
 const { ImportBatchBuilder } = require('./importBatchBuilder');
 const { bulkSaveMessages, bulkSaveConvos: _bulkSaveConvos } = require('~/models');
-const getLogStores = require('~/cache/getLogStores');
 
-jest.mock('~/cache/getLogStores');
-const mockedCacheGet = jest.fn();
-getLogStores.mockImplementation(() => ({
-  get: mockedCacheGet,
+const mockGetEndpointsConfig = jest.fn().mockResolvedValue({
+  [EModelEndpoint.openAI]: { userProvide: false },
+});
+
+jest.mock('~/server/services/Config', () => ({
+  getEndpointsConfig: (...args) => mockGetEndpointsConfig(...args),
 }));
 
 // Mock the database methods
@@ -758,7 +759,7 @@ describe('importLibreChatConvo', () => {
   );
 
   it('should import conversation correctly', async () => {
-    mockedCacheGet.mockResolvedValue({
+    mockGetEndpointsConfig.mockResolvedValue({
       [EModelEndpoint.openAI]: {},
     });
     const expectedNumberOfMessages = 6;
@@ -784,7 +785,7 @@ describe('importLibreChatConvo', () => {
   });
 
   it('should import linear, non-recursive thread correctly with correct endpoint', async () => {
-    mockedCacheGet.mockResolvedValue({
+    mockGetEndpointsConfig.mockResolvedValue({
       [EModelEndpoint.azureOpenAI]: {},
     });
 
@@ -924,7 +925,7 @@ describe('importLibreChatConvo', () => {
   });
 
   it('should retain properties from the original conversation as well as new settings', async () => {
-    mockedCacheGet.mockResolvedValue({
+    mockGetEndpointsConfig.mockResolvedValue({
       [EModelEndpoint.azureOpenAI]: {},
     });
     const requestUserId = 'user-123';
diff --git a/api/strategies/appleStrategy.js b/api/strategies/appleStrategy.js
index fbba2a1f41..6eace87bae 100644
--- a/api/strategies/appleStrategy.js
+++ b/api/strategies/appleStrategy.js
@@ -34,16 +34,28 @@ const getProfileDetails = ({ idToken, profile }) => {
 
 // Initialize the social login handler for Apple
 const appleLogin = socialLogin('apple', getProfileDetails);
+const appleAdminLogin = socialLogin('apple', getProfileDetails, { existingUsersOnly: true });
 
-module.exports = () =>
+const getAppleConfig = (callbackURL) => ({
+  clientID: process.env.APPLE_CLIENT_ID,
+  teamID: process.env.APPLE_TEAM_ID,
+  callbackURL,
+  keyID: process.env.APPLE_KEY_ID,
+  privateKeyLocation: process.env.APPLE_PRIVATE_KEY_PATH,
+  passReqToCallback: false,
+});
+
+const appleStrategy = () =>
   new AppleStrategy(
-    {
-      clientID: process.env.APPLE_CLIENT_ID,
-      teamID: process.env.APPLE_TEAM_ID,
-      callbackURL: `${process.env.DOMAIN_SERVER}${process.env.APPLE_CALLBACK_URL}`,
-      keyID: process.env.APPLE_KEY_ID,
-      privateKeyLocation: process.env.APPLE_PRIVATE_KEY_PATH,
-      passReqToCallback: false, // Set to true if you need to access the request in the callback
-    },
+    getAppleConfig(`${process.env.DOMAIN_SERVER}${process.env.APPLE_CALLBACK_URL}`),
     appleLogin,
   );
+
+const appleAdminStrategy = () =>
+  new AppleStrategy(
+    getAppleConfig(`${process.env.DOMAIN_SERVER}/api/admin/oauth/apple/callback`),
+    appleAdminLogin,
+  );
+
+module.exports = appleStrategy;
+module.exports.appleAdminLogin = appleAdminStrategy;
diff --git a/api/strategies/discordStrategy.js b/api/strategies/discordStrategy.js
index dc7cb05ac6..7fb68280d5 100644
--- a/api/strategies/discordStrategy.js
+++ b/api/strategies/discordStrategy.js
@@ -22,15 +22,27 @@ const getProfileDetails = ({ profile }) => {
 };
 
 const discordLogin = socialLogin('discord', getProfileDetails);
+const discordAdminLogin = socialLogin('discord', getProfileDetails, { existingUsersOnly: true });
 
-module.exports = () =>
+const getDiscordConfig = (callbackURL) => ({
+  clientID: process.env.DISCORD_CLIENT_ID,
+  clientSecret: process.env.DISCORD_CLIENT_SECRET,
+  callbackURL,
+  scope: ['identify', 'email'],
+  authorizationURL: 'https://discord.com/api/oauth2/authorize?prompt=none',
+});
+
+const discordStrategy = () =>
   new DiscordStrategy(
-    {
-      clientID: process.env.DISCORD_CLIENT_ID,
-      clientSecret: process.env.DISCORD_CLIENT_SECRET,
-      callbackURL: `${process.env.DOMAIN_SERVER}${process.env.DISCORD_CALLBACK_URL}`,
-      scope: ['identify', 'email'],
-      authorizationURL: 'https://discord.com/api/oauth2/authorize?prompt=none',
-    },
+    getDiscordConfig(`${process.env.DOMAIN_SERVER}${process.env.DISCORD_CALLBACK_URL}`),
     discordLogin,
   );
+
+const discordAdminStrategy = () =>
+  new DiscordStrategy(
+    getDiscordConfig(`${process.env.DOMAIN_SERVER}/api/admin/oauth/discord/callback`),
+    discordAdminLogin,
+  );
+
+module.exports = discordStrategy;
+module.exports.discordAdminLogin = discordAdminStrategy;
diff --git a/api/strategies/facebookStrategy.js b/api/strategies/facebookStrategy.js
index e5d1b054db..f638c3bfdb 100644
--- a/api/strategies/facebookStrategy.js
+++ b/api/strategies/facebookStrategy.js
@@ -11,16 +11,28 @@ const getProfileDetails = ({ profile }) => ({
 });
 
 const facebookLogin = socialLogin('facebook', getProfileDetails);
+const facebookAdminLogin = socialLogin('facebook', getProfileDetails, { existingUsersOnly: true });
 
-module.exports = () =>
+const getFacebookConfig = (callbackURL) => ({
+  clientID: process.env.FACEBOOK_CLIENT_ID,
+  clientSecret: process.env.FACEBOOK_CLIENT_SECRET,
+  callbackURL,
+  proxy: true,
+  scope: ['public_profile'],
+  profileFields: ['id', 'email', 'name'],
+});
+
+const facebookStrategy = () =>
   new FacebookStrategy(
-    {
-      clientID: process.env.FACEBOOK_CLIENT_ID,
-      clientSecret: process.env.FACEBOOK_CLIENT_SECRET,
-      callbackURL: `${process.env.DOMAIN_SERVER}${process.env.FACEBOOK_CALLBACK_URL}`,
-      proxy: true,
-      scope: ['public_profile'],
-      profileFields: ['id', 'email', 'name'],
-    },
+    getFacebookConfig(`${process.env.DOMAIN_SERVER}${process.env.FACEBOOK_CALLBACK_URL}`),
     facebookLogin,
   );
+
+const facebookAdminStrategy = () =>
+  new FacebookStrategy(
+    getFacebookConfig(`${process.env.DOMAIN_SERVER}/api/admin/oauth/facebook/callback`),
+    facebookAdminLogin,
+  );
+
+module.exports = facebookStrategy;
+module.exports.facebookAdminLogin = facebookAdminStrategy;
diff --git a/api/strategies/githubStrategy.js b/api/strategies/githubStrategy.js
index 1c3937381e..363acbfcdb 100644
--- a/api/strategies/githubStrategy.js
+++ b/api/strategies/githubStrategy.js
@@ -11,24 +11,36 @@ const getProfileDetails = ({ profile }) => ({
 });
 
 const githubLogin = socialLogin('github', getProfileDetails);
+const githubAdminLogin = socialLogin('github', getProfileDetails, { existingUsersOnly: true });
 
-module.exports = () =>
+const getGitHubConfig = (callbackURL) => ({
+  clientID: process.env.GITHUB_CLIENT_ID,
+  clientSecret: process.env.GITHUB_CLIENT_SECRET,
+  callbackURL,
+  proxy: false,
+  scope: ['user:email'],
+  ...(process.env.GITHUB_ENTERPRISE_BASE_URL && {
+    authorizationURL: `${process.env.GITHUB_ENTERPRISE_BASE_URL}/login/oauth/authorize`,
+    tokenURL: `${process.env.GITHUB_ENTERPRISE_BASE_URL}/login/oauth/access_token`,
+    userProfileURL: `${process.env.GITHUB_ENTERPRISE_BASE_URL}/api/v3/user`,
+    userEmailURL: `${process.env.GITHUB_ENTERPRISE_BASE_URL}/api/v3/user/emails`,
+    ...(process.env.GITHUB_ENTERPRISE_USER_AGENT && {
+      userAgent: process.env.GITHUB_ENTERPRISE_USER_AGENT,
+    }),
+  }),
+});
+
+const githubStrategy = () =>
   new GitHubStrategy(
-    {
-      clientID: process.env.GITHUB_CLIENT_ID,
-      clientSecret: process.env.GITHUB_CLIENT_SECRET,
-      callbackURL: `${process.env.DOMAIN_SERVER}${process.env.GITHUB_CALLBACK_URL}`,
-      proxy: false,
-      scope: ['user:email'],
-      ...(process.env.GITHUB_ENTERPRISE_BASE_URL && {
-        authorizationURL: `${process.env.GITHUB_ENTERPRISE_BASE_URL}/login/oauth/authorize`,
-        tokenURL: `${process.env.GITHUB_ENTERPRISE_BASE_URL}/login/oauth/access_token`,
-        userProfileURL: `${process.env.GITHUB_ENTERPRISE_BASE_URL}/api/v3/user`,
-        userEmailURL: `${process.env.GITHUB_ENTERPRISE_BASE_URL}/api/v3/user/emails`,
-        ...(process.env.GITHUB_ENTERPRISE_USER_AGENT && {
-          userAgent: process.env.GITHUB_ENTERPRISE_USER_AGENT,
-        }),
-      }),
-    },
+    getGitHubConfig(`${process.env.DOMAIN_SERVER}${process.env.GITHUB_CALLBACK_URL}`),
     githubLogin,
   );
+
+const githubAdminStrategy = () =>
+  new GitHubStrategy(
+    getGitHubConfig(`${process.env.DOMAIN_SERVER}/api/admin/oauth/github/callback`),
+    githubAdminLogin,
+  );
+
+module.exports = githubStrategy;
+module.exports.githubAdminLogin = githubAdminStrategy;
diff --git a/api/strategies/googleStrategy.js b/api/strategies/googleStrategy.js
index fd65823327..bee9a061a2 100644
--- a/api/strategies/googleStrategy.js
+++ b/api/strategies/googleStrategy.js
@@ -11,14 +11,26 @@ const getProfileDetails = ({ profile }) => ({
 });
 
 const googleLogin = socialLogin('google', getProfileDetails);
+const googleAdminLogin = socialLogin('google', getProfileDetails, { existingUsersOnly: true });
 
-module.exports = () =>
+const getGoogleConfig = (callbackURL) => ({
+  clientID: process.env.GOOGLE_CLIENT_ID,
+  clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+  callbackURL,
+  proxy: true,
+});
+
+const googleStrategy = () =>
   new GoogleStrategy(
-    {
-      clientID: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-      callbackURL: `${process.env.DOMAIN_SERVER}${process.env.GOOGLE_CALLBACK_URL}`,
-      proxy: true,
-    },
+    getGoogleConfig(`${process.env.DOMAIN_SERVER}${process.env.GOOGLE_CALLBACK_URL}`),
     googleLogin,
   );
+
+const googleAdminStrategy = () =>
+  new GoogleStrategy(
+    getGoogleConfig(`${process.env.DOMAIN_SERVER}/api/admin/oauth/google/callback`),
+    googleAdminLogin,
+  );
+
+module.exports = googleStrategy;
+module.exports.googleAdminLogin = googleAdminStrategy;
diff --git a/api/strategies/index.js b/api/strategies/index.js
index 9a1c58ad38..c15bbc4ce5 100644
--- a/api/strategies/index.js
+++ b/api/strategies/index.js
@@ -1,23 +1,33 @@
 const { setupOpenId, getOpenIdConfig, getOpenIdEmail } = require('./openidStrategy');
 const openIdJwtLogin = require('./openIdJwtStrategy');
 const facebookLogin = require('./facebookStrategy');
+const { facebookAdminLogin } = facebookLogin;
 const discordLogin = require('./discordStrategy');
+const { discordAdminLogin } = discordLogin;
 const passportLogin = require('./localStrategy');
 const googleLogin = require('./googleStrategy');
+const { googleAdminLogin } = googleLogin;
 const githubLogin = require('./githubStrategy');
+const { githubAdminLogin } = githubLogin;
 const { setupSaml } = require('./samlStrategy');
 const appleLogin = require('./appleStrategy');
+const { appleAdminLogin } = appleLogin;
 const ldapLogin = require('./ldapStrategy');
 const jwtLogin = require('./jwtStrategy');
 
 module.exports = {
   appleLogin,
+  appleAdminLogin,
   passportLogin,
   googleLogin,
+  googleAdminLogin,
   githubLogin,
+  githubAdminLogin,
   discordLogin,
+  discordAdminLogin,
   jwtLogin,
   facebookLogin,
+  facebookAdminLogin,
   setupOpenId,
   getOpenIdConfig,
   getOpenIdEmail,
diff --git a/api/strategies/ldapStrategy.js b/api/strategies/ldapStrategy.js
index dcadc26a45..9253f54196 100644
--- a/api/strategies/ldapStrategy.js
+++ b/api/strategies/ldapStrategy.js
@@ -2,7 +2,12 @@ const fs = require('fs');
 const LdapStrategy = require('passport-ldapauth');
 const { logger } = require('@librechat/data-schemas');
 const { SystemRoles, ErrorTypes } = require('librechat-data-provider');
-const { isEnabled, getBalanceConfig, isEmailDomainAllowed } = require('@librechat/api');
+const {
+  isEnabled,
+  getBalanceConfig,
+  isEmailDomainAllowed,
+  resolveAppConfigForUser,
+} = require('@librechat/api');
 const { createUser, findUser, updateUser, countUsers } = require('~/models');
 const { getAppConfig } = require('~/server/services/Config');
 
@@ -89,16 +94,6 @@ const ldapLogin = new LdapStrategy(ldapOptions, async (userinfo, done) => {
     const ldapId =
       (LDAP_ID && userinfo[LDAP_ID]) || userinfo.uid || userinfo.sAMAccountName || userinfo.mail;
 
-    let user = await findUser({ ldapId });
-    if (user && user.provider !== 'ldap') {
-      logger.info(
-        `[ldapStrategy] User ${user.email} already exists with provider ${user.provider}`,
-      );
-      return done(null, false, {
-        message: ErrorTypes.AUTH_FAILED,
-      });
-    }
-
     const fullNameAttributes = LDAP_FULL_NAME && LDAP_FULL_NAME.split(',');
     const fullName =
       fullNameAttributes && fullNameAttributes.length > 0
@@ -122,7 +117,31 @@ const ldapLogin = new LdapStrategy(ldapOptions, async (userinfo, done) => {
       );
     }
 
-    const appConfig = await getAppConfig();
+    // Domain check before findUser for two-phase fast-fail (consistent with SAML/OpenID/social).
+    // This means cross-provider users from blocked domains get 'Email domain not allowed'
+    // instead of AUTH_FAILED — both deny access.
+    const baseConfig = await getAppConfig({ baseOnly: true });
+    if (!isEmailDomainAllowed(mail, baseConfig?.registration?.allowedDomains)) {
+      logger.error(
+        `[LDAP Strategy] Authentication blocked - email domain not allowed [Email: ${mail}]`,
+      );
+      return done(null, false, { message: 'Email domain not allowed' });
+    }
+
+    let user = await findUser({ ldapId });
+    if (user && user.provider !== 'ldap') {
+      logger.info(
+        `[ldapStrategy] User ${user.email} already exists with provider ${user.provider}`,
+      );
+      return done(null, false, {
+        message: ErrorTypes.AUTH_FAILED,
+      });
+    }
+
+    const appConfig = user?.tenantId
+      ? await resolveAppConfigForUser(getAppConfig, user)
+      : baseConfig;
+
     if (!isEmailDomainAllowed(mail, appConfig?.registration?.allowedDomains)) {
       logger.error(
         `[LDAP Strategy] Authentication blocked - email domain not allowed [Email: ${mail}]`,
diff --git a/api/strategies/ldapStrategy.spec.js b/api/strategies/ldapStrategy.spec.js
index a00e9b14b7..876d70f845 100644
--- a/api/strategies/ldapStrategy.spec.js
+++ b/api/strategies/ldapStrategy.spec.js
@@ -9,10 +9,10 @@ jest.mock('@librechat/data-schemas', () => ({
 }));
 
 jest.mock('@librechat/api', () => ({
-  // isEnabled used for TLS flags
   isEnabled: jest.fn(() => false),
   isEmailDomainAllowed: jest.fn(() => true),
   getBalanceConfig: jest.fn(() => ({ enabled: false })),
+  resolveAppConfigForUser: jest.fn(async (_getAppConfig, _user) => ({})),
 }));
 
 jest.mock('~/models', () => ({
@@ -30,14 +30,15 @@ jest.mock('~/server/services/Config', () => ({
 let verifyCallback;
 jest.mock('passport-ldapauth', () => {
   return jest.fn().mockImplementation((options, verify) => {
-    verifyCallback = verify; // capture the strategy verify function
+    verifyCallback = verify;
     return { name: 'ldap', options, verify };
   });
 });
 
 const { ErrorTypes } = require('librechat-data-provider');
-const { isEmailDomainAllowed } = require('@librechat/api');
+const { isEmailDomainAllowed, resolveAppConfigForUser } = require('@librechat/api');
 const { findUser, createUser, updateUser, countUsers } = require('~/models');
+const { getAppConfig } = require('~/server/services/Config');
 
 // Helper to call the verify callback and wrap in a Promise for convenience
 const callVerify = (userinfo) =>
@@ -117,6 +118,7 @@ describe('ldapStrategy', () => {
     expect(user).toBe(false);
     expect(info).toEqual({ message: ErrorTypes.AUTH_FAILED });
     expect(createUser).not.toHaveBeenCalled();
+    expect(resolveAppConfigForUser).not.toHaveBeenCalled();
   });
 
   it('updates an existing ldap user with current LDAP info', async () => {
@@ -158,7 +160,6 @@ describe('ldapStrategy', () => {
       uid: 'uid999',
       givenName: 'John',
       cn: 'John Doe',
-      // no mail and no custom LDAP_EMAIL
     };
 
     const { user } = await callVerify(userinfo);
@@ -180,4 +181,66 @@ describe('ldapStrategy', () => {
     expect(user).toBe(false);
     expect(info).toEqual({ message: 'Email domain not allowed' });
   });
+
+  it('passes getAppConfig and found user to resolveAppConfigForUser', async () => {
+    const existing = {
+      _id: 'u3',
+      provider: 'ldap',
+      email: 'tenant@example.com',
+      ldapId: 'uid-tenant',
+      username: 'tenantuser',
+      name: 'Tenant User',
+      tenantId: 'tenant-a',
+      role: 'USER',
+    };
+    findUser.mockResolvedValue(existing);
+
+    const userinfo = {
+      uid: 'uid-tenant',
+      mail: 'tenant@example.com',
+      givenName: 'Tenant',
+      cn: 'Tenant User',
+    };
+
+    await callVerify(userinfo);
+
+    expect(resolveAppConfigForUser).toHaveBeenCalledWith(getAppConfig, existing);
+  });
+
+  it('uses baseConfig for new user without calling resolveAppConfigForUser', async () => {
+    findUser.mockResolvedValue(null);
+
+    const userinfo = {
+      uid: 'uid-new',
+      mail: 'newuser@example.com',
+      givenName: 'New',
+      cn: 'New User',
+    };
+
+    await callVerify(userinfo);
+
+    expect(resolveAppConfigForUser).not.toHaveBeenCalled();
+    expect(getAppConfig).toHaveBeenCalledWith({ baseOnly: true });
+  });
+
+  it('should block login when tenant config restricts the domain', async () => {
+    const existing = {
+      _id: 'u-blocked',
+      provider: 'ldap',
+      ldapId: 'uid-tenant',
+      tenantId: 'tenant-strict',
+      role: 'USER',
+    };
+    findUser.mockResolvedValue(existing);
+    resolveAppConfigForUser.mockResolvedValue({
+      registration: { allowedDomains: ['other.com'] },
+    });
+    isEmailDomainAllowed.mockReturnValueOnce(true).mockReturnValueOnce(false);
+
+    const userinfo = { uid: 'uid-tenant', mail: 'user@example.com', givenName: 'Test', cn: 'Test' };
+    const { user, info } = await callVerify(userinfo);
+
+    expect(user).toBe(false);
+    expect(info).toEqual({ message: 'Email domain not allowed' });
+  });
 });
diff --git a/api/strategies/openidStrategy.js b/api/strategies/openidStrategy.js
index b8f9b17b7c..b2d942618f 100644
--- a/api/strategies/openidStrategy.js
+++ b/api/strategies/openidStrategy.js
@@ -15,6 +15,7 @@ const {
   findOpenIDUser,
   getBalanceConfig,
   isEmailDomainAllowed,
+  resolveAppConfigForUser,
 } = require('@librechat/api');
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
 const { findUser, createUser, updateUser } = require('~/models');
@@ -468,9 +469,10 @@ async function processOpenIDAuth(tokenset, existingUsersOnly = false) {
     Object.assign(userinfo, providerUserinfo);
   }
 
-  const appConfig = await getAppConfig();
   const email = getOpenIdEmail(userinfo);
-  if (!isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
+
+  const baseConfig = await getAppConfig({ baseOnly: true });
+  if (!isEmailDomainAllowed(email, baseConfig?.registration?.allowedDomains)) {
     logger.error(
       `[OpenID Strategy] Authentication blocked - email domain not allowed [Identifier: ${email}]`,
     );
@@ -491,6 +493,15 @@ async function processOpenIDAuth(tokenset, existingUsersOnly = false) {
     throw new Error(ErrorTypes.AUTH_FAILED);
   }
 
+  const appConfig = user?.tenantId ? await resolveAppConfigForUser(getAppConfig, user) : baseConfig;
+
+  if (!isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
+    logger.error(
+      `[OpenID Strategy] Authentication blocked - email domain not allowed [Identifier: ${email}]`,
+    );
+    throw new Error('Email domain not allowed');
+  }
+
   const fullName = getFullName(userinfo);
 
   const requiredRole = process.env.OPENID_REQUIRED_ROLE;
diff --git a/api/strategies/openidStrategy.spec.js b/api/strategies/openidStrategy.spec.js
index 7edd4fbd62..af8a430697 100644
--- a/api/strategies/openidStrategy.spec.js
+++ b/api/strategies/openidStrategy.spec.js
@@ -3,6 +3,8 @@ const fetch = require('node-fetch');
 const jwtDecode = require('jsonwebtoken/decode');
 const { ErrorTypes } = require('librechat-data-provider');
 const { findUser, createUser, updateUser } = require('~/models');
+const { resolveAppConfigForUser, isEnabled } = require('@librechat/api');
+const { getAppConfig } = require('~/server/services/Config');
 const { setupOpenId } = require('./openidStrategy');
 
 // --- Mocks ---
@@ -28,6 +30,7 @@ jest.mock('@librechat/api', () => ({
   getBalanceConfig: jest.fn(() => ({
     enabled: false,
   })),
+  resolveAppConfigForUser: jest.fn(async (_getAppConfig, _user) => ({})),
 }));
 jest.mock('~/models', () => ({
   findUser: jest.fn(),
@@ -140,7 +143,6 @@ describe('setupOpenId', () => {
   beforeEach(async () => {
     // Clear previous mock calls and reset implementations
     jest.clearAllMocks();
-    const { isEnabled } = require('@librechat/api');
     isEnabled.mockImplementation(jest.requireActual('@librechat/api').isEnabled);
 
     // Reset environment variables needed by the strategy
@@ -194,22 +196,26 @@ describe('setupOpenId', () => {
   });
 
   describe('clientMetadata construction in setupOpenId', () => {
-    it('sets token_endpoint_auth_method to none for PKCE without a client secret', async () => {
-      const openidClient = require('openid-client');
+    let openidClient;
+
+    beforeEach(() => {
+      openidClient = require('openid-client');
       openidClient.discovery.mockClear();
+    });
+
+    it('sets token_endpoint_auth_method to none for PKCE without a client secret', async () => {
       process.env.OPENID_USE_PKCE = 'true';
       delete process.env.OPENID_CLIENT_SECRET;
 
       await setupOpenId();
 
       const [, , metadata] = openidClient.discovery.mock.calls.at(-1);
-      expect(metadata.client_secret).toBeUndefined();
       expect(metadata.token_endpoint_auth_method).toBe('none');
+      expect(metadata.client_secret).toBeUndefined();
     });
 
     it('leaves token_endpoint_auth_method unset for secret-based clients without nonce', async () => {
-      const openidClient = require('openid-client');
-      openidClient.discovery.mockClear();
+      process.env.OPENID_USE_PKCE = 'false';
       process.env.OPENID_CLIENT_SECRET = 'my-secret';
 
       await setupOpenId();
@@ -219,9 +225,8 @@ describe('setupOpenId', () => {
       expect(metadata.token_endpoint_auth_method).toBeUndefined();
     });
 
-    it('sets client_secret_post when nonce generation is enabled for secret-based clients', async () => {
-      const openidClient = require('openid-client');
-      openidClient.discovery.mockClear();
+    it('sets client_secret and client_secret_post when nonce generation is enabled', async () => {
+      process.env.OPENID_USE_PKCE = 'false';
       process.env.OPENID_GENERATE_NONCE = 'true';
       process.env.OPENID_CLIENT_SECRET = 'my-secret';
 
@@ -232,9 +237,7 @@ describe('setupOpenId', () => {
       expect(metadata.token_endpoint_auth_method).toBe('client_secret_post');
     });
 
-    it('treats a whitespace-only client secret as absent', async () => {
-      const openidClient = require('openid-client');
-      openidClient.discovery.mockClear();
+    it('treats whitespace-only secret as absent', async () => {
       process.env.OPENID_USE_PKCE = 'true';
       process.env.OPENID_CLIENT_SECRET = '   ';
 
@@ -245,9 +248,7 @@ describe('setupOpenId', () => {
       expect(metadata.token_endpoint_auth_method).toBe('none');
     });
 
-    it('does not force a public-client auth method when PKCE and a client secret are both configured', async () => {
-      const openidClient = require('openid-client');
-      openidClient.discovery.mockClear();
+    it('does not force an auth method when PKCE and a client secret are both configured without nonce', async () => {
       process.env.OPENID_USE_PKCE = 'true';
       process.env.OPENID_CLIENT_SECRET = 'my-secret';
 
@@ -1888,4 +1889,52 @@ describe('setupOpenId', () => {
       );
     });
   });
+
+  describe('Tenant-scoped config', () => {
+    it('should call resolveAppConfigForUser for tenant user', async () => {
+      const existingUser = {
+        _id: 'openid-tenant-user',
+        provider: 'openid',
+        openidId: '1234',
+        email: 'test@example.com',
+        tenantId: 'tenant-d',
+        role: 'USER',
+      };
+      findUser.mockResolvedValue(existingUser);
+
+      await validate(tokenset);
+
+      expect(resolveAppConfigForUser).toHaveBeenCalledWith(getAppConfig, existingUser);
+    });
+
+    it('should use baseConfig for new user without calling resolveAppConfigForUser', async () => {
+      findUser.mockResolvedValue(null);
+
+      await validate(tokenset);
+
+      expect(resolveAppConfigForUser).not.toHaveBeenCalled();
+      expect(getAppConfig).toHaveBeenCalledWith({ baseOnly: true });
+    });
+
+    it('should block login when tenant config restricts the domain', async () => {
+      const { isEmailDomainAllowed } = require('@librechat/api');
+      const existingUser = {
+        _id: 'openid-tenant-blocked',
+        provider: 'openid',
+        openidId: '1234',
+        email: 'test@example.com',
+        tenantId: 'tenant-restrict',
+        role: 'USER',
+      };
+      findUser.mockResolvedValue(existingUser);
+      resolveAppConfigForUser.mockResolvedValue({
+        registration: { allowedDomains: ['other.com'] },
+      });
+      isEmailDomainAllowed.mockReturnValueOnce(true).mockReturnValueOnce(false);
+
+      const { user, details } = await validate(tokenset);
+      expect(user).toBe(false);
+      expect(details).toEqual({ message: 'Email domain not allowed' });
+    });
+  });
 });
diff --git a/api/strategies/samlStrategy.js b/api/strategies/samlStrategy.js
index 843baf8a64..4f4bfac158 100644
--- a/api/strategies/samlStrategy.js
+++ b/api/strategies/samlStrategy.js
@@ -5,7 +5,11 @@ const passport = require('passport');
 const { ErrorTypes } = require('librechat-data-provider');
 const { hashToken, logger } = require('@librechat/data-schemas');
 const { Strategy: SamlStrategy } = require('@node-saml/passport-saml');
-const { getBalanceConfig, isEmailDomainAllowed } = require('@librechat/api');
+const {
+  getBalanceConfig,
+  isEmailDomainAllowed,
+  resolveAppConfigForUser,
+} = require('@librechat/api');
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
 const { findUser, createUser, updateUser } = require('~/models');
 const { getAppConfig } = require('~/server/services/Config');
@@ -174,126 +178,179 @@ function convertToUsername(input, defaultValue = '') {
   return defaultValue;
 }
 
+/**
+ * Creates a SAML authentication callback.
+ * @param {boolean} [existingUsersOnly=false] - If true, only existing users will be authenticated.
+ * @returns {Function} The SAML callback function for passport.
+ */
+function createSamlCallback(existingUsersOnly = false) {
+  return async (profile, done) => {
+    try {
+      logger.info(`[samlStrategy] SAML authentication received for NameID: ${profile.nameID}`);
+      logger.debug('[samlStrategy] SAML profile:', profile);
+
+      const userEmail = getEmail(profile) || '';
+
+      const baseConfig = await getAppConfig({ baseOnly: true });
+      if (!isEmailDomainAllowed(userEmail, baseConfig?.registration?.allowedDomains)) {
+        logger.error(
+          `[SAML Strategy] Authentication blocked - email domain not allowed [Email: ${userEmail}]`,
+        );
+        return done(null, false, { message: 'Email domain not allowed' });
+      }
+
+      let user = await findUser({ samlId: profile.nameID });
+      logger.info(
+        `[samlStrategy] User ${user ? 'found' : 'not found'} with SAML ID: ${profile.nameID}`,
+      );
+
+      if (!user) {
+        user = await findUser({ email: userEmail });
+        logger.info(`[samlStrategy] User ${user ? 'found' : 'not found'} with email: ${userEmail}`);
+      }
+
+      if (user && user.provider !== 'saml') {
+        logger.info(
+          `[samlStrategy] User ${user.email} already exists with provider ${user.provider}`,
+        );
+        return done(null, false, {
+          message: ErrorTypes.AUTH_FAILED,
+        });
+      }
+
+      const appConfig = user?.tenantId
+        ? await resolveAppConfigForUser(getAppConfig, user)
+        : baseConfig;
+
+      if (!isEmailDomainAllowed(userEmail, appConfig?.registration?.allowedDomains)) {
+        logger.error(
+          `[SAML Strategy] Authentication blocked - email domain not allowed [Email: ${userEmail}]`,
+        );
+        return done(null, false, { message: 'Email domain not allowed' });
+      }
+
+      const fullName = getFullName(profile);
+
+      const username = convertToUsername(
+        getUserName(profile) || getGivenName(profile) || getEmail(profile),
+      );
+
+      if (!user) {
+        if (existingUsersOnly) {
+          logger.error(
+            `[samlStrategy] Admin auth blocked - user does not exist [Email: ${userEmail}]`,
+          );
+          return done(null, false, { message: 'User does not exist' });
+        }
+
+        user = {
+          provider: 'saml',
+          samlId: profile.nameID,
+          username,
+          email: userEmail,
+          emailVerified: true,
+          name: fullName,
+        };
+        const balanceConfig = getBalanceConfig(appConfig);
+        user = await createUser(user, balanceConfig, true, true);
+      } else {
+        user.provider = 'saml';
+        user.samlId = profile.nameID;
+        user.username = username;
+        user.name = fullName;
+      }
+
+      const picture = getPicture(profile);
+      if (picture && !user.avatar?.includes('manual=true')) {
+        const imageBuffer = await downloadImage(profile.picture);
+        if (imageBuffer) {
+          let fileName;
+          if (crypto) {
+            fileName = (await hashToken(profile.nameID)) + '.png';
+          } else {
+            fileName = profile.nameID + '.png';
+          }
+
+          const { saveBuffer } = getStrategyFunctions(
+            appConfig?.fileStrategy ?? process.env.CDN_PROVIDER,
+          );
+          const imagePath = await saveBuffer({
+            fileName,
+            userId: user._id.toString(),
+            buffer: imageBuffer,
+          });
+          user.avatar = imagePath ?? '';
+        }
+      }
+
+      user = await updateUser(user._id, user);
+
+      logger.info(
+        `[samlStrategy] Login success SAML ID: ${user.samlId} | email: ${user.email} | username: ${user.username}`,
+        {
+          user: {
+            samlId: user.samlId,
+            username: user.username,
+            email: user.email,
+            name: user.name,
+          },
+        },
+      );
+
+      done(null, user);
+    } catch (err) {
+      logger.error('[samlStrategy] Login failed', err);
+      done(err);
+    }
+  };
+}
+
+/**
+ * Returns the base SAML configuration shared by both regular and admin strategies.
+ * @returns {object} The SAML configuration object.
+ */
+function getBaseSamlConfig() {
+  return {
+    entryPoint: process.env.SAML_ENTRY_POINT,
+    issuer: process.env.SAML_ISSUER,
+    idpCert: getCertificateContent(process.env.SAML_CERT),
+    wantAssertionsSigned: process.env.SAML_USE_AUTHN_RESPONSE_SIGNED === 'true' ? false : true,
+    wantAuthnResponseSigned: process.env.SAML_USE_AUTHN_RESPONSE_SIGNED === 'true' ? true : false,
+  };
+}
+
 async function setupSaml() {
   try {
+    const baseConfig = getBaseSamlConfig();
     const samlConfig = {
-      entryPoint: process.env.SAML_ENTRY_POINT,
-      issuer: process.env.SAML_ISSUER,
+      ...baseConfig,
       callbackUrl: process.env.SAML_CALLBACK_URL,
-      idpCert: getCertificateContent(process.env.SAML_CERT),
-      wantAssertionsSigned: process.env.SAML_USE_AUTHN_RESPONSE_SIGNED === 'true' ? false : true,
-      wantAuthnResponseSigned: process.env.SAML_USE_AUTHN_RESPONSE_SIGNED === 'true' ? true : false,
     };
 
-    passport.use(
-      'saml',
-      new SamlStrategy(samlConfig, async (profile, done) => {
-        try {
-          logger.info(`[samlStrategy] SAML authentication received for NameID: ${profile.nameID}`);
-          logger.debug('[samlStrategy] SAML profile:', profile);
-
-          const userEmail = getEmail(profile) || '';
-          const appConfig = await getAppConfig();
-
-          if (!isEmailDomainAllowed(userEmail, appConfig?.registration?.allowedDomains)) {
-            logger.error(
-              `[SAML Strategy] Authentication blocked - email domain not allowed [Email: ${userEmail}]`,
-            );
-            return done(null, false, { message: 'Email domain not allowed' });
-          }
-
-          let user = await findUser({ samlId: profile.nameID });
-          logger.info(
-            `[samlStrategy] User ${user ? 'found' : 'not found'} with SAML ID: ${profile.nameID}`,
-          );
-
-          if (!user) {
-            user = await findUser({ email: userEmail });
-            logger.info(
-              `[samlStrategy] User ${user ? 'found' : 'not found'} with email: ${userEmail}`,
-            );
-          }
-
-          if (user && user.provider !== 'saml') {
-            logger.info(
-              `[samlStrategy] User ${user.email} already exists with provider ${user.provider}`,
-            );
-            return done(null, false, {
-              message: ErrorTypes.AUTH_FAILED,
-            });
-          }
-
-          const fullName = getFullName(profile);
-
-          const username = convertToUsername(
-            getUserName(profile) || getGivenName(profile) || getEmail(profile),
-          );
-
-          if (!user) {
-            user = {
-              provider: 'saml',
-              samlId: profile.nameID,
-              username,
-              email: userEmail,
-              emailVerified: true,
-              name: fullName,
-            };
-            const balanceConfig = getBalanceConfig(appConfig);
-            user = await createUser(user, balanceConfig, true, true);
-          } else {
-            user.provider = 'saml';
-            user.samlId = profile.nameID;
-            user.username = username;
-            user.name = fullName;
-          }
-
-          const picture = getPicture(profile);
-          if (picture && !user.avatar?.includes('manual=true')) {
-            const imageBuffer = await downloadImage(profile.picture);
-            if (imageBuffer) {
-              let fileName;
-              if (crypto) {
-                fileName = (await hashToken(profile.nameID)) + '.png';
-              } else {
-                fileName = profile.nameID + '.png';
-              }
-
-              const { saveBuffer } = getStrategyFunctions(
-                appConfig?.fileStrategy ?? process.env.CDN_PROVIDER,
-              );
-              const imagePath = await saveBuffer({
-                fileName,
-                userId: user._id.toString(),
-                buffer: imageBuffer,
-              });
-              user.avatar = imagePath ?? '';
-            }
-          }
-
-          user = await updateUser(user._id, user);
-
-          logger.info(
-            `[samlStrategy] Login success SAML ID: ${user.samlId} | email: ${user.email} | username: ${user.username}`,
-            {
-              user: {
-                samlId: user.samlId,
-                username: user.username,
-                email: user.email,
-                name: user.name,
-              },
-            },
-          );
-
-          done(null, user);
-        } catch (err) {
-          logger.error('[samlStrategy] Login failed', err);
-          done(err);
-        }
-      }),
-    );
+    passport.use('saml', new SamlStrategy(samlConfig, createSamlCallback(false)));
+    setupSamlAdmin(baseConfig);
   } catch (err) {
     logger.error('[samlStrategy]', err);
   }
 }
 
+/**
+ * Sets up the SAML strategy specifically for admin authentication.
+ * Rejects users that don't already exist.
+ * @param {object} [baseConfig] - Pre-parsed base SAML config to avoid redundant cert parsing.
+ */
+function setupSamlAdmin(baseConfig) {
+  try {
+    const samlAdminConfig = {
+      ...(baseConfig ?? getBaseSamlConfig()),
+      callbackUrl: `${process.env.DOMAIN_SERVER}/api/admin/oauth/saml/callback`,
+    };
+
+    passport.use('samlAdmin', new SamlStrategy(samlAdminConfig, createSamlCallback(true)));
+    logger.info('[samlStrategy] Admin SAML strategy registered.');
+  } catch (err) {
+    logger.error('[samlStrategy] setupSamlAdmin', err);
+  }
+}
+
 module.exports = { setupSaml, getCertificateContent };
diff --git a/api/strategies/samlStrategy.spec.js b/api/strategies/samlStrategy.spec.js
index 1d16719b87..965fb157ef 100644
--- a/api/strategies/samlStrategy.spec.js
+++ b/api/strategies/samlStrategy.spec.js
@@ -30,6 +30,7 @@ jest.mock('@librechat/api', () => ({
     tokenCredits: 1000,
     startBalance: 1000,
   })),
+  resolveAppConfigForUser: jest.fn(async (_getAppConfig, _user) => ({})),
 }));
 jest.mock('~/server/services/Config/EndpointService', () => ({
   config: {},
@@ -47,6 +48,9 @@ const fs = require('fs');
 const path = require('path');
 const fetch = require('node-fetch');
 const { Strategy: SamlStrategy } = require('@node-saml/passport-saml');
+const { findUser } = require('~/models');
+const { resolveAppConfigForUser } = require('@librechat/api');
+const { getAppConfig } = require('~/server/services/Config');
 const { setupSaml, getCertificateContent } = require('./samlStrategy');
 
 // Configure fs mock
@@ -54,10 +58,14 @@ jest.mocked(fs).existsSync = jest.fn();
 jest.mocked(fs).statSync = jest.fn();
 jest.mocked(fs).readFileSync = jest.fn();
 
-// To capture the verify callback from the strategy, we grab it from the mock constructor
+// To capture the verify callback from the strategy, we grab it from the mock constructor.
+// setupSaml() registers both 'saml' (regular) and 'samlAdmin' strategies, so we capture
+// only the first callback per setupSaml() call (the regular one).
 let verifyCallback;
 SamlStrategy.mockImplementation((options, verify) => {
-  verifyCallback = verify;
+  if (!verifyCallback) {
+    verifyCallback = verify;
+  }
   return { name: 'saml', options, verify };
 });
 
@@ -215,6 +223,8 @@ describe('setupSaml', () => {
 
   beforeEach(async () => {
     jest.clearAllMocks();
+    // Reset so the mock captures the regular (non-admin) callback on next setupSaml() call
+    verifyCallback = null;
 
     // Configure mocks
     const { findUser, createUser, updateUser } = require('~/models');
@@ -440,4 +450,50 @@ u7wlOSk+oFzDIO/UILIA
 
     expect(fetch).not.toHaveBeenCalled();
   });
+
+  it('should pass the found user to resolveAppConfigForUser', async () => {
+    const existingUser = {
+      _id: 'tenant-user-id',
+      provider: 'saml',
+      samlId: 'saml-1234',
+      email: 'test@example.com',
+      tenantId: 'tenant-c',
+      role: 'USER',
+    };
+    findUser.mockResolvedValue(existingUser);
+
+    const profile = { ...baseProfile };
+    await validate(profile);
+
+    expect(resolveAppConfigForUser).toHaveBeenCalledWith(getAppConfig, existingUser);
+  });
+
+  it('should use baseConfig for new SAML user without calling resolveAppConfigForUser', async () => {
+    const profile = { ...baseProfile };
+    await validate(profile);
+
+    expect(resolveAppConfigForUser).not.toHaveBeenCalled();
+    expect(getAppConfig).toHaveBeenCalledWith({ baseOnly: true });
+  });
+
+  it('should block login when tenant config restricts the domain', async () => {
+    const { isEmailDomainAllowed } = require('@librechat/api');
+    const existingUser = {
+      _id: 'tenant-blocked',
+      provider: 'saml',
+      samlId: 'saml-1234',
+      email: 'test@example.com',
+      tenantId: 'tenant-restrict',
+      role: 'USER',
+    };
+    findUser.mockResolvedValue(existingUser);
+    resolveAppConfigForUser.mockResolvedValue({
+      registration: { allowedDomains: ['other.com'] },
+    });
+    isEmailDomainAllowed.mockReturnValueOnce(true).mockReturnValueOnce(false);
+
+    const profile = { ...baseProfile };
+    const { user } = await validate(profile);
+    expect(user).toBe(false);
+  });
 });
diff --git a/api/strategies/socialLogin.js b/api/strategies/socialLogin.js
index 88fb347042..580e4f3d7e 100644
--- a/api/strategies/socialLogin.js
+++ b/api/strategies/socialLogin.js
@@ -1,21 +1,21 @@
 const { logger } = require('@librechat/data-schemas');
 const { ErrorTypes } = require('librechat-data-provider');
-const { isEnabled, isEmailDomainAllowed } = require('@librechat/api');
+const { isEnabled, isEmailDomainAllowed, resolveAppConfigForUser } = require('@librechat/api');
 const { createSocialUser, handleExistingUser } = require('./process');
 const { getAppConfig } = require('~/server/services/Config');
 const { findUser } = require('~/models');
 
 const socialLogin =
-  (provider, getProfileDetails) => async (accessToken, refreshToken, idToken, profile, cb) => {
+  (provider, getProfileDetails, options = {}) =>
+  async (accessToken, refreshToken, idToken, profile, cb) => {
     try {
       const { email, id, avatarUrl, username, name, emailVerified } = getProfileDetails({
         idToken,
         profile,
       });
 
-      const appConfig = await getAppConfig();
-
-      if (!isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
+      const baseConfig = await getAppConfig({ baseOnly: true });
+      if (!isEmailDomainAllowed(email, baseConfig?.registration?.allowedDomains)) {
         logger.error(
           `[${provider}Login] Authentication blocked - email domain not allowed [Email: ${email}]`,
         );
@@ -41,6 +41,20 @@ const socialLogin =
         }
       }
 
+      const appConfig = existingUser?.tenantId
+        ? await resolveAppConfigForUser(getAppConfig, existingUser)
+        : baseConfig;
+
+      if (!isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
+        logger.error(
+          `[${provider}Login] Authentication blocked - email domain not allowed [Email: ${email}]`,
+        );
+        const error = new Error(ErrorTypes.AUTH_FAILED);
+        error.code = ErrorTypes.AUTH_FAILED;
+        error.message = 'Email domain not allowed';
+        return cb(error);
+      }
+
       if (existingUser?.provider === provider) {
         await handleExistingUser(existingUser, avatarUrl, appConfig, email);
         return cb(null, existingUser);
@@ -54,6 +68,13 @@ const socialLogin =
         return cb(error);
       }
 
+      if (options.existingUsersOnly) {
+        logger.error(
+          `[${provider}Login] Admin auth blocked - user does not exist [Email: ${email}]`,
+        );
+        return cb(null, false, { message: 'User does not exist' });
+      }
+
       const ALLOW_SOCIAL_REGISTRATION = isEnabled(process.env.ALLOW_SOCIAL_REGISTRATION);
       if (!ALLOW_SOCIAL_REGISTRATION) {
         logger.error(
diff --git a/api/strategies/socialLogin.test.js b/api/strategies/socialLogin.test.js
index ba4778c8b1..4fde397d55 100644
--- a/api/strategies/socialLogin.test.js
+++ b/api/strategies/socialLogin.test.js
@@ -3,6 +3,8 @@ const { ErrorTypes } = require('librechat-data-provider');
 const { createSocialUser, handleExistingUser } = require('./process');
 const socialLogin = require('./socialLogin');
 const { findUser } = require('~/models');
+const { resolveAppConfigForUser } = require('@librechat/api');
+const { getAppConfig } = require('~/server/services/Config');
 
 jest.mock('@librechat/data-schemas', () => {
   const actualModule = jest.requireActual('@librechat/data-schemas');
@@ -25,6 +27,10 @@ jest.mock('@librechat/api', () => ({
   ...jest.requireActual('@librechat/api'),
   isEnabled: jest.fn().mockReturnValue(true),
   isEmailDomainAllowed: jest.fn().mockReturnValue(true),
+  resolveAppConfigForUser: jest.fn().mockResolvedValue({
+    fileStrategy: 'local',
+    balance: { enabled: false },
+  }),
 }));
 
 jest.mock('~/models', () => ({
@@ -66,10 +72,7 @@ describe('socialLogin', () => {
         googleId: googleId,
       };
 
-      /** Mock findUser to return user on first call (by googleId), null on second call */
-      findUser
-        .mockResolvedValueOnce(existingUser) // First call: finds by googleId
-        .mockResolvedValueOnce(null); // Second call would be by email, but won't be reached
+      findUser.mockResolvedValueOnce(existingUser).mockResolvedValueOnce(null);
 
       const mockProfile = {
         id: googleId,
@@ -83,13 +86,9 @@ describe('socialLogin', () => {
 
       await loginFn(null, null, null, mockProfile, callback);
 
-      /** Verify it searched by googleId first */
       expect(findUser).toHaveBeenNthCalledWith(1, { googleId: googleId });
-
-      /** Verify it did NOT search by email (because it found user by googleId) */
       expect(findUser).toHaveBeenCalledTimes(1);
 
-      /** Verify handleExistingUser was called with the new email */
       expect(handleExistingUser).toHaveBeenCalledWith(
         existingUser,
         'https://example.com/avatar.png',
@@ -97,7 +96,6 @@ describe('socialLogin', () => {
         newEmail,
       );
 
-      /** Verify callback was called with success */
       expect(callback).toHaveBeenCalledWith(null, existingUser);
     });
 
@@ -113,7 +111,7 @@ describe('socialLogin', () => {
         facebookId: facebookId,
       };
 
-      findUser.mockResolvedValue(existingUser); // Always returns user
+      findUser.mockResolvedValue(existingUser);
 
       const mockProfile = {
         id: facebookId,
@@ -127,7 +125,6 @@ describe('socialLogin', () => {
 
       await loginFn(null, null, null, mockProfile, callback);
 
-      /** Verify it searched by facebookId first */
       expect(findUser).toHaveBeenCalledWith({ facebookId: facebookId });
       expect(findUser.mock.calls[0]).toEqual([{ facebookId: facebookId }]);
 
@@ -150,13 +147,10 @@ describe('socialLogin', () => {
         _id: 'user789',
         email: email,
         provider: 'google',
-        googleId: 'old-google-id', // Different googleId (edge case)
+        googleId: 'old-google-id',
       };
 
-      /** First call (by googleId) returns null, second call (by email) returns user */
-      findUser
-        .mockResolvedValueOnce(null) // By googleId
-        .mockResolvedValueOnce(existingUser); // By email
+      findUser.mockResolvedValueOnce(null).mockResolvedValueOnce(existingUser);
 
       const mockProfile = {
         id: googleId,
@@ -170,13 +164,10 @@ describe('socialLogin', () => {
 
       await loginFn(null, null, null, mockProfile, callback);
 
-      /** Verify both searches happened */
       expect(findUser).toHaveBeenNthCalledWith(1, { googleId: googleId });
-      /** Email passed as-is; findUser implementation handles case normalization */
       expect(findUser).toHaveBeenNthCalledWith(2, { email: email });
       expect(findUser).toHaveBeenCalledTimes(2);
 
-      /** Verify warning log */
       expect(logger.warn).toHaveBeenCalledWith(
         `[${provider}Login] User found by email: ${email} but not by ${provider}Id`,
       );
@@ -197,7 +188,6 @@ describe('socialLogin', () => {
         googleId: googleId,
       };
 
-      /** Both searches return null */
       findUser.mockResolvedValue(null);
       createSocialUser.mockResolvedValue(newUser);
 
@@ -213,10 +203,8 @@ describe('socialLogin', () => {
 
       await loginFn(null, null, null, mockProfile, callback);
 
-      /** Verify both searches happened */
       expect(findUser).toHaveBeenCalledTimes(2);
 
-      /** Verify createSocialUser was called */
       expect(createSocialUser).toHaveBeenCalledWith({
         email: email,
         avatarUrl: 'https://example.com/avatar.png',
@@ -242,12 +230,10 @@ describe('socialLogin', () => {
       const existingUser = {
         _id: 'user123',
         email: email,
-        provider: 'local', // Different provider
+        provider: 'local',
       };
 
-      findUser
-        .mockResolvedValueOnce(null) // By googleId
-        .mockResolvedValueOnce(existingUser); // By email
+      findUser.mockResolvedValueOnce(null).mockResolvedValueOnce(existingUser);
 
       const mockProfile = {
         id: googleId,
@@ -261,7 +247,6 @@ describe('socialLogin', () => {
 
       await loginFn(null, null, null, mockProfile, callback);
 
-      /** Verify error callback */
       expect(callback).toHaveBeenCalledWith(
         expect.objectContaining({
           code: ErrorTypes.AUTH_FAILED,
@@ -274,4 +259,104 @@ describe('socialLogin', () => {
       );
     });
   });
+
+  describe('Tenant-scoped config', () => {
+    it('should call resolveAppConfigForUser for tenant user', async () => {
+      const provider = 'google';
+      const googleId = 'google-tenant-user';
+      const email = 'tenant@example.com';
+
+      const existingUser = {
+        _id: 'userTenant',
+        email,
+        provider: 'google',
+        googleId,
+        tenantId: 'tenant-b',
+        role: 'USER',
+      };
+
+      findUser.mockResolvedValue(existingUser);
+
+      const mockProfile = {
+        id: googleId,
+        emails: [{ value: email, verified: true }],
+        photos: [{ value: 'https://example.com/avatar.png' }],
+        name: { givenName: 'Tenant', familyName: 'User' },
+      };
+
+      const loginFn = socialLogin(provider, mockGetProfileDetails);
+      const callback = jest.fn();
+
+      await loginFn(null, null, null, mockProfile, callback);
+
+      expect(resolveAppConfigForUser).toHaveBeenCalledWith(getAppConfig, existingUser);
+    });
+
+    it('should use baseConfig for non-tenant user without calling resolveAppConfigForUser', async () => {
+      const provider = 'google';
+      const googleId = 'google-new-tenant';
+      const email = 'new@example.com';
+
+      findUser.mockResolvedValue(null);
+      createSocialUser.mockResolvedValue({
+        _id: 'newUser',
+        email,
+        provider: 'google',
+        googleId,
+      });
+
+      const mockProfile = {
+        id: googleId,
+        emails: [{ value: email, verified: true }],
+        photos: [{ value: 'https://example.com/avatar.png' }],
+        name: { givenName: 'New', familyName: 'User' },
+      };
+
+      const loginFn = socialLogin(provider, mockGetProfileDetails);
+      const callback = jest.fn();
+
+      await loginFn(null, null, null, mockProfile, callback);
+
+      expect(resolveAppConfigForUser).not.toHaveBeenCalled();
+      expect(getAppConfig).toHaveBeenCalledWith({ baseOnly: true });
+    });
+
+    it('should block login when tenant config restricts the domain', async () => {
+      const { isEmailDomainAllowed } = require('@librechat/api');
+      const provider = 'google';
+      const googleId = 'google-tenant-blocked';
+      const email = 'blocked@example.com';
+
+      const existingUser = {
+        _id: 'userBlocked',
+        email,
+        provider: 'google',
+        googleId,
+        tenantId: 'tenant-restrict',
+        role: 'USER',
+      };
+
+      findUser.mockResolvedValue(existingUser);
+      resolveAppConfigForUser.mockResolvedValue({
+        registration: { allowedDomains: ['other.com'] },
+      });
+      isEmailDomainAllowed.mockReturnValueOnce(true).mockReturnValueOnce(false);
+
+      const mockProfile = {
+        id: googleId,
+        emails: [{ value: email, verified: true }],
+        photos: [{ value: 'https://example.com/avatar.png' }],
+        name: { givenName: 'Blocked', familyName: 'User' },
+      };
+
+      const loginFn = socialLogin(provider, mockGetProfileDetails);
+      const callback = jest.fn();
+
+      await loginFn(null, null, null, mockProfile, callback);
+
+      expect(callback).toHaveBeenCalledWith(
+        expect.objectContaining({ message: 'Email domain not allowed' }),
+      );
+    });
+  });
 });
diff --git a/api/utils/tokens.spec.js b/api/utils/tokens.spec.js
index 6cecdb95c8..dfa6762ee5 100644
--- a/api/utils/tokens.spec.js
+++ b/api/utils/tokens.spec.js
@@ -1813,3 +1813,57 @@ describe('GLM Model Tests (Zhipu AI)', () => {
     });
   });
 });
+
+describe('Mistral Model Tests', () => {
+  describe('getModelMaxTokens', () => {
+    test('should return correct tokens for mistral-large-3 (256k context)', () => {
+      expect(getModelMaxTokens('mistral-large-3', EModelEndpoint.custom)).toBe(
+        maxTokensMap[EModelEndpoint.custom]['mistral-large-3'],
+      );
+    });
+
+    test('should match mistral-large-3 for suffixed variants', () => {
+      expect(getModelMaxTokens('mistral-large-3-instruct', EModelEndpoint.custom)).toBe(
+        maxTokensMap[EModelEndpoint.custom]['mistral-large-3'],
+      );
+    });
+
+    test('should not match mistral-large-3 for generic mistral-large', () => {
+      expect(getModelMaxTokens('mistral-large', EModelEndpoint.custom)).toBe(
+        maxTokensMap[EModelEndpoint.custom]['mistral-large'],
+      );
+      expect(getModelMaxTokens('mistral-large-latest', EModelEndpoint.custom)).toBe(
+        maxTokensMap[EModelEndpoint.custom]['mistral-large'],
+      );
+    });
+  });
+
+  describe('matchModelName', () => {
+    test('should match mistral-large-3 exactly', () => {
+      expect(matchModelName('mistral-large-3', EModelEndpoint.custom)).toBe('mistral-large-3');
+    });
+
+    test('should match mistral-large-3 for prefixed/suffixed variants', () => {
+      expect(matchModelName('mistral/mistral-large-3', EModelEndpoint.custom)).toBe(
+        'mistral-large-3',
+      );
+      expect(matchModelName('mistral-large-3-instruct', EModelEndpoint.custom)).toBe(
+        'mistral-large-3',
+      );
+    });
+
+    test('should match generic mistral-large for non-3 variants', () => {
+      expect(matchModelName('mistral-large-latest', EModelEndpoint.custom)).toBe('mistral-large');
+    });
+  });
+
+  describe('findMatchingPattern', () => {
+    test('should prefer mistral-large-3 over mistral-large for mistral-large-3 variants', () => {
+      const result = findMatchingPattern(
+        'mistral-large-3-instruct',
+        maxTokensMap[EModelEndpoint.custom],
+      );
+      expect(result).toBe('mistral-large-3');
+    });
+  });
+});
diff --git a/client/jest.config.cjs b/client/jest.config.cjs
index 4d9087bff7..375e4418a7 100644
--- a/client/jest.config.cjs
+++ b/client/jest.config.cjs
@@ -41,7 +41,9 @@ module.exports = {
     '\\.(jpg|jpeg|png|gif|eot|otf|webp|svg|ttf|woff|woff2|mp4|webm|wav|mp3|m4a|aac|oga)$':
       'jest-file-loader',
   },
-  transformIgnorePatterns: ['node_modules/?!@zattoo/use-double-click'],
+  transformIgnorePatterns: [
+    '/node_modules/(?!(@zattoo/use-double-click|@dicebear|@react-dnd|react-dnd.*|dnd-core|filenamify|filename-reserved-regex|heic-to|lowlight|highlight\\.js|fault|react-markdown|unified|bail|trough|devlop|is-.*|parse-entities|stringify-entities|character-.*|trim-lines|style-to-object|inline-style-parser|html-url-attributes|escape-string-regexp|longest-streak|zwitch|ccount|markdown-table|comma-separated-tokens|space-separated-tokens|web-namespaces|property-information|remark-.*|rehype-.*|recma-.*|hast.*|mdast-.*|unist-.*|vfile.*|micromark.*|estree-util-.*|decode-named-character-reference)/)/',
+  ],
   setupFilesAfterEnv: ['@testing-library/jest-dom/extend-expect', '<rootDir>/test/setupTests.js'],
   clearMocks: true,
 };
diff --git a/client/nginx.conf b/client/nginx.conf
index c91c47a23f..906b3af128 100644
--- a/client/nginx.conf
+++ b/client/nginx.conf
@@ -86,9 +86,15 @@ server {
 
 #    location /api {
 #        proxy_pass http://api:3080/api;
+#        proxy_set_header X-Forwarded-Proto $scheme;
+#        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#        proxy_set_header Host $host;
 #    }
 
 #    location / {
 #        proxy_pass http://api:3080;
+#        proxy_set_header X-Forwarded-Proto $scheme;
+#        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#        proxy_set_header Host $host;
 #    }
 #}
diff --git a/client/package.json b/client/package.json
index 85d5a176f4..5fe9cddcc7 100644
--- a/client/package.json
+++ b/client/package.json
@@ -122,7 +122,7 @@
     "@babel/preset-env": "^7.22.15",
     "@babel/preset-react": "^7.22.15",
     "@babel/preset-typescript": "^7.22.15",
-    "@happy-dom/jest-environment": "^20.8.3",
+    "@happy-dom/jest-environment": "^20.8.9",
     "@tanstack/react-query-devtools": "^4.29.0",
     "@testing-library/dom": "^9.3.0",
     "@testing-library/jest-dom": "^5.16.5",
diff --git a/client/src/@types/react.d.ts b/client/src/@types/react.d.ts
new file mode 100644
index 0000000000..edf0b7af3f
--- /dev/null
+++ b/client/src/@types/react.d.ts
@@ -0,0 +1,8 @@
+import 'react';
+
+declare module 'react' {
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  interface HTMLAttributes<T> {
+    inert?: boolean | '' | undefined;
+  }
+}
diff --git a/client/src/Providers/ActivePanelContext.tsx b/client/src/Providers/ActivePanelContext.tsx
index 9d6082d4e4..46b2a189b7 100644
--- a/client/src/Providers/ActivePanelContext.tsx
+++ b/client/src/Providers/ActivePanelContext.tsx
@@ -35,3 +35,11 @@ export function useActivePanel() {
   }
   return context;
 }
+
+/** Returns `active` when it matches a known link, otherwise the first link's id. */
+export function resolveActivePanel(active: string, links: { id: string }[]): string {
+  if (links.length > 0 && links.some((l) => l.id === active)) {
+    return active;
+  }
+  return links[0]?.id ?? active;
+}
diff --git a/client/src/Providers/MessagesViewContext.tsx b/client/src/Providers/MessagesViewContext.tsx
index f1cae204a4..c44972918c 100644
--- a/client/src/Providers/MessagesViewContext.tsx
+++ b/client/src/Providers/MessagesViewContext.tsx
@@ -140,6 +140,55 @@ export function useMessagesOperations() {
   );
 }
 
+type OptionalMessagesOps = Pick<
+  MessagesViewContextValue,
+  'ask' | 'regenerate' | 'handleContinue' | 'getMessages' | 'setMessages'
+>;
+
+const NOOP_OPS: OptionalMessagesOps = {
+  ask: () => {},
+  regenerate: () => {},
+  handleContinue: () => {},
+  getMessages: () => undefined,
+  setMessages: () => {},
+};
+
+/**
+ * Hook for components that need message operations but may render outside MessagesViewProvider
+ * (e.g. the /search route). Returns no-op stubs when the provider is absent — UI actions will
+ * be silently discarded rather than crashing. Callers must use optional chaining on
+ * `getMessages()` results, as it returns `undefined` outside the provider.
+ */
+export function useOptionalMessagesOperations(): OptionalMessagesOps {
+  const context = useContext(MessagesViewContext);
+  const ask = context?.ask;
+  const regenerate = context?.regenerate;
+  const handleContinue = context?.handleContinue;
+  const getMessages = context?.getMessages;
+  const setMessages = context?.setMessages;
+  return useMemo(
+    () => ({
+      ask: ask ?? NOOP_OPS.ask,
+      regenerate: regenerate ?? NOOP_OPS.regenerate,
+      handleContinue: handleContinue ?? NOOP_OPS.handleContinue,
+      getMessages: getMessages ?? NOOP_OPS.getMessages,
+      setMessages: setMessages ?? NOOP_OPS.setMessages,
+    }),
+    [ask, regenerate, handleContinue, getMessages, setMessages],
+  );
+}
+
+/**
+ * Hook for components that need conversation data but may render outside MessagesViewProvider
+ * (e.g. the /search route). Returns `undefined` for both fields when the provider is absent.
+ */
+export function useOptionalMessagesConversation() {
+  const context = useContext(MessagesViewContext);
+  const conversation = context?.conversation;
+  const conversationId = context?.conversationId;
+  return useMemo(() => ({ conversation, conversationId }), [conversation, conversationId]);
+}
+
 /** Hook for components that only need message state */
 export function useMessagesState() {
   const { index, latestMessageId, latestMessageDepth, setLatestMessage } = useMessagesViewContext();
diff --git a/client/src/Providers/__tests__/ActivePanelContext.spec.tsx b/client/src/Providers/__tests__/ActivePanelContext.spec.tsx
index 6a6059c9b4..0f2f89e8f7 100644
--- a/client/src/Providers/__tests__/ActivePanelContext.spec.tsx
+++ b/client/src/Providers/__tests__/ActivePanelContext.spec.tsx
@@ -1,7 +1,11 @@
 import React from 'react';
 import { render, fireEvent, screen } from '@testing-library/react';
 import '@testing-library/jest-dom/extend-expect';
-import { ActivePanelProvider, useActivePanel } from '~/Providers/ActivePanelContext';
+import {
+  ActivePanelProvider,
+  resolveActivePanel,
+  useActivePanel,
+} from '~/Providers/ActivePanelContext';
 
 const STORAGE_KEY = 'side:active-panel';
 
@@ -58,3 +62,23 @@ describe('ActivePanelContext', () => {
     spy.mockRestore();
   });
 });
+
+describe('resolveActivePanel', () => {
+  const links = [{ id: 'conversations' }, { id: 'prompts' }, { id: 'files' }];
+
+  it('returns active when it matches a link', () => {
+    expect(resolveActivePanel('prompts', links)).toBe('prompts');
+  });
+
+  it('falls back to first link when active does not match', () => {
+    expect(resolveActivePanel('hide-panel', links)).toBe('conversations');
+  });
+
+  it('returns active unchanged when links is empty', () => {
+    expect(resolveActivePanel('agents', [])).toBe('agents');
+  });
+
+  it('falls back to the only link when active is stale', () => {
+    expect(resolveActivePanel('agents', [{ id: 'conversations' }])).toBe('conversations');
+  });
+});
diff --git a/client/src/Providers/__tests__/MessagesViewContext.spec.tsx b/client/src/Providers/__tests__/MessagesViewContext.spec.tsx
new file mode 100644
index 0000000000..88cd6f702d
--- /dev/null
+++ b/client/src/Providers/__tests__/MessagesViewContext.spec.tsx
@@ -0,0 +1,53 @@
+import { renderHook } from '@testing-library/react';
+import {
+  useOptionalMessagesOperations,
+  useOptionalMessagesConversation,
+} from '../MessagesViewContext';
+
+describe('useOptionalMessagesOperations', () => {
+  it('returns noop stubs when rendered outside MessagesViewProvider', () => {
+    const { result } = renderHook(() => useOptionalMessagesOperations());
+
+    expect(result.current.ask).toBeInstanceOf(Function);
+    expect(result.current.regenerate).toBeInstanceOf(Function);
+    expect(result.current.handleContinue).toBeInstanceOf(Function);
+    expect(result.current.getMessages).toBeInstanceOf(Function);
+    expect(result.current.setMessages).toBeInstanceOf(Function);
+  });
+
+  it('noop stubs do not throw when called', () => {
+    const { result } = renderHook(() => useOptionalMessagesOperations());
+
+    expect(() => result.current.ask({} as never)).not.toThrow();
+    expect(() => result.current.regenerate({} as never)).not.toThrow();
+    expect(() => result.current.handleContinue({} as never)).not.toThrow();
+    expect(() => result.current.setMessages([])).not.toThrow();
+  });
+
+  it('getMessages returns undefined outside the provider', () => {
+    const { result } = renderHook(() => useOptionalMessagesOperations());
+    expect(result.current.getMessages()).toBeUndefined();
+  });
+
+  it('returns stable references across re-renders', () => {
+    const { result, rerender } = renderHook(() => useOptionalMessagesOperations());
+    const first = result.current;
+    rerender();
+    expect(result.current).toBe(first);
+  });
+});
+
+describe('useOptionalMessagesConversation', () => {
+  it('returns undefined fields when rendered outside MessagesViewProvider', () => {
+    const { result } = renderHook(() => useOptionalMessagesConversation());
+    expect(result.current.conversation).toBeUndefined();
+    expect(result.current.conversationId).toBeUndefined();
+  });
+
+  it('returns stable references across re-renders', () => {
+    const { result, rerender } = renderHook(() => useOptionalMessagesConversation());
+    const first = result.current;
+    rerender();
+    expect(result.current).toBe(first);
+  });
+});
diff --git a/client/src/common/types.ts b/client/src/common/types.ts
index 85044bb2bc..6ca408685f 100644
--- a/client/src/common/types.ts
+++ b/client/src/common/types.ts
@@ -355,6 +355,28 @@ export type TOptions = {
 
 export type TAskFunction = (props: TAskProps, options?: TOptions) => void;
 
+/**
+ * Stable context object passed from non-memo'd wrapper components (Message, MessageContent)
+ * to memo'd inner components (MessageRender, ContentRender) via props.
+ *
+ * This avoids subscribing to ChatContext inside memo'd components, which would bypass React.memo
+ * and cause unnecessary re-renders when `isSubmitting` changes during streaming.
+ *
+ * The `isSubmitting` property should use a getter backed by a ref so it returns the current
+ * value at call-time (for callback guards) without being a reactive dependency.
+ */
+export type TMessageChatContext = {
+  ask: (...args: Parameters<TAskFunction>) => void;
+  index: number;
+  regenerate: (message: t.TMessage, options?: { addedConvo?: t.TConversation | null }) => void;
+  conversation: t.TConversation | null;
+  latestMessageId: string | undefined;
+  latestMessageDepth: number | undefined;
+  handleContinue: (e: React.MouseEvent<HTMLButtonElement>) => void;
+  /** Should be a getter backed by a ref — reads current value without triggering re-renders */
+  readonly isSubmitting: boolean;
+};
+
 export type TMessageProps = {
   conversation?: t.TConversation | null;
   messageId?: string | null;
diff --git a/client/src/components/Agents/Marketplace.tsx b/client/src/components/Agents/Marketplace.tsx
index 0c9c9fb4cc..816705a0db 100644
--- a/client/src/components/Agents/Marketplace.tsx
+++ b/client/src/components/Agents/Marketplace.tsx
@@ -7,11 +7,10 @@ import { useDocumentTitle, useHasAccess, useLocalize, TranslationKeys } from '~/
 import { useGetEndpointsQuery, useGetAgentCategoriesQuery } from '~/data-provider';
 import MarketplaceAdminSettings from './MarketplaceAdminSettings';
 import { SidePanelGroup } from '~/components/SidePanel';
-import { NewChat } from '~/components/Nav';
-import { cn } from '~/utils';
 import CategoryTabs from './CategoryTabs';
 import SearchBar from './SearchBar';
 import AgentGrid from './AgentGrid';
+import { cn } from '~/utils';
 
 interface AgentMarketplaceProps {
   className?: string;
@@ -202,12 +201,6 @@ const AgentMarketplace: React.FC<AgentMarketplaceProps> = ({ className = '' }) =
             ref={scrollContainerRef}
             className="scrollbar-gutter-stable relative flex h-full flex-col overflow-y-auto overflow-x-hidden"
           >
-            {/* Simplified header for agents marketplace - only show nav controls when needed */}
-            {!isSmallScreen && (
-              <div className="sticky top-0 z-20 flex items-center justify-between bg-surface-secondary p-2 font-semibold text-text-primary md:h-14">
-                <NewChat className="border border-border-light bg-surface-secondary p-2" />
-              </div>
-            )}
             {/* Hero Section - scrolls away */}
             {!isSmallScreen && (
               <div className="container mx-auto max-w-4xl">
@@ -222,9 +215,7 @@ const AgentMarketplace: React.FC<AgentMarketplaceProps> = ({ className = '' }) =
               </div>
             )}
             {/* Sticky wrapper for search bar and categories */}
-            <div
-              className={cn('sticky z-10 bg-presentation pb-4', isSmallScreen ? 'top-0' : 'top-14')}
-            >
+            <div className="sticky top-0 z-10 bg-presentation pb-4">
               <div className="container mx-auto max-w-4xl px-4">
                 {/* Search bar */}
                 <div className="mx-auto flex max-w-2xl gap-2 pb-6">
diff --git a/client/src/components/Artifacts/ArtifactPreview.tsx b/client/src/components/Artifacts/ArtifactPreview.tsx
index c125889c88..8257f76887 100644
--- a/client/src/components/Artifacts/ArtifactPreview.tsx
+++ b/client/src/components/Artifacts/ArtifactPreview.tsx
@@ -6,7 +6,7 @@ import type {
 } from '@codesandbox/sandpack-react/unstyled';
 import type { TStartupConfig } from 'librechat-data-provider';
 import type { ArtifactFiles } from '~/common';
-import { sharedFiles, sharedOptions } from '~/utils/artifacts';
+import { sharedFiles, buildSandpackOptions } from '~/utils/artifacts';
 
 export const ArtifactPreview = memo(function ({
   files,
@@ -39,15 +39,10 @@ export const ArtifactPreview = memo(function ({
     };
   }, [currentCode, files, fileKey]);
 
-  const options: typeof sharedOptions = useMemo(() => {
-    if (!startupConfig) {
-      return sharedOptions;
-    }
-    return {
-      ...sharedOptions,
-      bundlerURL: template === 'static' ? startupConfig.staticBundlerURL : startupConfig.bundlerURL,
-    };
-  }, [startupConfig, template]);
+  const options: SandpackProviderProps['options'] = useMemo(
+    () => buildSandpackOptions(template, startupConfig),
+    [startupConfig, template],
+  );
 
   if (Object.keys(artifactFiles).length === 0) {
     return null;
diff --git a/client/src/components/Artifacts/Artifacts.tsx b/client/src/components/Artifacts/Artifacts.tsx
index 776f689f08..e2a322b1ad 100644
--- a/client/src/components/Artifacts/Artifacts.tsx
+++ b/client/src/components/Artifacts/Artifacts.tsx
@@ -1,15 +1,16 @@
-import { useRef, useState, useEffect } from 'react';
+import { useRef, useState, useEffect, useCallback } from 'react';
+import copy from 'copy-to-clipboard';
 import * as Tabs from '@radix-ui/react-tabs';
 import { Code, Play, RefreshCw, X } from 'lucide-react';
 import { useSetRecoilState, useResetRecoilState } from 'recoil';
 import { Button, Spinner, useMediaQuery, Radio } from '@librechat/client';
 import type { SandpackPreviewRef } from '@codesandbox/sandpack-react';
+import CopyButton from '~/components/Messages/Content/CopyButton';
 import { useShareContext, useMutationState } from '~/Providers';
 import useArtifacts from '~/hooks/Artifacts/useArtifacts';
 import DownloadArtifact from './DownloadArtifact';
 import ArtifactVersion from './ArtifactVersion';
 import ArtifactTabs from './ArtifactTabs';
-import { CopyCodeButton } from './Code';
 import { useLocalize } from '~/hooks';
 import { cn } from '~/utils';
 import store from '~/store';
@@ -30,6 +31,7 @@ export default function Artifacts() {
   const [height, setHeight] = useState(90);
   const [isDragging, setIsDragging] = useState(false);
   const [blurAmount, setBlurAmount] = useState(0);
+  const [isCopied, setIsCopied] = useState(false);
   const dragStartY = useRef(0);
   const dragStartHeight = useRef(90);
   const setArtifactsVisible = useSetRecoilState(store.artifactsVisibility);
@@ -86,6 +88,16 @@ export default function Artifacts() {
     setCurrentArtifactId,
   } = useArtifacts();
 
+  const handleCopyArtifact = useCallback(() => {
+    const content = currentArtifact?.content ?? '';
+    if (!content) {
+      return;
+    }
+    copy(content, { format: 'text/plain' });
+    setIsCopied(true);
+    setTimeout(() => setIsCopied(false), 3000);
+  }, [currentArtifact?.content]);
+
   const handleDragStart = (e: React.PointerEvent) => {
     setIsDragging(true);
     dragStartY.current = e.clientY;
@@ -281,7 +293,7 @@ export default function Artifacts() {
                   }}
                 />
               )}
-              <CopyCodeButton content={currentArtifact.content ?? ''} />
+              <CopyButton isCopied={isCopied} iconOnly onClick={handleCopyArtifact} />
               <DownloadArtifact artifact={currentArtifact} />
               <Button
                 size="icon"
diff --git a/client/src/components/Artifacts/Code.tsx b/client/src/components/Artifacts/Code.tsx
index 61d86262f6..225c94b014 100644
--- a/client/src/components/Artifacts/Code.tsx
+++ b/client/src/components/Artifacts/Code.tsx
@@ -1,9 +1,8 @@
-import React, { memo, useState } from 'react';
-import copy from 'copy-to-clipboard';
-import { Button } from '@librechat/client';
-import { Copy, CircleCheckBig } from 'lucide-react';
-import { handleDoubleClick } from '~/utils';
-import { useLocalize } from '~/hooks';
+import React, { memo, useEffect, useRef, useState } from 'react';
+import rehypeKatex from 'rehype-katex';
+import ReactMarkdown from 'react-markdown';
+import rehypeHighlight from 'rehype-highlight';
+import { handleDoubleClick, langSubset } from '~/utils';
 
 type TCodeProps = {
   inline: boolean;
@@ -26,29 +25,70 @@ export const code: React.ElementType = memo(({ inline, className, children }: TC
   return <code className={`hljs language-${lang} !whitespace-pre`}>{children}</code>;
 });
 
-export const CopyCodeButton: React.FC<{ content: string }> = ({ content }) => {
-  const localize = useLocalize();
-  const [isCopied, setIsCopied] = useState(false);
+const rehypePlugins = [
+  [rehypeKatex],
+  [
+    rehypeHighlight,
+    {
+      detect: true,
+      ignoreMissing: true,
+      subset: langSubset,
+    },
+  ],
+];
 
-  const handleCopy = () => {
-    copy(content, { format: 'text/plain' });
-    setIsCopied(true);
-    setTimeout(() => setIsCopied(false), 3000);
-  };
+export const CodeMarkdown = memo(
+  ({ content = '', isSubmitting }: { content: string; isSubmitting: boolean }) => {
+    const scrollRef = useRef<HTMLDivElement>(null);
+    const [userScrolled, setUserScrolled] = useState(false);
 
-  return (
-    <Button
-      size="icon"
-      variant="ghost"
-      className="h-9 w-9"
-      onClick={handleCopy}
-      aria-label={isCopied ? localize('com_ui_copied') : localize('com_ui_copy_code')}
-    >
-      {isCopied ? (
-        <CircleCheckBig size={16} aria-hidden="true" />
-      ) : (
-        <Copy size={16} aria-hidden="true" />
-      )}
-    </Button>
-  );
-};
+    useEffect(() => {
+      const scrollContainer = scrollRef.current;
+      if (!scrollContainer) {
+        return;
+      }
+
+      const handleScroll = () => {
+        const { scrollTop, scrollHeight, clientHeight } = scrollContainer;
+        const isNearBottom = scrollHeight - scrollTop - clientHeight < 50;
+
+        if (!isNearBottom) {
+          setUserScrolled(true);
+        } else {
+          setUserScrolled(false);
+        }
+      };
+
+      scrollContainer.addEventListener('scroll', handleScroll);
+
+      return () => {
+        scrollContainer.removeEventListener('scroll', handleScroll);
+      };
+    }, []);
+
+    useEffect(() => {
+      const scrollContainer = scrollRef.current;
+      if (!scrollContainer || !isSubmitting || userScrolled) {
+        return;
+      }
+
+      scrollContainer.scrollTop = scrollContainer.scrollHeight;
+    }, [content, isSubmitting, userScrolled]);
+
+    return (
+      <div ref={scrollRef} className="max-h-full overflow-y-auto">
+        <ReactMarkdown
+          /* @ts-expect-error — rehypePlugins type mismatch between react-markdown and unified PluggableList */
+          rehypePlugins={rehypePlugins}
+          components={
+            { code } as {
+              [key: string]: React.ElementType;
+            }
+          }
+        >
+          {content}
+        </ReactMarkdown>
+      </div>
+    );
+  },
+);
diff --git a/client/src/components/Chat/Input/AudioRecorder.tsx b/client/src/components/Chat/Input/AudioRecorder.tsx
index dbf2c29d83..e9e19d0904 100644
--- a/client/src/components/Chat/Input/AudioRecorder.tsx
+++ b/client/src/components/Chat/Input/AudioRecorder.tsx
@@ -1,4 +1,4 @@
-import { useCallback, useRef } from 'react';
+import { memo, useCallback, useRef } from 'react';
 import { MicOff } from 'lucide-react';
 import { useToastContext, TooltipAnchor, ListeningIcon, Spinner } from '@librechat/client';
 import { useLocalize, useSpeechToText, useGetAudioSettings } from '~/hooks';
@@ -7,7 +7,7 @@ import { globalAudioId } from '~/common';
 import { cn } from '~/utils';
 
 const isExternalSTT = (speechToTextEndpoint: string) => speechToTextEndpoint === 'external';
-export default function AudioRecorder({
+export default memo(function AudioRecorder({
   disabled,
   ask,
   methods,
@@ -26,10 +26,12 @@ export default function AudioRecorder({
   const { speechToTextEndpoint } = useGetAudioSettings();
 
   const existingTextRef = useRef<string>('');
+  const isSubmittingRef = useRef(isSubmitting);
+  isSubmittingRef.current = isSubmitting;
 
   const onTranscriptionComplete = useCallback(
     (text: string) => {
-      if (isSubmitting) {
+      if (isSubmittingRef.current) {
         showToast({
           message: localize('com_ui_speech_while_submitting'),
           status: 'error',
@@ -52,7 +54,7 @@ export default function AudioRecorder({
         existingTextRef.current = '';
       }
     },
-    [ask, reset, showToast, localize, isSubmitting, speechToTextEndpoint],
+    [ask, reset, showToast, localize, speechToTextEndpoint],
   );
 
   const setText = useCallback(
@@ -125,4 +127,4 @@ export default function AudioRecorder({
       }
     />
   );
-}
+});
diff --git a/client/src/components/Chat/Input/ChatForm.tsx b/client/src/components/Chat/Input/ChatForm.tsx
index fed355dcb3..9e0ad7f382 100644
--- a/client/src/components/Chat/Input/ChatForm.tsx
+++ b/client/src/components/Chat/Input/ChatForm.tsx
@@ -3,6 +3,8 @@ import { useWatch } from 'react-hook-form';
 import { TextareaAutosize } from '@librechat/client';
 import { useRecoilState, useRecoilValue } from 'recoil';
 import { Constants, isAssistantsEndpoint, isAgentsEndpoint } from 'librechat-data-provider';
+import type { TConversation } from 'librechat-data-provider';
+import type { ExtendedFile, FileSetter, ConvoGenerator } from '~/common';
 import {
   useChatContext,
   useChatFormContext,
@@ -35,7 +37,30 @@ import BadgeRow from './BadgeRow';
 import Mention from './Mention';
 import store from '~/store';
 
-const ChatForm = memo(({ index = 0 }: { index?: number }) => {
+interface ChatFormProps {
+  index: number;
+  /** From ChatContext — individual values so memo can compare them */
+  files: Map<string, ExtendedFile>;
+  setFiles: FileSetter;
+  conversation: TConversation | null;
+  isSubmitting: boolean;
+  filesLoading: boolean;
+  setFilesLoading: React.Dispatch<React.SetStateAction<boolean>>;
+  newConversation: ConvoGenerator;
+  handleStopGenerating: (e: React.MouseEvent<HTMLButtonElement>) => void;
+}
+
+const ChatForm = memo(function ChatForm({
+  index,
+  files,
+  setFiles,
+  conversation,
+  isSubmitting,
+  filesLoading,
+  setFilesLoading,
+  newConversation,
+  handleStopGenerating,
+}: ChatFormProps) {
   const submitButtonRef = useRef<HTMLButtonElement>(null);
   const textAreaRef = useRef<HTMLTextAreaElement>(null);
   useFocusChatEffect(textAreaRef);
@@ -65,15 +90,6 @@ const ChatForm = memo(({ index = 0 }: { index?: number }) => {
 
   const { requiresKey } = useRequiresKey();
   const methods = useChatFormContext();
-  const {
-    files,
-    setFiles,
-    conversation,
-    isSubmitting,
-    filesLoading,
-    newConversation,
-    handleStopGenerating,
-  } = useChatContext();
   const {
     generateConversation,
     conversation: addedConvo,
@@ -120,6 +136,15 @@ const ChatForm = memo(({ index = 0 }: { index?: number }) => {
     }
   }, [isCollapsed]);
 
+  const handleTextareaFocus = useCallback(() => {
+    handleFocusOrClick();
+    setIsTextAreaFocused(true);
+  }, [handleFocusOrClick]);
+
+  const handleTextareaBlur = useCallback(() => {
+    setIsTextAreaFocused(false);
+  }, []);
+
   useAutoSave({
     files,
     setFiles,
@@ -253,7 +278,12 @@ const ChatForm = memo(({ index = 0 }: { index?: number }) => {
               handleSaveBadges={handleSaveBadges}
               setBadges={setBadges}
             />
-            <FileFormChat conversation={conversation} />
+            <FileFormChat
+              conversation={conversation}
+              files={files}
+              setFiles={setFiles}
+              setFilesLoading={setFilesLoading}
+            />
             {endpoint && (
               <div className={cn('flex', isRTL ? 'flex-row-reverse' : 'flex-row')}>
                 <div
@@ -284,11 +314,8 @@ const ChatForm = memo(({ index = 0 }: { index?: number }) => {
                     tabIndex={0}
                     data-testid="text-input"
                     rows={1}
-                    onFocus={() => {
-                      handleFocusOrClick();
-                      setIsTextAreaFocused(true);
-                    }}
-                    onBlur={setIsTextAreaFocused.bind(null, false)}
+                    onFocus={handleTextareaFocus}
+                    onBlur={handleTextareaBlur}
                     aria-label={localize('com_ui_message_input')}
                     onClick={handleFocusOrClick}
                     style={{ height: 44, overflowY: 'auto' }}
@@ -315,7 +342,13 @@ const ChatForm = memo(({ index = 0 }: { index?: number }) => {
               )}
             >
               <div className={`${isRTL ? 'mr-2' : 'ml-2'}`}>
-                <AttachFileChat conversation={conversation} disableInputs={disableInputs} />
+                <AttachFileChat
+                  conversation={conversation}
+                  disableInputs={disableInputs}
+                  files={files}
+                  setFiles={setFiles}
+                  setFilesLoading={setFilesLoading}
+                />
               </div>
               <BadgeRow
                 showEphemeralBadges={
@@ -360,5 +393,77 @@ const ChatForm = memo(({ index = 0 }: { index?: number }) => {
     </form>
   );
 });
+ChatForm.displayName = 'ChatForm';
 
-export default ChatForm;
+/**
+ * Wrapper that subscribes to ChatContext and passes stable individual values
+ * to the memo'd ChatForm. This prevents ChatForm from re-rendering on every
+ * streaming chunk — it only re-renders when the specific values it uses change.
+ */
+function ChatFormWrapper({ index = 0 }: { index?: number }) {
+  const {
+    files,
+    setFiles,
+    conversation,
+    isSubmitting,
+    filesLoading,
+    setFilesLoading,
+    newConversation,
+    handleStopGenerating,
+  } = useChatContext();
+
+  /**
+   * Stabilize conversation reference: only update when rendering-relevant fields change,
+   * not on every metadata update (e.g., title generation during streaming).
+   */
+  const hasMessages = (conversation?.messages?.length ?? 0) > 0;
+  const stableConversation = useMemo(
+    () => conversation,
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    [
+      conversation?.conversationId,
+      conversation?.endpoint,
+      conversation?.endpointType,
+      conversation?.agent_id,
+      conversation?.assistant_id,
+      conversation?.spec,
+      conversation?.useResponsesApi,
+      conversation?.model,
+      hasMessages,
+    ],
+  );
+
+  /** Stabilize function refs so they never trigger ChatForm re-renders */
+  const handleStopRef = useRef(handleStopGenerating);
+  handleStopRef.current = handleStopGenerating;
+  const stableHandleStop = useCallback(
+    (e: React.MouseEvent<HTMLButtonElement>) => handleStopRef.current(e),
+    [],
+  );
+
+  const newConvoRef = useRef(newConversation);
+  newConvoRef.current = newConversation;
+  const stableNewConversation: ConvoGenerator = useCallback(
+    (...args: Parameters<ConvoGenerator>): ReturnType<ConvoGenerator> =>
+      newConvoRef.current(...args),
+    [],
+  );
+
+  return (
+    <ChatForm
+      index={index}
+      files={files}
+      setFiles={setFiles}
+      conversation={stableConversation}
+      isSubmitting={isSubmitting}
+      filesLoading={filesLoading}
+      setFilesLoading={setFilesLoading}
+      newConversation={stableNewConversation}
+      handleStopGenerating={stableHandleStop}
+    />
+  );
+}
+
+ChatFormWrapper.displayName = 'ChatFormWrapper';
+
+export default ChatFormWrapper;
diff --git a/client/src/components/Chat/Input/CollapseChat.tsx b/client/src/components/Chat/Input/CollapseChat.tsx
index ea099ed69b..7efe52dc8d 100644
--- a/client/src/components/Chat/Input/CollapseChat.tsx
+++ b/client/src/components/Chat/Input/CollapseChat.tsx
@@ -52,4 +52,4 @@ const CollapseChat = ({
   );
 };
 
-export default CollapseChat;
+export default React.memo(CollapseChat);
diff --git a/client/src/components/Chat/Input/Files/AttachFile.tsx b/client/src/components/Chat/Input/Files/AttachFile.tsx
index 38a3fa8c6f..098fa2c4c3 100644
--- a/client/src/components/Chat/Input/Files/AttachFile.tsx
+++ b/client/src/components/Chat/Input/Files/AttachFile.tsx
@@ -1,14 +1,33 @@
 import React, { useRef } from 'react';
 import { FileUpload, TooltipAnchor, AttachmentIcon } from '@librechat/client';
-import { useLocalize, useFileHandling } from '~/hooks';
+import type { TConversation } from 'librechat-data-provider';
+import type { ExtendedFile, FileSetter } from '~/common';
+import { useFileHandlingNoChatContext, useLocalize } from '~/hooks';
 import { cn } from '~/utils';
 
-const AttachFile = ({ disabled }: { disabled?: boolean | null }) => {
+const AttachFile = ({
+  disabled,
+  files,
+  setFiles,
+  setFilesLoading,
+  conversation,
+}: {
+  disabled?: boolean | null;
+  files: Map<string, ExtendedFile>;
+  setFiles: FileSetter;
+  setFilesLoading: React.Dispatch<React.SetStateAction<boolean>>;
+  conversation: TConversation | null;
+}) => {
   const localize = useLocalize();
   const inputRef = useRef<HTMLInputElement>(null);
   const isUploadDisabled = disabled ?? false;
 
-  const { handleFileChange } = useFileHandling();
+  const { handleFileChange } = useFileHandlingNoChatContext(undefined, {
+    files,
+    setFiles,
+    setFilesLoading,
+    conversation,
+  });
 
   return (
     <FileUpload ref={inputRef} handleFileChange={handleFileChange}>
diff --git a/client/src/components/Chat/Input/Files/AttachFileChat.tsx b/client/src/components/Chat/Input/Files/AttachFileChat.tsx
index 2f954d01d5..7eb9b0c474 100644
--- a/client/src/components/Chat/Input/Files/AttachFileChat.tsx
+++ b/client/src/components/Chat/Input/Files/AttachFileChat.tsx
@@ -9,6 +9,7 @@ import {
   getEndpointFileConfig,
 } from 'librechat-data-provider';
 import type { TConversation } from 'librechat-data-provider';
+import type { ExtendedFile, FileSetter } from '~/common';
 import { useGetFileConfig, useGetEndpointsQuery, useGetAgentByIdQuery } from '~/data-provider';
 import { useAgentsMapContext } from '~/Providers';
 import AttachFileMenu from './AttachFileMenu';
@@ -17,9 +18,15 @@ import AttachFile from './AttachFile';
 function AttachFileChat({
   disableInputs,
   conversation,
+  files,
+  setFiles,
+  setFilesLoading,
 }: {
   disableInputs: boolean;
   conversation: TConversation | null;
+  files: Map<string, ExtendedFile>;
+  setFiles: FileSetter;
+  setFilesLoading: React.Dispatch<React.SetStateAction<boolean>>;
 }) {
   const conversationId = conversation?.conversationId ?? Constants.NEW_CONVO;
   const { endpoint } = conversation ?? { endpoint: null };
@@ -90,7 +97,15 @@ function AttachFileChat({
   );
 
   if (isAssistants && endpointSupportsFiles && !isUploadDisabled) {
-    return <AttachFile disabled={disableInputs} />;
+    return (
+      <AttachFile
+        disabled={disableInputs}
+        files={files}
+        setFiles={setFiles}
+        setFilesLoading={setFilesLoading}
+        conversation={conversation}
+      />
+    );
   } else if ((isAgents || endpointSupportsFiles) && !isUploadDisabled) {
     return (
       <AttachFileMenu
@@ -101,6 +116,10 @@ function AttachFileChat({
         agentId={conversation?.agent_id}
         endpointFileConfig={endpointFileConfig}
         useResponsesApi={useResponsesApi}
+        files={files}
+        setFiles={setFiles}
+        setFilesLoading={setFilesLoading}
+        conversation={conversation}
       />
     );
   }
diff --git a/client/src/components/Chat/Input/Files/AttachFileMenu.tsx b/client/src/components/Chat/Input/Files/AttachFileMenu.tsx
index 62072e49e5..181d219c08 100644
--- a/client/src/components/Chat/Input/Files/AttachFileMenu.tsx
+++ b/client/src/components/Chat/Input/Files/AttachFileMenu.tsx
@@ -23,15 +23,16 @@ import {
   bedrockDocumentExtensions,
   isDocumentSupportedProvider,
 } from 'librechat-data-provider';
-import type { EndpointFileConfig } from 'librechat-data-provider';
+import type { EndpointFileConfig, TConversation } from 'librechat-data-provider';
+import type { ExtendedFile, FileSetter } from '~/common';
 import {
   useAgentToolPermissions,
   useAgentCapabilities,
   useGetAgentsConfig,
-  useFileHandling,
+  useFileHandlingNoChatContext,
   useLocalize,
 } from '~/hooks';
-import useSharePointFileHandling from '~/hooks/Files/useSharePointFileHandling';
+import { useSharePointFileHandlingNoChatContext } from '~/hooks/Files/useSharePointFileHandling';
 import { SharePointPickerDialog } from '~/components/SharePoint';
 import { useGetStartupConfig } from '~/data-provider';
 import { ephemeralAgentByConvoId } from '~/store';
@@ -53,6 +54,10 @@ interface AttachFileMenuProps {
   endpointType?: EModelEndpoint | string;
   endpointFileConfig?: EndpointFileConfig;
   useResponsesApi?: boolean;
+  files: Map<string, ExtendedFile>;
+  setFiles: FileSetter;
+  setFilesLoading: React.Dispatch<React.SetStateAction<boolean>>;
+  conversation: TConversation | null;
 }
 
 const AttachFileMenu = ({
@@ -63,6 +68,10 @@ const AttachFileMenu = ({
   conversationId,
   endpointFileConfig,
   useResponsesApi,
+  files,
+  setFiles,
+  setFilesLoading,
+  conversation,
 }: AttachFileMenuProps) => {
   const localize = useLocalize();
   const isUploadDisabled = disabled ?? false;
@@ -72,10 +81,17 @@ const AttachFileMenu = ({
     ephemeralAgentByConvoId(conversationId),
   );
   const [toolResource, setToolResource] = useState<EToolResources | undefined>();
-  const { handleFileChange } = useFileHandling();
-  const { handleSharePointFiles, isProcessing, downloadProgress } = useSharePointFileHandling({
-    toolResource,
+  const { handleFileChange } = useFileHandlingNoChatContext(undefined, {
+    files,
+    setFiles,
+    setFilesLoading,
+    conversation,
   });
+  const { handleSharePointFiles, isProcessing, downloadProgress } =
+    useSharePointFileHandlingNoChatContext(
+      { toolResource },
+      { files, setFiles, setFilesLoading, conversation },
+    );
 
   const { agentsConfig } = useGetAgentsConfig();
   const { data: startupConfig } = useGetStartupConfig();
diff --git a/client/src/components/Chat/Input/Files/FileFormChat.tsx b/client/src/components/Chat/Input/Files/FileFormChat.tsx
index 3c01f2d642..4d37938c5d 100644
--- a/client/src/components/Chat/Input/Files/FileFormChat.tsx
+++ b/client/src/components/Chat/Input/Files/FileFormChat.tsx
@@ -1,16 +1,30 @@
 import { memo } from 'react';
 import { useRecoilValue } from 'recoil';
 import type { TConversation } from 'librechat-data-provider';
-import { useChatContext } from '~/Providers';
-import { useFileHandling } from '~/hooks';
+import type { ExtendedFile, FileSetter } from '~/common';
+import { useFileHandlingNoChatContext } from '~/hooks';
 import FileRow from './FileRow';
 import store from '~/store';
 
-function FileFormChat({ conversation }: { conversation: TConversation | null }) {
-  const { files, setFiles, setFilesLoading } = useChatContext();
+function FileFormChat({
+  conversation,
+  files,
+  setFiles,
+  setFilesLoading,
+}: {
+  conversation: TConversation | null;
+  files: Map<string, ExtendedFile>;
+  setFiles: FileSetter;
+  setFilesLoading: React.Dispatch<React.SetStateAction<boolean>>;
+}) {
   const chatDirection = useRecoilValue(store.chatDirection).toLowerCase();
   const { endpoint: _endpoint } = conversation ?? { endpoint: null };
-  const { abortUpload } = useFileHandling();
+  const { abortUpload } = useFileHandlingNoChatContext(undefined, {
+    files,
+    setFiles,
+    setFilesLoading,
+    conversation,
+  });
 
   const isRTL = chatDirection === 'rtl';
 
diff --git a/client/src/components/Chat/Input/Files/__tests__/AttachFileChat.spec.tsx b/client/src/components/Chat/Input/Files/__tests__/AttachFileChat.spec.tsx
index cea55f5ce8..80f06a1b89 100644
--- a/client/src/components/Chat/Input/Files/__tests__/AttachFileChat.spec.tsx
+++ b/client/src/components/Chat/Input/Files/__tests__/AttachFileChat.spec.tsx
@@ -59,7 +59,13 @@ function renderComponent(conversation: Record<string, unknown> | null, disableIn
   return render(
     <QueryClientProvider client={queryClient}>
       <RecoilRoot>
-        <AttachFileChat conversation={conversation as never} disableInputs={disableInputs} />
+        <AttachFileChat
+          conversation={conversation as never}
+          disableInputs={disableInputs}
+          files={new Map()}
+          setFiles={() => {}}
+          setFilesLoading={() => {}}
+        />
       </RecoilRoot>
     </QueryClientProvider>,
   );
diff --git a/client/src/components/Chat/Input/Files/__tests__/AttachFileMenu.spec.tsx b/client/src/components/Chat/Input/Files/__tests__/AttachFileMenu.spec.tsx
index cf08721207..c2710d4ef8 100644
--- a/client/src/components/Chat/Input/Files/__tests__/AttachFileMenu.spec.tsx
+++ b/client/src/components/Chat/Input/Files/__tests__/AttachFileMenu.spec.tsx
@@ -9,13 +9,14 @@ jest.mock('~/hooks', () => ({
   useAgentToolPermissions: jest.fn(),
   useAgentCapabilities: jest.fn(),
   useGetAgentsConfig: jest.fn(),
-  useFileHandling: jest.fn(),
+  useFileHandlingNoChatContext: jest.fn(),
   useLocalize: jest.fn(),
 }));
 
 jest.mock('~/hooks/Files/useSharePointFileHandling', () => ({
   __esModule: true,
   default: jest.fn(),
+  useSharePointFileHandlingNoChatContext: jest.fn(),
 }));
 
 jest.mock('~/data-provider', () => ({
@@ -52,6 +53,7 @@ jest.mock('@librechat/client', () => {
       ),
     AttachmentIcon: () => R.createElement('span', { 'data-testid': 'attachment-icon' }),
     SharePointIcon: () => R.createElement('span', { 'data-testid': 'sharepoint-icon' }),
+    useToastContext: () => ({ showToast: jest.fn() }),
   };
 });
 
@@ -66,11 +68,14 @@ jest.mock('@ariakit/react', () => {
 const mockUseAgentToolPermissions = jest.requireMock('~/hooks').useAgentToolPermissions;
 const mockUseAgentCapabilities = jest.requireMock('~/hooks').useAgentCapabilities;
 const mockUseGetAgentsConfig = jest.requireMock('~/hooks').useGetAgentsConfig;
-const mockUseFileHandling = jest.requireMock('~/hooks').useFileHandling;
+const mockUseFileHandlingNoChatContext = jest.requireMock('~/hooks').useFileHandlingNoChatContext;
 const mockUseLocalize = jest.requireMock('~/hooks').useLocalize;
 const mockUseSharePointFileHandling = jest.requireMock(
   '~/hooks/Files/useSharePointFileHandling',
 ).default;
+const mockUseSharePointFileHandlingNoChatContext = jest.requireMock(
+  '~/hooks/Files/useSharePointFileHandling',
+).useSharePointFileHandlingNoChatContext;
 const mockUseGetStartupConfig = jest.requireMock('~/data-provider').useGetStartupConfig;
 
 const queryClient = new QueryClient({ defaultOptions: { queries: { retry: false } } });
@@ -92,12 +97,15 @@ function setupMocks(overrides: { provider?: string } = {}) {
     codeEnabled: false,
   });
   mockUseGetAgentsConfig.mockReturnValue({ agentsConfig: {} });
-  mockUseFileHandling.mockReturnValue({ handleFileChange: jest.fn() });
-  mockUseSharePointFileHandling.mockReturnValue({
+  mockUseFileHandlingNoChatContext.mockReturnValue({ handleFileChange: jest.fn() });
+  const sharePointReturnValue = {
     handleSharePointFiles: jest.fn(),
     isProcessing: false,
     downloadProgress: 0,
-  });
+    error: null,
+  };
+  mockUseSharePointFileHandling.mockReturnValue(sharePointReturnValue);
+  mockUseSharePointFileHandlingNoChatContext.mockReturnValue(sharePointReturnValue);
   mockUseGetStartupConfig.mockReturnValue({ data: { sharePointFilePickerEnabled: false } });
   mockUseAgentToolPermissions.mockReturnValue({
     fileSearchAllowedByAgent: false,
@@ -110,7 +118,14 @@ function renderMenu(props: Record<string, unknown> = {}) {
   return render(
     <QueryClientProvider client={queryClient}>
       <RecoilRoot>
-        <AttachFileMenu conversationId="test-convo" {...props} />
+        <AttachFileMenu
+          conversationId="test-convo"
+          files={new Map()}
+          setFiles={() => {}}
+          setFilesLoading={() => {}}
+          conversation={null}
+          {...props}
+        />
       </RecoilRoot>
     </QueryClientProvider>,
   );
diff --git a/client/src/components/Chat/Input/StopButton.tsx b/client/src/components/Chat/Input/StopButton.tsx
index 4a058777f1..fd94ba806c 100644
--- a/client/src/components/Chat/Input/StopButton.tsx
+++ b/client/src/components/Chat/Input/StopButton.tsx
@@ -1,8 +1,15 @@
+import { memo } from 'react';
 import { TooltipAnchor } from '@librechat/client';
 import { useLocalize } from '~/hooks';
 import { cn } from '~/utils';
 
-export default function StopButton({ stop, setShowStopButton }) {
+export default memo(function StopButton({
+  stop,
+  setShowStopButton,
+}: {
+  stop: (e: React.MouseEvent<HTMLButtonElement>) => void;
+  setShowStopButton: (value: boolean) => void;
+}) {
   const localize = useLocalize();
 
   return (
@@ -34,4 +41,4 @@ export default function StopButton({ stop, setShowStopButton }) {
       }
     ></TooltipAnchor>
   );
-}
+});
diff --git a/client/src/components/Chat/Input/TextareaHeader.tsx b/client/src/components/Chat/Input/TextareaHeader.tsx
index 9e67252efe..06c1802585 100644
--- a/client/src/components/Chat/Input/TextareaHeader.tsx
+++ b/client/src/components/Chat/Input/TextareaHeader.tsx
@@ -1,8 +1,9 @@
+import { memo } from 'react';
 import AddedConvo from './AddedConvo';
 import type { TConversation } from 'librechat-data-provider';
 import type { SetterOrUpdater } from 'recoil';
 
-export default function TextareaHeader({
+export default memo(function TextareaHeader({
   addedConvo,
   setAddedConvo,
 }: {
@@ -17,4 +18,4 @@ export default function TextareaHeader({
       <AddedConvo addedConvo={addedConvo} setAddedConvo={setAddedConvo} />
     </div>
   );
-}
+});
diff --git a/client/src/components/Chat/Menus/Endpoints/ModelSelector.tsx b/client/src/components/Chat/Menus/Endpoints/ModelSelector.tsx
index 2c90f57598..b59b718743 100644
--- a/client/src/components/Chat/Menus/Endpoints/ModelSelector.tsx
+++ b/client/src/components/Chat/Menus/Endpoints/ModelSelector.tsx
@@ -15,6 +15,8 @@ import { CustomMenu as Menu } from './CustomMenu';
 import DialogManager from './DialogManager';
 import { useLocalize } from '~/hooks';
 
+const defaultInterface = getConfigDefaults().interface;
+
 function ModelSelectorContent() {
   const localize = useLocalize();
 
@@ -122,7 +124,7 @@ function ModelSelectorContent() {
 }
 
 export default function ModelSelector({ startupConfig }: ModelSelectorProps) {
-  const interfaceConfig = startupConfig?.interface ?? getConfigDefaults().interface;
+  const interfaceConfig = startupConfig?.interface ?? defaultInterface;
   const modelSpecs = startupConfig?.modelSpecs?.list ?? [];
 
   // Hide the selector when modelSelect is false and there are no model specs to show
diff --git a/client/src/components/Chat/Messages/Content/AgentHandoff.tsx b/client/src/components/Chat/Messages/Content/AgentHandoff.tsx
index f5fa162ff2..5a5505ee60 100644
--- a/client/src/components/Chat/Messages/Content/AgentHandoff.tsx
+++ b/client/src/components/Chat/Messages/Content/AgentHandoff.tsx
@@ -1,24 +1,23 @@
 import React, { useMemo, useState } from 'react';
-import { EModelEndpoint, Constants } from 'librechat-data-provider';
 import { ChevronDown } from 'lucide-react';
+import { EModelEndpoint, Constants } from 'librechat-data-provider';
 import type { TMessage } from 'librechat-data-provider';
 import MessageIcon from '~/components/Share/MessageIcon';
+import { useLocalize, useExpandCollapse } from '~/hooks';
 import { useAgentsMapContext } from '~/Providers';
-import { useLocalize } from '~/hooks';
 import { cn } from '~/utils';
 
 interface AgentHandoffProps {
   name: string;
   args: string | Record<string, unknown>;
-  output?: string | null;
 }
 
 const AgentHandoff: React.FC<AgentHandoffProps> = ({ name, args: _args = '' }) => {
   const localize = useLocalize();
   const agentsMap = useAgentsMapContext();
   const [showInfo, setShowInfo] = useState(false);
+  const { style: expandStyle, ref: expandRef } = useExpandCollapse(showInfo);
 
-  /** Extracted agent ID from tool name (e.g., "lc_transfer_to_agent_gUV0wMb7zHt3y3Xjz-8_4" -> "agent_gUV0wMb7zHt3y3Xjz-8_4") */
   const targetAgentId = useMemo(() => {
     if (typeof name !== 'string' || !name.startsWith(Constants.LC_TRANSFER_TO_)) {
       return null;
@@ -44,19 +43,24 @@ const AgentHandoff: React.FC<AgentHandoffProps> = ({ name, args: _args = '' }) =
     }
   }, [_args]) as string;
 
-  /** Requires more than 2 characters as can be an empty object: `{}` */
   const hasInfo = useMemo(() => (args?.trim()?.length ?? 0) > 2, [args]);
 
   return (
-    <div className="my-3">
-      <div
+    <div className="my-1">
+      <button
+        type="button"
         className={cn(
-          'flex items-center gap-2.5 text-sm text-text-secondary',
-          hasInfo && 'cursor-pointer transition-colors hover:text-text-primary',
+          'tool-status-text flex appearance-none items-center gap-2.5 bg-transparent text-text-secondary',
+          hasInfo
+            ? 'transition-colors hover:text-text-primary focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-border-heavy'
+            : 'pointer-events-none',
         )}
-        onClick={() => hasInfo && setShowInfo(!showInfo)}
+        disabled={!hasInfo}
+        onClick={hasInfo ? () => setShowInfo(!showInfo) : undefined}
+        aria-expanded={hasInfo ? showInfo : undefined}
+        aria-label={`${localize('com_ui_transferred_to')} ${targetAgent?.name || localize('com_ui_agent')}`}
       >
-        <div className="flex h-6 w-6 items-center justify-center overflow-hidden rounded-full">
+        <div className="flex h-6 w-6 items-center justify-center overflow-hidden rounded-full ring-1 ring-border-light">
           <MessageIcon
             message={
               {
@@ -77,15 +81,19 @@ const AgentHandoff: React.FC<AgentHandoffProps> = ({ name, args: _args = '' }) =
             aria-hidden="true"
           />
         )}
-      </div>
-      {hasInfo && showInfo && (
-        <div className="ml-8 mt-2 rounded-md bg-surface-secondary p-3 text-xs">
-          <div className="mb-1 font-medium text-text-secondary">
-            {localize('com_ui_handoff_instructions')}:
-          </div>
-          <pre className="overflow-x-auto whitespace-pre-wrap text-text-primary">{args}</pre>
+      </button>
+      <div style={expandStyle}>
+        <div className="overflow-hidden" ref={expandRef}>
+          {hasInfo && (
+            <div className="ml-8 mt-2 rounded-lg border border-border-light bg-surface-secondary p-3 text-xs">
+              <div className="mb-1 font-medium text-text-secondary">
+                {localize('com_ui_handoff_instructions')}:
+              </div>
+              <pre className="overflow-x-auto whitespace-pre-wrap text-text-primary">{args}</pre>
+            </div>
+          )}
         </div>
-      )}
+      </div>
     </div>
   );
 };
diff --git a/client/src/components/Chat/Messages/Content/CodeAnalyze.tsx b/client/src/components/Chat/Messages/Content/CodeAnalyze.tsx
index 139496c621..3d4fdee1c9 100644
--- a/client/src/components/Chat/Messages/Content/CodeAnalyze.tsx
+++ b/client/src/components/Chat/Messages/Content/CodeAnalyze.tsx
@@ -1,8 +1,10 @@
-import { useState } from 'react';
+import { useState, useEffect } from 'react';
 import { useRecoilValue } from 'recoil';
+import { Terminal } from 'lucide-react';
 import { useProgress, useLocalize } from '~/hooks';
 import ProgressText from './ProgressText';
 import MarkdownLite from './MarkdownLite';
+import { cn } from '~/utils';
 import store from '~/store';
 
 export default function CodeAnalyze({
@@ -16,8 +18,14 @@ export default function CodeAnalyze({
 }) {
   const localize = useLocalize();
   const progress = useProgress(initialProgress);
-  const showAnalysisCode = useRecoilValue(store.showCode);
-  const [showCode, setShowCode] = useState(showAnalysisCode);
+  const autoExpand = useRecoilValue(store.autoExpandTools);
+  const [showCode, setShowCode] = useState(autoExpand);
+
+  useEffect(() => {
+    if (autoExpand) {
+      setShowCode(true);
+    }
+  }, [autoExpand]);
 
   const logs = outputs.reduce((acc, output) => {
     if (output['logs']) {
@@ -28,7 +36,10 @@ export default function CodeAnalyze({
 
   return (
     <>
-      <div className="my-2.5 flex items-center gap-2.5">
+      <span className="sr-only" aria-live="polite" aria-atomic="true">
+        {progress < 1 ? localize('com_ui_analyzing') : localize('com_ui_analyzing_finished')}
+      </span>
+      <div className="my-1 flex items-center gap-2.5">
         <ProgressText
           progress={progress}
           onClick={() => setShowCode((prev) => !prev)}
@@ -36,6 +47,12 @@ export default function CodeAnalyze({
           finishedText={localize('com_ui_analyzing_finished')}
           hasInput={!!code.length}
           isExpanded={showCode}
+          icon={
+            <Terminal
+              className={cn('size-4 shrink-0 text-text-secondary', progress < 1 && 'animate-pulse')}
+              aria-hidden="true"
+            />
+          }
         />
       </div>
       {showCode && (
diff --git a/client/src/components/Chat/Messages/Content/ContentParts.tsx b/client/src/components/Chat/Messages/Content/ContentParts.tsx
index 4b431d7a98..65ebc66908 100644
--- a/client/src/components/Chat/Messages/Content/ContentParts.tsx
+++ b/client/src/components/Chat/Messages/Content/ContentParts.tsx
@@ -6,12 +6,12 @@ import type {
   TAttachment,
   Agents,
 } from 'librechat-data-provider';
-import { MessageContext, SearchContext } from '~/Providers';
 import { ParallelContentRenderer, type PartWithIndex } from './ParallelContent';
-import { mapAttachments } from '~/utils';
+import { mapAttachments, groupSequentialToolCalls } from '~/utils';
+import { MessageContext, SearchContext } from '~/Providers';
 import { EditTextPart, EmptyText } from './Parts';
 import MemoryArtifacts from './MemoryArtifacts';
-import Sources from '~/components/Web/Sources';
+import ToolCallGroup from './ToolCallGroup';
 import Container from './Container';
 import Part from './Part';
 
@@ -160,10 +160,10 @@ const ContentParts = memo(function ContentParts({
           }
           const isTextPart =
             part?.type === ContentTypes.TEXT ||
-            typeof (part as unknown as Agents.MessageContentText)?.text !== 'string';
+            typeof (part as unknown as Agents.MessageContentText)?.text === 'string';
           const isThinkPart =
             part?.type === ContentTypes.THINK ||
-            typeof (part as unknown as Agents.ReasoningDeltaUpdate)?.think !== 'string';
+            typeof (part as unknown as Agents.ReasoningDeltaUpdate)?.think === 'string';
           if (!isTextPart && !isThinkPart) {
             return null;
           }
@@ -216,17 +216,32 @@ const ContentParts = memo(function ContentParts({
       sequentialParts.push({ part, idx });
     }
   });
+  const groupedParts = groupSequentialToolCalls(sequentialParts);
 
   return (
     <SearchContext.Provider value={{ searchResults }}>
       <MemoryArtifacts attachments={attachments} />
-      <Sources messageId={messageId} conversationId={conversationId || undefined} />
       {showEmptyCursor && (
         <Container>
           <EmptyText />
         </Container>
       )}
-      {sequentialParts.map(({ part, idx }) => renderPart(part, idx, idx === lastContentIdx))}
+      {groupedParts.map((group) => {
+        if (group.type === 'single') {
+          const { part, idx } = group.part;
+          return renderPart(part, idx, idx === lastContentIdx);
+        }
+        return (
+          <ToolCallGroup
+            key={`tool-group-${group.parts[0].idx}`}
+            parts={group.parts}
+            isSubmitting={effectiveIsSubmitting}
+            isLast={group.parts.some((p) => p.idx === lastContentIdx)}
+            renderPart={renderPart}
+            lastContentIdx={lastContentIdx}
+          />
+        );
+      })}
     </SearchContext.Provider>
   );
 });
diff --git a/client/src/components/Chat/Messages/Content/FilePreviewDialog.tsx b/client/src/components/Chat/Messages/Content/FilePreviewDialog.tsx
new file mode 100644
index 0000000000..c02e2fee4b
--- /dev/null
+++ b/client/src/components/Chat/Messages/Content/FilePreviewDialog.tsx
@@ -0,0 +1,344 @@
+import { useState, useEffect, useCallback, useMemo, useRef } from 'react';
+import copy from 'copy-to-clipboard';
+import { useRecoilValue } from 'recoil';
+import { Download } from 'lucide-react';
+import { OGDialog, OGDialogContent, OGDialogTitle, OGDialogDescription } from '@librechat/client';
+import CopyButton from '~/components/Messages/Content/CopyButton';
+import { logger, sortPagesByRelevance } from '~/utils';
+import { useFileDownload } from '~/data-provider';
+import { useLocalize } from '~/hooks';
+import store from '~/store';
+
+interface FilePreviewDialogProps {
+  open: boolean;
+  onOpenChange: (open: boolean) => void;
+  fileName: string;
+  fileId?: string;
+  relevance?: number;
+  pages?: number[];
+  pageRelevance?: Record<number, number>;
+  fileType?: string;
+  fileSize?: number;
+}
+
+function getFileExtension(filename: string): string {
+  const dot = filename.lastIndexOf('.');
+  return dot > 0 ? filename.slice(dot + 1).toLowerCase() : '';
+}
+
+function canPreviewByMime(mime?: string): 'pdf' | 'text' | false {
+  if (!mime) {
+    return false;
+  }
+  if (mime.includes('pdf')) {
+    return 'pdf';
+  }
+  if (
+    mime.startsWith('text/') ||
+    mime.includes('json') ||
+    mime.includes('xml') ||
+    mime.includes('javascript') ||
+    mime.includes('typescript') ||
+    mime.includes('yaml') ||
+    mime.includes('csv')
+  ) {
+    return 'text';
+  }
+  return false;
+}
+
+function canPreviewByExt(filename: string): 'pdf' | 'text' | false {
+  const ext = getFileExtension(filename);
+  if (ext === 'pdf') {
+    return 'pdf';
+  }
+  const textExts = new Set([
+    'txt',
+    'md',
+    'csv',
+    'json',
+    'xml',
+    'yaml',
+    'yml',
+    'html',
+    'css',
+    'js',
+    'ts',
+    'jsx',
+    'tsx',
+    'py',
+    'rb',
+    'java',
+    'c',
+    'cpp',
+    'h',
+    'go',
+    'rs',
+    'sh',
+    'sql',
+    'log',
+  ]);
+  return textExts.has(ext) ? 'text' : false;
+}
+
+/** Formats bytes with unit suffix (differs from ~/utils/formatBytes which returns a raw number). */
+function formatBytes(bytes: number): string {
+  if (bytes >= 1048576) {
+    return `${(bytes / 1048576).toFixed(1)} MB`;
+  }
+  if (bytes >= 1024) {
+    return `${(bytes / 1024).toFixed(1)} KB`;
+  }
+  return `${bytes} B`;
+}
+
+function getDisplayType(fileType?: string, fileName?: string): string {
+  if (fileType) {
+    if (fileType.includes('pdf')) {
+      return 'PDF';
+    }
+    if (fileType.includes('word') || fileType.includes('document')) {
+      return 'Document';
+    }
+    if (fileType.includes('spreadsheet') || fileType.includes('excel')) {
+      return 'Spreadsheet';
+    }
+    if (fileType.includes('presentation') || fileType.includes('powerpoint')) {
+      return 'Presentation';
+    }
+    if (fileType.includes('image')) {
+      return 'Image';
+    }
+    if (fileType.startsWith('text/')) {
+      return fileType.split('/')[1]?.toUpperCase() || 'Text';
+    }
+    if (fileType.includes('json')) {
+      return 'JSON';
+    }
+    if (fileType.includes('xml')) {
+      return 'XML';
+    }
+  }
+  const ext = fileName ? getFileExtension(fileName) : '';
+  return ext ? ext.toUpperCase() : 'File';
+}
+
+export default function FilePreviewDialog({
+  open,
+  onOpenChange,
+  fileName,
+  fileId,
+  relevance,
+  pages,
+  pageRelevance,
+  fileType,
+  fileSize,
+}: FilePreviewDialogProps) {
+  const localize = useLocalize();
+  const user = useRecoilValue(store.user);
+  const { refetch: downloadFile } = useFileDownload(user?.id ?? '', fileId);
+
+  const [fileContent, setFileContent] = useState<string | null>(null);
+  const [fileBlobUrl, setFileBlobUrl] = useState<string | null>(null);
+  const [loading, setLoading] = useState(false);
+  const [previewError, setPreviewError] = useState(false);
+  const [isCopied, setIsCopied] = useState(false);
+  const loadingRef = useRef(false);
+
+  const previewKind = canPreviewByMime(fileType) || canPreviewByExt(fileName);
+
+  const cancelledRef = useRef(false);
+
+  const loadPreview = useCallback(async () => {
+    if (!fileId || !previewKind || loadingRef.current) {
+      return;
+    }
+    loadingRef.current = true;
+    cancelledRef.current = false;
+    setLoading(true);
+    setPreviewError(false);
+
+    try {
+      const result = await downloadFile();
+      if (cancelledRef.current || !result.data) {
+        if (!cancelledRef.current) {
+          setPreviewError(true);
+        }
+        return;
+      }
+
+      const resp = await fetch(result.data);
+      const blob = await resp.blob();
+
+      if (cancelledRef.current) {
+        return;
+      }
+
+      if (previewKind === 'text') {
+        setFileContent(await blob.text());
+      } else {
+        const typed = new Blob([blob], { type: 'application/pdf' });
+        setFileBlobUrl(URL.createObjectURL(typed));
+      }
+    } catch {
+      if (!cancelledRef.current) {
+        setPreviewError(true);
+      }
+    } finally {
+      loadingRef.current = false;
+      if (!cancelledRef.current) {
+        setLoading(false);
+      }
+    }
+  }, [fileId, previewKind, downloadFile]);
+
+  const handleDownload = useCallback(async () => {
+    if (!fileId) {
+      return;
+    }
+    try {
+      const result = await downloadFile();
+      if (!result.data) {
+        return;
+      }
+      const a = document.createElement('a');
+      a.href = result.data;
+      a.setAttribute('download', fileName);
+      document.body.appendChild(a);
+      a.click();
+      document.body.removeChild(a);
+      setTimeout(() => URL.revokeObjectURL(result.data), 1000);
+    } catch (err) {
+      logger.error('[FilePreviewDialog] Download failed:', err);
+    }
+  }, [downloadFile, fileId, fileName]);
+
+  useEffect(() => {
+    if (open && previewKind && !fileContent && !fileBlobUrl) {
+      loadPreview();
+    }
+  }, [open, previewKind, fileContent, fileBlobUrl, loadPreview]);
+
+  useEffect(() => {
+    return () => {
+      if (fileBlobUrl) {
+        URL.revokeObjectURL(fileBlobUrl);
+      }
+    };
+  }, [fileBlobUrl]);
+
+  useEffect(() => {
+    if (!open) {
+      cancelledRef.current = true;
+      setFileContent(null);
+      setFileBlobUrl(null);
+      setPreviewError(false);
+      setLoading(false);
+      setIsCopied(false);
+    }
+  }, [open]);
+
+  const handleCopy = useCallback(() => {
+    if (!fileContent) {
+      return;
+    }
+    copy(fileContent, { format: 'text/plain' });
+    setIsCopied(true);
+    setTimeout(() => setIsCopied(false), 3000);
+  }, [fileContent]);
+
+  const displayType = useMemo(() => getDisplayType(fileType, fileName), [fileType, fileName]);
+  const sortedPages = useMemo(
+    () => (pages && pageRelevance ? sortPagesByRelevance(pages, pageRelevance) : pages),
+    [pages, pageRelevance],
+  );
+
+  const metaParts: string[] = [displayType];
+  if (relevance != null && relevance > 0) {
+    metaParts.push(`${localize('com_ui_relevance')}: ${Math.round(relevance * 100)}%`);
+  }
+  if (fileSize != null && fileSize > 0) {
+    metaParts.push(formatBytes(fileSize));
+  }
+  if (sortedPages && sortedPages.length > 0) {
+    metaParts.push(localize('com_file_pages', { pages: sortedPages.join(', ') }));
+  }
+
+  return (
+    <OGDialog open={open} onOpenChange={onOpenChange}>
+      <OGDialogContent
+        className="flex w-full max-w-4xl flex-col !overflow-hidden p-0"
+        showCloseButton={true}
+      >
+        <div className="shrink-0 px-6 pr-12 pt-6">
+          <OGDialogTitle className="truncate text-base">{fileName}</OGDialogTitle>
+          <div className="mt-0.5 flex items-center gap-3">
+            <OGDialogDescription className="min-w-0 truncate">
+              {metaParts.join(' · ')}
+            </OGDialogDescription>
+            {fileId && (
+              <button
+                type="button"
+                onClick={handleDownload}
+                className="inline-flex shrink-0 items-center gap-1 text-xs text-text-secondary transition-colors hover:text-text-primary focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-border-heavy"
+                aria-label={`${localize('com_ui_download')} ${fileName}`}
+              >
+                <Download className="size-3" aria-hidden="true" />
+                {localize('com_ui_download')}
+              </button>
+            )}
+          </div>
+        </div>
+
+        <div className="relative min-h-0 flex-1 overflow-y-auto px-6 pb-6 pt-4">
+          {loading && (
+            <div className="flex h-60 items-center justify-center rounded-lg bg-surface-secondary">
+              <span className="shimmer text-sm text-text-secondary">
+                {localize('com_ui_loading')}
+              </span>
+            </div>
+          )}
+          {previewError && (
+            <div className="flex h-32 items-center justify-center rounded-lg bg-surface-secondary">
+              <span className="text-sm text-text-secondary">
+                {localize('com_ui_preview_unavailable')}
+              </span>
+            </div>
+          )}
+          {fileBlobUrl && (
+            <iframe
+              src={fileBlobUrl}
+              title={`${localize('com_ui_preview')}: ${fileName}`}
+              className="h-[70vh] w-full rounded-lg border border-border-light"
+            />
+          )}
+          {fileContent && (
+            <>
+              <div className="pointer-events-none sticky top-0 z-10 flex justify-end pr-1">
+                <CopyButton
+                  isCopied={isCopied}
+                  onClick={handleCopy}
+                  iconOnly
+                  label={localize('com_ui_copy')}
+                  className="pointer-events-auto rounded-lg bg-surface-secondary"
+                />
+              </div>
+              <div className="-mt-8 rounded-lg bg-surface-secondary p-4">
+                <pre className="whitespace-pre-wrap break-words pr-8 font-mono text-sm leading-6 text-text-primary">
+                  {fileContent}
+                </pre>
+              </div>
+            </>
+          )}
+          {!previewKind && !loading && (
+            <div className="flex h-32 items-center justify-center rounded-lg bg-surface-secondary">
+              <span className="text-sm text-text-secondary">
+                {localize('com_ui_preview_unavailable')}
+              </span>
+            </div>
+          )}
+        </div>
+      </OGDialogContent>
+    </OGDialog>
+  );
+}
diff --git a/client/src/components/Chat/Messages/Content/Files.tsx b/client/src/components/Chat/Messages/Content/Files.tsx
index 504e48e883..176507edc1 100644
--- a/client/src/components/Chat/Messages/Content/Files.tsx
+++ b/client/src/components/Chat/Messages/Content/Files.tsx
@@ -1,7 +1,7 @@
-import { useMemo, memo } from 'react';
+import { useMemo, useState, useCallback, memo } from 'react';
 import type { TFile, TMessage } from 'librechat-data-provider';
 import FileContainer from '~/components/Chat/Input/Files/FileContainer';
-import { getCachedPreview } from '~/utils';
+import FilePreviewDialog from './FilePreviewDialog';
 import Image from './Image';
 
 const Files = ({ message }: { message?: TMessage }) => {
@@ -10,26 +10,45 @@ const Files = ({ message }: { message?: TMessage }) => {
   }, [message?.files]);
 
   const otherFiles = useMemo(() => {
-    return message?.files?.filter((file) => !(file.type?.startsWith('image/') === true)) || [];
+    return message?.files?.filter((file) => !file.type?.startsWith('image/')) || [];
   }, [message?.files]);
 
+  const [selectedFile, setSelectedFile] = useState<Partial<TFile> | null>(null);
+
+  const handleClose = useCallback((open: boolean) => {
+    if (!open) {
+      setSelectedFile(null);
+    }
+  }, []);
+
   return (
     <>
       {otherFiles.length > 0 &&
-        otherFiles.map((file) => <FileContainer key={file.file_id} file={file as TFile} />)}
+        otherFiles.map((file) => (
+          <FileContainer
+            key={file.file_id}
+            file={file as TFile}
+            onClick={() => setSelectedFile(file)}
+          />
+        ))}
       {imageFiles.length > 0 &&
-        imageFiles.map((file) => {
-          const cached = file.file_id ? getCachedPreview(file.file_id) : undefined;
-          return (
-            <Image
-              key={file.file_id}
-              width={file.width}
-              height={file.height}
-              altText={file.filename ?? 'Uploaded Image'}
-              imagePath={cached ?? file.preview ?? file.filepath ?? ''}
-            />
-          );
-        })}
+        imageFiles.map((file) => (
+          <Image
+            key={file.file_id}
+            imagePath={file.preview ?? file.filepath ?? ''}
+            height={file.height ?? 1920}
+            width={file.width ?? 1080}
+            altText={file.filename ?? 'Uploaded Image'}
+          />
+        ))}
+      <FilePreviewDialog
+        open={selectedFile !== null}
+        onOpenChange={handleClose}
+        fileName={selectedFile?.filename ?? ''}
+        fileId={selectedFile?.file_id}
+        fileType={selectedFile?.type ?? undefined}
+        fileSize={(selectedFile as TFile)?.bytes}
+      />
     </>
   );
 };
diff --git a/client/src/components/Chat/Messages/Content/FinishedIcon.tsx b/client/src/components/Chat/Messages/Content/FinishedIcon.tsx
deleted file mode 100644
index 48660f8757..0000000000
--- a/client/src/components/Chat/Messages/Content/FinishedIcon.tsx
+++ /dev/null
@@ -1,17 +0,0 @@
-export default function FinishedIcon() {
-  return (
-    <div
-      className="flex size-4 items-center justify-center rounded-full bg-brand-purple text-white"
-      data-projection-id="162"
-    >
-      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 8 8" fill="none" width="8" height="8">
-        <path
-          fillRule="evenodd"
-          clipRule="evenodd"
-          d="M7.66607 0.376042C8.01072 0.605806 8.10385 1.07146 7.87408 1.4161L3.54075 7.9161C3.40573 8.11863 3.18083 8.24304 2.93752 8.24979C2.69421 8.25654 2.46275 8.1448 2.31671 7.95008L0.150044 5.06119C-0.098484 4.72982 -0.0313267 4.25972 0.300044 4.01119C0.631415 3.76266 1.10152 3.82982 1.35004 4.16119L2.88068 6.20204L6.62601 0.584055C6.85577 0.239408 7.32142 0.146278 7.66607 0.376042Z"
-          fill="currentColor"
-        />
-      </svg>
-    </div>
-  );
-}
diff --git a/client/src/components/Chat/Messages/Content/ImageGen.tsx b/client/src/components/Chat/Messages/Content/ImageGen.tsx
deleted file mode 100644
index 080a153fb5..0000000000
--- a/client/src/components/Chat/Messages/Content/ImageGen.tsx
+++ /dev/null
@@ -1,84 +0,0 @@
-import { useState } from 'react';
-import ProgressCircle from './ProgressCircle';
-import ProgressText from './ProgressText';
-import { useProgress } from '~/hooks';
-
-export default function ImageGen({
-  initialProgress = 0.1,
-  args = '',
-}: {
-  initialProgress: number;
-  args: string;
-}) {
-  const progress = useProgress(initialProgress);
-  const radius = 56.08695652173913;
-  const circumference = 2 * Math.PI * radius;
-
-  const offset = circumference - progress * circumference;
-  const [showDetails, setShowDetails] = useState(false);
-
-  // const [translate, setTranslate] = useState(0);
-  // useEffect(() => {
-  //   const timer = setInterval(() => {
-  //     setTranslate((prevTranslate) => (prevTranslate + 1) % 360);
-  //   }, 20);
-  //   return () => clearInterval(timer);
-  // }, []);
-  // if (progress >= 1) {
-  //   return null;
-  // }
-
-  return (
-    <div className="my-2.5 flex items-center gap-2.5">
-      <div className="relative h-5 w-5 shrink-0">
-        <div
-          className="absolute left-0 top-0 flex h-full w-full items-center justify-center rounded-full bg-transparent text-white"
-          style={{ opacity: 1, transform: 'none' }}
-          data-projection-id="106"
-        >
-          <div>
-            <svg
-              xmlns="http://www.w3.org/2000/svg"
-              xmlnsXlink="http://www.w3.org/1999/xlink"
-              viewBox="0 0 20 20"
-              width="20"
-              height="20"
-              style={{ width: '100%', height: '100%', transform: 'translate3d(0px, 0px, 0px)' }}
-              preserveAspectRatio="xMidYMid meet"
-            >
-              <g className="move-up">
-                <path
-                  fill="rgb(177,98,253)"
-                  fillOpacity="1"
-                  d="M11.812616,5.914505C11.535567,5.360465,10.744857,5.360465,10.467807,5.914505C9.369731,8.110632,8.271654,10.306758,7.173676,12.502885C6.923041,13.002725,7.286122,13.590845,7.844972,13.590845C10.041112,13.590845,12.237252,13.590845,14.433392,13.590845C14.992292,13.590845,15.355792,13.002725,15.105892,12.502885C14.007888,10.306758,12.909805,8.110632,11.812616,5.914505C11.812616,5.914505,11.812616,5.914505,11.812616,5.914505C11.812616,5.914505,11.812616,5.914505,11.812616,5.914505M7.216073,8.914505C6.939024,8.360465,6.148304,8.360465,5.871264,8.914505C5.274365,10.10828,4.677499,11.302055,4.080601,12.495835C3.83003,12.99568,4.193122,13.58379,4.751975,13.58379C5.946767,13.58379,7.14156,13.58379,8.336353,13.58379C8.895213,13.58379,9.258683,12.99568,9.008763,12.495835C8.411867,11.302055,7.81497,10.10828,7.216073,8.914505C7.216073,8.914505,7.216073,8.914505,7.216073,8.914505C7.216073,8.914505,7.216073,8.914505,7.216073,8.914505"
-                />
-              </g>
-              <g
-                style={{ display: 'block' }}
-                transform="matrix(-1,0,0,-1,10,10)"
-                opacity="1"
-                className="moon-rise"
-              >
-                <g opacity="1" transform="matrix(1,0,0,1,3.75,5.5)">
-                  <path
-                    fill="rgb(177,98,253)"
-                    fillOpacity="1"
-                    d=" M2.660290002822876,2.2502501010894775 C2.7567598819732666,2.2502501010894775 2.850860118865967,2.241950035095215 2.9425699710845947,2.225330114364624 C3.034290075302124,2.208709955215454 3.1081299781799316,2.1867599487304688 3.164109945297241,2.1594600677490234 C3.239150047302246,2.120300054550171 3.305850028991699,2.100709915161133 3.364219903945923,2.100709915161133 C3.405900001525879,2.100709915161133 3.438659906387329,2.113770008087158 3.462480068206787,2.1398799419403076 C3.487489938735962,2.165990114212036 3.5,2.2009999752044678 3.5,2.2449100017547607 C3.5,2.2698400020599365 3.4958300590515137,2.2983200550079346 3.487489938735962,2.3303699493408203 C3.4803500175476074,2.362410068511963 3.468440055847168,2.3968300819396973 3.4517600536346436,2.433619976043701 C3.3803000450134277,2.5950300693511963 3.287990093231201,2.7410099506378174 3.1748299598693848,2.871570110321045 C3.0628700256347656,3.002120018005371 2.9348299503326416,3.1142799854278564 2.790709972381592,3.2080399990081787 C2.646589994430542,3.3029799461364746 2.4905600547790527,3.375380039215088 2.3226099014282227,3.425230026245117 C2.15585994720459,3.4750800132751465 1.9825600385665894,3.5 1.8027100563049316,3.5 C1.5430500507354736,3.5 1.3036400079727173,3.4554901123046875 1.0844800472259521,3.3664801120758057 C0.8653200268745422,3.2786500453948975 0.6741499900817871,3.1540400981903076 0.5109699964523315,2.9926199913024902 C0.34898999333381653,2.831209897994995 0.22333000600337982,2.641319990158081 0.1340000033378601,2.4229400157928467 C0.04467000067234039,2.2045600414276123 0,1.9660099744796753 0,1.7072700262069702 C0,1.4639699459075928 0.04645000025629997,1.2325400114059448 0.1393599957227707,1.012969970703125 C0.23226000368595123,0.7922199964523315 0.3626900017261505,0.5975800156593323 0.5306299924850464,0.4290440082550049 C0.6997600197792053,0.2593249976634979 0.8968899846076965,0.12877200543880463 1.121999979019165,0.03738600015640259 C1.1541600227355957,0.024329999461770058 1.1833399534225464,0.01483600027859211 1.2095500230789185,0.008901000022888184 C1.2369400262832642,0.0029670000076293945 1.2631399631500244,2.220446049250313e-16 1.288159966468811,2.220446049250313e-16 C1.335800051689148,2.220446049250313e-16 1.3733199834823608,0.014241999946534634 1.4007099866867065,0.042725998908281326 C1.4292999505996704,0.07121100276708603 1.4435900449752808,0.10681600123643875 1.4435900449752808,0.14954200387001038 C1.4435900449752808,0.1780260056257248 1.438230037689209,0.2076980024576187 1.4275100231170654,0.23855499923229218 C1.41798996925354,0.2682270109653473 1.404289960861206,0.2996779978275299 1.3864200115203857,0.3329089879989624 C1.3625999689102173,0.3768230080604553 1.3423500061035156,0.4302310049533844 1.3256800174713135,0.493133008480072 C1.309000015258789,0.5548499822616577 1.296489953994751,0.6225000023841858 1.288159966468811,0.6960800290107727 C1.2798199653625488,0.7684800028800964 1.2756500244140625,0.8414700031280518 1.2756500244140625,0.9150599837303162 C1.2756500244140625,1.1215699911117554 1.3072099685668945,1.3073099851608276 1.3703399896621704,1.4722800254821777 C1.4346599578857422,1.6372499465942383 1.5269700288772583,1.7778899669647217 1.6472699642181396,1.8941999673843384 C1.7675700187683105,2.0093300342559814 1.9128799438476562,2.097749948501587 2.083209991455078,2.1594600677490234 C2.2547199726104736,2.2199900150299072 2.44707989692688,2.2502501010894775 2.660290002822876,2.2502501010894775 C2.660290002822876,2.2502501010894775 2.660290002822876,2.2502501010894775 2.660290002822876,2.2502501010894775 C2.660290002822876,2.2502501010894775 2.660290002822876,2.2502501010894775 2.660290002822876,2.2502501010894775"
-                  />
-                </g>
-              </g>
-            </svg>
-          </div>
-          <ProgressCircle radius={radius} circumference={circumference} offset={offset} />
-        </div>
-      </div>
-      <ProgressText
-        progress={progress}
-        onClick={() => setShowDetails((prev) => !prev)}
-        inProgressText="Creating Image"
-        finishedText="Finished."
-        hasInput={false}
-      />
-    </div>
-  );
-}
diff --git a/client/src/components/Chat/Messages/Content/MarkdownComponents.tsx b/client/src/components/Chat/Messages/Content/MarkdownComponents.tsx
index 1c5369955d..2a47af30e4 100644
--- a/client/src/components/Chat/Messages/Content/MarkdownComponents.tsx
+++ b/client/src/components/Chat/Messages/Content/MarkdownComponents.tsx
@@ -2,9 +2,8 @@ import React, { memo, useMemo, useRef, useEffect } from 'react';
 import { useRecoilValue } from 'recoil';
 import { useToastContext } from '@librechat/client';
 import { PermissionTypes, Permissions, apiBaseUrl } from 'librechat-data-provider';
-import MermaidErrorBoundary from '~/components/Messages/Content/MermaidErrorBoundary';
+import Mermaid, { MermaidErrorBoundary } from '~/components/Messages/Content/Mermaid';
 import CodeBlock from '~/components/Messages/Content/CodeBlock';
-import Mermaid from '~/components/Messages/Content/Mermaid';
 import useHasAccess from '~/hooks/Roles/useHasAccess';
 import { useFileDownload } from '~/data-provider';
 import { useCodeBlockContext } from '~/Providers';
diff --git a/client/src/components/Chat/Messages/Content/Part.tsx b/client/src/components/Chat/Messages/Content/Part.tsx
index d0c7d2af37..1b4b9057f6 100644
--- a/client/src/components/Chat/Messages/Content/Part.tsx
+++ b/client/src/components/Chat/Messages/Content/Part.tsx
@@ -1,3 +1,4 @@
+import { memo } from 'react';
 import {
   Tools,
   Constants,
@@ -6,17 +7,8 @@ import {
   imageGenTools,
   isImageVisionTool,
 } from 'librechat-data-provider';
-import { memo } from 'react';
 import type { TMessageContentParts, TAttachment } from 'librechat-data-provider';
-import {
-  OpenAIImageGen,
-  ExecuteCode,
-  AgentUpdate,
-  EmptyText,
-  Reasoning,
-  Summary,
-  Text,
-} from './Parts';
+import { ImageGen, ExecuteCode, AgentUpdate, EmptyText, Reasoning, Summary, Text } from './Parts';
 import { ErrorMessage } from './MessageContent';
 import RetrievalCall from './RetrievalCall';
 import { getCachedPreview } from '~/utils';
@@ -25,7 +17,6 @@ import CodeAnalyze from './CodeAnalyze';
 import Container from './Container';
 import WebSearch from './WebSearch';
 import ToolCall from './ToolCall';
-import ImageGen from './ImageGen';
 import Image from './Image';
 
 type PartProps = {
@@ -138,7 +129,7 @@ const Part = memo(function Part({
           isSubmitting={isSubmitting}
           output={toolCall.output ?? ''}
           initialProgress={toolCall.progress ?? 0.1}
-          args={typeof toolCall.args === 'string' ? toolCall.args : ''}
+          args={toolCall.args}
         />
       );
     } else if (
@@ -148,7 +139,7 @@ const Part = memo(function Part({
         toolCall.name === 'gemini_image_gen')
     ) {
       return (
-        <OpenAIImageGen
+        <ImageGen
           initialProgress={toolCall.progress ?? 0.1}
           isSubmitting={isSubmitting}
           toolName={toolCall.name}
@@ -167,14 +158,17 @@ const Part = memo(function Part({
           isLast={isLast}
         />
       );
-    } else if (isToolCall && toolCall.name?.startsWith(Constants.LC_TRANSFER_TO_)) {
+    } else if (isToolCall && (toolCall.name === 'file_search' || toolCall.name === 'retrieval')) {
       return (
-        <AgentHandoff
-          args={toolCall.args ?? ''}
-          name={toolCall.name || ''}
-          output={toolCall.output ?? ''}
+        <RetrievalCall
+          initialProgress={toolCall.progress ?? 0.1}
+          isSubmitting={isSubmitting}
+          output={toolCall.output ?? undefined}
+          attachments={attachments}
         />
       );
+    } else if (isToolCall && toolCall.name?.startsWith(Constants.LC_TRANSFER_TO_)) {
+      return <AgentHandoff args={toolCall.args ?? ''} name={toolCall.name || ''} />;
     } else if (isToolCall) {
       return (
         <ToolCall
@@ -185,7 +179,6 @@ const Part = memo(function Part({
           isSubmitting={isSubmitting}
           attachments={attachments}
           auth={toolCall.auth}
-          expires_at={toolCall.expires_at}
           isLast={isLast}
         />
       );
@@ -203,7 +196,12 @@ const Part = memo(function Part({
       toolCall.type === ToolCallTypes.FILE_SEARCH
     ) {
       return (
-        <RetrievalCall initialProgress={toolCall.progress ?? 0.1} isSubmitting={isSubmitting} />
+        <RetrievalCall
+          initialProgress={toolCall.progress ?? 0.1}
+          isSubmitting={isSubmitting}
+          output={(toolCall as { output?: string }).output}
+          attachments={attachments}
+        />
       );
     } else if (
       toolCall.type === ToolCallTypes.FUNCTION &&
@@ -214,6 +212,9 @@ const Part = memo(function Part({
         <ImageGen
           initialProgress={toolCall.progress ?? 0.1}
           args={toolCall.function.arguments as string}
+          isSubmitting={isSubmitting}
+          toolName={toolCall.function.name}
+          output={toolCall.function.output ?? ''}
         />
       );
     } else if (toolCall.type === ToolCallTypes.FUNCTION && ToolCallTypes.FUNCTION in toolCall) {
diff --git a/client/src/components/Chat/Messages/Content/Parts/CodeWindowHeader.tsx b/client/src/components/Chat/Messages/Content/Parts/CodeWindowHeader.tsx
new file mode 100644
index 0000000000..a65fe5ca5f
--- /dev/null
+++ b/client/src/components/Chat/Messages/Content/Parts/CodeWindowHeader.tsx
@@ -0,0 +1,35 @@
+import { useRef, useState, useCallback, useEffect } from 'react';
+import copy from 'copy-to-clipboard';
+import CopyButton from '~/components/Messages/Content/CopyButton';
+import LangIcon from '~/components/Messages/Content/LangIcon';
+import { useLocalize } from '~/hooks';
+
+interface CodeWindowHeaderProps {
+  language: string;
+  code: string;
+}
+
+export default function CodeWindowHeader({ language, code }: CodeWindowHeaderProps) {
+  const localize = useLocalize();
+  const [isCopied, setIsCopied] = useState(false);
+  const timerRef = useRef<ReturnType<typeof setTimeout>>();
+
+  useEffect(() => () => clearTimeout(timerRef.current), []);
+
+  const handleCopy = useCallback(() => {
+    setIsCopied(true);
+    copy(code.trim(), { format: 'text/plain' });
+    clearTimeout(timerRef.current);
+    timerRef.current = setTimeout(() => setIsCopied(false), 3000);
+  }, [code]);
+
+  return (
+    <div className="flex items-center justify-between bg-surface-primary-alt px-1.5 py-1.5 font-sans text-xs text-text-secondary dark:bg-transparent">
+      <span className="flex items-center gap-1.5 text-xs font-medium">
+        <LangIcon lang={language} className="size-3.5 shrink-0" />
+        {language}
+      </span>
+      <CopyButton isCopied={isCopied} onClick={handleCopy} label={localize('com_ui_copy_code')} />
+    </div>
+  );
+}
diff --git a/client/src/components/Chat/Messages/Content/Parts/ExecuteCode.tsx b/client/src/components/Chat/Messages/Content/Parts/ExecuteCode.tsx
index 2f14ac0f13..20298f5c0b 100644
--- a/client/src/components/Chat/Messages/Content/Parts/ExecuteCode.tsx
+++ b/client/src/components/Chat/Messages/Content/Parts/ExecuteCode.tsx
@@ -1,9 +1,10 @@
-import React, { useMemo, useState, useRef, useEffect } from 'react';
+import React, { useMemo, useState, useEffect, useCallback, useRef } from 'react';
 import { useRecoilValue } from 'recoil';
+import { SquareTerminal } from 'lucide-react';
 import type { TAttachment } from 'librechat-data-provider';
 import ProgressText from '~/components/Chat/Messages/Content/ProgressText';
-import MarkdownLite from '~/components/Chat/Messages/Content/MarkdownLite';
-import { useProgress, useLocalize } from '~/hooks';
+import { useProgress, useLocalize, useExpandCollapse } from '~/hooks';
+import CodeWindowHeader from './CodeWindowHeader';
 import { AttachmentGroup } from './Attachment';
 import Stdout from './Stdout';
 import { cn } from '~/utils';
@@ -14,8 +15,115 @@ interface ParsedArgs {
   code?: string;
 }
 
-export function useParseArgs(args?: string): ParsedArgs | null {
+interface HastText {
+  type: 'text';
+  value: string;
+}
+
+interface HastElement {
+  type: 'element';
+  tagName: string;
+  properties?: { className?: string[] };
+  children?: HastNode[];
+}
+
+type HastNode = HastText | HastElement;
+
+function hastToReact(nodes: HastNode[]): React.ReactNode[] {
+  return nodes.map((node, i) => {
+    if (node.type === 'text') {
+      return node.value;
+    }
+    return React.createElement(
+      node.tagName,
+      { key: i, className: node.properties?.className?.join(' ') },
+      node.children ? hastToReact(node.children) : undefined,
+    );
+  });
+}
+
+type LowlightModule = typeof import('lowlight');
+
+/** Lazy-loaded lowlight singleton — only fetched when syntax highlighting is first needed. */
+let lowlightPromise: Promise<LowlightModule> | null = null;
+let lowlightModule: LowlightModule | null = null;
+
+function loadLowlight(): Promise<LowlightModule> {
+  if (lowlightModule) {
+    return Promise.resolve(lowlightModule);
+  }
+  if (!lowlightPromise) {
+    lowlightPromise = import('lowlight').then((mod) => {
+      lowlightModule = mod;
+      return mod;
+    });
+  }
+  return lowlightPromise;
+}
+
+function highlightCode(mod: LowlightModule, code: string, lang: string): React.ReactNode[] {
+  try {
+    const tree = mod.lowlight.registered(lang)
+      ? mod.lowlight.highlight(lang, code)
+      : mod.lowlight.highlightAuto(code);
+    return hastToReact(tree.children as HastNode[]);
+  } catch {
+    return [code];
+  }
+}
+
+/** Hook that lazily loads lowlight and returns highlighted nodes once ready. */
+function useLazyHighlight(code: string | undefined, lang: string): React.ReactNode[] | null {
+  const [highlighted, setHighlighted] = useState<React.ReactNode[] | null>(() => {
+    if (!code || !lowlightModule) {
+      return null;
+    }
+    return highlightCode(lowlightModule, code, lang);
+  });
+  const prevKey = useRef('');
+
+  useEffect(() => {
+    const key = `${lang}\0${code ?? ''}`;
+    if (key === prevKey.current) {
+      return;
+    }
+    prevKey.current = key;
+
+    if (!code) {
+      setHighlighted(null);
+      return;
+    }
+
+    if (lowlightModule) {
+      setHighlighted(highlightCode(lowlightModule, code, lang));
+      return;
+    }
+
+    let cancelled = false;
+    loadLowlight()
+      .then((mod) => {
+        if (!cancelled) {
+          setHighlighted(highlightCode(mod, code, lang));
+        }
+      })
+      .catch(() => {
+        if (!cancelled) {
+          setHighlighted([code]);
+        }
+      });
+    return () => {
+      cancelled = true;
+    };
+  }, [code, lang]);
+
+  return highlighted;
+}
+
+export function useParseArgs(args?: string | Record<string, unknown>): ParsedArgs | null {
   return useMemo(() => {
+    if (typeof args === 'object' && args !== null) {
+      return { lang: String(args.lang ?? ''), code: String(args.code ?? '') };
+    }
     let parsedArgs: ParsedArgs | string | undefined | null = args;
     try {
       parsedArgs = JSON.parse(args || '');
@@ -44,6 +152,8 @@ export function useParseArgs(args?: string): ParsedArgs | null {
   }, [args]);
 }
 
+const ERROR_PATTERNS = /^(Traceback|Error:|Exception:|.*Error:)/m;
+
 export default function ExecuteCode({
   isSubmitting,
   initialProgress = 0.1,
@@ -53,170 +163,88 @@ export default function ExecuteCode({
 }: {
   initialProgress: number;
   isSubmitting: boolean;
-  args?: string;
+  args?: string | Record<string, unknown>;
   output?: string;
   attachments?: TAttachment[];
 }) {
   const localize = useLocalize();
   const hasOutput = output.length > 0;
-  const outputRef = useRef<string>(output);
-  const codeContentRef = useRef<HTMLDivElement>(null);
-  const [isAnimating, setIsAnimating] = useState(false);
-  const showAnalysisCode = useRecoilValue(store.showCode);
-  const [showCode, setShowCode] = useState(showAnalysisCode);
-  const [contentHeight, setContentHeight] = useState<number | undefined>(0);
+  const autoExpand = useRecoilValue(store.autoExpandTools);
 
-  const prevShowCodeRef = useRef<boolean>(showCode);
   const { lang = 'py', code } = useParseArgs(args) ?? ({} as ParsedArgs);
+  const hasContent = !!code || hasOutput;
+  const [showCode, setShowCode] = useState(() => autoExpand && hasContent);
+  const { style: expandStyle, ref: expandRef } = useExpandCollapse(showCode);
+
+  useEffect(() => {
+    if (autoExpand && hasContent) {
+      setShowCode(true);
+    }
+  }, [autoExpand, hasContent]);
   const progress = useProgress(initialProgress);
 
-  useEffect(() => {
-    if (output !== outputRef.current) {
-      outputRef.current = output;
+  const highlighted = useLazyHighlight(code, lang);
 
-      if (showCode && codeContentRef.current) {
-        setTimeout(() => {
-          if (codeContentRef.current) {
-            const newHeight = codeContentRef.current.scrollHeight;
-            setContentHeight(newHeight);
-          }
-        }, 10);
-      }
-    }
-  }, [output, showCode]);
+  const outputHasError = useMemo(() => ERROR_PATTERNS.test(output), [output]);
 
-  useEffect(() => {
-    if (showCode !== prevShowCodeRef.current) {
-      prevShowCodeRef.current = showCode;
-
-      if (showCode && codeContentRef.current) {
-        setIsAnimating(true);
-        requestAnimationFrame(() => {
-          if (codeContentRef.current) {
-            const height = codeContentRef.current.scrollHeight;
-            setContentHeight(height);
-          }
-
-          const timer = setTimeout(() => {
-            setIsAnimating(false);
-          }, 500);
-
-          return () => clearTimeout(timer);
-        });
-      } else if (!showCode) {
-        setIsAnimating(true);
-        setContentHeight(0);
-
-        const timer = setTimeout(() => {
-          setIsAnimating(false);
-        }, 500);
-
-        return () => clearTimeout(timer);
-      }
-    }
-  }, [showCode]);
-
-  useEffect(() => {
-    if (!codeContentRef.current) {
-      return;
-    }
-
-    const resizeObserver = new ResizeObserver((entries) => {
-      if (showCode && !isAnimating) {
-        for (const entry of entries) {
-          if (entry.target === codeContentRef.current) {
-            setContentHeight(entry.contentRect.height);
-          }
-        }
-      }
-    });
-
-    resizeObserver.observe(codeContentRef.current);
-
-    return () => {
-      resizeObserver.disconnect();
-    };
-  }, [showCode, isAnimating]);
+  const toggleCode = useCallback(() => setShowCode((prev) => !prev), [setShowCode]);
 
   const cancelled = !isSubmitting && progress < 1;
 
   return (
     <>
-      <div className="relative my-2.5 flex size-5 shrink-0 items-center gap-2.5">
+      <div className="relative my-1.5 flex size-5 shrink-0 items-center gap-2.5">
         <ProgressText
           progress={progress}
-          onClick={() => setShowCode((prev) => !prev)}
+          onClick={toggleCode}
           inProgressText={localize('com_ui_analyzing')}
           finishedText={
             cancelled ? localize('com_ui_cancelled') : localize('com_ui_analyzing_finished')
           }
+          icon={
+            <SquareTerminal
+              className={cn(
+                'size-4 shrink-0 text-text-secondary',
+                progress < 1 && !cancelled && 'animate-pulse',
+              )}
+              aria-hidden="true"
+            />
+          }
           hasInput={!!code?.length}
           isExpanded={showCode}
           error={cancelled}
         />
       </div>
-      <div
-        className="relative mb-2"
-        style={{
-          height: showCode ? contentHeight : 0,
-          overflow: 'hidden',
-          transition:
-            'height 0.4s cubic-bezier(0.16, 1, 0.3, 1), opacity 0.4s cubic-bezier(0.16, 1, 0.3, 1)',
-          opacity: showCode ? 1 : 0,
-          transformOrigin: 'top',
-          willChange: 'height, opacity',
-          perspective: '1000px',
-          backfaceVisibility: 'hidden',
-          WebkitFontSmoothing: 'subpixel-antialiased',
-        }}
-      >
-        <div
-          className={cn(
-            'code-analyze-block mt-0.5 overflow-hidden rounded-xl bg-surface-primary',
-            showCode && 'shadow-lg',
-          )}
-          ref={codeContentRef}
-          style={{
-            transform: showCode ? 'translateY(0) scale(1)' : 'translateY(-8px) scale(0.98)',
-            opacity: showCode ? 1 : 0,
-            transition:
-              'transform 0.4s cubic-bezier(0.16, 1, 0.3, 1), opacity 0.4s cubic-bezier(0.16, 1, 0.3, 1)',
-          }}
-        >
-          {showCode && (
-            <div
-              style={{
-                transform: showCode ? 'translateY(0)' : 'translateY(-4px)',
-                opacity: showCode ? 1 : 0,
-                transition:
-                  'transform 0.35s cubic-bezier(0.16, 1, 0.3, 1), opacity 0.35s cubic-bezier(0.16, 1, 0.3, 1)',
-              }}
-            >
-              <MarkdownLite
-                content={code ? `\`\`\`${lang}\n${code}\n\`\`\`` : ''}
-                codeExecution={false}
-              />
-            </div>
-          )}
-          {hasOutput && (
-            <div
-              className={cn(
-                'bg-surface-tertiary p-4 text-xs',
-                showCode ? 'border-t border-surface-primary-contrast' : '',
-              )}
-              style={{
-                transform: showCode ? 'translateY(0)' : 'translateY(-6px)',
-                opacity: showCode ? 1 : 0,
-                transition:
-                  'transform 0.45s cubic-bezier(0.16, 1, 0.3, 1) 0.05s, opacity 0.45s cubic-bezier(0.19, 1, 0.22, 1) 0.05s',
-                boxShadow: showCode ? '0 -1px 0 rgba(0,0,0,0.05)' : 'none',
-              }}
-            >
-              <div className="prose flex flex-col-reverse">
-                <Stdout output={output} />
+      <div style={expandStyle}>
+        <div className="overflow-hidden" ref={expandRef}>
+          <div className="my-2 overflow-hidden rounded-lg border border-border-light bg-surface-secondary">
+            {code && <CodeWindowHeader language={lang} code={code} />}
+            {code && (
+              <pre className="max-h-[300px] overflow-auto bg-surface-chat p-4 font-mono text-xs dark:bg-surface-primary-alt">
+                <code className={`hljs language-${lang} !whitespace-pre`}>{highlighted}</code>
+              </pre>
+            )}
+            {hasOutput && (
+              <div
+                className={cn(
+                  'bg-surface-primary-alt p-4 text-xs dark:bg-transparent',
+                  code && 'border-t border-border-light',
+                )}
+              >
+                <div className="mb-1.5 text-[10px] font-medium uppercase tracking-wide text-text-secondary">
+                  {localize('com_ui_output')}
+                </div>
+                <div
+                  className={cn(
+                    'max-h-[200px] overflow-auto',
+                    outputHasError ? 'text-red-600 dark:text-red-400' : 'text-text-primary',
+                  )}
+                >
+                  <Stdout output={output} />
+                </div>
               </div>
-            </div>
-          )}
+            )}
+          </div>
         </div>
       </div>
       {attachments && attachments.length > 0 && <AttachmentGroup attachments={attachments} />}
diff --git a/client/src/components/Chat/Messages/Content/Parts/OpenAIImageGen/OpenAIImageGen.tsx b/client/src/components/Chat/Messages/Content/Parts/OpenAIImageGen/OpenAIImageGen.tsx
index bdce6d3209..f47c9c56c3 100644
--- a/client/src/components/Chat/Messages/Content/Parts/OpenAIImageGen/OpenAIImageGen.tsx
+++ b/client/src/components/Chat/Messages/Content/Parts/OpenAIImageGen/OpenAIImageGen.tsx
@@ -1,12 +1,28 @@
-import { useState, useEffect, useRef } from 'react';
+import { useState, useEffect, useRef, useCallback } from 'react';
 import { PixelCard } from '@librechat/client';
 import type { TAttachment, TFile, TAttachmentMetadata } from 'librechat-data-provider';
+import { ToolIcon, isError } from '~/components/Chat/Messages/Content/ToolOutput';
 import Image from '~/components/Chat/Messages/Content/Image';
+import { useProgress, useLocalize } from '~/hooks';
 import ProgressText from './ProgressText';
-import { cn } from '~/utils';
+import { AGENT_STYLE_TOOLS } from '.';
+import { scaleImage } from '~/utils';
 
-const IMAGE_MAX_H = 'max-h-[45vh]' as const;
-const IMAGE_FULL_H = 'h-[45vh]' as const;
+function computeCancelled(
+  isSubmitting: boolean | undefined,
+  initialProgress: number,
+  hasError: boolean,
+): boolean {
+  if (isSubmitting !== undefined) {
+    return (!isSubmitting && initialProgress < 1) || hasError;
+  }
+  // Legacy path: in-progress (0 < progress < 1) is never cancelled
+  // because legacy image gen lacks a submitting signal.
+  if (initialProgress < 1 && initialProgress > 0) {
+    return false;
+  }
+  return hasError;
+}
 
 export default function OpenAIImageGen({
   initialProgress = 0.1,
@@ -17,49 +33,102 @@ export default function OpenAIImageGen({
   attachments,
 }: {
   initialProgress: number;
-  isSubmitting: boolean;
-  toolName: string;
+  isSubmitting?: boolean;
+  toolName?: string;
   args: string | Record<string, unknown>;
   output?: string | null;
   attachments?: TAttachment[];
 }) {
-  const [progress, setProgress] = useState(initialProgress);
+  const localize = useLocalize();
+  const isAgentStyle = toolName != null && AGENT_STYLE_TOOLS.has(toolName);
+  const [agentProgress, setAgentProgress] = useState(initialProgress);
+  const legacyProgress = useProgress(isAgentStyle ? 1 : initialProgress);
+  const progress = isAgentStyle ? agentProgress : legacyProgress;
   const intervalRef = useRef<NodeJS.Timeout | null>(null);
 
-  const error =
-    typeof output === 'string' && output.toLowerCase().includes('error processing tool');
+  const hasError = typeof output === 'string' && isError(output);
 
-  const cancelled = (!isSubmitting && initialProgress < 1) || error === true;
+  /**
+   * Determines if the image generation was cancelled.
+   * - Agent path (isSubmitting defined): cancelled if not submitting + incomplete, or on error.
+   * - Legacy path (isSubmitting undefined): in-progress (0 < progress < 1) is never cancelled
+   *   because legacy image gen lacks a submitting signal — only errors cancel.
+   */
+  const cancelled = computeCancelled(isSubmitting, initialProgress, hasError);
 
+  let width: number | undefined;
+  let height: number | undefined;
   let quality: 'low' | 'medium' | 'high' = 'high';
 
-  // Parse args if it's a string
-  let parsedArgs;
+  let parsedArgs: Record<string, unknown> = {};
   try {
     parsedArgs = typeof _args === 'string' ? JSON.parse(_args) : _args;
-  } catch (error) {
-    console.error('Error parsing args:', error);
+  } catch {
     parsedArgs = {};
   }
 
-  if (parsedArgs && typeof parsedArgs.quality === 'string') {
-    const q = parsedArgs.quality.toLowerCase();
-    if (q === 'low' || q === 'medium' || q === 'high') {
-      quality = q;
+  try {
+    const argsObj = parsedArgs;
+
+    if (argsObj && typeof argsObj.size === 'string') {
+      const [w, h] = argsObj.size.split('x').map((v: string) => parseInt(v, 10));
+      if (!isNaN(w) && !isNaN(h)) {
+        width = w;
+        height = h;
+      }
+    } else if (argsObj && (typeof argsObj.size !== 'string' || !argsObj.size)) {
+      width = undefined;
+      height = undefined;
     }
+
+    if (argsObj && typeof argsObj.quality === 'string') {
+      const q = argsObj.quality.toLowerCase();
+      if (q === 'low' || q === 'medium' || q === 'high') {
+        quality = q;
+      }
+    }
+  } catch {
+    width = undefined;
+    height = undefined;
   }
 
   const attachment = attachments?.[0];
   const {
+    width: imageWidth,
+    height: imageHeight,
     filepath = null,
     filename = '',
-    width: imgWidth,
-    height: imgHeight,
   } = (attachment as TFile & TAttachmentMetadata) || {};
 
+  let origWidth = width ?? imageWidth;
+  let origHeight = height ?? imageHeight;
+
+  if (origWidth === undefined || origHeight === undefined) {
+    origWidth = 1024;
+    origHeight = 1024;
+  }
+
+  const [dimensions, setDimensions] = useState({ width: 'auto', height: 'auto' });
+  const containerRef = useRef<HTMLDivElement>(null);
+
+  const updateDimensions = useCallback(() => {
+    if (origWidth && origHeight && containerRef.current) {
+      const scaled = scaleImage({
+        originalWidth: origWidth,
+        originalHeight: origHeight,
+        containerRef,
+      });
+      setDimensions(scaled);
+    }
+  }, [origWidth, origHeight]);
+
   useEffect(() => {
+    if (!isAgentStyle) {
+      return;
+    }
+
     if (isSubmitting) {
-      setProgress(initialProgress);
+      setAgentProgress(initialProgress);
 
       if (intervalRef.current) {
         clearInterval(intervalRef.current);
@@ -71,7 +140,6 @@ export default function OpenAIImageGen({
       } else if (quality === 'high') {
         baseDuration = 50000;
       }
-      // adding some jitter (±30% of base)
       const jitter = Math.floor(baseDuration * 0.3);
       const totalDuration = Math.floor(Math.random() * jitter) + baseDuration;
       const updateInterval = 200;
@@ -83,7 +151,7 @@ export default function OpenAIImageGen({
 
         if (currentStep >= totalSteps) {
           clearInterval(intervalRef.current as NodeJS.Timeout);
-          setProgress(0.9);
+          setAgentProgress(0.9);
         } else {
           const progressRatio = currentStep / totalSteps;
           let mapRatio: number;
@@ -95,7 +163,7 @@ export default function OpenAIImageGen({
           }
           const scaledProgress = 0.1 + mapRatio * 0.8;
 
-          setProgress(scaledProgress);
+          setAgentProgress(scaledProgress);
         }
       }, updateInterval);
     }
@@ -105,35 +173,81 @@ export default function OpenAIImageGen({
         clearInterval(intervalRef.current);
       }
     };
-  }, [isSubmitting, initialProgress, quality]);
+  }, [isSubmitting, initialProgress, quality, isAgentStyle]);
 
   useEffect(() => {
+    if (!isAgentStyle) {
+      return;
+    }
+
     if (initialProgress >= 1 || cancelled) {
-      setProgress(initialProgress);
+      setAgentProgress(initialProgress);
       if (intervalRef.current) {
         clearInterval(intervalRef.current);
       }
     }
-  }, [initialProgress, cancelled]);
+  }, [initialProgress, cancelled, isAgentStyle]);
+
+  useEffect(() => {
+    updateDimensions();
+
+    const resizeObserver = new ResizeObserver(() => {
+      updateDimensions();
+    });
+
+    if (containerRef.current) {
+      resizeObserver.observe(containerRef.current);
+    }
+
+    return () => {
+      resizeObserver.disconnect();
+    };
+  }, [updateDimensions]);
+
+  const isInProgress = progress < 1 && !cancelled;
 
   return (
     <>
-      <div className="relative my-2.5 flex size-5 shrink-0 items-center gap-2.5">
+      <span className="sr-only" aria-live="polite" aria-atomic="true">
+        {(() => {
+          if (progress < 1 && !cancelled) {
+            return '';
+          }
+          if (cancelled && hasError) {
+            return localize('com_ui_image_gen_failed');
+          }
+          if (cancelled) {
+            return localize('com_ui_cancelled');
+          }
+          return localize('com_ui_image_created');
+        })()}
+      </span>
+      <div className="relative my-1 flex h-5 shrink-0 items-center gap-2">
+        <ToolIcon type="image_gen" isAnimating={isInProgress} />
         <ProgressText progress={progress} error={cancelled} toolName={toolName} />
       </div>
-      <div className={cn('relative mb-2 flex w-full max-w-lg justify-start', IMAGE_MAX_H)}>
-        <div className={cn('overflow-hidden', progress < 1 ? [IMAGE_FULL_H, 'w-full'] : 'w-auto')}>
-          {progress < 1 && <PixelCard variant="default" progress={progress} randomness={0.6} />}
-          <Image
-            width={imgWidth}
-            args={parsedArgs}
-            height={imgHeight}
-            altText={filename}
-            imagePath={filepath ?? ''}
-            className={progress < 1 ? 'invisible absolute' : ''}
-          />
+      {isAgentStyle && (
+        <div className="relative mb-2 flex w-full justify-start">
+          <div ref={containerRef} className="w-full max-w-lg">
+            {dimensions.width !== 'auto' && progress < 1 && (
+              <PixelCard
+                variant="default"
+                progress={progress}
+                randomness={0.6}
+                width={dimensions.width}
+                height={dimensions.height}
+              />
+            )}
+            <Image
+              altText={filename}
+              imagePath={filepath ?? ''}
+              width={Number(dimensions.width?.split('px')[0])}
+              height={Number(dimensions.height?.split('px')[0])}
+              args={parsedArgs}
+            />
+          </div>
         </div>
-      </div>
+      )}
     </>
   );
 }
diff --git a/client/src/components/Chat/Messages/Content/Parts/OpenAIImageGen/ProgressText.tsx b/client/src/components/Chat/Messages/Content/Parts/OpenAIImageGen/ProgressText.tsx
index 85e8566f6a..c0c6b128f3 100644
--- a/client/src/components/Chat/Messages/Content/Parts/OpenAIImageGen/ProgressText.tsx
+++ b/client/src/components/Chat/Messages/Content/Parts/OpenAIImageGen/ProgressText.tsx
@@ -1,20 +1,21 @@
+import { AGENT_STYLE_TOOLS } from '.';
 import { useLocalize } from '~/hooks';
 import { cn } from '~/utils';
 
 export default function ProgressText({
   progress,
   error,
-  toolName = 'image_gen_oai',
+  toolName = '',
 }: {
   progress: number;
   error?: boolean;
-  toolName: string;
+  toolName?: string;
 }) {
   const localize = useLocalize();
 
   const getText = () => {
     if (error) {
-      return localize('com_ui_error');
+      return localize('com_ui_image_gen_failed');
     }
 
     if (toolName === 'image_edit_oai') {
@@ -33,7 +34,6 @@ export default function ProgressText({
       return localize('com_ui_getting_started');
     }
 
-    // Gemini image generation
     if (toolName === 'gemini_image_gen') {
       if (progress >= 1) {
         return localize('com_ui_image_created');
@@ -50,30 +50,38 @@ export default function ProgressText({
       return localize('com_ui_getting_started');
     }
 
+    if (AGENT_STYLE_TOOLS.has(toolName)) {
+      if (progress >= 1) {
+        return localize('com_ui_image_created');
+      }
+      if (progress >= 0.7) {
+        return localize('com_ui_final_touch');
+      }
+      if (progress >= 0.5) {
+        return localize('com_ui_adding_details');
+      }
+      if (progress >= 0.3) {
+        return localize('com_ui_creating_image');
+      }
+      return localize('com_ui_getting_started');
+    }
+
     if (progress >= 1) {
       return localize('com_ui_image_created');
     }
-    if (progress >= 0.7) {
-      return localize('com_ui_final_touch');
-    }
-    if (progress >= 0.5) {
-      return localize('com_ui_adding_details');
-    }
-    if (progress >= 0.3) {
-      return localize('com_ui_creating_image');
-    }
-    return localize('com_ui_getting_started');
+    return localize('com_ui_generating_image');
   };
 
   const text = getText();
 
   return (
-    <div
+    <span
       className={cn(
-        'progress-text-content pointer-events-none absolute left-0 top-0 inline-flex w-full items-center gap-2 overflow-visible whitespace-nowrap',
+        'progress-text-content tool-status-text whitespace-nowrap font-medium',
+        progress < 1 && 'shimmer',
       )}
     >
-      <span className={`font-medium ${progress < 1 ? 'shimmer' : ''}`}>{text}</span>
-    </div>
+      {text}
+    </span>
   );
 }
diff --git a/client/src/components/Chat/Messages/Content/Parts/OpenAIImageGen/index.ts b/client/src/components/Chat/Messages/Content/Parts/OpenAIImageGen/index.ts
index c5f60526f5..5841d574cb 100644
--- a/client/src/components/Chat/Messages/Content/Parts/OpenAIImageGen/index.ts
+++ b/client/src/components/Chat/Messages/Content/Parts/OpenAIImageGen/index.ts
@@ -1 +1,4 @@
+export { default as ImageGen } from './OpenAIImageGen';
 export { default as OpenAIImageGen } from './OpenAIImageGen';
+
+export const AGENT_STYLE_TOOLS = new Set(['image_gen_oai', 'image_edit_oai', 'gemini_image_gen']);
diff --git a/client/src/components/Chat/Messages/Content/Parts/Reasoning.tsx b/client/src/components/Chat/Messages/Content/Parts/Reasoning.tsx
index 44d646fcd8..6c059af06c 100644
--- a/client/src/components/Chat/Messages/Content/Parts/Reasoning.tsx
+++ b/client/src/components/Chat/Messages/Content/Parts/Reasoning.tsx
@@ -1,11 +1,11 @@
 import { memo, useMemo, useState, useCallback, useRef, useId } from 'react';
-import { useAtom } from 'jotai';
-import type { MouseEvent, FocusEvent } from 'react';
+import { useAtomValue } from 'jotai';
 import { ContentTypes } from 'librechat-data-provider';
+import type { MouseEvent, FocusEvent } from 'react';
 import { ThinkingContent, ThinkingButton, FloatingThinkingBar } from './Thinking';
+import { useLocalize, useExpandCollapse } from '~/hooks';
 import { showThinkingAtom } from '~/store/showThinking';
 import { useMessageContext } from '~/Providers';
-import { useLocalize } from '~/hooks';
 import { cn } from '~/utils';
 
 type ReasoningProps = {
@@ -38,10 +38,11 @@ type ReasoningProps = {
 const Reasoning = memo(({ reasoning, isLast }: ReasoningProps) => {
   const contentId = useId();
   const localize = useLocalize();
-  const [showThinking] = useAtom(showThinkingAtom);
+  const showThinking = useAtomValue(showThinkingAtom);
   const [isExpanded, setIsExpanded] = useState(showThinking);
   const [isBarVisible, setIsBarVisible] = useState(false);
   const containerRef = useRef<HTMLDivElement>(null);
+  const { style: expandStyle, ref: expandRef } = useExpandCollapse(isExpanded);
   const { isSubmitting, isLatestMessage, nextType } = useMessageContext();
 
   // Strip <think> tags from the reasoning content (modern format)
@@ -113,15 +114,10 @@ const Reasoning = memo(({ reasoning, isLast }: ReasoningProps) => {
           role="group"
           aria-label={label}
           aria-hidden={!isExpanded || undefined}
-          className={cn(
-            'grid transition-all duration-300 ease-out',
-            nextType !== ContentTypes.THINK && isExpanded && 'mb-4',
-          )}
-          style={{
-            gridTemplateRows: isExpanded ? '1fr' : '0fr',
-          }}
+          className={cn(nextType !== ContentTypes.THINK && isExpanded && 'mb-4')}
+          style={expandStyle}
         >
-          <div className="relative overflow-hidden">
+          <div className="relative overflow-hidden" ref={expandRef}>
             <ThinkingContent>{reasoningText}</ThinkingContent>
             <FloatingThinkingBar
               isVisible={isBarVisible && isExpanded}
diff --git a/client/src/components/Chat/Messages/Content/Parts/Stdout.tsx b/client/src/components/Chat/Messages/Content/Parts/Stdout.tsx
index 562d85489a..93b28d8341 100644
--- a/client/src/components/Chat/Messages/Content/Parts/Stdout.tsx
+++ b/client/src/components/Chat/Messages/Content/Parts/Stdout.tsx
@@ -1,26 +1,25 @@
-import React, { useMemo } from 'react';
+import { useMemo } from 'react';
 
 interface StdoutProps {
   output?: string;
 }
 
-const Stdout: React.FC<StdoutProps> = ({ output = '' }) => {
+export default function Stdout({ output = '' }: StdoutProps) {
   const processedContent = useMemo(() => {
     if (!output) {
       return '';
     }
-
     const parts = output.split('Generated files:');
     return parts[0].trim();
   }, [output]);
 
-  return (
-    processedContent && (
-      <pre className="shrink-0">
-        <div className="text-text-primary">{processedContent}</div>
-      </pre>
-    )
-  );
-};
+  if (!processedContent) {
+    return null;
+  }
 
-export default Stdout;
+  return (
+    <pre className="shrink-0 whitespace-pre-wrap break-words font-mono text-text-primary">
+      {processedContent}
+    </pre>
+  );
+}
diff --git a/client/src/components/Chat/Messages/Content/Parts/Thinking.tsx b/client/src/components/Chat/Messages/Content/Parts/Thinking.tsx
index 7641738c15..39240af3d0 100644
--- a/client/src/components/Chat/Messages/Content/Parts/Thinking.tsx
+++ b/client/src/components/Chat/Messages/Content/Parts/Thinking.tsx
@@ -1,11 +1,11 @@
 import { useState, useMemo, memo, useCallback, useRef, useId, type MouseEvent } from 'react';
 import { useAtomValue } from 'jotai';
-import { Clipboard, CheckMark, TooltipAnchor } from '@librechat/client';
 import { Lightbulb, ChevronDown, ChevronUp } from 'lucide-react';
+import { Clipboard, CheckMark, TooltipAnchor } from '@librechat/client';
 import type { FocusEvent, FC } from 'react';
+import { useLocalize, useExpandCollapse } from '~/hooks';
 import { showThinkingAtom } from '~/store/showThinking';
 import { fontSizeAtom } from '~/store/fontSize';
-import { useLocalize } from '~/hooks';
 import { cn } from '~/utils';
 
 /**
@@ -18,7 +18,7 @@ export const ThinkingContent: FC<{
   const fontSize = useAtomValue(fontSizeAtom);
 
   return (
-    <div className="relative rounded-3xl border border-border-medium bg-surface-tertiary p-4 pb-10 text-text-secondary">
+    <div className="relative rounded-lg border border-border-light bg-surface-secondary p-3 pb-8 text-text-secondary">
       <p className={cn('whitespace-pre-wrap leading-[26px]', fontSize)}>{children}</p>
     </div>
   );
@@ -184,7 +184,7 @@ export const FloatingThinkingBar = memo(
               aria-expanded={isExpanded}
               aria-controls={contentId}
               className={cn(
-                'flex items-center justify-center rounded-lg bg-surface-secondary p-1.5 text-text-secondary-alt shadow-sm',
+                'flex items-center justify-center rounded p-1.5 text-text-tertiary',
                 'hover:bg-surface-hover hover:text-text-primary',
                 'focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-border-heavy',
               )}
@@ -207,7 +207,7 @@ export const FloatingThinkingBar = memo(
                 onClick={handleCopy}
                 aria-label={copyTooltip}
                 className={cn(
-                  'flex items-center justify-center rounded-lg bg-surface-secondary p-1.5 text-text-secondary-alt shadow-sm',
+                  'flex items-center justify-center rounded p-1.5 text-text-tertiary',
                   'hover:bg-surface-hover hover:text-text-primary',
                   'focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-border-heavy',
                 )}
@@ -248,6 +248,7 @@ const Thinking: React.ElementType = memo(({ children }: { children: React.ReactN
   const [isBarVisible, setIsBarVisible] = useState(false);
   const containerRef = useRef<HTMLDivElement>(null);
   const contentId = useId();
+  const { style: expandStyle, ref: expandRef } = useExpandCollapse(isExpanded);
 
   const handleClick = useCallback((e: MouseEvent<HTMLButtonElement>) => {
     e.preventDefault();
@@ -311,12 +312,10 @@ const Thinking: React.ElementType = memo(({ children }: { children: React.ReactN
         role="group"
         aria-label={label}
         aria-hidden={!isExpanded || undefined}
-        className={cn('grid transition-all duration-300 ease-out', isExpanded && 'mb-8')}
-        style={{
-          gridTemplateRows: isExpanded ? '1fr' : '0fr',
-        }}
+        className={cn(isExpanded && 'mb-8')}
+        style={expandStyle}
       >
-        <div className="relative overflow-hidden">
+        <div className="relative overflow-hidden" ref={expandRef}>
           <ThinkingContent>{children}</ThinkingContent>
           <FloatingThinkingBar
             isVisible={isBarVisible && isExpanded}
diff --git a/client/src/components/Chat/Messages/Content/ProgressText.tsx b/client/src/components/Chat/Messages/Content/ProgressText.tsx
index b10edf120d..60a1e651ae 100644
--- a/client/src/components/Chat/Messages/Content/ProgressText.tsx
+++ b/client/src/components/Chat/Messages/Content/ProgressText.tsx
@@ -1,8 +1,6 @@
+import { ChevronDown } from 'lucide-react';
 import * as Popover from '@radix-ui/react-popover';
-import { Spinner } from '@librechat/client';
-import { ChevronDown, ChevronUp } from 'lucide-react';
 import CancelledIcon from './CancelledIcon';
-import FinishedIcon from './FinishedIcon';
 import { cn } from '~/utils';
 
 const wrapperClass =
@@ -16,7 +14,6 @@ const Wrapper = ({ popover, children }: { popover: boolean; children: React.Reac
           <div
             className="progress-text-content absolute left-0 top-0 overflow-visible whitespace-nowrap"
             style={{ opacity: 1, transform: 'none' }}
-            data-projection-id="78"
           >
             {children}
           </div>
@@ -30,7 +27,6 @@ const Wrapper = ({ popover, children }: { popover: boolean; children: React.Reac
       <div
         className="progress-text-content absolute left-0 top-0 overflow-visible whitespace-nowrap"
         style={{ opacity: 1, transform: 'none' }}
-        data-projection-id="78"
       >
         {children}
       </div>
@@ -44,6 +40,9 @@ export default function ProgressText({
   inProgressText,
   finishedText,
   authText,
+  icon: iconProp,
+  subtitle,
+  errorSuffix,
   hasInput = true,
   popover = false,
   isExpanded = false,
@@ -54,6 +53,9 @@ export default function ProgressText({
   inProgressText: string;
   finishedText: string;
   authText?: string;
+  icon?: React.ReactNode;
+  subtitle?: string;
+  errorSuffix?: string;
   hasInput?: boolean;
   popover?: boolean;
   isExpanded?: boolean;
@@ -70,13 +72,10 @@ export default function ProgressText({
   };
 
   const getIcon = () => {
-    if (error) {
+    if (error && !errorSuffix) {
       return <CancelledIcon />;
     }
-    if (progress < 1) {
-      return <Spinner />;
-    }
-    return <FinishedIcon />;
+    return iconProp ?? null;
   };
 
   const text = getText();
@@ -89,20 +88,30 @@ export default function ProgressText({
         type="button"
         className={cn(
           'inline-flex w-full items-center gap-2',
-          hasInput ? '' : 'pointer-events-none',
+          hasInput
+            ? 'focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-border-heavy'
+            : 'pointer-events-none',
         )}
         disabled={!hasInput}
+        tabIndex={hasInput ? 0 : -1}
         onClick={hasInput ? onClick : undefined}
         aria-expanded={hasInput ? isExpanded : undefined}
       >
         {icon}
-        <span className={showShimmer ? 'shimmer' : ''}>{text}</span>
-        {hasInput &&
-          (isExpanded ? (
-            <ChevronUp className="size-4 shrink-0 translate-y-[1px]" aria-hidden="true" />
-          ) : (
-            <ChevronDown className="size-4 shrink-0 translate-y-[1px]" aria-hidden="true" />
-          ))}
+        <span className={cn(showShimmer ? 'shimmer' : '', 'font-medium')}>{text}</span>
+        {subtitle && <span className="font-normal text-text-secondary">{subtitle}</span>}
+        {errorSuffix && (
+          <span className="font-normal text-red-600 dark:text-red-400">— {errorSuffix}</span>
+        )}
+        {hasInput && (
+          <ChevronDown
+            className={cn(
+              'size-4 shrink-0 translate-y-[1px] transition-transform duration-200 ease-out',
+              isExpanded && 'rotate-180',
+            )}
+            aria-hidden="true"
+          />
+        )}
       </button>
     </Wrapper>
   );
diff --git a/client/src/components/Chat/Messages/Content/RetrievalCall.tsx b/client/src/components/Chat/Messages/Content/RetrievalCall.tsx
index 4c2465f3c3..f367f07feb 100644
--- a/client/src/components/Chat/Messages/Content/RetrievalCall.tsx
+++ b/client/src/components/Chat/Messages/Content/RetrievalCall.tsx
@@ -1,52 +1,475 @@
-import ProgressCircle from './ProgressCircle';
-import InProgressCall from './InProgressCall';
-import RetrievalIcon from './RetrievalIcon';
-import CancelledIcon from './CancelledIcon';
+import { useMemo, useState, useEffect, useCallback } from 'react';
+import { useRecoilValue } from 'recoil';
+import { Tools } from 'librechat-data-provider';
+import { TooltipAnchor } from '@librechat/client';
+import { FileText, FileSpreadsheet, FileCode, FileImage, File } from 'lucide-react';
+import type { TAttachment, TFile } from 'librechat-data-provider';
+import { useLocalize, useProgress, useExpandCollapse } from '~/hooks';
+import { ToolIcon, OutputRenderer, isError } from './ToolOutput';
+import FilePreviewDialog from './FilePreviewDialog';
+import { sortPagesByRelevance, cn } from '~/utils';
+import { useGetFiles } from '~/data-provider';
 import ProgressText from './ProgressText';
-import FinishedIcon from './FinishedIcon';
-import { useProgress } from '~/hooks';
+import store from '~/store';
+
+interface FileSource {
+  fileId: string;
+  fileName: string;
+  relevance: number;
+  content: string;
+  pages: number[];
+  pageRelevance: Record<number, number>;
+  fileType?: string;
+  fileBytes?: number;
+  metadata?: Record<string, unknown>;
+}
+
+function extractFileSources(attachments?: TAttachment[]): FileSource[] {
+  if (!attachments) {
+    return [];
+  }
+
+  const deduped = new Map<string, FileSource>();
+
+  for (const att of attachments) {
+    if (att.type !== Tools.file_search || !att[Tools.file_search]) {
+      continue;
+    }
+
+    const raw = att[Tools.file_search] as { sources?: FileSource[] };
+    if (!raw.sources) {
+      continue;
+    }
+
+    for (const source of raw.sources) {
+      const key = source.fileId;
+      const existing = deduped.get(key);
+      const meta = source.metadata as Record<string, unknown> | undefined;
+
+      if (existing) {
+        const mergedPages = [...new Set([...existing.pages, ...(source.pages || [])])];
+        existing.pages = mergedPages;
+        existing.relevance = Math.max(existing.relevance, source.relevance || 0);
+        existing.pageRelevance = { ...existing.pageRelevance, ...source.pageRelevance };
+        if (source.content && existing.content) {
+          existing.content += '\n\n' + source.content;
+        } else if (source.content) {
+          existing.content = source.content;
+        }
+      } else {
+        deduped.set(key, {
+          fileId: source.fileId,
+          fileName: source.fileName,
+          relevance: source.relevance || 0,
+          content: source.content || '',
+          pages: source.pages || [],
+          pageRelevance: source.pageRelevance || {},
+          fileType: (meta?.fileType as string) || undefined,
+          fileBytes: (meta?.fileBytes as number) || undefined,
+          metadata: meta,
+        });
+      }
+    }
+  }
+
+  return Array.from(deduped.values()).sort((a, b) => b.relevance - a.relevance);
+}
+
+interface ParsedResult {
+  filename: string;
+  relevance: number;
+  content: string;
+}
+
+interface DisplayResult {
+  fileId?: string;
+  fileName: string;
+  relevance: number;
+  content: string;
+  pages?: number[];
+  pageRelevance?: Record<number, number>;
+  fileType?: string;
+  fileBytes?: number;
+}
+
+interface FileMatch {
+  fileId: string;
+  fileName: string;
+  fileType?: string;
+  fileBytes?: number;
+}
+
+function normalizeFilename(filename: string): string {
+  return filename.toLowerCase().replace(/[^a-z0-9.]/g, '');
+}
+
+function addFileMatch(
+  lookup: Map<string, FileMatch | null>,
+  fileName: string | undefined,
+  match: FileMatch,
+): void {
+  if (!fileName) {
+    return;
+  }
+
+  const key = normalizeFilename(fileName);
+  if (key.length === 0) {
+    return;
+  }
+
+  const existing = lookup.get(key);
+  if (!existing) {
+    lookup.set(key, match);
+    return;
+  }
+
+  if (existing.fileId !== match.fileId) {
+    lookup.set(key, null);
+  }
+}
+
+function buildFileLookup(
+  fileSources: FileSource[],
+  files?: TFile[],
+): Map<string, FileMatch | null> {
+  const lookup = new Map<string, FileMatch | null>();
+
+  for (const source of fileSources) {
+    addFileMatch(lookup, source.fileName, {
+      fileId: source.fileId,
+      fileName: source.fileName,
+      fileType: source.fileType,
+      fileBytes: source.fileBytes,
+    });
+  }
+
+  for (const file of files ?? []) {
+    if (!file.file_id || !file.filename) {
+      continue;
+    }
+
+    const key = normalizeFilename(file.filename);
+    if (lookup.has(key)) {
+      continue;
+    }
+
+    addFileMatch(lookup, file.filename, {
+      fileId: file.file_id,
+      fileName: file.filename,
+      fileType: file.type ?? undefined,
+      fileBytes: file.bytes,
+    });
+  }
+
+  return lookup;
+}
+
+function mergeRetrievalResults(
+  fileSources: FileSource[],
+  parsedResults: ParsedResult[],
+  files?: TFile[],
+): DisplayResult[] {
+  if (parsedResults.length === 0) {
+    return fileSources.map((source) => ({
+      fileId: source.fileId,
+      fileName: source.fileName,
+      relevance: source.relevance,
+      content: source.content,
+      pages: source.pages,
+      pageRelevance: source.pageRelevance,
+      fileType: source.fileType,
+      fileBytes: source.fileBytes,
+    }));
+  }
+
+  const fileLookup = buildFileLookup(fileSources, files);
+
+  return parsedResults.map((result) => {
+    const key = normalizeFilename(result.filename);
+    const match = fileLookup.get(key) ?? undefined;
+
+    return {
+      fileId: match?.fileId,
+      fileName: match?.fileName ?? result.filename,
+      relevance: result.relevance,
+      content: result.content,
+      fileType: match?.fileType,
+      fileBytes: match?.fileBytes,
+    };
+  });
+}
+
+function parseRetrievalOutput(raw: string): ParsedResult[] {
+  const sections = raw.split('\n---\n');
+  const results: ParsedResult[] = [];
+
+  for (const section of sections) {
+    const trimmed = section.trim();
+    if (!trimmed) {
+      continue;
+    }
+
+    let filename = '';
+    let relevance = 0;
+    const contentLines: string[] = [];
+    let inContent = false;
+
+    for (const line of trimmed.split('\n')) {
+      if (inContent) {
+        contentLines.push(line);
+        continue;
+      }
+
+      if (line.startsWith('File: ')) {
+        filename = line.slice(6).trim();
+      } else if (line.startsWith('Relevance: ')) {
+        relevance = parseFloat(line.slice(11).trim()) || 0;
+      } else if (line.startsWith('Content: ')) {
+        inContent = true;
+        contentLines.push(line.slice(9));
+      }
+    }
+
+    if (filename) {
+      results.push({ filename, relevance, content: contentLines.join('\n').trim() });
+    }
+  }
+
+  return results;
+}
+
+function getFileIcon(mimeType?: string): React.ComponentType<{ className?: string }> {
+  if (!mimeType) {
+    return FileText;
+  }
+  if (mimeType.includes('spreadsheet') || mimeType.includes('excel') || mimeType.includes('csv')) {
+    return FileSpreadsheet;
+  }
+  if (mimeType.includes('image')) {
+    return FileImage;
+  }
+  if (
+    mimeType.includes('javascript') ||
+    mimeType.includes('typescript') ||
+    mimeType.includes('json') ||
+    mimeType.includes('xml') ||
+    mimeType.includes('html')
+  ) {
+    return FileCode;
+  }
+  if (mimeType.includes('pdf') || mimeType.includes('text') || mimeType.includes('word')) {
+    return FileText;
+  }
+  return File;
+}
+
+function FileHeader({
+  fileName,
+  relevance,
+  pages,
+  pageRelevance,
+  fileType,
+  onOpenPreview,
+}: {
+  fileName: string;
+  relevance: number;
+  pages?: number[];
+  pageRelevance?: Record<number, number>;
+  fileType?: string;
+  onOpenPreview?: () => void;
+}) {
+  const localize = useLocalize();
+  const IconComponent = getFileIcon(fileType);
+  const sortedPages = pages && pageRelevance ? sortPagesByRelevance(pages, pageRelevance) : pages;
+
+  return (
+    <div className="flex items-center gap-2 px-3 py-2">
+      <IconComponent className="size-3.5 shrink-0 text-text-secondary" aria-hidden="true" />
+      {onOpenPreview ? (
+        <button
+          type="button"
+          onClick={onOpenPreview}
+          className="min-w-0 truncate text-left text-xs font-medium text-text-primary underline decoration-border-medium underline-offset-2 transition-colors hover:text-text-secondary focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-border-heavy focus-visible:ring-offset-1"
+          aria-label={`${localize('com_ui_preview')}: ${fileName}`}
+        >
+          {fileName}
+        </button>
+      ) : (
+        <span className="min-w-0 truncate text-xs font-medium text-text-primary">{fileName}</span>
+      )}
+      {relevance > 0 && (
+        <TooltipAnchor
+          description={localize('com_ui_relevance')}
+          side="top"
+          className="flex items-center"
+        >
+          <span
+            className="shrink-0 rounded bg-surface-tertiary px-1.5 py-0.5 text-[11px] tabular-nums leading-none text-text-secondary"
+            aria-label={`${localize('com_ui_relevance')}: ${Math.round(relevance * 100)}%`}
+          >
+            {Math.round(relevance * 100)}%
+          </span>
+        </TooltipAnchor>
+      )}
+      <span className="flex-1" />
+      {sortedPages && sortedPages.length > 0 && (
+        <span className="shrink-0 text-[11px] text-text-secondary">
+          {localize('com_file_pages', { pages: sortedPages.join(', ') })}
+        </span>
+      )}
+    </div>
+  );
+}
 
 export default function RetrievalCall({
   initialProgress = 0.1,
   isSubmitting,
+  output,
+  attachments,
 }: {
   initialProgress: number;
   isSubmitting: boolean;
+  output?: string;
+  attachments?: TAttachment[];
 }) {
   const progress = useProgress(initialProgress);
-  const radius = 56.08695652173913;
-  const circumference = 2 * Math.PI * radius;
-  const offset = circumference - progress * circumference;
-  const error = progress >= 2;
+  const localize = useLocalize();
+
+  const errorState = typeof output === 'string' && isError(output);
+  const cancelled = !isSubmitting && initialProgress < 1 && !errorState;
+  const hasOutput = !!output && !isError(output);
+  const autoExpand = useRecoilValue(store.autoExpandTools);
+  const [showOutput, setShowOutput] = useState(() => autoExpand && hasOutput);
+  const { style: expandStyle, ref: expandRef } = useExpandCollapse(showOutput);
+
+  const fileSources = useMemo(() => extractFileSources(attachments), [attachments]);
+  const parsedResults = useMemo(
+    () => (hasOutput && output ? parseRetrievalOutput(output) : []),
+    [hasOutput, output],
+  );
+  const fileIds = useMemo(
+    () => new Set(fileSources.map((s) => s.fileId).filter(Boolean)),
+    [fileSources],
+  );
+  const { data: availableFiles = [] } = useGetFiles<TFile[]>({
+    enabled: hasOutput && parsedResults.length > 0 && fileIds.size > 0,
+    select: (files) => files.filter((f) => fileIds.has(f.file_id)),
+  });
+  const displayResults = useMemo(
+    () => mergeRetrievalResults(fileSources, parsedResults, availableFiles),
+    [availableFiles, fileSources, parsedResults],
+  );
+
+  const hasResults = displayResults.length > 0;
+
+  const [previewIndex, setPreviewIndex] = useState<number | null>(null);
+
+  const openPreview = useCallback((index: number) => {
+    setPreviewIndex(index);
+  }, []);
+
+  const closePreview = useCallback((open: boolean) => {
+    if (!open) {
+      setPreviewIndex(null);
+    }
+  }, []);
+
+  const previewData = useMemo(() => {
+    if (previewIndex === null) {
+      return null;
+    }
+
+    const result = displayResults[previewIndex];
+    if (!result?.fileId) {
+      return null;
+    }
+
+    return {
+      fileName: result.fileName,
+      fileId: result.fileId,
+      relevance: result.relevance,
+      pages: result.pages,
+      pageRelevance: result.pageRelevance,
+      fileType: result.fileType,
+    };
+  }, [displayResults, previewIndex]);
+
+  useEffect(() => {
+    if (autoExpand && hasOutput) {
+      setShowOutput(true);
+    }
+  }, [autoExpand, hasOutput]);
 
   return (
-    <div className="my-2.5 flex items-center gap-2.5">
-      <div className="relative h-5 w-5 shrink-0">
-        {progress < 1 ? (
-          <InProgressCall progress={progress} isSubmitting={isSubmitting} error={error}>
-            <div
-              className="absolute left-0 top-0 flex h-full w-full items-center justify-center rounded-full bg-transparent text-white"
-              style={{ opacity: 1, transform: 'none' }}
-            >
-              <div>
-                <RetrievalIcon />
-              </div>
-              <ProgressCircle radius={radius} circumference={circumference} offset={offset} />
-            </div>
-          </InProgressCall>
-        ) : error ? (
-          <CancelledIcon />
-        ) : (
-          <FinishedIcon />
-        )}
+    <div className="my-1">
+      <span className="sr-only" aria-live="polite" aria-atomic="true">
+        {(() => {
+          if (progress < 1 && !cancelled) {
+            return localize('com_ui_searching_files');
+          }
+          if (cancelled) {
+            return localize('com_ui_cancelled');
+          }
+          return localize('com_ui_retrieved_files');
+        })()}
+      </span>
+      <div className="relative my-1 flex h-5 shrink-0 items-center gap-2.5">
+        <ProgressText
+          progress={progress}
+          onClick={hasOutput ? () => setShowOutput((prev) => !prev) : undefined}
+          inProgressText={localize('com_ui_searching_files')}
+          finishedText={localize('com_ui_retrieved_files')}
+          errorSuffix={errorState && !cancelled ? localize('com_ui_tool_failed') : undefined}
+          icon={
+            <ToolIcon type="file_search" isAnimating={progress < 1 && !cancelled && !errorState} />
+          }
+          hasInput={hasOutput}
+          isExpanded={showOutput}
+          error={cancelled}
+        />
       </div>
-      <ProgressText
-        progress={progress}
-        onClick={() => ({})}
-        inProgressText={'Searching my knowledge'}
-        finishedText={'Used Retrieval'}
-        hasInput={false}
-        popover={false}
+      <div style={expandStyle}>
+        <div className="overflow-hidden" ref={expandRef}>
+          {hasOutput && hasResults && (
+            <div className="my-2 flex flex-col gap-2">
+              {displayResults.map((item, i) => {
+                return (
+                  <div
+                    key={`${item.fileId ?? item.fileName}-${i}`}
+                    className={cn(
+                      'overflow-hidden rounded-lg border border-border-light bg-surface-secondary',
+                    )}
+                  >
+                    <FileHeader
+                      fileName={item.fileName}
+                      relevance={item.relevance}
+                      pages={item.pages}
+                      pageRelevance={item.pageRelevance}
+                      fileType={item.fileType}
+                      onOpenPreview={item.fileId ? () => openPreview(i) : undefined}
+                    />
+                    {item.content && (
+                      <div className="border-t border-border-light px-3 py-3">
+                        <OutputRenderer text={item.content} />
+                      </div>
+                    )}
+                  </div>
+                );
+              })}
+            </div>
+          )}
+        </div>
+      </div>
+
+      <FilePreviewDialog
+        open={previewData !== null}
+        onOpenChange={closePreview}
+        fileName={previewData?.fileName ?? ''}
+        fileId={previewData?.fileId}
+        relevance={previewData?.relevance}
+        pages={previewData?.pages}
+        pageRelevance={previewData?.pageRelevance}
+        fileType={previewData?.fileType}
       />
     </div>
   );
diff --git a/client/src/components/Chat/Messages/Content/SearchContent.tsx b/client/src/components/Chat/Messages/Content/SearchContent.tsx
index 81752ddf9c..325aae89c8 100644
--- a/client/src/components/Chat/Messages/Content/SearchContent.tsx
+++ b/client/src/components/Chat/Messages/Content/SearchContent.tsx
@@ -10,7 +10,6 @@ import type {
   TMessageContentParts,
 } from 'librechat-data-provider';
 import { UnfinishedMessage } from './MessageContent';
-import Sources from '~/components/Web/Sources';
 import { cn, mapAttachments } from '~/utils';
 import { SearchContext } from '~/Providers';
 import MarkdownLite from './MarkdownLite';
@@ -34,7 +33,6 @@ const SearchContent = ({
   if (Array.isArray(message.content) && message.content.length > 0) {
     return (
       <SearchContext.Provider value={{ searchResults }}>
-        <Sources />
         {message.content
           .filter((part: TMessageContentParts | undefined) => part)
           .map((part: TMessageContentParts | undefined, idx: number) => {
@@ -44,14 +42,14 @@ const SearchContent = ({
 
             const toolCallId =
               (part?.[ContentTypes.TOOL_CALL] as Agents.ToolCall | undefined)?.id ?? '';
-            const attachments = attachmentMap[toolCallId];
+            const partAttachments = attachmentMap[toolCallId];
             return (
               <Part
                 key={`display-${messageId}-${idx}`}
                 showCursor={false}
                 isSubmitting={false}
                 isCreatedByUser={message.isCreatedByUser}
-                attachments={attachments}
+                attachments={partAttachments}
                 part={part}
               />
             );
diff --git a/client/src/components/Chat/Messages/Content/ToolCall.tsx b/client/src/components/Chat/Messages/Content/ToolCall.tsx
index c807288b46..c7dd974577 100644
--- a/client/src/components/Chat/Messages/Content/ToolCall.tsx
+++ b/client/src/components/Chat/Messages/Content/ToolCall.tsx
@@ -1,4 +1,5 @@
-import { useMemo, useState, useEffect, useRef, useCallback, useLayoutEffect } from 'react';
+import { useMemo, useState, useEffect, useCallback } from 'react';
+import { useRecoilValue } from 'recoil';
 import { Button } from '@librechat/client';
 import { TriangleAlert } from 'lucide-react';
 import {
@@ -8,11 +9,14 @@ import {
   actionDomainSeparator,
 } from 'librechat-data-provider';
 import type { TAttachment } from 'librechat-data-provider';
-import { useLocalize, useProgress } from '~/hooks';
+import { useLocalize, useProgress, useExpandCollapse } from '~/hooks';
+import { ToolIcon, getToolIconType, isError } from './ToolOutput';
+import { useMCPIconMap } from '~/hooks/MCP';
 import { AttachmentGroup } from './Parts';
 import ToolCallInfo from './ToolCallInfo';
 import ProgressText from './ProgressText';
-import { logger, cn } from '~/utils';
+import { logger } from '~/utils';
+import store from '~/store';
 
 export default function ToolCall({
   initialProgress = 0.1,
@@ -32,28 +36,60 @@ export default function ToolCall({
   output?: string | null;
   attachments?: TAttachment[];
   auth?: string;
-  expires_at?: number;
 }) {
   const localize = useLocalize();
-  const [showInfo, setShowInfo] = useState(false);
-  const contentRef = useRef<HTMLDivElement>(null);
-  const [contentHeight, setContentHeight] = useState<number | undefined>(0);
-  const [isAnimating, setIsAnimating] = useState(false);
-  const prevShowInfoRef = useRef<boolean>(showInfo);
+  const autoExpand = useRecoilValue(store.autoExpandTools);
+  const hasOutput = (output?.length ?? 0) > 0;
+  const [showInfo, setShowInfo] = useState(() => autoExpand && hasOutput);
+  const { style: expandStyle, ref: expandRef } = useExpandCollapse(showInfo);
+
+  useEffect(() => {
+    if (autoExpand && hasOutput) {
+      setShowInfo(true);
+    }
+  }, [autoExpand, hasOutput]);
+
+  const parsedAuthUrl = useMemo(() => {
+    if (!auth) {
+      return null;
+    }
+    try {
+      return new URL(auth);
+    } catch {
+      return null;
+    }
+  }, [auth]);
 
   const { function_name, domain, isMCPToolCall, mcpServerName } = useMemo(() => {
     if (typeof name !== 'string') {
       return { function_name: '', domain: null, isMCPToolCall: false, mcpServerName: '' };
     }
     if (name.includes(Constants.mcp_delimiter)) {
-      const [func, server] = name.split(Constants.mcp_delimiter);
+      const parts = name.split(Constants.mcp_delimiter);
+      const func = parts[0];
+      const server = parts.slice(1).join(Constants.mcp_delimiter);
+      const displayName = func === 'oauth' ? server : func;
       return {
-        function_name: func || '',
+        function_name: displayName || '',
         domain: server && (server.replaceAll(actionDomainSeparator, '.') || null),
         isMCPToolCall: true,
         mcpServerName: server || '',
       };
     }
+
+    if (parsedAuthUrl) {
+      const redirectUri = parsedAuthUrl.searchParams.get('redirect_uri') || '';
+      const mcpMatch = redirectUri.match(/\/api\/mcp\/([^/]+)\/oauth\/callback/);
+      if (mcpMatch?.[1]) {
+        return {
+          function_name: mcpMatch[1],
+          domain: null,
+          isMCPToolCall: true,
+          mcpServerName: mcpMatch[1],
+        };
+      }
+    }
+
     const [func, _domain] = name.includes(actionDelimiter)
       ? name.split(actionDelimiter)
       : [name, ''];
@@ -63,21 +99,20 @@ export default function ToolCall({
       isMCPToolCall: false,
       mcpServerName: '',
     };
-  }, [name]);
+  }, [name, parsedAuthUrl]);
+
+  const toolIconType = useMemo(() => getToolIconType(name), [name]);
+  const mcpIconMap = useMCPIconMap();
+  const mcpIconUrl = isMCPToolCall ? mcpIconMap.get(mcpServerName) : undefined;
 
   const actionId = useMemo(() => {
-    if (isMCPToolCall || !auth) {
+    if (isMCPToolCall || !parsedAuthUrl) {
       return '';
     }
-    try {
-      const url = new URL(auth);
-      const redirectUri = url.searchParams.get('redirect_uri') || '';
-      const match = redirectUri.match(/\/api\/actions\/([^/]+)\/oauth\/callback/);
-      return match?.[1] || '';
-    } catch {
-      return '';
-    }
-  }, [auth, isMCPToolCall]);
+    const redirectUri = parsedAuthUrl.searchParams.get('redirect_uri') || '';
+    const match = redirectUri.match(/\/api\/actions\/([^/]+)\/oauth\/callback/);
+    return match?.[1] || '';
+  }, [parsedAuthUrl, isMCPToolCall]);
 
   const handleOAuthClick = useCallback(async () => {
     if (!auth) {
@@ -95,8 +130,9 @@ export default function ToolCall({
     window.open(auth, '_blank', 'noopener,noreferrer');
   }, [auth, isMCPToolCall, mcpServerName, actionId]);
 
-  const error =
-    typeof output === 'string' && output.toLowerCase().includes('error processing tool');
+  const hasError = typeof output === 'string' && isError(output);
+  const cancelled = !isSubmitting && initialProgress < 1 && !hasError;
+  const errorState = hasError;
 
   const args = useMemo(() => {
     if (typeof _args === 'string') {
@@ -119,24 +155,21 @@ export default function ToolCall({
   );
 
   const authDomain = useMemo(() => {
-    const authURL = auth ?? '';
-    if (!authURL) {
-      return '';
-    }
-    try {
-      const url = new URL(authURL);
-      return url.hostname;
-    } catch (e) {
-      logger.error(
-        'client/src/components/Chat/Messages/Content/ToolCall.tsx - Failed to parse auth URL',
-        e,
-      );
-      return '';
-    }
-  }, [auth]);
+    return parsedAuthUrl?.hostname ?? '';
+  }, [parsedAuthUrl]);
 
   const progress = useProgress(initialProgress);
-  const cancelled = (!isSubmitting && progress < 1) || error === true;
+  const showCancelled = cancelled || (errorState && !output);
+
+  const subtitle = useMemo(() => {
+    if (isMCPToolCall && mcpServerName) {
+      return localize('com_ui_via_server', { 0: mcpServerName });
+    }
+    if (domain && domain.length !== Constants.ENCODED_DOMAIN_LENGTH) {
+      return localize('com_ui_via_server', { 0: domain });
+    }
+    return undefined;
+  }, [isMCPToolCall, mcpServerName, domain, localize]);
 
   const getFinishedText = () => {
     if (cancelled) {
@@ -151,56 +184,23 @@ export default function ToolCall({
     return localize('com_assistants_completed_function', { 0: function_name });
   };
 
-  useLayoutEffect(() => {
-    if (showInfo !== prevShowInfoRef.current) {
-      prevShowInfoRef.current = showInfo;
-      setIsAnimating(true);
-
-      if (showInfo && contentRef.current) {
-        requestAnimationFrame(() => {
-          if (contentRef.current) {
-            const height = contentRef.current.scrollHeight;
-            setContentHeight(height + 4);
-          }
-        });
-      } else {
-        setContentHeight(0);
-      }
-
-      const timer = setTimeout(() => {
-        setIsAnimating(false);
-      }, 400);
-
-      return () => clearTimeout(timer);
-    }
-  }, [showInfo]);
-
-  useEffect(() => {
-    if (!contentRef.current) {
-      return;
-    }
-    const resizeObserver = new ResizeObserver((entries) => {
-      if (showInfo && !isAnimating) {
-        for (const entry of entries) {
-          if (entry.target === contentRef.current) {
-            setContentHeight(entry.contentRect.height + 4);
-          }
-        }
-      }
-    });
-    resizeObserver.observe(contentRef.current);
-    return () => {
-      resizeObserver.disconnect();
-    };
-  }, [showInfo, isAnimating]);
-
   if (!isLast && (!function_name || function_name.length === 0) && !output) {
     return null;
   }
 
   return (
     <>
-      <div className="relative my-2.5 flex h-5 shrink-0 items-center gap-2.5">
+      <span className="sr-only" aria-live="polite" aria-atomic="true">
+        {(() => {
+          if (progress < 1 && !showCancelled) {
+            return function_name
+              ? localize('com_assistants_running_var', { 0: function_name })
+              : localize('com_assistants_running_action');
+          }
+          return getFinishedText();
+        })()}
+      </span>
+      <div className="relative my-1.5 flex h-5 shrink-0 items-center gap-2.5">
         <ProgressText
           progress={progress}
           onClick={() => setShowInfo((prev) => !prev)}
@@ -210,61 +210,37 @@ export default function ToolCall({
               : localize('com_assistants_running_action')
           }
           authText={
-            !cancelled && authDomain.length > 0 ? localize('com_ui_requires_auth') : undefined
+            !showCancelled && authDomain.length > 0 ? localize('com_ui_requires_auth') : undefined
           }
           finishedText={getFinishedText()}
+          subtitle={subtitle}
+          errorSuffix={errorState && !cancelled ? localize('com_ui_tool_failed') : undefined}
+          icon={
+            <ToolIcon
+              type={toolIconType}
+              iconUrl={mcpIconUrl}
+              isAnimating={progress < 1 && !showCancelled && !errorState}
+            />
+          }
           hasInput={hasInfo}
           isExpanded={showInfo}
-          error={cancelled}
+          error={showCancelled}
         />
       </div>
-      <div
-        className="relative"
-        style={{
-          height: showInfo ? contentHeight : 0,
-          overflow: 'hidden',
-          transition:
-            'height 0.4s cubic-bezier(0.16, 1, 0.3, 1), opacity 0.4s cubic-bezier(0.16, 1, 0.3, 1)',
-          opacity: showInfo ? 1 : 0,
-          transformOrigin: 'top',
-          willChange: 'height, opacity',
-          perspective: '1000px',
-          backfaceVisibility: 'hidden',
-          WebkitFontSmoothing: 'subpixel-antialiased',
-        }}
-      >
-        <div
-          className={cn(
-            'overflow-hidden rounded-xl border border-border-light bg-surface-secondary shadow-md',
-            showInfo && 'shadow-lg',
+      <div style={expandStyle}>
+        <div className="overflow-hidden" ref={expandRef}>
+          {hasInfo && (
+            <div className="my-2 overflow-hidden rounded-lg border border-border-light bg-surface-secondary">
+              <ToolCallInfo input={args ?? ''} output={output} attachments={attachments} />
+            </div>
           )}
-          style={{
-            transform: showInfo ? 'translateY(0) scale(1)' : 'translateY(-8px) scale(0.98)',
-            opacity: showInfo ? 1 : 0,
-            transition:
-              'transform 0.4s cubic-bezier(0.16, 1, 0.3, 1), opacity 0.4s cubic-bezier(0.16, 1, 0.3, 1)',
-          }}
-        >
-          <div ref={contentRef}>
-            {showInfo && hasInfo && (
-              <ToolCallInfo
-                key="tool-call-info"
-                input={args ?? ''}
-                output={output}
-                domain={authDomain || (domain ?? '')}
-                function_name={function_name}
-                pendingAuth={authDomain.length > 0 && !cancelled && progress < 1}
-                attachments={attachments}
-              />
-            )}
-          </div>
         </div>
       </div>
-      {auth != null && auth && progress < 1 && !cancelled && (
+      {auth != null && auth && progress < 1 && !showCancelled && (
         <div className="flex w-full flex-col gap-2.5">
           <div className="mb-1 mt-2">
             <Button
-              className="font-mediu inline-flex items-center justify-center rounded-xl px-4 py-2 text-sm"
+              className="inline-flex items-center justify-center rounded-xl px-4 py-2 text-sm font-medium"
               variant="default"
               rel="noopener noreferrer"
               onClick={handleOAuthClick}
diff --git a/client/src/components/Chat/Messages/Content/ToolCallGroup.tsx b/client/src/components/Chat/Messages/Content/ToolCallGroup.tsx
new file mode 100644
index 0000000000..c66ecc24fa
--- /dev/null
+++ b/client/src/components/Chat/Messages/Content/ToolCallGroup.tsx
@@ -0,0 +1,178 @@
+import { useState, useMemo, useEffect, useCallback } from 'react';
+import { useRecoilValue } from 'recoil';
+import { ChevronDown } from 'lucide-react';
+import { ContentTypes, ToolCallTypes } from 'librechat-data-provider';
+import type { TMessageContentParts, Agents, FunctionToolCall } from 'librechat-data-provider';
+import type { PartWithIndex } from './ParallelContent';
+import type { TranslationKeys } from '~/hooks';
+import { StackedToolIcons, getMCPServerName } from './ToolOutput';
+import { useLocalize, useExpandCollapse } from '~/hooks';
+import { useMCPIconMap } from '~/hooks/MCP';
+import { cn } from '~/utils';
+import store from '~/store';
+
+/** Maps tool names to translation keys — resolved via localize() at render time. */
+const FRIENDLY_NAME_KEYS: Record<string, TranslationKeys> = {
+  execute_code: 'com_ui_tool_name_code',
+  run_tools_with_code: 'com_ui_tool_name_code',
+  web_search: 'com_ui_tool_name_web_search',
+  image_gen_oai: 'com_ui_tool_name_image_gen',
+  image_edit_oai: 'com_ui_tool_name_image_edit',
+  gemini_image_gen: 'com_ui_tool_name_image_gen',
+  file_search: 'com_ui_tool_name_file_search',
+  code_interpreter: 'com_ui_tool_name_code_analysis',
+  retrieval: 'com_ui_tool_name_file_search',
+};
+
+interface ToolMeta {
+  name: string;
+  hasOutput: boolean;
+}
+
+function getToolMeta(part: TMessageContentParts): ToolMeta | null {
+  if (part.type !== ContentTypes.TOOL_CALL) {
+    return null;
+  }
+  const toolCall = part[ContentTypes.TOOL_CALL];
+  if (!toolCall) {
+    return null;
+  }
+
+  const isStandard =
+    'args' in toolCall && (!toolCall.type || toolCall.type === ToolCallTypes.TOOL_CALL);
+  if (isStandard) {
+    const tc = toolCall as Agents.ToolCall;
+    return { name: tc.name ?? '', hasOutput: !!tc.output };
+  }
+
+  if (toolCall.type === ToolCallTypes.CODE_INTERPRETER) {
+    const ci = (toolCall as { code_interpreter?: { outputs?: unknown[] } }).code_interpreter;
+    return { name: 'code_interpreter', hasOutput: (ci?.outputs?.length ?? 0) > 0 };
+  }
+
+  if (toolCall.type === ToolCallTypes.RETRIEVAL || toolCall.type === ToolCallTypes.FILE_SEARCH) {
+    return { name: 'file_search', hasOutput: !!(toolCall as { output?: string }).output };
+  }
+
+  if (toolCall.type === ToolCallTypes.FUNCTION && ToolCallTypes.FUNCTION in toolCall) {
+    const fn = (toolCall as FunctionToolCall).function;
+    return { name: fn.name, hasOutput: !!fn.output };
+  }
+
+  return null;
+}
+
+interface ToolCallGroupProps {
+  parts: PartWithIndex[];
+  isSubmitting: boolean;
+  isLast: boolean;
+  renderPart: (part: TMessageContentParts, idx: number, isLastPart: boolean) => React.ReactNode;
+  lastContentIdx: number;
+}
+
+export default function ToolCallGroup({
+  parts,
+  isSubmitting,
+  isLast,
+  renderPart,
+  lastContentIdx,
+}: ToolCallGroupProps) {
+  const localize = useLocalize();
+  const mcpIconMap = useMCPIconMap();
+  const count = parts.length;
+
+  const toolMetadata = useMemo(() => parts.map((p) => getToolMeta(p.part)), [parts]);
+  const allCompleted = useMemo(
+    () => toolMetadata.every((m) => m?.hasOutput === true),
+    [toolMetadata],
+  );
+  const toolNames = useMemo(() => toolMetadata.map((m) => m?.name ?? ''), [toolMetadata]);
+
+  const toolNameSummary = useMemo(() => {
+    const seen = new Set<string>();
+    const labels: string[] = [];
+    for (const rawName of toolNames) {
+      if (!rawName) {
+        continue;
+      }
+      const serverName = getMCPServerName(rawName);
+      const nameKey = FRIENDLY_NAME_KEYS[rawName];
+      const label = serverName || (nameKey ? localize(nameKey) : rawName);
+      if (!seen.has(label)) {
+        seen.add(label);
+        labels.push(label);
+      }
+    }
+    if (labels.length <= 3) {
+      return labels.join(', ');
+    }
+    return `${labels.slice(0, 3).join(', ')}, +${labels.length - 3}`;
+  }, [toolNames, localize]);
+
+  const autoExpand = useRecoilValue(store.autoExpandTools);
+  const autoCollapse = !autoExpand && count >= 2 && allCompleted;
+  const [isExpanded, setIsExpanded] = useState(autoExpand || !autoCollapse);
+  const [userOverride, setUserOverride] = useState(false);
+  const { style: expandStyle, ref: expandRef } = useExpandCollapse(isExpanded);
+
+  useEffect(() => {
+    if (autoCollapse && !userOverride) {
+      setIsExpanded(false);
+    }
+  }, [autoCollapse, userOverride]);
+
+  const handleToggle = useCallback(() => {
+    setUserOverride(true);
+    setIsExpanded((prev) => !prev);
+  }, []);
+
+  const hasActiveToolCall = useMemo(
+    () => isSubmitting && toolMetadata.some((m) => m && !m.hasOutput),
+    [toolMetadata, isSubmitting],
+  );
+
+  useEffect(() => {
+    if (hasActiveToolCall) {
+      setIsExpanded(true);
+    }
+  }, [hasActiveToolCall]);
+
+  return (
+    <div className="mb-2 mt-1">
+      <button
+        type="button"
+        className="inline-flex w-full items-center gap-2 py-1 text-text-secondary focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-border-heavy"
+        onClick={handleToggle}
+        aria-expanded={isExpanded}
+        aria-label={localize('com_ui_used_n_tools', { 0: String(count) })}
+      >
+        <StackedToolIcons
+          toolNames={toolNames}
+          mcpIconMap={mcpIconMap}
+          maxIcons={4}
+          isAnimating={!allCompleted && isSubmitting}
+        />
+        <span className="tool-status-text font-medium">
+          {localize('com_ui_used_n_tools', { 0: String(count) })}
+        </span>
+        {toolNameSummary && (
+          <span className="text-xs font-normal text-text-secondary">— {toolNameSummary}</span>
+        )}
+        <ChevronDown
+          className={cn(
+            'size-4 shrink-0 text-text-secondary transition-transform duration-200 ease-out',
+            isExpanded && 'rotate-180',
+          )}
+          aria-hidden="true"
+        />
+      </button>
+      <div style={expandStyle}>
+        <div className="overflow-hidden" ref={expandRef}>
+          <div className="py-0.5 pl-4">
+            {parts.map(({ part, idx }) => renderPart(part, idx, isLast && idx === lastContentIdx))}
+          </div>
+        </div>
+      </div>
+    </div>
+  );
+}
diff --git a/client/src/components/Chat/Messages/Content/ToolCallInfo.tsx b/client/src/components/Chat/Messages/Content/ToolCallInfo.tsx
index 7d9a941d19..79ac78dbb2 100644
--- a/client/src/components/Chat/Messages/Content/ToolCallInfo.tsx
+++ b/client/src/components/Chat/Messages/Content/ToolCallInfo.tsx
@@ -1,61 +1,125 @@
-import React from 'react';
-import { useLocalize } from '~/hooks';
+import { useState, useMemo } from 'react';
+import { ChevronDown } from 'lucide-react';
 import { Tools } from 'librechat-data-provider';
 import { UIResourceRenderer } from '@mcp-ui/client';
-import UIResourceCarousel from './UIResourceCarousel';
 import type { TAttachment, UIResource } from 'librechat-data-provider';
+import { useOptionalMessagesOperations } from '~/Providers';
+import { useLocalize, useExpandCollapse } from '~/hooks';
+import UIResourceCarousel from './UIResourceCarousel';
+import { handleUIAction, cn } from '~/utils';
+import { OutputRenderer } from './ToolOutput';
 
-function OptimizedCodeBlock({ text, maxHeight = 320 }: { text: string; maxHeight?: number }) {
+function isSimpleObject(obj: unknown): obj is Record<string, string | number | boolean | null> {
+  if (typeof obj !== 'object' || obj === null || Array.isArray(obj)) {
+    return false;
+  }
+  const entries = Object.entries(obj);
+  if (entries.length === 0 || entries.length > 8) {
+    return false;
+  }
+  return entries.every(
+    ([, v]) =>
+      v === null || typeof v === 'string' || typeof v === 'number' || typeof v === 'boolean',
+  );
+}
+
+function KeyValueInput({ data }: { data: Record<string, string | number | boolean | null> }) {
   return (
-    <div
-      className="rounded-lg bg-surface-tertiary p-2 text-xs text-text-primary"
-      style={{
-        position: 'relative',
-        maxHeight,
-        overflow: 'auto',
-      }}
-    >
-      <pre className="m-0 whitespace-pre-wrap break-words" style={{ overflowWrap: 'break-word' }}>
-        <code>{text}</code>
-      </pre>
+    <div className="flex flex-wrap gap-x-4 gap-y-1.5 text-xs">
+      {Object.entries(data).map(([key, value]) => (
+        <div key={key} className="flex items-baseline gap-1.5">
+          <span className="font-medium text-text-secondary">{key}</span>
+          <span className="rounded bg-surface-tertiary px-1.5 py-0.5 text-text-primary">
+            {String(value ?? 'null')}
+          </span>
+        </div>
+      ))}
     </div>
   );
 }
 
+function formatParamValue(value: unknown): string {
+  if (value === null || value === undefined) {
+    return '';
+  }
+  if (typeof value === 'string') {
+    return value.length > 200 ? value.slice(0, 200) + '...' : value;
+  }
+  if (typeof value !== 'object') {
+    return String(value);
+  }
+  const str = JSON.stringify(value);
+  return str.length > 200 ? str.slice(0, 200) + '...' : str;
+}
+
+function ComplexInput({ data }: { data: Record<string, unknown> }) {
+  return (
+    <div className="flex flex-wrap gap-x-4 gap-y-1.5 text-xs">
+      {Object.entries(data).map(([key, value]) => (
+        <div key={key} className="flex items-baseline gap-1.5">
+          <span className="font-medium text-text-secondary">{key}</span>
+          <span className="max-w-[300px] overflow-hidden truncate rounded bg-surface-tertiary px-1.5 py-0.5 font-mono text-text-primary">
+            {formatParamValue(value)}
+          </span>
+        </div>
+      ))}
+    </div>
+  );
+}
+
+function InputRenderer({ input }: { input: string }) {
+  if (!input || input.trim().length === 0) {
+    return null;
+  }
+
+  try {
+    const parsed = JSON.parse(input);
+    if (isSimpleObject(parsed)) {
+      return <KeyValueInput data={parsed} />;
+    }
+    if (typeof parsed === 'object' && parsed !== null && !Array.isArray(parsed)) {
+      return <ComplexInput data={parsed as Record<string, unknown>} />;
+    }
+    // Valid JSON but not a plain object (array, string, number, boolean) — render formatted
+    return (
+      <pre className="whitespace-pre-wrap text-xs text-text-primary">
+        {typeof parsed === 'string' ? parsed : JSON.stringify(parsed, null, 2)}
+      </pre>
+    );
+  } catch {
+    // Not JSON — render as plain text
+    return <pre className="whitespace-pre-wrap text-xs text-text-primary">{input}</pre>;
+  }
+}
+
 export default function ToolCallInfo({
   input,
   output,
-  domain,
-  function_name,
-  pendingAuth,
   attachments,
 }: {
   input: string;
-  function_name: string;
   output?: string | null;
-  domain?: string;
-  pendingAuth?: boolean;
   attachments?: TAttachment[];
 }) {
   const localize = useLocalize();
-  const formatText = (text: string) => {
-    try {
-      return JSON.stringify(JSON.parse(text), null, 2);
-    } catch {
-      return text;
-    }
-  };
+  const { ask } = useOptionalMessagesOperations();
+  const [showParams, setShowParams] = useState(false);
+  const { style: paramsExpandStyle, ref: paramsExpandRef } = useExpandCollapse(showParams);
 
-  let title =
-    domain != null && domain
-      ? localize('com_assistants_domain_info', { 0: domain })
-      : localize('com_assistants_function_use', { 0: function_name });
-  if (pendingAuth === true) {
-    title =
-      domain != null && domain
-        ? localize('com_assistants_action_attempt', { 0: domain })
-        : localize('com_assistants_attempt_info');
-  }
+  const hasParams = useMemo(() => {
+    if (!input || input.trim().length === 0) {
+      return false;
+    }
+    try {
+      const parsed = JSON.parse(input);
+      if (typeof parsed === 'object' && parsed !== null) {
+        return Object.keys(parsed).length > 0;
+      }
+    } catch {
+      // Not JSON
+    }
+    return input.trim().length > 0;
+  }, [input]);
 
   const uiResources: UIResource[] =
     attachments
@@ -65,43 +129,51 @@ export default function ToolCallInfo({
       }) ?? [];
 
   return (
-    <div className="w-full p-2">
-      <div style={{ opacity: 1 }}>
-        <div className="mb-2 text-sm font-medium text-text-primary">{title}</div>
-        <div>
-          <OptimizedCodeBlock text={formatText(input)} maxHeight={250} />
-        </div>
-        {output && (
-          <>
-            <div className="my-2 text-sm font-medium text-text-primary">
-              {localize('com_ui_result')}
-            </div>
-            <div>
-              <OptimizedCodeBlock text={formatText(output)} maxHeight={250} />
-            </div>
-            {uiResources.length > 0 && (
-              <div className="my-2 text-sm font-medium text-text-primary">
-                {localize('com_ui_ui_resources')}
-              </div>
+    <div className="w-full px-3 py-3.5">
+      {output && <OutputRenderer text={output} />}
+      {output && hasParams && <div className="my-2 border-t border-border-light" />}
+      {hasParams && (
+        <>
+          <button
+            type="button"
+            className={cn(
+              'inline-flex items-center gap-1 text-xs text-text-secondary',
+              'focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-border-heavy',
             )}
-            <div>
-              {uiResources.length > 1 && <UIResourceCarousel uiResources={uiResources} />}
-
-              {uiResources.length === 1 && (
-                <UIResourceRenderer
-                  resource={uiResources[0]}
-                  onUIAction={async (result) => {
-                    console.log('Action:', result);
-                  }}
-                  htmlProps={{
-                    autoResizeIframe: { width: true, height: true },
-                  }}
-                />
+            onClick={() => setShowParams((prev) => !prev)}
+            aria-expanded={showParams}
+          >
+            <span>{localize('com_ui_parameters')}</span>
+            <ChevronDown
+              className={cn(
+                'size-3 shrink-0 transition-transform duration-200 ease-out',
+                showParams && 'rotate-180',
               )}
+              aria-hidden="true"
+            />
+          </button>
+          <div style={paramsExpandStyle}>
+            <div className="overflow-hidden pt-1" ref={paramsExpandRef}>
+              <InputRenderer input={input} />
             </div>
-          </>
-        )}
-      </div>
+          </div>
+        </>
+      )}
+      {uiResources.length > 0 && (
+        <>
+          {(hasParams || output) && <div className="my-2 border-t border-border-light" />}
+          {uiResources.length > 1 && <UIResourceCarousel uiResources={uiResources} />}
+          {uiResources.length === 1 && (
+            <UIResourceRenderer
+              resource={uiResources[0]}
+              onUIAction={async (result) => handleUIAction(result, ask)}
+              htmlProps={{
+                autoResizeIframe: { width: true, height: true },
+              }}
+            />
+          )}
+        </>
+      )}
     </div>
   );
 }
diff --git a/client/src/components/Chat/Messages/Content/ToolOutput/OutputRenderer.tsx b/client/src/components/Chat/Messages/Content/ToolOutput/OutputRenderer.tsx
new file mode 100644
index 0000000000..5b7130f38e
--- /dev/null
+++ b/client/src/components/Chat/Messages/Content/ToolOutput/OutputRenderer.tsx
@@ -0,0 +1,168 @@
+import { useState, useMemo, useCallback } from 'react';
+import copy from 'copy-to-clipboard';
+import CopyButton from '~/components/Messages/Content/CopyButton';
+import { useLocalize } from '~/hooks';
+import { cn } from '~/utils';
+
+interface ContentBlock {
+  type?: string;
+  text?: string;
+}
+
+const ERROR_PREFIX = /^Error:\s*(\[.*?\]\s*)*tool call failed:\s*/i;
+const ERROR_INNER = /^Error\s+\w+ing to endpoint\s*\(HTTP \d+\):\s*/i;
+
+function cleanError(text: string): string {
+  let cleaned = text.replace(ERROR_PREFIX, '').trim();
+  cleaned = cleaned.replace(ERROR_INNER, '').trim();
+  if (cleaned.endsWith('Please fix your mistakes.')) {
+    cleaned = cleaned.slice(0, -'Please fix your mistakes.'.length).trim();
+  }
+  return cleaned;
+}
+
+export function isError(text: string): boolean {
+  return ERROR_PREFIX.test(text) || text.startsWith('Error processing tool');
+}
+
+function isStructuredText(text: string): boolean {
+  return text.includes('\n') || text.includes('{') || text.includes(':');
+}
+
+interface ExtractedText {
+  text: string;
+  rawError: string;
+  error: boolean;
+  /** When true, `text` contains raw JSON that should be rendered as a highlighted code block. */
+  isJson: boolean;
+}
+
+function extractText(raw: string): ExtractedText {
+  const trimmed = raw.trim();
+  if (!trimmed) {
+    return { text: '', rawError: '', error: false, isJson: false };
+  }
+
+  if (isError(trimmed)) {
+    return { text: cleanError(trimmed), rawError: trimmed, error: true, isJson: false };
+  }
+
+  if (trimmed.startsWith('[') || trimmed.startsWith('{')) {
+    try {
+      const parsed: unknown = JSON.parse(trimmed);
+
+      if (Array.isArray(parsed)) {
+        const textBlocks = parsed.filter(
+          (b: ContentBlock) => typeof b === 'object' && b !== null && typeof b.text === 'string',
+        );
+        if (textBlocks.length > 0) {
+          const joined = (textBlocks as ContentBlock[])
+            .map((b) => b.text)
+            .join('\n')
+            .trim();
+          if (isError(joined)) {
+            return { text: cleanError(joined), rawError: joined, error: true, isJson: false };
+          }
+          return { text: joined, rawError: '', error: false, isJson: false };
+        }
+      }
+
+      // Render structured JSON as a highlighted code block
+      return {
+        text: JSON.stringify(parsed, null, 2),
+        rawError: '',
+        error: false,
+        isJson: true,
+      };
+    } catch {
+      // Not JSON
+    }
+  }
+
+  return { text: trimmed, rawError: '', error: false, isJson: false };
+}
+
+const TRUNCATE_LINES = 20;
+const VISIBLE_LINES = 15;
+
+interface OutputRendererProps {
+  text: string;
+}
+
+export default function OutputRenderer({ text }: OutputRendererProps) {
+  const localize = useLocalize();
+  const { text: displayText, rawError, error, isJson } = useMemo(() => extractText(text), [text]);
+  const [isExpanded, setIsExpanded] = useState(false);
+  const [showErrorDetails, setShowErrorDetails] = useState(false);
+  const [isCopied, setIsCopied] = useState(false);
+
+  const handleCopy = useCallback(() => {
+    setIsCopied(true);
+    copy(displayText, { format: 'text/plain' });
+    setTimeout(() => setIsCopied(false), 3000);
+  }, [displayText]);
+
+  if (!displayText) {
+    return null;
+  }
+
+  const lines = displayText.split('\n');
+  const needsTruncation = lines.length > TRUNCATE_LINES;
+  const visibleText =
+    needsTruncation && !isExpanded ? lines.slice(0, VISIBLE_LINES).join('\n') : displayText;
+  const structured = !isJson && isStructuredText(displayText);
+
+  return (
+    <div className="relative">
+      {isJson ? (
+        <pre className="max-h-[300px] overflow-auto rounded text-xs">
+          <code className="hljs language-json !whitespace-pre-wrap !break-words">
+            {visibleText}
+          </code>
+        </pre>
+      ) : (
+        <pre
+          className={cn(
+            'max-h-[300px] overflow-auto whitespace-pre-wrap break-words text-xs',
+            error && 'font-mono text-red-600 dark:text-red-400',
+            !error && structured && 'font-mono text-text-secondary',
+            !error && !structured && 'font-sans text-sm text-text-primary',
+          )}
+        >
+          {visibleText}
+        </pre>
+      )}
+      <div className="absolute bottom-0 right-0">
+        <CopyButton
+          isCopied={isCopied}
+          onClick={handleCopy}
+          iconOnly
+          label={localize('com_ui_copy')}
+        />
+      </div>
+      {needsTruncation && (
+        <button
+          type="button"
+          className="mt-1 text-xs text-text-secondary underline focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-border-heavy"
+          onClick={() => setIsExpanded((prev) => !prev)}
+        >
+          {isExpanded ? localize('com_ui_show_less') : localize('com_ui_show_more')}
+        </button>
+      )}
+      {error && rawError && rawError !== displayText && (
+        <button
+          type="button"
+          className="mt-1 block text-xs text-text-secondary underline focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-border-heavy"
+          onClick={() => setShowErrorDetails((prev) => !prev)}
+        >
+          {localize('com_ui_details')}
+        </button>
+      )}
+      {showErrorDetails && rawError && (
+        <pre className="mt-2 max-h-[200px] overflow-auto whitespace-pre-wrap break-words font-mono text-xs text-red-600 dark:text-red-400">
+          {rawError}
+        </pre>
+      )}
+    </div>
+  );
+}
diff --git a/client/src/components/Chat/Messages/Content/ToolOutput/StackedToolIcons.tsx b/client/src/components/Chat/Messages/Content/ToolOutput/StackedToolIcons.tsx
new file mode 100644
index 0000000000..c7be3adc25
--- /dev/null
+++ b/client/src/components/Chat/Messages/Content/ToolOutput/StackedToolIcons.tsx
@@ -0,0 +1,84 @@
+import { useMemo } from 'react';
+import ToolIcon, { getToolIconType, getMCPServerName } from './ToolIcon';
+import type { ToolIconType } from './ToolIcon';
+import { cn } from '~/utils';
+
+interface ResolvedIcon {
+  key: string;
+  type: ToolIconType;
+  iconUrl?: string;
+}
+
+interface StackedToolIconsProps {
+  toolNames: string[];
+  mcpIconMap?: Map<string, string>;
+  maxIcons?: number;
+  isAnimating?: boolean;
+}
+
+export default function StackedToolIcons({
+  toolNames,
+  mcpIconMap,
+  maxIcons = 3,
+  isAnimating = false,
+}: StackedToolIconsProps) {
+  const uniqueIcons = useMemo(() => {
+    const seen = new Set<string>();
+    const result: ResolvedIcon[] = [];
+    for (const name of toolNames) {
+      const type = getToolIconType(name);
+      const serverName = getMCPServerName(name);
+      const iconUrl = serverName ? mcpIconMap?.get(serverName) : undefined;
+      const key = iconUrl ? `mcp-${serverName}` : type;
+      if (!seen.has(key)) {
+        seen.add(key);
+        result.push({ key, type, iconUrl });
+      }
+    }
+    return result;
+  }, [toolNames, mcpIconMap]);
+
+  const visibleIcons = uniqueIcons.slice(0, maxIcons);
+  const overflowCount = uniqueIcons.length - visibleIcons.length;
+
+  if (visibleIcons.length <= 1) {
+    const icon = visibleIcons[0];
+    return (
+      <ToolIcon type={icon?.type ?? 'generic'} iconUrl={icon?.iconUrl} isAnimating={isAnimating} />
+    );
+  }
+
+  return (
+    <div className="flex items-center" aria-hidden="true">
+      {visibleIcons.map((icon, index) => (
+        <div
+          key={icon.key}
+          className={cn(
+            'relative flex items-center justify-center rounded-full border border-border-medium bg-surface-secondary',
+            'h-[22px] w-[22px]',
+            index > 0 && '-ml-2.5',
+          )}
+          style={{ zIndex: visibleIcons.length - index }}
+        >
+          <ToolIcon
+            type={icon.type}
+            iconUrl={icon.iconUrl}
+            isAnimating={isAnimating}
+            className="size-3"
+          />
+        </div>
+      ))}
+      {overflowCount > 0 && (
+        <div
+          className={cn(
+            'relative flex items-center justify-center rounded-full border border-border-medium bg-surface-tertiary',
+            '-ml-2.5 h-[22px] w-[22px] text-xs font-medium text-text-secondary',
+          )}
+          style={{ zIndex: 0 }}
+        >
+          +{overflowCount}
+        </div>
+      )}
+    </div>
+  );
+}
diff --git a/client/src/components/Chat/Messages/Content/ToolOutput/ToolIcon.tsx b/client/src/components/Chat/Messages/Content/ToolOutput/ToolIcon.tsx
new file mode 100644
index 0000000000..4484287dd6
--- /dev/null
+++ b/client/src/components/Chat/Messages/Content/ToolOutput/ToolIcon.tsx
@@ -0,0 +1,101 @@
+import { Constants, isActionTool } from 'librechat-data-provider';
+import { Terminal, Globe, ImageIcon, ArrowRightLeft, FileSearch, Zap, Wrench } from 'lucide-react';
+import { cn } from '~/utils';
+
+export type ToolIconType =
+  | 'mcp'
+  | 'execute_code'
+  | 'web_search'
+  | 'image_gen'
+  | 'agent_handoff'
+  | 'file_search'
+  | 'action'
+  | 'generic';
+
+const ICON_MAP: Record<ToolIconType, React.ComponentType<{ className?: string }>> = {
+  mcp: Wrench,
+  execute_code: Terminal,
+  web_search: Globe,
+  image_gen: ImageIcon,
+  agent_handoff: ArrowRightLeft,
+  file_search: FileSearch,
+  action: Zap,
+  generic: Wrench,
+};
+
+export function getToolIconType(name: string): ToolIconType {
+  if (!name) {
+    return 'generic';
+  }
+  if (name.includes(Constants.mcp_delimiter)) {
+    return 'mcp';
+  }
+  if (name === 'execute_code' || name === Constants.PROGRAMMATIC_TOOL_CALLING) {
+    return 'execute_code';
+  }
+  if (name === 'web_search') {
+    return 'web_search';
+  }
+  if (name === 'image_gen_oai' || name === 'image_edit_oai' || name === 'gemini_image_gen') {
+    return 'image_gen';
+  }
+  if (name === 'file_search' || name === 'retrieval') {
+    return 'file_search';
+  }
+  if (name === 'code_interpreter') {
+    return 'execute_code';
+  }
+  if (name.startsWith(Constants.LC_TRANSFER_TO_)) {
+    return 'agent_handoff';
+  }
+  if (isActionTool(name)) {
+    return 'action';
+  }
+  return 'generic';
+}
+
+/** Extracts the MCP server name from a tool name with format `tool<delimiter>server`. */
+export function getMCPServerName(toolName: string): string {
+  const idx = toolName.indexOf(Constants.mcp_delimiter);
+  if (idx < 0) {
+    return '';
+  }
+  const afterDelimiter = toolName.slice(idx + Constants.mcp_delimiter.length);
+  return afterDelimiter || '';
+}
+
+interface ToolIconProps {
+  type: ToolIconType;
+  iconUrl?: string;
+  isAnimating?: boolean;
+  className?: string;
+}
+
+export default function ToolIcon({ type, iconUrl, isAnimating = false, className }: ToolIconProps) {
+  if (iconUrl) {
+    return (
+      <img
+        src={iconUrl}
+        alt=""
+        className={cn(
+          'size-4 shrink-0 rounded-full object-cover',
+          isAnimating && 'animate-pulse',
+          className,
+        )}
+        aria-hidden="true"
+      />
+    );
+  }
+
+  const IconComponent = ICON_MAP[type];
+  return (
+    <IconComponent
+      className={cn(
+        'size-4 shrink-0 text-text-secondary',
+        isAnimating && 'animate-pulse',
+        className,
+      )}
+      aria-hidden="true"
+    />
+  );
+}
diff --git a/client/src/components/Chat/Messages/Content/ToolOutput/index.ts b/client/src/components/Chat/Messages/Content/ToolOutput/index.ts
new file mode 100644
index 0000000000..fbac042099
--- /dev/null
+++ b/client/src/components/Chat/Messages/Content/ToolOutput/index.ts
@@ -0,0 +1,4 @@
+export type { ToolIconType } from './ToolIcon';
+export { default as StackedToolIcons } from './StackedToolIcons';
+export { default as OutputRenderer, isError } from './OutputRenderer';
+export { default as ToolIcon, getToolIconType, getMCPServerName } from './ToolIcon';
diff --git a/client/src/components/Chat/Messages/Content/UIResourceCarousel.tsx b/client/src/components/Chat/Messages/Content/UIResourceCarousel.tsx
index 15c420755b..4cafa643c6 100644
--- a/client/src/components/Chat/Messages/Content/UIResourceCarousel.tsx
+++ b/client/src/components/Chat/Messages/Content/UIResourceCarousel.tsx
@@ -1,7 +1,7 @@
 import React, { useState } from 'react';
 import { UIResourceRenderer } from '@mcp-ui/client';
 import type { UIResource } from 'librechat-data-provider';
-import { useMessagesOperations } from '~/Providers';
+import { useOptionalMessagesOperations } from '~/Providers';
 import { handleUIAction } from '~/utils';
 
 interface UIResourceCarouselProps {
@@ -13,7 +13,7 @@ const UIResourceCarousel: React.FC<UIResourceCarouselProps> = React.memo(({ uiRe
   const [showRightArrow, setShowRightArrow] = useState(true);
   const [isContainerHovered, setIsContainerHovered] = useState(false);
   const scrollContainerRef = React.useRef<HTMLDivElement>(null);
-  const { ask } = useMessagesOperations();
+  const { ask } = useOptionalMessagesOperations();
 
   const handleScroll = React.useCallback(() => {
     if (!scrollContainerRef.current) return;
@@ -109,11 +109,7 @@ const UIResourceCarousel: React.FC<UIResourceCarouselProps> = React.memo(({ uiRe
             >
               <div className="flex h-full flex-col">
                 <UIResourceRenderer
-                  resource={{
-                    uri: uiResource.uri,
-                    mimeType: uiResource.mimeType,
-                    text: uiResource.text,
-                  }}
+                  resource={uiResource}
                   onUIAction={async (result) => handleUIAction(result, ask)}
                   htmlProps={{
                     autoResizeIframe: { width: true, height: true },
diff --git a/client/src/components/Chat/Messages/Content/WebSearch.tsx b/client/src/components/Chat/Messages/Content/WebSearch.tsx
index afcd3bc2d8..62f2805a64 100644
--- a/client/src/components/Chat/Messages/Content/WebSearch.tsx
+++ b/client/src/components/Chat/Messages/Content/WebSearch.tsx
@@ -1,9 +1,14 @@
-import { useMemo } from 'react';
-import type { TAttachment } from 'librechat-data-provider';
+import { useMemo, useState, useEffect } from 'react';
+import { useRecoilValue } from 'recoil';
+import { Tools } from 'librechat-data-provider';
+import { Globe, ChevronDown } from 'lucide-react';
+import type { TAttachment, ValidSource, SearchResultData } from 'librechat-data-provider';
+import { FaviconImage, getCleanDomain } from '~/components/Web/SourceHovercard';
 import { StackedFavicons } from '~/components/Web/Sources';
+import { useLocalize, useExpandCollapse } from '~/hooks';
 import { useSearchContext } from '~/Providers';
-import ProgressText from './ProgressText';
-import { useLocalize } from '~/hooks';
+import cn from '~/utils/cn';
+import store from '~/store';
 
 type ProgressKeys =
   | 'com_ui_web_searching'
@@ -11,11 +16,72 @@ type ProgressKeys =
   | 'com_ui_web_search_processing'
   | 'com_ui_web_search_reading';
 
+const MAX_VISIBLE_FAVICONS = 3;
+
+function collectSources(results: Record<string, SearchResultData>): ValidSource[] {
+  const sourceMap = new Map<string, ValidSource>();
+  for (const result of Object.values(results)) {
+    if (!result) {
+      continue;
+    }
+    result.organic?.forEach((s) => {
+      if (s.link) {
+        sourceMap.set(s.link, s);
+      }
+    });
+    result.topStories?.forEach((s) => {
+      if (s.link) {
+        sourceMap.set(s.link, s);
+      }
+    });
+  }
+  return Array.from(sourceMap.values());
+}
+
+function getUniqueDomainSources(sources: ValidSource[], max: number): ValidSource[] {
+  const seen = new Set<string>();
+  const result: ValidSource[] = [];
+  for (const source of sources) {
+    const domain = getCleanDomain(source.link);
+    if (seen.has(domain)) {
+      continue;
+    }
+    seen.add(domain);
+    result.push(source);
+    if (result.length >= max) {
+      break;
+    }
+  }
+  return result;
+}
+
+function SourceFaviconStack({ sources }: { sources: ValidSource[] }) {
+  const visible = getUniqueDomainSources(sources, MAX_VISIBLE_FAVICONS);
+  return (
+    <div className="flex items-center" aria-hidden="true">
+      {visible.map((source, i) => (
+        <div
+          key={source.link}
+          className={cn(
+            'relative flex items-center justify-center rounded-full border border-border-medium bg-surface-secondary',
+            'h-[22px] w-[22px]',
+            i > 0 && '-ml-2.5',
+          )}
+          style={{ zIndex: MAX_VISIBLE_FAVICONS - i }}
+        >
+          <FaviconImage domain={getCleanDomain(source.link)} className="size-3 rounded-full" />
+        </div>
+      ))}
+    </div>
+  );
+}
+
 export default function WebSearch({
   initialProgress: progress = 0.1,
   isSubmitting,
   isLast,
   output,
+  attachments,
 }: {
   isLast?: boolean;
   isSubmitting: boolean;
@@ -30,14 +96,39 @@ export default function WebSearch({
 
   const complete = !isLast && progress === 1;
   const finalizing = isSubmitting && isLast && progress === 1;
+
+  const allSources = useMemo((): ValidSource[] => {
+    if (searchResults && Object.keys(searchResults).length > 0) {
+      return collectSources(searchResults);
+    }
+    if (attachments) {
+      const turnMap: Record<string, SearchResultData> = {};
+      for (const att of attachments) {
+        if (att.type === Tools.web_search && att[Tools.web_search]) {
+          const data = att[Tools.web_search];
+          const key = typeof data.turn === 'number' ? String(data.turn) : '0';
+          turnMap[key] = data;
+        }
+      }
+      if (Object.keys(turnMap).length > 0) {
+        return collectSources(turnMap);
+      }
+    }
+    return [];
+  }, [searchResults, attachments]);
+
   const processedSources = useMemo(() => {
     if (complete && !finalizing) {
       return [];
     }
-    if (!searchResults) return [];
+    if (!searchResults) {
+      return [];
+    }
     const values = Object.values(searchResults);
     const result = values[values.length - 1];
-    if (!result) return [];
+    if (!result) {
+      return [];
+    }
     if (finalizing) {
       return [...(result.organic || []), ...(result.topStories || [])];
     }
@@ -45,18 +136,23 @@ export default function WebSearch({
       (source) => source.processed === true,
     );
   }, [searchResults, complete, finalizing]);
-  const turns = useMemo(() => {
-    if (!searchResults) return 0;
-    return Object.values(searchResults).length;
-  }, [searchResults]);
 
-  const clampedProgress = useMemo(() => {
-    return Math.min(progress, 0.99);
-  }, [progress]);
+  const ownTurn = useMemo(() => {
+    if (!attachments) {
+      return 0;
+    }
+    for (const att of attachments) {
+      if (att.type === Tools.web_search && att[Tools.web_search]) {
+        const turn = att[Tools.web_search].turn;
+        return typeof turn === 'number' ? turn : 0;
+      }
+    }
+    return 0;
+  }, [attachments]);
 
   const showSources = processedSources.length > 0;
   const progressText = useMemo(() => {
-    let text: ProgressKeys = turns > 1 ? 'com_ui_web_searching_again' : 'com_ui_web_searching';
+    let text: ProgressKeys = ownTurn > 0 ? 'com_ui_web_searching_again' : 'com_ui_web_searching';
     if (showSources) {
       text = 'com_ui_web_search_processing';
     }
@@ -64,28 +160,108 @@ export default function WebSearch({
       text = 'com_ui_web_search_reading';
     }
     return localize(text);
-  }, [turns, localize, showSources, finalizing]);
+  }, [ownTurn, localize, showSources, finalizing]);
 
-  if (complete || cancelled) {
+  const autoExpand = useRecoilValue(store.autoExpandTools);
+  const sourceCount = allSources.length;
+  const [showSourceList, setShowSourceList] = useState(() => autoExpand && sourceCount > 0);
+  const { style: sourceExpandStyle, ref: sourceExpandRef } = useExpandCollapse(showSourceList);
+
+  useEffect(() => {
+    if (autoExpand && sourceCount > 0) {
+      setShowSourceList(true);
+    }
+  }, [autoExpand, sourceCount]);
+
+  if (cancelled) {
     return null;
   }
-  return (
-    <>
-      <div className="relative my-2.5 flex size-5 shrink-0 items-center gap-2.5">
-        {showSources && (
-          <div className="mr-2">
-            <StackedFavicons sources={processedSources} start={-5} />
+
+  if (complete) {
+    const hasSourceData = sourceCount > 0;
+    const completedText = localize('com_ui_web_searched');
+
+    return (
+      <div className="mb-2">
+        <span className="sr-only" aria-live="polite" aria-atomic="true">
+          {completedText}
+        </span>
+        <button
+          type="button"
+          className={cn(
+            'tool-status-text group flex items-center gap-2 rounded-full py-1 transition-colors',
+            hasSourceData
+              ? 'text-text-secondary focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-border-heavy'
+              : 'pointer-events-none text-text-secondary',
+          )}
+          disabled={!hasSourceData}
+          onClick={hasSourceData ? () => setShowSourceList((prev) => !prev) : undefined}
+          aria-expanded={hasSourceData ? showSourceList : undefined}
+          aria-label={
+            hasSourceData
+              ? `${completedText} - ${localize(sourceCount === 1 ? 'com_ui_web_search_source' : 'com_ui_web_search_sources', { count: sourceCount })}`
+              : completedText
+          }
+        >
+          {hasSourceData ? (
+            <SourceFaviconStack sources={allSources} />
+          ) : (
+            <Globe className="size-4 shrink-0 text-text-secondary" aria-hidden="true" />
+          )}
+          <span className="font-medium">{completedText}</span>
+          {hasSourceData && (
+            <ChevronDown
+              className={cn(
+                'size-3.5 shrink-0 text-text-secondary transition-transform duration-200',
+                showSourceList && 'rotate-180',
+              )}
+              aria-hidden="true"
+            />
+          )}
+        </button>
+        {hasSourceData && (
+          <div style={sourceExpandStyle}>
+            <div className="overflow-hidden" ref={sourceExpandRef}>
+              <div className="my-2 max-h-[280px] overflow-y-auto rounded-lg border border-border-light">
+                {allSources.map((source, i) => {
+                  const domain = getCleanDomain(source.link);
+                  return (
+                    <a
+                      key={source.link}
+                      href={source.link}
+                      target="_blank"
+                      rel="noopener noreferrer"
+                      className={cn(
+                        'flex items-center gap-2.5 px-3 py-2 transition-colors hover:bg-surface-hover',
+                        i > 0 && 'border-t border-border-light',
+                      )}
+                    >
+                      <FaviconImage domain={domain} className="size-4 shrink-0 rounded-sm" />
+                      <span className="min-w-0 flex-1 truncate text-xs font-medium text-text-primary">
+                        {source.title || domain}
+                      </span>
+                      <span className="shrink-0 text-[11px] text-text-secondary">{domain}</span>
+                    </a>
+                  );
+                })}
+              </div>
+            </div>
           </div>
         )}
-        <ProgressText
-          finishedText=""
-          hasInput={false}
-          error={cancelled}
-          isExpanded={false}
-          progress={clampedProgress}
-          inProgressText={progressText}
-        />
       </div>
-    </>
+    );
+  }
+
+  return (
+    <div className="my-1 flex items-center gap-2.5">
+      <span className="sr-only" aria-live="polite" aria-atomic="true">
+        {progressText}
+      </span>
+      {showSources && <StackedFavicons sources={processedSources} start={-5} />}
+      <Globe className="size-4 shrink-0 text-text-secondary" aria-hidden="true" />
+      <span className="tool-status-text shimmer font-medium text-text-secondary">
+        {progressText}
+      </span>
+    </div>
   );
 }
diff --git a/client/src/components/Chat/Messages/Content/__tests__/AgentHandoff.test.tsx b/client/src/components/Chat/Messages/Content/__tests__/AgentHandoff.test.tsx
new file mode 100644
index 0000000000..7a68d0a182
--- /dev/null
+++ b/client/src/components/Chat/Messages/Content/__tests__/AgentHandoff.test.tsx
@@ -0,0 +1,97 @@
+import React from 'react';
+import { RecoilRoot } from 'recoil';
+import { render, screen } from '@testing-library/react';
+import AgentHandoff from '../AgentHandoff';
+
+jest.mock('~/hooks', () => ({
+  useLocalize: () => (key: string) => {
+    const translations: Record<string, string> = {
+      com_ui_transferred_to: 'Transferred to',
+      com_ui_agent: 'Agent',
+      com_ui_handoff_instructions: 'Handoff instructions',
+    };
+    return translations[key] || key;
+  },
+  useExpandCollapse: (isExpanded: boolean) => ({
+    style: {
+      display: 'grid',
+      gridTemplateRows: isExpanded ? '1fr' : '0fr',
+      opacity: isExpanded ? 1 : 0,
+    },
+    ref: { current: null },
+  }),
+}));
+
+jest.mock('~/Providers', () => ({
+  useAgentsMapContext: () => ({
+    'agent-123': { name: 'Test Agent' },
+  }),
+}));
+
+jest.mock('~/components/Share/MessageIcon', () => ({
+  __esModule: true,
+  default: () => <div data-testid="message-icon" />,
+}));
+
+jest.mock('lucide-react', () => ({
+  ChevronDown: () => <span data-testid="chevron-down" />,
+}));
+
+jest.mock('~/utils', () => ({
+  cn: (...classes: (string | boolean | undefined)[]) => classes.filter(Boolean).join(' '),
+}));
+
+const renderAgentHandoff = (props: {
+  name: string;
+  args: string | Record<string, unknown>;
+  output?: string | null;
+}) =>
+  render(
+    <RecoilRoot>
+      <AgentHandoff {...props} />
+    </RecoilRoot>,
+  );
+
+describe('AgentHandoff - A11Y accessibility stubs', () => {
+  it('A11Y-01: renders a semantic button element when hasInfo is true', () => {
+    renderAgentHandoff({
+      name: 'lc_transfer_to_agent-123',
+      args: '{"key":"value"}',
+    });
+
+    const button = screen.getByRole('button');
+    expect(button.tagName).toBe('BUTTON');
+  });
+
+  it('A11Y-02: button has aria-label describing the handoff target', () => {
+    renderAgentHandoff({
+      name: 'lc_transfer_to_agent-123',
+      args: '{"key":"value"}',
+    });
+
+    const button = screen.getByRole('button');
+    expect(button).toHaveAttribute('aria-label');
+    expect(button.getAttribute('aria-label')).toContain('Transferred to');
+    expect(button.getAttribute('aria-label')).toContain('Test Agent');
+  });
+
+  it('A11Y-03: button has focus-visible ring classes', () => {
+    renderAgentHandoff({
+      name: 'lc_transfer_to_agent-123',
+      args: '{"key":"value"}',
+    });
+
+    const button = screen.getByRole('button');
+    expect(button.className).toContain('focus-visible:ring-2');
+  });
+
+  it('A11Y-03: disabled button is rendered when hasInfo is false', () => {
+    renderAgentHandoff({
+      name: 'lc_transfer_to_agent-123',
+      args: '',
+    });
+
+    const button = screen.getByRole('button');
+    expect(button).toBeDisabled();
+  });
+});
diff --git a/client/src/components/Chat/Messages/Content/__tests__/ImageGen.test.tsx b/client/src/components/Chat/Messages/Content/__tests__/ImageGen.test.tsx
new file mode 100644
index 0000000000..4dc809e1fa
--- /dev/null
+++ b/client/src/components/Chat/Messages/Content/__tests__/ImageGen.test.tsx
@@ -0,0 +1,215 @@
+import React from 'react';
+import { RecoilRoot } from 'recoil';
+import { render, screen } from '@testing-library/react';
+import ImageGen from '../Parts/OpenAIImageGen/OpenAIImageGen';
+
+jest.mock('~/hooks', () => ({
+  useLocalize: () => (key: string) => {
+    const translations: Record<string, string> = {
+      com_ui_generating_image: 'Generating image...',
+      com_ui_image_created: 'Image created',
+      com_ui_image_gen_failed: 'Image generation failed',
+      com_ui_getting_started: 'Getting started',
+      com_ui_creating_image: 'Creating image',
+      com_ui_adding_details: 'Adding details',
+      com_ui_final_touch: 'Final touch',
+      com_ui_error: 'Error',
+    };
+    return translations[key] || key;
+  },
+  useProgress: (initialProgress: number) => (initialProgress >= 1 ? 1 : initialProgress),
+}));
+
+const getProgressLabel = (progress: number) =>
+  progress >= 1 ? 'Image created' : 'Generating image...';
+
+jest.mock('../Parts/OpenAIImageGen/ProgressText', () => ({
+  __esModule: true,
+  default: ({
+    toolName,
+    progress,
+    error,
+    onClick,
+    hasInput,
+    isExpanded,
+  }: {
+    toolName: string;
+    progress: number;
+    error?: boolean;
+    onClick?: () => void;
+    hasInput?: boolean;
+    isExpanded?: boolean;
+  }) => (
+    <button
+      data-testid="progress-text"
+      data-tool-name={toolName}
+      data-progress={progress}
+      data-error={error}
+      data-has-input={hasInput}
+      data-is-expanded={isExpanded}
+      onClick={onClick}
+      type="button"
+    >
+      {error ? 'Error' : getProgressLabel(progress)}
+    </button>
+  ),
+}));
+
+jest.mock('@librechat/client', () => ({
+  PixelCard: (props: Record<string, unknown>) => (
+    <div data-testid="pixel-card" data-progress={props.progress} />
+  ),
+}));
+
+jest.mock('~/components/Chat/Messages/Content/Image', () => ({
+  __esModule: true,
+  default: () => <div data-testid="image" />,
+}));
+
+jest.mock('../ToolOutput', () => ({
+  ToolIcon: ({ type, isAnimating }: { type: string; isAnimating?: boolean }) => (
+    <span data-testid="tool-icon" data-type={type} data-animating={isAnimating} />
+  ),
+  isError: (output: string) => typeof output === 'string' && output.toLowerCase().includes('error'),
+}));
+
+jest.mock('~/utils', () => ({
+  scaleImage: () => ({ width: '512px', height: '512px' }),
+  logger: { error: jest.fn(), debug: jest.fn() },
+  cn: (...classes: (string | boolean | undefined)[]) => classes.filter(Boolean).join(' '),
+}));
+
+const defaultProps = {
+  initialProgress: 1,
+  isSubmitting: false,
+  toolName: 'image_gen_oai',
+  args: '{}',
+  output: '',
+};
+
+const renderImageGen = (props: Partial<typeof defaultProps> = {}) =>
+  render(
+    <RecoilRoot>
+      <ImageGen {...defaultProps} {...props} />
+    </RecoilRoot>,
+  );
+
+describe('ImageGen - LGCY-01: Modern visual patterns', () => {
+  it('renders ToolIcon with type="image_gen" for agent-style tools', () => {
+    renderImageGen({
+      toolName: 'image_gen_oai',
+      isSubmitting: false,
+      initialProgress: 1,
+      args: '{}',
+      output: '',
+    });
+
+    const icon = screen.queryByTestId('tool-icon');
+    expect(icon).toBeInTheDocument();
+    expect(icon).toHaveAttribute('data-type', 'image_gen');
+  });
+
+  it('renders ToolIcon with type="image_gen" for legacy tools', () => {
+    renderImageGen({
+      initialProgress: 1,
+      args: '{"prompt":"test"}',
+    });
+
+    const icon = screen.queryByTestId('tool-icon');
+    expect(icon).toBeInTheDocument();
+  });
+
+  it('does not render ProgressCircle', () => {
+    renderImageGen();
+
+    expect(screen.queryByTestId('progress-circle')).not.toBeInTheDocument();
+    expect(document.querySelector('.progress-circle')).toBeNull();
+  });
+
+  it('renders PixelCard during agent-style image generation', () => {
+    renderImageGen({
+      isSubmitting: true,
+      initialProgress: 0.5,
+      toolName: 'image_gen_oai',
+      args: '{"size":"1024x1024"}',
+    });
+
+    expect(screen.getByTestId('pixel-card')).toBeInTheDocument();
+  });
+});
+
+describe('ImageGen - LGCY-01: Legacy and agent-style unification', () => {
+  it('accepts legacy props (initialProgress + args only)', () => {
+    const { container } = render(
+      <RecoilRoot>
+        <ImageGen
+          initialProgress={1}
+          isSubmitting={false}
+          toolName=""
+          args='{"prompt":"a cat"}'
+          output=""
+        />
+      </RecoilRoot>,
+    );
+
+    expect(container).toBeTruthy();
+  });
+
+  it('accepts agent-style props (full set)', () => {
+    const { container } = renderImageGen({
+      initialProgress: 1,
+      isSubmitting: false,
+      toolName: 'image_gen_oai',
+      args: '{"prompt":"a cat","size":"1024x1024"}',
+      output: 'https://example.com/image.png',
+    });
+
+    expect(container).toBeTruthy();
+  });
+
+  it('handles history reload state (initialProgress=1, no isSubmitting)', () => {
+    renderImageGen({
+      initialProgress: 1,
+      isSubmitting: false,
+    });
+
+    const progressText = screen.getByTestId('progress-text');
+    expect(progressText).toHaveTextContent('Image created');
+  });
+});
+
+describe('ImageGen - LGCY-03: Localization', () => {
+  it('does not contain hardcoded "Creating Image" text', () => {
+    const { container } = renderImageGen({
+      isSubmitting: true,
+      initialProgress: 0.5,
+      args: '{}',
+    });
+
+    expect(container.textContent).not.toContain('Creating Image');
+  });
+
+  it('does not contain hardcoded "Finished." text', () => {
+    const { container } = renderImageGen({
+      initialProgress: 1,
+      isSubmitting: false,
+    });
+
+    expect(container.textContent).not.toContain('Finished.');
+  });
+});
+
+describe('ImageGen - A11Y-04: screen reader status announcements', () => {
+  it('includes sr-only aria-live region for status announcements', () => {
+    renderImageGen({
+      initialProgress: 1,
+      isSubmitting: false,
+      args: '{"prompt":"test"}',
+      output: '',
+    });
+
+    const liveRegion = document.querySelector('[aria-live="polite"]');
+    expect(liveRegion).not.toBeNull();
+    expect(liveRegion!.className).toContain('sr-only');
+  });
+});
diff --git a/client/src/components/Chat/Messages/Content/__tests__/Markdown.mcpui.test.tsx b/client/src/components/Chat/Messages/Content/__tests__/Markdown.mcpui.test.tsx
index 6df66c9e15..6ca06056fa 100644
--- a/client/src/components/Chat/Messages/Content/__tests__/Markdown.mcpui.test.tsx
+++ b/client/src/components/Chat/Messages/Content/__tests__/Markdown.mcpui.test.tsx
@@ -3,7 +3,11 @@ import { render, screen } from '@testing-library/react';
 import Markdown from '../Markdown';
 import { RecoilRoot } from 'recoil';
 import { UI_RESOURCE_MARKER } from '~/components/MCPUIResource/plugin';
-import { useMessageContext, useMessagesConversation, useMessagesOperations } from '~/Providers';
+import {
+  useMessageContext,
+  useOptionalMessagesConversation,
+  useOptionalMessagesOperations,
+} from '~/Providers';
 import { useGetMessagesByConvoId } from '~/data-provider';
 import { useLocalize } from '~/hooks';
 
@@ -12,8 +16,8 @@ import { useLocalize } from '~/hooks';
 jest.mock('~/Providers', () => ({
   ...jest.requireActual('~/Providers'),
   useMessageContext: jest.fn(),
-  useMessagesConversation: jest.fn(),
-  useMessagesOperations: jest.fn(),
+  useOptionalMessagesConversation: jest.fn(),
+  useOptionalMessagesOperations: jest.fn(),
 }));
 jest.mock('~/data-provider');
 jest.mock('~/hooks');
@@ -26,11 +30,11 @@ jest.mock('@mcp-ui/client', () => ({
 }));
 
 const mockUseMessageContext = useMessageContext as jest.MockedFunction<typeof useMessageContext>;
-const mockUseMessagesConversation = useMessagesConversation as jest.MockedFunction<
-  typeof useMessagesConversation
+const mockUseMessagesConversation = useOptionalMessagesConversation as jest.MockedFunction<
+  typeof useOptionalMessagesConversation
 >;
-const mockUseMessagesOperations = useMessagesOperations as jest.MockedFunction<
-  typeof useMessagesOperations
+const mockUseMessagesOperations = useOptionalMessagesOperations as jest.MockedFunction<
+  typeof useOptionalMessagesOperations
 >;
 const mockUseGetMessagesByConvoId = useGetMessagesByConvoId as jest.MockedFunction<
   typeof useGetMessagesByConvoId
diff --git a/client/src/components/Chat/Messages/Content/__tests__/OpenAIImageGen.test.tsx b/client/src/components/Chat/Messages/Content/__tests__/OpenAIImageGen.test.tsx
index ef8ac2807a..188dff5a09 100644
--- a/client/src/components/Chat/Messages/Content/__tests__/OpenAIImageGen.test.tsx
+++ b/client/src/components/Chat/Messages/Content/__tests__/OpenAIImageGen.test.tsx
@@ -3,6 +3,7 @@ import { render, screen } from '@testing-library/react';
 import OpenAIImageGen from '../Parts/OpenAIImageGen/OpenAIImageGen';
 
 jest.mock('~/utils', () => ({
+  scaleImage: () => ({ width: '512px', height: '512px' }),
   cn: (...classes: (string | boolean | undefined | null)[]) =>
     classes
       .flat(Infinity)
@@ -12,25 +13,13 @@ jest.mock('~/utils', () => ({
 
 jest.mock('~/hooks', () => ({
   useLocalize: () => (key: string) => key,
+  useProgress: (initialProgress: number) => (initialProgress >= 1 ? 1 : initialProgress),
 }));
 
 jest.mock('~/components/Chat/Messages/Content/Image', () => ({
   __esModule: true,
-  default: ({
-    altText,
-    imagePath,
-    className,
-  }: {
-    altText: string;
-    imagePath: string;
-    className?: string;
-  }) => (
-    <div
-      data-testid="image-component"
-      data-alt={altText}
-      data-src={imagePath}
-      className={className}
-    />
+  default: ({ altText, imagePath }: { altText: string; imagePath: string }) => (
+    <div data-testid="image-component" data-alt={altText} data-src={imagePath} />
   ),
 }));
 
@@ -40,6 +29,13 @@ jest.mock('@librechat/client', () => ({
   ),
 }));
 
+jest.mock('../ToolOutput', () => ({
+  ToolIcon: ({ type, isAnimating }: { type: string; isAnimating?: boolean }) => (
+    <span data-testid="tool-icon" data-type={type} data-animating={isAnimating} />
+  ),
+  isError: (output: string) => typeof output === 'string' && output.toLowerCase().includes('error'),
+}));
+
 jest.mock('../Parts/OpenAIImageGen/ProgressText', () => ({
   __esModule: true,
   default: ({ progress, error }: { progress: number; error: boolean }) => (
@@ -72,14 +68,7 @@ describe('OpenAIImageGen', () => {
       expect(screen.getByTestId('image-component')).toBeInTheDocument();
     });
 
-    it('hides Image with invisible absolute while progress < 1', () => {
-      render(<OpenAIImageGen {...defaultProps} initialProgress={0.5} />);
-      const image = screen.getByTestId('image-component');
-      expect(image.className).toContain('invisible');
-      expect(image.className).toContain('absolute');
-    });
-
-    it('shows Image without hiding classes when progress >= 1', () => {
+    it('shows Image when progress >= 1', () => {
       render(
         <OpenAIImageGen
           {...defaultProps}
@@ -94,9 +83,7 @@ describe('OpenAIImageGen', () => {
           ]}
         />,
       );
-      const image = screen.getByTestId('image-component');
-      expect(image.className).not.toContain('invisible');
-      expect(image.className).not.toContain('absolute');
+      expect(screen.getByTestId('image-component')).toBeInTheDocument();
     });
   });
 
@@ -112,26 +99,23 @@ describe('OpenAIImageGen', () => {
     });
   });
 
-  describe('layout classes', () => {
-    it('applies max-h-[45vh] to the outer container', () => {
-      const { container } = render(<OpenAIImageGen {...defaultProps} />);
-      const outerDiv = container.querySelector('[class*="max-h-"]');
-      expect(outerDiv?.className).toContain('max-h-[45vh]');
+  describe('ToolIcon', () => {
+    it('renders ToolIcon with type="image_gen"', () => {
+      render(<OpenAIImageGen {...defaultProps} />);
+      const icon = screen.getByTestId('tool-icon');
+      expect(icon).toHaveAttribute('data-type', 'image_gen');
     });
 
-    it('applies h-[45vh] w-full to inner container during loading', () => {
-      const { container } = render(<OpenAIImageGen {...defaultProps} initialProgress={0.5} />);
-      const innerDiv = container.querySelector('[class*="h-[45vh]"]');
-      expect(innerDiv).not.toBeNull();
-      expect(innerDiv?.className).toContain('w-full');
+    it('sets isAnimating when in progress', () => {
+      render(<OpenAIImageGen {...defaultProps} initialProgress={0.5} />);
+      const icon = screen.getByTestId('tool-icon');
+      expect(icon).toHaveAttribute('data-animating', 'true');
     });
 
-    it('applies w-auto to inner container when complete', () => {
-      const { container } = render(
-        <OpenAIImageGen {...defaultProps} initialProgress={1} isSubmitting={false} />,
-      );
-      const overflowDiv = container.querySelector('[class*="overflow-hidden"]');
-      expect(overflowDiv?.className).toContain('w-auto');
+    it('sets isAnimating=false when complete', () => {
+      render(<OpenAIImageGen {...defaultProps} initialProgress={1} isSubmitting={false} />);
+      const icon = screen.getByTestId('tool-icon');
+      expect(icon).toHaveAttribute('data-animating', 'false');
     });
   });
 
@@ -142,10 +126,8 @@ describe('OpenAIImageGen', () => {
     });
 
     it('handles invalid JSON args gracefully', () => {
-      const consoleSpy = jest.spyOn(console, 'error').mockImplementation();
       render(<OpenAIImageGen {...defaultProps} args="invalid json" />);
       expect(screen.getByTestId('image-component')).toBeInTheDocument();
-      consoleSpy.mockRestore();
     });
 
     it('handles object args', () => {
diff --git a/client/src/components/Chat/Messages/Content/__tests__/RetrievalCall.test.tsx b/client/src/components/Chat/Messages/Content/__tests__/RetrievalCall.test.tsx
new file mode 100644
index 0000000000..6df45a3210
--- /dev/null
+++ b/client/src/components/Chat/Messages/Content/__tests__/RetrievalCall.test.tsx
@@ -0,0 +1,276 @@
+import React from 'react';
+import { RecoilRoot } from 'recoil';
+import { render, screen, fireEvent } from '@testing-library/react';
+import type { TAttachment } from 'librechat-data-provider';
+import RetrievalCall from '../RetrievalCall';
+
+jest.mock('~/hooks', () => ({
+  useLocalize: () => (key: string) => {
+    const translations: Record<string, string> = {
+      com_ui_searching_files: 'Searching files...',
+      com_ui_retrieved_files: 'Retrieved files',
+      com_ui_retrieval_failed: 'failed',
+      com_ui_tool_failed: 'failed',
+      com_ui_preview: 'Preview',
+      com_ui_relevance: 'Relevance',
+      com_file_pages: 'Pages',
+    };
+    return translations[key] || key;
+  },
+  useProgress: (initialProgress: number) => (initialProgress >= 1 ? 1 : initialProgress),
+  useExpandCollapse: (isExpanded: boolean) => ({
+    style: isExpanded
+      ? { display: 'grid', gridTemplateRows: '1fr', opacity: 1 }
+      : { display: 'grid', gridTemplateRows: '0fr', opacity: 0 },
+    ref: { current: null },
+  }),
+}));
+
+jest.mock('../ProgressText', () => ({
+  __esModule: true,
+  default: ({
+    onClick,
+    inProgressText,
+    finishedText,
+    icon,
+    hasInput,
+    isExpanded,
+    error,
+    errorSuffix,
+  }: {
+    onClick?: () => void;
+    inProgressText: string;
+    finishedText: string;
+    icon?: React.ReactNode;
+    hasInput?: boolean;
+    isExpanded?: boolean;
+    error?: boolean;
+    errorSuffix?: string;
+  }) => (
+    <div
+      onClick={onClick}
+      data-testid="progress-text"
+      data-in-progress={inProgressText}
+      data-finished={finishedText}
+      data-has-input={hasInput}
+      data-expanded={isExpanded}
+      data-error={error}
+      data-error-suffix={errorSuffix}
+    >
+      {icon}
+      {finishedText || inProgressText}
+    </div>
+  ),
+}));
+
+jest.mock('../ToolOutput', () => ({
+  ToolIcon: ({ type, isAnimating }: { type: string; isAnimating?: boolean }) => (
+    <span data-testid="tool-icon" data-type={type} data-animating={isAnimating} />
+  ),
+  OutputRenderer: ({ text }: { text: string }) => <pre data-testid="output-renderer">{text}</pre>,
+  isError: (output: string) => typeof output === 'string' && output.toLowerCase().includes('error'),
+}));
+
+jest.mock('~/utils', () => ({
+  cn: (...classes: (string | boolean | undefined)[]) => classes.filter(Boolean).join(' '),
+  logger: { error: jest.fn(), debug: jest.fn() },
+}));
+
+jest.mock('~/data-provider', () => ({
+  useGetFiles: jest.fn(() => ({ data: [] })),
+}));
+
+jest.mock('../FilePreviewDialog', () => ({
+  __esModule: true,
+  default: ({ open, fileId, fileName }: { open: boolean; fileId?: string; fileName: string }) =>
+    open ? (
+      <div data-testid="file-preview-dialog" data-file-id={fileId}>
+        {fileName}
+      </div>
+    ) : null,
+}));
+
+const defaultProps = {
+  initialProgress: 1,
+  isSubmitting: false,
+};
+
+const renderRetrievalCall = (
+  props: Partial<typeof defaultProps & { output?: string; attachments?: TAttachment[] }> = {},
+) =>
+  render(
+    <RecoilRoot>
+      <RetrievalCall {...defaultProps} {...props} />
+    </RecoilRoot>,
+  );
+
+const mockedUseGetFiles = jest.requireMock('~/data-provider').useGetFiles as jest.Mock;
+
+beforeEach(() => {
+  mockedUseGetFiles.mockReturnValue({ data: [] });
+});
+
+describe('RetrievalCall - LGCY-02: Modern visual patterns', () => {
+  it('renders ToolIcon with type="file_search"', () => {
+    renderRetrievalCall({ initialProgress: 1, isSubmitting: false });
+
+    const icon = screen.getByTestId('tool-icon');
+    expect(icon).toBeInTheDocument();
+    expect(icon).toHaveAttribute('data-type', 'file_search');
+  });
+
+  it('does not render ProgressCircle', () => {
+    renderRetrievalCall();
+
+    expect(screen.queryByTestId('progress-circle')).not.toBeInTheDocument();
+  });
+
+  it('does not render InProgressCall', () => {
+    renderRetrievalCall();
+
+    expect(screen.queryByTestId('in-progress-call')).not.toBeInTheDocument();
+  });
+
+  it('does not render RetrievalIcon', () => {
+    renderRetrievalCall();
+
+    expect(screen.queryByTestId('retrieval-icon')).not.toBeInTheDocument();
+  });
+});
+
+describe('RetrievalCall - LGCY-02: Collapsible output panel', () => {
+  it('shows collapsible panel when output exists and is clicked', () => {
+    renderRetrievalCall({
+      output: 'File: notes.txt\nRelevance: 0.8\nContent: file results here',
+      initialProgress: 1,
+      isSubmitting: false,
+    });
+
+    const progressText = screen.getByTestId('progress-text');
+    fireEvent.click(progressText);
+
+    expect(screen.getByText('file results here')).toBeInTheDocument();
+  });
+
+  it('does not show panel when output is undefined', () => {
+    renderRetrievalCall({ initialProgress: 1, isSubmitting: false });
+
+    expect(screen.queryByText('file results here')).not.toBeInTheDocument();
+  });
+
+  it('does not show panel when output contains error', () => {
+    renderRetrievalCall({
+      output: 'error processing tool',
+      initialProgress: 1,
+      isSubmitting: false,
+    });
+
+    expect(screen.queryByText('error processing tool')).not.toBeInTheDocument();
+  });
+});
+
+describe('RetrievalCall - LGCY-03: Localization', () => {
+  it('uses localized in-progress text', () => {
+    renderRetrievalCall({ initialProgress: 0.5, isSubmitting: true });
+
+    const progressText = screen.getByTestId('progress-text');
+    expect(progressText).toHaveAttribute('data-in-progress', 'Searching files...');
+  });
+
+  it('uses localized finished text', () => {
+    renderRetrievalCall({ initialProgress: 1, isSubmitting: false });
+
+    const progressText = screen.getByTestId('progress-text');
+    expect(progressText).toHaveAttribute('data-finished', 'Retrieved files');
+  });
+
+  it('does not contain hardcoded "Searching my knowledge" text', () => {
+    const { container } = renderRetrievalCall({ initialProgress: 0.5, isSubmitting: true });
+
+    expect(container.textContent).not.toContain('Searching my knowledge');
+  });
+
+  it('does not contain hardcoded "Used Retrieval" text', () => {
+    const { container } = renderRetrievalCall({ initialProgress: 1, isSubmitting: false });
+
+    expect(container.textContent).not.toContain('Used Retrieval');
+  });
+});
+
+describe('RetrievalCall - A11Y-04: screen reader status announcements', () => {
+  it('includes sr-only aria-live region for status announcements', () => {
+    renderRetrievalCall({
+      initialProgress: 1,
+      isSubmitting: false,
+      output: 'files found',
+    });
+
+    const liveRegion = document.querySelector('[aria-live="polite"]');
+    expect(liveRegion).not.toBeNull();
+    expect(liveRegion!.className).toContain('sr-only');
+  });
+});
+
+describe('RetrievalCall - file preview resolution', () => {
+  it('resolves parsed filenames against known files and opens preview', () => {
+    mockedUseGetFiles.mockReturnValue({
+      data: [
+        {
+          file_id: 'file-123',
+          filename: 'Tutorial Imazing.pdf',
+          bytes: 2048,
+          type: 'application/pdf',
+        },
+      ],
+    });
+
+    renderRetrievalCall({
+      initialProgress: 1,
+      isSubmitting: false,
+      output:
+        'File: Tutorial_Imazing.pdf\nRelevance: 0.4442\nContent: Example content from parsed output',
+    });
+
+    fireEvent.click(screen.getByTestId('progress-text'));
+    fireEvent.click(screen.getByRole('button', { name: 'Preview: Tutorial Imazing.pdf' }));
+
+    expect(screen.getByTestId('file-preview-dialog')).toHaveAttribute('data-file-id', 'file-123');
+  });
+
+  it('keeps multiple parsed results clickable when only one attachment source is available', () => {
+    renderRetrievalCall({
+      initialProgress: 1,
+      isSubmitting: false,
+      output:
+        'File: Tutorial_Imazing.pdf\nRelevance: 0.4843\nContent: First result\n---\nFile: Tutorial_Imazing.pdf\nRelevance: 0.3751\nContent: Second result',
+      attachments: [
+        {
+          type: 'file_search',
+          toolCallId: 'call-1',
+          file_search: {
+            sources: [
+              {
+                fileId: 'file-123',
+                fileName: 'Tutorial Imazing.pdf',
+                relevance: 0.4843,
+                content: 'First result',
+                pages: [1],
+                pageRelevance: { 1: 0.4843 },
+                metadata: {
+                  fileType: 'application/pdf',
+                  fileBytes: 2048,
+                },
+              },
+            ],
+          },
+        },
+      ] as any,
+    });
+
+    fireEvent.click(screen.getByTestId('progress-text'));
+
+    expect(screen.getAllByRole('button', { name: 'Preview: Tutorial Imazing.pdf' })).toHaveLength(
+      2,
+    );
+  });
+});
diff --git a/client/src/components/Chat/Messages/Content/__tests__/ToolCall.test.tsx b/client/src/components/Chat/Messages/Content/__tests__/ToolCall.test.tsx
index d1f4f89213..14b4b7e07a 100644
--- a/client/src/components/Chat/Messages/Content/__tests__/ToolCall.test.tsx
+++ b/client/src/components/Chat/Messages/Content/__tests__/ToolCall.test.tsx
@@ -1,7 +1,7 @@
 import React from 'react';
-import { render, screen, fireEvent } from '@testing-library/react';
 import { RecoilRoot } from 'recoil';
-import { Tools } from 'librechat-data-provider';
+import { Tools, Constants } from 'librechat-data-provider';
+import { render, screen, fireEvent } from '@testing-library/react';
 import ToolCall from '../ToolCall';
 
 // Mock dependencies
@@ -17,10 +17,24 @@ jest.mock('~/hooks', () => ({
       com_ui_cancelled: 'Cancelled',
       com_ui_requires_auth: 'Requires authentication',
       com_assistants_allow_sites_you_trust: 'Only allow sites you trust',
+      com_ui_via_server: `via ${values?.[0]}`,
+      com_ui_tool_failed: 'failed',
     };
     return translations[key] || key;
   },
   useProgress: (initialProgress: number) => (initialProgress >= 1 ? 1 : initialProgress),
+  useExpandCollapse: (isExpanded: boolean) => ({
+    style: {
+      display: 'grid',
+      gridTemplateRows: isExpanded ? '1fr' : '0fr',
+      opacity: isExpanded ? 1 : 0,
+    },
+    ref: { current: null },
+  }),
+}));
+
+jest.mock('~/hooks/MCP', () => ({
+  useMCPIconMap: () => new Map(),
 }));
 
 jest.mock('~/components/Chat/Messages/Content/MessageContent', () => ({
@@ -39,8 +53,21 @@ jest.mock('../ToolCallInfo', () => ({
 
 jest.mock('../ProgressText', () => ({
   __esModule: true,
-  default: ({ onClick, inProgressText, finishedText, _error, _hasInput, _isExpanded }: any) => (
-    <div onClick={onClick}>{finishedText || inProgressText}</div>
+  default: ({
+    onClick,
+    inProgressText,
+    finishedText,
+    subtitle,
+  }: {
+    onClick?: () => void;
+    inProgressText?: string;
+    finishedText?: string;
+    subtitle?: string;
+  }) => (
+    <div data-testid="progress-text" onClick={onClick}>
+      {finishedText || inProgressText}
+      {subtitle && <span data-testid="subtitle">{subtitle}</span>}
+    </div>
   ),
 }));
 
@@ -50,7 +77,7 @@ jest.mock('../Parts', () => ({
   ),
 }));
 
-jest.mock('~/components/ui', () => ({
+jest.mock('@librechat/client', () => ({
   Button: ({ children, onClick, ...props }: any) => (
     <button onClick={onClick} {...props}>
       {children}
@@ -102,9 +129,9 @@ describe('ToolCall', () => {
         },
       ];
 
-      renderWithRecoil(<ToolCall {...mockProps} attachments={attachments} />);
+      renderWithRecoil(<ToolCall {...mockProps} attachments={attachments as any} />);
 
-      fireEvent.click(screen.getByText('Completed testFunction'));
+      fireEvent.click(screen.getByTestId('progress-text'));
 
       const toolCallInfo = screen.getByTestId('tool-call-info');
       expect(toolCallInfo).toBeInTheDocument();
@@ -116,7 +143,7 @@ describe('ToolCall', () => {
     it('should pass empty array when no attachments', () => {
       renderWithRecoil(<ToolCall {...mockProps} />);
 
-      fireEvent.click(screen.getByText('Completed testFunction'));
+      fireEvent.click(screen.getByTestId('progress-text'));
 
       const toolCallInfo = screen.getByTestId('tool-call-info');
       const attachmentsData = toolCallInfo.getAttribute('data-attachments');
@@ -145,9 +172,9 @@ describe('ToolCall', () => {
         },
       ];
 
-      renderWithRecoil(<ToolCall {...mockProps} attachments={attachments} />);
+      renderWithRecoil(<ToolCall {...mockProps} attachments={attachments as any} />);
 
-      fireEvent.click(screen.getByText('Completed testFunction'));
+      fireEvent.click(screen.getByTestId('progress-text'));
 
       const toolCallInfo = screen.getByTestId('tool-call-info');
       const attachmentsData = toolCallInfo.getAttribute('data-attachments');
@@ -169,7 +196,7 @@ describe('ToolCall', () => {
         },
       ];
 
-      renderWithRecoil(<ToolCall {...mockProps} attachments={attachments} />);
+      renderWithRecoil(<ToolCall {...mockProps} attachments={attachments as any} />);
 
       const attachmentGroup = screen.getByTestId('attachment-group');
       expect(attachmentGroup).toBeInTheDocument();
@@ -190,54 +217,30 @@ describe('ToolCall', () => {
   });
 
   describe('tool call info visibility', () => {
-    it('should toggle tool call info when clicking header', () => {
+    it('should toggle tool call info expand/collapse when clicking header', () => {
       renderWithRecoil(<ToolCall {...mockProps} />);
 
-      // Initially closed
-      expect(screen.queryByTestId('tool-call-info')).not.toBeInTheDocument();
+      // ToolCallInfo is always in the DOM (CSS expand/collapse), but initially collapsed
+      const toolCallInfo = screen.getByTestId('tool-call-info');
+      expect(toolCallInfo).toBeInTheDocument();
 
-      // Click to open
-      fireEvent.click(screen.getByText('Completed testFunction'));
+      // The expand wrapper starts collapsed (showInfo=false, autoExpand=false)
+      const expandWrapper = toolCallInfo.closest('[style]')?.parentElement;
+      expect(expandWrapper).toBeDefined();
+
+      // Click to expand
+      fireEvent.click(screen.getByTestId('progress-text'));
       expect(screen.getByTestId('tool-call-info')).toBeInTheDocument();
-
-      // Click to close
-      fireEvent.click(screen.getByText('Completed testFunction'));
-      expect(screen.queryByTestId('tool-call-info')).not.toBeInTheDocument();
     });
 
-    it('should pass all required props to ToolCallInfo', () => {
-      const attachments = [
-        {
-          type: Tools.ui_resources,
-          messageId: 'msg123',
-          toolCallId: 'tool456',
-          conversationId: 'conv789',
-          [Tools.ui_resources]: {
-            '0': { type: 'button', label: 'Test' },
-          },
-        },
-      ];
-
-      // Use a name with domain separator (_action_) and domain separator (---)
-      const propsWithDomain = {
-        ...mockProps,
-        name: 'testFunction_action_test---domain---com', // domain will be extracted and --- replaced with dots
-        attachments,
-      };
-
-      renderWithRecoil(<ToolCall {...propsWithDomain} />);
-
-      fireEvent.click(screen.getByText('Completed action on test.domain.com'));
+    it('should pass input and output props to ToolCallInfo', () => {
+      renderWithRecoil(<ToolCall {...mockProps} />);
 
       const toolCallInfo = screen.getByTestId('tool-call-info');
       const props = JSON.parse(toolCallInfo.textContent!);
 
       expect(props.input).toBe('{"test": "input"}');
       expect(props.output).toBe('Test output');
-      expect(props.function_name).toBe('testFunction');
-      // Domain is extracted from name and --- are replaced with dots
-      expect(props.domain).toBe('test.domain.com');
-      expect(props.pendingAuth).toBe(false);
     });
   });
 
@@ -268,35 +271,17 @@ describe('ToolCall', () => {
       window.open = originalOpen;
     });
 
-    it('should pass pendingAuth as true when auth is pending', () => {
-      renderWithRecoil(
-        <ToolCall
-          {...mockProps}
-          auth="https://auth.example.com" // Need auth URL to extract domain
-          initialProgress={0.5} // Less than 1
-          isSubmitting={true} // Still submitting
-        />,
-      );
-
-      fireEvent.click(screen.getByText('Completed testFunction'));
-
-      const toolCallInfo = screen.getByTestId('tool-call-info');
-      const props = JSON.parse(toolCallInfo.textContent!);
-      expect(props.pendingAuth).toBe(true);
-    });
-
     it('should not show auth section when cancelled', () => {
       renderWithRecoil(
         <ToolCall
           {...mockProps}
           auth="https://auth.example.com"
-          authDomain="example.com"
-          progress={0.5}
-          cancelled={true}
+          initialProgress={0.5}
+          isSubmitting={false} // Not submitting + progress < 1 = cancelled
         />,
       );
 
-      expect(screen.queryByText('Sign in to example.com')).not.toBeInTheDocument();
+      expect(screen.queryByText('Sign in to auth.example.com')).not.toBeInTheDocument();
     });
 
     it('should not show auth section when progress is complete', () => {
@@ -304,21 +289,18 @@ describe('ToolCall', () => {
         <ToolCall
           {...mockProps}
           auth="https://auth.example.com"
-          authDomain="example.com"
-          progress={1}
-          cancelled={false}
+          initialProgress={1}
+          isSubmitting={false}
         />,
       );
 
-      expect(screen.queryByText('Sign in to example.com')).not.toBeInTheDocument();
+      expect(screen.queryByText('Sign in to auth.example.com')).not.toBeInTheDocument();
     });
   });
 
   describe('edge cases', () => {
     it('should handle undefined args', () => {
-      renderWithRecoil(<ToolCall {...mockProps} args={undefined} />);
-
-      fireEvent.click(screen.getByText('Completed testFunction'));
+      renderWithRecoil(<ToolCall {...mockProps} args={undefined as any} />);
 
       const toolCallInfo = screen.getByTestId('tool-call-info');
       const props = JSON.parse(toolCallInfo.textContent!);
@@ -328,21 +310,16 @@ describe('ToolCall', () => {
     it('should handle null output', () => {
       renderWithRecoil(<ToolCall {...mockProps} output={null} />);
 
-      fireEvent.click(screen.getByText('Completed testFunction'));
-
       const toolCallInfo = screen.getByTestId('tool-call-info');
       const props = JSON.parse(toolCallInfo.textContent!);
       expect(props.output).toBeNull();
     });
 
-    it('should handle missing domain', () => {
-      renderWithRecoil(<ToolCall {...mockProps} domain={undefined} authDomain={undefined} />);
-
-      fireEvent.click(screen.getByText('Completed testFunction'));
+    it('should handle simple function name without domain', () => {
+      renderWithRecoil(<ToolCall {...mockProps} name="simpleName" />);
 
       const toolCallInfo = screen.getByTestId('tool-call-info');
-      const props = JSON.parse(toolCallInfo.textContent!);
-      expect(props.domain).toBe('');
+      expect(toolCallInfo).toBeInTheDocument();
     });
 
     it('should handle complex nested attachments', () => {
@@ -367,9 +344,9 @@ describe('ToolCall', () => {
         },
       ];
 
-      renderWithRecoil(<ToolCall {...mockProps} attachments={complexAttachments} />);
+      renderWithRecoil(<ToolCall {...mockProps} attachments={complexAttachments as any} />);
 
-      fireEvent.click(screen.getByText('Completed testFunction'));
+      fireEvent.click(screen.getByTestId('progress-text'));
 
       const toolCallInfo = screen.getByTestId('tool-call-info');
       const attachmentsData = toolCallInfo.getAttribute('data-attachments');
@@ -379,4 +356,157 @@ describe('ToolCall', () => {
       expect(JSON.parse(attachmentGroup.textContent!)).toEqual(complexAttachments);
     });
   });
+
+  describe('MCP OAuth detection', () => {
+    const d = Constants.mcp_delimiter;
+
+    it('should detect MCP OAuth from delimiter in tool-call name', () => {
+      renderWithRecoil(
+        <ToolCall
+          {...mockProps}
+          name={`oauth${d}my-server`}
+          initialProgress={0.5}
+          isSubmitting={true}
+          auth="https://auth.example.com"
+        />,
+      );
+      const subtitle = screen.getByTestId('subtitle');
+      expect(subtitle.textContent).toBe('via my-server');
+    });
+
+    it('should preserve full server name when it contains the delimiter substring', () => {
+      renderWithRecoil(
+        <ToolCall
+          {...mockProps}
+          name={`oauth${d}foo${d}bar`}
+          initialProgress={0.5}
+          isSubmitting={true}
+          auth="https://auth.example.com"
+        />,
+      );
+      const subtitle = screen.getByTestId('subtitle');
+      expect(subtitle.textContent).toBe(`via foo${d}bar`);
+    });
+
+    it('should display server name (not "oauth") as function_name for OAuth tool calls', () => {
+      renderWithRecoil(
+        <ToolCall
+          {...mockProps}
+          name={`oauth${d}my-server`}
+          initialProgress={1}
+          isSubmitting={false}
+          output="done"
+          auth="https://auth.example.com"
+        />,
+      );
+      const progressText = screen.getByTestId('progress-text');
+      expect(progressText.textContent).toContain('Completed my-server');
+      expect(progressText.textContent).not.toContain('Completed oauth');
+    });
+
+    it('should display server name even when auth is cleared (post-completion)', () => {
+      // After OAuth completes, createOAuthEnd re-emits the toolCall without auth.
+      // The display should still show the server name, not literal "oauth".
+      renderWithRecoil(
+        <ToolCall
+          {...mockProps}
+          name={`oauth${d}my-server`}
+          initialProgress={1}
+          isSubmitting={false}
+          output="done"
+        />,
+      );
+      const progressText = screen.getByTestId('progress-text');
+      expect(progressText.textContent).toContain('Completed my-server');
+      expect(progressText.textContent).not.toContain('Completed oauth');
+    });
+
+    it('should fallback to auth URL redirect_uri when name lacks delimiter', () => {
+      const authUrl =
+        'https://oauth.example.com/authorize?redirect_uri=' +
+        encodeURIComponent('https://app.example.com/api/mcp/my-server/oauth/callback');
+      renderWithRecoil(
+        <ToolCall
+          {...mockProps}
+          name="bare_name"
+          initialProgress={0.5}
+          isSubmitting={true}
+          auth={authUrl}
+        />,
+      );
+      const subtitle = screen.getByTestId('subtitle');
+      expect(subtitle.textContent).toBe('via my-server');
+    });
+
+    it('should display server name (not raw tool-call ID) in fallback path finished text', () => {
+      const authUrl =
+        'https://oauth.example.com/authorize?redirect_uri=' +
+        encodeURIComponent('https://app.example.com/api/mcp/my-server/oauth/callback');
+      renderWithRecoil(
+        <ToolCall
+          {...mockProps}
+          name="bare_name"
+          initialProgress={1}
+          isSubmitting={false}
+          output="done"
+          auth={authUrl}
+        />,
+      );
+      const progressText = screen.getByTestId('progress-text');
+      expect(progressText.textContent).toContain('Completed my-server');
+      expect(progressText.textContent).not.toContain('bare_name');
+    });
+
+    it('should show normalized server name when it contains _mcp_ after prefixing', () => {
+      // Server named oauth@mcp@server normalizes to oauth_mcp_server,
+      // gets prefixed to oauth_mcp_oauth_mcp_server. Client parses:
+      // func="oauth", server="oauth_mcp_server". Visually awkward but
+      // semantically correct — the normalized name IS oauth_mcp_server.
+      renderWithRecoil(
+        <ToolCall
+          {...mockProps}
+          name={`oauth${d}oauth${d}server`}
+          initialProgress={0.5}
+          isSubmitting={true}
+          auth="https://auth.example.com"
+        />,
+      );
+      const subtitle = screen.getByTestId('subtitle');
+      expect(subtitle.textContent).toBe(`via oauth${d}server`);
+    });
+
+    it('should not misidentify non-MCP action auth as MCP via fallback', () => {
+      const authUrl =
+        'https://oauth.example.com/authorize?redirect_uri=' +
+        encodeURIComponent('https://app.example.com/api/actions/xyz/oauth/callback');
+      renderWithRecoil(
+        <ToolCall
+          {...mockProps}
+          name="action_name"
+          initialProgress={0.5}
+          isSubmitting={true}
+          auth={authUrl}
+        />,
+      );
+      expect(screen.queryByTestId('subtitle')).not.toBeInTheDocument();
+    });
+  });
+
+  describe('A11Y-04: screen reader status announcements', () => {
+    it('includes sr-only aria-live region for status announcements', () => {
+      renderWithRecoil(
+        <ToolCall
+          {...mockProps}
+          initialProgress={1}
+          isSubmitting={false}
+          name="test_func"
+          output="result"
+        />,
+      );
+
+      const liveRegion = document.querySelector('[aria-live="polite"]');
+      expect(liveRegion).not.toBeNull();
+      expect(liveRegion!.className).toContain('sr-only');
+    });
+  });
 });
diff --git a/client/src/components/Chat/Messages/Content/__tests__/ToolCallInfo.test.tsx b/client/src/components/Chat/Messages/Content/__tests__/ToolCallInfo.test.tsx
index 3e74504fc2..38b792ccae 100644
--- a/client/src/components/Chat/Messages/Content/__tests__/ToolCallInfo.test.tsx
+++ b/client/src/components/Chat/Messages/Content/__tests__/ToolCallInfo.test.tsx
@@ -1,24 +1,33 @@
 import React from 'react';
 import { Tools } from 'librechat-data-provider';
 import { UIResourceRenderer } from '@mcp-ui/client';
-import { render, screen } from '@testing-library/react';
+import { render, screen, fireEvent } from '@testing-library/react';
 import type { TAttachment } from 'librechat-data-provider';
 import UIResourceCarousel from '~/components/Chat/Messages/Content/UIResourceCarousel';
 import ToolCallInfo from '~/components/Chat/Messages/Content/ToolCallInfo';
 
 // Mock the dependencies
 jest.mock('~/hooks', () => ({
-  useLocalize: () => (key: string, values?: any) => {
+  useLocalize: () => (key: string) => {
     const translations: Record<string, string> = {
-      com_assistants_domain_info: `Used ${values?.[0]}`,
-      com_assistants_function_use: `Used ${values?.[0]}`,
-      com_assistants_action_attempt: `Attempted to use ${values?.[0]}`,
-      com_assistants_attempt_info: 'Attempted to use function',
-      com_ui_result: 'Result',
-      com_ui_ui_resources: 'UI Resources',
+      com_ui_parameters: 'Parameters',
     };
     return translations[key] || key;
   },
+  useExpandCollapse: (isExpanded: boolean) => ({
+    style: {
+      display: 'grid',
+      gridTemplateRows: isExpanded ? '1fr' : '0fr',
+      opacity: isExpanded ? 1 : 0,
+    },
+    ref: { current: null },
+  }),
+}));
+
+jest.mock('~/Providers', () => ({
+  useOptionalMessagesOperations: () => ({
+    ask: jest.fn(),
+  }),
 }));
 
 jest.mock('@mcp-ui/client', () => ({
@@ -30,18 +39,22 @@ jest.mock('../UIResourceCarousel', () => ({
   default: jest.fn(() => null),
 }));
 
-// Add TextEncoder/TextDecoder polyfill for Jest environment
-import { TextEncoder, TextDecoder } from 'util';
+jest.mock('../ToolOutput', () => ({
+  OutputRenderer: ({ text }: { text: string }) => <div data-testid="output-renderer">{text}</div>,
+}));
 
-if (typeof global.TextEncoder === 'undefined') {
-  global.TextEncoder = TextEncoder as any;
-  global.TextDecoder = TextDecoder as any;
-}
+jest.mock('~/utils', () => ({
+  handleUIAction: jest.fn(),
+  cn: (...classes: any[]) => classes.filter(Boolean).join(' '),
+}));
+
+jest.mock('lucide-react', () => ({
+  ChevronDown: () => <span>{'ChevronDown'}</span>,
+}));
 
 describe('ToolCallInfo', () => {
   const mockProps = {
     input: '{"test": "input"}',
-    function_name: 'testFunction',
   };
 
   beforeEach(() => {
@@ -61,11 +74,10 @@ describe('ToolCallInfo', () => {
           messageId: 'msg123',
           toolCallId: 'tool456',
           conversationId: 'conv789',
-          [Tools.ui_resources]: [uiResource],
+          [Tools.ui_resources]: [uiResource] as any,
         },
       ];
 
-      // Need output for ui_resources to render
       render(<ToolCallInfo {...mockProps} output="Some output" attachments={attachments} />);
 
       // Should render UIResourceRenderer for single resource
@@ -85,7 +97,6 @@ describe('ToolCallInfo', () => {
     });
 
     it('should render carousel for multiple ui_resources from attachments', () => {
-      // To test multiple resources, we can use a single attachment with multiple resources
       const attachments: TAttachment[] = [
         {
           type: Tools.ui_resources,
@@ -96,11 +107,10 @@ describe('ToolCallInfo', () => {
             { type: 'text', data: 'Resource 1' },
             { type: 'text', data: 'Resource 2' },
             { type: 'text', data: 'Resource 3' },
-          ],
+          ] as any,
         },
       ];
 
-      // Need output for ui_resources to render
       render(<ToolCallInfo {...mockProps} output="Some output" attachments={attachments} />);
 
       // Should render carousel for multiple resources
@@ -119,50 +129,15 @@ describe('ToolCallInfo', () => {
       expect(UIResourceRenderer).not.toHaveBeenCalled();
     });
 
-    it('should handle attachments with normal output', () => {
-      const attachments: TAttachment[] = [
-        {
-          type: Tools.ui_resources,
-          messageId: 'msg123',
-          toolCallId: 'tool456',
-          conversationId: 'conv789',
-          [Tools.ui_resources]: [{ type: 'text', data: 'UI Resource' }],
-        },
-      ];
-
-      const output = JSON.stringify([
-        { type: 'text', text: 'Regular output 1' },
-        { type: 'text', text: 'Regular output 2' },
-      ]);
-
-      const { container } = render(
-        <ToolCallInfo {...mockProps} output={output} attachments={attachments} />,
-      );
-
-      // Check that the output is displayed normally
-      const codeBlocks = container.querySelectorAll('code');
-      const outputCode = codeBlocks[1]?.textContent; // Second code block is the output
-
-      expect(outputCode).toContain('Regular output 1');
-      expect(outputCode).toContain('Regular output 2');
-
-      // UI resources should be rendered via attachments
-      expect(UIResourceRenderer).toHaveBeenCalled();
-    });
-
     it('should handle no attachments', () => {
-      const output = JSON.stringify([{ type: 'text', text: 'Regular output' }]);
-
-      render(<ToolCallInfo {...mockProps} output={output} />);
+      render(<ToolCallInfo {...mockProps} output="Some output" />);
 
       expect(UIResourceRenderer).not.toHaveBeenCalled();
       expect(UIResourceCarousel).not.toHaveBeenCalled();
     });
 
     it('should handle empty attachments array', () => {
-      const attachments: TAttachment[] = [];
-
-      render(<ToolCallInfo {...mockProps} attachments={attachments} />);
+      render(<ToolCallInfo {...mockProps} attachments={[]} />);
 
       expect(UIResourceRenderer).not.toHaveBeenCalled();
       expect(UIResourceCarousel).not.toHaveBeenCalled();
@@ -183,101 +158,65 @@ describe('ToolCallInfo', () => {
 
       render(<ToolCallInfo {...mockProps} attachments={attachments} />);
 
-      // Should not render UI resources components for non-ui_resources attachments
       expect(UIResourceRenderer).not.toHaveBeenCalled();
       expect(UIResourceCarousel).not.toHaveBeenCalled();
     });
   });
 
   describe('rendering logic', () => {
-    it('should render UI Resources heading when ui_resources exist in attachments', () => {
+    it('should render output when provided', () => {
+      render(<ToolCallInfo {...mockProps} output="Some output" />);
+
+      expect(screen.getByTestId('output-renderer')).toBeInTheDocument();
+      expect(screen.getByTestId('output-renderer').textContent).toBe('Some output');
+    });
+
+    it('should render parameters toggle when input has JSON content', () => {
+      render(<ToolCallInfo {...mockProps} output="Some output" />);
+
+      expect(screen.getByText('Parameters')).toBeInTheDocument();
+    });
+
+    it('should not render parameters toggle when input is empty', () => {
+      render(<ToolCallInfo input="" output="Some output" />);
+
+      expect(screen.queryByText('Parameters')).not.toBeInTheDocument();
+    });
+
+    it('should toggle parameters visibility when clicking', () => {
+      render(<ToolCallInfo {...mockProps} output="Some output" />);
+
+      const paramsButton = screen.getByText('Parameters');
+      expect(paramsButton.closest('button')).toHaveAttribute('aria-expanded', 'false');
+
+      fireEvent.click(paramsButton.closest('button')!);
+      expect(paramsButton.closest('button')).toHaveAttribute('aria-expanded', 'true');
+    });
+
+    it('should render ui_resources section when attachments have ui_resources', () => {
       const attachments: TAttachment[] = [
         {
           type: Tools.ui_resources,
           messageId: 'msg123',
           toolCallId: 'tool456',
           conversationId: 'conv789',
-          [Tools.ui_resources]: [{ type: 'text', data: 'Test' }],
+          [Tools.ui_resources]: [{ type: 'text', data: 'Test' }] as any,
         },
       ];
 
-      // Need output for ui_resources section to render
-      render(<ToolCallInfo {...mockProps} output="Some output" attachments={attachments} />);
-
-      expect(screen.getByText('UI Resources')).toBeInTheDocument();
-    });
-
-    it('should not render UI Resources heading when no ui_resources in attachments', () => {
-      render(<ToolCallInfo {...mockProps} />);
-
-      expect(screen.queryByText('UI Resources')).not.toBeInTheDocument();
-    });
-
-    it('should pass correct props to UIResourceRenderer', () => {
-      const uiResource = {
-        type: 'form',
-        data: { fields: [{ name: 'test', type: 'text' }] },
-      };
-
-      const attachments: TAttachment[] = [
-        {
-          type: Tools.ui_resources,
-          messageId: 'msg123',
-          toolCallId: 'tool456',
-          conversationId: 'conv789',
-          [Tools.ui_resources]: [uiResource],
-        },
-      ];
-
-      // Need output for ui_resources to render
       render(<ToolCallInfo {...mockProps} output="Some output" attachments={attachments} />);
 
       expect(UIResourceRenderer).toHaveBeenCalledWith(
         expect.objectContaining({
-          resource: uiResource,
-          onUIAction: expect.any(Function),
-          htmlProps: {
-            autoResizeIframe: { width: true, height: true },
-          },
+          resource: { type: 'text', data: 'Test' },
         }),
         expect.any(Object),
       );
     });
-
-    it('should console.log when UIAction is triggered', async () => {
-      const consoleSpy = jest.spyOn(console, 'log').mockImplementation();
-
-      const attachments: TAttachment[] = [
-        {
-          type: Tools.ui_resources,
-          messageId: 'msg123',
-          toolCallId: 'tool456',
-          conversationId: 'conv789',
-          [Tools.ui_resources]: [{ type: 'text', data: 'Test' }],
-        },
-      ];
-
-      // Need output for ui_resources to render
-      render(<ToolCallInfo {...mockProps} output="Some output" attachments={attachments} />);
-
-      const mockUIResourceRenderer = UIResourceRenderer as jest.MockedFunction<
-        typeof UIResourceRenderer
-      >;
-      const onUIAction = mockUIResourceRenderer.mock.calls[0]?.[0]?.onUIAction;
-      const testResult = { action: 'submit', data: { test: 'value' } };
-
-      if (onUIAction) {
-        await onUIAction(testResult as any);
-      }
-
-      expect(consoleSpy).toHaveBeenCalledWith('Action:', testResult);
-
-      consoleSpy.mockRestore();
-    });
   });
 
   describe('backward compatibility', () => {
-    it('should handle output with ui_resources for backward compatibility', () => {
+    it('should handle output with ui_resources metadata (ignored — uses attachments)', () => {
       const output = JSON.stringify([
         { type: 'text', text: 'Regular output' },
         {
@@ -302,7 +241,7 @@ describe('ToolCallInfo', () => {
           messageId: 'msg123',
           toolCallId: 'tool456',
           conversationId: 'conv789',
-          [Tools.ui_resources]: [{ type: 'attachment', data: 'From attachments' }],
+          [Tools.ui_resources]: [{ type: 'attachment', data: 'From attachments' }] as any,
         },
       ];
 
diff --git a/client/src/components/Chat/Messages/Content/__tests__/ToolIcon.test.tsx b/client/src/components/Chat/Messages/Content/__tests__/ToolIcon.test.tsx
new file mode 100644
index 0000000000..4937b547c8
--- /dev/null
+++ b/client/src/components/Chat/Messages/Content/__tests__/ToolIcon.test.tsx
@@ -0,0 +1,34 @@
+import { Constants, actionDelimiter } from 'librechat-data-provider';
+import { getToolIconType } from '../ToolOutput/ToolIcon';
+
+describe('getToolIconType - ACTN-01: Action delimiter detection', () => {
+  it('returns "action" for tool name containing actionDelimiter', () => {
+    const toolName = `get_weather${actionDelimiter}weather---api---com`;
+    expect(getToolIconType(toolName)).toBe('action');
+  });
+
+  it('returns "mcp" when name has both mcp_delimiter and actionDelimiter', () => {
+    const toolName = `tool${Constants.mcp_delimiter}server`;
+    expect(getToolIconType(toolName)).toBe('mcp');
+  });
+
+  it('returns "mcp" not "action" for MCP tool whose name ends with _action (cross-delimiter collision)', () => {
+    const toolName = `get_action${Constants.mcp_delimiter}myserver`;
+    expect(getToolIconType(toolName)).not.toBe('action');
+    expect(getToolIconType(toolName)).toBe('mcp');
+  });
+
+  it('returns "generic" for plain tool name without delimiters', () => {
+    expect(getToolIconType('some_plain_tool')).toBe('generic');
+  });
+
+  it('returns correct types for existing tool names', () => {
+    expect(getToolIconType('execute_code')).toBe('execute_code');
+    expect(getToolIconType(Constants.PROGRAMMATIC_TOOL_CALLING)).toBe('execute_code');
+    expect(getToolIconType('web_search')).toBe('web_search');
+    expect(getToolIconType('image_gen_oai')).toBe('image_gen');
+    expect(getToolIconType('image_edit_oai')).toBe('image_gen');
+    expect(getToolIconType('gemini_image_gen')).toBe('image_gen');
+    expect(getToolIconType(`${Constants.LC_TRANSFER_TO_}agent1`)).toBe('agent_handoff');
+  });
+});
diff --git a/client/src/components/Chat/Messages/Content/__tests__/UIResourceCarousel.test.tsx b/client/src/components/Chat/Messages/Content/__tests__/UIResourceCarousel.test.tsx
index 6d208c2cf2..6e472e3f49 100644
--- a/client/src/components/Chat/Messages/Content/__tests__/UIResourceCarousel.test.tsx
+++ b/client/src/components/Chat/Messages/Content/__tests__/UIResourceCarousel.test.tsx
@@ -13,10 +13,10 @@ jest.mock('@mcp-ui/client', () => ({
   ),
 }));
 
-// Mock useMessagesOperations hook
+// Mock useOptionalMessagesOperations hook
 const mockAsk = jest.fn();
 jest.mock('~/Providers', () => ({
-  useMessagesOperations: () => ({
+  useOptionalMessagesOperations: () => ({
     ask: mockAsk,
   }),
 }));
diff --git a/client/src/components/Chat/Messages/Message.tsx b/client/src/components/Chat/Messages/Message.tsx
index f9db38fdab..53aef812fc 100644
--- a/client/src/components/Chat/Messages/Message.tsx
+++ b/client/src/components/Chat/Messages/Message.tsx
@@ -1,5 +1,5 @@
 import React from 'react';
-import { useMessageProcess } from '~/hooks';
+import { useMessageProcess, useMemoizedChatContext } from '~/hooks';
 import type { TMessageProps } from '~/common';
 import MessageRender from './ui/MessageRender';
 import MultiMessage from './MultiMessage';
@@ -23,10 +23,11 @@ const MessageContainer = React.memo(function MessageContainer({
 });
 
 export default function Message(props: TMessageProps) {
-  const { conversation, handleScroll } = useMessageProcess({
+  const { conversation, handleScroll, isSubmitting } = useMessageProcess({
     message: props.message,
   });
   const { message, currentEditId, setCurrentEditId } = props;
+  const { chatContext, effectiveIsSubmitting } = useMemoizedChatContext(message, isSubmitting);
 
   if (!message || typeof message !== 'object') {
     return null;
@@ -38,7 +39,11 @@ export default function Message(props: TMessageProps) {
     <>
       <MessageContainer handleScroll={handleScroll}>
         <div className="m-auto justify-center p-4 py-2 md:gap-6">
-          <MessageRender {...props} />
+          <MessageRender
+            {...props}
+            isSubmitting={effectiveIsSubmitting}
+            chatContext={chatContext}
+          />
         </div>
       </MessageContainer>
       <MultiMessage
diff --git a/client/src/components/Chat/Messages/MessageIcon.tsx b/client/src/components/Chat/Messages/MessageIcon.tsx
index 0857bb58a9..d63e0d2071 100644
--- a/client/src/components/Chat/Messages/MessageIcon.tsx
+++ b/client/src/components/Chat/Messages/MessageIcon.tsx
@@ -1,4 +1,4 @@
-import React, { useMemo, memo } from 'react';
+import { useMemo, memo } from 'react';
 import { getEndpointField } from 'librechat-data-provider';
 import type { Assistant, Agent } from 'librechat-data-provider';
 import type { TMessageIcon } from '~/common';
@@ -7,73 +7,101 @@ import { useGetEndpointsQuery } from '~/data-provider';
 import { getIconEndpoint, logger } from '~/utils';
 import Icon from '~/components/Endpoints/Icon';
 
-const MessageIcon = memo(
-  ({
-    iconData,
-    assistant,
-    agent,
-  }: {
-    iconData?: TMessageIcon;
-    assistant?: Assistant;
-    agent?: Agent;
-  }) => {
-    logger.log('icon_data', iconData, assistant, agent);
-    const { data: endpointsConfig } = useGetEndpointsQuery();
+type MessageIconProps = {
+  iconData?: TMessageIcon;
+  assistant?: Assistant;
+  agent?: Agent;
+};
 
-    const agentName = useMemo(() => agent?.name ?? '', [agent]);
-    const agentAvatar = useMemo(() => agent?.avatar?.filepath ?? '', [agent]);
-    const assistantName = useMemo(() => assistant?.name ?? '', [assistant]);
-    const assistantAvatar = useMemo(() => assistant?.metadata?.avatar ?? '', [assistant]);
+/**
+ * Compares only the fields MessageIcon actually renders.
+ * `agent.id` / `assistant.id` are intentionally omitted because
+ * this component renders display properties only, not identity-derived content.
+ */
+export function arePropsEqual(prev: MessageIconProps, next: MessageIconProps): boolean {
+  if (prev.iconData?.endpoint !== next.iconData?.endpoint) {
+    return false;
+  }
+  if (prev.iconData?.model !== next.iconData?.model) {
+    return false;
+  }
+  if (prev.iconData?.iconURL !== next.iconData?.iconURL) {
+    return false;
+  }
+  if (prev.iconData?.modelLabel !== next.iconData?.modelLabel) {
+    return false;
+  }
+  if (prev.iconData?.isCreatedByUser !== next.iconData?.isCreatedByUser) {
+    return false;
+  }
+  if (prev.agent?.name !== next.agent?.name) {
+    return false;
+  }
+  if (prev.agent?.avatar?.filepath !== next.agent?.avatar?.filepath) {
+    return false;
+  }
+  if (prev.assistant?.name !== next.assistant?.name) {
+    return false;
+  }
+  if (prev.assistant?.metadata?.avatar !== next.assistant?.metadata?.avatar) {
+    return false;
+  }
+  return true;
+}
 
-    const avatarURL = useMemo(() => {
-      let result = '';
-      if (assistant) {
-        result = assistantAvatar;
-      } else if (agent) {
-        result = agentAvatar;
-      }
-      return result;
-    }, [assistant, agent, assistantAvatar, agentAvatar]);
+const MessageIcon = memo(({ iconData, assistant, agent }: MessageIconProps) => {
+  logger.log('icon_data', iconData, assistant, agent);
+  const { data: endpointsConfig } = useGetEndpointsQuery();
 
-    const iconURL = iconData?.iconURL;
-    const endpoint = useMemo(
-      () => getIconEndpoint({ endpointsConfig, iconURL, endpoint: iconData?.endpoint }),
-      [endpointsConfig, iconURL, iconData?.endpoint],
-    );
+  const agentName = agent?.name ?? '';
+  const agentAvatar = agent?.avatar?.filepath ?? '';
+  const assistantName = assistant?.name ?? '';
+  const assistantAvatar = assistant?.metadata?.avatar ?? '';
+  let avatarURL = '';
+  if (assistant) {
+    avatarURL = assistantAvatar;
+  } else if (agent) {
+    avatarURL = agentAvatar;
+  }
 
-    const endpointIconURL = useMemo(
-      () => getEndpointField(endpointsConfig, endpoint, 'iconURL'),
-      [endpointsConfig, endpoint],
-    );
+  const iconURL = iconData?.iconURL;
+  const endpoint = useMemo(
+    () => getIconEndpoint({ endpointsConfig, iconURL, endpoint: iconData?.endpoint }),
+    [endpointsConfig, iconURL, iconData?.endpoint],
+  );
 
-    if (iconData?.isCreatedByUser !== true && iconURL != null && iconURL.includes('http')) {
-      return (
-        <ConvoIconURL
-          iconURL={iconURL}
-          modelLabel={iconData?.modelLabel}
-          context="message"
-          assistantAvatar={assistantAvatar}
-          agentAvatar={agentAvatar}
-          endpointIconURL={endpointIconURL}
-          assistantName={assistantName}
-          agentName={agentName}
-        />
-      );
-    }
+  const endpointIconURL = useMemo(
+    () => getEndpointField(endpointsConfig, endpoint, 'iconURL'),
+    [endpointsConfig, endpoint],
+  );
 
+  if (iconData?.isCreatedByUser !== true && iconURL != null && iconURL.includes('http')) {
     return (
-      <Icon
-        isCreatedByUser={iconData?.isCreatedByUser ?? false}
-        endpoint={endpoint}
-        iconURL={avatarURL || endpointIconURL}
-        model={iconData?.model}
+      <ConvoIconURL
+        iconURL={iconURL}
+        modelLabel={iconData?.modelLabel}
+        context="message"
+        assistantAvatar={assistantAvatar}
+        agentAvatar={agentAvatar}
+        endpointIconURL={endpointIconURL}
         assistantName={assistantName}
         agentName={agentName}
-        size={28.8}
       />
     );
-  },
-);
+  }
+
+  return (
+    <Icon
+      isCreatedByUser={iconData?.isCreatedByUser ?? false}
+      endpoint={endpoint}
+      iconURL={avatarURL || endpointIconURL}
+      model={iconData?.model}
+      assistantName={assistantName}
+      agentName={agentName}
+      size={28.8}
+    />
+  );
+}, arePropsEqual);
 
 MessageIcon.displayName = 'MessageIcon';
 
diff --git a/client/src/components/Chat/Messages/__tests__/MessageIcon.test.ts b/client/src/components/Chat/Messages/__tests__/MessageIcon.test.ts
new file mode 100644
index 0000000000..db4e9df316
--- /dev/null
+++ b/client/src/components/Chat/Messages/__tests__/MessageIcon.test.ts
@@ -0,0 +1,154 @@
+import type { Agent, Assistant } from 'librechat-data-provider';
+import type { TMessageIcon } from '~/common';
+
+// Mock all module-level imports so we can import the pure arePropsEqual function
+// without pulling in React component dependencies
+jest.mock('librechat-data-provider', () => ({
+  getEndpointField: jest.fn(),
+}));
+jest.mock('~/components/Endpoints/ConvoIconURL', () => jest.fn());
+jest.mock('~/data-provider', () => ({ useGetEndpointsQuery: jest.fn(() => ({ data: {} })) }));
+jest.mock('~/utils', () => ({ getIconEndpoint: jest.fn(), logger: { log: jest.fn() } }));
+jest.mock('~/components/Endpoints/Icon', () => jest.fn());
+
+import { arePropsEqual } from '../MessageIcon';
+
+const baseIconData: TMessageIcon = {
+  endpoint: 'agents',
+  model: 'agent_123',
+  iconURL: '/images/avatar.png',
+  modelLabel: 'Test Agent',
+  isCreatedByUser: false,
+};
+
+const makeAgent = (overrides?: Partial<Agent>): Agent =>
+  ({
+    id: 'agent_123',
+    name: 'Atlas',
+    avatar: { filepath: '/avatars/atlas.png' },
+    ...overrides,
+  }) as Agent;
+
+const makeAssistant = (overrides?: Partial<Assistant>): Assistant =>
+  ({
+    id: 'asst_123',
+    name: 'Helper',
+    metadata: { avatar: '/avatars/helper.png' },
+    ...overrides,
+  }) as Assistant;
+
+describe('MessageIcon arePropsEqual', () => {
+  it('returns true when agent reference changes but display fields are identical', () => {
+    const agent1 = makeAgent();
+    const agent2 = makeAgent();
+    expect(agent1).not.toBe(agent2);
+    expect(
+      arePropsEqual(
+        { iconData: baseIconData, agent: agent1 },
+        { iconData: baseIconData, agent: agent2 },
+      ),
+    ).toBe(true);
+  });
+
+  it('returns false when agent name changes', () => {
+    expect(
+      arePropsEqual(
+        { iconData: baseIconData, agent: makeAgent({ name: 'Atlas' }) },
+        { iconData: baseIconData, agent: makeAgent({ name: 'Hermes' }) },
+      ),
+    ).toBe(false);
+  });
+
+  it('returns false when agent avatar filepath changes', () => {
+    expect(
+      arePropsEqual(
+        { iconData: baseIconData, agent: makeAgent({ avatar: { filepath: '/a.png' } }) },
+        { iconData: baseIconData, agent: makeAgent({ avatar: { filepath: '/b.png' } }) },
+      ),
+    ).toBe(false);
+  });
+
+  it('returns true when assistant reference changes but display fields are identical', () => {
+    const asst1 = makeAssistant();
+    const asst2 = makeAssistant();
+    expect(asst1).not.toBe(asst2);
+    expect(
+      arePropsEqual(
+        { iconData: baseIconData, assistant: asst1 },
+        { iconData: baseIconData, assistant: asst2 },
+      ),
+    ).toBe(true);
+  });
+
+  it('returns false when assistant name changes', () => {
+    expect(
+      arePropsEqual(
+        { iconData: baseIconData, assistant: makeAssistant({ name: 'Helper' }) },
+        { iconData: baseIconData, assistant: makeAssistant({ name: 'Wizard' }) },
+      ),
+    ).toBe(false);
+  });
+
+  it('returns false when assistant avatar changes', () => {
+    expect(
+      arePropsEqual(
+        { iconData: baseIconData, assistant: makeAssistant({ metadata: { avatar: '/a.png' } }) },
+        { iconData: baseIconData, assistant: makeAssistant({ metadata: { avatar: '/b.png' } }) },
+      ),
+    ).toBe(false);
+  });
+
+  it('returns true when iconData reference changes but fields are identical', () => {
+    const iconData1 = { ...baseIconData };
+    const iconData2 = { ...baseIconData };
+    expect(
+      arePropsEqual(
+        { iconData: iconData1, agent: makeAgent() },
+        { iconData: iconData2, agent: makeAgent() },
+      ),
+    ).toBe(true);
+  });
+
+  it('returns false when iconData endpoint changes', () => {
+    expect(
+      arePropsEqual(
+        { iconData: { ...baseIconData, endpoint: 'agents' } },
+        { iconData: { ...baseIconData, endpoint: 'openAI' } },
+      ),
+    ).toBe(false);
+  });
+
+  it('returns false when iconData iconURL changes', () => {
+    expect(
+      arePropsEqual(
+        { iconData: { ...baseIconData, iconURL: '/a.png' } },
+        { iconData: { ...baseIconData, iconURL: '/b.png' } },
+      ),
+    ).toBe(false);
+  });
+
+  it('returns true when both agent and assistant are undefined', () => {
+    expect(arePropsEqual({ iconData: baseIconData }, { iconData: baseIconData })).toBe(true);
+  });
+
+  // avatarURL and display strings both remain '' in both states — nothing renders differently,
+  // so suppressing the re-render is correct even though the agent prop went from undefined to defined.
+  it('returns true when agent transitions from undefined to object with undefined display fields', () => {
+    const agentNoFields = makeAgent({ name: undefined, avatar: undefined });
+    expect(
+      arePropsEqual(
+        { iconData: baseIconData, agent: undefined },
+        { iconData: baseIconData, agent: agentNoFields },
+      ),
+    ).toBe(true);
+  });
+
+  it('returns false when agent transitions from defined to undefined', () => {
+    expect(
+      arePropsEqual(
+        { iconData: baseIconData, agent: makeAgent() },
+        { iconData: baseIconData, agent: undefined },
+      ),
+    ).toBe(false);
+  });
+});
diff --git a/client/src/components/Chat/Messages/ui/MessageRender.tsx b/client/src/components/Chat/Messages/ui/MessageRender.tsx
index 93586f0d2f..dd55636036 100644
--- a/client/src/components/Chat/Messages/ui/MessageRender.tsx
+++ b/client/src/components/Chat/Messages/ui/MessageRender.tsx
@@ -2,7 +2,7 @@ import React, { useCallback, useMemo, memo } from 'react';
 import { useAtomValue } from 'jotai';
 import { useRecoilValue } from 'recoil';
 import type { TMessage } from 'librechat-data-provider';
-import type { TMessageProps, TMessageIcon } from '~/common';
+import type { TMessageProps, TMessageIcon, TMessageChatContext } from '~/common';
 import { cn, getHeaderPrefixForScreenReader, getMessageAriaLabel } from '~/utils';
 import MessageContent from '~/components/Chat/Messages/Content/MessageContent';
 import { useLocalize, useMessageActions, useContentMetadata } from '~/hooks';
@@ -17,12 +17,73 @@ import store from '~/store';
 
 type MessageRenderProps = {
   message?: TMessage;
+  /**
+   * Effective isSubmitting: false for non-latest messages, real value for latest.
+   * Computed by the wrapper (Message.tsx) so this memo'd component only re-renders
+   * when the value actually matters.
+   */
   isSubmitting?: boolean;
+  /** Stable context object from wrapper — avoids ChatContext subscription inside memo */
+  chatContext: TMessageChatContext;
 } & Pick<
   TMessageProps,
   'currentEditId' | 'setCurrentEditId' | 'siblingIdx' | 'setSiblingIdx' | 'siblingCount'
 >;
 
+/**
+ * Custom comparator for React.memo: compares `message` by key fields instead of reference
+ * because `buildTree` creates new message objects on every streaming update for ALL messages,
+ * even when only the latest message's text changed.
+ */
+function areMessageRenderPropsEqual(prev: MessageRenderProps, next: MessageRenderProps): boolean {
+  if (prev.isSubmitting !== next.isSubmitting) {
+    return false;
+  }
+  if (prev.chatContext !== next.chatContext) {
+    return false;
+  }
+  if (prev.siblingIdx !== next.siblingIdx) {
+    return false;
+  }
+  if (prev.siblingCount !== next.siblingCount) {
+    return false;
+  }
+  if (prev.currentEditId !== next.currentEditId) {
+    return false;
+  }
+  if (prev.setSiblingIdx !== next.setSiblingIdx) {
+    return false;
+  }
+  if (prev.setCurrentEditId !== next.setCurrentEditId) {
+    return false;
+  }
+
+  const prevMsg = prev.message;
+  const nextMsg = next.message;
+  if (prevMsg === nextMsg) {
+    return true;
+  }
+  if (!prevMsg || !nextMsg) {
+    return prevMsg === nextMsg;
+  }
+
+  return (
+    prevMsg.messageId === nextMsg.messageId &&
+    prevMsg.text === nextMsg.text &&
+    prevMsg.error === nextMsg.error &&
+    prevMsg.unfinished === nextMsg.unfinished &&
+    prevMsg.depth === nextMsg.depth &&
+    prevMsg.isCreatedByUser === nextMsg.isCreatedByUser &&
+    (prevMsg.children?.length ?? 0) === (nextMsg.children?.length ?? 0) &&
+    prevMsg.content === nextMsg.content &&
+    prevMsg.model === nextMsg.model &&
+    prevMsg.endpoint === nextMsg.endpoint &&
+    prevMsg.iconURL === nextMsg.iconURL &&
+    prevMsg.feedback?.rating === nextMsg.feedback?.rating &&
+    (prevMsg.files?.length ?? 0) === (nextMsg.files?.length ?? 0)
+  );
+}
+
 const MessageRender = memo(function MessageRender({
   message: msg,
   siblingIdx,
@@ -31,6 +92,7 @@ const MessageRender = memo(function MessageRender({
   currentEditId,
   setCurrentEditId,
   isSubmitting = false,
+  chatContext,
 }: MessageRenderProps) {
   const localize = useLocalize();
   const {
@@ -52,6 +114,7 @@ const MessageRender = memo(function MessageRender({
     message: msg,
     currentEditId,
     setCurrentEditId,
+    chatContext,
   });
   const fontSize = useAtomValue(fontSizeAtom);
   const maximizeChatSpace = useRecoilValue(store.maximizeChatSpace);
@@ -63,8 +126,6 @@ const MessageRender = memo(function MessageRender({
     [hasNoChildren, msg?.depth, latestMessageDepth],
   );
   const isLatestMessage = msg?.messageId === latestMessageId;
-  /** Only pass isSubmitting to the latest message to prevent unnecessary re-renders */
-  const effectiveIsSubmitting = isLatestMessage ? isSubmitting : false;
 
   const iconData: TMessageIcon = useMemo(
     () => ({
@@ -92,10 +153,10 @@ const MessageRender = memo(function MessageRender({
       messageId,
       isLatestMessage,
       isExpanded: false as const,
-      isSubmitting: effectiveIsSubmitting,
+      isSubmitting,
       conversationId: conversation?.conversationId,
     }),
-    [messageId, conversation?.conversationId, effectiveIsSubmitting, isLatestMessage],
+    [messageId, conversation?.conversationId, isSubmitting, isLatestMessage],
   );
 
   if (!msg) {
@@ -165,7 +226,7 @@ const MessageRender = memo(function MessageRender({
                 message={msg}
                 enterEdit={enterEdit}
                 error={!!(msg.error ?? false)}
-                isSubmitting={effectiveIsSubmitting}
+                isSubmitting={isSubmitting}
                 unfinished={msg.unfinished ?? false}
                 isCreatedByUser={msg.isCreatedByUser ?? true}
                 siblingIdx={siblingIdx ?? 0}
@@ -173,7 +234,7 @@ const MessageRender = memo(function MessageRender({
               />
             </MessageContext.Provider>
           </div>
-          {hasNoChildren && effectiveIsSubmitting ? (
+          {hasNoChildren && isSubmitting ? (
             <PlaceholderRow />
           ) : (
             <SubRow classes="text-xs">
@@ -187,7 +248,7 @@ const MessageRender = memo(function MessageRender({
                 isEditing={edit}
                 message={msg}
                 enterEdit={enterEdit}
-                isSubmitting={isSubmitting}
+                isSubmitting={chatContext.isSubmitting}
                 conversation={conversation ?? null}
                 regenerate={handleRegenerateMessage}
                 copyToClipboard={copyToClipboard}
@@ -202,7 +263,7 @@ const MessageRender = memo(function MessageRender({
       </div>
     </div>
   );
-});
+}, areMessageRenderPropsEqual);
 MessageRender.displayName = 'MessageRender';
 
 export default MessageRender;
diff --git a/client/src/components/Conversations/Conversations.tsx b/client/src/components/Conversations/Conversations.tsx
index fee9e4fa82..7e7eea4812 100644
--- a/client/src/components/Conversations/Conversations.tsx
+++ b/client/src/components/Conversations/Conversations.tsx
@@ -168,6 +168,8 @@ const Conversations: FC<ConversationsProps> = ({
   const convoHeight = isSmallScreen ? 44 : 34;
   const showAgentMarketplace = useShowMarketplace();
 
+  const favoritesContentKeyRef = useRef('');
+
   // Fetch active job IDs for showing generation indicators
   const { data: activeJobsData } = useActiveJobs();
   const activeJobIds = useMemo(
@@ -179,6 +181,8 @@ const Conversations: FC<ConversationsProps> = ({
   const shouldShowFavorites =
     !search.query && (isFavoritesLoading || favorites.length > 0 || showAgentMarketplace);
 
+  favoritesContentKeyRef.current = `${favorites.length}-${showAgentMarketplace ? 1 : 0}-${isFavoritesLoading ? 1 : 0}`;
+
   const filteredConversations = useMemo(
     () => rawConversations.filter(Boolean) as TConversation[],
     [rawConversations],
@@ -226,7 +230,7 @@ const Conversations: FC<ConversationsProps> = ({
             return `unknown-${index}`;
           }
           if (item.type === 'favorites') {
-            return 'favorites';
+            return `favorites-${favoritesContentKeyRef.current}`;
           }
           if (item.type === 'chats-header') {
             return 'chats-header';
@@ -246,7 +250,6 @@ const Conversations: FC<ConversationsProps> = ({
     [convoHeight],
   );
 
-  // Debounced function to clear cache and recompute heights
   const clearFavoritesCache = useCallback(() => {
     if (cache) {
       cache.clear(0, 0);
@@ -256,13 +259,12 @@ const Conversations: FC<ConversationsProps> = ({
     }
   }, [cache, containerRef]);
 
-  // Clear cache when favorites change
   useEffect(() => {
     const frameId = requestAnimationFrame(() => {
       clearFavoritesCache();
     });
     return () => cancelAnimationFrame(frameId);
-  }, [favorites.length, isFavoritesLoading, clearFavoritesCache]);
+  }, [favorites.length, isFavoritesLoading, showAgentMarketplace, clearFavoritesCache]);
 
   const rowRenderer = useCallback(
     ({ index, key, parent, style }) => {
@@ -280,11 +282,7 @@ const Conversations: FC<ConversationsProps> = ({
       if (item.type === 'favorites') {
         return (
           <MeasuredRow key={key} {...rowProps}>
-            <FavoritesList
-              isSmallScreen={isSmallScreen}
-              toggleNav={toggleNav}
-              onHeightChange={clearFavoritesCache}
-            />
+            <FavoritesList isSmallScreen={isSmallScreen} toggleNav={toggleNav} />
           </MeasuredRow>
         );
       }
@@ -333,7 +331,6 @@ const Conversations: FC<ConversationsProps> = ({
       flattenedItems,
       moveToTop,
       toggleNav,
-      clearFavoritesCache,
       isSmallScreen,
       isChatsExpanded,
       setIsChatsExpanded,
diff --git a/client/src/components/Conversations/__tests__/Conversations.test.tsx b/client/src/components/Conversations/__tests__/Conversations.test.tsx
new file mode 100644
index 0000000000..a4f403fb7f
--- /dev/null
+++ b/client/src/components/Conversations/__tests__/Conversations.test.tsx
@@ -0,0 +1,185 @@
+import React, { createRef } from 'react';
+import { render } from '@testing-library/react';
+import '@testing-library/jest-dom';
+import { RecoilRoot } from 'recoil';
+import type { CellMeasurerCache, List } from 'react-virtualized';
+
+let mockCapturedCache: CellMeasurerCache | null = null;
+
+jest.mock('react-virtualized', () => {
+  const actual = jest.requireActual('react-virtualized');
+  return {
+    ...actual,
+    AutoSizer: ({
+      children,
+    }: {
+      children: (size: { width: number; height: number }) => React.ReactNode;
+    }) => children({ width: 300, height: 600 }),
+    CellMeasurer: ({
+      children,
+    }: {
+      children: (opts: { registerChild: () => void }) => React.ReactNode;
+    }) => children({ registerChild: () => {} }),
+    List: ({
+      rowRenderer,
+      rowCount,
+      deferredMeasurementCache,
+    }: {
+      rowRenderer: (opts: {
+        index: number;
+        key: string;
+        style: object;
+        parent: object;
+      }) => React.ReactNode;
+      rowCount: number;
+      deferredMeasurementCache: CellMeasurerCache;
+      [key: string]: unknown;
+    }) => {
+      mockCapturedCache = deferredMeasurementCache;
+      return (
+        <div data-testid="virtual-list" data-row-count={rowCount}>
+          {Array.from({ length: Math.min(rowCount, 10) }, (_, i) =>
+            rowRenderer({ index: i, key: `row-${i}`, style: {}, parent: {} }),
+          )}
+        </div>
+      );
+    },
+  };
+});
+
+jest.mock('~/store', () => {
+  const { atom } = jest.requireActual('recoil');
+  return {
+    __esModule: true,
+    default: {
+      search: atom({ key: 'test-conversations-search', default: { query: '' } }),
+    },
+  };
+});
+
+type FavoriteEntry = { agentId?: string; model?: string; endpoint?: string };
+
+const mockFavoritesState: { favorites: FavoriteEntry[]; isLoading: boolean } = {
+  favorites: [],
+  isLoading: false,
+};
+
+let mockShowMarketplace = true;
+
+jest.mock('~/hooks', () => ({
+  useFavorites: () => mockFavoritesState,
+  useLocalize: () => (key: string) => key,
+  useShowMarketplace: () => mockShowMarketplace,
+  TranslationKeys: {},
+}));
+
+jest.mock('@librechat/client', () => ({
+  Spinner: () => <div data-testid="spinner" />,
+  useMediaQuery: () => false,
+}));
+
+jest.mock('~/data-provider', () => ({
+  useActiveJobs: () => ({ data: undefined }),
+}));
+
+jest.mock('~/utils', () => ({
+  groupConversationsByDate: () => [],
+  cn: (...args: unknown[]) => args.filter(Boolean).join(' '),
+}));
+
+jest.mock('~/components/Nav/Favorites/FavoritesList', () => ({
+  __esModule: true,
+  default: () => <div data-testid="favorites-list" />,
+}));
+
+jest.mock('../Convo', () => ({
+  __esModule: true,
+  default: () => <div data-testid="convo" />,
+}));
+
+import Conversations from '../Conversations';
+
+describe('Conversations – favorites CellMeasurerCache key invalidation', () => {
+  const containerRef = createRef<List>();
+
+  beforeEach(() => {
+    mockCapturedCache = null;
+    mockFavoritesState.favorites = [];
+    mockFavoritesState.isLoading = false;
+    mockShowMarketplace = true;
+  });
+
+  const Wrapper = () => (
+    <RecoilRoot>
+      <Conversations
+        conversations={[]}
+        moveToTop={jest.fn()}
+        toggleNav={jest.fn()}
+        containerRef={containerRef}
+        loadMoreConversations={jest.fn()}
+        isLoading={false}
+        isSearchLoading={false}
+        isChatsExpanded={true}
+        setIsChatsExpanded={jest.fn()}
+      />
+    </RecoilRoot>
+  );
+
+  it('should invalidate the cached favorites height when favorites count changes', () => {
+    const { rerender } = render(<Wrapper />);
+    const cache = mockCapturedCache!;
+    expect(cache).toBeDefined();
+
+    cache.set(0, 0, 300, 48);
+    expect(cache.has(0, 0)).toBe(true);
+    expect(cache.getHeight(0, 0)).toBe(48);
+
+    mockFavoritesState.favorites = [{ model: 'gpt-4', endpoint: 'openAI' }];
+    rerender(<Wrapper />);
+
+    expect(cache.has(0, 0)).toBe(false);
+  });
+
+  it('should invalidate the cached favorites height when loading state transitions', () => {
+    mockFavoritesState.isLoading = true;
+    const { rerender } = render(<Wrapper />);
+    const cache = mockCapturedCache!;
+
+    cache.set(0, 0, 300, 80);
+    expect(cache.has(0, 0)).toBe(true);
+
+    mockFavoritesState.isLoading = false;
+    rerender(<Wrapper />);
+
+    expect(cache.has(0, 0)).toBe(false);
+  });
+
+  it('should invalidate the cached favorites height when marketplace visibility changes', () => {
+    mockFavoritesState.favorites = [{ model: 'gpt-4', endpoint: 'openAI' }];
+    const { rerender } = render(<Wrapper />);
+    const cache = mockCapturedCache!;
+
+    cache.set(0, 0, 300, 48);
+    expect(cache.has(0, 0)).toBe(true);
+
+    mockShowMarketplace = false;
+    rerender(<Wrapper />);
+
+    expect(cache.has(0, 0)).toBe(false);
+  });
+
+  it('should retain the cached favorites height when content state is unchanged', () => {
+    mockFavoritesState.favorites = [{ model: 'gpt-4', endpoint: 'openAI' }];
+    const { rerender } = render(<Wrapper />);
+    const cache = mockCapturedCache!;
+
+    cache.set(0, 0, 300, 88);
+    expect(cache.has(0, 0)).toBe(true);
+    expect(cache.getHeight(0, 0)).toBe(88);
+
+    rerender(<Wrapper />);
+
+    expect(cache.has(0, 0)).toBe(true);
+    expect(cache.getHeight(0, 0)).toBe(88);
+  });
+});
diff --git a/client/src/components/MCPUIResource/MCPUIResource.tsx b/client/src/components/MCPUIResource/MCPUIResource.tsx
index ddf65c4388..692db889c9 100644
--- a/client/src/components/MCPUIResource/MCPUIResource.tsx
+++ b/client/src/components/MCPUIResource/MCPUIResource.tsx
@@ -1,8 +1,8 @@
 import React from 'react';
 import { UIResourceRenderer } from '@mcp-ui/client';
-import { handleUIAction } from '~/utils';
+import { useOptionalMessagesConversation, useOptionalMessagesOperations } from '~/Providers';
 import { useConversationUIResources } from '~/hooks/Messages/useConversationUIResources';
-import { useMessagesConversation, useMessagesOperations } from '~/Providers';
+import { handleUIAction } from '~/utils';
 import { useLocalize } from '~/hooks';
 
 interface MCPUIResourceProps {
@@ -13,19 +13,14 @@ interface MCPUIResourceProps {
   };
 }
 
-/**
- * Component that renders an MCP UI resource based on its resource ID.
- * Works in both main app and share view.
- */
+/** Renders an MCP UI resource based on its resource ID. Works in chat, share, and search views. */
 export function MCPUIResource(props: MCPUIResourceProps) {
   const { resourceId } = props.node.properties;
   const localize = useLocalize();
-  const { ask } = useMessagesOperations();
-  const { conversation } = useMessagesConversation();
+  const { ask } = useOptionalMessagesOperations();
+  const { conversationId } = useOptionalMessagesConversation();
 
-  const conversationResourceMap = useConversationUIResources(
-    conversation?.conversationId ?? undefined,
-  );
+  const conversationResourceMap = useConversationUIResources(conversationId ?? undefined);
 
   const uiResource = conversationResourceMap.get(resourceId ?? '');
 
diff --git a/client/src/components/MCPUIResource/MCPUIResourceCarousel.tsx b/client/src/components/MCPUIResource/MCPUIResourceCarousel.tsx
index cf32318491..ba81a2f153 100644
--- a/client/src/components/MCPUIResource/MCPUIResourceCarousel.tsx
+++ b/client/src/components/MCPUIResource/MCPUIResourceCarousel.tsx
@@ -1,8 +1,8 @@
 import React, { useMemo } from 'react';
-import { useConversationUIResources } from '~/hooks/Messages/useConversationUIResources';
-import { useMessagesConversation } from '~/Providers';
-import UIResourceCarousel from '../Chat/Messages/Content/UIResourceCarousel';
 import type { UIResource } from 'librechat-data-provider';
+import { useConversationUIResources } from '~/hooks/Messages/useConversationUIResources';
+import UIResourceCarousel from '../Chat/Messages/Content/UIResourceCarousel';
+import { useOptionalMessagesConversation } from '~/Providers';
 
 interface MCPUIResourceCarouselProps {
   node: {
@@ -12,16 +12,11 @@ interface MCPUIResourceCarouselProps {
   };
 }
 
-/**
- * Component that renders multiple MCP UI resources in a carousel.
- * Works in both main app and share view.
- */
+/** Renders multiple MCP UI resources in a carousel. Works in chat, share, and search views. */
 export function MCPUIResourceCarousel(props: MCPUIResourceCarouselProps) {
-  const { conversation } = useMessagesConversation();
+  const { conversationId } = useOptionalMessagesConversation();
 
-  const conversationResourceMap = useConversationUIResources(
-    conversation?.conversationId ?? undefined,
-  );
+  const conversationResourceMap = useConversationUIResources(conversationId ?? undefined);
 
   const uiResources = useMemo(() => {
     const { resourceIds = [] } = props.node.properties;
diff --git a/client/src/components/MCPUIResource/__tests__/MCPUIResource.test.tsx b/client/src/components/MCPUIResource/__tests__/MCPUIResource.test.tsx
index 53896bb6fe..c37b6d5d51 100644
--- a/client/src/components/MCPUIResource/__tests__/MCPUIResource.test.tsx
+++ b/client/src/components/MCPUIResource/__tests__/MCPUIResource.test.tsx
@@ -2,7 +2,11 @@ import React from 'react';
 import { render, screen } from '@testing-library/react';
 import { RecoilRoot } from 'recoil';
 import { MCPUIResource } from '../MCPUIResource';
-import { useMessageContext, useMessagesConversation, useMessagesOperations } from '~/Providers';
+import {
+  useMessageContext,
+  useOptionalMessagesConversation,
+  useOptionalMessagesOperations,
+} from '~/Providers';
 import { useLocalize } from '~/hooks';
 import { handleUIAction } from '~/utils';
 
@@ -22,11 +26,11 @@ jest.mock('@mcp-ui/client', () => ({
 }));
 
 const mockUseMessageContext = useMessageContext as jest.MockedFunction<typeof useMessageContext>;
-const mockUseMessagesConversation = useMessagesConversation as jest.MockedFunction<
-  typeof useMessagesConversation
+const mockUseMessagesConversation = useOptionalMessagesConversation as jest.MockedFunction<
+  typeof useOptionalMessagesConversation
 >;
-const mockUseMessagesOperations = useMessagesOperations as jest.MockedFunction<
-  typeof useMessagesOperations
+const mockUseMessagesOperations = useOptionalMessagesOperations as jest.MockedFunction<
+  typeof useOptionalMessagesOperations
 >;
 const mockUseLocalize = useLocalize as jest.MockedFunction<typeof useLocalize>;
 const mockHandleUIAction = handleUIAction as jest.MockedFunction<typeof handleUIAction>;
diff --git a/client/src/components/MCPUIResource/__tests__/MCPUIResourceCarousel.test.tsx b/client/src/components/MCPUIResource/__tests__/MCPUIResourceCarousel.test.tsx
index a9f7962ab0..9a5ca934a0 100644
--- a/client/src/components/MCPUIResource/__tests__/MCPUIResourceCarousel.test.tsx
+++ b/client/src/components/MCPUIResource/__tests__/MCPUIResourceCarousel.test.tsx
@@ -2,7 +2,11 @@ import React from 'react';
 import { render, screen } from '@testing-library/react';
 import { RecoilRoot } from 'recoil';
 import { MCPUIResourceCarousel } from '../MCPUIResourceCarousel';
-import { useMessageContext, useMessagesConversation, useMessagesOperations } from '~/Providers';
+import {
+  useMessageContext,
+  useOptionalMessagesConversation,
+  useOptionalMessagesOperations,
+} from '~/Providers';
 
 // Mock dependencies
 jest.mock('~/Providers');
@@ -19,11 +23,11 @@ jest.mock('../../Chat/Messages/Content/UIResourceCarousel', () => ({
 }));
 
 const mockUseMessageContext = useMessageContext as jest.MockedFunction<typeof useMessageContext>;
-const mockUseMessagesConversation = useMessagesConversation as jest.MockedFunction<
-  typeof useMessagesConversation
+const mockUseMessagesConversation = useOptionalMessagesConversation as jest.MockedFunction<
+  typeof useOptionalMessagesConversation
 >;
-const mockUseMessagesOperations = useMessagesOperations as jest.MockedFunction<
-  typeof useMessagesOperations
+const mockUseMessagesOperations = useOptionalMessagesOperations as jest.MockedFunction<
+  typeof useOptionalMessagesOperations
 >;
 
 describe('MCPUIResourceCarousel', () => {
diff --git a/client/src/components/Messages/Content/CodeBar.tsx b/client/src/components/Messages/Content/CodeBar.tsx
new file mode 100644
index 0000000000..52c4060465
--- /dev/null
+++ b/client/src/components/Messages/Content/CodeBar.tsx
@@ -0,0 +1,42 @@
+import React from 'react';
+import { InfoIcon } from 'lucide-react';
+import type { CodeBarProps } from '~/common';
+import useCopyCode from '~/components/Messages/Content/useCopyCode';
+import CopyButton from '~/components/Messages/Content/CopyButton';
+import LangIcon from '~/components/Messages/Content/LangIcon';
+import RunCode from '~/components/Messages/Content/RunCode';
+import { useLocalize } from '~/hooks';
+
+const CodeBar: React.FC<CodeBarProps> = React.memo(
+  ({ lang, error, codeRef, blockIndex, plugin = null, allowExecution = true }) => {
+    const localize = useLocalize();
+    const { isCopied, handleCopy } = useCopyCode(codeRef);
+
+    return (
+      <div className="flex items-center justify-between bg-surface-primary-alt px-1.5 py-1.5 font-sans text-xs text-text-secondary dark:bg-transparent">
+        <span className="flex items-center gap-1.5 text-xs font-medium">
+          <LangIcon lang={lang} className="size-3.5" />
+          {lang}
+        </span>
+        {plugin === true ? (
+          <InfoIcon className="ml-auto flex h-4 w-4 gap-2 text-text-secondary" />
+        ) : (
+          <div className="flex items-center justify-center gap-2">
+            {allowExecution === true && (
+              <RunCode lang={lang} codeRef={codeRef} blockIndex={blockIndex} />
+            )}
+            {error !== true && (
+              <CopyButton
+                isCopied={isCopied}
+                onClick={handleCopy}
+                label={localize('com_ui_copy_code')}
+              />
+            )}
+          </div>
+        )}
+      </div>
+    );
+  },
+);
+
+export default CodeBar;
diff --git a/client/src/components/Messages/Content/CodeBlock.tsx b/client/src/components/Messages/Content/CodeBlock.tsx
index 7407098c5e..1d1fe21b80 100644
--- a/client/src/components/Messages/Content/CodeBlock.tsx
+++ b/client/src/components/Messages/Content/CodeBlock.tsx
@@ -1,13 +1,11 @@
 import React, { useRef, useState, useMemo, useEffect, useCallback } from 'react';
-import copy from 'copy-to-clipboard';
-import { InfoIcon } from 'lucide-react';
 import { Tools } from 'librechat-data-provider';
-import { Clipboard, CheckMark, TooltipAnchor } from '@librechat/client';
 import type { CodeBarProps } from '~/common';
+import FloatingCodeBar from '~/components/Messages/Content/FloatingCodeBar';
 import ResultSwitcher from '~/components/Messages/Content/ResultSwitcher';
 import { useToolCallsMapContext, useMessageContext } from '~/Providers';
 import { LogContent } from '~/components/Chat/Messages/Content/Parts';
-import RunCode from '~/components/Messages/Content/RunCode';
+import CodeBar from '~/components/Messages/Content/CodeBar';
 import { useLocalize } from '~/hooks';
 import cn from '~/utils/cn';
 
@@ -19,143 +17,6 @@ type CodeBlockProps = Pick<
   classProp?: string;
 };
 
-interface FloatingCodeBarProps extends CodeBarProps {
-  isVisible: boolean;
-}
-
-const CodeBar: React.FC<CodeBarProps> = React.memo(function CodeBar({
-  lang,
-  error,
-  codeRef,
-  blockIndex,
-  plugin = null,
-  allowExecution = true,
-}) {
-  const localize = useLocalize();
-  const [isCopied, setIsCopied] = useState(false);
-  return (
-    <div className="relative flex items-center justify-between rounded-tl-md rounded-tr-md bg-gray-700 px-4 py-2 font-sans text-xs text-gray-200 dark:bg-gray-700">
-      <span className="">{lang}</span>
-      {plugin === true ? (
-        <InfoIcon className="ml-auto flex h-4 w-4 gap-2 text-white/50" />
-      ) : (
-        <div className="flex items-center justify-center gap-4">
-          {allowExecution === true && (
-            <RunCode lang={lang} codeRef={codeRef} blockIndex={blockIndex} />
-          )}
-          <button
-            type="button"
-            className={cn(
-              'ml-auto flex gap-2 rounded-sm focus:outline focus:outline-white',
-              error === true ? 'h-4 w-4 items-start text-white/50' : '',
-            )}
-            onClick={async () => {
-              const codeString = codeRef.current?.textContent;
-              if (codeString != null) {
-                setIsCopied(true);
-                copy(codeString.trim(), { format: 'text/plain' });
-
-                setTimeout(() => {
-                  setIsCopied(false);
-                }, 3000);
-              }
-            }}
-          >
-            {isCopied ? <CheckMark className="h-[18px] w-[18px]" /> : <Clipboard />}
-            {error !== true && (
-              <span className="relative">
-                <span className="invisible">{localize('com_ui_copy_code')}</span>
-                <span className="absolute inset-0 flex items-center">
-                  {isCopied ? localize('com_ui_copied') : localize('com_ui_copy_code')}
-                </span>
-              </span>
-            )}
-          </button>
-        </div>
-      )}
-    </div>
-  );
-});
-CodeBar.displayName = 'CodeBar';
-
-const FloatingCodeBar: React.FC<FloatingCodeBarProps> = React.memo(function FloatingCodeBar({
-  lang,
-  error,
-  codeRef,
-  blockIndex,
-  plugin = null,
-  allowExecution = true,
-  isVisible,
-}) {
-  const localize = useLocalize();
-  const [isCopied, setIsCopied] = useState(false);
-  const copyButtonRef = useRef<HTMLButtonElement>(null);
-
-  const handleCopy = useCallback(() => {
-    const codeString = codeRef.current?.textContent;
-    if (codeString != null) {
-      const wasFocused = document.activeElement === copyButtonRef.current;
-      setIsCopied(true);
-      copy(codeString.trim(), { format: 'text/plain' });
-      if (wasFocused) {
-        requestAnimationFrame(() => {
-          copyButtonRef.current?.focus();
-        });
-      }
-
-      setTimeout(() => {
-        const focusedElement = document.activeElement as HTMLElement | null;
-        setIsCopied(false);
-        requestAnimationFrame(() => {
-          focusedElement?.focus();
-        });
-      }, 3000);
-    }
-  }, [codeRef]);
-
-  return (
-    <div
-      className={cn(
-        'absolute bottom-2 right-2 flex items-center gap-2 font-sans text-xs text-gray-200 transition-opacity duration-150',
-        isVisible ? 'opacity-100' : 'pointer-events-none opacity-0',
-      )}
-    >
-      {plugin === true ? (
-        <InfoIcon className="flex h-4 w-4 gap-2 text-white/50" />
-      ) : (
-        <>
-          {allowExecution === true && (
-            <RunCode lang={lang} codeRef={codeRef} blockIndex={blockIndex} iconOnly />
-          )}
-          <TooltipAnchor
-            description={isCopied ? localize('com_ui_copied') : localize('com_ui_copy_code')}
-            render={
-              <button
-                ref={copyButtonRef}
-                type="button"
-                tabIndex={isVisible ? 0 : -1}
-                aria-label={isCopied ? localize('com_ui_copied') : localize('com_ui_copy_code')}
-                className={cn(
-                  'flex items-center justify-center rounded p-1.5 hover:bg-gray-700 focus:bg-gray-700 focus:outline focus:outline-white',
-                  error === true ? 'h-4 w-4 text-white/50' : '',
-                )}
-                onClick={handleCopy}
-              >
-                {isCopied ? (
-                  <CheckMark className="h-[18px] w-[18px]" aria-hidden="true" />
-                ) : (
-                  <Clipboard aria-hidden="true" />
-                )}
-              </button>
-            }
-          />
-        </>
-      )}
-    </div>
-  );
-});
-FloatingCodeBar.displayName = 'FloatingCodeBar';
-
 const CodeBlock: React.FC<CodeBlockProps> = ({
   lang,
   blockIndex,
@@ -165,9 +26,13 @@ const CodeBlock: React.FC<CodeBlockProps> = ({
   plugin = null,
   error,
 }) => {
+  const localize = useLocalize();
   const codeRef = useRef<HTMLElement>(null);
   const containerRef = useRef<HTMLDivElement>(null);
-  const [isBarVisible, setIsBarVisible] = useState(false);
+  const codeBarRef = useRef<HTMLDivElement>(null);
+  const [isHovered, setIsHovered] = useState(false);
+  const [isCodeBarVisible, setIsCodeBarVisible] = useState(true);
+
   const toolCallsMap = useToolCallsMapContext();
   const { messageId, partIndex } = useMessageContext();
   const key = allowExecution
@@ -185,67 +50,76 @@ const CodeBlock: React.FC<CodeBlockProps> = ({
     }
   }, [fetchedToolCalls]);
 
-  // Handle focus within the container (for keyboard navigation)
-  const handleFocus = useCallback(() => {
-    setIsBarVisible(true);
+  useEffect(() => {
+    const el = codeBarRef.current;
+    if (!el) {
+      return;
+    }
+
+    const observer = new IntersectionObserver(
+      ([entry]) => setIsCodeBarVisible(entry.isIntersecting),
+      { root: null, threshold: 0 },
+    );
+    observer.observe(el);
+    return () => observer.disconnect();
   }, []);
 
+  const handleFocus = useCallback(() => setIsHovered(true), []);
+
   const handleBlur = useCallback((e: React.FocusEvent) => {
-    // Check if focus is moving to another element within the container
     if (!containerRef.current?.contains(e.relatedTarget as Node)) {
-      setIsBarVisible(false);
+      setIsHovered(false);
     }
   }, []);
 
-  const handleMouseEnter = useCallback(() => {
-    setIsBarVisible(true);
-  }, []);
+  const handleMouseEnter = useCallback(() => setIsHovered(true), []);
 
   const handleMouseLeave = useCallback(() => {
-    // Only hide if no element inside has focus
     if (!containerRef.current?.contains(document.activeElement)) {
-      setIsBarVisible(false);
+      setIsHovered(false);
     }
   }, []);
 
   const currentToolCall = useMemo(() => toolCalls?.[currentIndex], [toolCalls, currentIndex]);
 
-  const next = () => {
-    if (!toolCalls) {
-      return;
-    }
-    if (currentIndex < toolCalls.length - 1) {
+  const next = useCallback(() => {
+    if (toolCalls && currentIndex < toolCalls.length - 1) {
       setCurrentIndex(currentIndex + 1);
     }
-  };
+  }, [toolCalls, currentIndex]);
 
-  const previous = () => {
+  const previous = useCallback(() => {
     if (currentIndex > 0) {
       setCurrentIndex(currentIndex - 1);
     }
-  };
+  }, [currentIndex]);
 
   const isNonCode = !!(plugin === true || error === true);
   const language = isNonCode ? 'json' : lang;
+  const showFloating = isHovered && !isCodeBarVisible;
 
   return (
     <div
       ref={containerRef}
-      className="relative w-full rounded-md bg-gray-900 text-xs text-white/80"
+      className="relative w-full overflow-hidden rounded-xl border border-border-light text-xs"
       onMouseEnter={handleMouseEnter}
       onMouseLeave={handleMouseLeave}
       onFocus={handleFocus}
       onBlur={handleBlur}
     >
-      <CodeBar
-        lang={lang}
-        error={error}
-        codeRef={codeRef}
-        blockIndex={blockIndex}
-        plugin={plugin === true}
-        allowExecution={allowExecution}
-      />
-      <div className={cn(classProp, 'overflow-y-auto p-4')}>
+      <div ref={codeBarRef}>
+        <CodeBar
+          lang={lang}
+          error={error}
+          codeRef={codeRef}
+          blockIndex={blockIndex}
+          plugin={plugin === true}
+          allowExecution={allowExecution}
+        />
+      </div>
+      <div
+        className={cn(classProp, 'overflow-y-auto bg-surface-chat p-4 dark:bg-surface-primary-alt')}
+      >
         <code
           ref={codeRef}
           className={cn(
@@ -262,17 +136,15 @@ const CodeBlock: React.FC<CodeBlockProps> = ({
         blockIndex={blockIndex}
         plugin={plugin === true}
         allowExecution={allowExecution}
-        isVisible={isBarVisible}
+        isVisible={showFloating}
       />
       {allowExecution === true && toolCalls && toolCalls.length > 0 && (
         <>
-          <div className="bg-gray-700 p-4 text-xs">
-            <div
-              className="prose flex flex-col-reverse text-white"
-              style={{
-                color: 'white',
-              }}
-            >
+          <div className="border-t border-border-light bg-surface-primary-alt p-4 text-xs dark:bg-transparent">
+            <div className="mb-1 text-[10px] font-medium uppercase tracking-wide text-text-secondary">
+              {localize('com_ui_output')}
+            </div>
+            <div className="flex flex-col-reverse text-text-primary">
               <pre className="shrink-0">
                 <LogContent
                   output={(currentToolCall?.result as string | undefined) ?? ''}
diff --git a/client/src/components/Messages/Content/CopyButton.tsx b/client/src/components/Messages/Content/CopyButton.tsx
new file mode 100644
index 0000000000..dedaa9c79e
--- /dev/null
+++ b/client/src/components/Messages/Content/CopyButton.tsx
@@ -0,0 +1,89 @@
+import React from 'react';
+import { Copy, Check } from 'lucide-react';
+import { TooltipAnchor } from '@librechat/client';
+import { useLocalize } from '~/hooks';
+import cn from '~/utils/cn';
+
+interface CopyButtonProps {
+  isCopied: boolean;
+  iconOnly?: boolean;
+  onClick: () => void;
+  tabIndex?: number;
+  className?: string;
+  label?: string;
+  copiedLabel?: string;
+}
+
+const CopyButton = React.forwardRef<HTMLButtonElement, CopyButtonProps>(
+  ({ isCopied, iconOnly = false, onClick, tabIndex, className, label, copiedLabel }, ref) => {
+    const localize = useLocalize();
+    const defaultLabel = label ?? localize('com_ui_copy');
+    const defaultCopiedLabel = copiedLabel ?? localize('com_ui_copied');
+    const currentLabel = isCopied ? defaultCopiedLabel : defaultLabel;
+
+    const button = (
+      <button
+        ref={ref}
+        type="button"
+        onClick={onClick}
+        tabIndex={tabIndex}
+        aria-label={currentLabel}
+        className={cn(
+          'inline-flex select-none items-center justify-center text-text-secondary transition-all duration-200 ease-out',
+          'hover:bg-surface-hover hover:text-text-primary',
+          'focus-visible:outline focus-visible:outline-2 focus-visible:outline-border-heavy',
+          iconOnly ? 'rounded-lg p-1.5' : 'ml-auto gap-2 rounded-md px-2 py-1',
+          isCopied && 'text-text-secondary hover:text-text-primary',
+          className,
+        )}
+      >
+        <span className="relative flex size-[18px] items-center justify-center" aria-hidden="true">
+          <Copy
+            size={18}
+            className={cn(
+              'absolute transition-all duration-300 ease-out',
+              isCopied ? 'rotate-[-90deg] scale-0 opacity-0' : 'rotate-0 scale-100 opacity-100',
+            )}
+          />
+          <Check
+            size={18}
+            className={cn(
+              'transition-all duration-300 ease-out',
+              isCopied ? 'rotate-0 scale-100 opacity-100' : 'rotate-90 scale-0 opacity-0',
+            )}
+          />
+        </span>
+        {!iconOnly && (
+          <span className="relative overflow-hidden">
+            <span
+              className={cn(
+                'block transition-all duration-300 ease-out',
+                isCopied ? '-translate-y-full opacity-0' : 'translate-y-0 opacity-100',
+              )}
+            >
+              {defaultLabel}
+            </span>
+            <span
+              className={cn(
+                'absolute inset-0 transition-all duration-300 ease-out',
+                isCopied ? 'translate-y-0 opacity-100' : 'translate-y-full opacity-0',
+              )}
+            >
+              {defaultCopiedLabel}
+            </span>
+          </span>
+        )}
+      </button>
+    );
+
+    if (iconOnly) {
+      return <TooltipAnchor description={currentLabel} render={button} />;
+    }
+
+    return button;
+  },
+);
+
+CopyButton.displayName = 'CopyButton';
+
+export default CopyButton;
diff --git a/client/src/components/Messages/Content/FloatingCodeBar.tsx b/client/src/components/Messages/Content/FloatingCodeBar.tsx
new file mode 100644
index 0000000000..2929709309
--- /dev/null
+++ b/client/src/components/Messages/Content/FloatingCodeBar.tsx
@@ -0,0 +1,45 @@
+import React from 'react';
+import { InfoIcon } from 'lucide-react';
+import type { CodeBarProps } from '~/common';
+import useCopyCode from '~/components/Messages/Content/useCopyCode';
+import CopyButton from '~/components/Messages/Content/CopyButton';
+import RunCode from '~/components/Messages/Content/RunCode';
+import cn from '~/utils/cn';
+
+interface FloatingCodeBarProps extends CodeBarProps {
+  isVisible: boolean;
+}
+
+const FloatingCodeBar: React.FC<FloatingCodeBarProps> = React.memo(
+  ({ lang, codeRef, blockIndex, plugin = null, allowExecution = true, isVisible }) => {
+    const { isCopied, buttonRef, handleCopy } = useCopyCode(codeRef);
+
+    return (
+      <div
+        className={cn(
+          'absolute bottom-2 right-2 flex items-center gap-2 font-sans text-xs text-text-secondary transition-opacity duration-150',
+          isVisible ? 'opacity-100' : 'pointer-events-none opacity-0',
+        )}
+      >
+        {plugin === true ? (
+          <InfoIcon className="flex h-4 w-4 gap-2 text-text-secondary" />
+        ) : (
+          <>
+            {allowExecution === true && (
+              <RunCode lang={lang} codeRef={codeRef} blockIndex={blockIndex} iconOnly />
+            )}
+            <CopyButton
+              ref={buttonRef}
+              isCopied={isCopied}
+              iconOnly
+              tabIndex={isVisible ? 0 : -1}
+              onClick={handleCopy}
+            />
+          </>
+        )}
+      </div>
+    );
+  },
+);
+
+export default FloatingCodeBar;
diff --git a/client/src/components/Messages/Content/LangIcon.tsx b/client/src/components/Messages/Content/LangIcon.tsx
new file mode 100644
index 0000000000..bebdad06b9
--- /dev/null
+++ b/client/src/components/Messages/Content/LangIcon.tsx
@@ -0,0 +1,104 @@
+import React from 'react';
+import { FileText } from 'lucide-react';
+import LANG_ICON_PATHS from './langIconPaths';
+
+interface LangIconProps {
+  lang: string;
+  className?: string;
+}
+
+const LANG_ALIASES: Record<string, string> = {
+  py: 'python',
+  js: 'javascript',
+  ts: 'typescript',
+  jsx: 'javascript',
+  tsx: 'typescript',
+  rs: 'rust',
+  golang: 'go',
+  rb: 'ruby',
+  sh: 'bash',
+  zsh: 'bash',
+  shell: 'bash',
+  powershell: 'bash',
+  cmd: 'bash',
+  'c++': 'cpp',
+  'c#': 'csharp',
+  cs: 'csharp',
+  dotnet: 'csharp',
+  htm: 'html',
+  html5: 'html',
+  css3: 'css',
+  scss: 'sass',
+  jsonc: 'json',
+  json5: 'json',
+  yml: 'yaml',
+  mysql: 'json',
+  postgresql: 'json',
+  sqlite: 'json',
+  sql: 'json',
+  kt: 'kotlin',
+  kts: 'kotlin',
+  ex: 'elixir',
+  exs: 'elixir',
+  erl: 'erlang',
+  hs: 'haskell',
+  pl: 'perl',
+  clj: 'clojure',
+  cljs: 'clojure',
+  cljc: 'clojure',
+  jl: 'julia',
+  ml: 'ocaml',
+  mli: 'ocaml',
+  fs: 'fsharp',
+  fsx: 'fsharp',
+  cr: 'crystal',
+  coffee: 'coffeescript',
+  sol: 'solidity',
+  wasm: 'webassembly',
+  wat: 'webassembly',
+  gql: 'graphql',
+  tex: 'latex',
+  md: 'markdown',
+  mdx: 'markdown',
+  pas: 'delphi',
+  pascal: 'delphi',
+  rkt: 'racket',
+  purs: 'purescript',
+};
+
+/** Map from alias used in LANG_ICON_PATHS to the name used in ICON_IMPORTS on the old code. */
+const NAME_MAP: Record<string, string> = {
+  java: 'openjdk',
+  c: 'c',
+  cpp: 'cplusplus',
+  csharp: 'dotnet',
+  html: 'html5',
+  bash: 'gnubash',
+  groovy: 'apachegroovy',
+};
+
+const LangIcon = React.memo(function LangIcon({ lang, className }: LangIconProps) {
+  const key = lang.toLowerCase();
+  if (key === 'txt' || key === 'text') {
+    return <FileText className={className} aria-hidden="true" />;
+  }
+  const resolved = LANG_ALIASES[key] ?? key;
+  const pathKey = NAME_MAP[resolved] ?? resolved;
+  const path = LANG_ICON_PATHS[pathKey];
+  if (!path) {
+    return null;
+  }
+  return (
+    <svg
+      role="img"
+      viewBox="0 0 24 24"
+      className={className}
+      fill="currentColor"
+      aria-hidden="true"
+    >
+      <path d={path} />
+    </svg>
+  );
+});
+
+export default LangIcon;
diff --git a/client/src/components/Messages/Content/Mermaid.tsx b/client/src/components/Messages/Content/Mermaid.tsx
deleted file mode 100644
index 03037f4427..0000000000
--- a/client/src/components/Messages/Content/Mermaid.tsx
+++ /dev/null
@@ -1,850 +0,0 @@
-import React, { useEffect, useMemo, useState, useRef, useCallback, memo } from 'react';
-import copy from 'copy-to-clipboard';
-import { X, ZoomIn, ZoomOut, ChevronUp, RefreshCw, RotateCcw, ChevronDown } from 'lucide-react';
-import {
-  Button,
-  Spinner,
-  OGDialog,
-  Clipboard,
-  CheckMark,
-  OGDialogClose,
-  OGDialogTitle,
-  OGDialogContent,
-} from '@librechat/client';
-import { useLocalize, useDebouncedMermaid } from '~/hooks';
-import { fixSubgraphTitleContrast } from '~/utils/mermaid';
-import MermaidHeader from './MermaidHeader';
-import cn from '~/utils/cn';
-
-interface MermaidProps {
-  /** Mermaid diagram content */
-  children: string;
-  /** Unique identifier */
-  id?: string;
-  /** Custom theme */
-  theme?: string;
-}
-
-const MIN_ZOOM = 0.25;
-const MAX_ZOOM = 4;
-const ZOOM_STEP = 0.25;
-const MIN_CONTAINER_HEIGHT = 200;
-const MAX_CONTAINER_HEIGHT = 500;
-
-const Mermaid: React.FC<MermaidProps> = memo(({ children, id, theme }) => {
-  const localize = useLocalize();
-  const [blobUrl, setBlobUrl] = useState<string>('');
-  const [showCode, setShowCode] = useState(false);
-  const [retryCount, setRetryCount] = useState(0);
-  const [isDialogOpen, setIsDialogOpen] = useState(false);
-  // Separate showCode state for dialog to avoid re-renders
-  const [dialogShowCode, setDialogShowCode] = useState(false);
-  const lastValidSvgRef = useRef<string | null>(null);
-  const expandButtonRef = useRef<HTMLButtonElement>(null);
-  const dialogShowCodeButtonRef = useRef<HTMLButtonElement>(null);
-  const dialogCopyButtonRef = useRef<HTMLButtonElement>(null);
-  const zoomCopyButtonRef = useRef<HTMLButtonElement>(null);
-  const dialogZoomCopyButtonRef = useRef<HTMLButtonElement>(null);
-
-  const [svgDimensions, setSvgDimensions] = useState<{ width: number; height: number } | null>(
-    null,
-  );
-  const [containerWidth, setContainerWidth] = useState(700);
-  const [isHovered, setIsHovered] = useState(false);
-  const [isFocusWithin, setIsFocusWithin] = useState(false);
-  const [isTouchDevice, setIsTouchDevice] = useState(false);
-  const [showMobileControls, setShowMobileControls] = useState(false);
-
-  useEffect(() => {
-    setIsTouchDevice('ontouchstart' in window || navigator.maxTouchPoints > 0);
-  }, []);
-
-  const [zoom, setZoom] = useState(1);
-  // Dialog zoom and pan state (separate from inline view)
-  const [dialogZoom, setDialogZoom] = useState(1);
-  const [dialogPan, setDialogPan] = useState({ x: 0, y: 0 });
-  const [isDialogPanning, setIsDialogPanning] = useState(false);
-  const dialogPanStartRef = useRef({ x: 0, y: 0 });
-  const [pan, setPan] = useState({ x: 0, y: 0 });
-  const [isPanning, setIsPanning] = useState(false);
-  const panStartRef = useRef({ x: 0, y: 0 });
-  const containerRef = useRef<HTMLDivElement>(null);
-  const streamingCodeRef = useRef<HTMLPreElement>(null);
-
-  // Get SVG from debounced hook (handles streaming gracefully)
-  const { svg, isLoading, error } = useDebouncedMermaid({
-    content: children,
-    id,
-    theme,
-    key: retryCount,
-  });
-
-  // Auto-scroll streaming code to bottom
-  useEffect(() => {
-    if (isLoading && streamingCodeRef.current) {
-      streamingCodeRef.current.scrollTop = streamingCodeRef.current.scrollHeight;
-    }
-  }, [children, isLoading]);
-
-  // Store last valid SVG for showing during updates
-  useEffect(() => {
-    if (svg) {
-      lastValidSvgRef.current = svg;
-    }
-  }, [svg]);
-
-  useEffect(() => {
-    if (!containerRef.current) return;
-
-    const observer = new ResizeObserver((entries) => {
-      for (const entry of entries) {
-        setContainerWidth(entry.contentRect.width);
-      }
-    });
-
-    observer.observe(containerRef.current);
-    return () => observer.disconnect();
-  }, []);
-
-  // Process SVG and extract dimensions
-  const { processedSvg, parsedDimensions } = useMemo(() => {
-    if (!svg) {
-      return { processedSvg: null, parsedDimensions: null };
-    }
-
-    // Regex-based fallback for malformed or unparseable SVG
-    const applyFallbackFixes = (svgString: string): string => {
-      let finalSvg = svgString;
-
-      // Firefox fix: Ensure viewBox is set correctly
-      if (
-        !svgString.includes('viewBox') &&
-        svgString.includes('height=') &&
-        svgString.includes('width=')
-      ) {
-        const widthMatch = svgString.match(/width="(\d+)"/);
-        const heightMatch = svgString.match(/height="(\d+)"/);
-
-        if (widthMatch && heightMatch) {
-          const width = widthMatch[1];
-          const height = heightMatch[1];
-          finalSvg = finalSvg.replace('<svg', `<svg viewBox="0 0 ${width} ${height}"`);
-        }
-      }
-
-      // Ensure SVG has proper XML namespace
-      if (!finalSvg.includes('xmlns')) {
-        finalSvg = finalSvg.replace('<svg', '<svg xmlns="http://www.w3.org/2000/svg"');
-      }
-
-      return finalSvg;
-    };
-
-    const parser = new DOMParser();
-    const doc = parser.parseFromString(svg, 'image/svg+xml');
-
-    const parseError = doc.querySelector('parsererror');
-    if (parseError) {
-      return { processedSvg: applyFallbackFixes(svg), parsedDimensions: null };
-    }
-
-    const svgElement = doc.querySelector('svg');
-
-    if (svgElement) {
-      let width = parseFloat(svgElement.getAttribute('width') || '0');
-      let height = parseFloat(svgElement.getAttribute('height') || '0');
-
-      if (!width || !height) {
-        const viewBox = svgElement.getAttribute('viewBox');
-        if (viewBox) {
-          const parts = viewBox.split(/[\s,]+/).map(Number);
-          if (parts.length === 4) {
-            width = parts[2];
-            height = parts[3];
-          }
-        }
-      }
-
-      let dimensions: { width: number; height: number } | null = null;
-      if (width > 0 && height > 0) {
-        dimensions = { width, height };
-
-        if (!svgElement.getAttribute('viewBox')) {
-          svgElement.setAttribute('viewBox', `0 0 ${width} ${height}`);
-        }
-
-        svgElement.removeAttribute('width');
-        svgElement.removeAttribute('height');
-        svgElement.removeAttribute('style');
-      }
-
-      if (!svgElement.getAttribute('xmlns')) {
-        svgElement.setAttribute('xmlns', 'http://www.w3.org/2000/svg');
-      }
-
-      fixSubgraphTitleContrast(svgElement);
-
-      return {
-        processedSvg: new XMLSerializer().serializeToString(doc),
-        parsedDimensions: dimensions,
-      };
-    }
-
-    // Fallback: if svgElement is null
-    return { processedSvg: applyFallbackFixes(svg), parsedDimensions: null };
-  }, [svg]);
-
-  // The svg dimension update needs to be in useEffect instead of useMemo to avoid re-render problems
-  useEffect(() => {
-    if (parsedDimensions) {
-      setSvgDimensions(parsedDimensions);
-    }
-  }, [parsedDimensions]);
-
-  useEffect(() => {
-    if (!processedSvg) {
-      return;
-    }
-
-    const blob = new Blob([processedSvg], { type: 'image/svg+xml' });
-    const url = URL.createObjectURL(blob);
-    setBlobUrl(url);
-
-    return () => {
-      if (url) {
-        URL.revokeObjectURL(url);
-      }
-    };
-  }, [processedSvg]);
-
-  const { initialScale, calculatedHeight } = useMemo(() => {
-    if (!svgDimensions) {
-      return { initialScale: 1, calculatedHeight: MAX_CONTAINER_HEIGHT };
-    }
-
-    const padding = 32;
-    const availableWidth = containerWidth - padding;
-    const scaleX = availableWidth / svgDimensions.width;
-    const scaleY = MAX_CONTAINER_HEIGHT / svgDimensions.height;
-    const scale = Math.min(scaleX, scaleY, 1); // Cap at 1 to prevent small diagrams from being scaled up
-    const height = Math.max(
-      MIN_CONTAINER_HEIGHT,
-      Math.min(MAX_CONTAINER_HEIGHT, svgDimensions.height * scale + padding),
-    );
-
-    return { initialScale: scale, calculatedHeight: height };
-  }, [svgDimensions, containerWidth]);
-
-  const [isDialogCopied, setIsDialogCopied] = useState(false);
-  const handleDialogCopy = useCallback(() => {
-    copy(children.trim(), { format: 'text/plain' });
-    setIsDialogCopied(true);
-    requestAnimationFrame(() => {
-      dialogCopyButtonRef.current?.focus();
-    });
-    setTimeout(() => {
-      setIsDialogCopied(false);
-      requestAnimationFrame(() => {
-        dialogCopyButtonRef.current?.focus();
-      });
-    }, 3000);
-  }, [children]);
-
-  // Zoom controls copy with focus restoration
-  const [isZoomCopied, setIsZoomCopied] = useState(false);
-  const handleZoomCopy = useCallback(() => {
-    copy(children.trim(), { format: 'text/plain' });
-    setIsZoomCopied(true);
-    requestAnimationFrame(() => {
-      zoomCopyButtonRef.current?.focus();
-    });
-    setTimeout(() => {
-      setIsZoomCopied(false);
-      requestAnimationFrame(() => {
-        zoomCopyButtonRef.current?.focus();
-      });
-    }, 3000);
-  }, [children]);
-
-  // Dialog zoom controls copy
-  const handleDialogZoomCopy = useCallback(() => {
-    copy(children.trim(), { format: 'text/plain' });
-    requestAnimationFrame(() => {
-      dialogZoomCopyButtonRef.current?.focus();
-    });
-  }, [children]);
-
-  const handleRetry = () => {
-    setRetryCount((prev) => prev + 1);
-  };
-
-  const handleToggleCode = useCallback(() => {
-    setShowCode((prev) => !prev);
-  }, []);
-
-  // Toggle dialog code with focus restoration
-  const handleToggleDialogCode = useCallback(() => {
-    setDialogShowCode((prev) => !prev);
-    requestAnimationFrame(() => {
-      dialogShowCodeButtonRef.current?.focus();
-    });
-  }, []);
-
-  // Zoom handlers
-  const handleZoomIn = useCallback(() => {
-    setZoom((prev) => Math.min(prev + ZOOM_STEP, MAX_ZOOM));
-  }, []);
-
-  const handleZoomOut = useCallback(() => {
-    setZoom((prev) => Math.max(prev - ZOOM_STEP, MIN_ZOOM));
-  }, []);
-
-  const handleResetZoom = useCallback(() => {
-    setZoom(1);
-    setPan({ x: 0, y: 0 });
-  }, []);
-
-  // Dialog zoom handlers
-  const handleDialogZoomIn = useCallback(() => {
-    setDialogZoom((prev) => Math.min(prev + ZOOM_STEP, MAX_ZOOM));
-  }, []);
-
-  const handleDialogZoomOut = useCallback(() => {
-    setDialogZoom((prev) => Math.max(prev - ZOOM_STEP, MIN_ZOOM));
-  }, []);
-
-  const handleDialogResetZoom = useCallback(() => {
-    setDialogZoom(1);
-    setDialogPan({ x: 0, y: 0 });
-  }, []);
-
-  const handleDialogWheel = useCallback((e: React.WheelEvent) => {
-    // In the expanded dialog, allow zooming without holding modifier key
-    e.preventDefault();
-    const delta = e.deltaY > 0 ? -ZOOM_STEP : ZOOM_STEP;
-    setDialogZoom((prev) => Math.min(Math.max(prev + delta, MIN_ZOOM), MAX_ZOOM));
-  }, []);
-
-  const handleDialogMouseDown = useCallback(
-    (e: React.MouseEvent) => {
-      const target = e.target as HTMLElement;
-      const isButton = target.tagName === 'BUTTON' || target.closest('button');
-      if (e.button === 0 && !isButton) {
-        setIsDialogPanning(true);
-        dialogPanStartRef.current = { x: e.clientX - dialogPan.x, y: e.clientY - dialogPan.y };
-      }
-    },
-    [dialogPan],
-  );
-
-  const handleDialogMouseMove = useCallback(
-    (e: React.MouseEvent) => {
-      if (isDialogPanning) {
-        setDialogPan({
-          x: e.clientX - dialogPanStartRef.current.x,
-          y: e.clientY - dialogPanStartRef.current.y,
-        });
-      }
-    },
-    [isDialogPanning],
-  );
-
-  const handleDialogMouseUp = useCallback(() => {
-    setIsDialogPanning(false);
-  }, []);
-
-  const handleDialogMouseLeave = useCallback(() => {
-    setIsDialogPanning(false);
-  }, []);
-
-  // Mouse wheel zoom
-  useEffect(() => {
-    const container = containerRef.current;
-    if (!container) return;
-
-    const handleWheelNative = (e: WheelEvent) => {
-      if (e.ctrlKey || e.metaKey) {
-        e.preventDefault();
-        const delta = e.deltaY > 0 ? -ZOOM_STEP : ZOOM_STEP;
-        setZoom((prev) => Math.min(Math.max(prev + delta, MIN_ZOOM), MAX_ZOOM));
-      }
-    };
-
-    // use native event listener with passive: false to prevent scroll
-    container.addEventListener('wheel', handleWheelNative, { passive: false });
-    return () => container.removeEventListener('wheel', handleWheelNative);
-  }, [blobUrl]); // blobUrl dep (unused in callback) ensures listener re-attaches when container mounts
-
-  const handleMouseDown = useCallback(
-    (e: React.MouseEvent) => {
-      // Only start panning on left click and not on buttons/icons inside buttons
-      const target = e.target as HTMLElement;
-      const isButton = target.tagName === 'BUTTON' || target.closest('button');
-      if (e.button === 0 && !isButton) {
-        setIsPanning(true);
-        panStartRef.current = { x: e.clientX - pan.x, y: e.clientY - pan.y };
-      }
-    },
-    [pan],
-  );
-
-  // Attach document-level listeners when panning starts
-  useEffect(() => {
-    if (!isPanning) return;
-
-    const handleDocumentMouseMove = (e: MouseEvent) => {
-      setPan({
-        x: e.clientX - panStartRef.current.x,
-        y: e.clientY - panStartRef.current.y,
-      });
-    };
-
-    const handleDocumentMouseUp = () => {
-      setIsPanning(false);
-    };
-
-    document.addEventListener('mousemove', handleDocumentMouseMove);
-    document.addEventListener('mouseup', handleDocumentMouseUp);
-
-    return () => {
-      document.removeEventListener('mousemove', handleDocumentMouseMove);
-      document.removeEventListener('mouseup', handleDocumentMouseUp);
-    };
-  }, [isPanning]);
-
-  const showControls = isTouchDevice
-    ? showMobileControls || showCode
-    : isHovered || isFocusWithin || showCode;
-
-  const handleContainerClick = useCallback(
-    (e: React.MouseEvent | React.TouchEvent) => {
-      if (!isTouchDevice) return;
-      const target = e.target as HTMLElement;
-      const isInteractive = target.closest('button, a, [role="button"]');
-      if (!isInteractive) {
-        setShowMobileControls((prev) => !prev);
-      }
-    },
-    [isTouchDevice],
-  );
-
-  const handleExpand = useCallback(() => {
-    setDialogShowCode(false);
-    setDialogZoom(1);
-    setDialogPan({ x: 0, y: 0 });
-    setIsDialogOpen(true);
-  }, []);
-
-  const zoomControls = (
-    <div
-      className={cn(
-        'absolute bottom-2 right-2 z-10 flex items-center gap-1 rounded-md border border-border-light bg-surface-secondary p-1 shadow-lg transition-opacity duration-200',
-        showControls ? 'opacity-100' : 'pointer-events-none opacity-0',
-      )}
-    >
-      <button
-        type="button"
-        onClick={(e) => {
-          e.stopPropagation();
-          handleZoomOut();
-        }}
-        disabled={zoom <= MIN_ZOOM}
-        className="rounded p-1.5 text-text-secondary hover:bg-surface-hover disabled:opacity-40 disabled:hover:bg-transparent"
-        title={localize('com_ui_zoom_out')}
-      >
-        <ZoomOut className="h-4 w-4" />
-      </button>
-      <span className="min-w-[3rem] text-center text-xs text-text-secondary">
-        {Math.round(zoom * 100)}%
-      </span>
-      <button
-        type="button"
-        onClick={(e) => {
-          e.stopPropagation();
-          handleZoomIn();
-        }}
-        disabled={zoom >= MAX_ZOOM}
-        className="rounded p-1.5 text-text-secondary hover:bg-surface-hover disabled:opacity-40 disabled:hover:bg-transparent"
-        title={localize('com_ui_zoom_in')}
-      >
-        <ZoomIn className="h-4 w-4" />
-      </button>
-      <div className="mx-1 h-4 w-px bg-border-medium" />
-      <button
-        type="button"
-        onClick={(e) => {
-          e.stopPropagation();
-          handleResetZoom();
-        }}
-        disabled={zoom === 1 && pan.x === 0 && pan.y === 0}
-        className="rounded p-1.5 text-text-secondary hover:bg-surface-hover disabled:opacity-40 disabled:hover:bg-transparent"
-        title={localize('com_ui_reset_zoom')}
-      >
-        <RotateCcw className="h-4 w-4" />
-      </button>
-      <div className="mx-1 h-4 w-px bg-border-medium" />
-      <button
-        ref={zoomCopyButtonRef}
-        type="button"
-        onClick={(e) => {
-          e.stopPropagation();
-          handleZoomCopy();
-        }}
-        className="rounded p-1.5 text-text-secondary hover:bg-surface-hover"
-        title={localize('com_ui_copy_code')}
-      >
-        {isZoomCopied ? <CheckMark className="h-4 w-4" /> : <Clipboard className="h-4 w-4" />}
-      </button>
-    </div>
-  );
-
-  // Dialog zoom controls
-  const dialogZoomControls = (
-    <div className="absolute bottom-4 right-4 z-10 flex items-center gap-1 rounded-md border border-border-light bg-surface-secondary p-1 shadow-lg">
-      <button
-        type="button"
-        onClick={(e) => {
-          e.stopPropagation();
-          handleDialogZoomOut();
-        }}
-        disabled={dialogZoom <= MIN_ZOOM}
-        className="rounded p-1.5 text-text-secondary hover:bg-surface-hover disabled:opacity-40 disabled:hover:bg-transparent"
-        title={localize('com_ui_zoom_out')}
-      >
-        <ZoomOut className="h-4 w-4" />
-      </button>
-      <span className="min-w-[3rem] text-center text-xs text-text-secondary">
-        {Math.round(dialogZoom * 100)}%
-      </span>
-      <button
-        type="button"
-        onClick={(e) => {
-          e.stopPropagation();
-          handleDialogZoomIn();
-        }}
-        disabled={dialogZoom >= MAX_ZOOM}
-        className="rounded p-1.5 text-text-secondary hover:bg-surface-hover disabled:opacity-40 disabled:hover:bg-transparent"
-        title={localize('com_ui_zoom_in')}
-      >
-        <ZoomIn className="h-4 w-4" />
-      </button>
-      <div className="mx-1 h-4 w-px bg-border-medium" />
-      <button
-        type="button"
-        onClick={(e) => {
-          e.stopPropagation();
-          handleDialogResetZoom();
-        }}
-        disabled={dialogZoom === 1 && dialogPan.x === 0 && dialogPan.y === 0}
-        className="rounded p-1.5 text-text-secondary hover:bg-surface-hover disabled:opacity-40 disabled:hover:bg-transparent"
-        title={localize('com_ui_reset_zoom')}
-      >
-        <RotateCcw className="h-4 w-4" />
-      </button>
-      <div className="mx-1 h-4 w-px bg-border-medium" />
-      <button
-        ref={dialogZoomCopyButtonRef}
-        type="button"
-        onClick={(e) => {
-          e.stopPropagation();
-          handleDialogZoomCopy();
-        }}
-        className="rounded p-1.5 text-text-secondary hover:bg-surface-hover"
-        title={localize('com_ui_copy_code')}
-      >
-        <Clipboard className="h-4 w-4" />
-      </button>
-    </div>
-  );
-
-  // Full-screen dialog - rendered inline, not as function component to avoid recreation
-  const expandedDialog = (
-    <OGDialog open={isDialogOpen} onOpenChange={setIsDialogOpen} triggerRef={expandButtonRef}>
-      <OGDialogContent
-        showCloseButton={false}
-        className="h-[85vh] max-h-[85vh] w-[90vw] max-w-[90vw] gap-0 overflow-hidden border-border-light bg-surface-primary-alt p-0"
-      >
-        <OGDialogTitle className="flex h-10 items-center justify-between bg-gray-700 px-4 font-sans text-xs text-gray-200">
-          <span>{localize('com_ui_mermaid')}</span>
-          <div className="flex gap-2">
-            <Button
-              ref={dialogShowCodeButtonRef}
-              variant="ghost"
-              size="sm"
-              className="h-auto min-w-[6rem] gap-1 rounded-sm px-1 py-0 text-xs text-gray-200 hover:bg-gray-600 hover:text-white focus-visible:ring-white focus-visible:ring-offset-0"
-              onClick={handleToggleDialogCode}
-            >
-              {dialogShowCode ? (
-                <ChevronUp className="h-4 w-4" />
-              ) : (
-                <ChevronDown className="h-4 w-4" />
-              )}
-              {dialogShowCode ? localize('com_ui_hide_code') : localize('com_ui_show_code')}
-            </Button>
-            <Button
-              ref={dialogCopyButtonRef}
-              variant="ghost"
-              size="sm"
-              className="h-auto gap-1 rounded-sm px-1 py-0 text-xs text-gray-200 hover:bg-gray-600 hover:text-white focus-visible:ring-white focus-visible:ring-offset-0"
-              onClick={handleDialogCopy}
-            >
-              {isDialogCopied ? <CheckMark className="h-[18px] w-[18px]" /> : <Clipboard />}
-              {localize('com_ui_copy_code')}
-            </Button>
-            <OGDialogClose className="rounded-sm p-1 text-gray-200 hover:bg-gray-600 hover:text-white focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-white">
-              <X className="h-4 w-4" />
-              <span className="sr-only">{localize('com_ui_close')}</span>
-            </OGDialogClose>
-          </div>
-        </OGDialogTitle>
-        {dialogShowCode && (
-          <div className="border-b border-border-medium bg-surface-secondary p-4">
-            <pre className="max-h-[150px] overflow-auto whitespace-pre-wrap text-xs text-text-secondary">
-              {children}
-            </pre>
-          </div>
-        )}
-        <div
-          className={cn(
-            'relative flex-1 overflow-hidden p-4',
-            'bg-surface-primary-alt',
-            isDialogPanning ? 'cursor-grabbing' : 'cursor-grab',
-          )}
-          style={{ height: dialogShowCode ? 'calc(85vh - 200px)' : 'calc(85vh - 50px)' }}
-          onWheel={handleDialogWheel}
-          onMouseDown={handleDialogMouseDown}
-          onMouseMove={handleDialogMouseMove}
-          onMouseUp={handleDialogMouseUp}
-          onMouseLeave={handleDialogMouseLeave}
-        >
-          <div
-            className="flex h-full w-full items-center justify-center"
-            style={{
-              transform: `translate(${dialogPan.x}px, ${dialogPan.y}px)`,
-              transition: isDialogPanning ? 'none' : 'transform 0.1s ease-out',
-            }}
-          >
-            <img
-              src={blobUrl}
-              alt="Mermaid diagram"
-              className="max-h-full max-w-full select-none object-contain"
-              style={{
-                transform: `scale(${dialogZoom})`,
-                transformOrigin: 'center center',
-              }}
-              draggable={false}
-            />
-          </div>
-          {dialogZoomControls}
-        </div>
-      </OGDialogContent>
-    </OGDialog>
-  );
-
-  // Loading state - show last valid diagram with loading indicator, or spinner
-  if (isLoading) {
-    // If we have a previous valid render, show it with a subtle loading indicator
-    if (lastValidSvgRef.current && blobUrl) {
-      return (
-        <div
-          className={cn(
-            'relative w-full overflow-hidden rounded-md border transition-all duration-200',
-            showControls ? 'border-border-light' : 'border-transparent',
-          )}
-          onMouseEnter={() => setIsHovered(true)}
-          onMouseLeave={() => setIsHovered(false)}
-          onFocus={() => setIsFocusWithin(true)}
-          onBlur={(e) => {
-            if (!e.currentTarget.contains(e.relatedTarget as Node)) {
-              setIsFocusWithin(false);
-            }
-          }}
-          onClick={handleContainerClick}
-        >
-          <MermaidHeader
-            className={cn(
-              'absolute left-0 right-0 top-0 z-20',
-              showControls ? 'opacity-100' : 'pointer-events-none opacity-0',
-            )}
-            codeContent={children}
-            showCode={showCode}
-            onToggleCode={handleToggleCode}
-          />
-          <div
-            ref={containerRef}
-            className={cn(
-              'relative overflow-hidden p-4 transition-colors duration-200',
-              'rounded-md',
-              showControls ? 'bg-surface-primary-alt dark:bg-white/[0.03]' : 'bg-transparent',
-              isPanning ? 'cursor-grabbing' : 'cursor-grab',
-            )}
-            style={{ height: `${calculatedHeight}px` }}
-            onMouseDown={handleMouseDown}
-          >
-            <div className="absolute left-2 top-2 z-10 flex items-center gap-1 rounded border border-border-light bg-surface-secondary px-2 py-1 text-xs text-text-secondary">
-              <Spinner className="h-3 w-3" />
-            </div>
-            <div
-              className="absolute inset-0 flex items-center justify-center"
-              style={{
-                transform: `translate(${pan.x}px, ${pan.y}px) scale(${zoom})`,
-                transition: isPanning ? 'none' : 'transform 0.1s ease-out',
-              }}
-            >
-              <img
-                src={blobUrl}
-                alt="Mermaid diagram"
-                className="select-none opacity-70"
-                style={{
-                  width: svgDimensions ? `${svgDimensions.width * initialScale}px` : 'auto',
-                  height: svgDimensions ? `${svgDimensions.height * initialScale}px` : 'auto',
-                }}
-                draggable={false}
-              />
-            </div>
-            {zoomControls}
-          </div>
-        </div>
-      );
-    }
-
-    // No previous render, show streaming code
-    return (
-      <div className="w-full overflow-hidden rounded-md border border-border-light">
-        <div className="flex items-center gap-2 rounded-t-md bg-gray-700 px-4 py-2 font-sans text-xs text-gray-200">
-          <Spinner className="h-3 w-3 text-gray-200" />
-          <span>{localize('com_ui_mermaid')}</span>
-        </div>
-        <pre
-          ref={streamingCodeRef}
-          className="max-h-[350px] min-h-[150px] overflow-auto whitespace-pre-wrap rounded-b-md bg-surface-primary-alt p-4 font-mono text-xs text-text-secondary"
-        >
-          {children}
-        </pre>
-      </div>
-    );
-  }
-
-  // Error state
-  if (error) {
-    return (
-      <div className="w-full overflow-hidden rounded-md border border-border-light">
-        <MermaidHeader codeContent={children} showCode={showCode} onToggleCode={handleToggleCode} />
-        <div className="rounded-b-md border-t border-red-500/30 bg-red-500/10 p-4">
-          <div className="mb-2 flex items-center justify-between">
-            <span className="font-semibold text-red-500 dark:text-red-400">
-              {localize('com_ui_mermaid_failed')}
-            </span>
-            <button
-              type="button"
-              onClick={handleRetry}
-              className="flex items-center gap-1 rounded px-2 py-1 text-xs text-text-secondary hover:bg-surface-hover"
-            >
-              <RefreshCw className="h-3 w-3" />
-              {localize('com_ui_retry')}
-            </button>
-          </div>
-          <pre className="overflow-auto text-xs text-red-600 dark:text-red-300">
-            {error.message}
-          </pre>
-          {showCode && (
-            <div className="mt-4 border-t border-border-medium pt-4">
-              <div className="mb-2 text-xs text-text-secondary">
-                {localize('com_ui_mermaid_source')}
-              </div>
-              <pre className="overflow-auto whitespace-pre-wrap text-xs text-text-secondary">
-                {children}
-              </pre>
-            </div>
-          )}
-        </div>
-      </div>
-    );
-  }
-
-  // Success state
-  if (!blobUrl) {
-    return null;
-  }
-
-  return (
-    <>
-      {expandedDialog}
-      <div
-        className={cn(
-          'relative w-full overflow-hidden rounded-md border transition-all duration-200',
-          showControls ? 'border-border-light' : 'border-transparent',
-        )}
-        onMouseEnter={() => setIsHovered(true)}
-        onMouseLeave={() => setIsHovered(false)}
-        onFocus={() => setIsFocusWithin(true)}
-        onBlur={(e) => {
-          if (!e.currentTarget.contains(e.relatedTarget as Node)) {
-            setIsFocusWithin(false);
-          }
-        }}
-        onClick={handleContainerClick}
-      >
-        <MermaidHeader
-          className={cn(
-            'absolute left-0 right-0 top-0 z-20',
-            showControls ? 'opacity-100' : 'pointer-events-none opacity-0',
-          )}
-          codeContent={children}
-          showCode={showCode}
-          showExpandButton
-          expandButtonRef={expandButtonRef}
-          onExpand={handleExpand}
-          onToggleCode={handleToggleCode}
-        />
-        {showCode && (
-          <div
-            className={cn(
-              'border-b border-border-medium bg-surface-secondary p-4 pt-12 transition-opacity duration-200',
-              showControls ? 'opacity-100' : 'pointer-events-none opacity-0',
-            )}
-          >
-            <pre className="overflow-auto whitespace-pre-wrap text-xs text-text-secondary">
-              {children}
-            </pre>
-          </div>
-        )}
-        <div
-          ref={containerRef}
-          className={cn(
-            'relative overflow-hidden p-4 transition-colors duration-200',
-            'rounded-md',
-            showControls ? 'bg-surface-primary-alt dark:bg-white/[0.03]' : 'bg-transparent',
-            isPanning ? 'cursor-grabbing' : 'cursor-grab',
-          )}
-          style={{ height: `${calculatedHeight}px` }}
-          onMouseDown={handleMouseDown}
-        >
-          <div
-            className="absolute inset-0 flex items-center justify-center"
-            style={{
-              transform: `translate(${pan.x}px, ${pan.y}px) scale(${zoom})`,
-              transition: isPanning ? 'none' : 'transform 0.1s ease-out',
-            }}
-          >
-            <img
-              src={blobUrl}
-              alt="Mermaid diagram"
-              className="select-none"
-              style={{
-                width: svgDimensions ? `${svgDimensions.width * initialScale}px` : 'auto',
-                height: svgDimensions ? `${svgDimensions.height * initialScale}px` : 'auto',
-              }}
-              draggable={false}
-            />
-          </div>
-          {zoomControls}
-        </div>
-      </div>
-    </>
-  );
-});
-
-Mermaid.displayName = 'Mermaid';
-
-export default Mermaid;
diff --git a/client/src/components/Messages/Content/Mermaid/Mermaid.tsx b/client/src/components/Messages/Content/Mermaid/Mermaid.tsx
new file mode 100644
index 0000000000..51e873f49a
--- /dev/null
+++ b/client/src/components/Messages/Content/Mermaid/Mermaid.tsx
@@ -0,0 +1,288 @@
+import React, { useEffect, useState, useRef, useCallback, memo } from 'react';
+import { RefreshCw } from 'lucide-react';
+import { Spinner } from '@librechat/client';
+import useSvgProcessing from './useSvgProcessing';
+import useMermaidZoom from './useMermaidZoom';
+import MermaidDialog from './MermaidDialog';
+import MermaidHeader from './MermaidHeader';
+import ZoomControls from './ZoomControls';
+import { useLocalize } from '~/hooks';
+import cn from '~/utils/cn';
+
+interface MermaidProps {
+  children: string;
+  id?: string;
+  theme?: string;
+}
+
+const Mermaid: React.FC<MermaidProps> = memo(({ children, id, theme }) => {
+  const localize = useLocalize();
+  const [showCode, setShowCode] = useState(false);
+  const [retryCount, setRetryCount] = useState(0);
+  const [isDialogOpen, setIsDialogOpen] = useState(false);
+  const [isHovered, setIsHovered] = useState(false);
+  const [isFocusWithin, setIsFocusWithin] = useState(false);
+  const [isTouchDevice, setIsTouchDevice] = useState(false);
+  const [showMobileControls, setShowMobileControls] = useState(false);
+  const expandButtonRef = useRef<HTMLButtonElement>(null);
+  const containerRef = useRef<HTMLDivElement>(null);
+  const streamingCodeRef = useRef<HTMLPreElement>(null);
+
+  useEffect(() => {
+    setIsTouchDevice('ontouchstart' in window || navigator.maxTouchPoints > 0);
+  }, []);
+
+  const {
+    blobUrl,
+    svgDimensions,
+    isLoading,
+    error,
+    lastValidSvgRef,
+    initialScale,
+    calculatedHeight,
+  } = useSvgProcessing({ content: children, id, theme, retryCount, containerRef });
+
+  const { zoom, pan, isPanning, handleZoomIn, handleZoomOut, handleResetZoom, handleMouseDown } =
+    useMermaidZoom({ containerRef, wheelDep: blobUrl });
+
+  useEffect(() => {
+    if (isLoading && streamingCodeRef.current) {
+      streamingCodeRef.current.scrollTop = streamingCodeRef.current.scrollHeight;
+    }
+  }, [children, isLoading]);
+
+  const handleToggleCode = useCallback(() => setShowCode((prev) => !prev), []);
+  const handleRetry = useCallback(() => setRetryCount((prev) => prev + 1), []);
+  const handleExpand = useCallback(() => setIsDialogOpen(true), []);
+
+  const handleContainerClick = useCallback(
+    (e: React.MouseEvent | React.TouchEvent) => {
+      if (!isTouchDevice) {
+        return;
+      }
+      const target = e.target as HTMLElement;
+      if (!target.closest('button, a, [role="button"]')) {
+        setShowMobileControls((prev) => !prev);
+      }
+    },
+    [isTouchDevice],
+  );
+
+  const showControls = isTouchDevice
+    ? showMobileControls || showCode
+    : isHovered || isFocusWithin || showCode;
+
+  const hoverHandlers = {
+    onMouseEnter: () => setIsHovered(true),
+    onMouseLeave: () => setIsHovered(false),
+    onFocus: () => setIsFocusWithin(true),
+    onBlur: (e: React.FocusEvent) => {
+      if (!e.currentTarget.contains(e.relatedTarget as Node)) {
+        setIsFocusWithin(false);
+      }
+    },
+  };
+
+  const diagramStyle = {
+    width: svgDimensions ? `${svgDimensions.width * initialScale}px` : 'auto',
+    height: svgDimensions ? `${svgDimensions.height * initialScale}px` : 'auto',
+  };
+
+  if (isLoading) {
+    if (lastValidSvgRef.current && blobUrl) {
+      return (
+        <div
+          className={cn(
+            'relative w-full overflow-hidden rounded-lg border transition-all duration-200',
+            showControls ? 'border-border-light' : 'border-transparent',
+          )}
+          {...hoverHandlers}
+          onClick={handleContainerClick}
+        >
+          <MermaidHeader
+            className={cn(
+              'absolute left-0 right-0 top-0 z-20',
+              showControls ? 'opacity-100' : 'pointer-events-none opacity-0',
+            )}
+            codeContent={children}
+            showCode={showCode}
+            onToggleCode={handleToggleCode}
+          />
+          <div
+            ref={containerRef}
+            className={cn(
+              'relative overflow-hidden rounded-md p-4 transition-colors duration-200',
+              'bg-surface-primary-alt dark:bg-white/[0.03]',
+              isPanning ? 'cursor-grabbing' : 'cursor-grab',
+            )}
+            style={{ height: `${calculatedHeight}px` }}
+            onMouseDown={handleMouseDown}
+          >
+            <div className="absolute left-2 top-2 z-10 flex items-center gap-1 rounded border border-border-light bg-surface-secondary px-2 py-1 text-xs text-text-secondary">
+              <Spinner className="h-3 w-3" />
+            </div>
+            <div
+              className="absolute inset-0 flex items-center justify-center"
+              style={{
+                transform: `translate(${pan.x}px, ${pan.y}px) scale(${zoom})`,
+                transition: isPanning ? 'none' : 'transform 0.1s ease-out',
+              }}
+            >
+              <img
+                src={blobUrl}
+                alt="Mermaid diagram"
+                className="select-none opacity-70"
+                style={diagramStyle}
+                draggable={false}
+              />
+            </div>
+            <ZoomControls
+              zoom={zoom}
+              pan={pan}
+              codeContent={children}
+              onZoomIn={handleZoomIn}
+              onZoomOut={handleZoomOut}
+              onReset={handleResetZoom}
+              className={cn(
+                'absolute bottom-2 right-2 z-10 transition-opacity duration-200',
+                showControls ? 'opacity-100' : 'pointer-events-none opacity-0',
+              )}
+            />
+          </div>
+        </div>
+      );
+    }
+
+    return (
+      <div className="w-full overflow-hidden rounded-lg border border-border-light">
+        <div className="flex items-center gap-2 border-b border-border-light bg-surface-secondary px-4 py-2 font-sans text-xs text-text-secondary">
+          <Spinner className="h-3 w-3" />
+          <span className="font-medium">{localize('com_ui_mermaid')}</span>
+        </div>
+        <pre
+          ref={streamingCodeRef}
+          className="max-h-[350px] min-h-[150px] overflow-auto whitespace-pre-wrap bg-surface-primary-alt p-4 font-mono text-xs text-text-secondary"
+        >
+          {children}
+        </pre>
+      </div>
+    );
+  }
+
+  if (error) {
+    return (
+      <div className="w-full overflow-hidden rounded-lg border border-border-light">
+        <MermaidHeader codeContent={children} showCode={showCode} onToggleCode={handleToggleCode} />
+        <div className="border-t border-border-light bg-surface-tertiary p-4">
+          <div className="mb-2 flex items-center justify-between">
+            <span className="font-semibold text-red-600 dark:text-red-400">
+              {localize('com_ui_mermaid_failed')}
+            </span>
+            <button
+              type="button"
+              onClick={handleRetry}
+              className="flex items-center gap-1 rounded px-2 py-1 text-xs text-text-secondary hover:bg-surface-hover"
+            >
+              <RefreshCw className="h-3 w-3" />
+              {localize('com_ui_retry')}
+            </button>
+          </div>
+          <pre className="overflow-auto text-xs text-red-600 dark:text-red-300">
+            {error.message}
+          </pre>
+          {showCode && (
+            <div className="mt-4 border-t border-border-light pt-4">
+              <div className="mb-2 text-xs text-text-secondary">
+                {localize('com_ui_mermaid_source')}
+              </div>
+              <pre className="overflow-auto whitespace-pre-wrap text-xs text-text-secondary">
+                {children}
+              </pre>
+            </div>
+          )}
+        </div>
+      </div>
+    );
+  }
+
+  if (!blobUrl) {
+    return null;
+  }
+
+  return (
+    <>
+      <MermaidDialog
+        open={isDialogOpen}
+        onOpenChange={setIsDialogOpen}
+        triggerRef={expandButtonRef}
+        blobUrl={blobUrl}
+        codeContent={children}
+      />
+      <div
+        className="relative w-full overflow-hidden rounded-lg border border-border-light transition-all duration-200"
+        {...hoverHandlers}
+        onClick={handleContainerClick}
+      >
+        <MermaidHeader
+          className="border-b border-border-light bg-surface-secondary"
+          actionsClassName="transition-opacity duration-200"
+          codeContent={children}
+          showCode={showCode}
+          showExpandButton
+          expandButtonRef={expandButtonRef}
+          onExpand={handleExpand}
+          onToggleCode={handleToggleCode}
+        />
+        {showCode && (
+          <div className="border-b border-border-light bg-surface-secondary p-4">
+            <pre className="overflow-auto whitespace-pre-wrap text-xs text-text-secondary">
+              {children}
+            </pre>
+          </div>
+        )}
+        <div
+          ref={containerRef}
+          className={cn(
+            'relative overflow-hidden p-4 transition-colors duration-200',
+            'bg-surface-primary-alt dark:bg-white/[0.03]',
+            isPanning ? 'cursor-grabbing' : 'cursor-grab',
+          )}
+          style={{ height: `${calculatedHeight}px` }}
+          onMouseDown={handleMouseDown}
+        >
+          <div
+            className="absolute inset-0 flex items-center justify-center"
+            style={{
+              transform: `translate(${pan.x}px, ${pan.y}px) scale(${zoom})`,
+              transition: isPanning ? 'none' : 'transform 0.1s ease-out',
+            }}
+          >
+            <img
+              src={blobUrl}
+              alt="Mermaid diagram"
+              className="select-none"
+              style={diagramStyle}
+              draggable={false}
+            />
+          </div>
+          <ZoomControls
+            zoom={zoom}
+            pan={pan}
+            codeContent={children}
+            onZoomIn={handleZoomIn}
+            onZoomOut={handleZoomOut}
+            onReset={handleResetZoom}
+            className={cn(
+              'absolute bottom-2 right-2 z-10 transition-opacity duration-200',
+              showControls ? 'opacity-100' : 'pointer-events-none opacity-0',
+            )}
+          />
+        </div>
+      </div>
+    </>
+  );
+});
+
+Mermaid.displayName = 'Mermaid';
+
+export default Mermaid;
diff --git a/client/src/components/Messages/Content/Mermaid/MermaidDialog.tsx b/client/src/components/Messages/Content/Mermaid/MermaidDialog.tsx
new file mode 100644
index 0000000000..51cf355414
--- /dev/null
+++ b/client/src/components/Messages/Content/Mermaid/MermaidDialog.tsx
@@ -0,0 +1,156 @@
+import React, { memo, useState, useCallback, useRef, useEffect } from 'react';
+import copy from 'copy-to-clipboard';
+import { X, ChevronUp, ChevronDown } from 'lucide-react';
+import {
+  Button,
+  OGDialog,
+  Clipboard,
+  CheckMark,
+  OGDialogClose,
+  OGDialogTitle,
+  OGDialogContent,
+} from '@librechat/client';
+import useMermaidZoom from './useMermaidZoom';
+import ZoomControls from './ZoomControls';
+import { useLocalize } from '~/hooks';
+import cn from '~/utils/cn';
+
+interface MermaidDialogProps {
+  open: boolean;
+  onOpenChange: (open: boolean) => void;
+  triggerRef: React.RefObject<HTMLButtonElement>;
+  blobUrl: string;
+  codeContent: string;
+}
+
+const MermaidDialog: React.FC<MermaidDialogProps> = memo(
+  ({ open, onOpenChange, triggerRef, blobUrl, codeContent }) => {
+    const localize = useLocalize();
+    const [showCode, setShowCode] = useState(false);
+    const [isCopied, setIsCopied] = useState(false);
+    const showCodeButtonRef = useRef<HTMLButtonElement>(null);
+    const copyButtonRef = useRef<HTMLButtonElement>(null);
+    const copyTimerRef = useRef<ReturnType<typeof setTimeout>>();
+
+    const {
+      zoom,
+      pan,
+      isPanning,
+      handleZoomIn,
+      handleZoomOut,
+      handleResetZoom,
+      handleWheel,
+      handleMouseDown,
+    } = useMermaidZoom();
+
+    useEffect(() => {
+      if (open) {
+        setShowCode(false);
+        handleResetZoom();
+      }
+    }, [open, handleResetZoom]);
+
+    const handleToggleCode = useCallback(() => {
+      setShowCode((prev) => !prev);
+      requestAnimationFrame(() => showCodeButtonRef.current?.focus());
+    }, []);
+
+    const handleCopy = useCallback(() => {
+      copy(codeContent.trim(), { format: 'text/plain' });
+      setIsCopied(true);
+      requestAnimationFrame(() => copyButtonRef.current?.focus());
+      clearTimeout(copyTimerRef.current);
+      copyTimerRef.current = setTimeout(() => {
+        setIsCopied(false);
+        requestAnimationFrame(() => copyButtonRef.current?.focus());
+      }, 3000);
+    }, [codeContent]);
+
+    return (
+      <OGDialog open={open} onOpenChange={onOpenChange} triggerRef={triggerRef}>
+        <OGDialogContent
+          showCloseButton={false}
+          className="h-[85vh] max-h-[85vh] w-[90vw] max-w-[90vw] gap-0 overflow-hidden border-border-light bg-surface-primary-alt p-0"
+        >
+          <OGDialogTitle className="flex h-10 items-center justify-between border-b border-border-light bg-surface-secondary px-4 font-sans text-xs text-text-secondary">
+            <span>{localize('com_ui_mermaid')}</span>
+            <div className="flex gap-2">
+              <Button
+                ref={showCodeButtonRef}
+                variant="ghost"
+                size="sm"
+                className="h-auto min-w-[6rem] gap-1 rounded-sm px-1 py-0 text-xs text-text-secondary hover:bg-surface-hover hover:text-text-primary focus-visible:ring-border-heavy focus-visible:ring-offset-0"
+                onClick={handleToggleCode}
+              >
+                {showCode ? <ChevronUp className="h-4 w-4" /> : <ChevronDown className="h-4 w-4" />}
+                {showCode ? localize('com_ui_hide_code') : localize('com_ui_show_code')}
+              </Button>
+              <Button
+                ref={copyButtonRef}
+                variant="ghost"
+                size="sm"
+                className="h-auto gap-1 rounded-sm px-1 py-0 text-xs text-text-secondary hover:bg-surface-hover hover:text-text-primary focus-visible:ring-border-heavy focus-visible:ring-offset-0"
+                onClick={handleCopy}
+              >
+                {isCopied ? <CheckMark className="h-[18px] w-[18px]" /> : <Clipboard />}
+                {localize('com_ui_copy_code')}
+              </Button>
+              <OGDialogClose className="rounded-sm p-1 text-text-secondary hover:bg-surface-hover hover:text-text-primary focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-border-heavy">
+                <X className="h-4 w-4" />
+                <span className="sr-only">{localize('com_ui_close')}</span>
+              </OGDialogClose>
+            </div>
+          </OGDialogTitle>
+          {showCode && (
+            <div className="border-b border-border-light bg-surface-secondary p-4">
+              <pre className="max-h-[150px] overflow-auto whitespace-pre-wrap text-xs text-text-secondary">
+                {codeContent}
+              </pre>
+            </div>
+          )}
+          <div
+            className={cn(
+              'relative flex-1 overflow-hidden bg-surface-primary-alt p-4',
+              isPanning ? 'cursor-grabbing' : 'cursor-grab',
+            )}
+            style={{ height: showCode ? 'calc(85vh - 200px)' : 'calc(85vh - 50px)' }}
+            onWheel={handleWheel}
+            onMouseDown={handleMouseDown}
+          >
+            <div
+              className="flex h-full w-full items-center justify-center"
+              style={{
+                transform: `translate(${pan.x}px, ${pan.y}px)`,
+                transition: isPanning ? 'none' : 'transform 0.1s ease-out',
+              }}
+            >
+              <img
+                src={blobUrl}
+                alt="Mermaid diagram"
+                className="max-h-full max-w-full select-none object-contain"
+                style={{
+                  transform: `scale(${zoom})`,
+                  transformOrigin: 'center center',
+                }}
+                draggable={false}
+              />
+            </div>
+            <ZoomControls
+              zoom={zoom}
+              pan={pan}
+              codeContent={codeContent}
+              onZoomIn={handleZoomIn}
+              onZoomOut={handleZoomOut}
+              onReset={handleResetZoom}
+              className="absolute bottom-4 right-4 z-10"
+            />
+          </div>
+        </OGDialogContent>
+      </OGDialog>
+    );
+  },
+);
+
+MermaidDialog.displayName = 'MermaidDialog';
+
+export default MermaidDialog;
diff --git a/client/src/components/Messages/Content/MermaidErrorBoundary.tsx b/client/src/components/Messages/Content/Mermaid/MermaidErrorBoundary.tsx
similarity index 75%
rename from client/src/components/Messages/Content/MermaidErrorBoundary.tsx
rename to client/src/components/Messages/Content/Mermaid/MermaidErrorBoundary.tsx
index a2edca062c..1d71b927ad 100644
--- a/client/src/components/Messages/Content/MermaidErrorBoundary.tsx
+++ b/client/src/components/Messages/Content/Mermaid/MermaidErrorBoundary.tsx
@@ -2,7 +2,6 @@ import React from 'react';
 
 interface MermaidErrorBoundaryProps {
   children: React.ReactNode;
-  /** The mermaid code to display as fallback */
   code: string;
 }
 
@@ -10,10 +9,6 @@ interface MermaidErrorBoundaryState {
   hasError: boolean;
 }
 
-/**
- * Error boundary specifically for Mermaid diagrams.
- * Falls back to displaying the raw mermaid code if rendering fails.
- */
 class MermaidErrorBoundary extends React.Component<
   MermaidErrorBoundaryProps,
   MermaidErrorBoundaryState
@@ -32,7 +27,6 @@ class MermaidErrorBoundary extends React.Component<
   }
 
   componentDidUpdate(prevProps: MermaidErrorBoundaryProps) {
-    // Reset error state if code changes (e.g., user edits the message)
     if (prevProps.code !== this.props.code && this.state.hasError) {
       this.setState({ hasError: false });
     }
@@ -42,10 +36,10 @@ class MermaidErrorBoundary extends React.Component<
     if (this.state.hasError) {
       return (
         <div className="w-full overflow-hidden rounded-md border border-border-light">
-          <div className="rounded-t-md bg-gray-700 px-4 py-2 font-sans text-xs text-gray-200">
+          <div className="rounded-t-md bg-surface-secondary px-4 py-2 font-sans text-xs text-text-secondary">
             {'mermaid'}
           </div>
-          <pre className="overflow-auto whitespace-pre-wrap rounded-b-md bg-gray-900 p-4 font-mono text-xs text-gray-300">
+          <pre className="overflow-auto whitespace-pre-wrap rounded-b-md bg-surface-primary-alt p-4 font-mono text-xs text-text-secondary">
             {this.props.code}
           </pre>
         </div>
diff --git a/client/src/components/Messages/Content/Mermaid/MermaidHeader.tsx b/client/src/components/Messages/Content/Mermaid/MermaidHeader.tsx
new file mode 100644
index 0000000000..e3e71237fb
--- /dev/null
+++ b/client/src/components/Messages/Content/Mermaid/MermaidHeader.tsx
@@ -0,0 +1,104 @@
+import React, { memo, useState, useCallback, useRef, useEffect } from 'react';
+import copy from 'copy-to-clipboard';
+import { TooltipAnchor } from '@librechat/client';
+
+import { Expand, ChevronUp, ChevronDown } from 'lucide-react';
+import CopyButton from '~/components/Messages/Content/CopyButton';
+import { useLocalize } from '~/hooks';
+import cn from '~/utils/cn';
+
+interface MermaidHeaderProps {
+  className?: string;
+  actionsClassName?: string;
+  codeContent: string;
+  showCode: boolean;
+  showExpandButton?: boolean;
+  expandButtonRef?: React.RefObject<HTMLButtonElement>;
+  onExpand?: () => void;
+  onToggleCode: () => void;
+}
+
+const iconBtnClass =
+  'flex items-center justify-center rounded-lg p-1.5 text-text-secondary transition-colors hover:bg-surface-hover hover:text-text-primary focus-visible:outline focus-visible:outline-2 focus-visible:outline-border-heavy';
+
+const MermaidHeader: React.FC<MermaidHeaderProps> = memo(
+  ({
+    className,
+    actionsClassName,
+    codeContent,
+    showCode,
+    showExpandButton = false,
+    expandButtonRef,
+    onExpand,
+    onToggleCode,
+  }) => {
+    const localize = useLocalize();
+    const [isCopied, setIsCopied] = useState(false);
+    const copyButtonRef = useRef<HTMLButtonElement>(null);
+    const showCodeButtonRef = useRef<HTMLButtonElement>(null);
+    const copyTimerRef = useRef<ReturnType<typeof setTimeout>>();
+
+    useEffect(() => {
+      return () => clearTimeout(copyTimerRef.current);
+    }, []);
+
+    const handleCopy = useCallback(() => {
+      copy(codeContent.trim(), { format: 'text/plain' });
+      setIsCopied(true);
+      clearTimeout(copyTimerRef.current);
+      copyTimerRef.current = setTimeout(() => setIsCopied(false), 3000);
+    }, [codeContent]);
+
+    const handleToggleCode = useCallback(() => {
+      onToggleCode();
+      requestAnimationFrame(() => {
+        showCodeButtonRef.current?.focus();
+      });
+    }, [onToggleCode]);
+
+    return (
+      <div className={cn('flex items-center justify-between gap-1 px-2 py-1', className)}>
+        <span className="rounded text-xs font-medium text-text-secondary">
+          {localize('com_ui_mermaid')}
+        </span>
+        <div className={cn('flex items-center gap-1', actionsClassName)}>
+          {showExpandButton && onExpand && (
+            <TooltipAnchor
+              description={localize('com_ui_expand')}
+              render={
+                <button
+                  ref={expandButtonRef}
+                  type="button"
+                  aria-label={localize('com_ui_expand')}
+                  className={iconBtnClass}
+                  onClick={onExpand}
+                >
+                  <Expand className="h-4 w-4" />
+                </button>
+              }
+            />
+          )}
+          <TooltipAnchor
+            description={showCode ? localize('com_ui_hide_code') : localize('com_ui_show_code')}
+            render={
+              <button
+                ref={showCodeButtonRef}
+                type="button"
+                aria-label={showCode ? localize('com_ui_hide_code') : localize('com_ui_show_code')}
+                className={iconBtnClass}
+                onClick={handleToggleCode}
+              >
+                {showCode ? <ChevronUp className="h-4 w-4" /> : <ChevronDown className="h-4 w-4" />}
+              </button>
+            }
+          />
+          <CopyButton ref={copyButtonRef} isCopied={isCopied} iconOnly onClick={handleCopy} />
+        </div>
+      </div>
+    );
+  },
+);
+
+MermaidHeader.displayName = 'MermaidHeader';
+
+export default MermaidHeader;
diff --git a/client/src/components/Messages/Content/Mermaid/ZoomControls.tsx b/client/src/components/Messages/Content/Mermaid/ZoomControls.tsx
new file mode 100644
index 0000000000..ddb5bbb763
--- /dev/null
+++ b/client/src/components/Messages/Content/Mermaid/ZoomControls.tsx
@@ -0,0 +1,106 @@
+import React, { memo, useState, useCallback, useRef, useEffect } from 'react';
+import copy from 'copy-to-clipboard';
+import { ZoomIn, ZoomOut, RotateCcw } from 'lucide-react';
+import { Clipboard, CheckMark } from '@librechat/client';
+import { MIN_ZOOM, MAX_ZOOM } from './useMermaidZoom';
+import { useLocalize } from '~/hooks';
+import cn from '~/utils/cn';
+
+interface ZoomControlsProps {
+  zoom: number;
+  pan: { x: number; y: number };
+  codeContent: string;
+  onZoomIn: () => void;
+  onZoomOut: () => void;
+  onReset: () => void;
+  className?: string;
+}
+
+const btnClass =
+  'rounded p-1.5 text-text-secondary hover:bg-surface-hover disabled:opacity-40 disabled:hover:bg-transparent';
+
+const ZoomControls: React.FC<ZoomControlsProps> = memo(
+  ({ zoom, pan, codeContent, onZoomIn, onZoomOut, onReset, className }) => {
+    const localize = useLocalize();
+    const [isCopied, setIsCopied] = useState(false);
+    const copyRef = useRef<HTMLButtonElement>(null);
+    const copyTimerRef = useRef<ReturnType<typeof setTimeout>>();
+
+    useEffect(() => {
+      return () => clearTimeout(copyTimerRef.current);
+    }, []);
+
+    const handleCopy = useCallback(() => {
+      copy(codeContent.trim(), { format: 'text/plain' });
+      setIsCopied(true);
+      requestAnimationFrame(() => copyRef.current?.focus());
+      clearTimeout(copyTimerRef.current);
+      copyTimerRef.current = setTimeout(() => {
+        setIsCopied(false);
+        requestAnimationFrame(() => copyRef.current?.focus());
+      }, 3000);
+    }, [codeContent]);
+
+    const stop =
+      (fn: () => void) =>
+      (e: React.MouseEvent): void => {
+        e.stopPropagation();
+        fn();
+      };
+
+    return (
+      <div
+        className={cn(
+          'flex items-center gap-1 rounded-lg border border-border-light bg-surface-secondary p-1 shadow-md',
+          className,
+        )}
+      >
+        <button
+          type="button"
+          onClick={stop(onZoomOut)}
+          disabled={zoom <= MIN_ZOOM}
+          className={btnClass}
+          title={localize('com_ui_zoom_out')}
+        >
+          <ZoomOut className="h-4 w-4" />
+        </button>
+        <span className="min-w-[3rem] text-center text-xs text-text-secondary">
+          {Math.round(zoom * 100)}%
+        </span>
+        <button
+          type="button"
+          onClick={stop(onZoomIn)}
+          disabled={zoom >= MAX_ZOOM}
+          className={btnClass}
+          title={localize('com_ui_zoom_in')}
+        >
+          <ZoomIn className="h-4 w-4" />
+        </button>
+        <div className="mx-1 h-4 w-px bg-border-medium" />
+        <button
+          type="button"
+          onClick={stop(onReset)}
+          disabled={zoom === 1 && pan.x === 0 && pan.y === 0}
+          className={btnClass}
+          title={localize('com_ui_reset_zoom')}
+        >
+          <RotateCcw className="h-4 w-4" />
+        </button>
+        <div className="mx-1 h-4 w-px bg-border-medium" />
+        <button
+          ref={copyRef}
+          type="button"
+          onClick={stop(handleCopy)}
+          className="rounded p-1.5 text-text-secondary hover:bg-surface-hover"
+          title={localize('com_ui_copy_code')}
+        >
+          {isCopied ? <CheckMark className="h-4 w-4" /> : <Clipboard className="h-4 w-4" />}
+        </button>
+      </div>
+    );
+  },
+);
+
+ZoomControls.displayName = 'ZoomControls';
+
+export default ZoomControls;
diff --git a/client/src/components/Messages/Content/Mermaid/index.ts b/client/src/components/Messages/Content/Mermaid/index.ts
new file mode 100644
index 0000000000..5357be2c34
--- /dev/null
+++ b/client/src/components/Messages/Content/Mermaid/index.ts
@@ -0,0 +1,2 @@
+export { default } from './Mermaid';
+export { default as MermaidErrorBoundary } from './MermaidErrorBoundary';
diff --git a/client/src/components/Messages/Content/Mermaid/useMermaidZoom.ts b/client/src/components/Messages/Content/Mermaid/useMermaidZoom.ts
new file mode 100644
index 0000000000..37153e4003
--- /dev/null
+++ b/client/src/components/Messages/Content/Mermaid/useMermaidZoom.ts
@@ -0,0 +1,93 @@
+import { useState, useCallback, useEffect, useRef } from 'react';
+
+export const MIN_ZOOM = 0.25;
+export const MAX_ZOOM = 4;
+const ZOOM_STEP = 0.25;
+
+interface UseMermaidZoomOptions {
+  containerRef?: React.RefObject<HTMLDivElement | null>;
+  wheelDep?: unknown;
+}
+
+export default function useMermaidZoom({ containerRef, wheelDep }: UseMermaidZoomOptions = {}) {
+  const [zoom, setZoom] = useState(1);
+  const [pan, setPan] = useState({ x: 0, y: 0 });
+  const [isPanning, setIsPanning] = useState(false);
+  const panStartRef = useRef({ x: 0, y: 0 });
+
+  const handleZoomIn = useCallback(() => {
+    setZoom((prev) => Math.min(prev + ZOOM_STEP, MAX_ZOOM));
+  }, []);
+
+  const handleZoomOut = useCallback(() => {
+    setZoom((prev) => Math.max(prev - ZOOM_STEP, MIN_ZOOM));
+  }, []);
+
+  const handleResetZoom = useCallback(() => {
+    setZoom(1);
+    setPan({ x: 0, y: 0 });
+  }, []);
+
+  const handleWheel = useCallback((e: React.WheelEvent) => {
+    e.preventDefault();
+    const delta = e.deltaY > 0 ? -ZOOM_STEP : ZOOM_STEP;
+    setZoom((prev) => Math.min(Math.max(prev + delta, MIN_ZOOM), MAX_ZOOM));
+  }, []);
+
+  const panRef = useRef(pan);
+  panRef.current = pan;
+
+  const handleMouseDown = useCallback((e: React.MouseEvent) => {
+    const target = e.target as HTMLElement;
+    if (e.button === 0 && target.tagName !== 'BUTTON' && !target.closest('button')) {
+      setIsPanning(true);
+      panStartRef.current = { x: e.clientX - panRef.current.x, y: e.clientY - panRef.current.y };
+    }
+  }, []);
+
+  useEffect(() => {
+    if (!isPanning) {
+      return;
+    }
+    const onMove = (e: MouseEvent) => {
+      setPan({
+        x: e.clientX - panStartRef.current.x,
+        y: e.clientY - panStartRef.current.y,
+      });
+    };
+    const onUp = () => setIsPanning(false);
+    document.addEventListener('mousemove', onMove);
+    document.addEventListener('mouseup', onUp);
+    return () => {
+      document.removeEventListener('mousemove', onMove);
+      document.removeEventListener('mouseup', onUp);
+    };
+  }, [isPanning]);
+
+  useEffect(() => {
+    const container = containerRef?.current;
+    if (!container) {
+      return;
+    }
+    const onWheel = (e: WheelEvent) => {
+      if (e.ctrlKey || e.metaKey) {
+        e.preventDefault();
+        const delta = e.deltaY > 0 ? -ZOOM_STEP : ZOOM_STEP;
+        setZoom((prev) => Math.min(Math.max(prev + delta, MIN_ZOOM), MAX_ZOOM));
+      }
+    };
+    container.addEventListener('wheel', onWheel, { passive: false });
+    return () => container.removeEventListener('wheel', onWheel);
+  }, [containerRef, wheelDep]);
+
+  return {
+    zoom,
+    pan,
+    isPanning,
+    handleZoomIn,
+    handleZoomOut,
+    handleResetZoom,
+    handleWheel,
+    handleMouseDown,
+  };
+}
diff --git a/client/src/components/Messages/Content/Mermaid/useSvgProcessing.ts b/client/src/components/Messages/Content/Mermaid/useSvgProcessing.ts
new file mode 100644
index 0000000000..22197977f3
--- /dev/null
+++ b/client/src/components/Messages/Content/Mermaid/useSvgProcessing.ts
@@ -0,0 +1,176 @@
+import { useEffect, useMemo, useState, useRef } from 'react';
+import { fixSubgraphTitleContrast } from '~/utils/mermaid';
+import { useDebouncedMermaid } from '~/hooks';
+
+const MIN_CONTAINER_HEIGHT = 200;
+const MAX_CONTAINER_HEIGHT = 500;
+
+interface UseSvgProcessingOptions {
+  content: string;
+  id?: string;
+  theme?: string;
+  retryCount: number;
+  containerRef: React.RefObject<HTMLDivElement | null>;
+}
+
+function applyFallbackFixes(svgString: string): string {
+  let finalSvg = svgString;
+
+  if (
+    !svgString.includes('viewBox') &&
+    svgString.includes('height=') &&
+    svgString.includes('width=')
+  ) {
+    const widthMatch = svgString.match(/width="(\d+)"/);
+    const heightMatch = svgString.match(/height="(\d+)"/);
+    if (widthMatch && heightMatch) {
+      finalSvg = finalSvg.replace('<svg', `<svg viewBox="0 0 ${widthMatch[1]} ${heightMatch[1]}"`);
+    }
+  }
+
+  if (!finalSvg.includes('xmlns')) {
+    finalSvg = finalSvg.replace('<svg', '<svg xmlns="http://www.w3.org/2000/svg"');
+  }
+
+  return finalSvg;
+}
+
+function processSvgString(svg: string) {
+  const parser = new DOMParser();
+  const doc = parser.parseFromString(svg, 'image/svg+xml');
+
+  if (doc.querySelector('parsererror')) {
+    return { processedSvg: applyFallbackFixes(svg), parsedDimensions: null };
+  }
+
+  const svgElement = doc.querySelector('svg');
+  if (!svgElement) {
+    return { processedSvg: applyFallbackFixes(svg), parsedDimensions: null };
+  }
+
+  let width = parseFloat(svgElement.getAttribute('width') || '0');
+  let height = parseFloat(svgElement.getAttribute('height') || '0');
+
+  if (!width || !height) {
+    const viewBox = svgElement.getAttribute('viewBox');
+    if (viewBox) {
+      const parts = viewBox.split(/[\s,]+/).map(Number);
+      if (parts.length === 4) {
+        width = parts[2];
+        height = parts[3];
+      }
+    }
+  }
+
+  let dimensions: { width: number; height: number } | null = null;
+  if (width > 0 && height > 0) {
+    dimensions = { width, height };
+    if (!svgElement.getAttribute('viewBox')) {
+      svgElement.setAttribute('viewBox', `0 0 ${width} ${height}`);
+    }
+    svgElement.removeAttribute('width');
+    svgElement.removeAttribute('height');
+    svgElement.removeAttribute('style');
+  }
+
+  if (!svgElement.getAttribute('xmlns')) {
+    svgElement.setAttribute('xmlns', 'http://www.w3.org/2000/svg');
+  }
+
+  fixSubgraphTitleContrast(svgElement);
+
+  return {
+    processedSvg: new XMLSerializer().serializeToString(doc),
+    parsedDimensions: dimensions,
+  };
+}
+
+export default function useSvgProcessing({
+  content,
+  id,
+  theme,
+  retryCount,
+  containerRef,
+}: UseSvgProcessingOptions) {
+  const [blobUrl, setBlobUrl] = useState('');
+  const [svgDimensions, setSvgDimensions] = useState<{ width: number; height: number } | null>(
+    null,
+  );
+  const [containerWidth, setContainerWidth] = useState(700);
+  const lastValidSvgRef = useRef<string | null>(null);
+
+  const { svg, isLoading, error } = useDebouncedMermaid({
+    content,
+    id,
+    theme,
+    key: retryCount,
+  });
+
+  useEffect(() => {
+    if (svg) {
+      lastValidSvgRef.current = svg;
+    }
+  }, [svg]);
+
+  useEffect(() => {
+    if (!containerRef.current) {
+      return;
+    }
+    const observer = new ResizeObserver((entries) => {
+      for (const entry of entries) {
+        setContainerWidth(entry.contentRect.width);
+      }
+    });
+    observer.observe(containerRef.current);
+    return () => observer.disconnect();
+  }, [containerRef]);
+
+  const { processedSvg, parsedDimensions } = useMemo(() => {
+    if (!svg) {
+      return { processedSvg: null, parsedDimensions: null };
+    }
+    return processSvgString(svg);
+  }, [svg]);
+
+  useEffect(() => {
+    if (parsedDimensions) {
+      setSvgDimensions(parsedDimensions);
+    }
+  }, [parsedDimensions]);
+
+  useEffect(() => {
+    if (!processedSvg) {
+      return;
+    }
+    const blob = new Blob([processedSvg], { type: 'image/svg+xml' });
+    const url = URL.createObjectURL(blob);
+    setBlobUrl(url);
+    return () => URL.revokeObjectURL(url);
+  }, [processedSvg]);
+
+  const { initialScale, calculatedHeight } = useMemo(() => {
+    if (!svgDimensions) {
+      return { initialScale: 1, calculatedHeight: MAX_CONTAINER_HEIGHT };
+    }
+    const padding = 32;
+    const availableWidth = containerWidth - padding;
+    const scaleX = availableWidth / svgDimensions.width;
+    const scaleY = MAX_CONTAINER_HEIGHT / svgDimensions.height;
+    const scale = Math.min(scaleX, scaleY, 1);
+    const height = Math.max(
+      MIN_CONTAINER_HEIGHT,
+      Math.min(MAX_CONTAINER_HEIGHT, svgDimensions.height * scale + padding),
+    );
+    return { initialScale: scale, calculatedHeight: height };
+  }, [svgDimensions, containerWidth]);
+
+  return {
+    blobUrl,
+    svgDimensions,
+    isLoading,
+    error,
+    lastValidSvgRef,
+    initialScale,
+    calculatedHeight,
+  };
+}
diff --git a/client/src/components/Messages/Content/MermaidHeader.tsx b/client/src/components/Messages/Content/MermaidHeader.tsx
deleted file mode 100644
index 2d3a416a5a..0000000000
--- a/client/src/components/Messages/Content/MermaidHeader.tsx
+++ /dev/null
@@ -1,111 +0,0 @@
-import React, { memo, useState, useCallback, useRef } from 'react';
-import copy from 'copy-to-clipboard';
-import { Expand, ChevronUp, ChevronDown } from 'lucide-react';
-import { Clipboard, CheckMark, TooltipAnchor } from '@librechat/client';
-import { useLocalize } from '~/hooks';
-import cn from '~/utils/cn';
-
-interface MermaidHeaderProps {
-  className?: string;
-  codeContent: string;
-  showCode: boolean;
-  showExpandButton?: boolean;
-  expandButtonRef?: React.RefObject<HTMLButtonElement>;
-  onExpand?: () => void;
-  onToggleCode: () => void;
-}
-
-const iconBtnClass =
-  'flex items-center justify-center rounded p-1.5 text-text-secondary hover:bg-surface-hover focus-visible:outline focus-visible:outline-white';
-
-const MermaidHeader: React.FC<MermaidHeaderProps> = memo(
-  ({
-    className,
-    codeContent,
-    showCode,
-    showExpandButton = false,
-    expandButtonRef,
-    onExpand,
-    onToggleCode,
-  }) => {
-    const localize = useLocalize();
-    const [isCopied, setIsCopied] = useState(false);
-    const copyButtonRef = useRef<HTMLButtonElement>(null);
-    const showCodeButtonRef = useRef<HTMLButtonElement>(null);
-
-    const handleCopy = useCallback(() => {
-      copy(codeContent.trim(), { format: 'text/plain' });
-      setIsCopied(true);
-      setTimeout(() => setIsCopied(false), 3000);
-    }, [codeContent]);
-
-    const handleToggleCode = useCallback(() => {
-      onToggleCode();
-      requestAnimationFrame(() => {
-        showCodeButtonRef.current?.focus();
-      });
-    }, [onToggleCode]);
-
-    return (
-      <div
-        className={cn(
-          'flex items-center justify-end gap-1 px-2 py-1 transition-opacity duration-200',
-          className,
-        )}
-      >
-        {showExpandButton && onExpand && (
-          <TooltipAnchor
-            description={localize('com_ui_expand')}
-            render={
-              <button
-                ref={expandButtonRef}
-                type="button"
-                aria-label={localize('com_ui_expand')}
-                className={iconBtnClass}
-                onClick={onExpand}
-              >
-                <Expand className="h-4 w-4" />
-              </button>
-            }
-          />
-        )}
-        <TooltipAnchor
-          description={showCode ? localize('com_ui_hide_code') : localize('com_ui_show_code')}
-          render={
-            <button
-              ref={showCodeButtonRef}
-              type="button"
-              aria-label={showCode ? localize('com_ui_hide_code') : localize('com_ui_show_code')}
-              className={iconBtnClass}
-              onClick={handleToggleCode}
-            >
-              {showCode ? <ChevronUp className="h-4 w-4" /> : <ChevronDown className="h-4 w-4" />}
-            </button>
-          }
-        />
-        <TooltipAnchor
-          description={isCopied ? localize('com_ui_copied') : localize('com_ui_copy_code')}
-          render={
-            <button
-              ref={copyButtonRef}
-              type="button"
-              aria-label={isCopied ? localize('com_ui_copied') : localize('com_ui_copy_code')}
-              className={iconBtnClass}
-              onClick={handleCopy}
-            >
-              {isCopied ? (
-                <CheckMark className="h-[18px] w-[18px]" />
-              ) : (
-                <Clipboard className="h-4 w-4" />
-              )}
-            </button>
-          }
-        />
-      </div>
-    );
-  },
-);
-
-MermaidHeader.displayName = 'MermaidHeader';
-
-export default MermaidHeader;
diff --git a/client/src/components/Messages/Content/ResultSwitcher.tsx b/client/src/components/Messages/Content/ResultSwitcher.tsx
index eb8c59b568..ee67e9b11a 100644
--- a/client/src/components/Messages/Content/ResultSwitcher.tsx
+++ b/client/src/components/Messages/Content/ResultSwitcher.tsx
@@ -1,3 +1,6 @@
+import { ChevronLeft, ChevronRight } from 'lucide-react';
+import { useLocalize } from '~/hooks';
+
 interface ResultSwitcherProps {
   currentIndex: number;
   totalCount: number;
@@ -5,65 +8,47 @@ interface ResultSwitcherProps {
   onNext: () => void;
 }
 
-const ResultSwitcher: React.FC<ResultSwitcherProps> = ({
+export default function ResultSwitcher({
   currentIndex,
   totalCount,
   onPrevious,
   onNext,
-}) => {
+}: ResultSwitcherProps) {
+  const localize = useLocalize();
+
   if (totalCount <= 1) {
     return null;
   }
 
+  const atFirst = currentIndex === 0;
+  const atLast = currentIndex === totalCount - 1;
+
   return (
-    <div className="flex items-center justify-start gap-1 self-center bg-gray-700 pb-2 text-xs">
+    <nav
+      aria-label={localize('com_ui_navigate_results')}
+      className="flex items-center justify-center gap-1.5 border-t border-border-light px-3 py-1.5 text-xs"
+    >
       <button
-        className="hover-button rounded-md p-1 text-gray-400 hover:bg-gray-700 hover:text-gray-200 disabled:hover:text-gray-400"
         type="button"
         onClick={onPrevious}
-        disabled={currentIndex === 0}
+        disabled={atFirst}
+        aria-label={localize('com_ui_prev_result')}
+        className="rounded p-0.5 text-text-tertiary transition-colors hover:bg-surface-hover hover:text-text-primary focus:outline focus:outline-2 focus:outline-border-heavy disabled:pointer-events-none disabled:opacity-30"
       >
-        <svg
-          stroke="currentColor"
-          fill="none"
-          strokeWidth="1.5"
-          viewBox="0 0 24 24"
-          strokeLinecap="round"
-          strokeLinejoin="round"
-          className="h-4 w-4"
-          height="1em"
-          width="1em"
-          xmlns="http://www.w3.org/2000/svg"
-        >
-          <polyline points="15 18 9 12 15 6" />
-        </svg>
+        <ChevronLeft className="size-3.5" aria-hidden="true" />
       </button>
-      <span className="flex-shrink-0 tabular-nums">
-        {currentIndex + 1} / {totalCount}
+      <span className="min-w-[3ch] select-none text-center tabular-nums text-text-secondary">
+        {currentIndex + 1}/{totalCount}
       </span>
       <button
-        className="hover-button rounded-md p-1 text-gray-400 hover:bg-gray-700 hover:text-gray-200 disabled:hover:text-gray-400"
         type="button"
         onClick={onNext}
-        disabled={currentIndex === totalCount - 1}
+        disabled={atLast}
+        aria-label={localize('com_ui_next_result')}
+        className="rounded p-0.5 text-text-tertiary transition-colors hover:bg-surface-hover hover:text-text-primary focus:outline focus:outline-2 focus:outline-border-heavy disabled:pointer-events-none disabled:opacity-30"
       >
-        <svg
-          stroke="currentColor"
-          fill="none"
-          strokeWidth="1.5"
-          viewBox="0 0 24 24"
-          strokeLinecap="round"
-          strokeLinejoin="round"
-          className="h-4 w-4"
-          height="1em"
-          width="1em"
-          xmlns="http://www.w3.org/2000/svg"
-        >
-          <polyline points="9 18 15 12 9 6" />
-        </svg>
+        <ChevronRight className="size-3.5" aria-hidden="true" />
       </button>
-    </div>
+    </nav>
   );
-};
-
-export default ResultSwitcher;
+}
diff --git a/client/src/components/Messages/Content/RunCode.tsx b/client/src/components/Messages/Content/RunCode.tsx
index 7398459639..31f4f6a668 100644
--- a/client/src/components/Messages/Content/RunCode.tsx
+++ b/client/src/components/Messages/Content/RunCode.tsx
@@ -1,14 +1,16 @@
-import React, { useMemo, useCallback, useEffect } from 'react';
+import React, { useState, useMemo, useCallback, useEffect, useRef } from 'react';
 import debounce from 'lodash/debounce';
-import { TerminalSquareIcon } from 'lucide-react';
 import { Tools, AuthType } from 'librechat-data-provider';
+import { TerminalSquareIcon, Check, X } from 'lucide-react';
 import { Spinner, TooltipAnchor, useToastContext } from '@librechat/client';
 import type { CodeBarProps } from '~/common';
 import { useVerifyAgentToolAuth, useToolCallMutation } from '~/data-provider';
 import ApiKeyDialog from '~/components/SidePanel/Agents/Code/ApiKeyDialog';
 import { useLocalize, useCodeApiKeyForm } from '~/hooks';
-import { useMessageContext } from '~/Providers';
 import { cn, normalizeLanguage } from '~/utils';
+import { useMessageContext } from '~/Providers';
+
+type RunState = 'idle' | 'loading' | 'success' | 'error';
 
 const RunCode: React.FC<CodeBarProps & { iconOnly?: boolean }> = React.memo(
   ({ lang, codeRef, blockIndex, iconOnly = false }) => {
@@ -79,43 +81,108 @@ const RunCode: React.FC<CodeBarProps & { iconOnly?: boolean }> = React.memo(
       };
     }, [debouncedExecute]);
 
+    const [runState, setRunState] = useState<RunState>('idle');
+    const timerRef = useRef<ReturnType<typeof setTimeout>>();
+
+    useEffect(() => {
+      if (execute.isLoading) {
+        setRunState('loading');
+      } else if (runState === 'loading') {
+        const next: RunState = execute.isError ? 'error' : 'success';
+        setRunState(next);
+        timerRef.current = setTimeout(() => setRunState('idle'), next === 'error' ? 2000 : 1500);
+      }
+      return () => clearTimeout(timerRef.current);
+      // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, [execute.isLoading, execute.isError]);
+
     if (typeof normalizedLang !== 'string' || normalizedLang.length === 0) {
       return null;
     }
 
-    const buttonContent = (
-      <>
-        {execute.isLoading ? (
-          <Spinner className="animate-spin" size={18} />
-        ) : (
-          <TerminalSquareIcon size={18} aria-hidden="true" />
-        )}
-        {!iconOnly && localize('com_ui_run_code')}
-      </>
-    );
+    const isLoading = runState === 'loading';
+    const isSuccess = runState === 'success';
+    const isError = runState === 'error';
+    const isIdle = runState === 'idle';
+    const label = localize('com_ui_run_code');
+
+    const iconClass = (active: boolean) =>
+      cn(
+        'absolute transition-all duration-300 ease-out',
+        active ? 'rotate-0 scale-100 opacity-100' : 'scale-0 opacity-0 rotate-90',
+      );
 
     const button = (
       <button
         type="button"
-        className={cn(
-          'flex items-center justify-center rounded-sm hover:bg-gray-700 focus:bg-gray-700 focus:outline focus:outline-white',
-          iconOnly ? 'p-1.5' : 'ml-auto gap-2 px-2 py-1',
-        )}
         onClick={debouncedExecute}
-        disabled={execute.isLoading}
-        aria-label={localize('com_ui_run_code')}
+        disabled={isLoading}
+        aria-label={label}
+        aria-busy={isLoading || undefined}
+        className={cn(
+          'inline-flex select-none items-center justify-center text-text-secondary transition-all duration-200 ease-out',
+          'hover:bg-surface-hover hover:text-text-primary',
+          'focus-visible:outline focus-visible:outline-2 focus-visible:outline-border-heavy',
+          'disabled:pointer-events-none disabled:opacity-50',
+          isError && 'text-text-destructive hover:text-text-destructive',
+          iconOnly ? 'rounded-lg p-1.5' : 'ml-auto gap-2 rounded-md px-2 py-1',
+        )}
       >
-        {buttonContent}
+        <span className="relative flex size-[18px] items-center justify-center" aria-hidden="true">
+          <TerminalSquareIcon size={18} className={iconClass(isIdle)} />
+          <span
+            className={cn(
+              'absolute transition-opacity duration-300',
+              isLoading ? 'opacity-100' : 'opacity-0',
+            )}
+          >
+            <Spinner className="animate-spin" size={18} />
+          </span>
+          <Check size={18} className={iconClass(isSuccess)} />
+          <X size={18} className={iconClass(isError)} />
+        </span>
+        {!iconOnly && (
+          <span className="relative overflow-hidden">
+            <span
+              className={cn(
+                'block whitespace-nowrap transition-all duration-300 ease-out',
+                isIdle ? 'translate-y-0 opacity-100' : '-translate-y-full opacity-0',
+              )}
+            >
+              {localize('com_ui_run_code')}
+            </span>
+            <span
+              className={cn(
+                'absolute inset-0 whitespace-nowrap transition-all duration-300 ease-out',
+                isLoading ? 'translate-y-0 opacity-100' : 'translate-y-full opacity-0',
+              )}
+            >
+              {localize('com_ui_running')}
+            </span>
+            <span
+              className={cn(
+                'absolute inset-0 whitespace-nowrap transition-all duration-300 ease-out',
+                isSuccess ? 'translate-y-0 opacity-100' : 'translate-y-full opacity-0',
+              )}
+            >
+              {localize('com_ui_complete')}
+            </span>
+            <span
+              className={cn(
+                'absolute inset-0 whitespace-nowrap transition-all duration-300 ease-out',
+                isError ? 'translate-y-0 opacity-100' : 'translate-y-full opacity-0',
+              )}
+            >
+              {localize('com_ui_failed')}
+            </span>
+          </span>
+        )}
       </button>
     );
 
     return (
       <>
-        {iconOnly ? (
-          <TooltipAnchor description={localize('com_ui_run_code')} render={button} />
-        ) : (
-          button
-        )}
+        {iconOnly ? <TooltipAnchor description={label} render={button} /> : button}
         <ApiKeyDialog
           onSubmit={onSubmit}
           isOpen={isDialogOpen}
diff --git a/client/src/components/Messages/Content/langIconPaths.ts b/client/src/components/Messages/Content/langIconPaths.ts
new file mode 100644
index 0000000000..79c5943411
--- /dev/null
+++ b/client/src/components/Messages/Content/langIconPaths.ts
@@ -0,0 +1,56 @@
+/** SVG path data sourced from Simple Icons (https://simpleicons.org). Licensed under CC0 1.0. */
+const LANG_ICON_PATHS: Record<string, string> = {
+  python: `M14.25.18l.9.2.73.26.59.3.45.32.34.34.25.34.16.33.1.3.04.26.02.2-.01.13V8.5l-.05.63-.13.55-.21.46-.26.38-.3.31-.33.25-.35.19-.35.14-.33.1-.3.07-.26.04-.21.02H8.77l-.69.05-.59.14-.5.22-.41.27-.33.32-.27.35-.2.36-.15.37-.1.35-.07.32-.04.27-.02.21v3.06H3.17l-.21-.03-.28-.07-.32-.12-.35-.18-.36-.26-.36-.36-.35-.46-.32-.59-.28-.73-.21-.88-.14-1.05-.05-1.23.06-1.22.16-1.04.24-.87.32-.71.36-.57.4-.44.42-.33.42-.24.4-.16.36-.1.32-.05.24-.01h.16l.06.01h8.16v-.83H6.18l-.01-2.75-.02-.37.05-.34.11-.31.17-.28.25-.26.31-.23.38-.2.44-.18.51-.15.58-.12.64-.1.71-.06.77-.04.84-.02 1.27.05zm-6.3 1.98l-.23.33-.08.41.08.41.23.34.33.22.41.09.41-.09.33-.22.23-.34.08-.41-.08-.41-.23-.33-.33-.22-.41-.09-.41.09zm13.09 3.95l.28.06.32.12.35.18.36.27.36.35.35.47.32.59.28.73.21.88.14 1.04.05 1.23-.06 1.23-.16 1.04-.24.86-.32.71-.36.57-.4.45-.42.33-.42.24-.4.16-.36.09-.32.05-.24.02-.16-.01h-8.22v.82h5.84l.01 2.76.02.36-.05.34-.11.31-.17.29-.25.25-.31.24-.38.2-.44.17-.51.15-.58.13-.64.09-.71.07-.77.04-.84.01-1.27-.04-1.07-.14-.9-.2-.73-.25-.59-.3-.45-.33-.34-.34-.25-.34-.16-.33-.1-.3-.04-.25-.02-.2.01-.13v-5.34l.05-.64.13-.54.21-.46.26-.38.3-.32.33-.24.35-.2.35-.14.33-.1.3-.06.26-.04.21-.02.13-.01h5.84l.69-.05.59-.14.5-.21.41-.28.33-.32.27-.35.2-.36.15-.36.1-.35.07-.32.04-.28.02-.21V6.07h2.09l.14.01zm-6.47 14.25l-.23.33-.08.41.08.41.23.33.33.23.41.08.41-.08.33-.23.23-.33.08-.41-.08-.41-.23-.33-.33-.23-.41-.08-.41.08z`,
+  javascript: `M0 0h24v24H0V0zm22.034 18.276c-.175-1.095-.888-2.015-3.003-2.873-.736-.345-1.554-.585-1.797-1.14-.091-.33-.105-.51-.046-.705.15-.646.915-.84 1.515-.66.39.12.75.42.976.9 1.034-.676 1.034-.676 1.755-1.125-.27-.42-.404-.601-.586-.78-.63-.705-1.469-1.065-2.834-1.034l-.705.089c-.676.165-1.32.525-1.71 1.005-1.14 1.291-.811 3.541.569 4.471 1.365 1.02 3.361 1.244 3.616 2.205.24 1.17-.87 1.545-1.966 1.41-.811-.18-1.26-.586-1.755-1.336l-1.83 1.051c.21.48.45.689.81 1.109 1.74 1.756 6.09 1.666 6.871-1.004.029-.09.24-.705.074-1.65l.046.067zm-8.983-7.245h-2.248c0 1.938-.009 3.864-.009 5.805 0 1.232.063 2.363-.138 2.711-.33.689-1.18.601-1.566.48-.396-.196-.597-.466-.83-.855-.063-.105-.11-.196-.127-.196l-1.825 1.125c.305.63.75 1.172 1.324 1.517.855.51 2.004.675 3.207.405.783-.226 1.458-.691 1.811-1.411.51-.93.402-2.07.397-3.346.012-2.054 0-4.109 0-6.179l.004-.056z`,
+  typescript: `M1.125 0C.502 0 0 .502 0 1.125v21.75C0 23.498.502 24 1.125 24h21.75c.623 0 1.125-.502 1.125-1.125V1.125C24 .502 23.498 0 22.875 0zm17.363 9.75c.612 0 1.154.037 1.627.111a6.38 6.38 0 0 1 1.306.34v2.458a3.95 3.95 0 0 0-.643-.361 5.093 5.093 0 0 0-.717-.26 5.453 5.453 0 0 0-1.426-.2c-.3 0-.573.028-.819.086a2.1 2.1 0 0 0-.623.242c-.17.104-.3.229-.393.374a.888.888 0 0 0-.14.49c0 .196.053.373.156.529.104.156.252.304.443.444s.423.276.696.41c.273.135.582.274.926.416.47.197.892.407 1.266.628.374.222.695.473.963.753.268.279.472.598.614.957.142.359.214.776.214 1.253 0 .657-.125 1.21-.373 1.656a3.033 3.033 0 0 1-1.012 1.085 4.38 4.38 0 0 1-1.487.596c-.566.12-1.163.18-1.79.18a9.916 9.916 0 0 1-1.84-.164 5.544 5.544 0 0 1-1.512-.493v-2.63a5.033 5.033 0 0 0 3.237 1.2c.333 0 .624-.03.872-.09.249-.06.456-.144.623-.25.166-.108.29-.234.373-.38a1.023 1.023 0 0 0-.074-1.089 2.12 2.12 0 0 0-.537-.5 5.597 5.597 0 0 0-.807-.444 27.72 27.72 0 0 0-1.007-.436c-.918-.383-1.602-.852-2.053-1.405-.45-.553-.676-1.222-.676-2.005 0-.614.123-1.141.369-1.582.246-.441.58-.804 1.004-1.089a4.494 4.494 0 0 1 1.47-.629 7.536 7.536 0 0 1 1.77-.201zm-15.113.188h9.563v2.166H9.506v9.646H6.789v-9.646H3.375z`,
+  rust: `M23.8346 11.7033l-1.0073-.6236a13.7268 13.7268 0 00-.0283-.2936l.8656-.8069a.3483.3483 0 00-.1154-.578l-1.1066-.414a8.4958 8.4958 0 00-.087-.2856l.6904-.9587a.3462.3462 0 00-.2257-.5446l-1.1663-.1894a9.3574 9.3574 0 00-.1407-.2622l.49-1.0761a.3437.3437 0 00-.0274-.3361.3486.3486 0 00-.3006-.154l-1.1845.0416a6.7444 6.7444 0 00-.1873-.2268l.2723-1.153a.3472.3472 0 00-.417-.4172l-1.1532.2724a14.0183 14.0183 0 00-.2278-.1873l.0415-1.1845a.3442.3442 0 00-.49-.328l-1.076.491c-.0872-.0476-.1742-.0952-.2623-.1407l-.1903-1.1673A.3483.3483 0 0016.256.955l-.9597.6905a8.4867 8.4867 0 00-.2855-.086l-.414-1.1066a.3483.3483 0 00-.5781-.1154l-.8069.8666a9.2936 9.2936 0 00-.2936-.0284L12.2946.1683a.3462.3462 0 00-.5892 0l-.6236 1.0073a13.7383 13.7383 0 00-.2936.0284L9.9803.3374a.3462.3462 0 00-.578.1154l-.4141 1.1065c-.0962.0274-.1903.0567-.2855.086L7.744.955a.3483.3483 0 00-.5447.2258L7.009 2.348a9.3574 9.3574 0 00-.2622.1407l-1.0762-.491a.3462.3462 0 00-.49.328l.0416 1.1845a7.9826 7.9826 0 00-.2278.1873L3.8413 3.425a.3472.3472 0 00-.4171.4171l.2713 1.1531c-.0628.075-.1255.1509-.1863.2268l-1.1845-.0415a.3462.3462 0 00-.328.49l.491 1.0761a9.167 9.167 0 00-.1407.2622l-1.1662.1894a.3483.3483 0 00-.2258.5446l.6904.9587a13.303 13.303 0 00-.087.2855l-1.1065.414a.3483.3483 0 00-.1155.5781l.8656.807a9.2936 9.2936 0 00-.0283.2935l-1.0073.6236a.3442.3442 0 000 .5892l1.0073.6236c.008.0982.0182.1964.0283.2936l-.8656.8079a.3462.3462 0 00.1155.578l1.1065.4141c.0273.0962.0567.1914.087.2855l-.6904.9587a.3452.3452 0 00.2268.5447l1.1662.1893c.0456.088.0922.1751.1408.2622l-.491 1.0762a.3462.3462 0 00.328.49l1.1834-.0415c.0618.0769.1235.1528.1873.2277l-.2713 1.1541a.3462.3462 0 00.4171.4161l1.153-.2713c.075.0638.151.1255.2279.1863l-.0415 1.1845a.3442.3442 0 00.49.327l1.0761-.49c.087.0486.1741.0951.2622.1407l.1903 1.1662a.3483.3483 0 00.5447.2268l.9587-.6904a9.299 9.299 0 00.2855.087l.414 1.1066a.3452.3452 0 00.5781.1154l.8079-.8656c.0972.0111.1954.0203.2936.0294l.6236 1.0073a.3472.3472 0 00.5892 0l.6236-1.0073c.0982-.0091.1964-.0183.2936-.0294l.8069.8656a.3483.3483 0 00.578-.1154l.4141-1.1066a8.4626 8.4626 0 00.2855-.087l.9587.6904a.3452.3452 0 00.5447-.2268l.1903-1.1662c.088-.0456.1751-.0931.2622-.1407l1.0762.49a.3472.3472 0 00.49-.327l-.0415-1.1845a6.7267 6.7267 0 00.2267-.1863l1.1531.2713a.3472.3472 0 00.4171-.416l-.2713-1.1542c.0628-.0749.1255-.1508.1863-.2278l1.1845.0415a.3442.3442 0 00.328-.49l-.49-1.076c.0475-.0872.0951-.1742.1407-.2623l1.1662-.1893a.3483.3483 0 00.2258-.5447l-.6904-.9587.087-.2855 1.1066-.414a.3462.3462 0 00.1154-.5781l-.8656-.8079c.0101-.0972.0202-.1954.0283-.2936l1.0073-.6236a.3442.3442 0 000-.5892zm-6.7413 8.3551a.7138.7138 0 01.2986-1.396.714.714 0 11-.2997 1.396zm-.3422-2.3142a.649.649 0 00-.7715.5l-.3573 1.6685c-1.1035.501-2.3285.7795-3.6193.7795a8.7368 8.7368 0 01-3.6951-.814l-.3574-1.6684a.648.648 0 00-.7714-.499l-1.473.3158a8.7216 8.7216 0 01-.7613-.898h7.1676c.081 0 .1356-.0141.1356-.088v-2.536c0-.074-.0536-.0881-.1356-.0881h-2.0966v-1.6077h2.2677c.2065 0 1.1065.0587 1.394 1.2088.0901.3533.2875 1.5044.4232 1.8729.1346.413.6833 1.2381 1.2685 1.2381h3.5716a.7492.7492 0 00.1296-.0131 8.7874 8.7874 0 01-.8119.9526zM6.8369 20.024a.714.714 0 11-.2997-1.396.714.714 0 01.2997 1.396zM4.1177 8.9972a.7137.7137 0 11-1.304.5791.7137.7137 0 011.304-.579zm-.8352 1.9813l1.5347-.6824a.65.65 0 00.33-.8585l-.3158-.7147h1.2432v5.6025H3.5669a8.7753 8.7753 0 01-.2834-3.348zm6.7343-.5437V8.7836h2.9601c.153 0 1.0792.1772 1.0792.8697 0 .575-.7107.7815-1.2948.7815zm10.7574 1.4862c0 .2187-.008.4363-.0243.651h-.9c-.09 0-.1265.0586-.1265.1477v.413c0 .973-.5487 1.1846-1.0296 1.2382-.4576.0517-.9648-.1913-1.0275-.4717-.2704-1.5186-.7198-1.8436-1.4305-2.4034.8817-.5599 1.799-1.386 1.799-2.4915 0-1.1936-.819-1.9458-1.3769-2.3153-.7825-.5163-1.6491-.6195-1.883-.6195H5.4682a8.7651 8.7651 0 014.907-2.7699l1.0974 1.151a.648.648 0 00.9182.0213l1.227-1.1743a8.7753 8.7753 0 016.0044 4.2762l-.8403 1.8982a.652.652 0 00.33.8585l1.6178.7188c.0283.2875.0425.577.0425.8717zm-9.3006-9.5993a.7128.7128 0 11.984 1.0316.7137.7137 0 01-.984-1.0316zm8.3389 6.71a.7107.7107 0 01.9395-.3625.7137.7137 0 11-.9405.3635z`,
+  go: `M1.811 10.231c-.047 0-.058-.023-.035-.059l.246-.315c.023-.035.081-.058.128-.058h4.172c.046 0 .058.035.035.07l-.199.303c-.023.036-.082.07-.117.07zM.047 11.306c-.047 0-.059-.023-.035-.058l.245-.316c.023-.035.082-.058.129-.058h5.328c.047 0 .07.035.058.07l-.093.28c-.012.047-.058.07-.105.07zm2.828 1.075c-.047 0-.059-.035-.035-.07l.163-.292c.023-.035.07-.07.117-.07h2.337c.047 0 .07.035.07.082l-.023.28c0 .047-.047.082-.082.082zm12.129-2.36c-.736.187-1.239.327-1.963.514-.176.046-.187.058-.34-.117-.174-.199-.303-.327-.548-.444-.737-.362-1.45-.257-2.115.175-.795.514-1.204 1.274-1.192 2.22.011.935.654 1.706 1.577 1.835.795.105 1.46-.175 1.987-.77.105-.13.198-.27.315-.434H10.47c-.245 0-.304-.152-.222-.35.152-.362.432-.97.596-1.274a.315.315 0 01.292-.187h4.253c-.023.316-.023.631-.07.947a4.983 4.983 0 01-.958 2.29c-.841 1.11-1.94 1.8-3.33 1.986-1.145.152-2.209-.07-3.143-.77-.865-.655-1.356-1.52-1.484-2.595-.152-1.274.222-2.419.993-3.424.83-1.086 1.928-1.776 3.272-2.02 1.098-.2 2.15-.07 3.096.571.62.41 1.063.97 1.356 1.648.07.105.023.164-.117.2m3.868 6.461c-1.064-.024-2.034-.328-2.852-1.029a3.665 3.665 0 01-1.262-2.255c-.21-1.32.152-2.489.947-3.529.853-1.122 1.881-1.706 3.272-1.95 1.192-.21 2.314-.095 3.33.595.923.63 1.496 1.484 1.648 2.605.198 1.578-.257 2.863-1.344 3.962-.771.783-1.718 1.273-2.805 1.495-.315.06-.63.07-.934.106zm2.78-4.72c-.011-.153-.011-.27-.034-.387-.21-1.157-1.274-1.81-2.384-1.554-1.087.245-1.788.935-2.045 2.033-.21.912.234 1.835 1.075 2.21.643.28 1.285.244 1.905-.07.923-.48 1.425-1.228 1.484-2.233z`,
+  openjdk: `M11.915 0 11.7.215C9.515 2.4 7.47 6.39 6.046 10.483c-1.064 1.024-3.633 2.81-3.711 3.551-.093.87 1.746 2.611 1.55 3.235-.198.625-1.304 1.408-1.014 1.939.1.188.823.011 1.277-.491a13.389 13.389 0 0 0-.017 2.14c.076.906.27 1.668.643 2.232.372.563.956.911 1.667.911.397 0 .727-.114 1.024-.264.298-.149.571-.33.91-.5.68-.34 1.634-.666 3.53-.604 1.903.062 2.872.39 3.559.704.687.314 1.15.664 1.925.664.767 0 1.395-.336 1.807-.9.412-.563.631-1.33.72-2.24.06-.623.055-1.32 0-2.066.454.45 1.117.604 1.213.424.29-.53-.816-1.314-1.013-1.937-.198-.624 1.642-2.366 1.549-3.236-.08-.748-2.707-2.568-3.748-3.586C16.428 6.374 14.308 2.394 12.13.215zm.175 6.038a2.95 2.95 0 0 1 2.943 2.942 2.95 2.95 0 0 1-2.943 2.943A2.95 2.95 0 0 1 9.148 8.98a2.95 2.95 0 0 1 2.942-2.942zM8.685 7.983a3.515 3.515 0 0 0-.145.997c0 1.951 1.6 3.55 3.55 3.55 1.95 0 3.55-1.598 3.55-3.55 0-.329-.046-.648-.132-.951.334.095.64.208.915.336a42.699 42.699 0 0 1 2.042 5.829c.678 2.545 1.01 4.92.846 6.607-.082.844-.29 1.51-.606 1.94-.315.431-.713.651-1.315.651-.593 0-.932-.27-1.673-.61-.741-.338-1.825-.694-3.792-.758-1.974-.064-3.073.293-3.821.669-.375.188-.659.373-.911.5s-.466.2-.752.2c-.53 0-.876-.209-1.16-.64-.285-.43-.474-1.101-.545-1.948-.141-1.693.176-4.069.823-6.614a43.155 43.155 0 0 1 1.934-5.783c.348-.167.749-.31 1.192-.425zm-3.382 4.362a.216.216 0 0 1 .13.031c-.166.56-.323 1.116-.463 1.665a33.849 33.849 0 0 0-.547 2.555 3.9 3.9 0 0 0-.2-.39c-.58-1.012-.914-1.642-1.16-2.08.315-.24 1.679-1.755 2.24-1.781zm13.394.01c.562.027 1.926 1.543 2.24 1.783-.246.438-.58 1.068-1.16 2.08a4.428 4.428 0 0 0-.163.309 32.354 32.354 0 0 0-.562-2.49 40.579 40.579 0 0 0-.482-1.652.216.216 0 0 1 .127-.03z`,
+  ruby: `M20.156.083c3.033.525 3.893 2.598 3.829 4.77L24 4.822 22.635 22.71 4.89 23.926h.016C3.433 23.864.15 23.729 0 19.139l1.645-3 2.819 6.586.503 1.172 2.805-9.144-.03.007.016-.03 9.255 2.956-1.396-5.431-.99-3.9 8.82-.569-.615-.51L16.5 2.114 20.159.073l-.003.01zM0 19.089zM5.13 5.073c3.561-3.533 8.157-5.621 9.922-3.84 1.762 1.777-.105 6.105-3.673 9.636-3.563 3.532-8.103 5.734-9.864 3.957-1.766-1.777.045-6.217 3.612-9.75l.003-.003z`,
+  c: `M16.5921 9.1962s-.354-3.298-3.627-3.39c-3.2741-.09-4.9552 2.474-4.9552 6.14 0 3.6651 1.858 6.5972 5.0451 6.5972 3.184 0 3.5381-3.665 3.5381-3.665l6.1041.365s.36 3.31-2.196 5.836c-2.552 2.5241-5.6901 2.9371-7.8762 2.9201-2.19-.017-5.2261.034-8.1602-2.97-2.938-3.0101-3.436-5.9302-3.436-8.8002 0-2.8701.556-6.6702 4.047-9.5502C7.444.72 9.849 0 12.254 0c10.0422 0 10.7172 9.2602 10.7172 9.2602z`,
+  cplusplus: `M22.394 6c-.167-.29-.398-.543-.652-.69L12.926.22c-.509-.294-1.34-.294-1.848 0L2.26 5.31c-.508.293-.923 1.013-.923 1.6v10.18c0 .294.104.62.271.91.167.29.398.543.652.69l8.816 5.09c.508.293 1.34.293 1.848 0l8.816-5.09c.254-.147.485-.4.652-.69.167-.29.27-.616.27-.91V6.91c.003-.294-.1-.62-.268-.91zM12 19.11c-3.92 0-7.109-3.19-7.109-7.11 0-3.92 3.19-7.11 7.11-7.11a7.133 7.133 0 016.156 3.553l-3.076 1.78a3.567 3.567 0 00-3.08-1.78A3.56 3.56 0 008.444 12 3.56 3.56 0 0012 15.555a3.57 3.57 0 003.08-1.778l3.078 1.78A7.135 7.135 0 0112 19.11zm7.11-6.715h-.79v.79h-.79v-.79h-.79v-.79h.79v-.79h.79v.79h.79zm2.962 0h-.79v.79h-.79v-.79h-.79v-.79h.79v-.79h.79v.79h.79z`,
+  dotnet: `M24 8.77h-2.468v7.565h-1.425V8.77h-2.462V7.53H24zm-6.852 7.565h-4.821V7.53h4.63v1.24h-3.205v2.494h2.953v1.234h-2.953v2.604h3.396zm-6.708 0H8.882L4.78 9.863a2.896 2.896 0 0 1-.258-.51h-.036c.032.189.048.592.048 1.21v5.772H3.157V7.53h1.659l3.965 6.32c.167.261.275.442.323.54h.024c-.04-.233-.06-.629-.06-1.185V7.529h1.372zm-8.703-.693a.868.829 0 0 1-.869.829.868.829 0 0 1-.868-.83.868.829 0 0 1 .868-.828.868.829 0 0 1 .869.829Z`,
+  html5: `M1.5 0h21l-1.91 21.563L11.977 24l-8.564-2.438L1.5 0zm7.031 9.75l-.232-2.718 10.059.003.23-2.622L5.412 4.41l.698 8.01h9.126l-.326 3.426-2.91.804-2.955-.81-.188-2.11H6.248l.33 4.171L12 19.351l5.379-1.443.744-8.157H8.531z`,
+  css: `M0 0v20.16A3.84 3.84 0 0 0 3.84 24h16.32A3.84 3.84 0 0 0 24 20.16V3.84A3.84 3.84 0 0 0 20.16 0Zm14.256 13.08c1.56 0 2.28 1.08 2.304 2.64h-1.608c.024-.288-.048-.6-.144-.84-.096-.192-.288-.264-.552-.264-.456 0-.696.264-.696.84-.024.576.288.888.768 1.08.72.288 1.608.744 1.92 1.296q.432.648.432 1.656c0 1.608-.912 2.592-2.496 2.592-1.656 0-2.4-1.032-2.424-2.688h1.68c0 .792.264 1.176.792 1.176.264 0 .456-.072.552-.24.192-.312.24-1.176-.048-1.512-.312-.408-.912-.6-1.32-.816q-.828-.396-1.224-.936c-.24-.36-.36-.888-.36-1.536 0-1.44.936-2.472 2.424-2.448m5.4 0c1.584 0 2.304 1.08 2.328 2.64h-1.608c0-.288-.048-.6-.168-.84-.096-.192-.264-.264-.528-.264-.48 0-.72.264-.72.84s.288.888.792 1.08c.696.288 1.608.744 1.92 1.296.264.432.408.984.408 1.656.024 1.608-.888 2.592-2.472 2.592-1.68 0-2.424-1.056-2.448-2.688h1.68c0 .744.264 1.176.792 1.176.264 0 .456-.072.552-.24.216-.312.264-1.176-.048-1.512-.288-.408-.888-.6-1.32-.816-.552-.264-.96-.576-1.2-.936s-.36-.888-.36-1.536c-.024-1.44.912-2.472 2.4-2.448m-11.031.018c.711-.006 1.419.198 1.839.63.432.432.672 1.128.648 1.992H9.336c.024-.456-.096-.792-.432-.96-.312-.144-.768-.048-.888.24-.12.264-.192.576-.168.864v3.504c0 .744.264 1.128.768 1.128a.65.65 0 0 0 .552-.264c.168-.24.192-.552.168-.84h1.776c.096 1.632-.984 2.712-2.568 2.688-1.536 0-2.496-.864-2.472-2.472v-4.032c0-.816.24-1.44.696-1.848.432-.408 1.146-.624 1.857-.63`,
+  php: `M7.01 10.207h-.944l-.515 2.648h.838c.556 0 .97-.105 1.242-.314.272-.21.455-.559.55-1.049.092-.47.05-.802-.124-.995-.175-.193-.523-.29-1.047-.29zM12 5.688C5.373 5.688 0 8.514 0 12s5.373 6.313 12 6.313S24 15.486 24 12c0-3.486-5.373-6.312-12-6.312zm-3.26 7.451c-.261.25-.575.438-.917.551-.336.108-.765.164-1.285.164H5.357l-.327 1.681H3.652l1.23-6.326h2.65c.797 0 1.378.209 1.744.628.366.418.476 1.002.33 1.752a2.836 2.836 0 0 1-.305.847c-.143.255-.33.49-.561.703zm4.024.715l.543-2.799c.063-.318.039-.536-.068-.651-.107-.116-.336-.174-.687-.174H11.46l-.704 3.625H9.388l1.23-6.327h1.367l-.327 1.682h1.218c.767 0 1.295.134 1.586.401s.378.7.263 1.299l-.572 2.944h-1.389zm7.597-2.265a2.782 2.782 0 0 1-.305.847c-.143.255-.33.49-.561.703a2.44 2.44 0 0 1-.917.551c-.336.108-.765.164-1.286.164h-1.18l-.327 1.682h-1.378l1.23-6.326h2.649c.797 0 1.378.209 1.744.628.366.417.477 1.001.331 1.751zM17.766 10.207h-.943l-.516 2.648h.838c.557 0 .971-.105 1.242-.314.272-.21.455-.559.551-1.049.092-.47.049-.802-.125-.995s-.524-.29-1.047-.29z`,
+  swift: `M7.508 0c-.287 0-.573 0-.86.002-.241.002-.483.003-.724.01-.132.003-.263.009-.395.015A9.154 9.154 0 0 0 4.348.15 5.492 5.492 0 0 0 2.85.645 5.04 5.04 0 0 0 .645 2.848c-.245.48-.4.972-.495 1.5-.093.52-.122 1.05-.136 1.576a35.2 35.2 0 0 0-.012.724C0 6.935 0 7.221 0 7.508v8.984c0 .287 0 .575.002.862.002.24.005.481.012.722.014.526.043 1.057.136 1.576.095.528.25 1.02.495 1.5a5.03 5.03 0 0 0 2.205 2.203c.48.244.97.4 1.498.495.52.093 1.05.124 1.576.138.241.007.483.009.724.01.287.002.573.002.86.002h8.984c.287 0 .573 0 .86-.002.241-.001.483-.003.724-.01a10.523 10.523 0 0 0 1.578-.138 5.322 5.322 0 0 0 1.498-.495 5.035 5.035 0 0 0 2.203-2.203c.245-.48.4-.972.495-1.5.093-.52.124-1.05.138-1.576.007-.241.009-.481.01-.722.002-.287.002-.575.002-.862V7.508c0-.287 0-.573-.002-.86a33.662 33.662 0 0 0-.01-.724 10.5 10.5 0 0 0-.138-1.576 5.328 5.328 0 0 0-.495-1.5A5.039 5.039 0 0 0 21.152.645 5.32 5.32 0 0 0 19.654.15a10.493 10.493 0 0 0-1.578-.138 34.98 34.98 0 0 0-.722-.01C17.067 0 16.779 0 16.492 0H7.508zm6.035 3.41c4.114 2.47 6.545 7.162 5.549 11.131-.024.093-.05.181-.076.272l.002.001c2.062 2.538 1.5 5.258 1.236 4.745-1.072-2.086-3.066-1.568-4.088-1.043a6.803 6.803 0 0 1-.281.158l-.02.012-.002.002c-2.115 1.123-4.957 1.205-7.812-.022a12.568 12.568 0 0 1-5.64-4.838c.649.48 1.35.902 2.097 1.252 3.019 1.414 6.051 1.311 8.197-.002C9.651 12.73 7.101 9.67 5.146 7.191a10.628 10.628 0 0 1-1.005-1.384c2.34 2.142 6.038 4.83 7.365 5.576C8.69 8.408 6.208 4.743 6.324 4.86c4.436 4.47 8.528 6.996 8.528 6.996.154.085.27.154.36.213.085-.215.16-.437.224-.668.708-2.588-.09-5.548-1.893-7.992z`,
+  kotlin: `M24 24H0V0h24L12 12Z`,
+  gnubash: `M21.038,4.9l-7.577-4.498C13.009,0.134,12.505,0,12,0c-0.505,0-1.009,0.134-1.462,0.403L2.961,4.9 C2.057,5.437,1.5,6.429,1.5,7.503v8.995c0,1.073,0.557,2.066,1.462,2.603l7.577,4.497C10.991,23.866,11.495,24,12,24 c0.505,0,1.009-0.134,1.461-0.402l7.577-4.497c0.904-0.537,1.462-1.529,1.462-2.603V7.503C22.5,6.429,21.943,5.437,21.038,4.9z M15.17,18.946l0.013,0.646c0.001,0.078-0.05,0.167-0.111,0.198l-0.383,0.22c-0.061,0.031-0.111-0.007-0.112-0.085L14.57,19.29 c-0.328,0.136-0.66,0.169-0.872,0.084c-0.04-0.016-0.057-0.075-0.041-0.142l0.139-0.584c0.011-0.046,0.036-0.092,0.069-0.121 c0.012-0.011,0.024-0.02,0.036-0.026c0.022-0.011,0.043-0.014,0.062-0.006c0.229,0.077,0.521,0.041,0.802-0.101 c0.357-0.181,0.596-0.545,0.592-0.907c-0.003-0.328-0.181-0.465-0.613-0.468c-0.55,0.001-1.064-0.107-1.072-0.917 c-0.007-0.667,0.34-1.361,0.889-1.8l-0.007-0.652c-0.001-0.08,0.048-0.168,0.111-0.2l0.37-0.236 c0.061-0.031,0.111,0.007,0.112,0.087l0.006,0.653c0.273-0.109,0.511-0.138,0.726-0.088c0.047,0.012,0.067,0.076,0.048,0.151 l-0.144,0.578c-0.011,0.044-0.036,0.088-0.065,0.116c-0.012,0.012-0.025,0.021-0.038,0.028c-0.019,0.01-0.038,0.013-0.057,0.009 c-0.098-0.022-0.332-0.073-0.699,0.113c-0.385,0.195-0.52,0.53-0.517,0.778c0.003,0.297,0.155,0.387,0.681,0.396 c0.7,0.012,1.003,0.318,1.01,1.023C16.105,17.747,15.736,18.491,15.17,18.946z M19.143,17.859c0,0.06-0.008,0.116-0.058,0.145 l-1.916,1.164c-0.05,0.029-0.09,0.004-0.09-0.056v-0.494c0-0.06,0.037-0.093,0.087-0.122l1.887-1.129 c0.05-0.029,0.09-0.004,0.09,0.056V17.859z M20.459,6.797l-7.168,4.427c-0.894,0.523-1.553,1.109-1.553,2.187v8.833 c0,0.645,0.26,1.063,0.66,1.184c-0.131,0.023-0.264,0.039-0.398,0.039c-0.42,0-0.833-0.114-1.197-0.33L3.226,18.64 c-0.741-0.44-1.201-1.261-1.201-2.142V7.503c0-0.881,0.46-1.702,1.201-2.142l7.577-4.498c0.363-0.216,0.777-0.33,1.197-0.33 c0.419,0,0.833,0.114,1.197,0.33l7.577,4.498c0.624,0.371,1.046,1.013,1.164,1.732C21.686,6.557,21.12,6.411,20.459,6.797z`,
+  json: `M12.043 23.968c.479-.004.953-.029 1.426-.094a11.805 11.805 0 003.146-.863 12.404 12.404 0 003.793-2.542 11.977 11.977 0 002.44-3.427 11.794 11.794 0 001.02-3.476c.149-1.16.135-2.346-.045-3.499a11.96 11.96 0 00-.793-2.788 11.197 11.197 0 00-.854-1.617c-1.168-1.837-2.861-3.314-4.81-4.3a12.835 12.835 0 00-2.172-.87h-.005c.119.063.24.132.345.201.12.074.239.146.351.225a8.93 8.93 0 011.559 1.33c1.063 1.145 1.797 2.548 2.218 4.041.284.982.434 1.998.495 3.017.044.743.044 1.491-.047 2.229-.149 1.27-.554 2.51-1.228 3.596a7.475 7.475 0 01-1.903 2.084c-1.244.928-2.877 1.482-4.436 1.114a3.916 3.916 0 01-.748-.258 4.692 4.692 0 01-.779-.45 6.08 6.08 0 01-1.244-1.105 6.507 6.507 0 01-1.049-1.747 7.366 7.366 0 01-.494-2.54c-.03-1.273.225-2.553.854-3.67a6.43 6.43 0 011.663-1.918c.225-.178.464-.333.704-.479l.016-.007a5.121 5.121 0 00-1.441-.12 4.963 4.963 0 00-1.228.24c-.359.12-.704.27-1.019.45a6.146 6.146 0 00-.733.494c-.211.18-.42.36-.615.555-1.123 1.153-1.768 2.682-2.022 4.256-.15.973-.15 1.96-.091 2.95.105 1.395.391 2.787.945 4.062a8.518 8.518 0 001.348 2.173 8.14 8.14 0 003.132 2.23 7.934 7.934 0 002.113.54c.074.015.149.015.209.015zm-2.934-.398a4.102 4.102 0 01-.45-.228 8.5 8.5 0 01-2.038-1.534c-1.094-1.137-1.827-2.566-2.247-4.08a15.184 15.184 0 01-.495-3.172 12.14 12.14 0 01.046-2.082c.135-1.257.495-2.501 1.124-3.58a6.889 6.889 0 011.783-2.053 6.23 6.23 0 011.633-.9 5.363 5.363 0 013.522-.045c.029 0 .029 0 .045.03.015.015.045.015.06.03.045.016.104.045.165.074.239.12.479.271.704.42a6.294 6.294 0 012.097 2.502c.42.914.615 1.934.631 2.938.014 1.079-.18 2.157-.645 3.146a6.42 6.42 0 01-2.638 2.832c.09.03.18.045.271.075.225.044.449.074.688.074 1.468.045 2.892-.66 3.94-1.647.195-.18.375-.375.54-.585.225-.27.435-.54.614-.823.239-.375.435-.75.614-1.154a8.112 8.112 0 00.509-1.664c.196-1.004.211-2.022.149-3.026-.135-2.022-.673-4.045-1.842-5.724a9.054 9.054 0 00-.555-.719 9.868 9.868 0 00-1.063-1.034 8.477 8.477 0 00-1.363-.915 9.927 9.927 0 00-1.692-.598l-.3-.06c-.209-.03-.42-.044-.634-.06a8.453 8.453 0 00-1.015.016c-.704.045-1.412.16-2.112.337C5.799 1.227 2.863 3.566 1.3 6.67A11.834 11.834 0 00.238 9.801a11.81 11.81 0 00-.104 3.775c.12 1.02.374 2.023.778 2.977.227.57.511 1.124.825 1.648 1.094 1.783 2.683 3.236 4.51 4.24.688.39 1.408.69 2.157.944.226.074.45.15.689.21z`,
+  r: `M12 2.746c-6.627 0-12 3.599-12 8.037 0 3.897 4.144 7.144 9.64 7.88V16.26c-2.924-.915-4.925-2.755-4.925-4.877 0-3.035 4.084-5.494 9.12-5.494 5.038 0 8.757 1.683 8.757 5.494 0 1.976-.999 3.379-2.662 4.272.09.066.174.128.258.216.169.149.25.363.372.544 2.128-1.45 3.44-3.437 3.44-5.631 0-4.44-5.373-8.038-12-8.038zm-2.111 4.99v13.516l4.093-.002-.002-5.291h1.1c.225 0 .321.066.549.25.272.22.715.982.715.982l2.164 4.063 4.627-.002-2.864-4.826s-.086-.193-.265-.383a2.22 2.22 0 00-.582-.416c-.422-.214-1.149-.434-1.149-.434s3.578-.264 3.578-3.826c0-3.562-3.744-3.63-3.744-3.63zm4.127 2.93l2.478.002s1.149-.062 1.149 1.127c0 1.165-1.149 1.17-1.149 1.17h-2.478zm1.754 6.119c-.494.049-1.012.079-1.54.088v1.807a16.622 16.622 0 002.37-.473l-.471-.891s-.108-.183-.248-.394c-.039-.054-.08-.098-.111-.137z`,
+  dart: `M4.105 4.105S9.158 1.58 11.684.316a3.079 3.079 0 0 1 1.481-.315c.766.047 1.677.788 1.677.788L24 9.948v9.789h-4.263V24H9.789l-9-9C.303 14.5 0 13.795 0 13.105c0-.319.18-.818.316-1.105l3.789-7.895zm.679.679v11.787c.002.543.021 1.024.498 1.508L10.204 23h8.533v-4.263L4.784 4.784zm12.055-.678c-.899-.896-1.809-1.78-2.74-2.643-.302-.267-.567-.468-1.07-.462-.37.014-.87.195-.87.195L6.341 4.105l10.498.001z`,
+  lua: `M.38 10.377l-.272-.037c-.048.344-.082.695-.101 1.041l.275.016c.018-.34.051-.682.098-1.02zM4.136 3.289l-.184-.205c-.258.232-.509.48-.746.734l.202.188c.231-.248.476-.49.728-.717zM5.769 2.059l-.146-.235c-.296.186-.586.385-.863.594l.166.219c.27-.203.554-.399.843-.578zM1.824 18.369c.185.297.384.586.593.863l.22-.164c-.205-.271-.399-.555-.58-.844l-.233.145zM1.127 16.402l-.255.104c.129.318.274.635.431.943l.005.01.245-.125-.005-.01c-.153-.301-.295-.611-.421-.922zM.298 9.309l.269.063c.076-.332.168-.664.272-.986l-.261-.087c-.108.332-.202.672-.28 1.01zM.274 12.42l-.275.01c.012.348.04.699.083 1.043l.273-.033c-.042-.336-.069-.68-.081-1.02zM.256 14.506c.073.34.162.682.264 1.014l.263-.08c-.1-.326-.187-.658-.258-.99l-.269.056zM11.573.275L11.563 0c-.348.012-.699.039-1.044.082l.034.273c.338-.041.68-.068 1.02-.08zM23.221 8.566c.1.326.186.66.256.992l.27-.059c-.072-.34-.16-.682-.262-1.014l-.264.081zM17.621 1.389c-.309-.164-.627-.314-.947-.449l-.107.252c.314.133.625.281.926.439l.128-.242zM15.693.572c-.332-.105-.67-.199-1.01-.277l-.063.268c.332.076.664.168.988.273l.085-.264zM6.674 1.545c.298-.15.606-.291.916-.418L7.486.873c-.317.127-.632.272-.937.428l-.015.008.125.244.015-.008zM23.727 11.588l.275-.01a11.797 11.797 0 0 0-.082-1.045l-.273.033c.041.338.068.682.08 1.022zM13.654.105c-.346-.047-.696-.08-1.043-.098l-.014.273c.339.018.683.051 1.019.098l.038-.273zM9.544.527l-.058-.27c-.34.072-.681.16-1.014.264l.081.262c.325-.099.659-.185.991-.256zM1.921 5.469l.231.15c.185-.285.384-.566.592-.834l-.217-.17c-.213.276-.417.563-.606.854zM.943 7.318l.253.107c.132-.313.28-.625.439-.924l-.243-.128c-.163.307-.314.625-.449.945zM18.223 21.943l.145.234c.295-.186.586-.385.863-.594l-.164-.219c-.272.204-.557.4-.844.579zM21.248 19.219l.217.17c.215-.273.418-.561.607-.854l-.23-.148c-.186.285-.385.564-.594.832zM19.855 20.715l.184.203c.258-.23.51-.479.746-.732l-.201-.188c-.23.248-.477.488-.729.717zM22.359 17.504l.244.129c.162-.307.314-.625.449-.945l-.254-.107a11.27 11.27 0 0 1-.439.923zM23.617 13.629l.273.039c.049-.346.082-.695.102-1.043l-.275-.014c-.018.338-.051.682-.1 1.018zM23.156 15.621l.264.086c.107-.332.201-.67.279-1.01l-.268-.063c-.077.333-.169.665-.275.987zM22.453 6.672c.154.303.297.617.424.932l.256-.104c-.131-.322-.277-.643-.436-.953l-.244.125zM8.296 23.418c.331.107.67.201 1.009.279l.062-.268c-.331-.076-.663-.168-.986-.273l-.085.262zM10.335 23.889c.345.049.696.082 1.043.102l.014-.275c-.339-.018-.682-.051-1.019-.098l-.038.271zM17.326 22.449c-.303.154-.613.297-.926.424l.104.256c.318-.131.639-.275.947-.434l.004-.002-.123-.246-.006.002zM4.613 21.467c.274.213.562.418.854.605l.149-.23c-.285-.184-.565-.385-.833-.592l-.17.217zM12.417 23.725l.009.275c.348-.014.699-.041 1.045-.084l-.035-.271c-.336.041-.68.068-1.019.08zM6.37 22.604c.307.162.625.314.946.449l.107-.254c-.313-.133-.624-.279-.924-.439l-.129.244zM3.083 20.041c.233.258.48.51.734.746l.188-.201c-.249-.23-.49-.477-.717-.729l-.205.184zM14.445 23.475l.059.27c.34-.074.68-.162 1.014-.266l-.082-.262c-.325.099-.659.185-.991.258zM21.18.129A2.689 2.689 0 1 0 21.18 5.507 2.689 2.689 0 1 0 21.18.129zM15.324 15.447c0 .471.314.66.852.66.67 0 1.297-.396 1.297-1.016v-.645c-.23.107-.379.141-1.107.24-.735.109-1.042.306-1.042.761zM12 2.818c-5.07 0-9.18 4.109-9.18 9.18 0 5.068 4.11 9.18 9.18 9.18 5.07 0 9.18-4.111 9.18-9.18 0-5.07-4.11-9.18-9.18-9.18zm-2.487 13.77H5.771v-6.023h.769v5.346h2.974v.677zm4.13 0h-.619v-.67c-.405.57-.811.793-1.446.793-.843 0-1.38-.463-1.38-1.182v-3.271h.686v3c0 .52.347.85.893.85.719 0 1.181-.578 1.181-1.461v-2.389h.686v4.33zm-.53-8.393c0-1.484 1.205-2.689 2.689-2.689s2.688 1.205 2.688 2.689-1.203 2.688-2.688 2.688-2.689-1.203-2.689-2.688zm5.567 7.856v.52c-.223.059-.33.074-.471.074-.34 0-.637-.238-.711-.57-.381.406-.918.637-1.471.637-.877 0-1.422-.463-1.422-1.248 0-.527.256-.916.76-1.123.266-.107.414-.141 1.389-.264.545-.066.719-.191.719-.48v-.182c0-.412-.348-.645-.967-.645-.645 0-.957.24-1.016.77h-.693c.041-1 .686-1.404 1.734-1.404 1.066 0 1.627.412 1.627 1.182v2.412c0 .215.133.338.373.338.041-.002.074-.002.149-.017z`,
+  elixir: `M19.793 16.575c0 3.752-2.927 7.426-7.743 7.426-5.249 0-7.843-3.71-7.843-8.29 0-5.21 3.892-12.952 8-15.647a.397.397 0 0 1 .61.371 9.716 9.716 0 0 0 1.694 6.518c.522.795 1.092 1.478 1.763 2.352.94 1.227 1.637 1.906 2.644 3.842l.015.028a7.107 7.107 0 0 1 .86 3.4z`,
+  haskell: `M0 3.535L5.647 12 0 20.465h4.235L9.883 12 4.235 3.535zm5.647 0L11.294 12l-5.647 8.465h4.235l3.53-5.29 3.53 5.29h4.234L9.883 3.535zm8.941 4.938l1.883 2.822H24V8.473zm2.824 4.232l1.882 2.822H24v-2.822z`,
+  scala: `M4.589 24c4.537 0 13.81-1.516 14.821-3v-5.729c-.957 1.408-10.284 2.912-14.821 2.912V24zM4.589 16.365c4.537 0 13.81-1.516 14.821-3V7.636c-.957 1.408-10.284 2.912-14.821 2.912v5.817zM4.589 8.729c4.537 0 13.81-1.516 14.821-3V0C18.453 1.408 9.126 2.912 4.589 2.912v5.817z`,
+  perl: `M12 0A12 12 0 0 0 0 12a12 12 0 0 0 12 12 12 12 0 0 0 12-12A12 12 0 0 0 12 0m.157 1.103a10.91 10.91 0 0 1 9.214 5.404c-1.962.152-3.156 1.698-5.132 3.553-2.81 2.637-4.562.582-5.288-.898-.447-1.004-.847-2.117-1.544-2.769A.4.4 0 0 1 9.3 6.02l.08-.37a.083.083 0 0 0-.074-.1c-.33-.022-.601.093-.84.368a2.5 2.5 0 0 0-.375-.064c-.863-.093-1.036.345-1.873.345H5.81c-.758 0-1.391.361-1.7.892-.248.424-.257.884.15.93-.126.445.292.62 1.224.192 0 0 .733.421 1.749.421.549 0 .712.087.914.967.486 2.138 2.404 5.655 6.282 5.655l.118.166c.659.934.86 2.113.48 3.184-.307.867-.697 1.531-.697 1.531q.01.178.01.349c0 .81-.175 1.553-.387 2.23a10.91 10.91 0 0 1-11.989-6.342A10.91 10.91 0 0 1 7.608 2.01a10.9 10.9 0 0 1 4.55-.907M7.524 6.47c.288 0 .575.231.477.272a.4.4 0 0 1-.1.02.38.38 0 0 1-.375.327.384.384 0 0 1-.378-.326.4.4 0 0 1-.101-.02c-.098-.042.19-.273.477-.273m10.193 10.49q.05 0 .101.007.326.054.694.096.135.01.269.026a13.4 13.4 0 0 0 2.846-.007 10.9 10.9 0 0 1-2.007 2.705c-.11-.23-.547-1.19-.573-2.196q-.156-.01-.313-.026-.13-.014-.256-.022a18 18 0 0 1-.735-.102h-.003c-.032 0-.06.01-.074.035l-.003.012q-.081.265-.182.544c.428 1.084.652 2.078.652 2.078.14.22.258.432.363.64a11 11 0 0 1-2.168 1.264 11 11 0 0 1-1.205.426 13.3 13.3 0 0 1 1.055-2.531s.678-1.445 1.027-2.564v-.004a.55.55 0 0 1 .512-.38`,
+  clojure: `M11.503 12.216c-.119.259-.251.549-.387.858-.482 1.092-1.016 2.42-1.21 3.271a4.91 4.91 0 0 0-.112 1.096c0 .164.009.337.022.514.682.25 1.417.388 2.186.39a6.39 6.39 0 0 0 2.001-.326 3.808 3.808 0 0 1-.418-.441c-.854-1.089-1.329-2.682-2.082-5.362M8.355 6.813A6.347 6.347 0 0 0 5.657 12a6.347 6.347 0 0 0 2.625 5.134c.39-1.622 1.366-3.107 2.83-6.084-.087-.239-.186-.5-.297-.775-.406-1.018-.991-2.198-1.513-2.733a4.272 4.272 0 0 0-.947-.729M17.527 19.277c-.84-.105-1.533-.232-2.141-.446A7.625 7.625 0 0 1 4.376 12a7.6 7.6 0 0 1 2.6-5.73 5.582 5.582 0 0 0-1.324-.162c-2.236.02-4.597 1.258-5.58 4.602-.092.486-.07.854-.07 1.29 0 6.627 5.373 12 12 12 4.059 0 7.643-2.017 9.815-5.101-1.174.293-2.305.433-3.271.436-.362 0-.702-.02-1.019-.058M15.273 16.952c.074.036.242.097.475.163a6.354 6.354 0 0 0 2.6-5.115h-.002a6.354 6.354 0 0 0-6.345-6.345 6.338 6.338 0 0 0-1.992.324c1.289 1.468 1.908 3.566 2.507 5.862l.001.003c.001.002.192.637.518 1.48.326.842.789 1.885 1.293 2.645.332.51.697.876.945.983M12.001 0a11.98 11.98 0 0 0-9.752 5.013c1.134-.71 2.291-.967 3.301-.957 1.394.004 2.491.436 3.017.732.127.073.248.152.366.233A7.625 7.625 0 0 1 19.625 12a7.605 7.605 0 0 1-2.268 5.425c.344.038.709.063 1.084.061 1.328 0 2.766-.293 3.842-1.198.703-.592 1.291-1.458 1.617-2.757.065-.502.1-1.012.1-1.531 0-6.627-5.371-12-11.999-12`,
+  julia: `M11.138 17.569a5.569 5.569 0 1 1-11.138 0 5.569 5.569 0 1 1 11.138 0zm6.431-11.138a5.569 5.569 0 1 1-11.138 0 5.569 5.569 0 1 1 11.138 0zM24 17.569a5.569 5.569 0 1 1-11.138 0 5.569 5.569 0 1 1 11.138 0z`,
+  zig: `m23.53 1.02-7.686 3.45h-7.06l-2.98 3.452h7.173L.47 22.98l7.681-3.607h7.065v-.002l2.978-3.45-7.148-.001 12.482-14.9zM0 4.47v14.901h1.883l2.98-3.45H3.451v-8h.942l2.824-3.45H0zm22.117 0-2.98 3.608h1.412v7.844h-.942l-2.98 3.45H24V4.47h-1.883z`,
+  nim: `M12.095 3.2s-.92.778-1.857 1.55c-.964-.032-2.856.199-3.88.598C5.412 4.708 4.582 4 4.582 4s-.709 1.305-1.154 2.07c-.662.377-1.325.8-1.917 1.36C.824 7.14.026 6.782 0 6.77c.911 1.967 1.524 3.936 3.19 5.12 2.654-4.483 14.983-4.07 17.691-.025 1.75-.977 2.43-3.078 3.119-5.018-.075.026-1.012.362-1.619.61-.363-.423-1.217-1.072-1.702-1.385a96.008 96.008 0 00-1.131-2.122s-.794.632-1.715 1.322c-1.243-.246-2.747-.544-4.012-.47A52.988 52.988 0 0112.095 3.2zM.942 10.95l2.189 5.67c3.801 5.367 13.508 5.74 17.74.105 1.001-2.415 2.352-5.808 2.352-5.808-1.086 1.72-2.852 2.909-3.94 3.549-.774.453-2.558.727-2.558.727l-4.684-2.597-4.71 2.545s-1.761-.303-2.558-.701c-1.608-.92-2.69-2.004-3.83-3.49z`,
+  fortran: `M19.536 0H4.464A4.463 4.463 0 0 0 0 4.464v15.073A4.463 4.463 0 0 0 4.464 24h15.073A4.463 4.463 0 0 0 24 19.536V4.464A4.463 4.463 0 0 0 19.536 0zm1.193 6.493v3.871l-.922-.005c-.507-.003-.981-.021-1.052-.041-.128-.036-.131-.05-.192-.839-.079-1.013-.143-1.462-.306-2.136-.352-1.457-1.096-2.25-2.309-2.463-.509-.089-2.731-.176-4.558-.177L10.13 4.7v5.82l.662-.033c.757-.038 1.353-.129 1.64-.252.306-.131.629-.462.781-.799.158-.352.262-.815.345-1.542.033-.286.07-.572.083-.636.024-.116.028-.117 1.036-.117h1.012v9.3h-2.062l-.035-.536c-.063-.971-.252-1.891-.479-2.331-.311-.601-.922-.871-2.151-.95a11.422 11.422 0 0 1-.666-.059l-.172-.027.02 2.926c.021 3.086.03 3.206.265 3.465.241.266.381.284 2.827.368.05.002.065.246.065 1.041v1.039H3.271v-1.039c0-.954.007-1.039.091-1.041.05-.001.543-.023 1.097-.049.891-.042 1.033-.061 1.244-.167a.712.712 0 0 0 .345-.328c.106-.206.107-.254.107-6.78 0-6.133-.006-6.584-.09-6.737a.938.938 0 0 0-.553-.436c-.104-.032-.65-.07-1.215-.086l-1.026-.027V2.622h17.458v3.871z`,
+  erlang: `M8.859 7.889c.154-1.863 1.623-3.115 3.344-3.119 1.734.004 2.986 1.256 3.029 3.119zm12.11 11.707c.802-.86 1.52-1.872 2.172-3.03l-3.616-1.807c-1.27 2.064-3.127 3.965-5.694 3.977-3.738-.012-5.206-3.208-5.198-7.322h13.966c.019-.464.019-.68 0-.904.091-2.447-.558-4.504-1.737-6.106l-.007.005H24v15.186h-3.039zm-17.206-.001C1.901 17.62.811 14.894.813 11.64c-.002-2.877.902-5.35 2.456-7.232H0v15.187h3.761Z`,
+  fsharp: `M0 12 11.39.61v5.695L5.695 12l5.695 5.695v5.695L0 12zm7.322 0 4.068-4.068v8.136L7.322 12zM24 12 12.203.61v5.695L17.898 12l-5.695 5.695v5.695L24 12z`,
+  solidity: `M4.409 6.608L7.981.255l3.572 6.353H4.409zM8.411 0l3.569 6.348L15.552 0H8.411zm4.036 17.392l3.572 6.354 3.575-6.354h-7.147zm-.608-10.284h-7.43l3.715 6.605 3.715-6.605zm.428-.25h7.428L15.982.255l-3.715 6.603zM15.589 24l-3.569-6.349L8.448 24h7.141zm-3.856-6.858H4.306l3.712 6.603 3.715-6.603zm.428-.25h7.433l-3.718-6.605-3.715 6.605z`,
+  coffeescript: `M4.645 7.472c2.1.53 4.779.8 8.008.8 3.299 0 5.918-.27 8.008-.8 2.23-.52 3.299-1.22 3.299-1.88 0-.47-.48-.93-1.35-1.28.2.13.35.35.35.59 0 .67-1.01 1.22-3.039 1.68-1.88.41-4.279.7-7.198.7-2.82 0-5.329-.29-7.138-.68-1.95-.48-2.97-1-2.97-1.68 0-.28.13-.52.52-.8-1.22.47-1.88.87-1.88 1.47.07.68 1.16 1.36 3.39 1.88zm4.689-2.16c2.27-.2 2.929-1.659 5.588-1.899 1.31-.1 2.14.16 2.23.62.08.43-.57.72-1.36.78-1.09.11-1.54-.28-1.63-.65-.81.09-.94.43-.9.67.09.46 1.07.92 2.75.76 1.9-.15 2.54-.9 2.38-1.65-.2-.98-1.66-1.8-4.28-1.55-3.359.3-3.339 1.86-5.628 2.05-.94.09-1.46-.13-1.55-.5-.06-.37.4-.55.94-.59.5-.05 1.11.04 1.4.2.21-.11.28-.22.26-.35-.1-.35-.79-.5-1.66-.44-1.7.15-1.7.91-1.64 1.25.17.87 1.48 1.45 3.1 1.3zm11.417 3.84c-2.1.49-4.779.809-8.008.809-3.3 0-5.989-.34-8.078-.8-1.88-.48-2.88-1.01-3.23-1.56.18 1.23.49 2.42.89 3.55-.48.3-.91.67-1.3 1.17a4.519 4.519 0 00-1.019 3.098 3.6 3.599 0 001.42 2.62c.87.68 1.81.88 2.879.68.41-.07.87-.28 1.29-.42-.88 0-1.62-.28-2.36-.87a3.55 3.549 0 01-1.49-2.42c-.2-.94 0-1.81.53-2.579.12-.15.25-.28.39-.4.3.73.62 1.45.98 2.12.81 1.23 1.62 2.299 2.43 3.459.35.68.58 1.35.74 2.019a3.899 3.899 0 002.229 1.5c1.15.4 2.35.58 3.579.51h.13a10.197 10.197 0 003.689-.52 4.179 4.179 0 002.16-1.49h.07c.13-.67.35-1.34.67-2.02.799-1.17 1.619-2.229 2.419-3.458A20.995 20.993 0 0024 7.612c-.43.6-1.44 1.13-3.25 1.54z`,
+  ocaml: `M12.178 21.637c-.085-.17-.187-.524-.255-.676-.067-.135-.27-.506-.37-.625-.22-.253-.27-.27-.338-.608-.12-.574-.405-1.588-.76-2.296-.187-.372-.49-.677-.761-.947-.236-.236-.777-.624-.878-.607-.895.169-1.166 1.046-1.587 1.739-.237.388-.473.71-.66 1.115-.167.371-.151.793-.439 1.115a2.952 2.952 0 00-.624 1.097c-.034.084-.101.929-.186 1.131l1.318-.084c1.233.085.877.557 2.787.456l3.022-.1a5.376 5.376 0 00-.27-.71zM20.96 1.539H3.023A3.02 3.02 0 000 4.56v6.587c.44-.152 1.047-1.08 1.25-1.3.337-.389.405-.895.574-1.2.389-.709.456-1.215 1.334-1.215.406 0 .575.1.845.473.186.253.523.743.675 1.064.186.371.474.86.609.962.1.068.185.136.27.17.135.05.253-.051.354-.12.118-.1.17-.286.287-.556.17-.39.339-.827.44-.997.169-.27.236-.608.422-.76.27-.236.641-.253.743-.27.557-.118.81.27 1.08.507.186.168.423.49.609.91.135.339.304.661.388.846.068.185.237.49.338.86.101.322.337.575.44.744 0 0 .152.406 1.03.778a7.505 7.505 0 00.81.286c.39.135.76.12 1.233.068.338 0 .524-.49.676-.878.084-.237.185-.895.236-1.081.05-.185-.085-.32.034-.49.135-.186.22-.203.287-.439.17-.523 1.114-.54 1.655-.54.456 0 .389.44 1.149.287.439-.085.86.05 1.318.185.388.102.76.22.98.473.134.17.489.997.134 1.031.033.033.067.118.118.151-.085.322-.422.085-.625.051-.253-.05-.44 0-.693.118-.439.187-1.063.17-1.452.49-.32.271-.32.861-.473 1.2 0 0-.422 1.063-1.317 1.722-.237.17-.692.574-1.672.726-.44.068-.86.068-1.318.05-.22-.016-.438-.016-.658-.016-.136 0-.575-.017-.558.034l-.05.119a.6.6 0 00.033.169c.017.1.017.185.034.27 0 .185-.017.388 0 .574.017.388.17.743.186 1.148.017.44.236.913.456 1.267.085.135.203.152.254.32.067.186 0 .406.033.609.118.794.355 1.638.71 2.364v.017c.439-.067.895-.236 1.47-.32 1.063-.153 2.532-.085 3.478-.17 2.399-.22 3.7.98 5.844.49V4.562a3.045 3.045 0 00-3.04-3.023zm-8.951 14.187c0-.034 0-.034 0 0zm-6.47 2.769c.17-.372.271-.778.406-1.15.135-.354.337-.86.693-1.046-.05-.05-.744-.068-.929-.085a7.406 7.406 0 01-.608-.084 22.976 22.976 0 01-1.15-.236c-.22-.051-.979-.322-1.13-.39-.39-.168-.642-.658-.93-.607-.185.034-.37.101-.49.287-.1.152-.134.423-.202.608-.084.203-.22.405-.32.608-.238.354-.626.676-.795 1.03-.033.085-.05.169-.084.254v4.07c.202.034.405.068.624.135 1.69.456 2.095.49 3.75.304l.152-.017c.118-.27.22-1.165.304-1.435.067-.22.153-.39.187-.591.033-.203 0-.406-.017-.59-.034-.491.354-.661.54-1.065z`,
+  crystal: `M23.964 15.266l-8.687 8.669c-.034.035-.086.052-.121.035L3.29 20.79c-.052-.017-.087-.052-.087-.086L.007 8.856c-.018-.053 0-.087.035-.122L8.728.065c.035-.035.087-.052.121-.035l11.866 3.18c.052.017.087.052.087.086l3.18 11.848c.034.053.016.087-.018.122zm-11.64-9.433L.667 8.943c-.017 0-.035.034-.017.052l8.53 8.512c.017.017.052.017.052-.017l3.127-11.64c.017 0-.018-.035-.035-.017Z`,
+  apachegroovy: `M11.997 6.012S10.315 8.8 9.516 10.155c-.155.058-.172.041-.341.207-.41-.47-.897-.041-1.028.22-.057-.566-.151-.567-.279-.694.074-.496.316-1.305-.241-1.884-1.078-.727-2.326 1.05-3.021 1.982l-.375.622c-1.546-.032-2.763.008-4.231-.021 1.79.67 1.864.686 4.026 1.506 0 .066.161.372.34.552.147.15.308.234.389.284-.106.054-.32.138-.385.258-.292.546.139.672.418 1.107.315.568.382.944 1.126.625.254-.11.562-.148.758-.21-.693 1.094-.87 1.392-2.083 3.274l.012.004c4.85-1.893 4.974-1.942 7.373-2.89 3.448 1.338 3.646 1.448 7.432 2.891-.529-.826-.89-1.343-1.274-1.995.151-.013.483-.046.777-.233.213-.135.463-.288.688-.574.443-.565.551-1.277.39-2.166-.078-.423-.235-.834-.213-.85 2.061-.778 2.304-.862 4.226-1.587-2.31.034-2.422.01-4.591.016-.036-.414-.244-.627-.882-.606-.238.039-.389.12-.5.445-.357-.657-.85-.464-1.06-.14-.275-.282-.917-.377-1.24-.17-.238-.112-.514-.112-.757.177-.175-.146-.23-.188-.614-.342-.886-1.497-1.622-2.692-2.36-3.951zm.012.802c.35.535 1.552 2.61 1.849 3.074-.337.023-.668.202-.918.562-.217-.224-.47-.445-.917-.463-.544-.093-.834.148-1.2.568-.108-.365-.53-.45-.896-.28.327-.519 1.872-3.122 2.082-3.46zM7.45 9.128c-.05 1.434-1.068 2.712-1.798 2.245-.551-.449.149-1.584.59-1.985-.033.307.246.498.023.77-.446.543-.27.936-.078.996.513.162 1.004-1.227 1.004-2.201 0-.625-.366-.613-1.086.136-.983 1.022-1.513 2.012-1.16 2.69.197.38.485.651.959.594.925-.11 1.483-1.254 1.543-1.988.148-.003.109.01.148-.02 0 .129.177.755.317 1.166.183.702.964 2.11-1.369 2.658-.44.11-.614.148-1.05.32-.213-.443-.263-.585-.697-1.013.588-.205.593-.185.972-.317 1.467-.51 1.908-.947 1.857-1.57 0 0 .018-.32-.185-.588a2.613 2.613 0 0 1-.293.645c-.437.68-1.296 1.101-2.06.833-.417-.146-.596-.466-.596-1.015 0-.703 1.601-2.735 2.387-3.08.555-.165.579.293.571.724zm6.502 1.3c.26.006.543.133.735.34.594.64.529 1.417.163 1.905-.435.581-1.532.324-1.791-.488-.12-.378.095-1.312.475-1.624a.628.628 0 0 1 .418-.132zm-2.113.066a.502.502 0 0 1 .117.017c.503.03.61.313.701.56.231.626.173 1.212-.301 1.691-.711.719-1.54.401-1.536-.567.014-.69.443-1.715 1.02-1.7zm1.868.038c-.383.287-.432 1.023-.08 1.296.138.13.215.22.613.256.273.024.704-.253.725-.527.01-.125-.013-.333-.312-.67-.252-.283-.579-.349-.661-.3-.265.156.021.28.125.383.162.163.2.234.125.282a.447.447 0 0 1-.372.057c-.105-.049-.456-.246-.163-.777zm3.759.003c.167.26.215.316.402.965.24.838.546 1.163.816 1.01.74-.418.148-1.476-.113-1.974.167-.002.134.007.286.005.12.471.086.387.407 1.813.385 1.706.442 2.16-.528 2.926-.446.352-1.103.37-1.667.34l-.636-.095c.438-.287.545-.557.542-1.116 1.278.535 1.959.132 2.23-.526.132-.317.086-.735-.04-1.471.008.6-.005.71-.084 1.007-.158.595-.547.76-.812.34-.102-.163-.345-.702-.42-1.282-.075-.58-.132-1.395-.5-1.736.04-.08.082-.17.117-.206zm-1.247.01c.258.068.572.204.74.52.234.436.388.668.376 1.447-.014.832-.34 1.055-.557 1.086-.278.04-.762.034-1.049-1.598-.095-.541-.268-1.056-.45-1.224.09-.11.097-.096.165-.204.091.1.17.27.298.777.202.808.387.975.745 1.02.558.072.778-.78.318-1.391-.1-.134-.365-.307-.503-.236.008.236.113.162.114.318-.026.185-.053.219-.113.32-.142-.056-.21-.078-.334-.291-.157-.31-.055-.6.25-.544zm-4.597.076c-.263.185-.594.8-.304 1.35.143.205.297.372.638.3.245-.051.671-.34.73-.749.052-.35-.456-1.028-.738-.87-.327.183-.128.314.074.511.185.18.052.289-.077.342-.258.106-.403.003-.467-.203-.065-.205-.01-.38.144-.68zm-2.867.064c.056.172.1.402.218.624.028.023.132 0 .269-.157.086-.1.185-.238.357-.463.104.095.113.166.142.219.073.13.225.12.273.106.168-.167.195-.275.306-.29.01.216.021.35-.257.677a.535.535 0 0 1-.501.172c-.12-.034-.199-.108-.389-.205-.258.04-.19.315-.143.546.12.611.5.855.832.675.116-.062.09-.062.312-.153-.038.388-.06.463.01.896-.541.301-.982.25-1.102-.506-.091-.632-.261-1.4-.415-1.556-.145-.147-.205-.195-.205-.195l.293-.39zm-7.114.082c.753.01 1.602.01 2.506.017-.13.318-.175.54-.193.854-.422-.163-1.877-.684-2.313-.871zm20.723.01c-.997.359-1.715.637-2.677 1.004-.105-.45-.124-.588-.219-.994 1.601-.005 1.628-.002 2.896-.01zm-6.978 2.04c.105.43.253.641.253.641.202.348.454.545.84.645.085.136.115.163.148.236.037.457.01.514-.344.774-.209.204-.218.497-.003.769.231.22.474.298 1.375.064.174.3.418.653.776 1.217-1.206-.455-2.868-1.103-6.43-2.49 0 0-4.169 1.62-6.404 2.491.935-1.474 1.012-1.599 1.677-2.63.225-.089.149-.053.349-.155.459-.245.827-.61 1.028-1.145.368.83.779.925 1.636.655.177-.082.38-.2.424-.518.46.413 1.432.49 2.142-.382.612.717 2.001.785 2.533-.171zm2.157.865s.04.129.064.169c-.101.003-.213 0-.213 0a.905.905 0 0 0 .149-.17z`,
+  d: `M22.635 3.883a1.364 1.25 0 0 0-1.363 1.25 1.364 1.25 0 0 0 1.363 1.25A1.364 1.25 0 0 0 24 5.133a1.364 1.25 0 0 0-1.365-1.25zm-16.004.418-6.027.008c-.026 0-.051-.003-.076 0-.296.036-.527.273-.528.558l.018 14.574c0 .22.06.676.682.676l5.58-.021c1.595-.003 2.664-.031 3.3-.112h.016a11.43 11.43 0 0 0 1.955-.469c1.22-.38 2.3-.944 3.23-1.697a7.854 7.854 0 0 0 2.114-2.562 6.716 6.716 0 0 0 .646-1.987 4.244 3.89 0 0 0 .26.028 4.244 3.89 0 0 0 4.244-3.89 4.244 3.89 0 0 0-4.244-3.89 4.244 3.89 0 0 0-2.9 1.082 8.838 8.838 0 0 0-2.25-1.355c-1.536-.65-3.536-.948-6.02-.943zm-.262 3.004c1.215-.003 2.079.034 2.569.101a7.32 7.32 0 0 1 1.617.436c.57.218 1.068.483 1.496.814 1.177.915 1.732 1.999 1.734 3.432.003 1.468-.534 2.611-1.68 3.57a5.582 5.582 0 0 1-1.177.742c-.409.19-.942.355-1.615.496-.636.128-1.6.2-2.856.202l-2.673.004-.012-9.793 2.598-.004z`,
+  v: `M15.583 23.4965c.0673.1924-.0435.3484-.2472.3484h-6.262c-.4075 0-.8502-.3113-.9881-.6947L.0426.7837C-.105.3925.149.1152.5276.1599l6.393.6158c.4056.0391.8441.383.9787.7675l7.6837 21.9533zM23.4736.1599l-6.393.6159c-.4055.0391-.8436.3832-.9775.7678l-3.8275 10.9895 3.6784 10.5098L23.9586.7837c.1378-.3834-.0795-.663-.485-.6238z`,
+  odin: `M12 0A11.999 11.999 0 0 0 1.607 18c.001 0 .143.279.545.861.456.661.725.939.725.939L14.194.2s-.468-.09-1.17-.158C12.56-.002 12 0 12 0m4.184.755L4.35 21.248a12 12 0 0 0 1.652 1.144c5.734 3.312 13.078 1.342 16.39-4.394 3.31-5.735 1.342-13.08-4.394-16.39 0 0-.42-.236-.926-.479-.403-.193-.891-.373-.891-.373m-5.38 1.317L2.806 15.926A9.98 9.98 0 0 1 3.34 7a9.99 9.99 0 0 1 7.463-4.928M17 3.34c4.78 2.759 6.42 8.88 3.66 13.66-2.758 4.779-8.881 6.42-13.66 3.66z`,
+  delphi: `M23.922 10.66a11.925 11.925 0 0 0-1.93-5.299 12.002 12.002 0 0 0-1.362-1.692A11.993 11.993 0 0 0 15.271.455a11.916 11.916 0 0 0-2.88-.444c-.237-.005-.474-.015-.71-.004-.345.016-.69.036-1.033.077-.385.046-.77.108-1.15.182a11.947 11.947 0 0 0-4.906 2.297A12.012 12.012 0 0 0 .394 8.94a11.886 11.886 0 0 0-.393 2.883c-.009.51.016 1.019.073 1.526a11.954 11.954 0 0 0 3.103 6.79 11.982 11.982 0 0 0 8.442 3.858c.013 0 .818-.002.868-.004.518-.02 1.032-.076 1.543-.162a11.947 11.947 0 0 0 6.173-3.072 11.975 11.975 0 0 0 3.667-7.028c.053-.406.087-.815.113-1.224.038-.617.006-1.234-.062-1.848zM4.5 11.777c-.052.3-.094.601-.097.906-.003.253-.005.506.004.76.005.148.031.297.051.445.033.252-.067.455-.297.56a.473.473 0 0 1-.227.035c-.217-.019-.433-.05-.65-.077-.073-.01-.147-.017-.22-.03-.017-.003-.04-.025-.042-.041-.041-.249-.086-.497-.115-.747-.024-.206-.03-.413-.043-.62-.006-.118-.014-.236-.013-.355.002-.197.005-.394.017-.59.014-.218.034-.436.06-.653.02-.177.045-.355.083-.529.062-.29.134-.579.207-.867.07-.275.162-.542.273-.804.08-.187.15-.377.235-.56.09-.195.188-.387.295-.573.12-.21.251-.414.382-.619.083-.13.17-.259.26-.384.074-.102.155-.197.234-.295.072-.088.142-.178.217-.263a7.6 7.6 0 0 1 .25-.274c.123-.128.247-.254.373-.378.087-.085.176-.17.27-.248.173-.145.346-.293.528-.427.227-.168.46-.329.697-.483.186-.12.375-.235.572-.336.253-.129.513-.244.773-.359.159-.07.321-.133.486-.19a11.02 11.02 0 0 1 1.312-.359c.279-.05.56-.086.841-.12.194-.023.39-.042.586-.044.312-.003.625-.004.936.019.342.024.683.07 1.023.118.182.026.362.071.54.117.288.075.578.146.86.24.246.08.487.182.724.288.26.116.513.245.767.374.107.054.21.118.311.183.195.124.392.246.58.38.189.135.368.282.55.424.016.012.03.026.05.045-.165.109-.325.211-.481.318-.168.116-.334.235-.5.353-.105.073-.211.145-.315.219-.13.092-.258.187-.387.28l-.45.321c-.11.08-.218.162-.327.243-.129.096-.26.19-.387.288-.217.167-.443.138-.643.003a6.527 6.527 0 0 0-1.757-.83 5.884 5.884 0 0 0-1.33-.246c-.19-.013-.381-.018-.572-.025a4.367 4.367 0 0 0-.792.047 23.89 23.89 0 0 0-.62.105 5.084 5.084 0 0 0-.795.225 6.08 6.08 0 0 0-.527.218 7.22 7.22 0 0 0-.574.294c-.178.103-.347.222-.516.339-.108.073-.214.15-.313.233-.149.124-.292.255-.435.385-.26.235-.486.5-.697.778-.132.174-.25.36-.368.545a5.76 5.76 0 0 0-.489.967 6.298 6.298 0 0 0-.368 1.271zm13.278 5.496c-.175-.122-.353-.242-.527-.366a.5.5 0 0 1-.154-.237l-.222-.55-.21-.532c-.07-.17-.141-.34-.21-.512-.071-.176-.137-.355-.213-.53-.088-.204-.14-.427-.28-.606a4.738 4.738 0 0 0-.288-.337 2.613 2.613 0 0 0-.498-.413c-.14-.09-.298-.12-.457-.148-.449-.081-.896-.166-1.345-.248l-1.368-.246c-.39-.07-.78-.137-1.166-.218-.258-.054-.494.162-.518.407-.023.246.167.456.375.508.56.141 1.118.293 1.677.442.662.175 1.324.347 1.984.527.22.06.416.173.597.313.22.17.4.375.53.62.084.163.151.336.22.506.071.177.14.355.202.534.093.268.182.537.27.806.055.164.11.328.16.492.075.237.147.475.22.712.05.163.099.327.147.49l.184.638c.048.164.098.327.144.492.07.242.14.485.204.729.033.126-.065.268-.2.287-.273.038-.547.07-.821.104-.182.023-.364.043-.546.063l-.66.07c-.28.029-.558.06-.837.09-.118.012-.236.03-.355.028a1.03 1.03 0 0 1-.688-.261c-.144-.126-.223-.292-.316-.451-.078-.135-.152-.272-.235-.403a12.841 12.841 0 0 0-.398-.602c-.134-.187-.28-.365-.423-.544a6.035 6.035 0 0 0-.229-.265 6.95 6.95 0 0 0-.757-.737 8.876 8.876 0 0 0-.641-.488 5.608 5.608 0 0 0-1.755-.803c-.436-.112-.878-.195-1.333-.187a3.542 3.542 0 0 0-.678.07c-.16.034-.309.022-.441-.089-.073-.06-.104-.144-.146-.223-.017-.032-.027-.068-.044-.109.072-.02.143-.042.216-.058a1.93 1.93 0 0 1 .227-.042c.195-.023.39-.053.584-.058.281-.007.564-.01.844.012a7.816 7.816 0 0 1 1.592.321c.24.076.473.175.704.274.387.166.727.407 1.051.673.214.175.419.36.603.567.225.252.449.506.66.77.15.186.282.389.419.587.228.332.43.681.62 1.037.048.089.093.18.133.272.064.153.199.2.341.183l.572-.07.7-.08c.27-.028.54-.054.81-.084.208-.024.416-.05.624-.08.117-.018.202-.132.208-.254.006-.108-.045-.2-.077-.296-.089-.272-.184-.542-.276-.813-.09-.263-.177-.525-.266-.787-.092-.276-.183-.551-.277-.826-.064-.188-.131-.375-.196-.563-.054-.156-.104-.312-.16-.467-.067-.186-.137-.37-.208-.555-.037-.096-.074-.192-.12-.284a1.22 1.22 0 0 0-.482-.514c-.2-.12-.424-.159-.641-.22-.64-.18-1.28-.356-1.92-.533l-.825-.23c-.218-.06-.435-.129-.657-.177-.259-.057-.433-.212-.57-.427a1.32 1.32 0 0 1-.202-.583.867.867 0 0 1 .12-.546.919.919 0 0 1 .44-.382.7.7 0 0 1 .411-.041c.322.06.645.112.968.168.227.04.454.083.681.121.268.045.536.086.803.13.193.032.386.067.579.1.224.037.448.072.671.11.195.034.389.073.584.103.126.019.249.042.362.102.054.029.11.06.156.1.163.146.326.295.484.447.141.136.279.276.413.42a.945.945 0 0 1 .217.392c.033.115.077.227.117.34l.167.471.212.595c.062.178.122.356.185.534l.176.497.188.544.093.268-.013.01zm.708.363a3.104 3.104 0 0 1-.37-.169c-.03-.016-.039-.076-.054-.117-.07-.197-.138-.395-.206-.592l-.23-.664-.23-.653c-.094-.267-.185-.534-.279-.8a78.3 78.3 0 0 0-.2-.565c-.037-.101-.073-.203-.113-.304-.063-.161-.179-.285-.296-.407-.1-.104-.199-.209-.304-.306a18.166 18.166 0 0 0-.605-.537c-.149-.125-.334-.167-.522-.197a66.347 66.347 0 0 1-.603-.098c-.247-.04-.493-.083-.739-.125l-.665-.113-1.026-.172c-.279-.048-.557-.098-.836-.145-.197-.033-.393-.075-.591-.089-.11-.007-.226.026-.335.056a.939.939 0 0 0-.395.235c-.118.113-.21.247-.272.402-.12.306-.101.606.007.909.071.197.173.376.317.528.142.15.307.258.513.306.248.058.493.129.74.196.44.12.881.24 1.322.362l.842.233.841.235c.266.074.48.224.621.46.07.118.117.252.168.382.062.156.119.315.175.474.079.224.156.45.233.675l.194.567.163.489.167.477.19.562.278.816c.01.03.021.058.028.088.01.042-.015.066-.052.07-.167.02-.335.035-.503.054-.084.01-.169.023-.253.032-.177.02-.355.037-.532.058-.189.021-.377.046-.566.068l-.726.082a.5.5 0 0 1-.122.005.085.085 0 0 1-.057-.037c-.068-.127-.129-.257-.198-.382a12.05 12.05 0 0 0-.733-1.196 10.987 10.987 0 0 0-.99-1.204 7.197 7.197 0 0 0-.595-.552 5.461 5.461 0 0 0-.628-.452 3.313 3.313 0 0 0-.704-.345c-.288-.093-.568-.21-.859-.29-.288-.077-.586-.116-.879-.177-.277-.057-.558-.056-.838-.072-.125-.007-.251.003-.377.01-.143.008-.286.017-.428.031a2.592 2.592 0 0 0-.247.04c-.16.03-.318.062-.491.096-.051-.16-.107-.319-.154-.481a5.498 5.498 0 0 1-.2-1.027 5.23 5.23 0 0 1-.021-1.028c.033-.479.113-.951.258-1.41.095-.3.2-.599.344-.88.096-.187.191-.374.298-.554.08-.137.178-.265.271-.394.073-.1.146-.201.225-.297.07-.084.146-.165.223-.243.128-.13.257-.26.392-.383.09-.084.19-.159.288-.234.105-.08.21-.16.32-.232.148-.096.299-.187.45-.275.135-.078.27-.157.411-.22.211-.093.427-.176.643-.257a2.85 2.85 0 0 1 .383-.12c.247-.054.495-.104.744-.14.21-.03.423-.052.634-.052.27 0 .542.015.81.042.466.046.917.156 1.354.323a6.039 6.039 0 0 1 1.819 1.068c.207.175.409.356.583.564.196.231.388.466.57.708.056.074.081.174.112.266.072.213.141.428.208.643.086.274.167.55.252.824.064.208.133.414.198.622.072.231.14.464.211.696l.15.477.165.534c.05.163.103.325.153.489l.117.39c.037.118.077.236.114.355l.291.928.275.865c.01.035.024.07.035.105.02.065-.015.113-.076.09zm.157-12.752a.484.484 0 0 1-.272.408.062.062 0 0 1-.054-.005c-.077-.06-.148-.127-.227-.184-.237-.173-.471-.35-.716-.512a8.86 8.86 0 0 0-.706-.428c-.246-.132-.502-.244-.756-.358a5.709 5.709 0 0 0-.501-.201c-.28-.095-.563-.186-.848-.267a7.965 7.965 0 0 0-1.091-.215c-.3-.042-.6-.076-.903-.081-.176-.003-.352-.015-.528-.009-.28.01-.56.024-.84.047-.209.017-.416.05-.623.08-.289.04-.573.101-.852.183-.236.07-.471.14-.705.217a4.57 4.57 0 0 0-.422.16 10.614 10.614 0 0 0-1.438.718c-.18.107-.352.232-.525.354a7.506 7.506 0 0 0-.394.296 12.185 12.185 0 0 0-.962.865c-.114.115-.219.24-.325.363-.11.128-.223.254-.327.387a8.572 8.572 0 0 0-.653.956c-.098.164-.187.334-.276.503a8.949 8.949 0 0 0-.253.51c-.08.177-.147.358-.216.54a7.726 7.726 0 0 0-.311.986c-.074.335-.149.67-.2 1.01a10.101 10.101 0 0 0-.047 2.328c.028.268.073.534.11.805-.215 0-.4-.063-.512-.256a.766.766 0 0 1-.08-.242 7.924 7.924 0 0 1-.083-.53 12.5 12.5 0 0 1-.07-.702 8.464 8.464 0 0 1-.021-.723 10.525 10.525 0 0 1 .282-2.28c.092-.394.216-.778.363-1.153.078-.198.151-.398.242-.59.13-.273.268-.544.414-.81.105-.192.222-.38.346-.561.145-.214.3-.42.455-.627.102-.135.207-.268.317-.396.105-.121.217-.237.328-.353a9.419 9.419 0 0 1 .578-.56c.18-.155.359-.31.545-.456.145-.114.299-.216.45-.32.13-.09.258-.18.392-.26a13.292 13.292 0 0 1 .975-.531c.146-.07.297-.133.447-.196.116-.05.231-.101.35-.142.248-.084.497-.163.747-.24.137-.043.275-.084.416-.112.299-.062.598-.123.9-.17a7.19 7.19 0 0 1 .743-.078c.325-.016.65-.019.976-.015.216.003.433.022.648.045a9.735 9.735 0 0 1 2.377.532c.432.16.86.332 1.264.56.28.157.557.318.829.49.206.13.405.276.6.424.177.134.35.274.514.423a.43.43 0 0 1 .13.373z`,
+  racket: `M12 0a11.95 11.95 0 0 0-4.104.721c4.872 2.556 11.316 10.893 13.547 18.686A11.957 11.957 0 0 0 24 12c0-6.627-5.373-12-12-12zM4.093 2.974A11.971 11.971 0 0 0 0 12c0 3.026 1.12 5.789 2.968 7.9 1.629-4.894 4.691-9.611 7.313-12.246-1.872-2.016-3.968-3.618-6.188-4.68zm2.276 19.625A11.947 11.947 0 0 0 12 24c2.092 0 4.059-.536 5.772-1.478-.987-4.561-2.851-8.739-5.28-12.147-2.597 2.8-5.186 7.702-6.123 12.224z`,
+  purescript: `M19.166 4.6l-1.24 1.24 3.97 3.97-3.97 3.97 1.24 1.24 4.58-4.6a.87.87 0 0 0 0-1.23zM6.955 6.74l1.87 1.75h8.23l-1.87-1.75zm-2.1 2.24l-4.6 4.6a.87.87 0 0 0 0 1.23l4.6 4.59 1.23-1.24-3.97-3.97 3.97-3.97-1.24-1.24zm3.97 2.14l-1.87 1.76h8.23l1.87-1.76zm-1.87 4.39l1.87 1.75h8.23l-1.87-1.75z`,
+  sass: `M12 0c6.627 0 12 5.373 12 12s-5.373 12-12 12S0 18.627 0 12 5.373 0 12 0zM9.615 15.998c.175.645.156 1.248-.024 1.792l-.065.18c-.024.061-.052.12-.078.176-.14.29-.326.56-.555.81-.698.759-1.672 1.047-2.09.805-.45-.262-.226-1.335.584-2.19.871-.918 2.12-1.509 2.12-1.509v-.003l.108-.061zm9.911-10.861c-.542-2.133-4.077-2.834-7.422-1.645-1.989.707-4.144 1.818-5.693 3.267C4.568 8.48 4.275 9.98 4.396 10.607c.427 2.211 3.457 3.657 4.703 4.73v.006c-.367.18-3.056 1.529-3.686 2.925-.675 1.47.105 2.521.615 2.655 1.575.436 3.195-.36 4.065-1.649.84-1.261.766-2.881.404-3.676.496-.135 1.08-.195 1.83-.104 2.101.24 2.521 1.56 2.43 2.1-.09.539-.523.854-.674.944-.15.091-.195.12-.181.181.015.09.091.09.21.075.165-.03 1.096-.45 1.141-1.471.045-1.29-1.186-2.729-3.375-2.7-.9.016-1.471.091-1.875.256-.03-.045-.061-.075-.105-.105-1.35-1.455-3.855-2.475-3.75-4.41.03-.705.285-2.564 4.8-4.814 3.705-1.846 6.661-1.335 7.171-.21.733 1.604-1.576 4.59-5.431 5.024-1.47.165-2.235-.404-2.431-.615-.209-.225-.239-.24-.314-.194-.12.06-.045.255 0 .375.12.3.585.825 1.396 1.095.704.225 2.43.359 4.5-.45 2.324-.899 4.139-3.405 3.614-5.505l.073.067z`,
+  less: `M3.598 7.15a7.961 7.961 0 0 0-1.054.068c-.281.041-.52.124-.717.249a1.19 1.19 0 0 0-.45.497c-.098.208-.14.47-.14.802V10.3c0 .428-.084.732-.253.884-.169.166-.492.25-.984.25v1.16c.478 0 .815.083.984.249.169.166.253.47.253.912v1.548c0 .594.183 1.009.548 1.23.38.207.984.318 1.813.318v-1.078c-.393 0-.646-.07-.773-.194-.126-.124-.183-.373-.183-.746v-1.465c0-.373-.098-.663-.28-.87-.184-.208-.479-.374-.886-.484.393-.125.688-.29.871-.512.183-.22.281-.511.281-.87V9.167c0-.36.057-.608.183-.733.122-.12.412-.195.787-.2v4.547c0 .416.03.764.09 1.044.059.28.164.52.314.724.15.203.356.35.616.443.26.093.589.14.984.14.098 0 .205-.007.32-.02a5.336 5.336 0 0 0 .65-.107l-.036-.98c-.27.038-.492.057-.667.057-.353 0-.59-.092-.713-.276-.122-.183-.183-.534-.183-1.051V7.149H3.598zm16.818-.001v1.092c.393 0 .647.069.773.193.127.125.183.373.183.733v1.465c0 .359.098.65.28.87.184.222.479.387.872.512-.407.11-.702.276-.885.483-.183.208-.281.498-.281.871v1.465c0 .373-.057.622-.183.746-.126.125-.38.194-.773.194v1.078c.83 0 1.434-.11 1.813-.318.365-.221.548-.636.548-1.23v-1.548c0-.442.085-.746.253-.912.169-.166.506-.249.984-.249v-1.16c-.492 0-.815-.084-.984-.25-.168-.151-.253-.456-.253-.884V8.766c0-.332-.042-.594-.14-.801a1.19 1.19 0 0 0-.45-.498 1.828 1.828 0 0 0-.717-.249 7.252 7.252 0 0 0-1.04-.069zm-6.479 1.975c-.675 0-1.209.14-1.588.421-.38.281-.576.689-.576 1.209 0 .422.112.773.351 1.026s.618.478 1.152.688c.043.015.14.057.296.113.45.183.758.31.913.436a.592.592 0 0 1 .239.478c0 .224-.084.393-.253.506-.169.112-.408.168-.717.168-.295 0-.632-.056-.984-.155a3.901 3.901 0 0 1-.885-.337l-.14 1.04c.505.296 1.18.436 2.037.436.717 0 1.265-.155 1.659-.464.393-.309.59-.759.59-1.335 0-.436-.126-.787-.38-1.054-.252-.267-.632-.492-1.166-.689-.382-.15-.84-.277-1.209-.506a.465.465 0 0 1-.224-.421c0-.183.084-.324.239-.422.154-.098.365-.14.646-.14.506 0 1.026.126 1.574.379l.365-.956c-.562-.28-1.208-.421-1.939-.421zm4.512 0c-.675 0-1.21.14-1.589.421-.38.281-.576.689-.576 1.209 0 .422.112.773.351 1.026.24.253.619.478 1.153.688.042.015.14.057.295.113.45.183.759.31.914.436a.592.592 0 0 1 .238.478c0 .224-.084.393-.253.506-.168.112-.407.168-.716.168a3.72 3.72 0 0 1-.984-.155 3.904 3.904 0 0 1-.886-.337l-.14 1.04c.506.296 1.18.436 2.038.436.702 0 1.265-.155 1.686-.464.394-.309.59-.759.59-1.335 0-.436-.126-.787-.379-1.054s-.632-.492-1.166-.689c-.392-.153-.842-.277-1.209-.506a.465.465 0 0 1-.225-.421c0-.183.085-.324.24-.422.154-.098.364-.14.646-.14.506 0 1.026.126 1.574.379l.337-.956c-.562-.28-1.209-.421-1.94-.421zm-9.46.014c-.842 0-1.503.267-1.995.815-.492.548-.73 1.279-.73 2.192 0 .956.252 1.687.772 2.22.52.535 1.237.802 2.165.802.8 0 1.49-.183 2.08-.52l-.197-.984a3.66 3.66 0 0 1-1.813.492c-.492 0-.886-.155-1.167-.45-.28-.295-.435-.716-.45-1.25h3.852v-.591c0-.829-.225-1.49-.661-1.982-.45-.491-1.054-.744-1.855-.744zm-.013.983c.38 0 .674.127.885.38.211.253.323.618.323 1.082H7.67c.042-.492.182-.857.407-1.096.253-.239.548-.366.9-.366Z`,
+  markdown: `M22.27 19.385H1.73A1.73 1.73 0 010 17.655V6.345a1.73 1.73 0 011.73-1.73h20.54A1.73 1.73 0 0124 6.345v11.308a1.73 1.73 0 01-1.73 1.731zM5.769 15.923v-4.5l2.308 2.885 2.307-2.885v4.5h2.308V8.078h-2.308l-2.307 2.885-2.308-2.885H3.46v7.847zM21.232 12h-2.309V8.077h-2.307V12h-2.308l3.461 4.039z`,
+  yaml: `m0 .97 4.111 6.453v4.09h2.638v-4.09L11.053.969H8.214L5.58 5.125 2.965.969Zm12.093.024-4.47 10.544h2.114l.97-2.345h4.775l.804 2.345h2.26L14.255.994Zm1.133 2.225 1.463 3.87h-3.096zm3.06 9.475v10.29H24v-2.199h-5.454v-8.091zm-12.175.002v10.335h2.217v-7.129l2.32 4.792h1.746l2.4-4.96v7.295h2.127V12.696h-2.904L9.44 17.37l-2.455-4.674Z`,
+  toml: `M.014 0h5.34v2.652H2.888v18.681h2.468V24H.015V0Zm17.622 5.049v2.78h-4.274v12.935h-3.008V7.83H6.059V5.05h11.577ZM23.986 24h-5.34v-2.652h2.467V2.667h-2.468V0h5.34v24Z`,
+  xml: `M4.345 7.053c-.495.02-.44.725-.536 1.081-.157.583-.3 1.325-.347 1.926-.046.585-.008 1.127.066 1.719.058.46.191.767.07.89-.108.11-3.216 2.962-3.466 3.123-.26.169-.08.584.069.817.157.246.23.373.557.33.306-.042.405-.409.583-.606.228-.252 2.421-2.401 2.616-2.401.077.544.367 1.064.67 1.513.15.222.314.439.505.629.175.175.4.317.587.45.44.024.795-.301.35-.67-.17-.14-.735-.971-.927-1.43-.18-.43-.574-1.076-.146-1.428 1.494-1.23 3.72-2.262 4.247-2.313-.257 1.024-1.356 3.048-1.757 4.012-.14.333-.231.732-.185 1.094.055.434.383.774.587.806.417-.023.7-.387.946-.645.343-.357.634-.685.974-1.043.339-.356.672-.731.971-1.07.184-.207.674-.713.963-.713-.11.693-.716 1.552-.839 2.254-.125.716.531 1.596 1.217.956.623-.58 1.255-1.129 1.867-1.72.217-.208.175.037.224.242.05.208.176.91.275 1.1.18.346.496.592.897.598.362.006.727-.161.982-.414.19-.187.513-.699.154-.832-.23-.086-.217-.176-.495-.129-.172.029-.362.074-.507.179-.367-.003-.381-.89-.324-1.161.068-.327.207-.659.185-.998-.026-.418-.478-.69-.582-.72-.156-.076-.253.023-.458.212-.173.161-.363.332-.535.495-.34.322-.768.813-.942.813.305-.705.708-2.652-.643-2.48-.563.071-.95.377-1.394.71-.29.28-.683.641-.936.87-.236.216-.371.404-.496.404.132-.747 1.685-3.167.885-3.853-.158-.136-.313-.325-.515-.349a4.637 4.637 0 0 0-.833.19c-.565.18-2.78 1.28-4.19 2.289-.131.094-.214-.085-.231-.29-.087-1.058.199-2.19.496-3.188.208-.696-.557-1.225-.659-1.249zm18.177.874c-.166.364-.2.894-.248 1.319a24.307 24.307 0 0 0-1.246-.115c.238.296.691.588 1.056.724-.048.366-.434.67-.599 1.021.458-.127.676-.47.989-.821.362.22.791.627 1.26.636-.177-.376-.334-.695-.658-.966.269-.175.717-.362.924-.633-.345-.074-.718-.093-1.052-.015-.258-.284-.3-.772-.426-1.15zm-2.92.079c-.23.02-.613.49-.832.773-.807 1.039-1.542 3.15-1.661 3.542-.363 1.195-.502 2.672.28 3.722.456.612 1.258.66 2.041.434.405-.116.812-.406.95-.723.114-.263.174-.753-.404-.38-.224.145-.634.304-1.37.291-.247-.004-.651-.357-.76-.722-.192-.595-.11-1.393-.11-1.393.167-1.028.642-2.146 1.061-3.076.163-.36.658-1.259.842-1.546 0 0 .239-.373.131-.77-.031-.116-.091-.16-.168-.152zm3.072 2.976c-.12.264-.144.648-.18.956-.274-.031-.63-.066-.904-.083.172.215.501.426.766.525-.034.265-.314.486-.434.741.332-.092.49-.34.717-.596.263.16.575.456.914.462-.127-.273-.242-.504-.477-.701.195-.127.52-.262.67-.46a1.77 1.77 0 0 0-.763-.01c-.187-.206-.217-.56-.309-.834zm-1.123 2.422c-.083.183-.1.449-.125.662a12.6 12.6 0 0 0-.624-.058c.119.148.346.295.53.363-.025.184-.219.336-.301.513.23-.064.339-.236.496-.413.181.11.397.316.632.32-.088-.19-.168-.349-.33-.485.135-.087.36-.181.463-.317a1.22 1.22 0 0 0-.527-.008c-.13-.142-.151-.387-.214-.576z`,
+  graphql: `M12.002 0a2.138 2.138 0 1 0 0 4.277 2.138 2.138 0 1 0 0-4.277zm8.54 4.931a2.138 2.138 0 1 0 0 4.277 2.138 2.138 0 1 0 0-4.277zm0 9.862a2.138 2.138 0 1 0 0 4.277 2.138 2.138 0 1 0 0-4.277zm-8.54 4.931a2.138 2.138 0 1 0 0 4.276 2.138 2.138 0 1 0 0-4.276zm-8.542-4.93a2.138 2.138 0 1 0 0 4.276 2.138 2.138 0 1 0 0-4.277zm0-9.863a2.138 2.138 0 1 0 0 4.277 2.138 2.138 0 1 0 0-4.277zm8.542-3.378L2.953 6.777v10.448l9.049 5.224 9.047-5.224V6.777zm0 1.601 7.66 13.27H4.34zm-1.387.371L3.97 15.037V7.363zm2.774 0 6.646 3.838v7.674zM5.355 17.44h13.293l-6.646 3.836z`,
+  latex: `M2.176 2.814c.233.42.476.78.73 1.09.247-.013 1.132.456 1.312.523.508.282 1.063.63 1.567.966.505.337.96.662 1.272.9.156.12.278.218.352.286a.483.483 0 01.078.082.08.08 0 01.01.021.06.06 0 01-.004.047.057.057 0 01-.04.03.077.077 0 01-.028 0c-.057 0-.203-.163-.497-.415a23.474 23.474 0 00-2.759-1.827c-.504-.28-.956-.542-1.264-.613a2.322 2.322 0 00-.36-.025 2.706 2.706 0 00-.788.133c.494.414.91.716 1.28.949-.57-.182-1.182-.21-1.902.133.526.329.967.567 1.354.745 1.103.156 2.258.696 3.224 1.309.483.307.904.615 1.219.867.157.125.29.237.39.328.098.091.174.154.197.21.03.073-.019.104-.084.058-.032-.022-.088-.102-.184-.191a7.35 7.35 0 00-.384-.327c-.312-.25-.729-.552-1.209-.857-.893-.562-2.232-1.013-3.173-1.397-.602-.11-1.225-.06-1.906.39.449.2.837.349 1.182.463.812 0 1.892.365 2.935.922 1.042.556 2.04 1.214 2.523 1.774.066.077-.016.126-.074.07-.52-.495-1.463-1.204-2.498-1.756-.639-.337-2.153-1.01-2.886-1.01l.004.002c-.567.02-1.13.195-1.679.716.477.118.885.196 1.244.249-.44.088-.87.3-1.289.722.324.07.616.122.882.162-.328.159-.639.404-.923.78.373.03.703.042 1 .044-.36.166-.696.43-.996.85.533.027.98.025 1.364.003-.422.172-.812.464-1.145.968.662.01 1.188-.022 1.628-.076l-.006.002c.99-.073 2.297.127 2.962.847.052.057-.024.118-.072.074-.648-.58-1.493-.827-2.89-.921h-.002c-.543.149-1.046.446-1.46 1.074.536.008.982-.013 1.366-.05-.469.257-.873.644-1.139 1.306.483-.092.888-.19 1.237-.292-.363.265-.668.636-.873 1.194.324-.072.612-.146.871-.221a2.519 2.519 0 00-.513 1.095c.352-.13.655-.254.926-.377-.257.3-.453.681-.55 1.19.495-.199.899-.388 1.238-.568-.31.333-.543.76-.635 1.356a11.816 11.816 0 001.442-.744c-.433.362-.764.843-.879 1.587.788-.348 1.339-.663 1.767-.955-.184.372-.282.806-.235 1.348.762-.584 1.243-1.056 1.602-1.473-.024.269-.003.56.077.884.546-.939 1.089-1.212 1.65-1.526-.895.451-.762.79-.762 1.184.683-.72 1.635-1.482 1.927-1.96-.39.585-.547 1.14-.65 1.63-1.993 1.054-3.207 1.329-4.568 1.75.528.194 1.093.383.859.652l-.624.622c.399-.124.805-.3 1.158-.059-.035.327-.447.492-.8.683.621-.224.756-.172.92-.12.081.393-.203.603-.388.862 1.565-1.19 3.606-2.13 5.044-2.522 2.022-.681 4.63-1.389 5.339-3.115l.712-2.847-.004.004c-.111-.034-.246-.063-.35-.133a.651.651 0 01-.235-.297c-.252.065-.44.03-.56-.088-.117-.117-.167-.296-.203-.491-.203.041-.362.016-.467-.077-.116-.101-.17-.26-.198-.444l-.008-.039.037-.015a.842.842 0 00.302-.194.257.257 0 00.07-.225l-.006-.037.03-.016c.163-.093.345-.169.428-.28a.274.274 0 00.053-.21.88.88 0 00-.155-.357l-.027-.04.04-.027c.118-.09.244-.179.308-.26.032-.04.048-.076.047-.11 0-.033-.015-.07-.064-.117l-.098-.094.135.006c.213.01.395-.007.538-.053a.504.504 0 00.274-.197c-.007-.033-.02-.063-.02-.098a.484.484 0 01.967 0c0 .044-.015.084-.026.125.177.014.347.01.507-.06l.002.001.035-.013c.236-.085.334.045.72-.456-1.69-2.19-4.157-.635-4.977 1.622-.21.576-1.405.578-1.751 0-1.37-2.95-5.53-6.068-9.07-7.218zm.86 2.145c.906.293 1.913.782 2.77 1.328.43.273.813.543 1.114.779.301.236.566.473.62.575.054.102 0 .14-.082.06-.081-.078-.303-.32-.6-.553-.298-.234-.68-.505-1.106-.777-.775-.49-1.982-.958-2.716-1.412zm-1.7 2.7c1.116.014 2.35.447 3.434.997.541.275 1.023.567 1.395.83.372.263.672.524.734.657.061.134-.02.13-.087.055a4.401 4.401 0 00-.704-.626 11.47 11.47 0 00-1.385-.826C3.76 8.264 2.439 7.82 1.336 7.66zm14.916.772a.381.381 0 100 .762.381.381 0 000-.762zM1.7 8.478c.822.072 1.72.368 2.534.75 1.086.509 2.035 1.158 2.434 1.667.035.045-.014.131-.08.062-.428-.44-1.322-1.131-2.397-1.635-.913-.421-2.282-.87-3.262-.78.251-.03.497-.088.771-.064zm16.339.01c-.366.475-.53.423-.703.464.094.43.35.586.585.77l-.06.012c2.315-.447 4.186-.286 6.139-.236l-5.961-1.01zm-.178 1.246h-.002l-.004.016.006-.016zm-.625-.757c-.183.074-.373.076-.563.059a.477.477 0 01-.42.26.483.483 0 01-.435-.278.609.609 0 01-.274.188c-.139.045-.308.057-.493.055.02.035.054.068.055.104a.273.273 0 01-.069.174c-.073.092-.189.17-.295.248.087.141.137.26.149.362a.39.39 0 01-.07.284c-.106.14-.288.21-.439.293a.374.374 0 01-.09.268.89.89 0 01-.297.198c.027.156.074.283.154.354.086.076.211.103.425.047l.055-.014.01.055c.033.207.088.385.187.483.1.099.244.135.503.055l.049-.015.016.048c.05.142.12.223.209.282.087.06.247.112.358.147.798-.869 1.525-1.772 1.884-2.86-.225-.177-.506-.338-.609-.797zm-16.23.386c1.165-.08 2.283.196 3.202.626.92.43 1.658.939 1.974 1.307.075.087-.019.12-.072.072a8.187 8.187 0 00-1.947-1.29c-.904-.414-2.193-.644-3.157-.715zm.864.802c.61.02 1.24.155 1.806.352.756.262 1.421.614 1.747.98.045.05-.007.127-.074.069-.349-.304-.961-.693-1.706-.951-.574-.195-1.613-.369-2.268-.397.197-.022.292-.06.495-.053zm1.05 1.788c.423.034.886.133 1.341.407.043.026.049.136-.049.09-.856-.402-1.326-.49-2.457-.31.386-.128.74-.221 1.164-.187zm-.04.788c.4-.035.784-.002 1.297.204.044.018.08.126-.033.094-.857-.243-1.167-.328-2.287.104.28-.229.622-.366 1.023-.402zm1.285.687c.317-.023.635-.026.934.006.052.006.055.105-.006.102a7.87 7.87 0 00-1.837.115c-.243.046-.423.043-1.405.458.287-.233.794-.452 1.385-.56a8.91 8.91 0 01.93-.12zm1.28.49c.099.003.062.104.006.103-.728-.01-1.304.132-1.875.295a9.78 9.78 0 00-1.318.525c.283-.23.713-.457 1.291-.622.579-.166 1.248-.326 1.896-.302zm.528.398c.036-.005.105.084.018.1-.73.137-1.244.267-1.794.454-.216.074-.58.207-1.243.587.26-.269.656-.492 1.213-.68.558-.19 1.196-.37 1.806-.46zm.311.507c.075-.012.097.087.02.102-1.217.241-1.76.556-2.54 1.144.504-.523 1.297-1.051 2.52-1.246zm.595.448c.087-.013.11.087.021.1-.872.13-1.477.553-2.255 1.33.295-.493 1.004-1.24 2.234-1.43zm.372.39c.046-.006.114.073.023.1a2.634 2.634 0 00-.669.3c-.182.118-.3.2-.597.507.111-.245.296-.434.542-.59.247-.157.509-.293.7-.317z`,
+  webassembly: `M14.745,0c0,0.042,0,0.085,0,0.129c0,1.52-1.232,2.752-2.752,2.752c-1.52,0-2.752-1.232-2.752-2.752 c0-0.045,0-0.087,0-0.129H0v24h24V0H14.745z M11.454,21.431l-1.169-5.783h-0.02l-1.264,5.783H7.39l-1.824-8.497h1.59l1.088,5.783 h0.02l1.311-5.783h1.487l1.177,5.854h0.02l1.242-5.854h1.561l-2.027,8.497H11.454z M20.209,21.431l-0.542-1.891h-2.861l-0.417,1.891 h-1.59l2.056-8.497h2.509l2.5,8.497H20.209z M17.812,15.028l-0.694,3.118h2.159l-0.796-3.118H17.812z`,
+};
+
+export default LANG_ICON_PATHS;
diff --git a/client/src/components/Messages/Content/useCopyCode.ts b/client/src/components/Messages/Content/useCopyCode.ts
new file mode 100644
index 0000000000..6ab3eb0e11
--- /dev/null
+++ b/client/src/components/Messages/Content/useCopyCode.ts
@@ -0,0 +1,34 @@
+import { useRef, useState, useCallback, useEffect } from 'react';
+import copy from 'copy-to-clipboard';
+
+export default function useCopyCode(codeRef: React.RefObject<HTMLElement | null>) {
+  const [isCopied, setIsCopied] = useState(false);
+  const buttonRef = useRef<HTMLButtonElement>(null);
+  const timerRef = useRef<ReturnType<typeof setTimeout>>();
+
+  useEffect(() => {
+    return () => clearTimeout(timerRef.current);
+  }, []);
+
+  const handleCopy = useCallback(() => {
+    const codeString = codeRef.current?.textContent;
+    if (codeString == null) {
+      return;
+    }
+
+    const wasFocused = document.activeElement === buttonRef.current;
+    setIsCopied(true);
+    copy(codeString.trim(), { format: 'text/plain' });
+
+    if (wasFocused) {
+      requestAnimationFrame(() => buttonRef.current?.focus());
+    }
+
+    clearTimeout(timerRef.current);
+    timerRef.current = setTimeout(() => {
+      setIsCopied(false);
+    }, 3000);
+  }, [codeRef]);
+
+  return { isCopied, buttonRef, handleCopy };
+}
diff --git a/client/src/components/Messages/ContentRender.tsx b/client/src/components/Messages/ContentRender.tsx
index 6b3f05ce5d..4ba8db36f8 100644
--- a/client/src/components/Messages/ContentRender.tsx
+++ b/client/src/components/Messages/ContentRender.tsx
@@ -2,7 +2,7 @@ import { useCallback, useMemo, memo } from 'react';
 import { useAtomValue } from 'jotai';
 import { useRecoilValue } from 'recoil';
 import type { TMessage, TMessageContentParts } from 'librechat-data-provider';
-import type { TMessageProps, TMessageIcon } from '~/common';
+import type { TMessageProps, TMessageIcon, TMessageChatContext } from '~/common';
 import { useAttachments, useLocalize, useMessageActions, useContentMetadata } from '~/hooks';
 import { cn, getHeaderPrefixForScreenReader, getMessageAriaLabel } from '~/utils';
 import ContentParts from '~/components/Chat/Messages/Content/ContentParts';
@@ -16,12 +16,72 @@ import store from '~/store';
 
 type ContentRenderProps = {
   message?: TMessage;
+  /**
+   * Effective isSubmitting: false for non-latest messages, real value for latest.
+   * Computed by the wrapper (MessageContent.tsx) so this memo'd component only re-renders
+   * when the value actually matters.
+   */
   isSubmitting?: boolean;
+  /** Stable context object from wrapper — avoids ChatContext subscription inside memo */
+  chatContext: TMessageChatContext;
 } & Pick<
   TMessageProps,
   'currentEditId' | 'setCurrentEditId' | 'siblingIdx' | 'setSiblingIdx' | 'siblingCount'
 >;
 
+/**
+ * Custom comparator for React.memo: compares `message` by key fields instead of reference
+ * because `buildTree` creates new message objects on every streaming update for ALL messages.
+ */
+function areContentRenderPropsEqual(prev: ContentRenderProps, next: ContentRenderProps): boolean {
+  if (prev.isSubmitting !== next.isSubmitting) {
+    return false;
+  }
+  if (prev.chatContext !== next.chatContext) {
+    return false;
+  }
+  if (prev.siblingIdx !== next.siblingIdx) {
+    return false;
+  }
+  if (prev.siblingCount !== next.siblingCount) {
+    return false;
+  }
+  if (prev.currentEditId !== next.currentEditId) {
+    return false;
+  }
+  if (prev.setSiblingIdx !== next.setSiblingIdx) {
+    return false;
+  }
+  if (prev.setCurrentEditId !== next.setCurrentEditId) {
+    return false;
+  }
+
+  const prevMsg = prev.message;
+  const nextMsg = next.message;
+  if (prevMsg === nextMsg) {
+    return true;
+  }
+  if (!prevMsg || !nextMsg) {
+    return prevMsg === nextMsg;
+  }
+
+  return (
+    prevMsg.messageId === nextMsg.messageId &&
+    prevMsg.text === nextMsg.text &&
+    prevMsg.error === nextMsg.error &&
+    prevMsg.unfinished === nextMsg.unfinished &&
+    prevMsg.depth === nextMsg.depth &&
+    prevMsg.isCreatedByUser === nextMsg.isCreatedByUser &&
+    (prevMsg.children?.length ?? 0) === (nextMsg.children?.length ?? 0) &&
+    prevMsg.content === nextMsg.content &&
+    prevMsg.model === nextMsg.model &&
+    prevMsg.endpoint === nextMsg.endpoint &&
+    prevMsg.iconURL === nextMsg.iconURL &&
+    prevMsg.feedback?.rating === nextMsg.feedback?.rating &&
+    (prevMsg.attachments?.length ?? 0) === (nextMsg.attachments?.length ?? 0)
+  );
+}
+
 const ContentRender = memo(function ContentRender({
   message: msg,
   siblingIdx,
@@ -30,6 +90,7 @@ const ContentRender = memo(function ContentRender({
   currentEditId,
   setCurrentEditId,
   isSubmitting = false,
+  chatContext,
 }: ContentRenderProps) {
   const localize = useLocalize();
   const { attachments, searchResults } = useAttachments({
@@ -55,6 +116,7 @@ const ContentRender = memo(function ContentRender({
     searchResults,
     currentEditId,
     setCurrentEditId,
+    chatContext,
   });
   const fontSize = useAtomValue(fontSizeAtom);
   const maximizeChatSpace = useRecoilValue(store.maximizeChatSpace);
@@ -66,8 +128,6 @@ const ContentRender = memo(function ContentRender({
   );
   const hasNoChildren = !(msg?.children?.length ?? 0);
   const isLatestMessage = msg?.messageId === latestMessageId;
-  /** Only pass isSubmitting to the latest message to prevent unnecessary re-renders */
-  const effectiveIsSubmitting = isLatestMessage ? isSubmitting : false;
 
   const iconData: TMessageIcon = useMemo(
     () => ({
@@ -158,13 +218,13 @@ const ContentRender = memo(function ContentRender({
               searchResults={searchResults}
               setSiblingIdx={setSiblingIdx}
               isLatestMessage={isLatestMessage}
-              isSubmitting={effectiveIsSubmitting}
+              isSubmitting={isSubmitting}
               isCreatedByUser={msg.isCreatedByUser}
               conversationId={conversation?.conversationId}
               content={msg.content as Array<TMessageContentParts | undefined>}
             />
           </div>
-          {hasNoChildren && effectiveIsSubmitting ? (
+          {hasNoChildren && isSubmitting ? (
             <PlaceholderRow />
           ) : (
             <SubRow classes="text-xs">
@@ -178,7 +238,7 @@ const ContentRender = memo(function ContentRender({
                 message={msg}
                 isEditing={edit}
                 enterEdit={enterEdit}
-                isSubmitting={isSubmitting}
+                isSubmitting={chatContext.isSubmitting}
                 conversation={conversation ?? null}
                 regenerate={handleRegenerateMessage}
                 copyToClipboard={copyToClipboard}
@@ -193,7 +253,7 @@ const ContentRender = memo(function ContentRender({
       </div>
     </div>
   );
-});
+}, areContentRenderPropsEqual);
 ContentRender.displayName = 'ContentRender';
 
 export default ContentRender;
diff --git a/client/src/components/Messages/MessageContent.tsx b/client/src/components/Messages/MessageContent.tsx
index 0e53b1c840..977e397022 100644
--- a/client/src/components/Messages/MessageContent.tsx
+++ b/client/src/components/Messages/MessageContent.tsx
@@ -1,5 +1,5 @@
 import React from 'react';
-import { useMessageProcess } from '~/hooks';
+import { useMessageProcess, useMemoizedChatContext } from '~/hooks';
 import type { TMessageProps } from '~/common';
 
 import MultiMessage from '~/components/Chat/Messages/MultiMessage';
@@ -28,6 +28,7 @@ export default function MessageContent(props: TMessageProps) {
     message: props.message,
   });
   const { message, currentEditId, setCurrentEditId } = props;
+  const { chatContext, effectiveIsSubmitting } = useMemoizedChatContext(message, isSubmitting);
 
   if (!message || typeof message !== 'object') {
     return null;
@@ -39,7 +40,11 @@ export default function MessageContent(props: TMessageProps) {
     <>
       <MessageContainer handleScroll={handleScroll}>
         <div className="m-auto justify-center p-4 py-2 md:gap-6">
-          <ContentRender {...props} isSubmitting={isSubmitting} />
+          <ContentRender
+            {...props}
+            isSubmitting={effectiveIsSubmitting}
+            chatContext={chatContext}
+          />
         </div>
       </MessageContainer>
       <MultiMessage
diff --git a/client/src/components/Nav/Favorites/FavoritesList.tsx b/client/src/components/Nav/Favorites/FavoritesList.tsx
index e47e01fb87..934652349f 100644
--- a/client/src/components/Nav/Favorites/FavoritesList.tsx
+++ b/client/src/components/Nav/Favorites/FavoritesList.tsx
@@ -21,6 +21,7 @@ import { useGetEndpointsQuery } from '~/data-provider';
 import FavoriteItem from './FavoriteItem';
 import store from '~/store';
 
+/** Height intentionally matches FavoriteItem (px-3 py-2 + h-5 icon) to keep the CellMeasurerCache valid across the isAgentsLoading transition. */
 const FavoriteItemSkeleton = () => (
   <div className="flex w-full items-center rounded-lg px-3 py-2">
     <Skeleton className="mr-2 h-5 w-5 rounded-full" />
@@ -118,12 +119,9 @@ const DraggableFavoriteItem = ({
 export default function FavoritesList({
   isSmallScreen,
   toggleNav,
-  onHeightChange,
 }: {
   isSmallScreen?: boolean;
   toggleNav?: () => void;
-  /** Callback when the list height might have changed (e.g., agents finished loading) */
-  onHeightChange?: () => void;
 }) {
   const navigate = useNavigate();
   const localize = useLocalize();
@@ -267,12 +265,6 @@ export default function FavoritesList({
     (allAgentIds.length > 0 && agentsMap === undefined) ||
     (missingAgentIds.length > 0 && missingAgentQueries.some((q) => q.isLoading));
 
-  useEffect(() => {
-    if (!isAgentsLoading && onHeightChange) {
-      onHeightChange();
-    }
-  }, [isAgentsLoading, onHeightChange]);
-
   const draggedFavoritesRef = useRef(safeFavorites);
 
   const moveItem = useCallback(
diff --git a/client/src/components/Nav/SettingsTabs/Chat/Chat.tsx b/client/src/components/Nav/SettingsTabs/Chat/Chat.tsx
index e68d008f3d..8d4f1817f3 100644
--- a/client/src/components/Nav/SettingsTabs/Chat/Chat.tsx
+++ b/client/src/components/Nav/SettingsTabs/Chat/Chat.tsx
@@ -50,11 +50,11 @@ const toggleSwitchConfigs = [
     key: 'showThinking',
   },
   {
-    stateAtom: store.showCode,
-    localizationKey: 'com_nav_show_code' as const,
-    switchId: 'showCode',
+    stateAtom: store.autoExpandTools,
+    localizationKey: 'com_nav_auto_expand_tools' as const,
+    switchId: 'autoExpandTools',
     hoverCardText: undefined,
-    key: 'showCode',
+    key: 'autoExpandTools',
   },
   {
     stateAtom: store.LaTeXParsing,
diff --git a/client/src/components/Nav/SettingsTabs/Data/ImportConversations.tsx b/client/src/components/Nav/SettingsTabs/Data/ImportConversations.tsx
index 3f0b288c93..73ab0345db 100644
--- a/client/src/components/Nav/SettingsTabs/Data/ImportConversations.tsx
+++ b/client/src/components/Nav/SettingsTabs/Data/ImportConversations.tsx
@@ -1,9 +1,9 @@
 import { useState, useRef, useCallback } from 'react';
 import { Import } from 'lucide-react';
 import { useQueryClient } from '@tanstack/react-query';
-import { QueryKeys, TStartupConfig } from 'librechat-data-provider';
+import type { TStartupConfig } from 'librechat-data-provider';
 import { Spinner, useToastContext, Label, Button } from '@librechat/client';
-import { useUploadConversationsMutation } from '~/data-provider';
+import { startupConfigKey, useUploadConversationsMutation } from '~/data-provider';
 import { NotificationSeverity } from '~/common';
 import { useLocalize } from '~/hooks';
 import { cn, logger } from '~/utils';
@@ -51,7 +51,7 @@ function ImportConversations() {
   const handleFileUpload = useCallback(
     async (file: File) => {
       try {
-        const startupConfig = queryClient.getQueryData<TStartupConfig>([QueryKeys.startupConfig]);
+        const startupConfig = queryClient.getQueryData<TStartupConfig>(startupConfigKey(true));
         const maxFileSize = startupConfig?.conversationImportMaxFileSize;
         if (maxFileSize && file.size > maxFileSize) {
           const size = (maxFileSize / (1024 * 1024)).toFixed(2);
diff --git a/client/src/components/Nav/SettingsTabs/General/General.tsx b/client/src/components/Nav/SettingsTabs/General/General.tsx
index f764357b5e..b86abc543e 100644
--- a/client/src/components/Nav/SettingsTabs/General/General.tsx
+++ b/client/src/components/Nav/SettingsTabs/General/General.tsx
@@ -10,21 +10,21 @@ import store from '~/store';
 const toggleSwitchConfigs = [
   {
     stateAtom: store.enableUserMsgMarkdown,
-    localizationKey: 'com_nav_user_msg_markdown',
+    localizationKey: 'com_nav_user_msg_markdown' as const,
     switchId: 'enableUserMsgMarkdown',
     hoverCardText: undefined,
     key: 'enableUserMsgMarkdown',
   },
   {
     stateAtom: store.autoScroll,
-    localizationKey: 'com_nav_auto_scroll',
+    localizationKey: 'com_nav_auto_scroll' as const,
     switchId: 'autoScroll',
     hoverCardText: undefined,
     key: 'autoScroll',
   },
   {
     stateAtom: store.keepScreenAwake,
-    localizationKey: 'com_nav_keep_screen_awake',
+    localizationKey: 'com_nav_keep_screen_awake' as const,
     switchId: 'keepScreenAwake',
     hoverCardText: undefined,
     key: 'keepScreenAwake',
diff --git a/client/src/components/SidePanel/Builder/AssistantPanel.tsx b/client/src/components/SidePanel/Builder/AssistantPanel.tsx
index c47a9aea53..588f55c92f 100644
--- a/client/src/components/SidePanel/Builder/AssistantPanel.tsx
+++ b/client/src/components/SidePanel/Builder/AssistantPanel.tsx
@@ -5,7 +5,7 @@ import { useForm, FormProvider, Controller, useWatch } from 'react-hook-form';
 import {
   Tools,
   Capabilities,
-  actionDelimiter,
+  isActionTool,
   ImageVisionTool,
   defaultAssistantFormValues,
 } from 'librechat-data-provider';
@@ -139,7 +139,7 @@ export default function AssistantPanel({
 
   const onSubmit = (data: AssistantForm) => {
     const tools: Array<FunctionTool | string> = [...functions].map((functionName) => {
-      if (!functionName.includes(actionDelimiter)) {
+      if (!isActionTool(functionName)) {
         return functionName;
       } else {
         const assistant = assistantMap?.[endpoint]?.[assistant_id];
diff --git a/client/src/components/SidePanel/Nav.tsx b/client/src/components/SidePanel/Nav.tsx
index 5db5b3f5bb..903b32f49b 100644
--- a/client/src/components/SidePanel/Nav.tsx
+++ b/client/src/components/SidePanel/Nav.tsx
@@ -1,12 +1,13 @@
 import type { NavLink } from '~/common';
-import { useActivePanel } from '~/Providers';
+import { useActivePanel, resolveActivePanel } from '~/Providers';
 
 export default function Nav({ links }: { links: NavLink[] }) {
   const { active } = useActivePanel();
+  const effectiveActive = resolveActivePanel(active, links);
   return (
     <div className="flex h-full min-h-0 flex-col overflow-y-auto overflow-x-hidden pt-2 text-text-primary">
       {links.map((link) =>
-        link.id === active && link.Component ? <link.Component key={link.id} /> : null,
+        link.id === effectiveActive && link.Component ? <link.Component key={link.id} /> : null,
       )}
     </div>
   );
diff --git a/client/src/components/UnifiedSidebar/ExpandedPanel.tsx b/client/src/components/UnifiedSidebar/ExpandedPanel.tsx
index 79adbf80a7..74b08a6a29 100644
--- a/client/src/components/UnifiedSidebar/ExpandedPanel.tsx
+++ b/client/src/components/UnifiedSidebar/ExpandedPanel.tsx
@@ -5,7 +5,7 @@ import { QueryKeys } from 'librechat-data-provider';
 import { Skeleton, Sidebar, Button, TooltipAnchor, NewChatIcon } from '@librechat/client';
 import type { NavLink } from '~/common';
 import { CLOSE_SIDEBAR_ID } from '~/components/Chat/Menus/OpenSidebar';
-import { useActivePanel } from '~/Providers';
+import { useActivePanel, resolveActivePanel } from '~/Providers';
 import { useLocalize, useNewConvo } from '~/hooks';
 import { clearMessagesCache, cn } from '~/utils';
 import store from '~/store';
@@ -119,6 +119,7 @@ function ExpandedPanel({
 }) {
   const localize = useLocalize();
   const { active, setActive } = useActivePanel();
+  const effectiveActive = resolveActivePanel(active, links);
 
   const toggleLabel = expanded ? 'com_nav_close_sidebar' : 'com_nav_open_sidebar';
   const toggleClick = expanded ? onCollapse : onExpand;
@@ -149,7 +150,7 @@ function ExpandedPanel({
           <NavIconButton
             key={link.id}
             link={link}
-            isActive={link.id === active}
+            isActive={link.id === effectiveActive}
             expanded={expanded ?? true}
             setActive={setActive}
             onExpand={onExpand}
diff --git a/client/src/components/Web/Citation.tsx b/client/src/components/Web/Citation.tsx
index 933474ff82..90a620bf7e 100644
--- a/client/src/components/Web/Citation.tsx
+++ b/client/src/components/Web/Citation.tsx
@@ -1,12 +1,44 @@
 import { memo, useState, useContext, useCallback } from 'react';
-import { useRecoilValue } from 'recoil';
-import { useToastContext } from '@librechat/client';
+import { Button } from '@librechat/client';
+import { ChevronLeft, ChevronRight, FileText } from 'lucide-react';
 import type { CitationProps } from './types';
 import { SourceHovercard, FaviconImage, getCleanDomain } from '~/components/Web/SourceHovercard';
+import FilePreviewDialog from '~/components/Chat/Messages/Content/FilePreviewDialog';
 import { CitationContext, useCitation, useCompositeCitations } from './Context';
-import { useFileDownload } from '~/data-provider';
 import { useLocalize } from '~/hooks';
-import store from '~/store';
+
+interface FileCitationMetadata {
+  fileBytes?: number;
+  fileType?: string;
+}
+
+interface FileCitationSource {
+  attribution?: string;
+  fileId?: string;
+  fileName?: string;
+  link?: string;
+  metadata?: FileCitationMetadata;
+  pageRelevance?: Record<number, number>;
+  pages?: number[];
+  refType?: string;
+  relevance?: number;
+  snippet?: string;
+  title?: string;
+}
+
+function getFileCitationData(source?: FileCitationSource) {
+  const isFileType = source?.refType === 'file' && source.fileId != null;
+
+  return {
+    isFileType,
+    fileId: isFileType ? source.fileId : undefined,
+    fileMeta: isFileType ? source.metadata : undefined,
+    fileName: isFileType ? source.fileName : undefined,
+    filePages: isFileType ? source.pages : undefined,
+    fileRelevance: isFileType ? source.relevance : undefined,
+    filePageRelevance: isFileType ? source.pageRelevance : undefined,
+  };
+}
 
 interface CompositeCitationProps {
   citationId?: string;
@@ -20,15 +52,20 @@ export function CompositeCitation(props: CompositeCitationProps) {
   const { citations, citationId } = props.node?.properties ?? ({} as CitationProps);
   const { setHoveredCitationId } = useContext(CitationContext);
   const [currentPage, setCurrentPage] = useState(0);
+  const [showPreview, setShowPreview] = useState(false);
   const sources = useCompositeCitations(citations || []);
 
-  if (!sources || sources.length === 0) return null;
+  if (!sources || sources.length === 0) {
+    return null;
+  }
   const totalPages = sources.length;
 
   const getCitationLabel = () => {
-    if (!sources || sources.length === 0) return localize('com_citation_source');
+    if (!sources || sources.length === 0) {
+      return localize('com_citation_source');
+    }
 
-    const firstSource = sources[0];
+    const firstSource = sources[0] as FileCitationSource;
     const remainingCount = sources.length - 1;
     const attribution =
       firstSource.attribution ||
@@ -55,56 +92,190 @@ export function CompositeCitation(props: CompositeCitationProps) {
     }
   };
 
-  const currentSource = sources?.[currentPage];
+  const currentSource = sources[currentPage] as FileCitationSource;
+  const { isFileType, fileId, fileMeta, fileName, filePages, fileRelevance, filePageRelevance } =
+    getFileCitationData(currentSource);
+
+  const handleFileClick = (e: React.MouseEvent) => {
+    e.preventDefault();
+    e.stopPropagation();
+    if (isFileType && fileId) {
+      setShowPreview(true);
+    }
+  };
 
   return (
-    <SourceHovercard
-      source={currentSource}
-      label={getCitationLabel()}
-      onMouseEnter={() => setHoveredCitationId(citationId || null)}
-      onMouseLeave={() => setHoveredCitationId(null)}
-    >
-      {totalPages > 1 && (
-        <span className="mb-2 flex items-center justify-between border-b border-border-heavy pb-2">
-          <span className="flex gap-2">
-            <button
-              onClick={handlePrevPage}
-              disabled={currentPage === 0}
-              style={{ opacity: currentPage === 0 ? 0.5 : 1 }}
-              className="flex cursor-pointer items-center justify-center border-none bg-transparent p-0 text-base"
-            >
-              ←
-            </button>
-            <button
-              onClick={handleNextPage}
-              disabled={currentPage === totalPages - 1}
-              style={{ opacity: currentPage === totalPages - 1 ? 0.5 : 1 }}
-              className="flex cursor-pointer items-center justify-center border-none bg-transparent p-0 text-base"
-            >
-              →
-            </button>
-          </span>
-          <span className="text-xs text-text-tertiary">
-            {currentPage + 1}/{totalPages}
-          </span>
-        </span>
+    <>
+      <SourceHovercard
+        source={currentSource}
+        label={getCitationLabel()}
+        onMouseEnter={() => setHoveredCitationId(citationId || null)}
+        onMouseLeave={() => setHoveredCitationId(null)}
+        onClick={isFileType ? handleFileClick : undefined}
+        isFile={isFileType}
+        filePages={filePages}
+        fileRelevance={fileRelevance}
+      >
+        {isFileType ? (
+          <>
+            <div className="flex items-center gap-2">
+              <FileText className="size-4 shrink-0 text-text-secondary" aria-hidden="true" />
+              <button
+                onClick={handleFileClick}
+                className="min-w-0 truncate text-sm font-medium text-text-primary hover:underline"
+              >
+                {fileName || currentSource.title || localize('com_file_source')}
+              </button>
+            </div>
+            {(fileRelevance != null || (filePages && filePages.length > 0)) && (
+              <div className="mt-1.5 flex flex-wrap items-center gap-x-3 gap-y-1">
+                {fileRelevance != null && fileRelevance > 0 && (
+                  <span className="text-xs text-text-secondary">
+                    {localize('com_ui_relevance')}: {Math.round(fileRelevance * 100)}%
+                  </span>
+                )}
+                {filePages && filePages.length > 0 && (
+                  <span className="text-xs text-text-secondary">
+                    {localize('com_file_pages', { pages: filePages.join(', ') })}
+                  </span>
+                )}
+              </div>
+            )}
+            {currentSource.snippet && (
+              <p className="mt-1.5 line-clamp-3 break-words text-xs leading-relaxed text-text-secondary">
+                {currentSource.snippet}
+              </p>
+            )}
+            {totalPages > 1 && (
+              <div className="mt-2 flex items-center gap-1 border-t border-border-light pt-2">
+                <Button
+                  size="icon"
+                  variant="ghost"
+                  onClick={handlePrevPage}
+                  disabled={currentPage === 0}
+                  className="size-7"
+                  aria-label="Previous source"
+                >
+                  <ChevronLeft className="size-3.5" aria-hidden="true" />
+                </Button>
+                {sources.map((source, i) => (
+                  <button
+                    key={i}
+                    type="button"
+                    onClick={(e) => {
+                      e.preventDefault();
+                      e.stopPropagation();
+                      setCurrentPage(i);
+                    }}
+                    className={`flex size-6 items-center justify-center rounded text-xs transition-colors ${
+                      i === currentPage
+                        ? 'bg-surface-hover font-medium text-text-primary'
+                        : 'text-text-secondary hover:bg-surface-hover'
+                    }`}
+                    aria-label={`Source ${i + 1}`}
+                    aria-current={i === currentPage ? 'true' : undefined}
+                  >
+                    {i + 1}
+                  </button>
+                ))}
+                <Button
+                  size="icon"
+                  variant="ghost"
+                  onClick={handleNextPage}
+                  disabled={currentPage === totalPages - 1}
+                  className="size-7"
+                  aria-label="Next source"
+                >
+                  <ChevronRight className="size-3.5" aria-hidden="true" />
+                </Button>
+              </div>
+            )}
+          </>
+        ) : (
+          <>
+            <div className="mb-1.5 overflow-hidden text-sm">
+              <FaviconImage
+                domain={getCleanDomain(currentSource.link || '')}
+                className="float-left mr-2 mt-0.5"
+              />
+              <span className="float-right ml-2 max-w-[40%] truncate text-xs text-text-secondary">
+                {getCleanDomain(currentSource.link || '')}
+              </span>
+              <a
+                href={currentSource.link}
+                target="_blank"
+                rel="noopener noreferrer"
+                className="font-medium text-text-primary hover:underline"
+              >
+                {currentSource.title}
+              </a>
+            </div>
+            {currentSource.snippet && (
+              <p className="line-clamp-4 break-words text-xs text-text-secondary md:text-sm">
+                {currentSource.snippet}
+              </p>
+            )}
+            {totalPages > 1 && (
+              <div className="flex items-center gap-1 border-t border-border-light pt-2">
+                <Button
+                  size="icon"
+                  variant="ghost"
+                  onClick={handlePrevPage}
+                  disabled={currentPage === 0}
+                  className="size-7"
+                  aria-label="Previous source"
+                >
+                  <ChevronLeft className="size-3.5" aria-hidden="true" />
+                </Button>
+                {sources.map((source, i) => (
+                  <button
+                    key={i}
+                    type="button"
+                    onClick={(e) => {
+                      e.preventDefault();
+                      e.stopPropagation();
+                      setCurrentPage(i);
+                    }}
+                    className={`flex size-6 items-center justify-center rounded text-xs transition-colors ${
+                      i === currentPage
+                        ? 'bg-surface-hover font-medium text-text-primary'
+                        : 'text-text-secondary hover:bg-surface-hover'
+                    }`}
+                    aria-label={`Source ${i + 1}`}
+                    aria-current={i === currentPage ? 'true' : undefined}
+                  >
+                    {i + 1}
+                  </button>
+                ))}
+                <Button
+                  size="icon"
+                  variant="ghost"
+                  onClick={handleNextPage}
+                  disabled={currentPage === totalPages - 1}
+                  className="size-7"
+                  aria-label="Next source"
+                >
+                  <ChevronRight className="size-3.5" aria-hidden="true" />
+                </Button>
+              </div>
+            )}
+          </>
+        )}
+      </SourceHovercard>
+      {isFileType && fileId && (
+        <FilePreviewDialog
+          open={showPreview}
+          onOpenChange={setShowPreview}
+          fileName={fileName || currentSource.title || ''}
+          fileId={fileId}
+          relevance={fileRelevance}
+          pages={filePages}
+          pageRelevance={filePageRelevance}
+          fileType={fileMeta?.fileType}
+          fileSize={fileMeta?.fileBytes}
+        />
       )}
-      <span className="mb-2 flex items-center">
-        <FaviconImage domain={getCleanDomain(currentSource.link || '')} className="mr-2" />
-        <a
-          href={currentSource.link}
-          target="_blank"
-          rel="noopener noreferrer"
-          className="line-clamp-2 cursor-pointer overflow-hidden text-sm font-bold text-[#0066cc] hover:underline dark:text-blue-400 md:line-clamp-3"
-        >
-          {currentSource.attribution}
-        </a>
-      </span>
-      <h4 className="mb-1.5 mt-0 text-xs text-text-primary md:text-sm">{currentSource.title}</h4>
-      <p className="my-2 text-ellipsis break-all text-xs text-text-secondary md:text-sm">
-        {currentSource.snippet}
-      </p>
-    </SourceHovercard>
+    </>
   );
 }
 
@@ -118,69 +289,33 @@ interface CitationComponentProps {
 
 export function Citation(props: CitationComponentProps) {
   const localize = useLocalize();
-  const user = useRecoilValue(store.user);
-  const { showToast } = useToastContext();
   const { citation, citationId } = props.node?.properties ?? {};
   const { setHoveredCitationId } = useContext(CitationContext);
   const refData = useCitation({
     turn: citation?.turn || 0,
     refType: citation?.refType,
     index: citation?.index || 0,
-  });
+  }) as FileCitationSource | undefined;
 
-  // Setup file download hook
-  const isFileType = refData?.refType === 'file' && (refData as any)?.fileId;
-  const isLocalFile = isFileType && (refData as any)?.metadata?.storageType === 'local';
-  const { refetch: downloadFile } = useFileDownload(
-    user?.id ?? '',
-    isFileType && !isLocalFile ? (refData as any).fileId : '',
-  );
+  const { isFileType, fileId, fileMeta, fileName, filePages, fileRelevance, filePageRelevance } =
+    getFileCitationData(refData);
 
-  const handleFileDownload = useCallback(
-    async (e: React.MouseEvent) => {
+  const [showPreview, setShowPreview] = useState(false);
+
+  const handleFileClick = useCallback(
+    (e: React.MouseEvent) => {
       e.preventDefault();
       e.stopPropagation();
-
-      if (!isFileType || !(refData as any)?.fileId) return;
-
-      // Don't allow download for local files
-      if (isLocalFile) {
-        showToast({
-          status: 'error',
-          message: localize('com_sources_download_local_unavailable'),
-        });
-        return;
-      }
-
-      try {
-        const stream = await downloadFile();
-        if (stream.data == null || stream.data === '') {
-          console.error('Error downloading file: No data found');
-          showToast({
-            status: 'error',
-            message: localize('com_ui_download_error'),
-          });
-          return;
-        }
-        const link = document.createElement('a');
-        link.href = stream.data;
-        link.setAttribute('download', (refData as any).fileName || 'file');
-        document.body.appendChild(link);
-        link.click();
-        document.body.removeChild(link);
-        window.URL.revokeObjectURL(stream.data);
-      } catch (error) {
-        console.error('Error downloading file:', error);
-        showToast({
-          status: 'error',
-          message: localize('com_ui_download_error'),
-        });
+      if (isFileType && fileId) {
+        setShowPreview(true);
       }
     },
-    [downloadFile, isFileType, isLocalFile, refData, localize, showToast],
+    [isFileType, fileId],
   );
 
-  if (!refData) return null;
+  if (!refData) {
+    return null;
+  }
 
   const getCitationLabel = () => {
     return (
@@ -192,15 +327,31 @@ export function Citation(props: CitationComponentProps) {
   };
 
   return (
-    <SourceHovercard
-      source={refData}
-      label={getCitationLabel()}
-      onMouseEnter={() => setHoveredCitationId(citationId || null)}
-      onMouseLeave={() => setHoveredCitationId(null)}
-      onClick={isFileType && !isLocalFile ? handleFileDownload : undefined}
-      isFile={isFileType}
-      isLocalFile={isLocalFile}
-    />
+    <>
+      <SourceHovercard
+        source={refData}
+        label={getCitationLabel()}
+        onMouseEnter={() => setHoveredCitationId(citationId || null)}
+        onMouseLeave={() => setHoveredCitationId(null)}
+        onClick={isFileType ? handleFileClick : undefined}
+        isFile={isFileType}
+        filePages={filePages}
+        fileRelevance={fileRelevance}
+      />
+      {isFileType && fileId && (
+        <FilePreviewDialog
+          open={showPreview}
+          onOpenChange={setShowPreview}
+          fileName={fileName || refData.title || ''}
+          fileId={fileId}
+          relevance={fileRelevance}
+          pages={filePages}
+          pageRelevance={filePageRelevance}
+          fileType={fileMeta?.fileType}
+          fileSize={fileMeta?.fileBytes}
+        />
+      )}
+    </>
   );
 }
 
diff --git a/client/src/components/Web/SourceHovercard.tsx b/client/src/components/Web/SourceHovercard.tsx
index 242b35047f..3fe359ff1b 100644
--- a/client/src/components/Web/SourceHovercard.tsx
+++ b/client/src/components/Web/SourceHovercard.tsx
@@ -1,6 +1,6 @@
 import React, { ReactNode } from 'react';
 import * as Ariakit from '@ariakit/react';
-import { ChevronDown, Paperclip } from 'lucide-react';
+import { ChevronDown, FileText } from 'lucide-react';
 import { VisuallyHidden } from '@ariakit/react';
 import { useLocalize } from '~/hooks';
 import { cn } from '~/utils';
@@ -21,14 +21,14 @@ interface SourceHovercardProps {
   isFile?: boolean;
   isLocalFile?: boolean;
   children?: ReactNode;
+  filePages?: number[];
+  fileRelevance?: number;
 }
 
-/** Helper to get domain favicon */
 function getFaviconUrl(domain: string) {
   return `https://www.google.com/s2/favicons?domain=${domain}&sz=32`;
 }
 
-/** Helper to get clean domain name */
 export function getCleanDomain(url: string) {
   const domain = url.replace(/(^\w+:|^)\/\//, '').split('/')[0];
   return domain.startsWith('www.') ? domain.substring(4) : domain;
@@ -36,11 +36,67 @@ export function getCleanDomain(url: string) {
 
 export function FaviconImage({ domain, className = '' }: { domain: string; className?: string }) {
   return (
-    <div className={cn('relative size-4 flex-shrink-0 overflow-hidden rounded-full', className)}>
-      <div className="absolute inset-0 rounded-full bg-white" />
-      <img src={getFaviconUrl(domain)} alt={domain} className="relative size-full" />
-      <div className="border-border-light/10 absolute inset-0 rounded-full border dark:border-transparent"></div>
-    </div>
+    <img
+      src={getFaviconUrl(domain)}
+      alt={domain}
+      className={cn('size-4 shrink-0 rounded-full', className)}
+      loading="lazy"
+    />
+  );
+}
+
+const hovercardClass = cn(
+  'z-[999] w-[320px] max-w-[calc(100vw-2rem)] rounded-xl border border-border-medium bg-surface-secondary p-3 text-text-primary shadow-lg',
+  'origin-top -translate-y-1 opacity-0 transition-[opacity,transform] duration-150 ease-out',
+  'data-[enter]:translate-y-0 data-[enter]:opacity-100',
+  'data-[leave]:-translate-y-1 data-[leave]:opacity-0',
+);
+
+function FileHovercardContent({
+  source,
+  onClick,
+  filePages,
+  fileRelevance,
+}: {
+  source: SourceData;
+  onClick?: (e: React.MouseEvent) => void;
+  filePages?: number[];
+  fileRelevance?: number;
+}) {
+  const localize = useLocalize();
+  const fileName = source.attribution || source.title || localize('com_file_source');
+
+  return (
+    <>
+      <div className="flex items-center gap-2">
+        <FileText className="size-4 shrink-0 text-text-secondary" aria-hidden="true" />
+        <button
+          onClick={onClick}
+          className="min-w-0 truncate text-sm font-medium text-text-primary hover:underline"
+        >
+          {fileName}
+        </button>
+      </div>
+      {(fileRelevance != null || (filePages && filePages.length > 0)) && (
+        <div className="mt-1.5 flex flex-wrap items-center gap-x-3 gap-y-1">
+          {fileRelevance != null && fileRelevance > 0 && (
+            <span className="text-xs text-text-secondary">
+              {localize('com_ui_relevance')}: {Math.round(fileRelevance * 100)}%
+            </span>
+          )}
+          {filePages && filePages.length > 0 && (
+            <span className="text-xs text-text-secondary">
+              {localize('com_file_pages', { pages: filePages.join(', ') })}
+            </span>
+          )}
+        </div>
+      )}
+      {source.snippet && (
+        <p className="mt-1.5 line-clamp-3 break-words text-xs leading-relaxed text-text-secondary">
+          {source.snippet}
+        </p>
+      )}
+    </>
   );
 }
 
@@ -53,26 +109,38 @@ export function SourceHovercard({
   isFile = false,
   isLocalFile = false,
   children,
+  filePages,
+  fileRelevance,
 }: SourceHovercardProps) {
   const localize = useLocalize();
   const domain = getCleanDomain(source.link || '');
+  const hovercard = Ariakit.useHovercardStore({ showTimeout: 150, hideTimeout: 150 });
+
+  const handleFileClick = React.useCallback(
+    (e: React.MouseEvent) => {
+      hovercard.hide();
+      onClick?.(e);
+    },
+    [hovercard, onClick],
+  );
 
   return (
     <span className="relative ml-0.5 inline-block">
-      <Ariakit.HovercardProvider showTimeout={150} hideTimeout={150}>
+      <Ariakit.HovercardProvider store={hovercard}>
         <span className="flex items-center">
           <Ariakit.HovercardAnchor
             render={
               isFile ? (
                 <button
-                  onClick={onClick}
-                  className="ml-1 inline-block h-5 max-w-36 cursor-pointer items-center overflow-hidden text-ellipsis whitespace-nowrap rounded-xl border border-border-heavy bg-surface-secondary px-2 text-xs font-medium text-blue-600 no-underline transition-colors hover:bg-surface-hover dark:border-border-medium dark:text-blue-400 dark:hover:bg-surface-tertiary"
+                  onClick={handleFileClick}
+                  className="ml-1 inline-flex h-5 max-w-36 items-center gap-1 overflow-hidden text-ellipsis whitespace-nowrap rounded-xl border border-border-heavy bg-surface-secondary px-2 text-xs font-medium text-text-primary no-underline transition-colors hover:bg-surface-hover dark:border-border-medium dark:hover:bg-surface-tertiary"
                   onMouseEnter={onMouseEnter}
                   onMouseLeave={onMouseLeave}
                   title={
                     isLocalFile ? localize('com_sources_download_local_unavailable') : undefined
                   }
                 >
+                  <FileText className="size-2.5 shrink-0 text-text-secondary" aria-hidden="true" />
                   {label}
                 </button>
               ) : (
@@ -96,62 +164,43 @@ export function SourceHovercard({
 
           <Ariakit.Hovercard
             gutter={16}
-            className="dark:shadow-lg-dark z-[999] w-[300px] max-w-[calc(100vw-2rem)] rounded-xl border border-border-medium bg-surface-secondary p-3 text-text-primary shadow-lg"
+            className={hovercardClass}
             portal={true}
             unmountOnHide={true}
           >
-            {children}
-            {!children && (
-              <>
-                <span className="mb-2 flex items-center">
-                  {isFile ? (
-                    <div className="mr-2 flex h-4 w-4 items-center justify-center">
-                      <Paperclip className="h-3 w-3 text-text-secondary" />
-                    </div>
-                  ) : (
-                    <FaviconImage domain={domain} className="mr-2" />
-                  )}
-                  {isFile ? (
-                    <button
-                      onClick={onClick}
-                      className="line-clamp-2 cursor-pointer overflow-hidden text-left text-sm font-bold text-[#0066cc] hover:underline dark:text-blue-400 md:line-clamp-3"
-                    >
-                      {source.attribution || source.title || localize('com_file_source')}
-                    </button>
-                  ) : (
-                    <a
-                      href={source.link}
-                      target="_blank"
-                      rel="noopener noreferrer"
-                      className="line-clamp-2 cursor-pointer overflow-hidden text-sm font-bold text-[#0066cc] hover:underline dark:text-blue-400 md:line-clamp-3"
-                    >
-                      {source.attribution || domain}
-                    </a>
-                  )}
-                </span>
-
-                {isFile ? (
-                  <>
-                    {source.snippet && (
-                      <span className="my-2 text-ellipsis break-all text-xs text-text-secondary md:text-sm">
-                        {source.snippet}
-                      </span>
-                    )}
-                  </>
+            <div>
+              {children ??
+                (isFile ? (
+                  <FileHovercardContent
+                    source={source}
+                    onClick={handleFileClick}
+                    filePages={filePages}
+                    fileRelevance={fileRelevance}
+                  />
                 ) : (
                   <>
-                    <h4 className="mb-1.5 mt-0 text-xs text-text-primary md:text-sm">
-                      {source.title || source.link}
-                    </h4>
-                    {source.snippet && (
-                      <span className="my-2 text-ellipsis break-all text-xs text-text-secondary md:text-sm">
-                        {source.snippet}
+                    <div className="mb-1.5 overflow-hidden text-sm">
+                      <FaviconImage domain={domain} className="float-left mr-2 mt-0.5" />
+                      <span className="float-right ml-2 max-w-[40%] truncate text-xs text-text-secondary">
+                        {domain}
                       </span>
+                      <a
+                        href={source.link}
+                        target="_blank"
+                        rel="noopener noreferrer"
+                        className="font-medium text-text-primary hover:underline"
+                      >
+                        {source.title || source.link}
+                      </a>
+                    </div>
+                    {source.snippet && (
+                      <p className="line-clamp-4 break-words text-xs text-text-secondary md:text-sm">
+                        {source.snippet}
+                      </p>
                     )}
                   </>
-                )}
-              </>
-            )}
+                ))}
+            </div>
           </Ariakit.Hovercard>
         </span>
       </Ariakit.HovercardProvider>
diff --git a/client/src/components/Web/Sources.tsx b/client/src/components/Web/Sources.tsx
index 320cf348bc..97e646d5d0 100644
--- a/client/src/components/Web/Sources.tsx
+++ b/client/src/components/Web/Sources.tsx
@@ -19,6 +19,7 @@ import SourcesErrorBoundary from './SourcesErrorBoundary';
 import { useFileDownload } from '~/data-provider';
 import { useSearchContext } from '~/Providers';
 import { useLocalize } from '~/hooks';
+import { cn } from '~/utils';
 import store from '~/store';
 
 interface SourceItemProps {
@@ -88,39 +89,45 @@ function SourceItem({ source, expanded = false }: SourceItemProps) {
           </Ariakit.HovercardDisclosure>
 
           <Ariakit.Hovercard
+            animated
             gutter={16}
-            className="dark:shadow-lg-dark z-[999] w-[300px] max-w-[calc(100vw-2rem)] rounded-xl border border-border-medium bg-surface-secondary p-3 text-text-primary shadow-lg"
+            className={cn(
+              'z-[999] w-[320px] max-w-[calc(100vw-2rem)] rounded-xl border border-border-medium bg-surface-secondary p-3 text-text-primary shadow-lg',
+              'origin-top-left scale-95 opacity-0 transition-[opacity,transform] duration-150 ease-out',
+              'data-[enter]:scale-100 data-[enter]:opacity-100',
+              'data-[leave]:scale-95 data-[leave]:opacity-0',
+            )}
             portal={true}
             unmountOnHide={true}
           >
             <div className="flex gap-3">
-              <div className="flex-1">
-                <div className="mb-2 flex items-center">
-                  <FaviconImage domain={domain} className="mr-2" />
+              <div className="min-w-0 flex-1">
+                <div className="mb-1.5 overflow-hidden text-sm">
+                  <FaviconImage domain={domain} className="float-left mr-2 mt-0.5" />
+                  <span className="float-right ml-2 max-w-[40%] truncate text-xs text-text-secondary">
+                    {domain}
+                  </span>
                   <a
                     href={source.link}
                     target="_blank"
                     rel="noopener noreferrer"
-                    className="line-clamp-2 cursor-pointer overflow-hidden text-sm font-bold text-[#0066cc] hover:underline dark:text-blue-400 md:line-clamp-3"
+                    className="font-medium text-text-primary hover:underline"
                   >
-                    {source.attribution || domain}
+                    {source.title || source.link}
                   </a>
                 </div>
-                <h4 className="mb-1.5 mt-0 text-xs text-text-primary md:text-sm">
-                  {source.title || source.link}
-                </h4>
                 {'snippet' in source && source.snippet && (
-                  <span className="my-2 text-ellipsis break-all text-xs text-text-secondary md:text-sm">
+                  <p className="line-clamp-4 break-words text-xs text-text-secondary md:text-sm">
                     {source.snippet}
-                  </span>
+                  </p>
                 )}
               </div>
               {'imageUrl' in source && source.imageUrl && (
-                <div className="h-24 w-24 flex-shrink-0 overflow-hidden rounded-md">
+                <div className="size-24 shrink-0 overflow-hidden rounded-md">
                   <img
                     src={source.imageUrl}
                     alt={source.title || localize('com_sources_image_alt')}
-                    className="h-full w-full object-cover"
+                    className="size-full object-cover"
                   />
                 </div>
               )}
@@ -298,10 +305,10 @@ const FileItem = React.memo(function FileItem({
           <span className="truncate text-xs font-medium text-text-secondary">
             {localize('com_sources_agent_file')}
           </span>
-          {!isLocalFile && <Download className="ml-auto h-3 w-3" aria-hidden="true" />}
+          {!isLocalFile && <Download className="ml-auto size-3" aria-hidden="true" />}
         </div>
         <div className="mt-1 min-w-0">
-          <span className="line-clamp-2 break-all text-left text-sm font-medium text-text-primary md:line-clamp-3">
+          <span className="line-clamp-2 break-words text-left text-sm font-medium text-text-primary md:line-clamp-3">
             {file.filename}
           </span>
           {file.pages && file.pages.length > 0 && (
@@ -337,10 +344,10 @@ const FileItem = React.memo(function FileItem({
         <span className="truncate text-xs font-medium text-text-secondary">
           {localize('com_sources_agent_file')}
         </span>
-        {!isLocalFile && <Download className="ml-auto h-3 w-3" aria-hidden="true" />}
+        {!isLocalFile && <Download className="ml-auto size-3" aria-hidden="true" />}
       </div>
       <div className="mt-1 min-w-0">
-        <span className="line-clamp-2 break-all text-left text-sm font-medium text-text-primary md:line-clamp-3">
+        <span className="line-clamp-2 break-words text-left text-sm font-medium text-text-primary md:line-clamp-3">
           {file.filename}
         </span>
         {file.pages && file.pages.length > 0 && (
@@ -428,7 +435,7 @@ const SourcesGroup = React.memo(function SourcesGroup({
               className="rounded-full p-1 text-text-secondary hover:bg-surface-tertiary hover:text-text-primary"
               aria-label={localize('com_ui_close')}
             >
-              <X className="h-4 w-4" aria-hidden="true" />
+              <X className="size-4" aria-hidden="true" />
             </OGDialogClose>
           </div>
           <div className="flex-1 overflow-y-auto px-3 py-2">
@@ -506,7 +513,7 @@ function FilesGroup({ files, messageId, conversationId, limit = 3 }: FilesGroupP
             <div className="flex items-center gap-2">
               <div className="relative flex">
                 {remainingFiles.slice(0, 3).map((_, i) => (
-                  <File key={`file-icon-${i}`} className={`h-4 w-4 ${i > 0 ? 'ml-[-6px]' : ''}`} />
+                  <File key={`file-icon-${i}`} className={`size-4 ${i > 0 ? 'ml-[-6px]' : ''}`} />
                 ))}
               </div>
               <span className="truncate text-xs font-medium text-text-secondary">
@@ -524,7 +531,7 @@ function FilesGroup({ files, messageId, conversationId, limit = 3 }: FilesGroupP
               className="rounded-full p-1 text-text-secondary hover:bg-surface-tertiary hover:text-text-primary"
               aria-label={localize('com_ui_close')}
             >
-              <X className="h-4 w-4" aria-hidden="true" />
+              <X className="size-4" aria-hidden="true" />
             </OGDialogClose>
           </div>
           <div className="flex-1 overflow-y-auto px-3 py-2">
diff --git a/client/src/components/Web/__tests__/Citation.test.tsx b/client/src/components/Web/__tests__/Citation.test.tsx
new file mode 100644
index 0000000000..6ec16d4c04
--- /dev/null
+++ b/client/src/components/Web/__tests__/Citation.test.tsx
@@ -0,0 +1,145 @@
+import React from 'react';
+import { render, screen, fireEvent } from '@testing-library/react';
+import '@testing-library/jest-dom';
+import type { SearchResultData } from 'librechat-data-provider';
+import { Citation, CompositeCitation } from '~/components/Web/Citation';
+import { CitationContext } from '~/components/Web/Context';
+import { SearchContext } from '~/Providers';
+
+jest.mock('~/hooks', () => ({
+  useLocalize: () => (key: string, values?: { label?: string; pages?: string }) => {
+    if (key === 'com_citation_source') {
+      return 'Source';
+    }
+    if (key === 'com_citation_more_details') {
+      return `More details about ${values?.label ?? ''}`;
+    }
+    if (key === 'com_ui_relevance') {
+      return 'Relevance';
+    }
+    if (key === 'com_file_pages') {
+      return `Pages: ${values?.pages ?? ''}`;
+    }
+    if (key === 'com_file_source') {
+      return 'File source';
+    }
+    return key;
+  },
+}));
+
+jest.mock('~/components/Chat/Messages/Content/FilePreviewDialog', () => ({
+  __esModule: true,
+  default: ({ open, fileId, fileName }: { open: boolean; fileId?: string; fileName: string }) =>
+    open ? (
+      <div data-testid="file-preview-dialog" data-file-id={fileId}>
+        {fileName}
+      </div>
+    ) : null,
+}));
+
+jest.mock('@librechat/client', () => ({
+  Button: ({ children, onClick, ...props }: React.ButtonHTMLAttributes<HTMLButtonElement>) => (
+    <button onClick={onClick} {...props}>
+      {children}
+    </button>
+  ),
+}));
+
+function renderWithProviders(
+  children: React.ReactNode,
+  searchResults: Record<string, SearchResultData>,
+) {
+  return render(
+    <SearchContext.Provider value={{ searchResults }}>
+      <CitationContext.Provider
+        value={{
+          hoveredCitationId: null,
+          setHoveredCitationId: jest.fn(),
+        }}
+      >
+        {children}
+      </CitationContext.Provider>
+    </SearchContext.Provider>,
+  );
+}
+
+describe('Citation', () => {
+  it('renders composite file citations as buttons and opens the preview dialog', () => {
+    const searchResults = {
+      '0': {
+        references: [
+          {
+            attribution: 'Tutorial Imazing.pdf',
+            fileId: 'file-123',
+            fileName: 'Tutorial Imazing.pdf',
+            link: '#file-123',
+            metadata: {
+              fileBytes: 2048,
+              fileType: 'application/pdf',
+            },
+            pageRelevance: { 1: 0.92 },
+            pages: [1],
+            relevance: 0.92,
+            title: 'Tutorial Imazing.pdf',
+            type: 'file',
+          },
+        ],
+      },
+    };
+
+    renderWithProviders(
+      <CompositeCitation
+        node={{
+          properties: {
+            citationId: 'cite-1',
+            citations: [{ turn: 0, refType: 'file', index: 0 }],
+          },
+        }}
+      />,
+      searchResults as any,
+    );
+
+    const fileButton = screen.getByRole('button', { name: 'Tutorial Imazing.pdf' });
+
+    expect(fileButton).toBeInTheDocument();
+    expect(screen.queryByRole('link', { name: 'Tutorial Imazing.pdf' })).not.toBeInTheDocument();
+
+    fireEvent.click(fileButton);
+
+    expect(screen.getByTestId('file-preview-dialog')).toHaveAttribute('data-file-id', 'file-123');
+  });
+
+  it('keeps standalone web citations as links', () => {
+    const searchResults = {
+      '0': {
+        organic: [
+          {
+            attribution: 'example.com',
+            link: 'https://example.com',
+            snippet: 'Example snippet',
+            title: 'Example',
+          },
+        ],
+      },
+    };
+
+    renderWithProviders(
+      <Citation
+        citationId="cite-2"
+        citationType="standalone"
+        node={{
+          properties: {
+            citation: { turn: 0, refType: 'search', index: 0 },
+            citationId: 'cite-2',
+          },
+        }}
+      />,
+      searchResults as any,
+    );
+
+    expect(screen.getByRole('link', { name: 'example.com' })).toHaveAttribute(
+      'href',
+      'https://example.com',
+    );
+  });
+});
diff --git a/client/src/data-provider/Auth/mutations.ts b/client/src/data-provider/Auth/mutations.ts
index 9930e42b4f..4ba79b94cb 100644
--- a/client/src/data-provider/Auth/mutations.ts
+++ b/client/src/data-provider/Auth/mutations.ts
@@ -40,15 +40,20 @@ export const useLoginUserMutation = (
     mutationFn: (payload: t.TLoginUser) => dataService.login(payload),
     ...(options || {}),
     onMutate: (vars) => {
+      setQueriesEnabled(false);
       resetDefaultPreset();
       clearStates();
       queryClient.removeQueries();
       options?.onMutate?.(vars);
     },
+    // Queries re-enabled in setUserContext (AuthContext) after setTokenHeader runs
     onSuccess: (...args) => {
-      setQueriesEnabled(true);
       options?.onSuccess?.(...args);
     },
+    onError: (...args) => {
+      setQueriesEnabled(true);
+      options?.onError?.(...args);
+    },
   });
 };
 
diff --git a/client/src/data-provider/Endpoints/queries.ts b/client/src/data-provider/Endpoints/queries.ts
index 3f9c468fcf..3ce3d35110 100644
--- a/client/src/data-provider/Endpoints/queries.ts
+++ b/client/src/data-provider/Endpoints/queries.ts
@@ -23,12 +23,21 @@ export const useGetEndpointsQuery = <TData = t.TEndpointsConfig>(
   );
 };
 
+/**
+ * Auth-aware query key so unauthenticated (login page) and authenticated
+ * (chat page) configs are cached independently, preventing stale
+ * unauthenticated config from persisting after login.
+ */
+export const startupConfigKey = (isAuthenticated: boolean) =>
+  [QueryKeys.startupConfig, isAuthenticated] as const;
+
 export const useGetStartupConfig = (
   config?: UseQueryOptions<t.TStartupConfig>,
 ): QueryObserverResult<t.TStartupConfig> => {
   const queriesEnabled = useRecoilValue<boolean>(store.queriesEnabled);
+  const user = useRecoilValue<t.TUser | undefined>(store.user);
   return useQuery<t.TStartupConfig>(
-    [QueryKeys.startupConfig],
+    startupConfigKey(!!user),
     () => dataService.getStartupConfig(),
     {
       staleTime: Infinity,
diff --git a/client/src/hooks/AuthContext.tsx b/client/src/hooks/AuthContext.tsx
index c55980c0d2..2fb7dd7760 100644
--- a/client/src/hooks/AuthContext.tsx
+++ b/client/src/hooks/AuthContext.tsx
@@ -8,7 +8,7 @@ import {
   createContext,
 } from 'react';
 import { debounce } from 'lodash';
-import { useRecoilState } from 'recoil';
+import { useRecoilState, useSetRecoilState } from 'recoil';
 import { useNavigate } from 'react-router-dom';
 import {
   apiBaseUrl,
@@ -45,6 +45,7 @@ const AuthContextProvider = ({
   const [token, setToken] = useState<string | undefined>(undefined);
   const [error, setError] = useState<string | undefined>(undefined);
   const [isAuthenticated, setIsAuthenticated] = useState<boolean>(false);
+  const setQueriesEnabled = useSetRecoilState<boolean>(store.queriesEnabled);
 
   const { data: userRole = null } = useGetRole(SystemRoles.USER, {
     enabled: !!(isAuthenticated && (user?.role ?? '')),
@@ -63,6 +64,9 @@ const AuthContextProvider = ({
         setToken(token);
         setTokenHeader(token);
         setIsAuthenticated(isAuthenticated);
+        if (isAuthenticated) {
+          setQueriesEnabled(true);
+        }
 
         const searchParams = new URLSearchParams(window.location.search);
         const postLoginRedirect = getPostLoginRedirect(searchParams);
@@ -81,7 +85,7 @@ const AuthContextProvider = ({
 
         navigate(finalRedirect, { replace: true });
       }, 50),
-    [navigate, setUser],
+    [navigate, setUser, setQueriesEnabled],
   );
   const doSetError = useTimeout({ callback: (error) => setError(error as string | undefined) });
 
diff --git a/client/src/hooks/Chat/useAddedResponse.ts b/client/src/hooks/Chat/useAddedResponse.ts
index fe35e4e56e..f668ce775c 100644
--- a/client/src/hooks/Chat/useAddedResponse.ts
+++ b/client/src/hooks/Chat/useAddedResponse.ts
@@ -1,4 +1,4 @@
-import { useCallback } from 'react';
+import { useCallback, useMemo } from 'react';
 import { useRecoilValue } from 'recoil';
 import { useGetModelsQuery } from 'librechat-data-provider/react-query';
 import {
@@ -122,9 +122,12 @@ export default function useAddedResponse() {
     ],
   );
 
-  return {
-    conversation,
-    setConversation,
-    generateConversation,
-  };
+  return useMemo(
+    () => ({
+      conversation,
+      setConversation,
+      generateConversation,
+    }),
+    [conversation, setConversation, generateConversation],
+  );
 }
diff --git a/client/src/hooks/Chat/useChatFunctions.ts b/client/src/hooks/Chat/useChatFunctions.ts
index 7cf8c6bf25..18aaf0daee 100644
--- a/client/src/hooks/Chat/useChatFunctions.ts
+++ b/client/src/hooks/Chat/useChatFunctions.ts
@@ -30,6 +30,7 @@ import useSetFilesToDelete from '~/hooks/Files/useSetFilesToDelete';
 import useGetSender from '~/hooks/Conversations/useGetSender';
 import { logger, createDualMessageContent } from '~/utils';
 import store, { useGetEphemeralAgent } from '~/store';
+import { startupConfigKey } from '~/data-provider';
 import useUserKey from '~/hooks/Input/useUserKey';
 import { useAuthContext } from '~/hooks';
 
@@ -172,7 +173,7 @@ export default function useChatFunctions({
     }
 
     const endpointsConfig = queryClient.getQueryData<TEndpointsConfig>([QueryKeys.endpoints]);
-    const startupConfig = queryClient.getQueryData<TStartupConfig>([QueryKeys.startupConfig]);
+    const startupConfig = queryClient.getQueryData<TStartupConfig>(startupConfigKey(true));
     const endpointType = getEndpointField(endpointsConfig, endpoint, 'type');
     const iconURL = conversation?.iconURL;
     const defaultParamsEndpoint = getDefaultParamsEndpoint(endpointsConfig, endpoint);
diff --git a/client/src/hooks/Conversations/useNavigateToConvo.tsx b/client/src/hooks/Conversations/useNavigateToConvo.tsx
index b9d188eaf0..ddb2bac6c9 100644
--- a/client/src/hooks/Conversations/useNavigateToConvo.tsx
+++ b/client/src/hooks/Conversations/useNavigateToConvo.tsx
@@ -23,6 +23,7 @@ import {
   logger,
 } from '~/utils';
 import { useApplyModelSpecEffects } from '~/hooks/Agents';
+import { startupConfigKey } from '~/data-provider';
 import store from '~/store';
 
 const useNavigateToConvo = (index = 0) => {
@@ -41,7 +42,7 @@ const useNavigateToConvo = (index = 0) => {
         return;
       }
 
-      const startupConfig = queryClient.getQueryData<TStartupConfig>([QueryKeys.startupConfig]);
+      const startupConfig = queryClient.getQueryData<TStartupConfig>(startupConfigKey(true));
       applyModelSpecEffects({
         startupConfig,
         specName: conversation?.spec,
diff --git a/client/src/hooks/Endpoint/useEndpoints.ts b/client/src/hooks/Endpoint/useEndpoints.ts
index acc9810093..dc72c0ddec 100644
--- a/client/src/hooks/Endpoint/useEndpoints.ts
+++ b/client/src/hooks/Endpoint/useEndpoints.ts
@@ -6,6 +6,7 @@ import {
   EModelEndpoint,
   PermissionTypes,
   getEndpointField,
+  getConfigDefaults,
 } from 'librechat-data-provider';
 import type {
   TEndpointsConfig,
@@ -20,6 +21,8 @@ import { mapEndpoints, getIconKey } from '~/utils';
 import { useHasAccess } from '~/hooks';
 import { icons } from './Icons';
 
+const defaultInterface = getConfigDefaults().interface;
+
 export const useEndpoints = ({
   agents,
   assistantsMap,
@@ -33,7 +36,7 @@ export const useEndpoints = ({
 }) => {
   const modelsQuery = useGetModelsQuery();
   const { data: endpoints = [] } = useGetEndpointsQuery({ select: mapEndpoints });
-  const interfaceConfig = startupConfig?.interface ?? {};
+  const interfaceConfig = startupConfig?.interface ?? defaultInterface;
   const includedEndpoints = useMemo(
     () => new Set(startupConfig?.modelSpecs?.addedEndpoints ?? []),
     [startupConfig?.modelSpecs?.addedEndpoints],
diff --git a/client/src/hooks/Files/index.ts b/client/src/hooks/Files/index.ts
index df86c02a96..499572f0e0 100644
--- a/client/src/hooks/Files/index.ts
+++ b/client/src/hooks/Files/index.ts
@@ -1,6 +1,6 @@
 export { default as useDeleteFilesFromTable } from './useDeleteFilesFromTable';
 export { default as useSetFilesToDelete } from './useSetFilesToDelete';
-export { default as useFileHandling } from './useFileHandling';
+export { default as useFileHandling, useFileHandlingNoChatContext } from './useFileHandling';
 export { default as useFileDeletion } from './useFileDeletion';
 export { default as useUpdateFiles } from './useUpdateFiles';
 export { default as useDragHelpers } from './useDragHelpers';
diff --git a/client/src/hooks/Input/useQueryParams.spec.ts b/client/src/hooks/Input/useQueryParams.spec.ts
index f8b30b2eda..1f39c1c4ba 100644
--- a/client/src/hooks/Input/useQueryParams.spec.ts
+++ b/client/src/hooks/Input/useQueryParams.spec.ts
@@ -93,19 +93,23 @@ jest.mock('librechat-data-provider', () => {
   };
 });
 
-// Mock data-provider hooks
-jest.mock('~/data-provider', () => ({
-  useGetAgentByIdQuery: jest.fn(() => ({
-    data: null,
-    isLoading: false,
-    error: null,
-  })),
-  useListAgentsQuery: jest.fn(() => ({
-    data: null,
-    isLoading: false,
-    error: null,
-  })),
-}));
+// Mock data-provider hooks while preserving real exports like startupConfigKey
+jest.mock('~/data-provider', () => {
+  const actual = jest.requireActual<typeof import('~/data-provider')>('~/data-provider');
+  return {
+    ...actual,
+    useGetAgentByIdQuery: jest.fn(() => ({
+      data: null,
+      isLoading: false,
+      error: null,
+    })),
+    useListAgentsQuery: jest.fn(() => ({
+      data: null,
+      isLoading: false,
+      error: null,
+    })),
+  };
+});
 
 // Mock global window.history
 global.window = Object.create(window);
diff --git a/client/src/hooks/Input/useQueryParams.ts b/client/src/hooks/Input/useQueryParams.ts
index 85b5d8838b..cea11dc351 100644
--- a/client/src/hooks/Input/useQueryParams.ts
+++ b/client/src/hooks/Input/useQueryParams.ts
@@ -19,8 +19,8 @@ import {
   logger,
 } from '~/utils';
 import { useAuthContext, useAgentsMap, useDefaultConvo, useSubmitMessage } from '~/hooks';
+import { startupConfigKey, useGetAgentByIdQuery } from '~/data-provider';
 import { useChatContext, useChatFormContext } from '~/Providers';
-import { useGetAgentByIdQuery } from '~/data-provider';
 import store from '~/store';
 
 const injectAgentIntoAgentsMap = (queryClient: QueryClient, agent: any) => {
@@ -84,7 +84,7 @@ export default function useQueryParams({
       }
       let newPreset = removeUnavailableTools(_newPreset, availableTools);
       if (newPreset.spec != null && newPreset.spec !== '') {
-        const startupConfig = queryClient.getQueryData<TStartupConfig>([QueryKeys.startupConfig]);
+        const startupConfig = queryClient.getQueryData<TStartupConfig>(startupConfigKey(true));
         const modelSpecs = startupConfig?.modelSpecs?.list ?? [];
         const spec = modelSpecs.find((s) => s.name === newPreset.spec);
         if (!spec) {
@@ -258,7 +258,7 @@ export default function useQueryParams({
       if (!textAreaRef.current) {
         return;
       }
-      const startupConfig = queryClient.getQueryData<TStartupConfig>([QueryKeys.startupConfig]);
+      const startupConfig = queryClient.getQueryData<TStartupConfig>(startupConfigKey(true));
       if (!startupConfig) {
         return;
       }
diff --git a/client/src/hooks/MCP/index.ts b/client/src/hooks/MCP/index.ts
index 705ca58910..b53003f3ce 100644
--- a/client/src/hooks/MCP/index.ts
+++ b/client/src/hooks/MCP/index.ts
@@ -1,5 +1,7 @@
-export * from './useMCPConnectionStatus';
 export * from './useMCPSelect';
 export * from './useVisibleTools';
 export * from './useMCPServerManager';
+export * from './useMCPConnectionStatus';
+
+export { useMCPIconMap } from './useMCPIconMap';
 export { useRemoveMCPTool } from './useRemoveMCPTool';
diff --git a/client/src/hooks/MCP/useMCPIconMap.ts b/client/src/hooks/MCP/useMCPIconMap.ts
new file mode 100644
index 0000000000..43f109b68c
--- /dev/null
+++ b/client/src/hooks/MCP/useMCPIconMap.ts
@@ -0,0 +1,19 @@
+import { useMemo } from 'react';
+import { useMCPServersQuery } from '~/data-provider';
+
+export function useMCPIconMap(): Map<string, string> {
+  const { data: servers } = useMCPServersQuery();
+
+  return useMemo(() => {
+    const map = new Map<string, string>();
+    if (!servers) {
+      return map;
+    }
+    for (const [serverName, config] of Object.entries(servers)) {
+      if (config.iconPath) {
+        map.set(serverName, config.iconPath);
+      }
+    }
+    return map;
+  }, [servers]);
+}
diff --git a/client/src/hooks/Messages/index.ts b/client/src/hooks/Messages/index.ts
index a3fa65b133..439b7e152e 100644
--- a/client/src/hooks/Messages/index.ts
+++ b/client/src/hooks/Messages/index.ts
@@ -1,10 +1,13 @@
 export { default as useProgress } from './useProgress';
+export { EXPAND_TRANSITION } from './useExpandCollapse';
 export { default as useAttachments } from './useAttachments';
 export { default as useSubmitMessage } from './useSubmitMessage';
+export type { ContentMetadataResult } from './useContentMetadata';
+export { default as useExpandCollapse } from './useExpandCollapse';
 export { default as useMessageActions } from './useMessageActions';
+export { default as useMemoizedChatContext } from './useMemoizedChatContext';
 export { default as useMessageProcess } from './useMessageProcess';
 export { default as useMessageHelpers } from './useMessageHelpers';
 export { default as useCopyToClipboard } from './useCopyToClipboard';
-export { default as useMessageScrolling } from './useMessageScrolling';
 export { default as useContentMetadata } from './useContentMetadata';
-export type { ContentMetadataResult } from './useContentMetadata';
+export { default as useMessageScrolling } from './useMessageScrolling';
diff --git a/client/src/hooks/Messages/useConversationUIResources.ts b/client/src/hooks/Messages/useConversationUIResources.ts
index 2333f64e5f..28e9aa035a 100644
--- a/client/src/hooks/Messages/useConversationUIResources.ts
+++ b/client/src/hooks/Messages/useConversationUIResources.ts
@@ -2,7 +2,7 @@ import { useMemo } from 'react';
 import { useRecoilValue } from 'recoil';
 import { Tools } from 'librechat-data-provider';
 import type { TAttachment, UIResource } from 'librechat-data-provider';
-import { useMessagesOperations } from '~/Providers';
+import { useOptionalMessagesOperations } from '~/Providers';
 import store from '~/store';
 
 /**
@@ -16,7 +16,7 @@ import store from '~/store';
 export function useConversationUIResources(
   conversationId: string | undefined,
 ): Map<string, UIResource> {
-  const { getMessages } = useMessagesOperations();
+  const { getMessages } = useOptionalMessagesOperations();
 
   const conversationAttachmentsMap = useRecoilValue(
     store.conversationAttachmentsSelector(conversationId),
diff --git a/client/src/hooks/Messages/useExpandCollapse.ts b/client/src/hooks/Messages/useExpandCollapse.ts
new file mode 100644
index 0000000000..dc298c7f6c
--- /dev/null
+++ b/client/src/hooks/Messages/useExpandCollapse.ts
@@ -0,0 +1,37 @@
+import { useRef, useLayoutEffect, useMemo } from 'react';
+import type { CSSProperties } from 'react';
+
+export const EXPAND_TRANSITION =
+  'grid-template-rows 0.3s cubic-bezier(0.16, 1, 0.3, 1), opacity 0.3s cubic-bezier(0.16, 1, 0.3, 1)';
+
+export default function useExpandCollapse(isExpanded: boolean): {
+  style: CSSProperties;
+  ref: React.RefObject<HTMLDivElement>;
+} {
+  const ref = useRef<HTMLDivElement>(null);
+
+  useLayoutEffect(() => {
+    const el = ref.current;
+    if (!el) {
+      return;
+    }
+
+    if (isExpanded) {
+      el.removeAttribute('inert');
+    } else {
+      el.setAttribute('inert', '');
+    }
+  }, [isExpanded]);
+
+  const style = useMemo<CSSProperties>(
+    () => ({
+      display: 'grid',
+      gridTemplateRows: isExpanded ? '1fr' : '0fr',
+      transition: EXPAND_TRANSITION,
+      opacity: isExpanded ? 1 : 0,
+    }),
+    [isExpanded],
+  );
+
+  return { style, ref };
+}
diff --git a/client/src/hooks/Messages/useMemoizedChatContext.ts b/client/src/hooks/Messages/useMemoizedChatContext.ts
new file mode 100644
index 0000000000..aa35372a8e
--- /dev/null
+++ b/client/src/hooks/Messages/useMemoizedChatContext.ts
@@ -0,0 +1,80 @@
+import { useRef, useMemo } from 'react';
+import type { TMessage } from 'librechat-data-provider';
+import type { TMessageChatContext } from '~/common/types';
+import { useChatContext } from '~/Providers';
+
+/**
+ * Creates a stable `TMessageChatContext` object for memo'd message components.
+ *
+ * Subscribes to `useChatContext()` internally (intended to be called from non-memo'd
+ * wrapper components like `Message` and `MessageContent`), then produces:
+ * - A `chatContext` object that stays referentially stable during streaming
+ *   (uses a getter for `isSubmitting` backed by a ref)
+ * - A stable `conversation` reference that only updates when rendering-relevant fields change
+ * - An `effectiveIsSubmitting` value (false for non-latest messages)
+ */
+export default function useMemoizedChatContext(
+  message: TMessage | null | undefined,
+  isSubmitting: boolean,
+) {
+  const chatCtx = useChatContext();
+
+  const isSubmittingRef = useRef(isSubmitting);
+  isSubmittingRef.current = isSubmitting;
+
+  /**
+   * Stabilize conversation: only update when rendering-relevant fields change,
+   * not on every metadata update (e.g., title generation).
+   */
+  const stableConversation = useMemo(
+    () => chatCtx.conversation,
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    [
+      chatCtx.conversation?.conversationId,
+      chatCtx.conversation?.endpoint,
+      chatCtx.conversation?.endpointType,
+      chatCtx.conversation?.model,
+      chatCtx.conversation?.agent_id,
+      chatCtx.conversation?.assistant_id,
+    ],
+  );
+
+  /**
+   * `isSubmitting` is included in deps so that chatContext gets a new reference
+   * when streaming starts/ends (2x per session). This ensures HoverButtons
+   * re-renders to update regenerate/edit button visibility via useGenerationsByLatest.
+   * The getter pattern is still valuable: callbacks reading chatContext.isSubmitting
+   * at call-time always get the current value even between these re-renders.
+   */
+  const chatContext: TMessageChatContext = useMemo(
+    () => ({
+      ask: chatCtx.ask,
+      index: chatCtx.index,
+      regenerate: chatCtx.regenerate,
+      conversation: stableConversation,
+      latestMessageId: chatCtx.latestMessageId,
+      latestMessageDepth: chatCtx.latestMessageDepth,
+      handleContinue: chatCtx.handleContinue,
+      get isSubmitting() {
+        return isSubmittingRef.current;
+      },
+    }),
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    [
+      chatCtx.ask,
+      chatCtx.index,
+      chatCtx.regenerate,
+      stableConversation,
+      chatCtx.latestMessageId,
+      chatCtx.latestMessageDepth,
+      chatCtx.handleContinue,
+      isSubmitting, // intentional: forces new reference on streaming start/end so HoverButtons re-renders
+    ],
+  );
+
+  const messageId = message?.messageId ?? null;
+  const isLatestMessage = messageId === chatCtx.latestMessageId;
+  const effectiveIsSubmitting = isLatestMessage ? isSubmitting : false;
+
+  return { chatContext, effectiveIsSubmitting };
+}
diff --git a/client/src/hooks/Messages/useMessageActions.tsx b/client/src/hooks/Messages/useMessageActions.tsx
index e8946b895b..590ba6a40e 100644
--- a/client/src/hooks/Messages/useMessageActions.tsx
+++ b/client/src/hooks/Messages/useMessageActions.tsx
@@ -11,7 +11,8 @@ import {
   TUpdateFeedbackRequest,
 } from 'librechat-data-provider';
 import type { TMessageProps } from '~/common';
-import { useChatContext, useAssistantsMapContext, useAgentsMapContext } from '~/Providers';
+import type { TMessageChatContext } from '~/common/types';
+import { useAssistantsMapContext, useAgentsMapContext } from '~/Providers';
 import useCopyToClipboard from './useCopyToClipboard';
 import { useAuthContext } from '~/hooks/AuthContext';
 import { useGetAddedConvo } from '~/hooks/Chat';
@@ -23,24 +24,33 @@ export type TMessageActions = Pick<
   'message' | 'currentEditId' | 'setCurrentEditId'
 > & {
   searchResults?: { [key: string]: SearchResultData };
+  /**
+   * Stable context object passed from wrapper components to avoid subscribing
+   * to ChatContext inside memo'd components (which would bypass React.memo).
+   * The `isSubmitting` property uses a getter backed by a ref, so it always
+   * returns the current value at call-time without triggering re-renders.
+   */
+  chatContext: TMessageChatContext;
 };
 
 export default function useMessageActions(props: TMessageActions) {
   const localize = useLocalize();
   const { user } = useAuthContext();
   const UsernameDisplay = useRecoilValue<boolean>(store.UsernameDisplay);
-  const { message, currentEditId, setCurrentEditId, searchResults } = props;
+  const { message, currentEditId, setCurrentEditId, searchResults, chatContext } = props;
 
   const {
     ask,
     index,
     regenerate,
-    isSubmitting,
     conversation,
     latestMessageId,
     latestMessageDepth,
     handleContinue,
-  } = useChatContext();
+    // NOTE: isSubmitting is intentionally NOT destructured here.
+    // chatContext.isSubmitting is a getter backed by a ref — destructuring
+    // would capture a one-time snapshot. Always access via chatContext.isSubmitting.
+  } = chatContext;
 
   const getAddedConvo = useGetAddedConvo();
 
@@ -98,13 +108,18 @@ export default function useMessageActions(props: TMessageActions) {
     }
   }, [agentsMap, conversation?.agent_id, conversation?.endpoint, message?.model]);
 
+  /**
+   * chatContext.isSubmitting is a getter backed by the wrapper's ref,
+   * so it always returns the current value at call-time — even for
+   * non-latest messages that don't re-render during streaming.
+   */
   const regenerateMessage = useCallback(() => {
-    if ((isSubmitting && isCreatedByUser === true) || !message) {
+    if ((chatContext.isSubmitting && isCreatedByUser === true) || !message) {
       return;
     }
 
     regenerate(message, { addedConvo: getAddedConvo() });
-  }, [isSubmitting, isCreatedByUser, message, regenerate, getAddedConvo]);
+  }, [chatContext, isCreatedByUser, message, regenerate, getAddedConvo]);
 
   const copyToClipboard = useCopyToClipboard({ text, content, searchResults });
 
diff --git a/client/src/hooks/Messages/useMessageProcess.tsx b/client/src/hooks/Messages/useMessageProcess.tsx
index 37738b50a9..bb49670a2f 100644
--- a/client/src/hooks/Messages/useMessageProcess.tsx
+++ b/client/src/hooks/Messages/useMessageProcess.tsx
@@ -1,6 +1,6 @@
 import throttle from 'lodash/throttle';
 import { Constants } from 'librechat-data-provider';
-import { useEffect, useRef, useCallback, useMemo } from 'react';
+import { useEffect, useRef, useMemo } from 'react';
 import type { TMessage } from 'librechat-data-provider';
 import { getTextKey, TEXT_KEY_DIVIDER, logger } from '~/utils';
 import { useMessagesViewContext } from '~/Providers';
@@ -56,24 +56,25 @@ export default function useMessageProcess({ message }: { message?: TMessage | nu
     }
   }, [hasNoChildren, message, setLatestMessage, conversation?.conversationId]);
 
-  const handleScroll = useCallback(
-    (event: unknown | TouchEvent | WheelEvent) => {
-      throttle(() => {
+  /** Use ref for isSubmitting to stabilize handleScroll across isSubmitting changes */
+  const isSubmittingRef = useRef(isSubmitting);
+  isSubmittingRef.current = isSubmitting;
+
+  const handleScroll = useMemo(
+    () =>
+      throttle((event: unknown) => {
         logger.log(
           'message_scrolling',
-          `useMessageProcess: setting abort scroll to ${isSubmitting}, handleScroll event`,
+          `useMessageProcess: setting abort scroll to ${isSubmittingRef.current}, handleScroll event`,
           event,
         );
-        if (isSubmitting) {
-          setAbortScroll(true);
-        } else {
-          setAbortScroll(false);
-        }
-      }, 500)();
-    },
-    [isSubmitting, setAbortScroll],
+        setAbortScroll(isSubmittingRef.current);
+      }, 500),
+    [setAbortScroll],
   );
 
+  useEffect(() => () => handleScroll.cancel(), [handleScroll]);
+
   return {
     handleScroll,
     isSubmitting,
diff --git a/client/src/hooks/SSE/__tests__/useResumableSSE.spec.ts b/client/src/hooks/SSE/__tests__/useResumableSSE.spec.ts
index 9100f39858..1717d27c22 100644
--- a/client/src/hooks/SSE/__tests__/useResumableSSE.spec.ts
+++ b/client/src/hooks/SSE/__tests__/useResumableSSE.spec.ts
@@ -1,5 +1,5 @@
 import { renderHook, act } from '@testing-library/react';
-import { Constants, ErrorTypes, LocalStorageKeys } from 'librechat-data-provider';
+import { Constants, LocalStorageKeys } from 'librechat-data-provider';
 import type { TSubmission } from 'librechat-data-provider';
 
 type SSEEventListener = (e: Partial<MessageEvent> & { responseCode?: number }) => void;
@@ -34,7 +34,13 @@ jest.mock('sse.js', () => ({
 }));
 
 const mockSetQueryData = jest.fn();
-const mockQueryClient = { setQueryData: mockSetQueryData };
+const mockInvalidateQueries = jest.fn();
+const mockRemoveQueries = jest.fn();
+const mockQueryClient = {
+  setQueryData: mockSetQueryData,
+  invalidateQueries: mockInvalidateQueries,
+  removeQueries: mockRemoveQueries,
+};
 
 jest.mock('@tanstack/react-query', () => ({
   ...jest.requireActual('@tanstack/react-query'),
@@ -63,6 +69,7 @@ jest.mock('~/data-provider', () => ({
   useGetStartupConfig: () => ({ data: { balance: { enabled: false } } }),
   useGetUserBalance: () => ({ refetch: jest.fn() }),
   queueTitleGeneration: jest.fn(),
+  streamStatusQueryKey: (conversationId: string) => ['streamStatus', conversationId],
 }));
 
 const mockErrorHandler = jest.fn();
@@ -162,6 +169,11 @@ describe('useResumableSSE - 404 error path', () => {
   beforeEach(() => {
     mockSSEInstances.length = 0;
     localStorage.clear();
+    mockErrorHandler.mockClear();
+    mockClearStepMaps.mockClear();
+    mockSetIsSubmitting.mockClear();
+    mockInvalidateQueries.mockClear();
+    mockRemoveQueries.mockClear();
   });
 
   const seedDraft = (conversationId: string) => {
@@ -200,19 +212,18 @@ describe('useResumableSSE - 404 error path', () => {
     unmount();
   });
 
-  it('calls errorHandler with STREAM_EXPIRED error type on 404', async () => {
+  it('invalidates message cache and clears stream status on 404 instead of showing error', async () => {
     const { unmount } = await render404Scenario(CONV_ID);
 
-    expect(mockErrorHandler).toHaveBeenCalledTimes(1);
-    const call = mockErrorHandler.mock.calls[0][0];
-    expect(call.data).toBeDefined();
-    const parsed = JSON.parse(call.data.text);
-    expect(parsed.type).toBe(ErrorTypes.STREAM_EXPIRED);
-    expect(call.submission).toEqual(
-      expect.objectContaining({
-        conversation: expect.objectContaining({ conversationId: CONV_ID }),
-      }),
-    );
+    expect(mockErrorHandler).not.toHaveBeenCalled();
+    expect(mockInvalidateQueries).toHaveBeenCalledWith({
+      queryKey: ['messages', CONV_ID],
+    });
+    expect(mockRemoveQueries).toHaveBeenCalledWith({
+      queryKey: ['streamStatus', CONV_ID],
+    });
+    expect(mockClearStepMaps).toHaveBeenCalled();
+    expect(mockSetIsSubmitting).toHaveBeenCalledWith(false);
     unmount();
   });
 
diff --git a/client/src/hooks/SSE/useEventHandlers.ts b/client/src/hooks/SSE/useEventHandlers.ts
index 325ee97315..366775c4c1 100644
--- a/client/src/hooks/SSE/useEventHandlers.ts
+++ b/client/src/hooks/SSE/useEventHandlers.ts
@@ -33,7 +33,7 @@ import {
   removeConvoFromAllQueries,
   findConversationInInfinite,
 } from '~/utils';
-import { queueTitleGeneration } from '~/data-provider/SSE/queries';
+import { startupConfigKey, queueTitleGeneration } from '~/data-provider';
 import useAttachmentHandler from '~/hooks/SSE/useAttachmentHandler';
 import useContentHandler from '~/hooks/SSE/useContentHandler';
 import useStepHandler from '~/hooks/SSE/useStepHandler';
@@ -406,7 +406,7 @@ export default function useEventHandlers({
           sourceId: submission.conversation?.conversationId,
           ephemeralAgent: submission.ephemeralAgent,
           specName: submission.conversation?.spec,
-          startupConfig: queryClient.getQueryData<TStartupConfig>([QueryKeys.startupConfig]),
+          startupConfig: queryClient.getQueryData<TStartupConfig>(startupConfigKey(true)),
         });
       }
 
@@ -588,7 +588,7 @@ export default function useEventHandlers({
               sourceId: submissionConvo.conversationId,
               ephemeralAgent: submission.ephemeralAgent,
               specName: submission.conversation?.spec,
-              startupConfig: queryClient.getQueryData<TStartupConfig>([QueryKeys.startupConfig]),
+              startupConfig: queryClient.getQueryData<TStartupConfig>(startupConfigKey(true)),
             });
           }
 
diff --git a/client/src/hooks/SSE/useResumableSSE.ts b/client/src/hooks/SSE/useResumableSSE.ts
index 32820f8392..39dc610dae 100644
--- a/client/src/hooks/SSE/useResumableSSE.ts
+++ b/client/src/hooks/SSE/useResumableSSE.ts
@@ -16,7 +16,12 @@ import {
 } from 'librechat-data-provider';
 import type { TMessage, TPayload, TSubmission, EventSubmission } from 'librechat-data-provider';
 import type { EventHandlerParams } from './useEventHandlers';
-import { useGetStartupConfig, useGetUserBalance, queueTitleGeneration } from '~/data-provider';
+import {
+  useGetUserBalance,
+  useGetStartupConfig,
+  queueTitleGeneration,
+  streamStatusQueryKey,
+} from '~/data-provider';
 import type { ActiveJobsResponse } from '~/data-provider';
 import { useAuthContext } from '~/hooks/AuthContext';
 import useEventHandlers from './useEventHandlers';
@@ -343,18 +348,20 @@ export default function useResumableSSE(
         /* @ts-ignore - sse.js types don't expose responseCode */
         const responseCode = e.responseCode;
 
-        // 404 means job doesn't exist (completed/deleted) - don't retry
+        // 404 → job completed & was cleaned up; messages are persisted in DB.
+        // Invalidate cache once so react-query refetches instead of showing an error.
         if (responseCode === 404) {
-          console.log('[ResumableSSE] Stream not found (404) - job completed or expired');
+          const convoId = currentSubmission.conversation?.conversationId;
+          console.log('[ResumableSSE] Stream 404, invalidating messages for:', convoId);
           sse.close();
           removeActiveJob(currentStreamId);
-          clearAllDrafts(currentSubmission.conversation?.conversationId);
-          errorHandler({
-            data: {
-              text: JSON.stringify({ type: ErrorTypes.STREAM_EXPIRED }),
-            } as unknown as Parameters<typeof errorHandler>[0]['data'],
-            submission: currentSubmission as EventSubmission,
-          });
+          clearAllDrafts(convoId);
+          clearStepMaps();
+          if (convoId) {
+            queryClient.invalidateQueries({ queryKey: [QueryKeys.messages, convoId] });
+            queryClient.removeQueries({ queryKey: streamStatusQueryKey(convoId) });
+          }
+          setIsSubmitting(false);
           setShowStopButton(false);
           setStreamId(null);
           reconnectAttemptRef.current = 0;
@@ -544,6 +551,7 @@ export default function useResumableSSE(
       startupConfig?.balance?.enabled,
       balanceQuery,
       removeActiveJob,
+      queryClient,
     ],
   );
 
diff --git a/client/src/hooks/SSE/useResumeOnLoad.ts b/client/src/hooks/SSE/useResumeOnLoad.ts
index f09751db0e..5f0f691787 100644
--- a/client/src/hooks/SSE/useResumeOnLoad.ts
+++ b/client/src/hooks/SSE/useResumeOnLoad.ts
@@ -125,7 +125,11 @@ export default function useResumeOnLoad(
     conversationId !== Constants.NEW_CONVO &&
     processedConvoRef.current !== conversationId; // Don't re-check processed convos
 
-  const { data: streamStatus, isSuccess } = useStreamStatus(conversationId, shouldCheck);
+  const {
+    data: streamStatus,
+    isSuccess,
+    isFetching,
+  } = useStreamStatus(conversationId, shouldCheck);
 
   useEffect(() => {
     console.log('[ResumeOnLoad] Effect check', {
@@ -135,6 +139,7 @@ export default function useResumeOnLoad(
       hasCurrentSubmission: !!currentSubmission,
       currentSubmissionConvoId: currentSubmission?.conversation?.conversationId,
       isSuccess,
+      isFetching,
       streamStatusActive: streamStatus?.active,
       streamStatusStreamId: streamStatus?.streamId,
       processedConvoRef: processedConvoRef.current,
@@ -171,8 +176,9 @@ export default function useResumeOnLoad(
       );
     }
 
-    // Wait for stream status query to complete
-    if (!isSuccess || !streamStatus) {
+    // Wait for stream status query to complete (including background refetches
+    // that may replace a stale cached result with fresh data)
+    if (!isSuccess || !streamStatus || isFetching) {
       console.log('[ResumeOnLoad] Waiting for stream status query');
       return;
     }
@@ -183,15 +189,12 @@ export default function useResumeOnLoad(
       return;
     }
 
-    // Check if there's an active job to resume
-    // DON'T mark as processed here - only mark when we actually create a submission
-    // This prevents stale cache data from blocking subsequent resume attempts
     if (!streamStatus.active || !streamStatus.streamId) {
       console.log('[ResumeOnLoad] No active job to resume for:', conversationId);
+      processedConvoRef.current = conversationId;
       return;
     }
 
-    // Mark as processed NOW - we verified there's an active job and will create submission
     processedConvoRef.current = conversationId;
 
     console.log('[ResumeOnLoad] Found active job, creating submission...', {
@@ -241,6 +244,7 @@ export default function useResumeOnLoad(
     submissionConvoId,
     currentSubmission,
     isSuccess,
+    isFetching,
     streamStatus,
     getMessages,
     setSubmission,
diff --git a/client/src/locales/ar/translation.json b/client/src/locales/ar/translation.json
index ea1cc405fd..bdcabc4037 100644
--- a/client/src/locales/ar/translation.json
+++ b/client/src/locales/ar/translation.json
@@ -4,6 +4,11 @@
   "com_a11y_ai_composing": "الذكاء الاصطناعي ما زال يكتب",
   "com_a11y_end": "انتهى الذكاء الاصطناعي من الرد",
   "com_a11y_start": "بدأ الذكاء الاصطناعي بالرد",
+  "com_agents_agent_card_label": "البوسنية",
+  "com_agents_all": "كل الوكلاء",
+  "com_agents_all_category": "الكل",
+  "com_agents_all_description": "عرض كل الوكلاء في جميع التصنيفات",
+  "com_agents_avatar_upload_error": "خطأ في رفع صورة الوكيل",
   "com_agents_by_librechat": "بواسطة LibreChat",
   "com_agents_code_interpreter": "عند التمكين، يسمح للوكيل الخاص بك باستخدام واجهة برمجة التطبيقات لمفسر الشفرة LibreChat لتشغيل الشفرة المُنشأة، بما في ذلك معالجة الملفات، بشكل آمن. يتطلب مفتاح API صالح.",
   "com_agents_code_interpreter_title": "واجهة برمجة مُفسِّر الشفرة",
@@ -41,7 +46,6 @@
   "com_assistants_delete_actions_error": "حدث خطأ أثناء حذف الإجراء.",
   "com_assistants_delete_actions_success": "تم حذف الإجراء من المساعد بنجاح",
   "com_assistants_description_placeholder": "اختياري: اشرح مساعدك هنا",
-  "com_assistants_domain_info": "أرسل المساعد هذه المعلومات إلى {{0}}",
   "com_assistants_file_search": "بحث الملفات",
   "com_assistants_file_search_info": "لا يتم دعم إرفاق مخازن الكتل الرقمية لميزة البحث في الملفات بعد. يمكنك إرفاقها من ملعب المزود أو إرفاق ملفات إلى الرسائل للبحث في الملفات على أساس المحادثة.",
   "com_assistants_function_use": "المساعد استخدم {{0}}",
@@ -183,7 +187,6 @@
   "com_endpoint_message_not_appendable": "عدّل رسالتك أو أعد إنشاءها.",
   "com_endpoint_my_preset": "الإعداد المسبق الخاص بي",
   "com_endpoint_no_presets": "لا يوجد إعداد مسبق بعد",
-  "com_endpoint_open_menu": "افتح القائمة",
   "com_endpoint_openai_custom_name_placeholder": "قم بتعيين اسم مخصص لـ ChatGPT",
   "com_endpoint_openai_detail": "دقة الطلبات للرؤية. \"منخفضة\" أرخص وأسرع، \"عالية\" أكثر تفصيلاً وتكلفة، و\"تلقائي\" سيختار تلقائيًا بين الاثنين بناءً على دقة الصورة.",
   "com_endpoint_openai_freq": "رقم بين -2.0 و 2.0. القيم الموجبة تعاقب الرموز الجديدة بناءً على تكرارها الحالي في النص حتى الآن، مما يقلل من احتمالية تكرار النموذج لنفس السطر حرفيًا.",
@@ -262,6 +265,20 @@
   "com_nav_auto_transcribe_audio": "النسخ التلقائي للصوت",
   "com_nav_automatic_playback": "تشغيل تلقائي لآخر رسالة",
   "com_nav_balance": "توازن",
+  "com_nav_balance_day": "يوم",
+  "com_nav_balance_days": "أيام",
+  "com_nav_balance_every": "كل",
+  "com_nav_balance_hour": "ساع",
+  "com_nav_balance_hours": "ساعات",
+  "com_nav_balance_interval": "الفترة",
+  "com_nav_balance_minute": "دقيقة",
+  "com_nav_balance_minutes": "دقائق",
+  "com_nav_balance_month": "شهر",
+  "com_nav_balance_months": "شهور",
+  "com_nav_balance_second": "ثانية",
+  "com_nav_balance_seconds": "ثوان",
+  "com_nav_balance_week": "أسبوع",
+  "com_nav_balance_weeks": "أسابيع",
   "com_nav_browser": "المتصفح",
   "com_nav_change_picture": "تغيير الصورة",
   "com_nav_chat_commands": "أوامر الدردشة",
@@ -274,6 +291,7 @@
   "com_nav_close_sidebar": "إغلاق القائمة الجانبية",
   "com_nav_commands": "الأوامر",
   "com_nav_confirm_clear": "تأكيد المسح",
+  "com_nav_control_panel": "لوحة التحكم",
   "com_nav_conversation_mode": "وضع المحادثة",
   "com_nav_convo_menu_options": "خيارات قائمة المحادثة",
   "com_nav_db_sensitivity": "حساسية الديسيبل",
@@ -305,7 +323,6 @@
   "com_nav_font_size_xl": "كبير جداً",
   "com_nav_font_size_xs": "صغير جداً",
   "com_nav_help_faq": "مساعدة & الأسئلة الشائعة",
-  "com_nav_hide_panel": "إخفاء اللوحة الجانبية اليمنى",
   "com_nav_info_code_artifacts": "تمكين عرض عناصر الكود التجريبية بجانب المحادثة",
   "com_nav_info_custom_prompt_mode": "عند التمكين، لن يتم تضمين النص التلقائي للنظام. يجب توفير جميع تعليمات إنشاء العناصر يدويًا في هذا الوضع.",
   "com_nav_info_enter_to_send": "عند التفعيل، سيؤدي الضغط على مفتاح `ENTER` إلى إرسال رسالتك. عند التعطيل، سيؤدي الضغط على مفتاح Enter إلى إضافة سطر جديد، وستحتاج إلى الضغط على `CTRL + ENTER` / `⌘ + ENTER` لإرسال رسالتك.",
@@ -316,9 +333,12 @@
   "com_nav_info_save_draft": "عند التمكين، سيتم حفظ النص والمرفقات التي تدخلها في نموذج الدردشة تلقائياً كمسودات محلية. ستظل هذه المسودات متاحة حتى إذا قمت بإعادة تحميل الصفحة أو التبديل إلى محادثة مختلفة. يتم تخزين المسودات محلياً على جهازك ويتم حذفها بمجرد إرسال الرسالة.",
   "com_nav_info_user_name_display": "عند التفعيل، سيظهر اسم المستخدم الخاص بك فوق كل رسالة ترسلها. عند التعطيل، سترى فقط كلمة \"أنت\" فوق رسائلك",
   "com_nav_lang_arabic": "العربية",
+  "com_nav_lang_armenian": "الأرمنية",
   "com_nav_lang_auto": "اكتشاف تلقائي",
+  "com_nav_lang_bosnian": "البوسنية",
   "com_nav_lang_brazilian_portuguese": "Português Brasileiro",
   "com_nav_lang_chinese": "中文",
+  "com_nav_lang_czech": "التشيكية",
   "com_nav_lang_dutch": "Nederlands",
   "com_nav_lang_english": "English",
   "com_nav_lang_estonian": "Eesti keel",
@@ -331,6 +351,7 @@
   "com_nav_lang_italian": "Italiano",
   "com_nav_lang_japanese": "日本語",
   "com_nav_lang_korean": "한국어",
+  "com_nav_lang_persian": "الفارسية",
   "com_nav_lang_polish": "Polski",
   "com_nav_lang_portuguese": "Português",
   "com_nav_lang_russian": "Русский",
@@ -339,12 +360,15 @@
   "com_nav_lang_thai": "ไทย",
   "com_nav_lang_traditional_chinese": "繁體中文",
   "com_nav_lang_turkish": "Türkçe",
+  "com_nav_lang_ukrainian": "الأوكرانية",
   "com_nav_lang_vietnamese": "Tiếng Việt",
   "com_nav_language": "اللغة",
   "com_nav_latex_parsing": "تحليل LaTeX في الرسائل (قد يؤثر على الأداء)",
   "com_nav_log_out": "تسجيل الخروج",
   "com_nav_long_audio_warning": "ستستغرق النصوص الطويلة وقتاً أطول للمعالجة",
   "com_nav_maximize_chat_space": "تكبير مساحة الدردشة",
+  "com_nav_mcp_connect": "اتصال",
+  "com_nav_mcp_reconnect": "معاودة الاتصال",
   "com_nav_modular_chat": "تمكين تبديل النقاط النهائية أثناء المحادثة",
   "com_nav_my_files": "ملفاتي",
   "com_nav_not_supported": "غير مدعوم",
@@ -364,7 +388,6 @@
   "com_nav_setting_speech": "الكلام",
   "com_nav_settings": "الإعدادات",
   "com_nav_shared_links": "روابط مشتركة",
-  "com_nav_show_code": "إظهار الشفرة دائمًا عند استخدام مفسر الشفرة",
   "com_nav_slash_command": "/-الأمر",
   "com_nav_slash_command_description": "تبديل الأمر \"/\" لاختيار موجه عبر لوحة المفاتيح",
   "com_nav_speech_to_text": "تحويل الكلام إلى نص",
@@ -428,6 +451,7 @@
   "com_ui_attachment": "مرفق",
   "com_ui_authentication": "المصادقة",
   "com_ui_avatar": "الصورة الرمزية",
+  "com_ui_back": "عودة",
   "com_ui_back_to_chat": "العودة إلى الدردشة",
   "com_ui_back_to_prompts": "العودة إلى الأوامر",
   "com_ui_bookmark_delete_confirm": "هل أنت متأكد أنك تريد حذف هذه الإشارة المرجعية؟",
@@ -448,6 +472,7 @@
   "com_ui_bookmarks_update_error": "حدث خطأ أثناء تحديث الإشارة المرجعية",
   "com_ui_bookmarks_update_success": "تم تحديث الإشارة المرجعية بنجاح",
   "com_ui_cancel": "إلغاء",
+  "com_ui_category": "التصنيف",
   "com_ui_chat": "دردشة",
   "com_ui_chat_history": "سجل الدردشة",
   "com_ui_clear": "مسح",
@@ -460,7 +485,6 @@
   "com_ui_confirm_action": "تأكيد الإجراء",
   "com_ui_context": "سياق",
   "com_ui_continue": "استمر",
-  "com_ui_controls": "عناصر التحكم",
   "com_ui_copied": "تم النسخ",
   "com_ui_copied_to_clipboard": "تم النسخ إلى الحافظة",
   "com_ui_copy_code": "نسخ الكود",
@@ -506,7 +530,6 @@
   "com_ui_description_placeholder": "اختياري: أدخل وصفاً ليتم عرضه للموجه",
   "com_ui_download_error": "حدث خطأ أثناء تنزيل الملف. قد يكون الملف قد تم حذفه.",
   "com_ui_dropdown_variables": "متغيرات القائمة المنسدلة:",
-  "com_ui_dropdown_variables_info": "إنشاء قوائم منسدلة مخصصة لمحادثاتك: `{{variable_name:option1|option2|option3}}`",
   "com_ui_duplicate": "نسخ",
   "com_ui_duplication_error": "حدث خطأ أثناء نسخ المحادثة",
   "com_ui_duplication_processing": "جارِ نسخ المحادثة...",
@@ -663,7 +686,6 @@
   "com_ui_special_var_current_datetime": "التاريخ والوقت الآن",
   "com_ui_special_var_current_user": "المستخدم الحالي",
   "com_ui_special_variables": "المتغيرات الخاصة:",
-  "com_ui_special_variables_more_info": "يمكنك اختيار متغيّر خاص من القائمة المنسدلة أدناه: {{current_date}}` (today's date and day of week), `{{current_datetime}}` (local date and time), `{{utc_iso_datetime}}` (UTC ISO datetime), و `{{current_user}}` (your account name).",
   "com_ui_speech_while_submitting": "لا يمكن إرسال الكلام أثناء إنشاء الرد",
   "com_ui_stop": "توقف",
   "com_ui_storage": "التخزين",
@@ -691,7 +713,6 @@
   "com_ui_upload_type": "اختر نوع التحميل",
   "com_ui_use_micrphone": "استخدام الميكروفون",
   "com_ui_variables": "متغيرات",
-  "com_ui_variables_info": "استخدم أقواس مزدوجة في نصك لإنشاء متغيرات، مثل `{{متغير كمثال}}`، لملئها لاحقاً عند استخدام النص البرمجي.",
   "com_ui_version_var": "الإصدار {{0}}",
   "com_ui_versions": "الإصدارات",
   "com_ui_yes": "نعم",
diff --git a/client/src/locales/ca/translation.json b/client/src/locales/ca/translation.json
index eb21746100..b4c0e0f7e9 100644
--- a/client/src/locales/ca/translation.json
+++ b/client/src/locales/ca/translation.json
@@ -26,7 +26,6 @@
   "com_agents_not_available": "Agent no disponible",
   "com_agents_search_name": "Cerca agents per nom",
   "com_agents_update_error": "S'ha produït un error en actualitzar el teu agent.",
-  "com_assistants_action_attempt": "L'assistent vol parlar amb {{0}}",
   "com_assistants_actions": "Accions",
   "com_assistants_actions_disabled": "Cal crear un assistent abans d'afegir accions.",
   "com_assistants_actions_info": "Permet que el teu Assistent recuperi informació o realitzi accions via API",
@@ -35,7 +34,6 @@
   "com_assistants_allow_sites_you_trust": "Permet només llocs de confiança.",
   "com_assistants_append_date": "Afegeix Data i Hora Actuals",
   "com_assistants_append_date_tooltip": "Quan està habilitat, la data i hora actuals s'afegiran a les instruccions de sistema de l'assistent.",
-  "com_assistants_attempt_info": "L'assistent vol enviar el següent:",
   "com_assistants_available_actions": "Accions disponibles",
   "com_assistants_capabilities": "Capacitats",
   "com_assistants_code_interpreter": "Intèrpret de Codi",
@@ -50,7 +48,6 @@
   "com_assistants_delete_actions_error": "S'ha produït un error en eliminar l'acció.",
   "com_assistants_delete_actions_success": "Acció eliminada de l'Assistent amb èxit",
   "com_assistants_description_placeholder": "Opcional: Descriu el teu Assistent aquí",
-  "com_assistants_domain_info": "L'assistent ha enviat aquesta informació a {{0}}",
   "com_assistants_file_search": "Cerca de fitxers",
   "com_assistants_file_search_info": "La cerca de fitxers permet a l'assistent accedir al coneixement dels fitxers que tu o els teus usuaris pugeu. Un cop pujat un fitxer, l'assistent decideix automàticament quan recuperar-ne contingut segons les peticions de l'usuari. Encara no es dóna suport a la vinculació de magatzems vectorials per a la Cerca de Fitxers. Pots adjuntar-los des del Provider Playground o adjuntar fitxers als missatges per a la cerca de fitxers per fils.",
   "com_assistants_function_use": "L'assistent ha utilitzat {{0}}",
@@ -202,7 +199,6 @@
   "com_endpoint_message_not_appendable": "Edita el teu missatge o Regenera.",
   "com_endpoint_my_preset": "El meu predefinit",
   "com_endpoint_no_presets": "Encara no hi ha predefinits, utilitza el botó de configuració per crear-ne un",
-  "com_endpoint_open_menu": "Obre el menú",
   "com_endpoint_openai_custom_name_placeholder": "Defineix un nom personalitzat per a la IA",
   "com_endpoint_openai_detail": "La resolució per a sol·licituds de Visió. \"Baixa\" és més barata i ràpida, \"Alta\" és més detallada i cara, i \"Auto\" triarà automàticament segons la resolució de la imatge.",
   "com_endpoint_openai_freq": "Nombre entre -2.0 i 2.0. Valors positius penalitzen nous tokens segons la seva freqüència al text fins ara, reduint la probabilitat que el model repeteixi la mateixa línia literalment.",
@@ -349,7 +345,6 @@
   "com_nav_font_size_xl": "Molt gran",
   "com_nav_font_size_xs": "Molt petita",
   "com_nav_help_faq": "Ajuda i PMF",
-  "com_nav_hide_panel": "Amaga el panell lateral dret",
   "com_nav_info_code_artifacts": "Habilita la visualització d'artifacts de codi experimentals al costat del xat",
   "com_nav_info_code_artifacts_agent": "Habilita l'ús d'artifacts de codi per aquest agent. Per defecte, s'afegeixen instruccions addicionals específiques per a l'ús d'artifacts, tret que el \"Mode de prompt personalitzat\" estigui activat.",
   "com_nav_info_custom_prompt_mode": "Quan està activat, el prompt per defecte del sistema d'artifacts no s'inclourà. Totes les instruccions per generar artifacts s'han de proporcionar manualment.",
@@ -418,7 +413,6 @@
   "com_nav_setting_speech": "Veu",
   "com_nav_settings": "Configuració",
   "com_nav_shared_links": "Enllaços compartits",
-  "com_nav_show_code": "Mostra sempre el codi quan s'utilitzi l'intèrpret de codi",
   "com_nav_show_thinking": "Obre desplegables de pensament per defecte",
   "com_nav_slash_command": "/-Comanda",
   "com_nav_slash_command_description": "Activa o desactiva la comanda \"/\" per seleccionar un prompt amb el teclat",
@@ -560,7 +554,6 @@
   "com_ui_context": "Context",
   "com_ui_continue": "Continua",
   "com_ui_continue_oauth": "Continuar amb OAuth",
-  "com_ui_controls": "Controls",
   "com_ui_convo_delete_error": "No s'ha pogut eliminar la conversa",
   "com_ui_copied": "Copiat!",
   "com_ui_copied_to_clipboard": "Copiat al porta-retalls",
@@ -619,7 +612,6 @@
   "com_ui_download_error": "Error en descarregar el fitxer. Potser ha estat eliminat.",
   "com_ui_drag_drop": "Cal afegir alguna cosa aquí. Estava buit",
   "com_ui_dropdown_variables": "Variables desplegables:",
-  "com_ui_dropdown_variables_info": "Crea menús desplegables personalitzats pels teus prompts: `{{variable_name:opcio1|opcio2|opcio3}}`",
   "com_ui_duplicate": "Duplica",
   "com_ui_duplication_error": "S'ha produït un error en duplicar la conversa",
   "com_ui_duplication_processing": "Duplicant conversa...",
@@ -690,7 +682,6 @@
   "com_ui_instructions": "Instruccions",
   "com_ui_late_night": "Bona matinada",
   "com_ui_latest_footer": "Cada IA per a tothom.",
-  "com_ui_latest_production_version": "Darrera versió de producció",
   "com_ui_latest_version": "Darrera versió",
   "com_ui_librechat_code_api_key": "Aconsegueix la teva clau API d'Intèrpret de Codi de LibreChat",
   "com_ui_librechat_code_api_subtitle": "Segur. Multiidioma. Fitxers d'entrada/sortida.",
@@ -807,9 +798,7 @@
   "com_ui_special_var_current_user": "Usuari actual",
   "com_ui_special_var_iso_datetime": "Data i hora ISO UTC",
   "com_ui_special_variables": "Variables especials:",
-  "com_ui_special_variables_more_info": "Pots seleccionar variables especials al desplegable: `{{current_date}}` (data i dia de la setmana d'avui), `{{current_datetime}}` (data i hora locals), `{{utc_iso_datetime}}` (data i hora ISO UTC), i `{{current_user}}` (nom del teu compte).",
   "com_ui_speech_while_submitting": "No es pot enviar veu mentre s'està generant una resposta",
-  "com_ui_sr_actions_menu": "Obre el menú d'accions per a \"{{0}}\"",
   "com_ui_stop": "Atura",
   "com_ui_storage": "Emmagatzematge",
   "com_ui_submit": "Envia",
@@ -847,7 +836,6 @@
   "com_ui_use_micrphone": "Utilitza el micròfon",
   "com_ui_used": "Utilitzat",
   "com_ui_variables": "Variables",
-  "com_ui_variables_info": "Utilitza claus dobles per crear variables, per ex. `{{exemple variable}}`, per omplir-les quan utilitzis el prompt.",
   "com_ui_verify": "Verifica",
   "com_ui_version_var": "Versió {{0}}",
   "com_ui_versions": "Versions",
diff --git a/client/src/locales/cs/translation.json b/client/src/locales/cs/translation.json
index 51246e3383..050773a4c4 100644
--- a/client/src/locales/cs/translation.json
+++ b/client/src/locales/cs/translation.json
@@ -1,6 +1,6 @@
 {
   "chat_direction_left_to_right": "něco sem musí přijít. bylo prázdné",
-  "chat_direction_right_to_left": "něco sem musí přijít. bylo prázdné",
+  "chat_direction_right_to_left": "Zprava doleva",
   "com_a11y_ai_composing": "AI stále tvoří odpověď.",
   "com_a11y_end": "AI dokončila svou odpověď.",
   "com_a11y_start": "AI začala tvořit odpověď.",
@@ -21,7 +21,6 @@
   "com_agents_not_available": "Agent není k dispozici",
   "com_agents_search_name": "Hledat agenty podle jména",
   "com_agents_update_error": "Při aktualizaci agenta došlo k chybě.",
-  "com_assistants_action_attempt": "Asistent se chce spojit s {{0}}",
   "com_assistants_actions": "Akce",
   "com_assistants_actions_disabled": "Než přidáte akce, musíte vytvořit asistenta.",
   "com_assistants_actions_info": "Umožněte asistentovi získávat informace nebo provádět akce přes API",
@@ -30,7 +29,6 @@
   "com_assistants_allow_sites_you_trust": "Povolte pouze weby, kterým důvěřujete.",
   "com_assistants_append_date": "Připojit aktuální datum a čas",
   "com_assistants_append_date_tooltip": "Při povolení se k systémovým instrukcím asistenta připojí aktuální datum a čas klienta.",
-  "com_assistants_attempt_info": "Asistent chce odeslat následující:",
   "com_assistants_available_actions": "Dostupné akce",
   "com_assistants_capabilities": "Schopnosti",
   "com_assistants_code_interpreter": "Interpret kódu",
@@ -45,7 +43,6 @@
   "com_assistants_delete_actions_error": "Při mazání akce došlo k chybě.",
   "com_assistants_delete_actions_success": "Akce byla úspěšně odstraněna z asistenta",
   "com_assistants_description_placeholder": "Volitelné: Popište zde svého asistenta",
-  "com_assistants_domain_info": "Asistent poslal tyto informace: {{0}}",
   "com_assistants_file_search": "Vyhledávání souborů",
   "com_assistants_file_search_info": "Vyhledávání souborů umožňuje asistentovi pracovat se znalostmi z nahraných souborů. Jakmile je soubor nahrán, asistent automaticky rozhodne, kdy získat jeho obsah na základě požadavků uživatelů. Připojování vektorových úložišť pro vyhledávání není zatím podporováno.",
   "com_assistants_knowledge": "Znalost",
@@ -160,7 +157,6 @@
   "com_endpoint_message_not_appendable": "Upravte svou zprávu nebo ji znovu vygenerujte.",
   "com_endpoint_my_preset": "Moje předvolba",
   "com_endpoint_no_presets": "Žádné předvolby zatím nejsou, použijte tlačítko nastavení k vytvoření jedné",
-  "com_endpoint_open_menu": "Otevřít nabídku",
   "com_endpoint_openai_custom_name_placeholder": "Nastavit vlastní název pro AI",
   "com_endpoint_openai_temp": "Vyšší hodnoty = větší náhodnost, nižší hodnoty = soustředěnější a deterministický výstup.",
   "com_endpoint_openai_topp": "Alternativa k vzorkování s teplotou, tzv. nucleus sampling, kde model zvažuje výsledky tokenů s nejvyšší pravděpodobností. Například hodnota 0.1 znamená, že se berou v úvahu pouze tokeny tvořící 10 % nejvyšší pravděpodobnosti.",
@@ -257,7 +253,6 @@
   "com_nav_font_size_xl": "Extra velká",
   "com_nav_font_size_xs": "Extra malá",
   "com_nav_help_faq": "Nápověda a FAQ",
-  "com_nav_hide_panel": "Skrýt pravý panel",
   "com_nav_info_code_artifacts": "Povoluje zobrazování experimentálních kódových artefaktů vedle chatu",
   "com_nav_info_code_artifacts_agent": "Povoluje použití kódových artefaktů pro tohoto agenta. Ve výchozím nastavení jsou přidány další instrukce specifické pro použití artefaktů, pokud není povolen režim \"Vlastní výzva\".",
   "com_nav_info_custom_prompt_mode": "Při povolení nebude zahrnuta výchozí systémová výzva pro artefakty. Všechny instrukce pro generování artefaktů musí být v tomto režimu poskytnuty ručně.",
@@ -312,7 +307,6 @@
   "com_nav_setting_speech": "Hlas",
   "com_nav_settings": "Nastavení",
   "com_nav_shared_links": "Sdílené odkazy",
-  "com_nav_show_code": "Vždy zobrazit kód při použití interpretace kódu",
   "com_nav_show_thinking": "Otevřít uvažovací nabídky ve výchozím nastavení",
   "com_nav_slash_command": "/-Příkaz",
   "com_nav_slash_command_description": "Přepnutí příkazu \"/\" pro výběr výzvy pomocí klávesnice",
@@ -440,7 +434,6 @@
   "com_ui_confirm_change": "Potvrdit změnu",
   "com_ui_context": "Kontext",
   "com_ui_continue": "Pokračovat",
-  "com_ui_controls": "Ovládání",
   "com_ui_copied": "Zkopírováno!",
   "com_ui_copied_to_clipboard": "Zkopírováno do schránky",
   "com_ui_copy_code": "Kopírovat kód",
@@ -496,7 +489,6 @@
   "com_ui_download_error": "Chyba při stahování souboru. Soubor mohl být smazán.",
   "com_ui_drag_drop": "něco sem musí přijít. bylo prázdné",
   "com_ui_dropdown_variables": "Proměnné rozevírací nabídky:",
-  "com_ui_dropdown_variables_info": "Vytvořte vlastní rozevírací nabídky pro vaše výzvy: `{{variable_name:option1|option2|option3}}`",
   "com_ui_duplicate": "Duplikovat",
   "com_ui_duplication_error": "Při duplikaci konverzace došlo k chybě",
   "com_ui_duplication_processing": "Duplikuji konverzaci...",
@@ -558,7 +550,6 @@
   "com_ui_input": "Vstup",
   "com_ui_instructions": "Instrukce",
   "com_ui_latest_footer": "AICon se může plést. Vždy kontrolujte důležité informace.",
-  "com_ui_latest_production_version": "Nejnovější produkční verze",
   "com_ui_latest_version": "Nejnovější verze",
   "com_ui_librechat_code_api_key": "Získejte svůj API klíč pro LibreChat Code Interpreter",
   "com_ui_librechat_code_api_subtitle": "Bezpečné. Vícejazyčné. Vstupní/Výstupní soubory.",
@@ -695,7 +686,6 @@
   "com_ui_use_micrphone": "Použít mikrofon",
   "com_ui_used": "Použito",
   "com_ui_variables": "Proměnné",
-  "com_ui_variables_info": "Použijte dvojité složené závorky k vytvoření proměnných, např. `{{příklad proměnné}}`, které lze vyplnit při použití výzvy.",
   "com_ui_verify": "Ověřit",
   "com_ui_version_var": "Verze {{0}}",
   "com_ui_versions": "Verze",
diff --git a/client/src/locales/da/translation.json b/client/src/locales/da/translation.json
index d13539ace1..5b165bd680 100644
--- a/client/src/locales/da/translation.json
+++ b/client/src/locales/da/translation.json
@@ -21,7 +21,6 @@
   "com_agents_search_info": "Når det er aktiveret, kan din agent søge på nettet efter opdaterede oplysninger. Kræver en gyldig API-nøgle.",
   "com_agents_search_name": "Søg agenter efter navn",
   "com_agents_update_error": "Der opstod en fejl ved opdateringen af din agent.",
-  "com_assistants_action_attempt": "Assistenten vil tale med {{0}}",
   "com_assistants_actions": "Handlinger",
   "com_assistants_actions_disabled": "Du skal oprette en assistent, før du tilføjer handlinger.",
   "com_assistants_actions_info": "Lad din assistent hente oplysninger eller udføre handlinger via API'er",
@@ -30,7 +29,6 @@
   "com_assistants_allow_sites_you_trust": "Tillad kun sider, du har tillid til.",
   "com_assistants_append_date": "Tilføj aktuel dato og tid",
   "com_assistants_append_date_tooltip": "Når den er aktiveret, tilføjes den aktuelle klientdato og -klokkeslæt til assistentsystemets instruktioner.",
-  "com_assistants_attempt_info": "Assistent ønsker at sende følgende:",
   "com_assistants_available_actions": "Tilgængelige handlinger",
   "com_assistants_capabilities": "Evner",
   "com_assistants_code_interpreter": "Kodefortolker",
@@ -45,7 +43,6 @@
   "com_assistants_delete_actions_error": "Der opstod en fejl ved sletning af handlingen.",
   "com_assistants_delete_actions_success": "Handlingen er slettet fra Assistent",
   "com_assistants_description_placeholder": "Valgfrit: Beskriv din assistent her",
-  "com_assistants_domain_info": "Assistenten sendte disse oplysninger til {{0}}",
   "com_assistants_file_search": "Filsøgning",
   "com_assistants_file_search_info": "Filsøgning giver assistenten mulighed for at hente viden fra filer, som du eller dine brugere uploader. Når en fil er uploadet, beslutter assistenten automatisk, hvornår der skal hentes indhold baseret på brugeranmodninger. Vedhæftning af vektorlagre til filsøgning er endnu ikke understøttet. Du kan vedhæfte dem fra Provider Playground eller vedhæfte filer til beskeder til filsøgning på trådbasis.",
   "com_assistants_function_use": "Assistent brugt {{0}}",
@@ -197,7 +194,6 @@
   "com_endpoint_message_not_appendable": "Rediger din besked eller regenererer.",
   "com_endpoint_my_preset": "Min forudindstilling",
   "com_endpoint_no_presets": "Ingen forudindstillinger endnu, brug indstillingsknappen til at oprette en",
-  "com_endpoint_open_menu": "Åbn menu",
   "com_endpoint_openai_custom_name_placeholder": "Indstil et brugerdefineret navn til AI'en",
   "com_endpoint_openai_detail": "Opløsningen for Vision-anmodninger. \"Lav\" er billigere og hurtigere, \"Høj\" er mere detaljeret og dyrere, og \"Auto\" vælger automatisk mellem de to baseret på billedopløsningen.",
   "com_endpoint_openai_freq": "Tal mellem -2,0 og 2,0. Positive værdier straffer nye tokens baseret på deres eksisterende frekvens i teksten indtil videre, hvilket mindsker modellens sandsynlighed for at gentage den samme linje ordret.",
@@ -352,7 +348,6 @@
   "com_nav_font_size_xl": "Ekstra stor",
   "com_nav_font_size_xs": "Ekstra lille",
   "com_nav_help_faq": "Hjælp og ofte stillede spørgsmål",
-  "com_nav_hide_panel": "Skjul højre side-sidepanel",
   "com_nav_info_code_artifacts": "Aktiverer visning af eksperimentelle kodeartefakter ved siden af chatten",
   "com_nav_info_code_artifacts_agent": "Aktiverer brugen af kodeartefakter for denne agent. Som standard tilføjes yderligere instruktioner specifikke for brugen af artefakter, medmindre \"Brugerdefineret prompttilstand\" er aktiveret.",
   "com_nav_info_custom_prompt_mode": "Når den er aktiveret, vil standardsystemprompten for artefakter ikke blive inkluderet. Alle instruktioner til generering af artefakter skal angives manuelt i denne tilstand.",
@@ -422,7 +417,6 @@
   "com_nav_setting_speech": "Tale",
   "com_nav_settings": "Indstillinger",
   "com_nav_shared_links": "Delte links",
-  "com_nav_show_code": "Vis altid kode, når du bruger kodefortolker",
   "com_nav_show_thinking": "Åbent tænkende dropdowns som standard",
   "com_nav_slash_command": "/-Kommando",
   "com_nav_slash_command_description": "Skift kommandoen \"/\" for at vælge en prompt via tastaturet",
@@ -581,7 +575,6 @@
   "com_ui_confirm_change": "Bekræft ændring",
   "com_ui_context": "Kontekst",
   "com_ui_continue": "Fortsæt",
-  "com_ui_controls": "Kontrolelementer",
   "com_ui_convo_delete_error": "Kunne ikke slette samtalen",
   "com_ui_copied": "Kopieret!",
   "com_ui_copied_to_clipboard": "Kopieret til udklipsholder",
@@ -639,7 +632,6 @@
   "com_ui_download_error": "Fejl ved download af fil. Filen er muligvis blevet slettet.",
   "com_ui_drag_drop": "Der skal ske noget her. Det var tomt.",
   "com_ui_dropdown_variables": "Dropdown-variabler:",
-  "com_ui_dropdown_variables_info": "Opret brugerdefinerede dropdown-menuer til dine prompts: `{{variable_name:option1|option2|option3}}`",
   "com_ui_duplicate": "Duplikat",
   "com_ui_duplication_error": "Der opstod en fejl ved kopieringen af samtalen",
   "com_ui_duplication_processing": "Duplikering af samtale...",
@@ -715,7 +707,6 @@
   "com_ui_instructions": "Instruktioner",
   "com_ui_late_night": "Glædelig sen aften",
   "com_ui_latest_footer": "Hver eneste AI for alle.",
-  "com_ui_latest_production_version": "Seneste produktionsversion",
   "com_ui_latest_version": "Seneste version",
   "com_ui_librechat_code_api_key": "Få din LibreChat Code Interpreter API-nøgle",
   "com_ui_librechat_code_api_subtitle": "Sikkert. Flersproget. Input/output-filer.",
@@ -828,9 +819,7 @@
   "com_ui_special_var_current_user": "Nuværende bruger",
   "com_ui_special_var_iso_datetime": "UTC ISO Datetime",
   "com_ui_special_variables": "Særlige variabler:",
-  "com_ui_special_variables_more_info": "Du kan vælge særlige variabler fra rullemenuen: `{{current_date}}` (dagens dato og ugedag), `{{current_datetime}}` (lokal dato og tid), `{{utc_iso_datetime}}` (UTC ISO datetime), og `{{current_user}}` (dit kontonavn).",
   "com_ui_speech_while_submitting": "Kan ikke indsende tale, mens der genereres et svar",
-  "com_ui_sr_actions_menu": "Åbn handlingsmenuen for \"{{0}}\"",
   "com_ui_stop": "Stop",
   "com_ui_storage": "Opbevaring",
   "com_ui_submit": "Indsend",
@@ -868,7 +857,6 @@
   "com_ui_use_micrphone": "Brug mikrofon",
   "com_ui_used": "Brugt",
   "com_ui_variables": "Variabler",
-  "com_ui_variables_info": "Brug dobbelte parenteser i din tekst til at oprette variabler, f.eks.{{example variable}}`, som senere skal udfyldes ved brug af prompten.",
   "com_ui_verify": "Bekræft",
   "com_ui_version_var": "Version {{0}}",
   "com_ui_versions": "Versioner",
diff --git a/client/src/locales/de/translation.json b/client/src/locales/de/translation.json
index 1f59df94e6..bff178b28a 100644
--- a/client/src/locales/de/translation.json
+++ b/client/src/locales/de/translation.json
@@ -100,7 +100,6 @@
   "com_agents_start_chat": "Chat starten",
   "com_agents_top_picks": "Top-Auswahl",
   "com_agents_update_error": "Beim Aktualisieren deines Agenten ist ein Fehler aufgetreten.",
-  "com_assistants_action_attempt": "Assistent möchte kommunizieren mit {{0}}",
   "com_assistants_actions": "Aktionen",
   "com_assistants_actions_disabled": "Du musst einen Agenten erstellen, bevor du Aktionen hinzufügen kannst.",
   "com_assistants_actions_info": "Lasse deinen Agenten Informationen abrufen oder Aktionen über APIs ausführen",
@@ -110,7 +109,6 @@
   "com_assistants_allow_sites_you_trust": "Erlaube nur Webseiten, denen du vertraust.",
   "com_assistants_append_date": "Aktuelles Datum & Uhrzeit anhängen",
   "com_assistants_append_date_tooltip": "Wenn aktiviert, werden das aktuelle Client-Datum und die Uhrzeit an die Systemanweisungen des Assistenten angehängt.",
-  "com_assistants_attempt_info": "Agent möchte Folgendes senden:",
   "com_assistants_available_actions": "Verfügbare Aktionen",
   "com_assistants_capabilities": "Fähigkeiten",
   "com_assistants_code_interpreter": "Code-Interpreter",
@@ -125,7 +123,6 @@
   "com_assistants_delete_actions_error": "Beim Löschen der Aktion ist ein Fehler aufgetreten.",
   "com_assistants_delete_actions_success": "Aktion erfolgreich vom Assistenten gelöscht",
   "com_assistants_description_placeholder": "Optional: Beschreibe deinen Assistenten hier",
-  "com_assistants_domain_info": "Agent hat diese Information an {{0}} gesendet",
   "com_assistants_file_search": "Dateisuche",
   "com_assistants_file_search_info": "Die Dateisuche ermöglicht dem Assistenten, Wissen aus Dateien zu nutzen, die du oder deine Benutzer hochladen. Sobald eine Datei hochgeladen wurde, entscheidet der Assistent automatisch, wann er basierend auf Benutzeranfragen Inhalte abruft. Das Anhängen von Vektor-Speichern für die Dateisuche wird noch nicht unterstützt. Sie können sie vom Provider-Playground aus anhängen oder Dateien für die Dateisuche auf Thread-Basis an Nachrichten anhängen.",
   "com_assistants_function_use": "Agent hat {{0}} verwendet",
@@ -289,7 +286,6 @@
   "com_endpoint_message_not_appendable": "Bearbeite deine Nachricht oder generiere neu.",
   "com_endpoint_my_preset": "Meine Voreinstellung",
   "com_endpoint_no_presets": "Noch keine Voreinstellungen, verwende die KI-Einstellungsschaltfläche, um eine Voreinstellung zu erstellen",
-  "com_endpoint_open_menu": "Menü öffnen",
   "com_endpoint_openai_custom_name_placeholder": "Lege einen benutzerdefinierten Namen für die KI fest.",
   "com_endpoint_openai_detail": "Die Auflösung für Bilderkennungs-Anfragen. \"Niedrig\" ist günstiger und schneller, \"Hoch\" ist detaillierter und teurer, und \"Auto\" wählt automatisch zwischen den beiden basierend auf der Bildauflösung.",
   "com_endpoint_openai_freq": "Zahl zwischen -2,0 und 2,0. Positive Werte bestrafen neue Token basierend auf ihrer bestehenden Häufigkeit im Text, wodurch die Wahrscheinlichkeit des Modells verringert wird, dieselbe Zeile wörtlich zu wiederholen.",
@@ -481,7 +477,6 @@
   "com_nav_font_size_xl": "Sehr groß",
   "com_nav_font_size_xs": "Sehr klein",
   "com_nav_help_faq": "Hilfe & FAQ",
-  "com_nav_hide_panel": "Rechte Seitenleiste verstecken",
   "com_nav_info_balance": "Der Saldo zeigt an, wie viele Token-Credits Sie noch verwenden können. Token-Credits werden in Geldwert umgerechnet (z. B. 1000 Credits = 0,001 USD).",
   "com_nav_info_code_artifacts": "Aktiviert die Anzeige experimenteller Code-Artefakte neben dem Chat",
   "com_nav_info_code_artifacts_agent": "Aktiviert die Verwendung von Code-Artefakten für diesen Agenten. Standardmäßig werden zusätzliche, spezielle Anweisungen für die Nutzung von Artefakten hinzugefügt, es sei denn, der \"Benutzerdefinierte Prompt-Modus\" ist aktiviert.",
@@ -583,7 +578,6 @@
   "com_nav_setting_speech": "Sprache",
   "com_nav_settings": "Einstellungen",
   "com_nav_shared_links": "Geteilte Links",
-  "com_nav_show_code": "Code immer anzeigen, wenn der Code-Interpreter verwendet wird",
   "com_nav_show_thinking": "Denkprozess-Dropdowns standardmäßig öffnen",
   "com_nav_slash_command": "/-Befehl",
   "com_nav_slash_command_description": "Schaltet den Befehl \"/\" zur Auswahl einer Eingabeaufforderung über die Tastatur um",
@@ -846,7 +840,6 @@
   "com_ui_continue": "Fortfahren",
   "com_ui_continue_oauth": "Mit OAuth fortfahren",
   "com_ui_control_bar": "Kontrollleiste",
-  "com_ui_controls": "Steuerung",
   "com_ui_conversation": "Konversation",
   "com_ui_conversation_label": "{{title}} Konversation",
   "com_ui_conversation_not_found": "Chat nicht gefunden",
@@ -945,7 +938,6 @@
   "com_ui_download_error_logs": "Fehlerprotokolle herunterladen",
   "com_ui_drag_drop": "Ziehe eine beliebige Datei hierher, um sie zur Unterhaltung hinzuzufügen.",
   "com_ui_dropdown_variables": "Dropdown-Variablen:",
-  "com_ui_dropdown_variables_info": "Erstelle benutzerdefinierte Dropdown-Menüs für deine Prompts: `{{variable_name:option1|option2|option3}}`",
   "com_ui_duplicate": "Duplizieren",
   "com_ui_duplicate_agent": "Agent duplizieren",
   "com_ui_duplication_error": "Beim Duplizieren der Konversation ist ein Fehler aufgetreten",
@@ -1081,7 +1073,6 @@
   "com_ui_last_used": "Zuletzt verwendet",
   "com_ui_late_night": "Schöne späte Nacht",
   "com_ui_latest_footer": "Alle KIs für alle.",
-  "com_ui_latest_production_version": "Neueste Produktiv-Version",
   "com_ui_latest_version": "Neueste Version",
   "com_ui_leave_blank_to_keep": "Leer lassen, um beizubehalten",
   "com_ui_librechat_code_api_key": "Hole dir deinen LibreChat Code Interpreter API-Schlüssel",
@@ -1250,7 +1241,6 @@
   "com_ui_privacy_policy": "Datenschutzerklärung",
   "com_ui_privacy_policy_url": "Datenschutzrichtlinie-URL",
   "com_ui_prompt": "Prompt",
-  "com_ui_prompt_deleted": "{{0}} gelöscht",
   "com_ui_prompt_group_button": "{{name}}-Prompt, Kategorie {{category}}",
   "com_ui_prompt_group_button_no_category": "{{name}}-Prompt",
   "com_ui_prompt_groups": "Prompt-Gruppenliste",
@@ -1400,11 +1390,9 @@
   "com_ui_special_var_iso_datetime": "UTC ISO Datum/Zeit",
   "com_ui_special_variable_added": "Spezialvariable {{0}} hinzugefügt.",
   "com_ui_special_variables": "Spezielle Variablen:",
-  "com_ui_special_variables_more_info": "Du kannst spezielle Variablen aus den Dropdown-Menüs auswählen: `{{current_date}}` (heutiges Datum und Wochentag), `{{current_datetime}}` (offizielles Datum und Uhrzeit), `{{utc_iso_datetime}}` (UTC ISO Datum/Zeit) und `{{current_user}}` (dein Benutzername).",
   "com_ui_speech_not_supported": "Ihr Browser unterstützt keine Spracherkennung",
   "com_ui_speech_not_supported_use_external": "Dein Browser unterstützt keine Spracherkennung. Versuche in den Einstellungen unter „Sprache“ zu „Externes STT“ zu wechseln.",
   "com_ui_speech_while_submitting": "Spracheingabe nicht möglich während eine Antwort generiert wird",
-  "com_ui_sr_actions_menu": "Aktionsmenü für \"{{0}}\" öffnen",
   "com_ui_sr_global_prompt": "Globale Prompt-Gruppe",
   "com_ui_stack_trace": "Stack Trace",
   "com_ui_status_prefix": "Status:",
@@ -1441,7 +1429,6 @@
   "com_ui_try_adjusting_search": "Versuche, deine Suchbegriffe anzupassen",
   "com_ui_ui_resource_error": "UI-Ressourcenfehler ({{0}})",
   "com_ui_ui_resource_not_found": "UI-Ressource nicht gefunden (Index: {{0}})",
-  "com_ui_ui_resources": "UI-Ressourcen",
   "com_ui_unarchive": "Aus Archiv holen",
   "com_ui_unarchive_conversation": "Unterhaltung dearchivieren",
   "com_ui_unarchive_error": "Konversation konnte nicht aus dem Archiv geholt werden",
@@ -1483,7 +1470,6 @@
   "com_ui_user_provides_key": "Benutzer gibt eigenen Schlüssel an",
   "com_ui_value": "Wert",
   "com_ui_variables": "Variablen",
-  "com_ui_variables_info": "Verwende doppelte geschweifte Klammern in deinem Text wie z. B. `{{example variable}}`, um Variablen zu erstellen, die du später beim Ausführen des Prompts füllen kannst. Schreibe in die geschweiften Klammern, was die Platzhalter-Nachricht sein soll.",
   "com_ui_verify": "Überprüfen",
   "com_ui_version_var": "Version {{0}}",
   "com_ui_versions": "Versionen",
diff --git a/client/src/locales/en/translation.json b/client/src/locales/en/translation.json
index 89cc21abc7..3d19f65ad6 100644
--- a/client/src/locales/en/translation.json
+++ b/client/src/locales/en/translation.json
@@ -5,10 +5,10 @@
   "com_a11y_chats_date_section": "Chats from {{date}}",
   "com_a11y_end": "The AI has finished their reply.",
   "com_a11y_selected": "selected",
+  "com_a11y_start": "The AI has started their reply.",
   "com_a11y_summarize_completed": "Context summarized.",
   "com_a11y_summarize_failed": "Summarization failed, continuing with available context.",
   "com_a11y_summarize_started": "Summarizing context.",
-  "com_a11y_start": "The AI has started their reply.",
   "com_agents_agent_card_label": "{{name}} agent. {{description}}",
   "com_agents_all": "All Agents",
   "com_agents_all_category": "All",
@@ -104,7 +104,6 @@
   "com_agents_start_chat": "Start Chat",
   "com_agents_top_picks": "Top Picks",
   "com_agents_update_error": "There was an error updating your agent.",
-  "com_assistants_action_attempt": "Assistant wants to talk to {{0}}",
   "com_assistants_actions": "Actions",
   "com_assistants_actions_disabled": "You need to create an assistant before adding actions.",
   "com_assistants_actions_info": "Let your Assistant retrieve information or take actions via API's",
@@ -114,7 +113,6 @@
   "com_assistants_allow_sites_you_trust": "Only allow sites you trust.",
   "com_assistants_append_date": "Append Current Date & Time",
   "com_assistants_append_date_tooltip": "When enabled, the current client date and time will be appended to the assistant system instructions.",
-  "com_assistants_attempt_info": "Assistant wants to send the following:",
   "com_assistants_available_actions": "Available Actions",
   "com_assistants_capabilities": "Capabilities",
   "com_assistants_code_interpreter": "Code Interpreter",
@@ -129,7 +127,6 @@
   "com_assistants_delete_actions_error": "There was an error deleting the action.",
   "com_assistants_delete_actions_success": "Successfully deleted Action from Assistant",
   "com_assistants_description_placeholder": "Optional: Describe your Assistant here",
-  "com_assistants_domain_info": "Assistant sent this info to {{0}}",
   "com_assistants_file_search": "File Search",
   "com_assistants_file_search_info": "File search enables the assistant with knowledge from files that you or your users upload. Once a file is uploaded, the assistant automatically decides when to retrieve content based on user requests. Attaching vector stores for File Search is not yet supported. You can attach them from the Provider Playground or attach files to messages for file search on a thread basis.",
   "com_assistants_function_use": "Assistant used {{0}}",
@@ -411,6 +408,7 @@
   "com_nav_at_command_description": "Toggle command \"@\" for switching endpoints, models, presets, etc.",
   "com_nav_audio_play_error": "Error playing audio: {{0}}",
   "com_nav_audio_process_error": "Error processing audio: {{0}}",
+  "com_nav_auto_expand_tools": "Auto-expand tool details",
   "com_nav_auto_scroll": "Auto-Scroll to latest message on chat open",
   "com_nav_auto_send_prompts": "Send prompts on select",
   "com_nav_auto_send_prompts_desc": "Automatically submit prompt to chat when selected",
@@ -587,7 +585,6 @@
   "com_nav_setting_speech": "Speech",
   "com_nav_settings": "Settings",
   "com_nav_shared_links": "Shared links",
-  "com_nav_show_code": "Always show code when using code interpreter",
   "com_nav_show_thinking": "Open Thinking Dropdowns by Default",
   "com_nav_slash_command": "/-Command",
   "com_nav_slash_command_description": "Toggle command \"/\" for selecting a prompt via keyboard",
@@ -767,8 +764,8 @@
   "com_ui_authentication": "Authentication",
   "com_ui_authentication_type": "Authentication Type",
   "com_ui_auto": "Auto",
-  "com_ui_avatar": "Avatar",
   "com_ui_available_options": "Available options",
+  "com_ui_avatar": "Avatar",
   "com_ui_azure": "Azure",
   "com_ui_azure_ad": "Entra ID",
   "com_ui_back": "Back",
@@ -839,6 +836,7 @@
   "com_ui_collapse_thoughts": "Collapse Thoughts",
   "com_ui_command_placeholder": "Optional: Enter a command for the prompt or name will be used",
   "com_ui_command_usage_placeholder": "Select a Prompt by command or name",
+  "com_ui_complete": "Complete!",
   "com_ui_complete_setup": "Complete Setup",
   "com_ui_concise": "Concise",
   "com_ui_configure": "Configure",
@@ -866,13 +864,13 @@
   "com_ui_copied_to_clipboard": "Copied to clipboard",
   "com_ui_copy": "Copy",
   "com_ui_copy_code": "Copy code",
+  "com_ui_copy_failed": "Failed to copy to clipboard",
   "com_ui_copy_link": "Copy link",
   "com_ui_copy_stack_trace": "Copy stack trace",
   "com_ui_copy_summary": "Copy summary to clipboard",
   "com_ui_copy_thoughts_to_clipboard": "Copy thoughts to clipboard",
   "com_ui_copy_to_clipboard": "Copy to clipboard",
   "com_ui_copy_url_to_clipboard": "Copy URL to clipboard",
-  "com_ui_copy_failed": "Failed to copy to clipboard",
   "com_ui_create": "Create",
   "com_ui_create_api_key": "Create API Key",
   "com_ui_create_assistant": "Create Assistant",
@@ -939,13 +937,14 @@
   "com_ui_delete_tool_save_reminder": "Tool removed. Save the agent to apply changes.",
   "com_ui_deleted": "Deleted",
   "com_ui_deleting": "Deleting...",
-  "com_ui_deploy": "Deploy",
   "com_ui_deleting_file": "Deleting file...",
+  "com_ui_deploy": "Deploy",
   "com_ui_descending": "Desc",
   "com_ui_description": "Description",
   "com_ui_description_placeholder": "Optional: Enter a description to display for the prompt",
   "com_ui_deselect_all": "Deselect All",
   "com_ui_detailed": "Detailed",
+  "com_ui_details": "Details",
   "com_ui_disabling": "Disabling...",
   "com_ui_done": "Done",
   "com_ui_download": "Download",
@@ -993,6 +992,7 @@
   "com_ui_expand_chat": "Expand Chat",
   "com_ui_expand_thoughts": "Expand Thoughts",
   "com_ui_export_convo_modal": "Export Conversation Modal",
+  "com_ui_failed": "Failed",
   "com_ui_feedback_more": "More...",
   "com_ui_feedback_more_information": "Provide additional feedback",
   "com_ui_feedback_negative": "Needs improvement",
@@ -1011,6 +1011,7 @@
   "com_ui_feedback_tag_unjustified_refusal": "Refused without reason",
   "com_ui_field_max_length": "{{field}} must be less than {{length}} characters",
   "com_ui_field_required": "This field is required",
+  "com_ui_file": "File",
   "com_ui_file_input_avatar_label": "File input for avatar",
   "com_ui_file_size": "File Size",
   "com_ui_file_token_limit": "File Token Limit",
@@ -1050,6 +1051,7 @@
   "com_ui_fork_visible": "Visible messages only",
   "com_ui_generate_qrcode": "Generate QR Code",
   "com_ui_generating": "Generating...",
+  "com_ui_generating_image": "Generating image...",
   "com_ui_generation_settings": "Generation Settings",
   "com_ui_getting_started": "Getting Started",
   "com_ui_global_group": "Global prompt",
@@ -1075,6 +1077,7 @@
   "com_ui_image_details": "Image Details",
   "com_ui_image_edited": "Image edited",
   "com_ui_image_gen": "Image Gen",
+  "com_ui_image_gen_failed": "Image generation failed",
   "com_ui_import": "Import",
   "com_ui_import_conversation_error": "There was an error importing your conversations",
   "com_ui_import_conversation_file_type_error": "Unsupported import type",
@@ -1088,9 +1091,9 @@
   "com_ui_instructions": "Instructions",
   "com_ui_key": "Key",
   "com_ui_key_required": "API key is required",
+  "com_ui_labels": "Labels",
   "com_ui_last_used": "Last used",
   "com_ui_late_night": "Happy late night",
-  "com_ui_labels": "Labels",
   "com_ui_latest": "latest",
   "com_ui_latest_footer": "Every AI for Everyone.",
   "com_ui_latest_version": "Latest version",
@@ -1200,10 +1203,12 @@
   "com_ui_my_prompts": "My Prompts",
   "com_ui_name": "Name",
   "com_ui_name_sort": "Sort by Name",
+  "com_ui_navigate_results": "Navigate results",
   "com_ui_new": "New",
   "com_ui_new_chat": "New chat",
   "com_ui_new_conversation_title": "New Conversation Title",
   "com_ui_next": "Next",
+  "com_ui_next_result": "Next result",
   "com_ui_no": "No",
   "com_ui_no_api_keys": "No API keys yet. Create one to get started.",
   "com_ui_no_auth": "None (Auto-detect)",
@@ -1249,8 +1254,10 @@
   "com_ui_openai": "OpenAI",
   "com_ui_optional": "(optional)",
   "com_ui_options": "options",
+  "com_ui_output": "Output",
   "com_ui_page": "Page",
   "com_ui_pagination": "Pagination",
+  "com_ui_parameters": "Parameters",
   "com_ui_people": "people",
   "com_ui_people_picker": "People Picker",
   "com_ui_people_picker_allow_view_groups": "Allow viewing groups",
@@ -1262,7 +1269,9 @@
   "com_ui_pin": "Pin",
   "com_ui_preferences_updated": "Preferences updated successfully",
   "com_ui_prev": "Prev",
+  "com_ui_prev_result": "Previous result",
   "com_ui_preview": "Preview",
+  "com_ui_preview_unavailable": "Preview not available for this file type",
   "com_ui_privacy_policy": "Privacy policy",
   "com_ui_privacy_policy_url": "Privacy Policy URL",
   "com_ui_production": "Production",
@@ -1305,6 +1314,7 @@
   "com_ui_regenerating": "Regenerating...",
   "com_ui_region": "Region",
   "com_ui_reinitialize": "Reinitialize",
+  "com_ui_relevance": "Relevance",
   "com_ui_remote_access": "Remote Access",
   "com_ui_remote_agent_role_editor": "Editor",
   "com_ui_remote_agent_role_editor_desc": "Can view and modify the agent via API",
@@ -1334,6 +1344,7 @@
   "com_ui_result": "Result",
   "com_ui_result_found": "{{count}} result found",
   "com_ui_results_found": "{{count}} results found",
+  "com_ui_retrieved_files": "Searched your files",
   "com_ui_retry": "Retry",
   "com_ui_revoke": "Revoke",
   "com_ui_revoke_info": "Revoke all user provided credentials",
@@ -1358,6 +1369,7 @@
   "com_ui_rotate_90": "Rotate 90 degrees",
   "com_ui_run_code": "Run Code",
   "com_ui_run_code_error": "There was an error running the code",
+  "com_ui_running": "Running...",
   "com_ui_save": "Save",
   "com_ui_save_badge_changes": "Save badge changes?",
   "com_ui_save_changes": "Save Changes",
@@ -1377,6 +1389,7 @@
   "com_ui_search_people_placeholder": "Search for people or groups by name or email",
   "com_ui_search_result_count": "{{count}} result found",
   "com_ui_search_results_count": "{{count}} results found",
+  "com_ui_searching_files": "Searching your files",
   "com_ui_seconds": "seconds",
   "com_ui_secret_key": "Secret Key",
   "com_ui_select": "Select",
@@ -1412,21 +1425,23 @@
   "com_ui_show_all": "Show All",
   "com_ui_show_code": "Show Code",
   "com_ui_show_image_details": "Show Image Details",
+  "com_ui_show_less": "Show less",
+  "com_ui_show_more": "Show more",
   "com_ui_show_password": "Show password",
   "com_ui_show_qr": "Show QR Code",
   "com_ui_sign_in_to_domain": "Sign-in to {{0}}",
   "com_ui_simple": "Simple",
   "com_ui_size": "Size",
   "com_ui_size_sort": "Sort by Size",
+  "com_ui_special": "special",
   "com_ui_special_var_current_date": "Current Date",
   "com_ui_special_var_current_datetime": "Current Date & Time",
   "com_ui_special_var_current_user": "Current User",
-  "com_ui_special_var_iso_datetime": "UTC ISO Datetime",
   "com_ui_special_var_desc_current_date": "Today's date and day of the week",
   "com_ui_special_var_desc_current_datetime": "Local date and time in your timezone",
   "com_ui_special_var_desc_current_user": "Your account display name",
   "com_ui_special_var_desc_iso_datetime": "UTC datetime in ISO 8601 format",
-  "com_ui_special": "special",
+  "com_ui_special_var_iso_datetime": "UTC ISO Datetime",
   "com_ui_special_variable_added": "{{0}} special variable added.",
   "com_ui_special_variables": "Special variables",
   "com_ui_speech_not_supported": "Your browser does not support speech recognition",
@@ -1449,9 +1464,9 @@
   "com_ui_support_contact_name_placeholder": "Support contact name",
   "com_ui_teach_or_explain": "Learning",
   "com_ui_temporary": "Temporary Chat",
-  "com_ui_text_variables": "Text variables",
   "com_ui_terms_and_conditions": "Terms and Conditions",
   "com_ui_terms_of_service": "Terms of service",
+  "com_ui_text_variables": "Text variables",
   "com_ui_thinking": "Thinking...",
   "com_ui_thoughts": "Thoughts",
   "com_ui_toggle_theme": "Toggle theme",
@@ -1460,8 +1475,15 @@
   "com_ui_token_url": "Token URL",
   "com_ui_tokens": "tokens",
   "com_ui_tool_collection_prefix": "A collection of tools from",
+  "com_ui_tool_failed": "failed",
   "com_ui_tool_list_collapse": "Collapse {{serverName}} tool list",
   "com_ui_tool_list_expand": "Expand {{serverName}} tool list",
+  "com_ui_tool_name_code": "Code",
+  "com_ui_tool_name_code_analysis": "Code Analysis",
+  "com_ui_tool_name_file_search": "File Search",
+  "com_ui_tool_name_image_edit": "Image Edit",
+  "com_ui_tool_name_image_gen": "Image Generation",
+  "com_ui_tool_name_web_search": "Web Search",
   "com_ui_tools": "Tools",
   "com_ui_tools_and_actions": "Tools and Actions",
   "com_ui_transferred_to": "Transferred to",
@@ -1470,7 +1492,6 @@
   "com_ui_try_adjusting_search": "Try adjusting your search terms",
   "com_ui_ui_resource_error": "UI Resource Error ({{0}})",
   "com_ui_ui_resource_not_found": "UI Resource not found (index: {{0}})",
-  "com_ui_ui_resources": "UI Resources",
   "com_ui_unarchive": "Unarchive",
   "com_ui_unarchive_conversation": "Unarchive conversation",
   "com_ui_unarchive_error": "Failed to unarchive conversation",
@@ -1508,15 +1529,17 @@
   "com_ui_use_micrphone": "Use microphone",
   "com_ui_use_prompt": "Use Prompt",
   "com_ui_used": "Used",
+  "com_ui_used_n_tools": "Used {{0}} tools",
   "com_ui_user": "User",
   "com_ui_user_group_permissions": "User & Group Permissions",
   "com_ui_user_provides_key": "Each user provides their own key",
   "com_ui_value": "Value",
-  "com_ui_variables": "Variables",
   "com_ui_variable_with_options": "{{name}} variable with {{count}} options",
+  "com_ui_variables": "Variables",
   "com_ui_verify": "Verify",
   "com_ui_version_var": "Version {{0}}",
   "com_ui_versions": "Versions",
+  "com_ui_via_server": "in {{0}}",
   "com_ui_view_memory": "View Memory",
   "com_ui_web_search": "Web Search",
   "com_ui_web_search_cohere_key": "Enter Cohere API Key",
@@ -1542,6 +1565,9 @@
   "com_ui_web_search_scraper_serper_key": "Get your Serper API key",
   "com_ui_web_search_searxng_api_key": "Enter SearXNG API Key (optional)",
   "com_ui_web_search_searxng_instance_url": "SearXNG Instance URL",
+  "com_ui_web_search_source": "{{count}} source",
+  "com_ui_web_search_sources": "{{count}} sources",
+  "com_ui_web_searched": "Searched the web",
   "com_ui_web_searching": "Searching the web",
   "com_ui_web_searching_again": "Searching the web again",
   "com_ui_weekend_morning": "Happy weekend",
diff --git a/client/src/locales/es/translation.json b/client/src/locales/es/translation.json
index c3ff7a7d76..3d0043b971 100644
--- a/client/src/locales/es/translation.json
+++ b/client/src/locales/es/translation.json
@@ -1,11 +1,12 @@
 {
-  "chat_direction_left_to_right": "algo debería ir aquí pero está vacío",
-  "chat_direction_right_to_left": "algo debería ir aquí pero está vacío",
-  "com_a11y_ai_composing": "La IA está componiendo la respuesta",
-  "com_a11y_end": "La IA ha finalizado su respuesta",
+  "chat_direction_left_to_right": "Izquierda a Derecha",
+  "chat_direction_right_to_left": "Derecha a Izquierda",
+  "com_a11y_ai_composing": "La IA está componiendo la respuesta ",
+  "com_a11y_end": "La IA ha finalizado su respuesta ",
+  "com_a11y_selected": "Seleccionado",
   "com_a11y_start": "La IA ha comenzado su respuesta",
   "com_agents_agent_card_label": "{{name}} agente. {{description}}",
-  "com_agents_all": "Todos los Agentes",
+  "com_agents_all": "Todos los agentes",
   "com_agents_all_category": "Todos",
   "com_agents_all_description": "Explora todos los agentes compartidos en todas las categorías",
   "com_agents_by_librechat": "por LibreChat",
@@ -14,7 +15,7 @@
   "com_agents_category_empty": "No se encontraron agentes en la categoría {{category}}",
   "com_agents_category_finance": "Finanzas",
   "com_agents_category_finance_description": "Agentes especializados en análisis financiero, presupuestos y contabilidad.",
-  "com_agents_category_general": "Genera",
+  "com_agents_category_general": "General",
   "com_agents_category_general_description": "Agentes de uso general para tareas y consultas comunes",
   "com_agents_category_hr": "Recursos Humanos",
   "com_agents_category_hr_description": "Agentes especializados en procesos de recursos humanos, políticas y apoyo de los empleados",
@@ -23,15 +24,18 @@
   "com_agents_category_rd": "Investigación y desarrollo",
   "com_agents_category_rd_description": "Agentes centrados en procesos de I+D, innovación e investigación técnica",
   "com_agents_category_sales": "Ventas",
-  "com_agents_category_sales_description": "Agentes enfocados en procesos de venta, relaciones con el cliente",
+  "com_agents_category_sales_description": "Agentes enfocados en procesos de venta, relaciones con el client",
   "com_agents_category_tab_label": "{{category}} categoría, {{position}} de {{total}}",
   "com_agents_category_tabs_label": "Categorías de agentes",
+  "com_agents_chat_with": "Chatear con {{name}}",
+  "com_agents_clear_search": "Limpiar Busqueda",
   "com_agents_code_interpreter": "Cuando está habilitado, permite que su agente utilice la API del Intérprete de Código de LibreChat para ejecutar código generado de manera segura, incluyendo el procesamiento de archivos. Requiere una clave de API válida.",
   "com_agents_code_interpreter_title": "API del Intérprete de Código",
   "com_agents_contact": "Contacto",
   "com_agents_copy_link": "Copiar enlace",
   "com_agents_create_error": "Hubo un error al crear su agente.",
   "com_agents_created_by": "por",
+  "com_agents_description_card": "Descripción: {{description}}",
   "com_agents_description_placeholder": "Opcional: Describa su Agente aquí",
   "com_agents_empty_state_heading": "No se encontró ningún agente",
   "com_agents_enable_file_search": "Habilitar búsqueda de archivos",
@@ -39,7 +43,7 @@
   "com_agents_error_category_title": "Error de categoría",
   "com_agents_error_generic": "Hemos encontrado un problema al cargar el contenido.",
   "com_agents_error_invalid_request": "Petición inválida",
-  "com_agents_error_loading": "Error al cargar los agentes",
+  "com_agents_error_loading": "Error al cargar los agente",
   "com_agents_error_network_message": "No se puede conectar con el servidor.",
   "com_agents_error_network_suggestion": "Comprueba tu conexión a Internet y vuelve a intentarlo.",
   "com_agents_error_network_title": "Problema de conexión",
@@ -64,26 +68,39 @@
   "com_agents_link_copied": "Enlace copiado",
   "com_agents_link_copy_failed": "No se pudo copiar el enlace",
   "com_agents_loading": "Cargando...",
+  "com_agents_marketplace": "Marketplace de Agentes",
   "com_agents_marketplace_subtitle": "Descubre y usa el poder de los agentes de inteligencia artificial para mejorar tu productividad y tus flujos de trabajo",
   "com_agents_mcp_description_placeholder": "Explica que hace en pocas palabras",
   "com_agents_mcp_icon_size": "Tamaño minimo 128 x128 px",
-  "com_agents_mcp_trust_subtext": "LibreChat no verifica los conectores personalizados",
+  "com_agents_mcp_name_placeholder": "Herramienta Personalizada",
+  "com_agents_mcp_trust_subtext": "LibreChat no verifica los conectores personalizado",
+  "com_agents_missing_name": "Por favor, escriba un nombre antes de crear un agente.",
   "com_agents_missing_provider_model": "Por favor, seleccione un proveedor y un modelo antes de crear un agente.",
   "com_agents_name_placeholder": "Opcional: El nombre del agente",
   "com_agents_no_access": "No tiene acceso para editar este agente",
+  "com_agents_no_agent_id_error": "No se encontró ningún ID de agente. Asegúrese de crear primero el agente.",
+  "com_agents_no_more_results": "Ha llegado al final de los resultados.",
   "com_agents_not_available": "Agente no disponible",
+  "com_agents_recommended": "Nuestros agentes recomendados",
+  "com_agents_results_for": "Resultados para '{{query}}'",
+  "com_agents_search_aria": "Buscar agentes",
+  "com_agents_search_empty_heading": "Sin resultados de búsqueda",
   "com_agents_search_name": "Buscar agentes por nombre",
+  "com_agents_search_no_results": "No se han encontrado agentes para \"{{query}}\".",
+  "com_agents_search_placeholder": "Buscar agentes...",
+  "com_agents_see_more": "Mostrar más",
+  "com_agents_start_chat": "Iniciar Chat",
+  "com_agents_top_picks": "Selección destacada",
   "com_agents_update_error": "Hubo un error al actualizar su agente.",
-  "com_assistants_action_attempt": "El asistente quiere hablar con {{0}}",
   "com_assistants_actions": "Acciones",
   "com_assistants_actions_disabled": "Necesita crear un asistente antes de añadir acciones.",
   "com_assistants_actions_info": "Permita que su Asistente recupere información o realice acciones a través de API's",
   "com_assistants_add_actions": "Añadir Acciones",
-  "com_assistants_add_tools": "Añadir Herramientas",
+  "com_assistants_add_mcp_server_tools": "Añadir herramientas de servidor MCP",
+  "com_assistants_add_tools": "Añadir herramientas",
   "com_assistants_allow_sites_you_trust": "Solo permite sitios en los que confíes.",
   "com_assistants_append_date": "Añadir Fecha y Hora Actual",
   "com_assistants_append_date_tooltip": "Cuando está habilitado, la fecha y hora actual del cliente se adjuntarán a las instrucciones del sistema del asistente.",
-  "com_assistants_attempt_info": "El asistente quiere enviar lo siguiente:",
   "com_assistants_available_actions": "Acciones Disponibles",
   "com_assistants_capabilities": "Capacidades",
   "com_assistants_code_interpreter": "Intérprete de Código",
@@ -98,32 +115,33 @@
   "com_assistants_delete_actions_error": "Hubo un error al eliminar la acción.",
   "com_assistants_delete_actions_success": "Acción eliminada del Asistente con éxito",
   "com_assistants_description_placeholder": "Opcional: Describa su Asistente aquí",
-  "com_assistants_domain_info": "El Asistente envió esta información a {{0}}",
   "com_assistants_file_search": "Búsqueda de Archivos",
-  "com_assistants_file_search_info": "Adjuntar almacenes vectoriales para la Búsqueda de Archivos aún no está soportado. Puede adjuntarlos desde el Área de Pruebas del Proveedor o adjuntar archivos a los mensajes para la búsqueda de archivos en una conversación específica.",
+  "com_assistants_file_search_info": "La búsqueda de archivos permite que el asistente utilice conocimiento proveniente de archivos que tú o tus usuarios suban. Una vez que se sube un archivo, el asistente decide automáticamente cuándo recuperar contenido según las solicitudes del usuario. Adjuntar vector stores para la búsqueda de archivos aún no está disponible. Puedes adjuntarlos desde el Provider Playground o adjuntar archivos a los mensajes para usar la búsqueda de archivos a nivel de hilo de conversación.",
   "com_assistants_function_use": "El Asistente usó {{0}}",
   "com_assistants_image_vision": "Visión de Imagen",
   "com_assistants_instructions_placeholder": "Las instrucciones del sistema que utiliza el asistente",
   "com_assistants_knowledge": "Conocimiento",
   "com_assistants_knowledge_disabled": "El Asistente debe ser creado, y el Intérprete de Código o la Recuperación deben estar habilitados y guardados antes de subir archivos como Conocimiento.",
-  "com_assistants_knowledge_info": "Si sube archivos en Conocimiento, las conversaciones con su Asistente pueden incluir el contenido de los archivos.",
+  "com_assistants_knowledge_info": "Si sube archivos en el Conocimiento, las conversaciones con su Asistente pueden incluir el contenido de los archivos.",
   "com_assistants_max_starters_reached": "Se alcanzó el número máximo de iniciadores de conversación",
   "com_assistants_name_placeholder": "Opcional: El nombre del asistente",
   "com_assistants_non_retrieval_model": "La búsqueda de archivos no está habilitada en este modelo. Por favor, seleccione otro modelo.",
   "com_assistants_retrieval": "Recuperación",
   "com_assistants_running_action": "Ejecutando acción",
+  "com_assistants_running_var": "Ejecutando {{0}}",
   "com_assistants_search_name": "Buscar asistentes por nombre",
   "com_assistants_update_actions_error": "Hubo un error al crear o actualizar la acción.",
   "com_assistants_update_actions_success": "Acción creada o actualizada con éxito",
   "com_assistants_update_error": "Hubo un error al actualizar su asistente.",
   "com_assistants_update_success": "Actualizado con éxito",
-  "com_auth_already_have_account": "¿Ya tiene una cuenta?",
+  "com_assistants_update_success_name": "Actualización correcta de {{name}}.",
+  "com_auth_already_have_account": "¿Ya tienes una cuenta?",
   "com_auth_apple_login": "Inicia con Apple",
   "com_auth_back_to_login": "Volver al inicio de sesión",
-  "com_auth_click": "Haga clic",
+  "com_auth_click": "Haz clic",
   "com_auth_click_here": "Haz clic aquí",
   "com_auth_continue": "Continuar",
-  "com_auth_create_account": "Crear su cuenta",
+  "com_auth_create_account": "Crear tu cuenta",
   "com_auth_discord_login": "Continuar con Discord",
   "com_auth_email": "Correo electrónico",
   "com_auth_email_address": "Dirección de correo electrónico",
@@ -139,51 +157,54 @@
   "com_auth_email_verification_in_progress": "Verificando su correo electrónico, por favor espere",
   "com_auth_email_verification_invalid": "Verificación de correo electrónico no válida",
   "com_auth_email_verification_redirecting": "Redirigiendo en {{0}} segundos...",
-  "com_auth_email_verification_resend_prompt": "¿No recibió el correo electrónico?",
+  "com_auth_email_verification_resend_prompt": "¿No recibiste el correo electrónico?",
   "com_auth_email_verification_success": "Correo electrónico verificado exitosamente",
   "com_auth_email_verifying_ellipsis": "Verificando...",
-  "com_auth_error_create": "Hubo un error al intentar registrar su cuenta. Inténtelo de nuevo.",
+  "com_auth_error_create": "Hubo un error al intentar registrar tu cuenta. Inténtalo de nuevo.",
   "com_auth_error_invalid_reset_token": "Este token de restablecimiento de contraseña ya no es válido.",
   "com_auth_error_login": "No se puede iniciar sesión con la información proporcionada. Verifique sus credenciales y vuelva a intentarlo.",
-  "com_auth_error_login_ban": "Su cuenta ha sido bloqueada temporalmente debido a violaciones de nuestro servicio.",
-  "com_auth_error_login_rl": "Demasiados intentos de inicio de sesión en un corto período de tiempo. Inténtelo de nuevo más tarde.",
-  "com_auth_error_login_server": "Hubo un error interno del servidor. Espere unos momentos y vuelva a intentarlo.",
-  "com_auth_error_login_unverified": "Su cuenta no ha sido verificada. Por favor, revise su correo electrónico para encontrar el enlace de verificación.",
+  "com_auth_error_login_ban": "Tu cuenta ha sido bloqueada temporalmente debido a violaciones de nuestro servicio.",
+  "com_auth_error_login_rl": "Demasiados intentos de inicio de sesión en un corto período de tiempo. Inténtalo de nuevo más tarde.",
+  "com_auth_error_login_server": "Hubo un error interno del servidor. Espera unos momentos y vuelva a intentarlo.",
+  "com_auth_error_login_unverified": "Tu cuenta no ha sido verificada. Por favor, revisa tu correo electrónico para encontrar el enlace de verificación.",
+  "com_auth_error_oauth_failed": "Error en la autenticación. Comprueba tu método de inicio de sesión e intenta de nuevo.",
   "com_auth_facebook_login": "Continuar con Facebook",
   "com_auth_full_name": "Nombre completo",
   "com_auth_github_login": "Continuar con Github",
   "com_auth_google_login": "Continuar con Google",
   "com_auth_here": "AQUÍ",
   "com_auth_login": "Iniciar sesión",
-  "com_auth_login_with_new_password": "Ahora puede iniciar sesión con su nueva contraseña.",
+  "com_auth_login_with_new_password": "Ahora puedes iniciar sesión con tu nueva contraseña.",
   "com_auth_name_max_length": "El nombre debe tener menos de 80 caracteres",
   "com_auth_name_min_length": "El nombre debe tener al menos 3 caracteres",
   "com_auth_name_required": "Se requiere nombre",
-  "com_auth_no_account": "¿No tiene una cuenta?",
+  "com_auth_no_account": "¿No tienes una cuenta?",
   "com_auth_password": "Contraseña",
   "com_auth_password_confirm": "Confirmar contraseña",
-  "com_auth_password_forgot": "¿Olvidó su contraseña?",
+  "com_auth_password_forgot": "¿Olvidaste tu contraseña?",
   "com_auth_password_max_length": "La contraseña debe tener menos de 128 caracteres",
   "com_auth_password_min_length": "La contraseña debe tener al menos 8 caracteres",
   "com_auth_password_not_match": "Las contraseñas no coinciden",
   "com_auth_password_required": "Se requiere contraseña",
-  "com_auth_registration_success_generic": "Por favor, revise su correo electrónico para verificar su dirección.",
+  "com_auth_registration_success_generic": "Por favor, revisa tu correo electrónico para verificar tu dirección de correo.",
   "com_auth_registration_success_insecure": "Registro completado exitosamente.",
   "com_auth_reset_password": "Restablecer su contraseña",
-  "com_auth_reset_password_if_email_exists": "Si existe una cuenta con ese correo electrónico, se le ha enviado un mensaje con instrucciones para restablecer su contraseña. Por favor, asegúrese de revisar su carpeta de correo no deseado.",
+  "com_auth_reset_password_if_email_exists": "Si existe una cuenta con ese correo electrónico, se le ha enviado un mensaje con instrucciones para restablecer su contraseña. Por favor, asegúrate de revisar tu carpeta de correo no deseado.",
   "com_auth_reset_password_link_sent": "Correo electrónico enviado",
   "com_auth_reset_password_success": "Éxito al restablecer la contraseña",
+  "com_auth_saml_login": "Continua con SAML",
   "com_auth_sign_in": "Iniciar sesión",
   "com_auth_sign_up": "Regístrese",
   "com_auth_submit_registration": "Enviar registro",
   "com_auth_to_reset_your_password": "para restablecer su contraseña.",
-  "com_auth_to_try_again": "para intentar de nuevo.",
+  "com_auth_to_try_again": "para intentarlo de nuevo.",
   "com_auth_two_factor": "Revisa tu aplicación preferida de OTP para obtener el código",
   "com_auth_username": "Nombre de usuario (opcional)",
   "com_auth_username_max_length": "El nombre de usuario debe tener menos de 20 caracteres",
   "com_auth_username_min_length": "El nombre de usuario debe tener al menos 2 caracteres",
   "com_auth_verify_your_identity": "Verifica Tu Identidad",
   "com_auth_welcome_back": "Bienvenido de nuevo",
+  "com_citation_more_details": "Más detalles sobre {{label}}",
   "com_click_to_download": "(haga clic aquí para descargar)",
   "com_download_expired": "Descarga expirada",
   "com_download_expires": "(haga clic aquí para descargar - expira el {{0}})",
@@ -244,7 +265,6 @@
   "com_endpoint_message_not_appendable": "Edita tu mensaje o regénera.",
   "com_endpoint_my_preset": "Mi configuración preestablecida",
   "com_endpoint_no_presets": "Aún no hay configuraciones preestablecidas, utiliza el botón de configuración para crear una",
-  "com_endpoint_open_menu": "Abrir menú",
   "com_endpoint_openai_custom_name_placeholder": "Establecer un nombre personalizado para ChatGPT",
   "com_endpoint_openai_detail": "La resolución para las solicitudes de Vision. \"Baja\" es más económica y rápida, \"Alta\" es más detallada y costosa, y \"Automática\" elegirá automáticamente entre las dos en función de la resolución de la imagen.",
   "com_endpoint_openai_freq": "Número entre -2.0 y 2.0. Los valores positivos penalizan los nuevos tokens basados en su frecuencia existente en el texto hasta el momento, disminuyendo la probabilidad del modelo de repetir la misma línea textualmente.",
@@ -302,7 +322,7 @@
   "com_error_files_upload": "Se produjo un error durante la subida del archivo",
   "com_error_files_upload_canceled": "La solicitud de carga del archivo fue cancelada. Nota: es posible que la carga del archivo aún esté en proceso y necesite ser eliminada manualmente.",
   "com_error_files_validation": "Se produjo un error durante la validación del archivo.",
-  "com_error_input_length": "El conteo de tokens del último mensaje es demasiado largo y excede el límite permitido ({{0}}). Por favor, acorte su mensaje, ajuste el tamaño máximo del contexto desde los parámetros de conversación, o bifurque la conversación para continuar.",
+  "com_error_input_length": "El recuento de tokens del último mensaje es demasiado largo, supera el límite de tokens o los parámetros de límite de tokens están mal configurados, lo que afecta negativamente a la ventana de contexto. Más información: {{0}}. Reduce la longitud de tu mensaje, ajusta el tamaño máximo de contexto en los parámetros de la conversación o bifurca la conversación para continuar.",
   "com_error_invalid_agent_provider": "El proveedor \"{{0}}\" no está disponible para el uso con Agentes. Por favor, ve a las configuraciones de tu agente y selecciona un proveedor que se encuentre disponible.",
   "com_error_invalid_user_key": "Clave proporcionada no válida. Por favor proporcione una clave válida e inténtelo de nuevo.",
   "com_error_moderation": "Parece que el contenido enviado ha sido marcado por nuestro sistema de moderación por no estar alineado con nuestras pautas comunitarias. No podemos proceder con este tema específico. Si tiene alguna otra pregunta o tema que le gustaría explorar, por favor edite su mensaje o cree una nueva conversación.",
@@ -329,6 +349,9 @@
   "com_nav_auto_transcribe_audio": "Transcribir audio automáticamente",
   "com_nav_automatic_playback": "Reproducción automática del último mensaje",
   "com_nav_balance": "Balance",
+  "com_nav_balance_minutes": "minutos",
+  "com_nav_balance_month": "mes",
+  "com_nav_balance_months": "meses",
   "com_nav_browser": "Navegador",
   "com_nav_change_picture": "Cambiar imagen",
   "com_nav_chat_commands": "Comandos de chat",
@@ -372,9 +395,8 @@
   "com_nav_font_size_xl": "Extra grande",
   "com_nav_font_size_xs": "Extra pequeño",
   "com_nav_help_faq": "Ayuda y preguntas frecuentes",
-  "com_nav_hide_panel": "Ocultar el panel lateral derecho",
   "com_nav_info_code_artifacts": "Permite mostrar artefactos de código experimentales junto al chat",
-  "com_nav_info_code_artifacts_agent": "Habilita el uso de artefactos de código para este agente. De forma predeterminada, instrucciones adicionales específicas para el uso de artefactos son añadidas, a menos que \"Modo personalizado de Prompt\" esté habilitado.",
+  "com_nav_info_code_artifacts_agent": "Habilita el uso de artefactos de código para este agente. De forma predeterminada, instrucciones adicionales específicas para el uso de artefactos son añadidas, a menos que \"Modo personalizado de indicación\" esté habilitado.",
   "com_nav_info_custom_prompt_mode": "Cuando está habilitado, no se incluirá el mensaje del sistema predeterminado para artefactos. En este modo, todas las instrucciones para generar artefactos deberán proporcionarse manualmente.",
   "com_nav_info_enter_to_send": "Cuando está habilitado, al presionar `ENTER` se enviará su mensaje. Cuando está deshabilitado, al presionar Enter se agregará una nueva línea, y necesitará presionar `CTRL + ENTER` / `⌘ + ENTER` para enviar su mensaje.",
   "com_nav_info_fork_change_default": "\"Mostrar únicamente mensajes visibles\" incluye solo la ruta directa hacia el mensaje seleccionado. \"Incluir ramas relacionadas\" añade las ramificaciones a lo largo de la ruta. \"Incluir todo desde/hacia aquí\" incluye todos los mensajes y ramificaciones conectados.",
@@ -433,7 +455,6 @@
   "com_nav_setting_speech": "Voz y habla",
   "com_nav_settings": "Configuración",
   "com_nav_shared_links": "Links Compartidos",
-  "com_nav_show_code": "Mostrar siempre el código cuando se use el intérprete de código",
   "com_nav_slash_command": "Comando /",
   "com_nav_slash_command_description": "Alternar comando '/' para seleccionar un mensaje predefinido mediante el teclado",
   "com_nav_speech_to_text": "Voz a texto",
@@ -516,7 +537,7 @@
   "com_ui_authentication": "Autenticación",
   "com_ui_avatar": "Avatar",
   "com_ui_back_to_chat": "Volver al Chat",
-  "com_ui_back_to_prompts": "Volver a Prompts",
+  "com_ui_back_to_prompts": "Volver a las Indicaciones",
   "com_ui_bookmark_delete_confirm": "¿Está seguro de que desea eliminar este marcador?",
   "com_ui_bookmarks": "Marcadores",
   "com_ui_bookmarks_add": "Agregar Marcadores",
@@ -543,13 +564,12 @@
   "com_ui_close_menu": "Cerrar menú",
   "com_ui_code": "Código",
   "com_ui_collapse_chat": "Contraer Chat",
-  "com_ui_command_placeholder": "Opcional: Ingrese un comando para el prompt o se utilizará el nombre",
-  "com_ui_command_usage_placeholder": "Seleccione un Prompt por comando o nombre",
+  "com_ui_command_placeholder": "Opcional: Ingrese un comando para la indicación o se utilizará el nombre",
+  "com_ui_command_usage_placeholder": "Seleccione una indicación por comando o nombre",
   "com_ui_confirm_action": "Confirmar Acción",
   "com_ui_confirm_change": "Confirmar cambio",
   "com_ui_context": "Contexto",
   "com_ui_continue": "Continuar",
-  "com_ui_controls": "Controles",
   "com_ui_copied": "¡Copiado!",
   "com_ui_copied_to_clipboard": "Copiado al portapapeles",
   "com_ui_copy_code": "Copiar código",
@@ -557,8 +577,8 @@
   "com_ui_copy_to_clipboard": "Copiar al portapapeles",
   "com_ui_create": "Crear",
   "com_ui_create_link": "Crear enlace",
-  "com_ui_create_prompt": "Crear Prompt",
-  "com_ui_custom_prompt_mode": "Modo de Prompt Personalizado",
+  "com_ui_create_prompt": "Crear Indicación",
+  "com_ui_custom_prompt_mode": "Modo de Indicación Personalizado",
   "com_ui_dashboard": "Panel de control",
   "com_ui_date": "Fecha",
   "com_ui_date_april": "Abril",
@@ -584,19 +604,18 @@
   "com_ui_delete_agent_confirm": "¿Está seguro de que desea eliminar este agente?",
   "com_ui_delete_assistant_confirm": "¿Está seguro de que desea eliminar este Asistente? Esta acción no se puede deshacer.",
   "com_ui_delete_confirm": "Esto eliminará",
-  "com_ui_delete_confirm_prompt_version_var": "Esto eliminará la versión seleccionada para \"{{0}}\". Si no existen otras versiones, el prompt será eliminado.",
+  "com_ui_delete_confirm_prompt_version_var": "Esto eliminará la versión seleccionada para \"{{0}}\". Si no existen otras versiones, la indicación será eliminada.",
   "com_ui_delete_conversation": "¿Eliminar Chat?",
-  "com_ui_delete_prompt": "¿Eliminar Prompt?",
+  "com_ui_delete_prompt": "¿Eliminar Indicación?",
   "com_ui_delete_shared_link": "¿Eliminar enlace compartido?",
   "com_ui_delete_tool": "Eliminar Herramienta",
   "com_ui_delete_tool_confirm": "¿Está seguro de que desea eliminar esta herramienta?",
   "com_ui_descending": "Desc",
   "com_ui_description": "Descripción",
-  "com_ui_description_placeholder": "Opcional: Ingrese una descripción para mostrar en el prompt",
+  "com_ui_description_placeholder": "Opcional: Ingrese una descripción para mostrar en la indicación",
   "com_ui_download": "Descargar",
   "com_ui_download_error": "Hubo un error al descargar el archivo. Es posible que el archivo haya sido eliminado.",
   "com_ui_dropdown_variables": "Variables desplegables:",
-  "com_ui_dropdown_variables_info": "Cree menús desplegables personalizados para sus prompts: `{{nombre_variable:opción1|opción2|opción3}}`",
   "com_ui_duplicate": "Duplicar",
   "com_ui_duplication_error": "Hubo un error al duplicar la conversación",
   "com_ui_duplication_processing": "Duplicando conversación...",
@@ -612,9 +631,10 @@
   "com_ui_error_save_admin_settings": "Se produjo un error al guardar su configuración de administrador.",
   "com_ui_examples": "Ejemplos",
   "com_ui_export_convo_modal": "Exportar Conversación",
+  "com_ui_feedback_more": "Más....",
   "com_ui_field_required": "Este campo es obligatorio",
-  "com_ui_filter_prompts": "Filtrar Prompts",
-  "com_ui_filter_prompts_name": "Filtrar prompts por nombre",
+  "com_ui_filter_prompts": "Filtrar Indicaciones",
+  "com_ui_filter_prompts_name": "Filtrar indicaciones por nombre",
   "com_ui_finance": "Finanzas",
   "com_ui_fork": "Bifurcar",
   "com_ui_fork_all_target": "Incluir todo desde/hacia aquí",
@@ -670,10 +690,11 @@
   "com_ui_model": "Modelo",
   "com_ui_model_parameters": "Parámetros del Modelo",
   "com_ui_more_info": "Más información",
-  "com_ui_my_prompts": "Mis Prompts",
+  "com_ui_my_prompts": "Mis Indicaciones",
   "com_ui_name": "Nombre",
   "com_ui_new": "Nuevo",
   "com_ui_new_chat": "Nuevo Chat",
+  "com_ui_new_conversation_title": "Título de Nueva Conversación",
   "com_ui_next": "Sig",
   "com_ui_no": "No",
   "com_ui_no_bookmarks": "Parece que aún no tiene marcadores. Haga clic en un chat y agregue uno nuevo",
@@ -689,16 +710,16 @@
   "com_ui_preview": "Previsualizar",
   "com_ui_privacy_policy": "Política de privacidad",
   "com_ui_privacy_policy_url": "URL de la Política de Privacidad",
-  "com_ui_prompt": "Prompt",
-  "com_ui_prompt_name": "Nombre del Prompt",
-  "com_ui_prompt_name_required": "El nombre del prompt es obligatorio",
-  "com_ui_prompt_preview_not_shared": "El autor no ha permitido la colaboración para este prompt",
+  "com_ui_prompt": "Indicación",
+  "com_ui_prompt_name": "Nombre de la Indicación",
+  "com_ui_prompt_name_required": "El nombre de la indicación es obligatorio",
+  "com_ui_prompt_preview_not_shared": "El autor no ha permitido la colaboración para esta indicación",
   "com_ui_prompt_text": "Texto",
   "com_ui_prompt_text_required": "El texto es obligatorio",
-  "com_ui_prompt_update_error": "Hubo un error al actualizar el prompt",
+  "com_ui_prompt_update_error": "Hubo un error al actualizar la indicación",
   "com_ui_prompts": "Indicaciones",
-  "com_ui_prompts_allow_create": "Permitir crear Prompts",
-  "com_ui_prompts_allow_use": "Permitir uso de Prompts",
+  "com_ui_prompts_allow_create": "Permitir crear Indicaciones",
+  "com_ui_prompts_allow_use": "Permitir uso de Indicaciones",
   "com_ui_provider": "Proveedor",
   "com_ui_read_aloud": "Leer en voz alta",
   "com_ui_regenerate": "Regenerar",
@@ -706,7 +727,7 @@
   "com_ui_region": "Región",
   "com_ui_rename": "Renombrar",
   "com_ui_rename_conversation": "Renombrar conversación",
-  "com_ui_rename_prompt": "Renombrar prompt",
+  "com_ui_rename_prompt": "Renombrar indicación",
   "com_ui_reset_var": "Restablecer {{0}}",
   "com_ui_result": "Resultado",
   "com_ui_revoke": "Revocar",
@@ -723,6 +744,7 @@
   "com_ui_saved": "¡Guardado!",
   "com_ui_schema": "Esquema",
   "com_ui_search": "Buscar",
+  "com_ui_search_agent_category": "Buscar categorías...",
   "com_ui_select": "Seleccionar",
   "com_ui_select_file": "Seleccionar un archivo",
   "com_ui_select_model": "Seleccionar un modelo",
@@ -740,7 +762,7 @@
   "com_ui_share_update_message": "Tu nombre, instrucciones personalizadas y cualquier mensaje que agregues después de compartir se mantendrán privados.",
   "com_ui_share_var": "Compartir {{0}}",
   "com_ui_shared_link_not_found": "Enlace compartido no encontrado",
-  "com_ui_shared_prompts": "Prompts Compartidos",
+  "com_ui_shared_prompts": "Indicaciones Compartidas",
   "com_ui_shop": "Compras",
   "com_ui_show_all": "Mostrar Todo",
   "com_ui_simple": "Simple",
@@ -754,6 +776,7 @@
   "com_ui_terms_and_conditions": "Términos y Condiciones",
   "com_ui_terms_of_service": "Términos de servicio",
   "com_ui_thinking": "Pensando...",
+  "com_ui_thoughts": "Pensamientos",
   "com_ui_tools": "Herramientas",
   "com_ui_travel": "Viaje",
   "com_ui_unarchive": "Desarchivar",
@@ -774,14 +797,20 @@
   "com_ui_upload_type": "Seleccionar tipo de carga",
   "com_ui_use_micrphone": "Usar micrófono",
   "com_ui_variables": "Variables",
-  "com_ui_variables_info": "Utilice llaves dobles en su texto para crear variables, por ejemplo `{{variable de ejemplo}}`, para completarlas posteriormente al usar el prompt.",
   "com_ui_verify": "Verificar",
   "com_ui_version_var": "Versión {{0}}",
   "com_ui_versions": "Versiones",
+  "com_ui_web_searching": "Buscando en internet",
+  "com_ui_web_searching_again": "Buscando en internet nuevamente",
   "com_ui_weekend_morning": "Feliz fin de semana",
   "com_ui_write": "Escribiendo",
   "com_ui_x_selected": "{{0}} seleccionado",
+  "com_ui_xhigh": "Extra High",
   "com_ui_yes": "Sí",
+  "com_ui_your_api_key": "Tu API Key",
   "com_ui_zoom": "Zoom",
+  "com_ui_zoom_in": "Menos Zoom",
+  "com_ui_zoom_level": "Nivelar Zoom",
+  "com_ui_zoom_out": "Mas Zoom",
   "com_user_message": "Usted"
 }
diff --git a/client/src/locales/et/translation.json b/client/src/locales/et/translation.json
index 3691bc9e22..0e7af3f613 100644
--- a/client/src/locales/et/translation.json
+++ b/client/src/locales/et/translation.json
@@ -21,7 +21,6 @@
   "com_agents_search_info": "Kui see on lubatud, saab sinu agent otsida veebist ajakohast teavet. Vajalik on kehtiv API võti.",
   "com_agents_search_name": "Otsi agente nime järgi",
   "com_agents_update_error": "Agendi uuendamisel tekkis viga.",
-  "com_assistants_action_attempt": "Assistent soovib suhelda: {{0}}",
   "com_assistants_actions": "Tegevused",
   "com_assistants_actions_disabled": "Enne tegevuste lisamist peate looma assistendi.",
   "com_assistants_actions_info": "Lubage oma assistendil API-de kaudu teavet hankida või toiminguid teha",
@@ -30,7 +29,6 @@
   "com_assistants_allow_sites_you_trust": "Luba ainult usaldusväärseid saite.",
   "com_assistants_append_date": "Lisa praegune kuupäev ja kellaaeg",
   "com_assistants_append_date_tooltip": "Kui see on lubatud, lisatakse praegune kliendi kuupäev ja kellaaeg assistendi süsteemijuhistele.",
-  "com_assistants_attempt_info": "Assistent soovib saata järgmist:",
   "com_assistants_available_actions": "Saadaolevad tegevused",
   "com_assistants_capabilities": "Võimed",
   "com_assistants_code_interpreter": "Koodiinterpreteerija",
@@ -45,7 +43,6 @@
   "com_assistants_delete_actions_error": "Tegevuse kustutamisel tekkis viga.",
   "com_assistants_delete_actions_success": "Tegevuse kustutamine assistendilt õnnestus",
   "com_assistants_description_placeholder": "Valikuline: Kirjelda oma assistenti siin",
-  "com_assistants_domain_info": "Assistent saatis selle teabe aadressile {{0}}",
   "com_assistants_file_search": "Failiotsing",
   "com_assistants_file_search_info": "Failiotsing võimaldab assistendil kasutada teadmisi failidest, mille sina või sinu kasutajad üles laadite. Kui fail on üles laaditud, otsustab assistent automaatselt, millal kasutajate päringute põhjal sisu hankida. Vektorhoidlate lisamine failiotsinguks pole veel toetatud. Saate neid lisada teenusepakkuja mänguväljakult või lisada faile sõnumitele, et neid lõimes failiotsinguks kasutada.",
   "com_assistants_function_use": "Assistent kasutas {{0}}",
@@ -197,7 +194,6 @@
   "com_endpoint_message_not_appendable": "Muuda oma sõnumit või genereeri uuesti.",
   "com_endpoint_my_preset": "Minu eelseadistus",
   "com_endpoint_no_presets": "Eelseadistusi pole veel, kasutage ühe loomiseks seadete nuppu",
-  "com_endpoint_open_menu": "Ava menüü",
   "com_endpoint_openai_custom_name_placeholder": "Määra AI-le kohandatud nimi",
   "com_endpoint_openai_detail": "Visioonitaotluste eraldusvõime. \"Madal\" on odavam ja kiirem, \"Kõrge\" on detailsem ja kallim ning \"Automaatne\" valib automaatselt kahe vahel vastavalt pildi eraldusvõimele.",
   "com_endpoint_openai_freq": "Arv vahemikus -2,0 kuni 2,0. Positiivsed väärtused karistavad uusi märke nende senise sageduse alusel tekstis, vähendades mudeli tõenäosust sama rida sõnasõnaliselt korrata.",
@@ -352,7 +348,6 @@
   "com_nav_font_size_xl": "Eriti suur",
   "com_nav_font_size_xs": "Eriti väike",
   "com_nav_help_faq": "Abi ja KKK",
-  "com_nav_hide_panel": "Peida kõige parempoolsem külgpaneel",
   "com_nav_info_balance": "Saldo näitab, kui palju märgikrediiti on sul kasutamiseks alles. Märgikrediidid tõlgitakse rahalisse väärtusesse (nt 1000 krediiti = 0,001 USD)",
   "com_nav_info_code_artifacts": "Võimaldab katsetuslike koodiartefaktide kuvamist vestluse kõrval",
   "com_nav_info_code_artifacts_agent": "Võimaldab selle agendi jaoks koodiartefaktide kasutamist. Vaikimisi lisatakse artefaktide kasutamisele spetsiifilised täiendavad juhised, välja arvatud juhul, kui on lubatud \"Kohandatud viibarežiim\".",
@@ -423,7 +418,6 @@
   "com_nav_setting_speech": "Kõne",
   "com_nav_settings": "Seaded",
   "com_nav_shared_links": "Jagatud lingid",
-  "com_nav_show_code": "Näita koodi alati, kui kasutatakse koodiinterpreteerijat",
   "com_nav_show_thinking": "Ava mõtlemise rippmenüüd vaikimisi",
   "com_nav_slash_command": "/-käsk",
   "com_nav_slash_command_description": "Lülita käsk \"/\" sisse/välja, et valida klaviatuuri kaudu viipa",
@@ -583,7 +577,6 @@
   "com_ui_confirm_change": "Kinnita muudatus",
   "com_ui_context": "Kontekst",
   "com_ui_continue": "Jätka",
-  "com_ui_controls": "Juhtelemendid",
   "com_ui_convo_delete_error": "Vestluse kustutamine ebaõnnestus",
   "com_ui_copied": "Kopeeritud!",
   "com_ui_copied_to_clipboard": "Kopeeritud lõikepuhvrisse",
@@ -641,7 +634,6 @@
   "com_ui_download_error": "Viga faili allalaadimisel. Fail võib olla kustutatud.",
   "com_ui_drag_drop": "Lohistage",
   "com_ui_dropdown_variables": "Rippmenüü muutujad:",
-  "com_ui_dropdown_variables_info": "Loo sisendite jaoks kohandatud rippmenüüd: `{{muutuja_nimi:valik1|valik2|valik3}}`",
   "com_ui_duplicate": "Dubleeri",
   "com_ui_duplication_error": "Vestluse dubleerimisel tekkis viga",
   "com_ui_duplication_processing": "Vestlust dubleeritakse...",
@@ -735,7 +727,6 @@
   "com_ui_instructions": "Juhised",
   "com_ui_late_night": "Head hilisõhtut",
   "com_ui_latest_footer": "Igaühele oma AI.",
-  "com_ui_latest_production_version": "Viimane tootmisversioon",
   "com_ui_latest_version": "Viimane versioon",
   "com_ui_librechat_code_api_key": "Hangi oma LibreChati koodiinterpreteerimise API võti",
   "com_ui_librechat_code_api_subtitle": "Turvaline. Mitmekeelne. Sisend-/väljundfailid.",
@@ -850,9 +841,7 @@
   "com_ui_special_var_current_user": "Praegune kasutaja",
   "com_ui_special_var_iso_datetime": "UTC ISO kuupäev ja kellaaeg",
   "com_ui_special_variables": "Erilised muutujad:",
-  "com_ui_special_variables_more_info": "Saad rippmenüüst valida erilisi muutujaid: `{{current_date}}` (tänane kuupäev ja nädalapäev), `{{current_datetime}}` (kohalik kuupäev ja kellaaeg), `{{utc_iso_datetime}}` (UTC ISO kuupäev ja kellaaeg) ja `{{current_user}}` (sinu kasutaja nimi).",
   "com_ui_speech_while_submitting": "Kõnet ei saa esitada, kui vastust genereeritakse",
-  "com_ui_sr_actions_menu": "Ava tegevuste menüü \"{{0}}\" jaoks",
   "com_ui_stop": "Peata",
   "com_ui_storage": "Salvestusruum",
   "com_ui_submit": "Esita",
@@ -890,7 +879,6 @@
   "com_ui_use_micrphone": "Kasuta mikrofoni",
   "com_ui_used": "Kasutatud",
   "com_ui_variables": "Muutujad",
-  "com_ui_variables_info": "Kasuta oma tekstis topelt sulgusid, et luua muutujaid, nt `{{näidismuutuja}}`, et hiljem sisendi kasutamisel täita.",
   "com_ui_verify": "Kontrolli",
   "com_ui_version_var": "Versioon {{0}}",
   "com_ui_versions": "Versioonid",
diff --git a/client/src/locales/fa/translation.json b/client/src/locales/fa/translation.json
index b415d139a7..d8178cf251 100644
--- a/client/src/locales/fa/translation.json
+++ b/client/src/locales/fa/translation.json
@@ -3,33 +3,112 @@
   "chat_direction_right_to_left": "چیزی باید به اینجا باشه خالی بود",
   "com_a11y_ai_composing": "هوش مصنوعی هنوز در حال نوشتنه .",
   "com_a11y_end": "هوش مصنوعی پاسخ خود را تموم کرده.",
+  "com_a11y_selected": "انتخاب شده",
   "com_a11y_start": "هوش مصنوعی پاسخ خود را شروع کرده.",
+  "com_agents_agent_card_label": "عامل {{name}}. {{description}}",
+  "com_agents_all": "همه عامل‌ها",
+  "com_agents_all_category": "همه",
+  "com_agents_all_description": "مرور تمام عامل‌های اشتراک‌گذاری شده در تمام دسته‌ها",
+  "com_agents_avatar_upload_error": "خطا در بارگذاری آواتار عامل",
   "com_agents_by_librechat": "توسط LibreChat",
+  "com_agents_category_aftersales": "خدمات پس از فروش",
+  "com_agents_category_aftersales_description": "عامل‌های متخصص در پشتیبانی، نگهداری و خدمات مشتریان پس از فروش",
+  "com_agents_category_empty": "هیچ عاملی در دسته {{category}} یافت نشد",
+  "com_agents_category_finance": "مالی",
+  "com_agents_category_finance_description": "عامل‌های متخصص در تحلیل مالی، بودجه‌بندی و حسابداری",
+  "com_agents_category_general": "عمومی",
+  "com_agents_category_general_description": "عامل‌های عمومی برای وظایف و پرسش‌های متداول",
+  "com_agents_category_hr": "منابع انسانی",
+  "com_agents_category_hr_description": "عامل‌های متخصص در فرآیندهای منابع انسانی، سیاست‌ها و پشتیبانی کارکنان",
+  "com_agents_category_it": "فناوری اطلاعات",
+  "com_agents_category_it_description": "عامل‌های پشتیبانی IT، عیب‌یابی فنی و مدیریت سیستم",
+  "com_agents_category_rd": "تحقیق و توسعه",
+  "com_agents_category_rd_description": "عامل‌های متمرکز بر فرآیندهای R&D، نوآوری و تحقیقات فنی",
+  "com_agents_category_sales": "فروش",
+  "com_agents_category_sales_description": "عامل‌های متمرکز بر فرآیندهای فروش و روابط با مشتری",
+  "com_agents_category_tab_label": "دسته {{category}}، {{position}} از {{total}}",
+  "com_agents_category_tabs_label": "دسته‌های عامل",
+  "com_agents_chat_with": "گفتگو با {{name}}",
+  "com_agents_clear_search": "پاک کردن جستجو",
   "com_agents_code_interpreter": "وقتی فعال باشد، به کارگزار شما اجازه می‌دهد تا از LibreChat Code Interpreter API برای اجرای ایمن کدهای تولید شده، از جمله پردازش فایل، استفاده کند. به یک کلید API معتبر نیاز دارد.",
   "com_agents_code_interpreter_title": "کد Interpreter API",
+  "com_agents_contact": "تماس",
+  "com_agents_copy_link": "کپی لینک",
   "com_agents_create_error": "در ایجاد کارگزار شما خطایی روی داد.",
+  "com_agents_created_by": "توسط",
+  "com_agents_description_card": "توضیحات: {{description}}",
   "com_agents_description_placeholder": "اختیاری: کارگزار خود را در اینجا شرح دهید",
+  "com_agents_empty_state_heading": "هیچ عاملی یافت نشد",
   "com_agents_enable_file_search": "جستجوی فایل را فعال کنید",
+  "com_agents_error_bad_request_message": "درخواست پردازش نشد.",
+  "com_agents_error_bad_request_suggestion": "لطفاً ورودی خود را بررسی و دوباره تلاش کنید.",
+  "com_agents_error_category_title": "خطای دسته‌بندی",
+  "com_agents_error_generic": "ما در هنگام بارگذاری محتوا با مشکلی مواجه شدیم.",
+  "com_agents_error_invalid_request": "درخواست نامعتبر",
+  "com_agents_error_loading": "خطا در بارگذاری عامل‌ها",
+  "com_agents_error_network_message": "امکان اتصال به سرور وجود ندارد.",
+  "com_agents_error_network_suggestion": "اتصال اینترنت خود را بررسی و دوباره تلاش کنید.",
+  "com_agents_error_network_title": "مشکل اتصال",
+  "com_agents_error_not_found_message": "محتوای درخواست شده یافت نشد.",
+  "com_agents_error_not_found_suggestion": "سعی کنید گزینه‌های دیگر را مرور کنید یا به بازار برگردید.",
+  "com_agents_error_not_found_title": "یافت نشد",
+  "com_agents_error_retry": "تلاش مجدد",
+  "com_agents_error_search_title": "خطای جستجو",
+  "com_agents_error_searching": "خطا در جستجوی عامل‌ها",
+  "com_agents_error_server_message": "سرور موقتاً در دسترس نیست.",
+  "com_agents_error_server_suggestion": "لطفاً چند لحظه دیگر دوباره تلاش کنید.",
+  "com_agents_error_server_title": "خطای سرور",
+  "com_agents_error_suggestion_generic": "لطفاً صفحه را رفرش کنید یا بعداً دوباره تلاش کنید.",
+  "com_agents_error_timeout_message": "درخواست بیش از حد طول کشید.",
+  "com_agents_error_timeout_suggestion": "لطفاً اتصال اینترنت خود را بررسی و دوباره تلاش کنید.",
+  "com_agents_error_timeout_title": "پایان مهلت اتصال",
+  "com_agents_error_title": "مشکلی پیش آمد",
+  "com_agents_file_context_description": "فایل‌های آپلود شده به عنوان \"Context\" به صورت متن پردازش می‌شوند تا دستورالعمل‌های عامل را تکمیل کنند. اگر OCR در دسترس باشد یا برای نوع فایل آپلود شده پیکربندی شده باشد، از آن برای استخراج متن استفاده می‌شود. ایده‌آل برای اسناد، تصاویر دارای متن یا PDFهایی که به محتوای متنی کامل آنها نیاز دارید.",
   "com_agents_file_context_disabled": "کارگزار باید قبل از آپلود فایل ها برای File Context ایجاد شود.",
+  "com_agents_file_context_label": "محتوای فایل",
   "com_agents_file_search_disabled": "کارگزار باید قبل از آپلود فایل ها برای جستجوی فایل ایجاد شود.",
   "com_agents_file_search_info": "وقتی فعال باشد، کارگزار از نام‌های دقیق فایل‌های فهرست‌شده در زیر مطلع می‌شود و به او اجازه می‌دهد متن مربوطه را از این فایل‌ها بازیابی کند.",
+  "com_agents_grid_announcement": "نمایش {{count}} عامل در دسته {{category}}",
   "com_agents_instructions_placeholder": "دستورالعمل های سیستمی که کارگزار استفاده می کند",
+  "com_agents_link_copied": "لینک کپی شد",
+  "com_agents_link_copy_failed": "کپی لینک ناموفق بود",
+  "com_agents_load_more_label": "بارگذاری عامل‌های بیشتر از دسته {{category}}",
+  "com_agents_loading": "در حال بارگذاری...",
+  "com_agents_marketplace": "بازار عامل",
+  "com_agents_marketplace_subtitle": "کشف و استفاده از عامل‌های هوش مصنوعی قدرتمند برای بهبود جریان‌های کاری و بهره‌وری شما",
+  "com_agents_mcp_description_placeholder": "در چند کلمه توضیح دهید که چه کاری انجام می‌دهد",
+  "com_agents_mcp_icon_size": "حداقل اندازه ۱۲۸ در ۱۲۸ پیکسل",
+  "com_agents_mcp_name_placeholder": "ابزار سفارشی",
+  "com_agents_mcp_trust_subtext": "اتصال‌دهنده‌های سفارشی توسط LibreChat تأیید نشده‌اند",
+  "com_agents_missing_name": "لطفاً قبل از ایجاد عامل، نامی وارد کنید.",
   "com_agents_missing_provider_model": "لطفاً یک ارائه دهنده و مدل را قبل از ایجاد یک کارگزار انتخاب کنید.",
   "com_agents_name_placeholder": "اختیاری: نام کارگزار",
   "com_agents_no_access": "شما به ویرایش این کارگزار دسترسی ندارید.",
+  "com_agents_no_agent_id_error": "شناسه عامل یافت نشد. لطفاً ابتدا اطمینان حاصل کنید که عامل ایجاد شده است.",
+  "com_agents_no_more_results": "شما به پایان نتایج رسیده‌اید",
   "com_agents_not_available": "کارگزار در دسترس نیست",
+  "com_agents_recommended": "عامل‌های پیشنهادی ما",
+  "com_agents_results_for": "نتایج برای '{{query}}'",
+  "com_agents_search_aria": "جستجوی عامل‌ها",
+  "com_agents_search_empty_heading": "نتیجه‌ای یافت نشد",
+  "com_agents_search_info": "هنگام فعال‌سازی، به عامل شما اجازه می‌دهد تا وب را برای اطلاعات به‌روز جستجو کند. نیاز به یک کلید API معتبر دارد.",
+  "com_agents_search_instructions": "برای جستجوی عامل‌ها بر اساس نام یا توضیحات تایپ کنید",
   "com_agents_search_name": "کارگزارها را با نام جستجو کنید",
+  "com_agents_search_no_results": "هیچ عاملی برای \"{{query}}\" یافت نشد",
+  "com_agents_search_placeholder": "جستجوی عامل‌ها...",
+  "com_agents_see_more": "مشاهده بیشتر",
+  "com_agents_start_chat": "شروع گفتگو",
+  "com_agents_top_picks": "برترین‌ها",
   "com_agents_update_error": "هنگام به‌روزرسانی کارگزار شما خطایی روی داد.",
-  "com_assistants_action_attempt": "دستیار می خواهد با {{0}} صحبت کند ",
   "com_assistants_actions": "اقدامات",
   "com_assistants_actions_disabled": "قبل از افزودن اقدامات، باید یک دستیار ایجاد کنید.",
   "com_assistants_actions_info": "به دستیارتان اجازه دهید اطلاعات را بازیابی کند یا اقداماتی را از طریق API انجام دهد",
   "com_assistants_add_actions": "افزودن اقدامات",
+  "com_assistants_add_mcp_server_tools": "افزودن ابزارهای سرور MCP",
   "com_assistants_add_tools": "ابزارها را اضافه کنید",
   "com_assistants_allow_sites_you_trust": "فقط به سایت هایی که به آنها اعتماد دارید اجازه دهید.",
   "com_assistants_append_date": "تاریخ و زمان فعلی را اضافه کنید",
   "com_assistants_append_date_tooltip": "وقتی فعال باشد، تاریخ و زمان فعلی مشتری به دستورالعمل‌های سیستم دستیار اضافه می‌شود.",
-  "com_assistants_attempt_info": "دستیار می خواهد موارد زیر را ارسال کند:",
   "com_assistants_available_actions": "اقدامات موجود",
   "com_assistants_capabilities": "قابلیت ها",
   "com_assistants_code_interpreter": "مفسر کد",
@@ -44,7 +123,6 @@
   "com_assistants_delete_actions_error": "هنگام حذف عمل خطایی روی داد.",
   "com_assistants_delete_actions_success": "Action از Assistant با موفقیت حذف شد",
   "com_assistants_description_placeholder": "اختیاری: دستیار خود را در اینجا شرح دهید",
-  "com_assistants_domain_info": "دستیار این اطلاعات را به {{0}} فرستاد",
   "com_assistants_file_search": "جستجوی فایل",
   "com_assistants_file_search_info": "جستجوی فایل به دستیار امکان می‌دهد از فایل‌هایی که شما یا کاربرانتان آپلود می‌کنید، اطلاعات داشته باشد. هنگامی که یک فایل آپلود می شود، دستیار به طور خودکار تصمیم می گیرد که چه زمانی محتوا را بر اساس درخواست کاربر بازیابی کند. پیوست کردن فروشگاه‌های برداری برای جستجوی فایل هنوز پشتیبانی نمی‌شود. می‌توانید آن‌ها را از Provider Playground وصل کنید یا فایل‌ها را به پیام‌ها برای جستجوی فایل بر اساس رشته پیوست کنید.",
   "com_assistants_function_use": "دستیار  {{0}} استفاده شده است",
@@ -58,11 +136,13 @@
   "com_assistants_non_retrieval_model": "جستجوی فایل در این مدل فعال نیست. لطفا مدل دیگری را انتخاب کنید",
   "com_assistants_retrieval": "بازیابی",
   "com_assistants_running_action": "اکشن در حال اجرا",
+  "com_assistants_running_var": "در حال اجرا {{0}}",
   "com_assistants_search_name": "دستیاران را بر اساس نام جستجو کنید",
   "com_assistants_update_actions_error": "هنگام ایجاد یا به‌روزرسانی عملکرد خطایی روی داد.",
   "com_assistants_update_actions_success": "اکشن با موفقیت ایجاد یا به‌روزرسانی شد",
   "com_assistants_update_error": "هنگام به‌روزرسانی دستیار شما خطایی روی داد.",
   "com_assistants_update_success": "با موفقیت به روز شد",
+  "com_assistants_update_success_name": "{{name}} با موفقیت به‌روزرسانی شد",
   "com_auth_already_have_account": "از قبل حساب کاربری دارید؟",
   "com_auth_apple_login": "با اپل وارد شوید",
   "com_auth_back_to_login": "بازگشت به ورود",
@@ -95,6 +175,7 @@
   "com_auth_error_login_rl": "تعداد زیادی تلاش برای ورود به سیستم در مدت زمان کوتاهی. لطفاً بعداً دوباره امتحان کنید.",
   "com_auth_error_login_server": "یک خطای سرور داخلی وجود داشت. لطفا چند لحظه صبر کنید و دوباره امتحان کنید.",
   "com_auth_error_login_unverified": "حساب شما تایید نشده است. لطفا ایمیل خود را برای پیوند تأیید بررسی کنید.",
+  "com_auth_error_oauth_failed": "احراز هویت ناموفق بود. لطفاً روش ورود خود را بررسی و دوباره تلاش کنید.",
   "com_auth_facebook_login": "با فیس بوک ادامه دهید",
   "com_auth_full_name": "نام کامل",
   "com_auth_github_login": "با Github ادامه دهید",
@@ -119,6 +200,7 @@
   "com_auth_reset_password_if_email_exists": "اگر حسابی با آن ایمیل وجود داشته باشد، ایمیلی با دستورالعمل بازنشانی رمز عبور ارسال شده است. لطفاً پوشه اسپم خود را بررسی کنید.",
   "com_auth_reset_password_link_sent": "ایمیل ارسال شد",
   "com_auth_reset_password_success": "بازنشانی رمز عبور با موفقیت انجام شد",
+  "com_auth_saml_login": "ادامه با SAML",
   "com_auth_sign_in": "وارد شوید",
   "com_auth_sign_up": "ثبت نام کنید",
   "com_auth_submit_registration": "ثبت نام را ارسال کنید",
@@ -130,6 +212,8 @@
   "com_auth_username_min_length": "نام کاربری باید حداقل 2 کاراکتر باشد",
   "com_auth_verify_your_identity": "هویت خود را تأیید کنید",
   "com_auth_welcome_back": "خوش آمدید",
+  "com_citation_more_details": "جزئیات بیشتر درباره {{label}}",
+  "com_citation_source": "منبع",
   "com_click_to_download": "(برای دانلود اینجا کلیک کنید)",
   "com_download_expired": "(دانلود منقضی شده است)",
   "com_download_expires": "(برای دانلود اینجا را کلیک کنید - منقضی می شود {{0}})",
@@ -137,6 +221,7 @@
   "com_endpoint_agent": "کارگزار",
   "com_endpoint_agent_placeholder": "لطفا یک کارگزار را انتخاب کنید",
   "com_endpoint_ai": "هوش مصنوعی",
+  "com_endpoint_anthropic_effort": "میزان تلاش محاسباتی Claude را کنترل می‌کند. تلاش کمتر باعث صرفه‌جویی در توکن‌ها و کاهش تأخیر می‌شود؛ تلاش بیشتر پاسخ‌های دقیق‌تری تولید می‌کند. 'Max' عمیق‌ترین استدلال را فعال می‌کند (فقط Opus 4.6).",
   "com_endpoint_anthropic_maxoutputtokens": "حداکثر تعداد توکن هایی که می توان در پاسخ ایجاد کرد. مقدار کمتری را برای پاسخ‌های کوتاه‌تر و مقدار بالاتر را برای پاسخ‌های طولانی‌تر مشخص کنید. توجه: مدل ها ممکن است قبل از رسیدن به این حداکثر متوقف شوند.",
   "com_endpoint_anthropic_prompt_cache": "ذخیره سریع امکان استفاده مجدد از زمینه یا دستورالعمل های بزرگ را در تماس های API، کاهش هزینه ها و تأخیر فراهم می کند.",
   "com_endpoint_anthropic_temp": "محدوده از 0 تا 1. از دمای نزدیک به 0 برای تحلیلی / چند گزینه ای و نزدیکتر به 1 برای کارهای خلاقانه و مولد استفاده کنید. توصیه می کنیم این یا Top P را تغییر دهید اما نه هر دو.",
@@ -144,6 +229,7 @@
   "com_endpoint_anthropic_thinking_budget": "حداکثر تعداد توکن هایی را که کلود مجاز به استفاده برای فرآیند استدلال داخلی خود است، تعیین می کند. بودجه‌های بزرگ‌تر می‌توانند کیفیت پاسخ را با امکان تجزیه و تحلیل دقیق‌تر برای مشکلات پیچیده بهبود بخشند، اگرچه کلود ممکن است از کل بودجه تخصیص‌یافته استفاده نکند، به خصوص در محدوده‌های بالاتر از 32K. این تنظیم باید کمتر از \"Max Output Tokens\" باشد.",
   "com_endpoint_anthropic_topk": "Top-k نحوه انتخاب توکن ها را برای خروجی توسط مدل تغییر می دهد. top-k از 1 به این معنی است که توکن انتخاب شده در واژگان مدل (که رمزگشایی حریص نیز نامیده می شود) محتمل ترین نشانه است، در حالی که top-k از 3 به این معنی است که نشانه بعدی از بین 3 توکن محتمل (با استفاده از دما) انتخاب شده است.",
   "com_endpoint_anthropic_topp": "Top-p نحوه انتخاب توکن ها را برای خروجی توسط مدل تغییر می دهد. توکن ها از اکثر K (به پارامتر topK مراجعه کنید) انتخاب می شوند تا زمانی که مجموع احتمالات آنها با مقدار top-p برابر شود.",
+  "com_endpoint_anthropic_use_web_search": "فعال‌سازی قابلیت جستجوی وب با استفاده از امکانات جستجوی داخلی Anthropic. این به مدل اجازه می‌دهد تا وب را برای اطلاعات به‌روز جستجو کند و پاسخ‌های دقیق‌تر و جاری ارائه دهد.",
   "com_endpoint_assistant": "دستیار",
   "com_endpoint_assistant_model": "مدل دستیار",
   "com_endpoint_assistant_placeholder": "لطفاً یک دستیار را از پانل سمت راست انتخاب کنید",
@@ -175,6 +261,9 @@
   "com_endpoint_default": "پیش فرض",
   "com_endpoint_default_blank": "پیش فرض: خالی",
   "com_endpoint_default_with_num": "پیش فرض: {{0}}",
+  "com_endpoint_disable_streaming": "غیرفعال‌سازی پاسخ‌های جریانی (Streaming) و دریافت پاسخ کامل به صورت یکجا. مفید برای مدل‌هایی مانند o3 که نیاز به تأیید سازمان برای استریمینگ دارند",
+  "com_endpoint_disable_streaming_label": "غیرفعال‌سازی استریمینگ",
+  "com_endpoint_effort": "تلاش (Effort)",
   "com_endpoint_examples": " تنظیمات از پیش تعیین شده",
   "com_endpoint_export": "صادرات",
   "com_endpoint_export_share": "صادرات/اشتراک گذاری",
@@ -182,8 +271,11 @@
   "com_endpoint_google_custom_name_placeholder": "یک نام سفارشی برای گوگل تعیین کنید",
   "com_endpoint_google_maxoutputtokens": "حداکثر تعداد توکن هایی که می توان در پاسخ ایجاد کرد. مقدار کمتری را برای پاسخ‌های کوتاه‌تر و مقدار بالاتر را برای پاسخ‌های طولانی‌تر مشخص کنید. توجه: مدل ها ممکن است قبل از رسیدن به این حداکثر متوقف شوند.",
   "com_endpoint_google_temp": "مقادیر بالاتر = تصادفی تر، در حالی که مقادیر پایین تر = متمرکز تر و قطعی تر. توصیه می کنیم این یا Top P را تغییر دهید اما نه هر دو.",
+  "com_endpoint_google_thinking": "فعال‌سازی یا غیرفعال‌سازی استدلال. این تنظیم فقط توسط برخی مدل‌ها (سری 2.5) پشتیبانی می‌شود. برای مدل‌های قدیمی‌تر، این تنظیم ممکن است تأثیری نداشته باشد.",
+  "com_endpoint_google_thinking_budget": "تعداد توکن‌های تفکر (Thinking Tokens) مدل را هدایت می‌کند. مقدار واقعی ممکن است بسته به پرامپت از این مقدار بیشتر یا کمتر باشد.\n\nاین تنظیم فقط توسط برخی مدل‌ها (سری 2.5) پشتیبانی می‌شود. Gemini 2.5 Pro از 128 تا 32,768 توکن پشتیبانی می‌کند. Gemini 2.5 Flash از 0 تا 24,576 توکن پشتیبانی می‌کند. Gemini 2.5 Flash Lite از 512 تا 24,576 توکن پشتیبانی می‌کند.\n\nخالی بگذارید یا روی \"-1\" تنظیم کنید تا مدل به طور خودکار تصمیم بگیرد چه زمانی و چقدر فکر کند. به طور پیش‌فرض، Gemini 2.5 Flash Lite فکر نمی‌کند.",
   "com_endpoint_google_topk": "Top-k نحوه انتخاب توکن ها را برای خروجی توسط مدل تغییر می دهد. top-k از 1 به این معنی است که توکن انتخاب شده در واژگان مدل (که رمزگشایی حریص نیز نامیده می شود) محتمل ترین نشانه است، در حالی که top-k از 3 به این معنی است که نشانه بعدی از بین 3 توکن محتمل (با استفاده از دما) انتخاب شده است.",
   "com_endpoint_google_topp": "Top-p نحوه انتخاب توکن ها را برای خروجی توسط مدل تغییر می دهد. توکن ها از اکثر K (به پارامتر topK مراجعه کنید) انتخاب می شوند تا زمانی که مجموع احتمالات آنها با مقدار top-p برابر شود.",
+  "com_endpoint_google_use_search_grounding": "استفاده از ویژگی Grounding جستجوی گوگل برای بهبود پاسخ‌ها با نتایج جستجوی وب در زمان واقعی. این به مدل‌ها امکان دسترسی به اطلاعات جاری و ارائه پاسخ‌های دقیق‌تر و به‌روزتر را می‌دهد.",
   "com_endpoint_instructions_assistants": "نادیده گرفتن دستورالعمل ها",
   "com_endpoint_instructions_assistants_placeholder": "دستورالعمل های دستیار را لغو می کند. این برای اصلاح رفتار بر اساس هر اجرا مفید است.",
   "com_endpoint_max_output_tokens": "حداکثر توکن های خروجی",
@@ -192,7 +284,6 @@
   "com_endpoint_message_not_appendable": "پیام خود را ویرایش کنید یا دوباره ایجاد کنید.",
   "com_endpoint_my_preset": "از پیش تنظیم من",
   "com_endpoint_no_presets": "هنوز از پیش تنظیم نشده است، از دکمه تنظیمات برای ایجاد یکی استفاده کنید",
-  "com_endpoint_open_menu": "منو را باز کنید",
   "com_endpoint_openai_custom_name_placeholder": "یک نام سفارشی برای هوش مصنوعی تعیین کنید",
   "com_endpoint_openai_detail": "قطعنامه برای درخواست های Vision. «Low» ارزان‌تر و سریع‌تر است، «High» جزئیات و گران‌تر است، و «Auto» به طور خودکار بین این دو بر اساس وضوح تصویر انتخاب می‌کند.",
   "com_endpoint_openai_freq": "عدد بین -2.0 و 2.0. مقادیر مثبت، توکن‌های جدید را بر اساس فراوانی موجود در متن تا کنون جریمه می‌کنند و احتمال تکرار همان خط را در مدل کاهش می‌دهند.",
@@ -201,11 +292,15 @@
   "com_endpoint_openai_pres": "عدد بین -2.0 و 2.0. مقادیر مثبت، توکن‌های جدید را بر اساس اینکه آیا تاکنون در متن ظاهر شده‌اند جریمه می‌کنند و احتمال صحبت مدل در مورد موضوعات جدید را افزایش می‌دهند.",
   "com_endpoint_openai_prompt_prefix_placeholder": "دستورالعمل‌های سفارشی را برای درج در پیام سیستم تنظیم کنید. پیش فرض: هیچ",
   "com_endpoint_openai_reasoning_effort": "فقط مدل های o1: تلاش برای استدلال برای مدل های استدلال را محدود می کند. کاهش تلاش استدلال می‌تواند منجر به پاسخ‌های سریع‌تر و توکن‌های کمتری برای استدلال در پاسخ شود.",
+  "com_endpoint_openai_reasoning_summary": "فقط Responses API: خلاصه‌ای از استدلال انجام شده توسط مدل. این می‌تواند برای اشکال‌زدایی و درک فرآیند استدلال مدل مفید باشد. روی none، auto، concise یا detailed تنظیم کنید.",
   "com_endpoint_openai_resend": "همه تصاویر پیوست شده قبلی را مجددا ارسال کنید. توجه: این می تواند هزینه توکن را به میزان قابل توجهی افزایش دهد و ممکن است در بسیاری از پیوست های تصویر با خطا مواجه شوید.",
   "com_endpoint_openai_resend_files": "همه فایل های پیوست شده قبلی را مجددا ارسال کنید. توجه: این کار هزینه توکن را افزایش می دهد و ممکن است در بسیاری از پیوست ها با خطا مواجه شوید.",
   "com_endpoint_openai_stop": "تا 4 دنباله که در آن API تولید توکن های بیشتر را متوقف می کند.",
   "com_endpoint_openai_temp": "مقادیر بالاتر = تصادفی تر، در حالی که مقادیر پایین تر = متمرکز تر و قطعی تر. توصیه می کنیم این یا Top P را تغییر دهید اما نه هر دو.",
   "com_endpoint_openai_topp": "جایگزینی برای نمونه برداری با دما، به نام نمونه برداری هسته، که در آن مدل نتایج توکن ها را با جرم احتمال top_p در نظر می گیرد. بنابراین 0.1 به این معنی است که فقط توکن هایی که 10 درصد جرم احتمالی بالایی را تشکیل می دهند در نظر گرفته می شوند. توصیه می کنیم این یا دما را تغییر دهید اما نه هر دو را.",
+  "com_endpoint_openai_use_responses_api": "استفاده از Responses API به جای Chat Completions، که شامل ویژگی‌های گسترده‌تری از OpenAI است. برای o1-pro، o3-pro و فعال‌سازی خلاصه‌های استدلال الزامی است.",
+  "com_endpoint_openai_use_web_search": "فعال‌سازی قابلیت جستجوی وب با استفاده از امکانات جستجوی داخلی OpenAI. این به مدل اجازه می‌دهد تا وب را برای اطلاعات به‌روز جستجو کند و پاسخ‌های دقیق‌تر و جاری ارائه دهد.",
+  "com_endpoint_openai_verbosity": "میزان پرگویی (verbosity) پاسخ مدل را محدود می‌کند. مقادیر کمتر منجر به پاسخ‌های کوتاه‌تر می‌شود، در حالی که مقادیر بیشتر منجر به پاسخ‌های طولانی‌تر می‌شود. مقادیر پشتیبانی شده فعلی low، medium و high هستند.",
   "com_endpoint_output": "خروجی",
   "com_endpoint_plug_image_detail": "جزئیات تصویر",
   "com_endpoint_plug_resend_files": "ارسال مجدد فایل ها",
@@ -218,6 +313,7 @@
   "com_endpoint_preset_default_removed": "دیگر پیش تنظیم پیش فرض نیست.",
   "com_endpoint_preset_delete_confirm": "آیا مطمئن هستید که می خواهید این پیش تنظیم را حذف کنید؟",
   "com_endpoint_preset_delete_error": "هنگام حذف از پیش تنظیم شما خطایی روی داد. لطفا دوباره امتحان کنید.",
+  "com_endpoint_preset_delete_success": "پیش‌تنظیم (Preset) با موفقیت حذف شد",
   "com_endpoint_preset_import": "از پیش تعیین شده وارد شد!",
   "com_endpoint_preset_import_error": "هنگام وارد کردن تنظیمات پیش‌فرض شما خطایی روی داد. لطفا دوباره امتحان کنید.",
   "com_endpoint_preset_name": "نام از پیش تعیین شده",
@@ -233,6 +329,7 @@
   "com_endpoint_prompt_prefix_assistants_placeholder": "دستورالعمل ها یا زمینه اضافی را در بالای دستورالعمل های اصلی دستیار تنظیم کنید. اگر خالی باشد نادیده گرفته می شود.",
   "com_endpoint_prompt_prefix_placeholder": "دستورالعمل ها یا زمینه سفارشی را تنظیم کنید. اگر خالی باشد نادیده گرفته می شود.",
   "com_endpoint_reasoning_effort": "تلاش استدلال",
+  "com_endpoint_reasoning_summary": "خلاصه استدلال",
   "com_endpoint_save_as_preset": "ذخیره به عنوان از پیش تعیین شده",
   "com_endpoint_search": "جستجوی نقطه پایانی بر اساس نام",
   "com_endpoint_search_endpoint_models": "جستجو کنید {{0}} مدل های ...",
@@ -247,25 +344,51 @@
   "com_endpoint_top_k": "بالا K",
   "com_endpoint_top_p": "بالا P",
   "com_endpoint_use_active_assistant": "از دستیار فعال استفاده کنید",
+  "com_endpoint_use_responses_api": "استفاده از Responses API",
+  "com_endpoint_use_search_grounding": "Grounding با جستجوی گوگل",
+  "com_endpoint_verbosity": "پرگویی (Verbosity)",
+  "com_error_endpoint_models_not_loaded": "مدل‌ها برای {{0}} بارگذاری نشدند. لطفاً صفحه را رفرش کرده و دوباره تلاش کنید.",
   "com_error_expired_user_key": "کلید ارائه شده برای {{0}} منقضی شده در {{1}}. لطفاً یک کلید جدید ارائه دهید و دوباره امتحان کنید.",
   "com_error_files_dupe": "فایل تکراری شناسایی شد.",
   "com_error_files_empty": "فایل های خالی مجاز نیستند.",
   "com_error_files_process": "هنگام پردازش فایل خطایی روی داد.",
   "com_error_files_upload": "هنگام آپلود فایل خطایی روی داد.",
   "com_error_files_upload_canceled": "درخواست آپلود فایل لغو شد. توجه: ممکن است فایل آپلود هنوز در حال پردازش باشد و باید به صورت دستی حذف شود.",
+  "com_error_files_upload_too_large": "فایل خیلی بزرگ است. لطفاً فایلی کوچک‌تر از {{0}} مگابایت آپلود کنید",
   "com_error_files_validation": "هنگام اعتبارسنجی فایل خطایی روی داد.",
+  "com_error_google_tool_conflict": "استفاده از ابزارهای داخلی گوگل با ابزارهای خارجی پشتیبانی نمی‌شود. لطفاً یا ابزارهای داخلی یا ابزارهای خارجی را غیرفعال کنید.",
+  "com_error_heic_conversion": "تبدیل تصویر HEIC به JPEG ناموفق بود. لطفاً سعی کنید تصویر را دستی تبدیل کنید یا از فرمت دیگری استفاده کنید.",
+  "com_error_illegal_model_request": "مدل \"{{0}}\" برای {{1}} در دسترس نیست. لطفاً مدل دیگری انتخاب کنید.",
   "com_error_input_length": "آخرین تعداد توکن پیام بسیار طولانی است، از حد مجاز بیشتر است، یا پارامترهای محدودیت رمز شما به اشتباه پیکربندی شده اند، که بر پنجره زمینه تأثیر منفی می گذارد. اطلاعات بیشتر: {{0}}. لطفاً پیام خود را کوتاه کنید، حداکثر اندازه زمینه را از روی پارامترهای مکالمه تنظیم کنید، یا مکالمه را برای ادامه ادامه دهید.",
   "com_error_invalid_agent_provider": "ارائه‌دهنده \"{{0}}\" برای استفاده با نمایندگان در دسترس نیست. لطفاً به تنظیمات نماینده خود بروید و یک ارائه‌دهنده‌ی موجود را انتخاب کنید.",
   "com_error_invalid_user_key": "کلید نامعتبر ارائه شده است. لطفاً یک کلید معتبر ارائه دهید و دوباره امتحان کنید.",
+  "com_error_missing_model": "هیچ مدلی برای {{0}} انتخاب نشده است. لطفاً یک مدل انتخاب کرده و دوباره تلاش کنید.",
+  "com_error_models_not_loaded": "پیکربندی مدل‌ها بارگذاری نشد. لطفاً صفحه را رفرش کرده و دوباره تلاش کنید.",
   "com_error_moderation": "به نظر می‌رسد محتوای ارسال‌شده توسط سیستم نظارت ما به دلیل عدم همسویی با دستورالعمل‌های انجمن ما پرچم‌گذاری شده است. ما نمی توانیم با این موضوع خاص ادامه دهیم. اگر سؤال یا موضوع دیگری دارید که می‌خواهید بررسی کنید، لطفاً پیام خود را ویرایش کنید یا یک مکالمه جدید ایجاد کنید.",
   "com_error_no_base_url": "هیچ URL پایه ای پیدا نشد. لطفاً یکی را ارائه کنید و دوباره امتحان کنید.",
   "com_error_no_user_key": "کلید پیدا نشد لطفاً یک کلید ارائه دهید و دوباره امتحان کنید.",
+  "com_error_refusal": "پاسخ توسط فیلترهای ایمنی رد شد. پیام خود را بازنویسی کرده و دوباره تلاش کنید. اگر هنگام استفاده از Claude Sonnet 4.5 یا Opus 4.1 مرتباً با این مشکل مواجه می‌شوید، می‌توانید Sonnet 4 را امتحان کنید که محدودیت‌های استفاده متفاوتی دارد.",
+  "com_file_pages": "صفحات: {{pages}}",
+  "com_file_source": "فایل",
+  "com_file_unknown": "فایل ناشناخته",
+  "com_files_download_failed": "{{0}} فایل ناموفق بود",
+  "com_files_download_percent_complete": "{{0}}٪ کامل شد",
+  "com_files_download_progress": "{{0}} از {{1}} فایل",
+  "com_files_downloading": "در حال دانلود فایل‌ها",
   "com_files_filter": "فیلتر کردن فایل ها...",
+  "com_files_filter_by": "فیلتر فایل‌ها بر اساس...",
   "com_files_no_results": "هیچ نتیجه ای وجود ندارد.",
   "com_files_number_selected": "{{0}} از {{1}} موارد انتخاب شده",
+  "com_files_preparing_download": "در حال آماده‌سازی دانلود...",
+  "com_files_result_found": "{{count}} نتیجه یافت شد",
+  "com_files_results_found": "{{count}} نتیجه یافت شد",
+  "com_files_sharepoint_picker_title": "انتخاب فایل‌ها",
   "com_files_table": "چیزی باید به اینجا برود خالی بود",
+  "com_files_upload_local_machine": "از کامپیوتر محلی",
+  "com_files_upload_sharepoint": "از شیرپوینت (SharePoint)",
   "com_generated_files": "فایل های تولید شده:",
   "com_hide_examples": "مخفی کردن نمونه ها",
+  "com_info_heic_converting": "در حال تبدیل تصویر HEIC به JPEG...",
   "com_nav_2fa": "احراز هویت دو مرحله ای (2FA)",
   "com_nav_account_settings": "تنظیمات حساب",
   "com_nav_always_make_prod": "همیشه نسخه های جدید را تولید کنید",
@@ -282,12 +405,34 @@
   "com_nav_auto_transcribe_audio": "رونویسی خودکار صدا",
   "com_nav_automatic_playback": "پخش خودکار آخرین پیام",
   "com_nav_balance": "تعادل",
+  "com_nav_balance_auto_refill_disabled": "شارژ خودکار غیرفعال است.",
+  "com_nav_balance_auto_refill_error": "خطا در بارگذاری تنظیمات شارژ خودکار.",
+  "com_nav_balance_auto_refill_settings": "تنظیمات شارژ خودکار",
+  "com_nav_balance_day": "روز",
+  "com_nav_balance_days": "روز",
+  "com_nav_balance_every": "هر",
+  "com_nav_balance_hour": "ساعت",
+  "com_nav_balance_hours": "ساعت",
+  "com_nav_balance_interval": "بازه زمانی:",
+  "com_nav_balance_last_refill": "آخرین شارژ:",
+  "com_nav_balance_minute": "دقیقه",
+  "com_nav_balance_minutes": "دقیقه",
+  "com_nav_balance_month": "ماه",
+  "com_nav_balance_months": "ماه",
+  "com_nav_balance_next_refill": "شارژ بعدی:",
+  "com_nav_balance_next_refill_info": "شارژ بعدی فقط زمانی به طور خودکار انجام می‌شود که هر دو شرط برقرار باشند: بازه زمانی تعیین شده از آخرین شارژ گذشته باشد، و ارسال یک پرامپت باعث شود موجودی شما به زیر صفر برسد.",
+  "com_nav_balance_refill_amount": "مبلغ شارژ:",
+  "com_nav_balance_second": "ثانیه",
+  "com_nav_balance_seconds": "ثانیه",
+  "com_nav_balance_week": "هفته",
+  "com_nav_balance_weeks": "هفته",
   "com_nav_browser": "مرورگر",
   "com_nav_center_chat_input": "مرکز ورودی چت در صفحه خوش آمدید",
   "com_nav_change_picture": "تغییر تصویر",
   "com_nav_chat_commands": "دستورات چت",
   "com_nav_chat_commands_info": "این دستورات با تایپ کاراکترهای خاص در ابتدای پیام شما فعال می شوند. هر فرمان با پیشوند تعیین شده خود راه اندازی می شود. اگر مرتباً از این کاراکترها برای شروع پیام ها استفاده می کنید، می توانید آنها را غیرفعال کنید.",
   "com_nav_chat_direction": "جهت چت",
+  "com_nav_chat_direction_selected": "جهت چت: {{direction}}",
   "com_nav_clear_all_chats": "تمام چت ها را پاک کنید",
   "com_nav_clear_cache_confirm_message": "آیا مطمئن هستید که می خواهید کش را پاک کنید؟",
   "com_nav_clear_conversation": "مکالمات را پاک کنید",
@@ -295,9 +440,11 @@
   "com_nav_close_sidebar": "نوار کناری را ببندید",
   "com_nav_commands": "دستورات",
   "com_nav_confirm_clear": "پاک کردن را تایید کنید",
+  "com_nav_control_panel": "کنترل پنل",
   "com_nav_conversation_mode": "حالت مکالمه",
   "com_nav_convo_menu_options": "گزینه های منوی گفتگو",
   "com_nav_db_sensitivity": "حساسیت دسی بل",
+  "com_nav_default_temporary_chat": "چت موقت به صورت پیش‌فرض",
   "com_nav_delete_account": "حذف اکانت",
   "com_nav_delete_account_button": "اکانت من را برای همیشه حذف کنید",
   "com_nav_delete_account_confirm": "حذف حساب - مطمئن هستید؟",
@@ -326,10 +473,11 @@
   "com_nav_font_size_xl": "فوق العاده بزرگ",
   "com_nav_font_size_xs": "فوق العاده کوچک",
   "com_nav_help_faq": "راهنما و سوالات متداول",
-  "com_nav_hide_panel": "پانل سمت راست را پنهان کنید",
+  "com_nav_info_balance": "موجودی نشان می‌دهد چه مقدار اعتبار توکن برای استفاده باقی مانده است. اعتبار توکن به ارزش پولی تبدیل می‌شود (مثلاً 1000 اعتبار = 0.001 دلار آمریکا)",
   "com_nav_info_code_artifacts": "نمایش مصنوعات کد آزمایشی در کنار گپ را فعال می کند",
   "com_nav_info_code_artifacts_agent": "استفاده از مصنوعات کد را برای این کارگزار فعال می کند. به طور پیش‌فرض، دستورالعمل‌های اضافی مخصوص استفاده از مصنوعات اضافه می‌شوند، مگر اینکه «حالت درخواست سفارشی» فعال باشد.",
   "com_nav_info_custom_prompt_mode": "وقتی فعال باشد، اعلان سیستم پیش‌فرض مصنوعات شامل نخواهد شد. تمام دستورالعمل های تولید مصنوع باید به صورت دستی در این حالت ارائه شوند.",
+  "com_nav_info_default_temporary_chat": "هنگامی که فعال باشد، چت‌های جدید با حالت چت موقت به صورت پیش‌فرض شروع می‌شوند. چت‌های موقت در تاریخچه شما ذخیره نمی‌شوند.",
   "com_nav_info_enter_to_send": "وقتی فعال باشد، با فشار دادن «ENTER» پیام شما ارسال می شود. وقتی غیرفعال است، با فشار دادن Enter یک خط جدید اضافه می شود و برای ارسال پیام خود باید «CTRL + ENTER» / «⌘ + ENTER» را فشار دهید.",
   "com_nav_info_fork_change_default": "\"فقط پیام های قابل مشاهده\" فقط شامل مسیر مستقیم پیام انتخاب شده است. «شامل شاخه‌های مرتبط» شاخه‌هایی را در طول مسیر اضافه می‌کند. «شامل همه به/از اینجا» شامل همه پیام‌ها و شاخه‌های متصل است.",
   "com_nav_info_fork_split_target_setting": "هنگامی که فعال باشد، انشعاب از پیام هدف شروع می شود تا آخرین پیام در مکالمه، با توجه به رفتار انتخاب شده.",
@@ -339,10 +487,16 @@
   "com_nav_info_save_draft": "وقتی فعال باشد، متن و پیوست‌هایی که در فرم چت وارد می‌کنید به‌طور خودکار به‌صورت محلی به‌عنوان پیش‌نویس ذخیره می‌شوند. این پیش‌نویس‌ها در دسترس خواهند بود حتی اگر صفحه را دوباره بارگیری کنید یا به مکالمه دیگری بروید. پیش نویس ها به صورت محلی در دستگاه شما ذخیره می شوند و پس از ارسال پیام حذف می شوند.",
   "com_nav_info_show_thinking": "وقتی فعال باشد، چت به طور پیش‌فرض فهرست‌های بازشوی تفکر را نشان می‌دهد و به شما امکان می‌دهد استدلال هوش مصنوعی را در زمان واقعی مشاهده کنید. وقتی غیرفعال باشد، منوهای کشویی تفکر به طور پیش‌فرض بسته می‌مانند تا رابطی تمیزتر و کارآمدتر داشته باشند",
   "com_nav_info_user_name_display": "وقتی فعال باشد، نام کاربری فرستنده بالای هر پیامی که ارسال می کنید نشان داده می شود. هنگامی که غیرفعال است، فقط \"شما\" را در بالای پیام های خود خواهید دید.",
+  "com_nav_keep_screen_awake": "روشن نگه داشتن صفحه هنگام تولید پاسخ",
   "com_nav_lang_arabic": "العربية",
+  "com_nav_lang_armenian": "ارمنی",
   "com_nav_lang_auto": "تشخیص خودکار",
+  "com_nav_lang_bosnian": "بوسنیایی",
   "com_nav_lang_brazilian_portuguese": "پرتغال برازیلیرو",
+  "com_nav_lang_catalan": "کاتالان",
   "com_nav_lang_chinese": "中文",
+  "com_nav_lang_czech": "چکی",
+  "com_nav_lang_danish": "دانمارکی",
   "com_nav_lang_dutch": "هلند",
   "com_nav_lang_english": "انگلیسی",
   "com_nav_lang_estonian": "استی کیل",
@@ -352,25 +506,49 @@
   "com_nav_lang_german": "دویچ",
   "com_nav_lang_hebrew": "عبری",
   "com_nav_lang_hungarian": "مجاری",
+  "com_nav_lang_icelandic": "ایسلندی",
   "com_nav_lang_indonesia": "اندونزی",
   "com_nav_lang_italian": "ایتالیایی",
   "com_nav_lang_japanese": "日本語",
   "com_nav_lang_korean": "한국어",
+  "com_nav_lang_latvian": "لتونیایی",
+  "com_nav_lang_lithuanian": "لیتوانیایی",
+  "com_nav_lang_norwegian_bokmal": "نروژی بوکمال",
+  "com_nav_lang_norwegian_nynorsk": "نروژی نینورسک",
   "com_nav_lang_persian": "فارسی",
   "com_nav_lang_polish": "پولسکی",
   "com_nav_lang_portuguese": "پرتغالی ها",
   "com_nav_lang_russian": "Русский",
+  "com_nav_lang_slovak": "اسلواکی",
+  "com_nav_lang_slovenian": "اسلوونیایی",
   "com_nav_lang_spanish": "اسپانیا",
   "com_nav_lang_swedish": "Svenska",
   "com_nav_lang_thai": "ไทย",
+  "com_nav_lang_tibetan": "تبتی",
   "com_nav_lang_traditional_chinese": "繁體中文",
   "com_nav_lang_turkish": "ترکچه",
+  "com_nav_lang_ukrainian": "اوکراینی",
+  "com_nav_lang_uyghur": "اویغوری",
   "com_nav_lang_vietnamese": "Tiếng Việt",
   "com_nav_language": "زبان",
   "com_nav_latex_parsing": "تجزیه LaTeX در پیام ها (ممکن است بر عملکرد تأثیر بگذارد)",
   "com_nav_log_out": "از سیستم خارج شوید",
   "com_nav_long_audio_warning": "پردازش متون طولانی‌تر زمان بیشتری می‌برد.",
   "com_nav_maximize_chat_space": "فضای چت را به حداکثر برسانید",
+  "com_nav_mcp_access_revoked": "دسترسی سرور MCP با موفقیت لغو شد.",
+  "com_nav_mcp_configure_server": "پیکربندی {{0}}",
+  "com_nav_mcp_connect": "اتصال",
+  "com_nav_mcp_connect_server": "اتصال {{0}}",
+  "com_nav_mcp_reconnect": "اتصال مجدد",
+  "com_nav_mcp_status_connected": "متصل شد",
+  "com_nav_mcp_status_connecting": "{{0}} - در حال اتصال",
+  "com_nav_mcp_status_disconnected": "قطع شد",
+  "com_nav_mcp_status_error": "خطا",
+  "com_nav_mcp_status_initializing": "در حال راه‌اندازی",
+  "com_nav_mcp_status_needs_auth": "نیاز به احراز هویت",
+  "com_nav_mcp_status_unknown": "ناشناخته",
+  "com_nav_mcp_vars_update_error": "خطا در به‌روزرسانی متغیرهای کاربر سفارشی MCP",
+  "com_nav_mcp_vars_updated": "متغیرهای کاربر سفارشی MCP با موفقیت به‌روزرسانی شد.",
   "com_nav_modular_chat": "جابجایی نقاط پایانی در اواسط مکالمه را فعال کنید",
   "com_nav_my_files": "فایل های من",
   "com_nav_not_supported": "پشتیبانی نمی شود",
@@ -386,13 +564,16 @@
   "com_nav_search_placeholder": "جستجوی پیام ها",
   "com_nav_send_message": "ارسال پیام",
   "com_nav_setting_account": "حساب",
+  "com_nav_setting_balance": "موجودی",
   "com_nav_setting_chat": "چت کنید",
   "com_nav_setting_data": "کنترل های داده",
+  "com_nav_setting_delay": "تأخیر (ثانیه)",
   "com_nav_setting_general": "ژنرال",
+  "com_nav_setting_mcp": "تنظیمات MCP",
+  "com_nav_setting_personalization": "شخصی‌سازی",
   "com_nav_setting_speech": "گفتار",
   "com_nav_settings": "تنظیمات",
   "com_nav_shared_links": "پیوندهای مشترک",
-  "com_nav_show_code": "هنگام استفاده از مفسر کد، همیشه کد را نشان دهید",
   "com_nav_show_thinking": "Thinking Dropdowns را به صورت پیش فرض باز کنید",
   "com_nav_slash_command": "/-فرمان",
   "com_nav_slash_command_description": "دستور \"/\" را برای انتخاب یک اعلان از طریق صفحه کلید تغییر دهید",
@@ -403,9 +584,11 @@
   "com_nav_theme_dark": "تاریک",
   "com_nav_theme_light": "نور",
   "com_nav_theme_system": "سیستم",
+  "com_nav_toggle_sidebar": "تغییر وضعیت نوار کناری",
   "com_nav_tool_dialog": "ابزارهای دستیار",
   "com_nav_tool_dialog_agents": "ابزار کارگزار",
   "com_nav_tool_dialog_description": "برای تداوم انتخاب ابزار، دستیار باید ذخیره شود.",
+  "com_nav_tool_dialog_mcp_server_tools": "ابزارهای سرور MCP",
   "com_nav_tool_remove": "حذف کنید",
   "com_nav_tool_search": "ابزارهای جستجو",
   "com_nav_user": "کاربر",
@@ -420,6 +603,24 @@
   "com_sidepanel_hide_panel": "پنهان کردن پنل",
   "com_sidepanel_manage_files": "مدیریت فایل ها",
   "com_sidepanel_parameters": "پارامترها",
+  "com_sources_agent_file": "سند منبع",
+  "com_sources_agent_files": "فایل‌های عامل",
+  "com_sources_download_aria_label": "دانلود {{filename}}{{status}}",
+  "com_sources_download_failed": "دانلود ناموفق بود",
+  "com_sources_download_local_unavailable": "امکان دانلود وجود ندارد: فایل ذخیره نشده است",
+  "com_sources_downloading_status": " (در حال دانلود...)",
+  "com_sources_error_fallback": "امکان بارگذاری منابع وجود ندارد",
+  "com_sources_image_alt": "تصویر نتیجه جستجو",
+  "com_sources_more_files": "+{{count}} فایل",
+  "com_sources_more_sources": "+{{count}} منبع",
+  "com_sources_pages": "صفحات",
+  "com_sources_region_label": "نتایج جستجو و منابع",
+  "com_sources_reload_page": "بارگذاری مجدد صفحه",
+  "com_sources_tab_all": "همه",
+  "com_sources_tab_files": "فایل‌ها",
+  "com_sources_tab_images": "تصاویر",
+  "com_sources_tab_news": "اخبار",
+  "com_sources_title": "منابع",
   "com_ui_2fa_account_security": "احراز هویت دو مرحله ای یک لایه امنیتی اضافی به حساب شما اضافه می کند",
   "com_ui_2fa_disable": "2FA را غیرفعال کنید",
   "com_ui_2fa_disable_error": "هنگام غیرفعال کردن احراز هویت دو مرحله‌ای خطایی روی داد",
@@ -431,15 +632,38 @@
   "com_ui_2fa_setup": "راه اندازی 2FA",
   "com_ui_2fa_verified": "احراز هویت دو مرحله ای با موفقیت تأیید شد",
   "com_ui_accept": "قبول دارم",
+  "com_ui_action_button": "دکمه عملیات",
+  "com_ui_active": "فعال",
   "com_ui_add": "اضافه کنید",
+  "com_ui_add_code_interpreter_api_key": "افزودن کلید API مفسر کد",
+  "com_ui_add_first_bookmark": "برای افزودن روی یک چت کلیک کنید",
+  "com_ui_add_first_mcp_server": "اولین سرور MCP خود را برای شروع ایجاد کنید",
+  "com_ui_add_first_prompt": "اولین پرامپت خود را برای شروع ایجاد کنید",
+  "com_ui_add_mcp": "افزودن MCP",
+  "com_ui_add_mcp_server": "افزودن سرور MCP",
   "com_ui_add_model_preset": "یک مدل یا از پیش تعیین شده برای پاسخ اضافی اضافه کنید",
   "com_ui_add_multi_conversation": "افزودن چند مکالمه",
+  "com_ui_add_special_variables": "افزودن متغیرهای ویژه",
+  "com_ui_add_web_search_api_keys": "افزودن کلیدهای API جستجوی وب",
+  "com_ui_adding_details": "افزودن جزئیات",
+  "com_ui_additional_details": "جزئیات اضافی",
   "com_ui_admin": "مدیر",
   "com_ui_admin_access_warning": "غیرفعال کردن دسترسی ادمین به این ویژگی ممکن است باعث ایجاد مشکلات غیرمنتظره رابط کاربری شود که نیاز به بازخوانی دارد. اگر ذخیره شود، تنها راه برای برگرداندن از طریق تنظیمات رابط در پیکربندی librechat.yaml است که بر همه نقش‌ها تأثیر می‌گذارد.",
   "com_ui_admin_settings": "تنظیمات مدیریت",
+  "com_ui_admin_settings_section": "تنظیمات ادمین - {{section}}",
   "com_ui_advanced": "پیشرفته",
   "com_ui_advanced_settings": "تنظیمات پیشرفته",
   "com_ui_agent": "کارگزار",
+  "com_ui_agent_api_keys": "کلیدهای API عامل",
+  "com_ui_agent_api_keys_description": "ایجاد کلیدهای API برای دسترسی به عامل‌ها از راه دور از طریق API",
+  "com_ui_agent_category_aftersales": "خدمات پس از فروش",
+  "com_ui_agent_category_finance": "مالی",
+  "com_ui_agent_category_general": "عمومی",
+  "com_ui_agent_category_hr": "منابع انسانی",
+  "com_ui_agent_category_it": "فناوری اطلاعات",
+  "com_ui_agent_category_rd": "تحقیق و توسعه",
+  "com_ui_agent_category_sales": "فروش",
+  "com_ui_agent_category_selector_aria": "انتخاب‌گر دسته عامل",
   "com_ui_agent_chain": "زنجیره کارگزار (مخلوط از عوامل)",
   "com_ui_agent_chain_info": "ایجاد دنباله ای از عوامل را فعال می کند. هر کارگزار می تواند به خروجی های عامل های قبلی در زنجیره دسترسی داشته باشد. بر اساس معماری \"Mixture-of-کارگزارs\" که در آن عامل ها از خروجی های قبلی به عنوان اطلاعات کمکی استفاده می کنند.",
   "com_ui_agent_chain_max": "شما به حداکثر رسیده اید {{0}} عوامل",
@@ -447,21 +671,61 @@
   "com_ui_agent_deleted": "کارگزار با موفقیت حذف شد",
   "com_ui_agent_duplicate_error": "خطایی در کپی کردن کارگزار رخ داد",
   "com_ui_agent_duplicated": "کارگزار با موفقیت کپی شد",
+  "com_ui_agent_handoff_add": "افزودن عامل واگذاری (Handoff)",
+  "com_ui_agent_handoff_description": "توضیحات واگذاری",
+  "com_ui_agent_handoff_description_placeholder": "مثلاً انتقال به تحلیلگر داده برای تحلیل آماری",
+  "com_ui_agent_handoff_info": "پیکربندی عامل‌هایی که این عامل می‌تواند هنگام نیاز به تخصص خاص، مکالمات را به آنها منتقل کند.",
+  "com_ui_agent_handoff_info_2": "هر واگذاری یک ابزار انتقال ایجاد می‌کند که امکان مسیریابی یکپارچه به عامل‌های متخصص با حفظ محتوا را فراهم می‌کند.",
+  "com_ui_agent_handoff_max": "به حداکثر {{0}} عامل واگذاری رسید.",
+  "com_ui_agent_handoff_prompt": "محتوای عبوری (Passthrough)",
+  "com_ui_agent_handoff_prompt_key": "نام پارامتر محتوا (پیش‌فرض: 'instructions')",
+  "com_ui_agent_handoff_prompt_key_placeholder": "برچسب‌گذاری محتوای عبوری (پیش‌فرض: 'instructions')",
+  "com_ui_agent_handoff_prompt_placeholder": "به این عامل بگویید چه محتوایی تولید کند و به عامل واگذاری بدهد. برای فعال‌سازی این ویژگی باید چیزی اینجا اضافه کنید",
+  "com_ui_agent_handoffs": "واگذاری‌های عامل",
+  "com_ui_agent_name_is_required": "نام عامل الزامی است",
   "com_ui_agent_recursion_limit": "Max کارگزار Steps",
   "com_ui_agent_recursion_limit_info": "تعداد مراحلی را که کارگزار می تواند در یک اجرا انجام دهد قبل از دادن پاسخ نهایی محدود می کند. پیش فرض 25 مرحله است. یک مرحله یا درخواست API AI یا دور استفاده از ابزار است. به عنوان مثال، یک تکارگزار ابزار پایه 3 مرحله را طی می کند: درخواست اولیه، استفاده از ابزار و درخواست پیگیری.",
+  "com_ui_agent_url_copied": "URL عامل در کلیپ‌بورد کپی شد",
   "com_ui_agent_var": "{{0}} کارگزار",
+  "com_ui_agent_version": "نسخه",
+  "com_ui_agent_version_active": "نسخه فعال",
+  "com_ui_agent_version_empty": "هیچ نسخه‌ای موجود نیست",
+  "com_ui_agent_version_error": "خطا در دریافت نسخه‌ها",
+  "com_ui_agent_version_history": "تاریخچه نسخه‌ها",
+  "com_ui_agent_version_no_agent": "هیچ عاملی انتخاب نشده است. لطفاً برای مشاهده تاریخچه نسخه‌ها یک عامل انتخاب کنید.",
+  "com_ui_agent_version_no_date": "تاریخ ناموجود",
+  "com_ui_agent_version_restore": "بازیابی",
+  "com_ui_agent_version_restore_confirm": "آیا مطمئن هستید که می‌خواهید این نسخه را بازیابی کنید؟",
+  "com_ui_agent_version_restore_error": "بازیابی نسخه ناموفق بود",
+  "com_ui_agent_version_restore_success": "نسخه با موفقیت بازیابی شد",
+  "com_ui_agent_version_title": "نسخه {{versionNumber}}",
+  "com_ui_agent_version_unknown_date": "تاریخ نامشخص",
   "com_ui_agents": "عوامل",
   "com_ui_agents_allow_create": "اجازه ایجاد کارگزارs",
+  "com_ui_agents_allow_share": "اجازه اشتراک‌گذاری عامل‌ها",
+  "com_ui_agents_allow_share_public": "اجازه اشتراک‌گذاری عامل‌ها به صورت عمومی",
   "com_ui_agents_allow_use": "اجازه استفاده از کارگزارs",
   "com_ui_all": "همه",
   "com_ui_all_proper": "همه",
   "com_ui_analyzing": "در حال تجزیه و تحلیل",
   "com_ui_analyzing_finished": "تجزیه و تحلیل را به پایان رساند",
   "com_ui_api_key": "کلید API",
+  "com_ui_api_key_copied": "کلید API در کلیپ‌بورد کپی شد",
+  "com_ui_api_key_create_error": "ایجاد کلید API ناموفق بود",
+  "com_ui_api_key_created": "کلید API با موفقیت ایجاد شد",
+  "com_ui_api_key_delete_error": "حذف کلید API ناموفق بود",
+  "com_ui_api_key_deleted": "کلید API با موفقیت حذف شد",
+  "com_ui_api_key_name": "نام کلید",
+  "com_ui_api_key_name_placeholder": "کلید API من",
+  "com_ui_api_key_name_required": "نام کلید API الزامی است",
+  "com_ui_api_key_warning": "مطمئن شوید که کلید API خود را همین حالا کپی کنید. دیگر قادر به دیدن آن نخواهید بود!",
+  "com_ui_api_keys_load_error": "بارگذاری کلیدهای API ناموفق بود",
   "com_ui_archive": "آرشیو",
+  "com_ui_archive_delete_error": "حذف مکالمه آرشیو شده ناموفق بود",
   "com_ui_archive_error": "مکالمه بایگانی نشد",
   "com_ui_artifact_click": "برای باز کردن کلیک کنید",
   "com_ui_artifacts": "مصنوعات",
+  "com_ui_artifacts_options": "گزینه‌های Artifacts",
   "com_ui_artifacts_toggle": "تغییر رابط کاربری Artifacts",
   "com_ui_artifacts_toggle_agent": "Artifacts را فعال کنید",
   "com_ui_ascending": "صعودی",
@@ -470,7 +734,9 @@
   "com_ui_assistant_deleted": "دستیار با موفقیت حذف شد",
   "com_ui_assistants": "دستیاران",
   "com_ui_assistants_output": "خروجی دستیاران",
+  "com_ui_at_least_one_owner_required": "حداقل یک مالک الزامی است",
   "com_ui_attach_error": "فایل پیوست نمی شود. مکالمه ای ایجاد یا انتخاب کنید، یا سعی کنید صفحه را بازخوانی کنید.",
+  "com_ui_attach_error_disabled": "آپلود فایل برای این نقطه پایانی (endpoint) غیرفعال است",
   "com_ui_attach_error_openai": "نمی‌توان فایل‌های دستیار را به نقاط پایانی دیگر پیوست کرد",
   "com_ui_attach_error_size": "بیش از حد اندازه فایل برای نقطه پایانی:",
   "com_ui_attach_error_type": "نوع فایل پشتیبانی نشده برای نقطه پایانی:",
@@ -479,22 +745,32 @@
   "com_ui_attachment": "پیوست",
   "com_ui_auth_type": "نوع احراز هویت",
   "com_ui_auth_url": "URL مجوز",
+  "com_ui_authenticate": "احراز هویت",
   "com_ui_authentication": "احراز هویت",
   "com_ui_authentication_type": "نوع احراز هویت",
+  "com_ui_auto": "خودکار",
   "com_ui_avatar": "آواتار",
   "com_ui_azure": "آژور",
+  "com_ui_azure_ad": "شناسه Entra",
+  "com_ui_back": "بازگشت",
+  "com_ui_back_to_builder": "بازگشت به سازنده",
   "com_ui_back_to_chat": "بازگشت به چت",
   "com_ui_back_to_prompts": "بازگشت به Prompts",
+  "com_ui_backup_code_number": "کد #{{number}}",
   "com_ui_backup_codes": "کدهای پشتیبان",
   "com_ui_backup_codes_regenerate_error": "هنگام ایجاد مجدد کدهای پشتیبان خطایی روی داد",
   "com_ui_backup_codes_regenerated": "کدهای پشتیبان با موفقیت بازسازی شدند",
+  "com_ui_backup_codes_security_info": "به دلایل امنیتی، کدهای پشتیبان هنگام تولید فقط یک بار نمایش داده می‌شوند. لطفاً آنها را در مکانی امن ذخیره کنید.",
+  "com_ui_backup_codes_status": "وضعیت کدهای پشتیبان",
   "com_ui_basic": "اساسی",
   "com_ui_basic_auth_header": "هدر مجوز اولیه",
   "com_ui_bearer": "حامل",
+  "com_ui_beta": "بتا",
   "com_ui_bookmark_delete_confirm": "آیا مطمئن هستید که می خواهید این نشانک را حذف کنید؟",
   "com_ui_bookmarks": "نشانک ها",
   "com_ui_bookmarks_add": "اضافه کردن نشانک",
   "com_ui_bookmarks_add_to_conversation": "به مکالمه فعلی اضافه کنید",
+  "com_ui_bookmarks_count_selected": "بوک‌مارک‌ها، {{count}} انتخاب شد",
   "com_ui_bookmarks_create_error": "در ایجاد نشانک خطایی روی داد",
   "com_ui_bookmarks_create_exists": "این نشانک از قبل وجود دارد",
   "com_ui_bookmarks_create_success": "نشانک با موفقیت ایجاد شد",
@@ -505,42 +781,89 @@
   "com_ui_bookmarks_edit": "ویرایش نشانک",
   "com_ui_bookmarks_filter": "فیلتر کردن نشانک‌ها...",
   "com_ui_bookmarks_new": "نشانک جدید",
+  "com_ui_bookmarks_tag_exists": "یک بوک‌مارک با این عنوان قبلاً وجود دارد",
   "com_ui_bookmarks_title": "عنوان",
   "com_ui_bookmarks_update_error": "هنگام به‌روزرسانی نشانک خطایی روی داد",
   "com_ui_bookmarks_update_success": "نشانک با موفقیت به روز شد",
+  "com_ui_branch_created": "شاخه با موفقیت ایجاد شد",
+  "com_ui_branch_error": "ایجاد شاخه ناموفق بود",
+  "com_ui_branch_message": "ایجاد شاخه از این پاسخ",
+  "com_ui_by_author": "توسط {{0}}",
   "com_ui_callback_url": "URL برگشت به تماس",
   "com_ui_cancel": "لغو کنید",
+  "com_ui_cancelled": "لغو شد",
+  "com_ui_category": "دسته",
+  "com_ui_change_version": "تغییر نسخه",
   "com_ui_chat": "چت کنید",
   "com_ui_chat_history": "تاریخچه چت",
+  "com_ui_chats": "چت‌ها",
+  "com_ui_check_internet": "اتصال اینترنت خود را بررسی کنید",
   "com_ui_clear": "پاک کردن",
   "com_ui_clear_all": "پاک کردن همه",
+  "com_ui_clear_browser_cache": "کش مرورگر خود را پاک کنید",
+  "com_ui_clear_presets": "پاک کردن پیش‌تنظیمات",
+  "com_ui_clear_search": "پاک کردن جستجو",
+  "com_ui_click_to_close": "برای بستن کلیک کنید",
+  "com_ui_click_to_view_var": "برای مشاهده {{0}} کلیک کنید",
   "com_ui_client_id": "شناسه مشتری",
   "com_ui_client_secret": "راز مشتری",
   "com_ui_close": "بستن",
   "com_ui_close_menu": "بستن منو",
+  "com_ui_close_settings": "بستن تنظیمات",
+  "com_ui_close_var": "بستن {{0}}",
+  "com_ui_close_window": "بستن پنجره",
   "com_ui_code": "کد",
+  "com_ui_collapse": "جمع کردن",
   "com_ui_collapse_chat": "جمع کردن چت",
+  "com_ui_collapse_thoughts": "جمع کردن افکار",
   "com_ui_command_placeholder": "اختیاری: دستوری را برای فرمان وارد کنید یا نام مورد استفاده قرار گیرد",
   "com_ui_command_usage_placeholder": "یک درخواست با دستور یا نام انتخاب کنید",
   "com_ui_complete_setup": "راه اندازی کامل",
+  "com_ui_concise": "مختصر",
+  "com_ui_configure": "پیکربندی",
+  "com_ui_configure_mcp_variables_for": "پیکربندی متغیرها برای {{0}}",
+  "com_ui_confirm": "تأیید",
   "com_ui_confirm_action": "اقدام را تأیید کنید",
   "com_ui_confirm_admin_use_change": "با تغییر این تنظیم، دسترسی مدیران، از جمله خودتان مسدود می‌شود. آیا مطمئن هستید که می خواهید ادامه دهید؟",
   "com_ui_confirm_change": "تغییر را تایید کنید",
+  "com_ui_connecting": "در حال اتصال",
+  "com_ui_contact_admin_if_issue_persists": "اگر مشکل ادامه داشت با ادمین تماس بگیرید",
   "com_ui_context": "زمینه",
+  "com_ui_context_filter_sort": "فیلتر و مرتب‌سازی بر اساس محتوا (Context)",
   "com_ui_continue": "ادامه دهید",
-  "com_ui_controls": "کنترل ها",
+  "com_ui_continue_oauth": "ادامه با OAuth",
+  "com_ui_control_bar": "نوار کنترل",
+  "com_ui_conversation": "مکالمه",
+  "com_ui_conversation_label": "مکالمه {{title}}",
+  "com_ui_conversations": "مکالمات",
+  "com_ui_convo_archived": "مکالمه آرشیو شد",
+  "com_ui_convo_delete_error": "حذف مکالمه ناموفق بود",
+  "com_ui_convo_delete_success": "مکالمه با موفقیت حذف شد",
   "com_ui_copied": "کپی شده!",
   "com_ui_copied_to_clipboard": "در کلیپ بورد کپی شد",
+  "com_ui_copy": "کپی",
   "com_ui_copy_code": "کد را کپی کنید",
   "com_ui_copy_link": "لینک را کپی کنید",
+  "com_ui_copy_stack_trace": "کپی Stack Trace",
+  "com_ui_copy_thoughts_to_clipboard": "کپی افکار در کلیپ‌بورد",
   "com_ui_copy_to_clipboard": "در کلیپ بورد کپی کنید",
+  "com_ui_copy_url_to_clipboard": "کپی URL در کلیپ‌بورد",
   "com_ui_create": "ایجاد کنید",
+  "com_ui_create_api_key": "ایجاد کلید API",
+  "com_ui_create_assistant": "ایجاد دستیار",
   "com_ui_create_link": "ایجاد لینک",
+  "com_ui_create_memory": "ایجاد حافظه",
+  "com_ui_create_new_agent": "ایجاد عامل جدید",
   "com_ui_create_prompt": "Prompt ایجاد کنید",
+  "com_ui_create_prompt_page": "صفحه پیکربندی پرامپت جدید",
+  "com_ui_created": "ایجاد شد",
+  "com_ui_creating_image": "در حال ایجاد تصویر. ممکن است لحظاتی طول بکشد",
+  "com_ui_current": "جاری",
   "com_ui_currently_production": "در حال حاضر در حال تولید است",
   "com_ui_custom": "سفارشی",
   "com_ui_custom_header_name": "نام هدر سفارشی",
   "com_ui_custom_prompt_mode": "حالت درخواست سفارشی",
+  "com_ui_dark_theme_enabled": "تم تاریک فعال شد",
   "com_ui_dashboard": "داشبورد",
   "com_ui_date": "تاریخ",
   "com_ui_date_april": "آوریل",
@@ -557,6 +880,7 @@
   "com_ui_date_previous_30_days": "30 روز قبل",
   "com_ui_date_previous_7_days": "7 روز قبل",
   "com_ui_date_september": "سپتامبر",
+  "com_ui_date_sort": "مرتب‌سازی بر اساس تاریخ",
   "com_ui_date_today": "امروز",
   "com_ui_date_yesterday": "دیروز",
   "com_ui_decline": "من قبول ندارم",
@@ -564,47 +888,107 @@
   "com_ui_delete": "حذف کنید",
   "com_ui_delete_action": "حذف Action",
   "com_ui_delete_action_confirm": "آیا مطمئن هستید که می خواهید این عمل را حذف کنید؟",
+  "com_ui_delete_agent": "حذف عامل",
   "com_ui_delete_agent_confirm": "آیا مطمئن هستید که می خواهید این کارگزار را حذف کنید؟",
+  "com_ui_delete_assistant": "حذف دستیار",
   "com_ui_delete_assistant_confirm": "آیا مطمئن هستید که می خواهید این دستیار را حذف کنید؟ این قابل واگرد نیست.",
   "com_ui_delete_confirm": "این حذف خواهد شد",
   "com_ui_delete_confirm_prompt_version_var": "با این کار نسخه انتخاب شده برای \" حذف می شود{{0}}اگر نسخه دیگری وجود نداشته باشد، درخواست حذف خواهد شد.",
+  "com_ui_delete_confirm_strong": "این کار باعث حذف <strong>{{title}}</strong> خواهد شد",
   "com_ui_delete_conversation": "چت حذف شود؟",
+  "com_ui_delete_conversation_tooltip": "حذف مکالمه",
+  "com_ui_delete_memory": "حذف حافظه",
+  "com_ui_delete_not_allowed": "عملیات حذف مجاز نیست",
+  "com_ui_delete_preset": "حذف پیش‌تنظیم؟",
   "com_ui_delete_prompt": "درخواست حذف شود؟",
+  "com_ui_delete_prompt_name": "حذف پرامپت - {{name}}",
   "com_ui_delete_shared_link": "پیوند مشترک حذف شود؟",
+  "com_ui_delete_shared_link_heading": "حذف لینک اشتراک‌گذاری",
+  "com_ui_delete_success": "با موفقیت حذف شد",
   "com_ui_delete_tool": "ابزار حذف",
   "com_ui_delete_tool_confirm": "آیا مطمئن هستید که می خواهید این ابزار را حذف کنید؟",
+  "com_ui_delete_tool_save_reminder": "ابزار حذف شد. برای اعمال تغییرات عامل را ذخیره کنید.",
+  "com_ui_deleted": "حذف شد",
+  "com_ui_deleting_file": "در حال حذف فایل...",
   "com_ui_descending": "توصیف",
   "com_ui_description": "توضیحات",
   "com_ui_description_placeholder": "اختیاری: توضیحی را برای نمایش برای درخواست وارد کنید",
+  "com_ui_deselect_all": "لغو انتخاب همه",
+  "com_ui_detailed": "با جزئیات",
   "com_ui_disabling": "غیرفعال کردن...",
+  "com_ui_done": "انجام شد",
   "com_ui_download": "دانلود کنید",
   "com_ui_download_artifact": "آرتیفکت را دانلود کنید",
   "com_ui_download_backup": "دانلود کدهای پشتیبان",
   "com_ui_download_backup_tooltip": "قبل از ادامه، کدهای پشتیبان خود را دانلود کنید. اگر دستگاه احراز هویت خود را گم کردید، به آنها برای بازیابی دسترسی نیاز خواهید داشت",
   "com_ui_download_error": "خطا در دانلود فایل ممکن است فایل حذف شده باشد.",
+  "com_ui_download_error_logs": "دانلود لاگ‌های خطا",
   "com_ui_drag_drop": "چیزی باید به اینجا برود خالی بود",
   "com_ui_dropdown_variables": "متغیرهای کشویی:",
-  "com_ui_dropdown_variables_info": "منوهای کشویی سفارشی برای درخواست های خود ایجاد کنید: `{{variable_name:option1|option2|option3}}`",
   "com_ui_duplicate": "تکراری",
+  "com_ui_duplicate_agent": "تکثیر عامل",
   "com_ui_duplication_error": "هنگام تکرار مکالمه خطایی روی داد",
   "com_ui_duplication_processing": "مکالمه تکراری...",
   "com_ui_duplication_success": "مکالمه با موفقیت تکرار شد",
   "com_ui_edit": "ویرایش کنید",
+  "com_ui_edit_editing_image": "در حال ویرایش تصویر",
+  "com_ui_edit_mcp_server": "ویرایش سرور MCP",
+  "com_ui_edit_mcp_server_dialog_description": "شناسه منحصر به فرد سرور: {{serverName}}",
+  "com_ui_edit_memory": "ویرایش حافظه",
+  "com_ui_edit_preset_title": "ویرایش پیش‌تنظیم - {{title}}",
+  "com_ui_edit_prompt_page": "صفحه ویرایش پرامپت",
+  "com_ui_editable_message": "پیام قابل ویرایش",
+  "com_ui_editor_instructions": "برای جابجایی تصویر بکشید • از اسلایدر زوم یا دکمه‌ها برای تنظیم اندازه استفاده کنید",
   "com_ui_empty_category": "-",
   "com_ui_endpoint": "نقطه پایانی",
   "com_ui_endpoint_menu": "منوی نقطه پایانی LLM",
   "com_ui_enter": "وارد کنید",
   "com_ui_enter_api_key": "کلید API را وارد کنید",
+  "com_ui_enter_description": "توضیحات را وارد کنید (اختیاری)",
+  "com_ui_enter_key": "کلید را وارد کنید",
+  "com_ui_enter_name": "نام را وارد کنید",
   "com_ui_enter_openapi_schema": "طرح OpenAPI خود را در اینجا وارد کنید",
+  "com_ui_enter_value": "مقدار را وارد کنید",
   "com_ui_error": "خطا",
   "com_ui_error_connection": "خطا در اتصال به سرور، سعی کنید صفحه را بازخوانی کنید.",
+  "com_ui_error_message_prefix": "پیام خطا:",
   "com_ui_error_save_admin_settings": "هنگام ذخیره تنظیمات سرپرست شما خطایی روی داد.",
+  "com_ui_error_try_following_prefix": "لطفاً یکی از موارد زیر را امتحان کنید",
+  "com_ui_error_unexpected": "اوه! اتفاق غیرمنتظره‌ای رخ داد",
+  "com_ui_error_updating_preferences": "خطا در به‌روزرسانی ترجیحات",
+  "com_ui_everyone_permission_level": "سطح دسترسی همه",
   "com_ui_examples": "نمونه ها",
+  "com_ui_expand": "گسترش",
   "com_ui_expand_chat": "گپ را بزرگ کنید",
+  "com_ui_expand_thoughts": "گسترش افکار",
   "com_ui_export_convo_modal": "Export Conversation Modal",
+  "com_ui_feedback_more": "بیشتر...",
+  "com_ui_feedback_more_information": "ارائه بازخورد اضافی",
+  "com_ui_feedback_negative": "نیاز به بهبود",
+  "com_ui_feedback_placeholder": "لطفاً هر گونه بازخورد اضافی را اینجا وارد کنید",
+  "com_ui_feedback_positive": "این را دوست دارم",
+  "com_ui_feedback_tag_accurate_reliable": "دقیق و قابل اعتماد",
+  "com_ui_feedback_tag_attention_to_detail": "توجه به جزئیات",
+  "com_ui_feedback_tag_bad_style": "سبک یا لحن ضعیف",
+  "com_ui_feedback_tag_clear_well_written": "واضح و خوش‌نوشت",
+  "com_ui_feedback_tag_creative_solution": "راه حل خلاقانه",
+  "com_ui_feedback_tag_inaccurate": "پاسخ نادرست یا غلط",
+  "com_ui_feedback_tag_missing_image": "انتظار تصویر داشتم",
+  "com_ui_feedback_tag_not_helpful": "فقدان اطلاعات مفید",
+  "com_ui_feedback_tag_not_matched": "با درخواست من مطابقت نداشت",
+  "com_ui_feedback_tag_other": "مشکل دیگر",
+  "com_ui_feedback_tag_unjustified_refusal": "بدون دلیل رد شد",
+  "com_ui_field_max_length": "{{field}} باید کمتر از {{length}} کاراکتر باشد",
   "com_ui_field_required": "این فیلد الزامی است",
+  "com_ui_file_input_avatar_label": "ورودی فایل برای آواتار",
+  "com_ui_file_size": "اندازه فایل",
+  "com_ui_file_token_limit": "محدودیت توکن فایل",
+  "com_ui_file_token_limit_desc": "تنظیم حداکثر محدودیت توکن برای پردازش فایل جهت کنترل هزینه‌ها و مصرف منابع",
+  "com_ui_files": "فایل‌ها",
+  "com_ui_filter_mcp_servers": "فیلتر سرورهای MCP بر اساس نام",
   "com_ui_filter_prompts": "درخواست های فیلتر",
   "com_ui_filter_prompts_name": "درخواست ها را با نام فیلتر کنید",
+  "com_ui_final_touch": "لمس نهایی",
   "com_ui_finance": "امور مالی",
   "com_ui_fork": "چنگال",
   "com_ui_fork_all_target": "شامل همه به/از اینجا",
@@ -612,15 +996,20 @@
   "com_ui_fork_change_default": "گزینه پیش فرض چنگال",
   "com_ui_fork_default": "از گزینه پیش فرض چنگال استفاده کنید",
   "com_ui_fork_error": "خطایی در ایجاد مکالمه وجود داشت",
+  "com_ui_fork_error_rate_limit": "درخواست‌های انشعاب (fork) بیش از حد. لطفاً بعداً دوباره تلاش کنید",
   "com_ui_fork_from_message": "یک گزینه چنگال را انتخاب کنید",
   "com_ui_fork_info_1": "از این تنظیم برای فورک کردن پیام ها با رفتار دلخواه استفاده کنید.",
   "com_ui_fork_info_2": "\"Forking\" به ایجاد یک مکالمه جدید اشاره دارد که از پیام‌های خاصی در مکالمه فعلی شروع/پایان می‌یابد، و مطابق با گزینه‌های انتخاب شده یک کپی ایجاد می‌کند.",
   "com_ui_fork_info_3": "\"پیام هدف\" یا به پیامی اشاره دارد که این پنجره از آن باز شده است، یا اگر علامت \"{{0}}\"، آخرین پیام در گفتگو.",
   "com_ui_fork_info_branches": "این گزینه پیام های قابل مشاهده را به همراه شاخه های مرتبط فورک می کند. به عبارت دیگر، مسیر مستقیم به پیام هدف، از جمله شاخه های در طول مسیر.",
+  "com_ui_fork_info_button_label": "مشاهده اطلاعات درباره انشعاب مکالمات",
   "com_ui_fork_info_remember": "این را علامت بزنید تا گزینه‌هایی را که برای استفاده در آینده انتخاب می‌کنید، به خاطر بسپارید و در صورت تمایل، گفتگوها را سریع‌تر انجام دهید.",
   "com_ui_fork_info_start": "در صورت علامت زدن، انشعاب از این پیام تا آخرین پیام در مکالمه، مطابق با رفتار انتخاب شده در بالا آغاز می‌شود.",
   "com_ui_fork_info_target": "این گزینه تمام پیام‌های منتهی به پیام هدف، از جمله همسایه‌های آن را فورک می‌کند. به عبارت دیگر، همه شاخه های پیام، چه قابل مشاهده باشند و چه در مسیر یکسان باشند، شامل می شوند.",
   "com_ui_fork_info_visible": "این گزینه فقط پیام های قابل مشاهده را فورک می کند. به عبارت دیگر، مسیر مستقیم به پیام هدف، بدون هیچ شاخه ای.",
+  "com_ui_fork_more_details_about": "مشاهده اطلاعات اضافی و جزئیات درباره گزینه انشعاب \"{{0}}\"",
+  "com_ui_fork_more_info_options": "مشاهده توضیح دقیق تمام گزینه‌های انشعاب و رفتارهای آنها",
+  "com_ui_fork_open_menu": "باز کردن منوی انشعاب",
   "com_ui_fork_processing": "قطع گفتگو...",
   "com_ui_fork_remember": "به یاد داشته باشید",
   "com_ui_fork_remember_checked": "انتخاب شما پس از استفاده به خاطر سپرده خواهد شد. هر زمان خواستید این را در تنظیمات تغییر دهید.",
@@ -630,66 +1019,220 @@
   "com_ui_fork_visible": "فقط پیام های قابل مشاهده",
   "com_ui_generate_qrcode": "کد QR ایجاد کنید",
   "com_ui_generating": "در حال تولید...",
+  "com_ui_generation_settings": "تنظیمات تولید",
+  "com_ui_getting_started": "شروع کار",
   "com_ui_global_group": "چیزی باید به اینجا برود خالی بود",
   "com_ui_go_back": "به عقب برگرد",
   "com_ui_go_to_conversation": "به گفتگو بروید",
   "com_ui_good_afternoon": "ظهر بخیر",
   "com_ui_good_evening": "عصر بخیر",
   "com_ui_good_morning": "صبح بخیر",
+  "com_ui_group": "گروه",
+  "com_ui_handoff_instructions": "دستورالعمل‌های واگذاری",
   "com_ui_happy_birthday": "تولد 1 سالگی من است!",
+  "com_ui_header_format": "فرمت هدر",
+  "com_ui_hide": "پنهان کردن",
+  "com_ui_hide_code": "پنهان کردن کد",
+  "com_ui_hide_image_details": "پنهان کردن جزئیات تصویر",
+  "com_ui_hide_password": "پنهان کردن رمز عبور",
   "com_ui_hide_qr": "کد QR را مخفی کنید",
+  "com_ui_high": "زیاد",
   "com_ui_host": "میزبان",
+  "com_ui_icon": "آیکون",
   "com_ui_idea": "ایده ها",
+  "com_ui_image_created": "تصویر ایجاد شد",
+  "com_ui_image_details": "جزئیات تصویر",
+  "com_ui_image_edited": "تصویر ویرایش شد",
   "com_ui_image_gen": "تصویر ژنرال",
   "com_ui_import": "واردات",
   "com_ui_import_conversation_error": "هنگام وارد کردن مکالمات شما خطایی روی داد",
   "com_ui_import_conversation_file_type_error": "نوع واردات پشتیبانی نشده است",
   "com_ui_import_conversation_info": "مکالمات را از یک فایل JSON وارد کنید",
   "com_ui_import_conversation_success": "مکالمات با موفقیت وارد شد",
+  "com_ui_import_conversation_upload_error": "خطا در آپلود فایل. لطفاً دوباره تلاش کنید.",
+  "com_ui_importing": "در حال وارد کردن",
   "com_ui_include_shadcnui": "شامل دستورالعمل های اجزای shadcn/ui",
+  "com_ui_initializing": "در حال راه‌اندازی...",
   "com_ui_input": "ورودی",
   "com_ui_instructions": "دستورالعمل ها",
+  "com_ui_key": "کلید",
+  "com_ui_key_required": "کلید API الزامی است",
+  "com_ui_last_used": "آخرین استفاده",
   "com_ui_late_night": "آخر شب مبارک",
   "com_ui_latest_footer": "هر هوش مصنوعی برای همه",
-  "com_ui_latest_production_version": "آخرین نسخه تولیدی",
   "com_ui_latest_version": "آخرین نسخه",
+  "com_ui_leave_blank_to_keep": "برای حفظ مقدار موجود خالی بگذارید",
   "com_ui_librechat_code_api_key": "کلید LibreChat Code Interpreter API خود را دریافت کنید",
   "com_ui_librechat_code_api_subtitle": "امن. چند زبانه. فایل های ورودی/خروجی",
   "com_ui_librechat_code_api_title": "کد هوش مصنوعی را اجرا کنید",
+  "com_ui_light_theme_enabled": "تم روشن فعال شد",
+  "com_ui_link_copied": "لینک کپی شد",
+  "com_ui_link_refreshed": "لینک رفرش شد",
   "com_ui_loading": "در حال بارگیری...",
   "com_ui_locked": "قفل شده است",
   "com_ui_logo": "{{0}} لوگو",
+  "com_ui_low": "کم",
   "com_ui_manage": "مدیریت کنید",
+  "com_ui_marketplace": "بازار (Marketplace)",
+  "com_ui_marketplace_allow_use": "اجازه استفاده از بازار",
+  "com_ui_max": "حداکثر",
+  "com_ui_max_favorites_reached": "به حداکثر موارد پین شده رسید ({{0}}). برای افزودن موارد بیشتر، پین یک مورد را بردارید.",
+  "com_ui_max_file_size": "PNG، JPG یا JPEG (حداکثر {{0}})",
   "com_ui_max_tags": "حداکثر تعداد مجاز است {{0}}، با استفاده از آخرین مقادیر.",
+  "com_ui_mcp_authenticated_success": "سرور MCP '{{0}}' با موفقیت احراز هویت شد",
+  "com_ui_mcp_click_to_defer": "برای به تعویق انداختن کلیک کنید - ابزار از طریق جستجو قابل کشف خواهد بود اما تا زمان نیاز بارگذاری نمی‌شود",
+  "com_ui_mcp_click_to_programmatic": "فعال‌سازی فراخوانی برنامه‌نویسی شده - ابزار فقط از طریق اجرای کد قابل فراخوانی است",
+  "com_ui_mcp_configure_server": "پیکربندی {{0}}",
+  "com_ui_mcp_configure_server_description": "پیکربندی متغیرهای سفارشی برای {{0}}",
+  "com_ui_mcp_defer": "به تعویق انداختن (Defer)",
+  "com_ui_mcp_defer_all": "به تعویق انداختن همه ابزارها",
+  "com_ui_mcp_defer_loading": "بارگذاری با تأخیر",
+  "com_ui_mcp_dialog_title": "پیکربندی متغیرها برای {{serverName}}. وضعیت سرور: {{status}}",
+  "com_ui_mcp_domain_not_allowed": "دامنه سرور MCP در لیست دامنه‌های مجاز نیست. لطفاً با مدیر خود تماس بگیرید.",
+  "com_ui_mcp_enter_var": "مقدار را برای {{0}} وارد کنید",
+  "com_ui_mcp_init_failed": "راه‌اندازی سرور MCP ناموفق بود",
+  "com_ui_mcp_initialize": "راه‌اندازی",
+  "com_ui_mcp_initialized_success": "سرور MCP '{{0}}' با موفقیت راه‌اندازی شد",
+  "com_ui_mcp_invalid_url": "لطفاً یک URL معتبر وارد کنید",
+  "com_ui_mcp_no_description": "توضیحات موجود نیست",
+  "com_ui_mcp_oauth_cancelled": "ورود با OAuth برای {{0}} لغو شد",
+  "com_ui_mcp_oauth_timeout": "زمان ورود با OAuth برای {{0}} تمام شد",
+  "com_ui_mcp_programmatic": "برنامه‌نویسی شده",
+  "com_ui_mcp_programmatic_all": "علامت‌گذاری همه به عنوان برنامه‌نویسی شده",
+  "com_ui_mcp_server": "سرور MCP",
+  "com_ui_mcp_server_connection_failed": "تلاش برای اتصال به سرور MCP ارائه شده ناموفق بود. لطفاً مطمئن شوید که URL، نوع سرور و هرگونه پیکربندی احراز هویت صحیح است، سپس دوباره تلاش کنید. همچنین مطمئن شوید URL قابل دسترسی است.",
+  "com_ui_mcp_server_created": "سرور MCP با موفقیت ایجاد شد",
+  "com_ui_mcp_server_delete_confirm": "آیا مطمئن هستید که می‌خواهید این سرور MCP را حذف کنید؟",
+  "com_ui_mcp_server_deleted": "سرور MCP با موفقیت حذف شد",
+  "com_ui_mcp_server_role_editor": "ویرایشگر سرور MCP",
+  "com_ui_mcp_server_role_editor_desc": "می‌تواند سرورهای MCP را مشاهده، استفاده و ویرایش کند",
+  "com_ui_mcp_server_role_owner": "مالک سرور MCP",
+  "com_ui_mcp_server_role_owner_desc": "کنترل کامل بر سرورهای MCP",
+  "com_ui_mcp_server_role_viewer": "بیننده سرور MCP",
+  "com_ui_mcp_server_role_viewer_desc": "می‌تواند سرورهای MCP را مشاهده و استفاده کند",
+  "com_ui_mcp_server_updated": "سرور MCP با موفقیت به‌روزرسانی شد",
+  "com_ui_mcp_server_url_placeholder": "https://mcp.example.com",
+  "com_ui_mcp_servers": "سرورهای MCP",
+  "com_ui_mcp_servers_allow_create": "اجازه به کاربران برای ایجاد سرورهای MCP",
+  "com_ui_mcp_servers_allow_share": "اجازه به کاربران برای اشتراک‌گذاری سرورهای MCP",
+  "com_ui_mcp_servers_allow_share_public": "اجازه به کاربران برای اشتراک‌گذاری عمومی سرورهای MCP",
+  "com_ui_mcp_servers_allow_use": "اجازه به کاربران برای استفاده از سرورهای MCP",
+  "com_ui_mcp_title_invalid": "عنوان فقط می‌تواند شامل حروف، اعداد و فاصله‌ها باشد",
+  "com_ui_mcp_tool_options": "گزینه‌های ابزار",
+  "com_ui_mcp_transport": "انتقال (Transport)",
+  "com_ui_mcp_type_sse": "SSE",
+  "com_ui_mcp_type_streamable_http": "HTTPS قابل استریم",
+  "com_ui_mcp_undefer": "لغو تعویق",
+  "com_ui_mcp_undefer_all": "لغو تعویق همه ابزارها",
+  "com_ui_mcp_unprogrammatic_all": "لغو علامت‌گذاری همه به عنوان برنامه‌نویسی شده",
+  "com_ui_mcp_update_var": "به‌روزرسانی {{0}}",
+  "com_ui_mcp_url": "URL سرور MCP",
+  "com_ui_medium": "متوسط",
+  "com_ui_memories": "خاطرات",
+  "com_ui_memories_allow_create": "اجازه ایجاد خاطرات",
+  "com_ui_memories_allow_opt_out": "اجازه انصراف کاربران از خاطرات",
+  "com_ui_memories_allow_read": "اجازه خواندن خاطرات",
+  "com_ui_memories_allow_update": "اجازه به‌روزرسانی خاطرات",
+  "com_ui_memories_allow_use": "اجازه استفاده از خاطرات",
+  "com_ui_memories_filter": "فیلتر خاطرات...",
+  "com_ui_memory": "حافظه",
+  "com_ui_memory_already_exceeded": "ذخیره‌سازی حافظه پر است - به میزان {{tokens}} توکن تجاوز کرده است. قبل از افزودن موارد جدید، خاطرات موجود را حذف کنید.",
+  "com_ui_memory_created": "حافظه با موفقیت ایجاد شد",
+  "com_ui_memory_deleted": "حافظه حذف شد",
+  "com_ui_memory_deleted_items": "خاطرات حذف شده",
+  "com_ui_memory_error": "خطای حافظه",
+  "com_ui_memory_key_exists": "حافظه‌ای با این کلید قبلاً وجود دارد. لطفاً از کلید متفاوتی استفاده کنید.",
+  "com_ui_memory_key_hint": "فقط از حروف کوچک و زیرخط استفاده کنید",
+  "com_ui_memory_key_validation": "کلید حافظه فقط باید شامل حروف کوچک و زیرخط باشد.",
+  "com_ui_memory_storage_full": "ذخیره‌سازی حافظه پر است",
+  "com_ui_memory_updated": "حافظه ذخیره شده به‌روزرسانی شد",
+  "com_ui_memory_updated_items": "خاطرات به‌روزرسانی شده",
+  "com_ui_memory_would_exceed": "امکان ذخیره وجود ندارد - از حد مجاز به میزان {{tokens}} توکن تجاوز می‌کند. برای باز کردن فضا، خاطرات موجود را حذف کنید.",
   "com_ui_mention": "یک نقطه پایانی، دستیار یا از پیش تعیین شده را برای جابجایی سریع به آن ذکر کنید",
+  "com_ui_mermaid": "mermaid",
+  "com_ui_mermaid_failed": "رندر نمودار ناموفق بود:",
+  "com_ui_mermaid_source": "کد منبع:",
+  "com_ui_message_input": "ورودی پیام",
+  "com_ui_microphone_unavailable": "میکروفون در دسترس نیست",
   "com_ui_min_tags": "نمی توان مقادیر بیشتری را حذف کرد، حداقل {{0}} مورد نیاز هستند.",
+  "com_ui_minimal": "حداقل",
   "com_ui_misc": "متفرقه",
   "com_ui_model": "مدل",
   "com_ui_model_parameters": "پارامترهای مدل",
+  "com_ui_model_parameters_reset": "پارامترهای مدل بازنشانی شده‌اند.",
+  "com_ui_model_selected": "{{0}} انتخاب شد",
   "com_ui_more_info": "اطلاعات بیشتر",
   "com_ui_my_prompts": "درخواست های من",
   "com_ui_name": "نام",
+  "com_ui_name_sort": "مرتب‌سازی بر اساس نام",
   "com_ui_new": "جدید",
   "com_ui_new_chat": "چت جدید",
+  "com_ui_new_conversation_title": "عنوان مکالمه جدید",
   "com_ui_next": "بعدی",
   "com_ui_no": "خیر",
+  "com_ui_no_api_keys": "هنوز کلید API وجود ندارد. برای شروع یکی ایجاد کنید.",
+  "com_ui_no_auth": "بدون احراز هویت",
   "com_ui_no_bookmarks": "به نظر می رسد هنوز هیچ نشانکی ندارید. روی یک چت کلیک کنید و یک چت جدید اضافه کنید",
+  "com_ui_no_bookmarks_match": "هیچ بوک‌مارکی با جستجوی شما مطابقت ندارد",
+  "com_ui_no_bookmarks_title": "هنوز بوک‌مارکی وجود ندارد",
+  "com_ui_no_categories": "هیچ دسته‌ای موجود نیست",
   "com_ui_no_category": "بدون دسته",
+  "com_ui_no_changes": "هیچ تغییری انجام نشد",
+  "com_ui_no_individual_access": "هیچ کاربر یا گروه فردی به این عامل دسترسی ندارد",
+  "com_ui_no_mcp_servers": "هنوز سرور MCP وجود ندارد",
+  "com_ui_no_mcp_servers_match": "هیچ سرور MCP با فیلتر شما مطابقت ندارد",
+  "com_ui_no_memories": "هیچ خاطره‌ای وجود ندارد. آنها را دستی ایجاد کنید یا به هوش مصنوعی بگویید چیزی را به خاطر بسپارد",
+  "com_ui_no_memories_match": "هیچ خاطره‌ای با جستجوی شما مطابقت ندارد",
+  "com_ui_no_memories_title": "هنوز خاطره‌ای وجود ندارد",
+  "com_ui_no_personalization_available": "در حال حاضر گزینه‌های شخصی‌سازی موجود نیست",
+  "com_ui_no_prompts_title": "هنوز پرامپتی وجود ندارد",
+  "com_ui_no_read_access": "شما اجازه مشاهده خاطرات را ندارید",
+  "com_ui_no_results_found": "نتیجه‌ای یافت نشد",
   "com_ui_no_terms_content": "هیچ محتوای شرایط و ضوابطی برای نمایش وجود ندارد",
   "com_ui_none": "هیچ کدام",
   "com_ui_not_used": "استفاده نشده است",
   "com_ui_nothing_found": "چیزی پیدا نشد",
   "com_ui_oauth": "OAuth",
+  "com_ui_oauth_connected_to": "متصل به",
+  "com_ui_oauth_error_callback_failed": "بازخوانی احراز هویت ناموفق بود. لطفاً دوباره تلاش کنید.",
+  "com_ui_oauth_error_generic": "احراز هویت ناموفق بود. لطفاً دوباره تلاش کنید.",
+  "com_ui_oauth_error_invalid_state": "پارامتر state نامعتبر است. لطفاً دوباره تلاش کنید.",
+  "com_ui_oauth_error_missing_code": "کد مجوز (Authorization code) مفقود است. لطفاً دوباره تلاش کنید.",
+  "com_ui_oauth_error_missing_state": "پارامتر state مفقود است. لطفاً دوباره تلاش کنید.",
+  "com_ui_oauth_error_title": "احراز هویت ناموفق بود",
+  "com_ui_oauth_success_description": "احراز هویت شما موفقیت‌آمیز بود. این پنجره بسته خواهد شد در",
+  "com_ui_oauth_success_title": "احراز هویت موفقیت‌آمیز بود",
   "com_ui_of": "از",
   "com_ui_off": "خاموش",
+  "com_ui_offline": "آفلاین",
   "com_ui_on": "روشن",
+  "com_ui_open_archived_chat_new_tab_title": "{{title}} (در تب جدید باز می‌شود)",
+  "com_ui_open_source_chat_new_tab": "باز کردن چت منبع در تب جدید",
+  "com_ui_open_source_chat_new_tab_title": "باز کردن چت منبع در تب جدید - {{title}}",
+  "com_ui_open_var": "باز کردن {{0}}",
   "com_ui_openai": "OpenAI",
+  "com_ui_optional": "(اختیاری)",
   "com_ui_page": "صفحه",
+  "com_ui_people": "افراد",
+  "com_ui_people_picker": "انتخاب‌گر افراد",
+  "com_ui_people_picker_allow_view_groups": "اجازه مشاهده گروه‌ها",
+  "com_ui_people_picker_allow_view_roles": "اجازه مشاهده نقش‌ها",
+  "com_ui_people_picker_allow_view_users": "اجازه مشاهده کاربران",
+  "com_ui_permissions_failed_load": "بارگذاری مجوزها ناموفق بود. لطفاً دوباره تلاش کنید.",
+  "com_ui_permissions_failed_update": "به‌روزرسانی مجوزها ناموفق بود. لطفاً دوباره تلاش کنید.",
+  "com_ui_permissions_updated_success": "مجوزها با موفقیت به‌روزرسانی شد",
+  "com_ui_pin": "پین",
+  "com_ui_preferences_updated": "ترجیحات با موفقیت به‌روزرسانی شد",
   "com_ui_prev": "قبلی",
   "com_ui_preview": "پیش نمایش",
   "com_ui_privacy_policy": "سیاست حفظ حریم خصوصی",
   "com_ui_privacy_policy_url": "URL خط مشی رازداری",
   "com_ui_prompt": "اعلان",
+  "com_ui_prompt_group_button": "پرامپت {{name}}، دسته {{category}}",
+  "com_ui_prompt_group_button_no_category": "پرامپت {{name}}",
+  "com_ui_prompt_groups": "لیست گروه‌های پرامپت",
+  "com_ui_prompt_input": "ورودی پرامپت",
+  "com_ui_prompt_input_field": "فیلد متنی پرامپت",
   "com_ui_prompt_name": "نام درخواستی",
   "com_ui_prompt_name_required": "نام درخواستی مورد نیاز است",
   "com_ui_prompt_preview_not_shared": "نویسنده اجازه همکاری برای این درخواست را نداده است.",
@@ -698,108 +1241,259 @@
   "com_ui_prompt_update_error": "هنگام به‌روزرسانی درخواست خطایی روی داد",
   "com_ui_prompts": "درخواست می کند",
   "com_ui_prompts_allow_create": "اجازه ایجاد Prompts",
+  "com_ui_prompts_allow_share": "اجازه اشتراک‌گذاری پرامپت‌ها",
+  "com_ui_prompts_allow_share_public": "اجازه اشتراک‌گذاری پرامپت‌ها به صورت عمومی",
   "com_ui_prompts_allow_use": "اجازه استفاده از Prompts",
   "com_ui_provider": "ارائه دهنده",
+  "com_ui_quality": "کیفیت",
   "com_ui_read_aloud": "با صدای بلند بخوانید",
+  "com_ui_redirect_uri": "Redirect URI",
+  "com_ui_redirect_uri_instructions": "این Redirect URI را کپی کرده و در تنظیمات ارائه دهنده OAuth خود پیکربندی کنید.",
   "com_ui_redirecting_to_provider": "در حال تغییر مسیر به {{0}}لطفا صبر کنید...",
+  "com_ui_reference_saved_memories": "ارجاع به خاطرات ذخیره شده",
+  "com_ui_reference_saved_memories_description": "اجازه به دستیار برای ارجاع و استفاده از خاطرات ذخیره شده شما هنگام پاسخگویی",
+  "com_ui_refresh": "رفرش",
   "com_ui_refresh_link": "بازخوانی لینک",
+  "com_ui_refresh_page": "رفرش صفحه",
   "com_ui_regenerate": "بازسازی کنید",
   "com_ui_regenerate_backup": "کدهای پشتیبان را بازسازی کنید",
   "com_ui_regenerating": "در حال بازسازی...",
   "com_ui_region": "منطقه",
+  "com_ui_reinitialize": "راه‌اندازی مجدد",
+  "com_ui_remote_access": "دسترسی از راه دور",
+  "com_ui_remote_agent_role_editor": "ویرایشگر",
+  "com_ui_remote_agent_role_editor_desc": "می‌تواند عامل را از طریق API مشاهده و تغییر دهد",
+  "com_ui_remote_agent_role_owner": "مالک API",
+  "com_ui_remote_agent_role_owner_desc": "دسترسی کامل API و می‌تواند به دیگران دسترسی از راه دور بدهد",
+  "com_ui_remote_agent_role_viewer": "بیننده API",
+  "com_ui_remote_agent_role_viewer_desc": "می‌تواند عامل را از طریق API پرس‌وجو کند",
+  "com_ui_remote_agents": "عامل‌های از راه دور (API)",
+  "com_ui_remote_agents_allow_create": "اجازه به کاربران برای ایجاد عامل‌ها از طریق API",
+  "com_ui_remote_agents_allow_share": "اجازه به کاربران برای اعطای دسترسی API به عامل‌ها به دیگران",
+  "com_ui_remote_agents_allow_share_public": "اجازه به کاربران برای اعطای دسترسی API به عامل‌ها به همه کاربران",
+  "com_ui_remote_agents_allow_use": "اجازه به کاربران برای ایجاد کلیدهای API و پرس‌وجوی عامل‌ها از راه دور",
+  "com_ui_remove_agent_from_chain": "حذف {{0}} از زنجیره",
+  "com_ui_remove_user": "حذف {{0}}",
   "com_ui_rename": "تغییر نام دهید",
+  "com_ui_rename_conversation": "تغییر نام مکالمه",
+  "com_ui_rename_failed": "تغییر نام مکالمه ناموفق بود",
   "com_ui_rename_prompt": "تغییر نام درخواست",
+  "com_ui_rename_prompt_name": "تغییر نام پرامپت - {{name}}",
   "com_ui_requires_auth": "نیاز به احراز هویت",
+  "com_ui_reset": "بازنشانی",
+  "com_ui_reset_adjustments": "بازنشانی تنظیمات",
   "com_ui_reset_var": "بازنشانی کنید {{0}}",
+  "com_ui_reset_zoom": "بازنشانی زوم",
+  "com_ui_resource": "منبع",
+  "com_ui_response": "پاسخ",
   "com_ui_result": "نتیجه",
+  "com_ui_result_found": "{{count}} نتیجه یافت شد",
+  "com_ui_results_found": "{{count}} نتیجه یافت شد",
+  "com_ui_retry": "تلاش مجدد",
   "com_ui_revoke": "لغو",
   "com_ui_revoke_info": "تمام اعتبارنامه های ارائه شده توسط کاربر را باطل کنید",
   "com_ui_revoke_key_confirm": "آیا مطمئن هستید که می خواهید این کلید را باطل کنید؟",
   "com_ui_revoke_key_endpoint": "لغو کلید برای {{0}}",
+  "com_ui_revoke_key_error": "لغو کلید API ناموفق بود. لطفاً دوباره تلاش کنید.",
+  "com_ui_revoke_key_success": "کلید API با موفقیت لغو شد",
   "com_ui_revoke_keys": "Revoke Keys",
   "com_ui_revoke_keys_confirm": "آیا مطمئن هستید که می خواهید همه کلیدها را باطل کنید؟",
+  "com_ui_role": "نقش",
+  "com_ui_role_editor": "ویرایشگر",
+  "com_ui_role_editor_desc": "می‌تواند عامل را مشاهده و تغییر دهد",
+  "com_ui_role_manager": "مدیر",
+  "com_ui_role_manager_desc": "می‌تواند عامل را مشاهده، تغییر و حذف کند",
+  "com_ui_role_owner": "مالک",
+  "com_ui_role_owner_desc": "کنترل کامل بر عامل شامل اشتراک‌گذاری آن دارد",
   "com_ui_role_select": "نقش",
+  "com_ui_role_viewer": "بیننده",
+  "com_ui_role_viewer_desc": "می‌تواند عامل را مشاهده و استفاده کند اما نمی‌تواند تغییر دهد",
   "com_ui_roleplay": "نقش بازی",
+  "com_ui_rotate": "چرخش",
+  "com_ui_rotate_90": "چرخش 90 درجه",
   "com_ui_run_code": "کد را اجرا کنید",
   "com_ui_run_code_error": "در اجرای کد خطایی روی داد",
   "com_ui_save": "ذخیره کنید",
   "com_ui_save_badge_changes": "تغییرات نشان ذخیره شود؟",
+  "com_ui_save_changes": "ذخیره تغییرات",
+  "com_ui_save_key_error": "ذخیره کلید API ناموفق بود. لطفاً دوباره تلاش کنید.",
+  "com_ui_save_key_success": "کلید API با موفقیت ذخیره شد",
   "com_ui_save_submit": "ذخیره و ارسال کنید",
   "com_ui_saved": "ذخیره شد!",
+  "com_ui_saving": "در حال ذخیره...",
   "com_ui_schema": "طرحواره",
   "com_ui_scope": "دامنه",
   "com_ui_search": "جستجو کنید",
+  "com_ui_search_above_to_add": "برای افزودن کاربران یا گروه‌ها در بالا جستجو کنید",
+  "com_ui_search_above_to_add_all": "برای افزودن کاربران، گروه‌ها یا نقش‌ها در بالا جستجو کنید",
+  "com_ui_search_above_to_add_people": "برای افزودن افراد در بالا جستجو کنید",
+  "com_ui_search_agent_category": "جستجوی دسته‌ها...",
+  "com_ui_search_default_placeholder": "جستجو با نام یا ایمیل (حداقل 2 کاراکتر)",
+  "com_ui_search_people_placeholder": "جستجوی افراد یا گروه‌ها با نام یا ایمیل",
+  "com_ui_seconds": "ثانیه",
   "com_ui_secret_key": "کلید مخفی",
   "com_ui_select": "انتخاب کنید",
+  "com_ui_select_agent": "انتخاب عامل",
+  "com_ui_select_all": "انتخاب همه",
   "com_ui_select_file": "یک فایل را انتخاب کنید",
   "com_ui_select_model": "یک مدل انتخاب کنید",
+  "com_ui_select_options": "انتخاب گزینه‌ها...",
+  "com_ui_select_or_create_prompt": "انتخاب یا ایجاد یک پرامپت",
   "com_ui_select_provider": "ارائه دهنده ای را انتخاب کنید",
   "com_ui_select_provider_first": "ابتدا یک ارائه دهنده انتخاب کنید",
   "com_ui_select_region": "یک منطقه را انتخاب کنید",
+  "com_ui_select_row": "انتخاب ردیف",
   "com_ui_select_search_model": "مدل را با نام جستجو کنید",
   "com_ui_select_search_provider": "ارائه دهنده را با نام جستجو کنید",
   "com_ui_select_search_region": "منطقه را بر اساس نام جستجو کنید",
+  "com_ui_set": "تنظیم",
   "com_ui_share": "به اشتراک بگذارید",
   "com_ui_share_create_message": "نام شما و هر پیامی که پس از اشتراک‌گذاری اضافه می‌کنید خصوصی می‌مانند.",
   "com_ui_share_delete_error": "هنگام حذف پیوند مشترک خطایی روی داد",
   "com_ui_share_error": "هنگام اشتراک‌گذاری پیوند گپ خطایی روی داد",
+  "com_ui_share_everyone": "اشتراک با همه",
+  "com_ui_share_everyone_description_var": "این {{resource}} برای همه در دسترس خواهد بود. لطفاً مطمئن شوید که {{resource}} واقعاً قرار است با همه به اشتراک گذاشته شود. مراقب داده‌های خود باشید.",
   "com_ui_share_link_to_chat": "لینک چت را به اشتراک بگذارید",
+  "com_ui_share_qr_code_description": "کد QR برای اشتراک‌گذاری لینک این مکالمه",
   "com_ui_share_update_message": "نام شما، دستورالعمل‌های سفارشی، و هر پیامی که پس از اشتراک‌گذاری اضافه می‌کنید، خصوصی می‌مانند.",
   "com_ui_share_var": "به اشتراک بگذارید {{0}}",
   "com_ui_shared_link_delete_success": "پیوند مشترک با موفقیت حذف شد",
   "com_ui_shared_link_not_found": "پیوند مشترک یافت نشد",
   "com_ui_shared_prompts": "درخواست های مشترک",
   "com_ui_shop": "خرید",
+  "com_ui_show": "نمایش",
   "com_ui_show_all": "نمایش همه",
+  "com_ui_show_code": "نمایش کد",
+  "com_ui_show_image_details": "نمایش جزئیات تصویر",
+  "com_ui_show_password": "نمایش رمز عبور",
   "com_ui_show_qr": "نمایش کد QR",
   "com_ui_sign_in_to_domain": "به سیستم وارد شوید {{0}}",
   "com_ui_simple": "ساده",
   "com_ui_size": "اندازه",
+  "com_ui_size_sort": "مرتب‌سازی بر اساس اندازه",
+  "com_ui_special_var_current_date": "تاریخ جاری",
+  "com_ui_special_var_current_datetime": "تاریخ و زمان جاری",
+  "com_ui_special_var_current_user": "کاربر جاری",
+  "com_ui_special_var_iso_datetime": "تاریخ و زمان UTC ISO",
+  "com_ui_special_variable_added": "متغیر ویژه {{0}} اضافه شد.",
   "com_ui_special_variables": "متغیرهای ویژه:",
+  "com_ui_speech_not_supported": "مرورگر شما از تشخیص گفتار پشتیبانی نمی‌کند",
+  "com_ui_speech_not_supported_use_external": "مرورگر شما از تشخیص گفتار پشتیبانی نمی‌کند. سعی کنید به STT خارجی در تنظیمات > گفتار تغییر دهید.",
   "com_ui_speech_while_submitting": "وقتی پاسخی در حال تولید است، نمی‌توان گفتار ارسال کرد",
+  "com_ui_sr_global_prompt": "گروه پرامپت سراسری",
+  "com_ui_stack_trace": "Stack Trace",
+  "com_ui_status_prefix": "وضعیت:",
   "com_ui_stop": "توقف کنید",
   "com_ui_storage": "ذخیره سازی",
+  "com_ui_storage_filter_sort": "فیلتر و مرتب‌سازی بر اساس ذخیره‌سازی",
   "com_ui_submit": "ارسال کنید",
+  "com_ui_support_contact": "تماس پشتیبانی",
+  "com_ui_support_contact_email": "ایمیل",
+  "com_ui_support_contact_email_invalid": "لطفاً یک آدرس ایمیل معتبر وارد کنید",
+  "com_ui_support_contact_email_placeholder": "support@example.com",
+  "com_ui_support_contact_name": "نام",
+  "com_ui_support_contact_name_min_length": "نام باید حداقل {{minLength}} کاراکتر باشد",
+  "com_ui_support_contact_name_placeholder": "نام تماس پشتیبانی",
   "com_ui_teach_or_explain": "یادگیری",
   "com_ui_temporary": "موقت",
   "com_ui_terms_and_conditions": "شرایط و ضوابط",
   "com_ui_terms_of_service": "شرایط خدمات",
   "com_ui_thinking": "فکر کردن...",
   "com_ui_thoughts": "افکار",
+  "com_ui_toggle_theme": "تغییر تم",
+  "com_ui_token": "توکن",
   "com_ui_token_exchange_method": "روش تبادل توکن",
   "com_ui_token_url": "نشانی اینترنتی رمز",
+  "com_ui_tokens": "توکن‌ها",
+  "com_ui_tool_collection_prefix": "مجموعه‌ای از ابزارها از",
+  "com_ui_tool_list_collapse": "جمع کردن لیست ابزار {{serverName}}",
+  "com_ui_tool_list_expand": "گسترش لیست ابزار {{serverName}}",
   "com_ui_tools": "ابزار",
+  "com_ui_tools_and_actions": "ابزارها و عملیات",
+  "com_ui_transferred_to": "منتقل شده به",
   "com_ui_travel": "سفر کنید",
+  "com_ui_trust_app": "من به این برنامه اعتماد دارم",
+  "com_ui_try_adjusting_search": "سعی کنید عبارات جستجوی خود را تغییر دهید",
+  "com_ui_ui_resource_error": "خطای منبع رابط کاربری ({{0}})",
+  "com_ui_ui_resource_not_found": "منبع رابط کاربری یافت نشد (شاخص: {{0}})",
   "com_ui_unarchive": "لغو بایگانی",
+  "com_ui_unarchive_conversation": "خارج کردن مکالمه از آرشیو",
   "com_ui_unarchive_error": "مکالمه از بایگانی خارج نشد",
+  "com_ui_unavailable": "ناموجود",
   "com_ui_unknown": "ناشناس",
+  "com_ui_unpin": "برداشتن پین",
+  "com_ui_unset": "تنظیم نشده",
+  "com_ui_untitled": "بدون عنوان",
   "com_ui_update": "به روز رسانی",
   "com_ui_upload": "آپلود کنید",
+  "com_ui_upload_agent_avatar": "آواتار عامل با موفقیت به‌روزرسانی شد",
+  "com_ui_upload_agent_avatar_label": "آپلود تصویر آواتار عامل",
+  "com_ui_upload_avatar_label": "آپلود تصویر آواتار",
   "com_ui_upload_code_files": "برای مترجم کد بارگذاری کنید",
   "com_ui_upload_delay": "در حال آپلود \"{{0}}\" بیش از حد انتظار زمان می برد. لطفاً صبر کنید تا نمایه سازی فایل برای بازیابی به پایان برسد.",
   "com_ui_upload_error": "هنگام آپلود فایل شما خطایی روی داد",
   "com_ui_upload_file_context": "متن فایل را آپلود کنید",
   "com_ui_upload_file_search": "برای جستجوی فایل آپلود کنید",
   "com_ui_upload_files": "فایل ها را آپلود کنید",
+  "com_ui_upload_icon": "آپلود تصویر آیکون",
   "com_ui_upload_image": "یک تصویر آپلود کنید",
   "com_ui_upload_image_input": "آپلود تصویر",
   "com_ui_upload_invalid": "فایل برای آپلود نامعتبر است. باید تصویری باشد که از حد مجاز بیشتر نباشد",
   "com_ui_upload_invalid_var": "فایل برای آپلود نامعتبر است. باید تصویری بیش از حد نباشد {{0}} مگابایت",
   "com_ui_upload_ocr_text": "آپلود به عنوان متن",
+  "com_ui_upload_provider": "آپلود به ارائه‌دهنده",
   "com_ui_upload_success": "فایل با موفقیت آپلود شد",
   "com_ui_upload_type": "نوع آپلود را انتخاب کنید",
+  "com_ui_usage": "میزان استفاده",
   "com_ui_use_2fa_code": "به جای آن از کد 2FA استفاده کنید",
   "com_ui_use_backup_code": "به جای آن از کد پشتیبان استفاده کنید",
+  "com_ui_use_memory": "استفاده از حافظه",
   "com_ui_use_micrphone": "از میکروفون استفاده کنید",
   "com_ui_used": "استفاده می شود",
+  "com_ui_user": "کاربر",
+  "com_ui_user_group_permissions": "مجوزهای کاربر و گروه",
+  "com_ui_user_provides_key": "هر کاربر کلید خود را ارائه می‌دهد",
+  "com_ui_value": "مقدار",
   "com_ui_variables": "متغیرها",
-  "com_ui_variables_info": "از پرانتزهای دوتایی در متن خود برای ایجاد متغیرها استفاده کنید، به عنوان مثال. `{{example variable}}`، تا بعداً هنگام استفاده از درخواست پر شود.",
   "com_ui_verify": "تأیید کنید",
   "com_ui_version_var": "نسخه {{0}}",
   "com_ui_versions": "نسخه ها",
+  "com_ui_view_memory": "مشاهده حافظه",
+  "com_ui_web_search": "جستجوی وب",
+  "com_ui_web_search_cohere_key": "کلید API Cohere را وارد کنید",
+  "com_ui_web_search_firecrawl_url": "URL API Firecrawl (اختیاری)",
+  "com_ui_web_search_jina_key": "کلید API Jina را وارد کنید",
+  "com_ui_web_search_jina_url": "URL API Jina (اختیاری)",
+  "com_ui_web_search_processing": "پردازش نتایج",
+  "com_ui_web_search_provider": "ارائه‌دهنده جستجو",
+  "com_ui_web_search_provider_searxng": "SearXNG",
+  "com_ui_web_search_provider_serper": "Serper API",
+  "com_ui_web_search_provider_serper_key": "کلید API Serper خود را دریافت کنید",
+  "com_ui_web_search_reading": "خواندن نتایج",
+  "com_ui_web_search_reranker": "Reranker",
+  "com_ui_web_search_reranker_cohere": "Cohere",
+  "com_ui_web_search_reranker_cohere_key": "کلید API Cohere خود را دریافت کنید",
+  "com_ui_web_search_reranker_jina": "Jina AI",
+  "com_ui_web_search_reranker_jina_key": "کلید API Jina خود را دریافت کنید",
+  "com_ui_web_search_reranker_jina_url_help": "درباره Jina Rerank API بیشتر بدانید",
+  "com_ui_web_search_scraper": "خزنده (Scraper)",
+  "com_ui_web_search_scraper_firecrawl": "Firecrawl API",
+  "com_ui_web_search_scraper_firecrawl_key": "کلید API Firecrawl خود را دریافت کنید",
+  "com_ui_web_search_scraper_serper": "Serper Scrape API",
+  "com_ui_web_search_scraper_serper_key": "کلید API Serper خود را دریافت کنید",
+  "com_ui_web_search_searxng_api_key": "کلید API SearXNG را وارد کنید (اختیاری)",
+  "com_ui_web_search_searxng_instance_url": "URL نمونه SearXNG",
+  "com_ui_web_searching": "جستجوی وب",
+  "com_ui_web_searching_again": "جستجوی مجدد وب",
   "com_ui_weekend_morning": "آخر هفته مبارک",
   "com_ui_write": "نوشتن",
+  "com_ui_x_selected": "{{0}} انتخاب شد",
+  "com_ui_xhigh": "فوق‌العاده بالا",
   "com_ui_yes": "بله",
+  "com_ui_your_api_key": "کلید API شما",
   "com_ui_zoom": "بزرگنمایی ضربه بزنید؛",
+  "com_ui_zoom_in": "زوم به داخل",
+  "com_ui_zoom_level": "سطح زوم",
+  "com_ui_zoom_out": "زوم به بیرون",
   "com_user_message": "شما"
 }
diff --git a/client/src/locales/fi/translation.json b/client/src/locales/fi/translation.json
index 1ceed87d20..bc100e69f7 100644
--- a/client/src/locales/fi/translation.json
+++ b/client/src/locales/fi/translation.json
@@ -20,7 +20,6 @@
   "com_agents_search_info": "Asetuksen ollessa päällä agentti voi tehdä verkkohakuja ajantasaisen tiedon hakemista varten. Vaatii voimassaolevan API-avaimen.",
   "com_agents_search_name": "Etsi agentteja nimen perusteella",
   "com_agents_update_error": "Agentin päivittämisessä tapahtui virhe.",
-  "com_assistants_action_attempt": "Assistentti haluaa keskustella {{0}}:n kanssa",
   "com_assistants_actions": "Toiminnot",
   "com_assistants_actions_disabled": "Avustaja täytyy luoda ennen toimintojen lisäämistä",
   "com_assistants_actions_info": "Salli Avustajalle Tiedonhaku tai Toimintojen suorittaminen API-kutsujen kautta",
@@ -29,7 +28,6 @@
   "com_assistants_allow_sites_you_trust": "Salli vain sellaiset sivustot, joihin luotat,",
   "com_assistants_append_date": "Lisää nykyinen päivämäärä ja aika",
   "com_assistants_append_date_tooltip": "Kun käytössä, nykyinen asiakkaan päivämäärä ja aika lisätään avustajan järjestelmäohjeisiin.",
-  "com_assistants_attempt_info": "Assistentti haluaa lähettää seuraavan:",
   "com_assistants_available_actions": "Käytettävissä olevat Toiminnot",
   "com_assistants_capabilities": "Kyvykkyydet",
   "com_assistants_code_interpreter": "Kooditulkki",
@@ -44,7 +42,6 @@
   "com_assistants_delete_actions_error": "Toiminnon poistamisessa tapahtui virhe.",
   "com_assistants_delete_actions_success": "Toiminto poistettiin Avustajalta onnistuneesti",
   "com_assistants_description_placeholder": "Valinnainen: Kuvaus Avustajasta",
-  "com_assistants_domain_info": "Avustaja lähetti tiedon tänne: {{0}}",
   "com_assistants_file_search": "Tiedostohaku",
   "com_assistants_file_search_info": "Vektoritietokannan liittämistä tiedostohakuun ei vielä tueta. Voit liittää ne rajapinnan palveluntarjoajan käyttöliittymän kautta, tai liittää tiedostoja viesteihin keskusteluketjupohjaisesti.",
   "com_assistants_function_use": "Avustaja käytti: {{0}}",
@@ -193,7 +190,6 @@
   "com_endpoint_message_not_appendable": "Muokkaa viestiäsi tai Luo uudestaan.",
   "com_endpoint_my_preset": "Esiasetukseni",
   "com_endpoint_no_presets": "Ei vielä esiasetuksia. Käytä Asetukset-painiketta luodaksesi esiasetuksen.",
-  "com_endpoint_open_menu": "Avaa valikko",
   "com_endpoint_openai_custom_name_placeholder": "Anna tekoälylle mukautettu nimi",
   "com_endpoint_openai_detail": "Kuvatarkkuus Vision-pyynnöille. \"Matala\" on halvempi ja nopeampi, \"Korkea\" on yksityiskohtaisempi ja kalliimpi, ja \"Auto\" valitsee näiden välillä automaattisesti kuvan koon perusteella.",
   "com_endpoint_openai_freq": "Lukuarvo väliltä -2.0 - 2.0. Positiiviset arvot rankaisevat uusia tokeneita perustuen niiden esiintymistiheyteen siihen mennessä luodussa tekstissä, mikä vähentää todennäköisyyttä, että malli toistaa saman rivin täsmälleen samanlaisena.",
@@ -300,7 +296,6 @@
   "com_nav_font_size_xl": "Ekstrasuuri",
   "com_nav_font_size_xs": "Ekstrapieni",
   "com_nav_help_faq": "Ohjeet & FAQ",
-  "com_nav_hide_panel": "Piilota oikeanpuoleinen sivupaneeli",
   "com_nav_info_enter_to_send": "Jos tämä on päällä, Enter-näppäimen painaminen lähettää viestin. Kun asetus on pois päältä, Enter lisää rivinvaihdon, ja viestin lähettämiseksi on painettava CTRL + ENTER.",
   "com_nav_info_fork_change_default": "'Vain näkyvät viestit' sisältää vain suoran polun valittuun viestiin. 'Sisällytä sivupolut' lisää polun varrella olevat sivupolut. 'Lisää kaikki tänne/täältä' sisällyttää kaikki kytköksissä olevat viestit ja sivupolut.",
   "com_nav_info_fork_split_target_setting": "Jos tämä on päällä, haara syntyy kohdeviestistä keskustelun viimeiseen viestiin valitun haarautumistavan mukaisesti.",
@@ -352,7 +347,6 @@
   "com_nav_setting_speech": "Puhe",
   "com_nav_settings": "Asetukset",
   "com_nav_shared_links": "Jaetut linkit",
-  "com_nav_show_code": "Kooditulkkia käyttäessä näytä aina koodi",
   "com_nav_speech_to_text": "Puheesta tekstiksi",
   "com_nav_text_to_speech": "Tekstistä puheeksi",
   "com_nav_theme": "Teema",
@@ -572,7 +566,6 @@
   "com_ui_upload_success": "Tiedoston lataus onnistui",
   "com_ui_use_micrphone": "Käytä mikrofonia",
   "com_ui_variables": "Muuttujat",
-  "com_ui_variables_info": "Käytä kaksoisaaltosulkeita tekstissäsi muuttujien luomiseen, esim. {{esimerkkimuuttuja}}. Muuttujia voi täyttää myöhemmin syötettä käyttäessä.",
   "com_ui_version_var": "Versio {{0}}",
   "com_ui_versions": "Versiot",
   "com_ui_yes": "Kyllä",
diff --git a/client/src/locales/fr/translation.json b/client/src/locales/fr/translation.json
index 7838b33739..ebee73222c 100644
--- a/client/src/locales/fr/translation.json
+++ b/client/src/locales/fr/translation.json
@@ -1,21 +1,25 @@
 {
   "chat_direction_left_to_right": "il faut mettre quelque chose ici. c'était vide.",
   "chat_direction_right_to_left": "Il faut mettre quelque chose ici. C'était vide.",
-  "com_a11y_ai_composing": "L'IA est en train de composer",
+  "com_a11y_ai_composing": "L'IA est en train de réfléchir",
   "com_a11y_end": "L'IA a terminé sa réponse",
   "com_a11y_start": "L'IA a commencé sa réponse",
   "com_agents_agent_card_label": "{{nom}} agent. {{description}}",
   "com_agents_all": "Tous les agents",
   "com_agents_all_category": "Tous",
   "com_agents_all_description": "Parcourir tous les agents partagés à travers toutes les catégories",
+  "com_agents_avatar_upload_error": "Échec du téléchargement de l'avatar de l'agent",
   "com_agents_by_librechat": "par LibreChat",
+  "com_agents_category_aftersales": "Après Vente",
   "com_agents_category_aftersales_description": "Agents spécialisés en support après-vente, maintenance et service clients",
+  "com_agents_category_empty": "Aucun agent trouvé dans la catégorie {{category}}",
   "com_agents_category_finance": "Finance",
   "com_agents_category_finance_description": "Agents spécialisés dans l'analyse financière, la budgétisation et la comptabilité",
   "com_agents_category_general": "Générale",
   "com_agents_category_general_description": "Agents génériques pour tâches et requêtes standards",
   "com_agents_category_hr": "Ressources Humaines",
   "com_agents_category_hr_description": "Agents spécialisés dans les procédures RH, les politiques et le soutien aux employés",
+  "com_agents_category_it": "TI",
   "com_agents_category_it_description": "Agents pour le support informatique, le dépannage technique et l'administration des systèmes",
   "com_agents_category_rd": "Recherche & Développement",
   "com_agents_category_rd_description": "Agent dédié au process R&D, à l'innovation et à la recherche",
@@ -46,13 +50,17 @@
   "com_agents_error_not_found_suggestion": "Essayez de parcourir d'autres options ou retournez à la marketplace",
   "com_agents_error_not_found_title": "Non trouvé",
   "com_agents_error_retry": "Essayer encore",
+  "com_agents_error_search_title": "Rechercher une erreur",
   "com_agents_error_searching": "Erreur lors de la recherche d'agents\n",
+  "com_agents_error_server_message": "Le serveur est temporairement indisponible.",
+  "com_agents_error_server_suggestion": "Veuillez réessayer dans quelques instants.",
   "com_agents_error_server_title": "Erreur serveur",
   "com_agents_error_suggestion_generic": "Veuillez actualiser la page ou réessayer plus tard.",
   "com_agents_error_timeout_message": "La requête a mis trop de temps à aboutir.",
   "com_agents_error_timeout_suggestion": "Veuillez vérifier votre connexion Internet et réessayer.",
   "com_agents_error_timeout_title": "Délai de connexion dépassé",
   "com_agents_error_title": "Une erreur est survenue",
+  "com_agents_file_context_description": "Les fichiers uploadés comme \"Contexte\" sont traités en tant que texte pour compléter les instructions de l'agent. Si l'OCR est configuré pour le type de fichier uploadé, il est utilisé pour extraire le texte. Parfait pour les documents, les images avec du texte ou les PDF où vous avez besoin du contenu textuel complet d'un fichier.",
   "com_agents_file_context_disabled": "L'agent doit être créé avant de charger des fichiers pour le contexte de fichiers.",
   "com_agents_file_context_label": "Contexte de fichiers",
   "com_agents_file_search_disabled": "L'agent doit être créé avant de pouvoir télécharger des fichiers pour la Recherche de Fichiers.",
@@ -69,6 +77,7 @@
   "com_agents_mcp_icon_size": "Taille minimale de 128 x 128 pixels",
   "com_agents_mcp_name_placeholder": "Outil personnalisé",
   "com_agents_mcp_trust_subtext": "Connecteurs personnalisés non vérifiés par LibreChat",
+  "com_agents_missing_name": "Merci de renseigner un nom avant de créer un agent.",
   "com_agents_missing_provider_model": "Veuillez sélectionner un fournisseur et un modèle avant de créer un agent.",
   "com_agents_name_placeholder": "Facultatif : Le nom de l'agent",
   "com_agents_no_access": "Vous n'avez pas l'autorisation de modifier cet agent.",
@@ -84,10 +93,10 @@
   "com_agents_search_name": "Rechercher des agents par nom",
   "com_agents_search_no_results": "Aucun agents trouvés pour \"{{query}}",
   "com_agents_search_placeholder": "Rechercher des agents...",
+  "com_agents_see_more": "Voir plus",
   "com_agents_start_chat": "Débuter la conversation",
   "com_agents_top_picks": "Meilleurs choix",
   "com_agents_update_error": "Une erreur s'est produite lors de la mise à jour de votre agent",
-  "com_assistants_action_attempt": "L'assistant souhaite échanger avec {{0}}",
   "com_assistants_actions": "Actions",
   "com_assistants_actions_disabled": "Vous devez créer un assistant avant d'ajouter des actions.",
   "com_assistants_actions_info": "Permettez à votre Assistant de récupérer des informations ou d'effectuer des actions via des API",
@@ -97,7 +106,6 @@
   "com_assistants_allow_sites_you_trust": "Autoriser seulement les sites de confiance.",
   "com_assistants_append_date": "Ajouter la date et l'heure actuelles",
   "com_assistants_append_date_tooltip": "Lorsque activé, la date et l'heure actuelles du client seront ajoutées aux instructions du système de l'assistant.",
-  "com_assistants_attempt_info": "Assistant souhaite envoyer les éléments suivants :",
   "com_assistants_available_actions": "Actions disponibles",
   "com_assistants_capabilities": "Capacités des assistants",
   "com_assistants_code_interpreter": "Interpréteur de code",
@@ -112,7 +120,6 @@
   "com_assistants_delete_actions_error": "Une erreur s'est produite lors de la suppression de l'action.",
   "com_assistants_delete_actions_success": "Action supprimée avec succès de l'Assistant",
   "com_assistants_description_placeholder": "Décrivez votre assistant ici (facultatif)",
-  "com_assistants_domain_info": "L'assistant a envoyé ces informations à {{0}}",
   "com_assistants_file_search": "Recherche de fichiers",
   "com_assistants_file_search_info": "L'ajout de vecteurs de stockage pour la recherche de fichiers n'est pas encore pris en charge. Vous pouvez les ajouter depuis le terrain de jeu du fournisseur ou joindre des fichiers aux messages pour une recherche de fichiers au niveau du fil de discussion.",
   "com_assistants_function_use": "L'assistant a utilisé {{0}}",
@@ -270,7 +277,6 @@
   "com_endpoint_message_not_appendable": "Editer votre message ou regénerer.",
   "com_endpoint_my_preset": "Mon préréglage",
   "com_endpoint_no_presets": "Aucun préréglage pour l'instant, utilisez le bouton paramètres pour en créer un",
-  "com_endpoint_open_menu": "Ouvrir le menu",
   "com_endpoint_openai_custom_name_placeholder": "Définir un nom personnalisé pour ChatGPT",
   "com_endpoint_openai_detail": "La résolution pour les requêtes Vision. \"Low\" est moins cher et plus rapide, \"High\" est plus détaillé et plus cher, et \"Auto\" choisira automatiquement entre les deux en fonction de la résolution de l'image.",
   "com_endpoint_openai_freq": "Nombre compris entre -2,0 et 2,0. Les valeurs positives pénalisent les nouveaux jetons en fonction de leur fréquence existante dans le texte jusqu'à présent, diminuant ainsi la probabilité que le modèle répète la même ligne mot pour mot.",
@@ -358,6 +364,7 @@
   "com_files_download_failed": "{{0}} fichiers échouées",
   "com_files_download_percent_complete": "Terminé à {{0}}%",
   "com_files_download_progress": "{{0}} fichiers sur {{1}}",
+  "com_files_downloading": "Téléchargements des fichiers",
   "com_files_filter": "Filtrer les fichiers...",
   "com_files_filter_by": "Filtrer les fichiers par...",
   "com_files_no_results": "Aucun résultat.",
@@ -385,7 +392,7 @@
   "com_nav_auto_send_text": "Envoi automatique du texte (après 3 sec)",
   "com_nav_auto_transcribe_audio": "Transcription audio automatique",
   "com_nav_automatic_playback": "Lecture automatique du dernier message (externe seulement)",
-  "com_nav_balance": "Équilibre",
+  "com_nav_balance": "Solde",
   "com_nav_balance_auto_refill_disabled": "Le rechargement automatique est désactivé.",
   "com_nav_balance_auto_refill_error": "Erreur lors du chargement des réglages de rechargement automatique.",
   "com_nav_balance_auto_refill_settings": "Réglages de rechargement automatique.",
@@ -401,7 +408,7 @@
   "com_nav_balance_month": "mois",
   "com_nav_balance_months": "mois",
   "com_nav_balance_next_refill": "Prochain rechargement :",
-  "com_nav_balance_next_refill_info": "Le prochain rechargement s'effectura automatiquement lorsque les deux conditions seront remplies : le délai spécifié depuis le dernier rechargement est écoulé et l'envoi d'un message ferait tombé le solde en dessous de zéro.",
+  "com_nav_balance_next_refill_info": "Le prochain rechargement s'effectuera automatiquement lorsque les deux conditions seront remplies : le délai spécifié depuis le dernier rechargement est écoulé et l'envoi d'un message ferait tomber le solde en dessous de zéro.",
   "com_nav_balance_refill_amount": "Montant rechargé :",
   "com_nav_balance_second": "seconde",
   "com_nav_balance_seconds": "secondes",
@@ -451,7 +458,6 @@
   "com_nav_font_size_xl": "Très grand",
   "com_nav_font_size_xs": "Très petit",
   "com_nav_help_faq": "Aide & FAQ",
-  "com_nav_hide_panel": "Masquer le panneau latéral le plus à droite",
   "com_nav_info_balance": "Le solde affiche le nombre de crédits de jetons il vous reste à utiliser. Les crédits de jetons représentent une valeur monétaire (par exemple, 1 000 crédits = 0,001 $)",
   "com_nav_info_code_artifacts": "Active l'affichage des artéfacts de code expérimentaux à côté du chat",
   "com_nav_info_code_artifacts_agent": "Active l'utilisation d'artefacts de code pour cet agent. Par défaut, des instructions supplémentaires spécifiques à l'utilisation des artefacts sont ajoutées, à moins que le \"Mode d'invite personnalisé\" ne soit activé.",
@@ -538,7 +544,6 @@
   "com_nav_setting_speech": "Parole",
   "com_nav_settings": "Paramètres",
   "com_nav_shared_links": "Liens partagés",
-  "com_nav_show_code": "Toujours afficher le code lors de l'utilisation de l'interpréteur de code",
   "com_nav_show_thinking": "Ovrir les menus déroulants de réflexion par défaut",
   "com_nav_slash_command": "/-Commande",
   "com_nav_slash_command_description": "Basculer la commande \"/\" pour sélectionner une invite via le clavier",
@@ -614,6 +619,7 @@
   "com_ui_agent_category_finance": "Finance",
   "com_ui_agent_category_general": "Général",
   "com_ui_agent_category_hr": "RH",
+  "com_ui_agent_category_it": "IT",
   "com_ui_agent_category_rd": "R&D",
   "com_ui_agent_category_selector_aria": "Sélecteur de catégorie de l'agent",
   "com_ui_agent_chain": "Chaîne d'agents (mélange d'agents)",
@@ -693,6 +699,7 @@
   "com_ui_backup_codes_regenerate_error": "Une erreur est survenue lors du renouvellement des codes de sauvegarde",
   "com_ui_backup_codes_regenerated": "Codes de sauvegarde renouvelé avec succès",
   "com_ui_backup_codes_security_info": "Pour des raisons de sécurité, les codes de secours ne s'affichent qu'une seule fois lorsqu'ils sont générés. Veuillez les conserver dans un endroit sûr.",
+  "com_ui_backup_codes_status": "Statut des codes de sauvegarde",
   "com_ui_basic": "Simple",
   "com_ui_basic_auth_header": "En-tête d'autorisation simple",
   "com_ui_bearer": "Porteur",
@@ -746,7 +753,6 @@
   "com_ui_context": "Contexte",
   "com_ui_continue": "Continuer",
   "com_ui_continue_oauth": "Continuer avec OAuth",
-  "com_ui_controls": "Contrôles",
   "com_ui_convo_delete_error": "Suppression de conversation échouée",
   "com_ui_convo_delete_success": "Conversation supprimée avec succès",
   "com_ui_copied": "Copié !",
@@ -802,6 +808,7 @@
   "com_ui_delete_success": "Supprimé avec succès",
   "com_ui_delete_tool": "Supprimer l'outil",
   "com_ui_delete_tool_confirm": "Êtes-vous sûr de vouloir supprimer cet outil ?",
+  "com_ui_delete_tool_save_reminder": "Outil supprimé. Sauvegardez l'agent pour appliquer les modifications.",
   "com_ui_deleted": "Supprimé",
   "com_ui_deleting_file": "Suppression du fichier en cours...",
   "com_ui_descending": "Décroissant",
@@ -818,7 +825,6 @@
   "com_ui_download_error_logs": "Télécharger les logs d'erreurs",
   "com_ui_drag_drop": "Déposer des fichiers ici afin de les ajouter à la conversation",
   "com_ui_dropdown_variables": "Variables déroulantes :",
-  "com_ui_dropdown_variables_info": "Créez des menus déroulants personnalisés pour vos prompts : `{{nom_variable:option1|option2|option3}}`",
   "com_ui_duplicate": "Dupliquer",
   "com_ui_duplication_error": "Une erreur s'est produite lors de la duplication de la conversation",
   "com_ui_duplication_processing": "Duplication de la conversation en cours...",
@@ -934,7 +940,6 @@
   "com_ui_key_required": "Une clé API est requise",
   "com_ui_late_night": "Bonne fin de nuit",
   "com_ui_latest_footer": "Chaque IA pour tout le monde.",
-  "com_ui_latest_production_version": "Dernière version de production",
   "com_ui_latest_version": "Dernière version",
   "com_ui_librechat_code_api_key": "Obtenir votre clé API pour l'interpréteur de code LibreChat",
   "com_ui_librechat_code_api_subtitle": "Sécurisé. Multilingue. Fichiers d'entrée/sortie.",
@@ -963,7 +968,7 @@
   "com_ui_medium": "Modéré",
   "com_ui_memories": "Mémoires",
   "com_ui_memories_allow_create": "Autoriser la création de Souvenirs",
-  "com_ui_memories_allow_opt_out": "Autoriser les utilisateurs à désactiver les Souvenirs",
+  "com_ui_memories_allow_opt_out": "Autoriser les utilisateurs à désactiver les données mémorisées ",
   "com_ui_memories_allow_read": "Autoriser la lecture de la Mémoire",
   "com_ui_memories_allow_update": "Autoriser la mise à jour des Souvenirs",
   "com_ui_memories_allow_use": "Autoriser l'utilisation des Souvenirs",
@@ -1001,7 +1006,7 @@
   "com_ui_no_individual_access": "Aucun utilisateur ou groupe n'a accès à cet agent",
   "com_ui_no_memories": "Aucune mémoire. Créez-les manuellement ou incitez l'IA de se mémoriser quelque chose",
   "com_ui_no_personalization_available": "Aucune personnalisation disponible",
-  "com_ui_no_read_access": "Vous n'avez pas l'authorisation de voir les Souvenirs.",
+  "com_ui_no_read_access": "Vous n'avez pas l'autorisation de voir les données mémorisées.",
   "com_ui_no_results_found": "Aucun résultat trouvé",
   "com_ui_no_terms_content": "Aucun contenu de conditions d'utilisation à afficher",
   "com_ui_none": "Aucun",
@@ -1052,7 +1057,7 @@
   "com_ui_read_aloud": "Lire à haute voix",
   "com_ui_redirecting_to_provider": "Redirection en cours vers {{0}}, veuillez patienter...",
   "com_ui_reference_saved_memories": "Indexer les Souvenirs enregistrés",
-  "com_ui_reference_saved_memories_description": "Autoriser l'assistant à accéder aux index des Souvenirs enregistrés et à les utiliser pour répondre",
+  "com_ui_reference_saved_memories_description": "Autoriser l'assistant à accéder aux index des données mémorisées enregistrées et à les utiliser pour répondre",
   "com_ui_refresh": "Rafraichir",
   "com_ui_refresh_link": "Rafraîchir le lien",
   "com_ui_refresh_page": "Rafraichir la page",
@@ -1061,6 +1066,7 @@
   "com_ui_regenerating": "Régénération en cours...",
   "com_ui_region": "Région",
   "com_ui_reinitialize": "Réinitialiser",
+  "com_ui_remove_agent_from_chain": "Retirer {{0}} de la chaîne",
   "com_ui_remove_user": "Retirer {{0}}",
   "com_ui_rename": "Renommer",
   "com_ui_rename_conversation": "Renommer la conversation",
@@ -1105,7 +1111,7 @@
   "com_ui_saving": "Sauvegarde en cours...",
   "com_ui_schema": "Schéma",
   "com_ui_scope": "Périmètre",
-  "com_ui_search": "Rechercher",
+  "com_ui_search": "Recherche web",
   "com_ui_search_above_to_add": "Effectuez une recherche ci-dessus pour ajouter des utilisateurs ou des groupes",
   "com_ui_search_above_to_add_all": "Effectuez une recherche ci-dessus pour ajouter des utilisateurs, des groupes ou des rôles",
   "com_ui_search_above_to_add_people": "Effectuez une recherche ci-dessus pour ajouter des utilisateurs",
@@ -1153,9 +1159,7 @@
   "com_ui_special_var_current_user": "Utilisateur actuel",
   "com_ui_special_var_iso_datetime": "Date et heure ISO UTC",
   "com_ui_special_variables": "Variables spéciales : Utilisez {{current_date}} pour la date actuelle, et {{current_user}} pour le nom de votre compte donné.",
-  "com_ui_special_variables_more_info": "Vous pouvez sélectionner des variables spéciales dans le menu déroulant : `{{current_date}}` (date et jour de la semaine d'aujourd'hui), `{{current_datetime}}` (date et heure locales actuelles), `{{utc_iso_datetime}}` (date et heure ISO UTC actuelle), et `{{current_user}}` (votre nom d'utilisateur).",
   "com_ui_speech_while_submitting": "Impossible de soumettre un message vocal pendant la génération d'une réponse",
-  "com_ui_sr_actions_menu": "Ouvrir le menu des actions pour \"{{0}}\"",
   "com_ui_stop": "Arrêt ",
   "com_ui_storage": "Stockage",
   "com_ui_submit": "Soumettre",
@@ -1217,7 +1221,6 @@
   "com_ui_user_group_permissions": "Permissions utilisateur et groupe",
   "com_ui_value": "Valeur",
   "com_ui_variables": "Variables",
-  "com_ui_variables_info": "Utilisez des doubles accolades dans votre texte pour créer des variables, par exemple {{exemple de variable}}, à remplir ultérieurement lors de l'utilisation du prompt.",
   "com_ui_verify": "Vérifier",
   "com_ui_version_var": "Version {{0}}",
   "com_ui_versions": "Versions",
@@ -1254,6 +1257,7 @@
   "com_ui_yes": "Oui",
   "com_ui_zoom": "Zoom",
   "com_ui_zoom_in": "Zoomer",
+  "com_ui_zoom_level": "Niveau de zoom",
   "com_ui_zoom_out": "Dézoomer",
   "com_user_message": "Vous"
 }
diff --git a/client/src/locales/he/translation.json b/client/src/locales/he/translation.json
index 23f32a8852..3bfc3dbcba 100644
--- a/client/src/locales/he/translation.json
+++ b/client/src/locales/he/translation.json
@@ -97,7 +97,6 @@
   "com_agents_start_chat": "התחל צ'אט",
   "com_agents_top_picks": "הבחירות המובילות",
   "com_agents_update_error": "אירעה שגיאה בעדכון הסוכן שלך.",
-  "com_assistants_action_attempt": "הסוכן מעוניין לתקשר עם {{0}}",
   "com_assistants_actions": "פעולות",
   "com_assistants_actions_disabled": "עליך ליצור סייען לפני הוספת פעולות.",
   "com_assistants_actions_info": "אפשר לסייען לאחזר מידע או לבצע פעולות באמצעות API",
@@ -107,7 +106,6 @@
   "com_assistants_allow_sites_you_trust": "אפשר רק אתרים שאתה סומך עליהם.",
   "com_assistants_append_date": "הוסף תאריך ושעה נוכחיים",
   "com_assistants_append_date_tooltip": "כשמופעל, תאריך ושעה נוכחיים של הלקוח יוספים להוראות מערכת הסייען.",
-  "com_assistants_attempt_info": "הסייען רוצה לשלוח את הדברים הבאים:",
   "com_assistants_available_actions": "פעולות זמינות",
   "com_assistants_capabilities": "יכולות",
   "com_assistants_code_interpreter": "מפענח קוד",
@@ -122,7 +120,6 @@
   "com_assistants_delete_actions_error": "אירעה שגיאה במחיקת הפעולה.",
   "com_assistants_delete_actions_success": "הפעולה נמחקה בהצלחה מהסייען",
   "com_assistants_description_placeholder": "אופציונלי: תאר את הסייען שלך כאן",
-  "com_assistants_domain_info": "הסייען שלח את המידע ל{{0}}",
   "com_assistants_file_search": "חיפוש קבצים",
   "com_assistants_file_search_info": "חיפוש קבצים מאפשר לסייען לקבל ידע מהקבצים שאתה או המשתמשים שלך מעלים. לאחר העלאת קובץ, העוזר מחליט באופן אוטומטי מתי לאחזר תוכן על סמך בקשות המשתמש. אין תמיכה בצירוף מאגרי וקטורים לחיפוש קבצים. אתה יכול לצרף אותם ממגרש החול או לצרף קבצים להודעות לחיפוש קבצים על בסיס שרשור.",
   "com_assistants_function_use": "הסייען השתמש ב{{0}}",
@@ -281,7 +278,6 @@
   "com_endpoint_message_not_appendable": "ערוך את ההודעה שלך או צור מחדש.",
   "com_endpoint_my_preset": "ההגדרה המוגדרת מראש שלי",
   "com_endpoint_no_presets": "אין עדיין הגדרות מוגדרות מראש, השתמש בלחצן ההגדרות כדי ליצור אחת",
-  "com_endpoint_open_menu": "תפריט פתח",
   "com_endpoint_openai_custom_name_placeholder": "הגדר שם מותאם אישית עבור ChatGPT",
   "com_endpoint_openai_detail": "ההחלטה לבקשות חזון. \"נמוך\" זול ומהיר יותר, \"גבוה\" מפורט ויקר יותר, ו\"אוטומטי\" יבחר אוטומטית בין השניים על סמך רזולוציית התמונה.",
   "com_endpoint_openai_freq": "מספר בין -2.0 ל-2.0. ערכים חיוביים מענישים אסימונים חדשים בהתבסס על התדירות הקיימת שלהם בטקסט עד כה, ומקטינים את הסבירות של המודל לחזור על אותה שורה מילה במילה.",
@@ -463,7 +459,6 @@
   "com_nav_font_size_xl": "גדול מאוד",
   "com_nav_font_size_xs": "קט מאוד",
   "com_nav_help_faq": "עזרה ושאלות נפוצות",
-  "com_nav_hide_panel": "הסתר את לוח הצד הימני",
   "com_nav_info_balance": "היתרה מראה כמה קרדיטים של אסימונים (טוקנים) נותרו לך להשתמש. זיכויים של אסימונים מתורגמים לערך כספי (לדוגמה, 1000 זיכויים = $0.001 USD)",
   "com_nav_info_code_artifacts": "אפשר הצגה של רכיבי תצוגת קוד ניסיוניים לצד הצ'אט",
   "com_nav_info_code_artifacts_agent": "אפשר שימוש ברכיבי תצוגת קוד עבור סוכן זה כברירת מחדל, מתווספות הוראות נוספות ספציפיות לשימוש ברכיבי התצוגה אלא אם \"מצב הנחיה מותאם אישית\" מופעל.",
@@ -478,9 +473,14 @@
   "com_nav_info_show_thinking": "כאשר אפשרות זו מופעלת, תיבות תצוגה שמציגות את תהליך החשיבה של הבינה המלאכותית יופיעו פתוחות כברירת מחדל, כך שתוכל לראות את תהליך הניתוח בזמן אמת. כאשר האפשרות מושבתת, תיבות הבחירה יישארו סגורות כברירת מחדל, מה שיוצר ממשק נקי וזורם יותר.",
   "com_nav_info_user_name_display": "כאשר אפשרות זו מופעלת, שם המשתמש של השולח יוצג מעל כל הודעה שאתה שולח. כאשר האפשרות מושבתת, יוצג רק הכיתוב \"אתה\" מעל ההודעות שלך.",
   "com_nav_lang_arabic": "ערבית (العربية)",
+  "com_nav_lang_armenian": "ארמנית (Հայերեն)",
   "com_nav_lang_auto": "זיהוי באופן אוטומטי",
+  "com_nav_lang_bosnian": "בוסנית (Босански)",
   "com_nav_lang_brazilian_portuguese": "פורטוגזית ברזילאית (Português Brasileiro)",
+  "com_nav_lang_catalan": "קטלונית (Català)",
   "com_nav_lang_chinese": "סינית (中文)",
+  "com_nav_lang_czech": "צ׳כית (Čeština)",
+  "com_nav_lang_danish": "דנית (Dansk)",
   "com_nav_lang_dutch": "הולנדית (Nederlands)",
   "com_nav_lang_english": "אנגלית (English)",
   "com_nav_lang_estonian": "אסטונית (Eesti keel)",
@@ -494,10 +494,13 @@
   "com_nav_lang_italian": "איטלקית (Italiano)",
   "com_nav_lang_japanese": "יפנית (日本語)",
   "com_nav_lang_korean": "קוראנית (한국어)",
+  "com_nav_lang_latvian": "לטבית (Latviski)",
+  "com_nav_lang_norwegian_bokmal": "נורווגית (Norsk Bokmål)",
   "com_nav_lang_persian": "פרסית",
   "com_nav_lang_polish": "פולנית (Polski)",
   "com_nav_lang_portuguese": "פורטוגזית (Português)",
   "com_nav_lang_russian": "רוסית (Русский)",
+  "com_nav_lang_slovenian": "סלובנית (Slovenščina)",
   "com_nav_lang_spanish": "ספרדית (Español)",
   "com_nav_lang_swedish": "שוודית (Svenska)",
   "com_nav_lang_thai": "ไทย",
@@ -541,7 +544,6 @@
   "com_nav_setting_speech": "דיבור",
   "com_nav_settings": "הגדרות",
   "com_nav_shared_links": "קישורים משותפים",
-  "com_nav_show_code": "הצג תמיד את הקוד בעת שימוש במפענח הקוד.",
   "com_nav_show_thinking": "פתח תצוגות חשיבה כברירת מחדל",
   "com_nav_slash_command": "פקודת/-",
   "com_nav_slash_command_description": "הפעל/כבה את הפקודה '/' לבחירת הנחיה (פרומפט) באמצעות המקלדת.",
@@ -745,7 +747,6 @@
   "com_ui_context": "הקשר",
   "com_ui_continue": "המשך",
   "com_ui_continue_oauth": "המשך עם OAuth",
-  "com_ui_controls": "פקדים",
   "com_ui_convo_delete_error": "מחיקת הצ'אט נכשלה",
   "com_ui_copied": "הועתק!",
   "com_ui_copied_to_clipboard": "הועתק ללוח",
@@ -814,7 +815,6 @@
   "com_ui_download_error": "וזה: שגיאה בהורדת הקובץ. ייתכן שהקובץ נמחק",
   "com_ui_drag_drop": "גרור קובץ לכאן כדי להוסיף אותו לשיחה",
   "com_ui_dropdown_variables": "רשימה נפתחת של משתנים",
-  "com_ui_dropdown_variables_info": "צור תפריטי רשימה נפתחת מותאמים אישית עבור ההנחיות שלך:\n{{variable_name:option1|option2|option3}}",
   "com_ui_duplicate": "שכפל",
   "com_ui_duplication_error": "אירעה שגיאה בעת שכפול השיחה",
   "com_ui_duplication_processing": "משכפל את השיחה...",
@@ -930,7 +930,6 @@
   "com_ui_key_required": "נדרש מפתח API",
   "com_ui_late_night": "לילה טוב",
   "com_ui_latest_footer": "גישה לכל הבינות המלאכותיות (AI) לכולם",
-  "com_ui_latest_production_version": "גרסת הפיתוח העדכנית ביותר",
   "com_ui_latest_version": "גרסה אחרונה",
   "com_ui_librechat_code_api_key": "קבל את מפתח ה-API של מפענח הקוד LibreChat",
   "com_ui_librechat_code_api_subtitle": "אבטחה ללא פשרות. תמיכה במגוון שפות תכנות. יכולת עבודה מלאה עם קבצים.",
@@ -1150,9 +1149,7 @@
   "com_ui_special_var_current_user": "משתמש נוכחי",
   "com_ui_special_var_iso_datetime": "תאריך ושעה ISO UTC",
   "com_ui_special_variables": "משתנים מיוחדים:",
-  "com_ui_special_variables_more_info": "ניתן לבחור משתנים מיוחדים מהתפריט הנפתח: `{{current_date}}` (תאריך ויום בשבוע של היום), `{{current_datetime}}` (תאריך ושעה מקומיים), `{{utc_iso_datetime}}` (תאריך ושעה UTC ISO) ו-`{{current_user}}` (שם החשבון שלך).",
   "com_ui_speech_while_submitting": "לא ניתן לשלוח אודיו בזמן שנוצרת תגובה",
-  "com_ui_sr_actions_menu": "פתח את תפריט הפעולות עבור \"{{0}}\"",
   "com_ui_stop": "עצור",
   "com_ui_storage": "אחסון",
   "com_ui_submit": "שלח",
@@ -1177,7 +1174,6 @@
   "com_ui_travel": "מסע",
   "com_ui_trust_app": "אני סומך על האפליקציה הזו",
   "com_ui_try_adjusting_search": "נסה להתאים את מונחי החיפוש שלך",
-  "com_ui_ui_resources": "רכיבי UI",
   "com_ui_unarchive": "הוצא מהארכיון",
   "com_ui_unarchive_error": "הוצאת השיחה מהארכיון נכשלה",
   "com_ui_unavailable": "לא זמין",
@@ -1212,7 +1208,6 @@
   "com_ui_user_group_permissions": "הרשאות משתמשים וקבוצות",
   "com_ui_value": "ערך",
   "com_ui_variables": "משתנים",
-  "com_ui_variables_info": "השתמש בסוגריים מסולסלות כפולות בטקסט שלך ליצירת משתנים, לדוגמא  `{{example variable}}`, כדי למלא אותם מאוחר יותר בשימוש בהנחיה.",
   "com_ui_verify": "אמת",
   "com_ui_version_var": "גרסה {{0}}",
   "com_ui_versions": "גרסה",
diff --git a/client/src/locales/hu/translation.json b/client/src/locales/hu/translation.json
index 64f84ddaa7..92ac8179e3 100644
--- a/client/src/locales/hu/translation.json
+++ b/client/src/locales/hu/translation.json
@@ -20,7 +20,6 @@
   "com_agents_not_available": "Az ügynök nem érhető el",
   "com_agents_search_name": "Ügynökök keresése név szerint",
   "com_agents_update_error": "Hiba történt az ügynök frissítése során.",
-  "com_assistants_action_attempt": "Az asszisztens beszélni akar {{0}}-val",
   "com_assistants_actions": "Műveletek",
   "com_assistants_actions_disabled": "Először létre kell hoznia egy asszisztenst, mielőtt műveleteket adhatna hozzá.",
   "com_assistants_actions_info": "Engedélyezze az asszisztens számára, hogy információkat szerezzen be vagy műveleteket végezzen API-kon keresztül",
@@ -29,7 +28,6 @@
   "com_assistants_allow_sites_you_trust": "Csak megbízható webhelyeket engedélyezzen.",
   "com_assistants_append_date": "Aktuális dátum és idő hozzáfűzése",
   "com_assistants_append_date_tooltip": "Ha engedélyezve van, az aktuális kliens dátuma és ideje hozzáfűzésre kerül az asszisztens rendszerutasításaihoz.",
-  "com_assistants_attempt_info": "Az asszisztens a következőket szeretné elküldeni:",
   "com_assistants_available_actions": "Elérhető műveletek",
   "com_assistants_capabilities": "Képességek",
   "com_assistants_code_interpreter": "Kódértelmező",
@@ -44,7 +42,6 @@
   "com_assistants_delete_actions_error": "Hiba történt a művelet törlése során.",
   "com_assistants_delete_actions_success": "A művelet sikeresen törölve az asszisztensből",
   "com_assistants_description_placeholder": "Opcionális: Itt írja le az asszisztenst",
-  "com_assistants_domain_info": "Az asszisztens ezt az információt küldte el {{0}}-nak",
   "com_assistants_file_search": "Fájlkeresés",
   "com_assistants_file_search_info": "A fájlkeresés lehetővé teszi az asszisztens számára, hogy tudást szerezzen az Ön vagy felhasználói által feltöltött fájlokból. A fájl feltöltése után az asszisztens automatikusan eldönti, mikor kell tartalmat lekérni a felhasználói kérések alapján. A vektortárolók csatolása a fájlkereséshez még nem támogatott. Ezeket a Provider Playgroundból csatolhatja, vagy üzenetekhez csatolhat fájlokat a szál alapú kereséshez.",
   "com_assistants_function_use": "Az asszisztens használta: {{0}}",
@@ -192,7 +189,6 @@
   "com_endpoint_message_not_appendable": "Szerkessze az üzenetet vagy generálja újra.",
   "com_endpoint_my_preset": "Saját előre beállított",
   "com_endpoint_no_presets": "Még nincsenek előre beállítottak, használja a beállítások gombot egy létrehozásához",
-  "com_endpoint_open_menu": "Menü megnyitása",
   "com_endpoint_openai_custom_name_placeholder": "Adjon egyedi nevet az AI-nak",
   "com_endpoint_openai_detail": "A látási kérések felbontása. Az „Alacsony” olcsóbb és gyorsabb, a „Magas” részletesebb és drágább, az „Automatikus” pedig a két lehetőség közül választ a kép felbontása alapján.",
   "com_endpoint_openai_freq": "-2.0 és 2.0 közötti szám. A pozitív értékek büntetik az új tokeneket az eddigi szövegben való meglévő gyakoriságuk alapján, csökkentve a modell azon valószínűségét, hogy ugyanazt a sort szó szerint megismételje.",
@@ -326,7 +322,6 @@
   "com_nav_font_size_xl": "Extra nagy",
   "com_nav_font_size_xs": "Extra kicsi",
   "com_nav_help_faq": "Segítség és GYIK",
-  "com_nav_hide_panel": "Legjobb oldalsó panel elrejtése",
   "com_nav_info_code_artifacts": "Engedélyezi a kísérleti kód műtermékek megjelenítését a csevegés mellett",
   "com_nav_info_code_artifacts_agent": "Engedélyezi a kód műtermékek használatát ehhez az ügynökhöz. Alapértelmezés szerint a műtermékek használatára vonatkozó további utasítások hozzáadódnak, kivéve, ha az „Egyéni prompt mód” engedélyezve van.",
   "com_nav_info_custom_prompt_mode": "Ha engedélyezve van, az alapértelmezett műtermék rendszerprompt nem kerül belefoglalásra. Ebben a módban minden műtermék-generáló utasítást manuálisan kell megadni.",
@@ -392,7 +387,6 @@
   "com_nav_setting_speech": "Beszéd",
   "com_nav_settings": "Beállítások",
   "com_nav_shared_links": "Megosztott linkek",
-  "com_nav_show_code": "Mindig mutassa a kódot a kódértelmező használatakor",
   "com_nav_show_thinking": "Gondolkodási legördülők alapértelmezett megnyitása",
   "com_nav_slash_command": "/-Parancs",
   "com_nav_slash_command_description": "„/” parancs váltása a prompt billentyűzettel történő kiválasztásához",
@@ -528,7 +522,6 @@
   "com_ui_confirm_change": "Változtatás megerősítése",
   "com_ui_context": "Kontextus",
   "com_ui_continue": "Folytatás",
-  "com_ui_controls": "Vezérlők",
   "com_ui_copied": "Másolva!",
   "com_ui_copied_to_clipboard": "Vágólapra másolva",
   "com_ui_copy_code": "Kód másolása",
@@ -584,7 +577,6 @@
   "com_ui_download_error": "Hiba a fájl letöltése során. Lehet, hogy a fájl törölve lett.",
   "com_ui_drag_drop": "valaminek itt kell lennie. üres volt",
   "com_ui_dropdown_variables": "Legördülő változók:",
-  "com_ui_dropdown_variables_info": "Hozzon létre egyedi legördülő menüket a promptokhoz: `{{változó_név:opció1|opció2|opció3}}`",
   "com_ui_duplicate": "Duplikálás",
   "com_ui_duplication_error": "Hiba történt a beszélgetés duplikálása során",
   "com_ui_duplication_processing": "Beszélgetés duplikálása...",
@@ -651,7 +643,6 @@
   "com_ui_instructions": "Utasítások",
   "com_ui_late_night": "Kellemes éjszakát",
   "com_ui_latest_footer": "Minden AI mindenkinek.",
-  "com_ui_latest_production_version": "Legfrissebb éles verzió",
   "com_ui_latest_version": "Legfrissebb verzió",
   "com_ui_librechat_code_api_key": "Szerezze meg a LibreChat Kódértelmező API kulcsát",
   "com_ui_librechat_code_api_subtitle": "Biztonságos. Többnyelvű. Be-/Kimeneti fájlok.",
@@ -793,7 +784,6 @@
   "com_ui_use_micrphone": "Mikrofon használata",
   "com_ui_used": "Használt",
   "com_ui_variables": "Változók",
-  "com_ui_variables_info": "Használjon dupla kapcsos zárójeleket a szövegben változók létrehozásához, pl. `{{példa változó}}`, amelyeket később a prompt használatakor kitölthet.",
   "com_ui_verify": "Ellenőrzés",
   "com_ui_version_var": "{{0}} verzió",
   "com_ui_versions": "Verziók",
diff --git a/client/src/locales/hy/translation.json b/client/src/locales/hy/translation.json
index 91b3bd57f6..14e561dac0 100644
--- a/client/src/locales/hy/translation.json
+++ b/client/src/locales/hy/translation.json
@@ -110,7 +110,6 @@
   "com_endpoint_message": "Հաղորդագրություն",
   "com_endpoint_message_new": "Հաղորդագրություն {{0}}",
   "com_endpoint_my_preset": "Իմ պրեսեթը",
-  "com_endpoint_open_menu": "Բացել մենյուն",
   "com_endpoint_output": "Ելք",
   "com_endpoint_preset": "պրեսեթ",
   "com_endpoint_preset_default_item": "Սկզբնական",
diff --git a/client/src/locales/id/translation.json b/client/src/locales/id/translation.json
index eac68914f2..f18e696287 100644
--- a/client/src/locales/id/translation.json
+++ b/client/src/locales/id/translation.json
@@ -97,7 +97,6 @@
   "com_endpoint_message_not_appendable": "Edit pesan Anda atau Regenerasi.",
   "com_endpoint_my_preset": "Preset Saya",
   "com_endpoint_no_presets": "Belum ada preset, gunakan tombol pengaturan untuk membuat satu",
-  "com_endpoint_open_menu": "Buka Menu",
   "com_endpoint_openai_custom_name_placeholder": "Tetapkan nama kustom untuk ChatGPT",
   "com_endpoint_openai_detail": "Resolusi untuk permintaan Vision. \"Rendah\" lebih murah dan lebih cepat, \"Tinggi\" lebih detail dan mahal, dan \"Otomatis\" akan secara otomatis memilih antara keduanya berdasarkan resolusi gambar.",
   "com_endpoint_openai_freq": "Angka antara -2,0 dan 2,0. Nilai positif menghukum token baru berdasarkan frekuensi mereka yang ada dalam teks sejauh ini, mengurangi kemungkinan model untuk mengulangi baris yang sama secara harfiah.",
diff --git a/client/src/locales/it/translation.json b/client/src/locales/it/translation.json
index f8e4f5e5d8..8b419f52f3 100644
--- a/client/src/locales/it/translation.json
+++ b/client/src/locales/it/translation.json
@@ -5,21 +5,17 @@
   "com_a11y_end": "L'IA ha terminato la sua risposta",
   "com_a11y_selected": "Selezionato",
   "com_a11y_start": "L'IA ha iniziato la sua risposta",
-  "com_agents_agent_card_label": "{{name}} agente. {{description}}",
-  "com_agents_all": "Tutti gli agenti\n",
+  "com_agents_agent_card_label": "{{nome}} agente. {{descrizione}}",
   "com_agents_all_category": "Tutti",
   "com_agents_all_description": "Sfoglia tutti gli agenti condivisi in tutte le categorie",
   "com_agents_avatar_upload_error": "Il caricamento dell'avatar d'agente è fallito",
   "com_agents_by_librechat": "da LibreChat",
-  "com_agents_category_aftersales": "Post-vendita",
-  "com_agents_category_aftersales_description": "Agenti specializzati nel supporto post-vendita, manutenzione e servizio clienti",
   "com_agents_category_empty": "Non sono stati trovati agenti nella categoria {{category}}",
   "com_agents_category_finance": "Finanza",
   "com_agents_category_finance_description": "Agenti specializzati in analisi finanziaria, budgeting e contabilità",
   "com_agents_category_general": "Generale",
   "com_agents_category_general_description": "Agenti di uso generale per compiti e richieste comuni",
   "com_agents_category_hr": "Risorse Umane",
-  "com_agents_category_hr_description": "Agenti specializzati in processi, politiche e supporto ai dipendenti delle risorse umane",
   "com_agents_category_it": "IT",
   "com_agents_category_it_description": "Agenti per supporto IT, risoluzione dei problemi tecnici e amministrazione del sistema",
   "com_agents_category_rd": "Ricerca e sviluppo",
@@ -63,6 +59,7 @@
   "com_agents_error_timeout_suggestion": "Controllare la connessione a Internet e riprovare.",
   "com_agents_error_timeout_title": "Timeout della connessione",
   "com_agents_error_title": "Qualcosa è andato storto",
+  "com_agents_file_context_description": "I file caricati come \"contesto\" vengono analizzati come testo per integrare le istruzioni dell'agente. Se l'OCR è disponibile o se è configurato per il tipo di file caricato, il processo viene utilizzato per estrarre il testo. Ideale per documenti, immagini con testo o PDF in cui è necessario il contenuto testuale completo di un file.",
   "com_agents_file_context_disabled": "L'agente deve essere creato prima di caricare i file per il Contesto del File.",
   "com_agents_file_context_label": "Contesto del file",
   "com_agents_file_search_disabled": "L'Agente deve essere creato prima di caricare file per la Ricerca File.",
@@ -77,6 +74,7 @@
   "com_agents_marketplace_subtitle": "Scoprite e utilizzate potenti agenti AI per migliorare i vostri flussi di lavoro e la vostra produttività.",
   "com_agents_mcp_description_placeholder": "Spiegate cosa fa in poche parole",
   "com_agents_mcp_icon_size": "Dimensione minima 128 x 128 px",
+  "com_agents_mcp_name_placeholder": "Strumento personalizzato",
   "com_agents_mcp_trust_subtext": "I connettori personalizzati non sono verificati da LibreChat",
   "com_agents_missing_name": "Inserire  un nome prima di creare un agente.",
   "com_agents_missing_provider_model": "Seleziona un provider e un modello prima di creare un agente.",
@@ -98,7 +96,6 @@
   "com_agents_start_chat": "Avvia la chat",
   "com_agents_top_picks": "Scelte principali",
   "com_agents_update_error": "Si è verificato un errore durante l'aggiornamento del tuo agente.",
-  "com_assistants_action_attempt": "L'assistente vuole parlare con {{0}}",
   "com_assistants_actions": "Azioni",
   "com_assistants_actions_disabled": "Devi prima creare un assistente prima di aggiungere azioni.",
   "com_assistants_actions_info": "Permetti al tuo Assistente di recuperare informazioni o eseguire azioni tramite API",
@@ -108,7 +105,6 @@
   "com_assistants_allow_sites_you_trust": "Consenti solo i siti di cui ti fidati.",
   "com_assistants_append_date": "Aggiungi Data e Ora Attuali",
   "com_assistants_append_date_tooltip": "Quando attivo, la data e l'ora attuali del cliente saranno aggiunte alle istruzioni del sistema dell'Assistente.",
-  "com_assistants_attempt_info": "L'assistente vuole inviare quanto segue:",
   "com_assistants_available_actions": "Azioni Disponibili",
   "com_assistants_capabilities": "Capacità",
   "com_assistants_code_interpreter": "Interprete Codice",
@@ -123,7 +119,6 @@
   "com_assistants_delete_actions_error": "Si è verificato un errore durante l'eliminazione dell'azione.",
   "com_assistants_delete_actions_success": "Azione eliminata dall'Assistente con successo",
   "com_assistants_description_placeholder": "Opzionale: Descrivi qui il tuo Assistente",
-  "com_assistants_domain_info": "L'Assistente ha inviato queste informazioni a {{0}}",
   "com_assistants_file_search": "Ricerca File",
   "com_assistants_file_search_info": "L'aggiunta di archivi vettoriali per la Ricerca File non è ancora supportata. Puoi aggiungerli dal Provider Playground o allegare file ai messaggi per la ricerca file su base di thread.",
   "com_assistants_function_use": "L'Assistente ha usato {{0}}",
@@ -137,11 +132,13 @@
   "com_assistants_non_retrieval_model": "La ricerca di file non è abilitata su questo modello. Seleziona un altro modello.",
   "com_assistants_retrieval": "Retrival",
   "com_assistants_running_action": "Azione in corso",
+  "com_assistants_running_var": "In corsa {{0}}",
   "com_assistants_search_name": "Cerca assistenti per nome",
   "com_assistants_update_actions_error": "Si è verificato un errore durante la creazione o l'aggiornamento dell'azione.",
   "com_assistants_update_actions_success": "Azione creata o aggiornata con successo",
   "com_assistants_update_error": "Si è verificato un errore durante l'aggiornamento del tuo assistente.",
   "com_assistants_update_success": "Aggiornamento avvenuto con successo",
+  "com_assistants_update_success_name": "Aggiornato con successo {{name}}",
   "com_auth_already_have_account": "Hai già un account?",
   "com_auth_apple_login": "Continua con Apple",
   "com_auth_back_to_login": "Torna all'accesso",
@@ -220,6 +217,7 @@
   "com_endpoint_agent": "Agente",
   "com_endpoint_agent_placeholder": "Seleziona un Agente",
   "com_endpoint_ai": "IA",
+  "com_endpoint_anthropic_effort": "Controlla la quantità di sforzo computazionale applicato da Claude. Uno sforzo minore fa risparmiare gettoni e riduce la latenza; uno sforzo maggiore produce risposte più approfondite. 'Max' consente il ragionamento più approfondito (solo Opus 4.6).",
   "com_endpoint_anthropic_maxoutputtokens": "Numero massimo di token che possono essere generati nella risposta. Specifica un valore più basso per risposte più brevi e un valore più alto per risposte più lunghe.",
   "com_endpoint_anthropic_prompt_cache": "La cache dei prompt permette di riutilizzare contesti o istruzioni estese tra le chiamate API, riducendo costi e latenza",
   "com_endpoint_anthropic_temp": "Varia da 0 a 1. Usa temp più vicino a 0 per analitica / scelta multipla, e più vicino a 1 per compiti creativi e generativi. Consigliamo di modificare questo o Top P ma non entrambi.",
@@ -261,6 +259,7 @@
   "com_endpoint_default_with_num": "predefinito: {{0}}",
   "com_endpoint_disable_streaming": "Disattivare le risposte in streaming e ricevere la risposta completa in una sola volta. Utile per modelli come o3 che richiedono la verifica dell'organizzazione per lo streaming.",
   "com_endpoint_disable_streaming_label": "Disattiva lo streaming",
+  "com_endpoint_effort": "Sforzo",
   "com_endpoint_examples": "Preimpostazioni",
   "com_endpoint_export": "Esporta",
   "com_endpoint_export_share": "Esporta/Condividi",
@@ -272,6 +271,7 @@
   "com_endpoint_google_thinking_budget": "Indica il numero di token di riflessione utilizzati dal modello. La quantità effettiva può essere superiore o inferiore a questo valore, a seconda della richiesta.\n\nQuesta impostazione è supportata solo da alcuni modelli (serie 2.5). Gemini 2.5 Pro supporta 128-32.768 token. Gemini 2.5 Flash supporta 0-24.576 token. Gemini 2.5 Flash Lite supporta 512-24.576 token.\n\nLasciare vuoto o impostare \"-1\" per lasciare che il modello decida automaticamente quando e quanto pensare. Per impostazione predefinita, Gemini 2.5 Flash Lite non pensa.",
   "com_endpoint_google_topk": "Top-k cambia il modo in cui il modello seleziona i token per l'output. Un top-k di 1 significa che il token selezionato è il più probabile tra tutti i token nel vocabolario del modello (anche chiamato greedy decoding), mentre un top-k di 3 significa che il prossimo token è selezionato tra i 3 più probabili (usando la temperatura).",
   "com_endpoint_google_topp": "Top-p cambia il modo in cui il modello seleziona i token per l'output. I token vengono selezionati dai più probabili K (vedi parametro topK) ai meno probabili fino a quando la somma delle loro probabilità eguaglia il valore top-p.",
+  "com_endpoint_google_use_search_grounding": "Utilizzate la funzione di messa a terra della ricerca di Google per migliorare le risposte con risultati di ricerca sul Web in tempo reale. Ciò consente ai modelli di accedere alle informazioni attuali e di fornire risposte più precise e aggiornate.",
   "com_endpoint_instructions_assistants": "Sovrascrivi istruzioni",
   "com_endpoint_instructions_assistants_placeholder": "Sovrascrive le istruzioni dell'assistente. Utile per modificare il comportamento su base singola.",
   "com_endpoint_max_output_tokens": "Token di output massimi",
@@ -280,7 +280,6 @@
   "com_endpoint_message_not_appendable": "Modifica il tuo messaggio o Rigenera.",
   "com_endpoint_my_preset": "La mia preimpostazione",
   "com_endpoint_no_presets": "Ancora nessuna preimpostazione, usa il pulsante impostazioni per crearne una",
-  "com_endpoint_open_menu": "Apri menu",
   "com_endpoint_openai_custom_name_placeholder": "Imposta un nome personalizzato per l'IA",
   "com_endpoint_openai_detail": "La risoluzione per le richieste Vision. \"Bassa\" è più economica e veloce, \"Alta\" è più dettagliata e costosa, e \"Auto\" sceglierà automaticamente tra le due in base alla risoluzione dell'immagine.",
   "com_endpoint_openai_freq": "Numero compreso tra -2.0 e 2.0. Valori positivi penalizzano i nuovi token basati sulla loro frequenza esistente nel testo fino a quel momento, diminuendo la probabilità del modello di ripetere la stessa riga verbatim.",
@@ -296,17 +295,21 @@
   "com_endpoint_openai_temp": "Valori più alti = più casualità, mentre valori più bassi = più focalizzati e deterministici. Consigliamo di modificare questo o Top P ma non entrambi.",
   "com_endpoint_openai_topp": "Un'alternativa al campionamento con temperatura, chiamata nucleus sampling, in cui il modello considera i risultati dei token con probabilità di massa top_p. Quindi 0,1 significa che vengono considerati solo i token che compongono la massa di probabilità superiore al 10%. Consigliamo di modificare questo o la temperatura ma non entrambi.",
   "com_endpoint_openai_use_responses_api": "Utilizzare il Responses API invece di Chat Completions, che include funzioni estese di OpenAI. Richiesto per o1-pro, o3-pro e per abilitare i riassunti dei ragionamenti.",
+  "com_endpoint_openai_use_web_search": "Abilitare la funzionalità di ricerca sul web utilizzando le capacità di ricerca integrate di OpenAI. In questo modo il modello può cercare informazioni aggiornate sul web e fornire risposte più precise e attuali.",
+  "com_endpoint_openai_verbosity": "Limita la verbosità della risposta del modello. I valori più bassi daranno luogo a risposte più concise, mentre i valori più alti daranno luogo a risposte più verbose. I valori attualmente supportati sono basso, medio e alto.",
   "com_endpoint_output": "Output",
   "com_endpoint_plug_image_detail": "Dettaglio immagine",
   "com_endpoint_plug_resend_files": "Reinvia file",
   "com_endpoint_presence_penalty": "Penalità di presenza",
   "com_endpoint_preset": "preimpostazione",
+  "com_endpoint_preset_custom_name_placeholder": "Qui ci vuole qualcosa. era vuoto",
   "com_endpoint_preset_default": "è ora la preimpostazione predefinita.",
   "com_endpoint_preset_default_item": "Predefinita:",
   "com_endpoint_preset_default_none": "Nessuna preimpostazione predefinita attiva.",
   "com_endpoint_preset_default_removed": "non è più la preimpostazione predefinita.",
   "com_endpoint_preset_delete_confirm": "Sei sicuro di voler eliminare questa preimpostazione?",
   "com_endpoint_preset_delete_error": "Si è verificato un errore durante l'eliminazione della preimpostazione. Riprova.",
+  "com_endpoint_preset_delete_success": "Preset cancellato con successo",
   "com_endpoint_preset_import": "Preimpostazione importata!",
   "com_endpoint_preset_import_error": "Si è verificato un errore durante l'importazione della preimpostazione. Riprova.",
   "com_endpoint_preset_name": "Nome preimpostazione",
@@ -322,6 +325,7 @@
   "com_endpoint_prompt_prefix_assistants_placeholder": "Imposta istruzioni o contesto aggiuntivi oltre alle istruzioni principali dell'Assistente. Ignorato se vuoto.",
   "com_endpoint_prompt_prefix_placeholder": "Imposta istruzioni personalizzate o contesto. Ignorato se vuoto.",
   "com_endpoint_reasoning_effort": "Impegno nel Ragionamento",
+  "com_endpoint_reasoning_summary": "Sintesi del ragionamento",
   "com_endpoint_save_as_preset": "Salva come Preimpostazione",
   "com_endpoint_search": "Cerca endpoint per nome",
   "com_endpoint_search_endpoint_models": "Ricerca modelli di {{0}}...",
@@ -336,23 +340,51 @@
   "com_endpoint_top_k": "Top K",
   "com_endpoint_top_p": "Top P",
   "com_endpoint_use_active_assistant": "Usa Assistente Attivo",
+  "com_endpoint_use_responses_api": "Utilizzare le risposte API",
+  "com_endpoint_use_search_grounding": "Messa a terra con la ricerca su Google",
+  "com_endpoint_verbosity": "Verbosità",
+  "com_error_endpoint_models_not_loaded": "Modelli per {{0}} non è stato possibile caricarlo. Aggiornare la pagina e riprovare.",
   "com_error_expired_user_key": "La chiave fornita per {{0}} è scaduta il {{1}}. Fornisci una chiave e riprova.",
   "com_error_files_dupe": "File duplicato rilevato.",
   "com_error_files_empty": "I file vuoti non sono consentiti.",
   "com_error_files_process": "Si è verificato un errore durante l'elaborazione del file.",
   "com_error_files_upload": "Si è verificato un errore durante il caricamento del file.",
   "com_error_files_upload_canceled": "La richiesta di caricamento del file è stata annullata. Nota: il caricamento del file potrebbe essere ancora in corso e potrebbe essere necessario eliminarlo manualmente.",
+  "com_error_files_upload_too_large": "Il file è troppo grande.  Si prega di caricare un file più piccolo di {{0}} MB",
   "com_error_files_validation": "Si è verificato un errore durante la validazione del file.",
+  "com_error_google_tool_conflict": "L'uso degli strumenti integrati di Google non è supportato da strumenti esterni. Disattivare gli strumenti integrati o quelli esterni.",
+  "com_error_heic_conversion": "Impossibile convertire l'immagine HEIC in JPEG. Provare a convertire l'immagine manualmente o utilizzare un altro formato.",
+  "com_error_illegal_model_request": "Il modello \"{{0}}\" non è disponibile per {{1}}. Selezionare un modello diverso.",
   "com_error_input_length": "Il conteggio dei token dell'ultimo messaggio è troppo lungo e supera il limite consentito ({{0}}). Per favore, accorcia il tuo messaggio, modifica la dimensione massima del contesto dai parametri della conversazione, oppure crea una diramazione della conversazione per continuare.",
+  "com_error_invalid_agent_provider": "Il \"{{0}}Il provider \" non è disponibile per l'uso con gli agenti. Accedere alle impostazioni dell'agente e selezionare un provider attualmente disponibile.",
   "com_error_invalid_user_key": "Chiave fornita non valida. Fornisci una chiave e riprova.",
+  "com_error_missing_model": "Nessun modello selezionato per {{0}}. Selezionare un modello e riprovare.",
+  "com_error_models_not_loaded": "Non è stato possibile caricare la configurazione dei modelli. Aggiornare la pagina e riprovare.",
   "com_error_moderation": "Sembra che il contenuto inviato sia stato contrassegnato dal nostro sistema di moderazione per non essere allineato con le nostre linee guida della community. Non possiamo procedere con questo argomento specifico. Se hai altre domande o argomenti che vorresti esplorare, modifica il tuo messaggio o crea una nuova conversazione.",
   "com_error_no_base_url": "Nessun URL base trovato. Forniscine uno e riprova.",
   "com_error_no_user_key": "Nessuna chiave trovata. Fornisci una chiave e riprova.",
+  "com_error_refusal": "Risposta rifiutata dai filtri di sicurezza. Riscrivere il messaggio e riprovare. Se questo problema si verifica frequentemente durante l'uso di Claude Sonnet 4.5 o Opus 4.1, si può provare Sonnet 4, che ha restrizioni d'uso diverse.",
+  "com_file_pages": "Pagine: {{pages}}",
+  "com_file_source": "File",
+  "com_file_unknown": "File sconosciuto",
+  "com_files_download_failed": "{{0}} file non riusciti",
+  "com_files_download_percent_complete": "{{0}}% completo",
+  "com_files_download_progress": "{{0}} di {{1}} file",
+  "com_files_downloading": "Scaricare i file",
   "com_files_filter": "Filtra file...",
+  "com_files_filter_by": "Filtrare i file per...",
   "com_files_no_results": "Nessun risultato.",
   "com_files_number_selected": "{{0}} di {{1}} file selezionati",
+  "com_files_preparing_download": "Preparazione del download...",
+  "com_files_result_found": "{{count}} risultato trovato",
+  "com_files_results_found": "{{count}} risultati trovati",
+  "com_files_sharepoint_picker_title": "File di prelievo",
+  "com_files_table": "Tabella dei file",
+  "com_files_upload_local_machine": "Dal computer locale",
+  "com_files_upload_sharepoint": "Da SharePoint",
   "com_generated_files": "File generati:",
   "com_hide_examples": "Nascondi esempi",
+  "com_info_heic_converting": "Conversione dell'immagine HEIC in JPEG...",
   "com_nav_2fa": "Autenticazione a due fattori (2FA)",
   "com_nav_account_settings": "Impostazioni account",
   "com_nav_always_make_prod": "Rendi sempre produttive le nuove versioni",
@@ -369,12 +401,34 @@
   "com_nav_auto_transcribe_audio": "Trascrivi audio automaticamente",
   "com_nav_automatic_playback": "Riproduzione automatica ultimo messaggio",
   "com_nav_balance": "Bilancio",
+  "com_nav_balance_auto_refill_disabled": "La ricarica automatica è disattivata.",
+  "com_nav_balance_auto_refill_error": "Errore nel caricamento delle impostazioni di ricarica automatica.",
+  "com_nav_balance_auto_refill_settings": "Impostazioni di ricarica automatica",
+  "com_nav_balance_day": "giorno",
+  "com_nav_balance_days": "giorni",
+  "com_nav_balance_every": "Ogni",
+  "com_nav_balance_hour": "ora",
+  "com_nav_balance_hours": "ore",
+  "com_nav_balance_interval": "Intervallo:",
+  "com_nav_balance_last_refill": "Ultima ricarica:",
+  "com_nav_balance_minute": "minuto",
+  "com_nav_balance_minutes": "minuti",
+  "com_nav_balance_month": "mese",
+  "com_nav_balance_months": "mesi",
+  "com_nav_balance_next_refill": "Prossima ricarica:",
+  "com_nav_balance_next_refill_info": "La ricarica successiva avverrà automaticamente solo quando saranno soddisfatte entrambe le condizioni: è trascorso l'intervallo di tempo previsto dall'ultima ricarica e l'invio di una richiesta di rimborso farebbe scendere il saldo sotto lo zero.",
+  "com_nav_balance_refill_amount": "Quantità di ricarica:",
+  "com_nav_balance_second": "secondo",
+  "com_nav_balance_seconds": "secondi",
+  "com_nav_balance_week": "settimana",
+  "com_nav_balance_weeks": "settimane",
   "com_nav_browser": "Browser",
   "com_nav_center_chat_input": "Input chat centrale nella schermata di benvenuto",
   "com_nav_change_picture": "Cambia immagine",
   "com_nav_chat_commands": "Comandi Chat",
   "com_nav_chat_commands_info": "Questi comandi vengono attivati digitando caratteri specifici all'inizio del tuo messaggio. Ogni comando viene attivato dal suo prefisso designato. Puoi disabilitarli se usi frequentemente questi caratteri per iniziare i messaggi.",
   "com_nav_chat_direction": "Direzione della chat",
+  "com_nav_chat_direction_selected": "Direzione della chat: {{direction}}",
   "com_nav_clear_all_chats": "Cancella tutte le chat",
   "com_nav_clear_cache_confirm_message": "Sei sicuro di voler svuotare la cache?",
   "com_nav_clear_conversation": "Cancella conversazioni",
@@ -382,9 +436,11 @@
   "com_nav_close_sidebar": "Chiudi barra laterale",
   "com_nav_commands": "Comandi",
   "com_nav_confirm_clear": "Conferma cancellazione",
+  "com_nav_control_panel": "Pannello di controllo",
   "com_nav_conversation_mode": "Modalità Conversazione",
   "com_nav_convo_menu_options": "Opzioni menu conversazione",
   "com_nav_db_sensitivity": "Sensibilità decibel",
+  "com_nav_default_temporary_chat": "Chat temporanea per impostazione predefinita",
   "com_nav_delete_account": "Elimina account",
   "com_nav_delete_account_button": "Elimina permanentemente il mio account",
   "com_nav_delete_account_confirm": "Sei sicuro di voler eliminare il tuo account?",
@@ -413,22 +469,30 @@
   "com_nav_font_size_xl": "Extra Large",
   "com_nav_font_size_xs": "Extra Small",
   "com_nav_help_faq": "Guida e FAQ",
-  "com_nav_hide_panel": "Nascondi il Pannello laterale più a destra",
+  "com_nav_info_balance": "Il saldo mostra quanti crediti di gettoni sono rimasti da utilizzare. I crediti di gettoni si traducono in valore monetario (ad esempio, 1000 crediti = 0,001 dollari USA).",
   "com_nav_info_code_artifacts": "Abilita la visualizzazione di artefatti di codice sperimentali accanto alla chat",
   "com_nav_info_code_artifacts_agent": "Abilita l'uso di artefatti di codice per questo agente. Per impostazione predefinita, vengono aggiunte istruzioni aggiuntive specifiche per l'uso degli artefatti, a meno che non sia abilitata la \"Modalità prompt personalizzato\".",
   "com_nav_info_custom_prompt_mode": "Quando attivata, l'istruzione predefinita del sistema per gli artefatti non verrà inclusa. In questa modalità, tutte le istruzioni per la generazione degli artefatti dovranno essere fornite manualmente.",
+  "com_nav_info_default_temporary_chat": "Se attivata, le nuove chat inizieranno con la modalità di chat temporanea attivata per impostazione predefinita. Le chat temporanee non vengono salvate nella cronologia.",
   "com_nav_info_enter_to_send": "Quando attivo, premendo `INVIO` invierai il tuo messaggio. Quando disattivato, premendo Invio andrai a capo, e dovrai premere `CTRL + INVIO` / `⌘ + INVIO` per inviare il messaggio.",
   "com_nav_info_fork_change_default": "\"Solo messaggi visibili\" include solo il percorso diretto al messaggio selezionato. \"Includi rami correlati\" aggiunge i rami lungo il percorso. \"Includi tutti i messaggi da/verso qui\" include tutti i messaggi e i rami connessi.",
   "com_nav_info_fork_split_target_setting": "Quando abilitato, la duplicazione inizierà dal messaggio di destinazione fino all'ultimo messaggio della conversazione, secondo il comportamento selezionato.",
   "com_nav_info_include_shadcnui": "Quando abilitato, verranno incluse le istruzioni per l'utilizzo dei componenti shadcn/ui. shadcn/ui è una raccolta di componenti riutilizzabili costruiti utilizzando Radix UI e Tailwind CSS. Nota: queste sono istruzioni dettagliate, dovresti abilitarle solo se ritieni importante informare l'LLM sulle corrette importazioni e sui componenti. Per maggiori informazioni su questi componenti, visita: https://ui.shadcn.com/",
   "com_nav_info_latex_parsing": "Quando attivato, il codice LaTeX nei messaggi verrà visualizzato come equazioni matematiche. Disattivarlo può migliorare le prestazioni se non hai bisogno della visualizzazione LaTeX.",
+  "com_nav_info_save_badges_state": "Se abilitato, lo stato dei badge della chat viene salvato. Ciò significa che se si crea una nuova chat, i badge rimarranno nello stesso stato della chat precedente. Se si disattiva questa opzione, i badge verranno ripristinati allo stato predefinito ogni volta che si crea una nuova chat.",
   "com_nav_info_save_draft": "Quando attivata, questa funzione salverà automaticamente come bozze il testo e gli allegati inseriti nella chat. Queste bozze saranno disponibili anche se ricarichi la pagina o passi a un'altra conversazione. Le bozze vengono memorizzate localmente sul tuo dispositivo e vengono eliminate una volta inviato il messaggio.",
   "com_nav_info_show_thinking": "Quando attivato, la chat mostrerà i menu a tendina del ragionamento aperti per impostazione predefinita, permettendoti di visualizzare il ragionamento dell'IA in tempo reale. Quando disattivato, i menu a tendina del ragionamento rimarranno chiusi per impostazione predefinita per un'interfaccia più pulita e snella",
   "com_nav_info_user_name_display": "Quando attivato, il nome utente del mittente verrà mostrato sopra ogni messaggio che invii. Quando disattivato, vedrai solo \"Tu\" sopra i tuoi messaggi.",
+  "com_nav_keep_screen_awake": "Mantenere lo schermo sveglio durante la generazione della risposta",
   "com_nav_lang_arabic": "العربية",
+  "com_nav_lang_armenian": "Հայերեն",
   "com_nav_lang_auto": "Rileva automaticamente",
+  "com_nav_lang_bosnian": "Босански",
   "com_nav_lang_brazilian_portuguese": "Português Brasileiro",
+  "com_nav_lang_catalan": "Català",
   "com_nav_lang_chinese": "中文",
+  "com_nav_lang_czech": "Čeština",
+  "com_nav_lang_danish": "Dansk",
   "com_nav_lang_dutch": "Nederlands",
   "com_nav_lang_english": "English",
   "com_nav_lang_estonian": "Eesti keel",
@@ -438,24 +502,49 @@
   "com_nav_lang_german": "Deutsch",
   "com_nav_lang_hebrew": "עברית",
   "com_nav_lang_hungarian": "Ungherese",
+  "com_nav_lang_icelandic": "Íslenska",
   "com_nav_lang_indonesia": "Indonesia",
   "com_nav_lang_italian": "Italiano",
   "com_nav_lang_japanese": "日本語",
   "com_nav_lang_korean": "한국어",
+  "com_nav_lang_latvian": "Latviski",
+  "com_nav_lang_lithuanian": "Lietuvių",
+  "com_nav_lang_norwegian_bokmal": "Norsk Bokmål",
+  "com_nav_lang_norwegian_nynorsk": "Norsk Nynorsk",
+  "com_nav_lang_persian": "فارسی",
   "com_nav_lang_polish": "Polski",
   "com_nav_lang_portuguese": "Português",
   "com_nav_lang_russian": "Русский",
+  "com_nav_lang_slovak": "Slovenia",
+  "com_nav_lang_slovenian": "Slovena",
   "com_nav_lang_spanish": "Español",
   "com_nav_lang_swedish": "Svenska",
   "com_nav_lang_thai": "ไทย",
+  "com_nav_lang_tibetan": "བོད་སྐད་",
   "com_nav_lang_traditional_chinese": "繁體中文",
   "com_nav_lang_turkish": "Türkçe",
+  "com_nav_lang_ukrainian": "Українська",
+  "com_nav_lang_uyghur": "Uyƣur tili",
   "com_nav_lang_vietnamese": "Tiếng Việt",
   "com_nav_language": "Lingua",
   "com_nav_latex_parsing": "Analizza LaTeX nei messaggi (potrebbe influire sulle prestazioni)",
   "com_nav_log_out": "Disconnetti",
   "com_nav_long_audio_warning": "I testi più lunghi richiederanno più tempo per l'elaborazione.",
   "com_nav_maximize_chat_space": "Massimizza spazio chat",
+  "com_nav_mcp_access_revoked": "Accesso al server MCP revocato con successo.",
+  "com_nav_mcp_configure_server": "Configurare {{0}}",
+  "com_nav_mcp_connect": "Collegare",
+  "com_nav_mcp_connect_server": "Collegare {{0}}",
+  "com_nav_mcp_reconnect": "Ricollegarsi",
+  "com_nav_mcp_status_connected": "Collegato",
+  "com_nav_mcp_status_connecting": "{{0}} - Collegamento",
+  "com_nav_mcp_status_disconnected": "Disconnesso",
+  "com_nav_mcp_status_error": "Errore",
+  "com_nav_mcp_status_initializing": "Inizializzazione",
+  "com_nav_mcp_status_needs_auth": "Necessità di autorizzazione",
+  "com_nav_mcp_status_unknown": "Sconosciuto",
+  "com_nav_mcp_vars_update_error": "Errore nell'aggiornamento delle variabili utente personalizzate di MCP",
+  "com_nav_mcp_vars_updated": "Le variabili utente personalizzate di MCP sono state aggiornate con successo.",
   "com_nav_modular_chat": "Abilita il cambio di Endpoint a metà conversazione",
   "com_nav_my_files": "I miei file",
   "com_nav_not_supported": "Non supportato",
@@ -465,18 +554,22 @@
   "com_nav_plus_command": "+-Comando",
   "com_nav_plus_command_description": "Attiva/disattiva il comando \"+\" per aggiungere un'impostazione multi-risposta",
   "com_nav_profile_picture": "Immagine profilo",
+  "com_nav_save_badges_state": "Salva lo stato dei badge",
   "com_nav_save_drafts": "Salva bozze localmente",
   "com_nav_scroll_button": "Pulsante per scorrere fino alla fine",
   "com_nav_search_placeholder": "Cerca messaggi",
   "com_nav_send_message": "Invia messaggio",
   "com_nav_setting_account": "Account",
+  "com_nav_setting_balance": "Bilancio",
   "com_nav_setting_chat": "Chat",
   "com_nav_setting_data": "Controlli dati",
+  "com_nav_setting_delay": "Ritardo (s)",
   "com_nav_setting_general": "Generale",
+  "com_nav_setting_mcp": "Impostazioni MCP",
+  "com_nav_setting_personalization": "Personalizzazione",
   "com_nav_setting_speech": "Voce",
   "com_nav_settings": "Impostazioni",
   "com_nav_shared_links": "Link condivisi",
-  "com_nav_show_code": "Mostra sempre il codice quando si usa l'interprete di codice",
   "com_nav_show_thinking": "Apri i menu a tendina del ragionamento per impostazione predefinita",
   "com_nav_slash_command": "/-Comando",
   "com_nav_slash_command_description": "Attiva il comando \"/\" per selezionare un prompt tramite tastiera",
@@ -487,9 +580,11 @@
   "com_nav_theme_dark": "Scuro",
   "com_nav_theme_light": "Chiaro",
   "com_nav_theme_system": "Sistema",
+  "com_nav_toggle_sidebar": "Alterna la barra laterale",
   "com_nav_tool_dialog": "Strumenti Assistente",
   "com_nav_tool_dialog_agents": "Strumenti Agente",
   "com_nav_tool_dialog_description": "L'Assistente deve essere salvato per conservare le selezioni degli strumenti.",
+  "com_nav_tool_dialog_mcp_server_tools": "Strumenti server MCP",
   "com_nav_tool_remove": "Rimuovi",
   "com_nav_tool_search": "Cerca strumenti",
   "com_nav_user": "UTENTE",
@@ -504,6 +599,24 @@
   "com_sidepanel_hide_panel": "Nascondi Pannello",
   "com_sidepanel_manage_files": "Gestisci File",
   "com_sidepanel_parameters": "Parametri",
+  "com_sources_agent_file": "Documento sorgente",
+  "com_sources_agent_files": "File dell'agente",
+  "com_sources_download_aria_label": "Scaricare {{filename}}{{status}}",
+  "com_sources_download_failed": "Download fallito",
+  "com_sources_download_local_unavailable": "Impossibile scaricare: Il file non è stato salvato",
+  "com_sources_downloading_status": " (download...)",
+  "com_sources_error_fallback": "Impossibile caricare le fonti",
+  "com_sources_image_alt": "Immagine del risultato della ricerca",
+  "com_sources_more_files": "+{{count}} file",
+  "com_sources_more_sources": "+{{count}} fonti",
+  "com_sources_pages": "Pagine",
+  "com_sources_region_label": "Risultati della ricerca e fonti",
+  "com_sources_reload_page": "Ricarica la pagina",
+  "com_sources_tab_all": "Tutti",
+  "com_sources_tab_files": "File",
+  "com_sources_tab_images": "Immagini",
+  "com_sources_tab_news": "Notizie",
+  "com_sources_title": "Fonti",
   "com_ui_2fa_account_security": "L'autenticazione a due fattori aggiunge un ulteriore livello di sicurezza al vostro account",
   "com_ui_2fa_disable": "Disattivare 2FA",
   "com_ui_2fa_disable_error": "Si è verificato un errore nella disabilitazione dell'autenticazione a due fattori",
@@ -515,15 +628,38 @@
   "com_ui_2fa_setup": "Setup 2FA",
   "com_ui_2fa_verified": "Autenticazione a due fattori verificata con successo",
   "com_ui_accept": "Accetto",
+  "com_ui_action_button": "Pulsante di azione",
+  "com_ui_active": "Attivo",
   "com_ui_add": "Aggiungi",
+  "com_ui_add_code_interpreter_api_key": "Aggiungere la chiave API dell'interprete di codice",
+  "com_ui_add_first_bookmark": "Fare clic su una chat per aggiungerne una",
+  "com_ui_add_first_mcp_server": "Creare il primo server MCP per iniziare",
+  "com_ui_add_first_prompt": "Creare il primo prompt per iniziare",
+  "com_ui_add_mcp": "Aggiungi MCP",
+  "com_ui_add_mcp_server": "Aggiungere il server MCP",
   "com_ui_add_model_preset": "Aggiungi un modello o una preimpostazione per una risposta aggiuntiva",
   "com_ui_add_multi_conversation": "Aggiungi conversazioni multiple",
+  "com_ui_add_special_variables": "Aggiungere variabili speciali",
+  "com_ui_add_web_search_api_keys": "Aggiungere le chiavi API di ricerca web",
+  "com_ui_adding_details": "Aggiunta di dettagli",
+  "com_ui_additional_details": "Dettagli aggiuntivi",
   "com_ui_admin": "Amministratore",
   "com_ui_admin_access_warning": "La disattivazione dell'accesso amministratore a questa funzionalità potrebbe causare problemi imprevisti all'interfaccia utente che richiedono un aggiornamento. Una volta salvata, l'unico modo per ripristinare è attraverso l'impostazione dell'interfaccia nel file di configurazione librechat.yaml, che influisce su tutti i ruoli.",
   "com_ui_admin_settings": "Impostazioni Amministratore",
+  "com_ui_admin_settings_section": "Impostazioni dell'amministratore - {{section}}",
   "com_ui_advanced": "Avanzate",
   "com_ui_advanced_settings": "Impostazioni avanzate",
   "com_ui_agent": "Agente",
+  "com_ui_agent_api_keys": "Chiavi API dell'agente",
+  "com_ui_agent_api_keys_description": "Creare chiavi API per accedere agli agenti in remoto tramite l'API.",
+  "com_ui_agent_category_aftersales": "Post-vendita",
+  "com_ui_agent_category_finance": "Finanza",
+  "com_ui_agent_category_general": "Generale",
+  "com_ui_agent_category_hr": "HR",
+  "com_ui_agent_category_it": "IT",
+  "com_ui_agent_category_rd": "R&S",
+  "com_ui_agent_category_sales": "Saldi",
+  "com_ui_agent_category_selector_aria": "Selettore di categoria dell'agente",
   "com_ui_agent_chain": "Catena di agenti (Mixture-of-Agents)",
   "com_ui_agent_chain_info": "Consente di creare sequenze di agenti. Ogni agente può accedere agli output degli agenti precedenti nella catena. Si basa sull'architettura \"Mixture-of-Agents\", in cui gli agenti utilizzano le uscite precedenti come informazioni ausiliarie.",
   "com_ui_agent_chain_max": "Avete raggiunto il massimo di {{0}} agenti.",
@@ -531,21 +667,61 @@
   "com_ui_agent_deleted": "Agente eliminato con successo",
   "com_ui_agent_duplicate_error": "Si è verificato un errore durante la duplicazione dell'assistente",
   "com_ui_agent_duplicated": "Agente duplicato con successo",
+  "com_ui_agent_handoff_add": "Aggiungere l'agente di handoff",
+  "com_ui_agent_handoff_description": "Descrizione del passaggio di consegne",
+  "com_ui_agent_handoff_description_placeholder": "Ad esempio, trasferimento all'analista dei dati per l'analisi statistica.",
+  "com_ui_agent_handoff_info": "Configurare gli agenti a cui questo agente può trasferire le conversazioni quando è necessaria una competenza specifica.",
+  "com_ui_agent_handoff_info_2": "Ogni passaggio di consegne crea uno strumento di trasferimento che consente di instradare senza problemi gli agenti specializzati con un contesto.",
+  "com_ui_agent_handoff_max": "Massimo {{0}} agenti di passaggio raggiunti.",
+  "com_ui_agent_handoff_prompt": "Contenuto passante",
+  "com_ui_agent_handoff_prompt_key": "Nome del parametro di contenuto (predefinito: \"istruzioni\")",
+  "com_ui_agent_handoff_prompt_key_placeholder": "Etichetta del contenuto passato (predefinito: 'istruzioni')",
+  "com_ui_agent_handoff_prompt_placeholder": "Indica a questo agente quale contenuto generare e passare all'agente di handoff. È necessario aggiungere qualcosa qui per abilitare questa funzione",
+  "com_ui_agent_handoffs": "Passaggio dell'agente",
+  "com_ui_agent_name_is_required": "Il nome dell'agente è obbligatorio",
   "com_ui_agent_recursion_limit": "Passi massimi dell'agente",
   "com_ui_agent_recursion_limit_info": "Limita il numero di passaggi che l'agente può effettuare in un'esecuzione prima di fornire una risposta finale. Il valore predefinito è 25 passaggi. Un passaggio è una richiesta API AI o un round di utilizzo dello strumento. Ad esempio, un'interazione di base con uno strumento richiede 3 passaggi: richiesta iniziale, utilizzo dello strumento e richiesta di follow-up",
+  "com_ui_agent_url_copied": "URL agente copiato negli appunti",
   "com_ui_agent_var": "{{0}} agente",
+  "com_ui_agent_version": "Versione",
+  "com_ui_agent_version_active": "Versione attiva",
+  "com_ui_agent_version_empty": "Nessuna versione disponibile",
+  "com_ui_agent_version_error": "Errore nel recupero delle versioni",
+  "com_ui_agent_version_history": "Storia della versione",
+  "com_ui_agent_version_no_agent": "Nessun agente selezionato. Selezionare un agente per visualizzare la cronologia delle versioni.",
+  "com_ui_agent_version_no_date": "Data non disponibile",
+  "com_ui_agent_version_restore": "Ripristino",
+  "com_ui_agent_version_restore_confirm": "Siete sicuri di voler ripristinare questa versione?",
+  "com_ui_agent_version_restore_error": "Impossibile ripristinare la versione",
+  "com_ui_agent_version_restore_success": "Versione ripristinata con successo",
+  "com_ui_agent_version_title": "Versione {{versionNumber}}",
+  "com_ui_agent_version_unknown_date": "Data sconosciuta",
   "com_ui_agents": "Agenti",
   "com_ui_agents_allow_create": "Consenti creazione Agenti",
+  "com_ui_agents_allow_share": "Consentire la condivisione di agenti",
+  "com_ui_agents_allow_share_public": "Consentire la condivisione degli Agenti pubblicamente",
   "com_ui_agents_allow_use": "Consenti utilizzo Agenti",
   "com_ui_all": "tutto",
   "com_ui_all_proper": "Tutto",
   "com_ui_analyzing": "Analizzando",
   "com_ui_analyzing_finished": "Analisi completata",
   "com_ui_api_key": "Chiave API",
+  "com_ui_api_key_copied": "Chiave API copiata negli appunti",
+  "com_ui_api_key_create_error": "Impossibile creare la chiave API",
+  "com_ui_api_key_created": "Chiave API creata con successo",
+  "com_ui_api_key_delete_error": "Cancellazione non riuscita della chiave API",
+  "com_ui_api_key_deleted": "Chiave API cancellata con successo",
+  "com_ui_api_key_name": "Nome chiave",
+  "com_ui_api_key_name_placeholder": "La mia chiave API",
+  "com_ui_api_key_name_required": "Il nome della chiave API è obbligatorio",
+  "com_ui_api_key_warning": "Assicuratevi di copiare subito la vostra chiave API. Non sarà più possibile visualizzarla!",
+  "com_ui_api_keys_load_error": "Impossibile caricare le chiavi API",
   "com_ui_archive": "Archivia",
+  "com_ui_archive_delete_error": "Impossibile eliminare una conversazione archiviata",
   "com_ui_archive_error": "Errore durante l'archiviazione della conversazione",
   "com_ui_artifact_click": "Clicca per aprire",
   "com_ui_artifacts": "Artefatti",
+  "com_ui_artifacts_options": "Opzioni per gli artefatti",
   "com_ui_artifacts_toggle": "Mostra/Nascondi Interfaccia Artefatti",
   "com_ui_artifacts_toggle_agent": "Abilita artefatti",
   "com_ui_ascending": "Crescente",
@@ -554,30 +730,43 @@
   "com_ui_assistant_deleted": "Assistente eliminato con successo",
   "com_ui_assistants": "Assistenti",
   "com_ui_assistants_output": "Output Assistenti",
+  "com_ui_at_least_one_owner_required": "È necessario almeno un proprietario",
   "com_ui_attach_error": "Impossibile allegare il file. Crea o seleziona una conversazione, oppure prova a ricaricare la pagina.",
+  "com_ui_attach_error_disabled": "Il caricamento dei file è disabilitato per questo endpoint",
   "com_ui_attach_error_openai": "Non è possibile allegare file dell'Assistente ad altri endpoint",
   "com_ui_attach_error_size": "Limite dimensione file superato per l'endpoint:",
   "com_ui_attach_error_type": "Tipo di file non supportato per l'endpoint:",
+  "com_ui_attach_remove": "Rimuovere il file",
   "com_ui_attach_warn_endpoint": "Attenzione: i file non compatibili con lo strumento potrebbero essere ignorati",
   "com_ui_attachment": "Allegato",
   "com_ui_auth_type": "Tipo di autenticazione",
   "com_ui_auth_url": "URL di autorizzazione",
+  "com_ui_authenticate": "Autenticare",
   "com_ui_authentication": "Autenticazione",
   "com_ui_authentication_type": "Tipo di autenticazione",
+  "com_ui_auto": "Auto",
   "com_ui_avatar": "Avatar",
   "com_ui_azure": "Azure",
+  "com_ui_azure_ad": "ID Entra",
+  "com_ui_back": "Indietro",
+  "com_ui_back_to_builder": "Torna al costruttore",
   "com_ui_back_to_chat": "Torna alla Chat",
   "com_ui_back_to_prompts": "Torna ai prompt",
+  "com_ui_backup_code_number": "Codice #{{number}}",
   "com_ui_backup_codes": "Codici di backup",
   "com_ui_backup_codes_regenerate_error": "Si è verificato un errore durante la rigenerazione dei codici di backup",
   "com_ui_backup_codes_regenerated": "I codici di backup sono stati rigenerati con successo",
+  "com_ui_backup_codes_security_info": "Per motivi di sicurezza, i codici di backup vengono visualizzati una sola volta quando vengono generati. Si prega di salvarli in un luogo sicuro.",
+  "com_ui_backup_codes_status": "Stato dei codici di backup",
   "com_ui_basic": "Base",
   "com_ui_basic_auth_header": "Intestazione di autorizzazione di base",
   "com_ui_bearer": "Bearer",
+  "com_ui_beta": "Beta",
   "com_ui_bookmark_delete_confirm": "Sei sicuro di voler eliminare questo segnalibro?",
   "com_ui_bookmarks": "Segnalibri",
   "com_ui_bookmarks_add": "Aggiungi Segnalibri",
   "com_ui_bookmarks_add_to_conversation": "Aggiungi alla conversazione attuale",
+  "com_ui_bookmarks_count_selected": "Segnalibri, {{count}} selezionato",
   "com_ui_bookmarks_create_error": "Si è verificato un errore durante la creazione del segnalibro",
   "com_ui_bookmarks_create_exists": "Questo segnalibro esiste già",
   "com_ui_bookmarks_create_success": "Segnalibro creato con successo",
@@ -588,42 +777,92 @@
   "com_ui_bookmarks_edit": "Modifica Segnalibro",
   "com_ui_bookmarks_filter": "Filtra segnalibri...",
   "com_ui_bookmarks_new": "Nuovo Segnalibro",
+  "com_ui_bookmarks_tag_exists": "Esiste già un segnalibro con questo titolo",
   "com_ui_bookmarks_title": "Titolo",
   "com_ui_bookmarks_update_error": "Si è verificato un errore durante l'aggiornamento del segnalibro",
   "com_ui_bookmarks_update_success": "Segnalibro aggiornato con successo",
+  "com_ui_branch_created": "Ramo creato con successo",
+  "com_ui_branch_error": "Impossibile creare un ramo",
+  "com_ui_branch_message": "Creare un ramo da questa risposta",
+  "com_ui_by_author": "da {{0}}",
   "com_ui_callback_url": "URL di richiamata",
   "com_ui_cancel": "Annulla",
+  "com_ui_cancelled": "Annullato",
+  "com_ui_category": "Categoria",
+  "com_ui_change_version": "Cambia versione",
   "com_ui_chat": "Chat",
   "com_ui_chat_history": "Cronologia chat",
+  "com_ui_chats": "Chat",
+  "com_ui_check_internet": "Controllare la connessione a Internet",
   "com_ui_clear": "Cancella",
   "com_ui_clear_all": "Cancella tutto",
+  "com_ui_clear_browser_cache": "Cancellare la cache del browser",
+  "com_ui_clear_presets": "Cancella le preimpostazioni",
+  "com_ui_clear_search": "Pulisci ricerca",
+  "com_ui_click_to_close": "Fare clic per chiudere",
+  "com_ui_click_to_view_var": "Clicca per vedere {{0}}",
   "com_ui_client_id": "Client ID",
   "com_ui_client_secret": "Client Secret",
   "com_ui_close": "Chiudi",
   "com_ui_close_menu": "Chiudi Menu",
+  "com_ui_close_settings": "Chiudere le impostazioni",
+  "com_ui_close_var": "Chiudere {{0}}",
+  "com_ui_close_window": "Chiudere la finestra",
   "com_ui_code": "Codice",
+  "com_ui_collapse": "Crollo",
   "com_ui_collapse_chat": "Comprimi Chat",
+  "com_ui_collapse_thoughts": "Pensieri al collasso",
   "com_ui_command_placeholder": "Opzionale: Inserisci un comando per il prompt o verrà utilizzato il nome",
   "com_ui_command_usage_placeholder": "Seleziona un prompt tramite comando o nome",
   "com_ui_complete_setup": "Completa Setup",
+  "com_ui_concise": "Conciso",
+  "com_ui_configure": "Configurare",
+  "com_ui_configure_mcp_variables_for": "Configurare le variabili per {{0}}",
+  "com_ui_confirm": "Confermare",
   "com_ui_confirm_action": "Conferma Azione",
   "com_ui_confirm_admin_use_change": "La modifica di questa impostazione bloccherà l'accesso agli amministratori, te compreso. Sei sicuro di voler procedere?",
   "com_ui_confirm_change": "Conferma modifica",
+  "com_ui_connecting": "Collegamento",
+  "com_ui_contact_admin_if_issue_persists": "Contattare l'amministratore se il problema persiste",
   "com_ui_context": "Contesto",
+  "com_ui_context_filter_sort": "Filtrare e ordinare per contesto",
   "com_ui_continue": "Continua",
-  "com_ui_controls": "Controlli",
+  "com_ui_continue_oauth": "Continuare con OAuth",
+  "com_ui_control_bar": "Barra di controllo",
+  "com_ui_conversation": "conversazione",
+  "com_ui_conversation_label": "{{title}} conversazione",
+  "com_ui_conversation_not_found": "Conversazione non trovata",
+  "com_ui_conversations": "conversazioni",
+  "com_ui_convo_archived": "Conversazione archiviata",
+  "com_ui_convo_delete_error": "Eliminazione fallita della conversazione",
+  "com_ui_convo_delete_success": "Conversazione cancellata con successo",
   "com_ui_copied": "Copiato!",
   "com_ui_copied_to_clipboard": "Copiato negli appunti",
+  "com_ui_copy": "Copia",
   "com_ui_copy_code": "Copia codice",
   "com_ui_copy_link": "Copia link",
+  "com_ui_copy_stack_trace": "Copia della traccia dello stack",
+  "com_ui_copy_thoughts_to_clipboard": "Copiare i pensieri negli appunti",
   "com_ui_copy_to_clipboard": "Copia negli appunti",
+  "com_ui_copy_url_to_clipboard": "Copiare l'URL negli appunti",
   "com_ui_create": "Crea",
+  "com_ui_create_api_key": "Creare la chiave API",
+  "com_ui_create_assistant": "Creare un assistente",
   "com_ui_create_link": "Crea link",
+  "com_ui_create_mcp_server": "Creare il server MCP",
+  "com_ui_create_memory": "Creare memoria",
+  "com_ui_create_new_agent": "Creare un nuovo agente",
   "com_ui_create_prompt": "Crea prompt",
+  "com_ui_create_prompt_page": "Pagina di configurazione del nuovo prompt",
+  "com_ui_created": "Creato",
+  "com_ui_creating": "Creare...",
+  "com_ui_creating_image": "Creazione dell'immagine. Può richiedere un momento",
+  "com_ui_current": "Attuale",
   "com_ui_currently_production": "Attualmente in produzione",
   "com_ui_custom": "Personalizzato",
   "com_ui_custom_header_name": "Nome intestazione personalizzato",
   "com_ui_custom_prompt_mode": "Modalità Prompt Personalizzato",
+  "com_ui_dark_theme_enabled": "Tema scuro abilitato",
   "com_ui_dashboard": "Pannello di controllo",
   "com_ui_date": "Data",
   "com_ui_date_april": "Aprile",
@@ -640,6 +879,7 @@
   "com_ui_date_previous_30_days": "Ultimi 30 giorni",
   "com_ui_date_previous_7_days": "Ultimi 7 giorni",
   "com_ui_date_september": "Settembre",
+  "com_ui_date_sort": "Ordina per data",
   "com_ui_date_today": "Oggi",
   "com_ui_date_yesterday": "Ieri",
   "com_ui_decline": "Non accetto",
@@ -647,46 +887,112 @@
   "com_ui_delete": "Elimina",
   "com_ui_delete_action": "Elimina Azione",
   "com_ui_delete_action_confirm": "Sei sicuro di voler eliminare questa azione?",
+  "com_ui_delete_agent": "Cancellare l'agente",
   "com_ui_delete_agent_confirm": "Sei sicuro di voler eliminare questo agente?",
+  "com_ui_delete_assistant": "Cancellare l'assistente",
   "com_ui_delete_assistant_confirm": "Sei sicuro di voler eliminare questo Assistente? Questa operazione non può essere annullata.",
   "com_ui_delete_confirm": "Questo eliminerà",
   "com_ui_delete_confirm_prompt_version_var": "Questo eliminerà la versione selezionata per \"{{0}}\". Se non esistono altre versioni, il prompt verrà eliminato.",
+  "com_ui_delete_confirm_strong": "Questo eliminerà <strong>{{title}}</strong>",
   "com_ui_delete_conversation": "Eliminare la chat?",
+  "com_ui_delete_conversation_tooltip": "Cancellare la conversazione",
+  "com_ui_delete_mcp_server": "Cancellare il server MCP?",
+  "com_ui_delete_mcp_server_name": "Eliminare il server MCP {{0}}",
+  "com_ui_delete_memory": "Cancellare la memoria",
+  "com_ui_delete_not_allowed": "L'operazione di cancellazione non è consentita",
+  "com_ui_delete_preset": "Cancellare la preimpostazione?",
   "com_ui_delete_prompt": "Eliminare il prompt?",
+  "com_ui_delete_prompt_name": "Cancellare il Prompt - {{name}}",
   "com_ui_delete_shared_link": "Eliminare il link condiviso?",
+  "com_ui_delete_shared_link_heading": "Eliminare il collegamento condiviso",
+  "com_ui_delete_success": "Eliminato con successo",
   "com_ui_delete_tool": "Elimina Strumento",
   "com_ui_delete_tool_confirm": "Sei sicuro di voler eliminare questo strumento?",
+  "com_ui_delete_tool_save_reminder": "Strumento rimosso. Salvare l'agente per applicare le modifiche.",
+  "com_ui_deleted": "Soppresso",
+  "com_ui_deleting": "Eliminazione...",
+  "com_ui_deleting_file": "Eliminazione del file...",
   "com_ui_descending": "Decrescente",
   "com_ui_description": "Descrizione",
   "com_ui_description_placeholder": "Opzionale: Inserisci una descrizione da mostrare per il prompt",
+  "com_ui_deselect_all": "Deselezionare tutto",
+  "com_ui_detailed": "Dettagliato",
   "com_ui_disabling": "Disattivazione...",
+  "com_ui_done": "Fatto",
   "com_ui_download": "Scarica",
   "com_ui_download_artifact": "Scarica Artefatto",
   "com_ui_download_backup": "Scarica i codici di backup",
   "com_ui_download_backup_tooltip": "Prima di continuare, scarica i tuoi codici di backup. Ti serviranno per riottenere l'accesso se perdi il tuo dispositivo di autenticazione",
   "com_ui_download_error": "Errore durante il download del file. Il file potrebbe essere stato eliminato.",
+  "com_ui_download_error_logs": "Scarica i log degli errori",
+  "com_ui_drag_drop": "Lasciate qui un file qualsiasi per aggiungerlo alla conversazione",
   "com_ui_dropdown_variables": "Variabili a tendina:",
-  "com_ui_dropdown_variables_info": "Crea menu a tendina personalizzati per i tuoi prompt: `{{nome_variabile:opzione1|opzione2|opzione3}}`",
   "com_ui_duplicate": "Duplica",
+  "com_ui_duplicate_agent": "Agente duplicato",
   "com_ui_duplication_error": "Si è verificato un errore durante la duplicazione della conversazione",
   "com_ui_duplication_processing": "Duplicazione conversazione in corso...",
   "com_ui_duplication_success": "Conversazione duplicata con successo",
   "com_ui_edit": "Modifica",
+  "com_ui_edit_editing_image": "Modifica dell'immagine",
+  "com_ui_edit_mcp_server": "Modifica del server MCP",
+  "com_ui_edit_mcp_server_dialog_description": "Identificatore univoco del server: {{serverName}}",
+  "com_ui_edit_memory": "Modifica della memoria",
+  "com_ui_edit_preset_title": "Modifica della preimpostazione - {{title}}",
+  "com_ui_edit_prompt_page": "Modifica della pagina di prompt",
+  "com_ui_editable_message": "Messaggio modificabile",
+  "com_ui_editor_instructions": "Trascinare l'immagine per riposizionarla - Usare il cursore dello zoom o i pulsanti per regolare le dimensioni",
   "com_ui_empty_category": "-",
   "com_ui_endpoint": "Endpoint",
   "com_ui_endpoint_menu": "Menu Endpoint LLM",
   "com_ui_enter": "Invio",
   "com_ui_enter_api_key": "Inserisci API Key",
+  "com_ui_enter_description": "Inserire la descrizione (facoltativa)",
+  "com_ui_enter_key": "Tasto Invio",
+  "com_ui_enter_name": "Inserire il nome",
   "com_ui_enter_openapi_schema": "Inserisci qui il tuo schema OpenAPI",
+  "com_ui_enter_value": "Inserire il valore",
   "com_ui_error": "Errore",
   "com_ui_error_connection": "Errore di connessione al server, prova ad aggiornare la pagina.",
+  "com_ui_error_message_prefix": "Messaggio di errore:",
   "com_ui_error_save_admin_settings": "Si è verificato un errore durante il salvataggio delle impostazioni amministrative.",
+  "com_ui_error_try_following_prefix": "Provare una delle seguenti soluzioni",
+  "com_ui_error_unexpected": "Ops! Si è verificato un imprevisto",
+  "com_ui_error_updating_preferences": "Errore nell'aggiornamento delle preferenze",
+  "com_ui_everyone_permission_level": "Livello di autorizzazione di tutti",
   "com_ui_examples": "Esempi",
+  "com_ui_expand": "Espandi",
   "com_ui_expand_chat": "Espandi Chat",
+  "com_ui_expand_thoughts": "Espandere i pensieri",
   "com_ui_export_convo_modal": "Esporta Conversazione",
+  "com_ui_feedback_more": "Altro...",
+  "com_ui_feedback_more_information": "Fornire un ulteriore feedback",
+  "com_ui_feedback_negative": "Necessità di miglioramento",
+  "com_ui_feedback_placeholder": "Si prega di fornire qualsiasi ulteriore feedback qui",
+  "com_ui_feedback_positive": "Adoro questo",
+  "com_ui_feedback_tag_accurate_reliable": "Preciso e affidabile",
+  "com_ui_feedback_tag_attention_to_detail": "Attenzione ai dettagli",
+  "com_ui_feedback_tag_bad_style": "Stile o tono scadente",
+  "com_ui_feedback_tag_clear_well_written": "Chiaro e ben scritto",
+  "com_ui_feedback_tag_creative_solution": "Soluzione creativa",
+  "com_ui_feedback_tag_inaccurate": "Risposta imprecisa o errata",
+  "com_ui_feedback_tag_many": "Altro problema",
+  "com_ui_feedback_tag_missing_image": "Si aspetta un'immagine",
+  "com_ui_feedback_tag_not_helpful": "Mancanza di informazioni utili",
+  "com_ui_feedback_tag_not_matched": "Non corrisponde alla mia richiesta",
+  "com_ui_feedback_tag_one": "Altro problema",
+  "com_ui_feedback_tag_other": "Altro problema",
+  "com_ui_feedback_tag_unjustified_refusal": "Rifiutato senza motivo",
+  "com_ui_field_max_length": "{{field}} deve essere inferiore a {{length}} caratteri",
   "com_ui_field_required": "Questo campo è obbligatorio",
+  "com_ui_file_input_avatar_label": "Inserimento del file per l'avatar",
+  "com_ui_file_size": "Dimensione del file",
+  "com_ui_file_token_limit": "Limite del token del file",
+  "com_ui_file_token_limit_desc": "Impostare il limite massimo di token per l'elaborazione dei file per controllare i costi e l'utilizzo delle risorse.",
+  "com_ui_files": "File",
+  "com_ui_filter_mcp_servers": "Filtrare i server MCP per nome",
   "com_ui_filter_prompts": "Filtra Prompt",
   "com_ui_filter_prompts_name": "Filtra prompt per nome",
+  "com_ui_final_touch": "Tocco finale",
   "com_ui_finance": "Finanza",
   "com_ui_fork": "Duplica",
   "com_ui_fork_all_target": "Includi tutto da/per qui",
@@ -694,15 +1000,20 @@
   "com_ui_fork_change_default": "Cambia opzione di duplicazione predefinita",
   "com_ui_fork_default": "Usa opzione di duplicazione predefinita",
   "com_ui_fork_error": "Si è verificato un errore durante la duplicazione della conversazione",
+  "com_ui_fork_error_rate_limit": "Troppe richieste di forcella. Riprovare più tardi",
   "com_ui_fork_from_message": "Seleziona un'opzione di duplicazione",
   "com_ui_fork_info_1": "Usa questa impostazione per duplicare i messaggi con il comportamento desiderato.",
   "com_ui_fork_info_2": "\"Duplicare\" si riferisce alla creazione di una nuova conversazione che inizia/termina dai messaggi specifici nella conversazione corrente, creando una copia in base alle opzioni selezionate.",
   "com_ui_fork_info_3": "Il \"messaggio di destinazione\" si riferisce al messaggio dal quale è stato aperto questo popup, oppure, se selezioni \"{{0}}\", all'ultimo messaggio della conversazione.",
   "com_ui_fork_info_branches": "Questa opzione duplica i messaggi visibili, insieme ai rami correlati; in altre parole, il percorso diretto al messaggio di destinazione, inclusi i rami lungo il percorso.",
+  "com_ui_fork_info_button_label": "Visualizza le informazioni sulle conversazioni a bivio",
   "com_ui_fork_info_remember": "Seleziona questa opzione per ricordare le opzioni selezionate per un futuro utilizzo, rendendo più veloce la duplicazione delle conversazioni come preferito.",
   "com_ui_fork_info_start": "Se selezionato, la duplicazione partirà da questo messaggio fino all'ultimo messaggio della conversazione, in base al comportamento selezionato sopra.",
   "com_ui_fork_info_target": "Questa opzione duplica tutti i messaggi che portano al messaggio di destinazione, inclusi i suoi vicini; in altre parole, sono inclusi tutti i rami di messaggi, sia che siano visibili o meno o lungo lo stesso percorso.",
   "com_ui_fork_info_visible": "Questa opzione duplica solo i messaggi visibili; in altre parole, il percorso diretto al messaggio di destinazione, senza alcun ramo.",
+  "com_ui_fork_more_details_about": "Visualizza ulteriori informazioni e dettagli su \"{{0}}Opzione \"forcella",
+  "com_ui_fork_more_info_options": "Visualizzate una spiegazione dettagliata di tutte le opzioni della forcella e dei loro comportamenti.",
+  "com_ui_fork_open_menu": "Menu Open Fork",
   "com_ui_fork_processing": "Duplicazione conversazione in corso...",
   "com_ui_fork_remember": "Ricorda",
   "com_ui_fork_remember_checked": "La tua selezione verrà ricordata dopo l'utilizzo. Puoi cambiarla in qualsiasi momento nelle impostazioni.",
@@ -712,65 +1023,220 @@
   "com_ui_fork_visible": "Solo messaggi visibili",
   "com_ui_generate_qrcode": "Genera codice QR",
   "com_ui_generating": "Generazione in corso...",
+  "com_ui_generation_settings": "Impostazioni di generazione",
+  "com_ui_getting_started": "Come iniziare",
+  "com_ui_global_group": "Qui ci vuole qualcosa. era vuoto",
   "com_ui_go_back": "Torna indietro",
   "com_ui_go_to_conversation": "Vai alla conversazione",
   "com_ui_good_afternoon": "Buon pomeriggio",
   "com_ui_good_evening": "Buonasera",
   "com_ui_good_morning": "Buongiorno",
+  "com_ui_group": "Gruppo",
+  "com_ui_handoff_instructions": "Istruzioni per il passaggio di consegne",
   "com_ui_happy_birthday": "È il mio 1° compleanno!",
+  "com_ui_header_format": "Formato dell'intestazione",
+  "com_ui_hide": "Nascondere",
+  "com_ui_hide_code": "Nascondi Codice",
+  "com_ui_hide_image_details": "Nascondi dettagli immagine",
+  "com_ui_hide_password": "Nascondere la password",
   "com_ui_hide_qr": "Nascondi codice QR",
+  "com_ui_high": "Alto",
   "com_ui_host": "Host",
+  "com_ui_icon": "Icona",
   "com_ui_idea": "Idee",
+  "com_ui_image_created": "Immagine creata",
+  "com_ui_image_details": "Dettagli immagine",
+  "com_ui_image_edited": "Immagine modificata",
   "com_ui_image_gen": "Generazione immagine",
   "com_ui_import": "Importa",
   "com_ui_import_conversation_error": "Si è verificato un errore durante l'importazione delle conversazioni",
   "com_ui_import_conversation_file_type_error": "Tipo di importazione non supportato",
   "com_ui_import_conversation_info": "Importa conversazioni da un file JSON",
   "com_ui_import_conversation_success": "Conversazioni importate con successo",
+  "com_ui_import_conversation_upload_error": "Errore nel caricamento del file. Riprovare.",
+  "com_ui_importing": "Importazione",
   "com_ui_include_shadcnui": "Includi istruzioni per i componenti shadcn/ui",
+  "com_ui_initializing": "Inizializzazione...",
   "com_ui_input": "Input",
   "com_ui_instructions": "Istruzioni",
+  "com_ui_key": "Chiave",
+  "com_ui_key_required": "È richiesta la chiave API",
+  "com_ui_last_used": "Ultimo utilizzo",
   "com_ui_late_night": "Buona tarda serata",
   "com_ui_latest_footer": "L'intelligenza artificiale per tutti.",
-  "com_ui_latest_production_version": "Ultima versione in produzione",
   "com_ui_latest_version": "Ultima versione",
+  "com_ui_leave_blank_to_keep": "Lasciare in bianco per mantenere l'esistente",
   "com_ui_librechat_code_api_key": "Ottieni la tua chiave API per l'Interprete di Codice LibreChat",
   "com_ui_librechat_code_api_subtitle": "Sicuro. Multilingue. Gestione File.",
   "com_ui_librechat_code_api_title": "Esegui Codice AI",
+  "com_ui_light_theme_enabled": "Tema luminoso abilitato",
+  "com_ui_link_copied": "Link copiato",
+  "com_ui_link_refreshed": "Link aggiornato",
   "com_ui_loading": "Caricamento...",
   "com_ui_locked": "Bloccato",
   "com_ui_logo": "{{0}} Logo",
+  "com_ui_low": "Basso",
   "com_ui_manage": "Gestisci",
+  "com_ui_marketplace": "Mercato",
+  "com_ui_marketplace_allow_use": "Consentire l'utilizzo di Marketplace",
+  "com_ui_max": "Massimo",
+  "com_ui_max_favorites_reached": "Raggiunto il numero massimo di elementi appuntati ({{0}}). Scollate un elemento per aggiungerne altri.",
+  "com_ui_max_file_size": "PNG, JPG o JPEG (max. {{0}})",
   "com_ui_max_tags": "Il numero massimo consentito è {{0}}, verranno utilizzati gli ultimi valori.",
+  "com_ui_mcp_authenticated_success": "Server MCP '{{0}}' Autenticato con successo",
+  "com_ui_mcp_click_to_defer": "Fare clic per rinviare: lo strumento sarà individuabile tramite la ricerca, ma non verrà caricato fino a quando non sarà necessario.",
+  "com_ui_mcp_click_to_programmatic": "Abilita la chiamata programmatica: lo strumento può essere invocato solo tramite l'esecuzione di codice.",
+  "com_ui_mcp_configure_server": "Configurare {{0}}",
+  "com_ui_mcp_configure_server_description": "Configurare le variabili personalizzate per {{0}}",
+  "com_ui_mcp_defer": "Rinviare",
+  "com_ui_mcp_defer_all": "Rinviare tutti gli strumenti",
+  "com_ui_mcp_defer_loading": "Rinviare il caricamento",
+  "com_ui_mcp_dialog_title": "Configurare le variabili per {{serverName}}. Stato del server: {{status}}",
+  "com_ui_mcp_domain_not_allowed": "Il dominio del server MCP non è presente nell'elenco dei domini consentiti. Contattare l'amministratore.",
+  "com_ui_mcp_enter_var": "Inserire il valore per {{0}}",
+  "com_ui_mcp_init_failed": "Impossibile inizializzare il server MCP",
+  "com_ui_mcp_initialize": "Inizializza",
+  "com_ui_mcp_initialized_success": "Server MCP '{{0}}' inizializzato con successo",
+  "com_ui_mcp_invalid_url": "Inserire un URL valido",
+  "com_ui_mcp_no_description": "Nessuna descrizione disponibile",
+  "com_ui_mcp_oauth_cancelled": "Accesso OAuth annullato per {{0}}",
+  "com_ui_mcp_oauth_timeout": "Il login OAuth è scaduto per {{0}}",
+  "com_ui_mcp_programmatic": "Programmatico",
+  "com_ui_mcp_programmatic_all": "Contrassegnare tutti come programmatici",
+  "com_ui_mcp_server": "Server MCP",
+  "com_ui_mcp_server_connection_failed": "Il tentativo di connessione al server MCP fornito non è riuscito. Assicurarsi che l'URL, il tipo di server e qualsiasi configurazione di autenticazione siano corretti, quindi riprovare. Assicurarsi inoltre che l'URL sia raggiungibile.",
+  "com_ui_mcp_server_created": "Server MCP creato con successo",
+  "com_ui_mcp_server_delete_confirm": "Siete sicuri di voler eliminare questo server MCP?",
+  "com_ui_mcp_server_deleted": "Server MCP cancellato con successo",
+  "com_ui_mcp_server_role_editor": "Editor del server MCP",
+  "com_ui_mcp_server_role_editor_desc": "Può visualizzare, utilizzare e modificare i server MCP",
+  "com_ui_mcp_server_role_owner": "Proprietario del server MCP",
+  "com_ui_mcp_server_role_owner_desc": "Controllo completo dei server MCP",
+  "com_ui_mcp_server_role_viewer": "Visualizzatore di server MCP",
+  "com_ui_mcp_server_role_viewer_desc": "Può visualizzare e utilizzare i server MCP",
+  "com_ui_mcp_server_updated": "Server MCP aggiornato con successo",
+  "com_ui_mcp_server_url_placeholder": "https://mcp.example.com",
+  "com_ui_mcp_servers": "Server MCP",
+  "com_ui_mcp_servers_allow_create": "Consentire agli utenti di creare server MCP",
+  "com_ui_mcp_servers_allow_share": "Consentire agli utenti di condividere i server MCP",
+  "com_ui_mcp_servers_allow_share_public": "Consentire agli utenti di condividere pubblicamente i server MCP",
+  "com_ui_mcp_servers_allow_use": "Consentire agli utenti di utilizzare i server MCP",
+  "com_ui_mcp_title_invalid": "Il titolo può contenere solo lettere, numeri e spazi.",
+  "com_ui_mcp_tool_options": "Opzioni dello strumento",
+  "com_ui_mcp_transport": "Trasporto",
+  "com_ui_mcp_type_sse": "SSE",
+  "com_ui_mcp_type_streamable_http": "HTTPS in streaming",
+  "com_ui_mcp_undefer": "Undefer",
+  "com_ui_mcp_undefer_all": "Disattivare tutti gli strumenti",
+  "com_ui_mcp_unprogrammatic_all": "Non contrassegnare tutti come programmatici",
+  "com_ui_mcp_update_var": "Aggiornamento {{0}}",
+  "com_ui_mcp_url": "URL del server MCP",
+  "com_ui_medium": "Medio",
+  "com_ui_memories": "I ricordi",
+  "com_ui_memories_allow_create": "Consentire la creazione di ricordi",
+  "com_ui_memories_allow_opt_out": "Consentire agli utenti di rinunciare alle memorie",
+  "com_ui_memories_allow_read": "Consentire la lettura di Memorie",
+  "com_ui_memories_allow_update": "Consentire l'aggiornamento dei ricordi",
+  "com_ui_memories_allow_use": "Consentire l'utilizzo di Memorie",
+  "com_ui_memories_filter": "Filtrare i ricordi...",
+  "com_ui_memory": "Memoria",
+  "com_ui_memory_already_exceeded": "Memoria già piena - superata da {{tokens}} gettoni. Cancellare le memorie esistenti prima di aggiungerne di nuove.",
+  "com_ui_memory_created": "Memoria creata con successo",
+  "com_ui_memory_deleted": "Memoria cancellata",
+  "com_ui_memory_deleted_items": "Ricordi cancellati",
+  "com_ui_memory_error": "Errore di memoria",
+  "com_ui_memory_key_exists": "Una memoria con questa chiave esiste già. Si prega di utilizzare una chiave diversa.",
+  "com_ui_memory_key_hint": "Utilizzare solo lettere minuscole e trattini bassi",
+  "com_ui_memory_key_validation": "La chiave di memoria deve contenere solo lettere minuscole e caratteri di sottolineatura.",
+  "com_ui_memory_storage_full": "Memoria piena",
+  "com_ui_memory_updated": "Memoria salvata aggiornata",
+  "com_ui_memory_updated_items": "Memorie aggiornate",
+  "com_ui_memory_would_exceed": "Impossibile salvare: supererebbe il limite di {{tokens}} gettoni. Cancellare le memorie esistenti per fare spazio.",
   "com_ui_mention": "Menziona un endpoint, assistente o preset per passare rapidamente ad esso",
+  "com_ui_mermaid": "sirena",
+  "com_ui_mermaid_failed": "Impossibile eseguire il rendering del diagramma:",
+  "com_ui_mermaid_source": "Codice sorgente:",
+  "com_ui_message_input": "Inserimento del messaggio",
+  "com_ui_microphone_unavailable": "Il microfono non è disponibile",
   "com_ui_min_tags": "Impossibile rimuovere altri valori, è richiesto un minimo di {{0}}.",
+  "com_ui_minimal": "Minimo",
   "com_ui_misc": "Varie",
   "com_ui_model": "Modello",
   "com_ui_model_parameters": "Parametri del Modello",
+  "com_ui_model_parameters_reset": "I parametri del modello sono stati reimpostati.",
+  "com_ui_model_selected": "{{0}} selezionato",
   "com_ui_more_info": "Maggiori informazioni",
   "com_ui_my_prompts": "I miei prompt",
   "com_ui_name": "Nome",
+  "com_ui_name_sort": "Ordina per nome",
   "com_ui_new": "Nuovo",
   "com_ui_new_chat": "Nuova chat",
+  "com_ui_new_conversation_title": "Titolo della nuova conversazione",
   "com_ui_next": "Succ",
   "com_ui_no": "No",
+  "com_ui_no_api_keys": "Non ci sono ancora chiavi API. Createne una per iniziare.",
+  "com_ui_no_auth": "Nessuna autorizzazione",
   "com_ui_no_bookmarks": "Sembra che tu non abbia ancora segnalibri. Clicca su una chat e aggiungine uno nuovo",
+  "com_ui_no_bookmarks_match": "Nessun segnalibro corrispondente alla ricerca",
+  "com_ui_no_bookmarks_title": "Non ci sono ancora segnalibri",
+  "com_ui_no_categories": "Nessuna categoria disponibile",
   "com_ui_no_category": "Nessuna categoria",
+  "com_ui_no_changes": "Non sono state apportate modifiche",
+  "com_ui_no_individual_access": "Nessun utente o gruppo ha accesso a questo agente.",
+  "com_ui_no_mcp_servers": "Ancora nessun server MCP",
+  "com_ui_no_mcp_servers_match": "Nessun server MCP corrisponde al filtro",
+  "com_ui_no_memories": "Nessun ricordo. Crearli manualmente o chiedere all'IA di ricordare qualcosa.",
+  "com_ui_no_memories_match": "Nessun ricordo corrisponde alla tua ricerca",
+  "com_ui_no_memories_title": "Non ci sono ancora ricordi",
+  "com_ui_no_personalization_available": "Al momento non sono disponibili opzioni di personalizzazione",
+  "com_ui_no_prompts_title": "Non ci sono ancora suggerimenti",
+  "com_ui_no_read_access": "Non hai il permesso di visualizzare i ricordi",
+  "com_ui_no_results_found": "Nessun risultato trovato",
   "com_ui_no_terms_content": "Nessun contenuto dei termini d'uso da visualizzare",
   "com_ui_none": "Nessuno",
   "com_ui_not_used": "Non utilizzato",
   "com_ui_nothing_found": "Non è stato trovato nulla",
   "com_ui_oauth": "Autenticazione OAuth",
+  "com_ui_oauth_connected_to": "Collegato a",
+  "com_ui_oauth_error_callback_failed": "Richiamo di autenticazione non riuscito. Riprovare.",
+  "com_ui_oauth_error_generic": "Autenticazione fallita. Riprovare.",
+  "com_ui_oauth_error_invalid_state": "Parametro di stato non valido. Riprovare.",
+  "com_ui_oauth_error_missing_code": "Manca il codice di autorizzazione. Si prega di riprovare.",
+  "com_ui_oauth_error_missing_state": "Manca il parametro Stato. Riprovare.",
+  "com_ui_oauth_error_title": "Autenticazione fallita",
+  "com_ui_oauth_success_description": "L'autenticazione è avvenuta con successo. Questa finestra si chiuderà in",
+  "com_ui_oauth_success_title": "Autenticazione riuscita",
   "com_ui_of": "di",
   "com_ui_off": "Disattivo",
+  "com_ui_offline": "Non in linea",
   "com_ui_on": "Attivo",
+  "com_ui_open_archived_chat_new_tab_title": "{{title}} (si apre in una nuova scheda)",
+  "com_ui_open_source_chat_new_tab": "Chat Open Source in una nuova scheda",
+  "com_ui_open_source_chat_new_tab_title": "Chat open source in una nuova scheda {{title}}",
+  "com_ui_open_var": "Aperto {{0}}",
   "com_ui_openai": "OpenAI",
+  "com_ui_optional": "(opzionale)",
   "com_ui_page": "Pagina",
+  "com_ui_people": "persone",
+  "com_ui_people_picker": "Picker per le persone",
+  "com_ui_people_picker_allow_view_groups": "Consentire la visualizzazione di gruppi",
+  "com_ui_people_picker_allow_view_roles": "Consentire la visualizzazione dei ruoli",
+  "com_ui_people_picker_allow_view_users": "Consentire la visualizzazione degli utenti",
+  "com_ui_permissions_failed_load": "Impossibile caricare le autorizzazioni. Riprova.",
+  "com_ui_permissions_failed_update": "Non è stato possibile aggiornare le autorizzazioni. Riprovare.",
+  "com_ui_permissions_updated_success": "Autorizzazioni aggiornate con successo",
+  "com_ui_pin": "Spillo",
+  "com_ui_preferences_updated": "Le preferenze sono state aggiornate con successo",
   "com_ui_prev": "Prec",
   "com_ui_preview": "Anteprima",
   "com_ui_privacy_policy": "Informativa sulla privacy",
   "com_ui_privacy_policy_url": "URL Informativa Privacy",
   "com_ui_prompt": "Prompt",
+  "com_ui_prompt_group_button": "{{name}} richiesta, {{category}} categoria",
+  "com_ui_prompt_group_button_no_category": "{{name}} tempestivamente",
+  "com_ui_prompt_groups": "Elenco dei gruppi di prompt",
+  "com_ui_prompt_input": "Prompt di input",
+  "com_ui_prompt_input_field": "Campo di immissione del testo del prompt",
   "com_ui_prompt_name": "Nome del prompt",
   "com_ui_prompt_name_required": "Il nome del prompt è obbligatorio",
   "com_ui_prompt_preview_not_shared": "L'autore non ha consentito la collaborazione per questo prompt.",
@@ -779,108 +1245,261 @@
   "com_ui_prompt_update_error": "Si è verificato un errore durante l'aggiornamento del prompt",
   "com_ui_prompts": "Prompt",
   "com_ui_prompts_allow_create": "Consenti creazione Prompt",
+  "com_ui_prompts_allow_share": "Consentire la condivisione dei prompt",
+  "com_ui_prompts_allow_share_public": "Consentire la condivisione dei prompt pubblicamente",
   "com_ui_prompts_allow_use": "Consenti uso dei prompt",
   "com_ui_provider": "Fornitore",
+  "com_ui_quality": "Qualità",
   "com_ui_read_aloud": "Leggi ad alta voce",
+  "com_ui_redirect_uri": "Reindirizzamento URI",
+  "com_ui_redirect_uri_instructions": "Copia questo URI di reindirizzamento e configuralo nelle impostazioni del tuo provider OAuth.",
   "com_ui_redirecting_to_provider": "Reindirizzamento a {{0}}, attendere prego...",
+  "com_ui_reference_saved_memories": "Riferimento alle memorie salvate",
+  "com_ui_reference_saved_memories_description": "Consenti all'assistente di fare riferimento e utilizzare i tuoi ricordi salvati quando rispondi",
+  "com_ui_refresh": "Aggiornare",
   "com_ui_refresh_link": "Aggiorna link",
+  "com_ui_refresh_page": "Aggiorna la pagina",
   "com_ui_regenerate": "Rigenera",
   "com_ui_regenerate_backup": "Rigenera i codici di backup",
   "com_ui_regenerating": "Rigenerazione...",
   "com_ui_region": "Regione",
+  "com_ui_reinitialize": "Reinizializzare",
+  "com_ui_remote_access": "Accesso remoto",
+  "com_ui_remote_agent_role_editor": "Redattore",
+  "com_ui_remote_agent_role_editor_desc": "Possibilità di visualizzare e modificare l'agente tramite API",
+  "com_ui_remote_agent_role_owner": "Proprietario API",
+  "com_ui_remote_agent_role_owner_desc": "Accesso completo all'API e possibilità di concedere l'accesso remoto ad altri.",
+  "com_ui_remote_agent_role_viewer": "Visualizzatore API",
+  "com_ui_remote_agent_role_viewer_desc": "Può interrogare l'agente tramite API",
+  "com_ui_remote_agents": "Agenti remoti (API)",
+  "com_ui_remote_agents_allow_create": "Consentire agli utenti di creare agenti tramite API",
+  "com_ui_remote_agents_allow_share": "Consentire agli utenti di concedere l'accesso API agli agenti ad altri utenti.",
+  "com_ui_remote_agents_allow_share_public": "Consentire agli utenti di concedere l'accesso API agli agenti a tutti gli utenti",
+  "com_ui_remote_agents_allow_use": "Consentire agli utenti di creare chiavi API e interrogare gli agenti da remoto.",
+  "com_ui_remove_agent_from_chain": "Rimuovere {{0}} dalla catena",
+  "com_ui_remove_user": "Rimuovere {{0}}",
   "com_ui_rename": "Rinomina",
+  "com_ui_rename_conversation": "Rinominare la conversazione",
+  "com_ui_rename_failed": "Impossibile rinominare la conversazione",
   "com_ui_rename_prompt": "Rinomina Prompt",
+  "com_ui_rename_prompt_name": "Rinominare il prompt - {{name}}",
   "com_ui_requires_auth": "Richiede autenticazione",
+  "com_ui_reset": "Reset",
+  "com_ui_reset_adjustments": "Regolazioni di reset",
   "com_ui_reset_var": "Reimposta {{0}}",
+  "com_ui_reset_zoom": "Azzeramento dello zoom",
+  "com_ui_resource": "risorsa",
+  "com_ui_response": "Risposta",
   "com_ui_result": "Risultato",
+  "com_ui_result_found": "{{count}} risultato trovato",
+  "com_ui_results_found": "{{count}} risultati trovati",
+  "com_ui_retry": "Riprova",
   "com_ui_revoke": "Revoca",
   "com_ui_revoke_info": "Revoca tutte le credenziali fornite dall'utente",
   "com_ui_revoke_key_confirm": "Sei sicuro di voler revocare questa chiave?",
   "com_ui_revoke_key_endpoint": "Revoca Chiave per {{0}}",
+  "com_ui_revoke_key_error": "Impossibile revocare la chiave API. Riprovare.",
+  "com_ui_revoke_key_success": "Chiave API revocata con successo",
   "com_ui_revoke_keys": "Revoca Chiavi",
   "com_ui_revoke_keys_confirm": "Sei sicuro di voler revocare tutte le chiavi?",
+  "com_ui_role": "Ruolo",
+  "com_ui_role_editor": "Editore",
+  "com_ui_role_editor_desc": "Può visualizzare e modificare l'agente",
+  "com_ui_role_manager": "Manager",
+  "com_ui_role_manager_desc": "Può visualizzare, modificare ed eliminare l'agente",
+  "com_ui_role_owner": "Proprietario",
+  "com_ui_role_owner_desc": "Ha il pieno controllo dell'agente, compresa la sua condivisione",
   "com_ui_role_select": "Ruolo",
+  "com_ui_role_viewer": "Visualizzatore",
+  "com_ui_role_viewer_desc": "Può visualizzare e utilizzare l'agente, ma non può modificarlo.",
   "com_ui_roleplay": "Gioco di ruolo",
+  "com_ui_rotate": "Ruotare",
+  "com_ui_rotate_90": "Ruota di 90 gradi",
   "com_ui_run_code": "Esegui Codice",
   "com_ui_run_code_error": "Si è verificato un errore durante l'esecuzione del codice",
   "com_ui_save": "Salva",
   "com_ui_save_badge_changes": "Salvare le modifiche ai badge?",
+  "com_ui_save_changes": "Salva le modifiche",
+  "com_ui_save_key_error": "Impossibile salvare la chiave API. Riprova.",
+  "com_ui_save_key_success": "Chiave API salvata con successo",
   "com_ui_save_submit": "Salva e Invia",
   "com_ui_saved": "Salvata!",
+  "com_ui_saving": "Risparmio...",
   "com_ui_schema": "Schema",
   "com_ui_scope": "Ambito",
   "com_ui_search": "Cerca",
+  "com_ui_search_above_to_add": "Cercare sopra per aggiungere utenti o gruppi",
+  "com_ui_search_above_to_add_all": "Ricerca in alto per aggiungere utenti, gruppi o ruoli",
+  "com_ui_search_above_to_add_people": "Cerca sopra per aggiungere persone",
+  "com_ui_search_agent_category": "Ricerca per categorie...",
+  "com_ui_search_default_placeholder": "Ricerca per nome o e-mail (minimo 2 caratteri)",
+  "com_ui_search_people_placeholder": "Ricerca di persone o gruppi per nome o e-mail",
+  "com_ui_seconds": "secondi",
   "com_ui_secret_key": "Chiave segreta",
   "com_ui_select": "Seleziona",
+  "com_ui_select_agent": "Selezionare l'agente",
+  "com_ui_select_all": "Seleziona tutto",
   "com_ui_select_file": "Seleziona un file",
   "com_ui_select_model": "Seleziona un modello",
+  "com_ui_select_options": "Selezionare le opzioni...",
+  "com_ui_select_or_create_prompt": "Selezionare o creare un prompt",
   "com_ui_select_provider": "Seleziona un provider",
   "com_ui_select_provider_first": "Seleziona prima un provider",
   "com_ui_select_region": "Seleziona una regione",
+  "com_ui_select_row": "Selezionare la riga",
   "com_ui_select_search_model": "Cerca modello per nome",
   "com_ui_select_search_provider": "Cerca provider per nome",
   "com_ui_select_search_region": "Cerca regione per nome",
+  "com_ui_set": "Set",
   "com_ui_share": "Condividi",
   "com_ui_share_create_message": "Il tuo nome e qualsiasi messaggio aggiunto dopo la condivisione rimarranno privati.",
   "com_ui_share_delete_error": "Si è verificato un errore durante l'eliminazione del link condiviso.",
   "com_ui_share_error": "Si è verificato un errore durante la condivisione del link della chat",
+  "com_ui_share_everyone": "Condividere con tutti",
+  "com_ui_share_everyone_description_var": "Questo {{resource}} sarà disponibile a tutti. Assicurati che il {{resource}} è pensato per essere condiviso con tutti. Fai attenzione ai tuoi dati.",
   "com_ui_share_link_to_chat": "Condividi link a chat",
+  "com_ui_share_qr_code_description": "Codice QR per condividere questo link di conversazione",
   "com_ui_share_update_message": "Il tuo nome, istruzioni personalizzate e qualsiasi messaggio aggiunto dopo la condivisione rimarranno privati.",
   "com_ui_share_var": "Condividi {{0}}",
   "com_ui_shared_link_delete_success": "Link condiviso eliminato con successo",
   "com_ui_shared_link_not_found": "Link condiviso non trovato",
   "com_ui_shared_prompts": "Prompt condivisi",
   "com_ui_shop": "Shopping",
+  "com_ui_show": "Mostra",
   "com_ui_show_all": "Mostra Tutto",
+  "com_ui_show_code": "Mostra il codice",
+  "com_ui_show_image_details": "Mostra dettagli immagine",
+  "com_ui_show_password": "Mostra password",
   "com_ui_show_qr": "Mostra codice QR",
   "com_ui_sign_in_to_domain": "Accedi a {{0}}",
   "com_ui_simple": "Semplice",
   "com_ui_size": "Dimensione",
+  "com_ui_size_sort": "Ordina per dimensione",
+  "com_ui_special_var_current_date": "Data attuale",
+  "com_ui_special_var_current_datetime": "Data e ora corrente",
+  "com_ui_special_var_current_user": "Utente corrente",
+  "com_ui_special_var_iso_datetime": "Ora solare UTC ISO",
+  "com_ui_special_variable_added": "{{0}} aggiunta di una variabile speciale.",
   "com_ui_special_variables": "Variabili speciali:",
+  "com_ui_speech_not_supported": "Il tuo browser non supporta il riconoscimento vocale",
+  "com_ui_speech_not_supported_use_external": "Il browser non supporta il riconoscimento vocale. Provare a passare a STT esterno in Impostazioni > Parlato.",
   "com_ui_speech_while_submitting": "Impossibile inviare il messaggio mentre è in corso la generazione di una risposta",
+  "com_ui_sr_global_prompt": "Gruppo di richiesta globale",
+  "com_ui_stack_trace": "Traccia dello stack",
+  "com_ui_status_prefix": "Stato:",
   "com_ui_stop": "Ferma",
   "com_ui_storage": "Archiviazione",
+  "com_ui_storage_filter_sort": "Filtrare e ordinare per stoccaggio",
   "com_ui_submit": "Invia",
+  "com_ui_support_contact": "Contatto di supporto",
+  "com_ui_support_contact_email": "Email",
+  "com_ui_support_contact_email_invalid": "Inserire un indirizzo e-mail valido",
+  "com_ui_support_contact_email_placeholder": "support@example.com",
+  "com_ui_support_contact_name": "Nome",
+  "com_ui_support_contact_name_min_length": "Il nome deve essere almeno {{minLength}} caratteri",
+  "com_ui_support_contact_name_placeholder": "Nome del contatto di supporto",
   "com_ui_teach_or_explain": "Istruzione",
   "com_ui_temporary": "Chat temporanea",
   "com_ui_terms_and_conditions": "Termini d'uso",
   "com_ui_terms_of_service": "Termini di servizio",
   "com_ui_thinking": "Pensando...",
   "com_ui_thoughts": "Pensieri",
+  "com_ui_toggle_theme": "Toggle theme",
+  "com_ui_token": "gettone",
   "com_ui_token_exchange_method": "Metodo di scambio token",
   "com_ui_token_url": "URL del token",
+  "com_ui_tokens": "gettoni",
+  "com_ui_tool_collection_prefix": "Una raccolta di strumenti da",
+  "com_ui_tool_list_collapse": "Crollo {{serverName}} elenco degli strumenti",
+  "com_ui_tool_list_expand": "Espandi {{serverName}} elenco degli strumenti",
   "com_ui_tools": "Strumenti",
+  "com_ui_tools_and_actions": "Strumenti e azioni",
+  "com_ui_transferred_to": "Trasferito a",
   "com_ui_travel": "Viaggio",
+  "com_ui_trust_app": "Mi fido di questa applicazione",
+  "com_ui_try_adjusting_search": "Provate a modificare i termini di ricerca",
+  "com_ui_ui_resource_error": "Errore di risorsa dell'interfaccia utente ({{0}})",
+  "com_ui_ui_resource_not_found": "Risorsa UI non trovata (indice: {{0}})",
   "com_ui_unarchive": "Disarchivia",
+  "com_ui_unarchive_conversation": "Decomprimi conversazione",
   "com_ui_unarchive_error": "Impossibile disarchiviare la conversazione",
+  "com_ui_unavailable": "Non disponibile",
   "com_ui_unknown": "Sconosciuto",
+  "com_ui_unpin": "Spillare",
+  "com_ui_unset": "Non impostato",
+  "com_ui_untitled": "Senza titolo",
   "com_ui_update": "Aggiorna",
+  "com_ui_update_mcp_server": "Aggiorna il server MCP",
+  "com_ui_updating": "Aggiornamento...",
   "com_ui_upload": "Carica",
+  "com_ui_upload_agent_avatar": "Aggiornato con successo l'avatar dell'agente",
+  "com_ui_upload_agent_avatar_label": "Carica l'immagine avatar dell'agente",
+  "com_ui_upload_avatar_label": "Caricare l'immagine dell'avatar",
   "com_ui_upload_code_files": "Carica per l'Interprete di Codice",
   "com_ui_upload_delay": "Il caricamento di \"{{0}}\" sta richiedendo più tempo del previsto. Attendi il completamento dell'indicizzazione per il recupero.",
   "com_ui_upload_error": "Si è verificato un errore durante il caricamento del file",
   "com_ui_upload_file_context": "Carica contesto file",
   "com_ui_upload_file_search": "Carica per ricerca file",
   "com_ui_upload_files": "Carica file",
+  "com_ui_upload_icon": "Caricare l'immagine dell'icona",
   "com_ui_upload_image": "Carica un'immagine",
   "com_ui_upload_image_input": "Carica immagine",
   "com_ui_upload_invalid": "File non valido per il caricamento. Deve essere un'immagine che non supera il limite",
   "com_ui_upload_invalid_var": "File non valido per il caricamento. Deve essere un'immagine non superiore a {{0}} MB",
   "com_ui_upload_ocr_text": "Carica come testo",
+  "com_ui_upload_provider": "Carica sul provider",
   "com_ui_upload_success": "File caricato con successo",
   "com_ui_upload_type": "Seleziona Tipo di Caricamento",
+  "com_ui_usage": "Utilizzo",
   "com_ui_use_2fa_code": "Usa invece il codice 2FA",
   "com_ui_use_backup_code": "Usa invece il codice di backup",
+  "com_ui_use_memory": "Usa la memoria",
   "com_ui_use_micrphone": "Usa microfono",
   "com_ui_used": "Usato",
+  "com_ui_user": "Utente",
+  "com_ui_user_group_permissions": "Autorizzazioni per utenti e gruppi",
+  "com_ui_user_provides_key": "Ogni utente fornisce la propria chiave",
+  "com_ui_value": "Valore",
   "com_ui_variables": "Variabili",
-  "com_ui_variables_info": "Usa le doppie parentesi graffe nel testo per creare variabili, ad esempio `{{variabile esempio}}`, da compilare successivamente quando utilizzi il prompt.",
   "com_ui_verify": "Verifica",
   "com_ui_version_var": "Versione {{0}}",
   "com_ui_versions": "Versioni",
+  "com_ui_view_memory": "Visualizza memoria",
+  "com_ui_web_search": "Ricerca sul Web",
+  "com_ui_web_search_cohere_key": "Inserire la chiave API di Cohere",
+  "com_ui_web_search_firecrawl_url": "URL API Firecrawl (facoltativo)",
+  "com_ui_web_search_jina_key": "Inserire la chiave API di Jina",
+  "com_ui_web_search_jina_url": "URL API Jina (facoltativo)",
+  "com_ui_web_search_processing": "Risultati dell'elaborazione",
+  "com_ui_web_search_provider": "Provider di ricerca",
+  "com_ui_web_search_provider_searxng": "SearXNG",
+  "com_ui_web_search_provider_serper": "API Serper",
+  "com_ui_web_search_provider_serper_key": "Ottenere la chiave API di Serper",
+  "com_ui_web_search_reading": "Risultati della lettura",
+  "com_ui_web_search_reranker": "Reranker",
+  "com_ui_web_search_reranker_cohere": "Cohere",
+  "com_ui_web_search_reranker_cohere_key": "Ottenere la chiave API di Cohere",
+  "com_ui_web_search_reranker_jina": "Jina AI",
+  "com_ui_web_search_reranker_jina_key": "Ottenere la chiave API di Jina",
+  "com_ui_web_search_reranker_jina_url_help": "Informazioni su Jina Rerank API",
+  "com_ui_web_search_scraper": "Raschietto",
+  "com_ui_web_search_scraper_firecrawl": "API Firecrawl",
+  "com_ui_web_search_scraper_firecrawl_key": "Ottieni la tua chiave API Firecrawl",
+  "com_ui_web_search_scraper_serper": "API di raschiamento Serper",
+  "com_ui_web_search_scraper_serper_key": "Ottenere la chiave API di Serper",
+  "com_ui_web_search_searxng_api_key": "Inserire la chiave API di SearXNG (facoltativa)",
+  "com_ui_web_search_searxng_instance_url": "URL dell'istanza SearXNG",
+  "com_ui_web_searching": "Ricerca sul web",
+  "com_ui_web_searching_again": "Cercare di nuovo sul web",
   "com_ui_weekend_morning": "Buon fine settimana",
   "com_ui_write": "Scrittura",
+  "com_ui_x_selected": "{{0}} selezionato",
+  "com_ui_xhigh": "Extra alto",
   "com_ui_yes": "Sì",
+  "com_ui_your_api_key": "La vostra chiave API",
   "com_ui_zoom": "Zoom",
+  "com_ui_zoom_in": "Ingrandisci",
+  "com_ui_zoom_level": "Livello di zoom",
+  "com_ui_zoom_out": "Zoom out",
   "com_user_message": "Mostra nome utente nei messaggi"
 }
diff --git a/client/src/locales/ja/translation.json b/client/src/locales/ja/translation.json
index dc2c0d544a..c5636ead80 100644
--- a/client/src/locales/ja/translation.json
+++ b/client/src/locales/ja/translation.json
@@ -3,6 +3,7 @@
   "chat_direction_right_to_left": "右から左へ",
   "com_a11y_ai_composing": "AIはまだ作成中です。",
   "com_a11y_end": "AIは返信を完了しました。",
+  "com_a11y_selected": "選択済み",
   "com_a11y_start": "AIが返信を開始しました。",
   "com_agents_agent_card_label": "{{name}} エージェント。 {{description}}",
   "com_agents_all": "すべてのエージェント",
@@ -99,7 +100,6 @@
   "com_agents_start_chat": "チャット開始",
   "com_agents_top_picks": "おすすめ",
   "com_agents_update_error": "エージェントの更新中にエラーが発生しました。",
-  "com_assistants_action_attempt": "アシスタントは{{0}}と話したいです",
   "com_assistants_actions": "アクション",
   "com_assistants_actions_disabled": "アクションを追加する前にアシスタントを作成する必要があります。",
   "com_assistants_actions_info": "アシスタントが API を介して情報を取得したり、アクションを実行したりできるようにします's",
@@ -109,7 +109,6 @@
   "com_assistants_allow_sites_you_trust": "信頼できるサイトのみ許可する。",
   "com_assistants_append_date": "現在の日付と時刻を追加",
   "com_assistants_append_date_tooltip": "有効にすると、現在のクライアントの日付と時刻がアシスタントのシステム指示に追加されます。",
-  "com_assistants_attempt_info": "アシスタントは次のものを送信したいと考えています:",
   "com_assistants_available_actions": "利用可能なアクション",
   "com_assistants_capabilities": "機能",
   "com_assistants_code_interpreter": "コードインタプリタ",
@@ -124,7 +123,6 @@
   "com_assistants_delete_actions_error": "アクションの削除中にエラーが発生しました。",
   "com_assistants_delete_actions_success": "アシスタントからアクションが削除されました",
   "com_assistants_description_placeholder": "オプション: ここにアシスタントについて説明します",
-  "com_assistants_domain_info": "アシスタントがこの情報を {{0}} に送信しました",
   "com_assistants_file_search": "ファイル検索",
   "com_assistants_file_search_info": "ファイル検索用のベクトル ストアを添付することはまだサポートされていません。プロバイダ プレイグラウンドからそれらを添付するか、スレッド単位でメッセージにファイルを添付してファイル検索を行うことができます。",
   "com_assistants_function_use": "アシスタントが {{0}} を使用しました",
@@ -223,6 +221,7 @@
   "com_endpoint_agent": "エージェント",
   "com_endpoint_agent_placeholder": "エージェントを選択してください",
   "com_endpoint_ai": "AI",
+  "com_endpoint_anthropic_effort": "Claude が適用する計算量を制御する。低い努力はトークンを節約し、待ち時間を短縮します。高い努力はより完全な応答を生成します。Max' は最も深い推論を可能にします (Opus 4.6 のみ)。",
   "com_endpoint_anthropic_maxoutputtokens": "レスポンスで生成できるトークンの最大数。短い応答には低い値を、長い応答には高い値を指定します。注：モデルはこの最大値に達する前に停止することがあります。",
   "com_endpoint_anthropic_prompt_cache": "プロンプトキャッシュを使用すると、API呼び出し間で大きなコンテキストや指示を再利用でき、コストとレイテンシを削減できます",
   "com_endpoint_anthropic_temp": "0から1の値。分析的・多岐の選択になる課題には0に近い値を入力する。創造的・生成的な課題には1に近い値を入力する。この値か Top P の変更をおすすめしますが、両方の変更はおすすめしません。",
@@ -234,6 +233,7 @@
   "com_endpoint_assistant": "アシスタント",
   "com_endpoint_assistant_model": "アシスタント モデル",
   "com_endpoint_assistant_placeholder": "右側のサイドパネルからアシスタントを選択してください",
+  "com_endpoint_bedrock_reasoning_effort": "サポートされているBedrockモデル（Kimi K2.5、GLMなど）の推論レベルを制御します。レベルが高いほど、レイテンシーとトークンが増加しますが、より詳細な推論が行われます。",
   "com_endpoint_config_click_here": "ここをクリック",
   "com_endpoint_config_google_api_info": "Gemeni用のGenerative Language API keyを取得するには",
   "com_endpoint_config_google_api_key": "Google APIキー",
@@ -264,6 +264,7 @@
   "com_endpoint_default_with_num": "デフォルト: {{0}}",
   "com_endpoint_disable_streaming": "ストリーミング応答を無効にし、完全な応答を一度に受信する。o3 のように、ストリーミングのための組織検証を必要とするモデルに便利です。",
   "com_endpoint_disable_streaming_label": "ストリーミングを無効にする",
+  "com_endpoint_effort": "努力",
   "com_endpoint_examples": " プリセット名",
   "com_endpoint_export": "エクスポート",
   "com_endpoint_export_share": "エクスポート/共有",
@@ -271,8 +272,9 @@
   "com_endpoint_google_custom_name_placeholder": "Googleのカスタム名を設定する",
   "com_endpoint_google_maxoutputtokens": "レスポンスで生成できるトークンの最大数。短い応答には低い値を、長い応答には高い値を指定します。注：モデルはこの最大値に達する前に停止することがあります。",
   "com_endpoint_google_temp": "大きい値 = ランダム性が増します。低い値 = より決定論的になります。この値を変更するか、Top P の変更をおすすめしますが、両方を変更はおすすめしません。",
-  "com_endpoint_google_thinking": "推論を有効または無効にします。この設定は特定のモデル（2.5シリーズ）のみがサポートしています。古いモデルの場合、この設定は効果がない場合があります。",
-  "com_endpoint_google_thinking_budget": "モデルが使用する思考トークンの数を指示する。実際の使用量は、プロンプトによってこの値を上回ったり下回ったりする。\n\nこの設定は、特定のモデル（2.5シリーズ）のみがサポートしています。Gemini 2.5 Proは128～32,768トークンをサポートします。Gemini 2.5 Flashは、0～24,576トークンをサポートします。Gemini 2.5 Flash Liteは、512～24,576トークンをサポートします。\n\n空白のままにするか、\"-1 \"に設定すると、いつ、どのくらい考えるかをモデルが自動的に決定します。デフォルトでは、Gemini 2.5 Flash Liteは思考しない。",
+  "com_endpoint_google_thinking": "推論を有効または無効にする。Gemini 2.5および3シリーズでサポートされている。注：Gemini 3 Proは、思考を完全に無効にすることはできない。",
+  "com_endpoint_google_thinking_budget": "モデルが使用する思考トークンの数を指定します。実際のトークン数は、プロンプトの内容によってこの値を超える場合も下回る場合もあります。\n\nこの設定は、Gemini 2.5以前のモデルにのみ適用されます。Gemini 3以降のモデルでは、「思考レベル」設定を使用してください。\n\nGemini 2.5 Proは128～32,768トークン、Gemini 2.5 Flashは0～24,576トークン、Gemini 2.5 Flash Liteは512～24,576トークンに対応しています。\n\nモデルが思考するタイミングと量を自動的に判断するようにするには、この項目を空白のままにするか、「-1」に設定してください。Gemini 2.5 Flash Liteは、デフォルトでは思考しません。",
+  "com_endpoint_google_thinking_level": "ジェミニ3以降のモデルの推論の深さをコントロールします。Gemini 2.5およびそれ以前のモデルには影響しません - それらにはThinking Budgetを使用してください。\n\nモデルのデフォルトを使用するには、Autoのままにしてください。",
   "com_endpoint_google_topk": "top-k は、モデルがトークンを選択して出力する方法を変更する。top-kが1の場合、選択されたトークンはモデルの語彙に含まれるすべてのトークンの中で最も確率の高いものである（貪欲なデコーディングとも呼ばれる）ことを意味し、top-kが3の場合、次のトークンは最も確率の高い3つのトークンの中から選択される（温度を使用する）ことを意味する。",
   "com_endpoint_google_topp": "top-p は、モデルがトークンをどのように選択して出力するかを変更する。トークンは、確率の合計が top-p の値に等しくなるまで、確率の最も高い K 個（topK パラメータを参照）から低い順に選択される。",
   "com_endpoint_google_use_search_grounding": "Googleの検索グラウンディング機能を使用して、リアルタイムのウェブ検索結果で回答を強化します。これにより、モデルは最新の情報にアクセスし、より正確で最新の回答を提供することができます。",
@@ -284,7 +286,6 @@
   "com_endpoint_message_not_appendable": "メッセージを編集、再入力してください。",
   "com_endpoint_my_preset": "Myプリセット",
   "com_endpoint_no_presets": "プリセットがありません",
-  "com_endpoint_open_menu": "Open Menu",
   "com_endpoint_openai_custom_name_placeholder": "ChatGPTのカスタム名を設定する",
   "com_endpoint_openai_detail": "Visionリクエストの解像度を選択します。\"Low\"はコストが安くて低解像度、\"Highは\"コストが高くて高解像度\"、\"Auto\"は画像の解像度に基づいて自動的に選択します。",
   "com_endpoint_openai_freq": "-2.0から2.0の値。正の値を入力すると、テキストの繰り返し頻度に基づいたペナルティを課し、文字通り「同じ文言」を繰り返す可能性を減少させる。",
@@ -342,6 +343,7 @@
   "com_endpoint_temperature": "温度",
   "com_endpoint_thinking": "推論",
   "com_endpoint_thinking_budget": "推論予算",
+  "com_endpoint_thinking_level": "思考レベル",
   "com_endpoint_top_k": "Top K",
   "com_endpoint_top_p": "Top P",
   "com_endpoint_use_active_assistant": "アクティブなアシスタントを使用",
@@ -362,6 +364,7 @@
   "com_error_illegal_model_request": "{{1}}にモデル{{0}}はご利用いただけません。別のモデルを選択してください。",
   "com_error_input_length": "最新のメッセージトークン数が長すぎてトークン制限を超えているか、トークン制限パラメータの設定が間違っていてコンテキストウィンドウに悪影響を及ぼしています。詳細はこちら： {{0}}.メッセージを短くするか、会話パラメータから最大コンテキストサイズを調整するか、会話をフォークして続行してください。",
   "com_error_invalid_agent_provider": "その {{0}} プロバイダーはエージェントでは使用できません。エージェントの設定で、現在利用可能なプロバイダを選択してください。",
+  "com_error_invalid_base_url": "入力されたベースURLは制限されたアドレスを対象としています。有効な外部URLを使用して再試行してください。",
   "com_error_invalid_user_key": "無効なキーが提供されました。キーを入力して再試行してください。",
   "com_error_missing_model": "{{0}}のモデルが選択されていません。モデルを選択してもう一度お試しください。",
   "com_error_models_not_loaded": "モデル設定が読み込めませんでした。ページを更新して再度お試しください。",
@@ -473,7 +476,6 @@
   "com_nav_font_size_xl": "極大",
   "com_nav_font_size_xs": "極小",
   "com_nav_help_faq": "ヘルプ & FAQ",
-  "com_nav_hide_panel": "右側のパネルを非表示",
   "com_nav_info_balance": "残高には、使用可能なトークン・クレジットの残数が表示されます。トークン・クレジットは金額に換算されます（例：1000クレジット＝0.001米ドル）",
   "com_nav_info_code_artifacts": "チャットの横に実験的なコード アーティファクトの表示を有効にします",
   "com_nav_info_code_artifacts_agent": "このエージェントのコードアーティファクトの使用を有効にします。デフォルトでは、\"カスタムプロンプトモード\" が有効になっていない限り、アーティファクトの使用に特化した追加の指示が追加されます。",
@@ -507,12 +509,15 @@
   "com_nav_lang_german": "Deutsch",
   "com_nav_lang_hebrew": "עברית",
   "com_nav_lang_hungarian": "マジャル語",
+  "com_nav_lang_icelandic": "スレンスカ",
   "com_nav_lang_indonesia": "Indonesia",
   "com_nav_lang_italian": "Italiano",
   "com_nav_lang_japanese": "日本語",
   "com_nav_lang_korean": "한국어",
   "com_nav_lang_latvian": "ラトビスキー",
+  "com_nav_lang_lithuanian": "リエトゥヴィシュ",
   "com_nav_lang_norwegian_bokmal": "ノルウェー語（ブークモール）",
+  "com_nav_lang_norwegian_nynorsk": "ノルウェー語",
   "com_nav_lang_persian": "ファラオ",
   "com_nav_lang_polish": "Polski",
   "com_nav_lang_portuguese": "Português",
@@ -532,9 +537,18 @@
   "com_nav_log_out": "ログアウト",
   "com_nav_long_audio_warning": "長いテキストの処理には時間がかかります。",
   "com_nav_maximize_chat_space": "チャット画面を最大化",
+  "com_nav_mcp_access_revoked": "MCP サーバーが正常に作成されました",
   "com_nav_mcp_configure_server": "{{0}}を設定",
+  "com_nav_mcp_connect": "接続",
+  "com_nav_mcp_connect_server": "接続 {{0}}",
+  "com_nav_mcp_reconnect": "再接続",
   "com_nav_mcp_status_connected": "接続済み",
   "com_nav_mcp_status_connecting": "{{0}} - 接続中",
+  "com_nav_mcp_status_disconnected": "切断",
+  "com_nav_mcp_status_error": "エラー",
+  "com_nav_mcp_status_initializing": "初期化中",
+  "com_nav_mcp_status_needs_auth": "認証が必要",
+  "com_nav_mcp_status_unknown": "不明",
   "com_nav_mcp_vars_update_error": "MCP カスタム ユーザー変数の更新中にエラーが発生しました",
   "com_nav_mcp_vars_updated": "MCP カスタムユーザー変数が正常に更新されました。",
   "com_nav_modular_chat": "会話の途中でのエンドポイント切替を有効化",
@@ -562,7 +576,6 @@
   "com_nav_setting_speech": "スピーチ",
   "com_nav_settings": "設定",
   "com_nav_shared_links": "共有リンク",
-  "com_nav_show_code": "Code Interpreter を使用する際は常にコードを表示する",
   "com_nav_show_thinking": "デフォルトで推論ドロップダウンを開く",
   "com_nav_slash_command": "/-Command",
   "com_nav_slash_command_description": "コマンド\"/\"でキーボードでプロンプトを選択する",
@@ -619,6 +632,7 @@
   "com_ui_2fa_generate_error": "2要素認証設定の生成中にエラーが発生しました",
   "com_ui_2fa_invalid": "2要素認証コードが無効です",
   "com_ui_2fa_setup": "二要素認証を設定",
+  "com_ui_2fa_verification_required": "2FAコードを入力して続行する",
   "com_ui_2fa_verified": "2要素認証の認証に成功しました",
   "com_ui_accept": "同意します",
   "com_ui_action_button": "アクションボタン",
@@ -643,6 +657,8 @@
   "com_ui_advanced": "高度",
   "com_ui_advanced_settings": "詳細設定",
   "com_ui_agent": "エージェント",
+  "com_ui_agent_api_keys": "エージェントAPIキー",
+  "com_ui_agent_api_keys_description": "API 経由でリモートからエージェントにアクセスするための API キーを作成する",
   "com_ui_agent_category_aftersales": "アフターセールス",
   "com_ui_agent_category_finance": "ファイナンス",
   "com_ui_agent_category_general": "一般",
@@ -690,12 +706,22 @@
   "com_ui_agents": "エージェント",
   "com_ui_agents_allow_create": "エージェントの作成を許可",
   "com_ui_agents_allow_share": "エージェントの共有を許可する",
+  "com_ui_agents_allow_share_public": "エージェントの公開共有を許可する",
   "com_ui_agents_allow_use": "エージェントの使用を許可",
   "com_ui_all": "すべて",
   "com_ui_all_proper": "すべて",
   "com_ui_analyzing": "分析中",
   "com_ui_analyzing_finished": "分析終了",
   "com_ui_api_key": "APIキー",
+  "com_ui_api_key_copied": "APIキーをクリップボードにコピーしました",
+  "com_ui_api_key_create_error": "APIキーの作成に失敗しました",
+  "com_ui_api_key_created": "APIキーの作成に成功しました",
+  "com_ui_api_key_delete_error": "APIキーの削除に失敗しました",
+  "com_ui_api_key_deleted": "APIキーの削除に成功しました",
+  "com_ui_api_key_name": "キー名",
+  "com_ui_api_key_name_required": "APIキー名は必須",
+  "com_ui_api_key_warning": "APIキーをコピーしてください。二度と見ることができなくなります！",
+  "com_ui_api_keys_load_error": "APIキーのロードに失敗しました",
   "com_ui_archive": "アーカイブ",
   "com_ui_archive_delete_error": "アーカイブされた会話の削除に失敗しました",
   "com_ui_archive_error": "アーカイブに失敗しました。",
@@ -713,8 +739,10 @@
   "com_ui_at_least_one_owner_required": "少なくとも1人の所有者が必要",
   "com_ui_attach_error": "ファイルを添付できません。会話を作成または選択するか、ページを更新してみてください。",
   "com_ui_attach_error_disabled": "このエンドポイントでは、ファイルのアップロードは無効です。",
+  "com_ui_attach_error_limit": "ファイルの制限に達しました：",
   "com_ui_attach_error_openai": "他のエンドポイントにアシスタントファイルを添付することはできません",
   "com_ui_attach_error_size": "エンドポイントのファイルサイズ制限を超えました:",
+  "com_ui_attach_error_total_size": "エンドポイントの合計ファイルサイズの制限を超えました：",
   "com_ui_attach_error_type": "エンドポイントでサポートされていないファイルタイプ:",
   "com_ui_attach_remove": "ファイルを削除",
   "com_ui_attach_warn_endpoint": "互換性のあるツールがない場合、非アシスタントのファイルは無視される可能性があります",
@@ -746,6 +774,7 @@
   "com_ui_bookmarks": "ブックマーク",
   "com_ui_bookmarks_add": "ブックマークを追加",
   "com_ui_bookmarks_add_to_conversation": "現在の会話に追加",
+  "com_ui_bookmarks_count_selected": "ブックマーク、 {{count}} 選択済み",
   "com_ui_bookmarks_create_error": "ブックマークの作成中にエラーが発生しました",
   "com_ui_bookmarks_create_exists": "このブックマークは既に存在します",
   "com_ui_bookmarks_create_success": "ブックマークが正常に作成されました",
@@ -807,9 +836,9 @@
   "com_ui_continue": "続ける",
   "com_ui_continue_oauth": "OAuthで続行",
   "com_ui_control_bar": "コントロールバー",
-  "com_ui_controls": "管理",
   "com_ui_conversation": "会話",
   "com_ui_conversation_label": "{{title}} 会話",
+  "com_ui_conversation_not_found": "会話が見つかりません",
   "com_ui_conversations": "会話",
   "com_ui_convo_archived": "会話はアーカイブされました",
   "com_ui_convo_delete_error": "会話の削除に失敗しました",
@@ -824,12 +853,16 @@
   "com_ui_copy_to_clipboard": "クリップボードへコピー",
   "com_ui_copy_url_to_clipboard": "URLをクリップボードにコピー",
   "com_ui_create": "作成",
+  "com_ui_create_api_key": "APIキーの作成",
   "com_ui_create_assistant": "アシスタントを作成",
   "com_ui_create_link": "リンクを作成する",
+  "com_ui_create_mcp_server": "MCPサーバーの作成",
   "com_ui_create_memory": "メモリを作成します",
   "com_ui_create_new_agent": "新しいエージェントを作成",
   "com_ui_create_prompt": "プロンプトを作成する",
   "com_ui_create_prompt_page": "新しいプロンプト設定ページ",
+  "com_ui_created": "作成済",
+  "com_ui_creating": "作成...",
   "com_ui_creating_image": "画像を作成しています。しばらく時間がかかる場合があります",
   "com_ui_current": "現在",
   "com_ui_currently_production": "現在生産中",
@@ -869,6 +902,8 @@
   "com_ui_delete_confirm_prompt_version_var": "これは、選択されたバージョンを \"{{0}}.\" から削除します。他のバージョンが存在しない場合、プロンプトが削除されます。",
   "com_ui_delete_confirm_strong": "削除します <strong>{{title}}</strong>",
   "com_ui_delete_conversation": "チャットを削除しますか？",
+  "com_ui_delete_conversation_tooltip": "会話の削除",
+  "com_ui_delete_mcp_server": "MCPサーバーを削除しますか？",
   "com_ui_delete_memory": "メモリの削除",
   "com_ui_delete_not_allowed": "削除操作は許可されていません",
   "com_ui_delete_preset": "プリセットを削除しますか?",
@@ -881,6 +916,7 @@
   "com_ui_delete_tool_confirm": "このツールを削除してもよろしいですか？",
   "com_ui_delete_tool_save_reminder": "ツールが削除されました。エージェントを保存して変更を適用します。",
   "com_ui_deleted": "削除済み",
+  "com_ui_deleting": "削除しています...",
   "com_ui_deleting_file": "ファイルの削除...",
   "com_ui_descending": "降順",
   "com_ui_description": "説明",
@@ -897,7 +933,6 @@
   "com_ui_download_error_logs": "エラーログのダウンロード",
   "com_ui_drag_drop": "会話に追加するには、ここにファイルをドロップします",
   "com_ui_dropdown_variables": "ドロップダウン変数:",
-  "com_ui_dropdown_variables_info": "プロンプトのカスタムドロップダウンメニューを作成します: `{{variable_name:option1|option2|option3}}`",
   "com_ui_duplicate": "複製",
   "com_ui_duplicate_agent": "エージェントの重複",
   "com_ui_duplication_error": "会話の複製中にエラーが発生しました",
@@ -1004,6 +1039,7 @@
   "com_ui_handoff_instructions": "ハンドオフの指示",
   "com_ui_happy_birthday": "初めての誕生日です！",
   "com_ui_header_format": "ヘッダー形式",
+  "com_ui_hide": "隠す",
   "com_ui_hide_code": "コードを隠す",
   "com_ui_hide_image_details": "画像の詳細を隠す",
   "com_ui_hide_password": "パスワードを隠す",
@@ -1029,9 +1065,9 @@
   "com_ui_instructions": "指示文",
   "com_ui_key": "キー",
   "com_ui_key_required": "APIキーが必要です。",
+  "com_ui_last_used": "前回使用",
   "com_ui_late_night": "遅い夜を楽しんで",
   "com_ui_latest_footer": "Every AI for Everyone.",
-  "com_ui_latest_production_version": "最新の製品バージョン",
   "com_ui_latest_version": "最新バージョン",
   "com_ui_leave_blank_to_keep": "既存を維持する場合は空白のままにして下さい",
   "com_ui_librechat_code_api_key": "LibreChat コードインタープリター APIキーを取得",
@@ -1047,12 +1083,18 @@
   "com_ui_manage": "管理",
   "com_ui_marketplace": "マーケットプレイス",
   "com_ui_marketplace_allow_use": "マーケットプレイスの利用を許可する",
+  "com_ui_max": "マックス",
   "com_ui_max_favorites_reached": "ピン留めしたアイテムの最大数に達しました（{{0}}）。アイテムを追加するには、ピン留めを解除します。",
   "com_ui_max_file_size": "PNG、JPGまたはJPEG（最大 {{0}})",
   "com_ui_max_tags": "最新の値を使用した場合、許可される最大数は {{0}} です。",
   "com_ui_mcp_authenticated_success": "MCPサーバー{{0}}認証成功",
+  "com_ui_mcp_click_to_defer": "クリックして延期 - ツールは検索で見つけることができますが、必要になるまで読み込まれません",
+  "com_ui_mcp_click_to_programmatic": "プログラムによる呼び出しを有効にする - ツールはコード実行によってのみ呼び出すことができます",
   "com_ui_mcp_configure_server": "設定 {{0}}",
   "com_ui_mcp_configure_server_description": "カスタム変数を設定する {{0}}",
+  "com_ui_mcp_defer": "延期",
+  "com_ui_mcp_defer_all": "すべてのツールを延期する",
+  "com_ui_mcp_defer_loading": "読み込みを延期する",
   "com_ui_mcp_dialog_title": "変数を設定する {{serverName}}. サーバーステータス: {{status}}",
   "com_ui_mcp_domain_not_allowed": "MCPサーバードメインが許可ドメインリストにありません。管理者に連絡してください。",
   "com_ui_mcp_enter_var": "{{0}}の値を入力する。",
@@ -1060,8 +1102,11 @@
   "com_ui_mcp_initialize": "初期化",
   "com_ui_mcp_initialized_success": "MCPサーバー{{0}}初期化に成功",
   "com_ui_mcp_invalid_url": "有効な URL を入力してください",
+  "com_ui_mcp_no_description": "説明がありません",
   "com_ui_mcp_oauth_cancelled": "OAuthログインがキャンセルされた {{0}}",
   "com_ui_mcp_oauth_timeout": "OAuthログインがタイムアウトしました。 {{0}}",
+  "com_ui_mcp_programmatic": "プログラマティック",
+  "com_ui_mcp_programmatic_all": "すべてをプログラマティックにする",
   "com_ui_mcp_server": "MCP サーバー",
   "com_ui_mcp_server_connection_failed": "指定されたMCPサーバーへの接続に失敗しました。URL、サーバーの種類、および認証設定が正しいことを確認してから、もう一度お試しください。また、URLにアクセスできることを確認してください。",
   "com_ui_mcp_server_created": "MCP サーバーが正常に作成されました",
@@ -1078,10 +1123,16 @@
   "com_ui_mcp_servers": "MCP サーバー",
   "com_ui_mcp_servers_allow_create": "ユーザにMCPサーバーを作成許可する",
   "com_ui_mcp_servers_allow_share": "ユーザーにMCPサーバーを共有許可する",
+  "com_ui_mcp_servers_allow_share_public": "ユーザーがMCPサーバーをパブリックに共有できるようにする",
   "com_ui_mcp_servers_allow_use": "ユーザーに MCP サーバーの使用を許可する",
   "com_ui_mcp_title_invalid": "タイトルに使用できるのは、アルファベット、数字、スペースのみです。",
+  "com_ui_mcp_tool_options": "ツール設定",
+  "com_ui_mcp_transport": "持ち運び",
   "com_ui_mcp_type_sse": "SSE",
   "com_ui_mcp_type_streamable_http": "ストリーミング可能なHTTPS",
+  "com_ui_mcp_undefer": "延期を取り消す",
+  "com_ui_mcp_undefer_all": "すべてのツールの延期を解除",
+  "com_ui_mcp_unprogrammatic_all": "すべてをプログラムとしてマークしない",
   "com_ui_mcp_update_var": "{{0}}を更新",
   "com_ui_mcp_url": "MCPサーバーURL",
   "com_ui_medium": "中",
@@ -1116,6 +1167,8 @@
   "com_ui_misc": "その他",
   "com_ui_model": "モデル",
   "com_ui_model_parameters": "モデルパラメータ",
+  "com_ui_model_parameters_reset": "モデルパラメータがリセットされました。",
+  "com_ui_model_selected": "{{0}} 選択された",
   "com_ui_more_info": "詳細",
   "com_ui_my_prompts": "マイ プロンプト",
   "com_ui_name": "名前",
@@ -1125,6 +1178,7 @@
   "com_ui_new_conversation_title": "新しい会話タイトル",
   "com_ui_next": "次",
   "com_ui_no": "いいえ",
+  "com_ui_no_api_keys": "APIキーはまだありません。APIキーを作成してください。",
   "com_ui_no_auth": "認証なし",
   "com_ui_no_bookmarks": "ブックマークがまだないようです。チャットをクリックして新しいブックマークを追加してください",
   "com_ui_no_bookmarks_match": "検索に一致するブックマークはありません",
@@ -1211,6 +1265,17 @@
   "com_ui_regenerating": "再生成中...",
   "com_ui_region": "地域",
   "com_ui_reinitialize": "再初期化",
+  "com_ui_remote_access": "リモートアクセス",
+  "com_ui_remote_agent_role_editor": "エディター",
+  "com_ui_remote_agent_role_owner": "APIオーナー",
+  "com_ui_remote_agent_role_owner_desc": "APIへのフルアクセス、他者へのリモートアクセスの許可",
+  "com_ui_remote_agent_role_viewer": "APIビューア",
+  "com_ui_remote_agent_role_viewer_desc": "API経由でエージェントに問い合わせることができる",
+  "com_ui_remote_agents": "リモートエージェント（API）",
+  "com_ui_remote_agents_allow_create": "ユーザーがAPI経由でエージェントを作成できるようにする",
+  "com_ui_remote_agents_allow_share": "エージェントへのAPIアクセスを他のユーザーに許可する",
+  "com_ui_remote_agents_allow_share_public": "エージェントへのAPIアクセスをすべてのユーザーに許可する",
+  "com_ui_remote_agents_allow_use": "ユーザーがリモートでAPIキーを作成し、エージェントに問い合わせができるようにする。",
   "com_ui_remove_agent_from_chain": "チェーンから {{0}} を取り除く",
   "com_ui_remove_user": "削除 {{0}}",
   "com_ui_rename": "タイトル変更",
@@ -1300,6 +1365,7 @@
   "com_ui_shared_link_not_found": "共有リンクが見つかりません",
   "com_ui_shared_prompts": "共有されたプロンプト",
   "com_ui_shop": "買い物",
+  "com_ui_show": "見せる",
   "com_ui_show_all": "すべて表示",
   "com_ui_show_code": "コード表示",
   "com_ui_show_image_details": "画像の詳細を表示",
@@ -1313,12 +1379,11 @@
   "com_ui_special_var_current_datetime": "現在の日時",
   "com_ui_special_var_current_user": "現在のユーザー",
   "com_ui_special_var_iso_datetime": "UTC ISO 日時",
+  "com_ui_special_variable_added": "{{0}} 特殊変数が追加された。",
   "com_ui_special_variables": "特殊変数:",
-  "com_ui_special_variables_more_info": "ドロップダウンから特別な変数を選択できます: `{{current_date}}` (今日の日付と曜日)、`{{current_datetime}}` (現地の日付と時刻)、`{{utc_iso_datetime}}` (UTC ISO 日時)、および `{{current_user}}` (アカウント名)。",
   "com_ui_speech_not_supported": "お使いのブラウザは音声認識をサポートしていません",
   "com_ui_speech_not_supported_use_external": "お使いのブラウザは音声認識をサポートしていません。[設定] > [音声]で[外部STT]に切り替えてみてください。",
   "com_ui_speech_while_submitting": "応答の生成中は音声を送信できません",
-  "com_ui_sr_actions_menu": "{{0}}のアクションメニューを開く",
   "com_ui_sr_global_prompt": "グローバルプロンプトグループ",
   "com_ui_stack_trace": "スタックトレース",
   "com_ui_status_prefix": "ステータス:",
@@ -1355,14 +1420,16 @@
   "com_ui_try_adjusting_search": "検索条件を調整する",
   "com_ui_ui_resource_error": "UI リソース エラー ({{0}}）",
   "com_ui_ui_resource_not_found": "UI リソースが見つかりません（index： {{0}})",
-  "com_ui_ui_resources": "UIリソース",
   "com_ui_unarchive": "アーカイブ解除",
+  "com_ui_unarchive_conversation": "会話のアーカイブ解除",
   "com_ui_unarchive_error": "アーカイブ解除に失敗しました。",
   "com_ui_unavailable": "使用不可",
   "com_ui_unknown": "不明",
   "com_ui_unset": "設定解除",
   "com_ui_untitled": "無題",
   "com_ui_update": "更新",
+  "com_ui_update_mcp_server": "MCPサーバーの更新",
+  "com_ui_updating": "更新中...",
   "com_ui_upload": "アップロード",
   "com_ui_upload_agent_avatar": "エージェントアバターの更新に成功",
   "com_ui_upload_agent_avatar_label": "エージェントのアバター画像をアップロードする",
@@ -1393,7 +1460,6 @@
   "com_ui_user_provides_key": "ユーザーは個人キーを登録する",
   "com_ui_value": "値",
   "com_ui_variables": "変数",
-  "com_ui_variables_info": "テキスト内で二重中括弧を使用して変数を定義します。例えば、`{{example variable}}`のようにすると、プロンプトを使用するときに後で値を埋め込むことができます。",
   "com_ui_verify": "確認する",
   "com_ui_version_var": "バージョン {{0}}",
   "com_ui_versions": "バージョン",
@@ -1427,8 +1493,9 @@
   "com_ui_weekend_morning": "楽しい週末を",
   "com_ui_write": "執筆",
   "com_ui_x_selected": "{{0}}が選択された",
-  "com_ui_xhigh": "エクストラ・ハイ",
+  "com_ui_xhigh": "最上位",
   "com_ui_yes": "はい",
+  "com_ui_your_api_key": "API キー",
   "com_ui_zoom": "ズーム",
   "com_ui_zoom_in": "ズームイン",
   "com_ui_zoom_level": "ズームレベル",
diff --git a/client/src/locales/ka/translation.json b/client/src/locales/ka/translation.json
index 8ce3f11165..c9fce2d1fa 100644
--- a/client/src/locales/ka/translation.json
+++ b/client/src/locales/ka/translation.json
@@ -22,7 +22,6 @@
   "com_agents_not_available": "აგენტი მიუწვდომელია",
   "com_agents_search_name": "აგენტების ძებნა სახელით",
   "com_agents_update_error": "თქვენი აგენტის განახლებისას დაფიქსირდა შეცდომა",
-  "com_assistants_action_attempt": "ასისტენტს სურს გაესაუბროს {{0}}",
   "com_assistants_actions": "მოქმედებები",
   "com_assistants_actions_disabled": "მოქმედებების დამატებამდე საჭიროა ასისტენტის შექმნა.",
   "com_assistants_actions_info": "მიეცით თქვენს ასისტენტს საშუალება, მოიძიოს ინფორმაცია ან შეასრულოს ქმედებები API-ების მეშვეობით",
@@ -30,7 +29,6 @@
   "com_assistants_add_tools": "ინსტრუმენტების დამატება",
   "com_assistants_allow_sites_you_trust": "მიუთითეთ მხოლოდ სანდო ვებ-რესურსები",
   "com_assistants_append_date": "მიმდინარე თარიღისა და დროის დამატება",
-  "com_assistants_attempt_info": "ასისტენტს სურს შემდეგი ინფორმაციის გაგზავნა:",
   "com_assistants_available_actions": "ხელმისაწვდომი მოქმედებები",
   "com_assistants_capabilities": "შესაძლებლობები",
   "com_assistants_code_interpreter": "კოდის ინტერპრეტატორი",
diff --git a/client/src/locales/ko/translation.json b/client/src/locales/ko/translation.json
index 7132cb3ea1..b4f34756d2 100644
--- a/client/src/locales/ko/translation.json
+++ b/client/src/locales/ko/translation.json
@@ -30,7 +30,6 @@
   "com_agents_search_info": "활성화하면 에이전트가 최신 정보를 검색할 수 있도록 허용합니다. 유효한 API 키가 필요합니다.",
   "com_agents_search_name": "이름으로 에이전트 검색",
   "com_agents_update_error": "에이전트 업데이트 중 오류가 발생했습니다",
-  "com_assistants_action_attempt": "{{0}}에게 대화 시도",
   "com_assistants_actions": "작업",
   "com_assistants_actions_disabled": "어시스턴트를 만들어야 작업을 추가할 수 있습니다.",
   "com_assistants_actions_info": "어시스턴트가 API를 통해 정보를 검색하거나 작업을 수행할 수 있게 해줍니다.",
@@ -40,7 +39,6 @@
   "com_assistants_allow_sites_you_trust": "신뢰하는 사이트만 허용하세요.",
   "com_assistants_append_date": "현재 날짜와 시간 추가",
   "com_assistants_append_date_tooltip": "활성화하면 현재 클라이언트의 날짜와 시간이 어시스턴트의 시스템 지침에 추가됩니다.",
-  "com_assistants_attempt_info": "에이전트가 다음을 보내려고 합니다:",
   "com_assistants_available_actions": "사용 가능한 작업",
   "com_assistants_capabilities": "기능",
   "com_assistants_code_interpreter": "코드 인터프리터",
@@ -55,7 +53,6 @@
   "com_assistants_delete_actions_error": "작업 삭제 중 오류가 발생했습니다",
   "com_assistants_delete_actions_success": "어시스턴트에서 작업이 성공적으로 삭제되었습니다",
   "com_assistants_description_placeholder": "옵션: 여기에 어시스턴트를 설명하세요",
-  "com_assistants_domain_info": "어시스턴트가 {{0}}에게 이 정보를 보냈습니다",
   "com_assistants_file_search": "파일 검색",
   "com_assistants_file_search_info": "파일 검색을 위한 벡터 저장소 연결은 아직 지원되지 않습니다. Provider Playground에서 연결하거나 스레드 기반으로 메시지에 파일을 첨부하여 파일 검색을 할 수 있습니다.",
   "com_assistants_function_use": "어시스턴트는 {{0}}을(를) 사용했습니다.",
@@ -214,7 +211,6 @@
   "com_endpoint_message_not_appendable": "메시지를 수정하거나 다시 생성하세요.",
   "com_endpoint_my_preset": "내 프리셋",
   "com_endpoint_no_presets": "아직 프리셋이 없습니다",
-  "com_endpoint_open_menu": "메뉴 열기",
   "com_endpoint_openai_custom_name_placeholder": "ChatGPT에 대한 사용자 정의 이름을 설정하세요.",
   "com_endpoint_openai_detail": "비전 요청의 해상도입니다. \"낮음\"은 저렴하고 빠르며, \"높음\"은 더 상세하지만 비용이 많이 듭니다. \"자동\"은 이미지 해상도에 따라 두 가지 중 하나를 자동으로 선택합니다.",
   "com_endpoint_openai_freq": "텍스트에서 토큰의 빈도수에 따라 새로운 토큰에 패널티를 부여합니다. 이전에 나온 텍스트의 빈도수에 따라 새로운 토큰의 확률이 감소하여 동일한 문장을 반복할 가능성을 줄입니다.",
@@ -378,7 +374,6 @@
   "com_nav_font_size_xl": "아주 큰 글자",
   "com_nav_font_size_xs": "아주 작게",
   "com_nav_help_faq": "도움말 및 FAQ",
-  "com_nav_hide_panel": "오른쪽 사이드 패널 숨기기",
   "com_nav_info_balance": "잔액은 사용 가능한 토큰 크레딧의 수를 나타냅니다. 토큰 크레딧은 금전적 가치로 환산되며 (예: 1000 크레딧 = 0.001달러)입니다.",
   "com_nav_info_code_artifacts": "채팅 옆에 실험적 코드 결과물 표시 활성화",
   "com_nav_info_code_artifacts_agent": "이 에이전트에 대해 코드 아티팩트 사용을 가능하게 합니다. 기본적으로 아티팩트 사용과 관련된 추가 지침이 포함되며, \"커스텀 프롬프트 모드\"가 활성화되지 않은 경우에만 적용됩니다.",
@@ -458,7 +453,6 @@
   "com_nav_setting_speech": "음성",
   "com_nav_settings": "설정",
   "com_nav_shared_links": "공유 링크",
-  "com_nav_show_code": "코드 인터프리터 사용 시 항상 코드 표시",
   "com_nav_show_thinking": "생각 드롭다운 기본 열기",
   "com_nav_slash_command": "슬래시 명령어",
   "com_nav_slash_command_description": "키보드로 프롬프트를 선택하려면 \"/\" 명령어 토글",
@@ -631,7 +625,6 @@
   "com_ui_context": "맥락",
   "com_ui_continue": "계속",
   "com_ui_continue_oauth": "OAuth로 계속하기",
-  "com_ui_controls": "컨트롤",
   "com_ui_convo_delete_error": "대화 삭제 실패",
   "com_ui_copied": "복사됨",
   "com_ui_copied_to_clipboard": "클립보드에 복사되었습니다",
@@ -701,7 +694,6 @@
   "com_ui_download_error": "파일 다운로드 중 오류가 발생했습니다. 파일이 삭제되었을 수 있습니다.",
   "com_ui_drag_drop": "내용이 비어 있었습니다.",
   "com_ui_dropdown_variables": "드롭다운 변수:",
-  "com_ui_dropdown_variables_info": "프롬프트에 사용자 정의 드롭다운 메뉴 만들기: `{{변수명:옵션1|옵션2|옵션3}}`",
   "com_ui_duplicate": "복제",
   "com_ui_duplication_error": "대화를 복제하는 중 오류가 발생했습니다",
   "com_ui_duplication_processing": "대화 복제 중...",
@@ -808,7 +800,6 @@
   "com_ui_key": "키",
   "com_ui_late_night": "늦은 밤에도 행복하세요",
   "com_ui_latest_footer": "모두를 위한 AI, 한곳에서",
-  "com_ui_latest_production_version": "최신 프로덕션 버전",
   "com_ui_latest_version": "최신 버전",
   "com_ui_librechat_code_api_key": "LibreChat 코드 인터프리터 API 키 받기",
   "com_ui_librechat_code_api_subtitle": "안전한 보안. 다국어 지원. 파일 입출력.",
@@ -976,9 +967,7 @@
   "com_ui_special_var_current_user": "현재 사용자",
   "com_ui_special_var_iso_datetime": "UTC ISO 날짜 및 시간",
   "com_ui_special_variables": "특수 변수:",
-  "com_ui_special_variables_more_info": "드롭다운에서 선택할 수 있는 특수 변수: `{{current_date}}` (오늘의 날짜와 요일), `{{current_datetime}}` (현재 로컬 날짜와 시간), `{{utc_iso_datetime}}` (UTC ISO 날짜 및 시간), `{{current_user}}` (사용자 이름).",
   "com_ui_speech_while_submitting": "응답 생성 중에는 음성을 전송할 수 없습니다",
-  "com_ui_sr_actions_menu": "\"{{0}}\"의 행동 메뉴 열기",
   "com_ui_stop": "중지",
   "com_ui_storage": "저장소",
   "com_ui_submit": "제출",
@@ -1024,7 +1013,6 @@
   "com_ui_used": "사용됨",
   "com_ui_value": "값",
   "com_ui_variables": "변수",
-  "com_ui_variables_info": "텍스트에 이중 중괄호를 사용하여 변수를 만들 수 있습니다. 예를 들어 `{{예시 변수}}`와 같이 작성하면 나중에 프롬프트를 사용할 때 해당 부분을 채울 수 있습니다.",
   "com_ui_verify": "확인",
   "com_ui_version_var": "버전 {{0}}",
   "com_ui_versions": "버전",
diff --git a/client/src/locales/lv/translation.json b/client/src/locales/lv/translation.json
index 57794a9e2a..5bce8e3406 100644
--- a/client/src/locales/lv/translation.json
+++ b/client/src/locales/lv/translation.json
@@ -2,9 +2,13 @@
   "chat_direction_left_to_right": "No kreisās uz labo",
   "chat_direction_right_to_left": "No labās uz kreiso",
   "com_a11y_ai_composing": "Mākslīgais intelekts joprojām veido savu atbildi.",
+  "com_a11y_chats_date_section": "Sarunas no {{date}}",
   "com_a11y_end": "Mākslīgais intelekts ir pabeidzis veidot atbildi.",
   "com_a11y_selected": "atlasīts",
   "com_a11y_start": "Mākslīgais intelekts ir sācis savu atbildi.",
+  "com_a11y_summarize_completed": "Konteksta kopsavilkums.",
+  "com_a11y_summarize_failed": "Apkopojums neizdevās, turpiniet ar pieejamo kontekstu.",
+  "com_a11y_summarize_started": "Apkopo kontekstu.",
   "com_agents_agent_card_label": "{{name}} aģents. {{description}}",
   "com_agents_all": "Visi aģenti",
   "com_agents_all_category": "Viss",
@@ -100,7 +104,6 @@
   "com_agents_start_chat": "Sākt sarunu",
   "com_agents_top_picks": "Labākās izvēles",
   "com_agents_update_error": "Jūsu aģenta atjaunināšanā ir kļūda.",
-  "com_assistants_action_attempt": "Asistents vēlas runāt ar {{0}}",
   "com_assistants_actions": "Darbības",
   "com_assistants_actions_disabled": "Pirms darbību pievienošanas ir jāizveido asistents.",
   "com_assistants_actions_info": "Ļaujiet savam asistentam iegūt informāciju vai veikt darbības, izmantojot API.",
@@ -110,7 +113,6 @@
   "com_assistants_allow_sites_you_trust": "Atļaujiet tikai tās vietnes, kurām uzticaties.",
   "com_assistants_append_date": "Pievienot pašreizējo datumu un laiku",
   "com_assistants_append_date_tooltip": "Ja šī opcija ir iespējota, pašreizējais klienta datums un laiks tiks pievienots asistenta sistēmas norādījumiem.",
-  "com_assistants_attempt_info": "Asistents vēlas nosūtīt:",
   "com_assistants_available_actions": "Pieejamās darbības",
   "com_assistants_capabilities": "Iespējas",
   "com_assistants_code_interpreter": "Koda interpretētājs",
@@ -125,7 +127,6 @@
   "com_assistants_delete_actions_error": "Kļūda dzēšot šo darbību.",
   "com_assistants_delete_actions_success": "Darbība veiksmīgi dzēsta no asistenta",
   "com_assistants_description_placeholder": "Pēc izvēles: Šeit aprakstiet savu asistentu",
-  "com_assistants_domain_info": "Asistents nosūtīja šo informāciju {{0}}",
   "com_assistants_file_search": "Meklēšana dokumentos",
   "com_assistants_file_search_info": "Šī funkcija ļauj asistentam izmantot augšupielādēto failu saturu, pievienojot zināšanas tieši no lietotāja vai citu lietotāju failiem. Pēc faila augšupielādes asistents automātiski identificē un izgūst nepieciešamās teksta daļas atbilstoši lietotāja pieprasījumam, neiekļaujot visu failu pilnā apjomā. Vektoru datubāzu (vector store) pieslēgšana tieši šai funkcijai šobrīd nav atbalstīta; tās iespējams pievienot tikai Provider Playground vidē vai augšupielādējot failus sarunas pavedienam ikreizējai meklēšanai.",
   "com_assistants_function_use": "Izmantotais asistents {{0}}",
@@ -289,7 +290,6 @@
   "com_endpoint_message_not_appendable": "Rediģējiet savu ziņu vai ģenerējiet to atkārtoti.",
   "com_endpoint_my_preset": "Mans iestatījums",
   "com_endpoint_no_presets": "Nav vēl neviena iestatījuma, lai tos izveidotu, izmantojiet iestatījumu pogu.",
-  "com_endpoint_open_menu": "Atvērt izvēlni",
   "com_endpoint_openai_custom_name_placeholder": "Iestatiet pielāgotu nosaukumu mākslīgajam intelektam",
   "com_endpoint_openai_detail": "Vision pieprasījumu izšķirtspēja. “Zema” ir lētāka un ātrāka, “Augsta” ir detalizētāka un dārgāka, un “Automātiska” automātiski izvēlēsies vienu no abām, pamatojoties uz attēla izšķirtspēju.",
   "com_endpoint_openai_freq": "Skaitlis no -2,0 līdz 2,0. Pozitīvas vērtības soda jaunus tokenus, pamatojoties uz to esošo biežumu tekstā līdz šim, samazinot modeļa iespējamību atkārtot vienu un to pašu rindu burtiski.",
@@ -368,6 +368,7 @@
   "com_error_illegal_model_request": "Modelis \"{{0}}\" nav pieejams {{1}}. Lūdzu, izvēlieties citu modeli.",
   "com_error_input_length": "Jaunākās ziņas kopējais garums ir pārāk garš, pārsniedzot garuma ierobežojumu, vai arī jūsu garuma ierobežojuma parametri ir nepareizi uzstādīti, negatīvi ietekmējot kopējā konteksta garumu. Plašāka informācija: {{0}} Lūdzu, saīsiniet savu ziņu, sarunas parametros pielāgojiet maksimālo garuma lielumu vai atdaliet sarunu, lai turpinātu.",
   "com_error_invalid_agent_provider": "\"{{0}}\" pakalpojumu sniedzējs nav pieejams lietošanai ar aģentiem. Lūdzu, dodieties uz sava aģenta iestatījumiem un atlasiet pašlaik pieejamu pakalpojumu sniedzēju.",
+  "com_error_invalid_base_url": "Jūsu norādītais bāzes URL ir vērsts uz ierobežotu adresi. Lūdzu, izmantojiet derīgu ārējo URL un mēģiniet vēlreiz.",
   "com_error_invalid_user_key": "Norādīta nederīga atslēga. Lūdzu, ievadiet derīgu atslēgu un mēģiniet vēlreiz.",
   "com_error_missing_model": "Nav izvēlēts neviens modelis {{0}}. Lūdzu, izvēlieties modeli un mēģiniet vēlreiz.",
   "com_error_models_not_loaded": "Modeļu konfigurāciju nevar ielādēt. Lūdzu, atsvaidziniet lapu un mēģiniet vēlreiz.",
@@ -375,6 +376,7 @@
   "com_error_no_base_url": "Nav atrasts bāzes URL. Lūdzu, norādiet to un mēģiniet vēlreiz.",
   "com_error_no_user_key": "Atslēga nav atrasta. Lūdzu, norādiet atslēgu un mēģiniet vēlreiz.",
   "com_error_refusal": "Drošības filtri noraidīja atbildi. Pārrakstiet savu ziņojumu un mēģiniet vēlreiz. Ja, lietojot Claude Sonnet 4.5 vai Opus 4.1, ar šo problēmu bieži saskaraties, varat izmēģināt Sonnet 4, kuram ir atšķirīgi lietošanas ierobežojumi.",
+  "com_error_stream_expired": "Atbildes plūsma ir beigusies vai jau pabeigta. Lūdzu, mēģiniet vēlreiz.",
   "com_file_pages": "Lapas: {{pages}}",
   "com_file_source": "Fails",
   "com_file_unknown": "Nezināms fails",
@@ -406,8 +408,10 @@
   "com_nav_at_command_description": "Pārslēgšanas komanda \"@\" galapunktu, modeļu, iestatījumu u.c. pārslēgšanai.",
   "com_nav_audio_play_error": "Kļūda, atskaņojot audio: {{0}}",
   "com_nav_audio_process_error": "Kļūda, apstrādājot audio: {{0}}",
+  "com_nav_auto_expand_tools": "Automātiski paplašināt rīka informāciju",
   "com_nav_auto_scroll": "Automātiski iet uz jaunāko ziņu, atverot sarunu",
   "com_nav_auto_send_prompts": "Automātiski sūtīt uzvednes",
+  "com_nav_auto_send_prompts_desc": "Automātiski iesniegt uzaicinājumu sarunai, kad tas ir atlasīts",
   "com_nav_auto_send_text": "Automātiski nosūtīt tekstu",
   "com_nav_auto_transcribe_audio": "Automātiski transkribēt audio",
   "com_nav_automatic_playback": "Automātiski atskaņot jaunāko ziņu",
@@ -480,7 +484,6 @@
   "com_nav_font_size_xl": "Īpaši liels",
   "com_nav_font_size_xs": "Īpaši mazs",
   "com_nav_help_faq": "Palīdzība un bieži uzdotie jautājumi",
-  "com_nav_hide_panel": "Slēpt labā sāna paneli",
   "com_nav_info_balance": "Bilance parāda, cik daudz tokenu kredītu jums ir atlicis izmantot. Tokenu kredīti tiek pārvērsti naudas vērtībā (piemēram, 1000 kredīti = 0,001 USD).",
   "com_nav_info_code_artifacts": "Iespējo eksperimentāla koda artefaktu rādīšanu blakus sarunai",
   "com_nav_info_code_artifacts_agent": "Iespējo koda artefaktu izmantošanu šim aģentam. Pēc noklusējuma tiek pievienotas papildu instrukcijas, kas attiecas uz artefaktu izmantošanu, ja vien nav iespējots \"Pielāgots uzvednes režīms\".",
@@ -582,7 +585,6 @@
   "com_nav_setting_speech": "Runa",
   "com_nav_settings": "Iestatījumi",
   "com_nav_shared_links": "Kopīgotās saites",
-  "com_nav_show_code": "Vienmēr rādīt kodu, izmantojot koda interpretētāju",
   "com_nav_show_thinking": "Pēc noklusējuma atvērt spriešanas sarakstu",
   "com_nav_slash_command": "/-Komanda",
   "com_nav_slash_command_description": "Ieslēgt komandu \"/\", lai atlasītu uzvedni izmantojot tastatūru",
@@ -639,6 +641,7 @@
   "com_ui_2fa_generate_error": "Ģenerējot divfaktoru autentifikācijas iestatījumus, radās kļūda.",
   "com_ui_2fa_invalid": "Nederīgs divfaktoru autentifikācijas kods",
   "com_ui_2fa_setup": "Iestatīt 2FA",
+  "com_ui_2fa_verification_required": "Ievadiet savu 2FA kodu, lai turpinātu",
   "com_ui_2fa_verified": "Divfaktoru autentifikācija veiksmīgi verificēta",
   "com_ui_accept": "Piekrītu",
   "com_ui_action_button": "Darbības poga",
@@ -648,6 +651,7 @@
   "com_ui_add_first_bookmark": "Noklikšķiniet uz sarunas, lai to pievienotu",
   "com_ui_add_first_mcp_server": "Izveidojiet savu pirmo MCP serveri, lai sāktu darbu",
   "com_ui_add_first_prompt": "Izveidojiet savu pirmo uzvedni, lai sāktu darbu",
+  "com_ui_add_labels": "Pievienot etiķetes",
   "com_ui_add_mcp": "Pievienot MCP",
   "com_ui_add_mcp_server": "Pievienot MCP serveri",
   "com_ui_add_model_preset": "Pievienot modeli vai iestatījumu papildu atbildei",
@@ -746,8 +750,10 @@
   "com_ui_at_least_one_owner_required": "Nepieciešams vismaz viens īpašnieks",
   "com_ui_attach_error": "Nevar pievienot failu. Izveidojiet vai atlasiet sarunu vai mēģiniet atsvaidzināt lapu.",
   "com_ui_attach_error_disabled": "Šim galapunktam failu augšupielāde ir atspējota.",
+  "com_ui_attach_error_limit": "Sasniegts failu ierobežojums:",
   "com_ui_attach_error_openai": "Nevar pievienot asistenta failus citiem galapunktiem",
   "com_ui_attach_error_size": "Galapunkta faila lieluma ierobežojums ir pārsniegts:",
+  "com_ui_attach_error_total_size": "Pārsniegts kopējais faila izmēra ierobežojums galapunktam:",
   "com_ui_attach_error_type": "Neatbalstīts faila tips galapunktam:",
   "com_ui_attach_remove": "Noņemt failu",
   "com_ui_attach_warn_endpoint": "Failus, kas nepieder asistentam, tiek ignorēti bez saderīga rīka.",
@@ -758,6 +764,7 @@
   "com_ui_authentication": "Autentifikācija",
   "com_ui_authentication_type": "Autentifikācijas veids",
   "com_ui_auto": "Auto",
+  "com_ui_available_options": "Pieejamās opcijas",
   "com_ui_avatar": "Avatars",
   "com_ui_azure": "Azure",
   "com_ui_azure_ad": "Azure Entra ID",
@@ -813,6 +820,7 @@
   "com_ui_clear_presets": "Notīrīt iestatījumus",
   "com_ui_clear_search": "Notīrīt meklēšanu",
   "com_ui_click_to_close": "Noklikšķiniet, lai aizvērtu",
+  "com_ui_click_to_edit": "Noklikšķiniet, lai rediģētu",
   "com_ui_click_to_view_var": "Noklikšķiniet, lai skatītu {{0}}",
   "com_ui_client_id": "Klienta ID",
   "com_ui_client_secret": "Klienta noslēpums",
@@ -824,9 +832,11 @@
   "com_ui_code": "Kods",
   "com_ui_collapse": "Sakļaut",
   "com_ui_collapse_chat": "Sakļaut sarunas logu",
+  "com_ui_collapse_summary": "Sakļaut kopsavilkumu",
   "com_ui_collapse_thoughts": "Sakļaut domas",
   "com_ui_command_placeholder": "Pēc izvēles: Ja tiks izmantota komanda uzvednei vai nosaukums, lūdzu ievadiet",
   "com_ui_command_usage_placeholder": "Atlasiet uzvedni pēc komandas vai nosaukuma",
+  "com_ui_complete": "Pabeigts!",
   "com_ui_complete_setup": "Pabeigt iestatīšanu",
   "com_ui_concise": "Kodolīgs",
   "com_ui_configure": "Konfigurēt",
@@ -842,10 +852,10 @@
   "com_ui_continue": "Turpināt",
   "com_ui_continue_oauth": "Turpināt ar OAuth",
   "com_ui_control_bar": "Vadības josla",
-  "com_ui_controls": "Pārvaldība",
   "com_ui_conversation": "saruna",
   "com_ui_conversation_label": "{{title}} saruna",
   "com_ui_conversation_not_found": "Saruna nav atrasta",
+  "com_ui_conversation_summarized": "Sarunas kopsavilkums",
   "com_ui_conversations": "sarunas",
   "com_ui_convo_archived": "Sarunas arhivētas",
   "com_ui_convo_delete_error": "Neizdevās izdzēst sarunu",
@@ -854,8 +864,10 @@
   "com_ui_copied_to_clipboard": "Kopēts starpliktuvē",
   "com_ui_copy": "Kopēt",
   "com_ui_copy_code": "Kopēt kodu",
+  "com_ui_copy_failed": "Neizdevās kopēt uz starpliktuvi",
   "com_ui_copy_link": "Kopēt saiti",
   "com_ui_copy_stack_trace": "Kopēt kļūdas informāciju",
+  "com_ui_copy_summary": "Kopēt kopsavilkumu uz starpliktuvi",
   "com_ui_copy_thoughts_to_clipboard": "Kopēt domas starpliktuvē",
   "com_ui_copy_to_clipboard": "Kopēt starpliktuvē",
   "com_ui_copy_url_to_clipboard": "URL kopēšana uz starpliktuvi",
@@ -926,11 +938,13 @@
   "com_ui_deleted": "Dzēsts",
   "com_ui_deleting": "Dzēš...",
   "com_ui_deleting_file": "Dzēšu failu...",
+  "com_ui_deploy": "Izvietot",
   "com_ui_descending": "Dilstošs",
   "com_ui_description": "Apraksts",
   "com_ui_description_placeholder": "Pēc izvēles: ievadiet aprakstu, kas jāparāda uzvednē",
   "com_ui_deselect_all": "Noņemt atlasi visam",
   "com_ui_detailed": "Detalizēta",
+  "com_ui_details": "Sīkāka informācija",
   "com_ui_disabling": "Atspējo...",
   "com_ui_done": "Pabeigts",
   "com_ui_download": "Lejupielādēt",
@@ -941,7 +955,6 @@
   "com_ui_download_error_logs": "Lejupielādēt kļūdu žurnālus",
   "com_ui_drag_drop": "Ievietojiet šeit jebkuru failu, lai pievienotu to sarunai",
   "com_ui_dropdown_variables": "Nolaižamās izvēlnes mainīgie:",
-  "com_ui_dropdown_variables_info": "Izveidojiet pielāgotas nolaižamās izvēlnes savām uzvednēm:{{variable_name:option1|option2|option3}}` (mainīgā_nosakums:opcija1|opcija2|opcija3)",
   "com_ui_duplicate": "Dublicēt",
   "com_ui_duplicate_agent": "Dublicēt aģentu",
   "com_ui_duplication_error": "Sarunas dublēšanas laikā radās kļūda.",
@@ -979,6 +992,7 @@
   "com_ui_expand_chat": "Izvērst sarunu",
   "com_ui_expand_thoughts": "Izvērst domas",
   "com_ui_export_convo_modal": "Eksportēt sarunas modālo logu",
+  "com_ui_failed": "Neveiksmīgi",
   "com_ui_feedback_more": "Vairāk...",
   "com_ui_feedback_more_information": "Sniegt papildu atsauksmes",
   "com_ui_feedback_negative": "Atbildei nepieciešami uzlabojumi",
@@ -999,6 +1013,7 @@
   "com_ui_feedback_tag_zero": "Cita problēma",
   "com_ui_field_max_length": "{{field}} jābūt mazākam par {{length}} rakstzīmēm",
   "com_ui_field_required": "Šis lauks ir obligāts",
+  "com_ui_file": "Fails",
   "com_ui_file_input_avatar_label": "Faila ievade avatāram",
   "com_ui_file_size": "Faila lielums",
   "com_ui_file_token_limit": "Failu tokenu ierobežojums",
@@ -1038,6 +1053,7 @@
   "com_ui_fork_visible": "Tikai redzamās ziņas",
   "com_ui_generate_qrcode": "Ģenerēt QR kodu",
   "com_ui_generating": "Ģenerē...",
+  "com_ui_generating_image": "Attēla ģenerēšana...",
   "com_ui_generation_settings": "Ģenerēšanas iestatījumi",
   "com_ui_getting_started": "Darba sākšana",
   "com_ui_global_group": "Nav rezultātu",
@@ -1063,6 +1079,7 @@
   "com_ui_image_details": "Attēla detaļas",
   "com_ui_image_edited": "Attēls rediģēts",
   "com_ui_image_gen": "Attēlu ģenerēšana",
+  "com_ui_image_gen_failed": "Attēlu ģenerēšana neizdevās",
   "com_ui_import": "Importēt",
   "com_ui_import_conversation_error": "Importējot jūsu sarunas, radās kļūda.",
   "com_ui_import_conversation_file_type_error": "Neatbalstīts importēšanas veids",
@@ -1076,10 +1093,11 @@
   "com_ui_instructions": "Instrukcijas",
   "com_ui_key": "Atslēga",
   "com_ui_key_required": "Nepieciešama API atslēga",
+  "com_ui_labels": "Etiķetes",
   "com_ui_last_used": "Pēdējais izmantotais",
   "com_ui_late_night": "Priecīgu vēlu nakti",
+  "com_ui_latest": "jaunākais",
   "com_ui_latest_footer": "Mākslīgais intelekts ikvienam.",
-  "com_ui_latest_production_version": "Jaunākā produkcijas versija",
   "com_ui_latest_version": "Jaunākā versija",
   "com_ui_leave_blank_to_keep": "Atstājiet tukšu, lai saglabātu esošo",
   "com_ui_librechat_code_api_key": "Iegūstiet savu LibreChat koda interpretatora API atslēgu",
@@ -1088,10 +1106,12 @@
   "com_ui_light_theme_enabled": "Ieslēgta gaišā tēma",
   "com_ui_link_copied": "Saite nokopēta",
   "com_ui_link_refreshed": "Saites atsvaidzināta",
+  "com_ui_live": "aktuālais",
   "com_ui_loading": "Notiek ielāde...",
   "com_ui_locked": "Bloķēts",
   "com_ui_logo": "{{0}} Logotips",
   "com_ui_low": "Zems",
+  "com_ui_make_production": "Producēt",
   "com_ui_manage": "Pārvaldīt",
   "com_ui_marketplace": "Katalogs",
   "com_ui_marketplace_allow_use": "Atļaut izmantot katalogu",
@@ -1185,10 +1205,12 @@
   "com_ui_my_prompts": "Manas uzvednes",
   "com_ui_name": "Vārds",
   "com_ui_name_sort": "Kārtot pēc nosaukuma",
+  "com_ui_navigate_results": "Pārskatīt rezultātus",
   "com_ui_new": "Jauns",
   "com_ui_new_chat": "Jauna saruna",
   "com_ui_new_conversation_title": "Jaunas sarunas nosaukums",
   "com_ui_next": "Nākamais",
+  "com_ui_next_result": "Nākamais rezultāts",
   "com_ui_no": "Nē",
   "com_ui_no_api_keys": "Vēl nav API atslēgu. Izveidojiet vienu, lai sāktu.",
   "com_ui_no_auth": "Nav autorizācijas",
@@ -1199,6 +1221,7 @@
   "com_ui_no_category": "Nav kategorijas",
   "com_ui_no_changes": "Izmaiņas netika veiktas",
   "com_ui_no_individual_access": "Aatsevišķiem lietotājiem vai grupām nav pieejas pie šī aģenta",
+  "com_ui_no_labels": "Nav etiķešu",
   "com_ui_no_mcp_servers": "Vēl nav MCP serveru",
   "com_ui_no_mcp_servers_match": "Jūsu filtram neatbilst neviens MCP serveris",
   "com_ui_no_memories": "Nav atmiņu. Izveidojiet tās manuāli vai palūdziet mākslīgajam intelektam kaut ko atcerēties.",
@@ -1232,7 +1255,11 @@
   "com_ui_open_var": "Atvērt {{0}}",
   "com_ui_openai": "OpenAI",
   "com_ui_optional": "(pēc izvēles)",
+  "com_ui_options": "opcijas",
+  "com_ui_output": "Izvade",
   "com_ui_page": "Lapa",
+  "com_ui_pagination": "Lapojums",
+  "com_ui_parameters": "Modeļa parametri",
   "com_ui_people": "cilvēki",
   "com_ui_people_picker": "Cilvēku atlasītājs",
   "com_ui_people_picker_allow_view_groups": "Atļaut skatīt grupas",
@@ -1244,11 +1271,17 @@
   "com_ui_pin": "Piespraust",
   "com_ui_preferences_updated": "Preferences veiksmīgi atjauninātas",
   "com_ui_prev": "Iepriekšējais",
+  "com_ui_prev_result": "Iepriekšējais rezultāts",
   "com_ui_preview": "Priekšskatījums",
+  "com_ui_preview_unavailable": "Priekšskatījums nav pieejams šim faila tipam",
   "com_ui_privacy_policy": "Privātuma politika",
   "com_ui_privacy_policy_url": "Privātuma politika web adrese",
+  "com_ui_production": "Produkcija",
   "com_ui_prompt": "Uzvedne",
-  "com_ui_prompt_deleted": "{{0}} dzēsts",
+  "com_ui_prompt_category_selector_aria": "Uzvednes kategorijas atlasītājs",
+  "com_ui_prompt_delete_confirm": "Vai esat pārliecināts, ka vēlaties dzēst '{{0}}' uzvedni?",
+  "com_ui_prompt_deleted_group": "Uzvednes grupa \"{{0}}\" dzēsta",
+  "com_ui_prompt_details": "{{name}} uzvednes informācija",
   "com_ui_prompt_group_button": "{{name}} uzvedne, {{category}} kategorija",
   "com_ui_prompt_group_button_no_category": "{{name}} uzvedne.",
   "com_ui_prompt_groups": "Uzvedņu grupu saraksts",
@@ -1257,9 +1290,11 @@
   "com_ui_prompt_name": "Uzvednes nosaukums",
   "com_ui_prompt_name_required": "Uzvednes nosaukums ir obligāts",
   "com_ui_prompt_preview_not_shared": "Autors nav atļāvis sadarbību šajā uzvednē.",
+  "com_ui_prompt_renamed": "Uzvedne veiksmīgi pārdēvēta",
   "com_ui_prompt_text": "Teksts",
   "com_ui_prompt_text_required": "Teksts ir obligāts",
   "com_ui_prompt_update_error": "Atjauninot uzvedni, radās kļūda.",
+  "com_ui_prompt_variables_list": "Uzvednes mainīgo saraksts",
   "com_ui_prompts": "Uzvednes",
   "com_ui_prompts_allow_create": "Atļaut uzvedņu izveidi",
   "com_ui_prompts_allow_share": "Atļaut kopīgošanas uzvednes",
@@ -1281,6 +1316,7 @@
   "com_ui_regenerating": "Atjaunojas...",
   "com_ui_region": "Reģions",
   "com_ui_reinitialize": "Reinicializēt",
+  "com_ui_relevance": "Atbilstība",
   "com_ui_remote_access": "Attālinātā piekļuve",
   "com_ui_remote_agent_role_editor": "Redaktors",
   "com_ui_remote_agent_role_editor_desc": "Var skatīt un modificēt aģentu, izmantojot API",
@@ -1310,6 +1346,7 @@
   "com_ui_result": "Rezultāts",
   "com_ui_result_found": "{{count}} atrasts rezultāts",
   "com_ui_results_found": "{{count}} atrasti rezultāti",
+  "com_ui_retrieved_files": "Jūsu atrastie faili",
   "com_ui_retry": "Mēģināt vēlreiz",
   "com_ui_revoke": "Atcelt",
   "com_ui_revoke_info": "Atcelt visus lietotāja sniegtos lietotāja datus",
@@ -1334,6 +1371,7 @@
   "com_ui_rotate_90": "Pagriezt par 90 grādiem",
   "com_ui_run_code": "Palaist kodu",
   "com_ui_run_code_error": "Radās kļūda, izpildot kodu",
+  "com_ui_running": "Strādā...",
   "com_ui_save": "Saglabāt",
   "com_ui_save_badge_changes": "Vai saglabāt emblēmas izmaiņas?",
   "com_ui_save_changes": "Saglabāt izmaiņas",
@@ -1351,6 +1389,9 @@
   "com_ui_search_agent_category": "Meklēt kategorijas...",
   "com_ui_search_default_placeholder": "Meklēt pēc vārda vai e-pasta adreses (vismaz 2 rakstu zīmes)",
   "com_ui_search_people_placeholder": "Meklēt personas vai grupas pēc vārda vai e-pasta adreses",
+  "com_ui_search_result_count": "{{count}} atrasts rezultāts",
+  "com_ui_search_results_count": "{{count}} Atrastie rezultāti",
+  "com_ui_searching_files": "Meklē jūsu failos",
   "com_ui_seconds": "sekundes",
   "com_ui_secret_key": "Slepenā atslēga",
   "com_ui_select": "Atlasīt",
@@ -1386,23 +1427,28 @@
   "com_ui_show_all": "Rādīt visu",
   "com_ui_show_code": "Rādīt kodu",
   "com_ui_show_image_details": "Rādīt attēla detaļas",
+  "com_ui_show_less": "Rādīt mazāk",
+  "com_ui_show_more": "Rādīt vairāk",
   "com_ui_show_password": "Rādīt paroli",
   "com_ui_show_qr": "Rādīt QR kodu",
   "com_ui_sign_in_to_domain": "Pierakstīties {{0}}",
   "com_ui_simple": "Uzstādījumi",
   "com_ui_size": "Izmērs",
   "com_ui_size_sort": "Atlasīt pēc izmēra",
+  "com_ui_special": "īpašs",
   "com_ui_special_var_current_date": "Pašreizējais datums",
   "com_ui_special_var_current_datetime": "Pašreizējais datums un laiks",
   "com_ui_special_var_current_user": "Pašreizējais lietotājs",
+  "com_ui_special_var_desc_current_date": "Šodienas datums un nedēļas diena",
+  "com_ui_special_var_desc_current_datetime": "Lokālais datums un laiks jūsu laika joslā",
+  "com_ui_special_var_desc_current_user": "Jūsu konta uzrādītais nosaukums",
+  "com_ui_special_var_desc_iso_datetime": "UTC datuma laiks ISO 8601 formātā",
   "com_ui_special_var_iso_datetime": "UTC ISO datums un laiks",
   "com_ui_special_variable_added": "{{0}} pievienots īpašs mainīgais.",
   "com_ui_special_variables": "Īpašie mainīgie:",
-  "com_ui_special_variables_more_info": "Nolaižamajā izvēlnē varat atlasīt īpašos mainīgos:{{current_date}}` (šodienas datums un nedēļas diena), `{{current_datetime}}` (vietējais datums un laiks), `{{utc_iso_datetime}}` (UTC ISO datums/laiks) un `{{current_user}} (jūsu lietotāja vārds).",
   "com_ui_speech_not_supported": "Jūsu pārlūkprogramma neatbalsta runas atpazīšanu",
   "com_ui_speech_not_supported_use_external": "Jūsu pārlūkprogramma neatbalsta runas atpazīšanu. Mēģiniet pārslēgties uz ārējo STT sadaļā Iestatījumi > Runa.",
   "com_ui_speech_while_submitting": "Nevar nosūtīt runu, kamēr tiek ģenerēta atbilde.",
-  "com_ui_sr_actions_menu": "Atvērt darbību izvēlni priekš \"{{0}}\"",
   "com_ui_sr_global_prompt": "Globālā uzvedņu grupa",
   "com_ui_stack_trace": "Steka izsekošana",
   "com_ui_status_prefix": "Statuss:",
@@ -1410,6 +1456,7 @@
   "com_ui_storage": "Uzglabāšana",
   "com_ui_storage_filter_sort": "Filtrēt un kārtot pēc datu krātuves",
   "com_ui_submit": "Nosūtīt",
+  "com_ui_summarizing": "Apkopo...",
   "com_ui_support_contact": "Atbalsta kontaktinformācija",
   "com_ui_support_contact_email": "E-pasts",
   "com_ui_support_contact_email_invalid": "Lūdzu, ievadiet derīgu e-pasta adresi",
@@ -1421,6 +1468,7 @@
   "com_ui_temporary": "Pagaidu saruna",
   "com_ui_terms_and_conditions": "Noteikumi un nosacījumi",
   "com_ui_terms_of_service": "Pakalpojumu sniegšanas noteikumi",
+  "com_ui_text_variables": "Teksta mainīgie",
   "com_ui_thinking": "Domā...",
   "com_ui_thoughts": "Spriešana",
   "com_ui_toggle_theme": "Pārslēgt tēmu",
@@ -1429,8 +1477,15 @@
   "com_ui_token_url": "Tokena URL",
   "com_ui_tokens": "tokeni",
   "com_ui_tool_collection_prefix": "Rīku kolekcija no",
+  "com_ui_tool_failed": "neizdevās",
   "com_ui_tool_list_collapse": "Sakļaut {{serverName}} rīku sarakstu",
   "com_ui_tool_list_expand": "Izvērst {{serverName}} rīku sarakstu",
+  "com_ui_tool_name_code": "Kods",
+  "com_ui_tool_name_code_analysis": "Koda analīze",
+  "com_ui_tool_name_file_search": "Meklēšana dokumentos",
+  "com_ui_tool_name_image_edit": "Attēlu rediģēšana",
+  "com_ui_tool_name_image_gen": "Attēlu ģenerēšana",
+  "com_ui_tool_name_web_search": "Meklēšana tīmeklī",
   "com_ui_tools": "Rīki",
   "com_ui_tools_and_actions": "Rīki un darbības",
   "com_ui_transferred_to": "Pāradresēts uz",
@@ -1439,7 +1494,6 @@
   "com_ui_try_adjusting_search": "Mēģiniet pielāgot meklēšanas vaicājumus",
   "com_ui_ui_resource_error": "Lietotāja saskarnes resursa kļūda ({{0}})",
   "com_ui_ui_resource_not_found": "UI Resurss nav atrasts (indekss: {{0}})",
-  "com_ui_ui_resources": "Lietotāja saskarnes resursi",
   "com_ui_unarchive": "Atarhivēt",
   "com_ui_unarchive_conversation": "Atarhivēt sarunu",
   "com_ui_unarchive_error": "Neizdevās atarhivēt sarunu",
@@ -1475,16 +1529,19 @@
   "com_ui_use_backup_code": "Izmantojiet rezerves kodu",
   "com_ui_use_memory": "Izmantot atmiņu",
   "com_ui_use_micrphone": "Izmantot mikrofonu",
+  "com_ui_use_prompt": "Izmantot uzvedni",
   "com_ui_used": "Lietots",
+  "com_ui_used_n_tools": "Lietoti {{0}} rīki",
   "com_ui_user": "Lietotājs",
   "com_ui_user_group_permissions": "Lietotāju un grupu atļaujas",
   "com_ui_user_provides_key": "Katrs lietotājs nodrošina savu atslēgu",
   "com_ui_value": "Vērtība",
+  "com_ui_variable_with_options": "{{name}} mainīgais ar {{count}} opcijām",
   "com_ui_variables": "Mainīgie",
-  "com_ui_variables_info": "Mainīgo veidošanai tekstā izmantot dubultās iekavas, piemēram, `{{example variable}}` (mainīgā piemērs), lai vēlāk aizpildītu, izmantojot uzvedni.",
   "com_ui_verify": "Pārbaudīt",
   "com_ui_version_var": "Versija {{0}}",
   "com_ui_versions": "Versijas",
+  "com_ui_via_server": "vietnē {{0}}",
   "com_ui_view_memory": "Skatīt atmiņu",
   "com_ui_web_search": "Meklēšana tīmeklī",
   "com_ui_web_search_cohere_key": "Ievadiet Cohere API atslēgu",
@@ -1510,6 +1567,9 @@
   "com_ui_web_search_scraper_serper_key": "Iegūst savu Serper API atslēgu",
   "com_ui_web_search_searxng_api_key": "Ievadiet SearXNG API atslēgu (pēc izvēles)",
   "com_ui_web_search_searxng_instance_url": "SearXNG Instance URL",
+  "com_ui_web_search_source": "{{count}} avots",
+  "com_ui_web_search_sources": "{{count}} avoti",
+  "com_ui_web_searched": "Meklēja tīmeklī",
   "com_ui_web_searching": "Meklēšana tīmeklī",
   "com_ui_web_searching_again": "Vēlreiz meklē tīmeklī",
   "com_ui_weekend_morning": "Priecīgu nedēļas nogali",
diff --git a/client/src/locales/nb/translation.json b/client/src/locales/nb/translation.json
index f5b1943b39..a865e6c57a 100644
--- a/client/src/locales/nb/translation.json
+++ b/client/src/locales/nb/translation.json
@@ -100,7 +100,6 @@
   "com_agents_start_chat": "Start samtale",
   "com_agents_top_picks": "Toppvalg",
   "com_agents_update_error": "Det oppstod en feil under oppdatering av agenten.",
-  "com_assistants_action_attempt": "Assistenten vil snakke med {{0}}",
   "com_assistants_actions": "Handlinger",
   "com_assistants_actions_disabled": "Du må opprette en assistent før du kan legge til handlinger.",
   "com_assistants_actions_info": "La assistenten hente informasjon eller utføre handlinger via API-er.",
@@ -110,7 +109,6 @@
   "com_assistants_allow_sites_you_trust": "Tillat kun nettsteder du stoler på.",
   "com_assistants_append_date": "Legg til gjeldende dato og tid",
   "com_assistants_append_date_tooltip": "Når aktivert, vil gjeldende dato og tid bli lagt til i assistentens systeminstruksjoner.",
-  "com_assistants_attempt_info": "Assistenten ønsker å sende følgende:",
   "com_assistants_available_actions": "Tilgjengelige handlinger",
   "com_assistants_capabilities": "Funksjoner",
   "com_assistants_code_interpreter": "Kodetolk",
@@ -125,7 +123,6 @@
   "com_assistants_delete_actions_error": "Det oppstod en feil under sletting av handlingen.",
   "com_assistants_delete_actions_success": "Handlingen ble slettet fra assistenten.",
   "com_assistants_description_placeholder": "Valgfritt: Beskriv assistenten din her.",
-  "com_assistants_domain_info": "Assistenten sendte denne informasjonen til {{0}}.",
   "com_assistants_file_search": "Filsøk",
   "com_assistants_file_search_info": "Med filsøk får assistenten kunnskap fra filene du laster opp. Assistenten henter automatisk relevant innhold fra filene basert på det du spør om. Foreløpig støttes ikke tilkobling av vektorlagre for filsøk. Du kan imidlertid koble dem til via leverandørens utviklerverktøy, eller legge ved filer direkte i meldinger for å bruke filsøk i en spesifikk samtale.",
   "com_assistants_function_use": "Assistenten brukte {{0}}",
@@ -287,7 +284,6 @@
   "com_endpoint_message_not_appendable": "Rediger meldingen din eller regenerer.",
   "com_endpoint_my_preset": "Min forhåndsinnstilling",
   "com_endpoint_no_presets": "Ingen forhåndsinnstillinger ennå. Bruk innstillingsknappen for å lage en.",
-  "com_endpoint_open_menu": "Åpne meny",
   "com_endpoint_openai_custom_name_placeholder": "Angi et egendefinert navn for KI-en",
   "com_endpoint_openai_detail": "Oppløsningen for Vision-forespørsler. \"Lav\" er billigere og raskere, \"Høy\" er mer detaljert og dyrere, og \"Auto\" velger automatisk basert på bildeoppløsningen.",
   "com_endpoint_openai_freq": "Tall mellom -2.0 og 2.0. Positive verdier straffer nye tokens basert på deres frekvens i teksten så langt, noe som reduserer sannsynligheten for at modellen gjentar seg ordrett.",
@@ -477,7 +473,6 @@
   "com_nav_font_size_xl": "Ekstra stor",
   "com_nav_font_size_xs": "Ekstra liten",
   "com_nav_help_faq": "Hjelp og vanlige spørsmål",
-  "com_nav_hide_panel": "Skjul høyre sidepanel",
   "com_nav_info_balance": "Saldoen viser hvor mange token-kreditter du har igjen. Token-kreditter oversettes til pengeverdi (f.eks. 1000 kreditter = $0.001 USD).",
   "com_nav_info_code_artifacts": "Aktiverer visning av eksperimentelle kodeartefakter ved siden av samtalen.",
   "com_nav_info_code_artifacts_agent": "Aktiverer bruk av kodeartefakter for denne agenten. Som standard legges det til tilleggsinstruksjoner for bruk av artefakter, med mindre \"Egendefinert prompt-modus\" er aktivert.",
@@ -579,7 +574,6 @@
   "com_nav_setting_speech": "Tale",
   "com_nav_settings": "Innstillinger",
   "com_nav_shared_links": "Delte lenker",
-  "com_nav_show_code": "Vis alltid kode ved bruk av kodetolk",
   "com_nav_show_thinking": "Åpne tenke-nedtrekksmenyer som standard",
   "com_nav_slash_command": "/-kommando",
   "com_nav_slash_command_description": "Veksle kommandoen \"/\" for å velge en prompt via tastaturet.",
@@ -839,7 +833,6 @@
   "com_ui_continue": "Fortsett",
   "com_ui_continue_oauth": "Fortsett med OAuth",
   "com_ui_control_bar": "Kontroller bar",
-  "com_ui_controls": "Kontroller",
   "com_ui_conversation": "samtale",
   "com_ui_conversation_label": "{{tittel}} samtale",
   "com_ui_conversations": "samtaler",
@@ -937,7 +930,6 @@
   "com_ui_download_error_logs": "Last ned feillogger",
   "com_ui_drag_drop": "Dra og slipp fil(er) her, eller klikk for å velge.",
   "com_ui_dropdown_variables": "Nedtrekksvariabler:",
-  "com_ui_dropdown_variables_info": "Opprett egendefinerte nedtrekksmenyer for promptene dine: `{{variabelnavn:valg1|valg2|valg3}}`",
   "com_ui_duplicate": "Dupliser",
   "com_ui_duplicate_agent": "Dupliser Agent",
   "com_ui_duplication_error": "Det oppstod en feil under duplisering av samtalen.",
@@ -1073,7 +1065,6 @@
   "com_ui_last_used": "Sist brukt",
   "com_ui_late_night": "God senkveld",
   "com_ui_latest_footer": "Én KI for alle.",
-  "com_ui_latest_production_version": "Siste produksjonsversjon",
   "com_ui_latest_version": "Siste versjon",
   "com_ui_leave_blank_to_keep": "La stå tomt for å beholde eksisterende",
   "com_ui_librechat_code_api_key": "Få din LibreChat Kodetolk API-nøkkel",
@@ -1290,9 +1281,7 @@
   "com_ui_special_var_current_user": "Gjeldende bruker",
   "com_ui_special_var_iso_datetime": "UTC ISO-dato/tid",
   "com_ui_special_variables": "Spesielle variabler:",
-  "com_ui_special_variables_more_info": "Du kan bruke spesielle variabler: `{{current_date}}` (dagens dato), `{{current_datetime}}` (lokal dato og tid), `{{utc_iso_datetime}}` (UTC ISO-dato/tid), og `{{current_user}}` (ditt kontonavn).",
   "com_ui_speech_while_submitting": "Kan ikke sende inn tale mens et svar genereres.",
-  "com_ui_sr_actions_menu": "Åpne handlingsmeny for «{{0}}»",
   "com_ui_stop": "Stopp",
   "com_ui_storage": "Lagring",
   "com_ui_submit": "Send inn",
@@ -1350,7 +1339,6 @@
   "com_ui_user_group_permissions": "Bruker- og gruppetillatelser",
   "com_ui_value": "Verdi",
   "com_ui_variables": "Variabler",
-  "com_ui_variables_info": "Bruk doble klammeparenteser i teksten din for å lage variabler, f.eks. `{{eksempelvariabel}}`, som du kan fylle ut senere.",
   "com_ui_verify": "Bekreft",
   "com_ui_version_var": "Versjon {{0}}",
   "com_ui_versions": "Versjoner",
diff --git a/client/src/locales/nl/translation.json b/client/src/locales/nl/translation.json
index da689e6981..bf2b37cd00 100644
--- a/client/src/locales/nl/translation.json
+++ b/client/src/locales/nl/translation.json
@@ -3,11 +3,13 @@
   "chat_direction_right_to_left": "Rechts naar links",
   "com_a11y_ai_composing": "De AI is nog bezig met het formuleren van een antwoord.",
   "com_a11y_end": "De AI is klaar met het antwoord.",
+  "com_a11y_selected": "geselecteerd",
   "com_a11y_start": "De AI is begonnen met antwoorden.",
   "com_agents_agent_card_label": "{{name}} agent. {{description}}",
   "com_agents_all": "Alle Agents",
   "com_agents_all_category": "Alle",
   "com_agents_all_description": "Bekijk alle gedeelde agents in alle categorieën",
+  "com_agents_avatar_upload_error": "Opladen van agent avatar mislukt",
   "com_agents_by_librechat": "door LibreChat",
   "com_agents_category_aftersales": "After Sales",
   "com_agents_category_aftersales_description": "Agents gespecialiseerd in ondersteuning na verkoop, onderhoud en klantenservice",
@@ -26,6 +28,7 @@
   "com_agents_category_sales_description": "Agents gericht op verkoopprocessen en klantrelaties",
   "com_agents_category_tab_label": "{{category}} categorie, {{position}} of {{total}}",
   "com_agents_category_tabs_label": "Agentcategorieën",
+  "com_agents_chat_with": "Chat Met {{name}}",
   "com_agents_clear_search": "Zoekopdracht wissen",
   "com_agents_code_interpreter": "Indien ingeschakeld, kan je agent de LibreChat Code Interpreter API gebruiken om gegenereerde code, inclusief het verwerken van bestanden, veilig uit te voeren. Vereist een geldige API-sleutel.",
   "com_agents_code_interpreter_title": "Code Interpreter API",
@@ -53,7 +56,9 @@
   "com_agents_error_server_title": "Serverfout",
   "com_agents_error_timeout_suggestion": "Controleer je internetverbinding en probeer het opnieuw.",
   "com_agents_error_title": "Er is iets misgegaan",
+  "com_agents_file_context_description": "Bestanden die opgeladen zijn als \"Context\" worden als tekst verwerkt en gebruikt als aanvulling op de instructies voor de Agent. Dit proces wordt gebruikt om tekst te extraheren als OCR beschikbaar is of als dit bestandstype ondersteund is. Ideaal voor documenten, afbeeldingen met tekst, of PDF bestanden waaruit je de volledige tekstinhoud nodig hebt.",
   "com_agents_file_context_disabled": "Agent moet worden aangemaakt voordat bestanden worden geüpload voor File Context",
+  "com_agents_file_context_label": "Bestandscontext",
   "com_agents_file_search_disabled": "Maak eerst een Agent aan voordat je bestanden uploadt voor File Search.",
   "com_agents_file_search_info": "Als deze functie is ingeschakeld, krijgt de agent informatie over de exacte bestandsnamen die hieronder staan vermeld, zodat deze relevante context uit deze bestanden kan ophalen.",
   "com_agents_instructions_placeholder": "De systeeminstructies die de agent gebruikt",
@@ -84,7 +89,6 @@
   "com_agents_search_placeholder": "Agenten zoeken...",
   "com_agents_see_more": "Bekijk meer",
   "com_agents_update_error": "Er is een fout opgetreden bij het updaten van je agent.",
-  "com_assistants_action_attempt": "Assistent wil praten met {{0}}",
   "com_assistants_actions": "Actions",
   "com_assistants_actions_disabled": "Maak een assistent aan voordat je actions toevoegt.",
   "com_assistants_actions_info": "Laat je Assistent informatie ophalen of acties uitvoeren via API’s",
@@ -94,7 +98,6 @@
   "com_assistants_allow_sites_you_trust": "Sta alleen sites toe die je vertrouwt",
   "com_assistants_append_date": "Voeg huidige datum & tijd toe",
   "com_assistants_append_date_tooltip": "Wanneer ingeschakeld, worden de huidige datum en tijd van de client toegevoegd aan de systeeminstructies van de assistent.",
-  "com_assistants_attempt_info": "Assistent wil het volgende sturen:",
   "com_assistants_available_actions": "Beschikbare Acties",
   "com_assistants_capabilities": "Mogelijkheden",
   "com_assistants_code_interpreter": "Code Interpreter",
@@ -109,7 +112,6 @@
   "com_assistants_delete_actions_error": "Er was een error bij het verwijderen van de actie",
   "com_assistants_delete_actions_success": "Succesvol een actie verwijderd van Assistent",
   "com_assistants_description_placeholder": "Optioneel: Beschrijf jouw Assistant hier",
-  "com_assistants_domain_info": "Assistant heeft deze informatie verstuurd naar {{0}}",
   "com_assistants_file_search": "Zoeken naar bestanden",
   "com_assistants_file_search_info": "Met bestandszoekopdrachten krijgt de assistent kennis van bestanden die u of uw gebruikers uploaden. Zodra een bestand is geüpload, beslist de assistent automatisch wanneer de content moet worden opgehaald op basis van gebruikersverzoeken. Het toevoegen van vectoropslag voor bestandszoekopdrachten wordt nog niet ondersteund. U kunt ze toevoegen vanuit de Provider Playground of bestanden toevoegen aan berichten voor bestandszoekopdrachten op basis van een thread.",
   "com_assistants_function_use": "Assistent gebruikt {{0}}",
@@ -129,6 +131,7 @@
   "com_assistants_update_actions_success": "Actie succesvol aangemaakt of bijgewerkt",
   "com_assistants_update_error": "Er is een fout opgetreden bij het bijwerken van uw assistent.",
   "com_assistants_update_success": "Succesvol bijgewerkt",
+  "com_assistants_update_success_name": "{{name}} met succes bijgewerkt",
   "com_auth_already_have_account": "Heb je al een account?",
   "com_auth_apple_login": "Aanmelden met Apple",
   "com_auth_back_to_login": "Terug naar Inloggen",
@@ -206,6 +209,7 @@
   "com_endpoint_agent": "Agent",
   "com_endpoint_agent_placeholder": "Selecteer een Agent",
   "com_endpoint_ai": "AI",
+  "com_endpoint_anthropic_effort": "Bepaalt hoeveel rekenkracht Claude toepast. Een lagere inspanning bespaart tokens en vermindert de latentie; een hogere inspanning levert grondigere antwoorden op. 'Max' maakt de diepste redenering mogelijk (alleen Opus 4.6).",
   "com_endpoint_anthropic_maxoutputtokens": "Maximum aantal tokens dat kan worden gegenereerd in de reactie. Geef een lagere waarde op voor kortere reacties en een hogere waarde voor langere reacties.",
   "com_endpoint_anthropic_prompt_cache": "Promptcaching maakt het mogelijk om een grote context of instructies opnieuw te gebruiken bij API-aanroepen, wat kosten en vertraging vermindert.",
   "com_endpoint_anthropic_temp": "Varieert van 0 tot 1. Gebruik een lagere temp voor analytische / meerkeuze taken en een hogere temp voor creatieve en generatieve taken. We raden aan dit of Top P te wijzigen, maar niet beide.",
@@ -215,6 +219,7 @@
   "com_endpoint_anthropic_topp": "Top-p verandert hoe het model tokens selecteert voor uitvoer. Tokens worden geselecteerd van meest K (zie topK-parameter) waarschijnlijk tot minst waarschijnlijk totdat de som van hun kansen gelijk is aan de top-p-waarde.",
   "com_endpoint_assistant": "Assistent",
   "com_endpoint_assistant_model": "Assistent Model",
+  "com_endpoint_bedrock_reasoning_effort": "Regelt het redeneerniveau voor ondersteunde Bedrock-modellen (bijv. Kimi K2.5, GLM). Hogere niveaus leiden tot een dieper redeneren ten koste van een hogere latentie en tokens.",
   "com_endpoint_config_click_here": "Klik Hier",
   "com_endpoint_config_google_api_key": "Google API Key",
   "com_endpoint_config_google_cloud_platform": "(van Google Cloud Platform)",
@@ -244,6 +249,7 @@
   "com_endpoint_default_with_num": "standaard: {{0}}",
   "com_endpoint_disable_streaming": "Schakel streaming van antwoorden uit en ontvang het volledige antwoord in één keer. Handig voor modellen zoals o3 die organisatieverificatie vereisen voor streaming",
   "com_endpoint_disable_streaming_label": "Streaming uitschakelen",
+  "com_endpoint_effort": "Inspanning",
   "com_endpoint_examples": " Voorinstellingen",
   "com_endpoint_export": "Exporteren",
   "com_endpoint_export_share": "Exporteer/Deel",
@@ -251,13 +257,15 @@
   "com_endpoint_google_custom_name_placeholder": "Stel een aangepaste naam in voor Google",
   "com_endpoint_google_maxoutputtokens": "Maximum aantal tokens dat kan worden gegenereerd in de reactie. Geef een lagere waarde op voor kortere reacties en een hogere waarde voor langere reacties.",
   "com_endpoint_google_temp": "Hogere waarden = meer willekeurig, terwijl lagere waarden = meer gericht en deterministisch. We raden aan dit of Top P te wijzigen, maar niet beide.",
+  "com_endpoint_google_thinking_level": "Regelt de redeneerdiepte voor Gemini 3 en latere modellen. Heeft geen effect op Gemini 2.5 en ouder - gebruik hiervoor Thinking Budget.\n\nLaat op Auto staan om de modelstandaard te gebruiken.",
   "com_endpoint_google_topk": "Top-k verandert hoe het model tokens selecteert voor uitvoer. Een top-k van 1 betekent dat het geselecteerde token het meest waarschijnlijk is van alle tokens in de vocabulaire van het model (ook wel 'greedy decoding' genoemd), terwijl een top-k van 3 betekent dat het volgende token wordt geselecteerd uit de 3 meest waarschijnlijke tokens (met behulp van temperatuur).",
   "com_endpoint_google_topp": "Top-p verandert hoe het model tokens selecteert voor uitvoer. Tokens worden geselecteerd van meest K (zie topK-parameter) waarschijnlijk tot minst waarschijnlijk totdat de som van hun kansen gelijk is aan de top-p-waarde.",
+  "com_endpoint_instructions_assistants": "Instructies terzijde schuiven",
   "com_endpoint_max_output_tokens": "Max. uitvoertokens",
   "com_endpoint_message": "Bericht",
+  "com_endpoint_message_new": "Bericht {{0}}",
   "com_endpoint_my_preset": "Mijn voorinstelling",
   "com_endpoint_no_presets": "Nog geen voorinstellingen, gebruik de instellingenknop om er een te maken",
-  "com_endpoint_open_menu": "Open menu",
   "com_endpoint_openai_custom_name_placeholder": "Stel een aangepaste naam in voor ChatGPT",
   "com_endpoint_openai_freq": "Getal tussen -2,0 en 2,0. Positieve waarden straffen nieuwe tokens op basis van hun bestaande frequentie in de tekst tot nu toe, waardoor de kans dat het model dezelfde regel letterlijk herhaalt, afneemt.",
   "com_endpoint_openai_max": "Het max. aantal tokens dat kan worden gegenereerd. De totale lengte van invoer-tokens en gegenereerde tokens is beperkt door de contextlengte van het model.",
@@ -267,29 +275,58 @@
   "com_endpoint_openai_temp": "Hogere waarden = meer willekeurig, terwijl lagere waarden = meer gericht en deterministisch. We raden aan dit of Top P te wijzigen, maar niet beide.",
   "com_endpoint_openai_topp": "Een alternatief voor sampling met temperatuur, genaamd nucleus sampling, waarbij het model de resultaten van de tokens met de top_p waarschijnlijkheidsmassa in overweging neemt. Dus 0,1 betekent dat alleen de tokens die de bovenste 10% waarschijnlijkheidsmassa omvatten, in overweging worden genomen. We raden aan dit of temperatuur te wijzigen, maar niet beide.",
   "com_endpoint_output": "Uitvoer",
+  "com_endpoint_plug_resend_files": "Bestanden opnieuw verzenden",
   "com_endpoint_presence_penalty": "Aanwezigheidsstraf",
   "com_endpoint_preset": "voorinstelling",
+  "com_endpoint_preset_default_item": "Standaard:",
+  "com_endpoint_preset_delete_success": "Preset met succes verwijderd",
+  "com_endpoint_preset_import": "Preset geïmporteerd!",
   "com_endpoint_preset_name": "Naam voorinstelling",
   "com_endpoint_preset_selected": "Voorinstelling actief!",
+  "com_endpoint_preset_selected_title": "Actief!",
   "com_endpoint_presets": "voorinstellingen",
   "com_endpoint_presets_clear_warning": "Weet u zeker dat u alle voorinstellingen wilt wissen? Dit is onomkeerbaar.",
   "com_endpoint_prompt_prefix": "Prompt-voorvoegsel",
+  "com_endpoint_prompt_prefix_assistants": "Extra Instructies",
   "com_endpoint_prompt_prefix_placeholder": "Stel aangepaste instructies of context in. Wordt genegeerd indien leeg.",
+  "com_endpoint_reasoning_effort": "Redeneringsinspanning",
   "com_endpoint_save_as_preset": "Opslaan als voorinstelling",
+  "com_endpoint_search_models": "Zoek modellen...",
   "com_endpoint_set_custom_name": "Stel een aangepaste naam in, voor het geval je deze voorinstelling kunt vinden",
+  "com_endpoint_stop_placeholder": "Scheid waarden door met behulp van `Enter`",
   "com_endpoint_temperature": "Temperatuur",
+  "com_endpoint_thinking_level": "Denkniveau",
   "com_endpoint_top_k": "Top K",
   "com_endpoint_top_p": "Top P",
+  "com_error_files_empty": "Lege bestanden zijn niet toegestaan.",
+  "com_error_files_upload_too_large": "Het bestand is te groot. Laad een bestand op van maximaal {{0}} MB",
+  "com_error_refusal": "Antwoord geweigerd door veiligheidsfilters. Herschrijf je bericht en probeer opnieuw. Als je dit regelmatig tegenkomt tijdens het gebruik van Claude Sonnet 4.5 of Opus 4.1, kun je Sonnet 4 proberen, dat andere gebruiksbeperkingen heeft.",
+  "com_file_pages": "Pagina's: {{pages}}",
+  "com_file_source": "Bestand",
+  "com_file_unknown": "Onbekend bestand",
+  "com_files_download_failed": "{{0}} bestanden mislukt",
+  "com_files_download_progress": "{{0}} van {{1}} bestanden",
+  "com_files_filter_by": "Filter bestanden op...",
+  "com_files_no_results": "Geen resultaten.",
+  "com_files_result_found": "{{count}} resultaat gevonden",
+  "com_files_results_found": "{{count}} resultaten gevonden",
+  "com_files_upload_local_machine": "Van lokale computer",
+  "com_generated_files": "Gegenereerde bestanden:",
+  "com_nav_account_settings": "Accountinstellingen",
   "com_nav_archive_created_at": "Gemaakt op",
   "com_nav_archive_name": "Naam",
   "com_nav_archived_chats": "Gearchiveerde chats",
   "com_nav_auto_scroll": "Automatisch scrollen naar Nieuwste bij openen",
   "com_nav_balance": "Evenwicht",
+  "com_nav_balance_interval": "Interval:",
+  "com_nav_chat_direction_selected": "Chatrichting: {{direction}}",
   "com_nav_clear_all_chats": "Alle chats wissen",
   "com_nav_clear_conversation": "Conversaties wissen",
   "com_nav_clear_conversation_confirm_message": "Weet u zeker dat u alle conversaties wilt wissen? Dit is onomkeerbaar.",
   "com_nav_close_sidebar": "Zijbalk sluiten",
   "com_nav_confirm_clear": "Wissen bevestigen",
+  "com_nav_control_panel": "Bedieningspaneel",
+  "com_nav_default_temporary_chat": "Tijdelijke Chatmodus is standaard",
   "com_nav_export": "Exporteren",
   "com_nav_export_all_message_branches": "Alle berichtvertakkingen exporteren",
   "com_nav_export_conversation": "Conversatie exporteren",
@@ -301,6 +338,8 @@
   "com_nav_export_type": "Type",
   "com_nav_font_size": "Lettertypegrootte",
   "com_nav_help_faq": "Help & FAQ",
+  "com_nav_info_default_temporary_chat": "Als deze optie is ingeschakeld, starten nieuwe chats standaard met een tijdelijke chatmodus geactiveerd. Tijdelijke chats worden niet bewaard in je geschiedenis.",
+  "com_nav_keep_screen_awake": "Houd het scherm actief tijdens het genereren van reacties",
   "com_nav_lang_arabic": "العربية",
   "com_nav_lang_auto": "Auto detect",
   "com_nav_lang_brazilian_portuguese": "Português Brasileiro",
@@ -313,13 +352,18 @@
   "com_nav_lang_georgian": "ქართული",
   "com_nav_lang_german": "Deutsch",
   "com_nav_lang_hebrew": "עברית",
+  "com_nav_lang_icelandic": "Ijslands",
   "com_nav_lang_indonesia": "Indonesia",
   "com_nav_lang_italian": "Italiano",
   "com_nav_lang_japanese": "日本語",
   "com_nav_lang_korean": "한국어",
+  "com_nav_lang_lithuanian": "Litouwens",
+  "com_nav_lang_norwegian_nynorsk": "Noors (Nynorsk)",
   "com_nav_lang_polish": "Polski",
   "com_nav_lang_portuguese": "Português",
   "com_nav_lang_russian": "Русский",
+  "com_nav_lang_slovak": "Slovaaks",
+  "com_nav_lang_slovenian": "Sloveens",
   "com_nav_lang_spanish": "Español",
   "com_nav_lang_swedish": "Svenska",
   "com_nav_lang_thai": "ไทย",
@@ -328,12 +372,23 @@
   "com_nav_lang_vietnamese": "Tiếng Việt",
   "com_nav_language": "Taal",
   "com_nav_log_out": "Uitloggen",
+  "com_nav_mcp_access_revoked": "Toegang tot MCP-server met succes ingetrokken.",
+  "com_nav_mcp_connect": "Maak verbinding",
+  "com_nav_mcp_connect_server": "Maak verbinding met {{0}}",
+  "com_nav_mcp_reconnect": "Opnieuw verbinden",
+  "com_nav_mcp_status_connected": "Verbonden",
+  "com_nav_mcp_status_disconnected": "Niet verbonden",
+  "com_nav_mcp_status_error": "Fout",
+  "com_nav_mcp_status_initializing": "Initialiseren",
+  "com_nav_mcp_status_needs_auth": "Authenticatie nodig",
+  "com_nav_mcp_status_unknown": "Onbekend",
   "com_nav_not_supported": "Niet ondersteund",
   "com_nav_open_sidebar": "Zijbalk openen",
   "com_nav_plugin_auth_error": "Er trad een fout op bij het authenticeren van deze plugin. Probeer het opnieuw.",
   "com_nav_search_placeholder": "Berichten doorzoeken",
   "com_nav_send_message": "Bericht verzenden",
   "com_nav_setting_data": "Gegevensbesturing",
+  "com_nav_setting_delay": "Vertraging (s)",
   "com_nav_setting_general": "Algemeen",
   "com_nav_settings": "Instellingen",
   "com_nav_shared_links": "Gedeelde links",
@@ -341,9 +396,22 @@
   "com_nav_theme_dark": "Donker",
   "com_nav_theme_light": "Licht",
   "com_nav_theme_system": "Systeem",
+  "com_nav_toggle_sidebar": "Zijbalk tonen/verbergen",
+  "com_nav_tool_dialog_mcp_server_tools": "MCP-server Hulpmiddelen",
   "com_nav_user": "GEBRUIKER",
+  "com_sidepanel_attach_files": "Bestanden bijvoegen",
   "com_sidepanel_conversation_tags": "Bladwijzers",
+  "com_sidepanel_hide_panel": "Verberg paneel",
+  "com_sidepanel_parameters": "Parameters",
   "com_ui_accept": "Ik accepteer",
+  "com_ui_active": "Actief",
+  "com_ui_add": "Voeg  toe",
+  "com_ui_add_code_interpreter_api_key": "Code Interpreter API-sleutel toevoegen",
+  "com_ui_add_first_bookmark": "Klik op een chat om er een toe te voegen",
+  "com_ui_add_first_mcp_server": "Maak je eerste MCP-server om te beginnen",
+  "com_ui_add_first_prompt": "Schrijf je eerste prompt om te beginnen",
+  "com_ui_add_special_variables": "Speciale variabelen toevoegen",
+  "com_ui_add_web_search_api_keys": "API-sleutels voor zoeken op het web toevoegen",
   "com_ui_agent": "Agent",
   "com_ui_agent_category_general": "Algemeen",
   "com_ui_agent_duplicate_error": "Er is een fout opgetreden bij het dupliceren van de agent",
@@ -370,6 +438,7 @@
   "com_ui_cancel": "Annuleren",
   "com_ui_clear": "Wissen",
   "com_ui_close": "Sluiten",
+  "com_ui_collapse_thoughts": "Gedachten Inklappen",
   "com_ui_confirm": "Bevestigen",
   "com_ui_confirm_action": "Actie Bevestigen",
   "com_ui_context": "Context",
@@ -390,7 +459,6 @@
   "com_ui_download_backup_tooltip": "Download je backup codes voordat je doorgaat. Je hebt ze nodig om toegang te herkrijgen als je je authenticatorapparaat verliest",
   "com_ui_download_error": "Fout bij downloaden van bestand. Het bestand kan zijn verwijderd.",
   "com_ui_dropdown_variables": "Dropdown variabelen:",
-  "com_ui_dropdown_variables_info": "Maak aangepaste dropdown menu's voor je prompts: `{{variable_name:option1|option2|option3}}`",
   "com_ui_duplicate": "Dupliceren",
   "com_ui_duplication_error": "Er is een fout opgetreden bij het dupliceren van het gesprek",
   "com_ui_duplication_processing": "Gesprek dupliceren...",
@@ -414,6 +482,7 @@
   "com_ui_everyone_permission_level": "Machtigingsniveau van iedereen",
   "com_ui_examples": "Voorbeelden",
   "com_ui_expand_chat": "Chat Uitvouwen",
+  "com_ui_expand_thoughts": "Gedachten Uitklappen",
   "com_ui_export_convo_modal": "Gesprek Exporteren Modal",
   "com_ui_feedback_more": "Meer...",
   "com_ui_feedback_more_information": "Geef aanvullende feedback",
@@ -585,9 +654,7 @@
   "com_ui_special_var_current_user": "Huidige Gebruiker",
   "com_ui_special_var_iso_datetime": "UTC ISO Datetime",
   "com_ui_special_variables": "Speciale variabelen:",
-  "com_ui_special_variables_more_info": "Je kunt speciale variabelen selecteren uit het dropdown menu: `{{current_date}}` (huidige datum en dag van de week), `{{current_datetime}}` (lokale datum en tijd), `{{utc_iso_datetime}}` (UTC ISO datetime), en `{{current_user}}` (je accountnaam).",
   "com_ui_speech_while_submitting": "Kan spraak niet indienen terwijl een antwoord wordt gegenereerd",
-  "com_ui_sr_actions_menu": "Actiemenu openen voor \"{{0}}\"",
   "com_ui_stop": "Stop",
   "com_ui_storage": "Opslag",
   "com_ui_submit": "Indienen",
@@ -613,7 +680,6 @@
   "com_ui_travel": "Reizen",
   "com_ui_trust_app": "Ik vertrouw deze applicatie",
   "com_ui_try_adjusting_search": "Probeer je zoektermen aan te passen",
-  "com_ui_ui_resources": "UI Resources",
   "com_ui_unarchive": "Uit Archief Halen",
   "com_ui_unarchive_error": "Kon gesprek niet uit archief halen",
   "com_ui_unavailable": "Niet beschikbaar",
@@ -645,7 +711,6 @@
   "com_ui_user_group_permissions": "Gebruikers- & Groepsmachtigingen",
   "com_ui_value": "Waarde",
   "com_ui_variables": "Variabelen",
-  "com_ui_variables_info": "Gebruik dubbele accolades in je tekst om variabelen te creëren, bijv. `{{voorbeeld variabele}}`, om later in te vullen bij het gebruiken van de prompt.",
   "com_ui_verify": "Verifiëren",
   "com_ui_version_var": "Versie {{0}}",
   "com_ui_versions": "Versies",
@@ -677,6 +742,7 @@
   "com_ui_weekend_morning": "Fijn weekend",
   "com_ui_write": "Schrijven",
   "com_ui_x_selected": "{{0}} geselecteerd",
+  "com_ui_xhigh": "Extra Hoog",
   "com_ui_yes": "Ja",
   "com_ui_zoom": "Zoom",
   "com_user_message": "Jij"
diff --git a/client/src/locales/pl/translation.json b/client/src/locales/pl/translation.json
index 70c6a6c22b..1256429e74 100644
--- a/client/src/locales/pl/translation.json
+++ b/client/src/locales/pl/translation.json
@@ -1,35 +1,115 @@
 {
-  "chat_direction_left_to_right": "coś tu musi być. było pusto",
-  "chat_direction_right_to_left": "coś tu musi być. było pusto",
+  "chat_direction_left_to_right": "Od lewej do prawej",
+  "chat_direction_right_to_left": "Od prawej do lewej",
   "com_a11y_ai_composing": "AI nadal komponuje.",
-  "com_a11y_end": "AI zakończył swoją odpowiedź.",
+  "com_a11y_chats_date_section": "Czaty z {{date}}",
+  "com_a11y_end": "AI wygenerowało odpowiedź.",
+  "com_a11y_selected": "wybrano",
   "com_a11y_start": "AI rozpoczął swoją odpowiedź.",
+  "com_agents_agent_card_label": "Agent {{name}}. {{description}}",
+  "com_agents_all": "Wszyscy Agenci",
+  "com_agents_all_category": "Wszystkie",
+  "com_agents_all_description": "Przeglądaj wszystkich udostępnionych agentów we wszystkich kategoriach",
+  "com_agents_avatar_upload_error": "Nie udało się przesłać awatara agenta",
   "com_agents_by_librechat": "od LibreChat",
+  "com_agents_category_aftersales": "Obsługa Posprzedażowa",
+  "com_agents_category_aftersales_description": "Agenci specjalizujący się we wsparciu posprzedażowym, konserwacji i obsłudze klienta",
+  "com_agents_category_empty": "Nie znaleziono agentów w kategorii {{category}}",
+  "com_agents_category_finance": "Finanse",
+  "com_agents_category_finance_description": "Agenci specjalizujący się w analizie finansowej, budżetowaniu i księgowości",
+  "com_agents_category_general": "Ogólne",
+  "com_agents_category_general_description": "Agenci ogólnego przeznaczenia do typowych zadań i zapytań",
+  "com_agents_category_hr": "Zasoby Ludzkie (HR)",
+  "com_agents_category_hr_description": "Agenci specjalizujący się w procesach HR, politykach i wsparciu pracowników",
+  "com_agents_category_it": "IT",
+  "com_agents_category_it_description": "Agenci wsparcia IT, rozwiązywania problemów technicznych i administracji systemem",
+  "com_agents_category_rd": "Badania i Rozwój",
+  "com_agents_category_rd_description": "Agenci skoncentrowani na procesach R&D, innowacjach i badaniach technicznych",
+  "com_agents_category_sales": "Sprzedaż",
+  "com_agents_category_sales_description": "Agenci skoncentrowani na procesach sprzedaży i relacjach z klientami",
+  "com_agents_category_tab_label": "Kategoria {{category}}, {{position}} z {{total}}",
+  "com_agents_category_tabs_label": "Kategorie Agentów",
+  "com_agents_chat_with": "Czat z {{name}}",
+  "com_agents_clear_search": "Wyczyść wyszukiwanie",
+  "com_agents_code_interpreter": "Gdy włączone, pozwala twojemu agentowi wykorzystać API Code Interpreter LibreChat do uruchamiania wygenerowanego kodu, w tym bezpiecznego przetwarzania plików. Wymaga ważnego klucza API.",
   "com_agents_code_interpreter_title": "API interpretera kodu",
+  "com_agents_contact": "Kontakt",
+  "com_agents_copy_link": "Kopiuj Link",
   "com_agents_create_error": "Wystąpił błąd podczas tworzenia agenta.",
+  "com_agents_created_by": "przez",
+  "com_agents_description_card": "Opis: {{description}}",
   "com_agents_description_placeholder": "Opcjonalnie: Opisz swojego agenta tutaj",
-  "com_agents_enable_file_search": "Włącz wyszukiwanie plików",
+  "com_agents_empty_state_heading": "Nie znaleziono agentów",
+  "com_agents_enable_file_search": "Włącz przeszukiwanie plików",
+  "com_agents_error_bad_request_message": "Żądanie nie mogło zostać przetworzone.",
+  "com_agents_error_bad_request_suggestion": "Sprawdź wprowadzone dane i spróbuj ponownie.",
+  "com_agents_error_category_title": "Błąd Kategorii",
+  "com_agents_error_generic": "Wystąpił problem podczas ładowania treści.",
+  "com_agents_error_invalid_request": "Nieprawidłowe Żądanie",
+  "com_agents_error_loading": "Błąd ładowania agentów",
+  "com_agents_error_network_message": "Nie można połączyć się z serwerem.",
+  "com_agents_error_network_suggestion": "Sprawdź połączenie internetowe i spróbuj ponownie.",
+  "com_agents_error_network_title": "Problem z Połączeniem",
+  "com_agents_error_not_found_message": "Żądana treść nie została znaleziona.",
+  "com_agents_error_not_found_suggestion": "Spróbuj przeglądać inne opcje lub wróć do marketplace.",
+  "com_agents_error_not_found_title": "Nie Znaleziono",
+  "com_agents_error_retry": "Spróbuj Ponownie",
+  "com_agents_error_search_title": "Błąd Wyszukiwania",
+  "com_agents_error_searching": "Błąd wyszukiwania agentów",
+  "com_agents_error_server_message": "Serwer jest tymczasowo niedostępny.",
+  "com_agents_error_server_suggestion": "Proszę spróbuj ponownie za chwilę.",
+  "com_agents_error_server_title": "Błąd Serwera",
+  "com_agents_error_suggestion_generic": "Proszę spróbuj odświeżyć stronę lub spróbuj ponownie później.",
+  "com_agents_error_timeout_message": "Żądanie trwało zbyt długo.",
+  "com_agents_error_timeout_suggestion": "Sprawdź połączenie internetowe i spróbuj ponownie.",
+  "com_agents_error_timeout_title": "Limit Czasu Połączenia",
+  "com_agents_error_title": "Coś poszło nie tak",
+  "com_agents_file_context_description": "Pliki przesłane jako \"Kontekst\" są parsowane jako tekst, aby uzupełnić instrukcje Agenta. Jeśli dostępne jest OCR lub jeśli skonfigurowano dla przesłanego typu pliku, proces ten jest używany do wyodrębnienia tekstu. Idealne dla dokumentów, obrazów z tekstem lub plików PDF, gdzie potrzebujesz pełnej treści tekstowej pliku",
   "com_agents_file_context_disabled": "Agent musi zostać utworzony przed przesłaniem plików dla Kontekstu Plików",
-  "com_agents_file_search_disabled": "Agent musi zostać utworzony przed przesłaniem plików do wyszukiwania.",
+  "com_agents_file_context_label": "Kontekst z pliku",
+  "com_agents_file_search_disabled": "Agent musi zostać utworzony przed przesłaniem plików do przeszukiwania.",
   "com_agents_file_search_info": "Po włączeniu agent zostanie poinformowany o dokładnych nazwach plików wymienionych poniżej, co pozwoli mu na pobranie odpowiedniego kontekstu z tych plików.",
+  "com_agents_grid_announcement": "Wyświetlanie {{count}} agentów w kategorii {{category}}",
   "com_agents_instructions_placeholder": "Instrukcje systemowe używane przez agenta",
-  "com_agents_mcp_icon_size": "Minimalny rozmiar 128 x 128 px",
-  "com_agents_missing_provider_model": "Wybierz dostawcę i model przed utworzeniem agenta.",
+  "com_agents_link_copied": "Link skopiowany",
+  "com_agents_link_copy_failed": "Nie udało się skopiować linku",
+  "com_agents_load_more_label": "Załaduj więcej agentów z kategorii {{category}}",
+  "com_agents_loading": "Ładowanie...",
+  "com_agents_marketplace": "Agent Marketplace",
+  "com_agents_marketplace_subtitle": "Odkrywaj i używaj potężnych agentów AI, aby ulepszyć swoje przepływy pracy i wydajność",
+  "com_agents_mcp_description_placeholder": "MCP pozwala na wyposażenie twojego agenta w niestandardowe narzędzia i funkcje poprzez integrację z serwerami MCP. Skonfiguruj niestandardowe zmienne dla każdego serwera, aby umożliwić agentowi korzystanie z tych narzędzi.",
+  "com_agents_mcp_icon_size": "Minimalny rozmiar: 128 x 128 px",
+  "com_agents_mcp_name_placeholder": "Niestandardowe Narzędzie",
+  "com_agents_mcp_trust_subtext": "Niestandardowe konektory MCP nie są weryfikowane przez LibreChat",
+  "com_agents_missing_name": "Proszę wpisać nazwę przed utworzeniem agenta.",
+  "com_agents_missing_provider_model": "Proszę wybrać dostawcę i model przed utworzeniem agenta.",
   "com_agents_name_placeholder": "Opcjonalnie: Nazwa agenta",
-  "com_agents_no_access": "Nie masz zezwolenia na edycję tego agenta.",
-  "com_agents_not_available": "Agent nie jest dostępny",
+  "com_agents_no_access": "Nie masz uprawnień do edycji tego agenta.",
+  "com_agents_no_agent_id_error": "Nie znaleziono ID agenta. Upewnij się, że agent został najpierw utworzony.",
+  "com_agents_no_more_results": "To już wszystkie wyniki",
+  "com_agents_not_available": "Agent jest nie dostępny",
+  "com_agents_recommended": "Nasi polecani agenci",
+  "com_agents_results_for": "Wyniki dla '{{query}}'",
+  "com_agents_search_aria": "Szukaj agentów",
+  "com_agents_search_empty_heading": "Brak wyników wyszukiwania",
+  "com_agents_search_info": "Gdy włączone, pozwala twojemu agentowi przeszukiwać sieć w poszukiwaniu aktualnych informacji. Wymaga ważnego klucza API.",
+  "com_agents_search_instructions": "Wpisz, aby szukać agentów po nazwie lub opisie",
   "com_agents_search_name": "Wyszukaj agentów po nazwie",
+  "com_agents_search_no_results": "Nie znaleziono agentów dla \"{{query}}\"",
+  "com_agents_search_placeholder": "Szukaj agentów...",
+  "com_agents_see_more": "Zobacz więcej",
+  "com_agents_start_chat": "Rozpocznij Czat",
+  "com_agents_top_picks": "Polecane",
   "com_agents_update_error": "Wystąpił błąd podczas aktualizacji agenta.",
-  "com_assistants_action_attempt": "Asysten chce rozmawiać z {{0}}",
   "com_assistants_actions": "Akcje",
   "com_assistants_actions_disabled": "Musisz utworzyć asystenta przed dodaniem akcji.",
   "com_assistants_actions_info": "Pozwól swojemu Asystentowi pobierać informacje lub podejmować działania poprzez API",
   "com_assistants_add_actions": "Dodaj akcje",
+  "com_assistants_add_mcp_server_tools": "Dodaj Narzędzia Serwera MCP",
   "com_assistants_add_tools": "Dodaj narzędzia",
   "com_assistants_allow_sites_you_trust": "Zezwól tylko na strony, którym ufasz.",
   "com_assistants_append_date": "Dodaj aktualną datę i czas",
   "com_assistants_append_date_tooltip": "Po włączeniu, aktualna data i czas klienta zostaną dodane do instrukcji systemowych asystenta.",
-  "com_assistants_attempt_info": "Asystent chce wysłać następującą treść: ",
   "com_assistants_available_actions": "Dostępne akcje",
   "com_assistants_capabilities": "Możliwości",
   "com_assistants_code_interpreter": "Interpreter kodu",
@@ -37,32 +117,33 @@
   "com_assistants_code_interpreter_info": "Interpreter kodu umożliwia asystentowi pisanie i uruchamianie kodu. To narzędzie może przetwarzać pliki z różnymi danymi i formatowaniem oraz generować pliki, takie jak wykresy.",
   "com_assistants_completed_action": "Rozmawiał z {{0}}",
   "com_assistants_completed_function": "Uruchomiono {{0}}",
-  "com_assistants_conversation_starters": "Rozpoczęcie rozmowy",
-  "com_assistants_conversation_starters_placeholder": "Wprowadź rozpoczęcie rozmowy",
+  "com_assistants_conversation_starters": "Przykładowe polecenia",
+  "com_assistants_conversation_starters_placeholder": "Wprowadź przykładowe polecenia",
   "com_assistants_create_error": "Wystąpił błąd podczas tworzenia asystenta.",
   "com_assistants_create_success": "Pomyślnie utworzono",
   "com_assistants_delete_actions_error": "Wystąpił błąd podczas usuwania akcji.",
   "com_assistants_delete_actions_success": "Pomyślnie usunięto akcję z asystenta",
   "com_assistants_description_placeholder": "Opcjonalnie: Opisz swojego asystenta tutaj",
-  "com_assistants_domain_info": "Asystent wysłał te informacje do {{0}}",
-  "com_assistants_file_search": "Wyszukiwanie plików",
-  "com_assistants_file_search_info": "Wyszukiwanie plików umożliwia asystentowi dostęp do wiedzy z plików przesłanych przez ciebie lub twoich użytkowników. Po przesłaniu pliku asystent automatycznie decyduje, kiedy pobierać treść na podstawie żądań użytkownika. Dołączanie magazynów wektorowych do wyszukiwania plików nie jest jeszcze obsługiwane. Możesz je dołączyć z Playground dostawcy lub dołączyć pliki do wiadomości w celu wyszukiwania plików na podstawie wątku.",
+  "com_assistants_file_search": "Przeszukiwanie plików",
+  "com_assistants_file_search_info": "Przeszukiwanie plików umożliwia asystentowi dostęp do wiedzy z plików przesłanych przez ciebie lub twoich użytkowników. Po przesłaniu pliku asystent automatycznie decyduje, kiedy pobierać treść na podstawie pytań użytkownika. Dołączanie baz wektorowych do przeszukiwania plików nie jest jeszcze obsługiwane. Możesz je dołączyć z Playground dostawcy lub dołączyć pliki do wiadomości w celu przeszukiwania plików na podstawie wątku.",
   "com_assistants_function_use": "Asystent użył {{0}}",
-  "com_assistants_image_vision": "Widzenie obrazu",
+  "com_assistants_image_vision": "Analiza obrazu",
   "com_assistants_instructions_placeholder": "Instrukcje systemowe używane przez asystenta",
   "com_assistants_knowledge": "Wiedza",
   "com_assistants_knowledge_disabled": "Asystent musi zostać utworzony, a Interpreter kodu lub Pobieranie musi być włączone i zapisane przed przesłaniem plików jako Wiedza.",
   "com_assistants_knowledge_info": "Jeśli prześlesz pliki w sekcji Wiedza, rozmowy z twoim Asystentem mogą zawierać treść plików.",
-  "com_assistants_max_starters_reached": "Osiągnięto maksymalną liczbę rozpoczęć rozmowy",
+  "com_assistants_max_starters_reached": "Osiągnięto limit przykładowych pytań",
   "com_assistants_name_placeholder": "Opcjonalnie: Nazwa asystenta",
-  "com_assistants_non_retrieval_model": "Wyszukiwanie w plikach nie jest włączone dla tego modelu. Proszę wybierz inny model.",
-  "com_assistants_retrieval": "Pobieranie",
+  "com_assistants_non_retrieval_model": "Przeszukiwanie w plikach nie jest włączone dla tego modelu. Proszę wybierz inny model.",
+  "com_assistants_retrieval": "Wydobywanie wiedzy",
   "com_assistants_running_action": "Uruchomiona akcja",
+  "com_assistants_running_var": "Uruchomiono {{0}}",
   "com_assistants_search_name": "Wyszukaj asystentów po nazwie",
   "com_assistants_update_actions_error": "Wystąpił błąd podczas tworzenia lub aktualizacji akcji.",
   "com_assistants_update_actions_success": "Pomyślnie utworzono lub zaktualizowano akcję",
   "com_assistants_update_error": "Wystąpił błąd podczas aktualizacji asystenta.",
   "com_assistants_update_success": "Pomyślnie zaktualizowano",
+  "com_assistants_update_success_name": "Pomyślnie zaktualizowano {{name}}",
   "com_auth_already_have_account": "Masz już konto?",
   "com_auth_apple_login": "Zaloguj się przez Apple",
   "com_auth_back_to_login": "Powrót do logowania",
@@ -71,33 +152,34 @@
   "com_auth_continue": "Kontynuuj",
   "com_auth_create_account": "Utwórz konto",
   "com_auth_discord_login": "Zaloguj się przez Discorda",
-  "com_auth_email": "Email",
+  "com_auth_email": "E-mail",
   "com_auth_email_address": "Adres e-mail",
-  "com_auth_email_max_length": "Adres email nie może być dłuższy niż 120 znaków.",
-  "com_auth_email_min_length": "Adres email musi mieć co najmniej 6 znaków.",
+  "com_auth_email_max_length": "Adres e-mail nie może być dłuższy niż 120 znaków.",
+  "com_auth_email_min_length": "Adres e-mail musi mieć co najmniej 6 znaków.",
   "com_auth_email_pattern": "Wprowadź poprawny adres e-mail",
-  "com_auth_email_required": "Wymagane jest podanie adresu email.",
-  "com_auth_email_resend_link": "Wyślij ponownie email",
-  "com_auth_email_resent_failed": "Nie udało się ponownie wysłać emaila weryfikacyjnego",
-  "com_auth_email_resent_success": "Email weryfikacyjny wysłany ponownie",
-  "com_auth_email_verification_failed": "Weryfikacja email nie powiodła się",
+  "com_auth_email_required": "Wymagane jest podanie adresu e-mail.",
+  "com_auth_email_resend_link": "Wyślij ponownie e-mail",
+  "com_auth_email_resent_failed": "Nie udało się ponownie wysłać e-maila weryfikacyjnego",
+  "com_auth_email_resent_success": "E-mail weryfikacyjny wysłany ponownie",
+  "com_auth_email_verification_failed": "Weryfikacja adresu e-mail nie powiodła się",
   "com_auth_email_verification_failed_token_missing": "Weryfikacja nie powiodła się, brak tokenu",
-  "com_auth_email_verification_in_progress": "Weryfikacja twojego emaila, proszę czekać",
-  "com_auth_email_verification_invalid": "Nieprawidłowa weryfikacja email",
+  "com_auth_email_verification_in_progress": "Trwa weryfikacja adresu e-mail, proszę czekać",
+  "com_auth_email_verification_invalid": "Nieprawidłowa weryfikacja adresu e-mail",
   "com_auth_email_verification_redirecting": "Przekierowanie za {{0}} sekund...",
-  "com_auth_email_verification_resend_prompt": "Nie otrzymałeś maila?",
-  "com_auth_email_verification_success": "Email zweryfikowany pomyślnie",
+  "com_auth_email_verification_resend_prompt": "Nie otrzymałeś e-maila?",
+  "com_auth_email_verification_success": "Adres e-mail zweryfikowany pomyślnie",
   "com_auth_email_verifying_ellipsis": "Weryfikowanie...",
   "com_auth_error_create": "Wystąpił błąd podczas tworzenia konta. Spróbuj ponownie.",
   "com_auth_error_invalid_reset_token": "Ten token do resetowania hasła jest już nieważny.",
   "com_auth_error_login": "Nie udało się zalogować przy użyciu podanych danych. Sprawdź swoje dane logowania i spróbuj ponownie.",
   "com_auth_error_login_ban": "Twoje konto zostało tymczasowo zablokowane z powodu naruszeń reguł korzystania z naszego serwisu.",
   "com_auth_error_login_rl": "Zbyt wiele prób logowania w krótkim czasie. Spróbuj ponownie później.",
-  "com_auth_error_login_server": "Wystąpił wewnętrzny błąd serwera,. Proszę, poczekaj chwilę i spróbuj ponownie.",
-  "com_auth_error_login_unverified": "Twoje konto nie jest zweryfikowane. Sprawdź swoją skrzynkę email by znaleźć link weryfikacyjny.",
-  "com_auth_facebook_login": "Zaloguj się przez Facebooka",
+  "com_auth_error_login_server": "Wystąpił wewnętrzny błąd serwera. Proszę, poczekaj chwilę i spróbuj ponownie.",
+  "com_auth_error_login_unverified": "Twoje konto nie jest zweryfikowane. Sprawdź swoją skrzynkę e-mail by znaleźć link weryfikacyjny.",
+  "com_auth_error_oauth_failed": "Uwierzytelnianie nie powiodło się. Sprawdź metodę logowania i spróbuj ponownie.",
+  "com_auth_facebook_login": "Zaloguj się przez Facebook",
   "com_auth_full_name": "Pełne imię",
-  "com_auth_github_login": "Zaloguj się przez Githuba",
+  "com_auth_github_login": "Zaloguj się przez GitHub",
   "com_auth_google_login": "Zaloguj się przez Google",
   "com_auth_here": "TUTAJ",
   "com_auth_login": "Zaloguj się",
@@ -113,39 +195,46 @@
   "com_auth_password_min_length": "Hasło musi mieć co najmniej 8 znaków",
   "com_auth_password_not_match": "Hasła nie są zgodne",
   "com_auth_password_required": "Wymagane jest podanie hasła",
-  "com_auth_registration_success_generic": "Sprawdź swoją skrzynkę email, aby zweryfikować adres email.",
+  "com_auth_registration_success_generic": "Sprawdź swoją skrzynkę e-mail, aby zweryfikować adres e-mail.",
   "com_auth_registration_success_insecure": "Rejestracja zakończona pomyślnie.",
   "com_auth_reset_password": "Zresetuj hasło",
-  "com_auth_reset_password_if_email_exists": "Jeśli konto z tym adresem e-mail istnieje, wiadomość e-mail z instrukcjami resetowania hasła została wysłana. Sprawdź folder spamu.",
+  "com_auth_reset_password_if_email_exists": "Jeśli konto z tym adresem e-mail istnieje, wysłaliśmy na nie instrukcje dotyczące resetowania hasła. Prosimy o sprawdzenie folderu spamu.",
   "com_auth_reset_password_link_sent": "Link do resetowania hasła został wysłany",
   "com_auth_reset_password_success": "Hasło zostało pomyślnie zresetowane",
+  "com_auth_saml_login": "Kontynuuj z SAML",
   "com_auth_sign_in": "Zaloguj się",
   "com_auth_sign_up": "Zarejestruj się",
   "com_auth_submit_registration": "Zarejestruj się",
   "com_auth_to_reset_your_password": "aby zresetować hasło.",
   "com_auth_to_try_again": "aby spróbować ponownie.",
-  "com_auth_two_factor": "Sprawdź preferowaną aplikację do kodów 2FA, aby uzyskać kod.",
+  "com_auth_two_factor": "Sprawdź swoją preferowaną aplikację 2FA, aby uzyskać kod.",
   "com_auth_username": "Nazwa użytkownika (opcjonalnie)",
   "com_auth_username_max_length": "Nazwa użytkownika nie może zawierać więcej niż 20 znaków",
   "com_auth_username_min_length": "Nazwa użytkownika musi zawierać co najmniej 2 znaki",
   "com_auth_verify_your_identity": "Zweryfikuj swoją tożsamość",
-  "com_auth_welcome_back": "Witamy z powrotem",
+  "com_auth_welcome_back": "Witaj z powrotem",
+  "com_citation_more_details": "Więcej szczegółów o {{label}}",
+  "com_citation_source": "Źródło",
   "com_click_to_download": "(kliknij tutaj, aby pobrać)",
-  "com_download_expired": "(pobieranie wygasło)",
+  "com_download_expired": "(link do pobierania wygasł)",
   "com_download_expires": "(kliknij tutaj, aby pobrać - wygasa {{0}})",
   "com_endpoint": "Punkt końcowy",
   "com_endpoint_agent": "Agent",
   "com_endpoint_agent_placeholder": "Proszę wybrać agenta",
   "com_endpoint_ai": "AI",
+  "com_endpoint_anthropic_effort": "Kontroluje, ile wysiłku obliczeniowego Claude wkłada w zadanie. Mniejszy wysiłek oszczędza tokeny i zmniejsza opóźnienia; większy wysiłek daje bardziej dokładne odpowiedzi. 'Max' włącza najgłębsze rozumowanie (tylko Opus 4.6).",
   "com_endpoint_anthropic_maxoutputtokens": "Maksymalna liczba tokenów, która może zostać wygenerowana w odpowiedzi. Wybierz mniejszą wartość dla krótszych odpowiedzi i większą wartość dla dłuższych odpowiedzi.",
-  "com_endpoint_anthropic_prompt_cache": "Prompt caching umożliwia ponowne wykorzystanie dużego kontekstu lub instrukcji w wywołaniach API, zmniejszając koszty i opóźnienia.",
+  "com_endpoint_anthropic_prompt_cache": "Buforowanie promptów umożliwia ponowne wykorzystanie dużego kontekstu lub instrukcji w wywołaniach API, zmniejszając koszty i opóźnienia.",
   "com_endpoint_anthropic_temp": "Zakres od 0 do 1. Użyj wartości bliżej 0 dla analizy/wyboru wielokrotnego, a bliżej 1 dla zadań twórczych i generatywnych. Zalecamy dostosowanie tej wartości lub Top P, ale nie obu jednocześnie.",
-  "com_endpoint_anthropic_thinking": "Włącza wewnętrzne rozumowanie dla wspieranych modeli Claude (3.7 Sonnet). Notatka: wymaga \"Thinking Budget\" by był włączony oraz mniejszy niż \"Max Output Tokens\".",
+  "com_endpoint_anthropic_thinking": "Włącza wewnętrzne rozumowanie dla wspieranych modeli Claude (3.7 Sonnet). Uwaga: wymaga włączenia „Thinking Budget” oraz wartości mniejszej niż „Max Output Tokens”.",
+  "com_endpoint_anthropic_thinking_budget": "Określa maksymalną liczbę tokenów, które Claude może wykorzystać na swój wewnętrzny proces rozumowania. Większe budżety mogą poprawić jakość odpowiedzi, umożliwiając dokładniejszą analizę złożonych problemów, chociaż Claude może nie wykorzystać całego przydzielonego budżetu, szczególnie w zakresach powyżej 32K. To ustawienie musi być niższe niż \"Maksymalna Liczba Tokenów Wyjściowych\" (Max Output Tokens).",
   "com_endpoint_anthropic_topk": "Top-K wpływa na sposób wyboru tokenów przez model. Top-K równa 1 oznacza, że wybrany token jest najbardziej prawdopodobny spośród wszystkich tokenów w słowniku modelu (tzw. dekodowanie zachłanne), podczas gdy top-K równa 3 oznacza, że następny token zostaje wybrany spośród 3 najbardziej prawdopodobnych tokenów (za pomocą temperatury).",
   "com_endpoint_anthropic_topp": "Top-P wpływa na sposób wyboru tokenów przez model. Tokeny wybierane są od najbardziej prawdopodobnych do najmniej prawdopodobnych, aż suma ich prawdopodobieństw osiągnie wartość top-P.",
+  "com_endpoint_anthropic_use_web_search": "Włącz funkcję wyszukiwania w sieci przy użyciu wbudowanych możliwości wyszukiwania Anthropic. Pozwala to modelowi przeszukiwać sieć w poszukiwaniu aktualnych informacji i dostarczać bardziej dokładne, bieżące odpowiedzi.",
   "com_endpoint_assistant": "Asystent",
   "com_endpoint_assistant_model": "Model asystenta",
   "com_endpoint_assistant_placeholder": "Proszę wybrać asystenta z prawego panelu bocznego",
+  "com_endpoint_bedrock_reasoning_effort": "Kontroluje poziom rozumowania dla obsługiwanych modeli Bedrock (np. Kimi K2.5, GLM). Wyższe poziomy dają bardziej dogłębne rozumowanie kosztem zwiększonego opóźnienia i liczby tokenów.",
   "com_endpoint_config_click_here": "Kliknij tutaj",
   "com_endpoint_config_google_api_info": "Aby uzyskać klucz API języka generatywnego (dla Gemini),",
   "com_endpoint_config_google_api_key": "Klucz API Google",
@@ -156,7 +245,10 @@
   "com_endpoint_config_key_encryption": "Twój klucz zostanie zaszyfrowany i usunięty o",
   "com_endpoint_config_key_for": "Ustaw klucz API dla",
   "com_endpoint_config_key_google_need_to": "Powinieneś ",
+  "com_endpoint_config_key_google_service_account": "Utwórz Konto Usługowe",
   "com_endpoint_config_key_google_vertex_ai": "Włącz Vertex AI",
+  "com_endpoint_config_key_google_vertex_api": "API w Google Cloud, następnie",
+  "com_endpoint_config_key_google_vertex_api_role": "Upewnij się, że kliknąłeś 'Utwórz i Kontynuuj', aby nadać co najmniej rolę 'Użytkownik Vertex AI'. Na koniec utwórz klucz JSON, aby go tutaj zaimportować.",
   "com_endpoint_config_key_import_json_key": "Importuj klucz JSON konta usługi.",
   "com_endpoint_config_key_import_json_key_invalid": "Nieprawidłowy klucz JSON konta usługi. Czy zaimportowano właściwy plik?",
   "com_endpoint_config_key_import_json_key_success": "Pomyślnie zaimportowano klucz JSON konta usługi",
@@ -165,11 +257,15 @@
   "com_endpoint_config_placeholder": "Ustaw swój klucz w menu nagłówka, aby czatować.",
   "com_endpoint_config_value": "Wprowadź wartość dla",
   "com_endpoint_context": "Kontekst",
+  "com_endpoint_context_info": "Maksymalna liczba tokenów, które mogą być użyte dla kontekstu. Użyj tego do kontrolowania liczby tokenów wysyłanych na żądanie. Jeśli nie określono, zostaną użyte wartości domyślne systemu oparte na znanej wielkości kontekstu modeli. Ustawienie wyższych wartości może skutkować błędami i/lub wyższym kosztem tokenów.",
   "com_endpoint_context_tokens": "Maksymalna liczba tokenów kontekstu",
   "com_endpoint_custom_name": "Niestandardowa nazwa",
   "com_endpoint_default": "domyślnie",
   "com_endpoint_default_blank": "domyślnie: puste",
   "com_endpoint_default_with_num": "domyślnie: {{0}}",
+  "com_endpoint_disable_streaming": "Wyłącz strumieniowanie odpowiedzi i otrzymaj pełną odpowiedź od razu. Przydatne dla modeli takich jak o3, które wymagają weryfikacji organizacji do strumieniowania",
+  "com_endpoint_disable_streaming_label": "Wyłącz Strumieniowanie",
+  "com_endpoint_effort": "Wysiłek",
   "com_endpoint_examples": "Przykłady",
   "com_endpoint_export": "Eksportuj",
   "com_endpoint_export_share": "Eksportuj/Udostępnij",
@@ -177,35 +273,50 @@
   "com_endpoint_google_custom_name_placeholder": "Ustaw niestandardową nazwę dla Google",
   "com_endpoint_google_maxoutputtokens": "Maksymalna liczba tokenów, które mogą być wygenerowane w odpowiedzi. Wybierz niższą wartość dla krótszych odpowiedzi i wyższą wartość dla dłuższych odpowiedzi.",
   "com_endpoint_google_temp": "Wyższe wartości oznaczają większą losowość, natomiast niższe wartości prowadzą do bardziej skoncentrowanych i deterministycznych wyników. Zalecamy dostosowanie tej wartości lub Top P, ale nie obu jednocześnie.",
+  "com_endpoint_google_thinking": "Włącza lub wyłącza myślenie. Obsługiwane przez serie Gemini 2.5 i 3. Uwaga: Gemini 3 Pro nie może w pełni wyłączyć myślenia.",
+  "com_endpoint_google_thinking_budget": "Określa liczbę tokenów myślenia używanych przez model. Rzeczywista ilość może przekroczyć lub być niższa od tej wartości w zależności od promptu.\n\nTo ustawienie dotyczy tylko modeli Gemini 2.5 i starszych. Dla Gemini 3 i nowszych użyj ustawienia Thinking Level.\n\nGemini 2.5 Pro obsługuje 128-32,768 tokenów. Gemini 2.5 Flash obsługuje 0-24,576 tokenów. Gemini 2.5 Flash Lite obsługuje 512-24,576 tokenów.\n\nPozostaw puste lub ustaw na \"-1\", aby pozwolić modelowi automatycznie zdecydować, kiedy i ile myśleć. Domyślnie Gemini 2.5 Flash Lite nie myśli.",
+  "com_endpoint_google_thinking_level": "Kontroluje głębokość rozumowania dla modeli Gemini 3 i nowszych. Nie ma wpływu na Gemini 2.5 i starsze — użyj Budżetu Myślenia (Thinking Budget) dla nich.\n\nPozostaw na Auto, aby użyć domyślnych ustawień modelu.",
   "com_endpoint_google_topk": "Top-k wpływa na sposób, w jaki model wybiera tokeny do wygenerowania odpowiedzi. Top-k 1 oznacza, że wybrany token jest najbardziej prawdopodobny spośród wszystkich tokenów w słowniku modelu (nazywane też dekodowaniem zachłannym), podczas gdy top-k 3 oznacza, że następny token jest wybierany spośród 3 najbardziej prawdopodobnych tokenów (z uwzględnieniem temperatury).",
   "com_endpoint_google_topp": "Top-p wpływa na sposób, w jaki model wybiera tokeny do wygenerowania odpowiedzi. Tokeny są wybierane od najbardziej prawdopodobnych do najmniej, aż suma ich prawdopodobieństw osiągnie wartość top-p.",
+  "com_endpoint_google_use_search_grounding": "Użyj funkcji ugruntowania (grounding) wyszukiwania Google, aby wzbogacić odpowiedzi o wyniki wyszukiwania w czasie rzeczywistym. Pozwala to modelom na dostęp do aktualnych informacji i dostarczanie bardziej dokładnych, bieżących odpowiedzi.",
   "com_endpoint_instructions_assistants": "Nadpisz instrukcje",
+  "com_endpoint_instructions_assistants_placeholder": "Nadpisuje instrukcje asystenta. Jest to przydatne do modyfikowania zachowania dla konkretnego uruchomienia.",
   "com_endpoint_max_output_tokens": "Maksymalna liczba tokenów wyjściowych",
   "com_endpoint_message": "Wiadomość",
   "com_endpoint_message_new": "Wiadomość {{0}}",
   "com_endpoint_message_not_appendable": "Edytuj swoją wiadomość lub wygeneruj ponownie.",
   "com_endpoint_my_preset": "Moje predefiniowane ustawienie",
   "com_endpoint_no_presets": "Brak zapisanych predefiniowanych ustawień",
-  "com_endpoint_open_menu": "Otwórz menu",
   "com_endpoint_openai_custom_name_placeholder": "Ustaw własną nazwę dla ChatGPT",
+  "com_endpoint_openai_detail": "Rozdzielczość dla żądań analizy obrazu. Opcja \"Niska\" jest tańsza i szybsza, \"Wysoka\" dokładniejsza i droższa, a \"Auto\" automatycznie wybierze jedną z nich na podstawie rozdzielczości wgrywanego pliku.",
   "com_endpoint_openai_freq": "Liczba pomiędzy -2,0 a 2,0. Dodatnie wartości karzą nowe tokeny w oparciu o ich dotychczasową częstotliwość występowania w tekście, co zmniejsza tendencję modelu do powtarzania tej samej linii dosłownie.",
   "com_endpoint_openai_max": "Maksymalna liczba tokenów do wygenerowania. Łączna długość tokenów wejściowych i wygenerowanych tokenów jest ograniczona długością kontekstu modelu.",
+  "com_endpoint_openai_max_tokens": "Opcjonalne pole 'max_tokens', reprezentujące maksymalną liczbę tokenów, które mogą zostać wygenerowane w odpowiedzi czatu. Całkowita długość tokenów wejściowych i wygenerowanych jest ograniczona długością kontekstu modelu. Jeśli ta liczba przekroczy maksymalną liczbę tokenów kontekstu, mogą wystąpić błędy.",
   "com_endpoint_openai_pres": "Liczba pomiędzy -2,0 a 2,0. Dodatnie wartości karzą nowe tokeny w oparciu o to, czy pojawiły się już w tekście, co zwiększa tendencję modelu do poruszania nowych tematów.",
   "com_endpoint_openai_prompt_prefix_placeholder": "Ustaw własne instrukcje do umieszczenia w systemowej wiadomości. Domyślnie: brak",
+  "com_endpoint_openai_reasoning_effort": "Tylko modele rozumowania (reasoning): ogranicza wysiłek wkładany w rozumowanie. Zmniejszenie wysiłku rozumowania może skutkować szybszymi odpowiedziami i mniejszym zużyciem tokenów na rozumowanie w odpowiedzi. 'Minimal' produkuje bardzo mało tokenów rozumowania dla najszybszego czasu do pierwszego tokena, szczególnie dobrze nadaje się do kodowania i podążania za instrukcjami.",
+  "com_endpoint_openai_reasoning_summary": "Tylko Responses API: Podsumowanie rozumowania przeprowadzonego przez model. Może to być przydatne do debugowania i zrozumienia procesu rozumowania modelu. Ustaw na none, auto, concise lub detailed.",
+  "com_endpoint_openai_resend": "Wyślij ponownie wszystkie wcześniej załączone obrazy. Uwaga: może to znacznie zwiększyć koszt tokenów i możesz napotkać błędy przy dużej liczbie załączników obrazów.",
+  "com_endpoint_openai_resend_files": "Wyślij ponownie wszystkie wcześniej załączone pliki. Uwaga: zwiększy to koszt tokenów i możesz napotkać błędy przy dużej liczbie załączników.",
   "com_endpoint_openai_stop": "Do 4 sekwencji, gdzie API przestanie generować dalsze tokeny.",
   "com_endpoint_openai_temp": "Wyższe wartości oznaczają większą losowość, natomiast niższe wartości prowadzą do bardziej skoncentrowanych i deterministycznych wyników. Zalecamy dostosowanie tej wartości lub Top P, ale nie obu jednocześnie.",
   "com_endpoint_openai_topp": "Alternatywa dla próbkowania z temperaturą, nazywana próbkowaniem jądra, gdzie model rozważa wyniki tokenów z prawdopodobieństwem top_p. Przykładowo, 0,1 oznacza, że tylko tokeny składające się z 10% najwyższego prawdopodobieństwa są rozważane. Zalecamy dostosowanie tej wartości lub temperatury, ale nie obu jednocześnie.",
+  "com_endpoint_openai_use_responses_api": "Używaj Responses API zamiast Chat Completions, co obejmuje rozszerzone funkcje OpenAI. Wymagane dla o1-pro, o3-pro i włączenia podsumowań rozumowania.",
+  "com_endpoint_openai_use_web_search": "Włącz funkcję wyszukiwania w sieci przy użyciu wbudowanych możliwości wyszukiwania OpenAI. Pozwala to modelowi przeszukiwać sieć w poszukiwaniu aktualnych informacji i dostarczać bardziej dokładne, bieżące odpowiedzi.",
+  "com_endpoint_openai_verbosity": "Ogranicza szczegółowość odpowiedzi modelu. Niższe wartości skutkują bardziej zwięzłymi odpowiedziami, a wyższe bardziej szczegółowymi. Obecnie obsługiwane wartości to low, medium i high.",
   "com_endpoint_output": "Wyjście",
   "com_endpoint_plug_image_detail": "Szczegóły obrazu",
   "com_endpoint_plug_resend_files": "Wyślij ponownie pliki",
   "com_endpoint_presence_penalty": "Kara za obecność",
   "com_endpoint_preset": "preset",
+  "com_endpoint_preset_custom_name_placeholder": "wpisz tutaj nazwę presetu",
   "com_endpoint_preset_default": "jest teraz domyślnym presetem.",
   "com_endpoint_preset_default_item": "Domyślny:",
   "com_endpoint_preset_default_none": "Brak aktywnego domyślnego presetu.",
   "com_endpoint_preset_default_removed": "nie jest już domyślnym presetem.",
   "com_endpoint_preset_delete_confirm": "Czy na pewno chcesz usunąć ten preset?",
   "com_endpoint_preset_delete_error": "Wystąpił błąd podczas usuwania presetu. Spróbuj ponownie.",
+  "com_endpoint_preset_delete_success": "Preset usunięty pomyślnie",
   "com_endpoint_preset_import": "Preset zaimportowany!",
   "com_endpoint_preset_import_error": "Wystąpił błąd podczas importowania presetu. Spróbuj ponownie.",
   "com_endpoint_preset_name": "Nazwa ustawienia",
@@ -214,44 +325,82 @@
   "com_endpoint_preset_selected_title": "Aktywny!",
   "com_endpoint_preset_title": "Preset",
   "com_endpoint_presets": "presety",
+  "com_endpoint_presets_clear_warning": "Czy na pewno chcesz usunąć wszystkie presety? Ta operacja jest nieodwracalna.",
   "com_endpoint_prompt_cache": "Użyj buforowania promptów",
   "com_endpoint_prompt_prefix": "Prefiks promptu",
   "com_endpoint_prompt_prefix_assistants": "Dodatkowe instrukcje",
+  "com_endpoint_prompt_prefix_assistants_placeholder": "Ustaw dodatkowe instrukcje lub kontekst na początku głównych instrukcji Asystenta. Ignorowane, jeśli puste.",
   "com_endpoint_prompt_prefix_placeholder": "Ustaw niestandardowe instrukcje lub kontekst. Pominięte, jeśli puste.",
   "com_endpoint_reasoning_effort": "Wysiłek rozumowania",
-  "com_endpoint_save_as_preset": "Zapisz jako predefiniowane ustawienie",
+  "com_endpoint_reasoning_summary": "Podsumowanie Rozumowania",
+  "com_endpoint_save_as_preset": "Zapisz jako preset",
   "com_endpoint_search": "Wyszukaj punkt końcowy po nazwie",
+  "com_endpoint_search_endpoint_models": "Szukaj modeli {{0}}...",
+  "com_endpoint_search_models": "Szukaj modeli...",
+  "com_endpoint_search_var": "Szukaj {{0}}...",
   "com_endpoint_set_custom_name": "Ustaw własną nazwę, w razie potrzeby odszukania tego ustawienia",
   "com_endpoint_stop": "Stop",
   "com_endpoint_stop_placeholder": "Oddziel wartości naciskając `Enter`",
   "com_endpoint_temperature": "Temperatura",
+  "com_endpoint_thinking": "Myślenie",
+  "com_endpoint_thinking_budget": "Budżet Myślenia",
+  "com_endpoint_thinking_level": "Poziom Myślenia",
   "com_endpoint_top_k": "Top K",
   "com_endpoint_top_p": "Top P",
   "com_endpoint_use_active_assistant": "Użyj aktywnego asystenta",
+  "com_endpoint_use_responses_api": "Użyj Responses API",
+  "com_endpoint_use_search_grounding": "Ugruntowanie (Grounding) z Wyszukiwarką Google",
+  "com_endpoint_verbosity": "Szczegółowość",
+  "com_error_endpoint_models_not_loaded": "Modele dla {{0}} nie mogły zostać załadowane. Odśwież stronę i spróbuj ponownie.",
   "com_error_expired_user_key": "Podany klucz dla {{0}} wygasł w {{1}}. Proszę podać nowy klucz i spróbować ponownie.",
   "com_error_files_dupe": "Wykryto zduplikowany plik.",
   "com_error_files_empty": "Puste pliki nie są dozwolone.",
   "com_error_files_process": "Wystąpił błąd podczas przetwarzania pliku.",
   "com_error_files_upload": "Wystąpił błąd podczas przesyłania pliku.",
   "com_error_files_upload_canceled": "Żądanie przesłania pliku zostało anulowane. Uwaga: przesyłanie pliku może nadal być przetwarzane i będzie wymagało ręcznego usunięcia.",
+  "com_error_files_upload_too_large": "Plik jest zbyt duży. Proszę przesłać plik mniejszy niż {{0}} MB",
   "com_error_files_validation": "Wystąpił błąd podczas walidacji pliku.",
+  "com_error_google_tool_conflict": "Używanie wbudowanych narzędzi Google nie jest obsługiwane wraz z narzędziami zewnętrznymi. Proszę wyłączyć wbudowane narzędzia lub narzędzia zewnętrzne.",
+  "com_error_heic_conversion": "Nie udało się przekonwertować obrazu HEIC na JPEG. Spróbuj przekonwertować obraz ręcznie lub użyj innego formatu.",
+  "com_error_illegal_model_request": "Model \"{{0}}\" nie jest dostępny dla {{1}}. Wybierz inny model.",
   "com_error_input_length": "Liczba tokenów najnowszej wiadomości jest zbyt duża, przekraczając limit tokenów ({{0}}). Proszę skrócić swoją wiadomość, dopasuj maksymalny rozmiar kontekstu z parametrów rozmowy lub rozgałęź rozmowę, aby kontynuować.",
+  "com_error_invalid_agent_provider": "Dostawca \"{{0}}\" nie jest dostępny do użycia z Agentami. Przejdź do ustawień agenta i wybierz aktualnie dostępnego dostawcę.",
   "com_error_invalid_user_key": "Podano nieprawidłowy klucz. Podaj prawidłowy klucz i spróbuj ponownie.",
+  "com_error_missing_model": "Nie wybrano modelu dla {{0}}. Wybierz model i spróbuj ponownie.",
+  "com_error_models_not_loaded": "Nie można załadować konfiguracji modeli. Odśwież stronę i spróbuj ponownie.",
   "com_error_moderation": "Wygląda na to, że przesłana treść została oznaczona przez nasz system moderacji jako niezgodna z naszymi wytycznymi społeczności. Nie możemy kontynuować z tym konkretnym tematem. Jeśli masz inne pytania lub tematy do omówienia, proszę edytuj swoją wiadomość lub utwórz nową rozmowę.",
   "com_error_no_base_url": "Nie znaleziono podstawowego URL. Podaj go i spróbuj ponownie.",
   "com_error_no_user_key": "Nie znaleziono klucza. Podaj klucz i spróbuj ponownie.",
+  "com_error_refusal": "Odpowiedź odrzucona przez filtry bezpieczeństwa. Przeredaguj wiadomość i spróbuj ponownie. Jeśli napotykasz to często używając Claude Sonnet 4.5 lub Opus 4.1, spróbuj Sonnet 4, który ma inne ograniczenia użytkowania.",
+  "com_file_pages": "Strony: {{pages}}",
+  "com_file_source": "Plik",
+  "com_file_unknown": "Nieznany Plik",
+  "com_files_download_failed": "Nie udało się pobrać {{0}} plików",
+  "com_files_download_percent_complete": "{{0}}% ukończono",
+  "com_files_download_progress": "{{0}} z {{1}} plików",
+  "com_files_downloading": "Pobieranie Plików",
   "com_files_filter": "Filtruj pliki...",
+  "com_files_filter_by": "Filtruj pliki według...",
   "com_files_no_results": "Brak wyników.",
   "com_files_number_selected": "{{0}} z {{1}} elementów wybranych",
+  "com_files_preparing_download": "Przygotowywanie pobierania...",
+  "com_files_result_found": "Znaleziono {{count}} wynik",
+  "com_files_results_found": "Znaleziono {{count}} wyników",
+  "com_files_sharepoint_picker_title": "Wybierz Pliki",
+  "com_files_table": "Tabela Plików",
+  "com_files_upload_local_machine": "Z lokalnego komputera",
+  "com_files_upload_sharepoint": "Z SharePoint",
   "com_generated_files": "Wygenerowane pliki:",
   "com_hide_examples": "Ukryj przykłady",
+  "com_info_heic_converting": "Konwertowanie obrazu HEIC na JPEG...",
+  "com_nav_2fa": "Uwierzytelnianie Dwuskładnikowe (2FA)",
   "com_nav_account_settings": "Ustawienia konta",
   "com_nav_always_make_prod": "Zawsze twórz nowe wersje produkcyjne",
-  "com_nav_archive_created_at": "Utworzono",
+  "com_nav_archive_created_at": "Data archiwizacji",
   "com_nav_archive_name": "Nazwa",
   "com_nav_archived_chats": "Zarchiwizowane rozmowy",
-  "com_nav_at_command": "Polecenie @",
-  "com_nav_at_command_description": "Przełącz polecenie \"@\" do przełączania punktów końcowych, modeli, presetów, itp.",
+  "com_nav_at_command": "Komenda @",
+  "com_nav_at_command_description": "Włącz obsługę komendy \"@\", aby szybko zmieniać punkty końcowe, modele, presety itp.",
   "com_nav_audio_play_error": "Błąd odtwarzania audio: {{0}}",
   "com_nav_audio_process_error": "Błąd przetwarzania audio: {{0}}",
   "com_nav_auto_scroll": "Automatyczne przewijanie do najnowszej wiadomości przy otwarciu czatu",
@@ -259,25 +408,51 @@
   "com_nav_auto_send_text": "Automatycznie wysyłaj tekst",
   "com_nav_auto_transcribe_audio": "Automatycznie transkrybuj audio",
   "com_nav_automatic_playback": "Automatyczne odtwarzanie najnowszej wiadomości",
-  "com_nav_balance": "Balansować",
+  "com_nav_balance": "Saldo",
+  "com_nav_balance_auto_refill_disabled": "Automatyczne doładowanie jest wyłączone.",
+  "com_nav_balance_auto_refill_error": "Błąd ładowania ustawień automatycznego doładowania.",
+  "com_nav_balance_auto_refill_settings": "Ustawienia Automatycznego Doładowania",
+  "com_nav_balance_day": "dzień",
+  "com_nav_balance_days": "dni",
+  "com_nav_balance_every": "Co",
+  "com_nav_balance_hour": "godzina",
+  "com_nav_balance_hours": "godziny",
+  "com_nav_balance_interval": "Interwał:",
+  "com_nav_balance_last_refill": "Ostatnie Doładowanie:",
+  "com_nav_balance_minute": "minuta",
+  "com_nav_balance_minutes": "minuty",
+  "com_nav_balance_month": "miesiąc",
+  "com_nav_balance_months": "miesiące",
+  "com_nav_balance_next_refill": "Następne Doładowanie:",
+  "com_nav_balance_next_refill_info": "Kolejne doładowanie nastąpi automatycznie tylko wtedy, gdy spełnione zostaną oba warunki: upłynął wyznaczony czas od ostatniego doładowania, a wysłanie zapytania spowodowałoby spadek salda poniżej zera.",
+  "com_nav_balance_refill_amount": "Kwota Doładowania:",
+  "com_nav_balance_second": "sekunda",
+  "com_nav_balance_seconds": "sekundy",
+  "com_nav_balance_week": "tydzień",
+  "com_nav_balance_weeks": "tygodnie",
   "com_nav_browser": "Przeglądarka",
+  "com_nav_center_chat_input": "Wyśrodkuj pole czatu na ekranie powitalnym",
   "com_nav_change_picture": "Zmień zdjęcie",
   "com_nav_chat_commands": "Polecenia czatu",
   "com_nav_chat_commands_info": "Te polecenia są aktywowane przez wpisanie określonych znaków na początku twojej wiadomości. Każde polecenie jest uruchamiane przez wyznaczony prefiks. Możesz je wyłączyć, jeśli często używasz tych znaków do rozpoczynania wiadomości.",
   "com_nav_chat_direction": "Kierunek czatu",
+  "com_nav_chat_direction_selected": "Kierunek czatu: {{direction}}",
   "com_nav_clear_all_chats": "Usuń wszystkie konwersacje",
+  "com_nav_clear_cache_confirm_message": "Czy na pewno chcesz wyczyścić pamięć podręczną?",
   "com_nav_clear_conversation": "Wyczyść rozmowę",
   "com_nav_clear_conversation_confirm_message": "Czy na pewno chcesz usunąć wszystkie konwersacje? Tej operacji nie można cofnąć.",
   "com_nav_close_sidebar": "Zamknij pasek boczny",
   "com_nav_commands": "Polecenia",
   "com_nav_confirm_clear": "Potwierdź usunięcie",
+  "com_nav_control_panel": "Panel Sterowania",
   "com_nav_conversation_mode": "Tryb konwersacji",
   "com_nav_convo_menu_options": "Opcje menu rozmowy",
   "com_nav_db_sensitivity": "Czułość decybeli",
+  "com_nav_default_temporary_chat": "Domyślnie otwieraj czat tymczasowy",
   "com_nav_delete_account": "Usuń konto",
   "com_nav_delete_account_button": "Trwale usuń moje konto",
-  "com_nav_delete_account_confirm": "Usunąć konto - jesteś pewien?",
-  "com_nav_delete_account_email_placeholder": "Proszę wprowadzić email konta",
+  "com_nav_delete_account_confirm": "Czy na pewno chcesz usunąć konto?",
+  "com_nav_delete_account_email_placeholder": "Proszę wprowadzić adres e-mail konta",
   "com_nav_delete_cache_storage": "Usuń pamięć podręczną TTS",
   "com_nav_delete_data_info": "Wszystkie twoje dane zostaną usunięte.",
   "com_nav_delete_warning": "OSTRZEŻENIE: To trwale usunie twoje konto.",
@@ -285,34 +460,47 @@
   "com_nav_enable_cloud_browser_voice": "Użyj głosów opartych na chmurze",
   "com_nav_engine": "Silnik",
   "com_nav_enter_to_send": "Naciśnij Enter, aby wysłać wiadomości",
+  "com_nav_export": "Eksportuj",
   "com_nav_export_all_message_branches": "Eksportuj wszystkie gałęzie wiadomości",
   "com_nav_export_conversation": "Eksportuj konwersację",
   "com_nav_export_filename": "Nazwa pliku",
   "com_nav_export_filename_placeholder": "Podaj nazwę pliku",
-  "com_nav_export_include_endpoint_options": "Dołącz opcje punktu końcowego",
+  "com_nav_export_include_endpoint_options": "Uwzględnij opcje punktu końcowego",
   "com_nav_export_recursive": "Rekurencyjny",
   "com_nav_export_recursive_or_sequential": "Rekurencyjny czy sekwencyjny?",
   "com_nav_export_type": "Typ",
   "com_nav_external": "Zewnętrzny",
-  "com_nav_font_size": "Rozmiar czcionki",
+  "com_nav_font_size": "Rozmiar czcionki wiadomości",
   "com_nav_font_size_base": "Średni",
   "com_nav_font_size_lg": "Duży",
   "com_nav_font_size_sm": "Mały",
-  "com_nav_font_size_xl": "Bardzo duży",
-  "com_nav_font_size_xs": "Bardzo mały",
+  "com_nav_font_size_xl": "Bardzo Duży",
+  "com_nav_font_size_xs": "Bardzo Mały",
   "com_nav_help_faq": "Pomoc i często zadawane pytania",
-  "com_nav_hide_panel": "Ukryj skrajny prawy panel",
+  "com_nav_info_balance": "Saldo pokazuje, ile kredytów tokenów pozostało do wykorzystania. Kredyty tokenów przekładają się na wartość pieniężną (np. 1000 kredytów = 0.001 PLN)",
   "com_nav_info_code_artifacts": "Włącza wyświetlanie eksperymentalnych artefaktów kodu obok czatu",
+  "com_nav_info_code_artifacts_agent": "Umożliwia użycie artefaktów kodu dla tego agenta. Domyślnie dodawane są dodatkowe instrukcje specyficzne dla użycia artefaktów, chyba że włączono \"Tryb Niestandardowego Promptu\".",
   "com_nav_info_custom_prompt_mode": "Gdy włączone, domyślny systemowy prompt artefaktów nie zostanie dołączony. Wszystkie instrukcje generowania artefaktów muszą być podane ręcznie w tym trybie.",
+  "com_nav_info_default_temporary_chat": "Gdy włączone, nowe czaty będą domyślnie uruchamiane w trybie tymczasowym. Czaty tymczasowe nie są zapisywane w historii.",
   "com_nav_info_enter_to_send": "Gdy włączone, naciśnięcie `ENTER` wyśle twoją wiadomość. Gdy wyłączone, naciśnięcie Enter doda nową linię, a do wysłania wiadomości będziesz potrzebować `CTRL + ENTER` / `⌘ + ENTER`.",
+  "com_nav_info_fork_change_default": "`Tylko widoczne wiadomości` obejmuje tylko bezpośrednią ścieżkę do wybranej wiadomości. `Dołącz powiązane gałęzie` dodaje gałęzie wzdłuż ścieżki. `Dołącz wszystko od/do tego miejsca` obejmuje wszystkie połączone wiadomości i gałęzie.",
+  "com_nav_info_fork_split_target_setting": "Gdy włączone, rozgałęzienie rozpocznie się od wiadomości docelowej do ostatniej wiadomości w rozmowie, zgodnie z wybranym zachowaniem.",
   "com_nav_info_include_shadcnui": "Gdy włączone, instrukcje dotyczące używania komponentów shadcn/ui zostaną dołączone. shadcn/ui to kolekcja komponentów wielokrotnego użytku zbudowanych przy użyciu Radix UI i Tailwind CSS. Uwaga: są to obszerne instrukcje, powinieneś je włączyć tylko wtedy, gdy poinformowanie LLM o prawidłowych importach i komponentach jest dla ciebie ważne. Aby uzyskać więcej informacji o tych komponentach, odwiedź: https://ui.shadcn.com/",
   "com_nav_info_latex_parsing": "Gdy włączone, kod LaTeX w wiadomościach będzie renderowany jako równania matematyczne. Wyłączenie tego może poprawić wydajność, jeśli nie potrzebujesz renderowania LaTeX.",
+  "com_nav_info_save_badges_state": "Gdy włączone, stan odznak czatu zostanie zapisany. Oznacza to, że jeśli utworzysz nowy czat, odznaki pozostaną w takim samym stanie jak w poprzednim czacie. Jeśli wyłączysz tę opcję, odznaki zresetują się do stanu domyślnego przy każdym nowym czacie",
   "com_nav_info_save_draft": "Gdy włączone, tekst i załączniki, które wprowadzasz w formularzu czatu, będą automatycznie zapisywane lokalnie jako szkice. Te szkice będą dostępne nawet po przeładowaniu strony lub przełączeniu się na inną rozmowę. Szkice są przechowywane lokalnie na twoim urządzeniu i są usuwane po wysłaniu wiadomości.",
-  "com_nav_info_show_thinking": "Gdy włączone, czat będzie domyślnie wyświetlał rozwijane menu myślenia, pozwalając na podgląd rozumowania AI w czasie rzeczywistym. Gdy wyłączone, rozwijane menu myślenia pozostaną domyślnie zamknięte dla czystszego i bardziej uporządkowanego interfejsu",
+  "com_nav_info_show_thinking": "Gdy włączone, czat będzie domyślnie wyświetlał rozwijane menu myślenia, pozwalając na podgląd rozumowania AI w czasie rzeczywistym. Gdy wyłączone, rozwijane menu myślenia pozostaną domyślnie zamknięte dla czystszego i bardziej uporządkowanego interfejsu.",
+  "com_nav_info_user_name_display": "Gdy włączone, nazwa użytkownika nadawcy będzie wyświetlana nad każdą wysłaną wiadomością. Gdy wyłączone, zobaczysz tylko \"Ty\" nad swoimi wiadomościami.",
+  "com_nav_keep_screen_awake": "Utrzymuj ekran włączony podczas generowania odpowiedzi",
   "com_nav_lang_arabic": "العربية",
+  "com_nav_lang_armenian": "Հայերեն",
   "com_nav_lang_auto": "Automatyczne wykrywanie",
+  "com_nav_lang_bosnian": "Босански",
   "com_nav_lang_brazilian_portuguese": "Português Brasileiro",
+  "com_nav_lang_catalan": "Català",
   "com_nav_lang_chinese": "中文",
+  "com_nav_lang_czech": "Čeština",
+  "com_nav_lang_danish": "Dansk",
   "com_nav_lang_dutch": "Nederlands",
   "com_nav_lang_english": "English",
   "com_nav_lang_estonian": "Eesti keel",
@@ -321,24 +509,50 @@
   "com_nav_lang_georgian": "ქართული",
   "com_nav_lang_german": "Deutsch",
   "com_nav_lang_hebrew": "עברית",
+  "com_nav_lang_hungarian": "Magyar",
+  "com_nav_lang_icelandic": "Íslenska",
   "com_nav_lang_indonesia": "Indonesia",
   "com_nav_lang_italian": "Italiano",
   "com_nav_lang_japanese": "日本語",
   "com_nav_lang_korean": "한국어",
+  "com_nav_lang_latvian": "Latviski",
+  "com_nav_lang_lithuanian": "Lietuvių",
+  "com_nav_lang_norwegian_bokmal": "Norsk Bokmål",
+  "com_nav_lang_norwegian_nynorsk": "Norsk Nynorsk",
+  "com_nav_lang_persian": "فارسی",
   "com_nav_lang_polish": "Polski",
   "com_nav_lang_portuguese": "Português",
   "com_nav_lang_russian": "Русский",
+  "com_nav_lang_slovak": "Slovenčina",
+  "com_nav_lang_slovenian": "Slovenščina",
   "com_nav_lang_spanish": "Español",
   "com_nav_lang_swedish": "Svenska",
   "com_nav_lang_thai": "ไทย",
+  "com_nav_lang_tibetan": "བོད་སྐད་",
   "com_nav_lang_traditional_chinese": "繁體中文",
   "com_nav_lang_turkish": "Türkçe",
+  "com_nav_lang_ukrainian": "Українська",
+  "com_nav_lang_uyghur": "Uyƣur tili",
   "com_nav_lang_vietnamese": "Tiếng Việt",
   "com_nav_language": "Język",
-  "com_nav_latex_parsing": "Parsowanie LaTeX w wiadomościach (może wpływać na wydajność)",
+  "com_nav_latex_parsing": "Renderowanie LaTeX w wiadomościach (może wpływać na wydajność)",
   "com_nav_log_out": "Wyloguj",
   "com_nav_long_audio_warning": "Dłuższe teksty będą potrzebować więcej czasu na przetworzenie.",
   "com_nav_maximize_chat_space": "Maksymalizuj przestrzeń czatu",
+  "com_nav_mcp_access_revoked": "Dostęp do serwera MCP unieważniony pomyślnie.",
+  "com_nav_mcp_configure_server": "Konfiguruj {{0}}",
+  "com_nav_mcp_connect": "Połącz",
+  "com_nav_mcp_connect_server": "Połącz {{0}}",
+  "com_nav_mcp_reconnect": "Połącz ponownie",
+  "com_nav_mcp_status_connected": "Połączono",
+  "com_nav_mcp_status_connecting": "{{0}} - Łączenie",
+  "com_nav_mcp_status_disconnected": "Rozłączono",
+  "com_nav_mcp_status_error": "Błąd",
+  "com_nav_mcp_status_initializing": "Inicjalizacja",
+  "com_nav_mcp_status_needs_auth": "Wymaga Autoryzacji",
+  "com_nav_mcp_status_unknown": "Nieznany",
+  "com_nav_mcp_vars_update_error": "Błąd aktualizacji niestandardowych zmiennych użytkownika MCP",
+  "com_nav_mcp_vars_updated": "Niestandardowe zmienne użytkownika MCP zaktualizowane pomyślnie.",
   "com_nav_modular_chat": "Włącz przełączanie punktów końcowych w trakcie rozmowy",
   "com_nav_my_files": "Moje pliki",
   "com_nav_not_supported": "Nieobsługiwane",
@@ -348,31 +562,37 @@
   "com_nav_plus_command": "Polecenie +",
   "com_nav_plus_command_description": "Przełącz polecenie \"+\" do dodawania ustawienia wielu odpowiedzi",
   "com_nav_profile_picture": "Zdjęcie profilowe",
+  "com_nav_save_badges_state": "Zapisz stan odznak",
   "com_nav_save_drafts": "Zapisuj szkice lokalnie",
   "com_nav_scroll_button": "Przycisk przewijania do końca",
   "com_nav_search_placeholder": "Szukaj wiadomości",
   "com_nav_send_message": "Wyślij wiadomość",
   "com_nav_setting_account": "Konto",
+  "com_nav_setting_balance": "Saldo",
   "com_nav_setting_chat": "Czat",
   "com_nav_setting_data": "Kontrola danych",
+  "com_nav_setting_delay": "Opóźnienie (s)",
   "com_nav_setting_general": "Ogólne",
+  "com_nav_setting_mcp": "Ustawienia MCP",
+  "com_nav_setting_personalization": "Personalizacja",
   "com_nav_setting_speech": "Mowa",
   "com_nav_settings": "Ustawienia",
   "com_nav_shared_links": "Linki udostępnione",
-  "com_nav_show_code": "Zawsze pokazuj kod podczas używania interpretera kodu",
-  "com_nav_show_thinking": "Domyślnie otwieraj rozwijane menu myślenia",
+  "com_nav_show_thinking": "Domyślnie rozwijaj sekcję myślenia",
   "com_nav_slash_command": "Polecenie /",
   "com_nav_slash_command_description": "Przełącz polecenie \"/\" do wybierania promptu za pomocą klawiatury",
-  "com_nav_speech_to_text": "Mowa na tekst",
+  "com_nav_speech_to_text": "Zamiana mowy na tekst",
   "com_nav_stop_generating": "Zatrzymaj generowanie",
-  "com_nav_text_to_speech": "Tekst na mowę",
+  "com_nav_text_to_speech": "Zamiana tekstu na mowę",
   "com_nav_theme": "Motyw",
   "com_nav_theme_dark": "Ciemny",
   "com_nav_theme_light": "Jasny",
-  "com_nav_theme_system": "Domyślny",
+  "com_nav_theme_system": "Zgodny z systemem",
+  "com_nav_toggle_sidebar": "Przełącz pasek boczny",
   "com_nav_tool_dialog": "Narzędzia asystenta",
   "com_nav_tool_dialog_agents": "Narzędzia agenta",
   "com_nav_tool_dialog_description": "Asystent musi zostać zapisany, aby zachować wybrane narzędzia.",
+  "com_nav_tool_dialog_mcp_server_tools": "Narzędzia Serwera MCP",
   "com_nav_tool_remove": "Usuń",
   "com_nav_tool_search": "Wyszukaj narzędzia",
   "com_nav_user": "Użytkownik",
@@ -387,55 +607,174 @@
   "com_sidepanel_hide_panel": "Ukryj Panel",
   "com_sidepanel_manage_files": "Zarządzaj Plikami",
   "com_sidepanel_parameters": "Parametry",
+  "com_sources_agent_file": "Dokument Źródłowy",
+  "com_sources_agent_files": "Pliki Agenta",
+  "com_sources_download_aria_label": "Pobierz {{filename}}{{status}}",
+  "com_sources_download_failed": "Pobieranie nie powiodło się",
+  "com_sources_download_local_unavailable": "Nie można pobrać: Plik nie jest zapisany",
+  "com_sources_downloading_status": " (pobieranie...)",
+  "com_sources_error_fallback": "Nie można załadować źródeł",
+  "com_sources_image_alt": "Obraz wyniku wyszukiwania",
+  "com_sources_more_files": "+{{count}} plików",
+  "com_sources_more_sources": "+{{count}} źródeł",
+  "com_sources_pages": "Strony",
+  "com_sources_region_label": "Wyniki wyszukiwania i źródła",
+  "com_sources_reload_page": "Odśwież stronę",
+  "com_sources_tab_all": "Wszystkie",
+  "com_sources_tab_files": "Pliki",
+  "com_sources_tab_images": "Obrazy",
+  "com_sources_tab_news": "Wiadomości",
+  "com_sources_title": "Źródła",
   "com_ui_2fa_account_security": "2FA dodaje dodatkową warstwę bezpieczeństwa do twojego konta.",
-  "com_ui_2fa_disable": " Wyłącz 2FA",
+  "com_ui_2fa_disable": "Wyłącz 2FA",
   "com_ui_2fa_disable_error": "Błąd podczas wyłączania 2FA",
   "com_ui_2fa_disabled": "2FA zostało wyłączone",
   "com_ui_2fa_enable": "Włącz 2FA",
   "com_ui_2fa_enabled": "2FA zostało włączone",
+  "com_ui_2fa_generate_error": "Wystąpił błąd podczas generowania ustawień uwierzytelniania dwuskładnikowego",
+  "com_ui_2fa_invalid": "Nieprawidłowy kod uwierzytelniania dwuskładnikowego",
+  "com_ui_2fa_setup": "Skonfiguruj 2FA",
+  "com_ui_2fa_verified": "Pomyślnie zweryfikowano uwierzytelnianie dwuskładnikowe",
   "com_ui_accept": "Akceptuję",
+  "com_ui_action_button": "Przycisk akcji",
+  "com_ui_active": "Aktywny",
   "com_ui_add": "Dodaj",
+  "com_ui_add_code_interpreter_api_key": "Dodaj klucz API interpretera kodu",
+  "com_ui_add_first_bookmark": "Kliknij na czat, aby dodać zakładkę",
+  "com_ui_add_first_mcp_server": "Utwórz swój pierwszy serwer MCP, aby rozpocząć",
+  "com_ui_add_first_prompt": "Utwórz swój pierwszy prompt, aby rozpocząć",
+  "com_ui_add_mcp": "Dodaj MCP",
+  "com_ui_add_mcp_server": "Dodaj serwer MCP",
   "com_ui_add_model_preset": "Dodaj model lub preset dla dodatkowej odpowiedzi",
   "com_ui_add_multi_conversation": "Dodaj wielokrotną konwersację",
+  "com_ui_add_special_variables": "Dodaj zmienne specjalne",
+  "com_ui_add_web_search_api_keys": "Dodaj klucze API wyszukiwania w sieci",
+  "com_ui_adding_details": "Dodawanie szczegółów",
+  "com_ui_additional_details": "Dodatkowe szczegóły",
   "com_ui_admin": "Administrator",
   "com_ui_admin_access_warning": "Wyłączenie dostępu administratora do tej funkcji może spowodować nieoczekiwane problemy z interfejsem użytkownika wymagające odświeżenia. Jeśli zostanie zapisane, jedynym sposobem na przywrócenie jest ustawienie interfejsu w konfiguracji librechat.yaml, które wpływa na wszystkie role.",
   "com_ui_admin_settings": "Ustawienia administratora",
+  "com_ui_admin_settings_section": "Ustawienia administratora - {{section}}",
   "com_ui_advanced": "Zaawansowane",
+  "com_ui_advanced_settings": "Ustawienia zaawansowane",
   "com_ui_agent": "Agent",
+  "com_ui_agent_api_keys": "Klucze API agenta",
+  "com_ui_agent_api_keys_description": "Utwórz klucze API, aby uzyskać zdalny dostęp do agentów",
+  "com_ui_agent_category_aftersales": "Obsługa posprzedażowa",
+  "com_ui_agent_category_finance": "Finanse",
+  "com_ui_agent_category_general": "Ogólne",
+  "com_ui_agent_category_hr": "HR",
+  "com_ui_agent_category_it": "IT",
+  "com_ui_agent_category_rd": "R&D",
+  "com_ui_agent_category_sales": "Sprzedaż",
+  "com_ui_agent_category_selector_aria": "Wybór kategorii agenta",
+  "com_ui_agent_chain": "Łańcuch agentów (Mixture-of-Agents)",
+  "com_ui_agent_chain_info": "Umożliwia tworzenie sekwencji agentów. Każdy agent może uzyskać dostęp do wyników poprzednich agentów w łańcuchu. Oparte na architekturze „Mixture-of-Agents”, w której agenci wykorzystują poprzednie wyniki jako informacje pomocnicze.",
+  "com_ui_agent_chain_max": "Osiągnąłeś maksymalną liczbę {{0}} agentów.",
   "com_ui_agent_delete_error": "Wystąpił błąd podczas usuwania agenta",
   "com_ui_agent_deleted": "Pomyślnie usunięto agenta",
   "com_ui_agent_duplicate_error": "Wystąpił błąd podczas duplikowania agenta",
   "com_ui_agent_duplicated": "Pomyślnie zduplikowano agenta",
+  "com_ui_agent_handoff_add": "Dodaj przekazanie do agenta",
+  "com_ui_agent_handoff_description": "Opis przekazania",
+  "com_ui_agent_handoff_description_placeholder": "np. Przekaż analitykowi danych w celu analizy statystycznej",
+  "com_ui_agent_handoff_info": "Skonfiguruj agentów, do których ten agent może przekazywać rozmowy, gdy potrzebna jest specjalistyczna wiedza.",
+  "com_ui_agent_handoff_info_2": "Każde przekazanie tworzy narzędzie transferu, które umożliwia płynne przekierowywanie do wyspecjalizowanych agentów wraz z kontekstem.",
+  "com_ui_agent_handoff_max": "Osiągnięto limit {{0}} agentów przekazania.",
+  "com_ui_agent_handoff_prompt": "Przekazywana treść",
+  "com_ui_agent_handoff_prompt_key": "Nazwa parametru treści (domyślnie: 'instructions')",
+  "com_ui_agent_handoff_prompt_key_placeholder": "Oznacz przekazywaną treść (domyślnie: 'instructions')",
+  "com_ui_agent_handoff_prompt_placeholder": "Poinstruuj tego agenta, jaką treść ma wygenerować i przekazać agentowi docelowemu. Musisz tutaj coś dodać, aby włączyć tę funkcję",
+  "com_ui_agent_handoffs": "Przekazania agenta",
+  "com_ui_agent_name_is_required": "Nazwa agenta jest wymagana",
+  "com_ui_agent_recursion_limit": "Maks. liczba kroków agenta",
+  "com_ui_agent_recursion_limit_info": "Ogranicza liczbę kroków, jakie agent może podjąć w jednym przebiegu przed udzieleniem ostatecznej odpowiedzi. Domyślnie 25 kroków. Krok to żądanie do API AI lub runda użycia narzędzia. Na przykład podstawowa interakcja z narzędziem zajmuje 3 kroki: żądanie początkowe, użycie narzędzia i żądanie uzupełniające.",
+  "com_ui_agent_url_copied": "Skopiowano URL agenta do schowka",
+  "com_ui_agent_var": "Agent {{0}}",
+  "com_ui_agent_version": "Wersja",
+  "com_ui_agent_version_active": "Aktywna wersja",
+  "com_ui_agent_version_empty": "Brak dostępnych wersji",
+  "com_ui_agent_version_error": "Błąd pobierania wersji",
+  "com_ui_agent_version_history": "Historia wersji",
+  "com_ui_agent_version_no_agent": "Nie wybrano agenta. Wybierz agenta, aby wyświetlić historię wersji.",
+  "com_ui_agent_version_no_date": "Data niedostępna",
+  "com_ui_agent_version_restore": "Przywróć",
+  "com_ui_agent_version_restore_confirm": "Czy na pewno chcesz przywrócić tę wersję?",
+  "com_ui_agent_version_restore_error": "Nie udało się przywrócić wersji",
+  "com_ui_agent_version_restore_success": "Wersja przywrócona pomyślnie",
+  "com_ui_agent_version_title": "Wersja {{versionNumber}}",
+  "com_ui_agent_version_unknown_date": "Nieznana data",
   "com_ui_agents": "Agenci",
   "com_ui_agents_allow_create": "Zezwól na tworzenie agentów",
+  "com_ui_agents_allow_share": "Zezwól na udostępnianie agentów",
+  "com_ui_agents_allow_share_public": "Zezwól na publiczne udostępnianie agentów",
   "com_ui_agents_allow_use": "Zezwól na używanie agentów",
   "com_ui_all": "wszystkie",
   "com_ui_all_proper": "Wszystkie",
+  "com_ui_analyzing": "Analizowanie",
+  "com_ui_analyzing_finished": "Zakończono analizę",
+  "com_ui_api_key": "Klucz API",
+  "com_ui_api_key_copied": "Skopiowano klucz API do schowka",
+  "com_ui_api_key_create_error": "Nie udało się utworzyć klucza API",
+  "com_ui_api_key_created": "Klucz API utworzony pomyślnie",
+  "com_ui_api_key_delete_error": "Nie udało się usunąć klucza API",
+  "com_ui_api_key_deleted": "Klucz API usunięty pomyślnie",
+  "com_ui_api_key_name": "Nazwa klucza",
+  "com_ui_api_key_name_placeholder": "Mój klucz API",
+  "com_ui_api_key_name_required": "Nazwa klucza API jest wymagana",
+  "com_ui_api_key_warning": "Upewnij się, że skopiowałeś klucz API teraz. Nie będziesz mógł go zobaczyć ponownie!",
+  "com_ui_api_keys_load_error": "Nie udało się załadować kluczy API",
   "com_ui_archive": "Archiwum",
-  "com_ui_archive_error": "Nie udało się archiwizować rozmowy",
+  "com_ui_archive_delete_error": "Nie udało się usunąć zarchiwizowanej rozmowy",
+  "com_ui_archive_error": "Nie udało się zarchiwizować rozmowy",
   "com_ui_artifact_click": "Kliknij, aby otworzyć",
   "com_ui_artifacts": "Artefakty",
+  "com_ui_artifacts_options": "Opcje artefaktów",
   "com_ui_artifacts_toggle": "Przełącz interfejs artefaktów",
+  "com_ui_artifacts_toggle_agent": "Włącz artefakty",
   "com_ui_ascending": "Rosnąco",
   "com_ui_assistant": "Asystent",
   "com_ui_assistant_delete_error": "Wystąpił błąd podczas usuwania asystenta",
   "com_ui_assistant_deleted": "Pomyślnie usunięto asystenta",
   "com_ui_assistants": "Asystenci",
   "com_ui_assistants_output": "Wyjście asystentów",
+  "com_ui_at_least_one_owner_required": "Wymagany jest co najmniej jeden właściciel",
   "com_ui_attach_error": "Nie można dołączyć pliku. Utwórz lub wybierz konwersację lub spróbuj odświeżyć stronę.",
+  "com_ui_attach_error_disabled": "Przesyłanie plików jest wyłączone dla tego punktu końcowego",
   "com_ui_attach_error_openai": "Nie można dołączyć plików Asystenta do innych punktów końcowych",
   "com_ui_attach_error_size": "Przekroczono limit rozmiaru pliku dla punktu końcowego:",
   "com_ui_attach_error_type": "Nieobsługiwany typ pliku dla punktu końcowego:",
+  "com_ui_attach_remove": "Usuń plik",
   "com_ui_attach_warn_endpoint": "Pliki inne niż asystenta mogą być ignorowane bez kompatybilnego narzędzia",
   "com_ui_attachment": "Załącznik",
+  "com_ui_auth_type": "Typ uwierzytelniania",
+  "com_ui_auth_url": "URL autoryzacji",
+  "com_ui_authenticate": "Uwierzytelnij",
   "com_ui_authentication": "Uwierzytelnianie",
+  "com_ui_authentication_type": "Typ uwierzytelniania",
+  "com_ui_auto": "Automatyczny",
   "com_ui_avatar": "Awatar",
+  "com_ui_azure": "Azure",
+  "com_ui_azure_ad": "Entra ID",
+  "com_ui_back": "Wstecz",
+  "com_ui_back_to_builder": "Powrót do kreatora",
   "com_ui_back_to_chat": "Powrót do czatu",
   "com_ui_back_to_prompts": "Powrót do promptów",
+  "com_ui_backup_code_number": "Kod #{{number}}",
+  "com_ui_backup_codes": "Kody zapasowe",
+  "com_ui_backup_codes_regenerate_error": "Wystąpił błąd podczas regenerowania kodów zapasowych",
+  "com_ui_backup_codes_regenerated": "Kody zapasowe zostały pomyślnie wygenerowane ponownie",
+  "com_ui_backup_codes_security_info": "Ze względów bezpieczeństwa kody zapasowe są wyświetlane tylko raz po wygenerowaniu. Zapisz je w bezpiecznym miejscu.",
+  "com_ui_backup_codes_status": "Status kodów zapasowych",
+  "com_ui_basic": "Podstawowy",
+  "com_ui_basic_auth_header": "Nagłówek podstawowej autoryzacji",
+  "com_ui_bearer": "Bearer",
+  "com_ui_beta": "Beta",
   "com_ui_bookmark_delete_confirm": "Czy na pewno chcesz usunąć tę zakładkę?",
   "com_ui_bookmarks": "Zakładki",
   "com_ui_bookmarks_add": "Dodaj zakładki",
   "com_ui_bookmarks_add_to_conversation": "Dodaj do bieżącej rozmowy",
+  "com_ui_bookmarks_count_selected": "Zakładki, zaznaczono {{count}}",
   "com_ui_bookmarks_create_error": "Wystąpił błąd podczas tworzenia zakładki",
   "com_ui_bookmarks_create_exists": "Ta zakładka już istnieje",
   "com_ui_bookmarks_create_success": "Zakładka została pomyślnie utworzona",
@@ -446,33 +785,92 @@
   "com_ui_bookmarks_edit": "Edytuj zakładkę",
   "com_ui_bookmarks_filter": "Filtruj zakładki...",
   "com_ui_bookmarks_new": "Nowa zakładka",
+  "com_ui_bookmarks_tag_exists": "Zakładka o takim tytule już istnieje",
   "com_ui_bookmarks_title": "Tytuł",
   "com_ui_bookmarks_update_error": "Wystąpił błąd podczas aktualizacji zakładki",
   "com_ui_bookmarks_update_success": "Zakładka została pomyślnie zaktualizowana",
+  "com_ui_branch_created": "Rozgałęzienie utworzone pomyślnie",
+  "com_ui_branch_error": "Nie udało się utworzyć rozgałęzienia",
+  "com_ui_branch_message": "Utwórz rozgałęzienie z tej odpowiedzi",
+  "com_ui_by_author": "przez {{0}}",
+  "com_ui_callback_url": "URL wywołania zwrotnego (Callback)",
   "com_ui_cancel": "Anuluj",
+  "com_ui_cancelled": "Anulowano",
+  "com_ui_category": "Kategoria",
+  "com_ui_change_version": "Zmień wersję",
   "com_ui_chat": "Czat",
   "com_ui_chat_history": "Historia czatu",
+  "com_ui_chats": "Czaty",
+  "com_ui_check_internet": "Sprawdź połączenie internetowe",
+  "com_ui_clear": "Wyczyść",
   "com_ui_clear_all": "Wyczyść wszystko",
+  "com_ui_clear_browser_cache": "Wyczyść pamięć podręczną przeglądarki",
+  "com_ui_clear_presets": "Wyczyść presety",
+  "com_ui_clear_search": "Wyczyść wyszukiwanie",
+  "com_ui_click_to_close": "Kliknij, aby zamknąć",
+  "com_ui_click_to_view_var": "Kliknij, aby wyświetlić {{0}}",
+  "com_ui_client_id": "ID klienta",
+  "com_ui_client_secret": "Sekret klienta",
+  "com_ui_close": "Zamknij",
+  "com_ui_close_menu": "Zamknij menu",
+  "com_ui_close_settings": "Zamknij ustawienia",
+  "com_ui_close_var": "Zamknij {{0}}",
+  "com_ui_close_window": "Zamknij okno",
   "com_ui_code": "Kod",
+  "com_ui_collapse": "Zwiń",
   "com_ui_collapse_chat": "Zwiń czat",
+  "com_ui_collapse_thoughts": "Zwiń myśli",
   "com_ui_command_placeholder": "Opcjonalnie: Wprowadź polecenie dla promptu lub użyj nazwy",
   "com_ui_command_usage_placeholder": "Wybierz prompt według polecenia lub nazwy",
+  "com_ui_complete_setup": "Zakończ konfigurację",
+  "com_ui_concise": "Zwięzły",
+  "com_ui_configure": "Konfiguruj",
+  "com_ui_configure_mcp_variables_for": "Skonfiguruj zmienne dla {{0}}",
+  "com_ui_confirm": "Potwierdź",
   "com_ui_confirm_action": "Potwierdź działanie",
   "com_ui_confirm_admin_use_change": "Zmiana tego ustawienia zablokuje dostęp dla administratorów, w tym Ciebie. Czy na pewno chcesz kontynuować?",
   "com_ui_confirm_change": "Potwierdź zmianę",
+  "com_ui_connecting": "Łączenie",
+  "com_ui_contact_admin_if_issue_persists": "Skontaktuj się z administratorem, jeśli problem będzie się powtarzał",
   "com_ui_context": "Kontekst",
+  "com_ui_context_filter_sort": "Filtruj i sortuj według kontekstu",
   "com_ui_continue": "Kontynuuj",
-  "com_ui_controls": "Kontrolki",
+  "com_ui_continue_oauth": "Kontynuuj z OAuth",
+  "com_ui_control_bar": "Pasek sterowania",
+  "com_ui_conversation": "rozmowa",
+  "com_ui_conversation_label": "Rozmowa: {{title}}",
+  "com_ui_conversation_not_found": "Nie znaleziono rozmowy",
+  "com_ui_conversations": "rozmowy",
+  "com_ui_convo_archived": "Rozmowa zarchiwizowana",
+  "com_ui_convo_delete_error": "Nie udało się usunąć rozmowy",
+  "com_ui_convo_delete_success": "Rozmowa została pomyślnie usunięta",
   "com_ui_copied": "Skopiowano!",
   "com_ui_copied_to_clipboard": "Skopiowano do schowka",
+  "com_ui_copy": "Kopiuj",
   "com_ui_copy_code": "Kopiuj kod",
   "com_ui_copy_link": "Skopiuj link",
+  "com_ui_copy_stack_trace": "Skopiuj ślad stosu",
+  "com_ui_copy_thoughts_to_clipboard": "Skopiuj przemyślenia do schowka",
   "com_ui_copy_to_clipboard": "Kopiuj do schowka",
+  "com_ui_copy_url_to_clipboard": "Skopiuj URL do schowka",
   "com_ui_create": "Utwórz",
+  "com_ui_create_api_key": "Utwórz klucz API",
+  "com_ui_create_assistant": "Utwórz asystenta",
   "com_ui_create_link": "Utwórz link",
+  "com_ui_create_mcp_server": "Utwórz serwer MCP",
+  "com_ui_create_memory": "Utwórz wspomnienie",
+  "com_ui_create_new_agent": "Utwórz nowego agenta",
   "com_ui_create_prompt": "Utwórz prompt",
+  "com_ui_create_prompt_page": "Strona konfiguracji nowego promptu",
+  "com_ui_created": "Utworzono",
+  "com_ui_creating": "Tworzenie...",
+  "com_ui_creating_image": "Tworzenie obrazu. Może to chwilę potrwać",
+  "com_ui_current": "Bieżący",
   "com_ui_currently_production": "Aktualnie w produkcji",
+  "com_ui_custom": "Niestandardowy",
+  "com_ui_custom_header_name": "Niestandardowa nazwa nagłówka",
   "com_ui_custom_prompt_mode": "Tryb niestandardowego promptu",
+  "com_ui_dark_theme_enabled": "Włączono ciemny motyw",
   "com_ui_dashboard": "Panel",
   "com_ui_date": "Data",
   "com_ui_date_april": "Kwiecień",
@@ -489,61 +887,139 @@
   "com_ui_date_previous_30_days": "Poprzednie 30 dni",
   "com_ui_date_previous_7_days": "Poprzednie 7 dni",
   "com_ui_date_september": "Wrzesień",
+  "com_ui_date_sort": "Sortuj według daty",
   "com_ui_date_today": "Dzisiaj",
   "com_ui_date_yesterday": "Wczoraj",
   "com_ui_decline": "Nie akceptuję",
+  "com_ui_default_post_request": "Domyślny (żądanie POST)",
   "com_ui_delete": "Usuń",
   "com_ui_delete_action": "Usuń akcję",
   "com_ui_delete_action_confirm": "Czy na pewno chcesz usunąć tę akcję?",
+  "com_ui_delete_agent": "Usuń agenta",
   "com_ui_delete_agent_confirm": "Czy na pewno chcesz usunąć tego agenta?",
-  "com_ui_delete_assistant_confirm": "Czy na pewno chcesz usunąć tego Asystenta? Tej operacji nie można cofnąć.",
+  "com_ui_delete_assistant": "Usuń asystenta",
+  "com_ui_delete_assistant_confirm": "Czy na pewno chcesz usunąć tego asystenta? Tej operacji nie można cofnąć.",
   "com_ui_delete_confirm": "Spowoduje to usunięcie",
   "com_ui_delete_confirm_prompt_version_var": "Spowoduje to usunięcie wybranej wersji dla \"{{0}}.\" Jeśli nie istnieją inne wersje, prompt zostanie usunięty.",
+  "com_ui_delete_confirm_strong": "To spowoduje usunięcie <strong>{{title}}</strong>",
   "com_ui_delete_conversation": "Usunąć czat?",
+  "com_ui_delete_conversation_tooltip": "Usuń rozmowę",
+  "com_ui_delete_mcp_server": "Usunąć serwer MCP?",
+  "com_ui_delete_mcp_server_name": "Usuń serwer MCP {{0}}",
+  "com_ui_delete_memory": "Usuń wspomnienie",
+  "com_ui_delete_not_allowed": "Operacja usuwania jest niedozwolona",
+  "com_ui_delete_preset": "Usunąć preset?",
   "com_ui_delete_prompt": "Usunąć prompt?",
+  "com_ui_delete_prompt_name": "Usuń prompt - {{name}}",
+  "com_ui_delete_shared_link": "Usunąć udostępniony link?",
+  "com_ui_delete_shared_link_heading": "Usuń udostępniony link",
+  "com_ui_delete_success": "Pomyślnie usunięto",
   "com_ui_delete_tool": "Usuń narzędzie",
   "com_ui_delete_tool_confirm": "Czy na pewno chcesz usunąć to narzędzie?",
+  "com_ui_delete_tool_save_reminder": "Narzędzie usunięte. Zapisz agenta, aby zastosować zmiany.",
+  "com_ui_deleted": "Usunięto",
+  "com_ui_deleting": "Usuwanie...",
+  "com_ui_deleting_file": "Usuwanie pliku...",
   "com_ui_descending": "Malejąco",
   "com_ui_description": "Opis",
   "com_ui_description_placeholder": "Opcjonalnie: Wprowadź opis do wyświetlenia dla promptu",
+  "com_ui_deselect_all": "Odznacz wszystko",
+  "com_ui_detailed": "Szczegółowy",
+  "com_ui_disabling": "Wyłączanie...",
+  "com_ui_done": "Gotowe",
   "com_ui_download": "Pobierz",
   "com_ui_download_artifact": "Pobierz artefakt",
+  "com_ui_download_backup": "Pobierz kody zapasowe",
+  "com_ui_download_backup_tooltip": "Zanim przejdziesz dalej, pobierz kody zapasowe. Będziesz ich potrzebować, aby odzyskać dostęp, jeśli utracisz urządzenie uwierzytelniające",
   "com_ui_download_error": "Błąd pobierania pliku. Plik mógł zostać usunięty.",
+  "com_ui_download_error_logs": "Pobierz logi błędów",
+  "com_ui_drag_drop": "Upuść dowolny plik tutaj, aby dodać go do rozmowy",
   "com_ui_dropdown_variables": "Zmienne rozwijane:",
-  "com_ui_dropdown_variables_info": "Twórz własne menu rozwijane dla swoich promptów: `{{nazwa_zmiennej:opcja1|opcja2|opcja3}}`",
   "com_ui_duplicate": "Duplikuj",
+  "com_ui_duplicate_agent": "Duplikuj agenta",
   "com_ui_duplication_error": "Wystąpił błąd podczas duplikowania konwersacji",
   "com_ui_duplication_processing": "Duplikowanie konwersacji...",
   "com_ui_duplication_success": "Pomyślnie zduplikowano konwersację",
   "com_ui_edit": "Edytuj",
+  "com_ui_edit_editing_image": "Edytowanie obrazu",
+  "com_ui_edit_mcp_server": "Edytuj serwer MCP",
+  "com_ui_edit_mcp_server_dialog_description": "Unikalny identyfikator serwera: {{serverName}}",
+  "com_ui_edit_memory": "Edytuj wspomnienie",
+  "com_ui_edit_preset_title": "Edytuj preset - {{title}}",
+  "com_ui_edit_prompt_page": "Strona edycji promptu",
+  "com_ui_editable_message": "Wiadomość edytowalna",
+  "com_ui_editor_instructions": "Przeciągnij obraz, by go przesunąć • Zmień rozmiar używając suwaka lub przycisków",
+  "com_ui_empty_category": "-",
   "com_ui_endpoint": "Punkt końcowy",
   "com_ui_endpoint_menu": "Menu punktu końcowego LLM",
   "com_ui_enter": "Wprowadź",
   "com_ui_enter_api_key": "Wprowadź klucz API",
+  "com_ui_enter_description": "Wprowadź opis (opcjonalnie)",
+  "com_ui_enter_key": "Wprowadź klucz",
+  "com_ui_enter_name": "Wprowadź nazwę",
   "com_ui_enter_openapi_schema": "Wprowadź swoją schemę OpenAPI tutaj",
+  "com_ui_enter_value": "Wprowadź wartość",
   "com_ui_error": "Błąd",
   "com_ui_error_connection": "Błąd połączenia z serwerem, spróbuj odświeżyć stronę.",
+  "com_ui_error_message_prefix": "Komunikat błędu:",
   "com_ui_error_save_admin_settings": "Wystąpił błąd podczas zapisywania ustawień administratora.",
+  "com_ui_error_try_following_prefix": "Spróbuj jednej z następujących opcji",
+  "com_ui_error_unexpected": "Ups! Wystąpiło coś nieoczekiwanego.",
+  "com_ui_error_updating_preferences": "Błąd podczas aktualizacji preferencji",
+  "com_ui_everyone_permission_level": "Poziom uprawnień dla wszystkich",
   "com_ui_examples": "Przykłady",
+  "com_ui_expand": "Rozwiń",
+  "com_ui_expand_chat": "Rozwiń czat",
+  "com_ui_expand_thoughts": "Rozwiń przemyślenia",
   "com_ui_export_convo_modal": "Eksportuj okno rozmowy",
+  "com_ui_feedback_more": "Więcej...",
+  "com_ui_feedback_more_information": "Podaj dodatkowe informacje zwrotne",
+  "com_ui_feedback_negative": "Wymaga poprawy",
+  "com_ui_feedback_placeholder": "Tutaj podaj dodatkowe informacje zwrotne",
+  "com_ui_feedback_positive": "Podoba mi się",
+  "com_ui_feedback_tag_accurate_reliable": "Dokładne i wiarygodne",
+  "com_ui_feedback_tag_attention_to_detail": "Dbałość o szczegóły",
+  "com_ui_feedback_tag_bad_style": "Słaby styl lub ton",
+  "com_ui_feedback_tag_clear_well_written": "Jasne i dobrze napisane",
+  "com_ui_feedback_tag_creative_solution": "Kreatywne rozwiązanie",
+  "com_ui_feedback_tag_inaccurate": "Niedokładna lub nieprawidłowa odpowiedź",
+  "com_ui_feedback_tag_missing_image": "Oczekiwano obrazu",
+  "com_ui_feedback_tag_not_helpful": "Brak przydatnych informacji",
+  "com_ui_feedback_tag_not_matched": "Nie pasuje do mojego żądania",
+  "com_ui_feedback_tag_other": "Inny problem",
+  "com_ui_feedback_tag_unjustified_refusal": "Odmowa bez powodu",
+  "com_ui_field_max_length": "Pole \"{{field}}\" musi zawierać mniej niż {{length}} znaków",
   "com_ui_field_required": "To pole jest wymagane",
+  "com_ui_file_input_avatar_label": "Wybór pliku awatara",
+  "com_ui_file_size": "Rozmiar pliku",
+  "com_ui_file_token_limit": "Limit tokenów pliku",
+  "com_ui_file_token_limit_desc": "Ustaw maksymalny limit tokenów dla przetwarzania plików, aby kontrolować koszty i zużycie zasobów",
+  "com_ui_files": "Pliki",
+  "com_ui_filter_mcp_servers": "Filtruj serwery MCP według nazwy",
   "com_ui_filter_prompts": "Filtruj prompty",
-  "com_ui_filter_prompts_name": "Filtruj prompty po nazwie",
+  "com_ui_filter_prompts_name": "Filtruj prompty według nazwy",
+  "com_ui_final_touch": "Ostatni szlif",
+  "com_ui_finance": "Finanse",
   "com_ui_fork": "Rozgałęź",
   "com_ui_fork_all_target": "Dołącz wszystko do/z tego miejsca",
   "com_ui_fork_branches": "Dołącz powiązane gałęzie",
   "com_ui_fork_change_default": "Domyślna opcja rozgałęzienia",
   "com_ui_fork_default": "Użyj domyślnej opcji rozgałęzienia",
   "com_ui_fork_error": "Wystąpił błąd podczas rozgałęziania konwersacji",
+  "com_ui_fork_error_rate_limit": "Zbyt wiele żądań rozgałęzienia. Spróbuj ponownie później",
   "com_ui_fork_from_message": "Wybierz opcję rozgałęzienia",
   "com_ui_fork_info_1": "Użyj tego ustawienia, aby rozgałęzić wiadomości z pożądanym zachowaniem.",
   "com_ui_fork_info_2": "\"Rozgałęzianie\" odnosi się do tworzenia nowej rozmowy, która zaczyna/kończy się od określonych wiadomości w bieżącej rozmowie, tworząc kopię zgodnie z wybranymi opcjami.",
   "com_ui_fork_info_3": "\"Wiadomość docelowa\" odnosi się do wiadomości, z której otwarto to okno, lub, jeśli zaznaczysz \"{{0}}\", do najnowszej wiadomości w rozmowie.",
   "com_ui_fork_info_branches": "Ta opcja rozgałęzia widoczne wiadomości wraz z powiązanymi gałęziami; innymi słowy, bezpośrednią ścieżkę do wiadomości docelowej, włączając gałęzie wzdłuż ścieżki.",
+  "com_ui_fork_info_button_label": "Wyświetl informacje o rozgałęzianiu rozmów",
   "com_ui_fork_info_remember": "Zaznacz to, aby zapamiętać wybrane opcje do przyszłego użycia, ułatwiając szybsze rozgałęzianie rozmów według preferencji.",
   "com_ui_fork_info_start": "Jeśli zaznaczone, rozgałęzianie rozpocznie się od tej wiadomości do najnowszej wiadomości w rozmowie, zgodnie z wybranym zachowaniem powyżej.",
   "com_ui_fork_info_target": "Ta opcja rozgałęzia wszystkie wiadomości prowadzące do wiadomości docelowej, włączając jej sąsiadów; innymi słowy, wszystkie gałęzie wiadomości, niezależnie od tego, czy są widoczne czy wzdłuż tej samej ścieżki, są włączone.",
   "com_ui_fork_info_visible": "Ta opcja rozgałęzia tylko widoczne wiadomości; innymi słowy, bezpośrednią ścieżkę do wiadomości docelowej, bez żadnych gałęzi.",
+  "com_ui_fork_more_details_about": "Wyświetl dodatkowe informacje i szczegóły dotyczące opcji rozgałęzienia \"{{0}}\"",
+  "com_ui_fork_more_info_options": "Wyświetl szczegółowe wyjaśnienie wszystkich opcji rozgałęzienia i ich zachowań",
+  "com_ui_fork_open_menu": "Otwórz menu rozgałęzienia",
   "com_ui_fork_processing": "Rozgałęzianie konwersacji...",
   "com_ui_fork_remember": "Zapamiętaj",
   "com_ui_fork_remember_checked": "Twój wybór zostanie zapamiętany po użyciu. Zmień to w dowolnym momencie w ustawieniach.",
@@ -551,51 +1027,222 @@
   "com_ui_fork_split_target_setting": "Domyślnie rozpocznij rozgałęzienie od docelowej wiadomości",
   "com_ui_fork_success": "Pomyślnie rozgałęziono konwersację",
   "com_ui_fork_visible": "Tylko widoczne wiadomości",
+  "com_ui_generate_qrcode": "Wygeneruj kod QR",
+  "com_ui_generating": "Generowanie...",
+  "com_ui_generation_settings": "Ustawienia generowania",
+  "com_ui_getting_started": "Pierwsze kroki",
+  "com_ui_global_group": "Grupa globalna",
+  "com_ui_go_back": "Wróć",
   "com_ui_go_to_conversation": "Przejdź do rozmowy",
-  "com_ui_happy_birthday": "To moje pierwsze urodziny!",
+  "com_ui_good_afternoon": "Dzień dobry",
+  "com_ui_good_evening": "Dobry wieczór",
+  "com_ui_good_morning": "Dzień dobry",
+  "com_ui_group": "Grupa",
+  "com_ui_handoff_instructions": "Instrukcje przekazania",
+  "com_ui_happy_birthday": "To moje urodziny!",
+  "com_ui_header_format": "Format nagłówka",
+  "com_ui_hide": "Ukryj",
+  "com_ui_hide_code": "Ukryj kod",
+  "com_ui_hide_image_details": "Ukryj szczegóły obrazu",
+  "com_ui_hide_password": "Ukryj hasło",
   "com_ui_hide_qr": "Ukryj kod QR",
+  "com_ui_high": "Wysoki",
   "com_ui_host": "Host",
+  "com_ui_icon": "Ikona",
+  "com_ui_idea": "Pomysły",
+  "com_ui_image_created": "Obraz utworzony",
+  "com_ui_image_details": "Szczegóły obrazu",
+  "com_ui_image_edited": "Obraz edytowany",
   "com_ui_image_gen": "Generowanie obrazu",
+  "com_ui_import": "Importuj",
   "com_ui_import_conversation_error": "Wystąpił błąd podczas importowania konwersacji",
   "com_ui_import_conversation_file_type_error": "Nieobsługiwany typ importu",
   "com_ui_import_conversation_info": "Importuj konwersacje z pliku JSON",
   "com_ui_import_conversation_success": "Konwersacje zostały pomyślnie zaimportowane",
+  "com_ui_import_conversation_upload_error": "Błąd przesyłania pliku. Spróbuj ponownie.",
+  "com_ui_importing": "Importowanie",
   "com_ui_include_shadcnui": "Dołącz instrukcje komponentów shadcn/ui",
+  "com_ui_initializing": "Inicjalizacja...",
   "com_ui_input": "Wprowadź",
   "com_ui_instructions": "Instrukcje",
-  "com_ui_latest_footer": "Każde AI dla wszystkich.",
-  "com_ui_latest_production_version": "Najnowsza wersja produkcyjna",
+  "com_ui_key": "Klucz",
+  "com_ui_key_required": "Klucz API jest wymagany",
+  "com_ui_last_used": "Ostatnio używane",
+  "com_ui_late_night": "Dobrej nocy",
+  "com_ui_latest_footer": "Każde AI. Dla każdego.",
   "com_ui_latest_version": "Najnowsza wersja",
+  "com_ui_leave_blank_to_keep": "Pozostaw puste, aby zachować istniejące",
   "com_ui_librechat_code_api_key": "Uzyskaj klucz API interpretera kodu LibreChat",
   "com_ui_librechat_code_api_subtitle": "Bezpieczny. Wielojęzyczny. Pliki wejściowe/wyjściowe.",
   "com_ui_librechat_code_api_title": "Uruchom kod AI",
+  "com_ui_light_theme_enabled": "Włączono jasny motyw",
+  "com_ui_link_copied": "Link skopiowany",
+  "com_ui_link_refreshed": "Link odświeżony",
+  "com_ui_loading": "Ładowanie...",
   "com_ui_locked": "Zablokowane",
   "com_ui_logo": "Logo {{0}}",
+  "com_ui_low": "Niski",
   "com_ui_manage": "Zarządzaj",
-  "com_ui_max_tags": "Maksymalna dozwolona liczba to {{0}}, używane są najnowsze wartości.",
+  "com_ui_marketplace": "Rynek (Marketplace)",
+  "com_ui_marketplace_allow_use": "Zezwól na korzystanie z Rynku",
+  "com_ui_max": "Maks",
+  "com_ui_max_favorites_reached": "Osiągnięto maksymalną liczbę przypiętych elementów ({{0}}). Odepnij element, aby dodać więcej.",
+  "com_ui_max_file_size": "PNG, JPG lub JPEG (maks. {{0}})",
+  "com_ui_max_tags": "Maksymalna dozwolona liczba to {{0}}; użyte zostaną najnowsze wartości.",
+  "com_ui_mcp_authenticated_success": "Serwer MCP '{{0}}' uwierzytelniony pomyślnie",
+  "com_ui_mcp_click_to_defer": "Kliknij, aby odroczyć - narzędzie będzie widoczne w wyszukiwaniu, ale załadowane dopiero w razie potrzeby",
+  "com_ui_mcp_click_to_programmatic": "Włącz wywołanie programowe - narzędzie może być wywoływane tylko poprzez wykonanie kodu",
+  "com_ui_mcp_configure_server": "Skonfiguruj {{0}}",
+  "com_ui_mcp_configure_server_description": "Skonfiguruj niestandardowe zmienne dla {{0}}",
+  "com_ui_mcp_defer": "Odłóż (Defer)",
+  "com_ui_mcp_defer_all": "Odłóż wszystkie narzędzia",
+  "com_ui_mcp_defer_loading": "Odłóż ładowanie",
+  "com_ui_mcp_dialog_title": "Konfiguruj zmienne dla {{serverName}}. Status serwera: {{status}}",
+  "com_ui_mcp_domain_not_allowed": "Domena serwera MCP nie znajduje się na liście dozwolonych domen. Skontaktuj się z administratorem.",
+  "com_ui_mcp_enter_var": "Wprowadź wartość dla {{0}}",
+  "com_ui_mcp_init_failed": "Nie udało się zainicjować serwera MCP",
+  "com_ui_mcp_initialize": "Zainicjuj",
+  "com_ui_mcp_initialized_success": "Serwer MCP '{{0}}' zainicjowany pomyślnie",
+  "com_ui_mcp_invalid_url": "Wprowadź poprawny adres URL",
+  "com_ui_mcp_no_description": "Brak dostępnego opisu",
+  "com_ui_mcp_oauth_cancelled": "Logowanie OAuth anulowane dla {{0}}",
+  "com_ui_mcp_oauth_timeout": "Logowanie OAuth dla {{0}} przekroczyło limit czasu",
+  "com_ui_mcp_programmatic": "Programowe",
+  "com_ui_mcp_programmatic_all": "Oznacz wszystkie jako programowe",
+  "com_ui_mcp_server": "Serwer MCP",
+  "com_ui_mcp_server_connection_failed": "Próba połączenia z podanym serwerem MCP nie powiodła się. Upewnij się, że adres URL, typ serwera i konfiguracja uwierzytelniania są poprawne, a następnie spróbuj ponownie. Sprawdź również, czy adres URL jest osiągalny.",
+  "com_ui_mcp_server_created": "Serwer MCP utworzony pomyślnie",
+  "com_ui_mcp_server_delete_confirm": "Czy na pewno chcesz usunąć ten serwer MCP?",
+  "com_ui_mcp_server_deleted": "Serwer MCP usunięty pomyślnie",
+  "com_ui_mcp_server_role_editor": "Edytor serwerów MCP",
+  "com_ui_mcp_server_role_editor_desc": "Może przeglądać, używać i edytować serwery MCP",
+  "com_ui_mcp_server_role_owner": "Właściciel serwerów MCP",
+  "com_ui_mcp_server_role_owner_desc": "Pełna kontrola nad serwerami MCP",
+  "com_ui_mcp_server_role_viewer": "Przeglądający serwery MCP",
+  "com_ui_mcp_server_role_viewer_desc": "Może przeglądać i używać serwerów MCP",
+  "com_ui_mcp_server_updated": "Serwer MCP zaktualizowany pomyślnie",
+  "com_ui_mcp_server_url_placeholder": "https://mcp.example.com",
+  "com_ui_mcp_servers": "Serwery MCP",
+  "com_ui_mcp_servers_allow_create": "Zezwól użytkownikom na tworzenie serwerów MCP",
+  "com_ui_mcp_servers_allow_share": "Zezwól użytkownikom na udostępnianie serwerów MCP",
+  "com_ui_mcp_servers_allow_share_public": "Zezwól użytkownikom na publiczne udostępnianie serwerów MCP",
+  "com_ui_mcp_servers_allow_use": "Zezwól użytkownikom na korzystanie z serwerów MCP",
+  "com_ui_mcp_title_invalid": "Tytuł może zawierać tylko litery, cyfry i spacje",
+  "com_ui_mcp_tool_options": "Opcje narzędzi",
+  "com_ui_mcp_transport": "Transport",
+  "com_ui_mcp_type_sse": "SSE",
+  "com_ui_mcp_type_streamable_http": "Streamable HTTPS",
+  "com_ui_mcp_undefer": "Anuluj odroczenie",
+  "com_ui_mcp_undefer_all": "Anuluj odroczenie wszystkich narzędzi",
+  "com_ui_mcp_unprogrammatic_all": "Cofnij oznaczenie wszystkich jako programowe",
+  "com_ui_mcp_update_var": "Aktualizuj {{0}}",
+  "com_ui_mcp_url": "Adres URL serwera MCP",
+  "com_ui_medium": "Średni",
+  "com_ui_memories": "Wspomnienia",
+  "com_ui_memories_allow_create": "Zezwól na tworzenie Wspomnień",
+  "com_ui_memories_allow_opt_out": "Zezwól użytkownikom na rezygnację ze Wspomnień",
+  "com_ui_memories_allow_read": "Zezwól na odczyt Wspomnień",
+  "com_ui_memories_allow_update": "Zezwól na aktualizację Wspomnień",
+  "com_ui_memories_allow_use": "Zezwól na używanie Wspomnień",
+  "com_ui_memories_filter": "Filtruj wspomnienia...",
+  "com_ui_memory": "Pamięć",
+  "com_ui_memory_already_exceeded": "Pamięć pełna - przekroczono o {{tokens}} tokenów. Usuń istniejące wspomnienia przed dodaniem nowych.",
+  "com_ui_memory_created": "Wspomnienie utworzone pomyślnie",
+  "com_ui_memory_deleted": "Wspomnienie usunięte",
+  "com_ui_memory_deleted_items": "Usunięte Wspomnienia",
+  "com_ui_memory_error": "Błąd Pamięci",
+  "com_ui_memory_key_exists": "Wspomnienie z tym kluczem już istnieje. Użyj innego klucza.",
+  "com_ui_memory_key_hint": "Używaj tylko małych liter i podkreśleń",
+  "com_ui_memory_key_validation": "Klucz wspomnienia może zawierać tylko małe litery i podkreślenia.",
+  "com_ui_memory_storage_full": "Pamięć Pełna",
+  "com_ui_memory_updated": "Zaktualizowano zapisane wspomnienia",
+  "com_ui_memory_updated_items": "Zaktualizowane Wspomnienia",
+  "com_ui_memory_would_exceed": "Nie można zapisać - przekroczono by limit o {{tokens}} tokenów. Usuń istniejące wspomnienia, aby zwolnić miejsce.",
   "com_ui_mention": "Wspomnij punkt końcowy, asystenta lub preset, aby szybko się przełączyć",
+  "com_ui_mermaid": "mermaid",
+  "com_ui_mermaid_failed": "Nie udało się wyrenderować diagramu:",
+  "com_ui_mermaid_source": "Kod źródłowy:",
+  "com_ui_message_input": "Wprowadzanie wiadomości",
+  "com_ui_microphone_unavailable": "Mikrofon jest niedostępny",
   "com_ui_min_tags": "Nie można usunąć więcej wartości, wymagane minimum to {{0}}.",
+  "com_ui_minimal": "Minimalny",
+  "com_ui_misc": "Różne",
   "com_ui_model": "Model",
   "com_ui_model_parameters": "Parametry modelu",
+  "com_ui_model_parameters_reset": "Parametry modelu zostały zresetowane.",
+  "com_ui_model_selected": "Wybrano {{0}}",
   "com_ui_more_info": "Więcej informacji",
   "com_ui_my_prompts": "Moje prompty",
   "com_ui_name": "Nazwa",
+  "com_ui_name_sort": "Sortuj według nazwy",
+  "com_ui_new": "Nowy",
   "com_ui_new_chat": "Nowy czat",
+  "com_ui_new_conversation_title": "Tytuł nowej rozmowy",
   "com_ui_next": "Następny",
   "com_ui_no": "Nie",
+  "com_ui_no_api_keys": "Brak kluczy API. Utwórz klucz, aby rozpocząć.",
+  "com_ui_no_auth": "Brak (Auto-wykrywanie)",
   "com_ui_no_bookmarks": "Wygląda na to, że nie masz jeszcze żadnych zakładek. Kliknij na czat i dodaj nową",
+  "com_ui_no_bookmarks_match": "Brak zakładek pasujących do wyszukiwania",
+  "com_ui_no_bookmarks_title": "Brak zakładek",
+  "com_ui_no_categories": "Brak dostępnych kategorii",
   "com_ui_no_category": "Brak kategorii",
+  "com_ui_no_changes": "Nie wprowadzono żadnych zmian",
+  "com_ui_no_individual_access": "Żaden użytkownik ani grupa nie ma dostępu do tego agenta",
+  "com_ui_no_mcp_servers": "Brak serwerów MCP",
+  "com_ui_no_mcp_servers_match": "Brak serwerów MCP pasujących do filtra",
+  "com_ui_no_memories": "Brak wspomnień. Utwórz je ręcznie lub poproś AI o zapamiętanie czegoś",
+  "com_ui_no_memories_match": "Brak wspomnień pasujących do wyszukiwania",
+  "com_ui_no_memories_title": "Brak wspomnień",
+  "com_ui_no_personalization_available": "Obecnie brak dostępnych opcji personalizacji",
+  "com_ui_no_prompts_title": "Brak promptów",
+  "com_ui_no_read_access": "Nie masz uprawnień do przeglądania wspomnień",
+  "com_ui_no_results_found": "Nie znaleziono wyników",
   "com_ui_no_terms_content": "Brak treści warunków użytkowania do wyświetlenia",
+  "com_ui_none": "Brak",
+  "com_ui_not_used": "Nie używany",
   "com_ui_nothing_found": "Nic nie znaleziono",
+  "com_ui_oauth": "OAuth",
+  "com_ui_oauth_connected_to": "Połączono z",
+  "com_ui_oauth_error_callback_failed": "Błąd wywołania zwrotnego uwierzytelniania. Spróbuj ponownie.",
+  "com_ui_oauth_error_generic": "Uwierzytelnianie nie powiodło się. Spróbuj ponownie.",
+  "com_ui_oauth_error_invalid_state": "Nieprawidłowy parametr stanu. Spróbuj ponownie.",
+  "com_ui_oauth_error_missing_code": "Brak kodu autoryzacji. Spróbuj ponownie.",
+  "com_ui_oauth_error_missing_state": "Brak parametru stanu. Spróbuj ponownie.",
+  "com_ui_oauth_error_title": "Uwierzytelnianie Nieudane",
+  "com_ui_oauth_success_description": "Uwierzytelnianie zakończone sukcesem. To okno zamknie się za",
+  "com_ui_oauth_success_title": "Uwierzytelnianie Pomyślne",
   "com_ui_of": "z",
   "com_ui_off": "Wyłączone",
+  "com_ui_offline": "Offline",
   "com_ui_on": "Włączone",
+  "com_ui_open_archived_chat_new_tab_title": "{{title}} (otwiera w nowej karcie)",
+  "com_ui_open_source_chat_new_tab": "Otwórz źródłowy czat w nowej karcie",
+  "com_ui_open_source_chat_new_tab_title": "Otwórz źródłowy czat w nowej karcie - {{title}}",
+  "com_ui_open_var": "Otwórz {{0}}",
+  "com_ui_openai": "OpenAI",
+  "com_ui_optional": "(opcjonalne)",
   "com_ui_page": "Strona",
+  "com_ui_people": "ludzie",
+  "com_ui_people_picker": "Wybór osób",
+  "com_ui_people_picker_allow_view_groups": "Zezwól na przeglądanie grup",
+  "com_ui_people_picker_allow_view_roles": "Zezwól na przeglądanie ról",
+  "com_ui_people_picker_allow_view_users": "Zezwól na przeglądanie użytkowników",
+  "com_ui_permissions_failed_load": "Nie udało się załadować uprawnień. Spróbuj ponownie.",
+  "com_ui_permissions_failed_update": "Nie udało się zaktualizować uprawnień. Spróbuj ponownie.",
+  "com_ui_permissions_updated_success": "Uprawnienia zaktualizowane pomyślnie",
+  "com_ui_pin": "Przypnij",
+  "com_ui_preferences_updated": "Preferencje zaktualizowane pomyślnie",
   "com_ui_prev": "Poprzedni",
   "com_ui_preview": "Podgląd",
   "com_ui_privacy_policy": "Polityka prywatności",
   "com_ui_privacy_policy_url": "URL polityki prywatności",
   "com_ui_prompt": "Prompt",
+  "com_ui_prompt_group_button": "Prompt {{name}}, kategoria {{category}}",
+  "com_ui_prompt_group_button_no_category": "Prompt {{name}}",
+  "com_ui_prompt_groups": "Lista grup promptów",
+  "com_ui_prompt_input": "Wprowadzanie promptu",
+  "com_ui_prompt_input_field": "Pole tekstowe promptu",
   "com_ui_prompt_name": "Nazwa promptu",
   "com_ui_prompt_name_required": "Nazwa promptu jest wymagana",
   "com_ui_prompt_preview_not_shared": "Autor nie zezwolił na współpracę dla tego promptu.",
@@ -604,86 +1251,261 @@
   "com_ui_prompt_update_error": "Wystąpił błąd podczas aktualizacji promptu",
   "com_ui_prompts": "Prompty",
   "com_ui_prompts_allow_create": "Zezwól na tworzenie promptów",
+  "com_ui_prompts_allow_share": "Zezwól na udostępnianie Promptów",
+  "com_ui_prompts_allow_share_public": "Zezwól na publiczne udostępnianie Promptów",
   "com_ui_prompts_allow_use": "Zezwól na używanie promptów",
   "com_ui_provider": "Dostawca",
+  "com_ui_quality": "Jakość",
   "com_ui_read_aloud": "Przeczytaj na głos",
+  "com_ui_redirect_uri": "URI przekierowania",
+  "com_ui_redirect_uri_instructions": "Skopiuj ten URI przekierowania i skonfiguruj go w ustawieniach dostawcy OAuth.",
+  "com_ui_redirecting_to_provider": "Przekierowywanie do {{0}}, proszę czekać...",
+  "com_ui_reference_saved_memories": "Odwołuj się do zapisanych wspomnień",
+  "com_ui_reference_saved_memories_description": "Pozwól asystentowi odwoływać się i używać Twoich zapisanych wspomnień podczas odpowiadania",
+  "com_ui_refresh": "Odśwież",
   "com_ui_refresh_link": "Odśwież link",
+  "com_ui_refresh_page": "Odśwież stronę",
   "com_ui_regenerate": "Wygeneruj ponownie",
+  "com_ui_regenerate_backup": "Wygeneruj ponownie kody zapasowe",
+  "com_ui_regenerating": "Generowanie ponowne...",
   "com_ui_region": "Region",
+  "com_ui_reinitialize": "Zainicjuj ponownie",
+  "com_ui_remote_access": "Dostęp zdalny",
+  "com_ui_remote_agent_role_editor": "Edytor",
+  "com_ui_remote_agent_role_editor_desc": "Może przeglądać i modyfikować agenta przez API",
+  "com_ui_remote_agent_role_owner": "Właściciel API",
+  "com_ui_remote_agent_role_owner_desc": "Pełny dostęp do API i możliwość przyznawania dostępu zdalnego innym",
+  "com_ui_remote_agent_role_viewer": "Przeglądający API",
+  "com_ui_remote_agent_role_viewer_desc": "Może odpytywać agenta przez API",
+  "com_ui_remote_agents": "Agenci Zdalni (API)",
+  "com_ui_remote_agents_allow_create": "Zezwól użytkownikom na tworzenie agentów przez API",
+  "com_ui_remote_agents_allow_share": "Zezwól użytkownikom na przyznawanie dostępu API do agentów innym",
+  "com_ui_remote_agents_allow_share_public": "Zezwól użytkownikom na przyznawanie dostępu API do agentów wszystkim użytkownikom",
+  "com_ui_remote_agents_allow_use": "Zezwól użytkownikom na tworzenie kluczy API i zdalne odpytywanie agentów",
+  "com_ui_remove_agent_from_chain": "Usuń {{0}} z łańcucha",
+  "com_ui_remove_user": "Usuń {{0}}",
   "com_ui_rename": "Zmień nazwę",
+  "com_ui_rename_conversation": "Zmień nazwę rozmowy",
+  "com_ui_rename_failed": "Nie udało się zmienić nazwy rozmowy",
   "com_ui_rename_prompt": "Zmień nazwę promptu",
+  "com_ui_rename_prompt_name": "Zmień nazwę promptu - {{name}}",
+  "com_ui_requires_auth": "Wymaga Uwierzytelnienia",
+  "com_ui_reset": "Resetuj",
+  "com_ui_reset_adjustments": "Resetuj dostosowania",
   "com_ui_reset_var": "Resetuj {{0}}",
+  "com_ui_reset_zoom": "Resetuj powiększenie",
+  "com_ui_resource": "zasób",
+  "com_ui_response": "Odpowiedź",
   "com_ui_result": "Wynik",
+  "com_ui_result_found": "Znaleziono {{count}} wynik",
+  "com_ui_results_found": "Znaleziono {{count}} wyników",
+  "com_ui_retry": "Ponów",
   "com_ui_revoke": "Odwołaj",
   "com_ui_revoke_info": "Odwołaj wszystkie poświadczenia dostarczone przez użytkownika",
   "com_ui_revoke_key_confirm": "Czy na pewno chcesz odwołać ten klucz?",
   "com_ui_revoke_key_endpoint": "Odwołaj klucz dla {{0}}",
+  "com_ui_revoke_key_error": "Nie udało się unieważnić klucza API. Spróbuj ponownie.",
+  "com_ui_revoke_key_success": "Klucz API unieważniony pomyślnie",
   "com_ui_revoke_keys": "Odwołaj klucze",
   "com_ui_revoke_keys_confirm": "Czy na pewno chcesz odwołać wszystkie klucze?",
+  "com_ui_role": "Rola",
+  "com_ui_role_editor": "Edytor",
+  "com_ui_role_editor_desc": "Może przeglądać i modyfikować agenta",
+  "com_ui_role_manager": "Menedżer",
+  "com_ui_role_manager_desc": "Może przeglądać, modyfikować i usuwać agenta",
+  "com_ui_role_owner": "Właściciel",
+  "com_ui_role_owner_desc": "Ma pełną kontrolę nad agentem, w tym wysyłanie zaproszeń",
   "com_ui_role_select": "Rola",
+  "com_ui_role_viewer": "Przeglądający",
+  "com_ui_role_viewer_desc": "Może przeglądać i używać agenta, ale nie może go modyfikować",
+  "com_ui_roleplay": "Odgrywanie ról",
+  "com_ui_rotate": "Obróć",
+  "com_ui_rotate_90": "Obróć o 90 stopni",
   "com_ui_run_code": "Uruchom kod",
   "com_ui_run_code_error": "Wystąpił błąd podczas uruchamiania kodu",
   "com_ui_save": "Zapisz",
+  "com_ui_save_badge_changes": "Zapisać zmiany odznaki?",
+  "com_ui_save_changes": "Zapisz zmiany",
+  "com_ui_save_key_error": "Nie udało się zapisać klucza API. Spróbuj ponownie.",
+  "com_ui_save_key_success": "Klucz API zapisany pomyślnie",
   "com_ui_save_submit": "Zapisz i wyślij",
   "com_ui_saved": "Zapisano!",
-  "com_ui_schema": "Schema",
+  "com_ui_saving": "Zapisywanie...",
+  "com_ui_schema": "Schemat",
+  "com_ui_scope": "Zakres",
   "com_ui_search": "Szukaj",
+  "com_ui_search_above_to_add": "Szukaj powyżej, aby dodać użytkowników lub grupy",
+  "com_ui_search_above_to_add_all": "Szukaj powyżej, aby dodać użytkowników, grupy lub role",
+  "com_ui_search_above_to_add_people": "Szukaj powyżej, aby dodać ludzi",
+  "com_ui_search_agent_category": "Szukaj kategorii...",
+  "com_ui_search_default_placeholder": "Szukaj po nazwie lub emailu (min 2 znaki)",
+  "com_ui_search_people_placeholder": "Szukaj ludzi lub grup po nazwie lub emailu",
+  "com_ui_seconds": "sekundy",
+  "com_ui_secret_key": "Tajny klucz",
   "com_ui_select": "Wybierz",
+  "com_ui_select_agent": "Wybierz Agenta",
+  "com_ui_select_all": "Zaznacz wszystko",
   "com_ui_select_file": "Wybierz plik",
   "com_ui_select_model": "Wybierz model",
+  "com_ui_select_options": "Wybierz opcje...",
+  "com_ui_select_or_create_prompt": "Wybierz lub utwórz Prompt",
   "com_ui_select_provider": "Wybierz dostawcę",
   "com_ui_select_provider_first": "Najpierw wybierz dostawcę",
   "com_ui_select_region": "Wybierz region",
+  "com_ui_select_row": "Wybierz wiersz",
   "com_ui_select_search_model": "Wyszukaj model po nazwie",
   "com_ui_select_search_provider": "Wyszukaj dostawcę po nazwie",
   "com_ui_select_search_region": "Wyszukaj region po nazwie",
+  "com_ui_set": "Ustaw",
   "com_ui_share": "Udostępnij",
-  "com_ui_share_create_message": "Twoje imię i jakiekolwiek wiadomości dodane po udostępnieniu pozostaną prywatne.",
+  "com_ui_share_create_message": "Twoje imię oraz wszelkie wiadomości dodane po udostępnieniu pozostaną prywatne.",
   "com_ui_share_delete_error": "Wystąpił błąd podczas usuwania udostępnionego linku.",
   "com_ui_share_error": "Wystąpił błąd podczas udostępniania linku do czatu",
-  "com_ui_share_link_to_chat": "Udostępnij link w czacie",
+  "com_ui_share_everyone": "Udostępnij wszystkim",
+  "com_ui_share_everyone_description_var": "Ten element ({{resource}}) będzie dostępny dla wszystkich. Upewnij się, że element ({{resource}}) jest rzeczywiście przeznaczony do udostępnienia wszystkim. Uważaj na swoje dane.",
+  "com_ui_share_link_to_chat": "Udostępnij link do czatu",
+  "com_ui_share_qr_code_description": "Kod QR do udostępniania linku do tej rozmowy",
   "com_ui_share_update_message": "Twoje imię, niestandardowe instrukcje i jakiekolwiek wiadomości dodane po udostępnieniu pozostaną prywatne.",
   "com_ui_share_var": "Udostępnij {{0}}",
   "com_ui_shared_link_delete_success": "Pomyślnie usunięto udostępniony link",
   "com_ui_shared_link_not_found": "Nie znaleziono linku udostępnionego",
   "com_ui_shared_prompts": "Udostępnione prompty",
+  "com_ui_shop": "Zakupy",
+  "com_ui_show": "Pokaż",
   "com_ui_show_all": "Pokaż wszystko",
+  "com_ui_show_code": "Pokaż Kod",
+  "com_ui_show_image_details": "Pokaż Szczegóły Obrazu",
+  "com_ui_show_password": "Pokaż hasło",
   "com_ui_show_qr": "Pokaż kod QR",
+  "com_ui_sign_in_to_domain": "Zaloguj się do {{0}}",
   "com_ui_simple": "Prosty",
   "com_ui_size": "Rozmiar",
+  "com_ui_size_sort": "Sortuj według rozmiaru",
+  "com_ui_special_var_current_date": "Obecna data",
+  "com_ui_special_var_current_datetime": "Obecna data i godzina",
+  "com_ui_special_var_current_user": "Obecny użytkownik",
+  "com_ui_special_var_iso_datetime": "Data i godzina UTC ISO",
+  "com_ui_special_variable_added": "Dodano zmienną specjalną {{0}}.",
   "com_ui_special_variables": "Zmienne specjalne:",
+  "com_ui_speech_not_supported": "Twoja przeglądarka nie obsługuje rozpoznawania mowy",
+  "com_ui_speech_not_supported_use_external": "Twoja przeglądarka nie obsługuje rozpoznawania mowy. Spróbuj przełączyć na zewnętrzne STT w menu Ustawienia > Mowa.",
   "com_ui_speech_while_submitting": "Nie można przesłać mowy podczas generowania odpowiedzi",
+  "com_ui_sr_global_prompt": "Globalna grupa promptów",
+  "com_ui_stack_trace": "Ślad stosu",
+  "com_ui_status_prefix": "Status:",
+  "com_ui_stop": "Stop",
   "com_ui_storage": "Przechowywanie",
+  "com_ui_storage_filter_sort": "Filtruj i Sortuj według Pamięci",
   "com_ui_submit": "Wyślij",
+  "com_ui_support_contact": "Kontakt Pomocy Technicznej",
+  "com_ui_support_contact_email": "Email",
+  "com_ui_support_contact_email_invalid": "Proszę podać poprawny adres email",
+  "com_ui_support_contact_email_placeholder": "pomoc@przyklad.com",
+  "com_ui_support_contact_name": "Nazwa",
+  "com_ui_support_contact_name_min_length": "Nazwa musi mieć co najmniej {{minLength}} znaków",
+  "com_ui_support_contact_name_placeholder": "Nazwa kontaktu pomocy",
+  "com_ui_teach_or_explain": "Nauka",
   "com_ui_temporary": "Czat tymczasowy",
   "com_ui_terms_and_conditions": "Warunki użytkowania",
   "com_ui_terms_of_service": "Warunki korzystania z usługi",
   "com_ui_thinking": "Myślenie...",
   "com_ui_thoughts": "Przemyślenia",
+  "com_ui_toggle_theme": "Przełącz motyw",
+  "com_ui_token": "token",
+  "com_ui_token_exchange_method": "Metoda Wymiany Tokenów",
+  "com_ui_token_url": "URL Tokena",
+  "com_ui_tokens": "tokeny",
+  "com_ui_tool_collection_prefix": "Kolekcja narzędzi z",
+  "com_ui_tool_list_collapse": "Zwiń listę narzędzi {{serverName}}",
+  "com_ui_tool_list_expand": "Rozwiń listę narzędzi {{serverName}}",
   "com_ui_tools": "Narzędzia",
+  "com_ui_tools_and_actions": "Narzędzia i Akcje",
+  "com_ui_transferred_to": "Przeniesiono do",
+  "com_ui_travel": "Podróże",
+  "com_ui_trust_app": "Ufam tej aplikacji",
+  "com_ui_try_adjusting_search": "Spróbuj zmienić słowa kluczowe wyszukiwania",
+  "com_ui_ui_resource_error": "Błąd zasobu UI ({{0}})",
+  "com_ui_ui_resource_not_found": "Nie znaleziono zasobu UI (indeks: {{0}})",
   "com_ui_unarchive": "Przywróć z archiwum",
+  "com_ui_unarchive_conversation": "Przywróć zarchiwizowaną rozmowę",
   "com_ui_unarchive_error": "Nie udało się odtworzyć rozmowy z archiwum",
+  "com_ui_unavailable": "Niedostępne",
   "com_ui_unknown": "Nieznany",
+  "com_ui_unpin": "Odepnij",
+  "com_ui_unset": "Nieustawione",
+  "com_ui_untitled": "Bez tytułu",
   "com_ui_update": "Aktualizuj",
+  "com_ui_update_mcp_server": "Aktualizuj serwer MCP",
+  "com_ui_updating": "Aktualizowanie...",
   "com_ui_upload": "Prześlij",
+  "com_ui_upload_agent_avatar": "Pomyślnie zaktualizowano awatar agenta",
+  "com_ui_upload_agent_avatar_label": "Prześlij obraz awatara agenta",
+  "com_ui_upload_avatar_label": "Prześlij obraz awatara",
   "com_ui_upload_code_files": "Prześlij do interpretera kodu",
   "com_ui_upload_delay": "Przesyłanie \"{{0}}\" trwa dłużej niż przewidywano. Proszę poczekać, aż plik zakończy indeksowanie do pobrania.",
   "com_ui_upload_error": "Wystąpił błąd podczas przesyłania pliku",
+  "com_ui_upload_file_context": "Prześlij kontekst pliku",
   "com_ui_upload_file_search": "Prześlij do wyszukiwania plików",
   "com_ui_upload_files": "Prześlij pliki",
+  "com_ui_upload_icon": "Prześlij ikonę",
   "com_ui_upload_image": "Prześlij obraz",
   "com_ui_upload_image_input": "Prześlij obraz",
   "com_ui_upload_invalid": "Nieprawidłowy plik do przesłania. Musi być obrazem nieprzekraczającym limitu",
   "com_ui_upload_invalid_var": "Nieprawidłowy plik do przesłania. Musi być obrazem nieprzekraczającym {{0}} MB",
+  "com_ui_upload_ocr_text": "Prześlij jako Tekst",
+  "com_ui_upload_provider": "Prześlij do Dostawcy",
   "com_ui_upload_success": "Pomyślnie przesłano plik",
   "com_ui_upload_type": "Wybierz typ przesyłania",
+  "com_ui_usage": "Użycie",
+  "com_ui_use_2fa_code": "Użyj kodu 2FA",
+  "com_ui_use_backup_code": "Użyj kodu zapasowego",
+  "com_ui_use_memory": "Użyj pamięci",
   "com_ui_use_micrphone": "Użyj mikrofonu",
+  "com_ui_used": "Użyte",
+  "com_ui_user": "Użytkownik",
+  "com_ui_user_group_permissions": "Uprawnienia Użytkowników i Grup",
+  "com_ui_user_provides_key": "Każdy użytkownik podaje własny klucz",
+  "com_ui_value": "Wartość",
   "com_ui_variables": "Zmienne",
-  "com_ui_variables_info": "Użyj podwójnych nawiasów klamrowych w tekście, aby utworzyć zmienne, np. `{{przykładowa zmienna}}`, które później można wypełnić podczas używania promptu.",
+  "com_ui_verify": "Weryfikuj",
   "com_ui_version_var": "Wersja {{0}}",
   "com_ui_versions": "Wersje",
-  "com_ui_weekend_morning": "Udanego weekendu",
+  "com_ui_view_memory": "Zobacz Pamięć",
+  "com_ui_web_search": "Wyszukiwanie w Sieci",
+  "com_ui_web_search_cohere_key": "Wprowadź klucz API Cohere",
+  "com_ui_web_search_firecrawl_url": "URL API Firecrawl (opcjonalne)",
+  "com_ui_web_search_jina_key": "Wprowadź klucz API Jina",
+  "com_ui_web_search_jina_url": "URL API Jina (opcjonalne)",
+  "com_ui_web_search_processing": "Przetwarzanie wyników",
+  "com_ui_web_search_provider": "Dostawca Wyszukiwania",
+  "com_ui_web_search_provider_searxng": "SearXNG",
+  "com_ui_web_search_provider_serper": "Serper API",
+  "com_ui_web_search_provider_serper_key": "Pobierz swój klucz API Serper",
+  "com_ui_web_search_reading": "Czytanie wyników",
+  "com_ui_web_search_reranker": "Reranker",
+  "com_ui_web_search_reranker_cohere": "Cohere",
+  "com_ui_web_search_reranker_cohere_key": "Pobierz swój klucz API Cohere",
+  "com_ui_web_search_reranker_jina": "Jina AI",
+  "com_ui_web_search_reranker_jina_key": "Pobierz swój klucz API Jina",
+  "com_ui_web_search_reranker_jina_url_help": "Dowiedz się o API Jina Rerank",
+  "com_ui_web_search_scraper": "Scraper",
+  "com_ui_web_search_scraper_firecrawl": "Firecrawl API",
+  "com_ui_web_search_scraper_firecrawl_key": "Pobierz swój klucz API Firecrawl",
+  "com_ui_web_search_scraper_serper": "Serper Scrape API",
+  "com_ui_web_search_scraper_serper_key": "Pobierz swój klucz API Serper",
+  "com_ui_web_search_searxng_api_key": "Wprowadź klucz API SearXNG (opcjonalne)",
+  "com_ui_web_search_searxng_instance_url": "URL instancji SearXNG",
+  "com_ui_web_searching": "Przeszukiwanie sieci",
+  "com_ui_web_searching_again": "Ponowne przeszukiwanie sieci",
+  "com_ui_weekend_morning": "Miłego weekendu",
+  "com_ui_write": "Pisanie",
+  "com_ui_x_selected": "Wybrano {{0}}",
+  "com_ui_xhigh": "Bardzo Wysoki",
   "com_ui_yes": "Tak",
+  "com_ui_your_api_key": "Twój klucz API",
   "com_ui_zoom": "Powiększ",
+  "com_ui_zoom_in": "Powiększ",
+  "com_ui_zoom_level": "Poziom powiększenia",
+  "com_ui_zoom_out": "Pomniejsz",
   "com_user_message": "Ty"
 }
diff --git a/client/src/locales/pt-BR/translation.json b/client/src/locales/pt-BR/translation.json
index 15234dd6a0..398b072046 100644
--- a/client/src/locales/pt-BR/translation.json
+++ b/client/src/locales/pt-BR/translation.json
@@ -3,6 +3,7 @@
   "chat_direction_right_to_left": "algo precisa ir aqui. esta vazio",
   "com_a11y_ai_composing": "A IA ainda está compondo.",
   "com_a11y_end": "A IA terminou de responder.",
+  "com_a11y_selected": "selecionado",
   "com_a11y_start": "A IA começou a responder.",
   "com_agents_agent_card_label": "Agente {{name}}. {{description}}",
   "com_agents_all": "Todos os Agentes",
@@ -93,7 +94,6 @@
   "com_agents_start_chat": "Iniciar chat",
   "com_agents_top_picks": "Principais escolhas",
   "com_agents_update_error": "Houve um erro ao atualizar seu agente.",
-  "com_assistants_action_attempt": "Assistente quer falar com {{0}}",
   "com_assistants_actions": "Ações",
   "com_assistants_actions_disabled": "Você precisa criar um assistente antes de adicionar ações.",
   "com_assistants_actions_info": "Permita que seu Assistente recupere informações ou execute ações via API's",
@@ -103,7 +103,6 @@
   "com_assistants_allow_sites_you_trust": "Permitir apenas sites em que confia.",
   "com_assistants_append_date": "Anexar Data e Hora Atual",
   "com_assistants_append_date_tooltip": "Quando ativado, a data e hora atual do cliente serão anexadas às instruções do sistema do assistente.",
-  "com_assistants_attempt_info": "O Assistente deseja enviar o seguinte:",
   "com_assistants_available_actions": "Ações Disponíveis",
   "com_assistants_capabilities": "Capacidades",
   "com_assistants_code_interpreter": "Interpretador de Código",
@@ -118,7 +117,6 @@
   "com_assistants_delete_actions_error": "Houve um erro ao excluir a ação.",
   "com_assistants_delete_actions_success": "Ação excluída com sucesso do Assistente",
   "com_assistants_description_placeholder": "Opcional: Descreva seu Assistente aqui",
-  "com_assistants_domain_info": "Assistente enviou esta informação para {{0}}",
   "com_assistants_file_search": "Pesquisa de Arquivos",
   "com_assistants_file_search_info": "A pesquisa de arquivos permite que o assistente tenha conhecimento dos arquivos que você ou seus usuários carregam. Uma vez que um arquivo é carregado, o assistente decide automaticamente quando recuperar o conteúdo com base nas solicitações do usuário. Anexar armazenamentos vetoriais para Pesquisa de Arquivos ainda não é suportado. Você pode anexá-los no Playground do Provedor ou anexar arquivos às mensagens para pesquisa de arquivos em uma base de thread.",
   "com_assistants_function_use": "Assistente usou {{0}}",
@@ -277,7 +275,6 @@
   "com_endpoint_message_not_appendable": "Edite sua mensagem ou Regenerar.",
   "com_endpoint_my_preset": "Meu Preset",
   "com_endpoint_no_presets": "Ainda não há presets, use o botão de configurações para criar um",
-  "com_endpoint_open_menu": "Abrir Menu",
   "com_endpoint_openai_custom_name_placeholder": "Defina um nome personalizado para a IA",
   "com_endpoint_openai_detail": "A resolução para solicitações de Visão. \"Baixa\" é mais barata e rápida, \"Alta\" é mais detalhada e cara, e \"Auto\" escolherá automaticamente entre as duas com base na resolução da imagem.",
   "com_endpoint_openai_freq": "Número entre -2.0 e 2.0. Valores positivos penalizam novos tokens com base em sua frequência existente no texto até agora, diminuindo a probabilidade do modelo de repetir a mesma linha literalmente.",
@@ -424,7 +421,6 @@
   "com_nav_font_size_xl": "Extra Grande",
   "com_nav_font_size_xs": "Extra Pequeno",
   "com_nav_help_faq": "Ajuda & FAQ",
-  "com_nav_hide_panel": "Ocultar painel mais à direita",
   "com_nav_info_code_artifacts": "Habilita a exibição de artefatos de código experimental ao lado do chat",
   "com_nav_info_code_artifacts_agent": "Ativa a utilização de artefatos de código para este agente. Por predefinição, são adicionadas instruções adicionais específicas para a utilização de artefatos, a menos que o \"Modo de aviso personalizado\" esteja ativado.",
   "com_nav_info_custom_prompt_mode": "Quando habilitado, o prompt padrão do sistema de artefatos não será incluído. Todas as instruções de geração de artefatos devem ser fornecidas manualmente neste modo.",
@@ -489,7 +485,6 @@
   "com_nav_setting_speech": "Fala",
   "com_nav_settings": "Configurações",
   "com_nav_shared_links": "Links compartilhados",
-  "com_nav_show_code": "Sempre mostrar código ao usar o interpretador de código",
   "com_nav_show_thinking": "Menus suspensos de pensamento aberto por padrão",
   "com_nav_slash_command": "Comando /",
   "com_nav_slash_command_description": "Alternar comando \"/\" para selecionar um prompt via teclado",
@@ -635,7 +630,6 @@
   "com_ui_context": "Contexto",
   "com_ui_continue": "Continuar",
   "com_ui_continue_oauth": "Continuar com OAuth",
-  "com_ui_controls": "Controles",
   "com_ui_convo_delete_error": "Falha ao excluir conversa",
   "com_ui_copied": "Copiado!",
   "com_ui_copied_to_clipboard": "Copiado para a área de transferência",
@@ -697,9 +691,8 @@
   "com_ui_download_backup": "Baixar códigos de backup",
   "com_ui_download_backup_tooltip": "Antes de continuar, baixe seus códigos de backup. Você precisará deles para recuperar o acesso se perder seu dispositivo autenticador",
   "com_ui_download_error": "Erro ao baixar o arquivo. O arquivo pode ter sido excluído.",
-  "com_ui_drag_drop": "algo precisa ir aqui. estava vazio",
+  "com_ui_drag_drop": "Arraste arquivos aqui para anexá-los",
   "com_ui_dropdown_variables": "Variáveis de dropdown:",
-  "com_ui_dropdown_variables_info": "Crie menus dropdown personalizados para seus prompts: `{{nome_da_variável:opção1|opção2|opção3}}`",
   "com_ui_duplicate": "Duplicado",
   "com_ui_duplication_error": "Ocorreu um erro ao duplicar a conversa",
   "com_ui_duplication_processing": "Duplicando conversa...",
@@ -789,7 +782,6 @@
   "com_ui_instructions": "Instruções",
   "com_ui_key": "Chave",
   "com_ui_latest_footer": "Toda IA para Todos.",
-  "com_ui_latest_production_version": "Última versão de produção",
   "com_ui_latest_version": "Ultima versão",
   "com_ui_librechat_code_api_key": "Obtenha sua chave de API do LibreChat Code Interpreter",
   "com_ui_librechat_code_api_subtitle": "Seguro. Multi-idioma. Arquivos de entrada/saída.",
@@ -942,6 +934,7 @@
   "com_ui_upload_invalid": "Arquivo inválido para upload. Deve ser uma imagem não excedendo o limite",
   "com_ui_upload_invalid_var": "Arquivo inválido para upload. Deve ser uma imagem não excedendo {{0}} MB",
   "com_ui_upload_ocr_text": "Carregar como texto",
+  "com_ui_upload_provider": "Anexar Arquivos",
   "com_ui_upload_success": "Arquivo carregado com sucesso",
   "com_ui_upload_type": "Selecione o tipo de upload",
   "com_ui_use_2fa_code": "Use o código 2FA em vez disso",
@@ -949,7 +942,6 @@
   "com_ui_use_micrphone": "Usar microfone",
   "com_ui_used": "Usado",
   "com_ui_variables": "Variáveis",
-  "com_ui_variables_info": "Use chaves duplas no seu texto para criar variáveis, por exemplo, `{{exemplo de variável}}`, para preencher posteriormente ao usar o prompt.",
   "com_ui_verify": "Verificar",
   "com_ui_version_var": "Versão {{0}}",
   "com_ui_versions": "Versões",
diff --git a/client/src/locales/pt-PT/translation.json b/client/src/locales/pt-PT/translation.json
index c53717245e..a806fe7a9f 100644
--- a/client/src/locales/pt-PT/translation.json
+++ b/client/src/locales/pt-PT/translation.json
@@ -1,20 +1,35 @@
 {
+  "chat_direction_left_to_right": "algo precisa de ser feito aqui. estava vazio",
   "com_a11y_ai_composing": "A IA ainda está a escrever.",
   "com_a11y_end": "A IA terminou de responder.",
   "com_a11y_start": "A IA começou a responder.",
   "com_agents_agent_card_label": "{{name}} agente. {{description}}",
   "com_agents_all": "Todos os Agentes",
   "com_agents_all_category": "Todos",
+  "com_agents_all_description": "Procurar todos os agentes partilhados em todas as categorias",
   "com_agents_by_librechat": "por LibreChat",
+  "com_agents_category_aftersales": "Pós-venda",
+  "com_agents_category_aftersales_description": "Agentes especializados no apoio pós-venda, na manutenção e no serviço ao cliente",
+  "com_agents_category_empty": "Não foram encontrados agentes na categoria {{category}}",
   "com_agents_category_finance": "Finanças",
   "com_agents_category_finance_description": "Agentes especializados em análise financeira, orçamento e contabilidade",
   "com_agents_category_general": "Geral",
+  "com_agents_category_general_description": "Agentes de propósito geral para tarefas comuns e consultas",
   "com_agents_category_hr": "Recursos Humanos",
+  "com_agents_category_hr_description": "Agentes especializados em processos de RH, políticas e apoio aos colaboradores.",
   "com_agents_category_it": "TI",
+  "com_agents_category_it_description": "Agentes para suporte de TI, resolução de problemas técnicos e administração de sistemas",
+  "com_agents_category_rd": "Investigação e Desenvolvimento",
+  "com_agents_category_rd_description": "Agentes focados em processos de I&D, inovação e investigação técnica",
   "com_agents_category_sales": "Vendas",
+  "com_agents_category_sales_description": "Agentes focados em processos de vendas e relações com clientes",
+  "com_agents_category_tab_label": "categoria {{category}}, {{position}} de {{total}}",
+  "com_agents_category_tabs_label": "Categorias de Agentes",
+  "com_agents_clear_search": "Limpar pesquisa",
   "com_agents_code_interpreter": "Quando ativo, permite que os seus agentes usem a API de Interpretação de código do LibreChat para correr código gerado, inclusivé processamento de ficheiros em segurança. Requer uma chave API válida.",
   "com_agents_code_interpreter_title": "API de Interpretação de Código",
   "com_agents_contact": "Contacto",
+  "com_agents_copy_link": "Copiar Endereço",
   "com_agents_create_error": "Houve um erro ao criar seu agente.",
   "com_agents_created_by": "por",
   "com_agents_description_placeholder": "Opcional: Descreva seu Agente aqui",
@@ -66,7 +81,6 @@
   "com_agents_start_chat": "Iniciar Conversa",
   "com_agents_top_picks": "Principais Escolhas",
   "com_agents_update_error": "Houve um erro ao atualizar seu agente.",
-  "com_assistants_action_attempt": "Assistente quer falar com {{0}}",
   "com_assistants_actions": "Ações",
   "com_assistants_actions_disabled": "Você precisa criar um assistente antes de adicionar ações.",
   "com_assistants_actions_info": "Permita que seu Assistente recupere informações ou execute ações via API's",
@@ -76,7 +90,6 @@
   "com_assistants_allow_sites_you_trust": "Apenas permitir sites que confia.",
   "com_assistants_append_date": "Anexar Data e Hora Atual",
   "com_assistants_append_date_tooltip": "Quando ativado, a data e hora atual do cliente serão anexadas às instruções do sistema do assistente.",
-  "com_assistants_attempt_info": "O Assistente quer enviar o seguinte:",
   "com_assistants_available_actions": "Ações Disponíveis",
   "com_assistants_capabilities": "Capacidades",
   "com_assistants_code_interpreter": "Interpretador de Código",
@@ -91,7 +104,6 @@
   "com_assistants_delete_actions_error": "Houve um erro ao excluir a ação.",
   "com_assistants_delete_actions_success": "Ação excluída com sucesso do Assistente",
   "com_assistants_description_placeholder": "Opcional: Descreva seu Assistente aqui",
-  "com_assistants_domain_info": "Assistente enviou esta informação para {{0}}",
   "com_assistants_file_search": "Pesquisa de Arquivos",
   "com_assistants_file_search_info": "A pesquisa de arquivos permite que o assistente tenha conhecimento dos arquivos que você ou seus usuários carregam. Uma vez que um arquivo é carregado, o assistente decide automaticamente quando recuperar o conteúdo com base nas solicitações do usuário. Anexar armazenamentos vetoriais para Pesquisa de Arquivos ainda não é suportado. Você pode anexá-los no Playground do Provedor ou anexar arquivos às mensagens para pesquisa de arquivos em uma base de thread.",
   "com_assistants_function_use": "Assistente usou {{0}}",
@@ -250,7 +262,6 @@
   "com_endpoint_message_not_appendable": "Edite sua mensagem ou Regenerar.",
   "com_endpoint_my_preset": "Meu Preset",
   "com_endpoint_no_presets": "Ainda não há presets, use o botão de configurações para criar um",
-  "com_endpoint_open_menu": "Abrir Menu",
   "com_endpoint_openai_custom_name_placeholder": "Defina um nome personalizado para a IA",
   "com_endpoint_openai_detail": "A resolução para solicitações de Visão. \"Baixa\" é mais barata e rápida, \"Alta\" é mais detalhada e cara, e \"Auto\" escolherá automaticamente entre as duas com base na resolução da imagem.",
   "com_endpoint_openai_freq": "Número entre -2.0 e 2.0. Valores positivos penalizam novos tokens com base em sua frequência existente no texto até agora, diminuindo a probabilidade do modelo de repetir a mesma linha literalmente.",
@@ -432,7 +443,6 @@
   "com_nav_font_size_xl": "Extra Grande",
   "com_nav_font_size_xs": "Extra Pequeno",
   "com_nav_help_faq": "Ajuda & FAQ",
-  "com_nav_hide_panel": "Ocultar painel mais à direita",
   "com_nav_info_balance": "O saldo mostra quantos créditos de tokens tem disponíveis para usar. Os créditos de tokens traduzem-se em valor monetário (por exemplo, 1000 créditos = $0.001 USD)",
   "com_nav_info_code_artifacts": "Habilita a exibição de artefatos de código experimental ao lado do chat",
   "com_nav_info_code_artifacts_agent": "Permitir o uso de artefactos de código por este agente. Por defeito, instruções adicionais específicas ao uso de artefactos são adicionadas, caso o \"Modo de comando personalizado\" esteja ativo.",
@@ -517,7 +527,6 @@
   "com_nav_setting_speech": "Fala",
   "com_nav_settings": "Configurações",
   "com_nav_shared_links": "Links compartilhados",
-  "com_nav_show_code": "Sempre mostrar código ao usar o interpretador de código",
   "com_nav_show_thinking": "Abrir Dropdown de lógica por defeito.",
   "com_nav_slash_command": "Comando /",
   "com_nav_slash_command_description": "Alternar comando \"/\" para selecionar um prompt via teclado",
@@ -720,7 +729,6 @@
   "com_ui_context": "Contexto",
   "com_ui_continue": "Continuar",
   "com_ui_continue_oauth": "Continuar com OAuth",
-  "com_ui_controls": "Controles",
   "com_ui_convo_delete_error": "Falha ao eliminar conversa",
   "com_ui_copied": "Copiado!",
   "com_ui_copied_to_clipboard": "Copiado para a área de transferência",
@@ -788,9 +796,8 @@
   "com_ui_download_backup": "Descarregar cópia de segurança dos códigos",
   "com_ui_download_backup_tooltip": "Antes de continuar, transfira os seus códigos de segurança. Vai precisar deles para recuperar o acesso se perder o seu dispositivo autenticador",
   "com_ui_download_error": "Erro ao baixar o arquivo. O arquivo pode ter sido excluído.",
-  "com_ui_drag_drop": "algo precisa ir aqui. estava vazio",
+  "com_ui_drag_drop": "Arraste ficheiros aqui para os anexar",
   "com_ui_dropdown_variables": "Variáveis de dropdown:",
-  "com_ui_dropdown_variables_info": "Crie menus dropdown personalizados para seus prompts: `{{nome_da_variável:opção1|opção2|opção3}}`",
   "com_ui_duplicate": "Duplicar",
   "com_ui_duplication_error": "Ocorreu um erro ao duplicar esta conversa",
   "com_ui_duplication_processing": "A duplicar conversa...",
@@ -904,7 +911,6 @@
   "com_ui_key": "Chave",
   "com_ui_late_night": "Boa madrugada",
   "com_ui_latest_footer": "Toda IA para Todos.",
-  "com_ui_latest_production_version": "Última versão produtiva",
   "com_ui_latest_version": "Última versão",
   "com_ui_librechat_code_api_key": "Obtem a tua chave da API do Interpretador de código Librechat",
   "com_ui_librechat_code_api_subtitle": "Seguro. Multilíngua. Entrada/Saída de Ficheiros.",
@@ -914,6 +920,7 @@
   "com_ui_logo": "Logotipo {{0}}",
   "com_ui_low": "Baixo",
   "com_ui_manage": "Gerenciar",
+  "com_ui_marketplace": "Marketplace",
   "com_ui_marketplace_allow_use": "Permitir utilização do Mercado",
   "com_ui_max_tags": "O número máximo permitido é {{0}}, usando os valores mais recentes.",
   "com_ui_mcp_authenticated_success": "Servidor MCP '{{0}}' autenticado com sucesso",
@@ -1113,9 +1120,7 @@
   "com_ui_special_var_current_user": "Utilizador Atual",
   "com_ui_special_var_iso_datetime": "Data e Hora ISO UTC",
   "com_ui_special_variables": "Variáveis especiais:",
-  "com_ui_special_variables_more_info": "Pode selecionar variáveis especiais a partir da lista pendente: `{{current_date}}` (data atual e dia da semana), `{{current_datetime}}` (data e hora local), `{{utc_iso_datetime}}` (data e hora ISO UTC), e `{{current_user}}` (nome da sua conta).",
   "com_ui_speech_while_submitting": "Não é possível submeter fala enquanto a resposta está a ser gerada.",
-  "com_ui_sr_actions_menu": "Abrir menu de ações para \"{{0}}\"",
   "com_ui_stop": "Parar",
   "com_ui_storage": "Armazenamento",
   "com_ui_submit": "Enviar",
@@ -1141,7 +1146,6 @@
   "com_ui_travel": "Viajar",
   "com_ui_trust_app": "Confio nesta aplicação",
   "com_ui_try_adjusting_search": "Tente ajustar os seus termos de pesquisa",
-  "com_ui_ui_resources": "Recursos da Interface",
   "com_ui_unarchive": "Desarquivar",
   "com_ui_unarchive_error": "Falha ao desarquivar conversa",
   "com_ui_unavailable": "Indisponível",
@@ -1162,6 +1166,7 @@
   "com_ui_upload_invalid": "Arquivo inválido para upload. Deve ser uma imagem não excedendo o limite",
   "com_ui_upload_invalid_var": "Arquivo inválido para upload. Deve ser uma imagem não excedendo {{0}} MB",
   "com_ui_upload_ocr_text": "Carregar como texto",
+  "com_ui_upload_provider": "Anexar Ficheiros",
   "com_ui_upload_success": "Arquivo carregado com sucesso",
   "com_ui_upload_type": "Escolher tipo de Carregamento",
   "com_ui_usage": "Utilização",
@@ -1174,7 +1179,6 @@
   "com_ui_user_group_permissions": "Permissões de Utilizador e Grupo",
   "com_ui_value": "Valor",
   "com_ui_variables": "Variáveis",
-  "com_ui_variables_info": "Use chaves duplas no seu texto para criar variáveis, por exemplo, `{{exemplo de variável}}`, para preencher posteriormente ao usar o prompt.",
   "com_ui_verify": "Verificar",
   "com_ui_version_var": "Versão {{0}}",
   "com_ui_versions": "Versões",
diff --git a/client/src/locales/ru/translation.json b/client/src/locales/ru/translation.json
index db908c70cc..b71abadd15 100644
--- a/client/src/locales/ru/translation.json
+++ b/client/src/locales/ru/translation.json
@@ -8,6 +8,7 @@
   "com_agents_all": "Все агенты",
   "com_agents_all_category": "Все",
   "com_agents_all_description": "Посмотреть всех общих агентов по всем категориям",
+  "com_agents_avatar_upload_error": "Не удалось загрузить аватар агента",
   "com_agents_by_librechat": "от LibreChat",
   "com_agents_category_aftersales": "После продажи",
   "com_agents_category_aftersales_description": "Агенты специализирующиеся на послепродажной поддержке, техническом обслуживании и обслуживании клиентов.",
@@ -34,6 +35,7 @@
   "com_agents_copy_link": "Скопировать ссылку",
   "com_agents_create_error": "Произошла ошибка при создании вашего агента",
   "com_agents_created_by": "от",
+  "com_agents_description_card": "Описание: {{description}}",
   "com_agents_description_placeholder": "Необязательно: описание вашего агента",
   "com_agents_empty_state_heading": "Агенты не найдены",
   "com_agents_enable_file_search": "Включить поиск файлов",
@@ -97,7 +99,6 @@
   "com_agents_start_chat": "Начать чат",
   "com_agents_top_picks": "Лучший выбор",
   "com_agents_update_error": "Произошла ошибка при обновлении вашего агента.",
-  "com_assistants_action_attempt": "Ассистент хочет поговорить с {{0}}",
   "com_assistants_actions": "Действия",
   "com_assistants_actions_disabled": "Вам нужно сохранить ассистента, прежде чем добавлять Actions.",
   "com_assistants_actions_info": "Позвольте вашему ассистенту получать информацию или выполнять действия через API",
@@ -107,7 +108,6 @@
   "com_assistants_allow_sites_you_trust": "Разрешайте только сайты, которым доверяете.",
   "com_assistants_append_date": "Добавить текущую дату и время",
   "com_assistants_append_date_tooltip": "Когда включено, текущая дата и время клиента будут добавлены к инструкциям системы Ассистента.",
-  "com_assistants_attempt_info": "Ассистент хочет отправить следующее:",
   "com_assistants_available_actions": "Доступные действия",
   "com_assistants_capabilities": "Возможности",
   "com_assistants_code_interpreter": "Интерпретатор кода",
@@ -122,7 +122,6 @@
   "com_assistants_delete_actions_error": "Произошла ошибка при удалении действия.",
   "com_assistants_delete_actions_success": "Действие успешно удалено из ассистента",
   "com_assistants_description_placeholder": "Необязательно: описание вашего ассистента",
-  "com_assistants_domain_info": "Ассистент отправил эту информацию {{0}}",
   "com_assistants_file_search": "Поиск файлов",
   "com_assistants_file_search_info": "Прикрепление векторных хранилищ для Поиска по файлам пока не поддерживается. Вы можете прикрепить их из Песочницы провайдера или прикрепить файлы к сообщениям для поиска по файлам в отдельных диалогах.",
   "com_assistants_function_use": "Ассистент использовал {{0}}",
@@ -280,7 +279,6 @@
   "com_endpoint_message_not_appendable": "Отредактируйте свое сообщение или перегенерируйте.",
   "com_endpoint_my_preset": "Мой Пресет",
   "com_endpoint_no_presets": "Пока нет пресетов, используйте кнопку настроек чтобы создать его",
-  "com_endpoint_open_menu": "Открыть меню",
   "com_endpoint_openai_custom_name_placeholder": "Задайте кастомное имя для ChatGPT",
   "com_endpoint_openai_detail": "Разрешение для запросов Vision. \"Низкое\" - дешевле и быстрее, \"Высокое\" - более детализировано и дорогое, а \"Авто\" автоматически выберет один из двух вариантов в зависимости от разрешения изображения.",
   "com_endpoint_openai_freq": "Число от -2.0 до 2.0. Положительные значения штрафуют новые токены на основе их частоты в тексте до сих пор, уменьшая вероятность модели повторить ту же строку дословно.",
@@ -309,6 +307,7 @@
   "com_endpoint_preset_default_removed": "больше не пресет по умолчанию.",
   "com_endpoint_preset_delete_confirm": "Вы уверены, что хотите удалить этот пресет?",
   "com_endpoint_preset_delete_error": "Произошла ошибка при удалении вашего пресета. Пожалуйста, попробуйте еще раз.",
+  "com_endpoint_preset_delete_success": "Пресет успешно удалён",
   "com_endpoint_preset_import": "Пресет Импортирован!",
   "com_endpoint_preset_import_error": "Произошла ошибка при импорте вашего пресета. Пожалуйста, попробуйте еще раз.",
   "com_endpoint_preset_name": "Имя пресета",
@@ -377,7 +376,7 @@
   "com_files_number_selected": "Выбрано {{0}} из {{1}} файл(а/ов)",
   "com_files_preparing_download": "Подготовка загрузки...",
   "com_files_sharepoint_picker_title": "Выбрать файлы",
-  "com_files_table": "здесь должно быть что-то. было пусто",
+  "com_files_table": "Таблица файлов",
   "com_files_upload_local_machine": "С локального компьютера",
   "com_files_upload_sharepoint": "Из SharePoint",
   "com_generated_files": "Сгенерированные файлы:",
@@ -431,9 +430,11 @@
   "com_nav_close_sidebar": "Закрыть боковую панель",
   "com_nav_commands": "Команды",
   "com_nav_confirm_clear": "Подтвердить удаление",
+  "com_nav_control_panel": "Контрольная панель",
   "com_nav_conversation_mode": "Режим диалога",
   "com_nav_convo_menu_options": "Параметры диалога",
   "com_nav_db_sensitivity": "Чувствительность в децибелах",
+  "com_nav_default_temporary_chat": "Временный чат по умолчанию",
   "com_nav_delete_account": "Удалить аккаунт",
   "com_nav_delete_account_button": "Удалить аккаунт навсегда",
   "com_nav_delete_account_confirm": "Вы уверены, что хотите удалить аккаунт?",
@@ -462,11 +463,11 @@
   "com_nav_font_size_xl": "Очень большой",
   "com_nav_font_size_xs": "Очень мелкий",
   "com_nav_help_faq": "Помощь и Вопросы",
-  "com_nav_hide_panel": "Скрыть правую боковую панель",
   "com_nav_info_balance": "Баланс показывает, сколько токенов у вас осталось. Токены переводятся в денежную стоимость (например, 1000 токенов = 0,001 доллара США).",
   "com_nav_info_code_artifacts": "Включает отображение экспериментального программного кода рядом с чатом",
   "com_nav_info_code_artifacts_agent": "Включает использование артефактов кода для этого агента. По умолчанию добавляются дополнительные инструкции, связанные с использованием артефактов, если не включен режим «Пользовательский промт».",
   "com_nav_info_custom_prompt_mode": "При включении этого режима системный промт для создания артефактов по умолчанию не будет использован. Все инструкции для генерации артефактов должны задаваться вручную.",
+  "com_nav_info_default_temporary_chat": "Когда настройка включена, новый чат по умолчанию начнется в режиме временного чата. Временные чаты не сохраняются в вашей истории.",
   "com_nav_info_enter_to_send": "Если включено, нажатие клавиши Enter отправит ваше сообщение. Если отключено, Enter добавит новую строку, а для отправки сообщения нужно будет нажать CTRL + Enter или ⌘ + Enter.",
   "com_nav_info_fork_change_default": "«Только видимые сообщения» включает лишь прямой путь к выбранному сообщению. «Включить связанные ветки» добавляет ответвления вдоль этого пути. «Включить все сообщения до/от этой точки» охватывает все связанные сообщения и ветки.",
   "com_nav_info_fork_split_target_setting": "Если включено, ветвление будет выполняться от целевого сообщения до последнего сообщения в диалоге в соответствии с выбранным поведением.",
@@ -521,7 +522,14 @@
   "com_nav_long_audio_warning": "Обработка длинных текстов займет больше времени",
   "com_nav_maximize_chat_space": "Развернуть чат",
   "com_nav_mcp_configure_server": "Настроить {{0}}",
+  "com_nav_mcp_connect": "Подключится",
+  "com_nav_mcp_connect_server": "Подключится к {{0}}",
+  "com_nav_mcp_reconnect": "Переподключиться",
+  "com_nav_mcp_status_connected": "Подключен",
   "com_nav_mcp_status_connecting": "{{0}} - подключение",
+  "com_nav_mcp_status_disconnected": "Отключен",
+  "com_nav_mcp_status_error": "Ошибка",
+  "com_nav_mcp_status_needs_auth": "Требуется аутентификация",
   "com_nav_mcp_vars_update_error": "Ошибка при обновлении пользовательских переменных MCP",
   "com_nav_mcp_vars_updated": "Пользовательские переменные MCP успешно обновлены.",
   "com_nav_modular_chat": "Разрешить менять точки подключения в середине разговора",
@@ -549,7 +557,6 @@
   "com_nav_setting_speech": "Голос",
   "com_nav_settings": "Настройки",
   "com_nav_shared_links": "Связываемые ссылки",
-  "com_nav_show_code": "Всегда показывать код при использовании интерпретатора",
   "com_nav_show_thinking": "Открывать блоки рассуждений по умолчанию",
   "com_nav_slash_command": "/-Команда",
   "com_nav_slash_command_description": "Вызов командной строки клавишей '/' для выбора промта с клавиатуры",
@@ -610,14 +617,18 @@
   "com_ui_action_button": "Кнопка действия",
   "com_ui_active": "Активный",
   "com_ui_add": "Добавить",
+  "com_ui_add_first_mcp_server": "Создайте ваш первый MCP сервер",
+  "com_ui_add_first_prompt": "Создайте ваш первый промт",
   "com_ui_add_mcp": "Добавить MCP",
   "com_ui_add_mcp_server": "Добавить MCP сервер",
   "com_ui_add_model_preset": "Добавить модель или пресет для дополнительного ответа",
   "com_ui_add_multi_conversation": "Добавить несколько бесед",
   "com_ui_adding_details": "Добавление деталей",
+  "com_ui_additional_details": "Дополнительные детали",
   "com_ui_admin": "Администратор",
   "com_ui_admin_access_warning": "Отключение административного доступа к этой функции может вызвать непредвиденные проблемы с интерфейсом, требующие обновления страницы. После сохранения изменений вернуть настройку можно будет только через параметр interface в конфигурационном файле librechat.yaml, что повлияет на все роли.",
   "com_ui_admin_settings": "Настройки администратора",
+  "com_ui_admin_settings_section": "Настройки администратора - {{section}}",
   "com_ui_advanced": "Расширенные",
   "com_ui_advanced_settings": "Дополнительные настройки",
   "com_ui_agent": "Агент",
@@ -729,6 +740,9 @@
   "com_ui_bookmarks_title": "Заголовок",
   "com_ui_bookmarks_update_error": "Произошла ошибка при обновлении закладки",
   "com_ui_bookmarks_update_success": "Закладка успешно обновлена",
+  "com_ui_branch_created": "Ветка успешно создана",
+  "com_ui_branch_error": "Не удалось создать ветку",
+  "com_ui_branch_message": "Создать ветку из этого ответа",
   "com_ui_callback_url": "URL обратного вызова",
   "com_ui_cancel": "Отмена",
   "com_ui_cancelled": "Отменен",
@@ -736,8 +750,11 @@
   "com_ui_change_version": "Изменить версию",
   "com_ui_chat": "Чат",
   "com_ui_chat_history": "История чатов",
+  "com_ui_check_internet": "Проверьте ваше интернет-соединение",
   "com_ui_clear": "Удалить",
   "com_ui_clear_all": "Очистить всё",
+  "com_ui_clear_browser_cache": "Очистите кэш вашего браузера",
+  "com_ui_clear_presets": "Очистить пресеты",
   "com_ui_click_to_close": "Нажмите для закрытия",
   "com_ui_client_id": "ID клиента",
   "com_ui_client_secret": "Секрет клиента",
@@ -746,7 +763,9 @@
   "com_ui_close_settings": "Закрыть настройки",
   "com_ui_close_window": "Закрыть окно\n",
   "com_ui_code": "Код",
+  "com_ui_collapse": "Свернуть",
   "com_ui_collapse_chat": "Свернуть чат",
+  "com_ui_collapse_thoughts": "Свернуть размышления",
   "com_ui_command_placeholder": "Необязательно: введите команду для промта или будет использовано название",
   "com_ui_command_usage_placeholder": "Выберите промпт по команде или названию",
   "com_ui_complete_setup": "Завершить настройку",
@@ -757,14 +776,18 @@
   "com_ui_confirm_admin_use_change": "Изменение этого параметра заблокирует доступ для администраторов, включая вас. Вы уверены, что хотите продолжить?",
   "com_ui_confirm_change": "Подтвердить изменения",
   "com_ui_connecting": "Соединение",
+  "com_ui_contact_admin_if_issue_persists": "Свяжитесь с администратором, если проблема останется",
   "com_ui_context": "Контекст",
   "com_ui_continue": "Продолжить",
   "com_ui_continue_oauth": "Продолжить с OAuth",
-  "com_ui_controls": "Управление",
+  "com_ui_conversation": "беседа",
+  "com_ui_conversations": "беседы",
+  "com_ui_convo_archived": "Беседа заархивирована",
   "com_ui_convo_delete_error": "Не удалось удалить чат",
   "com_ui_convo_delete_success": "Чат успешно удален",
   "com_ui_copied": "Скопировано",
   "com_ui_copied_to_clipboard": "Скопировано в буфер обмена",
+  "com_ui_copy": "Скопировать",
   "com_ui_copy_code": "Копировать код",
   "com_ui_copy_link": "Скопировать ссылку",
   "com_ui_copy_stack_trace": "Скопировать трассировку стека",
@@ -772,8 +795,10 @@
   "com_ui_copy_to_clipboard": "Копировать в буфер обмена",
   "com_ui_copy_url_to_clipboard": "Скопировать ссылку в буфер обмена",
   "com_ui_create": "Создать",
+  "com_ui_create_assistant": "Создать ассистента",
   "com_ui_create_link": "Создать ссылку",
   "com_ui_create_memory": "Очистить   память",
+  "com_ui_create_new_agent": "Создать нового агента",
   "com_ui_create_prompt": "Создать промт",
   "com_ui_creating_image": "Создается изображение. Подождите немного.",
   "com_ui_current": "Текущий",
@@ -781,6 +806,7 @@
   "com_ui_custom": "Настраиваемый",
   "com_ui_custom_header_name": "Настраиваемое имя заголовка",
   "com_ui_custom_prompt_mode": "Режим пользовательского промта",
+  "com_ui_dark_theme_enabled": "Включена темная тема",
   "com_ui_dashboard": "Главная панель",
   "com_ui_date": "Дата",
   "com_ui_date_april": "Апрель",
@@ -797,6 +823,7 @@
   "com_ui_date_previous_30_days": "За последние 30 дней",
   "com_ui_date_previous_7_days": "Предыдущие 7 дней",
   "com_ui_date_september": "Сентябрь",
+  "com_ui_date_sort": "Сорти",
   "com_ui_date_today": "Сегодня",
   "com_ui_date_yesterday": "Вчера",
   "com_ui_decline": "Не принимаю",
@@ -804,14 +831,18 @@
   "com_ui_delete": "Удалить",
   "com_ui_delete_action": "Удалить действие",
   "com_ui_delete_action_confirm": "Вы действительно хотите удалить это действие?",
+  "com_ui_delete_agent": "Удалить агента",
   "com_ui_delete_agent_confirm": "Вы действительно хотите удалить этого агента?",
+  "com_ui_delete_assistant": "Уд",
   "com_ui_delete_assistant_confirm": "Вы действительно хотите удалить этого ассистента? Это действие необратимо.",
   "com_ui_delete_confirm": "Будет удален следующий чат: ",
   "com_ui_delete_confirm_prompt_version_var": "Это действие удалит выбранную версию для '{{0}}'. Если других версий не существует, промт будет полностью удален.",
   "com_ui_delete_conversation": "Удалить чат?",
   "com_ui_delete_memory": "Удалить память",
   "com_ui_delete_not_allowed": "Операция удаления не допускается",
+  "com_ui_delete_preset": "Удалить пресет?",
   "com_ui_delete_prompt": "Удалить промт?",
+  "com_ui_delete_prompt_name": "Удалить промпт - {{name}}",
   "com_ui_delete_shared_link": "Удалить общую ссылку?",
   "com_ui_delete_success": "Успешное удаление",
   "com_ui_delete_tool": "Удалить инструмент",
@@ -826,6 +857,7 @@
   "com_ui_deselect_all": "Отменить выбор всего",
   "com_ui_detailed": "Подробно",
   "com_ui_disabling": "Отключение...",
+  "com_ui_done": "Готово",
   "com_ui_download": "Скачать",
   "com_ui_download_artifact": "Скачать артифакт",
   "com_ui_download_backup": "Скачать резервные коды",
@@ -834,8 +866,8 @@
   "com_ui_download_error_logs": "Скачать логи ошибок",
   "com_ui_drag_drop": "Перетащите любой файл сюда, чтобы добавить его в разговор",
   "com_ui_dropdown_variables": "Выпадающие переменные:",
-  "com_ui_dropdown_variables_info": "Создавайте пользовательские выпадающие списки для ваших промптов: `{{название_переменной:вариант1|вариант2|вариант3}}`",
   "com_ui_duplicate": "Дублировать",
+  "com_ui_duplicate_agent": "Дублировать агента",
   "com_ui_duplication_error": "Не удалось создать копию разговора",
   "com_ui_duplication_processing": "Создание копии беседы...",
   "com_ui_duplication_success": "Разговор успешно скопирован",
@@ -850,16 +882,22 @@
   "com_ui_endpoint_menu": "Меню настроек LLM",
   "com_ui_enter": "Ввести",
   "com_ui_enter_api_key": "Введите API-ключ",
+  "com_ui_enter_description": "Введите описание (опционально)",
   "com_ui_enter_key": "Вставьте ключ",
+  "com_ui_enter_name": "Вве",
   "com_ui_enter_openapi_schema": "Введите вашу OpenAPI схему",
   "com_ui_enter_value": "Вставьте значение",
   "com_ui_error": "Ошибка",
   "com_ui_error_connection": "Ошибка подключения к серверу. Попробуйте обновить страницу.",
+  "com_ui_error_message_prefix": "Сообщение об ошибке:",
   "com_ui_error_save_admin_settings": "Произошла ошибка при сохранении настроек администратора",
+  "com_ui_error_try_following_prefix": "Пожалуйста, попробуйте следующее",
+  "com_ui_error_unexpected": "Ой, что-то пошло не так",
   "com_ui_error_updating_preferences": "Ошибка при обновлении настроек\n",
   "com_ui_everyone_permission_level": "Уровень разрешений для всех",
   "com_ui_examples": "Примеры",
   "com_ui_expand_chat": "Развернуть чат",
+  "com_ui_expand_thoughts": "Развернуть размышления",
   "com_ui_export_convo_modal": "Экспорт беседы",
   "com_ui_feedback_more": "Больше...",
   "com_ui_feedback_more_information": "Предоставить дополнительную обратную связь",
@@ -884,6 +922,7 @@
   "com_ui_file_token_limit": "Ограничение на количество токенов файла",
   "com_ui_file_token_limit_desc": "Установите максимальный лимит токенов для обработки файлов, чтобы контролировать затраты и использование ресурсов.",
   "com_ui_files": "Файлы",
+  "com_ui_filter_mcp_servers": "Отфильтровать MCP сервер по имени",
   "com_ui_filter_prompts": "Фильтр промтов",
   "com_ui_filter_prompts_name": "Фильтровать промты по названию",
   "com_ui_final_touch": "Финальные штрихи",
@@ -926,6 +965,8 @@
   "com_ui_good_morning": "Доброе утро",
   "com_ui_group": "Группа",
   "com_ui_happy_birthday": "Это мой первый день рождения!",
+  "com_ui_header_format": "Формат заголовка",
+  "com_ui_hide_code": "Спрятать код",
   "com_ui_hide_image_details": "Скрыть детали изображения",
   "com_ui_hide_password": "Скрыть пароль",
   "com_ui_hide_qr": "Скрыть QR код",
@@ -943,6 +984,7 @@
   "com_ui_import_conversation_info": "Импортировать беседы из файла JSON",
   "com_ui_import_conversation_success": "Беседы успешно импортированы",
   "com_ui_import_conversation_upload_error": "Ошибка загрузки файла. Попробуйте снова.",
+  "com_ui_importing": "Импортирование",
   "com_ui_include_shadcnui": "Включить компоненты shadcn/ui",
   "com_ui_initializing": "Инициализация...",
   "com_ui_input": "Ввод",
@@ -951,11 +993,14 @@
   "com_ui_key_required": "Необходим API-ключ ",
   "com_ui_late_night": "Доброй ночи",
   "com_ui_latest_footer": "Искусственный интеллект для каждого",
-  "com_ui_latest_production_version": "Последняя рабочая версия",
   "com_ui_latest_version": "Последняя версия",
+  "com_ui_leave_blank_to_keep": "Оставьте пустым, чтобы оставить текущую запись",
   "com_ui_librechat_code_api_key": "Получить ключ API интерпретатора кода LibreChat",
   "com_ui_librechat_code_api_subtitle": "Безопасно. Многоязычно. Работа с файлами.",
   "com_ui_librechat_code_api_title": "Запустить AI-код",
+  "com_ui_light_theme_enabled": "Светлая тема включена",
+  "com_ui_link_copied": "Ссылка скопирована",
+  "com_ui_link_refreshed": "Ссылка обновлена",
   "com_ui_loading": "Загрузка...",
   "com_ui_locked": "Заблокировано",
   "com_ui_logo": "Логотип {{0}}",
@@ -975,6 +1020,7 @@
   "com_ui_mcp_oauth_cancelled": "Вход через OAuth отменен для {{0}}",
   "com_ui_mcp_oauth_timeout": "Время ожидания входа в систему OAuth истекло для {{0}}",
   "com_ui_mcp_servers": "MCP серверы",
+  "com_ui_mcp_type_sse": "SSE",
   "com_ui_mcp_update_var": "Обновление {{0}}",
   "com_ui_mcp_url": "URL-адрес сервера MCP",
   "com_ui_medium": "Средний",
@@ -992,12 +1038,14 @@
   "com_ui_memory_deleted_items": "Удаленные воспоминания",
   "com_ui_memory_error": "Ошибка памяти",
   "com_ui_memory_key_exists": "Память с этим ключом уже существует. Пожалуйста, используйте другой ключ.",
+  "com_ui_memory_key_hint": "Используйте строчные буквы и символ подчеркивания",
   "com_ui_memory_key_validation": "Ключ памяти должен содержать только строчные буквы и символы подчеркивания.",
   "com_ui_memory_storage_full": "Память заполнена",
   "com_ui_memory_updated": "Обновленная сохраненная память",
   "com_ui_memory_updated_items": "Обновленные воспоминания",
   "com_ui_memory_would_exceed": "Невозможно сохранить — превышение лимита на {{tokens}} токенов. Удалите существующие воспоминания, чтобы освободить место.",
   "com_ui_mention": "Упомянуть конечную точку, помощника или предустановку для быстрого переключения",
+  "com_ui_microphone_unavailable": "Микрофон не доступен",
   "com_ui_min_tags": "Нельзя удалить больше значений, требуется минимум {{0}}.",
   "com_ui_minimal": "Минимальный",
   "com_ui_misc": "Разное",
@@ -1006,6 +1054,7 @@
   "com_ui_more_info": "Подробнее",
   "com_ui_my_prompts": "Мои промты",
   "com_ui_name": "Имя",
+  "com_ui_name_sort": "Отсортировать по имени",
   "com_ui_new": "Новый",
   "com_ui_new_chat": "Создать чат",
   "com_ui_new_conversation_title": "Название нового чата",
@@ -1039,7 +1088,9 @@
   "com_ui_off": "Выкл.",
   "com_ui_offline": "В автономном режиме",
   "com_ui_on": "Вкл.",
+  "com_ui_open_var": "Открыть {{0}}",
   "com_ui_openai": "OpenAI",
+  "com_ui_opens_new_tab": "(",
   "com_ui_optional": "(по желанию)",
   "com_ui_page": "Страница",
   "com_ui_people": "люди",
@@ -1069,6 +1120,7 @@
   "com_ui_provider": "Провайдер",
   "com_ui_quality": "Качество",
   "com_ui_read_aloud": "Прочитать вслух",
+  "com_ui_redirect_uri_instructions": "Скопируйте этот URI и используйте его в настройках вашего OAuth провайдера.",
   "com_ui_redirecting_to_provider": "Перенаправление на {{0}}, пожалуйста, подождите...",
   "com_ui_reference_saved_memories": "Ссылка на сохраненную память",
   "com_ui_reference_saved_memories_description": "Разрешить помощнику ссылаться на сохраненную память и использовать её при ответе",
@@ -1087,11 +1139,13 @@
   "com_ui_rename_prompt": "Переименовать промт",
   "com_ui_requires_auth": "Требуется аутентификация",
   "com_ui_reset": "Сбросить",
+  "com_ui_reset_adjustments": "Сбросить настройки",
   "com_ui_reset_var": "Сбросить {{0}}",
   "com_ui_reset_zoom": "Сбросить масштаб",
   "com_ui_resource": "ресурс",
   "com_ui_response": "Ответ",
   "com_ui_result": "Результат",
+  "com_ui_retry": "Повторить",
   "com_ui_revoke": "Отозвать",
   "com_ui_revoke_info": "Отозвать все предоставленные учетные данные",
   "com_ui_revoke_key_confirm": "Вы действительно хотите отозвать этот ключ?",
@@ -1133,6 +1187,7 @@
   "com_ui_seconds": "секунды",
   "com_ui_secret_key": "Секретный ключ",
   "com_ui_select": "Выбрать",
+  "com_ui_select_agent": "Выб",
   "com_ui_select_all": "Выбрать все",
   "com_ui_select_file": "Выберите файл",
   "com_ui_select_model": "Выберите модель",
@@ -1141,6 +1196,7 @@
   "com_ui_select_provider": "Выберите провайдера",
   "com_ui_select_provider_first": "Сначала выберите провайдера",
   "com_ui_select_region": "Выберите регион",
+  "com_ui_select_row": "Выберите строку",
   "com_ui_select_search_model": "Поиск модели по названию",
   "com_ui_select_search_provider": "Поиск провайдера по названию",
   "com_ui_select_search_region": "Поиск региона по названию",
@@ -1159,20 +1215,23 @@
   "com_ui_shared_prompts": "Общие промты",
   "com_ui_shop": "Покупки",
   "com_ui_show_all": "Показать все",
+  "com_ui_show_code": "Показать код",
   "com_ui_show_image_details": "Показать детали изображения",
   "com_ui_show_password": "Показать пароль",
   "com_ui_show_qr": "Показать QR код",
   "com_ui_sign_in_to_domain": "Вход в {{0}}",
   "com_ui_simple": "Простой",
   "com_ui_size": "Размер",
+  "com_ui_size_sort": "Отсортировать по размеру",
   "com_ui_special_var_current_date": "Текущая дата",
   "com_ui_special_var_current_datetime": "Текущая дата и время",
   "com_ui_special_var_current_user": "Текущий пользователь",
   "com_ui_special_var_iso_datetime": "Дата и время в формате UTC ISO",
   "com_ui_special_variables": "Специальные переменные:",
-  "com_ui_special_variables_more_info": "Вы можете выбрать специальные переменные из выпадающего списка: `{{current_date}}` (сегодняшняя дата и день недели), `{{current_datetime}}` (местные дата и время), `{{utc_iso_datetime}}` (дата и время в формате UTC ISO), `{{current_user}}` (имя вашего аккаунта).",
+  "com_ui_speech_not_supported": "Ваш браузер не поддерживает распознование голоса.",
+  "com_ui_speech_not_supported_use_external": "Ваш браузер не поддерживает распознование голоса. Попробуйте переключить на внешний STT (speech to text) в Настройки > Речь.",
   "com_ui_speech_while_submitting": "Невозможно отправить голосовой ввод во время генерации ответа",
-  "com_ui_sr_actions_menu": "Открыть меню действий для \"{{0}}\"",
+  "com_ui_status_prefix": "Статус:",
   "com_ui_stop": "Остановить генерацию",
   "com_ui_storage": "Хранилище",
   "com_ui_submit": "Отправить",
@@ -1198,7 +1257,6 @@
   "com_ui_travel": "Путешествия",
   "com_ui_trust_app": "Я доверяю приложению",
   "com_ui_try_adjusting_search": "Попробуйте изменить условия поиска",
-  "com_ui_ui_resources": "Ресурсы пользовательского интерфейса",
   "com_ui_unarchive": "разархивировать",
   "com_ui_unarchive_error": "Не удалось восстановить чат из архива",
   "com_ui_unavailable": "Недоступно",
@@ -1232,7 +1290,6 @@
   "com_ui_user_group_permissions": "Права пользователей и групп",
   "com_ui_value": "Значение",
   "com_ui_variables": "Переменные",
-  "com_ui_variables_info": "Используйте двойные фигурные скобки в тексте для создания переменных, например `{{пример переменной}}`, чтобы заполнить их позже при использовании промта.",
   "com_ui_verify": "Проверить",
   "com_ui_version_var": "Версия {{0}}",
   "com_ui_versions": "Версии",
diff --git a/client/src/locales/sl/translation.json b/client/src/locales/sl/translation.json
index cc0778c1d6..9f39ec4d56 100644
--- a/client/src/locales/sl/translation.json
+++ b/client/src/locales/sl/translation.json
@@ -9,9 +9,7 @@
   "com_agents_all_category": "Vsi",
   "com_agents_all_description": "Prebrskajte vse agente v skupni rabi v vseh kategorijah",
   "com_agents_avatar_upload_error": "Nalaganje avatarja agenta ni uspelo",
-  "com_assistants_action_attempt": "Pomočnik želi govoriti z {{0}}",
   "com_assistants_allow_sites_you_trust": "Dovolite samo spletna mesta, ki jim zaupate.",
-  "com_assistants_attempt_info": "Pomočnik želi poslati naslednje:",
   "com_ui_api_key": "Ključ API-ja",
   "com_ui_auth_type": "Vrsta avtorizacije",
   "com_ui_auth_url": "URL za avtorizacijo",
diff --git a/client/src/locales/sv/translation.json b/client/src/locales/sv/translation.json
index 5478dc631f..cfa3f7bb34 100644
--- a/client/src/locales/sv/translation.json
+++ b/client/src/locales/sv/translation.json
@@ -4,7 +4,9 @@
   "com_a11y_ai_composing": "AI:n komponerar fortfarande.",
   "com_a11y_end": "AI har avslutat sitt svar.",
   "com_a11y_start": "AI har påbörjat sitt svar.",
+  "com_agents_all": "Alla agenter",
   "com_agents_all_category": "Alla",
+  "com_agents_all_description": "Bläddra bland alla delade agenter i alla kategorier",
   "com_agents_by_librechat": "av LibreChat",
   "com_agents_category_aftersales": "Efter försäljningen",
   "com_agents_category_aftersales_description": "Agenter som är specialiserade på support, underhåll och kundservice efter försäljning",
@@ -87,7 +89,6 @@
   "com_agents_start_chat": "Börja chatta",
   "com_agents_top_picks": "Toppval",
   "com_agents_update_error": "Det uppstod ett fel när din agent uppdaterades.",
-  "com_assistants_action_attempt": "Assistenten vill prata med {{0}}",
   "com_assistants_actions": "Åtgärder",
   "com_assistants_actions_disabled": "Du behöver skapa en assistent innan du kan lägga till åtgärder.",
   "com_assistants_actions_info": "Låt din assistent hämta information eller vidta åtgärder via API:er",
@@ -97,7 +98,6 @@
   "com_assistants_allow_sites_you_trust": "Tillåt bara webbplatser du litar på.",
   "com_assistants_append_date": "Lägg till aktuellt datum och tid",
   "com_assistants_append_date_tooltip": "När detta är aktiverat kommer aktuellt datum och tid hos klienten läggas till i instruktionerna för hjälpsystemet.",
-  "com_assistants_attempt_info": "Assistenten vill skicka följande:",
   "com_assistants_available_actions": "Tillgängliga åtgärder",
   "com_assistants_capabilities": "Förmågor",
   "com_assistants_code_interpreter": "Kodtolkare",
@@ -112,7 +112,6 @@
   "com_assistants_delete_actions_error": "Det uppstod ett fel vid borttagningen av funktionen.",
   "com_assistants_delete_actions_success": "Funktionen borttagen från assistenten",
   "com_assistants_description_placeholder": "Valfritt: Beskriv din assistent",
-  "com_assistants_domain_info": "Assistenten skickade denna information till {{0}}",
   "com_assistants_file_search": "Filsökning",
   "com_assistants_file_search_info": "Filsökning gör det möjligt för assistenten att hämta kunskap från filer som du eller dina användare laddar upp. När en fil har laddats upp bestämmer assistenten automatiskt när den ska hämta innehåll baserat på användarens begäran. Det finns ännu inget stöd för att bifoga vektor-lager för filsökning. Du kan bifoga dem från Provider Playground eller bifoga filer till meddelanden för filsökning per tråd.",
   "com_assistants_function_use": "Assistent använde {{0}}",
@@ -245,7 +244,6 @@
   "com_endpoint_message_not_appendable": "Redigera ditt meddelande eller återskapa.",
   "com_endpoint_my_preset": "Min förinställning",
   "com_endpoint_no_presets": "Ingen förinställning ännu",
-  "com_endpoint_open_menu": "Öppna meny",
   "com_endpoint_openai_custom_name_placeholder": "Ange ett eget namn för ChatGPT",
   "com_endpoint_openai_freq": "Nummer mellan -2,0 och 2,0. Positiva värden minskar nya tokens baserat på deras befintliga frekvens i texten hittills, vilket minskar modellens sannolikhet att upprepa samma rad ordagrant.",
   "com_endpoint_openai_max": "Max tokens att generera. Den totala längden på tokens för inmatning och svar är begränsad av modellen som används.",
diff --git a/client/src/locales/th/translation.json b/client/src/locales/th/translation.json
index 14a0b057ad..be2fbc7e24 100644
--- a/client/src/locales/th/translation.json
+++ b/client/src/locales/th/translation.json
@@ -32,7 +32,6 @@
   "com_agents_search_info": "เมื่อเปิดใช้งานแล้ว เอเจนต์องคุณจะสามารถค้นหาข้อมูลล่าสุดบนเว็บได้ ต้องมีรหัส API ที่ถูกต้อง",
   "com_agents_search_name": "ค้นหาเอเจนต์ตามชื่อ",
   "com_agents_update_error": "เกิดข้อผิดพลาดในการอัปเดตเอเจนต์ของคุณ",
-  "com_assistants_action_attempt": "ผู้ช่วยต้องการสนทนากับ {{0}}",
   "com_assistants_actions": "การดำเนินการ",
   "com_assistants_actions_disabled": "คุณต้องสร้างผู้ช่วยก่อนที่จะเพิ่มการดำเนินการ",
   "com_assistants_actions_info": "อนุญาตให้ผู้ช่วยของคุณดึงข้อมูลหรือดำเนินการผ่าน API ต่างๆ",
@@ -41,7 +40,6 @@
   "com_assistants_allow_sites_you_trust": "อนุญาตเฉพาะเว็บไซต์ที่คุณเชื่อถือเท่านั้น",
   "com_assistants_append_date": "เพิ่มวันที่และเวลาปัจจุบัน",
   "com_assistants_append_date_tooltip": "เมื่อเปิดใช้งาน วันที่และเวลาปัจจุบันของเครื่องผู้ใช้จะถูกเพิ่มเข้าไปในคำสั่งระบบของผู้ช่วย",
-  "com_assistants_attempt_info": "ผู้ช่วยต้องการส่งข้อความต่อไปนี้:",
   "com_assistants_available_actions": "การดำเนินการที่ใช้ได้",
   "com_assistants_capabilities": "ความสามารถ",
   "com_assistants_code_interpreter": "ตัวแปลโค้ด",
@@ -56,7 +54,6 @@
   "com_assistants_delete_actions_error": "เกิดข้อผิดพลาดในการลบการดำเนินการ",
   "com_assistants_delete_actions_success": "ลบการดำเนินการออกจากผู้ช่วยสำเร็จแล้ว",
   "com_assistants_description_placeholder": "ตัวเลือกเพิ่มเติม: อธิบายผู้ช่วยของคุณที่นี่",
-  "com_assistants_domain_info": "ผู้ช่วยส่งข้อมูลนี้ไปยัง {{0}}",
   "com_assistants_file_search": "ค้นหาไฟล์",
   "com_assistants_file_search_info": "การค้นหาไฟล์ช่วยให้ผู้ช่วยมีความรู้จากไฟล์ที่คุณหรือผู้ใช้ของคุณอัปโหลด เมื่ออัปโหลดไฟล์แล้ว ผู้ช่วยจะตัดสินใจโดยอัตโนมัติว่าเมื่อใดควรดึงเนื้อหาตามคำขอของผู้ใช้ ยังไม่รองรับการเชื่อมต่อ vector stores สำหรับการค้นหาไฟล์ คุณสามารถเชื่อมต่อได้จาก Provider Playground หรือแนบไฟล์ไปกับข้อความสำหรับการค้นหาไฟล์บนพื้นฐานของเธรด",
   "com_assistants_function_use": "ผู้ช่วยใช้ {{0}}",
@@ -212,7 +209,6 @@
   "com_endpoint_message_not_appendable": "แก้ไขข้อความของคุณหรือสร้างใหม่",
   "com_endpoint_my_preset": "ค่าที่กำหนดไว้ล่วงหน้าของฉัน",
   "com_endpoint_no_presets": "ยังไม่มีค่าที่กำหนดไว้ล่วงหน้า ใช้ปุ่มการตั้งค่าเพื่อสร้าง",
-  "com_endpoint_open_menu": "เปิดเมนู",
   "com_endpoint_openai_custom_name_placeholder": "ตั้งชื่อที่กำหนดเองสำหรับ AI",
   "com_endpoint_openai_detail": "ความละเอียดสำหรับคำขอ Vision \"ต่ำ\" ถูกกว่าและเร็วกว่า \"สูง\" มีรายละเอียดมากกว่าและแพงกว่า และ \"อัตโนมัติ\" จะเลือกระหว่างสองอย่างโดยอัตโนมัติตามความละเอียดของภาพ",
   "com_endpoint_openai_freq": "ตัวเลขระหว่าง -2.0 และ 2.0 ค่าบวกลงโทษโทเค็นใหม่ตามความถี่ที่มีอยู่ในข้อความจนถึงขณะนี้ ลดความน่าจะเป็นที่โมเดลจะทำซ้ำบรรทัดเดิมโดยตรง",
@@ -339,7 +335,6 @@
   "com_nav_font_size_xl": "ใหญ่พิเศษ",
   "com_nav_font_size_xs": "เล็กพิเศษ",
   "com_nav_help_faq": "ความช่วยเหลือและคำถามที่พบบ่อย",
-  "com_nav_hide_panel": "ซ่อนแผงด้านขวาสุด",
   "com_nav_info_code_artifacts": "เปิดใช้งานการแสดงสิ่งประดิษฐ์โค้ดทดลองข้างแชท",
   "com_nav_info_code_artifacts_agent": "เปิดใช้งานการใช้สิ่งประดิษฐ์โค้ดสำหรับเอเจนต์นี้ โดยค่าเริ่มต้น คำแนะนำเพิ่มเติมเฉพาะสำหรับการใช้สิ่งประดิษฐ์จะถูกเพิ่ม เว้นแต่จะเปิดใช้งาน \"โหมดพรอมต์แบบกำหนดเอง\"",
   "com_nav_info_custom_prompt_mode": "เมื่อเปิดใช้งาน พรอมต์ระบบสิ่งประดิษฐ์เริ่มต้นจะไม่ถูกรวม คำแนะนำทั้งหมดในการสร้างสิ่งประดิษฐ์ต้องถูกระบุด้วยตนเองในโหมดนี้",
@@ -401,7 +396,6 @@
   "com_nav_setting_speech": "คำพูด",
   "com_nav_settings": "ตั้งค่า",
   "com_nav_shared_links": "ลิงก์ที่แชร์",
-  "com_nav_show_code": "แสดงโค้ดเสมอเมื่อใช้ตัวแปลโค้ด",
   "com_nav_show_thinking": "เปิดเมนูแบบเลื่อนลงการคิดโดยค่าเริ่มต้น",
   "com_nav_slash_command": "คำสั่ง /",
   "com_nav_slash_command_description": "สลับคำสั่ง \"/\" สำหรับเลือกพรอมต์ผ่านแป้นพิมพ์",
@@ -548,7 +542,6 @@
   "com_ui_context": "บริบท",
   "com_ui_continue": "ดำเนินการต่อ",
   "com_ui_continue_oauth": "ดำเนินการต่อด้วย OAuth",
-  "com_ui_controls": "ตัวควบคุม",
   "com_ui_convo_delete_error": "การลบการสนทนาล้มเหลว",
   "com_ui_convo_delete_success": "ลบการสนทนาสำเร็จแล้ว",
   "com_ui_copied": "คัดลอกแล้ว!",
@@ -611,7 +604,6 @@
   "com_ui_download_error": "เกิดข้อผิดพลาดในการดาวน์โหลดไฟล์ ไฟล์อาจถูกลบไปแล้ว",
   "com_ui_drag_drop": "วางไฟล์ใดๆ ที่นี่เพื่อเพิ่มลงในการสนทนา",
   "com_ui_dropdown_variables": "ตัวแปรดรอปดาวน์:",
-  "com_ui_dropdown_variables_info": "สร้างเมนูดรอปดาวน์ที่กำหนดเองสำหรับพรอมต์ของคุณ: `{{variable_name:option1|option2|option3}}`",
   "com_ui_duplicate": "ทำสำเนา",
   "com_ui_duplication_error": "เกิดข้อผิดพลาดในการทำสำเนาการสนทนา",
   "com_ui_duplication_processing": "กำลังทำสำเนาการสนทนา...",
@@ -672,7 +664,6 @@
   "com_ui_input": "อินพุต",
   "com_ui_instructions": "คำแนะนำ",
   "com_ui_latest_footer": "AI ทุกตัวสำหรับทุกคน",
-  "com_ui_latest_production_version": "เวอร์ชันโปรดักส์ชันล่าสุด",
   "com_ui_latest_version": "เวอร์ชันล่าสุด",
   "com_ui_librechat_code_api_key": "รับคีย์ API ตัวแปลโค้ด LibreChat ของคุณ",
   "com_ui_librechat_code_api_subtitle": "ปลอดภัย หลายภาษา ไฟล์อินพุต/เอาต์พุต",
@@ -834,7 +825,6 @@
   "com_ui_use_micrphone": "ใช้ไมโครโฟน",
   "com_ui_used": "ใช้แล้ว",
   "com_ui_variables": "ตัวแปร",
-  "com_ui_variables_info": "ใช้วงเล็บคู่ในข้อความของคุณเพื่อสร้างตัวแปร เช่น {{example variable}} เพื่อเติมภายหลังเมื่อใช้พรอมต์",
   "com_ui_verify": "ยืนยัน",
   "com_ui_version_var": "เวอร์ชั่น {{0}}",
   "com_ui_versions": "เวอร์ชั่น",
@@ -842,5 +832,8 @@
   "com_ui_x_selected": "{{0}} เลือก",
   "com_ui_yes": "ใช่",
   "com_ui_zoom": "ซูม",
+  "com_ui_zoom_in": "ซูมเข้า",
+  "com_ui_zoom_level": "ระดับการซูม",
+  "com_ui_zoom_out": "ซูมออก",
   "com_user_message": "คุณ"
 }
diff --git a/client/src/locales/tr/translation.json b/client/src/locales/tr/translation.json
index 9d087e00aa..2566ced5e0 100644
--- a/client/src/locales/tr/translation.json
+++ b/client/src/locales/tr/translation.json
@@ -41,7 +41,6 @@
   "com_assistants_delete_actions_error": "Eylem silme sırasında bir hata oluştu.",
   "com_assistants_delete_actions_success": "Asistandan Eylem başarıyla silindi",
   "com_assistants_description_placeholder": "Seçmeli: Asistanınızın açıklamasını buraya yazın",
-  "com_assistants_domain_info": "Asistan bu bilgiyi {{0}} adresine gönderdi",
   "com_assistants_file_search": "Dosya Arama",
   "com_assistants_file_search_info": "Dosya Araması için vektör mağazalarını eklemek henüz desteklenmiyor. Bunları Sağlayıcı Oyun Alanı'ndan ekleyebilir veya mesajlar için dosya ekleyerek konu bazında dosya arayabilirsin.",
   "com_assistants_function_use": "Asistan {{0}} kullandı",
@@ -184,7 +183,6 @@
   "com_endpoint_message_not_appendable": "Mesajınızı düzenleyin veya yeniden oluşturun.",
   "com_endpoint_my_preset": "Benim Hazırım",
   "com_endpoint_no_presets": "Henüz hazır ayar yok, birini oluşturmak için ayar düğmesini kullanın",
-  "com_endpoint_open_menu": "Menüyü Aç",
   "com_endpoint_openai_custom_name_placeholder": "AI için özel bir ad ayarlayın",
   "com_endpoint_openai_detail": "Görsel istekleri için çözünürlük. \"Düşük\" daha ucuz ve hızlıdır, \"Yüksek\" daha detaylı ve pahalıdır, \"Otomatik\" ise görüntü çözünürlüğüne göre ikisi arasında otomatik olarak bir seçim yapar.",
   "com_endpoint_openai_freq": " -2.0 ile 2.0 arasında bir değer. Pozitif değerler, metinde daha önceki sıklığa bağlı olarak yeni tokenları cezalandırır, bu da modelin aynı hattı kelimesi kelimesine tekrar etme olasılığını azaltır.",
@@ -308,7 +306,6 @@
   "com_nav_font_size_xl": "Çok Büyük",
   "com_nav_font_size_xs": "Çok Küçük",
   "com_nav_help_faq": "Yardım & SS",
-  "com_nav_hide_panel": "Sağdaki paneli gizle",
   "com_nav_info_code_artifacts": "Sohbet yanında deneysel kod yapıtlarının görüntülenmesini etkinleştirir",
   "com_nav_info_custom_prompt_mode": "Etkinleştirildiğinde, varsayılan yapıtlar sistem istemi dahil edilmeyecektir. Bu modda tüm yapıt oluşturma talimatları manuel olarak sağlanmalıdır.",
   "com_nav_info_enter_to_send": "Etkinleştirildiğinde, `ENTER` tuşuna basmak mesajınızı gönderecektir. Devre dışı bırakıldığında, Enter tuşuna basmak yeni bir satır ekleyecek ve mesajınızı göndermek için `CTRL + ENTER` / `⌘ + ENTER` tuşlarına basmanız gerekecektir.",
@@ -369,7 +366,6 @@
   "com_nav_setting_speech": "Konuşma",
   "com_nav_settings": "Ayarlar",
   "com_nav_shared_links": "Paylaşılan bağlantılar",
-  "com_nav_show_code": "Kod yorumlayıcı kullanırken her zaman kodu göster",
   "com_nav_show_thinking": "Düşünme Açılır Menülerini Varsayılan Olarak Aç",
   "com_nav_slash_command": "/-Komutu",
   "com_nav_slash_command_description": "Klavye ile istem seçmek için \"/\" komutunu aç/kapat",
@@ -469,7 +465,6 @@
   "com_ui_confirm_change": "Değişikliği Onayla",
   "com_ui_context": "Bağlam",
   "com_ui_continue": "Devam et",
-  "com_ui_controls": "Kontroller",
   "com_ui_convo_delete_success": "Konuşma başarıyla silindi.",
   "com_ui_copied": "Kopyalandı!",
   "com_ui_copied_to_clipboard": "Panoya kopyalandı",
@@ -520,7 +515,6 @@
   "com_ui_download_error": "Dosya indirme hatası. Dosya silinmiş olabilir.",
   "com_ui_drag_drop": "Sürükle ve bırak",
   "com_ui_dropdown_variables": "Açılır menü değişkenleri:",
-  "com_ui_dropdown_variables_info": "İstemleriniz için özel açılır menüler oluşturun: `{{variable_name:option1|option2|option3}}`",
   "com_ui_duplicate": "Çoğalt",
   "com_ui_duplication_error": "Konuşma çoğaltılırken bir hata oluştu",
   "com_ui_duplication_processing": "Konuşma çoğaltılıyor...",
@@ -575,7 +569,6 @@
   "com_ui_input": "Girdi",
   "com_ui_instructions": "Talimatlar",
   "com_ui_latest_footer": "Herkes için Her Yapay Zeka.",
-  "com_ui_latest_production_version": "En son üretim sürümü",
   "com_ui_latest_version": "En son sürüm",
   "com_ui_librechat_code_api_key": "LibreChat Kod Yorumlayıcı API anahtarınızı alın",
   "com_ui_librechat_code_api_subtitle": "Güvenli. Çoklu dil. Giriş/Çıkış Dosyaları.",
@@ -690,7 +683,6 @@
   "com_ui_upload_type": "Yükleme Türünü Seç",
   "com_ui_use_micrphone": "Mikrofon kullan",
   "com_ui_variables": "Değişkenler",
-  "com_ui_variables_info": "İstemi kullanırken daha sonra doldurmak üzere metninizde çift süslü parantez kullanın, örn. `{{example variable}}`.",
   "com_ui_version_var": "Sürüm {{0}}",
   "com_ui_versions": "Sürümler",
   "com_ui_yes": "Evet",
diff --git a/client/src/locales/uk/translation.json b/client/src/locales/uk/translation.json
index 8ef1601728..35c67e163a 100644
--- a/client/src/locales/uk/translation.json
+++ b/client/src/locales/uk/translation.json
@@ -94,7 +94,6 @@
   "com_agents_start_chat": "Почати чат",
   "com_agents_top_picks": "Популярні варіанти",
   "com_agents_update_error": "Сталася помилка під час оновлення вашого агента.",
-  "com_assistants_action_attempt": "Асистент хоче поговорити з {{0}}",
   "com_assistants_actions": "Дії",
   "com_assistants_actions_disabled": "Спочатку потрібно зберегти асистента, перш ніж додавати дії.",
   "com_assistants_actions_info": "Дозвольте вашому асистенту отримувати інформацію або виконувати дії через API",
@@ -104,7 +103,6 @@
   "com_assistants_allow_sites_you_trust": "Дозволяйте лише сайти, яким довіряєте.",
   "com_assistants_append_date": "Додати поточну дату та час",
   "com_assistants_append_date_tooltip": "Коли увімкнено, поточна дата та час клієнта будуть додані до інструкцій системи Асистента.",
-  "com_assistants_attempt_info": "Асистент хоче надіслати наступне:",
   "com_assistants_available_actions": "Доступні дії",
   "com_assistants_capabilities": "Можливості",
   "com_assistants_code_interpreter": "Інтерпретатор коду",
@@ -119,7 +117,6 @@
   "com_assistants_delete_actions_error": "Сталася помилка під час видалення дії.",
   "com_assistants_delete_actions_success": "Дію успішно видалено з асистента",
   "com_assistants_description_placeholder": "Необов'язково: опис вашого асистента",
-  "com_assistants_domain_info": "Асистент надіслав цю інформацію {{0}}",
   "com_assistants_file_search": "Пошук файлів",
   "com_assistants_file_search_info": "Прикріплення векторних сховищ для Пошуку за файлами наразі не підтримується. Ви можете прикріпити їх з Пісочниці постачальника або прикріпити файли до повідомлень для пошуку за файлами в окремих діалогах.",
   "com_assistants_function_use": "Асистент використав {{0}}",
@@ -278,7 +275,6 @@
   "com_endpoint_message_not_appendable": "Відредагуйте своє повідомлення або згенеруйте його знову.",
   "com_endpoint_my_preset": "Мій Пресет",
   "com_endpoint_no_presets": "Поки що пресетів немає, скористайтеся кнопкою налаштувань, щоб створити його",
-  "com_endpoint_open_menu": "Відкрити меню",
   "com_endpoint_openai_custom_name_placeholder": "Вкажіть назву за замовчуванням для ChatGPT",
   "com_endpoint_openai_detail": "Дозвіл для запитів Vision. \"Низький\" - дешевше та швидше, \"Високий\" - детальніше та дорожче, а \"Авто\" автоматично обере один із двох варіантів залежно від роздільної здатності зображення.",
   "com_endpoint_openai_freq": "Число від -2.0 до 2.0. Додатні значення штрафують нові токени на основі їх частоти в тексті до цих пір, зменшуючи ймовірність того, що модель повторить той самий рядок дослівно.",
@@ -459,7 +455,6 @@
   "com_nav_font_size_xl": "Дуже великий",
   "com_nav_font_size_xs": "Дуже дрібний",
   "com_nav_help_faq": "Допомога та Запитання",
-  "com_nav_hide_panel": "Приховати праву бічну панель",
   "com_nav_info_balance": "Баланс показує, скільки кредитів токенів у вас залишилося. Кредити токенів конвертуються у грошовий еквівалент (наприклад, 1000 кредитів = $0.001 USD)",
   "com_nav_info_code_artifacts": "Увімкнути відображення експериментального програмного коду поруч із чатом",
   "com_nav_info_code_artifacts_agent": "Увімкнути використання артефактів коду для цього агента. За замовчуванням додаються додаткові інструкції, пов'язані з використанням артефактів, якщо не увімкнено режим «Користувацький промпт».",
@@ -544,7 +539,6 @@
   "com_nav_setting_speech": "Голос",
   "com_nav_settings": "Налаштування",
   "com_nav_shared_links": "Пов'язані посилання",
-  "com_nav_show_code": "Завжди показувати код при використанні інтерпретатора",
   "com_nav_show_thinking": "Відкривати блоки міркувань за замовчуванням",
   "com_nav_slash_command": "/-Команда",
   "com_nav_slash_command_description": "Виклик командного рядка клавішею '/' для вибору підказки з клавіатури",
@@ -747,7 +741,6 @@
   "com_ui_context": "Контекст",
   "com_ui_continue": "Продовжити",
   "com_ui_continue_oauth": "Продовжити з OAuth",
-  "com_ui_controls": "Керування",
   "com_ui_convo_delete_error": "Не вдалося видалити чат",
   "com_ui_copied": "Скопійовано",
   "com_ui_copied_to_clipboard": "Скопійовано в буфер обміну",
@@ -815,7 +808,6 @@
   "com_ui_download_error": "Помилка завантаження файлу. Можливо, файл було видалено.",
   "com_ui_drag_drop": "Перетягніть файли сюди або клацніть для вибору",
   "com_ui_dropdown_variables": "Випадаючі змінні:",
-  "com_ui_dropdown_variables_info": "Створюйте користувацькі випадаючі списки для ваших підказок: `{{назва_змінної:варіант1|варіант2|варіант3}}`",
   "com_ui_duplicate": "Дублювати",
   "com_ui_duplication_error": "Не вдалося створити копію розмови",
   "com_ui_duplication_processing": "Створення копії розмови...",
@@ -927,7 +919,6 @@
   "com_ui_key": "Ключ",
   "com_ui_late_night": "Доброї ночі",
   "com_ui_latest_footer": "Штучний інтелект для кожного",
-  "com_ui_latest_production_version": "Остання робоча версія",
   "com_ui_latest_version": "Остання версія",
   "com_ui_librechat_code_api_key": "Отримати ключ API інтерпретатора коду LibreChat",
   "com_ui_librechat_code_api_subtitle": "Безпечно. Багатомовно. Робота з файлами.",
@@ -1136,9 +1127,7 @@
   "com_ui_special_var_current_user": "Поточний користувач",
   "com_ui_special_var_iso_datetime": "Поточні дата та час у форматі ISO",
   "com_ui_special_variables": "Спеціальні змінні:",
-  "com_ui_special_variables_more_info": "Ви можете вибрати спеціальні змінні зі списку: `{{current_date}}` (сьогоднішня дата і день тижня), `{{current_datetime}}` (місцевий час), `{{utc_iso_datetime}}` (час у форматі UTC ISO), `{{current_user}}` (ім'я вашого облікового запису).",
   "com_ui_speech_while_submitting": "Неможливо надіслати голосовий ввід під час генерації відповіді",
-  "com_ui_sr_actions_menu": "Відкрити меню дій для \"{{0}}\"",
   "com_ui_stop": "Зупинити генерацію",
   "com_ui_storage": "Сховище",
   "com_ui_submit": "Надіслати",
@@ -1164,7 +1153,6 @@
   "com_ui_travel": "Подорожі",
   "com_ui_trust_app": "Я довіряю цьому додатку",
   "com_ui_try_adjusting_search": "Спробуйте змінити умови пошуку",
-  "com_ui_ui_resources": "Ресурси інтерфейсу",
   "com_ui_unarchive": "Розархівувати",
   "com_ui_unarchive_error": "Не вдалося розархівувати розмову",
   "com_ui_unavailable": "Недоступно",
@@ -1197,7 +1185,6 @@
   "com_ui_user_group_permissions": "Дозволи користувачів та груп",
   "com_ui_value": "Значення",
   "com_ui_variables": "Змінні",
-  "com_ui_variables_info": "Використовуйте подвійні фігурні дужки в тексті для створення змінних, наприклад `{{приклад змінної}}`, щоб заповнити їх пізніше під час використання підказки.",
   "com_ui_verify": "Перевірити",
   "com_ui_version_var": "Версія {{0}}",
   "com_ui_versions": "Версії",
diff --git a/client/src/locales/vi/translation.json b/client/src/locales/vi/translation.json
index 15a1301eb6..95451b3df4 100644
--- a/client/src/locales/vi/translation.json
+++ b/client/src/locales/vi/translation.json
@@ -1,12 +1,60 @@
 {
+  "chat_direction_left_to_right": "Trái sang phải",
+  "chat_direction_right_to_left": "Phải sang trái",
   "com_a11y_ai_composing": "AI vẫn đang soạn thảo.",
   "com_a11y_end": "AI đã trả lời xong.",
+  "com_a11y_selected": "Đã chọn",
   "com_a11y_start": "AI đã bắt đầu trả lời.",
+  "com_agents_all": "Tất cả Agents",
+  "com_agents_all_category": "Tất cả",
+  "com_agents_all_description": "Xem tất cả các Agents được chia sẻ trên tất cả các danh mục",
+  "com_agents_avatar_upload_error": "Không thể tải lên ảnh đại diện của Agent",
   "com_agents_by_librechat": "bởi LibreChat",
+  "com_agents_category_aftersales": "Hậu mãi",
+  "com_agents_category_aftersales_description": "Agents chuyên về hỗ trợ sau bán hàng, bảo trì và dịch vụ khách hàng",
+  "com_agents_category_empty": "Không tìm thấy agents nào trong danh mục {{category}}",
+  "com_agents_category_finance": "Tài chính",
+  "com_agents_category_finance_description": "Agents chuyên về phân tích tài chính, lập ngân sách và kế toán",
+  "com_agents_category_hr": "Nhân sự",
+  "com_agents_category_hr_description": "Agents chuyên về các quy trình, chính sách liên quan đến nhân sự và hỗ trợ nhân viên",
+  "com_agents_category_it": "IT",
+  "com_agents_category_it_description": "Agents cho hỗ trợ IT, xử lý sự cố kỹ thuật và quản trị hệ thống",
+  "com_agents_category_rd": "Nghiên cứu và phát triển",
+  "com_agents_category_rd_description": "Agents tập trung vào quy trình nghiên cứu và phát triển, đổi mới và nghiên cứu kỹ thuật",
+  "com_agents_category_tabs_label": "Tất cả danh mục",
+  "com_agents_chat_with": "Trò chuyện với {{name}}",
   "com_agents_code_interpreter": "Khi được bật, cho phép agent của bạn tận dụng API Code Interpreter của LibreChat để chạy mã được tạo, bao gồm xử lý tệp, một cách an toàn. Yêu cầu khóa API hợp lệ.",
+  "com_agents_code_interpreter_title": "API Thông dịch mã nguồn",
+  "com_agents_contact": "Liên hệ",
+  "com_agents_copy_link": "Sao chép đường dẫn",
   "com_agents_create_error": "Đã xảy ra lỗi khi tạo agent của bạn.",
+  "com_agents_created_by": "được tạo bởi",
+  "com_agents_description_card": "Mô tả: {{description}}",
   "com_agents_description_placeholder": "Tùy chọn: Mô tả Agent của bạn ở đây",
+  "com_agents_empty_state_heading": "Không tìm thấy agents",
   "com_agents_enable_file_search": "Bật Tìm kiếm Tệp",
+  "com_agents_error_bad_request_message": "Yêu cầu không thể được xử lý.",
+  "com_agents_error_bad_request_suggestion": "Vui lòng kiểm tra lại thông tin bạn đã nhập và thử lại.",
+  "com_agents_error_category_title": "Lỗi danh mục",
+  "com_agents_error_generic": "Có sự cố trong quá trình tải nội dung.",
+  "com_agents_error_invalid_request": "Yêu cầu không hợp lệ",
+  "com_agents_error_loading": "Lỗi khi tải agents",
+  "com_agents_error_network_message": "Không thể kết nối đến máy chủ.",
+  "com_agents_error_network_suggestion": "Vui lòng kiểm tra đường truyền internet của bạn và thử lại.",
+  "com_agents_error_network_title": "Sự cố kết nối",
+  "com_agents_error_not_found_message": "Không thể tìm thấy nội dung được yêu cầu.",
+  "com_agents_error_not_found_suggestion": "Thử tìm kiếm các lựa chọn khác hoặc quay lại chợ ứng dụng.",
+  "com_agents_error_not_found_title": "Không tìm thấy",
+  "com_agents_error_retry": "Thử lại",
+  "com_agents_error_search_title": "Lỗi tìm kiếm",
+  "com_agents_error_searching": "Lỗi khi tìm kiếm agents",
+  "com_agents_error_server_message": "Máy chủ tạm thời không khả dụng.",
+  "com_agents_error_server_suggestion": "Vui lòng thử lại sau vài phút.",
+  "com_agents_error_server_title": "Lỗi máy chủ",
+  "com_agents_error_suggestion_generic": "Vui lòng tải lại trang hoặc thử lại sau.",
+  "com_agents_error_timeout_message": "Yêu cầu mất quá nhiều thời gian để hoàn thành.",
+  "com_agents_error_timeout_suggestion": "Vui lòng kiểm tra kết nối internet của bạn và thử lại.",
+  "com_agents_error_timeout_title": "Hết thời gian chờ kết nối",
   "com_agents_file_context_disabled": "Phải tạo Agent trước khi tải tệp lên cho File Context.",
   "com_agents_file_search_disabled": "Phải tạo Agent trước khi tải tệp lên cho Tìm kiếm Tệp.",
   "com_agents_file_search_info": "Khi được bật, Agent sẽ được thông báo về tên tệp chính xác được liệt kê bên dưới, cho phép agent truy xuất ngữ cảnh có liên quan từ các tệp này.",
@@ -112,7 +160,6 @@
   "com_endpoint_max_output_tokens": "Số mã thông báo tối đa",
   "com_endpoint_my_preset": "Đặt sẵn của tôi",
   "com_endpoint_no_presets": "Chưa có đặt sẵn",
-  "com_endpoint_open_menu": "Mở Menu",
   "com_endpoint_openai_custom_name_placeholder": "Đặt tên tùy chỉnh cho ChatGPT",
   "com_endpoint_openai_freq": "Số từ giữa -2.0 và 2.0. Giá trị dương trừu tượng hóa các mã thông báo mới dựa trên tần suất hiện có của chúng trong văn bản, làm giảm khả năng mô hình lặp lại cùng một dòng văn hoàn toàn.",
   "com_endpoint_openai_max": "Số mã thông báo tối đa để tạo. Tổng chiều dài của mã thông báo đầu vào và mã thông báo đã tạo bị giới hạn bởi độ dài ngữ cảnh của mô hình.",
@@ -178,7 +225,6 @@
   "com_nav_font_size_xl": "Cực lớn",
   "com_nav_font_size_xs": "Cực nhỏ",
   "com_nav_help_faq": "Trợ giúp & Câu hỏi thường gặp",
-  "com_nav_hide_panel": "Ẩn bảng điều khiển sát biên phải",
   "com_nav_info_balance": "Số dư cho biết bạn còn bao nhiêu tín dụng token để sử dụng. Tín dụng token được quy đổi thành giá trị tiền tệ (ví dụ: 1000 tín dụng = 0,001 đô la Mỹ)",
   "com_nav_info_enter_to_send": "Khi được bật, nhấn `ENTER` sẽ gửi tin nhắn của bạn. Khi bị tắt, nhấn Enter sẽ thêm một dòng mới và bạn sẽ cần nhấn `CTRL + ENTER` / `⌘ + ENTER` để gửi tin nhắn của bạn.",
   "com_nav_lang_arabic": "العربية",
diff --git a/client/src/locales/zh-Hans/translation.json b/client/src/locales/zh-Hans/translation.json
index 2711e1795e..2f861e2623 100644
--- a/client/src/locales/zh-Hans/translation.json
+++ b/client/src/locales/zh-Hans/translation.json
@@ -2,12 +2,17 @@
   "chat_direction_left_to_right": "从左到右",
   "chat_direction_right_to_left": "从右到左",
   "com_a11y_ai_composing": "AI 仍在撰写中。",
+  "com_a11y_chats_date_section": "来自 {{date}}  的聊天",
   "com_a11y_end": "AI 已完成回复。",
+  "com_a11y_selected": "已选中",
   "com_a11y_start": "AI 已开始回复。",
+  "com_a11y_summarize_completed": "上下文已总结。",
+  "com_a11y_summarize_started": "正在总结上下文。",
   "com_agents_agent_card_label": "智能体 {{name}}：{{description}}",
   "com_agents_all": "全部智能体",
   "com_agents_all_category": "全部",
   "com_agents_all_description": "浏览所有类别中的全部共享智能体",
+  "com_agents_avatar_upload_error": "智能体头像上传失败",
   "com_agents_by_librechat": "由 LibreChat 提供",
   "com_agents_category_aftersales": "售后",
   "com_agents_category_aftersales_description": "专注于售后支持、维护与客户服务的专用智能体",
@@ -34,6 +39,7 @@
   "com_agents_copy_link": "复制链接",
   "com_agents_create_error": "更新智能体时出现错误。",
   "com_agents_created_by": "来自",
+  "com_agents_description_card": "描述：{{description}}",
   "com_agents_description_placeholder": "可选：在此描述您的智能体",
   "com_agents_empty_state_heading": "未找到智能体",
   "com_agents_enable_file_search": "启用文件搜索",
@@ -97,7 +103,6 @@
   "com_agents_start_chat": "开始对话",
   "com_agents_top_picks": "精选",
   "com_agents_update_error": "更新智能体时出现错误。",
-  "com_assistants_action_attempt": "助理想要和 {{0}} 对话",
   "com_assistants_actions": "操作",
   "com_assistants_actions_disabled": "您需要先创建助手，然后才能添加操作。",
   "com_assistants_actions_info": "让您的助手通过 API 检索信息或执行操作",
@@ -107,7 +112,6 @@
   "com_assistants_allow_sites_you_trust": "只允许您信任的网站",
   "com_assistants_append_date": "添加当前日期和时间",
   "com_assistants_append_date_tooltip": "启用后，当前客户的日期和时间将附加到助手的系统指令中。",
-  "com_assistants_attempt_info": "助理想要发送以下内容：",
   "com_assistants_available_actions": "可用操作",
   "com_assistants_capabilities": "功能",
   "com_assistants_code_interpreter": "代码解释器",
@@ -122,7 +126,6 @@
   "com_assistants_delete_actions_error": "删除操作时出现错误。",
   "com_assistants_delete_actions_success": "已成功从助手删除操作",
   "com_assistants_description_placeholder": "（选填）在此处描述您的助手",
-  "com_assistants_domain_info": "助手将此信息发送到了 {{0}}",
   "com_assistants_file_search": "文件搜索",
   "com_assistants_file_search_info": "文件搜索使助手能够从您或您的用户上传的文件中获取知识。上传文件后，助手会根据用户请求自动决定何时检索内容。暂不支持为文件搜索附加向量存储。您可以从提供商游乐场附加它们，或在消息中附加文件，以便在线程基础上进行文件搜索。",
   "com_assistants_function_use": "助手使用了 {{0}}",
@@ -142,6 +145,7 @@
   "com_assistants_update_actions_success": "已成功创建或更新操作",
   "com_assistants_update_error": "更新助手时出现错误。",
   "com_assistants_update_success": "更新成功",
+  "com_assistants_update_success_name": "成功上传{{name}}",
   "com_auth_already_have_account": "已有账户？",
   "com_auth_apple_login": "使用 Apple 账户登录",
   "com_auth_back_to_login": "返回登录",
@@ -223,7 +227,7 @@
   "com_endpoint_anthropic_maxoutputtokens": "响应中可以生成的最大词元数。指定较低的值以获得较短的响应，指定较高的值以获得较长的响应。注意：模型可能会在达到此最大值之前停止。",
   "com_endpoint_anthropic_prompt_cache": "提示词缓存允许在 API 调用中复用大型上下文或指令，从而降低成本和延迟",
   "com_endpoint_anthropic_temp": "值介于 0 到 1 之间。对于分析性/选择性任务，值应更接近 0；对于创造性和生成性任务，值应更接近 1。我们建议更改该参数或 Top P，但不要同时更改这两个参数。",
-  "com_endpoint_anthropic_thinking": "为受支持的 Claude 模型（3.7 Sonnet）启用内部推理。注意：需要设置“思考预算”且低于“最大输出词元数”",
+  "com_endpoint_anthropic_thinking": "为支持的 Claude 模型启用内部推理。对于较新的模型（Opus 4.6 及以上版本），使用由“思考程度 (Effort)”参数控制的自适应思考。对于旧版模型，则需要设置“思考预算 (Thinking Budget)”，且该数值必须低于“最大输出 Token 数 (Max Output Tokens)”",
   "com_endpoint_anthropic_thinking_budget": "决定 Claude 内部推理过程允许使用的最大词元数。尽管 Claude 可能不会使用分配的全部预算，尤其是在超过 32K 的范围内，但较大的预算可以对复杂问题进行更深入的分析，从而提高响应质量。此设置必须小于 \"最大输出词元数\"。",
   "com_endpoint_anthropic_topk": "top-k 会改变模型选择输出词元的方式。top-k 为 1 意味着所选词是模型词汇中概率最大的（也称为贪心解码），而 top-k 为 3 意味着下一个词是从 3 个概率最大的词中选出的（使用随机性）。",
   "com_endpoint_anthropic_topp": "top-p（核采样）会改变模型选择输出词元的方式。从概率最大的 K（参见 topK 参数）向最小的 K 选择，直到它们的概率之和等于 top-p 值。",
@@ -268,8 +272,8 @@
   "com_endpoint_google_custom_name_placeholder": "为 Google 设置一个名称",
   "com_endpoint_google_maxoutputtokens": "响应中可以生成的最大词元数。指定较低的值以获得较短的响应，指定较高的值以获得较长的响应。注意：模型可能会在达到此最大值之前停止。",
   "com_endpoint_google_temp": "值越高表示输出越随机，值越低表示输出越确定。建议不要同时改变此值和 Top-p。",
-  "com_endpoint_google_thinking": "启用或禁用推理。此设置仅支持某些模型（2.5 系列）。对于更老的模型，此设置可能没有效果。",
-  "com_endpoint_google_thinking_budget": "指导模型使用的思考词元数量。实际数量可能会超过或低于该值，具体取决于提示词。\\n\\n此设置仅支持某些模型（2.5 系列）。Gemini 2.5 Pro 支持 128-32768 个词元。Gemini 2.5 Flash 支持 0-24576 个词元。Gemini 2.5 Flash Lite 支持 512-24576 个词元。\\n\\n留空或设置为 “-1” 以让模型自动决定何时以及思考多少。默认情况下，Gemini 2.5 Flash Lite 不进行思考。",
+  "com_endpoint_google_thinking": "启用或禁用推理。此设置仅支持 Gemini 2.5及3系列。注意：Gemini 3 Pro不能完全禁用推理。",
+  "com_endpoint_google_thinking_budget": "用于引导模型使用的思考 Token 数量。实际消耗量可能会根据提示词（Prompt）的不同而高于或低于此设定值。\n\n此设置仅适用于 Gemini 2.5 及更早版本的模型。对于 Gemini 3 及更高版本，请改用“思考级别 (Thinking Level)”设置。\n\nGemini 2.5 Pro 支持 128 - 32,768 个 Token；Gemini 2.5 Flash 支持 0 - 24,576 个 Token；Gemini 2.5 Flash Lite 支持 512 - 24,576 个 Token。\n\n留空或设置为“-1”可让模型自动决定何时思考以及思考多少。默认情况下，Gemini 2.5 Flash Lite 不启用思考功能。",
   "com_endpoint_google_topk": "top-k 会改变模型选择输出词元的方式。top-k 为 1 意味着所选词是模型词汇中概率最大的（也称为贪心解码），而 top-k 为 3 意味着下一个词是从 3 个概率最大的词中选出的（使用随机性）。",
   "com_endpoint_google_topp": "top-p（核采样）会改变模型选择输出词的方式。从概率最大的 K（参见 topK 参数）向最小的 K 选择，直到它们的概率之和等于 top-p 值。",
   "com_endpoint_google_use_search_grounding": "使用 Google 的基础搜索特性，通过实时网络搜索结果优化响应。这使得模型能够访问当前信息，提供更准确、更及时的答案。",
@@ -281,7 +285,6 @@
   "com_endpoint_message_not_appendable": "编辑您的消息内容或重新生成。",
   "com_endpoint_my_preset": "我的预设",
   "com_endpoint_no_presets": "暂无预设，使用设置按钮创建一个",
-  "com_endpoint_open_menu": "打开菜单",
   "com_endpoint_openai_custom_name_placeholder": "为 AI 设置一个名称",
   "com_endpoint_openai_detail": "发送给 Vision 的图片分辨率。 “低” 更便宜且更快，“高” 更详细但更昂贵，“自动” 将基于图片分辨率自动在两者之间进行选择。",
   "com_endpoint_openai_freq": "值介于 -2.0 到 2.0 之间。正值将惩罚当前已频繁使用的词元，从而降低重复用词的可能性。",
@@ -338,6 +341,7 @@
   "com_endpoint_temperature": "随机性",
   "com_endpoint_thinking": "深度思考",
   "com_endpoint_thinking_budget": "思考预算",
+  "com_endpoint_thinking_level": "深度思考",
   "com_endpoint_top_k": "Top K",
   "com_endpoint_top_p": "Top P",
   "com_endpoint_use_active_assistant": "使用激活的助手",
@@ -376,6 +380,7 @@
   "com_files_no_results": "无结果。",
   "com_files_number_selected": "已选择 {{0}} 个文件（共 {{1}} 个文件）",
   "com_files_preparing_download": "准备下载...",
+  "com_files_results_found": "找到{{count}}个结果",
   "com_files_sharepoint_picker_title": "选择文件",
   "com_files_table": "这里需要放点东西，当前是空的",
   "com_files_upload_local_machine": "来自本地计算机",
@@ -464,7 +469,6 @@
   "com_nav_font_size_xl": "超大号",
   "com_nav_font_size_xs": "超小号",
   "com_nav_help_faq": "帮助",
-  "com_nav_hide_panel": "隐藏最右侧面板",
   "com_nav_info_balance": "余额显示您剩余的词元额度。词元额度对应一定的货币价值（例如：1000 额度 = 0.001 美元）。",
   "com_nav_info_code_artifacts": "启用在对话旁显示实验性代码工件",
   "com_nav_info_code_artifacts_agent": "使该智能体能够使用代码工件。默认情况下，除非启用“自定义提示词模式”，否则会添加与 Artifacts 使用相关的额外说明。",
@@ -478,6 +482,7 @@
   "com_nav_info_save_draft": "启用后，您在对话表单中输入的文本和附件将自动本地保存为草稿。即使您重新加载页面或切换到不同的对话，这些草稿也将可用。草稿存储在您设备的本地，并在消息发送后删除。",
   "com_nav_info_show_thinking": "启用后，对话界面将默认展开深度思考下拉框，让您能够实时查看 AI 的推理过程。禁用后，深度思考下拉框将默认保持关闭状态，以提供更简洁、更流畅的界面。",
   "com_nav_info_user_name_display": "启用后，发送者的用户名将显示在您发送的每条消息上方。禁用后，您只会在自己的消息上方看到 “您”。",
+  "com_nav_keep_screen_awake": "生成回复时保持屏幕常亮",
   "com_nav_lang_arabic": "العربية",
   "com_nav_lang_armenian": "Հայերեն",
   "com_nav_lang_auto": "自动检测语言",
@@ -522,7 +527,12 @@
   "com_nav_long_audio_warning": "较长的文本将需要更长时间来处理。",
   "com_nav_maximize_chat_space": "最大化对话窗口",
   "com_nav_mcp_configure_server": "配置 {{0}}",
+  "com_nav_mcp_connect": "连接",
+  "com_nav_mcp_reconnect": "重新连接",
+  "com_nav_mcp_status_connected": "yi'lian'jie",
   "com_nav_mcp_status_connecting": "{{0}} - 连接中",
+  "com_nav_mcp_status_error": "错误",
+  "com_nav_mcp_status_unknown": "未知",
   "com_nav_mcp_vars_update_error": "更新 MCP 自定义用户变量时发生错误",
   "com_nav_mcp_vars_updated": "MCP 自定义用户变量更新成功。",
   "com_nav_modular_chat": "启用在对话中切换端点",
@@ -550,7 +560,6 @@
   "com_nav_setting_speech": "语音",
   "com_nav_settings": "设置",
   "com_nav_shared_links": "共享链接",
-  "com_nav_show_code": "使用代码解释器时始终显示代码",
   "com_nav_show_thinking": "默认展开深度思考详情",
   "com_nav_slash_command": "/-命令",
   "com_nav_slash_command_description": "切换至命令 “/” 以通过键盘选择提示词",
@@ -615,6 +624,7 @@
   "com_ui_add_mcp_server": "添加 MCP 服务器",
   "com_ui_add_model_preset": "添加一个模型或预设以获得额外的响应",
   "com_ui_add_multi_conversation": "添加多个对话",
+  "com_ui_add_special_variables": "添加特殊变量",
   "com_ui_adding_details": "添加细节",
   "com_ui_admin": "管理",
   "com_ui_admin_access_warning": "禁用管理员对此特性的访问可能会导致界面出现异常，需要刷新页面。如果保存此设置，唯一的恢复方式是通过 librechat.yaml 配置文件中的界面设置进行修改，这将影响所有角色。",
@@ -622,6 +632,8 @@
   "com_ui_advanced": "进阶",
   "com_ui_advanced_settings": "进阶设置",
   "com_ui_agent": "智能体",
+  "com_ui_agent_api_keys": "智能体API密钥",
+  "com_ui_agent_api_keys_description": "创建API密钥来通过API远程访问智能体",
   "com_ui_agent_category_aftersales": "售后",
   "com_ui_agent_category_finance": "财务",
   "com_ui_agent_category_general": "通用",
@@ -669,12 +681,22 @@
   "com_ui_agents": "智能体",
   "com_ui_agents_allow_create": "允许创建智能体",
   "com_ui_agents_allow_share": "允许共享智能体",
+  "com_ui_agents_allow_share_public": "允许将智能体公开共享",
   "com_ui_agents_allow_use": "允许使用智能体",
   "com_ui_all": "所有",
   "com_ui_all_proper": "所有",
   "com_ui_analyzing": "正在分析",
   "com_ui_analyzing_finished": "完成分析",
   "com_ui_api_key": "API 密钥",
+  "com_ui_api_key_copied": "API密钥已复制到粘贴板",
+  "com_ui_api_key_create_error": "API密钥创建失败",
+  "com_ui_api_key_created": "API密钥创建成功",
+  "com_ui_api_key_delete_error": "删除API密钥",
+  "com_ui_api_key_deleted": "API密钥删除成功",
+  "com_ui_api_key_name": "密钥名称",
+  "com_ui_api_key_name_placeholder": "我的API密钥",
+  "com_ui_api_key_name_required": "API密钥名称必填",
+  "com_ui_api_keys_load_error": "加载API密钥失败",
   "com_ui_archive": "归档",
   "com_ui_archive_delete_error": "删除已归档对话失败",
   "com_ui_archive_error": "归档对话失败",
@@ -691,6 +713,7 @@
   "com_ui_assistants_output": "助手输出",
   "com_ui_at_least_one_owner_required": "至少需要一个所有者",
   "com_ui_attach_error": "无法附加文件，请创建或选择一个对话，或尝试刷新页面。",
+  "com_ui_attach_error_disabled": "g",
   "com_ui_attach_error_openai": "无法将助手文件附加到其他端点",
   "com_ui_attach_error_size": "超出端点规定的文件大小：",
   "com_ui_attach_error_type": "端点不支持的文件类型：",
@@ -724,6 +747,7 @@
   "com_ui_bookmarks": "书签",
   "com_ui_bookmarks_add": "添加书签",
   "com_ui_bookmarks_add_to_conversation": "添加到当前对话",
+  "com_ui_bookmarks_count_selected": "已选择{{count}}个书签",
   "com_ui_bookmarks_create_error": "创建书签时出现错误",
   "com_ui_bookmarks_create_exists": "书签已存在",
   "com_ui_bookmarks_create_success": "书签创建成功",
@@ -738,14 +762,24 @@
   "com_ui_bookmarks_title": "标题",
   "com_ui_bookmarks_update_error": "更新书签时出现错误",
   "com_ui_bookmarks_update_success": "书签更新成功",
+  "com_ui_branch_created": "f",
+  "com_ui_branch_error": "分支创建成功",
   "com_ui_callback_url": "回调 URL",
   "com_ui_cancel": "取消",
   "com_ui_cancelled": "已取消",
   "com_ui_category": "类别",
+  "com_ui_change_version": "修改记录",
   "com_ui_chat": "对话",
   "com_ui_chat_history": "对话历史",
+  "com_ui_chats": "对话",
+  "com_ui_check_internet": "请检查你的网络连接",
   "com_ui_clear": "清除",
   "com_ui_clear_all": "全部清除",
+  "com_ui_clear_browser_cache": "请清理浏览器缓存",
+  "com_ui_clear_presets": "清除预设",
+  "com_ui_clear_search": "清除搜索",
+  "com_ui_click_to_close": "点击关闭",
+  "com_ui_click_to_view_var": "点击浏览{{0}}",
   "com_ui_client_id": "Client ID",
   "com_ui_client_secret": "Client Secret",
   "com_ui_close": "关闭",
@@ -753,24 +787,34 @@
   "com_ui_close_settings": "关闭设置",
   "com_ui_close_window": "关闭窗口",
   "com_ui_code": "代码",
+  "com_ui_collapse": "折叠",
   "com_ui_collapse_chat": "收起对话",
+  "com_ui_collapse_thoughts": "折叠思考内容",
   "com_ui_command_placeholder": "可选：输入提示词的命令，否则将使用名称",
   "com_ui_command_usage_placeholder": "通过命令或名称选择提示词",
   "com_ui_complete_setup": "完成设置",
   "com_ui_concise": "简洁",
+  "com_ui_configure": "配置",
   "com_ui_configure_mcp_variables_for": "配置变量：{{0}}",
   "com_ui_confirm": "确认",
   "com_ui_confirm_action": "确认执行",
   "com_ui_confirm_admin_use_change": "更改此设置将阻止包括您的在内的所有管理员的权限。您确定要继续吗？",
   "com_ui_confirm_change": "确认更改",
   "com_ui_connecting": "连接中",
+  "com_ui_contact_admin_if_issue_persists": "如果问题仍然存在，请联系管理员",
   "com_ui_context": "上下文",
+  "com_ui_context_filter_sort": "根据上下文筛选和排序",
   "com_ui_continue": "继续",
   "com_ui_continue_oauth": "使用 OAuth 登录",
-  "com_ui_controls": "管理",
+  "com_ui_control_bar": "控制栏",
+  "com_ui_conversation_not_found": "对话未找到",
+  "com_ui_conversations": "对话",
+  "com_ui_convo_archived": "对话已归档",
   "com_ui_convo_delete_error": "删除对话失败",
+  "com_ui_convo_delete_success": "对话删除成功",
   "com_ui_copied": "已复制！",
   "com_ui_copied_to_clipboard": "已复制到剪贴板",
+  "com_ui_copy": "复制",
   "com_ui_copy_code": "复制代码",
   "com_ui_copy_link": "复制链接",
   "com_ui_copy_stack_trace": "复制堆栈跟踪",
@@ -778,15 +822,22 @@
   "com_ui_copy_to_clipboard": "复制到剪贴板",
   "com_ui_copy_url_to_clipboard": "复制 URL 到剪贴板",
   "com_ui_create": "创建",
+  "com_ui_create_api_key": "创建API密钥",
+  "com_ui_create_assistant": "创建助手",
   "com_ui_create_link": "创建链接",
+  "com_ui_create_mcp_server": "创建MCP服务器",
   "com_ui_create_memory": "创建记忆",
+  "com_ui_create_new_agent": "创建",
   "com_ui_create_prompt": "创建提示词",
+  "com_ui_created": "已创建",
+  "com_ui_creating": "创建中...",
   "com_ui_creating_image": "图片创建中。可能需要一点时间。",
   "com_ui_current": "当前",
   "com_ui_currently_production": "目前正在使用中",
   "com_ui_custom": "自定义",
   "com_ui_custom_header_name": "自定义 Header 名称",
   "com_ui_custom_prompt_mode": "自定义提示词模式",
+  "com_ui_dark_theme_enabled": "an",
   "com_ui_dashboard": "仪表板",
   "com_ui_date": "日期",
   "com_ui_date_april": "四月",
@@ -803,6 +854,7 @@
   "com_ui_date_previous_30_days": "过去 30 天",
   "com_ui_date_previous_7_days": "过去 7 天",
   "com_ui_date_september": "九月",
+  "com_ui_date_sort": "按日期排序",
   "com_ui_date_today": "今天",
   "com_ui_date_yesterday": "昨天",
   "com_ui_decline": "我不接受",
@@ -810,20 +862,27 @@
   "com_ui_delete": "删除",
   "com_ui_delete_action": "删除操作",
   "com_ui_delete_action_confirm": "您确定要删除此操作吗？",
+  "com_ui_delete_agent": "删除智能体",
   "com_ui_delete_agent_confirm": "您确定要删除此智能体吗？",
+  "com_ui_delete_assistant": "删除助手",
   "com_ui_delete_assistant_confirm": "您确定要删除此助手吗？该操作无法撤销。",
   "com_ui_delete_confirm": "这将删除",
   "com_ui_delete_confirm_prompt_version_var": "这将删除选中版本的 “{{0}}”。如果没有其他版本，该提示词将被删除。",
+  "com_ui_delete_confirm_strong": "<strong>{{title}}</strong>将会被删除",
   "com_ui_delete_conversation": "删除对话？",
+  "com_ui_delete_conversation_tooltip": "shang",
+  "com_ui_delete_mcp_server": "删除MCP 服务器？",
   "com_ui_delete_memory": "删除记忆",
   "com_ui_delete_not_allowed": "不允许删除操作",
   "com_ui_delete_prompt": "删除提示词？",
   "com_ui_delete_shared_link": "删除分享链接？",
+  "com_ui_delete_shared_link_heading": "删除已分享链接",
   "com_ui_delete_success": "已成功删除",
   "com_ui_delete_tool": "删除工具",
   "com_ui_delete_tool_confirm": "您确定要删除此工具吗？",
   "com_ui_delete_tool_save_reminder": "工具已删除，保存智能体以应用更改。",
   "com_ui_deleted": "已删除",
+  "com_ui_deleting": "删除中...",
   "com_ui_deleting_file": "删除文件中...",
   "com_ui_descending": "降序",
   "com_ui_description": "描述",
@@ -839,7 +898,6 @@
   "com_ui_download_error_logs": "下载错误日志",
   "com_ui_drag_drop": "将任意文件拖放到此处以添加到对话中",
   "com_ui_dropdown_variables": "下拉变量：",
-  "com_ui_dropdown_variables_info": "为您的提示词创建自定义下拉菜单：`{{variable_name:option1|option2|option3}}`",
   "com_ui_duplicate": "复制",
   "com_ui_duplication_error": "复制对话时出现错误",
   "com_ui_duplication_processing": "正在复制对话...",
@@ -848,6 +906,7 @@
   "com_ui_edit_editing_image": "编辑图片",
   "com_ui_edit_mcp_server": "编辑 MCP 服务器",
   "com_ui_edit_memory": "编辑记忆",
+  "com_ui_edit_preset_title": "编辑预设 - {{title}}",
   "com_ui_editable_message": "可编辑的消息",
   "com_ui_editor_instructions": "拖动图片调整位置 • 使用缩放滑块或按钮调整大小",
   "com_ui_empty_category": "-",
@@ -856,6 +915,7 @@
   "com_ui_enter": "进入",
   "com_ui_enter_api_key": "输入 API 密钥",
   "com_ui_enter_key": "输入键",
+  "com_ui_enter_name": "输入名称",
   "com_ui_enter_openapi_schema": "请在此输入 OpenAPI 架构",
   "com_ui_enter_value": "输入值",
   "com_ui_error": "错误",
@@ -932,6 +992,8 @@
   "com_ui_group": "群组",
   "com_ui_handoff_instructions": "接力指令",
   "com_ui_happy_birthday": "这是我的第一个生日！",
+  "com_ui_hide": "隐藏",
+  "com_ui_hide_code": "隐藏代码",
   "com_ui_hide_image_details": "隐藏图片详情",
   "com_ui_hide_password": "隐藏密码",
   "com_ui_hide_qr": "隐藏二维码",
@@ -949,15 +1011,16 @@
   "com_ui_import_conversation_info": "从 JSON 文件导入对话",
   "com_ui_import_conversation_success": "对话导入成功",
   "com_ui_import_conversation_upload_error": "上传文件时出错，请重试。",
+  "com_ui_importing": "正在导入",
   "com_ui_include_shadcnui": "包含 shadcn/ui 组件指令",
   "com_ui_initializing": "初始化中...",
   "com_ui_input": "输入",
   "com_ui_instructions": "指令",
   "com_ui_key": "键",
   "com_ui_key_required": "API Key 为必填项",
+  "com_ui_last_used": "最后使用",
   "com_ui_late_night": "夜深了",
   "com_ui_latest_footer": "Every AI for Everyone.",
-  "com_ui_latest_production_version": "最新在用版本",
   "com_ui_latest_version": "最新版本",
   "com_ui_librechat_code_api_key": "获取您的 LibreChat 代码解释器 API 密钥",
   "com_ui_librechat_code_api_subtitle": "安全可靠 | 多语言支持 | 文件输入/输出",
@@ -969,6 +1032,7 @@
   "com_ui_manage": "管理",
   "com_ui_marketplace": "市场",
   "com_ui_marketplace_allow_use": "允许使用市场",
+  "com_ui_max": "最大值",
   "com_ui_max_file_size": "PNG、JPG 或 JPEG（最大 {{0}}）",
   "com_ui_max_tags": "最多允许 {{0}} 个，用最新值。",
   "com_ui_mcp_authenticated_success": "MCP 服务器 “{{0}}” 认证成功",
@@ -981,6 +1045,7 @@
   "com_ui_mcp_oauth_cancelled": "{{0}} OAuth 登录已取消",
   "com_ui_mcp_oauth_timeout": "{{0}} OAuth 登录超时",
   "com_ui_mcp_servers": "MCP 服务器",
+  "com_ui_mcp_tool_options": "工具选项",
   "com_ui_mcp_update_var": "更新 {{0}}",
   "com_ui_mcp_url": "MCP 服务器 URL",
   "com_ui_medium": "中",
@@ -1004,15 +1069,18 @@
   "com_ui_memory_updated_items": "已更新的记忆",
   "com_ui_memory_would_exceed": "无法保存 - 将超过 {{tokens}} 词元限制。删除现有记忆以释放空间。",
   "com_ui_mention": "提及一个端点、助手或预设以快速切换到它",
+  "com_ui_mermaid_source": "源代码：",
   "com_ui_message_input": "消息输入",
   "com_ui_min_tags": "无法再移除更多值，至少需要保留 {{0}} 个。",
   "com_ui_minimal": "最小值",
   "com_ui_misc": "杂项",
   "com_ui_model": "模型",
   "com_ui_model_parameters": "模型参数",
+  "com_ui_model_selected": "已选择{{0}}",
   "com_ui_more_info": "更多信息",
   "com_ui_my_prompts": "我的提示词",
   "com_ui_name": "名称",
+  "com_ui_name_sort": "按名称排序",
   "com_ui_new": "新",
   "com_ui_new_chat": "创建新对话",
   "com_ui_new_conversation_title": "新对话标题",
@@ -1024,7 +1092,10 @@
   "com_ui_no_changes": "未做任何修改",
   "com_ui_no_individual_access": "任何个人用户或群组都无法访问该智能体",
   "com_ui_no_memories": "暂无记忆，请手动创建或提示 AI 记住一些内容",
+  "com_ui_no_memories_match": "没有与您的搜索匹配的记忆",
+  "com_ui_no_memories_title": "还没有记忆",
   "com_ui_no_personalization_available": "当前没有可用的个性化选项",
+  "com_ui_no_prompts_title": "还没有提示词",
   "com_ui_no_read_access": "您没有权限查看记忆",
   "com_ui_no_results_found": "未找到结果",
   "com_ui_no_terms_content": "没有可显示的条款和条件内容",
@@ -1056,6 +1127,7 @@
   "com_ui_permissions_failed_load": "加载权限失败，请重试。",
   "com_ui_permissions_failed_update": "更新权限失败，请重试。",
   "com_ui_permissions_updated_success": "权限更新成功",
+  "com_ui_pin": "固定",
   "com_ui_preferences_updated": "偏好设置更新成功",
   "com_ui_prev": "上一页",
   "com_ui_preview": "预览",
@@ -1089,6 +1161,8 @@
   "com_ui_regenerating": "重新生成中...",
   "com_ui_region": "区域",
   "com_ui_reinitialize": "重新初始化",
+  "com_ui_remote_access": "远程访问",
+  "com_ui_remote_agent_role_editor": "编辑者",
   "com_ui_remove_agent_from_chain": "从链中移除 {{0}}",
   "com_ui_remove_user": "移除 {{0}}",
   "com_ui_rename": "重命名",
@@ -1103,6 +1177,9 @@
   "com_ui_resource": "资源",
   "com_ui_response": "响应",
   "com_ui_result": "结果",
+  "com_ui_result_found": "找到了{{count}}个结果",
+  "com_ui_results_found": "找到了{{count}}个结果",
+  "com_ui_retry": "重试",
   "com_ui_revoke": "撤销",
   "com_ui_revoke_info": "撤销所有用户提供的凭据",
   "com_ui_revoke_key_confirm": "您确定要撤销此密钥吗？",
@@ -1146,6 +1223,7 @@
   "com_ui_seconds": "秒",
   "com_ui_secret_key": "Secret Key",
   "com_ui_select": "选择",
+  "com_ui_select_agent": "选择智能体",
   "com_ui_select_all": "全选",
   "com_ui_select_file": "选择文件",
   "com_ui_select_model": "模型选择",
@@ -1154,6 +1232,7 @@
   "com_ui_select_provider": "选择提供商",
   "com_ui_select_provider_first": "请先选择提供商",
   "com_ui_select_region": "选择地区",
+  "com_ui_select_row": "选择行",
   "com_ui_select_search_model": "根据名称搜索模型",
   "com_ui_select_search_provider": "以名称搜索服务商",
   "com_ui_select_search_region": "以名称搜索区域",
@@ -1172,21 +1251,22 @@
   "com_ui_shared_link_not_found": "未找到共享链接",
   "com_ui_shared_prompts": "共享提示词",
   "com_ui_shop": "购物",
+  "com_ui_show": "显示",
   "com_ui_show_all": "展开全部",
+  "com_ui_show_code": "显示代码",
   "com_ui_show_image_details": "显示图片详情",
   "com_ui_show_password": "显示密码",
   "com_ui_show_qr": "显示二维码",
   "com_ui_sign_in_to_domain": "登录到 {{0}}",
   "com_ui_simple": "基本",
   "com_ui_size": "大小",
+  "com_ui_size_sort": "按大小排序",
   "com_ui_special_var_current_date": "当前日期",
   "com_ui_special_var_current_datetime": "当前日期时间",
   "com_ui_special_var_current_user": "当前用户",
   "com_ui_special_var_iso_datetime": "UTC ISO 日期时间",
   "com_ui_special_variables": "特殊变量：",
-  "com_ui_special_variables_more_info": "您可以从下拉菜单中选择特殊变量：`{{current_date}}`（今天的日期和星期）、`{{current_datetime}}`（本地日期和时间）、`{{utc_iso_datetime}}`（UTC ISO 格式的日期时间）以及`{{current_user}}`（您的账户名称）。",
   "com_ui_speech_while_submitting": "正在生成响应时无法提交语音",
-  "com_ui_sr_actions_menu": "打开 \"{{0}}\" 的操作菜单",
   "com_ui_stop": "停止",
   "com_ui_storage": "存储",
   "com_ui_submit": "提交",
@@ -1213,7 +1293,6 @@
   "com_ui_travel": "旅行",
   "com_ui_trust_app": "我信任此应用",
   "com_ui_try_adjusting_search": "尝试调整您的搜索条件",
-  "com_ui_ui_resources": "UI 资源",
   "com_ui_unarchive": "取消归档",
   "com_ui_unarchive_error": "取消归档对话失败",
   "com_ui_unavailable": "不可用",
@@ -1221,6 +1300,7 @@
   "com_ui_unset": "取消设置",
   "com_ui_untitled": "无标题",
   "com_ui_update": "更新",
+  "com_ui_updating": "更新中...",
   "com_ui_upload": "上传",
   "com_ui_upload_agent_avatar": "成功更新智能体头像",
   "com_ui_upload_agent_avatar_label": "上传智能体头像图片",
@@ -1231,6 +1311,7 @@
   "com_ui_upload_file_context": "上传文件上下文",
   "com_ui_upload_file_search": "上传搜索文件",
   "com_ui_upload_files": "上传文件",
+  "com_ui_upload_icon": "上传图片",
   "com_ui_upload_image": "上传图片",
   "com_ui_upload_image_input": "上传图片",
   "com_ui_upload_invalid": "上传的文件无效。必须是图片，且不得超过大小限制",
@@ -1247,9 +1328,9 @@
   "com_ui_used": "已使用",
   "com_ui_user": "用户",
   "com_ui_user_group_permissions": "用户 & 群组权限",
+  "com_ui_user_provides_key": "每个用户提供自己的密钥",
   "com_ui_value": "值",
   "com_ui_variables": "变量",
-  "com_ui_variables_info": "在您的文本中使用双大括号创建变量，例如 `{{example variable}}`，以便在使用提示词时填充。",
   "com_ui_verify": "验证",
   "com_ui_version_var": "版本 {{0}}",
   "com_ui_versions": "版本",
@@ -1284,7 +1365,9 @@
   "com_ui_weekend_morning": "周末愉快",
   "com_ui_write": "写作",
   "com_ui_x_selected": "{{0}} 已选择",
+  "com_ui_xhigh": "极高",
   "com_ui_yes": "是的",
+  "com_ui_your_api_key": "你的API密钥",
   "com_ui_zoom": "缩放",
   "com_ui_zoom_in": "放大",
   "com_ui_zoom_level": "缩放级别",
diff --git a/client/src/locales/zh-Hant/translation.json b/client/src/locales/zh-Hant/translation.json
index cef43d39cb..e0cc4ee795 100644
--- a/client/src/locales/zh-Hant/translation.json
+++ b/client/src/locales/zh-Hant/translation.json
@@ -81,7 +81,6 @@
   "com_agents_search_instructions": "輸入名稱或描述來搜尋agents",
   "com_agents_search_name": "依名稱搜尋代理",
   "com_agents_update_error": "更新您的代理時發生錯誤。",
-  "com_assistants_action_attempt": "助理想要與 {{0}} 交談",
   "com_assistants_actions": "操作",
   "com_assistants_actions_disabled": "您需要先建立一個助理，才能新增動作。",
   "com_assistants_actions_info": "讓您的助理透過 API 取得資訊或執行操作",
@@ -90,7 +89,6 @@
   "com_assistants_allow_sites_you_trust": "僅允許您信任的網站。",
   "com_assistants_append_date": "添加當前日期和時間",
   "com_assistants_append_date_tooltip": "啟用後，當前客戶的日期和時間將附加到助手的系統指令中。",
-  "com_assistants_attempt_info": "助理想要傳送以下內容：",
   "com_assistants_available_actions": "可用操作",
   "com_assistants_capabilities": "功能",
   "com_assistants_code_interpreter": "程式碼解譯器",
@@ -105,7 +103,6 @@
   "com_assistants_delete_actions_error": "刪除操作時發生錯誤",
   "com_assistants_delete_actions_success": "已成功刪除助理的操作",
   "com_assistants_description_placeholder": "選填：在此描述您的助理",
-  "com_assistants_domain_info": "助理將此資訊傳送給 {{0}}",
   "com_assistants_file_search": "檔案搜尋",
   "com_assistants_file_search_info": "目前尚不支援為檔案搜尋附加向量儲存。您可以從提供者遊樂場附加它們，或在每個主題的基礎上為檔案搜尋附加檔案。",
   "com_assistants_function_use": "助理使用了 {{0}}",
@@ -264,7 +261,6 @@
   "com_endpoint_message_not_appendable": "無法附加訊息或重新生成。",
   "com_endpoint_my_preset": "我的預設設定",
   "com_endpoint_no_presets": "尚無預設設定",
-  "com_endpoint_open_menu": "開啟選單",
   "com_endpoint_openai_custom_name_placeholder": "為 ChatGPT 設定自訂名稱",
   "com_endpoint_openai_detail": "「低」解析度的視覺請求較便宜且快速，「高」解析度則更詳細但成本較高，而「自動」會根據影像解析度自動在兩者之間選擇。",
   "com_endpoint_openai_freq": "數值範圍介於 -2.0 和 2.0 之間。正值會根據該 token 在目前的文字中出現的頻率進行懲罰，減少模型產生重複內容的可能性。",
@@ -418,7 +414,6 @@
   "com_nav_font_size_xl": "特大",
   "com_nav_font_size_xs": "超小",
   "com_nav_help_faq": "說明與常見問題",
-  "com_nav_hide_panel": "隱藏最右側的面板",
   "com_nav_info_code_artifacts": "啟用在對話旁顯示實驗性程式碼內容",
   "com_nav_info_custom_prompt_mode": "啟用後，系統將不會包含預設的成品提示詞。在此模式下，所有生成成品的指令都需要手動提供。",
   "com_nav_info_enter_to_send": "啟用時，按下 `ENTER` 鍵即可傳送訊息。停用時，按下 Enter 鍵會換行，您需要按下 `CTRL + ENTER` / `⌘ + ENTER` 來傳送訊息。",
@@ -494,7 +489,6 @@
   "com_nav_setting_speech": "語音",
   "com_nav_settings": "設定",
   "com_nav_shared_links": "共享連結",
-  "com_nav_show_code": "一律顯示使用程式碼解譯器時的程式碼",
   "com_nav_show_thinking": "預設展開思考過程",
   "com_nav_slash_command": "/指令",
   "com_nav_slash_command_description": "使用鍵盤按下 \"/\" 快速選擇提示詞",
@@ -616,7 +610,6 @@
   "com_ui_confirm_action": "確認操作",
   "com_ui_context": "前後文",
   "com_ui_continue": "繼續",
-  "com_ui_controls": "控制項",
   "com_ui_copied": "已複製！",
   "com_ui_copied_to_clipboard": "已複製到剪貼簿",
   "com_ui_copy_code": "複製程式碼",
@@ -667,7 +660,6 @@
   "com_ui_detailed": "詳細",
   "com_ui_download_error": "下載檔案時發生錯誤。該檔案可能已被刪除。",
   "com_ui_dropdown_variables": "下拉式變數：",
-  "com_ui_dropdown_variables_info": "為您的提示建立自訂下拉選單：`{{variable_name:選項1|選項2|選項3}}`",
   "com_ui_duplicate": "複製",
   "com_ui_duplication_error": "複製對話時發生錯誤",
   "com_ui_duplication_processing": "正在複製對話...",
@@ -868,7 +860,6 @@
   "com_ui_use_memory": "使用記憶",
   "com_ui_use_micrphone": "使用麥克風",
   "com_ui_variables": "變數",
-  "com_ui_variables_info": "在文字中使用雙大括號來建立變數，例如 `{{example variable}}`，以便在使用提示時填入。",
   "com_ui_version_var": "版本 {{0}}",
   "com_ui_versions": "版本",
   "com_ui_web_search": "網路搜尋",
diff --git a/client/src/store/settings.ts b/client/src/store/settings.ts
index cad3b4a151..2a2796ad59 100644
--- a/client/src/store/settings.ts
+++ b/client/src/store/settings.ts
@@ -31,7 +31,7 @@ const localStorageAtoms = {
   enterToSend: atomWithLocalStorage('enterToSend', true),
   maximizeChatSpace: atomWithLocalStorage('maximizeChatSpace', false),
   chatDirection: atomWithLocalStorage('chatDirection', 'LTR'),
-  showCode: atomWithLocalStorage(LocalStorageKeys.SHOW_ANALYSIS_CODE, true),
+  autoExpandTools: atomWithLocalStorage(LocalStorageKeys.AUTO_EXPAND_TOOLS, false),
   saveDrafts: atomWithLocalStorage('saveDrafts', true),
   showScrollButton: atomWithLocalStorage('showScrollButton', true),
   forkSetting: atomWithLocalStorage('forkSetting', ''),
diff --git a/client/src/style.css b/client/src/style.css
index cf3ea50294..e934d241c1 100644
--- a/client/src/style.css
+++ b/client/src/style.css
@@ -1259,7 +1259,7 @@ code[class*='language-'],
 pre[class*='language-'] {
   word-wrap: normal;
   background: none;
-  color: #fff;
+  color: var(--gray-800);
   -webkit-hyphens: none;
   hyphens: none;
   font-size: 0.85rem;
@@ -1281,27 +1281,27 @@ pre[class*='language-'] {
   white-space: normal;
 }
 .hljs-comment {
-  color: hsla(0, 0%, 100%, 0.5);
+  color: var(--gray-500);
 }
 .hljs-meta {
-  color: hsla(0, 0%, 100%, 0.6);
+  color: var(--gray-600);
 }
 .hljs-built_in,
 .hljs-class .hljs-title {
-  color: #e9950c;
+  color: #9a6700;
 }
 .hljs-doctag,
 .hljs-formula,
 .hljs-keyword,
 .hljs-literal {
-  color: #2e95d3;
+  color: #0550ae;
 }
 .hljs-addition,
 .hljs-attribute,
 .hljs-meta-string,
 .hljs-regexp,
 .hljs-string {
-  color: #00a67d;
+  color: #0a7b62;
 }
 .hljs-attr,
 .hljs-number,
@@ -1311,13 +1311,58 @@ pre[class*='language-'] {
 .hljs-template-variable,
 .hljs-type,
 .hljs-variable {
-  color: #df3079;
+  color: #9a2f6a;
 }
 .hljs-bullet,
 .hljs-link,
 .hljs-selector-id,
 .hljs-symbol,
 .hljs-title {
+  color: #b42318;
+}
+.dark code.hljs,
+.dark code[class*='language-'],
+.dark pre[class*='language-'] {
+  color: #fff;
+}
+.dark .hljs-comment {
+  color: hsla(0, 0%, 100%, 0.5);
+}
+.dark .hljs-meta {
+  color: hsla(0, 0%, 100%, 0.6);
+}
+.dark .hljs-built_in,
+.dark .hljs-class .hljs-title {
+  color: #e9950c;
+}
+.dark .hljs-doctag,
+.dark .hljs-formula,
+.dark .hljs-keyword,
+.dark .hljs-literal {
+  color: #2e95d3;
+}
+.dark .hljs-addition,
+.dark .hljs-attribute,
+.dark .hljs-meta-string,
+.dark .hljs-regexp,
+.dark .hljs-string {
+  color: #00a67d;
+}
+.dark .hljs-attr,
+.dark .hljs-number,
+.dark .hljs-selector-attr,
+.dark .hljs-selector-class,
+.dark .hljs-selector-pseudo,
+.dark .hljs-template-variable,
+.dark .hljs-type,
+.dark .hljs-variable {
+  color: #df3079;
+}
+.dark .hljs-bullet,
+.dark .hljs-link,
+.dark .hljs-selector-id,
+.dark .hljs-symbol,
+.dark .hljs-title {
   color: #f22c3d;
 }
 
@@ -2532,7 +2577,7 @@ html {
 }
 
 .message-content pre code {
-  font-size: calc(0.85 * var(--markdown-font-size, var(--font-size-base)));
+  font-size: calc(0.9 * var(--markdown-font-size, var(--font-size-base)));
 }
 
 .message-content pre {
@@ -2541,7 +2586,7 @@ html {
 
 .code-analyze-block pre code,
 .code-analyze-block .overflow-y-auto code {
-  font-size: calc(0.85 * var(--markdown-font-size, var(--font-size-base)));
+  font-size: calc(0.9 * var(--markdown-font-size, var(--font-size-base)));
 }
 
 .code-analyze-block pre,
@@ -2549,9 +2594,14 @@ html {
   font-size: var(--markdown-font-size, var(--font-size-base));
 }
 
+.tool-status-text {
+  font-size: calc(0.9 * var(--markdown-font-size, var(--font-size-base)));
+  line-height: calc(1.25 * 0.9 * var(--markdown-font-size, var(--font-size-base)));
+}
+
 .progress-text-wrapper {
-  font-size: var(--markdown-font-size, var(--font-size-base));
-  line-height: calc(1.25 * var(--markdown-font-size, var(--font-size-base)));
+  font-size: calc(0.9 * var(--markdown-font-size, var(--font-size-base)));
+  line-height: calc(1.25 * 0.9 * var(--markdown-font-size, var(--font-size-base)));
 }
 
 .progress-text-content {
diff --git a/client/src/utils/__tests__/artifacts.test.ts b/client/src/utils/__tests__/artifacts.test.ts
new file mode 100644
index 0000000000..bf5c1919c7
--- /dev/null
+++ b/client/src/utils/__tests__/artifacts.test.ts
@@ -0,0 +1,38 @@
+import { buildSandpackOptions } from '../artifacts';
+
+const TAILWIND_CDN = 'https://cdn.tailwindcss.com/3.4.17#tailwind.js';
+
+describe('buildSandpackOptions', () => {
+  it('includes externalResources with .js fragment hint for static template', () => {
+    const options = buildSandpackOptions('static');
+    expect(options?.externalResources).toEqual([TAILWIND_CDN]);
+  });
+
+  it('includes externalResources for react-ts template', () => {
+    const options = buildSandpackOptions('react-ts');
+    expect(options?.externalResources).toEqual([TAILWIND_CDN]);
+  });
+
+  it('uses staticBundlerURL when template is static and config is provided', () => {
+    const config = { staticBundlerURL: 'https://static.example.com' } as Parameters<
+      typeof buildSandpackOptions
+    >[1];
+    const options = buildSandpackOptions('static', config);
+    expect(options?.bundlerURL).toBe('https://static.example.com');
+    expect(options?.externalResources).toEqual([TAILWIND_CDN]);
+  });
+
+  it('uses bundlerURL when template is react-ts and config is provided', () => {
+    const config = { bundlerURL: 'https://bundler.example.com' } as Parameters<
+      typeof buildSandpackOptions
+    >[1];
+    const options = buildSandpackOptions('react-ts', config);
+    expect(options?.bundlerURL).toBe('https://bundler.example.com');
+    expect(options?.externalResources).toEqual([TAILWIND_CDN]);
+  });
+
+  it('returns base options without bundlerURL when no config is provided', () => {
+    const options = buildSandpackOptions('react-ts');
+    expect(options?.bundlerURL).toBeUndefined();
+  });
+});
diff --git a/client/src/utils/__tests__/scaleImage.test.ts b/client/src/utils/__tests__/scaleImage.test.ts
new file mode 100644
index 0000000000..95bdcf135c
--- /dev/null
+++ b/client/src/utils/__tests__/scaleImage.test.ts
@@ -0,0 +1,89 @@
+import { scaleImage } from '~/utils/scaleImage';
+import type { RefObject } from 'react';
+
+function makeContainerRef(clientWidth: number): RefObject<HTMLDivElement> {
+  return {
+    current: { clientWidth } as HTMLDivElement,
+  };
+}
+
+const originalInnerHeight = window.innerHeight;
+
+beforeEach(() => {
+  Object.defineProperty(window, 'innerHeight', { value: 1000, writable: true });
+});
+
+afterEach(() => {
+  Object.defineProperty(window, 'innerHeight', { value: originalInnerHeight, writable: true });
+});
+
+describe('scaleImage', () => {
+  it('returns auto dimensions when containerRef is null', () => {
+    const result = scaleImage({
+      originalWidth: 1024,
+      originalHeight: 1024,
+      containerRef: { current: null },
+    });
+    expect(result).toEqual({ width: 'auto', height: 'auto' });
+  });
+
+  it('scales a square image to fit container width, clamped by max height', () => {
+    // container=512, but 512px height exceeds 45vh (450px), so clamped
+    const result = scaleImage({
+      originalWidth: 1024,
+      originalHeight: 1024,
+      containerRef: makeContainerRef(512),
+    });
+    expect(result).toEqual({ width: '450px', height: '450px' });
+  });
+
+  it('scales to container width when height stays within max', () => {
+    const result = scaleImage({
+      originalWidth: 1024,
+      originalHeight: 1024,
+      containerRef: makeContainerRef(300),
+    });
+    expect(result).toEqual({ width: '300px', height: '300px' });
+  });
+
+  it('does not upscale when container is wider than the image', () => {
+    const result = scaleImage({
+      originalWidth: 256,
+      originalHeight: 256,
+      containerRef: makeContainerRef(800),
+    });
+    expect(result).toEqual({ width: '256px', height: '256px' });
+  });
+
+  it('constrains height to 45vh and adjusts width by aspect ratio', () => {
+    // window.innerHeight = 1000, so maxHeight = 450
+    const result = scaleImage({
+      originalWidth: 500,
+      originalHeight: 1000,
+      containerRef: makeContainerRef(600),
+    });
+    // container fits 500px width → height would be 1000, exceeds 450
+    // clamp: height=450, width=450*(500/1000)=225
+    expect(result).toEqual({ width: '225px', height: '450px' });
+  });
+
+  it('handles landscape images correctly', () => {
+    const result = scaleImage({
+      originalWidth: 1920,
+      originalHeight: 1080,
+      containerRef: makeContainerRef(800),
+    });
+    // width clamped to 800, height = 800 / (1920/1080) = 450, exactly maxHeight
+    expect(result).toEqual({ width: '800px', height: '450px' });
+  });
+
+  it('handles very wide panoramic images', () => {
+    const result = scaleImage({
+      originalWidth: 4000,
+      originalHeight: 500,
+      containerRef: makeContainerRef(600),
+    });
+    // width clamped to 600, height = 600 / (4000/500) = 75, well under maxHeight
+    expect(result).toEqual({ width: '600px', height: '75px' });
+  });
+});
diff --git a/client/src/utils/artifacts.ts b/client/src/utils/artifacts.ts
index 793bc484bc..2ca02422a2 100644
--- a/client/src/utils/artifacts.ts
+++ b/client/src/utils/artifacts.ts
@@ -4,6 +4,7 @@ import type {
   SandpackProviderProps,
   SandpackPredefinedTemplate,
 } from '@codesandbox/sandpack-react';
+import type { TStartupConfig } from 'librechat-data-provider';
 
 const artifactFilename = {
   'application/vnd.react': 'App.tsx',
@@ -138,10 +139,29 @@ export function getProps(type: string): Partial<SandpackProviderProps> {
   };
 }
 
+/** Fragment hint lets Sandpack's static-template regex detect `.js` from the URL;
+ * without it, the versioned CDN path (`/3.4.17`) has no recognised extension and
+ * `injectExternalResources` throws "Unable to determine file type". */
+const TAILWIND_CDN = 'https://cdn.tailwindcss.com/3.4.17#tailwind.js';
+
 export const sharedOptions: SandpackProviderProps['options'] = {
-  externalResources: ['https://cdn.tailwindcss.com/3.4.17'],
+  externalResources: [TAILWIND_CDN],
 };
 
+export function buildSandpackOptions(
+  template: SandpackProviderProps['template'],
+  startupConfig?: TStartupConfig,
+): SandpackProviderProps['options'] {
+  if (!startupConfig) {
+    return sharedOptions;
+  }
+
+  return {
+    ...sharedOptions,
+    bundlerURL: template === 'static' ? startupConfig.staticBundlerURL : startupConfig.bundlerURL,
+  };
+}
+
 export const sharedFiles = {
   '/lib/utils.ts': shadcnComponents.utils,
   '/components/ui/accordion.tsx': shadcnComponents.accordian,
diff --git a/client/src/utils/files.ts b/client/src/utils/files.ts
index be81a31b79..536b340bf3 100644
--- a/client/src/utils/files.ts
+++ b/client/src/utils/files.ts
@@ -317,3 +317,13 @@ export const validateFiles = ({
 
   return true;
 };
+
+export function sortPagesByRelevance(
+  pages: number[],
+  pageRelevance: Record<number, number>,
+): number[] {
+  if (!pageRelevance || Object.keys(pageRelevance).length === 0) {
+    return pages;
+  }
+  return [...pages].sort((a, b) => (pageRelevance[b] || 0) - (pageRelevance[a] || 0));
+}
diff --git a/client/src/utils/groupToolCalls.ts b/client/src/utils/groupToolCalls.ts
new file mode 100644
index 0000000000..406b686aad
--- /dev/null
+++ b/client/src/utils/groupToolCalls.ts
@@ -0,0 +1,51 @@
+import { Constants, ContentTypes, ToolCallTypes } from 'librechat-data-provider';
+import type { TMessageContentParts, Agents } from 'librechat-data-provider';
+import type { PartWithIndex } from '~/components/Chat/Messages/Content/ParallelContent';
+
+export type GroupedPart =
+  | { type: 'single'; part: PartWithIndex }
+  | { type: 'tool-group'; parts: PartWithIndex[] };
+
+function isGroupableToolCall(part: TMessageContentParts): boolean {
+  if (part.type !== ContentTypes.TOOL_CALL) {
+    return false;
+  }
+  const toolCall = part[ContentTypes.TOOL_CALL] as Agents.ToolCall | undefined;
+  if (!toolCall) {
+    return false;
+  }
+  const isStandardToolCall =
+    'args' in toolCall && (!toolCall.type || toolCall.type === ToolCallTypes.TOOL_CALL);
+  if (isStandardToolCall && toolCall.name?.startsWith(Constants.LC_TRANSFER_TO_)) {
+    return false;
+  }
+  return true;
+}
+
+export function groupSequentialToolCalls(parts: PartWithIndex[]): GroupedPart[] {
+  const result: GroupedPart[] = [];
+  let currentGroup: PartWithIndex[] = [];
+
+  const flushGroup = () => {
+    if (currentGroup.length >= 2) {
+      result.push({ type: 'tool-group', parts: [...currentGroup] });
+    } else {
+      for (const p of currentGroup) {
+        result.push({ type: 'single', part: p });
+      }
+    }
+    currentGroup = [];
+  };
+
+  for (const item of parts) {
+    if (isGroupableToolCall(item.part)) {
+      currentGroup.push(item);
+    } else {
+      flushGroup();
+      result.push({ type: 'single', part: item });
+    }
+  }
+  flushGroup();
+
+  return result;
+}
diff --git a/client/src/utils/index.ts b/client/src/utils/index.ts
index 468bc9444c..bba6b5dc78 100644
--- a/client/src/utils/index.ts
+++ b/client/src/utils/index.ts
@@ -3,31 +3,33 @@ import type { UIActionResult } from '@mcp-ui/client';
 import { TAskFunction } from '~/common';
 import logger from './logger';
 
-export * from './errors';
 export * from './map';
 export * from './json';
+export * from './email';
+export * from './share';
 export * from './files';
 export * from './latex';
 export * from './forms';
+export * from './roles';
+export * from './errors';
 export * from './agents';
 export * from './drafts';
 export * from './convos';
 export * from './routes';
-export * from './redirect';
 export * from './presets';
 export * from './prompts';
 export * from './textarea';
 export * from './messages';
+export * from './redirect';
 export * from './languages';
 export * from './endpoints';
 export * from './resources';
-export * from './roles';
+export * from './scaleImage';
+export * from './timestamps';
 export * from './localStorage';
 export * from './promptGroups';
 export * from './previewCache';
-export * from './email';
-export * from './share';
-export * from './timestamps';
+export * from './groupToolCalls';
 export { default as cn } from './cn';
 export { default as logger } from './logger';
 export { default as getLoginError } from './getLoginError';
diff --git a/client/src/utils/scaleImage.ts b/client/src/utils/scaleImage.ts
new file mode 100644
index 0000000000..fb0f2604d7
--- /dev/null
+++ b/client/src/utils/scaleImage.ts
@@ -0,0 +1,32 @@
+import type { RefObject } from 'react';
+
+const MAX_HEIGHT_VH = 0.45;
+
+export function scaleImage({
+  originalWidth,
+  originalHeight,
+  containerRef,
+}: {
+  originalWidth: number;
+  originalHeight: number;
+  containerRef: RefObject<HTMLDivElement | null>;
+}): { width: string; height: string } {
+  const container = containerRef.current;
+  if (!container) {
+    return { width: 'auto', height: 'auto' };
+  }
+
+  const containerWidth = container.clientWidth;
+  const maxHeight = window.innerHeight * MAX_HEIGHT_VH;
+  const aspectRatio = originalWidth / originalHeight;
+
+  let width = Math.min(originalWidth, containerWidth);
+  let height = width / aspectRatio;
+
+  if (height > maxHeight) {
+    height = maxHeight;
+    width = height * aspectRatio;
+  }
+
+  return { width: `${Math.round(width)}px`, height: `${Math.round(height)}px` };
+}
diff --git a/client/vite.config.ts b/client/vite.config.ts
index 58d4bc98f2..0422f8bd3d 100644
--- a/client/vite.config.ts
+++ b/client/vite.config.ts
@@ -273,6 +273,10 @@ export default defineConfig(({ command }) => ({
               return 'headlessui';
             }
 
+            if (normalizedId.includes('@icons-pack/react-simple-icons/icons/')) {
+              return;
+            }
+
             // Everything else falls into a generic vendor chunk.
             return 'vendor';
           }
diff --git a/deploy-compose.yml b/deploy-compose.yml
index 968768b818..5d7bcebcd0 100644
--- a/deploy-compose.yml
+++ b/deploy-compose.yml
@@ -46,7 +46,7 @@ services:
     container_name: chat-mongodb
     # ports:  # Uncomment this to access mongodb from outside docker, not safe in deployment
     #   - 27018:27017
-    image: mongo:8.0.17
+    image: mongo:8.0.20
     restart: always
     volumes:
       - ./data-node:/data/db
diff --git a/docker-compose.yml b/docker-compose.yml
index 079cdb74b6..6c95c309b4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -29,7 +29,7 @@ services:
       - ./logs:/app/logs
   mongodb:
     container_name: chat-mongodb
-    image: mongo:8.0.17
+    image: mongo:8.0.20
     restart: always
     user: "${UID}:${GID}"
     volumes:
diff --git a/eslint.config.mjs b/eslint.config.mjs
index 1dde65cda1..59c348374d 100644
--- a/eslint.config.mjs
+++ b/eslint.config.mjs
@@ -345,7 +345,7 @@ export default [
     },
   },
   {
-    // **New Data-schemas configuration block**
+    // **Data-schemas — shared rules for all TS files**
     files: ['./packages/data-schemas/**/*.ts'],
     languageOptions: {
       parser: tsParser,
@@ -367,4 +367,25 @@ export default [
       ],
     },
   },
+  {
+    // **Data-schemas — ban raw bulkWrite/collection.* in production code**
+    // Tests and the tenantSafeBulkWrite wrapper itself are excluded.
+    files: ['./packages/data-schemas/**/*.ts'],
+    ignores: ['**/*.spec.ts', '**/*.test.ts', '**/utils/tenantBulkWrite.ts'],
+    rules: {
+      'no-restricted-syntax': [
+        'error',
+        {
+          selector: "CallExpression[callee.property.name='bulkWrite']",
+          message:
+            'Use tenantSafeBulkWrite() instead of Model.bulkWrite() — Mongoose middleware does not fire for bulkWrite, so the tenant isolation plugin cannot intercept it.',
+        },
+        {
+          selector: "MemberExpression[property.name='collection'][parent.type='MemberExpression']",
+          message:
+            'Avoid Model.collection.* — raw driver calls bypass all Mongoose middleware including tenant isolation. Use Mongoose model methods or tenantSafeBulkWrite() instead.',
+        },
+      ],
+    },
+  },
 ];
diff --git a/package-lock.json b/package-lock.json
index 0751562a7d..d5c8e47490 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -50,7 +50,7 @@
       "license": "ISC",
       "dependencies": {
         "@anthropic-ai/vertex-sdk": "^0.14.3",
-        "@aws-sdk/client-bedrock-runtime": "^3.980.0",
+        "@aws-sdk/client-bedrock-runtime": "^3.1013.0",
         "@aws-sdk/client-s3": "^3.980.0",
         "@aws-sdk/s3-request-presigner": "^3.758.0",
         "@azure/identity": "^4.7.0",
@@ -59,7 +59,7 @@
         "@google/genai": "^1.19.0",
         "@keyv/redis": "^4.3.3",
         "@langchain/core": "^0.3.80",
-        "@librechat/agents": "^3.1.62",
+        "@librechat/agents": "^3.1.63",
         "@librechat/api": "*",
         "@librechat/data-schemas": "*",
         "@microsoft/microsoft-graph-client": "^3.0.7",
@@ -67,7 +67,7 @@
         "@node-saml/passport-saml": "^5.1.0",
         "@smithy/node-http-handler": "^4.4.5",
         "ai-tokenizer": "^1.0.6",
-        "axios": "^1.13.5",
+        "axios": "1.13.6",
         "bcryptjs": "^2.4.3",
         "compression": "^1.8.1",
         "connect-redis": "^8.1.0",
@@ -85,7 +85,7 @@
         "file-type": "^21.3.2",
         "firebase": "^11.0.2",
         "form-data": "^4.0.4",
-        "handlebars": "^4.7.7",
+        "handlebars": "^4.7.9",
         "https-proxy-agent": "^7.0.6",
         "ioredis": "^5.3.2",
         "js-yaml": "^4.1.1",
@@ -106,7 +106,7 @@
         "multer": "^2.1.1",
         "nanoid": "^3.3.7",
         "node-fetch": "^2.7.0",
-        "nodemailer": "^7.0.11",
+        "nodemailer": "^8.0.4",
         "ollama": "^0.5.0",
         "openai": "5.8.2",
         "openid-client": "^6.5.0",
@@ -488,7 +488,7 @@
         "@babel/preset-env": "^7.22.15",
         "@babel/preset-react": "^7.22.15",
         "@babel/preset-typescript": "^7.22.15",
-        "@happy-dom/jest-environment": "^20.8.3",
+        "@happy-dom/jest-environment": "^20.8.9",
         "@tanstack/react-query-devtools": "^4.29.0",
         "@testing-library/dom": "^9.3.0",
         "@testing-library/jest-dom": "^5.16.5",
@@ -2520,9 +2520,9 @@
       }
     },
     "client/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -9928,13 +9928,13 @@
       }
     },
     "node_modules/@happy-dom/jest-environment": {
-      "version": "20.8.3",
-      "resolved": "https://registry.npmjs.org/@happy-dom/jest-environment/-/jest-environment-20.8.3.tgz",
-      "integrity": "sha512-VMOfNvF7UPPHIc7SUrFqGXqJrkONYX6Vd0ZXblmjgb1JA2RFnrc1KiVodzG0c7IT5Q0jfA0CQjvlqWjQ/BYtkQ==",
+      "version": "20.8.9",
+      "resolved": "https://registry.npmjs.org/@happy-dom/jest-environment/-/jest-environment-20.8.9.tgz",
+      "integrity": "sha512-E0E7+n/BuyongNR+jLExaAeXs50lYBVD/QJYYpi2+qLFt2PxQtjknw/26YDIWjP/nwFDlCY3/P0YCSFCQ68Zxw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "happy-dom": "^20.8.3"
+        "happy-dom": "^20.8.9"
       },
       "engines": {
         "node": ">=20.0.0"
@@ -10703,9 +10703,9 @@
       }
     },
     "node_modules/@jest/environment-jsdom-abstract/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -10892,9 +10892,9 @@
       }
     },
     "node_modules/@jest/fake-timers/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -11183,9 +11183,9 @@
       }
     },
     "node_modules/@jest/transform/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -11861,9 +11861,9 @@
       }
     },
     "node_modules/@librechat/agents": {
-      "version": "3.1.62",
-      "resolved": "https://registry.npmjs.org/@librechat/agents/-/agents-3.1.62.tgz",
-      "integrity": "sha512-QBZlJ4C89GmBg9w2qoWOWl1Y1xiRypUtIMBsL6eLPIsdbKHJ+GYO+076rfSD+tMqZB5ZbrxqPWOh+gxEXK1coQ==",
+      "version": "3.1.63",
+      "resolved": "https://registry.npmjs.org/@librechat/agents/-/agents-3.1.63.tgz",
+      "integrity": "sha512-6uHsGyY2kOrBbSffWVzBnQcIoVG65L1ojYSBFHYZiQc/SsW2BGCmVTUWzORA8aZIE7uX+DYP3pBtybGvsYTURg==",
       "license": "MIT",
       "dependencies": {
         "@anthropic-ai/sdk": "^0.73.0",
@@ -11885,7 +11885,7 @@
         "@opentelemetry/sdk-node": "^0.207.0",
         "@scarf/scarf": "^1.4.0",
         "ai-tokenizer": "^1.0.6",
-        "axios": "^1.13.5",
+        "axios": "1.13.6",
         "cheerio": "^1.0.0",
         "dotenv": "^16.4.7",
         "https-proxy-agent": "^7.0.6",
@@ -18559,9 +18559,9 @@
       }
     },
     "node_modules/@rollup/plugin-commonjs/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -18682,6 +18682,16 @@
         }
       }
     },
+    "node_modules/@rollup/plugin-terser/node_modules/serialize-javascript": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz",
+      "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "randombytes": "^2.1.0"
+      }
+    },
     "node_modules/@rollup/plugin-typescript": {
       "version": "12.1.2",
       "resolved": "https://registry.npmjs.org/@rollup/plugin-typescript/-/plugin-typescript-12.1.2.tgz",
@@ -21428,9 +21438,9 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -22476,9 +22486,9 @@
       }
     },
     "node_modules/axios": {
-      "version": "1.13.5",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz",
-      "integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==",
+      "version": "1.13.6",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.6.tgz",
+      "integrity": "sha512-ChTCHMouEe2kn713WHbQGcuYrr6fXTBiu460OTwWrWob16g1bXn4vtz07Ope7ewMozJAnEquLk5lWQWtBig9DQ==",
       "license": "MIT",
       "dependencies": {
         "follow-redirects": "^1.15.11",
@@ -22880,9 +22890,9 @@
       "integrity": "sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA=="
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.13",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -24493,9 +24503,9 @@
       }
     },
     "node_modules/cssnano/node_modules/yaml": {
-      "version": "1.10.2",
-      "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz",
-      "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==",
+      "version": "1.10.3",
+      "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.3.tgz",
+      "integrity": "sha512-vIYeF1u3CjlhAFekPPAk2h/Kv4T3mAkMox5OymRiJQB0spDP10LHvt+K7G9Ny6NuuMAb25/6n1qyUjAcGNf/AA==",
       "dev": true,
       "license": "ISC",
       "engines": {
@@ -27243,9 +27253,9 @@
       }
     },
     "node_modules/filelist/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -27919,9 +27929,9 @@
       }
     },
     "node_modules/glob/node_modules/brace-expansion": {
-      "version": "5.0.3",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
-      "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+      "version": "5.0.5",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+      "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -28092,9 +28102,10 @@
       "license": "MIT"
     },
     "node_modules/handlebars": {
-      "version": "4.7.8",
-      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz",
-      "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==",
+      "version": "4.7.9",
+      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz",
+      "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==",
+      "license": "MIT",
       "dependencies": {
         "minimist": "^1.2.5",
         "neo-async": "^2.6.2",
@@ -28112,9 +28123,9 @@
       }
     },
     "node_modules/happy-dom": {
-      "version": "20.8.3",
-      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-20.8.3.tgz",
-      "integrity": "sha512-lMHQRRwIPyJ70HV0kkFT7jH/gXzSI7yDkQFe07E2flwmNDFoWUTRMKpW2sglsnpeA7b6S2TJPp98EbQxai8eaQ==",
+      "version": "20.8.9",
+      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-20.8.9.tgz",
+      "integrity": "sha512-Tz23LR9T9jOGVZm2x1EPdXqwA37G/owYMxRwU0E4miurAtFsPMQ1d2Jc2okUaSjZqAFz2oEn3FLXC5a0a+siyA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -30047,9 +30058,9 @@
       }
     },
     "node_modules/jest-mock/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -30359,9 +30370,9 @@
       }
     },
     "node_modules/jest/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -30946,9 +30957,9 @@
       }
     },
     "node_modules/jest/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -34515,9 +34526,9 @@
       "license": "MIT"
     },
     "node_modules/nodemailer": {
-      "version": "7.0.11",
-      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.11.tgz",
-      "integrity": "sha512-gnXhNRE0FNhD7wPSCGhdNh46Hs6nm+uTyg+Kq0cZukNQiYdnCsoQjodNP9BQVG9XrcK/v6/MgpAPBUFyzh9pvw==",
+      "version": "8.0.4",
+      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-8.0.4.tgz",
+      "integrity": "sha512-k+jf6N8PfQJ0Fe8ZhJlgqU5qJU44Lpvp2yvidH3vp1lPnVQMgi4yEEMPXg5eJS1gFIJTVq1NHBk7Ia9ARdSBdQ==",
       "license": "MIT-0",
       "engines": {
         "node": ">=6.0.0"
@@ -35391,12 +35402,13 @@
       }
     },
     "node_modules/path-to-regexp": {
-      "version": "8.2.0",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.2.0.tgz",
-      "integrity": "sha512-TdrF7fW9Rphjq4RjrW0Kp2AW0Ahwu9sRGTkS6bvDi0SCwZlEZYmcfDbEsTz8RVk0EHIS/Vd1bv3JhG+1xZuAyQ==",
+      "version": "8.4.1",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.1.tgz",
+      "integrity": "sha512-fvU78fIjZ+SBM9YwCknCvKOUKkLVqtWDVctl0s7xIqfmfb38t2TT4ZU2gHm+Z8xGwgW+QWEU3oQSAzIbo89Ggw==",
       "license": "MIT",
-      "engines": {
-        "node": ">=16"
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
       }
     },
     "node_modules/pathe": {
@@ -35454,9 +35466,10 @@
       "license": "ISC"
     },
     "node_modules/picomatch": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
-      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+      "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
+      "license": "MIT",
       "engines": {
         "node": ">=8.6"
       },
@@ -39236,9 +39249,9 @@
       }
     },
     "node_modules/rimraf/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0"
@@ -39458,9 +39471,9 @@
       }
     },
     "node_modules/rollup-plugin-postcss/node_modules/yaml": {
-      "version": "1.10.2",
-      "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz",
-      "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==",
+      "version": "1.10.3",
+      "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.3.tgz",
+      "integrity": "sha512-vIYeF1u3CjlhAFekPPAk2h/Kv4T3mAkMox5OymRiJQB0spDP10LHvt+K7G9Ny6NuuMAb25/6n1qyUjAcGNf/AA==",
       "dev": true,
       "license": "ISC",
       "engines": {
@@ -39468,16 +39481,17 @@
       }
     },
     "node_modules/rollup-plugin-typescript2": {
-      "version": "0.35.0",
-      "resolved": "https://registry.npmjs.org/rollup-plugin-typescript2/-/rollup-plugin-typescript2-0.35.0.tgz",
-      "integrity": "sha512-szcIO9hPUx3PhQl91u4pfNAH2EKbtrXaES+m163xQVE5O1CC0ea6YZV/5woiDDW3CR9jF2CszPrKN+AFiND0bg==",
+      "version": "0.37.0",
+      "resolved": "https://registry.npmjs.org/rollup-plugin-typescript2/-/rollup-plugin-typescript2-0.37.0.tgz",
+      "integrity": "sha512-S1r/4Ufi13Yg/chPlh4iSHWq2Zs/sIAodW5SKUoCQfy/DEQhkS2XRFEtv+NRq3iBO4WHHfqKtDPOC5lJTYm7OQ==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "@rollup/pluginutils": "^4.1.2",
         "find-cache-dir": "^3.3.2",
         "fs-extra": "^10.0.0",
-        "semver": "^7.3.7",
-        "tslib": "^2.4.0"
+        "semver": "^7.5.4",
+        "tslib": "^2.6.2"
       },
       "peerDependencies": {
         "rollup": ">=1.26.3",
@@ -39797,12 +39811,13 @@
       }
     },
     "node_modules/serialize-javascript": {
-      "version": "7.0.4",
-      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.4.tgz",
-      "integrity": "sha512-DuGdB+Po43Q5Jxwpzt1lhyFSYKryqoNjQSA9M92tyw0lyHIOur+XCalOUe0KTJpyqzT8+fQ5A0Jf7vCx/NKmIg==",
+      "version": "7.0.5",
+      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.5.tgz",
+      "integrity": "sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw==",
       "dev": true,
-      "dependencies": {
-        "randombytes": "^2.1.0"
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=20.0.0"
       }
     },
     "node_modules/serve-static": {
@@ -40774,9 +40789,9 @@
       }
     },
     "node_modules/sucrase/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0"
@@ -41336,9 +41351,9 @@
       }
     },
     "node_modules/tinyglobby/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -43156,9 +43171,9 @@
       }
     },
     "node_modules/workbox-build/node_modules/brace-expansion": {
-      "version": "5.0.4",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.4.tgz",
-      "integrity": "sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==",
+      "version": "5.0.5",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+      "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -43803,15 +43818,18 @@
       "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g=="
     },
     "node_modules/yaml": {
-      "version": "2.7.0",
-      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.7.0.tgz",
-      "integrity": "sha512-+hSoy/QHluxmC9kCIJyL/uyFmLmc+e5CFR5Wa+bpIhIj85LVb9ZH2nVnqrHoSvKogwODv0ClqZkmiSSaIH5LTA==",
+      "version": "2.8.3",
+      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+      "integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
       "license": "ISC",
       "bin": {
         "yaml": "bin.mjs"
       },
       "engines": {
-        "node": ">= 14"
+        "node": ">= 14.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/eemeli"
       }
     },
     "node_modules/yargs": {
@@ -43969,7 +43987,7 @@
       },
       "peerDependencies": {
         "@anthropic-ai/vertex-sdk": "^0.14.3",
-        "@aws-sdk/client-bedrock-runtime": "^3.970.0",
+        "@aws-sdk/client-bedrock-runtime": "^3.1013.0",
         "@aws-sdk/client-s3": "^3.980.0",
         "@azure/identity": "^4.7.0",
         "@azure/search-documents": "^12.0.0",
@@ -43977,12 +43995,12 @@
         "@google/genai": "^1.19.0",
         "@keyv/redis": "^4.3.3",
         "@langchain/core": "^0.3.80",
-        "@librechat/agents": "^3.1.62",
+        "@librechat/agents": "^3.1.63",
         "@librechat/data-schemas": "*",
         "@modelcontextprotocol/sdk": "^1.27.1",
         "@smithy/node-http-handler": "^4.4.5",
         "ai-tokenizer": "^1.0.6",
-        "axios": "^1.13.5",
+        "axios": "1.13.6",
         "connect-redis": "^8.1.0",
         "eventsource": "^3.0.2",
         "express": "^5.1.0",
@@ -44084,7 +44102,7 @@
         "rollup": "^4.34.9",
         "rollup-plugin-peer-deps-external": "^2.2.4",
         "rollup-plugin-postcss": "^4.0.2",
-        "rollup-plugin-typescript2": "^0.35.0",
+        "rollup-plugin-typescript2": "^0.37.0",
         "tailwindcss-radix": "^2.8.0",
         "typescript": "^5.0.0"
       },
@@ -45874,10 +45892,10 @@
     },
     "packages/data-provider": {
       "name": "librechat-data-provider",
-      "version": "0.8.401",
+      "version": "0.8.406",
       "license": "ISC",
       "dependencies": {
-        "axios": "^1.13.5",
+        "axios": "1.13.6",
         "dayjs": "^1.11.13",
         "js-yaml": "^4.1.1",
         "zod": "^3.22.4"
@@ -45891,7 +45909,7 @@
         "@rollup/plugin-json": "^6.1.0",
         "@rollup/plugin-node-resolve": "^15.1.0",
         "@rollup/plugin-replace": "^5.0.5",
-        "@rollup/plugin-terser": "^0.4.4",
+        "@rollup/plugin-terser": "^1.0.0",
         "@types/jest": "^29.5.2",
         "@types/js-yaml": "^4.0.9",
         "@types/node": "^20.3.0",
@@ -45903,13 +45921,36 @@
         "rimraf": "^6.1.3",
         "rollup": "^4.34.9",
         "rollup-plugin-peer-deps-external": "^2.2.4",
-        "rollup-plugin-typescript2": "^0.35.0",
+        "rollup-plugin-typescript2": "^0.37.0",
         "typescript": "^5.0.4"
       },
       "peerDependencies": {
         "@tanstack/react-query": "^4.28.0"
       }
     },
+    "packages/data-provider/node_modules/@rollup/plugin-terser": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@rollup/plugin-terser/-/plugin-terser-1.0.0.tgz",
+      "integrity": "sha512-FnCxhTBx6bMOYQrar6C8h3scPt8/JwIzw3+AJ2K++6guogH5fYaIFia+zZuhqv0eo1RN7W1Pz630SyvLbDjhtQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "serialize-javascript": "^7.0.3",
+        "smob": "^1.0.0",
+        "terser": "^5.17.4"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      },
+      "peerDependencies": {
+        "rollup": "^2.0.0||^3.0.0||^4.0.0"
+      },
+      "peerDependenciesMeta": {
+        "rollup": {
+          "optional": true
+        }
+      }
+    },
     "packages/data-provider/node_modules/rimraf": {
       "version": "6.1.3",
       "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-6.1.3.tgz",
@@ -45932,7 +45973,7 @@
     },
     "packages/data-schemas": {
       "name": "@librechat/data-schemas",
-      "version": "0.0.40",
+      "version": "0.0.48",
       "license": "MIT",
       "devDependencies": {
         "@rollup/plugin-alias": "^5.1.0",
@@ -45940,7 +45981,7 @@
         "@rollup/plugin-json": "^6.1.0",
         "@rollup/plugin-node-resolve": "^15.1.0",
         "@rollup/plugin-replace": "^5.0.5",
-        "@rollup/plugin-terser": "^0.4.4",
+        "@rollup/plugin-terser": "^1.0.0",
         "@rollup/plugin-typescript": "^12.1.2",
         "@types/express": "^5.0.0",
         "@types/jest": "^29.5.2",
@@ -45951,7 +45992,7 @@
         "rimraf": "^6.1.3",
         "rollup": "^4.34.9",
         "rollup-plugin-peer-deps-external": "^2.2.4",
-        "rollup-plugin-typescript2": "^0.35.0",
+        "rollup-plugin-typescript2": "^0.37.0",
         "ts-node": "^10.9.2",
         "typescript": "^5.0.4"
       },
@@ -45967,6 +46008,29 @@
         "winston-daily-rotate-file": "^5.0.0"
       }
     },
+    "packages/data-schemas/node_modules/@rollup/plugin-terser": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@rollup/plugin-terser/-/plugin-terser-1.0.0.tgz",
+      "integrity": "sha512-FnCxhTBx6bMOYQrar6C8h3scPt8/JwIzw3+AJ2K++6guogH5fYaIFia+zZuhqv0eo1RN7W1Pz630SyvLbDjhtQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "serialize-javascript": "^7.0.3",
+        "smob": "^1.0.0",
+        "terser": "^5.17.4"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      },
+      "peerDependencies": {
+        "rollup": "^2.0.0||^3.0.0||^4.0.0"
+      },
+      "peerDependenciesMeta": {
+        "rollup": {
+          "optional": true
+        }
+      }
+    },
     "packages/data-schemas/node_modules/logform": {
       "version": "2.7.0",
       "resolved": "https://registry.npmjs.org/logform/-/logform-2.7.0.tgz",
diff --git a/packages/api/jest.config.mjs b/packages/api/jest.config.mjs
index df9cf6bcc2..976b794122 100644
--- a/packages/api/jest.config.mjs
+++ b/packages/api/jest.config.mjs
@@ -8,6 +8,7 @@ export default {
     '\\.helper\\.ts$',
     '\\.helper\\.d\\.ts$',
     '/__tests__/helpers/',
+    '\\.manual\\.spec\\.[jt]sx?$',
   ],
   coverageReporters: ['text', 'cobertura'],
   testResultsProcessor: 'jest-junit',
diff --git a/packages/api/package.json b/packages/api/package.json
index a4e74a7a3c..87e567575a 100644
--- a/packages/api/package.json
+++ b/packages/api/package.json
@@ -18,8 +18,8 @@
     "build:dev": "npm run clean && NODE_ENV=development rollup -c --bundleConfigAsCjs",
     "build:watch": "NODE_ENV=development rollup -c -w --bundleConfigAsCjs",
     "build:watch:prod": "rollup -c -w --bundleConfigAsCjs",
-    "test": "jest --coverage --watch --testPathIgnorePatterns=\"\\.*integration\\.|\\.*helper\\.|__tests__/helpers/\"",
-    "test:ci": "jest --coverage --ci --testPathIgnorePatterns=\"\\.*integration\\.|\\.*helper\\.|__tests__/helpers/\"",
+    "test": "jest --coverage --watch --testPathIgnorePatterns=\"\\.*integration\\.|\\.*helper\\.|__tests__/helpers/|\\.*manual\\.spec\\.\"",
+    "test:ci": "jest --coverage --ci --testPathIgnorePatterns=\"\\.*integration\\.|\\.*helper\\.|__tests__/helpers/|\\.*manual\\.spec\\.\"",
     "test:cache-integration:core": "jest --testPathPatterns=\"src/cache/.*\\.cache_integration\\.spec\\.ts$\" --coverage=false",
     "test:cache-integration:cluster": "jest --testPathPatterns=\"src/cluster/.*\\.cache_integration\\.spec\\.ts$\" --coverage=false --runInBand",
     "test:cache-integration:mcp": "jest --testPathPatterns=\"src/mcp/.*\\.cache_integration\\.spec\\.ts$\" --coverage=false",
@@ -68,8 +68,8 @@
     "@types/yauzl": "^2.10.3",
     "aws-sdk-client-mock": "^4.1.0",
     "jest": "^30.2.0",
-    "jszip": "^3.10.1",
     "jest-junit": "^16.0.0",
+    "jszip": "^3.10.1",
     "librechat-data-provider": "*",
     "mammoth": "^1.11.0",
     "mongodb": "^6.14.2",
@@ -87,7 +87,7 @@
   },
   "peerDependencies": {
     "@anthropic-ai/vertex-sdk": "^0.14.3",
-    "@aws-sdk/client-bedrock-runtime": "^3.970.0",
+    "@aws-sdk/client-bedrock-runtime": "^3.1013.0",
     "@aws-sdk/client-s3": "^3.980.0",
     "@azure/identity": "^4.7.0",
     "@azure/search-documents": "^12.0.0",
@@ -95,12 +95,12 @@
     "@google/genai": "^1.19.0",
     "@keyv/redis": "^4.3.3",
     "@langchain/core": "^0.3.80",
-    "@librechat/agents": "^3.1.62",
+    "@librechat/agents": "^3.1.63",
     "@librechat/data-schemas": "*",
     "@modelcontextprotocol/sdk": "^1.27.1",
     "@smithy/node-http-handler": "^4.4.5",
     "ai-tokenizer": "^1.0.6",
-    "axios": "^1.13.5",
+    "axios": "1.13.6",
     "connect-redis": "^8.1.0",
     "eventsource": "^3.0.2",
     "express": "^5.1.0",
diff --git a/packages/api/src/admin/config.handler.spec.ts b/packages/api/src/admin/config.handler.spec.ts
new file mode 100644
index 0000000000..ad33f5f158
--- /dev/null
+++ b/packages/api/src/admin/config.handler.spec.ts
@@ -0,0 +1,781 @@
+import type { Response } from 'express';
+import type { ServerRequest } from '~/types/http';
+import { createAdminConfigHandlers } from './config';
+
+function mockReq(overrides = {}) {
+  return {
+    user: { id: 'u1', role: 'ADMIN', _id: { toString: () => 'u1' } },
+    params: {},
+    body: {},
+    query: {},
+    ...overrides,
+  } as Partial<ServerRequest> as ServerRequest;
+}
+
+interface MockRes {
+  statusCode: number;
+  body: undefined | { config?: unknown; error?: string; [key: string]: unknown };
+  status: jest.Mock;
+  json: jest.Mock;
+}
+
+function mockRes() {
+  const res: MockRes = {
+    statusCode: 200,
+    body: undefined,
+    status: jest.fn((code: number) => {
+      res.statusCode = code;
+      return res;
+    }),
+    json: jest.fn((data: MockRes['body']) => {
+      res.body = data;
+      return res;
+    }),
+  };
+  return res as Partial<Response> as Response & MockRes;
+}
+
+function createHandlers(overrides = {}) {
+  const deps = {
+    listAllConfigs: jest.fn().mockResolvedValue([]),
+    findConfigByPrincipal: jest.fn().mockResolvedValue(null),
+    upsertConfig: jest.fn().mockResolvedValue({
+      _id: 'c1',
+      principalType: 'role',
+      principalId: 'admin',
+      overrides: {},
+      configVersion: 1,
+    }),
+    patchConfigFields: jest
+      .fn()
+      .mockResolvedValue({ _id: 'c1', overrides: { registration: { enabled: false } } }),
+    unsetConfigField: jest.fn().mockResolvedValue({ _id: 'c1', overrides: {} }),
+    deleteConfig: jest.fn().mockResolvedValue({ _id: 'c1' }),
+    toggleConfigActive: jest.fn().mockResolvedValue({ _id: 'c1', isActive: false }),
+    hasConfigCapability: jest.fn().mockResolvedValue(true),
+
+    getAppConfig: jest.fn().mockResolvedValue({ interface: { endpointsMenu: true } }),
+    ...overrides,
+  };
+  const handlers = createAdminConfigHandlers(deps);
+  return { handlers, deps };
+}
+
+describe('createAdminConfigHandlers', () => {
+  describe('getConfig', () => {
+    it('returns 403 before DB lookup when user lacks READ_CONFIGS', async () => {
+      const { handlers, deps } = createHandlers({
+        hasConfigCapability: jest.fn().mockResolvedValue(false),
+      });
+      const req = mockReq({ params: { principalType: 'role', principalId: 'admin' } });
+      const res = mockRes();
+
+      await handlers.getConfig(req, res);
+
+      expect(res.statusCode).toBe(403);
+      expect(deps.findConfigByPrincipal).not.toHaveBeenCalled();
+    });
+
+    it('returns 404 when config does not exist', async () => {
+      const { handlers } = createHandlers();
+      const req = mockReq({ params: { principalType: 'role', principalId: 'nonexistent' } });
+      const res = mockRes();
+
+      await handlers.getConfig(req, res);
+
+      expect(res.statusCode).toBe(404);
+    });
+
+    it('returns config when authorized and exists', async () => {
+      const config = {
+        _id: 'c1',
+        principalType: 'role',
+        principalId: 'admin',
+        overrides: { x: 1 },
+      };
+      const { handlers } = createHandlers({
+        findConfigByPrincipal: jest.fn().mockResolvedValue(config),
+      });
+      const req = mockReq({ params: { principalType: 'role', principalId: 'admin' } });
+      const res = mockRes();
+
+      await handlers.getConfig(req, res);
+
+      expect(res.statusCode).toBe(200);
+      expect(res.body!.config).toEqual(config);
+    });
+
+    it('returns 400 for invalid principalType', async () => {
+      const { handlers } = createHandlers();
+      const req = mockReq({ params: { principalType: 'invalid', principalId: 'x' } });
+      const res = mockRes();
+
+      await handlers.getConfig(req, res);
+
+      expect(res.statusCode).toBe(400);
+    });
+
+    it('rejects public principalType — not usable for config overrides', async () => {
+      const { handlers } = createHandlers();
+      const req = mockReq({ params: { principalType: 'public', principalId: 'x' } });
+      const res = mockRes();
+
+      await handlers.getConfig(req, res);
+
+      expect(res.statusCode).toBe(400);
+    });
+  });
+
+  describe('upsertConfigOverrides', () => {
+    it('returns 201 when creating a new config (configVersion === 1)', async () => {
+      const { handlers } = createHandlers({
+        upsertConfig: jest.fn().mockResolvedValue({ _id: 'c1', configVersion: 1 }),
+      });
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { overrides: { interface: { endpointsMenu: false } } },
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(res.statusCode).toBe(201);
+    });
+
+    it('returns 200 when updating an existing config (configVersion > 1)', async () => {
+      const { handlers } = createHandlers({
+        upsertConfig: jest.fn().mockResolvedValue({ _id: 'c1', configVersion: 5 }),
+      });
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { overrides: { interface: { endpointsMenu: false } } },
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(res.statusCode).toBe(200);
+    });
+
+    it('returns 400 when overrides is missing', async () => {
+      const { handlers } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: {},
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(res.statusCode).toBe(400);
+    });
+
+    it('strips permission fields from interface overrides but keeps UI fields', async () => {
+      const { handlers, deps } = createHandlers({
+        upsertConfig: jest.fn().mockResolvedValue({ _id: 'c1', configVersion: 1 }),
+      });
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: {
+          overrides: {
+            interface: { endpointsMenu: false, prompts: false, agents: { use: false } },
+          },
+        },
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(res.statusCode).toBe(201);
+      const savedOverrides = deps.upsertConfig.mock.calls[0][3];
+      expect(savedOverrides.interface).toEqual({ endpointsMenu: false });
+    });
+
+    it('preserves UI sub-keys in composite permission fields like mcpServers', async () => {
+      const { handlers, deps } = createHandlers({
+        upsertConfig: jest.fn().mockResolvedValue({ _id: 'c1', configVersion: 1 }),
+      });
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: {
+          overrides: {
+            interface: {
+              mcpServers: {
+                use: true,
+                create: false,
+                placeholder: 'Search MCP...',
+                trustCheckbox: { label: 'Trust' },
+              },
+            },
+          },
+        },
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(res.statusCode).toBe(201);
+      const savedOverrides = deps.upsertConfig.mock.calls[0][3];
+      const mcp = (savedOverrides as Record<string, unknown>).interface as Record<string, unknown>;
+      expect((mcp.mcpServers as Record<string, unknown>).placeholder).toBe('Search MCP...');
+      expect((mcp.mcpServers as Record<string, unknown>).trustCheckbox).toEqual({ label: 'Trust' });
+      expect((mcp.mcpServers as Record<string, unknown>).use).toBeUndefined();
+      expect((mcp.mcpServers as Record<string, unknown>).create).toBeUndefined();
+    });
+
+    it('strips peoplePicker permission sub-keys in upsert', async () => {
+      const { handlers, deps } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: {
+          overrides: {
+            interface: { peoplePicker: { users: false, groups: true, roles: true } },
+          },
+        },
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(res.statusCode).toBe(200);
+      expect(res.body!.message).toBeDefined();
+      expect(deps.upsertConfig).not.toHaveBeenCalled();
+    });
+
+    it('returns 200 with message when only permission fields in interface', async () => {
+      const { handlers, deps } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { overrides: { interface: { prompts: false, agents: false } } },
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(res.statusCode).toBe(200);
+      expect(res.body!.message).toBeDefined();
+      expect(deps.upsertConfig).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('deleteConfigField', () => {
+    it('reads fieldPath from query parameter', async () => {
+      const { handlers, deps } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        query: { fieldPath: 'interface.endpointsMenu' },
+      });
+      const res = mockRes();
+
+      await handlers.deleteConfigField(req, res);
+
+      expect(deps.unsetConfigField).toHaveBeenCalledWith(
+        'role',
+        'admin',
+        'interface.endpointsMenu',
+      );
+    });
+
+    it('allows deleting mcpServers UI sub-key paths', async () => {
+      const { handlers, deps } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        query: { fieldPath: 'interface.mcpServers.placeholder' },
+      });
+      const res = mockRes();
+
+      await handlers.deleteConfigField(req, res);
+
+      expect(res.statusCode).toBe(200);
+      expect(deps.unsetConfigField).toHaveBeenCalledWith(
+        'role',
+        'admin',
+        'interface.mcpServers.placeholder',
+      );
+    });
+
+    it('blocks deleting mcpServers permission sub-key paths', async () => {
+      const { handlers, deps } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        query: { fieldPath: 'interface.mcpServers.use' },
+      });
+      const res = mockRes();
+
+      await handlers.deleteConfigField(req, res);
+
+      expect(res.statusCode).toBe(200);
+      expect(res.body!.message).toBeDefined();
+      expect(deps.unsetConfigField).not.toHaveBeenCalled();
+    });
+
+    it('blocks deleting peoplePicker permission sub-key paths', async () => {
+      const { handlers, deps } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        query: { fieldPath: 'interface.peoplePicker.users' },
+      });
+      const res = mockRes();
+
+      await handlers.deleteConfigField(req, res);
+
+      expect(res.statusCode).toBe(200);
+      expect(res.body!.message).toBeDefined();
+      expect(deps.unsetConfigField).not.toHaveBeenCalled();
+    });
+
+    it('returns 200 no-op for interface permission field path', async () => {
+      const { handlers, deps } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        query: { fieldPath: 'interface.prompts' },
+      });
+      const res = mockRes();
+
+      await handlers.deleteConfigField(req, res);
+
+      expect(res.statusCode).toBe(200);
+      expect(res.body!.message).toBeDefined();
+      expect(deps.unsetConfigField).not.toHaveBeenCalled();
+    });
+
+    it('allows deleting interface UI field paths', async () => {
+      const { handlers, deps } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        query: { fieldPath: 'interface.endpointsMenu' },
+      });
+      const res = mockRes();
+
+      await handlers.deleteConfigField(req, res);
+
+      expect(res.statusCode).toBe(200);
+      expect(deps.unsetConfigField).toHaveBeenCalledWith(
+        'role',
+        'admin',
+        'interface.endpointsMenu',
+      );
+    });
+
+    it('returns 400 when fieldPath query param is missing', async () => {
+      const { handlers } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        query: {},
+      });
+      const res = mockRes();
+
+      await handlers.deleteConfigField(req, res);
+
+      expect(res.statusCode).toBe(400);
+      expect(res.body!.error).toContain('query parameter');
+    });
+
+    it('rejects unsafe field paths', async () => {
+      const { handlers } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        query: { fieldPath: '__proto__.polluted' },
+      });
+      const res = mockRes();
+
+      await handlers.deleteConfigField(req, res);
+
+      expect(res.statusCode).toBe(400);
+    });
+  });
+
+  describe('patchConfigField', () => {
+    it('returns 403 when user lacks capability for section', async () => {
+      const { handlers } = createHandlers({
+        hasConfigCapability: jest.fn().mockResolvedValue(false),
+      });
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { entries: [{ fieldPath: 'registration.enabled', value: false }] },
+      });
+      const res = mockRes();
+
+      await handlers.patchConfigField(req, res);
+
+      expect(res.statusCode).toBe(403);
+    });
+
+    it('strips interface permission field entries but keeps UI field entries', async () => {
+      const { handlers, deps } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: {
+          entries: [
+            { fieldPath: 'interface.endpointsMenu', value: false },
+            { fieldPath: 'interface.prompts', value: false },
+          ],
+        },
+      });
+      const res = mockRes();
+
+      await handlers.patchConfigField(req, res);
+
+      expect(res.statusCode).toBe(200);
+      const patchedFields = deps.patchConfigFields.mock.calls[0][3];
+      expect(patchedFields['interface.endpointsMenu']).toBe(false);
+      expect(patchedFields['interface.prompts']).toBeUndefined();
+    });
+
+    it('blocks peoplePicker permission sub-key paths', async () => {
+      const { handlers, deps } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: {
+          entries: [{ fieldPath: 'interface.peoplePicker.users', value: false }],
+        },
+      });
+      const res = mockRes();
+
+      await handlers.patchConfigField(req, res);
+
+      expect(res.statusCode).toBe(200);
+      expect(res.body!.message).toBeDefined();
+      expect(deps.patchConfigFields).not.toHaveBeenCalled();
+    });
+
+    it('allows mcpServers UI sub-key paths but blocks permission sub-key paths', async () => {
+      const { handlers, deps } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: {
+          entries: [
+            { fieldPath: 'interface.mcpServers.placeholder', value: 'Search...' },
+            { fieldPath: 'interface.mcpServers.use', value: true },
+          ],
+        },
+      });
+      const res = mockRes();
+
+      await handlers.patchConfigField(req, res);
+
+      expect(res.statusCode).toBe(200);
+      const patchedFields = deps.patchConfigFields.mock.calls[0][3];
+      expect(patchedFields['interface.mcpServers.placeholder']).toBe('Search...');
+      expect(patchedFields['interface.mcpServers.use']).toBeUndefined();
+    });
+
+    it('returns 200 with message when all entries are permission fields', async () => {
+      const { handlers, deps } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { entries: [{ fieldPath: 'interface.prompts', value: false }] },
+      });
+      const res = mockRes();
+
+      await handlers.patchConfigField(req, res);
+
+      expect(res.statusCode).toBe(200);
+      expect(res.body!.message).toBeDefined();
+      expect(deps.patchConfigFields).not.toHaveBeenCalled();
+    });
+
+    it('returns 401 when unauthenticated even if all entries are permission fields', async () => {
+      const { handlers } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { entries: [{ fieldPath: 'interface.prompts', value: false }] },
+        user: undefined,
+      });
+      const res = mockRes();
+
+      await handlers.patchConfigField(req, res);
+
+      expect(res.statusCode).toBe(401);
+    });
+
+    it('returns 403 when unauthorized even if all entries are permission fields', async () => {
+      const { handlers } = createHandlers({
+        hasConfigCapability: jest.fn().mockResolvedValue(false),
+      });
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { entries: [{ fieldPath: 'interface.prompts', value: false }] },
+      });
+      const res = mockRes();
+
+      await handlers.patchConfigField(req, res);
+
+      expect(res.statusCode).toBe(403);
+    });
+
+    it('rejects entries with unsafe field paths (prototype pollution)', async () => {
+      const { handlers } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { entries: [{ fieldPath: '__proto__.polluted', value: true }] },
+      });
+      const res = mockRes();
+
+      await handlers.patchConfigField(req, res);
+
+      expect(res.statusCode).toBe(400);
+    });
+  });
+
+  describe('upsertConfigOverrides — Bug 2 regression', () => {
+    it('returns 403 for empty overrides when user lacks MANAGE_CONFIGS', async () => {
+      const { handlers } = createHandlers({
+        hasConfigCapability: jest.fn().mockResolvedValue(false),
+      });
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { overrides: {} },
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(res.statusCode).toBe(403);
+    });
+  });
+
+  describe('upsertConfigOverrides — empty-overrides scope creation', () => {
+    it('creates config document when overrides is empty but priority is provided', async () => {
+      const upsertConfig = jest.fn().mockResolvedValue({
+        _id: 'c1',
+        principalType: 'role',
+        principalId: 'admin',
+        overrides: {},
+        configVersion: 1,
+      });
+      const { handlers } = createHandlers({ upsertConfig });
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { overrides: {}, priority: 5 },
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(res.statusCode).toBe(201);
+      expect(res.body).toHaveProperty('config');
+      expect(res.body?.config).toHaveProperty('_id', 'c1');
+      expect(upsertConfig).toHaveBeenCalledWith('role', 'admin', expect.anything(), {}, 5);
+    });
+
+    it('returns no-op message when overrides is empty and no priority is provided', async () => {
+      const upsertConfig = jest.fn().mockResolvedValue(null);
+      const { handlers } = createHandlers({ upsertConfig });
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { overrides: {} },
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(res.statusCode).toBe(200);
+      expect(res.body).toHaveProperty('message', 'No actionable override sections provided');
+      expect(upsertConfig).not.toHaveBeenCalled();
+    });
+
+    it('calls general manage check exactly once when overrides is empty with priority', async () => {
+      const hasConfigCapability = jest.fn().mockResolvedValue(true);
+      const { handlers } = createHandlers({ hasConfigCapability });
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { overrides: {}, priority: 3 },
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(hasConfigCapability).toHaveBeenCalledTimes(1);
+      expect(hasConfigCapability).toHaveBeenCalledWith(expect.anything(), null, 'manage');
+      expect(res.statusCode).toBe(201);
+      expect(res.body).toHaveProperty('config');
+    });
+
+    it('returns 403 for empty overrides with priority when user lacks MANAGE_CONFIGS', async () => {
+      const { handlers } = createHandlers({
+        hasConfigCapability: jest.fn().mockResolvedValue(false),
+      });
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { overrides: {}, priority: 5 },
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(res.statusCode).toBe(403);
+    });
+
+    it('returns 401 for empty overrides with priority when unauthenticated', async () => {
+      const { handlers } = createHandlers();
+      const req = mockReq({
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { overrides: {}, priority: 5 },
+        user: undefined,
+      });
+      const res = mockRes();
+
+      await handlers.upsertConfigOverrides(req, res);
+
+      expect(res.statusCode).toBe(401);
+    });
+  });
+
+  // ── Invariant tests: rules that must hold across ALL handlers ──────
+
+  const MUTATION_HANDLERS: Array<{
+    name: string;
+    reqOverrides: Record<string, unknown>;
+  }> = [
+    {
+      name: 'upsertConfigOverrides',
+      reqOverrides: {
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { overrides: { interface: { endpointsMenu: false } } },
+      },
+    },
+    {
+      name: 'patchConfigField',
+      reqOverrides: {
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { entries: [{ fieldPath: 'interface.endpointsMenu', value: false }] },
+      },
+    },
+    {
+      name: 'deleteConfigField',
+      reqOverrides: {
+        params: { principalType: 'role', principalId: 'admin' },
+        query: { fieldPath: 'interface.endpointsMenu' },
+      },
+    },
+    {
+      name: 'deleteConfigOverrides',
+      reqOverrides: {
+        params: { principalType: 'role', principalId: 'admin' },
+      },
+    },
+    {
+      name: 'toggleConfig',
+      reqOverrides: {
+        params: { principalType: 'role', principalId: 'admin' },
+        body: { isActive: false },
+      },
+    },
+  ];
+
+  describe('invariant: all mutation handlers return 401 without auth', () => {
+    for (const { name, reqOverrides } of MUTATION_HANDLERS) {
+      it(`${name} returns 401 when user is missing`, async () => {
+        const { handlers } = createHandlers();
+        const req = mockReq({ ...reqOverrides, user: undefined });
+        const res = mockRes();
+
+        await (handlers as Record<string, (...args: unknown[]) => Promise<unknown>>)[name](
+          req,
+          res,
+        );
+
+        expect(res.statusCode).toBe(401);
+      });
+    }
+  });
+
+  describe('invariant: all mutation handlers return 403 without capability', () => {
+    for (const { name, reqOverrides } of MUTATION_HANDLERS) {
+      it(`${name} returns 403 when user lacks capability`, async () => {
+        const { handlers } = createHandlers({
+          hasConfigCapability: jest.fn().mockResolvedValue(false),
+        });
+        const req = mockReq(reqOverrides);
+        const res = mockRes();
+
+        await (handlers as Record<string, (...args: unknown[]) => Promise<unknown>>)[name](
+          req,
+          res,
+        );
+
+        expect(res.statusCode).toBe(403);
+      });
+    }
+  });
+
+  describe('invariant: all read handlers return 403 without capability', () => {
+    const READ_HANDLERS: Array<{ name: string; reqOverrides: Record<string, unknown> }> = [
+      { name: 'listConfigs', reqOverrides: {} },
+      { name: 'getBaseConfig', reqOverrides: {} },
+      {
+        name: 'getConfig',
+        reqOverrides: { params: { principalType: 'role', principalId: 'admin' } },
+      },
+    ];
+
+    for (const { name, reqOverrides } of READ_HANDLERS) {
+      it(`${name} returns 403 when user lacks capability`, async () => {
+        const { handlers } = createHandlers({
+          hasConfigCapability: jest.fn().mockResolvedValue(false),
+        });
+        const req = mockReq(reqOverrides);
+        const res = mockRes();
+
+        await (handlers as Record<string, (...args: unknown[]) => Promise<unknown>>)[name](
+          req,
+          res,
+        );
+
+        expect(res.statusCode).toBe(403);
+      });
+    }
+  });
+
+  describe('invariant: all read handlers return 401 without auth', () => {
+    const READ_HANDLERS: Array<{ name: string; reqOverrides: Record<string, unknown> }> = [
+      { name: 'listConfigs', reqOverrides: {} },
+      { name: 'getBaseConfig', reqOverrides: {} },
+      {
+        name: 'getConfig',
+        reqOverrides: { params: { principalType: 'role', principalId: 'admin' } },
+      },
+    ];
+
+    for (const { name, reqOverrides } of READ_HANDLERS) {
+      it(`${name} returns 401 when user is missing`, async () => {
+        const { handlers } = createHandlers();
+        const req = mockReq({ ...reqOverrides, user: undefined });
+        const res = mockRes();
+
+        await (handlers as Record<string, (...args: unknown[]) => Promise<unknown>>)[name](
+          req,
+          res,
+        );
+
+        expect(res.statusCode).toBe(401);
+      });
+    }
+  });
+
+  describe('getBaseConfig', () => {
+    it('returns 403 when user lacks READ_CONFIGS', async () => {
+      const { handlers } = createHandlers({
+        hasConfigCapability: jest.fn().mockResolvedValue(false),
+      });
+      const req = mockReq();
+      const res = mockRes();
+
+      await handlers.getBaseConfig(req, res);
+
+      expect(res.statusCode).toBe(403);
+    });
+
+    it('returns the full AppConfig', async () => {
+      const { handlers } = createHandlers();
+      const req = mockReq();
+      const res = mockRes();
+
+      await handlers.getBaseConfig(req, res);
+
+      expect(res.statusCode).toBe(200);
+      expect(res.body!.config).toEqual({ interface: { endpointsMenu: true } });
+    });
+  });
+});
diff --git a/packages/api/src/admin/config.spec.ts b/packages/api/src/admin/config.spec.ts
new file mode 100644
index 0000000000..499cfaa35b
--- /dev/null
+++ b/packages/api/src/admin/config.spec.ts
@@ -0,0 +1,57 @@
+import { isValidFieldPath, getTopLevelSection } from './config';
+
+describe('isValidFieldPath', () => {
+  it('accepts simple dot paths', () => {
+    expect(isValidFieldPath('interface.endpointsMenu')).toBe(true);
+    expect(isValidFieldPath('registration.socialLogins')).toBe(true);
+    expect(isValidFieldPath('a')).toBe(true);
+    expect(isValidFieldPath('a.b.c.d')).toBe(true);
+  });
+
+  it('rejects empty and non-string', () => {
+    expect(isValidFieldPath('')).toBe(false);
+    // @ts-expect-error testing invalid input
+    expect(isValidFieldPath(undefined)).toBe(false);
+    // @ts-expect-error testing invalid input
+    expect(isValidFieldPath(null)).toBe(false);
+    // @ts-expect-error testing invalid input
+    expect(isValidFieldPath(42)).toBe(false);
+  });
+
+  it('rejects __proto__ and dunder-prefixed segments', () => {
+    expect(isValidFieldPath('__proto__')).toBe(false);
+    expect(isValidFieldPath('a.__proto__')).toBe(false);
+    expect(isValidFieldPath('__proto__.polluted')).toBe(false);
+    expect(isValidFieldPath('a.__proto__.b')).toBe(false);
+    expect(isValidFieldPath('__defineGetter__')).toBe(false);
+    expect(isValidFieldPath('a.__lookupSetter__')).toBe(false);
+    expect(isValidFieldPath('__')).toBe(false);
+    expect(isValidFieldPath('a.__.b')).toBe(false);
+  });
+
+  it('rejects constructor and prototype segments', () => {
+    expect(isValidFieldPath('constructor')).toBe(false);
+    expect(isValidFieldPath('a.constructor')).toBe(false);
+    expect(isValidFieldPath('constructor.a')).toBe(false);
+    expect(isValidFieldPath('prototype')).toBe(false);
+    expect(isValidFieldPath('a.prototype')).toBe(false);
+    expect(isValidFieldPath('prototype.a')).toBe(false);
+  });
+
+  it('allows segments containing but not matching reserved words', () => {
+    expect(isValidFieldPath('constructorName')).toBe(true);
+    expect(isValidFieldPath('prototypeChain')).toBe(true);
+    expect(isValidFieldPath('a.myConstructor')).toBe(true);
+  });
+});
+
+describe('getTopLevelSection', () => {
+  it('returns first segment of a dot path', () => {
+    expect(getTopLevelSection('interface.endpointsMenu')).toBe('interface');
+    expect(getTopLevelSection('registration.socialLogins.github')).toBe('registration');
+  });
+
+  it('returns the whole string when no dots', () => {
+    expect(getTopLevelSection('interface')).toBe('interface');
+  });
+});
diff --git a/packages/api/src/admin/config.ts b/packages/api/src/admin/config.ts
new file mode 100644
index 0000000000..357096da9b
--- /dev/null
+++ b/packages/api/src/admin/config.ts
@@ -0,0 +1,628 @@
+import { logger } from '@librechat/data-schemas';
+import {
+  PrincipalType,
+  PrincipalModel,
+  INTERFACE_PERMISSION_FIELDS,
+  PERMISSION_SUB_KEYS,
+} from 'librechat-data-provider';
+import type { TCustomConfig } from 'librechat-data-provider';
+import type { AppConfig, ConfigSection, IConfig } from '@librechat/data-schemas';
+import type { Types, ClientSession } from 'mongoose';
+import type { Response } from 'express';
+import type { CapabilityUser } from '~/middleware/capabilities';
+import type { ServerRequest } from '~/types/http';
+
+const UNSAFE_SEGMENTS = /(?:^|\.)(__[\w]*|constructor|prototype)(?:\.|$)/;
+const MAX_PATCH_ENTRIES = 100;
+const DEFAULT_PRIORITY = 10;
+
+export function isValidFieldPath(path: string): boolean {
+  return (
+    typeof path === 'string' &&
+    path.length > 0 &&
+    !path.startsWith('.') &&
+    !path.endsWith('.') &&
+    !path.includes('..') &&
+    !UNSAFE_SEGMENTS.test(path)
+  );
+}
+
+export function getTopLevelSection(fieldPath: string): string {
+  return fieldPath.split('.')[0];
+}
+
+/**
+ * Returns true if `fieldPath` targets an interface permission field or permission sub-key.
+ *
+ * - `"interface.prompts"` → true (boolean permission field)
+ * - `"interface.agents.use"` → true (permission sub-key)
+ * - `"interface.mcpServers"` → true (entire composite field)
+ * - `"interface.mcpServers.use"` → true (permission sub-key)
+ * - `"interface.mcpServers.placeholder"` → false (UI-only sub-key)
+ * - `"interface.peoplePicker.users"` → true (all peoplePicker sub-keys are permissions)
+ * - `"interface.endpointsMenu"` → false (UI-only field)
+ */
+function isInterfacePermissionPath(fieldPath: string): boolean {
+  const parts = fieldPath.split('.');
+  if (parts[0] !== 'interface' || parts.length < 2) {
+    return false;
+  }
+  if (!INTERFACE_PERMISSION_FIELDS.has(parts[1])) {
+    return false;
+  }
+  // "interface.<permField>" with no sub-key → permission (blocks the whole field)
+  if (parts.length === 2) {
+    return true;
+  }
+  // "interface.<permField>.<subKey>" → only block if sub-key is a permission bit
+  return PERMISSION_SUB_KEYS.has(parts[2]);
+}
+
+export interface AdminConfigDeps {
+  listAllConfigs: (filter?: { isActive?: boolean }, session?: ClientSession) => Promise<IConfig[]>;
+  findConfigByPrincipal: (
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    options?: { includeInactive?: boolean },
+    session?: ClientSession,
+  ) => Promise<IConfig | null>;
+  upsertConfig: (
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    principalModel: PrincipalModel,
+    overrides: Partial<TCustomConfig>,
+    priority: number,
+    session?: ClientSession,
+  ) => Promise<IConfig | null>;
+  patchConfigFields: (
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    principalModel: PrincipalModel,
+    fields: Record<string, unknown>,
+    priority: number,
+    session?: ClientSession,
+  ) => Promise<IConfig | null>;
+  unsetConfigField: (
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    fieldPath: string,
+    session?: ClientSession,
+  ) => Promise<IConfig | null>;
+  deleteConfig: (
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    session?: ClientSession,
+  ) => Promise<IConfig | null>;
+  toggleConfigActive: (
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    isActive: boolean,
+    session?: ClientSession,
+  ) => Promise<IConfig | null>;
+  hasConfigCapability: (
+    user: CapabilityUser,
+    section: ConfigSection | null,
+    verb?: 'manage' | 'read',
+  ) => Promise<boolean>;
+  getAppConfig?: (options?: {
+    role?: string;
+    userId?: string;
+    tenantId?: string;
+  }) => Promise<AppConfig>;
+  /** Invalidate all config-related caches after a mutation. */
+  invalidateConfigCaches?: (tenantId?: string) => Promise<void>;
+}
+
+// ── Validation helpers ───────────────────────────────────────────────
+
+const CONFIG_PRINCIPAL_TYPES = new Set([
+  PrincipalType.USER,
+  PrincipalType.GROUP,
+  PrincipalType.ROLE,
+]);
+
+function validatePrincipalType(value: string): value is PrincipalType {
+  return CONFIG_PRINCIPAL_TYPES.has(value as PrincipalType);
+}
+
+function principalModel(type: PrincipalType): PrincipalModel {
+  switch (type) {
+    case PrincipalType.USER:
+      return PrincipalModel.USER;
+    case PrincipalType.GROUP:
+      return PrincipalModel.GROUP;
+    case PrincipalType.ROLE:
+      return PrincipalModel.ROLE;
+    case PrincipalType.PUBLIC:
+      return PrincipalModel.ROLE;
+    default: {
+      const _exhaustive: never = type;
+      logger.warn(`[adminConfig] Unmapped PrincipalType: ${String(_exhaustive)}`);
+      return PrincipalModel.ROLE;
+    }
+  }
+}
+
+function getCapabilityUser(req: ServerRequest): CapabilityUser | null {
+  if (!req.user) {
+    return null;
+  }
+  return {
+    id: req.user.id ?? req.user._id?.toString() ?? '',
+    role: req.user.role ?? '',
+    tenantId: (req.user as { tenantId?: string }).tenantId,
+  };
+}
+
+// ── Handler factory ──────────────────────────────────────────────────
+
+export function createAdminConfigHandlers(deps: AdminConfigDeps) {
+  const {
+    listAllConfigs,
+    findConfigByPrincipal,
+    upsertConfig,
+    patchConfigFields,
+    unsetConfigField,
+    deleteConfig,
+    toggleConfigActive,
+    hasConfigCapability,
+    getAppConfig,
+    invalidateConfigCaches,
+  } = deps;
+
+  /**
+   * GET / — List all active config overrides.
+   */
+  async function listConfigs(req: ServerRequest, res: Response) {
+    try {
+      const user = getCapabilityUser(req);
+      if (!user) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      if (!(await hasConfigCapability(user, null, 'read'))) {
+        return res.status(403).json({ error: 'Insufficient permissions' });
+      }
+
+      const configs = await listAllConfigs();
+      return res.status(200).json({ configs });
+    } catch (error) {
+      logger.error('[adminConfig] listConfigs error:', error);
+      return res.status(500).json({ error: 'Failed to list configs' });
+    }
+  }
+
+  /**
+   * GET /base — Return the raw AppConfig (YAML + DB base merged).
+   * This is the full config structure admins can edit, NOT the startup payload.
+   */
+  async function getBaseConfig(req: ServerRequest, res: Response) {
+    try {
+      const user = getCapabilityUser(req);
+      if (!user) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      if (!(await hasConfigCapability(user, null, 'read'))) {
+        return res.status(403).json({ error: 'Insufficient permissions' });
+      }
+
+      if (!getAppConfig) {
+        return res.status(501).json({ error: 'Base config endpoint not configured' });
+      }
+
+      const appConfig = await getAppConfig({
+        tenantId: user.tenantId,
+      });
+      return res.status(200).json({ config: appConfig });
+    } catch (error) {
+      logger.error('[adminConfig] getBaseConfig error:', error);
+      return res.status(500).json({ error: 'Failed to get base config' });
+    }
+  }
+
+  /**
+   * GET /:principalType/:principalId — Get config for a specific principal.
+   */
+  async function getConfig(req: ServerRequest, res: Response) {
+    try {
+      const { principalType, principalId } = req.params as {
+        principalType: string;
+        principalId: string;
+      };
+
+      if (!validatePrincipalType(principalType)) {
+        return res.status(400).json({ error: `Invalid principalType: ${principalType}` });
+      }
+
+      const user = getCapabilityUser(req);
+      if (!user) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      if (!(await hasConfigCapability(user, null, 'read'))) {
+        return res.status(403).json({ error: 'Insufficient permissions' });
+      }
+
+      const config = await findConfigByPrincipal(principalType, principalId, {
+        includeInactive: true,
+      });
+      if (!config) {
+        return res.status(404).json({ error: 'Config not found' });
+      }
+
+      return res.status(200).json({ config });
+    } catch (error) {
+      logger.error('[adminConfig] getConfig error:', error);
+      return res.status(500).json({ error: 'Failed to get config' });
+    }
+  }
+
+  /**
+   * PUT /:principalType/:principalId — Replace entire overrides for a principal.
+   */
+  async function upsertConfigOverrides(req: ServerRequest, res: Response) {
+    try {
+      const { principalType, principalId } = req.params as {
+        principalType: string;
+        principalId: string;
+      };
+
+      if (!validatePrincipalType(principalType)) {
+        return res.status(400).json({ error: `Invalid principalType: ${principalType}` });
+      }
+
+      const { overrides, priority } = req.body as {
+        overrides?: Partial<TCustomConfig>;
+        priority?: number;
+      };
+
+      if (!overrides || typeof overrides !== 'object' || Array.isArray(overrides)) {
+        return res.status(400).json({ error: 'overrides must be a plain object' });
+      }
+
+      if (priority != null && (typeof priority !== 'number' || priority < 0)) {
+        return res.status(400).json({ error: 'priority must be a non-negative number' });
+      }
+
+      const user = getCapabilityUser(req);
+      if (!user) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      if (!(await hasConfigCapability(user, null, 'manage'))) {
+        return res.status(403).json({ error: 'Insufficient permissions' });
+      }
+
+      let filteredOverrides = overrides;
+      const iface = (overrides as Record<string, unknown>).interface;
+      if (iface != null && typeof iface === 'object' && !Array.isArray(iface)) {
+        const filteredIface: Record<string, unknown> = {};
+        for (const [field, val] of Object.entries(iface as Record<string, unknown>)) {
+          if (!INTERFACE_PERMISSION_FIELDS.has(field)) {
+            filteredIface[field] = val;
+          } else if (val != null && typeof val === 'object' && !Array.isArray(val)) {
+            // Composite permission field (e.g. mcpServers): strip permission
+            // sub-keys but preserve UI-only sub-keys like placeholder/trustCheckbox.
+            const uiOnly: Record<string, unknown> = {};
+            for (const [sub, subVal] of Object.entries(val as Record<string, unknown>)) {
+              if (!PERMISSION_SUB_KEYS.has(sub)) {
+                uiOnly[sub] = subVal;
+              } else {
+                logger.warn(
+                  `[adminConfig] Stripping interface permission sub-field "${field}.${sub}" — use role permissions instead`,
+                );
+              }
+            }
+            if (Object.keys(uiOnly).length > 0) {
+              filteredIface[field] = uiOnly;
+            }
+          } else {
+            logger.warn(
+              `[adminConfig] Stripping interface permission field "${field}" — use role permissions instead`,
+            );
+          }
+        }
+        filteredOverrides = { ...(overrides as Record<string, unknown>) } as Partial<TCustomConfig>;
+        if (Object.keys(filteredIface).length > 0) {
+          (filteredOverrides as Record<string, unknown>).interface = filteredIface;
+        } else {
+          delete (filteredOverrides as Record<string, unknown>).interface;
+        }
+      }
+
+      const overrideSections = Object.keys(filteredOverrides);
+
+      if (overrideSections.length === 0 && priority == null) {
+        return res.status(200).json({ message: 'No actionable override sections provided' });
+      }
+
+      if (overrideSections.length > 0) {
+        const allowed = await Promise.all(
+          overrideSections.map((s) => hasConfigCapability(user, s as ConfigSection, 'manage')),
+        );
+        const denied = overrideSections.find((_, i) => !allowed[i]);
+        if (denied) {
+          return res.status(403).json({
+            error: `Insufficient permissions for config section: ${denied}`,
+          });
+        }
+      }
+
+      const config = await upsertConfig(
+        principalType,
+        principalId,
+        principalModel(principalType),
+        filteredOverrides,
+        priority ?? DEFAULT_PRIORITY,
+      );
+
+      invalidateConfigCaches?.(user.tenantId)?.catch((err) =>
+        logger.error('[adminConfig] Cache invalidation failed after upsert:', err),
+      );
+      return res.status(config?.configVersion === 1 ? 201 : 200).json({ config });
+    } catch (error) {
+      logger.error('[adminConfig] upsertConfigOverrides error:', error);
+      return res.status(500).json({ error: 'Failed to upsert config' });
+    }
+  }
+
+  /**
+   * PATCH /:principalType/:principalId/fields — Set individual fields via dot-paths.
+   */
+  async function patchConfigField(req: ServerRequest, res: Response) {
+    try {
+      const { principalType, principalId } = req.params as {
+        principalType: string;
+        principalId: string;
+      };
+
+      if (!validatePrincipalType(principalType)) {
+        return res.status(400).json({ error: `Invalid principalType: ${principalType}` });
+      }
+
+      const { entries, priority } = req.body as {
+        entries?: Array<{ fieldPath: string; value: unknown }>;
+        priority?: number;
+      };
+
+      if (priority != null && (typeof priority !== 'number' || priority < 0)) {
+        return res.status(400).json({ error: 'priority must be a non-negative number' });
+      }
+
+      if (!Array.isArray(entries) || entries.length === 0) {
+        return res.status(400).json({ error: 'entries array is required and must not be empty' });
+      }
+
+      if (entries.length > MAX_PATCH_ENTRIES) {
+        return res
+          .status(400)
+          .json({ error: `entries array exceeds maximum of ${MAX_PATCH_ENTRIES}` });
+      }
+
+      for (const entry of entries) {
+        if (!isValidFieldPath(entry.fieldPath)) {
+          return res
+            .status(400)
+            .json({ error: `Invalid or unsafe field path: ${entry.fieldPath}` });
+        }
+      }
+
+      const user = getCapabilityUser(req);
+      if (!user) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      const validEntries = entries.filter((entry) => {
+        if (isInterfacePermissionPath(entry.fieldPath)) {
+          logger.warn(
+            `[adminConfig] Stripping interface permission field "${entry.fieldPath}" — use role permissions instead`,
+          );
+          return false;
+        }
+        return true;
+      });
+
+      if (validEntries.length === 0) {
+        if (!(await hasConfigCapability(user, null, 'manage'))) {
+          return res.status(403).json({ error: 'Insufficient permissions' });
+        }
+        return res.status(200).json({ message: 'No actionable field entries provided' });
+      }
+
+      if (!(await hasConfigCapability(user, null, 'manage'))) {
+        const sections = [...new Set(validEntries.map((e) => getTopLevelSection(e.fieldPath)))];
+        const allowed = await Promise.all(
+          sections.map((s) => hasConfigCapability(user, s as ConfigSection, 'manage')),
+        );
+        const denied = sections.find((_, i) => !allowed[i]);
+        if (denied) {
+          return res.status(403).json({
+            error: `Insufficient permissions for config section: ${denied}`,
+          });
+        }
+      }
+
+      const seen = new Set<string>();
+      const fields: Record<string, unknown> = {};
+      for (const entry of validEntries) {
+        if (seen.has(entry.fieldPath)) {
+          return res.status(400).json({ error: `Duplicate fieldPath: ${entry.fieldPath}` });
+        }
+        seen.add(entry.fieldPath);
+        fields[entry.fieldPath] = entry.value;
+      }
+
+      const existing =
+        priority == null
+          ? await findConfigByPrincipal(principalType, principalId, { includeInactive: true })
+          : null;
+
+      const config = await patchConfigFields(
+        principalType,
+        principalId,
+        principalModel(principalType),
+        fields,
+        priority ?? existing?.priority ?? DEFAULT_PRIORITY,
+      );
+
+      invalidateConfigCaches?.(user.tenantId)?.catch((err) =>
+        logger.error('[adminConfig] Cache invalidation failed after patch:', err),
+      );
+      return res.status(200).json({ config });
+    } catch (error) {
+      logger.error('[adminConfig] patchConfigField error:', error);
+      return res.status(500).json({ error: 'Failed to patch config fields' });
+    }
+  }
+
+  /**
+   * DELETE /:principalType/:principalId/fields?fieldPath=dotted.path
+   */
+  async function deleteConfigField(req: ServerRequest, res: Response) {
+    try {
+      const { principalType, principalId } = req.params as {
+        principalType: string;
+        principalId: string;
+      };
+      if (!validatePrincipalType(principalType)) {
+        return res.status(400).json({ error: `Invalid principalType: ${principalType}` });
+      }
+
+      const fieldPath = req.query.fieldPath as string | undefined;
+
+      if (!fieldPath || typeof fieldPath !== 'string') {
+        return res.status(400).json({ error: 'fieldPath query parameter is required' });
+      }
+
+      if (!isValidFieldPath(fieldPath)) {
+        return res.status(400).json({ error: `Invalid or unsafe field path: ${fieldPath}` });
+      }
+
+      const user = getCapabilityUser(req);
+      if (!user) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      const section = getTopLevelSection(fieldPath);
+
+      if (!(await hasConfigCapability(user, section as ConfigSection, 'manage'))) {
+        return res.status(403).json({
+          error: `Insufficient permissions for config section: ${section}`,
+        });
+      }
+
+      if (isInterfacePermissionPath(fieldPath)) {
+        logger.warn(
+          `[adminConfig] Ignoring delete for interface permission field "${fieldPath}" — use role permissions instead`,
+        );
+        return res.status(200).json({ message: 'No actionable field path provided' });
+      }
+
+      const config = await unsetConfigField(principalType, principalId, fieldPath);
+      if (!config) {
+        return res.status(404).json({ error: 'Config not found' });
+      }
+
+      invalidateConfigCaches?.(user.tenantId)?.catch((err) =>
+        logger.error('[adminConfig] Cache invalidation failed after field delete:', err),
+      );
+      return res.status(200).json({ config });
+    } catch (error) {
+      logger.error('[adminConfig] deleteConfigField error:', error);
+      return res.status(500).json({ error: 'Failed to delete config field' });
+    }
+  }
+
+  /**
+   * DELETE /:principalType/:principalId — Delete an entire config override.
+   */
+  async function deleteConfigOverrides(req: ServerRequest, res: Response) {
+    try {
+      const { principalType, principalId } = req.params as {
+        principalType: string;
+        principalId: string;
+      };
+
+      if (!validatePrincipalType(principalType)) {
+        return res.status(400).json({ error: `Invalid principalType: ${principalType}` });
+      }
+
+      const user = getCapabilityUser(req);
+      if (!user) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      if (!(await hasConfigCapability(user, null, 'manage'))) {
+        return res.status(403).json({ error: 'Insufficient permissions' });
+      }
+
+      const config = await deleteConfig(principalType, principalId);
+      if (!config) {
+        return res.status(404).json({ error: 'Config not found' });
+      }
+
+      invalidateConfigCaches?.(user.tenantId)?.catch((err) =>
+        logger.error('[adminConfig] Cache invalidation failed after config delete:', err),
+      );
+      return res.status(200).json({ success: true });
+    } catch (error) {
+      logger.error('[adminConfig] deleteConfigOverrides error:', error);
+      return res.status(500).json({ error: 'Failed to delete config' });
+    }
+  }
+
+  /**
+   * PATCH /:principalType/:principalId/active — Toggle isActive.
+   */
+  async function toggleConfig(req: ServerRequest, res: Response) {
+    try {
+      const { principalType, principalId } = req.params as {
+        principalType: string;
+        principalId: string;
+      };
+
+      if (!validatePrincipalType(principalType)) {
+        return res.status(400).json({ error: `Invalid principalType: ${principalType}` });
+      }
+
+      const { isActive } = req.body as { isActive?: boolean };
+      if (typeof isActive !== 'boolean') {
+        return res.status(400).json({ error: 'isActive boolean is required' });
+      }
+
+      const user = getCapabilityUser(req);
+      if (!user) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      if (!(await hasConfigCapability(user, null, 'manage'))) {
+        return res.status(403).json({ error: 'Insufficient permissions' });
+      }
+
+      const config = await toggleConfigActive(principalType, principalId, isActive);
+      if (!config) {
+        return res.status(404).json({ error: 'Config not found' });
+      }
+
+      invalidateConfigCaches?.(user.tenantId)?.catch((err) =>
+        logger.error('[adminConfig] Cache invalidation failed after toggle:', err),
+      );
+      return res.status(200).json({ config });
+    } catch (error) {
+      logger.error('[adminConfig] toggleConfig error:', error);
+      return res.status(500).json({ error: 'Failed to toggle config' });
+    }
+  }
+
+  return {
+    listConfigs,
+    getBaseConfig,
+    getConfig,
+    upsertConfigOverrides,
+    patchConfigField,
+    deleteConfigField,
+    deleteConfigOverrides,
+    toggleConfig,
+  };
+}
diff --git a/packages/api/src/admin/grants.spec.ts b/packages/api/src/admin/grants.spec.ts
new file mode 100644
index 0000000000..cd6d1e8d38
--- /dev/null
+++ b/packages/api/src/admin/grants.spec.ts
@@ -0,0 +1,1168 @@
+import { Types } from 'mongoose';
+import { PrincipalType } from 'librechat-data-provider';
+import { SystemCapabilities, expandImplications } from '@librechat/data-schemas';
+import type { ISystemGrant } from '@librechat/data-schemas';
+import type { Response } from 'express';
+import type { ServerRequest } from '~/types/http';
+import type { AdminGrantsDeps } from './grants';
+import { createAdminGrantsHandlers } from './grants';
+
+jest.mock('@librechat/data-schemas', () => ({
+  ...jest.requireActual('@librechat/data-schemas'),
+  logger: { error: jest.fn(), warn: jest.fn(), info: jest.fn(), debug: jest.fn() },
+}));
+
+const validObjectId = new Types.ObjectId().toString();
+
+function mockGrant(overrides: Partial<ISystemGrant> = {}): ISystemGrant {
+  return {
+    _id: new Types.ObjectId(),
+    principalType: PrincipalType.ROLE,
+    principalId: 'editor',
+    capability: SystemCapabilities.READ_USERS,
+    grantedAt: new Date(),
+    ...overrides,
+  } as ISystemGrant;
+}
+
+function createReqRes(
+  overrides: {
+    params?: Record<string, string>;
+    query?: Record<string, string>;
+    body?: Record<string, unknown>;
+    user?: { _id: Types.ObjectId; role: string; tenantId?: string };
+  } = {},
+) {
+  const req = {
+    params: overrides.params ?? {},
+    query: overrides.query ?? {},
+    body: overrides.body ?? {},
+    user: overrides.user ?? { _id: new Types.ObjectId(), role: 'admin' },
+  } as unknown as ServerRequest;
+
+  const json = jest.fn();
+  const status = jest.fn().mockReturnValue({ json });
+  const res = { status, json } as unknown as Response;
+
+  return { req, res, status, json };
+}
+
+function createDeps(overrides: Partial<AdminGrantsDeps> = {}): AdminGrantsDeps {
+  return {
+    listGrants: jest.fn().mockResolvedValue([]),
+    countGrants: jest.fn().mockResolvedValue(0),
+    getCapabilitiesForPrincipal: jest.fn().mockResolvedValue([]),
+    getCapabilitiesForPrincipals: jest.fn().mockResolvedValue([]),
+    grantCapability: jest.fn().mockResolvedValue(mockGrant()),
+    revokeCapability: jest.fn().mockResolvedValue(undefined),
+    getUserPrincipals: jest.fn().mockResolvedValue([
+      { principalType: PrincipalType.USER, principalId: new Types.ObjectId() },
+      { principalType: PrincipalType.ROLE, principalId: 'admin' },
+    ]),
+    hasCapabilityForPrincipals: jest.fn().mockResolvedValue(true),
+    getHeldCapabilities: jest
+      .fn()
+      .mockResolvedValue(
+        new Set([
+          SystemCapabilities.READ_ROLES,
+          SystemCapabilities.READ_GROUPS,
+          SystemCapabilities.READ_USERS,
+          SystemCapabilities.MANAGE_ROLES,
+          SystemCapabilities.MANAGE_GROUPS,
+          SystemCapabilities.MANAGE_USERS,
+        ]),
+      ),
+    getCachedPrincipals: jest.fn().mockReturnValue(undefined),
+    ...overrides,
+  };
+}
+
+describe('createAdminGrantsHandlers', () => {
+  describe('listGrants', () => {
+    it('returns grants with pagination metadata', async () => {
+      const grants = [mockGrant(), mockGrant({ capability: SystemCapabilities.MANAGE_ROLES })];
+      const deps = createDeps({
+        listGrants: jest.fn().mockResolvedValue(grants),
+        countGrants: jest.fn().mockResolvedValue(2),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      const response = json.mock.calls[0][0];
+      expect(response.grants).toEqual(grants);
+      expect(response).toHaveProperty('total', 2);
+      expect(response).toHaveProperty('limit');
+      expect(response).toHaveProperty('offset');
+    });
+
+    it('returns empty array when no grants exist', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      const response = json.mock.calls[0][0];
+      expect(response.grants).toEqual([]);
+      expect(response.total).toBe(0);
+    });
+
+    it('passes principalTypes filter based on caller read permissions', async () => {
+      const deps = createDeps({
+        getHeldCapabilities: jest.fn().mockResolvedValue(new Set([SystemCapabilities.READ_ROLES])),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes();
+
+      await handlers.listGrants(req, res);
+
+      expect(deps.listGrants).toHaveBeenCalledWith(
+        expect.objectContaining({ principalTypes: [PrincipalType.ROLE] }),
+      );
+      expect(deps.countGrants).toHaveBeenCalledWith(
+        expect.objectContaining({ principalTypes: [PrincipalType.ROLE] }),
+      );
+    });
+
+    it('returns empty grants when caller has no read permissions', async () => {
+      const deps = createDeps({
+        getHeldCapabilities: jest.fn().mockResolvedValue(new Set()),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      const response = json.mock.calls[0][0];
+      expect(response.grants).toEqual([]);
+      expect(response.total).toBe(0);
+      expect(deps.listGrants).not.toHaveBeenCalled();
+      expect(deps.countGrants).not.toHaveBeenCalled();
+    });
+
+    it('passes limit and offset from query params', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes({ query: { limit: '10', offset: '20' } });
+
+      await handlers.listGrants(req, res);
+
+      expect(deps.listGrants).toHaveBeenCalledWith(
+        expect.objectContaining({ limit: 10, offset: 20 }),
+      );
+    });
+
+    it('passes tenantId to dep calls', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes({
+        user: { _id: new Types.ObjectId(), role: 'admin', tenantId: 'tenant-1' },
+      });
+
+      await handlers.listGrants(req, res);
+
+      expect(deps.getHeldCapabilities).toHaveBeenCalledWith(
+        expect.objectContaining({ tenantId: 'tenant-1' }),
+      );
+      expect(deps.listGrants).toHaveBeenCalledWith(
+        expect.objectContaining({ tenantId: 'tenant-1' }),
+      );
+    });
+
+    it('returns 401 when user is not authenticated', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+      (req as unknown as Record<string, unknown>).user = undefined;
+
+      await handlers.listGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(401);
+      expect(json).toHaveBeenCalledWith({ error: 'Authentication required' });
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({
+        listGrants: jest.fn().mockRejectedValue(new Error('db error')),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to list grants' });
+    });
+
+    it('returns 500 when getHeldCapabilities throws', async () => {
+      const deps = createDeps({
+        getHeldCapabilities: jest.fn().mockRejectedValue(new Error('db error')),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to list grants' });
+    });
+
+    it('uses cached principals when available', async () => {
+      const cachedPrincipals = [
+        { principalType: PrincipalType.USER, principalId: new Types.ObjectId() },
+        { principalType: PrincipalType.ROLE, principalId: 'admin' },
+      ];
+      const deps = createDeps({
+        getCachedPrincipals: jest.fn().mockReturnValue(cachedPrincipals),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes();
+
+      await handlers.listGrants(req, res);
+
+      expect(deps.getUserPrincipals).not.toHaveBeenCalled();
+      expect(deps.getHeldCapabilities).toHaveBeenCalledWith(
+        expect.objectContaining({ principals: cachedPrincipals }),
+      );
+    });
+  });
+
+  describe('getEffectiveCapabilities', () => {
+    it('uses cached principals when available', async () => {
+      const cachedPrincipals = [
+        { principalType: PrincipalType.USER, principalId: new Types.ObjectId() },
+        { principalType: PrincipalType.ROLE, principalId: 'admin' },
+      ];
+      const deps = createDeps({
+        getCachedPrincipals: jest.fn().mockReturnValue(cachedPrincipals),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes();
+
+      await handlers.getEffectiveCapabilities(req, res);
+
+      expect(deps.getUserPrincipals).not.toHaveBeenCalled();
+      expect(deps.getCapabilitiesForPrincipals).toHaveBeenCalledWith(
+        expect.objectContaining({ principals: cachedPrincipals }),
+      );
+    });
+
+    it('returns expanded capabilities for the user', async () => {
+      const manageRolesGrant = mockGrant({ capability: SystemCapabilities.MANAGE_ROLES });
+      const deps = createDeps({
+        getCapabilitiesForPrincipals: jest.fn().mockResolvedValue([manageRolesGrant]),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.getEffectiveCapabilities(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      const response = json.mock.calls[0][0];
+      const expected = expandImplications([SystemCapabilities.MANAGE_ROLES]);
+      expect(response.capabilities).toEqual(expect.arrayContaining(expected));
+      expect(response.capabilities).toContain(SystemCapabilities.READ_ROLES);
+    });
+
+    it('returns empty capabilities when user has no grants', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.getEffectiveCapabilities(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ capabilities: [] });
+    });
+
+    it('queries all principals in a single batch', async () => {
+      const userId = new Types.ObjectId();
+      const principals = [
+        { principalType: PrincipalType.USER, principalId: userId },
+        { principalType: PrincipalType.ROLE, principalId: 'editor' },
+      ];
+      const deps = createDeps({
+        getUserPrincipals: jest.fn().mockResolvedValue(principals),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes();
+
+      await handlers.getEffectiveCapabilities(req, res);
+
+      expect(deps.getCapabilitiesForPrincipals).toHaveBeenCalledTimes(1);
+      expect(deps.getCapabilitiesForPrincipals).toHaveBeenCalledWith(
+        expect.objectContaining({
+          principals: [
+            { principalType: PrincipalType.USER, principalId: userId },
+            { principalType: PrincipalType.ROLE, principalId: 'editor' },
+          ],
+        }),
+      );
+    });
+
+    it('passes tenantId to getCapabilitiesForPrincipals', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes({
+        user: { _id: new Types.ObjectId(), role: 'admin', tenantId: 'tenant-1' },
+      });
+
+      await handlers.getEffectiveCapabilities(req, res);
+
+      expect(deps.getCapabilitiesForPrincipals).toHaveBeenCalledWith(
+        expect.objectContaining({ tenantId: 'tenant-1' }),
+      );
+    });
+
+    it('skips principals without principalId', async () => {
+      const principals = [
+        { principalType: PrincipalType.PUBLIC },
+        { principalType: PrincipalType.ROLE, principalId: 'editor' },
+      ];
+      const deps = createDeps({
+        getUserPrincipals: jest.fn().mockResolvedValue(principals),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes();
+
+      await handlers.getEffectiveCapabilities(req, res);
+
+      expect(deps.getCapabilitiesForPrincipals).toHaveBeenCalledWith(
+        expect.objectContaining({
+          principals: [{ principalType: PrincipalType.ROLE, principalId: 'editor' }],
+        }),
+      );
+    });
+
+    it('returns empty capabilities when all principals lack principalId', async () => {
+      const deps = createDeps({
+        getUserPrincipals: jest.fn().mockResolvedValue([{ principalType: PrincipalType.PUBLIC }]),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.getEffectiveCapabilities(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ capabilities: [] });
+      expect(deps.getCapabilitiesForPrincipals).not.toHaveBeenCalled();
+    });
+
+    it('deduplicates capabilities across principals', async () => {
+      const readUsersGrant = mockGrant({ capability: SystemCapabilities.READ_USERS });
+      const deps = createDeps({
+        getUserPrincipals: jest.fn().mockResolvedValue([
+          { principalType: PrincipalType.USER, principalId: new Types.ObjectId() },
+          { principalType: PrincipalType.ROLE, principalId: 'editor' },
+        ]),
+        getCapabilitiesForPrincipals: jest.fn().mockResolvedValue([readUsersGrant, readUsersGrant]),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.getEffectiveCapabilities(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      const response = json.mock.calls[0][0];
+      const readUsersCount = response.capabilities.filter(
+        (c: string) => c === SystemCapabilities.READ_USERS,
+      ).length;
+      expect(readUsersCount).toBe(1);
+    });
+
+    it('deduplicates when user holds both parent and implied capability', async () => {
+      const manageGrant = mockGrant({ capability: SystemCapabilities.MANAGE_ROLES });
+      const readGrant = mockGrant({ capability: SystemCapabilities.READ_ROLES });
+      const deps = createDeps({
+        getCapabilitiesForPrincipals: jest.fn().mockResolvedValue([manageGrant, readGrant]),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.getEffectiveCapabilities(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      const response = json.mock.calls[0][0];
+      const readRolesCount = response.capabilities.filter(
+        (c: string) => c === SystemCapabilities.READ_ROLES,
+      ).length;
+      expect(readRolesCount).toBe(1);
+    });
+
+    it('returns 401 when user is not authenticated', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+      (req as unknown as Record<string, unknown>).user = undefined;
+
+      await handlers.getEffectiveCapabilities(req, res);
+
+      expect(status).toHaveBeenCalledWith(401);
+      expect(json).toHaveBeenCalledWith({ error: 'Authentication required' });
+    });
+
+    it('returns 500 on unexpected error', async () => {
+      const deps = createDeps({
+        getUserPrincipals: jest.fn().mockRejectedValue(new Error('db error')),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.getEffectiveCapabilities(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to get effective capabilities' });
+    });
+
+    it('returns 500 when getCapabilitiesForPrincipals throws', async () => {
+      const deps = createDeps({
+        getCapabilitiesForPrincipals: jest.fn().mockRejectedValue(new Error('db error')),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.getEffectiveCapabilities(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to get effective capabilities' });
+    });
+  });
+
+  describe('getPrincipalGrants', () => {
+    it('returns grants for a role principal', async () => {
+      const grants = [mockGrant()];
+      const deps = createDeps({
+        getCapabilitiesForPrincipal: jest.fn().mockResolvedValue(grants),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { principalType: PrincipalType.ROLE, principalId: 'editor' },
+      });
+
+      await handlers.getPrincipalGrants(req, res);
+
+      expect(deps.getCapabilitiesForPrincipal).toHaveBeenCalledWith(
+        expect.objectContaining({
+          principalType: PrincipalType.ROLE,
+          principalId: 'editor',
+        }),
+      );
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ grants });
+    });
+
+    it('returns 400 for group principal type', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { principalType: PrincipalType.GROUP, principalId: validObjectId },
+      });
+
+      await handlers.getPrincipalGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid principal type' });
+    });
+
+    it('returns 400 for user principal type', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { principalType: PrincipalType.USER, principalId: validObjectId },
+      });
+
+      await handlers.getPrincipalGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid principal type' });
+    });
+
+    it('passes tenantId to dep calls', async () => {
+      const deps = createDeps({
+        getCapabilitiesForPrincipal: jest.fn().mockResolvedValue([]),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes({
+        params: { principalType: PrincipalType.ROLE, principalId: 'editor' },
+        user: { _id: new Types.ObjectId(), role: 'admin', tenantId: 'tenant-1' },
+      });
+
+      await handlers.getPrincipalGrants(req, res);
+
+      expect(deps.hasCapabilityForPrincipals).toHaveBeenCalledWith(
+        expect.objectContaining({ tenantId: 'tenant-1' }),
+      );
+      expect(deps.getCapabilitiesForPrincipal).toHaveBeenCalledWith(
+        expect.objectContaining({ tenantId: 'tenant-1' }),
+      );
+    });
+
+    it('returns 400 for invalid principal type', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { principalType: 'invalid', principalId: 'abc' },
+      });
+
+      await handlers.getPrincipalGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid principal type' });
+    });
+
+    it('returns 400 when principalId is missing', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { principalType: PrincipalType.ROLE, principalId: '' },
+      });
+
+      await handlers.getPrincipalGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Principal ID is required' });
+    });
+
+    it('accepts string principalId for role type', async () => {
+      const deps = createDeps({
+        getCapabilitiesForPrincipal: jest.fn().mockResolvedValue([]),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { principalType: PrincipalType.ROLE, principalId: 'custom-role-name' },
+      });
+
+      await handlers.getPrincipalGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+    });
+
+    it('returns 401 when user is not authenticated', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { principalType: PrincipalType.ROLE, principalId: 'editor' },
+      });
+      (req as unknown as Record<string, unknown>).user = undefined;
+
+      await handlers.getPrincipalGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(401);
+      expect(json).toHaveBeenCalledWith({ error: 'Authentication required' });
+    });
+
+    it('returns 403 when caller lacks READ capability', async () => {
+      const deps = createDeps({
+        hasCapabilityForPrincipals: jest.fn().mockResolvedValue(false),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { principalType: PrincipalType.ROLE, principalId: 'editor' },
+      });
+
+      await handlers.getPrincipalGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(403);
+      expect(json).toHaveBeenCalledWith({ error: 'Insufficient permissions' });
+      expect(deps.hasCapabilityForPrincipals).toHaveBeenCalledWith(
+        expect.objectContaining({ capability: SystemCapabilities.READ_ROLES }),
+      );
+    });
+
+    it('returns 500 on unexpected error', async () => {
+      const deps = createDeps({
+        getCapabilitiesForPrincipal: jest.fn().mockRejectedValue(new Error('db error')),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { principalType: PrincipalType.ROLE, principalId: 'editor' },
+      });
+
+      await handlers.getPrincipalGrants(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to get grants' });
+    });
+  });
+
+  describe('assignGrant', () => {
+    const validBody = {
+      principalType: PrincipalType.ROLE,
+      principalId: 'editor',
+      capability: SystemCapabilities.READ_USERS,
+    };
+
+    it('assigns a grant and returns 201', async () => {
+      const grant = mockGrant();
+      const deps = createDeps({ grantCapability: jest.fn().mockResolvedValue(grant) });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: validBody });
+
+      await handlers.assignGrant(req, res);
+
+      expect(deps.grantCapability).toHaveBeenCalledWith(
+        expect.objectContaining({
+          principalType: PrincipalType.ROLE,
+          principalId: 'editor',
+          capability: SystemCapabilities.READ_USERS,
+        }),
+      );
+      expect(status).toHaveBeenCalledWith(201);
+      expect(json).toHaveBeenCalledWith({ grant });
+    });
+
+    it('passes grantedBy from the authenticated user', async () => {
+      const userId = new Types.ObjectId();
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes({ body: validBody, user: { _id: userId, role: 'admin' } });
+
+      await handlers.assignGrant(req, res);
+
+      expect(deps.grantCapability).toHaveBeenCalledWith(
+        expect.objectContaining({ grantedBy: userId.toString() }),
+      );
+    });
+
+    it('passes tenantId to all dep calls', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes({
+        body: validBody,
+        user: { _id: new Types.ObjectId(), role: 'admin', tenantId: 'tenant-1' },
+      });
+
+      await handlers.assignGrant(req, res);
+
+      expect(deps.getHeldCapabilities).toHaveBeenCalledWith(
+        expect.objectContaining({ tenantId: 'tenant-1' }),
+      );
+      expect(deps.grantCapability).toHaveBeenCalledWith(
+        expect.objectContaining({ tenantId: 'tenant-1' }),
+      );
+    });
+
+    it('accepts section-level config capabilities', async () => {
+      const grant = mockGrant({
+        capability: 'manage:configs:endpoints' as ISystemGrant['capability'],
+      });
+      const deps = createDeps({
+        grantCapability: jest.fn().mockResolvedValue(grant),
+        getHeldCapabilities: jest
+          .fn()
+          .mockResolvedValue(
+            new Set([SystemCapabilities.MANAGE_ROLES, 'manage:configs:endpoints']),
+          ),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        body: { ...validBody, capability: 'manage:configs:endpoints' },
+      });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(201);
+    });
+
+    it('accepts config assignment capabilities', async () => {
+      const grant = mockGrant({ capability: 'assign:configs:group' as ISystemGrant['capability'] });
+      const deps = createDeps({
+        grantCapability: jest.fn().mockResolvedValue(grant),
+        getHeldCapabilities: jest
+          .fn()
+          .mockResolvedValue(new Set([SystemCapabilities.MANAGE_ROLES, 'assign:configs:group'])),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        body: { ...validBody, capability: 'assign:configs:group' },
+      });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(201);
+    });
+
+    it('returns 400 for invalid extended capability string', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { ...validBody, capability: 'manage:configs:' },
+      });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid capability' });
+    });
+
+    it('returns 400 for missing principalType', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { principalId: 'editor', capability: SystemCapabilities.READ_USERS },
+      });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid principal type' });
+    });
+
+    it('returns 400 for invalid principalType', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { ...validBody, principalType: 'invalid' },
+      });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid principal type' });
+    });
+
+    it('returns 400 for missing principalId', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { principalType: PrincipalType.ROLE, capability: SystemCapabilities.READ_USERS },
+      });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Principal ID is required' });
+    });
+
+    it('returns 400 for invalid capability', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { ...validBody, capability: 'not:a:real:capability' },
+      });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid capability' });
+    });
+
+    it('returns 400 for group principal type', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: {
+          principalType: PrincipalType.GROUP,
+          principalId: validObjectId,
+          capability: SystemCapabilities.READ_USERS,
+        },
+      });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid principal type' });
+    });
+
+    it('returns 401 when user is not authenticated', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: validBody });
+      (req as unknown as Record<string, unknown>).user = undefined;
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(401);
+      expect(json).toHaveBeenCalledWith({ error: 'Authentication required' });
+      expect(deps.grantCapability).not.toHaveBeenCalled();
+    });
+
+    it('returns 403 when caller lacks manage capability', async () => {
+      const deps = createDeps({
+        getHeldCapabilities: jest.fn().mockResolvedValue(new Set()),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: validBody });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(403);
+      expect(json).toHaveBeenCalledWith({ error: 'Insufficient permissions' });
+      expect(deps.grantCapability).not.toHaveBeenCalled();
+    });
+
+    it('returns 403 when caller lacks the capability being granted', async () => {
+      const deps = createDeps({
+        getHeldCapabilities: jest
+          .fn()
+          .mockResolvedValue(new Set([SystemCapabilities.MANAGE_ROLES])),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: validBody });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(403);
+      expect(json).toHaveBeenCalledWith({ error: 'Cannot grant a capability you do not possess' });
+      expect(deps.grantCapability).not.toHaveBeenCalled();
+    });
+
+    it('allows granting an implied capability the caller holds transitively', async () => {
+      const deps = createDeps({
+        getHeldCapabilities: jest
+          .fn()
+          .mockResolvedValue(
+            new Set([SystemCapabilities.MANAGE_ROLES, SystemCapabilities.READ_ROLES]),
+          ),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        body: {
+          principalType: PrincipalType.ROLE,
+          principalId: 'editor',
+          capability: SystemCapabilities.READ_ROLES,
+        },
+      });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(201);
+      expect(deps.getHeldCapabilities).toHaveBeenCalledWith(
+        expect.objectContaining({
+          capabilities: expect.arrayContaining([SystemCapabilities.READ_ROLES]),
+        }),
+      );
+    });
+
+    it('checks MANAGE_ROLES for role principal type', async () => {
+      const deps = createDeps({
+        getHeldCapabilities: jest
+          .fn()
+          .mockResolvedValue(
+            new Set([SystemCapabilities.MANAGE_ROLES, SystemCapabilities.READ_USERS]),
+          ),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes({ body: validBody });
+
+      await handlers.assignGrant(req, res);
+
+      expect(deps.getHeldCapabilities).toHaveBeenCalledWith(
+        expect.objectContaining({
+          capabilities: expect.arrayContaining([SystemCapabilities.MANAGE_ROLES]),
+        }),
+      );
+    });
+
+    it('rejects group principal type before checking capabilities', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: {
+          principalType: PrincipalType.GROUP,
+          principalId: validObjectId,
+          capability: SystemCapabilities.READ_USERS,
+        },
+      });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid principal type' });
+      expect(deps.getHeldCapabilities).not.toHaveBeenCalled();
+    });
+
+    it('rejects user principal type before checking capabilities', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: {
+          principalType: PrincipalType.USER,
+          principalId: validObjectId,
+          capability: SystemCapabilities.READ_USERS,
+        },
+      });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid principal type' });
+      expect(deps.getHeldCapabilities).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when role does not exist', async () => {
+      const deps = createDeps({
+        checkRoleExists: jest.fn().mockResolvedValue(false),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: validBody });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Role not found' });
+      expect(deps.grantCapability).not.toHaveBeenCalled();
+    });
+
+    it('skips role existence check when checkRoleExists is not provided', async () => {
+      const { checkRoleExists: _, ...depsWithoutCheck } = createDeps();
+      const deps = { ...depsWithoutCheck, checkRoleExists: undefined };
+      const handlers = createAdminGrantsHandlers(deps as AdminGrantsDeps);
+      const { req, res, status } = createReqRes({ body: validBody });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(201);
+    });
+
+    it('returns 500 when checkRoleExists throws', async () => {
+      const deps = createDeps({
+        checkRoleExists: jest.fn().mockRejectedValue(new Error('db error')),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: validBody });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to assign grant' });
+    });
+
+    it('returns 500 when grantCapability returns null', async () => {
+      const deps = createDeps({
+        grantCapability: jest.fn().mockResolvedValue(null),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: validBody });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Grant operation returned no result' });
+    });
+
+    it('returns 500 on unexpected error', async () => {
+      const deps = createDeps({
+        grantCapability: jest.fn().mockRejectedValue(new Error('db error')),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: validBody });
+
+      await handlers.assignGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to assign grant' });
+    });
+  });
+
+  describe('revokeGrant', () => {
+    const validParams = {
+      principalType: PrincipalType.ROLE,
+      principalId: 'editor',
+      capability: SystemCapabilities.READ_USERS,
+    };
+
+    it('returns 200 idempotently even if the grant does not exist', async () => {
+      const deps = createDeps({
+        revokeCapability: jest.fn().mockResolvedValue(undefined),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: validParams });
+
+      await handlers.revokeGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+
+    it('revokes a grant and returns 200', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: validParams });
+
+      await handlers.revokeGrant(req, res);
+
+      expect(deps.revokeCapability).toHaveBeenCalledWith(
+        expect.objectContaining({
+          principalType: PrincipalType.ROLE,
+          principalId: 'editor',
+          capability: SystemCapabilities.READ_USERS,
+        }),
+      );
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+
+    it('passes tenantId to dep calls', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res } = createReqRes({
+        params: validParams,
+        user: { _id: new Types.ObjectId(), role: 'admin', tenantId: 'tenant-1' },
+      });
+
+      await handlers.revokeGrant(req, res);
+
+      expect(deps.hasCapabilityForPrincipals).toHaveBeenCalledWith(
+        expect.objectContaining({ tenantId: 'tenant-1' }),
+      );
+      expect(deps.revokeCapability).toHaveBeenCalledWith(
+        expect.objectContaining({ tenantId: 'tenant-1' }),
+      );
+    });
+
+    it('accepts section-level config capability with colons', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { ...validParams, capability: 'manage:configs:endpoints' },
+      });
+
+      await handlers.revokeGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.revokeCapability).toHaveBeenCalledWith(
+        expect.objectContaining({ capability: 'manage:configs:endpoints' }),
+      );
+    });
+
+    it('returns 400 for missing principalType', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: {
+          principalType: '',
+          principalId: 'editor',
+          capability: SystemCapabilities.READ_USERS,
+        },
+      });
+
+      await handlers.revokeGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid principal type' });
+    });
+
+    it('returns 400 for missing principalId', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: {
+          principalType: PrincipalType.ROLE,
+          principalId: '',
+          capability: SystemCapabilities.READ_USERS,
+        },
+      });
+
+      await handlers.revokeGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Principal ID is required' });
+    });
+
+    it('returns 400 for invalid capability', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { ...validParams, capability: 'fake' },
+      });
+
+      await handlers.revokeGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid capability' });
+    });
+
+    it('returns 400 for missing capability param', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { principalType: PrincipalType.ROLE, principalId: 'editor' },
+      });
+
+      await handlers.revokeGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid capability' });
+    });
+
+    it('returns 401 when user is not authenticated', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: validParams });
+      (req as unknown as Record<string, unknown>).user = undefined;
+
+      await handlers.revokeGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(401);
+      expect(json).toHaveBeenCalledWith({ error: 'Authentication required' });
+      expect(deps.revokeCapability).not.toHaveBeenCalled();
+    });
+
+    it('returns 403 when caller lacks manage capability', async () => {
+      const deps = createDeps({
+        hasCapabilityForPrincipals: jest.fn().mockResolvedValue(false),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: validParams });
+
+      await handlers.revokeGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(403);
+      expect(json).toHaveBeenCalledWith({ error: 'Insufficient permissions' });
+      expect(deps.revokeCapability).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 for group principal type', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: {
+          principalType: PrincipalType.GROUP,
+          principalId: validObjectId,
+          capability: SystemCapabilities.READ_USERS,
+        },
+      });
+
+      await handlers.revokeGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid principal type' });
+    });
+
+    it('returns 400 for user principal type', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: {
+          principalType: PrincipalType.USER,
+          principalId: validObjectId,
+          capability: SystemCapabilities.READ_USERS,
+        },
+      });
+
+      await handlers.revokeGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid principal type' });
+    });
+
+    it('returns 500 on unexpected error', async () => {
+      const deps = createDeps({
+        revokeCapability: jest.fn().mockRejectedValue(new Error('db error')),
+      });
+      const handlers = createAdminGrantsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: validParams });
+
+      await handlers.revokeGrant(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to revoke grant' });
+    });
+  });
+});
diff --git a/packages/api/src/admin/grants.ts b/packages/api/src/admin/grants.ts
new file mode 100644
index 0000000000..b7205d6c7c
--- /dev/null
+++ b/packages/api/src/admin/grants.ts
@@ -0,0 +1,409 @@
+import { PrincipalType } from 'librechat-data-provider';
+import {
+  logger,
+  isValidCapability,
+  SystemCapabilities,
+  expandImplications,
+} from '@librechat/data-schemas';
+import type { ISystemGrant, SystemCapability } from '@librechat/data-schemas';
+import type { Response } from 'express';
+import type { Types } from 'mongoose';
+import type { ResolvedPrincipal } from '~/types/principal';
+import type { ServerRequest } from '~/types/http';
+import { parsePagination } from './pagination';
+
+interface GrantRequestBody {
+  principalType?: string;
+  principalId?: string | null;
+  capability?: string;
+}
+
+export interface AdminGrantsDeps {
+  listGrants: (options?: {
+    tenantId?: string;
+    principalTypes?: PrincipalType[];
+    limit?: number;
+    offset?: number;
+  }) => Promise<ISystemGrant[]>;
+  countGrants: (options?: {
+    tenantId?: string;
+    principalTypes?: PrincipalType[];
+  }) => Promise<number>;
+  getCapabilitiesForPrincipal: (params: {
+    principalType: PrincipalType;
+    principalId: string | Types.ObjectId;
+    tenantId?: string;
+  }) => Promise<ISystemGrant[]>;
+  getCapabilitiesForPrincipals: (params: {
+    principals: Array<{ principalType: PrincipalType; principalId: string | Types.ObjectId }>;
+    tenantId?: string;
+  }) => Promise<ISystemGrant[]>;
+  grantCapability: (params: {
+    principalType: PrincipalType;
+    principalId: string | Types.ObjectId;
+    capability: SystemCapability;
+    tenantId?: string;
+    grantedBy?: string | Types.ObjectId;
+  }) => Promise<ISystemGrant | null>;
+  revokeCapability: (params: {
+    principalType: PrincipalType;
+    principalId: string | Types.ObjectId;
+    capability: SystemCapability;
+    tenantId?: string;
+  }) => Promise<void>;
+  getUserPrincipals: (params: {
+    userId: string;
+    role?: string | null;
+    tenantId?: string;
+  }) => Promise<ResolvedPrincipal[]>;
+  hasCapabilityForPrincipals: (params: {
+    principals: ResolvedPrincipal[];
+    capability: SystemCapability;
+    tenantId?: string;
+  }) => Promise<boolean>;
+  getHeldCapabilities: (params: {
+    principals: ResolvedPrincipal[];
+    capabilities: SystemCapability[];
+    tenantId?: string;
+  }) => Promise<Set<SystemCapability>>;
+  getCachedPrincipals?: (user: {
+    id: string;
+    role: string;
+    tenantId?: string;
+  }) => ResolvedPrincipal[] | undefined;
+  checkRoleExists?: (roleId: string) => Promise<boolean>;
+}
+
+/** Currently ROLE-only; Record/Set structure preserved for future principal-type expansion. */
+export type GrantPrincipalType = PrincipalType.ROLE;
+
+/** Creates admin grant handlers with dependency injection for the /api/admin/grants routes. */
+export function createAdminGrantsHandlers(deps: AdminGrantsDeps) {
+  const {
+    listGrants,
+    countGrants,
+    getCapabilitiesForPrincipal,
+    getCapabilitiesForPrincipals,
+    grantCapability,
+    revokeCapability,
+    getUserPrincipals,
+    hasCapabilityForPrincipals,
+    getHeldCapabilities,
+    getCachedPrincipals,
+    checkRoleExists,
+  } = deps;
+
+  const MANAGE_CAPABILITY_BY_TYPE: Record<GrantPrincipalType, SystemCapability> = {
+    [PrincipalType.ROLE]: SystemCapabilities.MANAGE_ROLES,
+  };
+
+  const READ_CAPABILITY_BY_TYPE: Record<GrantPrincipalType, SystemCapability> = {
+    [PrincipalType.ROLE]: SystemCapabilities.READ_ROLES,
+  };
+
+  const VALID_PRINCIPAL_TYPES = new Set(
+    Object.keys(MANAGE_CAPABILITY_BY_TYPE) as GrantPrincipalType[],
+  );
+
+  function resolveUser(
+    req: ServerRequest,
+  ): { userId: string; role: string; tenantId?: string } | null {
+    const user = req.user;
+    if (!user) {
+      return null;
+    }
+    const userId = user._id?.toString() ?? user.id;
+    if (!userId || !user.role) {
+      return null;
+    }
+    return { userId, role: user.role, tenantId: user.tenantId };
+  }
+
+  async function resolvePrincipals(user: {
+    userId: string;
+    role: string;
+    tenantId?: string;
+  }): Promise<ResolvedPrincipal[]> {
+    if (getCachedPrincipals) {
+      const cached = getCachedPrincipals({
+        id: user.userId,
+        role: user.role,
+        tenantId: user.tenantId,
+      });
+      if (cached) {
+        return cached;
+      }
+    }
+    return getUserPrincipals({ userId: user.userId, role: user.role, tenantId: user.tenantId });
+  }
+
+  function validatePrincipal(principalType: string, principalId: string): string | null {
+    if (!principalType || !VALID_PRINCIPAL_TYPES.has(principalType as GrantPrincipalType)) {
+      return 'Invalid principal type';
+    }
+    if (!principalId) {
+      return 'Principal ID is required';
+    }
+    return null;
+  }
+
+  function validateGrantBody(body: GrantRequestBody): string | null {
+    const { principalType, principalId, capability } = body;
+    if (typeof principalType !== 'string') {
+      return 'Invalid principal type';
+    }
+    if (principalId == null) {
+      return 'Principal ID is required';
+    }
+    if (typeof principalId !== 'string') {
+      return 'Principal ID must be a string';
+    }
+    const principalError = validatePrincipal(principalType, principalId);
+    if (principalError) {
+      return principalError;
+    }
+    if (!capability || typeof capability !== 'string' || !isValidCapability(capability)) {
+      return 'Invalid capability';
+    }
+    return null;
+  }
+
+  async function listGrantsHandler(req: ServerRequest, res: Response) {
+    try {
+      const user = resolveUser(req);
+      if (!user) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      const { limit, offset } = parsePagination(req.query as { limit?: string; offset?: string });
+      const { tenantId } = user;
+      const principals = await resolvePrincipals(user);
+      const entries = Object.entries(READ_CAPABILITY_BY_TYPE) as [
+        GrantPrincipalType,
+        SystemCapability,
+      ][];
+
+      const heldCaps = await getHeldCapabilities({
+        principals,
+        capabilities: entries.map(([, cap]) => cap),
+        tenantId,
+      });
+      const allowedTypes = entries
+        .filter(([, cap]) => heldCaps.has(cap))
+        .map(([type]) => type) as PrincipalType[];
+
+      if (!allowedTypes.length) {
+        return res.status(200).json({ grants: [], total: 0, limit, offset });
+      }
+      const [grants, total] = await Promise.all([
+        listGrants({ tenantId, principalTypes: allowedTypes, limit, offset }),
+        countGrants({ tenantId, principalTypes: allowedTypes }),
+      ]);
+      return res.status(200).json({ grants, total, limit, offset });
+    } catch (error) {
+      logger.error('[adminGrants] listGrants error:', error);
+      return res.status(500).json({ error: 'Failed to list grants' });
+    }
+  }
+
+  /**
+   * Returns the caller's effective capabilities: direct grants plus base-level
+   * implications (e.g. manage:roles → read:roles).
+   *
+   * Note: this endpoint does NOT expand parent capabilities into their
+   * section-level children (e.g. manage:configs does NOT expand into
+   * manage:configs:endpoints, manage:configs:models, etc.). Section-level
+   * capabilities are resolved dynamically by the authorization layer
+   * (hasCapabilityForPrincipals / getHeldCapabilities) at check time via
+   * getParentCapabilities. The admin UI should treat a base capability like
+   * manage:configs as implying authority over all its sections.
+   */
+  async function getEffectiveCapabilitiesHandler(req: ServerRequest, res: Response) {
+    try {
+      const user = resolveUser(req);
+      if (!user) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      const { tenantId } = user;
+      const principals = await resolvePrincipals(user);
+      const filteredPrincipals = principals.filter(
+        (p): p is ResolvedPrincipal & { principalId: string | Types.ObjectId } =>
+          p.principalId != null,
+      );
+
+      if (!filteredPrincipals.length) {
+        return res.status(200).json({ capabilities: [] });
+      }
+
+      const grants = await getCapabilitiesForPrincipals({
+        principals: filteredPrincipals,
+        tenantId,
+      });
+
+      const directCaps = new Set<string>();
+      for (const grant of grants) {
+        directCaps.add(grant.capability);
+      }
+
+      return res.status(200).json({ capabilities: expandImplications(Array.from(directCaps)) });
+    } catch (error) {
+      logger.error('[adminGrants] getEffectiveCapabilities error:', error);
+      return res.status(500).json({ error: 'Failed to get effective capabilities' });
+    }
+  }
+
+  async function getPrincipalGrantsHandler(req: ServerRequest, res: Response) {
+    try {
+      const user = resolveUser(req);
+      if (!user) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      const { principalType, principalId } = req.params as {
+        principalType: string;
+        principalId: string;
+      };
+
+      const principalError = validatePrincipal(principalType, principalId);
+      if (principalError) {
+        return res.status(400).json({ error: principalError });
+      }
+
+      const { tenantId } = user;
+      const readCap = READ_CAPABILITY_BY_TYPE[principalType as GrantPrincipalType];
+      const principals = await resolvePrincipals(user);
+      const allowed = await hasCapabilityForPrincipals({
+        principals,
+        capability: readCap,
+        tenantId,
+      });
+      if (!allowed) {
+        return res.status(403).json({ error: 'Insufficient permissions' });
+      }
+
+      const grants = await getCapabilitiesForPrincipal({
+        principalType: principalType as PrincipalType,
+        principalId,
+        tenantId,
+      });
+      return res.status(200).json({ grants });
+    } catch (error) {
+      logger.error('[adminGrants] getPrincipalGrants error:', error);
+      return res.status(500).json({ error: 'Failed to get grants' });
+    }
+  }
+
+  async function assignGrantHandler(req: ServerRequest, res: Response) {
+    try {
+      const caller = resolveUser(req);
+      if (!caller) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      const bodyError = validateGrantBody(req.body as GrantRequestBody);
+      if (bodyError) {
+        return res.status(400).json({ error: bodyError });
+      }
+
+      const { principalType, principalId, capability } = req.body as {
+        principalType: GrantPrincipalType;
+        principalId: string;
+        capability: SystemCapability;
+      };
+
+      const { tenantId } = caller;
+      const principals = await resolvePrincipals(caller);
+
+      const manageCap = MANAGE_CAPABILITY_BY_TYPE[principalType];
+      const held = await getHeldCapabilities({
+        principals,
+        capabilities: [manageCap, capability],
+        tenantId,
+      });
+      if (!held.has(manageCap)) {
+        return res.status(403).json({ error: 'Insufficient permissions' });
+      }
+      if (!held.has(capability)) {
+        return res.status(403).json({ error: 'Cannot grant a capability you do not possess' });
+      }
+
+      /** Reject grants targeting non-existent roles when the dep is provided. */
+      if (checkRoleExists) {
+        const exists = await checkRoleExists(principalId);
+        if (!exists) {
+          return res.status(400).json({ error: 'Role not found' });
+        }
+      }
+
+      const grant = await grantCapability({
+        principalType,
+        principalId,
+        capability,
+        tenantId,
+        grantedBy: caller.userId,
+      });
+      if (!grant) {
+        return res.status(500).json({ error: 'Grant operation returned no result' });
+      }
+      return res.status(201).json({ grant });
+    } catch (error) {
+      logger.error('[adminGrants] assignGrant error:', error);
+      return res.status(500).json({ error: 'Failed to assign grant' });
+    }
+  }
+
+  /**
+   * Revocation requires MANAGE on the target principal type but does NOT
+   * require the caller to possess the capability being revoked. This avoids
+   * a bootstrap deadlock where no one can clean up grants they don't hold.
+   */
+  async function revokeGrantHandler(req: ServerRequest, res: Response) {
+    try {
+      const caller = resolveUser(req);
+      if (!caller) {
+        return res.status(401).json({ error: 'Authentication required' });
+      }
+
+      const { principalType, principalId, capability } = req.params as {
+        principalType: string;
+        principalId: string;
+        capability?: string;
+      };
+
+      const principalError = validatePrincipal(principalType, principalId);
+      if (principalError) {
+        return res.status(400).json({ error: principalError });
+      }
+      if (!capability || !isValidCapability(capability)) {
+        return res.status(400).json({ error: 'Invalid capability' });
+      }
+
+      const { tenantId } = caller;
+      const principals = await resolvePrincipals(caller);
+      const manageCap = MANAGE_CAPABILITY_BY_TYPE[principalType as GrantPrincipalType];
+      if (!(await hasCapabilityForPrincipals({ principals, capability: manageCap, tenantId }))) {
+        return res.status(403).json({ error: 'Insufficient permissions' });
+      }
+
+      await revokeCapability({
+        principalType: principalType as PrincipalType,
+        principalId,
+        capability: capability as SystemCapability,
+        tenantId,
+      });
+      return res.status(200).json({ success: true });
+    } catch (error) {
+      logger.error('[adminGrants] revokeGrant error:', error);
+      return res.status(500).json({ error: 'Failed to revoke grant' });
+    }
+  }
+
+  return {
+    listGrants: listGrantsHandler,
+    getEffectiveCapabilities: getEffectiveCapabilitiesHandler,
+    getPrincipalGrants: getPrincipalGrantsHandler,
+    assignGrant: assignGrantHandler,
+    revokeGrant: revokeGrantHandler,
+  };
+}
diff --git a/packages/api/src/admin/groups.spec.ts b/packages/api/src/admin/groups.spec.ts
new file mode 100644
index 0000000000..d10dfda7e0
--- /dev/null
+++ b/packages/api/src/admin/groups.spec.ts
@@ -0,0 +1,1345 @@
+import { Types } from 'mongoose';
+import { PrincipalType } from 'librechat-data-provider';
+import type { IGroup, IUser } from '@librechat/data-schemas';
+import type { Response } from 'express';
+import type { ServerRequest } from '~/types/http';
+import type { AdminGroupsDeps } from './groups';
+import { createAdminGroupsHandlers } from './groups';
+
+jest.mock('@librechat/data-schemas', () => ({
+  ...jest.requireActual('@librechat/data-schemas'),
+  logger: { error: jest.fn(), warn: jest.fn(), info: jest.fn(), debug: jest.fn() },
+}));
+
+describe('createAdminGroupsHandlers', () => {
+  let validId: string;
+  let validUserId: string;
+
+  beforeEach(() => {
+    validId = new Types.ObjectId().toString();
+    validUserId = new Types.ObjectId().toString();
+  });
+
+  function mockGroup(overrides: Partial<IGroup> = {}): IGroup {
+    return {
+      _id: new Types.ObjectId(validId),
+      name: 'Test Group',
+      source: 'local',
+      memberIds: [],
+      createdAt: new Date(),
+      updatedAt: new Date(),
+      ...overrides,
+    } as IGroup;
+  }
+
+  function mockUser(overrides: Partial<IUser> = {}): IUser {
+    return {
+      _id: new Types.ObjectId(validUserId),
+      name: 'Test User',
+      email: 'test@example.com',
+      avatar: 'https://example.com/avatar.png',
+      ...overrides,
+    } as IUser;
+  }
+
+  function createReqRes(
+    overrides: {
+      params?: Record<string, string>;
+      query?: Record<string, string>;
+      body?: Record<string, unknown>;
+    } = {},
+  ) {
+    const req = {
+      params: overrides.params ?? {},
+      query: overrides.query ?? {},
+      body: overrides.body ?? {},
+    } as unknown as ServerRequest;
+
+    const json = jest.fn();
+    const status = jest.fn().mockReturnValue({ json });
+    const res = { status, json } as unknown as Response;
+
+    return { req, res, status, json };
+  }
+
+  function createDeps(overrides: Partial<AdminGroupsDeps> = {}): AdminGroupsDeps {
+    return {
+      listGroups: jest.fn().mockResolvedValue([]),
+      countGroups: jest.fn().mockResolvedValue(0),
+      findGroupById: jest.fn().mockResolvedValue(null),
+      createGroup: jest.fn().mockResolvedValue(mockGroup()),
+      updateGroupById: jest.fn().mockResolvedValue(mockGroup()),
+      deleteGroup: jest.fn().mockResolvedValue(mockGroup()),
+      addUserToGroup: jest.fn().mockResolvedValue({ user: mockUser(), group: mockGroup() }),
+      removeUserFromGroup: jest.fn().mockResolvedValue({ user: mockUser(), group: mockGroup() }),
+      removeMemberById: jest.fn().mockResolvedValue(mockGroup()),
+      findUsers: jest.fn().mockResolvedValue([]),
+      deleteConfig: jest.fn().mockResolvedValue(null),
+      deleteAclEntries: jest.fn().mockResolvedValue({ deletedCount: 0 }),
+      ...overrides,
+    };
+  }
+
+  describe('listGroups', () => {
+    it('returns groups with total, limit, offset', async () => {
+      const groups = [mockGroup()];
+      const deps = createDeps({
+        listGroups: jest.fn().mockResolvedValue(groups),
+        countGroups: jest.fn().mockResolvedValue(1),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ query: {} });
+
+      await handlers.listGroups(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ groups, total: 1, limit: 50, offset: 0 });
+    });
+
+    it('passes source and search filters with pagination', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res } = createReqRes({
+        query: { source: 'entra', search: 'engineering', limit: '20', offset: '10' },
+      });
+
+      await handlers.listGroups(req, res);
+
+      expect(deps.listGroups).toHaveBeenCalledWith({
+        source: 'entra',
+        search: 'engineering',
+        limit: 20,
+        offset: 10,
+      });
+      expect(deps.countGroups).toHaveBeenCalledWith({
+        source: 'entra',
+        search: 'engineering',
+      });
+    });
+
+    it('passes search filter alone', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res } = createReqRes({ query: { search: 'eng' } });
+
+      await handlers.listGroups(req, res);
+
+      expect(deps.listGroups).toHaveBeenCalledWith({ search: 'eng', limit: 50, offset: 0 });
+      expect(deps.countGroups).toHaveBeenCalledWith({ search: 'eng' });
+    });
+
+    it('ignores invalid source values', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res } = createReqRes({ query: { source: 'invalid' } });
+
+      await handlers.listGroups(req, res);
+
+      expect(deps.listGroups).toHaveBeenCalledWith({ limit: 50, offset: 0 });
+      expect(deps.countGroups).toHaveBeenCalledWith({});
+    });
+
+    it('clamps limit and offset', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res } = createReqRes({ query: { limit: '999', offset: '-5' } });
+
+      await handlers.listGroups(req, res);
+
+      expect(deps.listGroups).toHaveBeenCalledWith({ limit: 200, offset: 0 });
+    });
+
+    it('returns 400 when search exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        query: { search: 'a'.repeat(201) },
+      });
+
+      await handlers.listGroups(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'search must not exceed 200 characters' });
+      expect(deps.listGroups).not.toHaveBeenCalled();
+    });
+
+    it('returns 500 when countGroups fails', async () => {
+      const deps = createDeps({
+        countGroups: jest.fn().mockRejectedValue(new Error('count failed')),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listGroups(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to list groups' });
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({ listGroups: jest.fn().mockRejectedValue(new Error('db down')) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listGroups(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to list groups' });
+    });
+  });
+
+  describe('getGroup', () => {
+    it('returns group with 200', async () => {
+      const group = mockGroup();
+      const deps = createDeps({ findGroupById: jest.fn().mockResolvedValue(group) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ group });
+    });
+
+    it('returns 400 for invalid ID', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: 'not-an-id' } });
+
+      await handlers.getGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid group ID format' });
+      expect(deps.findGroupById).not.toHaveBeenCalled();
+    });
+
+    it('returns 404 when group not found', async () => {
+      const deps = createDeps({ findGroupById: jest.fn().mockResolvedValue(null) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Group not found' });
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({
+        findGroupById: jest.fn().mockRejectedValue(new Error('db down')),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to get group' });
+    });
+  });
+
+  describe('createGroup', () => {
+    it('creates group and returns 201', async () => {
+      const group = mockGroup();
+      const deps = createDeps({ createGroup: jest.fn().mockResolvedValue(group) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'New Group', description: 'A group' },
+      });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(201);
+      expect(json).toHaveBeenCalledWith({ group });
+      expect(deps.createGroup).toHaveBeenCalledWith(
+        expect.objectContaining({
+          name: 'New Group',
+          description: 'A group',
+          source: 'local',
+          memberIds: [],
+        }),
+      );
+    });
+
+    it('normalizes memberIds to idOnTheSource values', async () => {
+      const userId = new Types.ObjectId().toString();
+      const user = { _id: new Types.ObjectId(userId), idOnTheSource: 'ext-norm-1' } as IUser;
+      const group = mockGroup();
+      const deps = createDeps({
+        createGroup: jest.fn().mockResolvedValue(group),
+        findUsers: jest.fn().mockResolvedValue([user]),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        body: { name: 'With Members', memberIds: [userId] },
+      });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(201);
+      expect(deps.findUsers).toHaveBeenCalledWith({ _id: { $in: [userId] } }, 'idOnTheSource');
+      expect(deps.createGroup).toHaveBeenCalledWith(
+        expect.objectContaining({ memberIds: ['ext-norm-1'] }),
+      );
+    });
+
+    it('logs warning when memberIds contain non-existent user ObjectIds', async () => {
+      const { logger } = jest.requireMock('@librechat/data-schemas');
+      const unknownId = new Types.ObjectId().toString();
+      const group = mockGroup();
+      const deps = createDeps({
+        createGroup: jest.fn().mockResolvedValue(group),
+        findUsers: jest.fn().mockResolvedValue([]),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        body: { name: 'With Unknown', memberIds: [unknownId] },
+      });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(201);
+      expect(logger.warn).toHaveBeenCalledWith(
+        '[adminGroups] createGroup: memberIds contain unknown user ObjectIds:',
+        [unknownId],
+      );
+    });
+
+    it('passes idOnTheSource when provided', async () => {
+      const group = mockGroup();
+      const deps = createDeps({ createGroup: jest.fn().mockResolvedValue(group) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        body: { name: 'Entra Group', source: 'entra', idOnTheSource: 'ent-abc-123' },
+      });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(201);
+      expect(deps.createGroup).toHaveBeenCalledWith(
+        expect.objectContaining({ idOnTheSource: 'ent-abc-123', source: 'entra' }),
+      );
+    });
+
+    it('returns 400 for invalid source value', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'Bad Source', source: 'azure' },
+      });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid source value' });
+      expect(deps.createGroup).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when name exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'a'.repeat(501) },
+      });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name must not exceed 500 characters' });
+      expect(deps.createGroup).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when description exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'Valid', description: 'x'.repeat(2001) },
+      });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({
+        error: 'description must not exceed 2000 characters',
+      });
+      expect(deps.createGroup).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when email exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'Valid', email: 'x'.repeat(501) },
+      });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'email must not exceed 500 characters' });
+      expect(deps.createGroup).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when avatar exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'Valid', avatar: 'x'.repeat(2001) },
+      });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'avatar must not exceed 2000 characters' });
+      expect(deps.createGroup).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when idOnTheSource exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'Valid', idOnTheSource: 'x'.repeat(501) },
+      });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({
+        error: 'idOnTheSource must not exceed 500 characters',
+      });
+      expect(deps.createGroup).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when memberIds exceeds cap', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const memberIds = Array.from({ length: 501 }, (_, i) => `ext-${i}`);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'Too Many Members', memberIds },
+      });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'memberIds must not exceed 500 entries' });
+      expect(deps.createGroup).not.toHaveBeenCalled();
+    });
+
+    it('passes non-ObjectId memberIds through unchanged', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        body: { name: 'Ext Group', memberIds: ['ext-1', 'ext-2'] },
+      });
+
+      await handlers.createGroup(req, res);
+
+      expect(deps.findUsers).not.toHaveBeenCalled();
+      expect(deps.createGroup).toHaveBeenCalledWith(
+        expect.objectContaining({ memberIds: ['ext-1', 'ext-2'] }),
+      );
+      expect(status).toHaveBeenCalledWith(201);
+    });
+
+    it('returns 400 when name is missing', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: {} });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name is required' });
+      expect(deps.createGroup).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when name is whitespace-only', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: { name: '   ' } });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name is required' });
+    });
+
+    it('returns 400 on ValidationError', async () => {
+      const validationError = new Error('source must be local or entra');
+      validationError.name = 'ValidationError';
+      const deps = createDeps({ createGroup: jest.fn().mockRejectedValue(validationError) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: { name: 'Test' } });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'source must be local or entra' });
+    });
+
+    it('returns 500 on unexpected error', async () => {
+      const deps = createDeps({ createGroup: jest.fn().mockRejectedValue(new Error('db crash')) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: { name: 'Test' } });
+
+      await handlers.createGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to create group' });
+    });
+  });
+
+  describe('updateGroup', () => {
+    it('updates group and returns 200', async () => {
+      const group = mockGroup({ name: 'Updated' });
+      const deps = createDeps({
+        updateGroupById: jest.fn().mockResolvedValue(group),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { name: 'Updated' },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ group });
+    });
+
+    it('updates description only', async () => {
+      const group = mockGroup({ description: 'New desc' });
+      const deps = createDeps({ updateGroupById: jest.fn().mockResolvedValue(group) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { id: validId },
+        body: { description: 'New desc' },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.updateGroupById).toHaveBeenCalledWith(validId, { description: 'New desc' });
+    });
+
+    it('updates email only', async () => {
+      const group = mockGroup({ email: 'team@co.com' });
+      const deps = createDeps({ updateGroupById: jest.fn().mockResolvedValue(group) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { id: validId },
+        body: { email: 'team@co.com' },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.updateGroupById).toHaveBeenCalledWith(validId, { email: 'team@co.com' });
+    });
+
+    it('updates avatar only', async () => {
+      const group = mockGroup({ avatar: 'https://img.co/a.png' });
+      const deps = createDeps({ updateGroupById: jest.fn().mockResolvedValue(group) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { id: validId },
+        body: { avatar: 'https://img.co/a.png' },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.updateGroupById).toHaveBeenCalledWith(validId, {
+        avatar: 'https://img.co/a.png',
+      });
+    });
+
+    it('updates multiple fields at once', async () => {
+      const group = mockGroup({ name: 'New', description: 'Desc', email: 'a@b.com' });
+      const deps = createDeps({ updateGroupById: jest.fn().mockResolvedValue(group) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { id: validId },
+        body: { name: ' New ', description: 'Desc', email: 'a@b.com' },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.updateGroupById).toHaveBeenCalledWith(validId, {
+        name: 'New',
+        description: 'Desc',
+        email: 'a@b.com',
+      });
+    });
+
+    it('returns 400 for invalid ID', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: 'bad' },
+        body: { name: 'Updated' },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid group ID format' });
+    });
+
+    it('returns 400 when name is empty string', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { name: '' },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name must be a non-empty string' });
+    });
+
+    it('returns 400 when name is whitespace-only', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { name: '   ' },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name must be a non-empty string' });
+    });
+
+    it('returns 400 when name exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { name: 'a'.repeat(501) },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name must not exceed 500 characters' });
+      expect(deps.updateGroupById).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when description exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { description: 'x'.repeat(2001) },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({
+        error: 'description must not exceed 2000 characters',
+      });
+      expect(deps.updateGroupById).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when email exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { email: 'x'.repeat(501) },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'email must not exceed 500 characters' });
+      expect(deps.updateGroupById).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when avatar exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { avatar: 'x'.repeat(2001) },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'avatar must not exceed 2000 characters' });
+      expect(deps.updateGroupById).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when no valid fields provided', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: {},
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'No valid fields to update' });
+      expect(deps.updateGroupById).not.toHaveBeenCalled();
+    });
+
+    it('returns 404 when updateGroupById returns null', async () => {
+      const deps = createDeps({
+        updateGroupById: jest.fn().mockResolvedValue(null),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { name: 'Updated' },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Group not found' });
+    });
+
+    it('returns 400 on ValidationError', async () => {
+      const validationError = new Error('invalid field');
+      validationError.name = 'ValidationError';
+      const deps = createDeps({
+        updateGroupById: jest.fn().mockRejectedValue(validationError),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { name: 'Updated' },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'invalid field' });
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({
+        updateGroupById: jest.fn().mockRejectedValue(new Error('db down')),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { name: 'Updated' },
+      });
+
+      await handlers.updateGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to update group' });
+    });
+  });
+
+  describe('deleteGroup', () => {
+    it('deletes group and returns 200 with id', async () => {
+      const deps = createDeps({ deleteGroup: jest.fn().mockResolvedValue(mockGroup()) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.deleteGroup(req, res);
+
+      expect(deps.deleteGroup).toHaveBeenCalledWith(validId);
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true, id: validId });
+    });
+
+    it('returns 400 for invalid ID', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: 'bad-id' } });
+
+      await handlers.deleteGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid group ID format' });
+    });
+
+    it('returns 404 when deleteGroup returns null', async () => {
+      const deps = createDeps({ deleteGroup: jest.fn().mockResolvedValue(null) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.deleteGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Group not found' });
+      expect(deps.deleteConfig).not.toHaveBeenCalled();
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({
+        deleteGroup: jest.fn().mockRejectedValue(new Error('db down')),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.deleteGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to delete group' });
+    });
+
+    it('returns 200 even when cascade cleanup partially fails', async () => {
+      const deps = createDeps({
+        deleteGroup: jest.fn().mockResolvedValue(mockGroup()),
+        deleteAclEntries: jest.fn().mockRejectedValue(new Error('cleanup failed')),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.deleteGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true, id: validId });
+      expect(deps.deleteConfig).toHaveBeenCalledWith(PrincipalType.GROUP, validId);
+      expect(deps.deleteAclEntries).toHaveBeenCalledWith({
+        principalType: PrincipalType.GROUP,
+        principalId: new Types.ObjectId(validId),
+      });
+    });
+
+    it('cleans up Config and AclEntry on group delete', async () => {
+      const deps = createDeps({ deleteGroup: jest.fn().mockResolvedValue(mockGroup()) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status } = createReqRes({ params: { id: validId } });
+
+      await handlers.deleteGroup(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.deleteConfig).toHaveBeenCalledWith(PrincipalType.GROUP, validId);
+      expect(deps.deleteAclEntries).toHaveBeenCalledWith({
+        principalType: PrincipalType.GROUP,
+        principalId: new Types.ObjectId(validId),
+      });
+    });
+  });
+
+  describe('getGroupMembers', () => {
+    it('fetches group with memberIds projection only', async () => {
+      const group = mockGroup({ memberIds: [] });
+      const deps = createDeps({ findGroupById: jest.fn().mockResolvedValue(group) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroupMembers(req, res);
+
+      expect(deps.findGroupById).toHaveBeenCalledWith(validId, { memberIds: 1 });
+    });
+
+    it('returns empty members for group with no memberIds', async () => {
+      const group = mockGroup({ memberIds: [] });
+      const deps = createDeps({ findGroupById: jest.fn().mockResolvedValue(group) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroupMembers(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ members: [], total: 0, limit: 50, offset: 0 });
+      expect(deps.findUsers).not.toHaveBeenCalled();
+    });
+
+    it('batches member lookup with $or query', async () => {
+      const user = mockUser({ idOnTheSource: 'ext-123' });
+      const group = mockGroup({ memberIds: [validUserId, 'ext-123'] });
+      const deps = createDeps({
+        findGroupById: jest.fn().mockResolvedValue(group),
+        findUsers: jest.fn().mockResolvedValue([user]),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroupMembers(req, res);
+
+      expect(deps.findUsers).toHaveBeenCalledWith(
+        {
+          $or: [
+            { idOnTheSource: { $in: [validUserId, 'ext-123'] } },
+            { _id: { $in: [validUserId] } },
+          ],
+        },
+        'name email avatar idOnTheSource',
+      );
+      expect(status).toHaveBeenCalledWith(200);
+      const members = json.mock.calls[0][0].members;
+      expect(members).toHaveLength(1);
+    });
+
+    it('skips _id condition when no valid ObjectIds in memberIds', async () => {
+      const group = mockGroup({ memberIds: ['ext-1', 'ext-2'] });
+      const deps = createDeps({
+        findGroupById: jest.fn().mockResolvedValue(group),
+        findUsers: jest.fn().mockResolvedValue([]),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroupMembers(req, res);
+
+      expect(deps.findUsers).toHaveBeenCalledWith(
+        { $or: [{ idOnTheSource: { $in: ['ext-1', 'ext-2'] } }] },
+        'name email avatar idOnTheSource',
+      );
+    });
+
+    it('falls back to memberId when user not found', async () => {
+      const group = mockGroup({ memberIds: ['unknown-member'] });
+      const deps = createDeps({
+        findGroupById: jest.fn().mockResolvedValue(group),
+        findUsers: jest.fn().mockResolvedValue([]),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroupMembers(req, res);
+
+      expect(json.mock.calls[0][0].members).toEqual([
+        { userId: 'unknown-member', name: 'unknown-member', email: '', avatarUrl: undefined },
+      ]);
+    });
+
+    it('deduplicates when identical memberId appears twice', async () => {
+      const user = mockUser({ idOnTheSource: validUserId });
+      const group = mockGroup({ memberIds: [validUserId, validUserId] });
+      const deps = createDeps({
+        findGroupById: jest.fn().mockResolvedValue(group),
+        findUsers: jest.fn().mockResolvedValue([user]),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroupMembers(req, res);
+
+      const result = json.mock.calls[0][0];
+      expect(result.members).toHaveLength(1);
+      expect(result.total).toBe(1);
+    });
+
+    it('deduplicates when objectId and idOnTheSource both present for same user', async () => {
+      const extId = 'ext-dedup-123';
+      const user = mockUser({ idOnTheSource: extId });
+      const group = mockGroup({ memberIds: [validUserId, extId] });
+      const deps = createDeps({
+        findGroupById: jest.fn().mockResolvedValue(group),
+        findUsers: jest.fn().mockResolvedValue([user]),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroupMembers(req, res);
+
+      expect(json.mock.calls[0][0].members).toHaveLength(1);
+    });
+
+    it('reports deduplicated total for duplicate memberIds', async () => {
+      const group = mockGroup({ memberIds: ['m1', 'm2', 'm1', 'm3', 'm2'] });
+      const deps = createDeps({
+        findGroupById: jest.fn().mockResolvedValue(group),
+        findUsers: jest.fn().mockResolvedValue([]),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroupMembers(req, res);
+
+      const result = json.mock.calls[0][0];
+      expect(result.total).toBe(3);
+      expect(result.members).toHaveLength(3);
+    });
+
+    it('paginates members with limit and offset', async () => {
+      const ids = ['m1', 'm2', 'm3', 'm4', 'm5'];
+      const group = mockGroup({ memberIds: ids });
+      const deps = createDeps({
+        findGroupById: jest.fn().mockResolvedValue(group),
+        findUsers: jest.fn().mockResolvedValue([]),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, json } = createReqRes({
+        params: { id: validId },
+        query: { limit: '2', offset: '1' },
+      });
+
+      await handlers.getGroupMembers(req, res);
+
+      const result = json.mock.calls[0][0];
+      expect(result.total).toBe(5);
+      expect(result.limit).toBe(2);
+      expect(result.offset).toBe(1);
+      expect(result.members).toHaveLength(2);
+      expect(result.members[0].userId).toBe('m2');
+      expect(result.members[1].userId).toBe('m3');
+    });
+
+    it('caps limit at 200', async () => {
+      const ids = Array.from({ length: 5 }, (_, i) => `m${i}`);
+      const group = mockGroup({ memberIds: ids });
+      const deps = createDeps({
+        findGroupById: jest.fn().mockResolvedValue(group),
+        findUsers: jest.fn().mockResolvedValue([]),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, json } = createReqRes({
+        params: { id: validId },
+        query: { limit: '999' },
+      });
+
+      await handlers.getGroupMembers(req, res);
+
+      const result = json.mock.calls[0][0];
+      expect(result.limit).toBe(200);
+    });
+
+    it('returns empty when offset exceeds total', async () => {
+      const group = mockGroup({ memberIds: ['m1', 'm2'] });
+      const deps = createDeps({
+        findGroupById: jest.fn().mockResolvedValue(group),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, json } = createReqRes({
+        params: { id: validId },
+        query: { offset: '10' },
+      });
+
+      await handlers.getGroupMembers(req, res);
+
+      const result = json.mock.calls[0][0];
+      expect(result.members).toHaveLength(0);
+      expect(result.total).toBe(2);
+      expect(deps.findUsers).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 for invalid group ID', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: 'nope' } });
+
+      await handlers.getGroupMembers(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid group ID format' });
+    });
+
+    it('returns 404 when group not found', async () => {
+      const deps = createDeps({ findGroupById: jest.fn().mockResolvedValue(null) });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroupMembers(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Group not found' });
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({
+        findGroupById: jest.fn().mockRejectedValue(new Error('db down')),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validId } });
+
+      await handlers.getGroupMembers(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to get group members' });
+    });
+  });
+
+  describe('addGroupMember', () => {
+    it('adds member and returns 200', async () => {
+      const group = mockGroup();
+      const deps = createDeps({
+        addUserToGroup: jest.fn().mockResolvedValue({ user: mockUser(), group }),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addGroupMember(req, res);
+
+      expect(deps.addUserToGroup).toHaveBeenCalledWith(validUserId, validId);
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ group });
+    });
+
+    it('returns 400 for invalid group ID', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: 'bad' },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid group ID format' });
+    });
+
+    it('returns 400 when userId is missing', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: {},
+      });
+
+      await handlers.addGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'userId is required' });
+    });
+
+    it('returns 400 for non-ObjectId userId', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { userId: 'not-valid' },
+      });
+
+      await handlers.addGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({
+        error: 'Only native user ObjectIds can be added via this endpoint',
+      });
+    });
+
+    it('returns 404 when addUserToGroup returns null group', async () => {
+      const deps = createDeps({
+        addUserToGroup: jest.fn().mockResolvedValue({ user: mockUser(), group: null }),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Group not found' });
+    });
+
+    it('returns 404 for "User not found" error', async () => {
+      const deps = createDeps({
+        addUserToGroup: jest.fn().mockRejectedValue(new Error('User not found')),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'User not found' });
+    });
+
+    it('returns 500 for unrelated errors', async () => {
+      const deps = createDeps({
+        addUserToGroup: jest.fn().mockRejectedValue(new Error('connection lost')),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to add member' });
+    });
+
+    it('does not misclassify errors containing "not found" substring', async () => {
+      const deps = createDeps({
+        addUserToGroup: jest.fn().mockRejectedValue(new Error('Permission not found in config')),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { id: validId },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+    });
+  });
+
+  describe('removeGroupMember', () => {
+    it('removes member and returns 200', async () => {
+      const deps = createDeps({
+        removeUserFromGroup: jest.fn().mockResolvedValue({ user: mockUser(), group: mockGroup() }),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId, userId: validUserId },
+      });
+
+      await handlers.removeGroupMember(req, res);
+
+      expect(deps.removeUserFromGroup).toHaveBeenCalledWith(validUserId, validId);
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+
+    it('returns 400 for invalid group ID', async () => {
+      const deps = createDeps();
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: 'bad', userId: validUserId },
+      });
+
+      await handlers.removeGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid group ID format' });
+    });
+
+    it('removes non-ObjectId member via removeMemberById', async () => {
+      const deps = createDeps({
+        removeMemberById: jest.fn().mockResolvedValue(mockGroup()),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId, userId: 'ent-abc-123' },
+      });
+
+      await handlers.removeGroupMember(req, res);
+
+      expect(deps.removeMemberById).toHaveBeenCalledWith(validId, 'ent-abc-123');
+      expect(deps.removeUserFromGroup).not.toHaveBeenCalled();
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+
+    it('returns 404 when removeMemberById returns null', async () => {
+      const deps = createDeps({
+        removeMemberById: jest.fn().mockResolvedValue(null),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId, userId: 'ent-abc-123' },
+      });
+
+      await handlers.removeGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Group not found' });
+    });
+
+    it('falls back to removeMemberById when ObjectId userId not found as user', async () => {
+      const deps = createDeps({
+        removeUserFromGroup: jest.fn().mockRejectedValue(new Error('User not found')),
+        removeMemberById: jest.fn().mockResolvedValue(mockGroup()),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId, userId: validUserId },
+      });
+
+      await handlers.removeGroupMember(req, res);
+
+      expect(deps.removeUserFromGroup).toHaveBeenCalledWith(validUserId, validId);
+      expect(deps.removeMemberById).toHaveBeenCalledWith(validId, validUserId);
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+
+    it('returns 404 when removeUserFromGroup returns null group', async () => {
+      const deps = createDeps({
+        removeUserFromGroup: jest.fn().mockResolvedValue({ user: mockUser(), group: null }),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId, userId: validUserId },
+      });
+
+      await handlers.removeGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Group not found' });
+    });
+
+    it('returns 404 when fallback removeMemberById also returns null', async () => {
+      const deps = createDeps({
+        removeUserFromGroup: jest.fn().mockRejectedValue(new Error('User not found')),
+        removeMemberById: jest.fn().mockResolvedValue(null),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId, userId: validUserId },
+      });
+
+      await handlers.removeGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Group not found' });
+    });
+
+    it('returns 500 for unrelated errors', async () => {
+      const deps = createDeps({
+        removeUserFromGroup: jest.fn().mockRejectedValue(new Error('timeout')),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId, userId: validUserId },
+      });
+
+      await handlers.removeGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to remove member' });
+    });
+
+    it('returns 200 when removing ObjectId member not in group (idempotent delete)', async () => {
+      const group = mockGroup({ memberIds: [] });
+      const deps = createDeps({
+        removeUserFromGroup: jest.fn().mockResolvedValue({ user: mockUser(), group }),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId, userId: validUserId },
+      });
+
+      await handlers.removeGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+
+    it('returns 200 when removing non-ObjectId member not in group (idempotent delete)', async () => {
+      const group = mockGroup({ memberIds: [] });
+      const deps = createDeps({
+        removeMemberById: jest.fn().mockResolvedValue(group),
+      });
+      const handlers = createAdminGroupsHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: validId, userId: 'ext-not-in-group' },
+      });
+
+      await handlers.removeGroupMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+  });
+});
diff --git a/packages/api/src/admin/groups.ts b/packages/api/src/admin/groups.ts
new file mode 100644
index 0000000000..41dfba6cac
--- /dev/null
+++ b/packages/api/src/admin/groups.ts
@@ -0,0 +1,475 @@
+import { Types } from 'mongoose';
+import { PrincipalType } from 'librechat-data-provider';
+import { logger, isValidObjectIdString } from '@librechat/data-schemas';
+import type {
+  IGroup,
+  IUser,
+  IConfig,
+  CreateGroupRequest,
+  UpdateGroupRequest,
+  GroupFilterOptions,
+} from '@librechat/data-schemas';
+import type { FilterQuery, ClientSession, DeleteResult } from 'mongoose';
+import type { Response } from 'express';
+import type { ValidationError } from '~/types/error';
+import type { ServerRequest } from '~/types/http';
+import { parsePagination } from './pagination';
+
+type GroupListFilter = Pick<GroupFilterOptions, 'source' | 'search'>;
+
+const VALID_GROUP_SOURCES: ReadonlySet<string> = new Set(['local', 'entra']);
+const MAX_CREATE_MEMBER_IDS = 500;
+const MAX_SEARCH_LENGTH = 200;
+const MAX_NAME_LENGTH = 500;
+const MAX_DESCRIPTION_LENGTH = 2000;
+const MAX_EMAIL_LENGTH = 500;
+const MAX_AVATAR_LENGTH = 2000;
+const MAX_EXTERNAL_ID_LENGTH = 500;
+
+interface GroupIdParams {
+  id: string;
+}
+
+interface GroupMemberParams extends GroupIdParams {
+  userId: string;
+}
+
+export interface AdminGroupsDeps {
+  listGroups: (
+    filter?: GroupListFilter & { limit?: number; offset?: number },
+    session?: ClientSession,
+  ) => Promise<IGroup[]>;
+  countGroups: (filter?: GroupListFilter, session?: ClientSession) => Promise<number>;
+  findGroupById: (
+    groupId: string | Types.ObjectId,
+    projection?: Record<string, 0 | 1>,
+    session?: ClientSession,
+  ) => Promise<IGroup | null>;
+  createGroup: (groupData: Partial<IGroup>, session?: ClientSession) => Promise<IGroup>;
+  updateGroupById: (
+    groupId: string | Types.ObjectId,
+    data: Partial<Pick<IGroup, 'name' | 'description' | 'email' | 'avatar'>>,
+    session?: ClientSession,
+  ) => Promise<IGroup | null>;
+  deleteGroup: (
+    groupId: string | Types.ObjectId,
+    session?: ClientSession,
+  ) => Promise<IGroup | null>;
+  addUserToGroup: (
+    userId: string | Types.ObjectId,
+    groupId: string | Types.ObjectId,
+    session?: ClientSession,
+  ) => Promise<{ user: IUser; group: IGroup | null }>;
+  removeUserFromGroup: (
+    userId: string | Types.ObjectId,
+    groupId: string | Types.ObjectId,
+    session?: ClientSession,
+  ) => Promise<{ user: IUser; group: IGroup | null }>;
+  removeMemberById: (
+    groupId: string | Types.ObjectId,
+    memberId: string,
+    session?: ClientSession,
+  ) => Promise<IGroup | null>;
+  findUsers: (
+    searchCriteria: FilterQuery<IUser>,
+    fieldsToSelect?: string | string[] | null,
+  ) => Promise<IUser[]>;
+  deleteConfig: (
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+  ) => Promise<IConfig | null>;
+  deleteAclEntries: (filter: {
+    principalType: PrincipalType;
+    principalId: string | Types.ObjectId;
+  }) => Promise<DeleteResult>;
+}
+
+export function createAdminGroupsHandlers(deps: AdminGroupsDeps) {
+  const {
+    listGroups,
+    countGroups,
+    findGroupById,
+    createGroup,
+    updateGroupById,
+    deleteGroup,
+    addUserToGroup,
+    removeUserFromGroup,
+    removeMemberById,
+    findUsers,
+    deleteConfig,
+    deleteAclEntries,
+  } = deps;
+
+  async function listGroupsHandler(req: ServerRequest, res: Response) {
+    try {
+      const { search, source } = req.query as { search?: string; source?: string };
+      const filter: GroupListFilter = {};
+      if (source && VALID_GROUP_SOURCES.has(source)) {
+        filter.source = source as IGroup['source'];
+      }
+      if (search && search.length > MAX_SEARCH_LENGTH) {
+        return res
+          .status(400)
+          .json({ error: `search must not exceed ${MAX_SEARCH_LENGTH} characters` });
+      }
+      if (search) {
+        filter.search = search;
+      }
+      const { limit, offset } = parsePagination(req.query);
+      const [groups, total] = await Promise.all([
+        listGroups({ ...filter, limit, offset }),
+        countGroups(filter),
+      ]);
+      return res.status(200).json({ groups, total, limit, offset });
+    } catch (error) {
+      logger.error('[adminGroups] listGroups error:', error);
+      return res.status(500).json({ error: 'Failed to list groups' });
+    }
+  }
+
+  async function getGroupHandler(req: ServerRequest, res: Response) {
+    try {
+      const { id } = req.params as GroupIdParams;
+      if (!isValidObjectIdString(id)) {
+        return res.status(400).json({ error: 'Invalid group ID format' });
+      }
+      const group = await findGroupById(id);
+      if (!group) {
+        return res.status(404).json({ error: 'Group not found' });
+      }
+      return res.status(200).json({ group });
+    } catch (error) {
+      logger.error('[adminGroups] getGroup error:', error);
+      return res.status(500).json({ error: 'Failed to get group' });
+    }
+  }
+
+  async function createGroupHandler(req: ServerRequest, res: Response) {
+    try {
+      const body = req.body as CreateGroupRequest;
+      if (!body.name || typeof body.name !== 'string' || !body.name.trim()) {
+        return res.status(400).json({ error: 'name is required' });
+      }
+      if (body.name.trim().length > MAX_NAME_LENGTH) {
+        return res
+          .status(400)
+          .json({ error: `name must not exceed ${MAX_NAME_LENGTH} characters` });
+      }
+      if (body.source && !VALID_GROUP_SOURCES.has(body.source)) {
+        return res.status(400).json({ error: 'Invalid source value' });
+      }
+      if (body.description && body.description.length > MAX_DESCRIPTION_LENGTH) {
+        return res
+          .status(400)
+          .json({ error: `description must not exceed ${MAX_DESCRIPTION_LENGTH} characters` });
+      }
+      if (body.email && body.email.length > MAX_EMAIL_LENGTH) {
+        return res
+          .status(400)
+          .json({ error: `email must not exceed ${MAX_EMAIL_LENGTH} characters` });
+      }
+      if (body.avatar && body.avatar.length > MAX_AVATAR_LENGTH) {
+        return res
+          .status(400)
+          .json({ error: `avatar must not exceed ${MAX_AVATAR_LENGTH} characters` });
+      }
+      if (body.idOnTheSource && body.idOnTheSource.length > MAX_EXTERNAL_ID_LENGTH) {
+        return res
+          .status(400)
+          .json({ error: `idOnTheSource must not exceed ${MAX_EXTERNAL_ID_LENGTH} characters` });
+      }
+
+      const rawIds = Array.isArray(body.memberIds) ? body.memberIds : [];
+      if (rawIds.length > MAX_CREATE_MEMBER_IDS) {
+        return res
+          .status(400)
+          .json({ error: `memberIds must not exceed ${MAX_CREATE_MEMBER_IDS} entries` });
+      }
+      let memberIds = rawIds;
+      const objectIds = rawIds.filter(isValidObjectIdString);
+      if (objectIds.length > 0) {
+        const users = await findUsers({ _id: { $in: objectIds } }, 'idOnTheSource');
+        const idMap = new Map<string, string>();
+        for (const user of users) {
+          const uid = user._id?.toString() ?? '';
+          idMap.set(uid, user.idOnTheSource || uid);
+        }
+        const unmapped = objectIds.filter((oid) => !idMap.has(oid));
+        if (unmapped.length > 0) {
+          logger.warn(
+            '[adminGroups] createGroup: memberIds contain unknown user ObjectIds:',
+            unmapped,
+          );
+        }
+        memberIds = rawIds.map((id) => idMap.get(id) || id);
+      }
+
+      const group = await createGroup({
+        name: body.name.trim(),
+        description: body.description,
+        email: body.email,
+        avatar: body.avatar,
+        source: body.source || 'local',
+        memberIds,
+        ...(body.idOnTheSource ? { idOnTheSource: body.idOnTheSource } : {}),
+      });
+      return res.status(201).json({ group });
+    } catch (error) {
+      if ((error as ValidationError).name === 'ValidationError') {
+        return res.status(400).json({ error: (error as ValidationError).message });
+      }
+      logger.error('[adminGroups] createGroup error:', error);
+      return res.status(500).json({ error: 'Failed to create group' });
+    }
+  }
+
+  async function updateGroupHandler(req: ServerRequest, res: Response) {
+    try {
+      const { id } = req.params as GroupIdParams;
+      if (!isValidObjectIdString(id)) {
+        return res.status(400).json({ error: 'Invalid group ID format' });
+      }
+      const body = req.body as UpdateGroupRequest;
+
+      if (
+        body.name !== undefined &&
+        (!body.name || typeof body.name !== 'string' || !body.name.trim())
+      ) {
+        return res.status(400).json({ error: 'name must be a non-empty string' });
+      }
+      if (body.name !== undefined && body.name.trim().length > MAX_NAME_LENGTH) {
+        return res
+          .status(400)
+          .json({ error: `name must not exceed ${MAX_NAME_LENGTH} characters` });
+      }
+      if (body.description !== undefined && body.description.length > MAX_DESCRIPTION_LENGTH) {
+        return res
+          .status(400)
+          .json({ error: `description must not exceed ${MAX_DESCRIPTION_LENGTH} characters` });
+      }
+      if (body.email !== undefined && body.email.length > MAX_EMAIL_LENGTH) {
+        return res
+          .status(400)
+          .json({ error: `email must not exceed ${MAX_EMAIL_LENGTH} characters` });
+      }
+      if (body.avatar !== undefined && body.avatar.length > MAX_AVATAR_LENGTH) {
+        return res
+          .status(400)
+          .json({ error: `avatar must not exceed ${MAX_AVATAR_LENGTH} characters` });
+      }
+
+      const updateData: Partial<Pick<IGroup, 'name' | 'description' | 'email' | 'avatar'>> = {};
+      if (body.name !== undefined) {
+        updateData.name = body.name.trim();
+      }
+      if (body.description !== undefined) {
+        updateData.description = body.description;
+      }
+      if (body.email !== undefined) {
+        updateData.email = body.email;
+      }
+      if (body.avatar !== undefined) {
+        updateData.avatar = body.avatar;
+      }
+
+      if (Object.keys(updateData).length === 0) {
+        return res.status(400).json({ error: 'No valid fields to update' });
+      }
+
+      const group = await updateGroupById(id, updateData);
+      if (!group) {
+        return res.status(404).json({ error: 'Group not found' });
+      }
+      return res.status(200).json({ group });
+    } catch (error) {
+      if ((error as ValidationError).name === 'ValidationError') {
+        return res.status(400).json({ error: (error as ValidationError).message });
+      }
+      logger.error('[adminGroups] updateGroup error:', error);
+      return res.status(500).json({ error: 'Failed to update group' });
+    }
+  }
+
+  async function deleteGroupHandler(req: ServerRequest, res: Response) {
+    try {
+      const { id } = req.params as GroupIdParams;
+      if (!isValidObjectIdString(id)) {
+        return res.status(400).json({ error: 'Invalid group ID format' });
+      }
+      const deleted = await deleteGroup(id);
+      if (!deleted) {
+        return res.status(404).json({ error: 'Group not found' });
+      }
+      /**
+       * deleteAclEntries is a raw deleteMany wrapper with no type casting.
+       * grantPermission stores group principalId as ObjectId, so we must
+       * cast here. deleteConfig normalizes internally.
+       */
+      const cleanupResults = await Promise.allSettled([
+        deleteConfig(PrincipalType.GROUP, id),
+        deleteAclEntries({
+          principalType: PrincipalType.GROUP,
+          principalId: new Types.ObjectId(id),
+        }),
+      ]);
+      for (const result of cleanupResults) {
+        if (result.status === 'rejected') {
+          logger.error('[adminGroups] cascade cleanup step failed for group:', id, result.reason);
+        }
+      }
+      return res.status(200).json({ success: true, id });
+    } catch (error) {
+      logger.error('[adminGroups] deleteGroup error:', error);
+      return res.status(500).json({ error: 'Failed to delete group' });
+    }
+  }
+
+  async function getGroupMembersHandler(req: ServerRequest, res: Response) {
+    try {
+      const { id } = req.params as GroupIdParams;
+      if (!isValidObjectIdString(id)) {
+        return res.status(400).json({ error: 'Invalid group ID format' });
+      }
+      const group = await findGroupById(id, { memberIds: 1 });
+      if (!group) {
+        return res.status(404).json({ error: 'Group not found' });
+      }
+
+      /**
+       * `total` counts unique raw memberId strings. After user resolution, two
+       * distinct strings may map to the same user, so `members.length` can be
+       * less than the page size. Write paths prevent this for well-formed data.
+       */
+      const allMemberIds = [...new Set(group.memberIds || [])];
+      const total = allMemberIds.length;
+      const { limit, offset } = parsePagination(req.query);
+
+      if (total === 0 || offset >= total) {
+        return res.status(200).json({ members: [], total, limit, offset });
+      }
+
+      const memberIds = allMemberIds.slice(offset, offset + limit);
+
+      const validObjectIds = memberIds.filter(isValidObjectIdString);
+      const conditions: FilterQuery<IUser>[] = [{ idOnTheSource: { $in: memberIds } }];
+      if (validObjectIds.length > 0) {
+        conditions.push({ _id: { $in: validObjectIds } });
+      }
+      const users = await findUsers({ $or: conditions }, 'name email avatar idOnTheSource');
+
+      const userMap = new Map<string, IUser>();
+      for (const user of users) {
+        if (user.idOnTheSource) {
+          userMap.set(user.idOnTheSource, user);
+        }
+        if (user._id) {
+          userMap.set(user._id.toString(), user);
+        }
+      }
+
+      const seen = new Set<string>();
+      const members: { userId: string; name: string; email: string; avatarUrl?: string }[] = [];
+      for (const memberId of memberIds) {
+        const user = userMap.get(memberId);
+        const userId = user?._id?.toString() ?? memberId;
+        if (seen.has(userId)) {
+          continue;
+        }
+        seen.add(userId);
+        members.push({
+          userId,
+          name: user?.name ?? memberId,
+          email: user?.email ?? '',
+          avatarUrl: user?.avatar,
+        });
+      }
+
+      return res.status(200).json({ members, total, limit, offset });
+    } catch (error) {
+      logger.error('[adminGroups] getGroupMembers error:', error);
+      return res.status(500).json({ error: 'Failed to get group members' });
+    }
+  }
+
+  async function addGroupMemberHandler(req: ServerRequest, res: Response) {
+    try {
+      const { id } = req.params as GroupIdParams;
+      if (!isValidObjectIdString(id)) {
+        return res.status(400).json({ error: 'Invalid group ID format' });
+      }
+      const { userId } = req.body as { userId: string };
+      if (!userId || typeof userId !== 'string') {
+        return res.status(400).json({ error: 'userId is required' });
+      }
+      if (!isValidObjectIdString(userId)) {
+        return res
+          .status(400)
+          .json({ error: 'Only native user ObjectIds can be added via this endpoint' });
+      }
+
+      const { group } = await addUserToGroup(userId, id);
+      if (!group) {
+        return res.status(404).json({ error: 'Group not found' });
+      }
+      return res.status(200).json({ group });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : '';
+      const isNotFound = message === 'User not found' || message.startsWith('User not found:');
+      if (isNotFound) {
+        return res.status(404).json({ error: 'User not found' });
+      }
+      logger.error('[adminGroups] addGroupMember error:', error);
+      return res.status(500).json({ error: 'Failed to add member' });
+    }
+  }
+
+  /**
+   * Attempt removal of an ObjectId-format member: first via removeUserFromGroup
+   * (which resolves the user), falling back to a raw $pull if the user record
+   * no longer exists. Returns null only when the group itself is not found.
+   */
+  async function removeObjectIdMember(groupId: string, userId: string): Promise<IGroup | null> {
+    try {
+      const { group } = await removeUserFromGroup(userId, groupId);
+      return group;
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : '';
+      if (msg === 'User not found' || msg.startsWith('User not found:')) {
+        return removeMemberById(groupId, userId);
+      }
+      throw err;
+    }
+  }
+
+  async function removeGroupMemberHandler(req: ServerRequest, res: Response) {
+    try {
+      const { id, userId } = req.params as GroupMemberParams;
+      if (!isValidObjectIdString(id)) {
+        return res.status(400).json({ error: 'Invalid group ID format' });
+      }
+
+      const group = isValidObjectIdString(userId)
+        ? await removeObjectIdMember(id, userId)
+        : await removeMemberById(id, userId);
+
+      if (!group) {
+        return res.status(404).json({ error: 'Group not found' });
+      }
+      return res.status(200).json({ success: true });
+    } catch (error) {
+      logger.error('[adminGroups] removeGroupMember error:', error);
+      return res.status(500).json({ error: 'Failed to remove member' });
+    }
+  }
+
+  return {
+    listGroups: listGroupsHandler,
+    getGroup: getGroupHandler,
+    createGroup: createGroupHandler,
+    updateGroup: updateGroupHandler,
+    deleteGroup: deleteGroupHandler,
+    getGroupMembers: getGroupMembersHandler,
+    addGroupMember: addGroupMemberHandler,
+    removeGroupMember: removeGroupMemberHandler,
+  };
+}
diff --git a/packages/api/src/admin/index.ts b/packages/api/src/admin/index.ts
new file mode 100644
index 0000000000..038ca23915
--- /dev/null
+++ b/packages/api/src/admin/index.ts
@@ -0,0 +1,10 @@
+export { createAdminConfigHandlers } from './config';
+export { createAdminGrantsHandlers } from './grants';
+export { createAdminGroupsHandlers } from './groups';
+export { createAdminRolesHandlers } from './roles';
+export { createAdminUsersHandlers } from './users';
+export type { AdminConfigDeps } from './config';
+export type { AdminGrantsDeps, GrantPrincipalType } from './grants';
+export type { AdminGroupsDeps } from './groups';
+export type { AdminRolesDeps } from './roles';
+export type { AdminUsersDeps } from './users';
diff --git a/packages/api/src/admin/pagination.ts b/packages/api/src/admin/pagination.ts
new file mode 100644
index 0000000000..69003f0418
--- /dev/null
+++ b/packages/api/src/admin/pagination.ts
@@ -0,0 +1,17 @@
+export const DEFAULT_PAGE_LIMIT = 50;
+export const MAX_PAGE_LIMIT = 200;
+
+export function parsePagination(query: { limit?: string; offset?: string }): {
+  limit: number;
+  offset: number;
+} {
+  const rawLimit = parseInt(query.limit ?? '', 10);
+  const rawOffset = parseInt(query.offset ?? '', 10);
+  return {
+    limit: Math.min(
+      Math.max(Number.isNaN(rawLimit) ? DEFAULT_PAGE_LIMIT : rawLimit, 1),
+      MAX_PAGE_LIMIT,
+    ),
+    offset: Math.max(Number.isNaN(rawOffset) ? 0 : rawOffset, 0),
+  };
+}
diff --git a/packages/api/src/admin/roles.spec.ts b/packages/api/src/admin/roles.spec.ts
new file mode 100644
index 0000000000..edbd14ba0b
--- /dev/null
+++ b/packages/api/src/admin/roles.spec.ts
@@ -0,0 +1,1564 @@
+import { Types } from 'mongoose';
+import { PrincipalType, SystemRoles } from 'librechat-data-provider';
+import type { IRole, IUser } from '@librechat/data-schemas';
+import type { Response } from 'express';
+import type { ServerRequest } from '~/types/http';
+import type { AdminRolesDeps } from './roles';
+import { createAdminRolesHandlers } from './roles';
+
+const { RoleConflictError } = jest.requireActual('@librechat/data-schemas');
+
+jest.mock('@librechat/data-schemas', () => ({
+  ...jest.requireActual('@librechat/data-schemas'),
+  logger: { error: jest.fn(), warn: jest.fn(), info: jest.fn(), debug: jest.fn() },
+}));
+
+const validUserId = new Types.ObjectId().toString();
+
+function mockRole(overrides: Partial<IRole> = {}): IRole {
+  return {
+    name: 'editor',
+    description: 'Can edit content',
+    permissions: {},
+    ...overrides,
+  } as IRole;
+}
+
+function mockUser(overrides: Partial<IUser> = {}): IUser {
+  return {
+    _id: new Types.ObjectId(validUserId),
+    name: 'Test User',
+    email: 'test@example.com',
+    avatar: 'https://example.com/avatar.png',
+    role: 'editor',
+    ...overrides,
+  } as IUser;
+}
+
+function createReqRes(
+  overrides: {
+    params?: Record<string, string>;
+    query?: Record<string, string>;
+    body?: Record<string, unknown>;
+    user?: { _id: Types.ObjectId; role: string; tenantId?: string };
+  } = {},
+) {
+  const req = {
+    params: overrides.params ?? {},
+    query: overrides.query ?? {},
+    body: overrides.body ?? {},
+    user: overrides.user,
+  } as unknown as ServerRequest;
+
+  const json = jest.fn();
+  const status = jest.fn().mockReturnValue({ json });
+  const res = { status, json } as unknown as Response;
+
+  return { req, res, status, json };
+}
+
+function createDeps(overrides: Partial<AdminRolesDeps> = {}): AdminRolesDeps {
+  return {
+    listRoles: jest.fn().mockResolvedValue([]),
+    countRoles: jest.fn().mockResolvedValue(0),
+    getRoleByName: jest.fn().mockResolvedValue(null),
+    createRoleByName: jest.fn().mockResolvedValue(mockRole()),
+    updateRoleByName: jest.fn().mockResolvedValue(mockRole()),
+    updateAccessPermissions: jest.fn().mockResolvedValue(undefined),
+    deleteRoleByName: jest.fn().mockResolvedValue(mockRole()),
+    findUser: jest.fn().mockResolvedValue(null),
+    updateUser: jest.fn().mockResolvedValue(mockUser()),
+    updateUsersByRole: jest.fn().mockResolvedValue(undefined),
+    findUserIdsByRole: jest.fn().mockResolvedValue(['uid-1', 'uid-2']),
+    updateUsersRoleByIds: jest.fn().mockResolvedValue(undefined),
+    listUsersByRole: jest.fn().mockResolvedValue([]),
+    countUsersByRole: jest.fn().mockResolvedValue(0),
+    deleteConfig: jest.fn().mockResolvedValue(null),
+    deleteAclEntries: jest.fn().mockResolvedValue(undefined),
+    deleteGrantsForPrincipal: jest.fn().mockResolvedValue(undefined),
+    ...overrides,
+  };
+}
+
+describe('createAdminRolesHandlers', () => {
+  describe('listRoles', () => {
+    it('returns paginated roles with 200', async () => {
+      const roles = [mockRole()];
+      const deps = createDeps({
+        listRoles: jest.fn().mockResolvedValue(roles),
+        countRoles: jest.fn().mockResolvedValue(1),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listRoles(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ roles, total: 1, limit: 50, offset: 0 });
+      expect(deps.listRoles).toHaveBeenCalledWith({ limit: 50, offset: 0 });
+    });
+
+    it('passes custom limit and offset from query', async () => {
+      const deps = createDeps({
+        countRoles: jest.fn().mockResolvedValue(100),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        query: { limit: '25', offset: '50' },
+      });
+
+      await handlers.listRoles(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ roles: [], total: 100, limit: 25, offset: 50 });
+      expect(deps.listRoles).toHaveBeenCalledWith({ limit: 25, offset: 50 });
+    });
+
+    it('clamps limit to 200', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res } = createReqRes({ query: { limit: '999' } });
+
+      await handlers.listRoles(req, res);
+
+      expect(deps.listRoles).toHaveBeenCalledWith({ limit: 200, offset: 0 });
+    });
+
+    it('clamps negative offset to 0', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res } = createReqRes({ query: { offset: '-5' } });
+
+      await handlers.listRoles(req, res);
+
+      expect(deps.listRoles).toHaveBeenCalledWith({ limit: 50, offset: 0 });
+    });
+
+    it('treats non-numeric limit as default', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res } = createReqRes({ query: { limit: 'abc' } });
+
+      await handlers.listRoles(req, res);
+
+      expect(deps.listRoles).toHaveBeenCalledWith({ limit: 50, offset: 0 });
+    });
+
+    it('clamps limit=0 to 1', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res } = createReqRes({ query: { limit: '0' } });
+
+      await handlers.listRoles(req, res);
+
+      expect(deps.listRoles).toHaveBeenCalledWith({ limit: 1, offset: 0 });
+    });
+
+    it('truncates float offset to integer', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res } = createReqRes({ query: { offset: '1.7' } });
+
+      await handlers.listRoles(req, res);
+
+      expect(deps.listRoles).toHaveBeenCalledWith({ limit: 50, offset: 1 });
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({ listRoles: jest.fn().mockRejectedValue(new Error('db down')) });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listRoles(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to list roles' });
+    });
+  });
+
+  describe('getRole', () => {
+    it('returns role with 200', async () => {
+      const role = mockRole();
+      const deps = createDeps({ getRoleByName: jest.fn().mockResolvedValue(role) });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: 'editor' } });
+
+      await handlers.getRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ role });
+    });
+
+    it('returns 404 when role not found', async () => {
+      const deps = createDeps({ getRoleByName: jest.fn().mockResolvedValue(null) });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: 'nonexistent' } });
+
+      await handlers.getRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Role not found' });
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockRejectedValue(new Error('db down')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: 'editor' } });
+
+      await handlers.getRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to get role' });
+    });
+  });
+
+  describe('createRole', () => {
+    it('creates role and returns 201', async () => {
+      const role = mockRole();
+      const deps = createDeps({ createRoleByName: jest.fn().mockResolvedValue(role) });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'editor', description: 'Can edit' },
+      });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(201);
+      expect(json).toHaveBeenCalledWith({ role });
+      expect(deps.createRoleByName).toHaveBeenCalledWith({
+        name: 'editor',
+        description: 'Can edit',
+        permissions: {},
+      });
+    });
+
+    it('passes provided permissions to createRoleByName', async () => {
+      const perms = { chat: { read: true, write: false } } as unknown as IRole['permissions'];
+      const role = mockRole({ permissions: perms });
+      const deps = createDeps({ createRoleByName: jest.fn().mockResolvedValue(role) });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'editor', permissions: perms },
+      });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(201);
+      expect(json).toHaveBeenCalledWith({ role });
+      expect(deps.createRoleByName).toHaveBeenCalledWith({
+        name: 'editor',
+        permissions: perms,
+      });
+    });
+
+    it('returns 400 when name is missing', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: {} });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name is required' });
+      expect(deps.createRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when name is whitespace-only', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: { name: '   ' } });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name is required' });
+    });
+
+    it('returns 400 when name contains control characters', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: { name: 'bad\x00name' } });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name contains invalid characters' });
+      expect(deps.createRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when name is a reserved path segment', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: { name: 'members' } });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name is a reserved path segment' });
+      expect(deps.createRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when name exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'a'.repeat(501) },
+      });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name must not exceed 500 characters' });
+      expect(deps.createRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when description exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'editor', description: 'a'.repeat(2001) },
+      });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({
+        error: 'description must not exceed 2000 characters',
+      });
+      expect(deps.createRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('returns 409 when role already exists', async () => {
+      const deps = createDeps({
+        createRoleByName: jest
+          .fn()
+          .mockRejectedValue(new RoleConflictError('Role "editor" already exists')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: { name: 'editor' } });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(409);
+      expect(json).toHaveBeenCalledWith({ error: 'Role "editor" already exists' });
+    });
+
+    it('returns 409 when name is reserved system role', async () => {
+      const deps = createDeps({
+        createRoleByName: jest
+          .fn()
+          .mockRejectedValue(
+            new RoleConflictError('Cannot create role with reserved system name: ADMIN'),
+          ),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: { name: 'ADMIN' } });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(409);
+      expect(json).toHaveBeenCalledWith({
+        error: 'Cannot create role with reserved system name: ADMIN',
+      });
+    });
+
+    it('returns 500 on unexpected error', async () => {
+      const deps = createDeps({
+        createRoleByName: jest.fn().mockRejectedValue(new Error('db crash')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ body: { name: 'editor' } });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to create role' });
+    });
+
+    it('does not classify unrelated errors as 409', async () => {
+      const deps = createDeps({
+        createRoleByName: jest
+          .fn()
+          .mockRejectedValue(new Error('Disk space reserved for system use')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status } = createReqRes({ body: { name: 'test' } });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+    });
+
+    it('returns 400 when description is not a string', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'editor', description: 123 },
+      });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'description must be a string' });
+      expect(deps.createRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when permissions is an array', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        body: { name: 'editor', permissions: [1, 2, 3] },
+      });
+
+      await handlers.createRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'permissions must be an object' });
+      expect(deps.createRoleByName).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('updateRole', () => {
+    it('updates role and returns 200', async () => {
+      const role = mockRole({ name: 'senior-editor' });
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValueOnce(mockRole()).mockResolvedValueOnce(null),
+        updateRoleByName: jest.fn().mockResolvedValue(role),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: 'senior-editor' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ role });
+      expect(deps.updateRoleByName).toHaveBeenCalledWith('editor', { name: 'senior-editor' });
+    });
+
+    it('trims name before storage', async () => {
+      const role = mockRole({ name: 'trimmed' });
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValueOnce(mockRole()).mockResolvedValueOnce(null),
+        updateRoleByName: jest.fn().mockResolvedValue(role),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: '  trimmed  ' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(deps.updateRoleByName).toHaveBeenCalledWith('editor', { name: 'trimmed' });
+    });
+
+    it('migrates users before renaming role', async () => {
+      const role = mockRole({ name: 'new-name' });
+      const callOrder: string[] = [];
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValueOnce(mockRole()).mockResolvedValueOnce(null),
+        findUserIdsByRole: jest.fn().mockImplementation(() => {
+          callOrder.push('findUserIdsByRole');
+          return Promise.resolve(['uid-1']);
+        }),
+        updateUsersByRole: jest.fn().mockImplementation(() => {
+          callOrder.push('updateUsersByRole');
+          return Promise.resolve();
+        }),
+        updateRoleByName: jest.fn().mockImplementation(() => {
+          callOrder.push('updateRoleByName');
+          return Promise.resolve(role);
+        }),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: 'new-name' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.findUserIdsByRole).toHaveBeenCalledWith('editor');
+      expect(deps.updateUsersByRole).toHaveBeenCalledWith('editor', 'new-name');
+      expect(callOrder).toEqual(['findUserIdsByRole', 'updateUsersByRole', 'updateRoleByName']);
+    });
+
+    it('does not rename role when user migration fails', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValueOnce(mockRole()).mockResolvedValueOnce(null),
+        updateUsersByRole: jest.fn().mockRejectedValue(new Error('migration failed')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: 'new-name' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(deps.updateRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('does not migrate users when name unchanged', async () => {
+      const role = mockRole({ description: 'updated' });
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        updateRoleByName: jest.fn().mockResolvedValue(role),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res } = createReqRes({
+        params: { name: 'editor' },
+        body: { description: 'updated' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(deps.updateUsersByRole).not.toHaveBeenCalled();
+    });
+
+    it('renames and updates description in a single request', async () => {
+      const role = mockRole({ name: 'senior-editor', description: 'Updated desc' });
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValueOnce(mockRole()).mockResolvedValueOnce(null),
+        updateRoleByName: jest.fn().mockResolvedValue(role),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: 'senior-editor', description: 'Updated desc' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ role });
+      expect(deps.updateUsersByRole).toHaveBeenCalledWith('editor', 'senior-editor');
+      expect(deps.updateRoleByName).toHaveBeenCalledWith('editor', {
+        name: 'senior-editor',
+        description: 'Updated desc',
+      });
+    });
+
+    it('returns 403 when renaming a system role', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: SystemRoles.ADMIN },
+        body: { name: 'custom-admin' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(403);
+      expect(json).toHaveBeenCalledWith({ error: 'Cannot rename system role' });
+      expect(deps.getRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('returns 403 when renaming to a system role name', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: SystemRoles.ADMIN },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(403);
+      expect(json).toHaveBeenCalledWith({ error: 'Cannot use a reserved system role name' });
+    });
+
+    it('returns 409 when target name already exists', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: 'viewer' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(409);
+      expect(json).toHaveBeenCalledWith({ error: 'Role "viewer" already exists' });
+    });
+
+    it('returns 400 when name is empty string', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: '' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name must be a non-empty string' });
+      expect(deps.getRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when name is whitespace-only', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: '   ' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name must be a non-empty string' });
+    });
+
+    it('returns 400 when name exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: 'a'.repeat(501) },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'name must not exceed 500 characters' });
+      expect(deps.getRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('returns 404 when role not found', async () => {
+      const deps = createDeps({ getRoleByName: jest.fn().mockResolvedValue(null) });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'nonexistent' },
+        body: { description: 'updated' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Role not found' });
+    });
+
+    it('returns 404 when updateRoleByName returns null', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        updateRoleByName: jest.fn().mockResolvedValue(null),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { description: 'updated' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Role not found' });
+    });
+
+    it('rolls back user migration when rename fails', async () => {
+      const ids = ['uid-1', 'uid-2'];
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValueOnce(mockRole()).mockResolvedValueOnce(null),
+        findUserIdsByRole: jest.fn().mockResolvedValue(ids),
+        updateRoleByName: jest.fn().mockResolvedValue(null),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: 'new-name' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Role not found' });
+      expect(deps.updateUsersByRole).toHaveBeenCalledTimes(1);
+      expect(deps.updateUsersByRole).toHaveBeenCalledWith('editor', 'new-name');
+      expect(deps.updateUsersRoleByIds).toHaveBeenCalledWith(ids, 'editor');
+    });
+
+    it('rolls back user migration when rename throws', async () => {
+      const ids = ['uid-1', 'uid-2'];
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValueOnce(mockRole()).mockResolvedValueOnce(null),
+        findUserIdsByRole: jest.fn().mockResolvedValue(ids),
+        updateRoleByName: jest.fn().mockRejectedValue(new Error('db crash')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: 'new-name' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(deps.updateUsersByRole).toHaveBeenCalledTimes(1);
+      expect(deps.updateUsersByRole).toHaveBeenCalledWith('editor', 'new-name');
+      expect(deps.updateUsersRoleByIds).toHaveBeenCalledWith(ids, 'editor');
+    });
+
+    it('logs rollback failure and still returns 500', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValueOnce(mockRole()).mockResolvedValueOnce(null),
+        findUserIdsByRole: jest.fn().mockResolvedValue(['uid-1']),
+        updateUsersRoleByIds: jest.fn().mockRejectedValue(new Error('rollback failed')),
+        updateRoleByName: jest.fn().mockRejectedValue(new Error('rename failed')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: 'new-name' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(deps.updateUsersByRole).toHaveBeenCalledTimes(1);
+      expect(deps.updateUsersRoleByIds).toHaveBeenCalledTimes(1);
+    });
+
+    it('returns 400 when description exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { description: 'a'.repeat(2001) },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({
+        error: 'description must not exceed 2000 characters',
+      });
+      expect(deps.getRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('returns 500 on unexpected error', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        updateRoleByName: jest.fn().mockRejectedValue(new Error('db error')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { description: 'updated' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to update role' });
+    });
+
+    it('does not roll back when error occurs before user migration', async () => {
+      const deps = createDeps({
+        getRoleByName: jest
+          .fn()
+          .mockResolvedValueOnce(mockRole())
+          .mockRejectedValueOnce(new Error('db crash')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: 'new-name' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(deps.updateUsersByRole).not.toHaveBeenCalled();
+    });
+
+    it('does not migrate users when findUserIdsByRole throws', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValueOnce(mockRole()).mockResolvedValueOnce(null),
+        findUserIdsByRole: jest.fn().mockRejectedValue(new Error('db crash')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { name: 'editor' },
+        body: { name: 'new-name' },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(deps.updateUsersByRole).not.toHaveBeenCalled();
+      expect(deps.updateUsersRoleByIds).not.toHaveBeenCalled();
+    });
+
+    it('returns existing role early when update body has no changes', async () => {
+      const role = mockRole();
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(role),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: {},
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ role });
+      expect(deps.updateRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('rejects invalid description before making DB calls', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { description: 123 },
+      });
+
+      await handlers.updateRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'description must be a string' });
+      expect(deps.getRoleByName).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('updateRolePermissions', () => {
+    it('updates permissions and returns 200 with updated role', async () => {
+      const role = mockRole();
+      const updatedRole = mockRole({
+        permissions: { chat: { read: true, write: true } } as IRole['permissions'],
+      });
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValueOnce(role).mockResolvedValueOnce(updatedRole),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const perms = { chat: { read: true, write: true } };
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { permissions: perms },
+      });
+
+      await handlers.updateRolePermissions(req, res);
+
+      expect(deps.updateAccessPermissions).toHaveBeenCalledWith('editor', perms, role);
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ role: updatedRole });
+    });
+
+    it('returns 400 when permissions is missing', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: {},
+      });
+
+      await handlers.updateRolePermissions(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'permissions object is required' });
+    });
+
+    it('returns 400 when permissions is an array', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { permissions: [1, 2, 3] },
+      });
+
+      await handlers.updateRolePermissions(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'permissions object is required' });
+    });
+
+    it('returns 404 when role not found', async () => {
+      const deps = createDeps({ getRoleByName: jest.fn().mockResolvedValue(null) });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'nonexistent' },
+        body: { permissions: { chat: { read: true } } },
+      });
+
+      await handlers.updateRolePermissions(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Role not found' });
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        updateAccessPermissions: jest.fn().mockRejectedValue(new Error('db down')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { permissions: { chat: { read: true } } },
+      });
+
+      await handlers.updateRolePermissions(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to update role permissions' });
+    });
+  });
+
+  describe('deleteRole', () => {
+    it('deletes role and returns 200', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: 'editor' } });
+
+      await handlers.deleteRole(req, res);
+
+      expect(deps.deleteRoleByName).toHaveBeenCalledWith('editor');
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+
+    it('cleans up grants after successful deletion', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status } = createReqRes({ params: { name: 'editor' } });
+
+      await handlers.deleteRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.deleteConfig).toHaveBeenCalledWith(PrincipalType.ROLE, 'editor');
+      expect(deps.deleteAclEntries).toHaveBeenCalledWith({
+        principalType: PrincipalType.ROLE,
+        principalId: 'editor',
+      });
+      expect(deps.deleteGrantsForPrincipal).toHaveBeenCalledWith(PrincipalType.ROLE, 'editor', {
+        tenantId: undefined,
+      });
+    });
+
+    it('passes tenantId to grant cleanup', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { name: 'editor' },
+        user: { _id: new Types.ObjectId(), role: 'admin', tenantId: 'tenant-1' },
+      });
+
+      await handlers.deleteRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.deleteGrantsForPrincipal).toHaveBeenCalledWith(PrincipalType.ROLE, 'editor', {
+        tenantId: 'tenant-1',
+      });
+    });
+
+    it('does not clean up when role not found', async () => {
+      const deps = createDeps({ deleteRoleByName: jest.fn().mockResolvedValue(null) });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status } = createReqRes({ params: { name: 'nonexistent' } });
+
+      await handlers.deleteRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(deps.deleteConfig).not.toHaveBeenCalled();
+      expect(deps.deleteAclEntries).not.toHaveBeenCalled();
+      expect(deps.deleteGrantsForPrincipal).not.toHaveBeenCalled();
+    });
+
+    it('succeeds even when grant cleanup fails', async () => {
+      const deps = createDeps({
+        deleteGrantsForPrincipal: jest.fn().mockRejectedValue(new Error('cleanup failed')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: 'editor' } });
+
+      await handlers.deleteRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+
+    it('succeeds even when all cascade operations fail', async () => {
+      const deps = createDeps({
+        deleteConfig: jest.fn().mockRejectedValue(new Error('config cleanup failed')),
+        deleteAclEntries: jest.fn().mockRejectedValue(new Error('acl cleanup failed')),
+        deleteGrantsForPrincipal: jest.fn().mockRejectedValue(new Error('grant cleanup failed')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: 'editor' } });
+
+      await handlers.deleteRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+
+    it('returns 403 for system role', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: SystemRoles.ADMIN } });
+
+      await handlers.deleteRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(403);
+      expect(json).toHaveBeenCalledWith({ error: 'Cannot delete system role' });
+      expect(deps.deleteRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('returns 404 when role not found', async () => {
+      const deps = createDeps({ deleteRoleByName: jest.fn().mockResolvedValue(null) });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: 'nonexistent' } });
+
+      await handlers.deleteRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Role not found' });
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({
+        deleteRoleByName: jest.fn().mockRejectedValue(new Error('db down')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: 'editor' } });
+
+      await handlers.deleteRole(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to delete role' });
+    });
+  });
+
+  describe('getRoleMembers', () => {
+    it('returns paginated members with 200', async () => {
+      const user = mockUser();
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        listUsersByRole: jest.fn().mockResolvedValue([user]),
+        countUsersByRole: jest.fn().mockResolvedValue(1),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: 'editor' } });
+
+      await handlers.getRoleMembers(req, res);
+
+      expect(deps.listUsersByRole).toHaveBeenCalledWith('editor', { limit: 50, offset: 0 });
+      expect(deps.countUsersByRole).toHaveBeenCalledWith('editor');
+      expect(status).toHaveBeenCalledWith(200);
+      const response = json.mock.calls[0][0];
+      expect(response.members).toHaveLength(1);
+      expect(response.members[0]).toEqual({
+        userId: validUserId,
+        name: 'Test User',
+        email: 'test@example.com',
+        avatarUrl: 'https://example.com/avatar.png',
+      });
+      expect(response.total).toBe(1);
+      expect(response.limit).toBe(50);
+      expect(response.offset).toBe(0);
+    });
+
+    it('passes pagination parameters from query', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        countUsersByRole: jest.fn().mockResolvedValue(0),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res } = createReqRes({
+        params: { name: 'editor' },
+        query: { limit: '10', offset: '20' },
+      });
+
+      await handlers.getRoleMembers(req, res);
+
+      expect(deps.listUsersByRole).toHaveBeenCalledWith('editor', { limit: 10, offset: 20 });
+    });
+
+    it('clamps limit to 200', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        countUsersByRole: jest.fn().mockResolvedValue(0),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res } = createReqRes({
+        params: { name: 'editor' },
+        query: { limit: '999' },
+      });
+
+      await handlers.getRoleMembers(req, res);
+
+      expect(deps.listUsersByRole).toHaveBeenCalledWith('editor', { limit: 200, offset: 0 });
+    });
+
+    it('does not include joinedAt in response', async () => {
+      const user = mockUser();
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        listUsersByRole: jest.fn().mockResolvedValue([user]),
+        countUsersByRole: jest.fn().mockResolvedValue(1),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, json } = createReqRes({ params: { name: 'editor' } });
+
+      await handlers.getRoleMembers(req, res);
+
+      const member = json.mock.calls[0][0].members[0];
+      expect(member).not.toHaveProperty('joinedAt');
+    });
+
+    it('returns empty array when no members', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        countUsersByRole: jest.fn().mockResolvedValue(0),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: 'editor' } });
+
+      await handlers.getRoleMembers(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ members: [], total: 0, limit: 50, offset: 0 });
+    });
+
+    it('returns 404 when role not found', async () => {
+      const deps = createDeps({ getRoleByName: jest.fn().mockResolvedValue(null) });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: 'nonexistent' } });
+
+      await handlers.getRoleMembers(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Role not found' });
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        listUsersByRole: jest.fn().mockRejectedValue(new Error('db down')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { name: 'editor' } });
+
+      await handlers.getRoleMembers(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to get role members' });
+    });
+  });
+
+  describe('addRoleMember', () => {
+    it('adds member and returns 200', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: 'viewer' })),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addRoleMember(req, res);
+
+      expect(deps.updateUser).toHaveBeenCalledWith(validUserId, { role: 'editor' });
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+
+    it('skips DB write when user already has the target role', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: 'editor' })),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+      expect(deps.updateUser).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when userId is missing', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: {},
+      });
+
+      await handlers.addRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'userId is required' });
+    });
+
+    it('returns 400 for invalid ObjectId', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { userId: 'not-valid' },
+      });
+
+      await handlers.addRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid user ID format' });
+    });
+
+    it('returns 404 when role not found', async () => {
+      const deps = createDeps({ getRoleByName: jest.fn().mockResolvedValue(null) });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'nonexistent' },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Role not found' });
+    });
+
+    it('returns 404 when user not found', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        findUser: jest.fn().mockResolvedValue(null),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'User not found' });
+    });
+
+    it('returns 400 when reassigning the last admin to another role', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole({ name: 'editor' })),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: SystemRoles.ADMIN })),
+        countUsersByRole: jest.fn().mockResolvedValue(1),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Cannot remove the last admin user' });
+      expect(deps.updateUser).not.toHaveBeenCalled();
+    });
+
+    it('allows reassigning an admin when multiple admins exist', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole({ name: 'editor' })),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: SystemRoles.ADMIN })),
+        countUsersByRole: jest.fn().mockResolvedValue(3),
+        updateUser: jest.fn().mockResolvedValue(mockUser({ role: 'editor' })),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status } = createReqRes({
+        params: { name: 'editor' },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.updateUser).toHaveBeenCalledWith(validUserId, { role: 'editor' });
+    });
+
+    it('rolls back assignment when post-write admin count is zero', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole({ name: 'editor' })),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: SystemRoles.ADMIN })),
+        countUsersByRole: jest.fn().mockResolvedValueOnce(2).mockResolvedValueOnce(0),
+        updateUser: jest.fn().mockResolvedValue(mockUser()),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addRoleMember(req, res);
+
+      expect(deps.updateUser).toHaveBeenCalledTimes(2);
+      expect(deps.updateUser).toHaveBeenLastCalledWith(validUserId, { role: SystemRoles.ADMIN });
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Cannot remove the last admin user' });
+    });
+
+    it('returns 403 when adding to a non-ADMIN system role', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: SystemRoles.USER },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(403);
+      expect(json).toHaveBeenCalledWith({
+        error: 'Cannot directly assign members to a system role',
+      });
+      expect(deps.updateUser).not.toHaveBeenCalled();
+    });
+
+    it('allows promoting a non-admin user to the ADMIN role', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole({ name: SystemRoles.ADMIN })),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: 'editor' })),
+        updateUser: jest.fn().mockResolvedValue(mockUser({ role: SystemRoles.ADMIN })),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: SystemRoles.ADMIN },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addRoleMember(req, res);
+
+      expect(deps.updateUser).toHaveBeenCalledWith(validUserId, { role: SystemRoles.ADMIN });
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+
+    it('returns 500 on unexpected error', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: 'viewer' })),
+        updateUser: jest.fn().mockRejectedValue(new Error('timeout')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor' },
+        body: { userId: validUserId },
+      });
+
+      await handlers.addRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to add role member' });
+    });
+  });
+
+  describe('removeRoleMember', () => {
+    it('removes member and returns 200', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: 'editor' })),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor', userId: validUserId },
+      });
+
+      await handlers.removeRoleMember(req, res);
+
+      expect(deps.updateUser).toHaveBeenCalledWith(validUserId, { role: SystemRoles.USER });
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+    });
+
+    it('returns 403 when removing from a non-ADMIN system role', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: SystemRoles.USER, userId: validUserId },
+      });
+
+      await handlers.removeRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(403);
+      expect(json).toHaveBeenCalledWith({ error: 'Cannot remove members from a system role' });
+      expect(deps.getRoleByName).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 for invalid ObjectId', async () => {
+      const deps = createDeps();
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor', userId: 'bad' },
+      });
+
+      await handlers.removeRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid user ID format' });
+      expect(deps.findUser).not.toHaveBeenCalled();
+    });
+
+    it('returns 404 when role not found', async () => {
+      const deps = createDeps({ getRoleByName: jest.fn().mockResolvedValue(null) });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'nonexistent', userId: validUserId },
+      });
+
+      await handlers.removeRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'Role not found' });
+      expect(deps.findUser).not.toHaveBeenCalled();
+    });
+
+    it('returns 404 when user not found', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        findUser: jest.fn().mockResolvedValue(null),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor', userId: validUserId },
+      });
+
+      await handlers.removeRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'User not found' });
+    });
+
+    it('returns 400 when user is not a member of the role', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: 'other-role' })),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor', userId: validUserId },
+      });
+
+      await handlers.removeRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'User is not a member of this role' });
+      expect(deps.updateUser).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when removing the last admin user', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole({ name: SystemRoles.ADMIN })),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: SystemRoles.ADMIN })),
+        countUsersByRole: jest.fn().mockResolvedValue(1),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: SystemRoles.ADMIN, userId: validUserId },
+      });
+
+      await handlers.removeRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Cannot remove the last admin user' });
+      expect(deps.updateUser).not.toHaveBeenCalled();
+    });
+
+    it('allows removing an admin when multiple admins exist', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole({ name: SystemRoles.ADMIN })),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: SystemRoles.ADMIN })),
+        countUsersByRole: jest.fn().mockResolvedValue(3),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: SystemRoles.ADMIN, userId: validUserId },
+      });
+
+      await handlers.removeRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ success: true });
+      expect(deps.updateUser).toHaveBeenCalledWith(validUserId, { role: SystemRoles.USER });
+    });
+
+    it('rolls back removal when post-write check finds zero admins', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole({ name: SystemRoles.ADMIN })),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: SystemRoles.ADMIN })),
+        countUsersByRole: jest.fn().mockResolvedValueOnce(2).mockResolvedValueOnce(0),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: SystemRoles.ADMIN, userId: validUserId },
+      });
+
+      await handlers.removeRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Cannot remove the last admin user' });
+      expect(deps.updateUser).toHaveBeenCalledTimes(2);
+      expect(deps.updateUser).toHaveBeenNthCalledWith(1, validUserId, {
+        role: SystemRoles.USER,
+      });
+      expect(deps.updateUser).toHaveBeenNthCalledWith(2, validUserId, {
+        role: SystemRoles.ADMIN,
+      });
+    });
+
+    it('returns 400 even when rollback updateUser throws', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole({ name: SystemRoles.ADMIN })),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: SystemRoles.ADMIN })),
+        countUsersByRole: jest.fn().mockResolvedValueOnce(2).mockResolvedValueOnce(0),
+        updateUser: jest
+          .fn()
+          .mockResolvedValueOnce(mockUser({ role: SystemRoles.USER }))
+          .mockRejectedValueOnce(new Error('rollback failed')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: SystemRoles.ADMIN, userId: validUserId },
+      });
+
+      await handlers.removeRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Cannot remove the last admin user' });
+      expect(deps.updateUser).toHaveBeenCalledTimes(2);
+    });
+
+    it('returns 500 on unexpected error', async () => {
+      const deps = createDeps({
+        getRoleByName: jest.fn().mockResolvedValue(mockRole()),
+        findUser: jest.fn().mockResolvedValue(mockUser({ role: 'editor' })),
+        updateUser: jest.fn().mockRejectedValue(new Error('timeout')),
+      });
+      const handlers = createAdminRolesHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { name: 'editor', userId: validUserId },
+      });
+
+      await handlers.removeRoleMember(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to remove role member' });
+    });
+  });
+});
diff --git a/packages/api/src/admin/roles.ts b/packages/api/src/admin/roles.ts
new file mode 100644
index 0000000000..db592c02d0
--- /dev/null
+++ b/packages/api/src/admin/roles.ts
@@ -0,0 +1,582 @@
+import { PrincipalType, SystemRoles } from 'librechat-data-provider';
+import { logger, isValidObjectIdString, RoleConflictError } from '@librechat/data-schemas';
+import type { IRole, IUser, IConfig, AdminMember } from '@librechat/data-schemas';
+import type { FilterQuery, Types } from 'mongoose';
+import type { Response } from 'express';
+import type { ServerRequest } from '~/types/http';
+import { parsePagination } from './pagination';
+
+const systemRoleValues = new Set<string>(Object.values(SystemRoles));
+
+/** Case-insensitive check — the legacy roles route uppercases params. */
+function isSystemRoleName(name: string): boolean {
+  return systemRoleValues.has(name.toUpperCase());
+}
+
+const MAX_NAME_LENGTH = 500;
+const MAX_DESCRIPTION_LENGTH = 2000;
+const CONTROL_CHAR_RE = /\p{Cc}/u;
+/**
+ * Role names that would create semantically ambiguous URLs.
+ * e.g. GET /api/admin/roles/members — is that "list roles" or "get role named members"?
+ * Express routing resolves this correctly (single vs multi-segment), but the URLs
+ * are confusing for API consumers. Keep in sync with sub-path routes in routes/admin/roles.js.
+ */
+const RESERVED_ROLE_NAMES = new Set(['members', 'permissions']);
+
+function validateNameParam(name: string): string | null {
+  if (!name || typeof name !== 'string') {
+    return 'name parameter is required';
+  }
+  if (name.length > MAX_NAME_LENGTH) {
+    return `name must not exceed ${MAX_NAME_LENGTH} characters`;
+  }
+  if (CONTROL_CHAR_RE.test(name)) {
+    return 'name contains invalid characters';
+  }
+  return null;
+}
+
+function validateRoleName(name: unknown, required: boolean): string | null {
+  if (name === undefined) {
+    return required ? 'name is required' : null;
+  }
+  if (typeof name !== 'string' || !name.trim()) {
+    return required ? 'name is required' : 'name must be a non-empty string';
+  }
+  const trimmed = name.trim();
+  if (trimmed.length > MAX_NAME_LENGTH) {
+    return `name must not exceed ${MAX_NAME_LENGTH} characters`;
+  }
+  if (CONTROL_CHAR_RE.test(trimmed)) {
+    return 'name contains invalid characters';
+  }
+  if (RESERVED_ROLE_NAMES.has(trimmed)) {
+    return 'name is a reserved path segment';
+  }
+  return null;
+}
+
+function validateDescription(description: unknown): string | null {
+  if (description === undefined) {
+    return null;
+  }
+  if (typeof description !== 'string') {
+    return 'description must be a string';
+  }
+  if (description.length > MAX_DESCRIPTION_LENGTH) {
+    return `description must not exceed ${MAX_DESCRIPTION_LENGTH} characters`;
+  }
+  return null;
+}
+
+interface RoleNameParams {
+  name: string;
+}
+
+interface RoleMemberParams extends RoleNameParams {
+  userId: string;
+}
+
+export type RoleListItem = { _id: Types.ObjectId | string; name: string; description?: string };
+
+export interface AdminRolesDeps {
+  listRoles: (options?: { limit?: number; offset?: number }) => Promise<RoleListItem[]>;
+  countRoles: () => Promise<number>;
+  getRoleByName: (name: string, fields?: string | string[] | null) => Promise<IRole | null>;
+  createRoleByName: (roleData: Partial<IRole>) => Promise<IRole>;
+  updateRoleByName: (name: string, updates: Partial<IRole>) => Promise<IRole | null>;
+  updateAccessPermissions: (
+    name: string,
+    perms: Record<string, Record<string, boolean>>,
+    roleData?: IRole,
+  ) => Promise<void>;
+  deleteRoleByName: (name: string) => Promise<IRole | null>;
+  findUser: (
+    criteria: FilterQuery<IUser>,
+    fields?: string | string[] | null,
+  ) => Promise<IUser | null>;
+  updateUser: (userId: string, data: Partial<IUser>) => Promise<IUser | null>;
+  updateUsersByRole: (oldRole: string, newRole: string) => Promise<void>;
+  findUserIdsByRole: (roleName: string) => Promise<string[]>;
+  updateUsersRoleByIds: (userIds: string[], newRole: string) => Promise<void>;
+  listUsersByRole: (
+    roleName: string,
+    options?: { limit?: number; offset?: number },
+  ) => Promise<IUser[]>;
+  countUsersByRole: (roleName: string) => Promise<number>;
+  /** Removes the per-principal config override (keyed by type + name, not ObjectId). */
+  deleteConfig: (
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+  ) => Promise<IConfig | null>;
+  /** Removes all ACL entries scoped to this principal. */
+  deleteAclEntries: (filter: {
+    principalType: PrincipalType;
+    principalId: string | Types.ObjectId;
+  }) => Promise<void>;
+  /** Removes all system capability grants held by this principal. */
+  deleteGrantsForPrincipal: (
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    options?: { tenantId?: string },
+  ) => Promise<void>;
+}
+
+export function createAdminRolesHandlers(deps: AdminRolesDeps) {
+  const {
+    listRoles,
+    countRoles,
+    getRoleByName,
+    createRoleByName,
+    updateRoleByName,
+    updateAccessPermissions,
+    deleteRoleByName,
+    findUser,
+    updateUser,
+    updateUsersByRole,
+    findUserIdsByRole,
+    updateUsersRoleByIds,
+    listUsersByRole,
+    countUsersByRole,
+    deleteConfig,
+    deleteAclEntries,
+    deleteGrantsForPrincipal,
+  } = deps;
+
+  async function listRolesHandler(req: ServerRequest, res: Response) {
+    try {
+      const { limit, offset } = parsePagination(req.query);
+      const [roles, total] = await Promise.all([listRoles({ limit, offset }), countRoles()]);
+      return res.status(200).json({ roles, total, limit, offset });
+    } catch (error) {
+      logger.error('[adminRoles] listRoles error:', error);
+      return res.status(500).json({ error: 'Failed to list roles' });
+    }
+  }
+
+  async function getRoleHandler(req: ServerRequest, res: Response) {
+    try {
+      const { name } = req.params as RoleNameParams;
+      const paramError = validateNameParam(name);
+      if (paramError) {
+        return res.status(400).json({ error: paramError });
+      }
+      const role = await getRoleByName(name);
+      if (!role) {
+        return res.status(404).json({ error: 'Role not found' });
+      }
+      return res.status(200).json({ role });
+    } catch (error) {
+      logger.error('[adminRoles] getRole error:', error);
+      return res.status(500).json({ error: 'Failed to get role' });
+    }
+  }
+
+  async function createRoleHandler(req: ServerRequest, res: Response) {
+    try {
+      const { name, description, permissions } = req.body as {
+        name?: string;
+        description?: string;
+        permissions?: IRole['permissions'];
+      };
+      const nameError = validateRoleName(name, true);
+      if (nameError) {
+        return res.status(400).json({ error: nameError });
+      }
+      const descError = validateDescription(description);
+      if (descError) {
+        return res.status(400).json({ error: descError });
+      }
+      if (
+        permissions !== undefined &&
+        (permissions === null || typeof permissions !== 'object' || Array.isArray(permissions))
+      ) {
+        return res.status(400).json({ error: 'permissions must be an object' });
+      }
+      const roleData: Partial<IRole> = {
+        name: (name as string).trim(),
+        permissions: permissions ?? {},
+      };
+      if (description !== undefined) {
+        roleData.description = description;
+      }
+      const role = await createRoleByName(roleData);
+      return res.status(201).json({ role });
+    } catch (error) {
+      logger.error('[adminRoles] createRole error:', error);
+      if (error instanceof RoleConflictError) {
+        return res.status(409).json({ error: error.message });
+      }
+      return res.status(500).json({ error: 'Failed to create role' });
+    }
+  }
+
+  async function rollbackMigratedUsers(
+    migratedIds: string[],
+    currentName: string,
+    newName: string,
+  ): Promise<void> {
+    if (migratedIds.length === 0) {
+      return;
+    }
+    try {
+      await updateUsersRoleByIds(migratedIds, currentName);
+    } catch (rollbackError) {
+      logger.error(
+        `[adminRoles] CRITICAL: rename rollback failed — ${migratedIds.length} users have dangling role "${newName}": [${migratedIds.join(', ')}]`,
+        rollbackError,
+      );
+    }
+  }
+
+  /**
+   * Renames a role by migrating users to the new name and updating the role document.
+   *
+   * The ID snapshot from `findUserIdsByRole` is a point-in-time read. Users assigned
+   * to `currentName` between the snapshot and the bulk `updateUsersByRole` write will
+   * be moved to `newName` but will NOT be reverted on rollback. This window is narrow
+   * and only relevant under concurrent admin operations during a rename.
+   */
+  async function renameRole(
+    currentName: string,
+    newName: string,
+    extraUpdates?: Partial<IRole>,
+  ): Promise<IRole | null> {
+    const migratedIds = await findUserIdsByRole(currentName);
+    await updateUsersByRole(currentName, newName);
+    try {
+      const updates: Partial<IRole> = { name: newName, ...extraUpdates };
+      const role = await updateRoleByName(currentName, updates);
+      if (!role) {
+        await rollbackMigratedUsers(migratedIds, currentName, newName);
+      }
+      return role;
+    } catch (error) {
+      await rollbackMigratedUsers(migratedIds, currentName, newName);
+      throw error;
+    }
+  }
+
+  async function updateRoleHandler(req: ServerRequest, res: Response) {
+    try {
+      const { name } = req.params as RoleNameParams;
+      const paramError = validateNameParam(name);
+      if (paramError) {
+        return res.status(400).json({ error: paramError });
+      }
+      const body = req.body as { name?: string; description?: string };
+      const nameError = validateRoleName(body.name, false);
+      if (nameError) {
+        return res.status(400).json({ error: nameError });
+      }
+      const descError = validateDescription(body.description);
+      if (descError) {
+        return res.status(400).json({ error: descError });
+      }
+
+      const trimmedName = body.name?.trim() ?? '';
+      const isRename = trimmedName !== '' && trimmedName !== name;
+
+      if (isRename && isSystemRoleName(name)) {
+        return res.status(403).json({ error: 'Cannot rename system role' });
+      }
+      if (isRename && isSystemRoleName(trimmedName)) {
+        return res.status(403).json({ error: 'Cannot use a reserved system role name' });
+      }
+
+      const existing = await getRoleByName(name);
+      if (!existing) {
+        return res.status(404).json({ error: 'Role not found' });
+      }
+
+      if (isRename) {
+        const duplicate = await getRoleByName(trimmedName);
+        if (duplicate) {
+          return res.status(409).json({ error: `Role "${trimmedName}" already exists` });
+        }
+      }
+
+      const updates: Partial<IRole> = {};
+      if (isRename) {
+        updates.name = trimmedName;
+      }
+      if (body.description !== undefined) {
+        updates.description = body.description;
+      }
+
+      if (Object.keys(updates).length === 0) {
+        return res.status(200).json({ role: existing });
+      }
+
+      if (isRename) {
+        const descUpdate =
+          body.description !== undefined ? { description: body.description } : undefined;
+        const role = await renameRole(name, trimmedName, descUpdate);
+        if (!role) {
+          return res.status(404).json({ error: 'Role not found' });
+        }
+        return res.status(200).json({ role });
+      }
+
+      const role = await updateRoleByName(name, updates);
+      if (!role) {
+        return res.status(404).json({ error: 'Role not found' });
+      }
+      return res.status(200).json({ role });
+    } catch (error) {
+      if (error instanceof RoleConflictError) {
+        return res.status(409).json({ error: error.message });
+      }
+      logger.error('[adminRoles] updateRole error:', error);
+      return res.status(500).json({ error: 'Failed to update role' });
+    }
+  }
+
+  /**
+   * The re-fetch via `getRoleByName` after `updateAccessPermissions` depends on the
+   * callee having written the updated document to the role cache. If the cache layer
+   * is refactored to stop writing from within `updateAccessPermissions`, this handler
+   * must be updated to perform an explicit uncached DB read.
+   */
+  async function updateRolePermissionsHandler(req: ServerRequest, res: Response) {
+    try {
+      const { name } = req.params as RoleNameParams;
+      const paramError = validateNameParam(name);
+      if (paramError) {
+        return res.status(400).json({ error: paramError });
+      }
+      const { permissions } = req.body as {
+        permissions: Record<string, Record<string, boolean>>;
+      };
+
+      if (!permissions || typeof permissions !== 'object' || Array.isArray(permissions)) {
+        return res.status(400).json({ error: 'permissions object is required' });
+      }
+
+      const existing = await getRoleByName(name);
+      if (!existing) {
+        return res.status(404).json({ error: 'Role not found' });
+      }
+
+      await updateAccessPermissions(name, permissions, existing);
+      const updated = await getRoleByName(name);
+      if (!updated) {
+        return res.status(404).json({ error: 'Role not found' });
+      }
+      return res.status(200).json({ role: updated });
+    } catch (error) {
+      logger.error('[adminRoles] updateRolePermissions error:', error);
+      return res.status(500).json({ error: 'Failed to update role permissions' });
+    }
+  }
+
+  async function deleteRoleHandler(req: ServerRequest, res: Response) {
+    try {
+      const { name } = req.params as RoleNameParams;
+      const paramError = validateNameParam(name);
+      if (paramError) {
+        return res.status(400).json({ error: paramError });
+      }
+      if (isSystemRoleName(name)) {
+        return res.status(403).json({ error: 'Cannot delete system role' });
+      }
+
+      const deleted = await deleteRoleByName(name);
+      if (!deleted) {
+        return res.status(404).json({ error: 'Role not found' });
+      }
+
+      const tenantId = req.user?.tenantId;
+      const cleanupResults = await Promise.allSettled([
+        deleteConfig(PrincipalType.ROLE, name),
+        deleteAclEntries({ principalType: PrincipalType.ROLE, principalId: name }),
+        deleteGrantsForPrincipal(PrincipalType.ROLE, name, { tenantId }),
+      ]);
+      for (const result of cleanupResults) {
+        if (result.status === 'rejected') {
+          logger.error('[adminRoles] cascade cleanup failed for role:', name, result.reason);
+        }
+      }
+
+      return res.status(200).json({ success: true });
+    } catch (error) {
+      logger.error('[adminRoles] deleteRole error:', error);
+      return res.status(500).json({ error: 'Failed to delete role' });
+    }
+  }
+
+  async function getRoleMembersHandler(req: ServerRequest, res: Response) {
+    try {
+      const { name } = req.params as RoleNameParams;
+      const paramError = validateNameParam(name);
+      if (paramError) {
+        return res.status(400).json({ error: paramError });
+      }
+      const existing = await getRoleByName(name);
+      if (!existing) {
+        return res.status(404).json({ error: 'Role not found' });
+      }
+
+      const { limit, offset } = parsePagination(req.query);
+
+      const [users, total] = await Promise.all([
+        listUsersByRole(name, { limit, offset }),
+        countUsersByRole(name),
+      ]);
+      const members: AdminMember[] = users.map((u) => ({
+        userId: u._id?.toString() ?? '',
+        name: u.name ?? u._id?.toString() ?? '',
+        email: u.email ?? '',
+        avatarUrl: u.avatar,
+      }));
+      return res.status(200).json({ members, total, limit, offset });
+    } catch (error) {
+      logger.error('[adminRoles] getRoleMembers error:', error);
+      return res.status(500).json({ error: 'Failed to get role members' });
+    }
+  }
+
+  async function addRoleMemberHandler(req: ServerRequest, res: Response) {
+    try {
+      const { name } = req.params as RoleNameParams;
+      const paramError = validateNameParam(name);
+      if (paramError) {
+        return res.status(400).json({ error: paramError });
+      }
+      const { userId } = req.body as { userId: string };
+
+      if (!userId || typeof userId !== 'string') {
+        return res.status(400).json({ error: 'userId is required' });
+      }
+      if (!isValidObjectIdString(userId)) {
+        return res.status(400).json({ error: 'Invalid user ID format' });
+      }
+
+      if (isSystemRoleName(name) && name !== SystemRoles.ADMIN) {
+        return res.status(403).json({ error: 'Cannot directly assign members to a system role' });
+      }
+
+      const existing = await getRoleByName(name);
+      if (!existing) {
+        return res.status(404).json({ error: 'Role not found' });
+      }
+
+      const user = await findUser({ _id: userId });
+      if (!user) {
+        return res.status(404).json({ error: 'User not found' });
+      }
+
+      if (user.role === name) {
+        return res.status(200).json({ success: true });
+      }
+
+      if (user.role === SystemRoles.ADMIN && name !== SystemRoles.ADMIN) {
+        const adminCount = await countUsersByRole(SystemRoles.ADMIN);
+        if (adminCount <= 1) {
+          return res.status(400).json({ error: 'Cannot remove the last admin user' });
+        }
+      }
+
+      const updated = await updateUser(userId, { role: name });
+      if (!updated) {
+        return res.status(404).json({ error: 'User not found' });
+      }
+
+      if (user.role === SystemRoles.ADMIN && name !== SystemRoles.ADMIN) {
+        const postCount = await countUsersByRole(SystemRoles.ADMIN);
+        if (postCount === 0) {
+          try {
+            await updateUser(userId, { role: SystemRoles.ADMIN });
+          } catch (rollbackError) {
+            logger.error(
+              `[adminRoles] CRITICAL: admin rollback failed in addRoleMember for user ${userId}:`,
+              rollbackError,
+            );
+          }
+          return res.status(400).json({ error: 'Cannot remove the last admin user' });
+        }
+      }
+
+      return res.status(200).json({ success: true });
+    } catch (error) {
+      logger.error('[adminRoles] addRoleMember error:', error);
+      return res.status(500).json({ error: 'Failed to add role member' });
+    }
+  }
+
+  async function removeRoleMemberHandler(req: ServerRequest, res: Response) {
+    try {
+      const { name, userId } = req.params as RoleMemberParams;
+      const paramError = validateNameParam(name);
+      if (paramError) {
+        return res.status(400).json({ error: paramError });
+      }
+      if (!isValidObjectIdString(userId)) {
+        return res.status(400).json({ error: 'Invalid user ID format' });
+      }
+
+      if (isSystemRoleName(name) && name !== SystemRoles.ADMIN) {
+        return res.status(403).json({ error: 'Cannot remove members from a system role' });
+      }
+
+      const existing = await getRoleByName(name);
+      if (!existing) {
+        return res.status(404).json({ error: 'Role not found' });
+      }
+
+      const user = await findUser({ _id: userId });
+      if (!user) {
+        return res.status(404).json({ error: 'User not found' });
+      }
+
+      if (user.role !== name) {
+        return res.status(400).json({ error: 'User is not a member of this role' });
+      }
+
+      if (name === SystemRoles.ADMIN) {
+        const adminCount = await countUsersByRole(SystemRoles.ADMIN);
+        if (adminCount <= 1) {
+          return res.status(400).json({ error: 'Cannot remove the last admin user' });
+        }
+      }
+
+      const removed = await updateUser(userId, { role: SystemRoles.USER });
+      if (!removed) {
+        return res.status(404).json({ error: 'User not found' });
+      }
+
+      if (name === SystemRoles.ADMIN) {
+        const postCount = await countUsersByRole(SystemRoles.ADMIN);
+        if (postCount === 0) {
+          try {
+            await updateUser(userId, { role: SystemRoles.ADMIN });
+          } catch (rollbackError) {
+            logger.error(
+              `[adminRoles] CRITICAL: admin rollback failed for user ${userId}:`,
+              rollbackError,
+            );
+          }
+          return res.status(400).json({ error: 'Cannot remove the last admin user' });
+        }
+      }
+
+      return res.status(200).json({ success: true });
+    } catch (error) {
+      logger.error('[adminRoles] removeRoleMember error:', error);
+      return res.status(500).json({ error: 'Failed to remove role member' });
+    }
+  }
+
+  return {
+    listRoles: listRolesHandler,
+    getRole: getRoleHandler,
+    createRole: createRoleHandler,
+    updateRole: updateRoleHandler,
+    updateRolePermissions: updateRolePermissionsHandler,
+    deleteRole: deleteRoleHandler,
+    getRoleMembers: getRoleMembersHandler,
+    addRoleMember: addRoleMemberHandler,
+    removeRoleMember: removeRoleMemberHandler,
+  };
+}
diff --git a/packages/api/src/admin/users.spec.ts b/packages/api/src/admin/users.spec.ts
new file mode 100644
index 0000000000..1d0e5fbac8
--- /dev/null
+++ b/packages/api/src/admin/users.spec.ts
@@ -0,0 +1,505 @@
+import { Types } from 'mongoose';
+import { PrincipalType, SystemRoles } from 'librechat-data-provider';
+import type { IUser, UserDeleteResult } from '@librechat/data-schemas';
+import type { Response } from 'express';
+import type { ServerRequest } from '~/types/http';
+import type { AdminUsersDeps } from './users';
+import { createAdminUsersHandlers } from './users';
+
+jest.mock('@librechat/data-schemas', () => ({
+  ...jest.requireActual('@librechat/data-schemas'),
+  logger: { error: jest.fn(), warn: jest.fn(), info: jest.fn(), debug: jest.fn() },
+}));
+
+const validUserId = new Types.ObjectId().toString();
+
+function mockUser(overrides: Partial<IUser> = {}): IUser {
+  return {
+    _id: new Types.ObjectId(),
+    name: 'Test User',
+    username: 'testuser',
+    email: 'test@example.com',
+    avatar: 'https://example.com/avatar.png',
+    role: 'USER',
+    provider: 'local',
+    createdAt: new Date('2025-01-01'),
+    updatedAt: new Date('2025-06-01'),
+    ...overrides,
+  } as IUser;
+}
+
+function createReqRes(
+  overrides: {
+    params?: Record<string, string>;
+    query?: Record<string, string | string[]>;
+    user?: { _id?: Types.ObjectId; id?: string; role?: string; tenantId?: string };
+  } = {},
+) {
+  const req = {
+    params: overrides.params ?? {},
+    query: overrides.query ?? {},
+    body: {},
+    user: overrides.user ?? { _id: new Types.ObjectId(), role: 'admin' },
+  } as unknown as ServerRequest;
+
+  const json = jest.fn();
+  const status = jest.fn().mockReturnValue({ json });
+  const res = { status, json } as unknown as Response;
+
+  return { req, res, status, json };
+}
+
+function createDeps(overrides: Partial<AdminUsersDeps> = {}): AdminUsersDeps {
+  return {
+    findUsers: jest.fn().mockResolvedValue([]),
+    countUsers: jest.fn().mockResolvedValue(0),
+    deleteUserById: jest
+      .fn()
+      .mockResolvedValue({ deletedCount: 1, message: 'User was deleted successfully.' }),
+    deleteConfig: jest.fn().mockResolvedValue(null),
+    deleteAclEntries: jest.fn().mockResolvedValue(undefined),
+    ...overrides,
+  };
+}
+
+describe('createAdminUsersHandlers', () => {
+  describe('listUsers', () => {
+    it('returns paginated users with total count', async () => {
+      const users = [
+        mockUser({ _id: new Types.ObjectId(validUserId) }),
+        mockUser({ name: 'Other' }),
+      ];
+      const deps = createDeps({
+        findUsers: jest.fn().mockResolvedValue(users),
+        countUsers: jest.fn().mockResolvedValue(2),
+      });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listUsers(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      const response = json.mock.calls[0][0];
+      expect(response.users).toHaveLength(2);
+      expect(response.total).toBe(2);
+      expect(response).toHaveProperty('limit');
+      expect(response).toHaveProperty('offset');
+      expect(response.users[0]).toHaveProperty('id');
+      expect(response.users[0]).toHaveProperty('name');
+      expect(response.users[0]).toHaveProperty('email');
+      expect(response.users[0]).toHaveProperty('role');
+    });
+
+    it('passes pagination params to findUsers and unfiltered count', async () => {
+      const findUsers = jest.fn().mockResolvedValue([]);
+      const countUsers = jest.fn().mockResolvedValue(0);
+      const deps = createDeps({ findUsers, countUsers });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res } = createReqRes({ query: { limit: '10', offset: '20' } });
+
+      await handlers.listUsers(req, res);
+
+      expect(findUsers).toHaveBeenCalledWith({}, expect.any(String), {
+        limit: 10,
+        offset: 20,
+        sort: { createdAt: -1 },
+      });
+      expect(countUsers).toHaveBeenCalledWith();
+    });
+
+    it('returns empty list when no users', async () => {
+      const deps = createDeps();
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listUsers(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json.mock.calls[0][0].users).toEqual([]);
+      expect(json.mock.calls[0][0].total).toBe(0);
+    });
+
+    it('returns 500 when findUsers throws', async () => {
+      const deps = createDeps({ findUsers: jest.fn().mockRejectedValue(new Error('db down')) });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listUsers(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to list users' });
+    });
+
+    it('returns 500 when countUsers throws', async () => {
+      const deps = createDeps({
+        countUsers: jest.fn().mockRejectedValue(new Error('count failed')),
+      });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes();
+
+      await handlers.listUsers(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to list users' });
+    });
+  });
+
+  describe('searchUsers', () => {
+    it('returns matching users with total and capped flag', async () => {
+      const users = [mockUser()];
+      const deps = createDeps({ findUsers: jest.fn().mockResolvedValue(users) });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ query: { q: 'test' } });
+
+      await handlers.searchUsers(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      const response = json.mock.calls[0][0];
+      expect(response.users).toHaveLength(1);
+      expect(response.total).toBe(1);
+      expect(response.capped).toBe(false);
+      expect(response.users[0]).toHaveProperty('id');
+      expect(response.users[0]).toHaveProperty('name');
+      expect(response.users[0]).toHaveProperty('email');
+      expect(response.users[0]).toHaveProperty('username');
+    });
+
+    it('sets capped to true when results hit the limit', async () => {
+      const users = Array.from({ length: 20 }, () => mockUser());
+      const deps = createDeps({ findUsers: jest.fn().mockResolvedValue(users) });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, json } = createReqRes({ query: { q: 'test', limit: '20' } });
+
+      await handlers.searchUsers(req, res);
+
+      const response = json.mock.calls[0][0];
+      expect(response.total).toBe(20);
+      expect(response.capped).toBe(true);
+    });
+
+    it('searches name, email, and username with anchored prefix regex', async () => {
+      const findUsers = jest.fn().mockResolvedValue([]);
+      const deps = createDeps({ findUsers });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res } = createReqRes({ query: { q: 'test' } });
+
+      await handlers.searchUsers(req, res);
+
+      const filter = findUsers.mock.calls[0][0];
+      expect(filter.$or).toHaveLength(3);
+      expect(filter.$or[0]).toHaveProperty('name');
+      expect(filter.$or[1]).toHaveProperty('email');
+      expect(filter.$or[2]).toHaveProperty('username');
+      expect(filter.$or[0].name.source).toBe('^test');
+    });
+
+    it('projects username in the field selection', async () => {
+      const findUsers = jest.fn().mockResolvedValue([]);
+      const deps = createDeps({ findUsers });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res } = createReqRes({ query: { q: 'test' } });
+
+      await handlers.searchUsers(req, res);
+
+      const projection = findUsers.mock.calls[0][1];
+      expect(projection).toContain('username');
+    });
+
+    it('escapes regex special characters in query', async () => {
+      const findUsers = jest.fn().mockResolvedValue([]);
+      const deps = createDeps({ findUsers });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res } = createReqRes({ query: { q: 'test.user+1' } });
+
+      await handlers.searchUsers(req, res);
+
+      const filter = findUsers.mock.calls[0][0];
+      expect(filter.$or[0].name).toBeInstanceOf(RegExp);
+      expect(filter.$or[0].name.source).toBe('^test\\.user\\+1');
+    });
+
+    it('returns 400 when query is missing', async () => {
+      const deps = createDeps();
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ query: {} });
+
+      await handlers.searchUsers(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Query parameter "q" is required' });
+    });
+
+    it('returns 400 when query is empty string', async () => {
+      const deps = createDeps();
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ query: { q: '' } });
+
+      await handlers.searchUsers(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Query parameter "q" is required' });
+    });
+
+    it('returns 400 when query is whitespace-only', async () => {
+      const deps = createDeps();
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ query: { q: '   ' } });
+
+      await handlers.searchUsers(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Query parameter "q" is required' });
+    });
+
+    it('returns 400 when query is too short', async () => {
+      const deps = createDeps();
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ query: { q: 'a' } });
+
+      await handlers.searchUsers(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Query must be at least 2 characters' });
+    });
+
+    it('returns 400 when query exceeds max length', async () => {
+      const deps = createDeps();
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ query: { q: 'a'.repeat(201) } });
+
+      await handlers.searchUsers(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith(
+        expect.objectContaining({ error: expect.stringContaining('200') }),
+      );
+    });
+
+    it('treats array query param as missing', async () => {
+      const deps = createDeps();
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ query: { q: ['foo', 'bar'] } });
+
+      await handlers.searchUsers(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Query parameter "q" is required' });
+    });
+
+    it('passes limit to findUsers', async () => {
+      const findUsers = jest.fn().mockResolvedValue([mockUser()]);
+      const deps = createDeps({ findUsers });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res } = createReqRes({ query: { q: 'User', limit: '3' } });
+
+      await handlers.searchUsers(req, res);
+
+      expect(findUsers).toHaveBeenCalledWith(expect.any(Object), expect.any(String), {
+        limit: 3,
+        sort: { name: 1 },
+      });
+    });
+
+    it('caps limit at 50', async () => {
+      const findUsers = jest.fn().mockResolvedValue([]);
+      const deps = createDeps({ findUsers });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res } = createReqRes({ query: { q: 'User', limit: '100' } });
+
+      await handlers.searchUsers(req, res);
+
+      expect(findUsers).toHaveBeenCalledWith(expect.any(Object), expect.any(String), {
+        limit: 50,
+        sort: { name: 1 },
+      });
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({ findUsers: jest.fn().mockRejectedValue(new Error('db down')) });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ query: { q: 'test' } });
+
+      await handlers.searchUsers(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to search users' });
+    });
+  });
+
+  describe('deleteUser', () => {
+    it('deletes user and returns 200', async () => {
+      const result: UserDeleteResult = {
+        deletedCount: 1,
+        message: 'User was deleted successfully.',
+      };
+      const deps = createDeps({ deleteUserById: jest.fn().mockResolvedValue(result) });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validUserId } });
+
+      await handlers.deleteUser(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ message: 'User was deleted successfully.' });
+    });
+
+    it('returns fallback message when result.message is empty', async () => {
+      const result: UserDeleteResult = { deletedCount: 1, message: '' };
+      const deps = createDeps({ deleteUserById: jest.fn().mockResolvedValue(result) });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validUserId } });
+
+      await handlers.deleteUser(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ message: 'User deleted successfully' });
+    });
+
+    it('returns 403 when deleting own account', async () => {
+      const userId = new Types.ObjectId();
+      const deps = createDeps();
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({
+        params: { id: userId.toString() },
+        user: { _id: userId, role: 'admin' },
+      });
+
+      await handlers.deleteUser(req, res);
+
+      expect(status).toHaveBeenCalledWith(403);
+      expect(json).toHaveBeenCalledWith({ error: 'Cannot delete your own account' });
+      expect(deps.deleteUserById).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 when deleting the last admin', async () => {
+      const targetId = new Types.ObjectId().toString();
+      const deps = createDeps({
+        findUsers: jest.fn().mockResolvedValue([mockUser({ role: SystemRoles.ADMIN })]),
+        countUsers: jest.fn().mockResolvedValue(1),
+      });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: targetId } });
+
+      await handlers.deleteUser(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Cannot delete the last admin user' });
+      expect(deps.deleteUserById).not.toHaveBeenCalled();
+      expect(deps.countUsers).toHaveBeenCalledWith({ role: SystemRoles.ADMIN });
+    });
+
+    it('allows deleting an admin when other admins exist', async () => {
+      const targetId = new Types.ObjectId().toString();
+      const deps = createDeps({
+        findUsers: jest.fn().mockResolvedValue([mockUser({ role: SystemRoles.ADMIN })]),
+        countUsers: jest.fn().mockResolvedValue(3),
+      });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status } = createReqRes({ params: { id: targetId } });
+
+      await handlers.deleteUser(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.deleteUserById).toHaveBeenCalledWith(targetId);
+    });
+
+    it('does not check admin count when target is a regular user', async () => {
+      const targetId = new Types.ObjectId().toString();
+      const deps = createDeps({
+        findUsers: jest.fn().mockResolvedValue([mockUser({ role: 'USER' })]),
+      });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status } = createReqRes({ params: { id: targetId } });
+
+      await handlers.deleteUser(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.countUsers).not.toHaveBeenCalled();
+    });
+
+    it('cascades cleanup of Config and AclEntries', async () => {
+      const result: UserDeleteResult = {
+        deletedCount: 1,
+        message: 'User was deleted successfully.',
+      };
+      const deps = createDeps({ deleteUserById: jest.fn().mockResolvedValue(result) });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status } = createReqRes({ params: { id: validUserId } });
+
+      await handlers.deleteUser(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(deps.deleteConfig).toHaveBeenCalledWith(PrincipalType.USER, validUserId);
+      expect(deps.deleteAclEntries).toHaveBeenCalledWith({
+        principalType: PrincipalType.USER,
+        principalId: expect.any(Types.ObjectId),
+      });
+    });
+
+    it('returns success even when cascade cleanup partially fails', async () => {
+      const result: UserDeleteResult = {
+        deletedCount: 1,
+        message: 'User was deleted successfully.',
+      };
+      const deps = createDeps({
+        deleteUserById: jest.fn().mockResolvedValue(result),
+        deleteConfig: jest.fn().mockRejectedValue(new Error('cleanup failed')),
+      });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validUserId } });
+
+      await handlers.deleteUser(req, res);
+
+      expect(status).toHaveBeenCalledWith(200);
+      expect(json).toHaveBeenCalledWith({ message: 'User was deleted successfully.' });
+    });
+
+    it('does not cascade when user is not found', async () => {
+      const result: UserDeleteResult = { deletedCount: 0, message: '' };
+      const deps = createDeps({ deleteUserById: jest.fn().mockResolvedValue(result) });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status } = createReqRes({ params: { id: validUserId } });
+
+      await handlers.deleteUser(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(deps.deleteConfig).not.toHaveBeenCalled();
+      expect(deps.deleteAclEntries).not.toHaveBeenCalled();
+    });
+
+    it('returns 400 for invalid ObjectId', async () => {
+      const deps = createDeps();
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: 'not-valid' } });
+
+      await handlers.deleteUser(req, res);
+
+      expect(status).toHaveBeenCalledWith(400);
+      expect(json).toHaveBeenCalledWith({ error: 'Invalid user ID format' });
+    });
+
+    it('returns 404 when user not found', async () => {
+      const result: UserDeleteResult = { deletedCount: 0, message: '' };
+      const deps = createDeps({ deleteUserById: jest.fn().mockResolvedValue(result) });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validUserId } });
+
+      await handlers.deleteUser(req, res);
+
+      expect(status).toHaveBeenCalledWith(404);
+      expect(json).toHaveBeenCalledWith({ error: 'User not found' });
+    });
+
+    it('returns 500 on error', async () => {
+      const deps = createDeps({
+        deleteUserById: jest.fn().mockRejectedValue(new Error('db crash')),
+      });
+      const handlers = createAdminUsersHandlers(deps);
+      const { req, res, status, json } = createReqRes({ params: { id: validUserId } });
+
+      await handlers.deleteUser(req, res);
+
+      expect(status).toHaveBeenCalledWith(500);
+      expect(json).toHaveBeenCalledWith({ error: 'Failed to delete user' });
+    });
+  });
+});
diff --git a/packages/api/src/admin/users.ts b/packages/api/src/admin/users.ts
new file mode 100644
index 0000000000..6fc13fd97f
--- /dev/null
+++ b/packages/api/src/admin/users.ts
@@ -0,0 +1,184 @@
+import { Types } from 'mongoose';
+import { PrincipalType, SystemRoles } from 'librechat-data-provider';
+import { logger, isValidObjectIdString } from '@librechat/data-schemas';
+import type {
+  IUser,
+  IConfig,
+  AdminUserListItem,
+  AdminUserSearchResult,
+  UserDeleteResult,
+} from '@librechat/data-schemas';
+import type { FilterQuery } from 'mongoose';
+import type { Response } from 'express';
+import type { ServerRequest } from '~/types/http';
+import { parsePagination } from './pagination';
+
+const MAX_SEARCH_LENGTH = 200;
+
+const USER_LIST_FIELDS = '_id name username email avatar role provider createdAt updatedAt';
+
+export interface AdminUsersDeps {
+  findUsers: (
+    searchCriteria: FilterQuery<IUser>,
+    fieldsToSelect?: string | string[] | null,
+    options?: { limit?: number; offset?: number; sort?: Record<string, 1 | -1> },
+  ) => Promise<IUser[]>;
+  countUsers: (filter?: FilterQuery<IUser>) => Promise<number>;
+  /**
+   * Thin data-layer delete — removes the User document only.
+   * Full cascade of user-owned resources (conversations, messages, files, tokens, etc.)
+   * is handled by `UserController.deleteUserController` in the self-delete flow.
+   * This admin endpoint currently cascades Config and AclEntries.
+   * A future iteration should consolidate the full cascade into a shared service function.
+   */
+  deleteUserById: (userId: string) => Promise<UserDeleteResult>;
+  deleteConfig: (
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+  ) => Promise<IConfig | null>;
+  deleteAclEntries: (filter: {
+    principalType: PrincipalType;
+    principalId: string | Types.ObjectId;
+  }) => Promise<void>;
+}
+
+export function createAdminUsersHandlers(deps: AdminUsersDeps) {
+  const { findUsers, countUsers, deleteUserById, deleteConfig, deleteAclEntries } = deps;
+
+  async function listUsersHandler(req: ServerRequest, res: Response) {
+    try {
+      const { limit, offset } = parsePagination(req.query);
+      const [users, total] = await Promise.all([
+        findUsers({}, USER_LIST_FIELDS, { limit, offset, sort: { createdAt: -1 } }),
+        countUsers(),
+      ]);
+
+      const mapped: AdminUserListItem[] = users.map((u) => ({
+        id: u._id?.toString() ?? '',
+        name: u.name ?? '',
+        username: u.username ?? '',
+        email: u.email ?? '',
+        avatar: u.avatar ?? '',
+        role: u.role ?? 'USER',
+        provider: u.provider ?? 'local',
+        createdAt: u.createdAt?.toISOString(),
+        updatedAt: u.updatedAt?.toISOString(),
+      }));
+
+      return res.status(200).json({ users: mapped, total, limit, offset });
+    } catch (error) {
+      logger.error('[adminUsers] listUsers error:', error);
+      return res.status(500).json({ error: 'Failed to list users' });
+    }
+  }
+
+  async function searchUsersHandler(req: ServerRequest, res: Response) {
+    try {
+      const rawQ = req.query.q;
+      const rawLimit = req.query.limit;
+      const query = typeof rawQ === 'string' ? rawQ : undefined;
+      const limitStr = typeof rawLimit === 'string' ? rawLimit : '20';
+      const trimmed = query?.trim() ?? '';
+
+      if (!trimmed) {
+        return res.status(400).json({ error: 'Query parameter "q" is required' });
+      }
+
+      if (trimmed.length < 2) {
+        return res.status(400).json({ error: 'Query must be at least 2 characters' });
+      }
+
+      if (trimmed.length > MAX_SEARCH_LENGTH) {
+        return res
+          .status(400)
+          .json({ error: `Query must not exceed ${MAX_SEARCH_LENGTH} characters` });
+      }
+
+      const searchLimit = Math.min(Math.max(1, parseInt(limitStr, 10) || 20), 50);
+      const escaped = trimmed.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+      const regex = new RegExp(`^${escaped}`, 'i');
+
+      const users = await findUsers(
+        { $or: [{ name: regex }, { email: regex }, { username: regex }] },
+        '_id name email username avatar',
+        { limit: searchLimit, sort: { name: 1 } },
+      );
+
+      const results: AdminUserSearchResult[] = users.map((u) => ({
+        id: u._id?.toString() ?? '',
+        name: u.name ?? '',
+        email: u.email ?? '',
+        username: u.username,
+        avatarUrl: u.avatar,
+      }));
+
+      return res
+        .status(200)
+        .json({ users: results, total: results.length, capped: results.length >= searchLimit });
+    } catch (error) {
+      logger.error('[adminUsers] searchUsers error:', error);
+      return res.status(500).json({ error: 'Failed to search users' });
+    }
+  }
+
+  async function deleteUserHandler(req: ServerRequest, res: Response) {
+    try {
+      const { id } = req.params as { id: string };
+
+      if (!isValidObjectIdString(id)) {
+        return res.status(400).json({ error: 'Invalid user ID format' });
+      }
+
+      const callerId = req.user?._id?.toString() ?? req.user?.id;
+      if (callerId === id) {
+        return res.status(403).json({ error: 'Cannot delete your own account' });
+      }
+
+      const [targetUser] = await findUsers({ _id: id }, 'role', { limit: 1 });
+      if (targetUser?.role === SystemRoles.ADMIN) {
+        const adminCount = await countUsers({ role: SystemRoles.ADMIN });
+        if (adminCount <= 1) {
+          return res.status(400).json({ error: 'Cannot delete the last admin user' });
+        }
+      }
+
+      const result = await deleteUserById(id);
+
+      if (result.deletedCount === 0) {
+        return res.status(404).json({ error: 'User not found' });
+      }
+
+      if (targetUser?.role === SystemRoles.ADMIN) {
+        const remaining = await countUsers({ role: SystemRoles.ADMIN });
+        if (remaining === 0) {
+          logger.error(
+            `[adminUsers] CRITICAL: last admin deleted via race condition, user: ${id}. ` +
+              'Manual DB intervention required to restore an ADMIN user.',
+          );
+        }
+      }
+
+      const objectId = new Types.ObjectId(id);
+      const cleanupResults = await Promise.allSettled([
+        deleteConfig(PrincipalType.USER, id),
+        deleteAclEntries({ principalType: PrincipalType.USER, principalId: objectId }),
+      ]);
+      for (const r of cleanupResults) {
+        if (r.status === 'rejected') {
+          logger.error('[adminUsers] cascade cleanup failed for user:', id, r.reason);
+        }
+      }
+
+      return res.status(200).json({ message: result.message || 'User deleted successfully' });
+    } catch (error) {
+      logger.error('[adminUsers] deleteUser error:', error);
+      return res.status(500).json({ error: 'Failed to delete user' });
+    }
+  }
+
+  return {
+    listUsers: listUsersHandler,
+    searchUsers: searchUsersHandler,
+    deleteUser: deleteUserHandler,
+  };
+}
diff --git a/packages/api/src/agents/config.spec.ts b/packages/api/src/agents/config.spec.ts
new file mode 100644
index 0000000000..d09282b5e2
--- /dev/null
+++ b/packages/api/src/agents/config.spec.ts
@@ -0,0 +1,62 @@
+import type { TAgentsEndpoint } from 'librechat-data-provider';
+import { resolveRecursionLimit } from './config';
+
+describe('resolveRecursionLimit', () => {
+  it('returns default 50 when no config or agent provided', () => {
+    expect(resolveRecursionLimit(undefined, undefined)).toBe(50);
+  });
+
+  it('returns default 50 when config has no recursionLimit', () => {
+    expect(resolveRecursionLimit({} as TAgentsEndpoint, {})).toBe(50);
+  });
+
+  it('uses yaml recursionLimit when set', () => {
+    const config = { recursionLimit: 100 } as TAgentsEndpoint;
+    expect(resolveRecursionLimit(config, {})).toBe(100);
+  });
+
+  it('overrides with agent.recursion_limit when set', () => {
+    const config = { recursionLimit: 100 } as TAgentsEndpoint;
+    expect(resolveRecursionLimit(config, { recursion_limit: 200 })).toBe(200);
+  });
+
+  it('caps at maxRecursionLimit', () => {
+    const config = { recursionLimit: 100, maxRecursionLimit: 150 } as TAgentsEndpoint;
+    expect(resolveRecursionLimit(config, { recursion_limit: 200 })).toBe(150);
+  });
+
+  it('caps yaml default at maxRecursionLimit', () => {
+    const config = { recursionLimit: 200, maxRecursionLimit: 100 } as TAgentsEndpoint;
+    expect(resolveRecursionLimit(config, {})).toBe(100);
+  });
+
+  it('ignores agent.recursion_limit of 0', () => {
+    const config = { recursionLimit: 100 } as TAgentsEndpoint;
+    expect(resolveRecursionLimit(config, { recursion_limit: 0 })).toBe(100);
+  });
+
+  it('ignores negative agent.recursion_limit', () => {
+    const config = { recursionLimit: 100 } as TAgentsEndpoint;
+    expect(resolveRecursionLimit(config, { recursion_limit: -5 })).toBe(100);
+  });
+
+  it('ignores maxRecursionLimit of 0', () => {
+    const config = { recursionLimit: 100, maxRecursionLimit: 0 } as TAgentsEndpoint;
+    expect(resolveRecursionLimit(config, { recursion_limit: 200 })).toBe(200);
+  });
+
+  it('does not cap when recursionLimit is within maxRecursionLimit', () => {
+    const config = { recursionLimit: 50, maxRecursionLimit: 200 } as TAgentsEndpoint;
+    expect(resolveRecursionLimit(config, { recursion_limit: 150 })).toBe(150);
+  });
+
+  it('allows agent to override downward below yaml default', () => {
+    const config = { recursionLimit: 100 } as TAgentsEndpoint;
+    expect(resolveRecursionLimit(config, { recursion_limit: 30 })).toBe(30);
+  });
+
+  it('does not cap when agent.recursion_limit equals maxRecursionLimit', () => {
+    const config = { recursionLimit: 50, maxRecursionLimit: 150 } as TAgentsEndpoint;
+    expect(resolveRecursionLimit(config, { recursion_limit: 150 })).toBe(150);
+  });
+});
diff --git a/packages/api/src/agents/config.ts b/packages/api/src/agents/config.ts
new file mode 100644
index 0000000000..c5c1808f66
--- /dev/null
+++ b/packages/api/src/agents/config.ts
@@ -0,0 +1,30 @@
+import type { TAgentsEndpoint } from 'librechat-data-provider';
+
+const DEFAULT_RECURSION_LIMIT = 50;
+
+/**
+ * Resolves the effective recursion limit for an agent run via a 3-step cascade:
+ * 1. YAML endpoint config default (falls back to 50)
+ * 2. Per-agent DB override (if set and positive)
+ * 3. Global max cap from YAML (if set and positive)
+ */
+export function resolveRecursionLimit(
+  agentsEConfig: TAgentsEndpoint | undefined,
+  agent: { recursion_limit?: number } | undefined,
+): number {
+  let limit = agentsEConfig?.recursionLimit ?? DEFAULT_RECURSION_LIMIT;
+
+  if (typeof agent?.recursion_limit === 'number' && agent.recursion_limit > 0) {
+    limit = agent.recursion_limit;
+  }
+
+  if (
+    typeof agentsEConfig?.maxRecursionLimit === 'number' &&
+    agentsEConfig.maxRecursionLimit > 0 &&
+    limit > agentsEConfig.maxRecursionLimit
+  ) {
+    limit = agentsEConfig.maxRecursionLimit;
+  }
+
+  return limit;
+}
diff --git a/packages/api/src/agents/context.spec.ts b/packages/api/src/agents/context.spec.ts
index c5358209c7..1d995a52bb 100644
--- a/packages/api/src/agents/context.spec.ts
+++ b/packages/api/src/agents/context.spec.ts
@@ -154,10 +154,10 @@ describe('Agent Context Utilities', () => {
       );
 
       expect(result).toBe(instructions);
-      expect(mockMCPManager.formatInstructionsForContext).toHaveBeenCalledWith([
-        'server1',
-        'server2',
-      ]);
+      expect(mockMCPManager.formatInstructionsForContext).toHaveBeenCalledWith(
+        ['server1', 'server2'],
+        undefined,
+      );
       expect(mockLogger.debug).toHaveBeenCalledWith(
         '[AgentContext] Fetched MCP instructions for servers:',
         ['server1', 'server2'],
@@ -345,9 +345,10 @@ describe('Agent Context Utilities', () => {
         logger: mockLogger,
       });
 
-      expect(mockMCPManager.formatInstructionsForContext).toHaveBeenCalledWith([
-        'ephemeral-server',
-      ]);
+      expect(mockMCPManager.formatInstructionsForContext).toHaveBeenCalledWith(
+        ['ephemeral-server'],
+        undefined,
+      );
       expect(agent.instructions).toContain('Ephemeral MCP');
     });
 
@@ -375,7 +376,10 @@ describe('Agent Context Utilities', () => {
         logger: mockLogger,
       });
 
-      expect(mockMCPManager.formatInstructionsForContext).toHaveBeenCalledWith(['agent-server']);
+      expect(mockMCPManager.formatInstructionsForContext).toHaveBeenCalledWith(
+        ['agent-server'],
+        undefined,
+      );
     });
 
     it('should work without agentId', async () => {
diff --git a/packages/api/src/agents/context.ts b/packages/api/src/agents/context.ts
index ebae2e0f9f..c526fd13fe 100644
--- a/packages/api/src/agents/context.ts
+++ b/packages/api/src/agents/context.ts
@@ -1,8 +1,9 @@
-import { DynamicStructuredTool } from '@langchain/core/tools';
 import { Constants } from 'librechat-data-provider';
+import { DynamicStructuredTool } from '@langchain/core/tools';
 import type { Agent, TEphemeralAgent } from 'librechat-data-provider';
 import type { LCTool } from '@librechat/agents';
 import type { Logger } from 'winston';
+import type { ParsedServerConfig } from '~/mcp/types';
 import type { MCPManager } from '~/mcp/MCPManager';
 
 /**
@@ -63,12 +64,16 @@ export async function getMCPInstructionsForServers(
   mcpServers: string[],
   mcpManager: MCPManager,
   logger?: Logger,
+  configServers?: Record<string, ParsedServerConfig>,
 ): Promise<string> {
   if (!mcpServers.length) {
     return '';
   }
   try {
-    const mcpInstructions = await mcpManager.formatInstructionsForContext(mcpServers);
+    const mcpInstructions = await mcpManager.formatInstructionsForContext(
+      mcpServers,
+      configServers,
+    );
     if (mcpInstructions && logger) {
       logger.debug('[AgentContext] Fetched MCP instructions for servers:', mcpServers);
     }
@@ -125,6 +130,7 @@ export async function applyContextToAgent({
   ephemeralAgent,
   agentId,
   logger,
+  configServers,
 }: {
   agent: AgentWithTools;
   sharedRunContext: string;
@@ -132,12 +138,18 @@ export async function applyContextToAgent({
   ephemeralAgent?: TEphemeralAgent;
   agentId?: string;
   logger?: Logger;
+  configServers?: Record<string, ParsedServerConfig>;
 }): Promise<void> {
   const baseInstructions = agent.instructions || '';
 
   try {
     const mcpServers = ephemeralAgent?.mcp?.length ? ephemeralAgent.mcp : extractMCPServers(agent);
-    const mcpInstructions = await getMCPInstructionsForServers(mcpServers, mcpManager, logger);
+    const mcpInstructions = await getMCPInstructionsForServers(
+      mcpServers,
+      mcpManager,
+      logger,
+      configServers,
+    );
 
     agent.instructions = buildAgentInstructions({
       sharedRunContext,
diff --git a/packages/api/src/agents/index.ts b/packages/api/src/agents/index.ts
index ffb8cec332..53f7f60a93 100644
--- a/packages/api/src/agents/index.ts
+++ b/packages/api/src/agents/index.ts
@@ -1,6 +1,7 @@
 export * from './avatars';
 export * from './chain';
 export * from './client';
+export * from './config';
 export * from './context';
 export * from './edges';
 export * from './handlers';
diff --git a/packages/api/src/app/index.ts b/packages/api/src/app/index.ts
index b95193e943..8d8802f016 100644
--- a/packages/api/src/app/index.ts
+++ b/packages/api/src/app/index.ts
@@ -1,4 +1,6 @@
+export * from './service';
 export * from './config';
 export * from './permissions';
 export * from './cdn';
 export * from './checks';
+export * from './resolve';
diff --git a/packages/api/src/app/permissions.ts b/packages/api/src/app/permissions.ts
index 5a557adfcf..92da1342ce 100644
--- a/packages/api/src/app/permissions.ts
+++ b/packages/api/src/app/permissions.ts
@@ -1,4 +1,4 @@
-import { logger } from '@librechat/data-schemas';
+import { logger, tenantStorage, SYSTEM_TENANT_ID } from '@librechat/data-schemas';
 import {
   SystemRoles,
   Permissions,
@@ -54,6 +54,7 @@ export async function updateInterfacePermissions({
   appConfig,
   getRoleByName,
   updateAccessPermissions,
+  tenantId,
 }: {
   appConfig: AppConfig;
   getRoleByName: (roleName: string, fieldsToSelect?: string | string[]) => Promise<IRole | null>;
@@ -63,7 +64,19 @@ export async function updateInterfacePermissions({
 
     roleData?: IRole | null,
   ) => Promise<void>;
-}) {
+  /**
+   * Optional tenant ID for scoping role updates to a specific tenant.
+   * When provided (and not SYSTEM_TENANT_ID), runs inside `tenantStorage.run({ tenantId })`.
+   * When omitted or SYSTEM_TENANT_ID, uses the caller's existing ALS context.
+   */
+  tenantId?: string;
+}): Promise<void> {
+  if (tenantId && tenantId !== SYSTEM_TENANT_ID) {
+    return tenantStorage.run({ tenantId }, async () =>
+      updateInterfacePermissions({ appConfig, getRoleByName, updateAccessPermissions }),
+    );
+  }
+
   const loadedInterface = appConfig?.interfaceConfig;
   if (!loadedInterface) {
     return;
diff --git a/packages/api/src/app/resolve.spec.ts b/packages/api/src/app/resolve.spec.ts
new file mode 100644
index 0000000000..d7585198a0
--- /dev/null
+++ b/packages/api/src/app/resolve.spec.ts
@@ -0,0 +1,95 @@
+import type { AsyncLocalStorage } from 'async_hooks';
+
+jest.mock('@librechat/data-schemas', () => {
+  // eslint-disable-next-line @typescript-eslint/no-require-imports
+  const { AsyncLocalStorage: ALS } = require('async_hooks');
+  return { tenantStorage: new ALS() };
+});
+
+import { resolveAppConfigForUser } from './resolve';
+
+const { tenantStorage } = jest.requireMock('@librechat/data-schemas') as {
+  tenantStorage: AsyncLocalStorage<{ tenantId?: string }>;
+};
+
+describe('resolveAppConfigForUser', () => {
+  const mockGetAppConfig = jest.fn();
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    mockGetAppConfig.mockResolvedValue({ registration: {} });
+  });
+
+  it('calls getAppConfig with baseOnly when user is null', async () => {
+    await resolveAppConfigForUser(mockGetAppConfig, null);
+    expect(mockGetAppConfig).toHaveBeenCalledWith({ baseOnly: true });
+  });
+
+  it('calls getAppConfig with baseOnly when user is undefined', async () => {
+    await resolveAppConfigForUser(mockGetAppConfig, undefined);
+    expect(mockGetAppConfig).toHaveBeenCalledWith({ baseOnly: true });
+  });
+
+  it('calls getAppConfig with baseOnly when user has no tenantId', async () => {
+    await resolveAppConfigForUser(mockGetAppConfig, { role: 'USER' });
+    expect(mockGetAppConfig).toHaveBeenCalledWith({ baseOnly: true });
+  });
+
+  it('calls getAppConfig with role and tenantId when user has tenantId', async () => {
+    await resolveAppConfigForUser(mockGetAppConfig, { tenantId: 'tenant-a', role: 'USER' });
+    expect(mockGetAppConfig).toHaveBeenCalledWith({ role: 'USER', tenantId: 'tenant-a' });
+  });
+
+  it('calls tenantStorage.run for tenant users but not for non-tenant users', async () => {
+    const runSpy = jest.spyOn(tenantStorage, 'run');
+
+    await resolveAppConfigForUser(mockGetAppConfig, { role: 'USER' });
+    expect(runSpy).not.toHaveBeenCalled();
+
+    await resolveAppConfigForUser(mockGetAppConfig, { tenantId: 'tenant-b', role: 'ADMIN' });
+    expect(runSpy).toHaveBeenCalledWith({ tenantId: 'tenant-b' }, expect.any(Function));
+
+    runSpy.mockRestore();
+  });
+
+  it('makes tenantId available via ALS inside getAppConfig', async () => {
+    let capturedContext: { tenantId?: string } | undefined;
+    mockGetAppConfig.mockImplementation(async () => {
+      capturedContext = tenantStorage.getStore();
+      return { registration: {} };
+    });
+
+    await resolveAppConfigForUser(mockGetAppConfig, { tenantId: 'tenant-c', role: 'USER' });
+
+    expect(capturedContext).toEqual({ tenantId: 'tenant-c' });
+  });
+
+  it('returns the config from getAppConfig', async () => {
+    const tenantConfig = { registration: { allowedDomains: ['example.com'] } };
+    mockGetAppConfig.mockResolvedValue(tenantConfig);
+
+    const result = await resolveAppConfigForUser(mockGetAppConfig, {
+      tenantId: 'tenant-d',
+      role: 'USER',
+    });
+
+    expect(result).toBe(tenantConfig);
+  });
+
+  it('calls getAppConfig with role undefined when user has tenantId but no role', async () => {
+    await resolveAppConfigForUser(mockGetAppConfig, { tenantId: 'tenant-e' });
+    expect(mockGetAppConfig).toHaveBeenCalledWith({ role: undefined, tenantId: 'tenant-e' });
+  });
+
+  it('propagates rejection from getAppConfig for tenant users', async () => {
+    mockGetAppConfig.mockRejectedValue(new Error('config unavailable'));
+    await expect(
+      resolveAppConfigForUser(mockGetAppConfig, { tenantId: 'tenant-f', role: 'USER' }),
+    ).rejects.toThrow('config unavailable');
+  });
+
+  it('propagates rejection from getAppConfig for baseOnly path', async () => {
+    mockGetAppConfig.mockRejectedValue(new Error('cache failure'));
+    await expect(resolveAppConfigForUser(mockGetAppConfig, null)).rejects.toThrow('cache failure');
+  });
+});
diff --git a/packages/api/src/app/resolve.ts b/packages/api/src/app/resolve.ts
new file mode 100644
index 0000000000..0810400222
--- /dev/null
+++ b/packages/api/src/app/resolve.ts
@@ -0,0 +1,39 @@
+import { tenantStorage } from '@librechat/data-schemas';
+import type { AppConfig } from '@librechat/data-schemas';
+
+interface UserForConfigResolution {
+  tenantId?: string;
+  role?: string;
+}
+
+type GetAppConfig = (opts: {
+  role?: string;
+  tenantId?: string;
+  baseOnly?: boolean;
+}) => Promise<AppConfig>;
+
+/**
+ * Resolves AppConfig scoped to the given user's tenant when available,
+ * falling back to YAML-only base config for new users or non-tenant deployments.
+ *
+ * Auth flows only apply role-level overrides (userId is not passed) because
+ * user/group principal resolution requires heavier DB work that is deferred
+ * to post-authentication config calls.
+ *
+ * `tenantId` is propagated through two channels that serve different purposes:
+ * - `tenantStorage.run()` sets the ALS context so Mongoose's `applyTenantIsolation`
+ *   plugin scopes any DB queries (e.g., `getApplicableConfigs`) to the tenant.
+ * - The explicit `tenantId` parameter to `getAppConfig` is used for cache-key
+ *   computation in `overrideCacheKey()`. Both channels are required.
+ */
+export async function resolveAppConfigForUser(
+  getAppConfig: GetAppConfig,
+  user: UserForConfigResolution | null | undefined,
+): Promise<AppConfig> {
+  if (user?.tenantId) {
+    return tenantStorage.run({ tenantId: user.tenantId }, async () =>
+      getAppConfig({ role: user.role, tenantId: user.tenantId }),
+    );
+  }
+  return getAppConfig({ baseOnly: true });
+}
diff --git a/packages/api/src/app/service.spec.ts b/packages/api/src/app/service.spec.ts
new file mode 100644
index 0000000000..8d168095c7
--- /dev/null
+++ b/packages/api/src/app/service.spec.ts
@@ -0,0 +1,344 @@
+import type { AppConfig } from '@librechat/data-schemas';
+import { createAppConfigService } from './service';
+
+/** Extends AppConfig with mock fields used by merge behavior tests. */
+interface TestConfig extends AppConfig {
+  restricted?: boolean;
+  x?: string;
+}
+
+/**
+ * Creates a mock cache that simulates Keyv's namespace behavior.
+ * Keyv stores keys internally as `namespace:key` but its API (get/set/delete)
+ * accepts un-namespaced keys and auto-prepends the namespace.
+ */
+function createMockCache(namespace = 'app_config') {
+  const store = new Map();
+  return {
+    get: jest.fn((key) => Promise.resolve(store.get(`${namespace}:${key}`))),
+    set: jest.fn((key, value) => {
+      store.set(`${namespace}:${key}`, value);
+      return Promise.resolve(undefined);
+    }),
+    delete: jest.fn((key) => {
+      store.delete(`${namespace}:${key}`);
+      return Promise.resolve(true);
+    }),
+    /** Mimic Keyv's opts.store structure for key enumeration in clearOverrideCache */
+    opts: { store: { keys: () => store.keys() } } as {
+      store?: { keys: () => IterableIterator<string> };
+    },
+    _store: store,
+  };
+}
+
+function createDeps(overrides = {}) {
+  const cache = createMockCache();
+  const baseConfig = { interfaceConfig: { endpointsMenu: true }, endpoints: ['openAI'] };
+
+  return {
+    loadBaseConfig: jest.fn().mockResolvedValue(baseConfig),
+    setCachedTools: jest.fn().mockResolvedValue(undefined),
+    getCache: jest.fn().mockReturnValue(cache),
+    cacheKeys: { APP_CONFIG: 'app_config' },
+    getApplicableConfigs: jest.fn().mockResolvedValue([]),
+    getUserPrincipals: jest.fn().mockResolvedValue([
+      { principalType: 'role', principalId: 'USER' },
+      { principalType: 'user', principalId: 'uid1' },
+    ]),
+    _cache: cache,
+    _baseConfig: baseConfig,
+    ...overrides,
+  };
+}
+
+describe('createAppConfigService', () => {
+  describe('getAppConfig', () => {
+    it('loads base config on first call', async () => {
+      const deps = createDeps();
+      const { getAppConfig } = createAppConfigService(deps);
+
+      const config = await getAppConfig();
+
+      expect(deps.loadBaseConfig).toHaveBeenCalledTimes(1);
+      expect(config).toEqual(deps._baseConfig);
+    });
+
+    it('caches base config — does not reload on second call', async () => {
+      const deps = createDeps();
+      const { getAppConfig } = createAppConfigService(deps);
+
+      await getAppConfig();
+      await getAppConfig();
+
+      expect(deps.loadBaseConfig).toHaveBeenCalledTimes(1);
+    });
+
+    it('baseOnly returns YAML config without DB queries', async () => {
+      const deps = createDeps({
+        getApplicableConfigs: jest
+          .fn()
+          .mockResolvedValue([
+            { priority: 10, overrides: { interface: { endpointsMenu: false } }, isActive: true },
+          ]),
+      });
+      const { getAppConfig } = createAppConfigService(deps);
+
+      const config = await getAppConfig({ baseOnly: true });
+
+      expect(deps.loadBaseConfig).toHaveBeenCalledTimes(1);
+      expect(deps.getApplicableConfigs).not.toHaveBeenCalled();
+      expect(config).toEqual(deps._baseConfig);
+    });
+
+    it('reloads base config when refresh is true', async () => {
+      const deps = createDeps();
+      const { getAppConfig } = createAppConfigService(deps);
+
+      await getAppConfig();
+      await getAppConfig({ refresh: true });
+
+      expect(deps.loadBaseConfig).toHaveBeenCalledTimes(2);
+    });
+
+    it('queries DB for applicable configs', async () => {
+      const deps = createDeps();
+      const { getAppConfig } = createAppConfigService(deps);
+
+      await getAppConfig({ role: 'ADMIN' });
+
+      expect(deps.getApplicableConfigs).toHaveBeenCalled();
+    });
+
+    it('caches empty result — does not re-query DB on second call', async () => {
+      const deps = createDeps({ getApplicableConfigs: jest.fn().mockResolvedValue([]) });
+      const { getAppConfig } = createAppConfigService(deps);
+
+      await getAppConfig({ role: 'USER' });
+      await getAppConfig({ role: 'USER' });
+
+      expect(deps.getApplicableConfigs).toHaveBeenCalledTimes(1);
+    });
+
+    it('merges DB configs when found', async () => {
+      const deps = createDeps({
+        getApplicableConfigs: jest
+          .fn()
+          .mockResolvedValue([
+            { priority: 10, overrides: { interface: { endpointsMenu: false } }, isActive: true },
+          ]),
+      });
+      const { getAppConfig } = createAppConfigService(deps);
+
+      const config = await getAppConfig({ role: 'ADMIN' });
+
+      const merged = config as TestConfig;
+      expect(merged.interfaceConfig?.endpointsMenu).toBe(false);
+      expect(merged.endpoints).toEqual(['openAI']);
+    });
+
+    it('caches merged result with TTL', async () => {
+      const deps = createDeps({
+        getApplicableConfigs: jest
+          .fn()
+          .mockResolvedValue([{ priority: 10, overrides: { x: 1 }, isActive: true }]),
+      });
+      const { getAppConfig } = createAppConfigService(deps);
+
+      await getAppConfig({ role: 'ADMIN' });
+      await getAppConfig({ role: 'ADMIN' });
+
+      expect(deps.getApplicableConfigs).toHaveBeenCalledTimes(1);
+    });
+
+    it('uses separate cache keys per userId (no cross-user contamination)', async () => {
+      const deps = createDeps({
+        getApplicableConfigs: jest
+          .fn()
+          .mockResolvedValue([
+            { priority: 100, overrides: { x: 'user-specific' }, isActive: true },
+          ]),
+      });
+      const { getAppConfig } = createAppConfigService(deps);
+
+      await getAppConfig({ userId: 'uid1' });
+      await getAppConfig({ userId: 'uid2' });
+
+      expect(deps.getApplicableConfigs).toHaveBeenCalledTimes(2);
+    });
+
+    it('userId without role gets its own cache key', async () => {
+      const deps = createDeps({
+        getApplicableConfigs: jest
+          .fn()
+          .mockResolvedValue([{ priority: 100, overrides: { y: 1 }, isActive: true }]),
+      });
+      const { getAppConfig } = createAppConfigService(deps);
+
+      await getAppConfig({ userId: 'uid1' });
+
+      const cachedKeys = [...deps._cache._store.keys()];
+      const overrideKey = cachedKeys.find((k) => k.includes('_OVERRIDE_:'));
+      expect(overrideKey).toBe('app_config:_OVERRIDE_:__default__:uid1');
+    });
+
+    it('tenantId is included in cache key to prevent cross-tenant contamination', async () => {
+      const deps = createDeps({
+        getApplicableConfigs: jest
+          .fn()
+          .mockResolvedValue([{ priority: 10, overrides: { x: 1 }, isActive: true }]),
+      });
+      const { getAppConfig } = createAppConfigService(deps);
+
+      await getAppConfig({ role: 'ADMIN', tenantId: 'tenant-a' });
+      await getAppConfig({ role: 'ADMIN', tenantId: 'tenant-b' });
+
+      expect(deps.getApplicableConfigs).toHaveBeenCalledTimes(2);
+    });
+
+    it('base-only empty result does not block subsequent scoped queries with results', async () => {
+      const mockGetConfigs = jest.fn().mockResolvedValue([]);
+      const deps = createDeps({ getApplicableConfigs: mockGetConfigs });
+      const { getAppConfig } = createAppConfigService(deps);
+
+      await getAppConfig();
+
+      mockGetConfigs.mockResolvedValueOnce([
+        { priority: 10, overrides: { restricted: true }, isActive: true },
+      ]);
+      const config = await getAppConfig({ role: 'ADMIN' });
+
+      expect(mockGetConfigs).toHaveBeenCalledTimes(2);
+      expect((config as TestConfig).restricted).toBe(true);
+    });
+
+    it('does not short-circuit other users when one user has no overrides', async () => {
+      const mockGetConfigs = jest.fn().mockResolvedValue([]);
+      const deps = createDeps({ getApplicableConfigs: mockGetConfigs });
+      const { getAppConfig } = createAppConfigService(deps);
+
+      await getAppConfig({ role: 'USER' });
+      expect(mockGetConfigs).toHaveBeenCalledTimes(1);
+
+      mockGetConfigs.mockResolvedValueOnce([
+        { priority: 10, overrides: { x: 'admin-only' }, isActive: true },
+      ]);
+      const config = await getAppConfig({ role: 'ADMIN' });
+
+      expect(mockGetConfigs).toHaveBeenCalledTimes(2);
+      expect((config as TestConfig).x).toBe('admin-only');
+    });
+
+    it('falls back to base config on getApplicableConfigs error', async () => {
+      const deps = createDeps({
+        getApplicableConfigs: jest.fn().mockRejectedValue(new Error('DB down')),
+      });
+      const { getAppConfig } = createAppConfigService(deps);
+
+      const config = await getAppConfig({ role: 'ADMIN' });
+
+      expect(config).toEqual(deps._baseConfig);
+    });
+
+    it('calls getUserPrincipals when userId is provided', async () => {
+      const deps = createDeps();
+      const { getAppConfig } = createAppConfigService(deps);
+
+      await getAppConfig({ role: 'USER', userId: 'uid1' });
+
+      expect(deps.getUserPrincipals).toHaveBeenCalledWith({
+        userId: 'uid1',
+        role: 'USER',
+      });
+    });
+
+    it('does not call getUserPrincipals when only role is provided', async () => {
+      const deps = createDeps();
+      const { getAppConfig } = createAppConfigService(deps);
+
+      await getAppConfig({ role: 'ADMIN' });
+
+      expect(deps.getUserPrincipals).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('clearAppConfigCache', () => {
+    it('clears base config so it reloads on next call', async () => {
+      const deps = createDeps();
+      const { getAppConfig, clearAppConfigCache } = createAppConfigService(deps);
+
+      await getAppConfig();
+      expect(deps.loadBaseConfig).toHaveBeenCalledTimes(1);
+
+      await clearAppConfigCache();
+      await getAppConfig();
+      expect(deps.loadBaseConfig).toHaveBeenCalledTimes(2);
+    });
+  });
+
+  describe('clearOverrideCache', () => {
+    it('clears all override caches when no tenantId is provided', async () => {
+      const deps = createDeps({
+        getApplicableConfigs: jest
+          .fn()
+          .mockResolvedValue([{ priority: 10, overrides: { x: 1 }, isActive: true }]),
+      });
+      const { getAppConfig, clearOverrideCache } = createAppConfigService(deps);
+
+      await getAppConfig({ role: 'ADMIN', tenantId: 'tenant-a' });
+      await getAppConfig({ role: 'ADMIN', tenantId: 'tenant-b' });
+      expect(deps.getApplicableConfigs).toHaveBeenCalledTimes(2);
+
+      await clearOverrideCache();
+
+      // After clearing, both tenants should re-query DB
+      await getAppConfig({ role: 'ADMIN', tenantId: 'tenant-a' });
+      await getAppConfig({ role: 'ADMIN', tenantId: 'tenant-b' });
+      expect(deps.getApplicableConfigs).toHaveBeenCalledTimes(4);
+    });
+
+    it('clears only specified tenant override caches', async () => {
+      const deps = createDeps({
+        getApplicableConfigs: jest
+          .fn()
+          .mockResolvedValue([{ priority: 10, overrides: { x: 1 }, isActive: true }]),
+      });
+      const { getAppConfig, clearOverrideCache } = createAppConfigService(deps);
+
+      await getAppConfig({ role: 'ADMIN', tenantId: 'tenant-a' });
+      await getAppConfig({ role: 'ADMIN', tenantId: 'tenant-b' });
+      expect(deps.getApplicableConfigs).toHaveBeenCalledTimes(2);
+
+      await clearOverrideCache('tenant-a');
+
+      // tenant-a should re-query, tenant-b should be cached
+      await getAppConfig({ role: 'ADMIN', tenantId: 'tenant-a' });
+      await getAppConfig({ role: 'ADMIN', tenantId: 'tenant-b' });
+      expect(deps.getApplicableConfigs).toHaveBeenCalledTimes(3);
+    });
+
+    it('does not clear base config', async () => {
+      const deps = createDeps();
+      const { getAppConfig, clearOverrideCache } = createAppConfigService(deps);
+
+      await getAppConfig();
+      expect(deps.loadBaseConfig).toHaveBeenCalledTimes(1);
+
+      await clearOverrideCache();
+
+      await getAppConfig();
+      // Base config should still be cached
+      expect(deps.loadBaseConfig).toHaveBeenCalledTimes(1);
+    });
+
+    it('does not throw when store.keys is unavailable (Redis fallback to TTL expiry)', async () => {
+      const deps = createDeps();
+      // Remove store.keys to simulate Redis-backed cache
+      deps._cache.opts = {};
+      const { clearOverrideCache } = createAppConfigService(deps);
+
+      // Should not throw — logs warning and relies on TTL expiry
+      await expect(clearOverrideCache()).resolves.toBeUndefined();
+    });
+  });
+});
diff --git a/packages/api/src/app/service.ts b/packages/api/src/app/service.ts
new file mode 100644
index 0000000000..6c5d307709
--- /dev/null
+++ b/packages/api/src/app/service.ts
@@ -0,0 +1,251 @@
+import { PrincipalType } from 'librechat-data-provider';
+import { logger, mergeConfigOverrides, BASE_CONFIG_PRINCIPAL_ID } from '@librechat/data-schemas';
+import type { Types } from 'mongoose';
+import type { AppConfig, IConfig } from '@librechat/data-schemas';
+
+const BASE_CONFIG_KEY = '_BASE_';
+
+const DEFAULT_OVERRIDE_CACHE_TTL = 60_000;
+
+// ── Types ────────────────────────────────────────────────────────────
+
+interface CacheStore {
+  get: (key: string) => Promise<unknown>;
+  set: (key: string, value: unknown, ttl?: number) => Promise<unknown>;
+  delete: (key: string) => Promise<boolean>;
+  /** Keyv options — used for key enumeration when clearing override caches. */
+  opts?: {
+    store?: {
+      keys?: () => IterableIterator<string>;
+    };
+  };
+}
+
+export interface AppConfigServiceDeps {
+  /** Load the base AppConfig from YAML + AppService processing. */
+  loadBaseConfig: () => Promise<AppConfig | undefined>;
+  /** Cache tools after base config is loaded. */
+  setCachedTools: (tools: Record<string, unknown>) => Promise<void>;
+  /** Get a cache store by key. */
+  getCache: (key: string) => CacheStore;
+  /** The CacheKeys constants from librechat-data-provider. */
+  cacheKeys: { APP_CONFIG: string };
+  /** Fetch applicable DB config overrides for a set of principals. */
+  getApplicableConfigs: (
+    principals?: Array<{ principalType: string; principalId?: string | Types.ObjectId }>,
+  ) => Promise<IConfig[]>;
+  /** Resolve full principal list (user + role + groups) from userId/role. */
+  getUserPrincipals: (params: {
+    userId: string | Types.ObjectId;
+    role?: string | null;
+  }) => Promise<Array<{ principalType: string; principalId?: string | Types.ObjectId }>>;
+  /** TTL in ms for per-user/role merged config caches. Defaults to 60 000. */
+  overrideCacheTtl?: number;
+}
+
+// ── Helpers ──────────────────────────────────────────────────────────
+
+let _strictOverride: boolean | undefined;
+function isStrictOverrideMode(): boolean {
+  return (_strictOverride ??= process.env.TENANT_ISOLATION_STRICT === 'true');
+}
+
+/** @internal Resets the cached strict-override flag. Exposed for test teardown only. */
+let _warnedNoTenantInStrictMode = false;
+
+export function _resetOverrideStrictCache(): void {
+  _strictOverride = undefined;
+  _warnedNoTenantInStrictMode = false;
+}
+
+function overrideCacheKey(role?: string, userId?: string, tenantId?: string): string {
+  const tenant = tenantId || '__default__';
+  if (!tenantId && isStrictOverrideMode() && !_warnedNoTenantInStrictMode) {
+    _warnedNoTenantInStrictMode = true;
+    logger.warn(
+      '[overrideCacheKey] No tenantId in strict mode — falling back to __default__. ' +
+        'This likely indicates a code path that bypasses the tenant context middleware.',
+    );
+  }
+  if (userId && role) {
+    return `_OVERRIDE_:${tenant}:${role}:${userId}`;
+  }
+  if (userId) {
+    return `_OVERRIDE_:${tenant}:${userId}`;
+  }
+  if (role) {
+    return `_OVERRIDE_:${tenant}:${role}`;
+  }
+  return `_OVERRIDE_:${tenant}:${BASE_CONFIG_PRINCIPAL_ID}`;
+}
+
+// ── Service factory ──────────────────────────────────────────────────
+
+export function createAppConfigService(deps: AppConfigServiceDeps) {
+  const {
+    loadBaseConfig,
+    setCachedTools,
+    getCache,
+    cacheKeys,
+    getApplicableConfigs,
+    getUserPrincipals,
+    overrideCacheTtl = DEFAULT_OVERRIDE_CACHE_TTL,
+  } = deps;
+
+  const cache = getCache(cacheKeys.APP_CONFIG);
+
+  async function buildPrincipals(
+    role?: string,
+    userId?: string,
+  ): Promise<Array<{ principalType: string; principalId?: string | Types.ObjectId }>> {
+    if (userId) {
+      return getUserPrincipals({ userId, role });
+    }
+    const principals: Array<{ principalType: string; principalId?: string | Types.ObjectId }> = [];
+    if (role) {
+      principals.push({ principalType: PrincipalType.ROLE, principalId: role });
+    }
+    return principals;
+  }
+
+  /**
+   * Ensure the YAML-derived base config is loaded and cached.
+   * Returns the `_BASE_` config (YAML + AppService). No DB queries.
+   */
+  async function ensureBaseConfig(refresh?: boolean): Promise<AppConfig> {
+    let baseConfig = (await cache.get(BASE_CONFIG_KEY)) as AppConfig | undefined;
+    if (!baseConfig || refresh) {
+      logger.info('[ensureBaseConfig] Loading base configuration...');
+      baseConfig = await loadBaseConfig();
+
+      if (!baseConfig) {
+        throw new Error('Failed to initialize app configuration through AppService.');
+      }
+
+      if (baseConfig.availableTools) {
+        await setCachedTools(baseConfig.availableTools);
+      }
+
+      await cache.set(BASE_CONFIG_KEY, baseConfig);
+    }
+    return baseConfig;
+  }
+
+  /**
+   * Get the app configuration, optionally merged with DB overrides for the given principal.
+   *
+   * The base config (from YAML + AppService) is cached indefinitely. Per-principal merged
+   * configs are cached with a short TTL (`overrideCacheTtl`, default 60s). On cache miss,
+   * `getApplicableConfigs` queries the DB for matching overrides and merges them by priority.
+   *
+   * When `baseOnly` is true, returns the YAML-derived config without any DB queries.
+   * `role`, `userId`, and `tenantId` are ignored in this mode.
+   * Use this for startup, auth strategies, and other pre-tenant code paths.
+   */
+  async function getAppConfig(
+    options: {
+      role?: string;
+      userId?: string;
+      tenantId?: string;
+      refresh?: boolean;
+      /** When true, return only the YAML-derived base config — no DB override queries. */
+      baseOnly?: boolean;
+    } = {},
+  ): Promise<AppConfig> {
+    const { role, userId, tenantId, refresh, baseOnly } = options;
+
+    const baseConfig = await ensureBaseConfig(refresh);
+
+    if (baseOnly) {
+      return baseConfig;
+    }
+
+    const cacheKey = overrideCacheKey(role, userId, tenantId);
+    if (!refresh) {
+      const cachedMerged = (await cache.get(cacheKey)) as AppConfig | undefined;
+      if (cachedMerged) {
+        return cachedMerged;
+      }
+    }
+
+    try {
+      const principals = await buildPrincipals(role, userId);
+      const configs = await getApplicableConfigs(principals);
+
+      if (configs.length === 0) {
+        await cache.set(cacheKey, baseConfig, overrideCacheTtl);
+        return baseConfig;
+      }
+
+      const merged = mergeConfigOverrides(baseConfig, configs);
+      await cache.set(cacheKey, merged, overrideCacheTtl);
+      return merged;
+    } catch (error) {
+      logger.error('[getAppConfig] Error resolving config overrides, falling back to base:', error);
+      return baseConfig;
+    }
+  }
+
+  /**
+   * Clear the base config cache. Per-user/role override caches (`_OVERRIDE_:*`)
+   * are NOT flushed — they expire naturally via `overrideCacheTtl`. After calling this,
+   * the base config will be reloaded from YAML on the next `getAppConfig` call, but
+   * users with cached overrides may see stale merged configs for up to `overrideCacheTtl` ms.
+   */
+  async function clearAppConfigCache(): Promise<void> {
+    await cache.delete(BASE_CONFIG_KEY);
+  }
+
+  /**
+   * Clear per-principal override caches. When `tenantId` is provided, only caches
+   * matching `_OVERRIDE_:${tenantId}:*` are deleted. When omitted, ALL override
+   * caches are cleared.
+   */
+  async function clearOverrideCache(tenantId?: string): Promise<void> {
+    const namespace = cacheKeys.APP_CONFIG;
+    const overrideSegment = tenantId ? `_OVERRIDE_:${tenantId}:` : '_OVERRIDE_:';
+
+    // In-memory store — enumerate keys directly.
+    // APP_CONFIG defaults to FORCED_IN_MEMORY_CACHE_NAMESPACES, so this is the
+    // standard path. Redis SCAN is intentionally avoided here — it can cause 60s+
+    // stalls under concurrent load (see #12410). When APP_CONFIG is Redis-backed
+    // and store.keys() is unavailable, overrides expire naturally via TTL.
+    const store = (cache as CacheStore).opts?.store;
+    if (store && typeof store.keys === 'function') {
+      // Keyv stores keys with a namespace prefix (e.g. "APP_CONFIG:_OVERRIDE_:...").
+      // We match on the namespaced key but delete using the un-namespaced key
+      // because Keyv.delete() auto-prepends the namespace.
+      const namespacedPrefix = `${namespace}:${overrideSegment}`;
+      const toDelete: string[] = [];
+      for (const key of store.keys()) {
+        if (key.startsWith(namespacedPrefix)) {
+          toDelete.push(key.slice(namespace.length + 1));
+        }
+      }
+      if (toDelete.length > 0) {
+        await Promise.all(toDelete.map((key) => cache.delete(key)));
+        logger.info(
+          `[clearOverrideCache] Cleared ${toDelete.length} override cache entries` +
+            (tenantId ? ` for tenant ${tenantId}` : ''),
+        );
+      }
+      return;
+    }
+
+    logger.warn(
+      '[clearOverrideCache] Cache store does not support key enumeration. ' +
+        'Override caches will expire naturally via TTL (%dms). ' +
+        'This is expected when APP_CONFIG is Redis-backed — Redis SCAN is avoided ' +
+        'for performance reasons (see #12410).',
+      overrideCacheTtl,
+    );
+  }
+
+  return {
+    getAppConfig,
+    clearAppConfigCache,
+    clearOverrideCache,
+  };
+}
+
+export type AppConfigService = ReturnType<typeof createAppConfigService>;
diff --git a/packages/api/src/auth/exchange.spec.ts b/packages/api/src/auth/exchange.spec.ts
new file mode 100644
index 0000000000..05865197a8
--- /dev/null
+++ b/packages/api/src/auth/exchange.spec.ts
@@ -0,0 +1,217 @@
+import crypto from 'crypto';
+import { Keyv } from 'keyv';
+import type { IUser } from '@librechat/data-schemas';
+
+jest.mock(
+  '@librechat/data-schemas',
+  () => ({
+    logger: {
+      info: jest.fn(),
+      warn: jest.fn(),
+    },
+  }),
+  { virtual: true },
+);
+
+import { exchangeAdminCode, generateAdminExchangeCode, verifyCodeChallenge } from './exchange';
+
+describe('admin OAuth code exchange', () => {
+  const user = {
+    _id: 'user123',
+    email: 'admin@example.com',
+    name: 'Admin User',
+    username: 'admin',
+    role: 'ADMIN',
+    provider: 'openid',
+  } as unknown as IUser;
+
+  const createCache = () => {
+    const cache = new Keyv();
+    const deleteSpy = jest.spyOn(cache, 'delete');
+    return { cache, deleteSpy };
+  };
+
+  describe('origin binding', () => {
+    it('exchanges code when request origin matches generated origin', async () => {
+      const { cache } = createCache();
+      const exchangeCode = await generateAdminExchangeCode(
+        cache,
+        user,
+        'jwt-token',
+        'refresh-token',
+        'https://admin.example.com',
+      );
+
+      const result = await exchangeAdminCode(cache, exchangeCode, 'https://admin.example.com');
+
+      expect(result).not.toBeNull();
+      expect(result!.token).toBe('jwt-token');
+      expect(result!.refreshToken).toBe('refresh-token');
+      expect(result!.user.email).toBe('admin@example.com');
+    });
+
+    it('rejects code exchange when request origin does not match generated origin', async () => {
+      const { cache, deleteSpy } = createCache();
+      const exchangeCode = await generateAdminExchangeCode(
+        cache,
+        user,
+        'jwt-token',
+        'refresh-token',
+        'https://admin.example.com',
+      );
+
+      const result = await exchangeAdminCode(cache, exchangeCode, 'https://evil.example.com');
+
+      expect(result).toBeNull();
+      expect(deleteSpy).toHaveBeenCalledWith(exchangeCode);
+      await expect(cache.get(exchangeCode)).resolves.toBeUndefined();
+    });
+
+    it('rejects code exchange when origin is stored but request has no origin', async () => {
+      const { cache } = createCache();
+      const exchangeCode = await generateAdminExchangeCode(
+        cache,
+        user,
+        'jwt-token',
+        'refresh-token',
+        'https://admin.example.com',
+      );
+
+      const result = await exchangeAdminCode(cache, exchangeCode, undefined);
+
+      expect(result).toBeNull();
+    });
+
+    it('allows exchange when no origin was stored (backward compat)', async () => {
+      const { cache } = createCache();
+      const exchangeCode = await generateAdminExchangeCode(
+        cache,
+        user,
+        'jwt-token',
+        'refresh-token',
+      );
+
+      const result = await exchangeAdminCode(cache, exchangeCode, 'https://any-origin.com');
+
+      expect(result).not.toBeNull();
+      expect(result!.token).toBe('jwt-token');
+    });
+  });
+
+  describe('one-time use', () => {
+    it('rejects code that has already been used', async () => {
+      const { cache } = createCache();
+      const exchangeCode = await generateAdminExchangeCode(
+        cache,
+        user,
+        'jwt-token',
+        'refresh-token',
+        'https://admin.example.com',
+      );
+
+      await exchangeAdminCode(cache, exchangeCode, 'https://admin.example.com');
+      const secondAttempt = await exchangeAdminCode(
+        cache,
+        exchangeCode,
+        'https://admin.example.com',
+      );
+
+      expect(secondAttempt).toBeNull();
+    });
+  });
+
+  describe('PKCE verification', () => {
+    const codeVerifier = crypto.randomBytes(32).toString('hex');
+    const codeChallenge = crypto.createHash('sha256').update(codeVerifier).digest('hex');
+
+    it('verifyCodeChallenge returns true for matching verifier', () => {
+      expect(verifyCodeChallenge(codeVerifier, codeChallenge)).toBe(true);
+    });
+
+    it('verifyCodeChallenge returns false for wrong verifier', () => {
+      expect(verifyCodeChallenge('wrong-verifier', codeChallenge)).toBe(false);
+    });
+
+    it('verifyCodeChallenge handles hex case insensitively (input gate rejects uppercase)', () => {
+      const uppercaseChallenge = codeChallenge.toUpperCase();
+      // Buffer.from(hex) is case-insensitive, so verification passes at this layer.
+      // Uppercase challenges are rejected earlier by PKCE_CHALLENGE_PATTERN (no /i flag).
+      expect(verifyCodeChallenge(codeVerifier, uppercaseChallenge)).toBe(true);
+    });
+
+    it('exchanges code when valid code_verifier is provided', async () => {
+      const { cache } = createCache();
+      const exchangeCode = await generateAdminExchangeCode(
+        cache,
+        user,
+        'jwt-token',
+        'refresh-token',
+        'https://admin.example.com',
+        codeChallenge,
+      );
+
+      const result = await exchangeAdminCode(
+        cache,
+        exchangeCode,
+        'https://admin.example.com',
+        codeVerifier,
+      );
+
+      expect(result).not.toBeNull();
+      expect(result!.token).toBe('jwt-token');
+    });
+
+    it('rejects exchange when code_verifier does not match challenge', async () => {
+      const { cache } = createCache();
+      const exchangeCode = await generateAdminExchangeCode(
+        cache,
+        user,
+        'jwt-token',
+        'refresh-token',
+        'https://admin.example.com',
+        codeChallenge,
+      );
+
+      const result = await exchangeAdminCode(
+        cache,
+        exchangeCode,
+        'https://admin.example.com',
+        'wrong-verifier',
+      );
+
+      expect(result).toBeNull();
+    });
+
+    it('rejects exchange when challenge stored but no verifier provided', async () => {
+      const { cache } = createCache();
+      const exchangeCode = await generateAdminExchangeCode(
+        cache,
+        user,
+        'jwt-token',
+        'refresh-token',
+        'https://admin.example.com',
+        codeChallenge,
+      );
+
+      const result = await exchangeAdminCode(cache, exchangeCode, 'https://admin.example.com');
+
+      expect(result).toBeNull();
+    });
+
+    it('allows exchange when no challenge stored and no verifier sent (backward compat)', async () => {
+      const { cache } = createCache();
+      const exchangeCode = await generateAdminExchangeCode(
+        cache,
+        user,
+        'jwt-token',
+        'refresh-token',
+        'https://admin.example.com',
+      );
+
+      const result = await exchangeAdminCode(cache, exchangeCode, 'https://admin.example.com');
+
+      expect(result).not.toBeNull();
+      expect(result!.token).toBe('jwt-token');
+    });
+  });
+});
diff --git a/packages/api/src/auth/exchange.ts b/packages/api/src/auth/exchange.ts
index c919974523..f304ac6532 100644
--- a/packages/api/src/auth/exchange.ts
+++ b/packages/api/src/auth/exchange.ts
@@ -37,6 +37,8 @@ export interface AdminExchangeData {
   user: AdminExchangeUser;
   token: string;
   refreshToken?: string;
+  origin?: string;
+  codeChallenge?: string;
 }
 
 /**
@@ -68,12 +70,30 @@ export function serializeUserForExchange(user: IUser): AdminExchangeUser {
   };
 }
 
+/**
+ * Verifies a PKCE code_verifier against a stored code_challenge.
+ * Uses hex-encoded SHA-256 comparison (not RFC 7636 S256 which uses base64url).
+ * @param verifier - The code_verifier provided during exchange
+ * @param challenge - The hex-encoded SHA-256 code_challenge stored during code generation
+ * @returns True if the verifier matches the challenge
+ */
+export function verifyCodeChallenge(verifier: string, challenge: string): boolean {
+  const computed = crypto.createHash('sha256').update(verifier).digest();
+  const storedBuf = Buffer.from(challenge, 'hex');
+  if (computed.length !== storedBuf.length) {
+    return false;
+  }
+  return crypto.timingSafeEqual(computed, storedBuf);
+}
+
 /**
  * Generates an exchange code and stores user data for admin panel OAuth flow.
  * @param cache - The Keyv cache instance for storing exchange data
  * @param user - The authenticated user object
  * @param token - The JWT access token
  * @param refreshToken - Optional refresh token for OpenID users
+ * @param origin - The admin panel origin (scheme://host:port) for origin binding
+ * @param codeChallenge - PKCE code_challenge (hex-encoded SHA-256 of code_verifier)
  * @returns The generated exchange code
  */
 export async function generateAdminExchangeCode(
@@ -81,6 +101,8 @@ export async function generateAdminExchangeCode(
   user: IUser,
   token: string,
   refreshToken?: string,
+  origin?: string,
+  codeChallenge?: string,
 ): Promise<string> {
   const exchangeCode = crypto.randomBytes(32).toString('hex');
 
@@ -89,6 +111,8 @@ export async function generateAdminExchangeCode(
     user: serializeUserForExchange(user),
     token,
     refreshToken,
+    origin,
+    codeChallenge,
   };
 
   await cache.set(exchangeCode, data);
@@ -103,15 +127,19 @@ export async function generateAdminExchangeCode(
  * The code is deleted immediately after retrieval (one-time use).
  * @param cache - The Keyv cache instance for retrieving exchange data
  * @param code - The authorization code to exchange
+ * @param requestOrigin - The origin of the requesting client for origin binding
+ * @param codeVerifier - PKCE code_verifier to verify against the stored code_challenge
  * @returns The exchange response with token, refreshToken, and user data, or null if invalid/expired
  */
 export async function exchangeAdminCode(
   cache: Keyv,
   code: string,
+  requestOrigin?: string,
+  codeVerifier?: string,
 ): Promise<AdminExchangeResponse | null> {
   const data = (await cache.get(code)) as AdminExchangeData | undefined;
 
-  /** Delete immediately - one-time use */
+  /** Delete before validation — ensures one-time use even if subsequent checks throw */
   await cache.delete(code);
 
   if (!data) {
@@ -119,6 +147,18 @@ export async function exchangeAdminCode(
     return null;
   }
 
+  if (data.origin && data.origin !== requestOrigin) {
+    logger.warn('[adminExchange] Authorization code origin mismatch');
+    return null;
+  }
+
+  if (data.codeChallenge) {
+    if (!codeVerifier || !verifyCodeChallenge(codeVerifier, data.codeChallenge)) {
+      logger.warn('[adminExchange] PKCE code_verifier mismatch or missing');
+      return null;
+    }
+  }
+
   logger.info(`[adminExchange] Exchanged code for user: ${data.user?.email}`);
 
   return {
diff --git a/packages/api/src/auth/openid.spec.ts b/packages/api/src/auth/openid.spec.ts
index 0761a24e85..2cf3992cdf 100644
--- a/packages/api/src/auth/openid.spec.ts
+++ b/packages/api/src/auth/openid.spec.ts
@@ -1,8 +1,13 @@
+import { Types } from 'mongoose';
 import { ErrorTypes } from 'librechat-data-provider';
 import { logger } from '@librechat/data-schemas';
 import type { IUser, UserMethods } from '@librechat/data-schemas';
 import { findOpenIDUser } from './openid';
 
+function newId() {
+  return new Types.ObjectId();
+}
+
 jest.mock('@librechat/data-schemas', () => ({
   ...jest.requireActual('@librechat/data-schemas'),
   logger: {
@@ -24,7 +29,7 @@ describe('findOpenIDUser', () => {
   describe('Primary condition searches', () => {
     it('should find user by openidId', async () => {
       const mockUser: IUser = {
-        _id: 'user123',
+        _id: newId(),
         provider: 'openid',
         openidId: 'openid_123',
         email: 'user@example.com',
@@ -51,7 +56,7 @@ describe('findOpenIDUser', () => {
 
     it('should find user by idOnTheSource', async () => {
       const mockUser: IUser = {
-        _id: 'user123',
+        _id: newId(),
         provider: 'openid',
         idOnTheSource: 'source_123',
         email: 'user@example.com',
@@ -78,7 +83,7 @@ describe('findOpenIDUser', () => {
 
     it('should find user by both openidId and idOnTheSource', async () => {
       const mockUser: IUser = {
-        _id: 'user123',
+        _id: newId(),
         provider: 'openid',
         openidId: 'openid_123',
         idOnTheSource: 'source_123',
@@ -109,16 +114,14 @@ describe('findOpenIDUser', () => {
   describe('Email-based searches', () => {
     it('should find user by email when primary conditions fail and openidId matches', async () => {
       const mockUser: IUser = {
-        _id: 'user123',
+        _id: newId(),
         provider: 'openid',
         openidId: 'openid_123',
         email: 'user@example.com',
         username: 'testuser',
       } as IUser;
 
-      mockFindUser
-        .mockResolvedValueOnce(null)
-        .mockResolvedValueOnce(mockUser);
+      mockFindUser.mockResolvedValueOnce(null).mockResolvedValueOnce(mockUser);
 
       const result = await findOpenIDUser({
         openidId: 'openid_123',
@@ -179,7 +182,7 @@ describe('findOpenIDUser', () => {
   describe('Provider conflict handling', () => {
     it('should return error when user has different provider', async () => {
       const mockUser: IUser = {
-        _id: 'user123',
+        _id: newId(),
         provider: 'google',
         email: 'user@example.com',
         username: 'testuser',
@@ -204,16 +207,14 @@ describe('findOpenIDUser', () => {
 
     it('should reject email fallback when existing openidId does not match token sub', async () => {
       const mockUser: IUser = {
-        _id: 'user123',
+        _id: newId(),
         provider: 'openid',
         openidId: 'openid_456',
         email: 'user@example.com',
         username: 'testuser',
       } as IUser;
 
-      mockFindUser
-        .mockResolvedValueOnce(null)
-        .mockResolvedValueOnce(mockUser);
+      mockFindUser.mockResolvedValueOnce(null).mockResolvedValueOnce(mockUser);
 
       const result = await findOpenIDUser({
         openidId: 'openid_123',
@@ -230,16 +231,14 @@ describe('findOpenIDUser', () => {
 
     it('should allow email fallback when existing openidId matches token sub', async () => {
       const mockUser: IUser = {
-        _id: 'user123',
+        _id: newId(),
         provider: 'openid',
         openidId: 'openid_123',
         email: 'user@example.com',
         username: 'testuser',
       } as IUser;
 
-      mockFindUser
-        .mockResolvedValueOnce(null)
-        .mockResolvedValueOnce(mockUser);
+      mockFindUser.mockResolvedValueOnce(null).mockResolvedValueOnce(mockUser);
 
       const result = await findOpenIDUser({
         openidId: 'openid_123',
@@ -258,7 +257,7 @@ describe('findOpenIDUser', () => {
   describe('User migration scenarios', () => {
     it('should prepare user for migration when email exists without openidId', async () => {
       const mockUser: IUser = {
-        _id: 'user123',
+        _id: newId(),
         email: 'user@example.com',
         username: 'testuser',
         // No provider and no openidId - needs migration
@@ -287,16 +286,14 @@ describe('findOpenIDUser', () => {
 
     it('should reject when user already has a different openidId', async () => {
       const mockUser: IUser = {
-        _id: 'user123',
+        _id: newId(),
         provider: 'openid',
         openidId: 'existing_openid',
         email: 'user@example.com',
         username: 'testuser',
       } as IUser;
 
-      mockFindUser
-        .mockResolvedValueOnce(null)
-        .mockResolvedValueOnce(mockUser);
+      mockFindUser.mockResolvedValueOnce(null).mockResolvedValueOnce(mockUser);
 
       const result = await findOpenIDUser({
         openidId: 'openid_123',
@@ -313,16 +310,14 @@ describe('findOpenIDUser', () => {
 
     it('should reject when user has no provider but a different openidId', async () => {
       const mockUser: IUser = {
-        _id: 'user123',
+        _id: newId(),
         openidId: 'existing_openid',
         email: 'user@example.com',
         username: 'testuser',
         // No provider field — tests a different branch than openid-provider mismatch
       } as IUser;
 
-      mockFindUser
-        .mockResolvedValueOnce(null)
-        .mockResolvedValueOnce(mockUser);
+      mockFindUser.mockResolvedValueOnce(null).mockResolvedValueOnce(mockUser);
 
       const result = await findOpenIDUser({
         openidId: 'openid_123',
@@ -422,16 +417,14 @@ describe('findOpenIDUser', () => {
 
     it('should pass email to findUser for case-insensitive lookup (findUser handles normalization)', async () => {
       const mockUser: IUser = {
-        _id: 'user123',
+        _id: newId(),
         provider: 'openid',
         openidId: 'openid_123',
         email: 'user@example.com',
         username: 'testuser',
       } as IUser;
 
-      mockFindUser
-        .mockResolvedValueOnce(null)
-        .mockResolvedValueOnce(mockUser);
+      mockFindUser.mockResolvedValueOnce(null).mockResolvedValueOnce(mockUser);
 
       const result = await findOpenIDUser({
         openidId: 'openid_123',
@@ -460,7 +453,7 @@ describe('findOpenIDUser', () => {
 
     it('should reject email fallback when openidId is empty and user has a stored openidId', async () => {
       const mockUser: IUser = {
-        _id: 'user123',
+        _id: newId(),
         provider: 'openid',
         openidId: 'existing-real-id',
         email: 'user@example.com',
diff --git a/packages/api/src/cache/__tests__/cacheFactory/sessionCache.cache_integration.spec.ts b/packages/api/src/cache/__tests__/cacheFactory/sessionCache.cache_integration.spec.ts
index f4ded8bc74..99c0d69b37 100644
--- a/packages/api/src/cache/__tests__/cacheFactory/sessionCache.cache_integration.spec.ts
+++ b/packages/api/src/cache/__tests__/cacheFactory/sessionCache.cache_integration.spec.ts
@@ -1,33 +1,36 @@
-interface SessionData {
+import type { MemoryStore, SessionData } from 'express-session';
+import type { RedisStore as ConnectRedis } from 'connect-redis';
+
+interface TestSessionData {
   [key: string]: unknown;
   cookie?: { maxAge: number };
   user?: { id: string; name: string };
   userId?: string;
 }
 
-interface SessionStore {
-  prefix?: string;
-  set: (id: string, data: SessionData, callback?: (err?: Error) => void) => void;
-  get: (id: string, callback: (err: Error | null, data?: SessionData | null) => void) => void;
-  destroy: (id: string, callback?: (err?: Error) => void) => void;
-  touch: (id: string, data: SessionData, callback?: (err?: Error) => void) => void;
-  on?: (event: string, handler: (...args: unknown[]) => void) => void;
-}
+type CacheSessionStore = MemoryStore | ConnectRedis;
 
 describe('sessionCache', () => {
   let originalEnv: NodeJS.ProcessEnv;
 
-  // Helper to make session stores async
-  const asyncStore = (store: SessionStore) => ({
-    set: (id: string, data: SessionData) =>
-      new Promise<void>((resolve) => store.set(id, data, () => resolve())),
+  // Helper to make session stores async — uses generic store type to bridge
+  // between MemoryStore/ConnectRedis and the test's relaxed SessionData shape.
+  // The store methods accept express-session's SessionData but test data is
+  // intentionally simpler; the cast bridges the gap for integration tests.
+  const asyncStore = (store: CacheSessionStore) => ({
+    set: (id: string, data: TestSessionData) =>
+      new Promise<void>((resolve) =>
+        store.set(id, data as Partial<SessionData> as SessionData, () => resolve()),
+      ),
     get: (id: string) =>
-      new Promise<SessionData | null | undefined>((resolve) =>
-        store.get(id, (_, data) => resolve(data)),
+      new Promise<TestSessionData | null | undefined>((resolve) =>
+        store.get(id, (_, data) => resolve(data as TestSessionData | null | undefined)),
       ),
     destroy: (id: string) => new Promise<void>((resolve) => store.destroy(id, () => resolve())),
-    touch: (id: string, data: SessionData) =>
-      new Promise<void>((resolve) => store.touch(id, data, () => resolve())),
+    touch: (id: string, data: TestSessionData) =>
+      new Promise<void>((resolve) =>
+        store.touch(id, data as Partial<SessionData> as SessionData, () => resolve()),
+      ),
   });
 
   beforeEach(() => {
@@ -66,11 +69,11 @@ describe('sessionCache', () => {
     // Verify it returns a ConnectRedis instance
     expect(store).toBeDefined();
     expect(store.constructor.name).toBe('RedisStore');
-    expect(store.prefix).toBe('test-sessions:');
+    expect((store as CacheSessionStore & { prefix: string }).prefix).toBe('test-sessions:');
 
     // Test session operations
     const sessionId = 'sess:123456';
-    const sessionData: SessionData = {
+    const sessionData: TestSessionData = {
       user: { id: 'user123', name: 'Test User' },
       cookie: { maxAge: 3600000 },
     };
@@ -107,7 +110,7 @@ describe('sessionCache', () => {
 
     // Test session operations
     const sessionId = 'mem:789012';
-    const sessionData: SessionData = {
+    const sessionData: TestSessionData = {
       user: { id: 'user456', name: 'Memory User' },
       cookie: { maxAge: 3600000 },
     };
@@ -135,8 +138,8 @@ describe('sessionCache', () => {
     const store1 = cacheFactory.sessionCache('namespace1');
     const store2 = cacheFactory.sessionCache('namespace2:');
 
-    expect(store1.prefix).toBe('namespace1:');
-    expect(store2.prefix).toBe('namespace2:');
+    expect((store1 as CacheSessionStore & { prefix: string }).prefix).toBe('namespace1:');
+    expect((store2 as CacheSessionStore & { prefix: string }).prefix).toBe('namespace2:');
   });
 
   test('should register error handler for Redis connection', async () => {
@@ -171,7 +174,7 @@ describe('sessionCache', () => {
     }
 
     const sessionId = 'ttl:12345';
-    const sessionData: SessionData = { userId: 'ttl-user' };
+    const sessionData: TestSessionData = { userId: 'ttl-user' };
     const async = asyncStore(store);
 
     // Set session with short TTL
diff --git a/packages/api/src/cache/__tests__/redisClients.cache_integration.spec.ts b/packages/api/src/cache/__tests__/redisClients.cache_integration.spec.ts
index dc9a325746..77e8c01436 100644
--- a/packages/api/src/cache/__tests__/redisClients.cache_integration.spec.ts
+++ b/packages/api/src/cache/__tests__/redisClients.cache_integration.spec.ts
@@ -59,8 +59,8 @@ describe('redisClients Integration Tests', () => {
         if (keys.length > 0) {
           await ioredisClient.del(...keys);
         }
-      } catch (error: any) {
-        console.warn('Error cleaning up test keys:', error.message);
+      } catch (error) {
+        console.warn('Error cleaning up test keys:', (error as Error).message);
       }
     }
 
@@ -70,8 +70,8 @@ describe('redisClients Integration Tests', () => {
         if (ioredisClient.status === 'ready') {
           ioredisClient.disconnect();
         }
-      } catch (error: any) {
-        console.warn('Error disconnecting ioredis client:', error.message);
+      } catch (error) {
+        console.warn('Error disconnecting ioredis client:', (error as Error).message);
       }
       ioredisClient = null;
     }
@@ -80,8 +80,8 @@ describe('redisClients Integration Tests', () => {
       try {
         // Try to disconnect - keyv/redis client doesn't have an isReady property
         await keyvRedisClient.disconnect();
-      } catch (error: any) {
-        console.warn('Error disconnecting keyv redis client:', error.message);
+      } catch (error) {
+        console.warn('Error disconnecting keyv redis client:', (error as Error).message);
       }
       keyvRedisClient = null;
     }
@@ -138,7 +138,11 @@ describe('redisClients Integration Tests', () => {
       test('should connect and perform set/get/delete operations', async () => {
         const clients = await import('../redisClients');
         keyvRedisClient = clients.keyvRedisClient;
-        await testRedisOperations(keyvRedisClient!, 'keyv-single', clients.keyvRedisClientReady!);
+        await testRedisOperations(
+          keyvRedisClient!,
+          'keyv-single',
+          clients.keyvRedisClientReady!.then(() => undefined),
+        );
       });
     });
 
@@ -150,7 +154,11 @@ describe('redisClients Integration Tests', () => {
 
         const clients = await import('../redisClients');
         keyvRedisClient = clients.keyvRedisClient;
-        await testRedisOperations(keyvRedisClient!, 'keyv-cluster', clients.keyvRedisClientReady!);
+        await testRedisOperations(
+          keyvRedisClient!,
+          'keyv-cluster',
+          clients.keyvRedisClientReady!.then(() => undefined),
+        );
       });
     });
   });
diff --git a/packages/api/src/cache/cacheConfig.ts b/packages/api/src/cache/cacheConfig.ts
index 0d4304f5c3..7b4a899e98 100644
--- a/packages/api/src/cache/cacheConfig.ts
+++ b/packages/api/src/cache/cacheConfig.ts
@@ -128,8 +128,13 @@ const cacheConfig = {
   REDIS_SCAN_COUNT: math(process.env.REDIS_SCAN_COUNT, 1000),
 
   /**
-   * TTL in milliseconds for MCP registry read-through cache.
-   * This cache reduces redundant lookups within a single request flow.
+   * TTL in milliseconds for MCP registry caches. Used by both:
+   * - `MCPServersRegistry` read-through caches (`readThroughCache`/`readThroughCacheAll`)
+   * - `ServerConfigsCacheRedisAggregateKey` local snapshot (avoids redundant Redis GETs)
+   *
+   * Both layers use this value, so the effective max cross-instance staleness is up
+   * to 2× this value in multi-instance deployments. Set to 0 to disable the local
+   * snapshot entirely (every `getAll()` hits Redis directly).
    * @default 5000 (5 seconds)
    */
   MCP_REGISTRY_CACHE_TTL: math(process.env.MCP_REGISTRY_CACHE_TTL, 5000),
diff --git a/packages/api/src/endpoints/config/endpoints.spec.ts b/packages/api/src/endpoints/config/endpoints.spec.ts
new file mode 100644
index 0000000000..504ea6e730
--- /dev/null
+++ b/packages/api/src/endpoints/config/endpoints.spec.ts
@@ -0,0 +1,240 @@
+import {
+  AgentCapabilities,
+  EModelEndpoint,
+  defaultAgentCapabilities,
+} from 'librechat-data-provider';
+import { createEndpointsConfigService } from './endpoints';
+import type { AppConfig } from '@librechat/data-schemas';
+import type { EndpointsConfigDeps } from './endpoints';
+import type { ServerRequest } from '~/types';
+
+function appConfig(partial: Record<string, unknown>): AppConfig {
+  return partial as unknown as AppConfig;
+}
+
+function createMockDeps(overrides: Partial<EndpointsConfigDeps> = {}): EndpointsConfigDeps {
+  return {
+    getAppConfig: jest.fn().mockResolvedValue(appConfig({ endpoints: {} })),
+    loadDefaultEndpointsConfig: jest.fn().mockResolvedValue({
+      [EModelEndpoint.openAI]: { userProvide: false, order: 0 },
+    }),
+    loadCustomEndpointsConfig: jest.fn().mockReturnValue(undefined),
+    ...overrides,
+  };
+}
+
+function fakeReq(overrides: Partial<ServerRequest> = {}): ServerRequest {
+  return { user: { id: 'u1', role: 'USER' }, ...overrides } as ServerRequest;
+}
+
+describe('createEndpointsConfigService', () => {
+  describe('getEndpointsConfig', () => {
+    it('merges default and custom endpoints', async () => {
+      const deps = createMockDeps({
+        loadDefaultEndpointsConfig: jest.fn().mockResolvedValue({
+          [EModelEndpoint.openAI]: { userProvide: false, order: 0 },
+        }),
+        loadCustomEndpointsConfig: jest.fn().mockReturnValue({
+          myCustom: { userProvide: true },
+        }),
+      });
+      const { getEndpointsConfig } = createEndpointsConfigService(deps);
+      const result = await getEndpointsConfig(fakeReq());
+
+      expect(result?.[EModelEndpoint.openAI]).toBeDefined();
+      expect(result?.myCustom).toBeDefined();
+    });
+
+    it('adds azureOpenAI when configured', async () => {
+      const deps = createMockDeps({
+        getAppConfig: jest.fn().mockResolvedValue(
+          appConfig({
+            endpoints: { [EModelEndpoint.azureOpenAI]: { modelNames: ['gpt-4'] } },
+          }),
+        ),
+      });
+      const { getEndpointsConfig } = createEndpointsConfigService(deps);
+      const result = await getEndpointsConfig(fakeReq());
+
+      expect(result?.[EModelEndpoint.azureOpenAI]).toEqual(
+        expect.objectContaining({ userProvide: false }),
+      );
+    });
+
+    it('adds azureAssistants when azure has assistants config', async () => {
+      const deps = createMockDeps({
+        getAppConfig: jest.fn().mockResolvedValue(
+          appConfig({
+            endpoints: { [EModelEndpoint.azureOpenAI]: { assistants: true } },
+          }),
+        ),
+      });
+      const { getEndpointsConfig } = createEndpointsConfigService(deps);
+      const result = await getEndpointsConfig(fakeReq());
+
+      expect(result?.[EModelEndpoint.azureAssistants]).toEqual(
+        expect.objectContaining({ userProvide: false }),
+      );
+    });
+
+    it('enables anthropic when vertex AI is configured', async () => {
+      const deps = createMockDeps({
+        getAppConfig: jest.fn().mockResolvedValue(
+          appConfig({
+            endpoints: { [EModelEndpoint.anthropic]: { vertexConfig: { enabled: true } } },
+          }),
+        ),
+      });
+      const { getEndpointsConfig } = createEndpointsConfigService(deps);
+      const result = await getEndpointsConfig(fakeReq());
+
+      expect(result?.[EModelEndpoint.anthropic]).toEqual(
+        expect.objectContaining({ userProvide: false }),
+      );
+    });
+
+    it('merges assistants config with version coercion', async () => {
+      const deps = createMockDeps({
+        loadDefaultEndpointsConfig: jest.fn().mockResolvedValue({
+          [EModelEndpoint.assistants]: { userProvide: false, order: 0 },
+        }),
+        getAppConfig: jest.fn().mockResolvedValue(
+          appConfig({
+            endpoints: {
+              [EModelEndpoint.assistants]: {
+                disableBuilder: true,
+                capabilities: [AgentCapabilities.execute_code],
+                version: 2,
+              },
+            },
+          }),
+        ),
+      });
+      const { getEndpointsConfig } = createEndpointsConfigService(deps);
+      const result = await getEndpointsConfig(fakeReq());
+      const assistants = result?.[EModelEndpoint.assistants];
+
+      expect(assistants?.version).toBe('2');
+      expect(assistants?.disableBuilder).toBe(true);
+      expect(assistants?.capabilities).toEqual([AgentCapabilities.execute_code]);
+    });
+
+    it('merges agents config with allowedProviders', async () => {
+      const deps = createMockDeps({
+        loadDefaultEndpointsConfig: jest.fn().mockResolvedValue({
+          [EModelEndpoint.agents]: { userProvide: false, order: 0 },
+        }),
+        getAppConfig: jest.fn().mockResolvedValue(
+          appConfig({
+            endpoints: {
+              [EModelEndpoint.agents]: {
+                allowedProviders: ['openAI', 'anthropic'],
+                capabilities: [AgentCapabilities.execute_code],
+              },
+            },
+          }),
+        ),
+      });
+      const { getEndpointsConfig } = createEndpointsConfigService(deps);
+      const result = await getEndpointsConfig(fakeReq());
+
+      expect(result?.[EModelEndpoint.agents]?.allowedProviders).toEqual(['openAI', 'anthropic']);
+    });
+
+    it('merges bedrock availableRegions', async () => {
+      const deps = createMockDeps({
+        loadDefaultEndpointsConfig: jest.fn().mockResolvedValue({
+          [EModelEndpoint.bedrock]: { userProvide: false, order: 0 },
+        }),
+        getAppConfig: jest.fn().mockResolvedValue(
+          appConfig({
+            endpoints: {
+              [EModelEndpoint.bedrock]: { availableRegions: ['us-east-1', 'eu-west-1'] },
+            },
+          }),
+        ),
+      });
+      const { getEndpointsConfig } = createEndpointsConfigService(deps);
+      const result = await getEndpointsConfig(fakeReq());
+
+      expect(result?.[EModelEndpoint.bedrock]?.availableRegions).toEqual([
+        'us-east-1',
+        'eu-west-1',
+      ]);
+    });
+
+    it('uses req.config when available instead of calling getAppConfig', async () => {
+      const mockGetAppConfig = jest.fn();
+      const deps = createMockDeps({ getAppConfig: mockGetAppConfig });
+      const { getEndpointsConfig } = createEndpointsConfigService(deps);
+
+      await getEndpointsConfig(fakeReq({ config: appConfig({ endpoints: {} }) }));
+
+      expect(mockGetAppConfig).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('checkCapability', () => {
+    it('returns true when agents endpoint has the requested capability', async () => {
+      const deps = createMockDeps({
+        loadDefaultEndpointsConfig: jest.fn().mockResolvedValue({
+          [EModelEndpoint.agents]: { userProvide: false, order: 0 },
+        }),
+        getAppConfig: jest.fn().mockResolvedValue(
+          appConfig({
+            endpoints: {
+              [EModelEndpoint.agents]: {
+                capabilities: [AgentCapabilities.execute_code],
+              },
+            },
+          }),
+        ),
+      });
+      const { checkCapability } = createEndpointsConfigService(deps);
+
+      const result = await checkCapability(
+        fakeReq({ body: { endpoint: EModelEndpoint.agents } }),
+        AgentCapabilities.execute_code,
+      );
+
+      expect(result).toBe(true);
+    });
+
+    it('returns false when agents endpoint lacks the requested capability', async () => {
+      const deps = createMockDeps({
+        loadDefaultEndpointsConfig: jest.fn().mockResolvedValue({
+          [EModelEndpoint.agents]: { userProvide: false, order: 0 },
+        }),
+        getAppConfig: jest.fn().mockResolvedValue(
+          appConfig({
+            endpoints: {
+              [EModelEndpoint.agents]: {
+                capabilities: [AgentCapabilities.execute_code],
+              },
+            },
+          }),
+        ),
+      });
+      const { checkCapability } = createEndpointsConfigService(deps);
+
+      const result = await checkCapability(
+        fakeReq({ body: { endpoint: EModelEndpoint.agents } }),
+        AgentCapabilities.file_search,
+      );
+
+      expect(result).toBe(false);
+    });
+
+    it('falls back to defaultAgentCapabilities for non-agents endpoints', async () => {
+      const deps = createMockDeps();
+      const { checkCapability } = createEndpointsConfigService(deps);
+
+      const result = await checkCapability(
+        fakeReq({ body: { endpoint: EModelEndpoint.openAI } }),
+        defaultAgentCapabilities[0],
+      );
+
+      expect(result).toBe(true);
+    });
+  });
+});
diff --git a/packages/api/src/endpoints/config/endpoints.ts b/packages/api/src/endpoints/config/endpoints.ts
new file mode 100644
index 0000000000..1a6b98d195
--- /dev/null
+++ b/packages/api/src/endpoints/config/endpoints.ts
@@ -0,0 +1,120 @@
+import {
+  EModelEndpoint,
+  isAgentsEndpoint,
+  orderEndpointsConfig,
+  defaultAgentCapabilities,
+} from 'librechat-data-provider';
+import type { AppConfig } from '@librechat/data-schemas';
+import type { AgentCapabilities, TEndpointsConfig, TConfig } from 'librechat-data-provider';
+import type { ServerRequest, TCustomEndpointsConfig } from '~/types';
+import { loadCustomEndpointsConfig as defaultLoadCustomEndpoints } from '~/endpoints/custom';
+
+type PartialEndpointEntry = Partial<TConfig>;
+type DefaultEndpointsResult = Record<string, PartialEndpointEntry | false | null>;
+type MutableEndpointsConfig = Record<string, PartialEndpointEntry | false | null | undefined>;
+
+export interface EndpointsConfigDeps {
+  getAppConfig: (params: { role?: string | null; tenantId?: string }) => Promise<AppConfig>;
+  loadDefaultEndpointsConfig: (appConfig: AppConfig) => Promise<DefaultEndpointsResult>;
+  loadCustomEndpointsConfig?: (custom: unknown) => TCustomEndpointsConfig | undefined;
+}
+
+export function createEndpointsConfigService(deps: EndpointsConfigDeps) {
+  const {
+    getAppConfig,
+    loadDefaultEndpointsConfig,
+    loadCustomEndpointsConfig = defaultLoadCustomEndpoints,
+  } = deps;
+
+  async function getEndpointsConfig(req: ServerRequest): Promise<TEndpointsConfig> {
+    const appConfig =
+      req.config ?? (await getAppConfig({ role: req.user?.role, tenantId: req.user?.tenantId }));
+    const defaultEndpointsConfig = await loadDefaultEndpointsConfig(appConfig);
+    const customEndpointsConfig = loadCustomEndpointsConfig(appConfig?.endpoints?.custom);
+
+    const mergedConfig: MutableEndpointsConfig = {
+      ...defaultEndpointsConfig,
+      ...customEndpointsConfig,
+    };
+
+    if (appConfig.endpoints?.[EModelEndpoint.azureOpenAI]) {
+      mergedConfig[EModelEndpoint.azureOpenAI] = { userProvide: false };
+    }
+
+    if (appConfig.endpoints?.[EModelEndpoint.anthropic]?.vertexConfig?.enabled) {
+      mergedConfig[EModelEndpoint.anthropic] = { userProvide: false };
+    }
+
+    if (appConfig.endpoints?.[EModelEndpoint.azureOpenAI]?.assistants) {
+      mergedConfig[EModelEndpoint.azureAssistants] = { userProvide: false };
+    }
+
+    if (
+      mergedConfig[EModelEndpoint.assistants] &&
+      appConfig?.endpoints?.[EModelEndpoint.assistants]
+    ) {
+      const { disableBuilder, retrievalModels, capabilities, version } =
+        appConfig.endpoints[EModelEndpoint.assistants];
+      mergedConfig[EModelEndpoint.assistants] = {
+        ...mergedConfig[EModelEndpoint.assistants],
+        version: version != null ? String(version) : undefined,
+        retrievalModels,
+        disableBuilder,
+        capabilities,
+      };
+    }
+
+    if (mergedConfig[EModelEndpoint.agents] && appConfig?.endpoints?.[EModelEndpoint.agents]) {
+      const { disableBuilder, capabilities, allowedProviders } =
+        appConfig.endpoints[EModelEndpoint.agents];
+      mergedConfig[EModelEndpoint.agents] = {
+        ...mergedConfig[EModelEndpoint.agents],
+        allowedProviders,
+        disableBuilder,
+        capabilities,
+      };
+    }
+
+    if (
+      mergedConfig[EModelEndpoint.azureAssistants] &&
+      appConfig?.endpoints?.[EModelEndpoint.azureAssistants]
+    ) {
+      const { disableBuilder, retrievalModels, capabilities, version } =
+        appConfig.endpoints[EModelEndpoint.azureAssistants];
+      mergedConfig[EModelEndpoint.azureAssistants] = {
+        ...mergedConfig[EModelEndpoint.azureAssistants],
+        version: version != null ? String(version) : undefined,
+        retrievalModels,
+        disableBuilder,
+        capabilities,
+      };
+    }
+
+    if (mergedConfig[EModelEndpoint.bedrock] && appConfig?.endpoints?.[EModelEndpoint.bedrock]) {
+      const { availableRegions } = appConfig.endpoints[EModelEndpoint.bedrock] as {
+        availableRegions?: string[];
+      };
+      mergedConfig[EModelEndpoint.bedrock] = {
+        ...mergedConfig[EModelEndpoint.bedrock],
+        availableRegions,
+      };
+    }
+
+    return orderEndpointsConfig(mergedConfig as TEndpointsConfig);
+  }
+
+  async function checkCapability(
+    req: ServerRequest,
+    capability: AgentCapabilities,
+  ): Promise<boolean> {
+    const isAgents = isAgentsEndpoint(req.body?.endpointType || req.body?.endpoint);
+    const endpointsConfig = await getEndpointsConfig(req);
+    const capabilities =
+      isAgents || endpointsConfig?.[EModelEndpoint.agents]?.capabilities != null
+        ? (endpointsConfig?.[EModelEndpoint.agents]?.capabilities ?? [])
+        : defaultAgentCapabilities;
+    return capabilities.includes(capability);
+  }
+
+  return { getEndpointsConfig, checkCapability };
+}
diff --git a/packages/api/src/endpoints/config/index.ts b/packages/api/src/endpoints/config/index.ts
new file mode 100644
index 0000000000..4f5afaf927
--- /dev/null
+++ b/packages/api/src/endpoints/config/index.ts
@@ -0,0 +1,5 @@
+export { createEndpointsConfigService } from './endpoints';
+export { createLoadConfigModels } from './models';
+export * from './providers';
+export type { EndpointsConfigDeps } from './endpoints';
+export type { LoadConfigModelsDeps } from './models';
diff --git a/packages/api/src/endpoints/config/models.ts b/packages/api/src/endpoints/config/models.ts
new file mode 100644
index 0000000000..2d87d5d242
--- /dev/null
+++ b/packages/api/src/endpoints/config/models.ts
@@ -0,0 +1,221 @@
+import { logger } from '@librechat/data-schemas';
+import {
+  ErrorTypes,
+  EModelEndpoint,
+  extractEnvVariable,
+  normalizeEndpointName,
+} from 'librechat-data-provider';
+import type { TModelsConfig, TEndpoint } from 'librechat-data-provider';
+import type { AppConfig } from '@librechat/data-schemas';
+import type { ServerRequest, GetUserKeyValuesFunction, UserKeyValues } from '~/types';
+import type { FetchModelsParams } from '~/endpoints/models';
+import { fetchModels as defaultFetchModels } from '~/endpoints/models';
+import { isUserProvided } from '~/utils';
+
+interface ResolvedEndpoint {
+  name: string;
+  endpoint: TEndpoint;
+  apiKey: string;
+  baseURL: string;
+  apiKeyIsUserProvided: boolean;
+  baseURLIsUserProvided: boolean;
+}
+
+export interface LoadConfigModelsDeps {
+  getAppConfig: (params: { role?: string | null; tenantId?: string }) => Promise<AppConfig>;
+  getUserKeyValues: GetUserKeyValuesFunction;
+  fetchModels?: (params: FetchModelsParams) => Promise<string[]>;
+}
+
+export function createLoadConfigModels(deps: LoadConfigModelsDeps) {
+  const { getAppConfig, getUserKeyValues, fetchModels = defaultFetchModels } = deps;
+
+  return async function loadConfigModels(req: ServerRequest): Promise<TModelsConfig> {
+    const appConfig = await getAppConfig({
+      role: req.user?.role,
+      tenantId: req.user?.tenantId,
+    });
+    if (!appConfig) {
+      return {};
+    }
+
+    const modelsConfig: TModelsConfig = {};
+    const azureConfig = appConfig.endpoints?.[EModelEndpoint.azureOpenAI];
+    const { modelNames } = azureConfig ?? {};
+
+    if (modelNames && azureConfig) {
+      modelsConfig[EModelEndpoint.azureOpenAI] = modelNames;
+    }
+
+    if (azureConfig?.assistants && azureConfig.assistantModels) {
+      modelsConfig[EModelEndpoint.azureAssistants] = azureConfig.assistantModels;
+    }
+
+    const bedrockConfig = appConfig.endpoints?.[EModelEndpoint.bedrock];
+    if (bedrockConfig?.models && Array.isArray(bedrockConfig.models)) {
+      modelsConfig[EModelEndpoint.bedrock] = bedrockConfig.models;
+    }
+
+    if (!Array.isArray(appConfig.endpoints?.[EModelEndpoint.custom])) {
+      return modelsConfig;
+    }
+
+    const customEndpoints = (appConfig.endpoints[EModelEndpoint.custom] as TEndpoint[]).filter(
+      (endpoint) =>
+        endpoint.baseURL &&
+        endpoint.apiKey &&
+        endpoint.name &&
+        endpoint.models &&
+        (endpoint.models.fetch || endpoint.models.default),
+    );
+
+    const fetchPromisesMap: Record<string, Promise<string[]>> = {};
+    const uniqueKeyToEndpointsMap: Record<string, string[]> = {};
+    const endpointsMap: Record<string, TEndpoint> = {};
+
+    const resolved: ResolvedEndpoint[] = [];
+    const userKeyEndpoints: ResolvedEndpoint[] = [];
+
+    for (let i = 0; i < customEndpoints.length; i++) {
+      const endpoint = customEndpoints[i];
+      const { name: configName, baseURL, apiKey } = endpoint;
+      const name = normalizeEndpointName(configName);
+      endpointsMap[name] = endpoint;
+      modelsConfig[name] = [];
+
+      const resolvedApiKey = extractEnvVariable(apiKey);
+      const resolvedBaseURL = extractEnvVariable(baseURL);
+      const entry: ResolvedEndpoint = {
+        name,
+        endpoint,
+        apiKey: resolvedApiKey,
+        baseURL: resolvedBaseURL,
+        apiKeyIsUserProvided: isUserProvided(resolvedApiKey),
+        baseURLIsUserProvided: isUserProvided(resolvedBaseURL),
+      };
+      resolved.push(entry);
+
+      if (
+        endpoint.models?.fetch &&
+        (entry.apiKeyIsUserProvided || entry.baseURLIsUserProvided) &&
+        req.user?.id
+      ) {
+        userKeyEndpoints.push(entry);
+      }
+    }
+
+    const userKeyMap = new Map<string, UserKeyValues | null>();
+    if (userKeyEndpoints.length > 0 && req.user?.id) {
+      const userId = req.user.id;
+      const results = await Promise.allSettled(
+        userKeyEndpoints.map((e) => getUserKeyValues({ userId, name: e.name })),
+      );
+      for (let i = 0; i < userKeyEndpoints.length; i++) {
+        const settled = results[i];
+        if (settled.status === 'fulfilled') {
+          userKeyMap.set(userKeyEndpoints[i].name, settled.value);
+        } else {
+          const msg =
+            settled.reason instanceof Error ? settled.reason.message : String(settled.reason);
+          const isKeyNotFound =
+            msg.includes(ErrorTypes.NO_USER_KEY) || msg.includes(ErrorTypes.INVALID_USER_KEY);
+          if (isKeyNotFound) {
+            logger.debug(
+              `[loadConfigModels] No user key stored for endpoint "${userKeyEndpoints[i].name}"`,
+            );
+          } else {
+            logger.warn(
+              `[loadConfigModels] Failed to retrieve user key for "${userKeyEndpoints[i].name}": ${msg}`,
+            );
+          }
+          userKeyMap.set(userKeyEndpoints[i].name, null);
+        }
+      }
+    }
+
+    for (const {
+      name,
+      endpoint,
+      apiKey: API_KEY,
+      baseURL: BASE_URL,
+      apiKeyIsUserProvided,
+      baseURLIsUserProvided,
+    } of resolved) {
+      const { models, headers: endpointHeaders } = endpoint;
+      const uniqueKey = `${BASE_URL}__${API_KEY}`;
+
+      if (models?.fetch && !apiKeyIsUserProvided && !baseURLIsUserProvided) {
+        fetchPromisesMap[uniqueKey] =
+          fetchPromisesMap[uniqueKey] ||
+          fetchModels({
+            name,
+            apiKey: API_KEY,
+            baseURL: BASE_URL,
+            user: req.user?.id,
+            userObject: req.user,
+            headers: endpointHeaders,
+            direct: endpoint.directEndpoint,
+            userIdQuery: models.userIdQuery,
+          });
+        uniqueKeyToEndpointsMap[uniqueKey] = uniqueKeyToEndpointsMap[uniqueKey] || [];
+        uniqueKeyToEndpointsMap[uniqueKey].push(name);
+        continue;
+      }
+
+      if (models?.fetch && userKeyMap.has(name)) {
+        const userKeyValues = userKeyMap.get(name);
+        const resolvedApiKey = apiKeyIsUserProvided ? userKeyValues?.apiKey : API_KEY;
+        const resolvedBaseURL = baseURLIsUserProvided ? userKeyValues?.baseURL : BASE_URL;
+
+        if (resolvedApiKey && resolvedBaseURL) {
+          const userFetchKey = `user:${req.user?.id}:${name}`;
+          fetchPromisesMap[userFetchKey] =
+            fetchPromisesMap[userFetchKey] ||
+            fetchModels({
+              name,
+              apiKey: resolvedApiKey,
+              baseURL: resolvedBaseURL,
+              user: req.user?.id,
+              userObject: req.user,
+              headers: endpointHeaders,
+              direct: endpoint.directEndpoint,
+              userIdQuery: models.userIdQuery,
+              skipCache: true,
+            });
+          uniqueKeyToEndpointsMap[userFetchKey] = uniqueKeyToEndpointsMap[userFetchKey] || [];
+          uniqueKeyToEndpointsMap[userFetchKey].push(name);
+          continue;
+        }
+      }
+
+      if (Array.isArray(models?.default)) {
+        modelsConfig[name] = models.default.map((model) =>
+          typeof model === 'string' ? model : model.name,
+        );
+      }
+    }
+
+    const settledResults = await Promise.allSettled(Object.values(fetchPromisesMap));
+    const uniqueKeys = Object.keys(fetchPromisesMap);
+
+    for (let i = 0; i < settledResults.length; i++) {
+      const currentKey = uniqueKeys[i];
+      const settled = settledResults[i];
+      if (settled.status === 'rejected') {
+        logger.warn(`[loadConfigModels] Model fetch failed for "${currentKey}":`, settled.reason);
+      }
+      const modelData = settled.status === 'fulfilled' ? settled.value : [];
+      const associatedNames = uniqueKeyToEndpointsMap[currentKey];
+
+      for (const name of associatedNames) {
+        const endpoint = endpointsMap[name];
+        const defaults = (endpoint.models?.default ?? []).map((m) =>
+          typeof m === 'string' ? m : m.name,
+        );
+        modelsConfig[name] = !modelData?.length ? defaults : modelData;
+      }
+    }
+
+    return modelsConfig;
+  };
+}
diff --git a/packages/api/src/endpoints/config.ts b/packages/api/src/endpoints/config/providers.ts
similarity index 91%
rename from packages/api/src/endpoints/config.ts
rename to packages/api/src/endpoints/config/providers.ts
index 97246fa336..5e5151b548 100644
--- a/packages/api/src/endpoints/config.ts
+++ b/packages/api/src/endpoints/config/providers.ts
@@ -3,11 +3,11 @@ import { EModelEndpoint } from 'librechat-data-provider';
 import type { TEndpoint } from 'librechat-data-provider';
 import type { AppConfig } from '@librechat/data-schemas';
 import type { BaseInitializeParams, InitializeResultBase } from '~/types';
-import { initializeAnthropic } from './anthropic/initialize';
-import { initializeBedrock } from './bedrock/initialize';
-import { initializeCustom } from './custom/initialize';
-import { initializeGoogle } from './google/initialize';
-import { initializeOpenAI } from './openai/initialize';
+import { initializeAnthropic } from '../anthropic/initialize';
+import { initializeBedrock } from '../bedrock/initialize';
+import { initializeCustom } from '../custom/initialize';
+import { initializeGoogle } from '../google/initialize';
+import { initializeOpenAI } from '../openai/initialize';
 import { getCustomEndpointConfig } from '~/app/config';
 
 /**
diff --git a/packages/api/src/endpoints/custom/initialize.spec.ts b/packages/api/src/endpoints/custom/initialize.spec.ts
index 911e17c446..eddd7cb515 100644
--- a/packages/api/src/endpoints/custom/initialize.spec.ts
+++ b/packages/api/src/endpoints/custom/initialize.spec.ts
@@ -1,4 +1,4 @@
-import { AuthType } from 'librechat-data-provider';
+import { AuthType, ErrorTypes } from 'librechat-data-provider';
 import type { BaseInitializeParams } from '~/types';
 
 const mockValidateEndpointURL = jest.fn();
@@ -68,6 +68,97 @@ function createParams(overrides: {
   };
 }
 
+describe('initializeCustom – Agents API user key resolution', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should fetch user key even when expiresAt is not in request body (Agents API flow)', async () => {
+    const { checkUserKeyExpiry } = jest.requireMock('~/utils');
+    const params = createParams({
+      apiKey: AuthType.USER_PROVIDED,
+      baseURL: 'https://api.example.com/v1',
+      userApiKey: 'sk-user-key',
+    });
+    // Simulate Agents API request body (no `key` field)
+    params.req.body = { model: 'agent_123' };
+
+    await initializeCustom(params);
+
+    expect(params.db.getUserKeyValues).toHaveBeenCalledWith({
+      userId: 'user-1',
+      name: 'test-custom',
+    });
+    expect(checkUserKeyExpiry).not.toHaveBeenCalled();
+    expect(mockGetOpenAIConfig).toHaveBeenCalledWith(
+      'sk-user-key',
+      expect.any(Object),
+      'test-custom',
+    );
+  });
+
+  it('should fetch user key for user-provided URL without expiresAt (Agents API flow)', async () => {
+    const { checkUserKeyExpiry } = jest.requireMock('~/utils');
+    const params = createParams({
+      apiKey: 'sk-system-key',
+      baseURL: AuthType.USER_PROVIDED,
+      userBaseURL: 'https://user-api.example.com/v1',
+    });
+    params.req.body = { model: 'agent_123' };
+
+    await initializeCustom(params);
+
+    expect(params.db.getUserKeyValues).toHaveBeenCalledWith({
+      userId: 'user-1',
+      name: 'test-custom',
+    });
+    expect(checkUserKeyExpiry).not.toHaveBeenCalled();
+  });
+
+  it('should still check key expiry when expiresAt is provided (UI flow)', async () => {
+    const { checkUserKeyExpiry } = jest.requireMock('~/utils');
+    const params = createParams({
+      apiKey: AuthType.USER_PROVIDED,
+      baseURL: 'https://api.example.com/v1',
+      userApiKey: 'sk-user-key',
+      expiresAt: '2099-01-01',
+    });
+
+    await initializeCustom(params);
+
+    expect(checkUserKeyExpiry).toHaveBeenCalledWith('2099-01-01', 'test-custom');
+    expect(params.db.getUserKeyValues).toHaveBeenCalled();
+  });
+
+  it('should throw EXPIRED_USER_KEY when expiresAt is expired', async () => {
+    const { checkUserKeyExpiry } = jest.requireMock('~/utils');
+    checkUserKeyExpiry.mockImplementationOnce(() => {
+      throw new Error(JSON.stringify({ type: ErrorTypes.EXPIRED_USER_KEY }));
+    });
+
+    const params = createParams({
+      apiKey: AuthType.USER_PROVIDED,
+      baseURL: 'https://api.example.com/v1',
+      userApiKey: 'sk-user-key',
+      expiresAt: '2020-01-01',
+    });
+
+    await expect(initializeCustom(params)).rejects.toThrow(ErrorTypes.EXPIRED_USER_KEY);
+    expect(params.db.getUserKeyValues).not.toHaveBeenCalled();
+  });
+
+  it('should NOT call getUserKeyValues when key and URL are system-defined', async () => {
+    const params = createParams({
+      apiKey: 'sk-system-key',
+      baseURL: 'https://api.provider.com/v1',
+    });
+
+    await initializeCustom(params);
+
+    expect(params.db.getUserKeyValues).not.toHaveBeenCalled();
+  });
+});
+
 describe('initializeCustom – SSRF guard wiring', () => {
   beforeEach(() => {
     jest.clearAllMocks();
diff --git a/packages/api/src/endpoints/custom/initialize.ts b/packages/api/src/endpoints/custom/initialize.ts
index 15b6b873c7..ea0d2dbf5d 100644
--- a/packages/api/src/endpoints/custom/initialize.ts
+++ b/packages/api/src/endpoints/custom/initialize.ts
@@ -32,10 +32,8 @@ function buildCustomOptions(
     customParams: endpointConfig.customParams,
     titleConvo: endpointConfig.titleConvo,
     titleModel: endpointConfig.titleModel,
-    summaryModel: endpointConfig.summaryModel,
     modelDisplayLabel: endpointConfig.modelDisplayLabel,
     titleMethod: endpointConfig.titleMethod ?? 'completion',
-    contextStrategy: endpointConfig.summarize ? 'summarize' : null,
     directEndpoint: endpointConfig.directEndpoint,
     titleMessageRole: endpointConfig.titleMessageRole,
     streamRate: endpointConfig.streamRate,
@@ -91,9 +89,15 @@ export async function initializeCustom({
   const userProvidesKey = isUserProvided(CUSTOM_API_KEY);
   const userProvidesURL = isUserProvided(CUSTOM_BASE_URL);
 
-  let userValues = null;
+  // Expiry is only checked when present: the Agents API sends an OpenAI-compatible
+  // request body that does not include `key` (the expiry timestamp), so expiresAt
+  // will be undefined in that flow. The key is still fetched regardless.
   if (expiresAt && (userProvidesKey || userProvidesURL)) {
     checkUserKeyExpiry(expiresAt, endpoint);
+  }
+
+  let userValues = null;
+  if (userProvidesKey || userProvidesURL) {
     userValues = await db.getUserKeyValues({ userId: req.user?.id ?? '', name: endpoint });
   }
 
diff --git a/packages/api/src/endpoints/models.spec.ts b/packages/api/src/endpoints/models.spec.ts
index 575cc5fef8..2838bee293 100644
--- a/packages/api/src/endpoints/models.spec.ts
+++ b/packages/api/src/endpoints/models.spec.ts
@@ -1,5 +1,5 @@
 import axios from 'axios';
-import { EModelEndpoint, defaultModels } from 'librechat-data-provider';
+import { Time, EModelEndpoint, defaultModels } from 'librechat-data-provider';
 import {
   fetchModels,
   splitAndTrim,
@@ -11,10 +11,12 @@ import {
 
 jest.mock('axios');
 
+const mockCacheGet = jest.fn().mockResolvedValue(undefined);
+const mockCacheSet = jest.fn().mockResolvedValue(true);
 jest.mock('~/cache', () => ({
   standardCache: jest.fn().mockImplementation(() => ({
-    get: jest.fn().mockResolvedValue(undefined),
-    set: jest.fn().mockResolvedValue(true),
+    get: mockCacheGet,
+    set: mockCacheSet,
   })),
 }));
 
@@ -46,6 +48,11 @@ mockedAxios.get.mockResolvedValue({
   },
 });
 
+beforeEach(() => {
+  mockCacheGet.mockReset().mockResolvedValue(undefined);
+  mockCacheSet.mockReset().mockResolvedValue(true);
+});
+
 describe('fetchModels', () => {
   it('fetches models successfully from the API', async () => {
     const models = await fetchModels({
@@ -397,6 +404,37 @@ describe('fetchModels with Ollama specific logic', () => {
     expect(models).toEqual(['model-1', 'model-2']);
     expect(mockedAxios.get).toHaveBeenCalledWith('https://api.test.com/models', expect.any(Object));
   });
+
+  it('writes Ollama models to cache with TTL', async () => {
+    mockCacheGet.mockReset().mockResolvedValue(undefined);
+    mockCacheSet.mockReset().mockResolvedValue(true);
+
+    await fetchModels({
+      apiKey: 'testApiKey',
+      baseURL: 'https://api.ollama.test.com',
+      name: 'OllamaAPI',
+    });
+
+    expect(mockCacheSet).toHaveBeenCalledWith(
+      expect.any(String),
+      ['Ollama-Base', 'Ollama-Advanced'],
+      Time.TWO_MINUTES,
+    );
+  });
+
+  it('returns Ollama models from cache without hitting server', async () => {
+    mockCacheGet.mockReset().mockResolvedValue(['cached-ollama-model']);
+    mockCacheSet.mockReset().mockResolvedValue(true);
+
+    const models = await fetchModels({
+      apiKey: 'testApiKey',
+      baseURL: 'https://api.ollama.test.com',
+      name: 'OllamaAPI',
+    });
+
+    expect(models).toEqual(['cached-ollama-model']);
+    expect(mockedAxios.get).not.toHaveBeenCalled();
+  });
 });
 
 describe('fetchModels URL construction with trailing slashes', () => {
@@ -626,3 +664,73 @@ describe('getBedrockModels', () => {
     expect(models).toEqual(['anthropic.claude-v2', 'ai21.j2-ultra']);
   });
 });
+
+describe('fetchModels caching behavior', () => {
+  beforeEach(() => {
+    mockCacheGet.mockReset().mockResolvedValue(undefined);
+    mockCacheSet.mockReset().mockResolvedValue(true);
+    mockedAxios.get.mockResolvedValue({
+      data: { data: [{ id: 'cached-model-1' }, { id: 'cached-model-2' }] },
+    });
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('writes fetched models to cache with TTL', async () => {
+    await fetchModels({
+      apiKey: 'key',
+      baseURL: 'https://api.test.com',
+      name: 'TestAPI',
+    });
+
+    expect(mockCacheSet).toHaveBeenCalledWith(
+      expect.any(String),
+      ['cached-model-1', 'cached-model-2'],
+      Time.TWO_MINUTES,
+    );
+  });
+
+  it('returns cached result without making HTTP request', async () => {
+    mockCacheGet.mockResolvedValue(['from-cache']);
+
+    const models = await fetchModels({
+      apiKey: 'key',
+      baseURL: 'https://api.test.com',
+      name: 'TestAPI',
+    });
+
+    expect(models).toEqual(['from-cache']);
+    expect(mockedAxios.get).not.toHaveBeenCalled();
+    expect(mockCacheSet).not.toHaveBeenCalled();
+  });
+
+  it('does not read or write cache when skipCache is true', async () => {
+    await fetchModels({
+      apiKey: 'key',
+      baseURL: 'https://api.test.com',
+      name: 'TestAPI',
+      skipCache: true,
+    });
+
+    expect(mockCacheGet).not.toHaveBeenCalled();
+    expect(mockCacheSet).not.toHaveBeenCalled();
+  });
+
+  it('does not write to cache when fetch returns empty models', async () => {
+    mockedAxios.get.mockResolvedValue({ data: { data: [] } });
+
+    await fetchModels({
+      apiKey: 'key',
+      baseURL: 'https://api.test.com',
+      name: 'TestAPI',
+    });
+
+    expect(mockCacheSet).not.toHaveBeenCalledWith(
+      expect.any(String),
+      expect.any(Array),
+      expect.any(Number),
+    );
+  });
+});
diff --git a/packages/api/src/endpoints/models.ts b/packages/api/src/endpoints/models.ts
index 715b806565..cc91c1a4fa 100644
--- a/packages/api/src/endpoints/models.ts
+++ b/packages/api/src/endpoints/models.ts
@@ -1,7 +1,14 @@
+import crypto from 'crypto';
 import axios from 'axios';
 import { logger } from '@librechat/data-schemas';
 import { HttpsProxyAgent } from 'https-proxy-agent';
-import { CacheKeys, KnownEndpoints, EModelEndpoint, defaultModels } from 'librechat-data-provider';
+import {
+  Time,
+  CacheKeys,
+  KnownEndpoints,
+  EModelEndpoint,
+  defaultModels,
+} from 'librechat-data-provider';
 import type { IUser } from '@librechat/data-schemas';
 import {
   processModelData,
@@ -37,6 +44,8 @@ export interface FetchModelsParams {
   headers?: Record<string, string> | null;
   /** Optional user object for header resolution */
   userObject?: Partial<IUser>;
+  /** Skip MODEL_QUERIES cache (e.g., for user-provided keys) */
+  skipCache?: boolean;
 }
 
 /**
@@ -104,6 +113,7 @@ export async function fetchModels({
   tokenKey,
   headers,
   userObject,
+  skipCache = false,
 }: FetchModelsParams): Promise<string[]> {
   let models: string[] = [];
   const baseURL = direct ? extractBaseURL(_baseURL ?? '') : _baseURL;
@@ -116,13 +126,32 @@ export async function fetchModels({
     return models;
   }
 
+  const shouldCache = !skipCache && !(userIdQuery && user);
+  const cacheKey = shouldCache ? modelsCacheKey(baseURL ?? '', apiKey) : '';
+  const modelsCache = shouldCache ? standardCache(CacheKeys.MODEL_QUERIES) : null;
+  if (modelsCache && cacheKey) {
+    const cachedModels = await modelsCache.get(cacheKey);
+    if (cachedModels) {
+      return cachedModels as string[];
+    }
+  }
+
   if (name && name.toLowerCase().startsWith(KnownEndpoints.ollama)) {
+    let ollamaModels: string[] | null = null;
     try {
-      return await fetchOllamaModels(baseURL ?? '', { headers, user: userObject });
+      ollamaModels = await fetchOllamaModels(baseURL ?? '', { headers, user: userObject });
     } catch (ollamaError) {
-      const logMessage =
-        'Failed to fetch models from Ollama API. Attempting to fetch via OpenAI-compatible endpoint.';
-      logAxiosError({ message: logMessage, error: ollamaError as Error });
+      logAxiosError({
+        message:
+          'Failed to fetch models from Ollama API. Attempting to fetch via OpenAI-compatible endpoint.',
+        error: ollamaError as Error,
+      });
+    }
+    if (ollamaModels !== null) {
+      if (modelsCache && cacheKey && ollamaModels.length > 0) {
+        await modelsCache.set(cacheKey, ollamaModels, Time.TWO_MINUTES);
+      }
+      return ollamaModels;
     }
   }
 
@@ -175,9 +204,17 @@ export async function fetchModels({
     logAxiosError({ message: logMessage, error: error as Error });
   }
 
+  if (modelsCache && cacheKey && models.length > 0) {
+    await modelsCache.set(cacheKey, models, Time.TWO_MINUTES);
+  }
+
   return models;
 }
 
+function modelsCacheKey(baseURL: string, apiKey: string): string {
+  return crypto.createHash('sha256').update(`${baseURL}:${apiKey}`).digest('hex').slice(0, 32);
+}
+
 /** Options for fetching OpenAI models */
 export interface GetOpenAIModelsOptions {
   /** User ID for API requests */
@@ -190,6 +227,8 @@ export interface GetOpenAIModelsOptions {
   openAIApiKey?: string;
   /** Whether user provides their own API key */
   userProvidedOpenAI?: boolean;
+  /** Skip MODEL_QUERIES cache (e.g., for user-provided keys) */
+  skipCache?: boolean;
 }
 
 /**
@@ -218,13 +257,6 @@ export async function fetchOpenAIModels(
     baseURL = extractBaseURL(reverseProxyUrl) ?? openaiBaseURL;
   }
 
-  const modelsCache = standardCache(CacheKeys.MODEL_QUERIES);
-
-  const cachedModels = await modelsCache.get(baseURL);
-  if (cachedModels) {
-    return cachedModels as string[];
-  }
-
   if (baseURL || opts.azure) {
     models = await fetchModels({
       apiKey: apiKey ?? '',
@@ -232,6 +264,7 @@ export async function fetchOpenAIModels(
       azure: opts.azure,
       user: opts.user,
       name: EModelEndpoint.openAI,
+      skipCache: opts.skipCache,
     });
   }
 
@@ -248,7 +281,6 @@ export async function fetchOpenAIModels(
     models = otherModels.concat(instructModels);
   }
 
-  await modelsCache.set(baseURL, models);
   return models;
 }
 
@@ -293,7 +325,7 @@ export async function getOpenAIModels(opts: GetOpenAIModelsOptions = {}): Promis
  * @returns Promise resolving to array of model IDs
  */
 export async function fetchAnthropicModels(
-  opts: { user?: string } = {},
+  opts: { user?: string; skipCache?: boolean } = {},
   _models: string[] = [],
 ): Promise<string[]> {
   let models = _models.slice() ?? [];
@@ -310,13 +342,6 @@ export async function fetchAnthropicModels(
     return models;
   }
 
-  const modelsCache = standardCache(CacheKeys.MODEL_QUERIES);
-
-  const cachedModels = await modelsCache.get(baseURL);
-  if (cachedModels) {
-    return cachedModels as string[];
-  }
-
   if (baseURL) {
     models = await fetchModels({
       apiKey,
@@ -324,6 +349,7 @@ export async function fetchAnthropicModels(
       user: opts.user,
       name: EModelEndpoint.anthropic,
       tokenKey: EModelEndpoint.anthropic,
+      skipCache: opts.skipCache,
     });
   }
 
@@ -331,7 +357,6 @@ export async function fetchAnthropicModels(
     return _models;
   }
 
-  await modelsCache.set(baseURL, models);
   return models;
 }
 
diff --git a/packages/api/src/endpoints/openai/config.spec.ts b/packages/api/src/endpoints/openai/config.spec.ts
index cdf9d6f14c..46ad6a6295 100644
--- a/packages/api/src/endpoints/openai/config.spec.ts
+++ b/packages/api/src/endpoints/openai/config.spec.ts
@@ -1399,10 +1399,8 @@ describe('getOpenAIConfig', () => {
           dropParams: ['presence_penalty'],
           titleConvo: true,
           titleModel: 'gpt-3.5-turbo',
-          summaryModel: 'gpt-3.5-turbo',
           modelDisplayLabel: 'Custom GPT-4',
           titleMethod: 'completion',
-          contextStrategy: 'summarize',
           directEndpoint: true,
           titleMessageRole: 'user',
           streamRate: 25,
@@ -1417,10 +1415,8 @@ describe('getOpenAIConfig', () => {
           customParams: {},
           titleConvo: endpointConfig.titleConvo,
           titleModel: endpointConfig.titleModel,
-          summaryModel: endpointConfig.summaryModel,
           modelDisplayLabel: endpointConfig.modelDisplayLabel,
           titleMethod: endpointConfig.titleMethod,
-          contextStrategy: endpointConfig.contextStrategy,
           directEndpoint: endpointConfig.directEndpoint,
           titleMessageRole: endpointConfig.titleMessageRole,
           streamRate: endpointConfig.streamRate,
diff --git a/packages/api/src/files/encode/document.spec.ts b/packages/api/src/files/encode/document.spec.ts
index a93800b5e1..f285d47d5d 100644
--- a/packages/api/src/files/encode/document.spec.ts
+++ b/packages/api/src/files/encode/document.spec.ts
@@ -56,13 +56,16 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
   });
 
   /** Helper to create a mock request with file config */
-  const createMockRequest = (fileSizeLimit?: number): Partial<AppConfig> => ({
+  const createMockRequest = (
+    fileSizeLimit?: number,
+    provider: string = Providers.OPENAI,
+  ): Partial<AppConfig> => ({
     config:
       fileSizeLimit !== undefined
         ? {
             fileConfig: {
               endpoints: {
-                [Providers.OPENAI]: {
+                [provider]: {
                   fileSizeLimit,
                 },
               },
@@ -88,11 +91,7 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
       updatedAt: new Date(),
     }) as unknown as IMongoFile;
 
-  const createMockDocFile = (
-    sizeInMB: number,
-    mimeType: string,
-    filename: string,
-  ): IMongoFile =>
+  const createMockDocFile = (sizeInMB: number, mimeType: string, filename: string): IMongoFile =>
     ({
       _id: new Types.ObjectId(),
       user: new Types.ObjectId(),
@@ -135,6 +134,7 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
         expect.any(Number),
         Providers.OPENAI,
         configuredLimit,
+        undefined,
       );
     });
 
@@ -163,6 +163,7 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
         expect.any(Number),
         Providers.OPENAI,
         undefined,
+        undefined,
       );
     });
 
@@ -196,6 +197,7 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
         expect.any(Number),
         Providers.OPENAI,
         undefined,
+        undefined,
       );
     });
 
@@ -235,6 +237,7 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
         expect.any(Number),
         Providers.ANTHROPIC,
         configuredLimit,
+        undefined,
       );
     });
 
@@ -274,6 +277,7 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
         expect.any(Number),
         Providers.GOOGLE,
         configuredLimit,
+        undefined,
       );
     });
 
@@ -314,6 +318,7 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
         expect.any(Number),
         Providers.OPENAI,
         undefined,
+        undefined,
       );
     });
   });
@@ -407,6 +412,7 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
         expect.any(Number),
         Providers.OPENAI,
         mbToBytes(5),
+        undefined,
       );
     });
 
@@ -441,6 +447,7 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
         expect.any(Number),
         Providers.OPENAI,
         mbToBytes(50),
+        undefined,
       );
     });
 
@@ -480,6 +487,7 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
         expect.any(Number),
         Providers.OPENAI,
         mbToBytes(10),
+        undefined,
       );
       expect(mockedValidatePdf).toHaveBeenNthCalledWith(
         2,
@@ -487,6 +495,7 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
         expect.any(Number),
         Providers.OPENAI,
         mbToBytes(10),
+        undefined,
       );
     });
   });
@@ -657,6 +666,36 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
       });
     });
 
+    it('should thread model to validateBedrockDocument when model is provided', async () => {
+      const req = createMockRequest() as ServerRequest;
+      const model = 'anthropic.claude-sonnet-4-20250514-v1:0';
+      const file = createMockDocFile(1, 'text/csv', 'data.csv');
+
+      const mockContent = Buffer.from('col1,col2\nval1,val2').toString('base64');
+      mockedGetFileStream.mockResolvedValue({
+        file,
+        content: mockContent,
+        metadata: file,
+      });
+
+      mockedValidateBedrockDocument.mockResolvedValue({ isValid: true });
+
+      await encodeAndFormatDocuments(
+        req,
+        [file],
+        { provider: Providers.BEDROCK, model },
+        mockStrategyFunctions,
+      );
+
+      expect(mockedValidateBedrockDocument).toHaveBeenCalledWith(
+        expect.any(Number),
+        'text/csv',
+        expect.any(Buffer),
+        undefined,
+        model,
+      );
+    });
+
     it('should reject Bedrock document when validation fails', async () => {
       const req = createMockRequest() as ServerRequest;
       const file = createMockDocFile(5, 'text/csv', 'big.csv');
@@ -711,4 +750,235 @@ describe('encodeAndFormatDocuments - fileConfig integration', () => {
       });
     });
   });
+
+  describe('Generic document encoding path', () => {
+    it('should format text/plain for Anthropic with citations enabled', async () => {
+      const req = createMockRequest(30) as ServerRequest;
+      const file = createMockDocFile(1, 'text/plain', 'notes.txt');
+
+      const mockContent = Buffer.from('plain text content').toString('base64');
+      mockedGetFileStream.mockResolvedValue({
+        file,
+        content: mockContent,
+        metadata: file,
+      });
+
+      const result = await encodeAndFormatDocuments(
+        req,
+        [file],
+        { provider: Providers.ANTHROPIC },
+        mockStrategyFunctions,
+      );
+
+      expect(result.documents).toHaveLength(1);
+      expect(result.documents[0]).toMatchObject({
+        type: 'document',
+        source: {
+          type: 'base64',
+          media_type: 'text/plain',
+          data: mockContent,
+        },
+        citations: { enabled: true },
+        context: 'File: "notes.txt"',
+      });
+      expect(result.files).toHaveLength(1);
+    });
+
+    it('should format text/html for Anthropic with citations enabled', async () => {
+      const req = createMockRequest(30) as ServerRequest;
+      const file = createMockDocFile(1, 'text/html', 'page.html');
+
+      const mockContent = Buffer.from('<html>content</html>').toString('base64');
+      mockedGetFileStream.mockResolvedValue({
+        file,
+        content: mockContent,
+        metadata: file,
+      });
+
+      const result = await encodeAndFormatDocuments(
+        req,
+        [file],
+        { provider: Providers.ANTHROPIC },
+        mockStrategyFunctions,
+      );
+
+      expect(result.documents).toHaveLength(1);
+      expect(result.documents[0]).toMatchObject({
+        type: 'document',
+        source: { type: 'base64', media_type: 'text/html', data: mockContent },
+        citations: { enabled: true },
+      });
+    });
+
+    it('should format application/json for Anthropic without citations', async () => {
+      const req = createMockRequest(30) as ServerRequest;
+      const file = createMockDocFile(1, 'application/json', 'data.json');
+
+      const mockContent = Buffer.from('{"key":"value"}').toString('base64');
+      mockedGetFileStream.mockResolvedValue({
+        file,
+        content: mockContent,
+        metadata: file,
+      });
+
+      const result = await encodeAndFormatDocuments(
+        req,
+        [file],
+        { provider: Providers.ANTHROPIC },
+        mockStrategyFunctions,
+      );
+
+      expect(result.documents).toHaveLength(1);
+      expect(result.documents[0]).not.toHaveProperty('citations');
+    });
+
+    it('should format text/csv for OpenAI responses API', async () => {
+      const req = createMockRequest(15) as ServerRequest;
+      const file = createMockDocFile(1, 'text/csv', 'data.csv');
+
+      const mockContent = Buffer.from('a,b\n1,2').toString('base64');
+      mockedGetFileStream.mockResolvedValue({
+        file,
+        content: mockContent,
+        metadata: file,
+      });
+
+      const result = await encodeAndFormatDocuments(
+        req,
+        [file],
+        { provider: Providers.OPENAI, useResponsesApi: true },
+        mockStrategyFunctions,
+      );
+
+      expect(result.documents).toHaveLength(1);
+      expect(result.documents[0]).toMatchObject({
+        type: 'input_file',
+        filename: 'data.csv',
+        file_data: `data:text/csv;base64,${mockContent}`,
+      });
+      expect(result.files).toHaveLength(1);
+    });
+
+    it('should format XLSX for Google/VertexAI as media block', async () => {
+      const req = createMockRequest(25) as ServerRequest;
+      const mimeType = 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet';
+      const file = createMockDocFile(2, mimeType, 'report.xlsx');
+
+      const mockContent = Buffer.from('xlsx-binary').toString('base64');
+      mockedGetFileStream.mockResolvedValue({
+        file,
+        content: mockContent,
+        metadata: file,
+      });
+
+      const result = await encodeAndFormatDocuments(
+        req,
+        [file],
+        { provider: Providers.GOOGLE },
+        mockStrategyFunctions,
+      );
+
+      expect(result.documents).toHaveLength(1);
+      expect(result.documents[0]).toMatchObject({
+        type: 'media',
+        mimeType,
+        data: mockContent,
+      });
+      expect(result.files).toHaveLength(1);
+    });
+
+    it('should format text/plain for standard OpenAI-like provider as file block', async () => {
+      const req = createMockRequest(15) as ServerRequest;
+      const file = createMockDocFile(1, 'text/plain', 'readme.txt');
+
+      const mockContent = Buffer.from('readme content').toString('base64');
+      mockedGetFileStream.mockResolvedValue({
+        file,
+        content: mockContent,
+        metadata: file,
+      });
+
+      const result = await encodeAndFormatDocuments(
+        req,
+        [file],
+        { provider: Providers.OPENAI },
+        mockStrategyFunctions,
+      );
+
+      expect(result.documents).toHaveLength(1);
+      expect(result.documents[0]).toMatchObject({
+        type: 'file',
+        file: {
+          filename: 'readme.txt',
+          file_data: `data:text/plain;base64,${mockContent}`,
+        },
+      });
+      expect(result.files).toHaveLength(1);
+    });
+
+    it('should skip non-Bedrock-document types for Bedrock provider', async () => {
+      const req = createMockRequest() as ServerRequest;
+      const file = createMockDocFile(1, 'application/zip', 'archive.zip');
+
+      const mockContent = Buffer.from('zip-content').toString('base64');
+      mockedGetFileStream.mockResolvedValue({
+        file,
+        content: mockContent,
+        metadata: file,
+      });
+
+      const result = await encodeAndFormatDocuments(
+        req,
+        [file],
+        { provider: Providers.BEDROCK },
+        mockStrategyFunctions,
+      );
+
+      expect(result.documents).toHaveLength(0);
+      expect(result.files).toHaveLength(0);
+    });
+
+    it('should throw when generic file exceeds configured size limit', async () => {
+      const req = createMockRequest(1, Providers.ANTHROPIC) as ServerRequest;
+      const file = createMockDocFile(2, 'text/plain', 'large.txt');
+
+      const largeContent = Buffer.alloc(2 * 1024 * 1024).toString('base64');
+      mockedGetFileStream.mockResolvedValue({
+        file,
+        content: largeContent,
+        metadata: file,
+      });
+
+      await expect(
+        encodeAndFormatDocuments(
+          req,
+          [file],
+          { provider: Providers.ANTHROPIC },
+          mockStrategyFunctions,
+        ),
+      ).rejects.toThrow('File size');
+    });
+
+    it('should not push metadata when provider has no handler', async () => {
+      const req = createMockRequest(15) as ServerRequest;
+      const file = createMockDocFile(1, 'text/plain', 'test.txt');
+
+      const mockContent = Buffer.from('content').toString('base64');
+      mockedGetFileStream.mockResolvedValue({
+        file,
+        content: mockContent,
+        metadata: file,
+      });
+
+      const result = await encodeAndFormatDocuments(
+        req,
+        [file],
+        { provider: Providers.AZURE as Providers },
+        mockStrategyFunctions,
+      );
+
+      expect(result.documents).toHaveLength(0);
+      expect(result.files).toHaveLength(0);
+    });
+  });
 });
diff --git a/packages/api/src/files/encode/document.ts b/packages/api/src/files/encode/document.ts
index e4fd066324..f04ad43ef2 100644
--- a/packages/api/src/files/encode/document.ts
+++ b/packages/api/src/files/encode/document.ts
@@ -7,6 +7,7 @@ import {
 } from 'librechat-data-provider';
 import type { IMongoFile } from '@librechat/data-schemas';
 import type {
+  DocumentBlock,
   AnthropicDocumentBlock,
   StrategyFunctions,
   DocumentResult,
@@ -15,24 +16,93 @@ import type {
 import { validatePdf, validateBedrockDocument } from '~/files/validation';
 import { getFileStream, getConfiguredFileSizeLimit } from './utils';
 
+const ANTHROPIC_CITATION_TYPES = new Set([
+  'application/pdf',
+  'text/plain',
+  'text/html',
+  'text/markdown',
+]);
+
 /**
- * Processes and encodes document files for various providers
- * @param req - Express request object
- * @param files - Array of file objects to process
- * @param params - Object containing provider, endpoint, and other options
- * @param params.provider - The provider name
- * @param params.endpoint - Optional endpoint name for file config lookup
- * @param params.useResponsesApi - Whether to use responses API format
- * @param getStrategyFunctions - Function to get strategy functions
- * @returns Promise that resolves to documents and file metadata
+ * Formats a base64-encoded document into the appropriate provider-specific block.
+ * Returns `null` when the provider has no matching handler.
+ */
+function formatDocumentBlock(
+  provider: Providers,
+  mimeType: string,
+  content: string,
+  filename: string | undefined,
+  useResponsesApi: boolean | undefined,
+): DocumentBlock | null {
+  if (provider === Providers.ANTHROPIC) {
+    const document: AnthropicDocumentBlock = {
+      type: 'document',
+      source: {
+        type: 'base64',
+        media_type: mimeType,
+        data: content,
+      },
+    };
+
+    if (ANTHROPIC_CITATION_TYPES.has(mimeType)) {
+      document.citations = { enabled: true };
+    }
+
+    if (filename) {
+      document.context = `File: "${filename}"`;
+    }
+
+    return document;
+  }
+
+  const resolvedFilename = filename ?? 'document';
+
+  if (useResponsesApi) {
+    return {
+      type: 'input_file',
+      filename: resolvedFilename,
+      file_data: `data:${mimeType};base64,${content}`,
+    };
+  }
+
+  if (provider === Providers.GOOGLE || provider === Providers.VERTEXAI) {
+    return {
+      type: 'media',
+      mimeType,
+      data: content,
+    };
+  }
+
+  if (isOpenAILikeProvider(provider) && provider !== Providers.AZURE) {
+    return {
+      type: 'file',
+      file: {
+        filename: resolvedFilename,
+        file_data: `data:${mimeType};base64,${content}`,
+      },
+    };
+  }
+
+  return null;
+}
+
+/**
+ * Encodes and formats document files for various providers.
+ *
+ * Callers are responsible for pre-filtering `files` to types the endpoint accepts
+ * (e.g., via `supportedMimeTypes` in `processAttachments`). This function processes
+ * every file it receives and dispatches to the appropriate provider format:
+ * - **Bedrock**: Only encodes types in `bedrockDocumentFormats`; all others are skipped.
+ * - **PDF**: Validated via `validatePdf` before encoding.
+ * - **Generic types**: Encoded with a provider-specific size check.
  */
 export async function encodeAndFormatDocuments(
   req: ServerRequest,
   files: IMongoFile[],
-  params: { provider: Providers; endpoint?: string; useResponsesApi?: boolean },
+  params: { provider: Providers; endpoint?: string; useResponsesApi?: boolean; model?: string },
   getStrategyFunctions: (source: string) => StrategyFunctions,
 ): Promise<DocumentResult> {
-  const { provider, endpoint, useResponsesApi } = params;
+  const { provider, endpoint, useResponsesApi, model } = params;
   if (!files?.length) {
     return { documents: [], files: [] };
   }
@@ -43,25 +113,22 @@ export async function encodeAndFormatDocuments(
   const isBedrock = provider === Providers.BEDROCK;
   const isDocSupported = isDocumentSupportedProvider(provider);
 
-  const documentFiles = files.filter((file) => {
-    if (isBedrock && isBedrockDocumentType(file.type)) {
-      return true;
-    }
-    return file.type === 'application/pdf' || file.type?.startsWith('application/');
-  });
-
-  if (!documentFiles.length) {
+  if (!isDocSupported && !isBedrock) {
     return result;
   }
 
+  const processableFiles = isBedrock
+    ? files.filter((file) => isBedrockDocumentType(file.type))
+    : files;
+
+  if (!processableFiles.length) {
+    return result;
+  }
+
+  const configuredFileSizeLimit = getConfiguredFileSizeLimit(req, { provider, endpoint });
+
   const results = await Promise.allSettled(
-    documentFiles.map((file) => {
-      const isProcessable = isBedrock
-        ? isBedrockDocumentType(file.type)
-        : file.type === 'application/pdf' && isDocSupported;
-      if (!isProcessable) {
-        return Promise.resolve(null);
-      }
+    processableFiles.map((file) => {
       return getFileStream(req, file, encodingMethods, getStrategyFunctions);
     }),
   );
@@ -82,7 +149,6 @@ export async function encodeAndFormatDocuments(
       continue;
     }
 
-    const configuredFileSizeLimit = getConfiguredFileSizeLimit(req, { provider, endpoint });
     const mimeType = file.type ?? '';
 
     if (isBedrock && isBedrockDocumentType(mimeType)) {
@@ -94,6 +160,7 @@ export async function encodeAndFormatDocuments(
         mimeType,
         fileBuffer,
         configuredFileSizeLimit,
+        model,
       );
 
       if (!validation.isValid) {
@@ -122,50 +189,44 @@ export async function encodeAndFormatDocuments(
         pdfBuffer.length,
         provider,
         configuredFileSizeLimit,
+        model,
       );
 
       if (!validation.isValid) {
         throw new Error(`PDF validation failed: ${validation.error}`);
       }
 
-      if (provider === Providers.ANTHROPIC) {
-        const document: AnthropicDocumentBlock = {
-          type: 'document',
-          source: {
-            type: 'base64',
-            media_type: 'application/pdf',
-            data: content,
-          },
-          citations: { enabled: true },
-        };
-
-        if (file.filename) {
-          document.context = `File: "${file.filename}"`;
-        }
-
-        result.documents.push(document);
-      } else if (useResponsesApi) {
-        result.documents.push({
-          type: 'input_file',
-          filename: file.filename,
-          file_data: `data:application/pdf;base64,${content}`,
-        });
-      } else if (provider === Providers.GOOGLE || provider === Providers.VERTEXAI) {
-        result.documents.push({
-          type: 'media',
-          mimeType: 'application/pdf',
-          data: content,
-        });
-      } else if (isOpenAILikeProvider(provider) && provider != Providers.AZURE) {
-        result.documents.push({
-          type: 'file',
-          file: {
-            filename: file.filename,
-            file_data: `data:application/pdf;base64,${content}`,
-          },
-        });
+      const block = formatDocumentBlock(
+        provider,
+        mimeType,
+        content,
+        file.filename,
+        useResponsesApi,
+      );
+      if (block) {
+        result.documents.push(block);
+        result.files.push(metadata);
+      }
+    } else if (isDocSupported && !isBedrock) {
+      const paddingChars = content.endsWith('==') ? 2 : content.endsWith('=') ? 1 : 0;
+      const decodedByteCount = Math.floor((content.length * 3) / 4) - paddingChars;
+      if (configuredFileSizeLimit && decodedByteCount > configuredFileSizeLimit) {
+        throw new Error(
+          `File size (~${(decodedByteCount / 1024 / 1024).toFixed(1)}MB) exceeds the configured limit for ${provider}`,
+        );
+      }
+
+      const block = formatDocumentBlock(
+        provider,
+        mimeType,
+        content,
+        file.filename,
+        useResponsesApi,
+      );
+      if (block) {
+        result.documents.push(block);
+        result.files.push(metadata);
       }
-      result.files.push(metadata);
     }
   }
 
diff --git a/packages/api/src/files/encode/processAttachments.spec.ts b/packages/api/src/files/encode/processAttachments.spec.ts
new file mode 100644
index 0000000000..91d6de4a0c
--- /dev/null
+++ b/packages/api/src/files/encode/processAttachments.spec.ts
@@ -0,0 +1,158 @@
+import {
+  FileSources,
+  mergeFileConfig,
+  EModelEndpoint,
+  getEndpointFileConfig,
+  isBedrockDocumentType,
+} from 'librechat-data-provider';
+import type { FileConfig, EndpointFileConfig } from 'librechat-data-provider';
+
+/**
+ * Mirrors the categorization logic from BaseClient.processAttachments.
+ * Extracted here for testability since the /api workspace test setup is broken.
+ */
+function categorizeFile(
+  file: {
+    type?: string | null;
+    source?: string;
+    embedded?: boolean;
+    metadata?: { fileIdentifier?: string };
+  },
+  isBedrock: boolean,
+  mergedFileConfig: FileConfig | undefined,
+  endpointFileConfig: EndpointFileConfig | undefined,
+): 'images' | 'documents' | 'videos' | 'audios' | 'skipped' {
+  const source = file.source ?? FileSources.local;
+  if (source === FileSources.text) {
+    return 'skipped';
+  }
+  if (file.embedded === true || file.metadata?.fileIdentifier != null) {
+    return 'skipped';
+  }
+
+  if (file.type?.startsWith('image/')) {
+    return 'images';
+  } else if (file.type === 'application/pdf') {
+    return 'documents';
+  } else if (isBedrock && file.type && isBedrockDocumentType(file.type)) {
+    return 'documents';
+  } else if (file.type?.startsWith('video/')) {
+    return 'videos';
+  } else if (file.type?.startsWith('audio/')) {
+    return 'audios';
+  } else if (
+    file.type &&
+    mergedFileConfig &&
+    endpointFileConfig?.supportedMimeTypes &&
+    mergedFileConfig.checkType?.(file.type, endpointFileConfig.supportedMimeTypes)
+  ) {
+    return 'documents';
+  }
+
+  return 'skipped';
+}
+
+describe('processAttachments — supportedMimeTypes routing logic', () => {
+  const endpoint = EModelEndpoint.openAI;
+
+  function resolveConfig(mimePatterns: string[]) {
+    const merged = mergeFileConfig({
+      endpoints: {
+        [endpoint]: { supportedMimeTypes: mimePatterns },
+      },
+    });
+    const epConfig = getEndpointFileConfig({
+      fileConfig: merged,
+      endpoint,
+    });
+    return { merged, epConfig };
+  }
+
+  it('should route text/csv to documents when supportedMimeTypes includes it', () => {
+    const { merged, epConfig } = resolveConfig(['text/csv']);
+    const result = categorizeFile({ type: 'text/csv' }, false, merged, epConfig);
+    expect(result).toBe('documents');
+  });
+
+  it('should route text/plain to documents when supportedMimeTypes uses wildcard', () => {
+    const { merged, epConfig } = resolveConfig(['.*']);
+    const result = categorizeFile({ type: 'text/plain' }, false, merged, epConfig);
+    expect(result).toBe('documents');
+  });
+
+  it('should skip application/zip when supportedMimeTypes only allows text types', () => {
+    const { merged, epConfig } = resolveConfig(['text/csv', 'text/plain']);
+    const result = categorizeFile({ type: 'application/zip' }, false, merged, epConfig);
+    expect(result).toBe('skipped');
+  });
+
+  it('should skip files when no fileConfig is provided', () => {
+    const result = categorizeFile({ type: 'text/csv' }, false, undefined, undefined);
+    expect(result).toBe('skipped');
+  });
+
+  it('should skip files with null type even with permissive config', () => {
+    const { merged, epConfig } = resolveConfig(['.*']);
+    const result = categorizeFile({ type: null }, false, merged, epConfig);
+    expect(result).toBe('skipped');
+  });
+
+  it('should skip files with undefined type even with permissive config', () => {
+    const { merged, epConfig } = resolveConfig(['.*']);
+    const result = categorizeFile({ type: undefined }, false, merged, epConfig);
+    expect(result).toBe('skipped');
+  });
+
+  it('should still route image types through images category (not documents)', () => {
+    const { merged, epConfig } = resolveConfig(['.*']);
+    expect(categorizeFile({ type: 'image/png' }, false, merged, epConfig)).toBe('images');
+  });
+
+  it('should still route PDF through documents (dedicated branch)', () => {
+    const { merged, epConfig } = resolveConfig(['.*']);
+    expect(categorizeFile({ type: 'application/pdf' }, false, merged, epConfig)).toBe('documents');
+  });
+
+  it('should still route video types through videos category', () => {
+    const { merged, epConfig } = resolveConfig(['.*']);
+    expect(categorizeFile({ type: 'video/mp4' }, false, merged, epConfig)).toBe('videos');
+  });
+
+  it('should still route audio types through audios category', () => {
+    const { merged, epConfig } = resolveConfig(['.*']);
+    expect(categorizeFile({ type: 'audio/mp3' }, false, merged, epConfig)).toBe('audios');
+  });
+
+  it('should route Bedrock document types through documents for Bedrock provider', () => {
+    const { merged, epConfig } = resolveConfig(['.*']);
+    expect(categorizeFile({ type: 'text/csv' }, true, merged, epConfig)).toBe('documents');
+  });
+
+  it('should route non-Bedrock-document types for Bedrock when config allows them', () => {
+    const { merged, epConfig } = resolveConfig(['.*']);
+    expect(categorizeFile({ type: 'application/zip' }, true, merged, epConfig)).toBe('documents');
+  });
+
+  it('should route xlsx to documents with matching config', () => {
+    const xlsxType = 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet';
+    const { merged, epConfig } = resolveConfig([xlsxType]);
+    expect(categorizeFile({ type: xlsxType }, false, merged, epConfig)).toBe('documents');
+  });
+
+  it('should skip text source files regardless of config', () => {
+    const { merged, epConfig } = resolveConfig(['.*']);
+    const result = categorizeFile(
+      { type: 'text/csv', source: FileSources.text },
+      false,
+      merged,
+      epConfig,
+    );
+    expect(result).toBe('skipped');
+  });
+
+  it('should skip embedded files regardless of config', () => {
+    const { merged, epConfig } = resolveConfig(['.*']);
+    const result = categorizeFile({ type: 'text/csv', embedded: true }, false, merged, epConfig);
+    expect(result).toBe('skipped');
+  });
+});
diff --git a/packages/api/src/files/validation.spec.ts b/packages/api/src/files/validation.spec.ts
index 98dcda4188..9d7eff4670 100644
--- a/packages/api/src/files/validation.spec.ts
+++ b/packages/api/src/files/validation.spec.ts
@@ -173,13 +173,13 @@ describe('PDF Validation with fileConfig.endpoints.*.fileSizeLimit', () => {
       expect(result.error).toContain('2.0MB');
     });
 
-    it('should clamp to 4.5MB hard limit even when config is higher', async () => {
+    it('should allow configured limit higher than 4.5MB default', async () => {
       const configuredLimit = mbToBytes(512);
       const pdfBuffer = createMockPdfBuffer(5);
       const result = await validatePdf(pdfBuffer, pdfBuffer.length, provider, configuredLimit);
 
-      expect(result.isValid).toBe(false);
-      expect(result.error).toContain('4.5MB');
+      expect(result.isValid).toBe(true);
+      expect(result.error).toBeUndefined();
     });
 
     it('should reject PDFs with invalid header', async () => {
@@ -200,6 +200,120 @@ describe('PDF Validation with fileConfig.endpoints.*.fileSizeLimit', () => {
     });
   });
 
+  describe('validatePdf - Bedrock with model-specific exemptions', () => {
+    const provider = Providers.BEDROCK;
+
+    it('should exempt Claude 4+ PDFs from the 4.5MB limit', async () => {
+      const pdfBuffer = createMockPdfBuffer(10);
+      const model = 'anthropic.claude-sonnet-4-20250514-v1:0';
+      const result = await validatePdf(pdfBuffer, pdfBuffer.length, provider, undefined, model);
+
+      expect(result.isValid).toBe(true);
+      expect(result.error).toBeUndefined();
+    });
+
+    it('should exempt Claude 4+ PDFs via cross-region inference profile ID', async () => {
+      const pdfBuffer = createMockPdfBuffer(10);
+      const model = 'us.anthropic.claude-sonnet-4-20250514-v1:0';
+      const result = await validatePdf(pdfBuffer, pdfBuffer.length, provider, undefined, model);
+
+      expect(result.isValid).toBe(true);
+      expect(result.error).toBeUndefined();
+    });
+
+    it('should exempt Nova PDFs from the 4.5MB limit', async () => {
+      const pdfBuffer = createMockPdfBuffer(10);
+      const model = 'amazon.nova-pro-v1:0';
+      const result = await validatePdf(pdfBuffer, pdfBuffer.length, provider, undefined, model);
+
+      expect(result.isValid).toBe(true);
+      expect(result.error).toBeUndefined();
+    });
+
+    it('should exempt Nova PDFs via cross-region inference profile ID', async () => {
+      const pdfBuffer = createMockPdfBuffer(10);
+      const model = 'us.amazon.nova-pro-v1:0';
+      const result = await validatePdf(pdfBuffer, pdfBuffer.length, provider, undefined, model);
+
+      expect(result.isValid).toBe(true);
+      expect(result.error).toBeUndefined();
+    });
+
+    it('should still enforce 4.5MB for non-exempt models without config override', async () => {
+      const pdfBuffer = createMockPdfBuffer(5);
+      const model = 'anthropic.claude-3-5-sonnet-20241022-v2:0';
+      const result = await validatePdf(pdfBuffer, pdfBuffer.length, provider, undefined, model);
+
+      expect(result.isValid).toBe(false);
+      expect(result.error).toContain('4.5MB');
+    });
+
+    it('should accept PDFs below 32MB for exempt Claude 4+ models', async () => {
+      const pdfBuffer = createMockPdfBuffer(30);
+      const model = 'anthropic.claude-opus-4-20250514-v1:0';
+      const result = await validatePdf(pdfBuffer, pdfBuffer.length, provider, undefined, model);
+
+      expect(result.isValid).toBe(true);
+    });
+
+    it('should reject exempt model PDFs exceeding 32MB', async () => {
+      const pdfBuffer = createMockPdfBuffer(35);
+      const model = 'anthropic.claude-sonnet-4-20250514-v1:0';
+      const result = await validatePdf(pdfBuffer, pdfBuffer.length, provider, undefined, model);
+
+      expect(result.isValid).toBe(false);
+      expect(result.error).toContain('32.0MB');
+    });
+
+    it('should respect configuredFileSizeLimit when lower than 32MB for exempt models', async () => {
+      const configuredLimit = mbToBytes(10);
+      const pdfBuffer = createMockPdfBuffer(15);
+      const model = 'anthropic.claude-sonnet-4-20250514-v1:0';
+      const result = await validatePdf(
+        pdfBuffer,
+        pdfBuffer.length,
+        provider,
+        configuredLimit,
+        model,
+      );
+
+      expect(result.isValid).toBe(false);
+      expect(result.error).toContain('10.0MB');
+    });
+
+    it('should allow configuredFileSizeLimit higher than 32MB for exempt models', async () => {
+      const configuredLimit = mbToBytes(50);
+      const pdfBuffer = createMockPdfBuffer(35);
+      const model = 'amazon.nova-pro-v1:0';
+      const result = await validatePdf(
+        pdfBuffer,
+        pdfBuffer.length,
+        provider,
+        configuredLimit,
+        model,
+      );
+
+      expect(result.isValid).toBe(true);
+      expect(result.error).toBeUndefined();
+    });
+
+    it('should allow configuredFileSizeLimit higher than 4.5MB for non-exempt models', async () => {
+      const configuredLimit = mbToBytes(100);
+      const pdfBuffer = createMockPdfBuffer(5);
+      const model = 'anthropic.claude-3-5-sonnet-20241022-v2:0';
+      const result = await validatePdf(
+        pdfBuffer,
+        pdfBuffer.length,
+        provider,
+        configuredLimit,
+        model,
+      );
+
+      expect(result.isValid).toBe(true);
+      expect(result.error).toBeUndefined();
+    });
+  });
+
   describe('validateBedrockDocument - non-PDF types', () => {
     it('should accept CSV within 4.5MB limit', async () => {
       const fileSize = 2 * 1024 * 1024;
@@ -218,7 +332,7 @@ describe('PDF Validation with fileConfig.endpoints.*.fileSizeLimit', () => {
       expect(result.error).toBeUndefined();
     });
 
-    it('should reject non-PDF document exceeding 4.5MB hard limit', async () => {
+    it('should reject non-PDF document exceeding 4.5MB default limit', async () => {
       const fileSize = 5 * 1024 * 1024;
       const result = await validateBedrockDocument(fileSize, 'text/plain');
 
@@ -226,24 +340,54 @@ describe('PDF Validation with fileConfig.endpoints.*.fileSizeLimit', () => {
       expect(result.error).toContain('4.5MB');
     });
 
-    it('should clamp to 4.5MB even when config is higher for non-PDF', async () => {
+    it('should allow configured limit higher than 4.5MB for non-PDF', async () => {
       const fileSize = 5 * 1024 * 1024;
       const configuredLimit = mbToBytes(512);
-      const result = await validateBedrockDocument(fileSize, 'text/html', undefined, configuredLimit);
+      const result = await validateBedrockDocument(
+        fileSize,
+        'text/html',
+        undefined,
+        configuredLimit,
+      );
 
-      expect(result.isValid).toBe(false);
-      expect(result.error).toContain('4.5MB');
+      expect(result.isValid).toBe(true);
+      expect(result.error).toBeUndefined();
     });
 
     it('should use configured limit when lower than provider limit for non-PDF', async () => {
       const fileSize = 3 * 1024 * 1024;
       const configuredLimit = mbToBytes(2);
-      const result = await validateBedrockDocument(fileSize, 'text/markdown', undefined, configuredLimit);
+      const result = await validateBedrockDocument(
+        fileSize,
+        'text/markdown',
+        undefined,
+        configuredLimit,
+      );
 
       expect(result.isValid).toBe(false);
       expect(result.error).toContain('2.0MB');
     });
 
+    it('should exempt Nova DOCX from 4.5MB limit', async () => {
+      const fileSize = 10 * 1024 * 1024;
+      const mimeType = 'application/vnd.openxmlformats-officedocument.wordprocessingml.document';
+      const model = 'amazon.nova-pro-v1:0';
+      const result = await validateBedrockDocument(fileSize, mimeType, undefined, undefined, model);
+
+      expect(result.isValid).toBe(true);
+      expect(result.error).toBeUndefined();
+    });
+
+    it('should NOT exempt Claude 4+ DOCX from 4.5MB limit (only PDF exempt)', async () => {
+      const fileSize = 5 * 1024 * 1024;
+      const mimeType = 'application/vnd.openxmlformats-officedocument.wordprocessingml.document';
+      const model = 'anthropic.claude-sonnet-4-20250514-v1:0';
+      const result = await validateBedrockDocument(fileSize, mimeType, undefined, undefined, model);
+
+      expect(result.isValid).toBe(false);
+      expect(result.error).toContain('4.5MB');
+    });
+
     it('should not run PDF header check on non-PDF types', async () => {
       const buffer = Buffer.from('NOT-A-PDF-HEADER-but-valid-csv-content');
       const result = await validateBedrockDocument(buffer.length, 'text/csv', buffer);
diff --git a/packages/api/src/files/validation.ts b/packages/api/src/files/validation.ts
index b3db19e92a..1e92ff7dc2 100644
--- a/packages/api/src/files/validation.ts
+++ b/packages/api/src/files/validation.ts
@@ -31,13 +31,20 @@ export async function validatePdf(
   fileSize: number,
   provider: Providers,
   configuredFileSizeLimit?: number,
+  model?: string,
 ): Promise<PDFValidationResult> {
   if (provider === Providers.ANTHROPIC) {
     return validateAnthropicPdf(pdfBuffer, fileSize, configuredFileSizeLimit);
   }
 
   if (provider === Providers.BEDROCK) {
-    return validateBedrockDocument(fileSize, 'application/pdf', pdfBuffer, configuredFileSizeLimit);
+    return validateBedrockDocument(
+      fileSize,
+      'application/pdf',
+      pdfBuffer,
+      configuredFileSizeLimit,
+      model,
+    );
   }
 
   if (isOpenAILikeProvider(provider)) {
@@ -123,12 +130,51 @@ async function validateAnthropicPdf(
 }
 
 /**
- * Validates a document against Bedrock's 4.5MB hard limit. PDF-specific header
- * checks run only when the MIME type is `application/pdf`.
+ * Matches Bedrock Claude 4+ model identifiers, including cross-region inference profile IDs.
+ * Pattern: [region.]anthropic.claude-{family}-{version≥4}-{date}-v{n}:{rev}
+ * e.g. "anthropic.claude-sonnet-4-20250514-v1:0" or "us.anthropic.claude-sonnet-4-20250514-v1:0"
+ */
+const BEDROCK_CLAUDE_4_PLUS_RE = /(?:^|\.)anthropic\.claude-(?:sonnet|opus|haiku)-[4-9]\d*-/;
+const isBedrockClaude4Plus = (model?: string): boolean =>
+  model != null && BEDROCK_CLAUDE_4_PLUS_RE.test(model);
+
+/**
+ * Matches Bedrock Nova model identifiers, including cross-region inference profile IDs.
+ * e.g. "amazon.nova-pro-v1:0" or "us.amazon.nova-pro-v1:0"
+ */
+const isBedrockNova = (model?: string): boolean =>
+  model != null && /(?:^|\.)amazon\.nova-/.test(model);
+
+const pdfMimeType = 'application/pdf';
+const docxMimeType = 'application/vnd.openxmlformats-officedocument.wordprocessingml.document';
+
+/**
+ * Returns true when the given model + MIME type combination is exempt from
+ * Bedrock's default 4.5 MB per-document limit.
+ *
+ * Per AWS docs (https://docs.aws.amazon.com/bedrock/latest/userguide/inference-api-restrictions.html):
+ * - Claude 4+: PDFs are exempt from the 4.5 MB limit
+ * - Nova: PDFs and DOCX are exempt from the 4.5 MB limit
+ */
+const isExemptFromBedrockDocLimit = (model?: string, mimeType?: string): boolean => {
+  if (mimeType === pdfMimeType) {
+    return isBedrockClaude4Plus(model) || isBedrockNova(model);
+  }
+  if (mimeType === docxMimeType) {
+    return isBedrockNova(model);
+  }
+  return false;
+};
+
+/**
+ * Validates a document against Bedrock size limits. The default limit is 4.5 MB,
+ * but Claude 4+ (PDF) and Nova (PDF/DOCX) models are exempt per AWS docs.
+ * When exempt, falls back to a 32 MB request-level limit as a reasonable upper bound.
  * @param fileSize - The file size in bytes
  * @param mimeType - The MIME type of the document
  * @param fileBuffer - The file buffer (used for PDF header validation)
  * @param configuredFileSizeLimit - Optional configured file size limit from fileConfig (in bytes)
+ * @param model - Optional Bedrock model identifier for model-specific limit exceptions
  * @returns Promise that resolves to validation result
  */
 export async function validateBedrockDocument(
@@ -136,14 +182,13 @@ export async function validateBedrockDocument(
   mimeType: string,
   fileBuffer?: Buffer,
   configuredFileSizeLimit?: number,
+  model?: string,
 ): Promise<ValidationResult> {
   try {
-    /** Bedrock enforces a hard 4.5MB per-document limit at the API level; config can only lower it */
-    const providerLimit = mbToBytes(4.5);
-    const effectiveLimit =
-      configuredFileSizeLimit != null
-        ? Math.min(configuredFileSizeLimit, providerLimit)
-        : providerLimit;
+    const exempt = isExemptFromBedrockDocLimit(model, mimeType);
+    /** Default 4.5 MB; exempt models (Claude 4+ PDF, Nova PDF/DOCX) default to 32 MB when unconfigured */
+    const providerLimit = exempt ? mbToBytes(32) : mbToBytes(4.5);
+    const effectiveLimit = configuredFileSizeLimit ?? providerLimit;
 
     if (fileSize > effectiveLimit) {
       const limitMB = (effectiveLimit / (1024 * 1024)).toFixed(1);
@@ -153,7 +198,7 @@ export async function validateBedrockDocument(
       };
     }
 
-    if (mimeType === 'application/pdf' && fileBuffer) {
+    if (mimeType === pdfMimeType && fileBuffer) {
       if (fileBuffer.length < 5) {
         return {
           isValid: false,
diff --git a/packages/api/src/flow/manager.tenant.spec.ts b/packages/api/src/flow/manager.tenant.spec.ts
new file mode 100644
index 0000000000..14b780c34b
--- /dev/null
+++ b/packages/api/src/flow/manager.tenant.spec.ts
@@ -0,0 +1,49 @@
+import { Keyv } from 'keyv';
+import { logger, tenantStorage } from '@librechat/data-schemas';
+import { FlowStateManager } from './manager';
+
+jest.mock('@librechat/data-schemas', () => ({
+  ...jest.requireActual('@librechat/data-schemas'),
+  logger: {
+    info: jest.fn(),
+    warn: jest.fn(),
+    error: jest.fn(),
+    debug: jest.fn(),
+  },
+}));
+
+describe('FlowStateManager flow keys are not tenant-scoped', () => {
+  let manager: FlowStateManager;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    const store = new Keyv({ store: new Map() });
+    manager = new FlowStateManager(store, { ci: true, ttl: 60_000 });
+  });
+
+  it('completeFlow finds a flow regardless of tenant context (OAuth callback compatibility)', async () => {
+    await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+      await manager.initFlow('flow-1', 'oauth', {});
+    });
+
+    const found = await manager.completeFlow('flow-1', 'oauth', { token: 'abc' });
+    expect(found).toBe(true);
+  });
+
+  it('completeFlow works when both creation and completion have the same tenant', async () => {
+    await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+      await manager.initFlow('flow-2', 'oauth', {});
+      const found = await manager.completeFlow('flow-2', 'oauth', { token: 'abc' });
+      expect(found).toBe(true);
+    });
+  });
+
+  it('completeFlow returns false and logs when flow does not exist', async () => {
+    const found = await manager.completeFlow('ghost-flow', 'oauth', { token: 'x' });
+    expect(found).toBe(false);
+    expect(logger.warn).toHaveBeenCalledWith(
+      expect.stringContaining('ghost-flow'),
+      expect.objectContaining({ flowId: 'ghost-flow', type: 'oauth' }),
+    );
+  });
+});
diff --git a/packages/api/src/flow/manager.ts b/packages/api/src/flow/manager.ts
index b68b9edb7a..544cba9560 100644
--- a/packages/api/src/flow/manager.ts
+++ b/packages/api/src/flow/manager.ts
@@ -53,6 +53,12 @@ export class FlowStateManager<T = unknown> {
     process.on('SIGHUP', cleanup);
   }
 
+  /**
+   * Flow keys are intentionally NOT tenant-scoped. OAuth callbacks arrive
+   * without tenant ALS context (the provider redirect doesn't carry
+   * X-Tenant-Id). Flow IDs are random UUIDs with no collision risk, and
+   * flow data is ephemeral (TTL-bounded, no sensitive user content).
+   */
   private getFlowKey(flowId: string, type: string): string {
     return `${type}:${flowId}`;
   }
@@ -253,7 +259,9 @@ export class FlowStateManager<T = unknown> {
 
     if (!flowState) {
       logger.warn(
-        '[FlowStateManager] Flow state not found during completion — cannot recover metadata, skipping',
+        `[FlowStateManager] completeFlow: flow not found — key=${flowKey}. ` +
+          'Possible causes: flow TTL expired before callback arrived, flow was never created, or ' +
+          'the callback is routing to a different instance without shared Keyv storage.',
         { flowId, type },
       );
       return false;
diff --git a/packages/api/src/index.ts b/packages/api/src/index.ts
index ef32e7b6b0..d4b6ac9542 100644
--- a/packages/api/src/index.ts
+++ b/packages/api/src/index.ts
@@ -1,4 +1,6 @@
 export * from './app';
+/* Admin */
+export * from './admin';
 export * from './cdn';
 /* Auth */
 export * from './auth';
@@ -12,6 +14,8 @@ export * from './mcp/oauth';
 export * from './mcp/auth';
 export * from './mcp/zod';
 export * from './mcp/errors';
+export * from './mcp/cache';
+export * from './mcp/tools';
 /* Utilities */
 export * from './mcp/utils';
 export * from './utils';
diff --git a/packages/api/src/mcp/ConnectionsRepository.ts b/packages/api/src/mcp/ConnectionsRepository.ts
index 6313faa8d4..79976b1199 100644
--- a/packages/api/src/mcp/ConnectionsRepository.ts
+++ b/packages/api/src/mcp/ConnectionsRepository.ts
@@ -2,7 +2,7 @@ import { logger } from '@librechat/data-schemas';
 import type * as t from './types';
 import { MCPServersRegistry } from '~/mcp/registry/MCPServersRegistry';
 import { MCPConnectionFactory } from '~/mcp/MCPConnectionFactory';
-import { hasCustomUserVars } from './utils';
+import { hasCustomUserVars, isUserSourced } from './utils';
 import { MCPConnection } from './connection';
 
 const CONNECT_CONCURRENCY = 3;
@@ -82,7 +82,7 @@ export class ConnectionsRepository {
       {
         serverName,
         serverConfig,
-        dbSourced: !!(serverConfig as t.ParsedServerConfig).dbId,
+        dbSourced: isUserSourced(serverConfig as t.ParsedServerConfig),
         useSSRFProtection: registry.shouldEnableSSRFProtection(),
         allowedDomains: registry.getAllowedDomains(),
       },
diff --git a/packages/api/src/mcp/MCPConnectionFactory.ts b/packages/api/src/mcp/MCPConnectionFactory.ts
index 337662c812..eb62514a4e 100644
--- a/packages/api/src/mcp/MCPConnectionFactory.ts
+++ b/packages/api/src/mcp/MCPConnectionFactory.ts
@@ -81,7 +81,7 @@ export class MCPConnectionFactory {
       useSSRFProtection: this.useSSRFProtection,
     });
 
-    const oauthHandler = async () => {
+    const oauthHandler = () => {
       logger.info(
         `${this.logPrefix} [Discovery] OAuth required; skipping URL generation in discovery mode`,
       );
@@ -89,9 +89,9 @@ export class MCPConnectionFactory {
       connection.emit('oauthFailed', new Error('OAuth required during tool discovery'));
     };
 
-    if (this.useOAuth) {
-      connection.on('oauthRequired', oauthHandler);
-    }
+    // Register unconditionally: non-OAuth servers that return 401 also emit 'oauthRequired',
+    // and without this listener, connectClient()'s oauthHandledPromise hangs for 30s+.
+    connection.once('oauthRequired', oauthHandler);
 
     try {
       const connectTimeout = this.connectionTimeout ?? this.serverConfig.initTimeout ?? 30000;
@@ -103,9 +103,7 @@ export class MCPConnectionFactory {
 
       if (await connection.isConnected()) {
         const tools = await connection.fetchTools();
-        if (this.useOAuth) {
-          connection.removeListener('oauthRequired', oauthHandler);
-        }
+        connection.removeListener('oauthRequired', oauthHandler);
         return { tools, connection, oauthRequired: false, oauthUrl: null };
       }
     } catch {
@@ -117,9 +115,7 @@ export class MCPConnectionFactory {
 
     try {
       const tools = await this.attemptUnauthenticatedToolListing();
-      if (this.useOAuth) {
-        connection.removeListener('oauthRequired', oauthHandler);
-      }
+      connection.removeListener('oauthRequired', oauthHandler);
       if (tools && tools.length > 0) {
         logger.info(
           `${this.logPrefix} [Discovery] Successfully discovered ${tools.length} tools without auth`,
@@ -137,9 +133,7 @@ export class MCPConnectionFactory {
       logger.debug(`${this.logPrefix} [Discovery] Unauthenticated tool listing failed:`, listError);
     }
 
-    if (this.useOAuth) {
-      connection.removeListener('oauthRequired', oauthHandler);
-    }
+    connection.removeListener('oauthRequired', oauthHandler);
 
     try {
       await connection.disconnect();
diff --git a/packages/api/src/mcp/MCPManager.ts b/packages/api/src/mcp/MCPManager.ts
index 935307fa49..12227de39f 100644
--- a/packages/api/src/mcp/MCPManager.ts
+++ b/packages/api/src/mcp/MCPManager.ts
@@ -18,6 +18,7 @@ import { preProcessGraphTokens } from '~/utils/graph';
 import { formatToolContent } from './parsers';
 import { MCPConnection } from './connection';
 import { processMCPEnv } from '~/utils/env';
+import { isUserSourced } from './utils';
 
 /**
  * Centralized manager for MCP server connections and tool execution.
@@ -53,6 +54,8 @@ export class MCPManager extends UserConnectionManager {
       user?: IUser;
       forceNew?: boolean;
       flowManager?: FlowStateManager<MCPOAuthTokens | null>;
+      /** Pre-resolved config for config-source servers not in YAML/DB */
+      serverConfig?: t.ParsedServerConfig;
     } & Omit<t.OAuthConnectionOptions, 'useOAuth' | 'user' | 'flowManager'>,
   ): Promise<MCPConnection> {
     //the get method checks if the config is still valid as app level
@@ -91,6 +94,7 @@ export class MCPManager extends UserConnectionManager {
     const serverConfig = await MCPServersRegistry.getInstance().getServerConfig(
       serverName,
       user?.id,
+      args.configServers,
     );
 
     if (!serverConfig) {
@@ -103,7 +107,7 @@ export class MCPManager extends UserConnectionManager {
     const registry = MCPServersRegistry.getInstance();
     const useSSRFProtection = registry.shouldEnableSSRFProtection();
     const allowedDomains = registry.getAllowedDomains();
-    const dbSourced = !!serverConfig.dbId;
+    const dbSourced = isUserSourced(serverConfig);
     const basic: t.BasicConnectionOptions = {
       dbSourced,
       serverName,
@@ -193,9 +197,15 @@ export class MCPManager extends UserConnectionManager {
    * @param serverNames Optional array of server names. If not provided or empty, returns all servers.
    * @returns Object mapping server names to their instructions
    */
-  private async getInstructions(serverNames?: string[]): Promise<Record<string, string>> {
+  private async getInstructions(
+    serverNames?: string[],
+    configServers?: Record<string, t.ParsedServerConfig>,
+  ): Promise<Record<string, string>> {
     const instructions: Record<string, string> = {};
-    const configs = await MCPServersRegistry.getInstance().getAllServerConfigs();
+    const configs = await MCPServersRegistry.getInstance().getAllServerConfigs(
+      undefined,
+      configServers,
+    );
     for (const [serverName, config] of Object.entries(configs)) {
       if (config.serverInstructions != null) {
         instructions[serverName] = config.serverInstructions as string;
@@ -210,9 +220,11 @@ export class MCPManager extends UserConnectionManager {
    * @param serverNames Optional array of server names to include. If not provided, includes all servers.
    * @returns Formatted instructions string ready for context injection
    */
-  public async formatInstructionsForContext(serverNames?: string[]): Promise<string> {
-    /** Instructions for specified servers or all stored instructions */
-    const instructionsToInclude = await this.getInstructions(serverNames);
+  public async formatInstructionsForContext(
+    serverNames?: string[],
+    configServers?: Record<string, t.ParsedServerConfig>,
+  ): Promise<string> {
+    const instructionsToInclude = await this.getInstructions(serverNames, configServers);
 
     if (Object.keys(instructionsToInclude).length === 0) {
       return '';
@@ -248,6 +260,7 @@ Please follow these instructions when using tools from the respective MCP server
   async callTool({
     user,
     serverName,
+    serverConfig: providedConfig,
     toolName,
     provider,
     toolArguments,
@@ -262,6 +275,8 @@ Please follow these instructions when using tools from the respective MCP server
   }: {
     user?: IUser;
     serverName: string;
+    /** Pre-resolved config from tool creation context — avoids readThrough TTL and cross-tenant issues */
+    serverConfig?: t.ParsedServerConfig;
     toolName: string;
     provider: t.Provider;
     toolArguments?: Record<string, unknown>;
@@ -292,6 +307,7 @@ Please follow these instructions when using tools from the respective MCP server
         signal: options?.signal,
         customUserVars,
         requestBody,
+        serverConfig: providedConfig,
       });
 
       if (!(await connection.isConnected())) {
@@ -302,8 +318,16 @@ Please follow these instructions when using tools from the respective MCP server
         );
       }
 
-      const rawConfig = await MCPServersRegistry.getInstance().getServerConfig(serverName, userId);
-      const isDbSourced = !!rawConfig?.dbId;
+      const rawConfig =
+        providedConfig ??
+        (await MCPServersRegistry.getInstance().getServerConfig(serverName, userId));
+      if (!rawConfig) {
+        throw new McpError(
+          ErrorCode.InvalidRequest,
+          `${logPrefix} Configuration for server "${serverName}" not found.`,
+        );
+      }
+      const isDbSourced = isUserSourced(rawConfig);
 
       /** Pre-process Graph token placeholders (async) before the synchronous processMCPEnv pass */
       const graphProcessedConfig = isDbSourced
diff --git a/packages/api/src/mcp/UserConnectionManager.ts b/packages/api/src/mcp/UserConnectionManager.ts
index 2e9d5be467..760f84c75e 100644
--- a/packages/api/src/mcp/UserConnectionManager.ts
+++ b/packages/api/src/mcp/UserConnectionManager.ts
@@ -4,6 +4,7 @@ import type * as t from './types';
 import { MCPServersRegistry } from '~/mcp/registry/MCPServersRegistry';
 import { ConnectionsRepository } from '~/mcp/ConnectionsRepository';
 import { MCPConnectionFactory } from '~/mcp/MCPConnectionFactory';
+import { isUserSourced } from './utils';
 import { MCPConnection } from './connection';
 import { mcpConfig } from './mcpConfig';
 
@@ -38,6 +39,8 @@ export abstract class UserConnectionManager {
     opts: {
       serverName: string;
       forceNew?: boolean;
+      /** Pre-resolved config for config-source servers not in YAML/DB */
+      serverConfig?: t.ParsedServerConfig;
     } & Omit<t.OAuthConnectionOptions, 'useOAuth'>,
   ): Promise<MCPConnection> {
     const { serverName, forceNew, user } = opts;
@@ -85,9 +88,11 @@ export abstract class UserConnectionManager {
       signal,
       returnOnOAuth = false,
       connectionTimeout,
+      serverConfig: providedConfig,
     }: {
       serverName: string;
       forceNew?: boolean;
+      serverConfig?: t.ParsedServerConfig;
     } & Omit<t.OAuthConnectionOptions, 'useOAuth'>,
     userId: string,
   ): Promise<MCPConnection> {
@@ -98,7 +103,9 @@ export abstract class UserConnectionManager {
       );
     }
 
-    const config = await MCPServersRegistry.getInstance().getServerConfig(serverName, userId);
+    const config =
+      providedConfig ??
+      (await MCPServersRegistry.getInstance().getServerConfig(serverName, userId));
 
     const userServerMap = this.userConnections.get(userId);
     let connection = forceNew ? undefined : userServerMap?.get(serverName);
@@ -158,7 +165,7 @@ export abstract class UserConnectionManager {
         {
           serverConfig: config,
           serverName: serverName,
-          dbSourced: !!config.dbId,
+          dbSourced: isUserSourced(config),
           useSSRFProtection: registry.shouldEnableSSRFProtection(),
           allowedDomains: registry.getAllowedDomains(),
         },
diff --git a/packages/api/src/mcp/__tests__/ConnectionsRepository.test.ts b/packages/api/src/mcp/__tests__/ConnectionsRepository.test.ts
index 7a93960765..dfb57a1faf 100644
--- a/packages/api/src/mcp/__tests__/ConnectionsRepository.test.ts
+++ b/packages/api/src/mcp/__tests__/ConnectionsRepository.test.ts
@@ -46,8 +46,8 @@ describe('ConnectionsRepository', () => {
 
   beforeEach(() => {
     mockServerConfigs = {
-      server1: { url: 'http://localhost:3001' },
-      server2: { command: 'test-command', args: ['--test'] },
+      server1: { url: 'http://localhost:3001', type: 'sse' },
+      server2: { command: 'test-command', args: ['--test'], type: 'stdio' },
       server3: { url: 'ws://localhost:8080', type: 'websocket' },
     };
 
diff --git a/packages/api/src/mcp/__tests__/MCPConnectionAgentLifecycle.test.ts b/packages/api/src/mcp/__tests__/MCPConnectionAgentLifecycle.test.ts
index 281bd590db..c7b6b273ba 100644
--- a/packages/api/src/mcp/__tests__/MCPConnectionAgentLifecycle.test.ts
+++ b/packages/api/src/mcp/__tests__/MCPConnectionAgentLifecycle.test.ts
@@ -377,7 +377,7 @@ describe('MCPConnection Agent lifecycle – SSE', () => {
   it('reuses the same Agents across multiple requests instead of creating one per request', async () => {
     conn = new MCPConnection({
       serverName: 'test-sse',
-      serverConfig: { url: server.url },
+      serverConfig: { url: server.url, type: 'sse' },
       useSSRFProtection: false,
     });
 
@@ -402,7 +402,7 @@ describe('MCPConnection Agent lifecycle – SSE', () => {
   it('calls Agent.close() on every registered Agent when disconnect() is called', async () => {
     conn = new MCPConnection({
       serverName: 'test-sse',
-      serverConfig: { url: server.url },
+      serverConfig: { url: server.url, type: 'sse' },
       useSSRFProtection: false,
     });
 
@@ -417,7 +417,7 @@ describe('MCPConnection Agent lifecycle – SSE', () => {
   it('closes at least two Agents for SSE transport (eventSourceInit + fetch)', async () => {
     conn = new MCPConnection({
       serverName: 'test-sse',
-      serverConfig: { url: server.url },
+      serverConfig: { url: server.url, type: 'sse' },
       useSSRFProtection: false,
     });
 
@@ -431,7 +431,7 @@ describe('MCPConnection Agent lifecycle – SSE', () => {
   it('does not double-close Agents when disconnect() is called twice', async () => {
     conn = new MCPConnection({
       serverName: 'test-sse',
-      serverConfig: { url: server.url },
+      serverConfig: { url: server.url, type: 'sse' },
       useSSRFProtection: false,
     });
 
@@ -533,7 +533,7 @@ describe('MCPConnection SSE 404 handling – session-aware', () => {
   function makeConn() {
     return new MCPConnection({
       serverName: 'test-404',
-      serverConfig: { url: 'http://127.0.0.1:1/sse' },
+      serverConfig: { url: 'http://127.0.0.1:1/sse', type: 'sse' },
       useSSRFProtection: false,
     });
   }
@@ -599,7 +599,7 @@ describe('MCPConnection SSE stream disconnect handling', () => {
   function makeConn() {
     return new MCPConnection({
       serverName: 'test-sse-disconnect',
-      serverConfig: { url: 'http://127.0.0.1:1/sse' },
+      serverConfig: { url: 'http://127.0.0.1:1/sse', type: 'sse' },
       useSSRFProtection: false,
     });
   }
diff --git a/packages/api/src/mcp/__tests__/MCPConnectionFactory.test.ts b/packages/api/src/mcp/__tests__/MCPConnectionFactory.test.ts
index 75d7b4321d..326b77789e 100644
--- a/packages/api/src/mcp/__tests__/MCPConnectionFactory.test.ts
+++ b/packages/api/src/mcp/__tests__/MCPConnectionFactory.test.ts
@@ -825,17 +825,17 @@ describe('MCPConnectionFactory', () => {
       mockConnectionInstance.isConnected.mockResolvedValue(false);
       mockConnectionInstance.disconnect = jest.fn().mockResolvedValue(undefined);
 
-      let oauthHandler: (() => Promise<void>) | undefined;
-      mockConnectionInstance.on.mockImplementation((event, handler) => {
+      let oauthHandler: (() => void) | undefined;
+      mockConnectionInstance.once.mockImplementation((event, handler) => {
         if (event === 'oauthRequired') {
-          oauthHandler = handler as () => Promise<void>;
+          oauthHandler = handler as () => void;
         }
         return mockConnectionInstance;
       });
 
       mockConnectionInstance.connect.mockImplementation(async () => {
         if (oauthHandler) {
-          await oauthHandler();
+          oauthHandler();
         }
         throw new Error('OAuth required');
       });
@@ -849,6 +849,46 @@ describe('MCPConnectionFactory', () => {
       expect(mockOAuthStart).not.toHaveBeenCalled();
     });
 
+    it('should fast-fail discovery when non-OAuth server returns 401', async () => {
+      const basicOptions = {
+        serverName: 'github',
+        serverConfig: {
+          ...mockServerConfig,
+          url: 'https://api.githubcopilot.com/mcp/',
+          type: 'streamable-http' as const,
+          initTimeout: 30000,
+        } as t.StreamableHTTPOptions,
+      };
+
+      mockConnectionInstance.isConnected.mockResolvedValue(false);
+      mockConnectionInstance.disconnect = jest.fn().mockResolvedValue(undefined);
+
+      let oauthHandler: (() => void) | undefined;
+      mockConnectionInstance.once.mockImplementation((event, handler) => {
+        if (event === 'oauthRequired') {
+          oauthHandler = handler as () => void;
+        }
+        return mockConnectionInstance;
+      });
+
+      mockConnectionInstance.connect.mockImplementation(async () => {
+        if (oauthHandler) {
+          oauthHandler();
+        }
+        throw Object.assign(new Error('unauthorized'), { code: 401 });
+      });
+
+      const start = Date.now();
+      const result = await MCPConnectionFactory.discoverTools(basicOptions);
+      const elapsed = Date.now() - start;
+
+      expect(elapsed).toBeLessThan(5000);
+      expect(result.tools).toBeNull();
+      expect(result.oauthRequired).toBe(true);
+      expect(result.oauthUrl).toBeNull();
+      expect(result.connection).toBeNull();
+    });
+
     it('should return null tools when discovery fails completely', async () => {
       const basicOptions = {
         serverName: 'test-server',
diff --git a/packages/api/src/mcp/__tests__/MCPOAuthCSRFFallback.test.ts b/packages/api/src/mcp/__tests__/MCPOAuthCSRFFallback.test.ts
index cdba06cf8d..c0a861817c 100644
--- a/packages/api/src/mcp/__tests__/MCPOAuthCSRFFallback.test.ts
+++ b/packages/api/src/mcp/__tests__/MCPOAuthCSRFFallback.test.ts
@@ -34,6 +34,8 @@ jest.mock('@librechat/data-schemas', () => ({
     error: jest.fn(),
     debug: jest.fn(),
   },
+  getTenantId: jest.fn(),
+  SYSTEM_TENANT_ID: '__SYSTEM__',
   encryptV2: jest.fn(async (val: string) => `enc:${val}`),
   decryptV2: jest.fn(async (val: string) => val.replace(/^enc:/, '')),
 }));
diff --git a/packages/api/src/mcp/__tests__/MCPOAuthConnectionEvents.test.ts b/packages/api/src/mcp/__tests__/MCPOAuthConnectionEvents.test.ts
index 4e168d00f3..79470337a7 100644
--- a/packages/api/src/mcp/__tests__/MCPOAuthConnectionEvents.test.ts
+++ b/packages/api/src/mcp/__tests__/MCPOAuthConnectionEvents.test.ts
@@ -6,8 +6,10 @@
  */
 
 import { MCPConnection } from '~/mcp/connection';
+import { MCPConnectionFactory } from '~/mcp/MCPConnectionFactory';
 import { createOAuthMCPServer } from './helpers/oauthTestServer';
 import type { OAuthTestServer } from './helpers/oauthTestServer';
+import type { StreamableHTTPOptions } from '~/mcp/types';
 import type { MCPOAuthTokens } from '~/mcp/oauth';
 
 jest.mock('@librechat/data-schemas', () => ({
@@ -265,4 +267,31 @@ describe('MCPConnection OAuth Events — Real Server', () => {
       expect(await connection.isConnected()).toBe(true);
     });
   });
+
+  describe('MCPConnectionFactory.discoverTools — non-OAuth 401 fast-fail', () => {
+    beforeEach(async () => {
+      server = await createOAuthMCPServer({ tokenTTLMs: 60000 });
+    });
+
+    it('should fast-fail when a non-OAuth discovery hits 401', async () => {
+      const basicOptions = {
+        serverName: 'test-server',
+        serverConfig: {
+          type: 'streamable-http',
+          url: server.url,
+          initTimeout: 15000,
+        } as StreamableHTTPOptions,
+      };
+
+      const start = Date.now();
+      const result = await MCPConnectionFactory.discoverTools(basicOptions);
+      const elapsed = Date.now() - start;
+
+      expect(elapsed).toBeLessThan(5000);
+      expect(result.tools).toBeNull();
+      expect(result.oauthRequired).toBe(true);
+      expect(result.oauthUrl).toBeNull();
+      expect(result.connection).toBeNull();
+    });
+  });
 });
diff --git a/packages/api/src/mcp/__tests__/MCPOAuthFlow.test.ts b/packages/api/src/mcp/__tests__/MCPOAuthFlow.test.ts
index f73a5ed3e8..cbd29d3571 100644
--- a/packages/api/src/mcp/__tests__/MCPOAuthFlow.test.ts
+++ b/packages/api/src/mcp/__tests__/MCPOAuthFlow.test.ts
@@ -7,6 +7,7 @@
 
 import { createHash } from 'crypto';
 import { Keyv } from 'keyv';
+import { TokenExchangeMethodEnum } from 'librechat-data-provider';
 import { MCPTokenStorage, MCPOAuthHandler } from '~/mcp/oauth';
 import { FlowStateManager } from '~/flow/manager';
 import { createOAuthMCPServer, MockKeyv, InMemoryTokenStore } from './helpers/oauthTestServer';
@@ -20,6 +21,8 @@ jest.mock('@librechat/data-schemas', () => ({
     error: jest.fn(),
     debug: jest.fn(),
   },
+  getTenantId: jest.fn(),
+  SYSTEM_TENANT_ID: '__SYSTEM__',
   encryptV2: jest.fn(async (val: string) => `enc:${val}`),
   decryptV2: jest.fn(async (val: string) => val.replace(/^enc:/, '')),
 }));
@@ -92,7 +95,7 @@ describe('MCP OAuth Flow — Real HTTP Server', () => {
           token_url: `${server.url}token`,
           client_id: clientInfo.client_id,
           client_secret: clientInfo.client_secret,
-          token_exchange_method: 'DefaultPost',
+          token_exchange_method: TokenExchangeMethodEnum.DefaultPost,
         },
       );
 
@@ -131,7 +134,7 @@ describe('MCP OAuth Flow — Real HTTP Server', () => {
           {
             token_url: `${rotatingServer.url}token`,
             client_id: 'anon',
-            token_exchange_method: 'DefaultPost',
+            token_exchange_method: TokenExchangeMethodEnum.DefaultPost,
           },
         );
 
@@ -155,7 +158,7 @@ describe('MCP OAuth Flow — Real HTTP Server', () => {
           {
             token_url: `${server.url}token`,
             client_id: 'anon',
-            token_exchange_method: 'DefaultPost',
+            token_exchange_method: TokenExchangeMethodEnum.DefaultPost,
           },
         ),
       ).rejects.toThrow();
@@ -412,7 +415,7 @@ describe('MCP OAuth Flow — Real HTTP Server', () => {
 
       const state = await flowManager.getFlowState(flowId, 'mcp_oauth');
       expect(state?.status).toBe('COMPLETED');
-      expect(state?.result?.access_token).toBe(tokens.access_token);
+      expect((state?.result as MCPOAuthTokens | undefined)?.access_token).toBe(tokens.access_token);
     });
 
     it('should fail flow when authorization code is invalid', async () => {
diff --git a/packages/api/src/mcp/__tests__/MCPOAuthRaceCondition.test.ts b/packages/api/src/mcp/__tests__/MCPOAuthRaceCondition.test.ts
index cb6187ab45..d5fb1d67f7 100644
--- a/packages/api/src/mcp/__tests__/MCPOAuthRaceCondition.test.ts
+++ b/packages/api/src/mcp/__tests__/MCPOAuthRaceCondition.test.ts
@@ -23,6 +23,8 @@ jest.mock('@librechat/data-schemas', () => ({
     error: jest.fn(),
     debug: jest.fn(),
   },
+  getTenantId: jest.fn(),
+  SYSTEM_TENANT_ID: '__SYSTEM__',
   encryptV2: jest.fn(async (val: string) => `enc:${val}`),
   decryptV2: jest.fn(async (val: string) => val.replace(/^enc:/, '')),
 }));
@@ -258,7 +260,7 @@ describe('MCP OAuth Race Condition Fixes', () => {
       expect(stateAfterComplete).toBeUndefined();
 
       expect(mockLogger.warn).toHaveBeenCalledWith(
-        expect.stringContaining('cannot recover metadata'),
+        expect.stringContaining('flow not found'),
         expect.any(Object),
       );
     });
diff --git a/packages/api/src/mcp/__tests__/MCPOAuthSecurity.test.ts b/packages/api/src/mcp/__tests__/MCPOAuthSecurity.test.ts
index a2d0440d42..d50e29eab7 100644
--- a/packages/api/src/mcp/__tests__/MCPOAuthSecurity.test.ts
+++ b/packages/api/src/mcp/__tests__/MCPOAuthSecurity.test.ts
@@ -304,10 +304,10 @@ describe('MCP OAuth allowedDomains SSRF exemption for admin-trusted hosts', () =
   });
 
   it('should allow private revocationEndpoint when hostname is in allowedDomains', async () => {
-    const mockFetch = jest.fn().mockResolvedValue({
-      ok: true,
-      status: 200,
-    } as Response);
+    const mockFetch = Object.assign(
+      jest.fn().mockResolvedValue({ ok: true, status: 200 } as Response),
+      { preconnect: jest.fn() },
+    );
     const originalFetch = global.fetch;
     global.fetch = mockFetch;
 
@@ -333,14 +333,17 @@ describe('MCP OAuth allowedDomains SSRF exemption for admin-trusted hosts', () =
   });
 
   it('should allow localhost token_url in refreshOAuthTokens when localhost is in allowedDomains', async () => {
-    const mockFetch = jest.fn().mockResolvedValue({
-      ok: true,
-      json: async () => ({
-        access_token: 'new-access-token',
-        token_type: 'Bearer',
-        expires_in: 3600,
-      }),
-    } as Response);
+    const mockFetch = Object.assign(
+      jest.fn().mockResolvedValue({
+        ok: true,
+        json: async () => ({
+          access_token: 'new-access-token',
+          token_type: 'Bearer',
+          expires_in: 3600,
+        }),
+      } as Response),
+      { preconnect: jest.fn() },
+    );
     const originalFetch = global.fetch;
     global.fetch = mockFetch;
 
diff --git a/packages/api/src/mcp/__tests__/MCPOAuthTokenExpiry.test.ts b/packages/api/src/mcp/__tests__/MCPOAuthTokenExpiry.test.ts
index 986ac4c8b4..b5cbc869a8 100644
--- a/packages/api/src/mcp/__tests__/MCPOAuthTokenExpiry.test.ts
+++ b/packages/api/src/mcp/__tests__/MCPOAuthTokenExpiry.test.ts
@@ -26,6 +26,8 @@ jest.mock('@librechat/data-schemas', () => ({
     error: jest.fn(),
     debug: jest.fn(),
   },
+  getTenantId: jest.fn(),
+  SYSTEM_TENANT_ID: '__SYSTEM__',
   encryptV2: jest.fn(async (val: string) => `enc:${val}`),
   decryptV2: jest.fn(async (val: string) => val.replace(/^enc:/, '')),
 }));
diff --git a/packages/api/src/mcp/__tests__/MCPOAuthTokenStorage.test.ts b/packages/api/src/mcp/__tests__/MCPOAuthTokenStorage.test.ts
index 3805586453..2d3905d2fb 100644
--- a/packages/api/src/mcp/__tests__/MCPOAuthTokenStorage.test.ts
+++ b/packages/api/src/mcp/__tests__/MCPOAuthTokenStorage.test.ts
@@ -160,7 +160,7 @@ describe('MCPTokenStorage', () => {
         serverName: 'srv1',
         tokens: { access_token: 'at1', token_type: 'Bearer', expires_in: 3600 },
         createToken: store.createToken,
-        clientInfo: { client_id: 'cid', client_secret: 'csec', redirect_uris: [] },
+        clientInfo: { client_id: 'cid', client_secret: 'csec' },
       });
 
       const clientSaved = await store.findToken({
@@ -525,7 +525,7 @@ describe('MCPTokenStorage', () => {
           refresh_token: 'my-refresh-token',
         },
         createToken: store.createToken,
-        clientInfo: { client_id: 'cid', client_secret: 'sec', redirect_uris: [] },
+        clientInfo: { client_id: 'cid', client_secret: 'sec' },
       });
 
       const result = await MCPTokenStorage.getTokens({
diff --git a/packages/api/src/mcp/__tests__/mcp.spec.ts b/packages/api/src/mcp/__tests__/mcp.spec.ts
index d64f9f3afa..d5cc44569f 100644
--- a/packages/api/src/mcp/__tests__/mcp.spec.ts
+++ b/packages/api/src/mcp/__tests__/mcp.spec.ts
@@ -179,6 +179,7 @@ describe('Environment Variable Extraction (MCP)', () => {
   describe('processMCPEnv', () => {
     it('should create a deep clone of the input object', () => {
       const originalObj: MCPOptions = {
+        type: 'stdio',
         command: 'node',
         args: ['server.js'],
         env: {
@@ -202,6 +203,7 @@ describe('Environment Variable Extraction (MCP)', () => {
 
     it('should process environment variables in env field', () => {
       const options: MCPOptions = {
+        type: 'stdio',
         command: 'node',
         args: ['server.js'],
         env: {
@@ -252,6 +254,7 @@ describe('Environment Variable Extraction (MCP)', () => {
 
     it('should not modify objects without env or headers', () => {
       const options: MCPOptions = {
+        type: 'stdio',
         command: 'node',
         args: ['server.js'],
         timeout: 5000,
@@ -433,6 +436,7 @@ describe('Environment Variable Extraction (MCP)', () => {
         ldapId: 'ldap-user-123',
       });
       const options: MCPOptions = {
+        type: 'stdio',
         command: 'node',
         args: ['server.js'],
         env: {
@@ -599,6 +603,7 @@ describe('Environment Variable Extraction (MCP)', () => {
         CUSTOM_VAR_2: 'custom-value-2',
       };
       const options: MCPOptions = {
+        type: 'stdio',
         command: 'node',
         args: ['server.js'],
         env: {
@@ -674,6 +679,7 @@ describe('Environment Variable Extraction (MCP)', () => {
         PROFILE_NAME: 'production-profile',
       };
       const options: MCPOptions = {
+        type: 'stdio',
         command: 'npx',
         args: [
           '-y',
@@ -734,6 +740,7 @@ describe('Environment Variable Extraction (MCP)', () => {
         UNUSED_VAR: 'unused-value',
       };
       const options: MCPOptions = {
+        type: 'stdio',
         command: 'node',
         args: ['server.js'],
         env: {
@@ -959,6 +966,7 @@ describe('Environment Variable Extraction (MCP)', () => {
       }) as unknown as IUser;
 
       const options: MCPOptions = {
+        type: 'stdio',
         command: 'node',
         args: ['mcp-server.js', '--user', '{{LIBRECHAT_USER_USERNAME}}'],
         env: {
diff --git a/packages/api/src/mcp/__tests__/utils.test.ts b/packages/api/src/mcp/__tests__/utils.test.ts
index e4fb31bdad..b9c2a31fa5 100644
--- a/packages/api/src/mcp/__tests__/utils.test.ts
+++ b/packages/api/src/mcp/__tests__/utils.test.ts
@@ -1,4 +1,10 @@
-import { normalizeServerName, redactServerSecrets, redactAllServerSecrets } from '~/mcp/utils';
+import {
+  buildOAuthToolCallName,
+  normalizeServerName,
+  redactAllServerSecrets,
+  redactServerSecrets,
+  isUserSourced,
+} from '~/mcp/utils';
 import type { ParsedServerConfig } from '~/mcp/types';
 
 describe('normalizeServerName', () => {
@@ -28,6 +34,49 @@ describe('normalizeServerName', () => {
   });
 });
 
+describe('buildOAuthToolCallName', () => {
+  it('should prefix a simple server name with oauth_mcp_', () => {
+    expect(buildOAuthToolCallName('my-server')).toBe('oauth_mcp_my-server');
+  });
+
+  it('should not double-wrap a name that already starts with oauth_mcp_', () => {
+    expect(buildOAuthToolCallName('oauth_mcp_my-server')).toBe('oauth_mcp_my-server');
+  });
+
+  it('should correctly handle server names containing _mcp_ substring', () => {
+    const result = buildOAuthToolCallName('my_mcp_server');
+    expect(result).toBe('oauth_mcp_my_mcp_server');
+  });
+
+  it('should normalize non-ASCII server names before prefixing', () => {
+    const result = buildOAuthToolCallName('我的服务');
+    expect(result).toMatch(/^oauth_mcp_server_\d+$/);
+  });
+
+  it('should normalize special characters before prefixing', () => {
+    expect(buildOAuthToolCallName('server@name!')).toBe('oauth_mcp_server_name');
+  });
+
+  it('should handle empty string server name gracefully', () => {
+    const result = buildOAuthToolCallName('');
+    expect(result).toMatch(/^oauth_mcp_server_\d+$/);
+  });
+
+  it('should treat a name already starting with oauth_mcp_ as pre-wrapped', () => {
+    // At the function level, a name starting with the oauth prefix is
+    // indistinguishable from a pre-wrapped name — guard prevents double-wrapping.
+    // Server names with this prefix should be blocked at registration time.
+    expect(buildOAuthToolCallName('oauth_mcp_github')).toBe('oauth_mcp_github');
+  });
+
+  it('should not treat special chars that normalize to oauth_mcp_* as pre-wrapped', () => {
+    // oauth@mcp@server does NOT start with 'oauth_mcp_' before normalization,
+    // so the guard correctly does not fire and the prefix is added.
+    const result = buildOAuthToolCallName('oauth@mcp@server');
+    expect(result).toBe('oauth_mcp_oauth_mcp_server');
+  });
+});
+
 describe('redactServerSecrets', () => {
   it('should strip apiKey.key from admin-sourced keys', () => {
     const config: ParsedServerConfig = {
@@ -225,3 +274,29 @@ describe('redactAllServerSecrets', () => {
     expect((redacted['server-c'] as Record<string, unknown>).command).toBeUndefined();
   });
 });
+
+describe('isUserSourced', () => {
+  it('returns false when source is yaml', () => {
+    expect(isUserSourced({ source: 'yaml' })).toBe(false);
+  });
+
+  it('returns false when source is config', () => {
+    expect(isUserSourced({ source: 'config' })).toBe(false);
+  });
+
+  it('returns true when source is user', () => {
+    expect(isUserSourced({ source: 'user' })).toBe(true);
+  });
+
+  it('falls back to dbId when source is undefined — dbId present means user-sourced', () => {
+    expect(isUserSourced({ source: undefined, dbId: 'abc123' })).toBe(true);
+  });
+
+  it('falls back to dbId when source is undefined — no dbId means trusted', () => {
+    expect(isUserSourced({ source: undefined, dbId: undefined })).toBe(false);
+  });
+
+  it('returns false when both source and dbId are absent (pre-upgrade YAML server)', () => {
+    expect(isUserSourced({})).toBe(false);
+  });
+});
diff --git a/packages/api/src/mcp/cache.ts b/packages/api/src/mcp/cache.ts
new file mode 100644
index 0000000000..e68ef42b3c
--- /dev/null
+++ b/packages/api/src/mcp/cache.ts
@@ -0,0 +1,43 @@
+import { logger } from '@librechat/data-schemas';
+import { MCPServersRegistry } from './registry/MCPServersRegistry';
+import { MCPManager } from './MCPManager';
+
+/**
+ * Clears config-source MCP server inspection cache so servers are re-inspected on next access.
+ * Best-effort disconnection of app-level connections for evicted servers.
+ *
+ * User-level connections (used by config-source servers) are cleaned up lazily via
+ * the stale-check mechanism on the next tool call — this is an accepted design tradeoff
+ * since iterating all active user sessions is expensive and config mutations are rare.
+ */
+export async function clearMcpConfigCache(): Promise<void> {
+  let registry: MCPServersRegistry;
+  try {
+    registry = MCPServersRegistry.getInstance();
+  } catch {
+    return;
+  }
+
+  let evictedServers: string[];
+  try {
+    evictedServers = await registry.invalidateConfigCache();
+  } catch (error) {
+    logger.error('[clearMcpConfigCache] Failed to invalidate config cache:', error);
+    return;
+  }
+
+  if (!evictedServers.length) {
+    return;
+  }
+
+  try {
+    const mcpManager = MCPManager.getInstance();
+    if (mcpManager?.appConnections) {
+      await Promise.allSettled(
+        evictedServers.map((serverName) => mcpManager.appConnections!.disconnect(serverName)),
+      );
+    }
+  } catch {
+    // MCPManager not yet initialized — connections cleaned up lazily
+  }
+}
diff --git a/packages/api/src/mcp/oauth/handler.ts b/packages/api/src/mcp/oauth/handler.ts
index 873af5c66d..e128dec308 100644
--- a/packages/api/src/mcp/oauth/handler.ts
+++ b/packages/api/src/mcp/oauth/handler.ts
@@ -467,6 +467,7 @@ export class MCPOAuthHandler {
           codeVerifier,
           clientInfo,
           metadata,
+          ...(Object.keys(oauthHeaders).length > 0 && { oauthHeaders }),
         };
 
         logger.debug(
@@ -573,6 +574,7 @@ export class MCPOAuthHandler {
         clientInfo,
         metadata,
         resourceMetadata,
+        ...(Object.keys(oauthHeaders).length > 0 && { oauthHeaders }),
       };
 
       logger.debug(
diff --git a/packages/api/src/mcp/oauth/types.ts b/packages/api/src/mcp/oauth/types.ts
index 2138b4a782..bc5f53f60c 100644
--- a/packages/api/src/mcp/oauth/types.ts
+++ b/packages/api/src/mcp/oauth/types.ts
@@ -89,6 +89,8 @@ export interface MCPOAuthFlowMetadata extends FlowMetadata {
   metadata?: OAuthMetadata;
   resourceMetadata?: OAuthProtectedResourceMetadata;
   authorizationUrl?: string;
+  /** Custom headers for OAuth token exchange, persisted at flow initiation for the callback. */
+  oauthHeaders?: Record<string, string>;
 }
 
 export interface MCPOAuthTokens extends OAuthTokens {
diff --git a/packages/api/src/mcp/registry/MCPServerInspector.ts b/packages/api/src/mcp/registry/MCPServerInspector.ts
index 7f31211680..f064fbb7e5 100644
--- a/packages/api/src/mcp/registry/MCPServerInspector.ts
+++ b/packages/api/src/mcp/registry/MCPServerInspector.ts
@@ -4,9 +4,9 @@ import type { MCPConnection } from '~/mcp/connection';
 import type * as t from '~/mcp/types';
 import { isMCPDomainAllowed, extractMCPServerDomain } from '~/auth/domain';
 import { MCPConnectionFactory } from '~/mcp/MCPConnectionFactory';
+import { hasCustomUserVars, isUserSourced } from '~/mcp/utils';
 import { MCPDomainNotAllowedError } from '~/mcp/errors';
 import { detectOAuthRequirement } from '~/mcp/oauth';
-import { hasCustomUserVars } from '~/mcp/utils';
 import { isEnabled } from '~/utils';
 
 /**
@@ -73,7 +73,7 @@ export class MCPServerInspector {
         this.connection = await MCPConnectionFactory.create({
           serverConfig: this.config,
           serverName: this.serverName,
-          dbSourced: !!this.config.dbId,
+          dbSourced: isUserSourced(this.config),
           useSSRFProtection: this.useSSRFProtection,
           allowedDomains: this.allowedDomains,
         });
diff --git a/packages/api/src/mcp/registry/MCPServersRegistry.ts b/packages/api/src/mcp/registry/MCPServersRegistry.ts
index 506f5b1baa..6c98a6b8dd 100644
--- a/packages/api/src/mcp/registry/MCPServersRegistry.ts
+++ b/packages/api/src/mcp/registry/MCPServersRegistry.ts
@@ -1,28 +1,48 @@
 import { Keyv } from 'keyv';
+import { createHash } from 'crypto';
 import { logger } from '@librechat/data-schemas';
 import type { IServerConfigsRepositoryInterface } from './ServerConfigsRepositoryInterface';
 import type * as t from '~/mcp/types';
+import {
+  ServerConfigsCacheFactory,
+  APP_CACHE_NAMESPACE,
+  CONFIG_CACHE_NAMESPACE,
+} from './cache/ServerConfigsCacheFactory';
 import { MCPInspectionFailedError, isMCPDomainNotAllowedError } from '~/mcp/errors';
-import { ServerConfigsCacheFactory } from './cache/ServerConfigsCacheFactory';
 import { MCPServerInspector } from './MCPServerInspector';
 import { ServerConfigsDB } from './db/ServerConfigsDB';
 import { cacheConfig } from '~/cache/cacheConfig';
+import { withTimeout } from '~/utils';
+
+/** How long a failure stub is considered fresh before re-attempting inspection (5 minutes). */
+const CONFIG_STUB_RETRY_MS = 5 * 60 * 1000;
+
+const CONFIG_SERVER_INIT_TIMEOUT_MS = (() => {
+  const raw = process.env.MCP_INIT_TIMEOUT_MS;
+  if (raw == null) {
+    return 30_000;
+  }
+  const parsed = parseInt(raw, 10);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : 30_000;
+})();
 
 /**
  * Central registry for managing MCP server configurations.
  * Authoritative source of truth for all MCP servers provided by LibreChat.
  *
- * Uses a two-repository architecture:
- * - Cache Repository: Stores YAML-defined configs loaded at startup (in-memory or Redis-backed)
- * - DB Repository: Stores dynamic configs created at runtime (not yet implemented)
+ * Uses a three-layer architecture:
+ * - YAML Cache (cacheConfigsRepo): Operator-defined configs loaded at startup (in-memory or Redis)
+ * - Config Cache (configCacheRepo): Admin-defined configs from Config overrides, lazily initialized
+ * - DB Repository (dbConfigsRepo): User-provided configs created at runtime (MongoDB + ACL)
  *
- * Query priority: Cache configs are checked first, then DB configs.
+ * Query priority: YAML cache → Config cache → DB.
  */
 export class MCPServersRegistry {
   private static instance: MCPServersRegistry;
 
   private readonly dbConfigsRepo: IServerConfigsRepositoryInterface;
   private readonly cacheConfigsRepo: IServerConfigsRepositoryInterface;
+  private readonly configCacheRepo: IServerConfigsRepositoryInterface;
   private readonly allowedDomains?: string[] | null;
   private readonly readThroughCache: Keyv<t.ParsedServerConfig>;
   private readonly readThroughCacheAll: Keyv<Record<string, t.ParsedServerConfig>>;
@@ -31,9 +51,20 @@ export class MCPServersRegistry {
     Promise<Record<string, t.ParsedServerConfig>>
   >();
 
+  /** Tracks in-flight config server initializations to prevent duplicate work. */
+  private readonly pendingConfigInits = new Map<
+    string,
+    Promise<t.ParsedServerConfig | undefined>
+  >();
+
+  /** Memoized YAML server names — set once after boot-time init, never changes. */
+  private yamlServerNames: Set<string> | null = null;
+  private yamlServerNamesPromise: Promise<Set<string>> | null = null;
+
   constructor(mongoose: typeof import('mongoose'), allowedDomains?: string[] | null) {
     this.dbConfigsRepo = new ServerConfigsDB(mongoose);
-    this.cacheConfigsRepo = ServerConfigsCacheFactory.create('App', false);
+    this.cacheConfigsRepo = ServerConfigsCacheFactory.create(APP_CACHE_NAMESPACE, false);
+    this.configCacheRepo = ServerConfigsCacheFactory.create(CONFIG_CACHE_NAMESPACE, false);
     this.allowedDomains = allowedDomains;
 
     const ttl = cacheConfig.MCP_REGISTRY_CACHE_TTL;
@@ -86,22 +117,29 @@ export class MCPServersRegistry {
     return !Array.isArray(this.allowedDomains) || this.allowedDomains.length === 0;
   }
 
+  /**
+   * Returns the config for a single server. When `configServers` is provided, config-source
+   * servers are resolved from it directly (no global state, no cross-tenant race).
+   */
   public async getServerConfig(
     serverName: string,
     userId?: string,
+    configServers?: Record<string, t.ParsedServerConfig>,
   ): Promise<t.ParsedServerConfig | undefined> {
+    if (configServers?.[serverName]) {
+      return configServers[serverName];
+    }
+
     const cacheKey = this.getReadThroughCacheKey(serverName, userId);
 
     if (await this.readThroughCache.has(cacheKey)) {
       return await this.readThroughCache.get(cacheKey);
     }
 
-    // First we check if any config exist with the cache
-    // Yaml config are pre loaded to the cache
-    const configFromCache = await this.cacheConfigsRepo.get(serverName);
-    if (configFromCache) {
-      await this.readThroughCache.set(cacheKey, configFromCache);
-      return configFromCache;
+    const configFromYaml = await this.cacheConfigsRepo.get(serverName);
+    if (configFromYaml) {
+      await this.readThroughCache.set(cacheKey, configFromYaml);
+      return configFromYaml;
     }
 
     const configFromDB = await this.dbConfigsRepo.get(serverName, userId);
@@ -109,7 +147,30 @@ export class MCPServersRegistry {
     return configFromDB;
   }
 
-  public async getAllServerConfigs(userId?: string): Promise<Record<string, t.ParsedServerConfig>> {
+  /**
+   * Returns all server configs visible to the given user.
+   * YAML and Config tiers are mutually exclusive by design (`ensureConfigServers` filters
+   * YAML names), so the spread order only matters for User DB (highest priority) overriding both.
+   */
+  public async getAllServerConfigs(
+    userId?: string,
+    configServers?: Record<string, t.ParsedServerConfig>,
+  ): Promise<Record<string, t.ParsedServerConfig>> {
+    if (configServers == null || !Object.keys(configServers).length) {
+      return this.getBaseServerConfigs(userId);
+    }
+    const base = await this.getBaseServerConfigs(userId);
+    return { ...configServers, ...base };
+  }
+
+  /**
+   * Returns YAML + user-DB server configs, cached via `readThroughCacheAll`.
+   * Always called by `getAllServerConfigs` so the DB query is amortized across
+   * requests within the TTL window regardless of whether `configServers` is present.
+   */
+  private async getBaseServerConfigs(
+    userId?: string,
+  ): Promise<Record<string, t.ParsedServerConfig>> {
     const cacheKey = userId ?? '__no_user__';
 
     if (await this.readThroughCacheAll.has(cacheKey)) {
@@ -121,7 +182,7 @@ export class MCPServersRegistry {
       return pending;
     }
 
-    const fetchPromise = this.fetchAllServerConfigs(cacheKey, userId);
+    const fetchPromise = this.fetchBaseServerConfigs(cacheKey, userId);
     this.pendingGetAllPromises.set(cacheKey, fetchPromise);
 
     try {
@@ -131,7 +192,7 @@ export class MCPServersRegistry {
     }
   }
 
-  private async fetchAllServerConfigs(
+  private async fetchBaseServerConfigs(
     cacheKey: string,
     userId?: string,
   ): Promise<Record<string, t.ParsedServerConfig>> {
@@ -155,7 +216,8 @@ export class MCPServersRegistry {
     userId?: string,
   ): Promise<t.AddServerResult> {
     const configRepo = this.getConfigRepository(storageLocation);
-    const stubConfig: t.ParsedServerConfig = { ...config, inspectionFailed: true };
+    const source: t.MCPServerSource = storageLocation === 'CACHE' ? 'yaml' : 'user';
+    const stubConfig: t.ParsedServerConfig = { ...config, inspectionFailed: true, source };
     const result = await configRepo.add(serverName, stubConfig, userId);
     await this.readThroughCache.delete(this.getReadThroughCacheKey(serverName, userId));
     await this.readThroughCache.delete(this.getReadThroughCacheKey(serverName));
@@ -179,13 +241,16 @@ export class MCPServersRegistry {
       );
     } catch (error) {
       logger.error(`[MCPServersRegistry] Failed to inspect server "${serverName}":`, error);
-      // Preserve domain-specific error for better error handling
       if (isMCPDomainNotAllowedError(error)) {
         throw error;
       }
       throw new MCPInspectionFailedError(serverName, error as Error);
     }
-    return await configRepo.add(serverName, parsedConfig, userId);
+    const tagged = {
+      ...parsedConfig,
+      source: (storageLocation === 'CACHE' ? 'yaml' : 'user') as t.MCPServerSource,
+    };
+    return await configRepo.add(serverName, tagged, userId);
   }
 
   /**
@@ -267,7 +332,6 @@ export class MCPServersRegistry {
       );
     } catch (error) {
       logger.error(`[MCPServersRegistry] Failed to inspect server "${serverName}":`, error);
-      // Preserve domain-specific error for better error handling
       if (isMCPDomainNotAllowedError(error)) {
         throw error;
       }
@@ -277,8 +341,180 @@ export class MCPServersRegistry {
     return parsedConfig;
   }
 
-  // TODO: This is currently used to determine if a server requires OAuth. However, this info can
-  // can be determined through config.requiresOAuth. Refactor usages and remove this method.
+  /**
+   * Ensures that config-source MCP servers (from admin Config overrides) are initialized.
+   * Identifies servers in `resolvedMcpConfig` that are not from YAML, lazily initializes
+   * any not yet in the config cache, and returns their parsed configs.
+   *
+   * Config cache keys are scoped by a hash of the raw config to prevent cross-tenant
+   * cache poisoning when two tenants define a server with the same name but different configs.
+   */
+  public async ensureConfigServers(
+    resolvedMcpConfig: Record<string, t.MCPOptions>,
+  ): Promise<Record<string, t.ParsedServerConfig>> {
+    if (!resolvedMcpConfig || Object.keys(resolvedMcpConfig).length === 0) {
+      return {};
+    }
+
+    const yamlNames = await this.getYamlServerNames();
+    const configServerEntries = Object.entries(resolvedMcpConfig).filter(
+      ([name]) => !yamlNames.has(name),
+    );
+
+    if (configServerEntries.length === 0) {
+      return {};
+    }
+
+    const result: Record<string, t.ParsedServerConfig> = {};
+
+    const settled = await Promise.allSettled(
+      configServerEntries.map(async ([serverName, rawConfig]) => {
+        const parsed = await this.ensureSingleConfigServer(serverName, rawConfig);
+        if (parsed) {
+          result[serverName] = parsed;
+        }
+      }),
+    );
+    for (const outcome of settled) {
+      if (outcome.status === 'rejected') {
+        logger.error('[MCPServersRegistry][ensureConfigServers] Unexpected error:', outcome.reason);
+      }
+    }
+
+    return result;
+  }
+
+  /**
+   * Ensures a single config-source server is initialized.
+   * Cache key is scoped by config hash to prevent cross-tenant poisoning.
+   * Deduplicates concurrent init requests for the same server+config.
+   * Stale failure stubs are retried after `CONFIG_STUB_RETRY_MS` to recover from transient errors.
+   */
+  private async ensureSingleConfigServer(
+    serverName: string,
+    rawConfig: t.MCPOptions,
+  ): Promise<t.ParsedServerConfig | undefined> {
+    const cacheKey = this.configCacheKey(serverName, rawConfig);
+
+    const cached = await this.configCacheRepo.get(cacheKey);
+    if (cached) {
+      const isStaleStub =
+        cached.inspectionFailed && Date.now() - (cached.updatedAt ?? 0) > CONFIG_STUB_RETRY_MS;
+      if (!isStaleStub) {
+        return cached;
+      }
+      logger.info(`[MCP][config][${serverName}] Retrying stale failure stub`);
+    }
+
+    const pending = this.pendingConfigInits.get(cacheKey);
+    if (pending) {
+      return pending;
+    }
+
+    const initPromise = this.lazyInitConfigServer(cacheKey, serverName, rawConfig);
+    this.pendingConfigInits.set(cacheKey, initPromise);
+
+    try {
+      return await initPromise;
+    } finally {
+      this.pendingConfigInits.delete(cacheKey);
+    }
+  }
+
+  /**
+   * Lazily initializes a config-source MCP server: inspects capabilities/tools, then
+   * stores the parsed config in the config cache with `source: 'config'`.
+   */
+  private async lazyInitConfigServer(
+    cacheKey: string,
+    serverName: string,
+    rawConfig: t.MCPOptions,
+  ): Promise<t.ParsedServerConfig | undefined> {
+    const prefix = `[MCP][config][${serverName}]`;
+    logger.info(`${prefix} Lazy-initializing config-source server`);
+
+    try {
+      const inspected = await withTimeout(
+        MCPServerInspector.inspect(serverName, rawConfig, undefined, this.allowedDomains),
+        CONFIG_SERVER_INIT_TIMEOUT_MS,
+        `${prefix} Server initialization timed out`,
+      );
+
+      const parsedConfig: t.ParsedServerConfig = { ...inspected, source: 'config' };
+      await this.upsertConfigCache(cacheKey, parsedConfig);
+
+      logger.info(
+        `${prefix} Initialized: tools=${parsedConfig.tools ?? 'N/A'}, ` +
+          `duration=${parsedConfig.initDuration ?? 'N/A'}ms`,
+      );
+      return parsedConfig;
+    } catch (error) {
+      logger.error(`${prefix} Failed to initialize:`, error);
+
+      const stubConfig: t.ParsedServerConfig = {
+        ...rawConfig,
+        inspectionFailed: true,
+        source: 'config',
+        updatedAt: Date.now(),
+      };
+      try {
+        await this.upsertConfigCache(cacheKey, stubConfig);
+        logger.info(`${prefix} Stored stub config for recovery`);
+      } catch (cacheError) {
+        logger.error(
+          `${prefix} Failed to store stub config (will retry on next request):`,
+          cacheError,
+        );
+      }
+      return stubConfig;
+    }
+  }
+
+  /**
+   * Writes a config to `configCacheRepo` using the atomic upsert operation.
+   * Safe for cross-process races — the underlying cache handles add-or-update internally.
+   */
+  private async upsertConfigCache(cacheKey: string, config: t.ParsedServerConfig): Promise<void> {
+    await this.configCacheRepo.upsert(cacheKey, config);
+  }
+
+  /**
+   * Clears the config-source server cache, forcing re-inspection on next access.
+   * Called when admin config overrides change (e.g., mcpServers mutation).
+   *
+   * @returns Names of servers that were evicted from the config cache.
+   *          Callers should disconnect active connections for these servers.
+   */
+  public async invalidateConfigCache(): Promise<string[]> {
+    const allCached = await this.configCacheRepo.getAll();
+    const evictedNames = [
+      ...new Set(
+        Object.keys(allCached).map((key) => {
+          const lastColon = key.lastIndexOf(':');
+          return lastColon > 0 ? key.slice(0, lastColon) : key;
+        }),
+      ),
+    ];
+
+    await Promise.all([
+      this.configCacheRepo.reset(),
+      // Only clear readThroughCacheAll (merged results that may include stale config servers).
+      // readThroughCache (individual YAML/user lookups) is unaffected by config mutations.
+      this.readThroughCacheAll.clear(),
+    ]);
+
+    if (evictedNames.length > 0) {
+      logger.info(
+        `[MCPServersRegistry] Config server cache invalidated, evicted: ${evictedNames.join(', ')}`,
+      );
+    }
+    return evictedNames;
+  }
+
+  // TODO: Refactor callers to use config.requiresOAuth directly instead of this method.
+  // Known gap: config-source OAuth servers are not included here because callers
+  // (OAuthReconnectionManager, UserController) lack request context to resolve configServers.
+  // Config-source OAuth auto-reconnection and uninstall cleanup require a separate mechanism.
   public async getOAuthServers(userId?: string): Promise<Set<string>> {
     const allServers = await this.getAllServerConfigs(userId);
     const oauthServers = Object.entries(allServers).filter(([, config]) => config.requiresOAuth);
@@ -287,8 +523,11 @@ export class MCPServersRegistry {
 
   public async reset(): Promise<void> {
     await this.cacheConfigsRepo.reset();
+    await this.configCacheRepo.reset();
     await this.readThroughCache.clear();
     await this.readThroughCacheAll.clear();
+    this.yamlServerNames = null;
+    this.yamlServerNamesPromise = null;
   }
 
   public async removeServer(
@@ -316,4 +555,48 @@ export class MCPServersRegistry {
   private getReadThroughCacheKey(serverName: string, userId?: string): string {
     return userId ? `${serverName}::${userId}` : serverName;
   }
+
+  /**
+   * Returns memoized YAML server names. Populated lazily on first call after boot/reset.
+   * YAML servers don't change after boot, so this avoids repeated `getAll()` calls.
+   * Uses promise deduplication to prevent concurrent cold-start double-fetch.
+   */
+  private getYamlServerNames(): Promise<Set<string>> {
+    if (this.yamlServerNames) {
+      return Promise.resolve(this.yamlServerNames);
+    }
+    if (this.yamlServerNamesPromise) {
+      return this.yamlServerNamesPromise;
+    }
+    this.yamlServerNamesPromise = this.cacheConfigsRepo
+      .getAll()
+      .then((configs) => {
+        this.yamlServerNames = new Set(Object.keys(configs));
+        this.yamlServerNamesPromise = null;
+        return this.yamlServerNames;
+      })
+      .catch((err) => {
+        this.yamlServerNamesPromise = null;
+        throw err;
+      });
+    return this.yamlServerNamesPromise;
+  }
+
+  /**
+   * Produces a config-cache key scoped by server name AND a hash of the raw config.
+   * Prevents cross-tenant cache poisoning when two tenants define the same server name
+   * with different configurations.
+   */
+  private configCacheKey(serverName: string, rawConfig: t.MCPOptions): string {
+    const sorted = JSON.stringify(rawConfig, (_key, value: unknown) => {
+      if (value !== null && typeof value === 'object' && !Array.isArray(value)) {
+        return Object.fromEntries(
+          Object.entries(value as Record<string, unknown>).sort(([a], [b]) => a.localeCompare(b)),
+        );
+      }
+      return value;
+    });
+    const hash = createHash('sha256').update(sorted).digest('hex').slice(0, 16);
+    return `${serverName}:${hash}`;
+  }
 }
diff --git a/packages/api/src/mcp/registry/ServerConfigsRepositoryInterface.ts b/packages/api/src/mcp/registry/ServerConfigsRepositoryInterface.ts
index 1c913dd1a3..4bf0fdd615 100644
--- a/packages/api/src/mcp/registry/ServerConfigsRepositoryInterface.ts
+++ b/packages/api/src/mcp/registry/ServerConfigsRepositoryInterface.ts
@@ -9,6 +9,9 @@ export interface IServerConfigsRepositoryInterface {
   //ACL Entry check if update is possible
   update(serverName: string, config: ParsedServerConfig, userId?: string): Promise<void>;
 
+  /** Atomic add-or-update without requiring callers to inspect error messages. */
+  upsert(serverName: string, config: ParsedServerConfig, userId?: string): Promise<void>;
+
   //ACL Entry check if remove is possible
   remove(serverName: string, userId?: string): Promise<void>;
 
diff --git a/packages/api/src/mcp/registry/__tests__/MCPServerInspector.test.ts b/packages/api/src/mcp/registry/__tests__/MCPServerInspector.test.ts
index f0ab75c9b4..2012f82e31 100644
--- a/packages/api/src/mcp/registry/__tests__/MCPServerInspector.test.ts
+++ b/packages/api/src/mcp/registry/__tests__/MCPServerInspector.test.ts
@@ -321,12 +321,12 @@ describe('MCPServerInspector', () => {
       const result = await MCPServerInspector.inspect('test_server', rawConfig);
 
       // Verify factory was called to create connection
-      expect(MCPConnectionFactory.create).toHaveBeenCalledWith({
-        serverName: 'test_server',
-        serverConfig: expect.objectContaining({ type: 'stdio', command: 'node' }),
-        useSSRFProtection: true,
-        dbSourced: false,
-      });
+      expect(MCPConnectionFactory.create).toHaveBeenCalledWith(
+        expect.objectContaining({
+          serverName: 'test_server',
+          serverConfig: expect.objectContaining({ type: 'stdio', command: 'node' }),
+        }),
+      );
 
       // Verify temporary connection was disconnected
       expect(tempMockConnection.disconnect).toHaveBeenCalled();
diff --git a/packages/api/src/mcp/registry/__tests__/MCPServersRegistry.test.ts b/packages/api/src/mcp/registry/__tests__/MCPServersRegistry.test.ts
index 8891120717..a20c09705f 100644
--- a/packages/api/src/mcp/registry/__tests__/MCPServersRegistry.test.ts
+++ b/packages/api/src/mcp/registry/__tests__/MCPServersRegistry.test.ts
@@ -112,8 +112,8 @@ describe('MCPServersRegistry', () => {
       const userConfigBefore = await registry.getServerConfig('user_server');
       const allConfigsBefore = await registry.getAllServerConfigs();
 
-      expect(appConfigBefore).toEqual(testParsedConfig);
-      expect(userConfigBefore).toEqual(testParsedConfig);
+      expect(appConfigBefore).toEqual(expect.objectContaining(testParsedConfig));
+      expect(userConfigBefore).toEqual(expect.objectContaining(testParsedConfig));
       expect(Object.keys(allConfigsBefore)).toHaveLength(2);
 
       // Reset everything
@@ -250,22 +250,18 @@ describe('MCPServersRegistry', () => {
       });
 
       it('should use different cache keys for different userIds', async () => {
-        // Spy on the cache repository get method
+        await registry['cacheConfigsRepo'].add('test_server', testParsedConfig);
         const cacheRepoGetSpy = jest.spyOn(registry['cacheConfigsRepo'], 'get');
 
-        // First call without userId
         await registry.getServerConfig('test_server');
         expect(cacheRepoGetSpy).toHaveBeenCalledTimes(1);
 
-        // Call with userId - should be a different cache key, so hits repository again
         await registry.getServerConfig('test_server', 'user123');
         expect(cacheRepoGetSpy).toHaveBeenCalledTimes(2);
 
-        // Repeat call with same userId - should hit read-through cache
         await registry.getServerConfig('test_server', 'user123');
-        expect(cacheRepoGetSpy).toHaveBeenCalledTimes(2); // Still 2
+        expect(cacheRepoGetSpy).toHaveBeenCalledTimes(2);
 
-        // Call with different userId - should hit repository
         await registry.getServerConfig('test_server', 'user456');
         expect(cacheRepoGetSpy).toHaveBeenCalledTimes(3);
       });
diff --git a/packages/api/src/mcp/registry/__tests__/ensureConfigServers.test.ts b/packages/api/src/mcp/registry/__tests__/ensureConfigServers.test.ts
new file mode 100644
index 0000000000..70eb2f75c4
--- /dev/null
+++ b/packages/api/src/mcp/registry/__tests__/ensureConfigServers.test.ts
@@ -0,0 +1,328 @@
+import type * as t from '~/mcp/types';
+import { MCPServersRegistry } from '~/mcp/registry/MCPServersRegistry';
+import { MCPServerInspector } from '~/mcp/registry/MCPServerInspector';
+
+jest.mock('~/mcp/registry/MCPServerInspector');
+jest.mock('~/mcp/registry/db/ServerConfigsDB', () => ({
+  ServerConfigsDB: jest.fn().mockImplementation(() => ({
+    get: jest.fn().mockResolvedValue(undefined),
+    getAll: jest.fn().mockResolvedValue({}),
+    add: jest.fn().mockResolvedValue(undefined),
+    update: jest.fn().mockResolvedValue(undefined),
+    upsert: jest.fn().mockResolvedValue(undefined),
+    remove: jest.fn().mockResolvedValue(undefined),
+    reset: jest.fn().mockResolvedValue(undefined),
+  })),
+}));
+
+const FIXED_TIME = 1699564800000;
+
+const mockMongoose = {} as typeof import('mongoose');
+
+const sseConfig: t.MCPOptions = {
+  type: 'sse',
+  url: 'https://mcp.example.com/sse',
+} as unknown as t.MCPOptions;
+
+const altSseConfig: t.MCPOptions = {
+  type: 'sse',
+  url: 'https://mcp.other-tenant.com/sse',
+} as unknown as t.MCPOptions;
+
+const yamlConfig: t.MCPOptions = {
+  type: 'stdio',
+  command: 'node',
+  args: ['tools.js'],
+} as unknown as t.MCPOptions;
+
+function makeParsedConfig(overrides: Partial<t.ParsedServerConfig> = {}): t.ParsedServerConfig {
+  return {
+    type: 'sse',
+    url: 'https://mcp.example.com/sse',
+    requiresOAuth: false,
+    tools: 'tool_a, tool_b',
+    capabilities: '{}',
+    initDuration: 42,
+    ...overrides,
+  } as unknown as t.ParsedServerConfig;
+}
+
+describe('MCPServersRegistry — ensureConfigServers', () => {
+  let registry: MCPServersRegistry;
+  let inspectSpy: jest.SpyInstance;
+
+  beforeAll(() => {
+    jest.useFakeTimers();
+    jest.setSystemTime(new Date(FIXED_TIME));
+  });
+
+  afterAll(() => {
+    jest.useRealTimers();
+  });
+
+  beforeEach(async () => {
+    (MCPServersRegistry as unknown as { instance: undefined }).instance = undefined;
+    MCPServersRegistry.createInstance(mockMongoose);
+    registry = MCPServersRegistry.getInstance();
+
+    inspectSpy = jest
+      .spyOn(MCPServerInspector, 'inspect')
+      .mockImplementation(async (_serverName: string, rawConfig: t.MCPOptions) =>
+        makeParsedConfig(rawConfig as unknown as Partial<t.ParsedServerConfig>),
+      );
+
+    await registry.reset();
+  });
+
+  afterEach(() => {
+    inspectSpy.mockClear();
+  });
+
+  it('should return empty for empty input', async () => {
+    expect(await registry.ensureConfigServers({})).toEqual({});
+  });
+
+  it('should return empty for null/undefined input', async () => {
+    expect(
+      await registry.ensureConfigServers(null as unknown as Record<string, t.MCPOptions>),
+    ).toEqual({});
+    expect(
+      await registry.ensureConfigServers(undefined as unknown as Record<string, t.MCPOptions>),
+    ).toEqual({});
+  });
+
+  it('should exclude YAML servers from config-source detection', async () => {
+    await registry.addServer('yaml_server', yamlConfig, 'CACHE');
+
+    const result = await registry.ensureConfigServers({
+      yaml_server: yamlConfig,
+      config_server: sseConfig,
+    });
+
+    expect(result).toHaveProperty('config_server');
+    expect(result).not.toHaveProperty('yaml_server');
+  });
+
+  it('should return empty when all servers are YAML', async () => {
+    await registry.addServer('yaml_a', yamlConfig, 'CACHE');
+    await registry.addServer('yaml_b', yamlConfig, 'CACHE');
+    inspectSpy.mockClear();
+
+    const result = await registry.ensureConfigServers({
+      yaml_a: yamlConfig,
+      yaml_b: yamlConfig,
+    });
+
+    expect(result).toEqual({});
+    expect(inspectSpy).not.toHaveBeenCalled();
+  });
+
+  it('should lazy-initialize a config-source server and tag source as config', async () => {
+    const result = await registry.ensureConfigServers({ my_server: sseConfig });
+
+    expect(result).toHaveProperty('my_server');
+    expect(result.my_server.source).toBe('config');
+    expect(inspectSpy).toHaveBeenCalledTimes(1);
+    expect(inspectSpy).toHaveBeenCalledWith('my_server', sseConfig, undefined, undefined);
+  });
+
+  it('should return cached result on second call without re-inspecting', async () => {
+    await registry.ensureConfigServers({ my_server: sseConfig });
+    expect(inspectSpy).toHaveBeenCalledTimes(1);
+
+    const result2 = await registry.ensureConfigServers({ my_server: sseConfig });
+    expect(result2).toHaveProperty('my_server');
+    expect(result2.my_server.source).toBe('config');
+    expect(inspectSpy).toHaveBeenCalledTimes(1);
+  });
+
+  it('should store inspectionFailed stub on inspection failure', async () => {
+    inspectSpy.mockRejectedValueOnce(new Error('connection refused'));
+
+    const result = await registry.ensureConfigServers({ bad_server: sseConfig });
+
+    expect(result).toHaveProperty('bad_server');
+    expect(result.bad_server.inspectionFailed).toBe(true);
+    expect(result.bad_server.source).toBe('config');
+  });
+
+  it('should return stub from cache on repeated failure without re-inspecting', async () => {
+    inspectSpy.mockRejectedValueOnce(new Error('connection refused'));
+    await registry.ensureConfigServers({ bad_server: sseConfig });
+    expect(inspectSpy).toHaveBeenCalledTimes(1);
+
+    const result2 = await registry.ensureConfigServers({ bad_server: sseConfig });
+    expect(result2.bad_server.inspectionFailed).toBe(true);
+    expect(inspectSpy).toHaveBeenCalledTimes(1);
+  });
+
+  it('should retry stale failure stub after CONFIG_STUB_RETRY_MS', async () => {
+    inspectSpy.mockRejectedValueOnce(new Error('transient DNS failure'));
+    await registry.ensureConfigServers({ flaky_server: sseConfig });
+    expect(inspectSpy).toHaveBeenCalledTimes(1);
+
+    jest.setSystemTime(new Date(FIXED_TIME + 6 * 60 * 1000));
+
+    const result = await registry.ensureConfigServers({ flaky_server: sseConfig });
+    expect(inspectSpy).toHaveBeenCalledTimes(2);
+    expect(result.flaky_server.inspectionFailed).toBeUndefined();
+    expect(result.flaky_server.source).toBe('config');
+
+    jest.setSystemTime(new Date(FIXED_TIME));
+  });
+
+  describe('cross-tenant isolation', () => {
+    it('should use different cache keys for same server name with different configs', async () => {
+      inspectSpy.mockClear();
+      const resultA = await registry.ensureConfigServers({ shared_name: sseConfig });
+      expect(resultA.shared_name.source).toBe('config');
+      expect(inspectSpy).toHaveBeenCalledTimes(1);
+
+      const resultB = await registry.ensureConfigServers({ shared_name: altSseConfig });
+      expect(resultB.shared_name.source).toBe('config');
+      expect(inspectSpy).toHaveBeenCalledTimes(2);
+    });
+
+    it('should return tenant-A config for tenant-A and tenant-B config for tenant-B', async () => {
+      const resultA = await registry.ensureConfigServers({ srv: sseConfig });
+      const resultB = await registry.ensureConfigServers({ srv: altSseConfig });
+
+      expect((resultA.srv as unknown as { url: string }).url).toBe('https://mcp.example.com/sse');
+      expect((resultB.srv as unknown as { url: string }).url).toBe(
+        'https://mcp.other-tenant.com/sse',
+      );
+    });
+  });
+
+  describe('concurrent deduplication', () => {
+    it('should only inspect once for multiple parallel calls with the same config', async () => {
+      inspectSpy.mockClear();
+      // Fire two calls simultaneously — both see cache miss, but only one should inspect
+      const [r1, r2] = await Promise.all([
+        registry.ensureConfigServers({ dedup_srv: sseConfig }),
+        registry.ensureConfigServers({ dedup_srv: sseConfig }),
+      ]);
+
+      expect(r1.dedup_srv).toBeDefined();
+      expect(r2.dedup_srv).toBeDefined();
+      expect(inspectSpy).toHaveBeenCalledTimes(1);
+
+      // Subsequent call must NOT re-inspect (cached)
+      inspectSpy.mockClear();
+      await registry.ensureConfigServers({ dedup_srv: sseConfig });
+      expect(inspectSpy).toHaveBeenCalledTimes(0);
+    });
+  });
+
+  describe('merge order', () => {
+    it('should merge YAML → config → user with correct precedence in getAllServerConfigs', async () => {
+      await registry.addServer('yaml_srv', yamlConfig, 'CACHE');
+
+      const configServers = await registry.ensureConfigServers({ config_srv: sseConfig });
+
+      const all = await registry.getAllServerConfigs(undefined, configServers);
+      expect(all).toHaveProperty('yaml_srv');
+      expect(all).toHaveProperty('config_srv');
+      expect(all.yaml_srv.source).toBe('yaml');
+      expect(all.config_srv.source).toBe('config');
+    });
+
+    it('should let config servers appear alongside user DB servers', async () => {
+      const mockDbConfigs = {
+        user_srv: makeParsedConfig({ source: 'user', dbId: 'abc123' }),
+      };
+      jest.spyOn(registry['dbConfigsRepo'], 'getAll').mockResolvedValue(mockDbConfigs);
+
+      const configServers = await registry.ensureConfigServers({ config_srv: sseConfig });
+      const all = await registry.getAllServerConfigs('user-1', configServers);
+
+      expect(all).toHaveProperty('config_srv');
+      expect(all).toHaveProperty('user_srv');
+      expect(all.config_srv.source).toBe('config');
+      expect(all.user_srv.source).toBe('user');
+    });
+  });
+
+  describe('invalidateConfigCache', () => {
+    it('should clear config cache and force re-inspection on next call', async () => {
+      await registry.ensureConfigServers({ my_server: sseConfig });
+      inspectSpy.mockClear();
+
+      await registry.invalidateConfigCache();
+
+      await registry.ensureConfigServers({ my_server: sseConfig });
+      expect(inspectSpy).toHaveBeenCalledTimes(1);
+    });
+
+    it('should return evicted server names', async () => {
+      await registry.ensureConfigServers({ srv_a: sseConfig, srv_b: altSseConfig });
+      const evicted = await registry.invalidateConfigCache();
+      expect(evicted.length).toBeGreaterThan(0);
+    });
+
+    it('should return empty array when nothing is cached', async () => {
+      const evicted = await registry.invalidateConfigCache();
+      expect(evicted).toEqual([]);
+    });
+  });
+
+  describe('getServerConfig with configServers', () => {
+    it('should return config-source server when configServers is passed', async () => {
+      const configServers = await registry.ensureConfigServers({ config_srv: sseConfig });
+      const config = await registry.getServerConfig('config_srv', undefined, configServers);
+      expect(config).toBeDefined();
+      expect(config?.source).toBe('config');
+    });
+
+    it('should return config-source server with userId when configServers is passed', async () => {
+      const configServers = await registry.ensureConfigServers({ config_srv: sseConfig });
+      const config = await registry.getServerConfig('config_srv', 'user-123', configServers);
+      expect(config).toBeDefined();
+      expect(config?.source).toBe('config');
+    });
+
+    it('should return undefined for config-source server without configServers (tenant isolation)', async () => {
+      await registry.ensureConfigServers({ config_srv: sseConfig });
+      const config = await registry.getServerConfig('config_srv');
+      expect(config).toBeUndefined();
+    });
+
+    it('should return correct config after invalidation and re-init', async () => {
+      const configServers1 = await registry.ensureConfigServers({ config_srv: sseConfig });
+      expect(await registry.getServerConfig('config_srv', undefined, configServers1)).toBeDefined();
+
+      await registry.invalidateConfigCache();
+
+      const configServers2 = await registry.ensureConfigServers({ config_srv: sseConfig });
+      const config = await registry.getServerConfig('config_srv', undefined, configServers2);
+      expect(config).toBeDefined();
+      expect(config?.source).toBe('config');
+    });
+
+    it('should not cross-contaminate between tenant configServers maps', async () => {
+      const tenantA = await registry.ensureConfigServers({ srv: sseConfig });
+      const tenantB = await registry.ensureConfigServers({ srv: altSseConfig });
+
+      const configA = await registry.getServerConfig('srv', undefined, tenantA);
+      const configB = await registry.getServerConfig('srv', undefined, tenantB);
+
+      expect((configA as unknown as { url: string }).url).toBe('https://mcp.example.com/sse');
+      expect((configB as unknown as { url: string }).url).toBe('https://mcp.other-tenant.com/sse');
+    });
+  });
+
+  describe('source tagging', () => {
+    it('should tag CACHE-stored servers as yaml', async () => {
+      await registry.addServer('yaml_srv', yamlConfig, 'CACHE');
+      const config = await registry.getServerConfig('yaml_srv');
+      expect(config?.source).toBe('yaml');
+    });
+
+    it('should tag stubs as yaml when stored in CACHE', async () => {
+      await registry.addServerStub('stub_srv', yamlConfig, 'CACHE');
+      const config = await registry.getServerConfig('stub_srv');
+      expect(config?.source).toBe('yaml');
+      expect(config?.inspectionFailed).toBe(true);
+    });
+  });
+});
diff --git a/packages/api/src/mcp/registry/cache/ServerConfigsCacheFactory.ts b/packages/api/src/mcp/registry/cache/ServerConfigsCacheFactory.ts
index ba0cec90ea..ebe19b59e3 100644
--- a/packages/api/src/mcp/registry/cache/ServerConfigsCacheFactory.ts
+++ b/packages/api/src/mcp/registry/cache/ServerConfigsCacheFactory.ts
@@ -1,31 +1,57 @@
-import { cacheConfig } from '~/cache';
+import { ServerConfigsCacheRedisAggregateKey } from './ServerConfigsCacheRedisAggregateKey';
 import { ServerConfigsCacheInMemory } from './ServerConfigsCacheInMemory';
 import { ServerConfigsCacheRedis } from './ServerConfigsCacheRedis';
+import { cacheConfig } from '~/cache';
 
-export type ServerConfigsCache = ServerConfigsCacheInMemory | ServerConfigsCacheRedis;
+export type ServerConfigsCache =
+  | ServerConfigsCacheInMemory
+  | ServerConfigsCacheRedis
+  | ServerConfigsCacheRedisAggregateKey;
 
 /**
- * Factory for creating the appropriate ServerConfigsCache implementation based on deployment mode.
- * Automatically selects between in-memory and Redis-backed storage depending on USE_REDIS config.
- * In single-instance mode (USE_REDIS=false), returns lightweight in-memory cache.
- * In cluster mode (USE_REDIS=true), returns Redis-backed cache with distributed coordination.
- * Provides a unified interface regardless of the underlying storage mechanism.
+ * Namespace for YAML-loaded app-level MCP configs. When Redis is enabled, uses a single
+ * aggregate key instead of per-server keys to avoid the costly SCAN + batch-GET pattern
+ * in {@link ServerConfigsCacheRedis.getAll} that caused 60s+ stalls under concurrent
+ * load (see GitHub #11624, #12408). When Redis is disabled, uses in-memory storage.
+ */
+export const APP_CACHE_NAMESPACE = 'App' as const;
+
+/** Namespace for admin-defined config-override MCP server inspection results. */
+export const CONFIG_CACHE_NAMESPACE = 'Config' as const;
+
+/** Namespaces that use the aggregate-key optimization to avoid SCAN+N-GETs stalls. */
+const AGGREGATE_KEY_NAMESPACES = new Set<string>([APP_CACHE_NAMESPACE, CONFIG_CACHE_NAMESPACE]);
+
+/**
+ * Factory for creating the appropriate ServerConfigsCache implementation based on
+ * deployment mode and namespace.
+ *
+ * Namespaces in {@link AGGREGATE_KEY_NAMESPACES} use {@link ServerConfigsCacheRedisAggregateKey}
+ * when Redis is enabled — storing all configs under a single key so `getAll()` is one GET
+ * instead of SCAN + N GETs. Cross-instance visibility is preserved: reinspection results
+ * propagate through Redis automatically.
+ *
+ * Other namespaces use the standard {@link ServerConfigsCacheRedis} (per-key storage with
+ * SCAN-based enumeration) when Redis is enabled.
  */
 export class ServerConfigsCacheFactory {
   /**
    * Create a ServerConfigsCache instance.
-   * Returns Redis implementation if Redis is configured, otherwise in-memory implementation.
    *
-   * @param namespace - The namespace for the cache (e.g., 'App') - only used for Redis namespacing
-   * @param leaderOnly - Whether operations should only be performed by the leader (only applies to Redis)
+   * @param namespace - The namespace for the cache. Namespaces in {@link AGGREGATE_KEY_NAMESPACES}
+   *   use aggregate-key Redis storage (or in-memory when Redis is disabled).
+   * @param leaderOnly - Whether write operations should only be performed by the leader.
    * @returns ServerConfigsCache instance
    */
   static create(namespace: string, leaderOnly: boolean): ServerConfigsCache {
-    if (cacheConfig.USE_REDIS) {
-      return new ServerConfigsCacheRedis(namespace, leaderOnly);
+    if (!cacheConfig.USE_REDIS) {
+      return new ServerConfigsCacheInMemory();
     }
 
-    // In-memory mode uses a simple Map - doesn't need namespace
-    return new ServerConfigsCacheInMemory();
+    if (AGGREGATE_KEY_NAMESPACES.has(namespace)) {
+      return new ServerConfigsCacheRedisAggregateKey(namespace, leaderOnly);
+    }
+
+    return new ServerConfigsCacheRedis(namespace, leaderOnly);
   }
 }
diff --git a/packages/api/src/mcp/registry/cache/ServerConfigsCacheInMemory.ts b/packages/api/src/mcp/registry/cache/ServerConfigsCacheInMemory.ts
index 384c477756..5a7fd35b9f 100644
--- a/packages/api/src/mcp/registry/cache/ServerConfigsCacheInMemory.ts
+++ b/packages/api/src/mcp/registry/cache/ServerConfigsCacheInMemory.ts
@@ -28,6 +28,10 @@ export class ServerConfigsCacheInMemory {
     this.cache.set(serverName, { ...config, updatedAt: Date.now() });
   }
 
+  public async upsert(serverName: string, config: ParsedServerConfig): Promise<void> {
+    this.cache.set(serverName, { ...config, updatedAt: Date.now() });
+  }
+
   public async remove(serverName: string): Promise<void> {
     if (!this.cache.delete(serverName)) {
       throw new Error(`Failed to remove server "${serverName}" in cache.`);
diff --git a/packages/api/src/mcp/registry/cache/ServerConfigsCacheRedis.ts b/packages/api/src/mcp/registry/cache/ServerConfigsCacheRedis.ts
index d3154baf73..af1316056d 100644
--- a/packages/api/src/mcp/registry/cache/ServerConfigsCacheRedis.ts
+++ b/packages/api/src/mcp/registry/cache/ServerConfigsCacheRedis.ts
@@ -52,6 +52,12 @@ export class ServerConfigsCacheRedis
     this.successCheck(`update ${this.namespace} server "${serverName}"`, success);
   }
 
+  public async upsert(serverName: string, config: ParsedServerConfig): Promise<void> {
+    if (this.leaderOnly) await this.leaderCheck(`upsert ${this.namespace} MCP servers`);
+    const success = await this.cache.set(serverName, { ...config, updatedAt: Date.now() });
+    this.successCheck(`upsert ${this.namespace} server "${serverName}"`, success);
+  }
+
   public async remove(serverName: string): Promise<void> {
     if (this.leaderOnly) await this.leaderCheck(`remove ${this.namespace} MCP servers`);
     const success = await this.cache.delete(serverName);
diff --git a/packages/api/src/mcp/registry/cache/ServerConfigsCacheRedisAggregateKey.ts b/packages/api/src/mcp/registry/cache/ServerConfigsCacheRedisAggregateKey.ts
new file mode 100644
index 0000000000..5fc32bd7aa
--- /dev/null
+++ b/packages/api/src/mcp/registry/cache/ServerConfigsCacheRedisAggregateKey.ts
@@ -0,0 +1,193 @@
+import type Keyv from 'keyv';
+import type { IServerConfigsRepositoryInterface } from '~/mcp/registry/ServerConfigsRepositoryInterface';
+import type { ParsedServerConfig, AddServerResult } from '~/mcp/types';
+import { BaseRegistryCache } from './BaseRegistryCache';
+import { cacheConfig, standardCache } from '~/cache';
+
+/**
+ * Redis-backed MCP server configs cache that stores all entries under a single aggregate key.
+ *
+ * Unlike {@link ServerConfigsCacheRedis} which uses SCAN + batch-GET for `getAll()`, this
+ * implementation stores the entire config map as a single JSON value in Redis. This makes
+ * `getAll()` a single O(1) GET regardless of keyspace size, eliminating the 60s+ stalls
+ * caused by SCAN under concurrent load in large deployments (see GitHub #11624, #12408).
+ *
+ * Trade-offs:
+ * - `add/update/remove` use a serialized read-modify-write on the aggregate key via a
+ *   promise-based mutex. This prevents concurrent writes from racing within a single
+ *   process (e.g., during `Promise.allSettled` initialization of multiple servers).
+ * - The entire config map is serialized/deserialized on every operation. With typical MCP
+ *   deployments (~5-50 servers), the JSON payload is small (10-50KB).
+ * - Cross-instance visibility is preserved: all instances read/write the same Redis key,
+ *   so reinspection results propagate automatically after readThroughCache TTL expiry.
+ *
+ * IMPORTANT: The promise-based writeLock serializes writes within a single Node.js process
+ * only. Concurrent writes from separate instances race at the Redis level (last-write-wins).
+ * This is acceptable because writes are performed exclusively by the leader during
+ * initialization via {@link MCPServersInitializer}. `reinspectServer` is manual and rare.
+ * Callers must enforce this single-writer invariant externally.
+ */
+const AGGREGATE_KEY = '__all__';
+
+export class ServerConfigsCacheRedisAggregateKey
+  extends BaseRegistryCache
+  implements IServerConfigsRepositoryInterface
+{
+  protected readonly cache: Keyv;
+  private writeLock: Promise<void> = Promise.resolve();
+
+  /**
+   * In-memory snapshot of the aggregate key to avoid redundant Redis GETs.
+   * `getAll()` is called 20+ times per chat request (once per tool, per server
+   * config lookup, per connection check) but the data doesn't change within a
+   * request cycle. The snapshot collapses all reads within the TTL window into
+   * a single Redis GET. Invalidated on every write (`add`, `update`, `remove`, `reset`).
+   *
+   * NOTE: In multi-instance deployments, the effective max staleness for cross-instance
+   * writes is up to 2×MCP_REGISTRY_CACHE_TTL. This happens when readThroughCacheAll
+   * (MCPServersRegistry) is populated from a snapshot that is nearly expired. For the
+   * default 5000ms TTL, worst-case cross-instance propagation is ~10s. This is acceptable
+   * given the single-writer invariant (leader-only initialization, rare manual reinspection).
+   */
+  private localSnapshot: Record<string, ParsedServerConfig> | null = null;
+  /** Milliseconds since epoch. 0 = epoch = always expired on first check. */
+  private localSnapshotExpiry = 0;
+
+  private readonly namespace: string;
+
+  constructor(namespace: string, leaderOnly: boolean) {
+    super(leaderOnly);
+    this.namespace = namespace;
+    this.cache = standardCache(`${this.PREFIX}::Servers::${namespace}`);
+  }
+
+  private invalidateLocalSnapshot(): void {
+    this.localSnapshot = null;
+    this.localSnapshotExpiry = 0;
+  }
+
+  /**
+   * Serializes write operations to prevent concurrent read-modify-write races.
+   * Reads (`get`, `getAll`) are not serialized — they can run concurrently.
+   * Always invalidates the local snapshot in `finally` to guarantee cleanup
+   * even when the write callback throws (e.g., Redis SET failure).
+   */
+  private async withWriteLock<T>(fn: () => Promise<T>): Promise<T> {
+    const previousLock = this.writeLock;
+    let resolve!: () => void;
+    this.writeLock = new Promise<void>((r) => {
+      resolve = r;
+    });
+    try {
+      await previousLock;
+      return await fn();
+    } finally {
+      this.invalidateLocalSnapshot();
+      resolve();
+    }
+  }
+
+  public async getAll(): Promise<Record<string, ParsedServerConfig>> {
+    const ttl = cacheConfig.MCP_REGISTRY_CACHE_TTL;
+    if (ttl > 0) {
+      const now = Date.now();
+      if (this.localSnapshot !== null && now < this.localSnapshotExpiry) {
+        return this.localSnapshot;
+      }
+    }
+
+    const result =
+      ((await this.cache.get(AGGREGATE_KEY)) as Record<string, ParsedServerConfig> | undefined) ??
+      {};
+
+    if (ttl > 0) {
+      this.localSnapshot = result;
+      this.localSnapshotExpiry = Date.now() + ttl;
+    }
+    return result;
+  }
+
+  public async get(serverName: string): Promise<ParsedServerConfig | undefined> {
+    const all = await this.getAll();
+    return all[serverName];
+  }
+
+  public async add(serverName: string, config: ParsedServerConfig): Promise<AddServerResult> {
+    if (this.leaderOnly) await this.leaderCheck('add MCP servers');
+    return this.withWriteLock(async () => {
+      // Force fresh Redis read so the read-modify-write uses current data,
+      // not a snapshot that may predate this write. Distinct from the finally-block
+      // invalidation which cleans up after the write completes or throws.
+      this.invalidateLocalSnapshot();
+      const all = await this.getAll();
+      if (all[serverName]) {
+        throw new Error(
+          `Server "${serverName}" already exists in cache. Use update() to modify existing configs.`,
+        );
+      }
+      const storedConfig = { ...config, updatedAt: Date.now() };
+      const newAll = { ...all, [serverName]: storedConfig };
+      const success = await this.cache.set(AGGREGATE_KEY, newAll);
+      this.successCheck(`add ${this.namespace} server "${serverName}"`, success);
+      return { serverName, config: storedConfig };
+    });
+  }
+
+  public async update(serverName: string, config: ParsedServerConfig): Promise<void> {
+    if (this.leaderOnly) await this.leaderCheck('update MCP servers');
+    return this.withWriteLock(async () => {
+      this.invalidateLocalSnapshot(); // Force fresh Redis read (see add() comment)
+      const all = await this.getAll();
+      if (!all[serverName]) {
+        throw new Error(
+          `Server "${serverName}" does not exist in cache. Use add() to create new configs.`,
+        );
+      }
+      const newAll = { ...all, [serverName]: { ...config, updatedAt: Date.now() } };
+      const success = await this.cache.set(AGGREGATE_KEY, newAll);
+      this.successCheck(`update ${this.namespace} server "${serverName}"`, success);
+    });
+  }
+
+  public async upsert(serverName: string, config: ParsedServerConfig): Promise<void> {
+    if (this.leaderOnly) await this.leaderCheck('upsert MCP servers');
+    return this.withWriteLock(async () => {
+      this.invalidateLocalSnapshot();
+      const all = await this.getAll();
+      const newAll = { ...all, [serverName]: { ...config, updatedAt: Date.now() } };
+      const success = await this.cache.set(AGGREGATE_KEY, newAll);
+      this.successCheck(`upsert ${this.namespace} server "${serverName}"`, success);
+    });
+  }
+
+  public async remove(serverName: string): Promise<void> {
+    if (this.leaderOnly) await this.leaderCheck('remove MCP servers');
+    return this.withWriteLock(async () => {
+      this.invalidateLocalSnapshot(); // Force fresh Redis read (see add() comment)
+      const all = await this.getAll();
+      if (!all[serverName]) {
+        throw new Error(`Failed to remove server "${serverName}" in cache.`);
+      }
+      const { [serverName]: _, ...newAll } = all;
+      const success = await this.cache.set(AGGREGATE_KEY, newAll);
+      this.successCheck(`remove ${this.namespace} server "${serverName}"`, success);
+    });
+  }
+
+  /**
+   * Resets the aggregate key directly instead of using SCAN-based `cache.clear()`.
+   * Only one key (`__all__`) ever exists in this namespace, so a targeted delete is
+   * more efficient and consistent with the PR's goal of eliminating SCAN operations.
+   *
+   * NOTE: Intentionally not serialized via `withWriteLock`. `reset()` is only called
+   * during lifecycle transitions (test teardown, full reinitialization via
+   * `MCPServersInitializer`) where no concurrent writes are in flight.
+   */
+  public override async reset(): Promise<void> {
+    if (this.leaderOnly) {
+      await this.leaderCheck(`reset ${this.namespace} MCP servers cache`);
+    }
+    await this.cache.delete(AGGREGATE_KEY);
+    this.invalidateLocalSnapshot();
+  }
+}
diff --git a/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheFactory.test.ts b/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheFactory.test.ts
index 7499ae127e..577b878cc7 100644
--- a/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheFactory.test.ts
+++ b/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheFactory.test.ts
@@ -1,9 +1,11 @@
-import { ServerConfigsCacheFactory } from '../ServerConfigsCacheFactory';
+import { ServerConfigsCacheFactory, APP_CACHE_NAMESPACE } from '../ServerConfigsCacheFactory';
+import { ServerConfigsCacheRedisAggregateKey } from '../ServerConfigsCacheRedisAggregateKey';
 import { ServerConfigsCacheInMemory } from '../ServerConfigsCacheInMemory';
 import { ServerConfigsCacheRedis } from '../ServerConfigsCacheRedis';
 import { cacheConfig } from '~/cache';
 
 // Mock the cache implementations
+jest.mock('../ServerConfigsCacheRedisAggregateKey');
 jest.mock('../ServerConfigsCacheInMemory');
 jest.mock('../ServerConfigsCacheRedis');
 
@@ -17,53 +19,48 @@ jest.mock('~/cache', () => ({
 describe('ServerConfigsCacheFactory', () => {
   beforeEach(() => {
     jest.clearAllMocks();
+    cacheConfig.USE_REDIS = false;
   });
 
   describe('create()', () => {
-    it('should return ServerConfigsCacheRedis when USE_REDIS is true', () => {
-      // Arrange
+    it('should return ServerConfigsCacheRedisAggregateKey for App namespace when USE_REDIS is true', () => {
       cacheConfig.USE_REDIS = true;
 
-      // Act
-      const cache = ServerConfigsCacheFactory.create('App', true);
+      const cache = ServerConfigsCacheFactory.create(APP_CACHE_NAMESPACE, false);
 
-      // Assert
-      expect(cache).toBeInstanceOf(ServerConfigsCacheRedis);
-      expect(ServerConfigsCacheRedis).toHaveBeenCalledWith('App', true);
+      expect(cache).toBeInstanceOf(ServerConfigsCacheRedisAggregateKey);
+      expect(ServerConfigsCacheRedisAggregateKey).toHaveBeenCalledWith(APP_CACHE_NAMESPACE, false);
+      expect(ServerConfigsCacheRedis).not.toHaveBeenCalled();
+      expect(ServerConfigsCacheInMemory).not.toHaveBeenCalled();
     });
 
-    it('should return ServerConfigsCacheInMemory when USE_REDIS is false', () => {
-      // Arrange
+    it('should return ServerConfigsCacheInMemory for App namespace when USE_REDIS is false', () => {
       cacheConfig.USE_REDIS = false;
 
-      // Act
-      const cache = ServerConfigsCacheFactory.create('App', false);
+      const cache = ServerConfigsCacheFactory.create(APP_CACHE_NAMESPACE, false);
 
-      // Assert
       expect(cache).toBeInstanceOf(ServerConfigsCacheInMemory);
-      expect(ServerConfigsCacheInMemory).toHaveBeenCalled();
+      expect(ServerConfigsCacheInMemory).toHaveBeenCalledWith();
+      expect(ServerConfigsCacheRedis).not.toHaveBeenCalled();
+      expect(ServerConfigsCacheRedisAggregateKey).not.toHaveBeenCalled();
     });
 
-    it('should pass correct parameters to ServerConfigsCacheRedis', () => {
-      // Arrange
+    it('should return ServerConfigsCacheRedis for non-App namespaces when USE_REDIS is true', () => {
       cacheConfig.USE_REDIS = true;
 
-      // Act
-      ServerConfigsCacheFactory.create('CustomNamespace', true);
+      const cache = ServerConfigsCacheFactory.create('CustomNamespace', true);
 
-      // Assert
+      expect(cache).toBeInstanceOf(ServerConfigsCacheRedis);
       expect(ServerConfigsCacheRedis).toHaveBeenCalledWith('CustomNamespace', true);
+      expect(ServerConfigsCacheRedisAggregateKey).not.toHaveBeenCalled();
     });
 
-    it('should create ServerConfigsCacheInMemory without parameters when USE_REDIS is false', () => {
-      // Arrange
+    it('should return ServerConfigsCacheInMemory for non-App namespaces when USE_REDIS is false', () => {
       cacheConfig.USE_REDIS = false;
 
-      // Act
-      ServerConfigsCacheFactory.create('App', false);
+      const cache = ServerConfigsCacheFactory.create('CustomNamespace', false);
 
-      // Assert
-      // In-memory cache doesn't use namespace/leaderOnly parameters
+      expect(cache).toBeInstanceOf(ServerConfigsCacheInMemory);
       expect(ServerConfigsCacheInMemory).toHaveBeenCalledWith();
     });
   });
diff --git a/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheInMemory.test.ts b/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheInMemory.test.ts
index c123325c1f..b8827a3fe9 100644
--- a/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheInMemory.test.ts
+++ b/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheInMemory.test.ts
@@ -12,6 +12,7 @@ describe('ServerConfigsCacheInMemory Integration Tests', () => {
 
   // Test data
   const mockConfig1: ParsedServerConfig = {
+    type: 'stdio',
     command: 'node',
     args: ['server1.js'],
     env: { TEST: 'value1' },
@@ -19,6 +20,7 @@ describe('ServerConfigsCacheInMemory Integration Tests', () => {
   };
 
   const mockConfig2: ParsedServerConfig = {
+    type: 'stdio',
     command: 'python',
     args: ['server2.py'],
     env: { TEST: 'value2' },
@@ -26,6 +28,7 @@ describe('ServerConfigsCacheInMemory Integration Tests', () => {
   };
 
   const mockConfig3: ParsedServerConfig = {
+    type: 'stdio',
     command: 'node',
     args: ['server3.js'],
     url: 'http://localhost:3000',
diff --git a/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheRedis.perf_benchmark.manual.spec.ts b/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheRedis.perf_benchmark.manual.spec.ts
new file mode 100644
index 0000000000..d9dc7bb978
--- /dev/null
+++ b/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheRedis.perf_benchmark.manual.spec.ts
@@ -0,0 +1,343 @@
+/**
+ * Performance benchmark for ServerConfigsCacheRedis.getAll()
+ *
+ * Requires a live Redis instance. Run manually (excluded from CI):
+ *   npx jest --config packages/api/jest.config.mjs --testPathPatterns="perf_benchmark" --coverage=false
+ *
+ * Set env vars as needed:
+ *   USE_REDIS=true REDIS_URI=redis://localhost:6379 npx jest ...
+ *
+ * This benchmark isolates the two phases of getAll() — SCAN (key discovery) and
+ * batched GET (value retrieval) — to identify the actual bottleneck under load.
+ * It also benchmarks alternative approaches (single aggregate key, MGET) against
+ * the current SCAN+GET implementation.
+ */
+import { expect } from '@playwright/test';
+import type { RedisClientType } from 'redis';
+import type { ParsedServerConfig } from '~/mcp/types';
+
+describe('ServerConfigsCacheRedis Performance Benchmark', () => {
+  let ServerConfigsCacheRedis: typeof import('../ServerConfigsCacheRedis').ServerConfigsCacheRedis;
+  let keyvRedisClient: Awaited<typeof import('~/cache/redisClients')>['keyvRedisClient'];
+  let standardCache: Awaited<typeof import('~/cache')>['standardCache'];
+
+  const PREFIX = 'perf-bench';
+
+  const makeConfig = (i: number): ParsedServerConfig =>
+    ({
+      type: 'stdio',
+      command: `cmd-${i}`,
+      args: [`arg-${i}`, `--flag-${i}`],
+      env: { KEY: `value-${i}`, EXTRA: `extra-${i}` },
+      requiresOAuth: false,
+      tools: `tool_a_${i}, tool_b_${i}`,
+      capabilities: `{"tools":{"listChanged":true}}`,
+      serverInstructions: `Instructions for server ${i}`,
+    }) as ParsedServerConfig;
+
+  beforeAll(async () => {
+    process.env.USE_REDIS = process.env.USE_REDIS ?? 'true';
+    process.env.USE_REDIS_CLUSTER = process.env.USE_REDIS_CLUSTER ?? 'true';
+    process.env.REDIS_URI =
+      process.env.REDIS_URI ??
+      'redis://127.0.0.1:7001,redis://127.0.0.1:7002,redis://127.0.0.1:7003';
+    process.env.REDIS_KEY_PREFIX = process.env.REDIS_KEY_PREFIX ?? 'perf-bench-test';
+
+    const cacheModule = await import('../ServerConfigsCacheRedis');
+    const redisClients = await import('~/cache/redisClients');
+    const cacheFactory = await import('~/cache');
+
+    ServerConfigsCacheRedis = cacheModule.ServerConfigsCacheRedis;
+    keyvRedisClient = redisClients.keyvRedisClient;
+    standardCache = cacheFactory.standardCache;
+
+    if (!keyvRedisClient) throw new Error('Redis client is not initialized');
+    await redisClients.keyvRedisClientReady;
+  });
+
+  afterAll(async () => {
+    if (keyvRedisClient?.isOpen) await keyvRedisClient.disconnect();
+  });
+
+  /** Clean up all keys matching our test prefix */
+  async function cleanupKeys(pattern: string): Promise<void> {
+    if (!keyvRedisClient || !('scanIterator' in keyvRedisClient)) return;
+    const keys: string[] = [];
+    for await (const key of keyvRedisClient.scanIterator({ MATCH: pattern })) {
+      keys.push(key);
+    }
+    if (keys.length > 0) {
+      await Promise.all(keys.map((key) => keyvRedisClient!.del(key)));
+    }
+  }
+
+  /** Populate a cache with N configs and return the cache instance */
+  async function populateCache(
+    namespace: string,
+    count: number,
+  ): Promise<InstanceType<typeof ServerConfigsCacheRedis>> {
+    const cache = new ServerConfigsCacheRedis(namespace, false);
+    for (let i = 0; i < count; i++) {
+      await cache.add(`server-${i}`, makeConfig(i));
+    }
+    return cache;
+  }
+
+  /**
+   * Benchmark 1: Isolate SCAN vs GET phases in current getAll()
+   *
+   * Measures time spent in each phase separately to identify the bottleneck.
+   */
+  describe('Phase isolation: SCAN vs batched GET', () => {
+    const CONFIG_COUNTS = [5, 20, 50];
+
+    for (const count of CONFIG_COUNTS) {
+      it(`should measure SCAN and GET phases separately for ${count} configs`, async () => {
+        const ns = `${PREFIX}-phase-${count}`;
+        const cache = await populateCache(ns, count);
+
+        try {
+          // Get the Keyv cache instance namespace for pattern matching
+          const keyvCache = standardCache(`MCP::ServersRegistry::Servers::${ns}`);
+          const pattern = `*MCP::ServersRegistry::Servers::${ns}:*`;
+
+          // Phase 1: SCAN only (key discovery)
+          const scanStart = Date.now();
+          const keys: string[] = [];
+          for await (const key of (keyvRedisClient as RedisClientType).scanIterator({
+            MATCH: pattern,
+          })) {
+            keys.push(key);
+          }
+          const scanMs = Date.now() - scanStart;
+
+          // Phase 2: Batched GET only (value retrieval via Keyv)
+          const keyNames = keys.map((key) => key.substring(key.lastIndexOf(':') + 1));
+          const BATCH_SIZE = 100;
+          const getStart = Date.now();
+          for (let i = 0; i < keyNames.length; i += BATCH_SIZE) {
+            const batch = keyNames.slice(i, i + BATCH_SIZE);
+            await Promise.all(batch.map((k) => keyvCache.get(k)));
+          }
+          const getMs = Date.now() - getStart;
+
+          // Phase 3: Full getAll() (both phases combined)
+          const fullStart = Date.now();
+          const result = await cache.getAll();
+          const fullMs = Date.now() - fullStart;
+
+          console.log(
+            `[${count} configs] SCAN: ${scanMs}ms | GET: ${getMs}ms | Full getAll: ${fullMs}ms | Keys found: ${keys.length}`,
+          );
+
+          expect(Object.keys(result).length).toBe(count);
+
+          // Clean up the Keyv instance
+          await keyvCache.clear();
+        } finally {
+          await cleanupKeys(`*${ns}*`);
+        }
+      });
+    }
+  });
+
+  /**
+   * Benchmark 2: SCAN cost scales with total Redis keyspace, not just matching keys
+   *
+   * Redis SCAN iterates the entire hash table and filters by pattern. With a large
+   * keyspace (many non-matching keys), SCAN takes longer even if few keys match.
+   * This test measures SCAN time with background noise keys.
+   */
+  describe('SCAN cost vs keyspace size', () => {
+    it('should measure SCAN latency with background noise keys', async () => {
+      const ns = `${PREFIX}-noise`;
+      const targetCount = 10;
+
+      // Add target configs
+      const cache = await populateCache(ns, targetCount);
+
+      // Add noise keys in a different namespace to inflate the keyspace
+      const noiseCount = 500;
+      const noiseCache = standardCache(`noise-namespace-${Date.now()}`);
+      for (let i = 0; i < noiseCount; i++) {
+        await noiseCache.set(`noise-${i}`, { data: `value-${i}` });
+      }
+
+      try {
+        const pattern = `*MCP::ServersRegistry::Servers::${ns}:*`;
+
+        // Measure SCAN with noise
+        const scanStart = Date.now();
+        const keys: string[] = [];
+        for await (const key of (keyvRedisClient as RedisClientType).scanIterator({
+          MATCH: pattern,
+        })) {
+          keys.push(key);
+        }
+        const scanMs = Date.now() - scanStart;
+
+        // Measure full getAll
+        const fullStart = Date.now();
+        const result = await cache.getAll();
+        const fullMs = Date.now() - fullStart;
+
+        console.log(
+          `[${targetCount} configs + ${noiseCount} noise keys] SCAN: ${scanMs}ms | Full getAll: ${fullMs}ms`,
+        );
+
+        expect(Object.keys(result).length).toBe(targetCount);
+      } finally {
+        await noiseCache.clear();
+        await cleanupKeys(`*${ns}*`);
+      }
+    });
+  });
+
+  /**
+   * Benchmark 3: Concurrent getAll() calls (simulates the actual production bottleneck)
+   *
+   * Multiple users hitting /api/mcp/* simultaneously, all triggering getAll()
+   * after the 5s TTL read-through cache expires.
+   */
+  describe('Concurrent getAll() under load', () => {
+    const CONCURRENCY_LEVELS = [1, 10, 50, 100];
+    const CONFIG_COUNT = 30;
+
+    for (const concurrency of CONCURRENCY_LEVELS) {
+      it(`should measure ${concurrency} concurrent getAll() calls with ${CONFIG_COUNT} configs`, async () => {
+        const ns = `${PREFIX}-concurrent-${concurrency}`;
+        const cache = await populateCache(ns, CONFIG_COUNT);
+
+        try {
+          const startTime = Date.now();
+          const promises = Array.from({ length: concurrency }, () => cache.getAll());
+          const results = await Promise.all(promises);
+          const elapsed = Date.now() - startTime;
+
+          console.log(
+            `[${CONFIG_COUNT} configs x ${concurrency} concurrent] Total: ${elapsed}ms | Per-call avg: ${(elapsed / concurrency).toFixed(1)}ms`,
+          );
+
+          for (const result of results) {
+            expect(Object.keys(result).length).toBe(CONFIG_COUNT);
+          }
+        } finally {
+          await cleanupKeys(`*${ns}*`);
+        }
+      });
+    }
+  });
+
+  /**
+   * Benchmark 4: Alternative — Single aggregate key
+   *
+   * Instead of SCAN+GET, store all configs under one Redis key.
+   * getAll() becomes a single GET + JSON parse.
+   */
+  describe('Alternative: Single aggregate key', () => {
+    it('should compare aggregate key vs SCAN+GET for getAll()', async () => {
+      const ns = `${PREFIX}-aggregate`;
+      const configCount = 30;
+      const cache = await populateCache(ns, configCount);
+
+      // Build the aggregate object
+      const aggregate: Record<string, ParsedServerConfig> = {};
+      for (let i = 0; i < configCount; i++) {
+        aggregate[`server-${i}`] = makeConfig(i);
+      }
+
+      // Store as single key
+      const aggregateCache = standardCache(`aggregate-test-${Date.now()}`);
+      await aggregateCache.set('all', aggregate);
+
+      try {
+        // Measure SCAN+GET approach
+        const scanStart = Date.now();
+        const scanResult = await cache.getAll();
+        const scanMs = Date.now() - scanStart;
+
+        // Measure single-key approach
+        const aggStart = Date.now();
+        const aggResult = (await aggregateCache.get('all')) as Record<string, ParsedServerConfig>;
+        const aggMs = Date.now() - aggStart;
+
+        console.log(
+          `[${configCount} configs] SCAN+GET: ${scanMs}ms | Single key: ${aggMs}ms | Speedup: ${(scanMs / Math.max(aggMs, 1)).toFixed(1)}x`,
+        );
+
+        expect(Object.keys(scanResult).length).toBe(configCount);
+        expect(Object.keys(aggResult).length).toBe(configCount);
+
+        // Concurrent comparison
+        const concurrency = 100;
+        const scanConcStart = Date.now();
+        await Promise.all(Array.from({ length: concurrency }, () => cache.getAll()));
+        const scanConcMs = Date.now() - scanConcStart;
+
+        const aggConcStart = Date.now();
+        await Promise.all(Array.from({ length: concurrency }, () => aggregateCache.get('all')));
+        const aggConcMs = Date.now() - aggConcStart;
+
+        console.log(
+          `[${configCount} configs x ${concurrency} concurrent] SCAN+GET: ${scanConcMs}ms | Single key: ${aggConcMs}ms | Speedup: ${(scanConcMs / Math.max(aggConcMs, 1)).toFixed(1)}x`,
+        );
+      } finally {
+        await aggregateCache.clear();
+        await cleanupKeys(`*${ns}*`);
+      }
+    });
+  });
+
+  /**
+   * Benchmark 5: Alternative — Raw MGET (bypassing Keyv serialization overhead)
+   *
+   * Keyv wraps each value in { value, expires } JSON. Using raw MGET on the
+   * Redis client skips the Keyv layer entirely.
+   */
+  describe('Alternative: Raw MGET vs Keyv batch GET', () => {
+    it('should compare raw MGET vs Keyv GET for value retrieval', async () => {
+      const ns = `${PREFIX}-mget`;
+      const configCount = 30;
+      const cache = await populateCache(ns, configCount);
+
+      try {
+        // First, discover keys via SCAN (same for both approaches)
+        const pattern = `*MCP::ServersRegistry::Servers::${ns}:*`;
+        const keys: string[] = [];
+        for await (const key of (keyvRedisClient as RedisClientType).scanIterator({
+          MATCH: pattern,
+        })) {
+          keys.push(key);
+        }
+
+        // Approach 1: Keyv batch GET (current implementation)
+        const keyvCache = standardCache(`MCP::ServersRegistry::Servers::${ns}`);
+        const keyNames = keys.map((key) => key.substring(key.lastIndexOf(':') + 1));
+
+        const keyvStart = Date.now();
+        await Promise.all(keyNames.map((k) => keyvCache.get(k)));
+        const keyvMs = Date.now() - keyvStart;
+
+        // Approach 2: Raw MGET (no Keyv overhead)
+        const mgetStart = Date.now();
+        if ('mGet' in keyvRedisClient!) {
+          const rawValues = await (
+            keyvRedisClient as { mGet: (keys: string[]) => Promise<(string | null)[]> }
+          ).mGet(keys);
+          // Parse the Keyv-wrapped JSON values
+          rawValues.filter(Boolean).map((v) => JSON.parse(v!));
+        }
+        const mgetMs = Date.now() - mgetStart;
+
+        console.log(
+          `[${configCount} configs] Keyv batch GET: ${keyvMs}ms | Raw MGET: ${mgetMs}ms | Speedup: ${(keyvMs / Math.max(mgetMs, 1)).toFixed(1)}x`,
+        );
+
+        // Clean up
+        await keyvCache.clear();
+      } finally {
+        await cleanupKeys(`*${ns}*`);
+      }
+    });
+  });
+});
diff --git a/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheRedisAggregateKey.cache_integration.spec.ts b/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheRedisAggregateKey.cache_integration.spec.ts
new file mode 100644
index 0000000000..4ec30187a2
--- /dev/null
+++ b/packages/api/src/mcp/registry/cache/__tests__/ServerConfigsCacheRedisAggregateKey.cache_integration.spec.ts
@@ -0,0 +1,338 @@
+import { expect } from '@playwright/test';
+import type { ParsedServerConfig } from '~/mcp/types';
+
+describe('ServerConfigsCacheRedisAggregateKey Integration Tests', () => {
+  let ServerConfigsCacheRedisAggregateKey: typeof import('../ServerConfigsCacheRedisAggregateKey').ServerConfigsCacheRedisAggregateKey;
+  let keyvRedisClient: Awaited<typeof import('~/cache/redisClients')>['keyvRedisClient'];
+
+  let cache: InstanceType<
+    typeof import('../ServerConfigsCacheRedisAggregateKey').ServerConfigsCacheRedisAggregateKey
+  >;
+
+  const mockConfig1 = {
+    type: 'stdio',
+    command: 'node',
+    args: ['server1.js'],
+    env: { TEST: 'value1' },
+  } as ParsedServerConfig;
+
+  const mockConfig2 = {
+    type: 'stdio',
+    command: 'python',
+    args: ['server2.py'],
+    env: { TEST: 'value2' },
+  } as ParsedServerConfig;
+
+  const mockConfig3 = {
+    type: 'sse',
+    url: 'http://localhost:3000',
+    requiresOAuth: true,
+  } as ParsedServerConfig;
+
+  beforeAll(async () => {
+    process.env.USE_REDIS = process.env.USE_REDIS ?? 'true';
+    process.env.USE_REDIS_CLUSTER = process.env.USE_REDIS_CLUSTER ?? 'true';
+    process.env.REDIS_URI =
+      process.env.REDIS_URI ??
+      'redis://127.0.0.1:7001,redis://127.0.0.1:7002,redis://127.0.0.1:7003';
+    process.env.REDIS_KEY_PREFIX = process.env.REDIS_KEY_PREFIX ?? 'AggregateKey-IntegrationTest';
+
+    const cacheModule = await import('../ServerConfigsCacheRedisAggregateKey');
+    const redisClients = await import('~/cache/redisClients');
+
+    ServerConfigsCacheRedisAggregateKey = cacheModule.ServerConfigsCacheRedisAggregateKey;
+    keyvRedisClient = redisClients.keyvRedisClient;
+
+    if (!keyvRedisClient) throw new Error('Redis client is not initialized');
+    await redisClients.keyvRedisClientReady;
+  });
+
+  beforeEach(() => {
+    cache = new ServerConfigsCacheRedisAggregateKey('agg-test', false);
+  });
+
+  afterEach(async () => {
+    await cache.reset();
+  });
+
+  afterAll(async () => {
+    if (keyvRedisClient?.isOpen) await keyvRedisClient.disconnect();
+  });
+
+  describe('add and get operations', () => {
+    it('should add and retrieve a server config', async () => {
+      await cache.add('server1', mockConfig1);
+      const result = await cache.get('server1');
+      expect(result).toMatchObject(mockConfig1);
+    });
+
+    it('should return undefined for non-existent server', async () => {
+      const result = await cache.get('non-existent');
+      expect(result).toBeUndefined();
+    });
+
+    it('should throw error when adding duplicate server', async () => {
+      await cache.add('server1', mockConfig1);
+      await expect(cache.add('server1', mockConfig2)).rejects.toThrow(
+        'Server "server1" already exists in cache. Use update() to modify existing configs.',
+      );
+    });
+
+    it('should handle multiple server configs', async () => {
+      await cache.add('server1', mockConfig1);
+      await cache.add('server2', mockConfig2);
+      await cache.add('server3', mockConfig3);
+
+      expect(await cache.get('server1')).toMatchObject(mockConfig1);
+      expect(await cache.get('server2')).toMatchObject(mockConfig2);
+      expect(await cache.get('server3')).toMatchObject(mockConfig3);
+    });
+  });
+
+  describe('getAll operation', () => {
+    it('should return empty object when no servers exist', async () => {
+      const result = await cache.getAll();
+      expect(result).toMatchObject({});
+    });
+
+    it('should return all server configs', async () => {
+      await cache.add('server1', mockConfig1);
+      await cache.add('server2', mockConfig2);
+      await cache.add('server3', mockConfig3);
+
+      const result = await cache.getAll();
+      expect(result).toMatchObject({
+        server1: mockConfig1,
+        server2: mockConfig2,
+        server3: mockConfig3,
+      });
+    });
+
+    it('should reflect additions in getAll', async () => {
+      await cache.add('server1', mockConfig1);
+      await cache.add('server2', mockConfig2);
+
+      let result = await cache.getAll();
+      expect(Object.keys(result).length).toBe(2);
+
+      await cache.add('server3', mockConfig3);
+      result = await cache.getAll();
+      expect(Object.keys(result).length).toBe(3);
+      expect(result.server3).toMatchObject(mockConfig3);
+    });
+  });
+
+  describe('update operation', () => {
+    it('should update an existing server config', async () => {
+      await cache.add('server1', mockConfig1);
+      expect(await cache.get('server1')).toMatchObject(mockConfig1);
+
+      await cache.update('server1', mockConfig2);
+      const result = await cache.get('server1');
+      expect(result).toMatchObject(mockConfig2);
+    });
+
+    it('should throw error when updating non-existent server', async () => {
+      await expect(cache.update('non-existent', mockConfig1)).rejects.toThrow(
+        'Server "non-existent" does not exist in cache. Use add() to create new configs.',
+      );
+    });
+
+    it('should reflect updates in getAll', async () => {
+      await cache.add('server1', mockConfig1);
+      await cache.add('server2', mockConfig2);
+
+      await cache.update('server1', mockConfig3);
+      const result = await cache.getAll();
+      expect(result.server1).toMatchObject(mockConfig3);
+      expect(result.server2).toMatchObject(mockConfig2);
+    });
+  });
+
+  describe('remove operation', () => {
+    it('should remove an existing server config', async () => {
+      await cache.add('server1', mockConfig1);
+      expect(await cache.get('server1')).toMatchObject(mockConfig1);
+
+      await cache.remove('server1');
+      expect(await cache.get('server1')).toBeUndefined();
+    });
+
+    it('should throw error when removing non-existent server', async () => {
+      await expect(cache.remove('non-existent')).rejects.toThrow(
+        'Failed to remove server "non-existent" in cache.',
+      );
+    });
+
+    it('should remove server from getAll results', async () => {
+      await cache.add('server1', mockConfig1);
+      await cache.add('server2', mockConfig2);
+
+      let result = await cache.getAll();
+      expect(Object.keys(result).length).toBe(2);
+
+      await cache.remove('server1');
+      result = await cache.getAll();
+      expect(Object.keys(result).length).toBe(1);
+      expect(result.server1).toBeUndefined();
+      expect(result.server2).toMatchObject(mockConfig2);
+    });
+
+    it('should allow re-adding a removed server', async () => {
+      await cache.add('server1', mockConfig1);
+      await cache.remove('server1');
+      await cache.add('server1', mockConfig3);
+
+      const result = await cache.get('server1');
+      expect(result).toMatchObject(mockConfig3);
+    });
+  });
+
+  describe('concurrent write safety', () => {
+    it('should handle concurrent add calls without data loss', async () => {
+      const configCount = 20;
+      const promises = Array.from({ length: configCount }, (_, i) =>
+        cache.add(`server-${i}`, {
+          type: 'stdio',
+          command: `cmd-${i}`,
+          args: [`arg-${i}`],
+        } as ParsedServerConfig),
+      );
+
+      const results = await Promise.allSettled(promises);
+      const failures = results.filter((r) => r.status === 'rejected');
+      expect(failures).toHaveLength(0);
+
+      const result = await cache.getAll();
+      expect(Object.keys(result).length).toBe(configCount);
+      for (let i = 0; i < configCount; i++) {
+        expect(result[`server-${i}`]).toBeDefined();
+        const config = result[`server-${i}`] as { command?: string };
+        expect(config.command).toBe(`cmd-${i}`);
+      }
+    });
+
+    it('should handle concurrent getAll calls', async () => {
+      await cache.add('server1', mockConfig1);
+      await cache.add('server2', mockConfig2);
+      await cache.add('server3', mockConfig3);
+
+      const concurrency = 50;
+      const promises = Array.from({ length: concurrency }, () => cache.getAll());
+      const results = await Promise.all(promises);
+
+      for (const result of results) {
+        expect(Object.keys(result).length).toBe(3);
+        expect(result.server1).toMatchObject(mockConfig1);
+        expect(result.server2).toMatchObject(mockConfig2);
+        expect(result.server3).toMatchObject(mockConfig3);
+      }
+    });
+  });
+
+  describe('reset operation', () => {
+    it('should clear all configs', async () => {
+      await cache.add('server1', mockConfig1);
+      await cache.add('server2', mockConfig2);
+
+      expect(Object.keys(await cache.getAll()).length).toBe(2);
+
+      await cache.reset();
+
+      const result = await cache.getAll();
+      expect(Object.keys(result).length).toBe(0);
+    });
+  });
+
+  describe('local snapshot behavior', () => {
+    it('should collapse repeated getAll calls into a single Redis GET within TTL', async () => {
+      await cache.add('server1', mockConfig1);
+      await cache.add('server2', mockConfig2);
+
+      // Prime the snapshot
+      await cache.getAll();
+
+      // Spy on the underlying Keyv cache to count Redis calls
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const cacheGetSpy = jest.spyOn((cache as any).cache, 'get');
+
+      await cache.getAll();
+      await cache.getAll();
+      await cache.getAll();
+
+      // Snapshot should be served; Redis should NOT have been called
+      expect(cacheGetSpy.mock.calls).toHaveLength(0);
+      cacheGetSpy.mockRestore();
+    });
+
+    it('should invalidate snapshot after add', async () => {
+      await cache.add('server1', mockConfig1);
+      const before = await cache.getAll();
+      expect(Object.keys(before).length).toBe(1);
+
+      await cache.add('server2', mockConfig2);
+      const after = await cache.getAll();
+      expect(Object.keys(after).length).toBe(2);
+    });
+
+    it('should invalidate snapshot after update and preserve other entries', async () => {
+      await cache.add('server1', mockConfig1);
+      await cache.add('server2', mockConfig2);
+      expect((await cache.getAll()).server1).toMatchObject(mockConfig1);
+
+      await cache.update('server1', mockConfig3);
+      const after = await cache.getAll();
+      expect(after.server1).toMatchObject(mockConfig3);
+      expect(after.server2).toMatchObject(mockConfig2);
+    });
+
+    it('should invalidate snapshot after remove', async () => {
+      await cache.add('server1', mockConfig1);
+      await cache.add('server2', mockConfig2);
+      expect(Object.keys(await cache.getAll()).length).toBe(2);
+
+      await cache.remove('server1');
+      const after = await cache.getAll();
+      expect(Object.keys(after).length).toBe(1);
+      expect(after.server1).toBeUndefined();
+      expect(after.server2).toMatchObject(mockConfig2);
+    });
+
+    it('should invalidate snapshot after reset', async () => {
+      await cache.add('server1', mockConfig1);
+      expect(Object.keys(await cache.getAll()).length).toBe(1);
+
+      await cache.reset();
+      expect(Object.keys(await cache.getAll()).length).toBe(0);
+    });
+
+    it('should not retroactively modify previously returned snapshot references', async () => {
+      await cache.add('server1', mockConfig1);
+
+      // Prime the snapshot
+      const snapshot = await cache.getAll();
+      expect(Object.keys(snapshot).length).toBe(1);
+
+      // Add a second server — the original snapshot reference should be unmodified
+      await cache.add('server2', mockConfig2);
+      expect(Object.keys(snapshot).length).toBe(1);
+      expect(snapshot.server2).toBeUndefined();
+    });
+
+    it('should hit Redis again after snapshot TTL expires', async () => {
+      await cache.add('server1', mockConfig1);
+      await cache.getAll(); // prime snapshot
+
+      // Force-expire the snapshot without sleeping
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      (cache as any).localSnapshotExpiry = Date.now() - 1;
+
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const cacheGetSpy = jest.spyOn((cache as any).cache, 'get');
+      const result = await cache.getAll();
+      expect(cacheGetSpy.mock.calls).toHaveLength(1);
+      expect(Object.keys(result).length).toBe(1);
+      cacheGetSpy.mockRestore();
+    });
+  });
+});
diff --git a/packages/api/src/mcp/registry/db/ServerConfigsDB.ts b/packages/api/src/mcp/registry/db/ServerConfigsDB.ts
index 9981f6b00b..b1649c66ca 100644
--- a/packages/api/src/mcp/registry/db/ServerConfigsDB.ts
+++ b/packages/api/src/mcp/registry/db/ServerConfigsDB.ts
@@ -220,6 +220,25 @@ export class ServerConfigsDB implements IServerConfigsRepositoryInterface {
     await this._dbMethods.updateMCPServer(serverName, { config: configToSave });
   }
 
+  /**
+   * Atomic add-or-update. For DB-backed servers this delegates to update since
+   * DB servers are always created via the explicit add() flow with ACL setup.
+   * Config-source servers should use configCacheRepo, not dbConfigsRepo.
+   */
+  public async upsert(
+    serverName: string,
+    config: ParsedServerConfig,
+    userId?: string,
+  ): Promise<void> {
+    if (!userId) {
+      throw new Error(
+        `[ServerConfigsDB.upsert] User ID is required for DB-backed MCP server upsert of "${serverName}". ` +
+          'Config-source servers should use configCacheRepo, not dbConfigsRepo.',
+      );
+    }
+    return this.update(serverName, config, userId);
+  }
+
   /**
    * Deletes an MCP server and removes all associated ACL entries.
    * @param serverName - The serverName of the server to remove
@@ -411,6 +430,7 @@ export class ServerConfigsDB implements IServerConfigsRepositoryInterface {
     const config: ParsedServerConfig = {
       ...serverDBDoc.config,
       dbId: (serverDBDoc._id as Types.ObjectId).toString(),
+      source: 'user',
       updatedAt: serverDBDoc.updatedAt?.getTime(),
     };
     return await this.decryptConfig(config);
diff --git a/packages/api/src/mcp/tools.spec.ts b/packages/api/src/mcp/tools.spec.ts
new file mode 100644
index 0000000000..2a5d201df8
--- /dev/null
+++ b/packages/api/src/mcp/tools.spec.ts
@@ -0,0 +1,213 @@
+import { Constants } from 'librechat-data-provider';
+import { createMCPToolCacheService } from './tools';
+import type { LCAvailableTools } from './types';
+import type { MCPToolInput, MCPToolCacheDeps } from './tools';
+
+function createMockDeps(overrides: Partial<MCPToolCacheDeps> = {}): MCPToolCacheDeps {
+  return {
+    getCachedTools: jest.fn().mockResolvedValue(null),
+    setCachedTools: jest.fn().mockResolvedValue(true),
+    ...overrides,
+  };
+}
+
+describe('createMCPToolCacheService', () => {
+  describe('updateMCPServerTools', () => {
+    it('returns empty object for null tools', async () => {
+      const deps = createMockDeps();
+      const { updateMCPServerTools } = createMCPToolCacheService(deps);
+
+      const result = await updateMCPServerTools({ userId: 'u1', serverName: 'srv', tools: null });
+
+      expect(result).toEqual({});
+      expect(deps.setCachedTools).not.toHaveBeenCalled();
+    });
+
+    it('returns empty object for empty tools array', async () => {
+      const deps = createMockDeps();
+      const { updateMCPServerTools } = createMCPToolCacheService(deps);
+
+      const result = await updateMCPServerTools({ userId: 'u1', serverName: 'srv', tools: [] });
+
+      expect(result).toEqual({});
+      expect(deps.setCachedTools).not.toHaveBeenCalled();
+    });
+
+    it('constructs tool names with mcp_delimiter and caches them', async () => {
+      const deps = createMockDeps();
+      const { updateMCPServerTools } = createMCPToolCacheService(deps);
+      const tools: MCPToolInput[] = [
+        {
+          name: 'search',
+          description: 'Search docs',
+          inputSchema: { type: 'object', properties: {} },
+        },
+      ];
+
+      const result = await updateMCPServerTools({ userId: 'u1', serverName: 'brave', tools });
+
+      const expectedKey = `search${Constants.mcp_delimiter}brave`;
+      expect(result[expectedKey]).toBeDefined();
+      expect(result[expectedKey].type).toBe('function');
+      expect(result[expectedKey]['function'].name).toBe(expectedKey);
+      expect(result[expectedKey]['function'].description).toBe('Search docs');
+      expect(deps.setCachedTools).toHaveBeenCalledWith(result, {
+        userId: 'u1',
+        serverName: 'brave',
+      });
+    });
+
+    it('propagates setCachedTools errors', async () => {
+      const deps = createMockDeps({
+        setCachedTools: jest.fn().mockRejectedValue(new Error('Redis down')),
+      });
+      const { updateMCPServerTools } = createMCPToolCacheService(deps);
+      const tools: MCPToolInput[] = [{ name: 'tool1' }];
+
+      await expect(
+        updateMCPServerTools({ userId: 'u1', serverName: 'srv', tools }),
+      ).rejects.toThrow('Redis down');
+    });
+  });
+
+  describe('mergeAppTools', () => {
+    it('no-ops when appTools is empty', async () => {
+      const deps = createMockDeps();
+      const { mergeAppTools } = createMCPToolCacheService(deps);
+
+      await mergeAppTools({});
+
+      expect(deps.getCachedTools).not.toHaveBeenCalled();
+      expect(deps.setCachedTools).not.toHaveBeenCalled();
+    });
+
+    it('merges app tools with existing cached tools', async () => {
+      const existing: LCAvailableTools = {
+        old: {
+          type: 'function',
+          ['function']: {
+            name: 'old',
+            description: '',
+            parameters: { type: 'object', properties: {} },
+          },
+        },
+      };
+      const deps = createMockDeps({ getCachedTools: jest.fn().mockResolvedValue(existing) });
+      const { mergeAppTools } = createMCPToolCacheService(deps);
+      const appTools: LCAvailableTools = {
+        new: {
+          type: 'function',
+          ['function']: {
+            name: 'new',
+            description: '',
+            parameters: { type: 'object', properties: {} },
+          },
+        },
+      };
+
+      await mergeAppTools(appTools);
+
+      expect(deps.setCachedTools).toHaveBeenCalledWith(
+        expect.objectContaining({ old: existing.old, new: appTools.new }),
+      );
+    });
+
+    it('handles null cache (cold start) by defaulting to empty', async () => {
+      const deps = createMockDeps({ getCachedTools: jest.fn().mockResolvedValue(null) });
+      const { mergeAppTools } = createMCPToolCacheService(deps);
+      const appTools: LCAvailableTools = {
+        tool: {
+          type: 'function',
+          ['function']: {
+            name: 'tool',
+            description: '',
+            parameters: { type: 'object', properties: {} },
+          },
+        },
+      };
+
+      await mergeAppTools(appTools);
+
+      expect(deps.setCachedTools).toHaveBeenCalledWith(
+        expect.objectContaining({ tool: appTools.tool }),
+      );
+    });
+
+    it('propagates getCachedTools errors', async () => {
+      const deps = createMockDeps({
+        getCachedTools: jest.fn().mockRejectedValue(new Error('cache read failed')),
+      });
+      const { mergeAppTools } = createMCPToolCacheService(deps);
+
+      await expect(
+        mergeAppTools({
+          t: {
+            type: 'function',
+            ['function']: {
+              name: 't',
+              description: '',
+              parameters: { type: 'object', properties: {} },
+            },
+          },
+        }),
+      ).rejects.toThrow('cache read failed');
+    });
+  });
+
+  describe('cacheMCPServerTools', () => {
+    it('no-ops when serverTools is empty', async () => {
+      const deps = createMockDeps();
+      const { cacheMCPServerTools } = createMCPToolCacheService(deps);
+
+      await cacheMCPServerTools({ userId: 'u1', serverName: 'srv', serverTools: {} });
+
+      expect(deps.setCachedTools).not.toHaveBeenCalled();
+    });
+
+    it('caches server tools with userId and serverName', async () => {
+      const deps = createMockDeps();
+      const { cacheMCPServerTools } = createMCPToolCacheService(deps);
+      const serverTools: LCAvailableTools = {
+        tool: {
+          type: 'function',
+          ['function']: {
+            name: 'tool',
+            description: '',
+            parameters: { type: 'object', properties: {} },
+          },
+        },
+      };
+
+      await cacheMCPServerTools({ userId: 'u1', serverName: 'brave', serverTools });
+
+      expect(deps.setCachedTools).toHaveBeenCalledWith(serverTools, {
+        userId: 'u1',
+        serverName: 'brave',
+      });
+    });
+
+    it('propagates setCachedTools errors', async () => {
+      const deps = createMockDeps({
+        setCachedTools: jest.fn().mockRejectedValue(new Error('write failed')),
+      });
+      const { cacheMCPServerTools } = createMCPToolCacheService(deps);
+
+      await expect(
+        cacheMCPServerTools({
+          userId: 'u1',
+          serverName: 'srv',
+          serverTools: {
+            t: {
+              type: 'function',
+              ['function']: {
+                name: 't',
+                description: '',
+                parameters: { type: 'object', properties: {} },
+              },
+            },
+          },
+        }),
+      ).rejects.toThrow('write failed');
+    });
+  });
+});
diff --git a/packages/api/src/mcp/tools.ts b/packages/api/src/mcp/tools.ts
new file mode 100644
index 0000000000..d539cc5bd0
--- /dev/null
+++ b/packages/api/src/mcp/tools.ts
@@ -0,0 +1,104 @@
+import { logger } from '@librechat/data-schemas';
+import { Constants } from 'librechat-data-provider';
+import type { JsonSchemaType } from '@librechat/agents';
+import type { LCAvailableTools, LCFunctionTool } from './types';
+
+export interface MCPToolInput {
+  name: string;
+  description?: string;
+  inputSchema?: JsonSchemaType;
+}
+
+export interface MCPToolCacheDeps {
+  getCachedTools: (options?: {
+    userId?: string;
+    serverName?: string;
+  }) => Promise<LCAvailableTools | null>;
+  setCachedTools: (
+    tools: LCAvailableTools,
+    options?: { userId?: string; serverName?: string },
+  ) => Promise<boolean>;
+}
+
+export function createMCPToolCacheService(deps: MCPToolCacheDeps) {
+  const { getCachedTools, setCachedTools } = deps;
+
+  async function updateMCPServerTools(params: {
+    userId: string;
+    serverName: string;
+    tools: MCPToolInput[] | null;
+  }): Promise<LCAvailableTools> {
+    const { userId, serverName, tools } = params;
+    try {
+      const serverTools: LCAvailableTools = {};
+      const mcpDelimiter = Constants.mcp_delimiter;
+
+      if (tools == null || tools.length === 0) {
+        logger.debug(`[MCP Cache] No tools to update for server ${serverName} (user: ${userId})`);
+        return serverTools;
+      }
+
+      for (const tool of tools) {
+        const name = `${tool.name}${mcpDelimiter}${serverName}`;
+        const entry: LCFunctionTool = {
+          type: 'function',
+          ['function']: {
+            name,
+            description: tool.description ?? '',
+            parameters: tool.inputSchema ?? ({ type: 'object', properties: {} } as JsonSchemaType),
+          },
+        };
+        serverTools[name] = entry;
+      }
+
+      await setCachedTools(serverTools, { userId, serverName });
+      logger.debug(
+        `[MCP Cache] Updated ${tools.length} tools for server ${serverName} (user: ${userId})`,
+      );
+      return serverTools;
+    } catch (error) {
+      logger.error(
+        `[MCP Cache] Failed to update tools for ${serverName} (user: ${userId}):`,
+        error,
+      );
+      throw error;
+    }
+  }
+
+  async function mergeAppTools(appTools: LCAvailableTools): Promise<void> {
+    try {
+      const count = Object.keys(appTools).length;
+      if (!count) {
+        return;
+      }
+      const cachedTools = (await getCachedTools()) ?? {};
+      const mergedTools: LCAvailableTools = { ...cachedTools, ...appTools };
+      await setCachedTools(mergedTools);
+      logger.debug(`Merged ${count} app-level tools`);
+    } catch (error) {
+      logger.error('Failed to merge app-level tools:', error);
+      throw error;
+    }
+  }
+
+  async function cacheMCPServerTools(params: {
+    userId: string;
+    serverName: string;
+    serverTools: LCAvailableTools;
+  }): Promise<void> {
+    const { userId, serverName, serverTools } = params;
+    try {
+      const count = Object.keys(serverTools).length;
+      if (!count) {
+        return;
+      }
+      await setCachedTools(serverTools, { userId, serverName });
+      logger.debug(`Cached ${count} MCP server tools for ${serverName} (user: ${userId})`);
+    } catch (error) {
+      logger.error(`Failed to cache MCP server tools for ${serverName} (user: ${userId}):`, error);
+      throw error;
+    }
+  }
+
+  return { updateMCPServerTools, mergeAppTools, cacheMCPServerTools };
+}
diff --git a/packages/api/src/mcp/types/index.ts b/packages/api/src/mcp/types/index.ts
index 6cb5e02f0b..32c2787165 100644
--- a/packages/api/src/mcp/types/index.ts
+++ b/packages/api/src/mcp/types/index.ts
@@ -144,6 +144,14 @@ export type ImageFormatter = (item: ImageContent) => FormattedContent;
 
 export type FormattedToolResponse = FormattedContentResult;
 
+/**
+ * Origin of an MCP server definition.
+ * - `'yaml'`   — operator-defined in librechat.yaml, full trust, boot-time init
+ * - `'config'` — admin-defined via Config override, full trust, lazy init
+ * - `'user'`   — user-provided via UI, sandboxed (restricted placeholder resolution)
+ */
+export type MCPServerSource = 'yaml' | 'config' | 'user';
+
 export type ParsedServerConfig = MCPOptions & {
   url?: string;
   requiresOAuth?: boolean;
@@ -154,6 +162,8 @@ export type ParsedServerConfig = MCPOptions & {
   initDuration?: number;
   updatedAt?: number;
   dbId?: string;
+  /** Origin of this server definition — determines trust level and placeholder resolution */
+  source?: MCPServerSource;
   /** True if access is only via agent (not directly shared with user) */
   consumeOnly?: boolean;
   /** True when inspection failed at startup; the server is known but not fully initialized */
@@ -202,6 +212,8 @@ export interface ToolDiscoveryOptions {
   customUserVars?: Record<string, string>;
   requestBody?: RequestBody;
   connectionTimeout?: number;
+  /** Pre-resolved config-source servers for tenant-scoped lookup */
+  configServers?: Record<string, ParsedServerConfig>;
 }
 
 export interface ToolDiscoveryResult {
diff --git a/packages/api/src/mcp/utils.ts b/packages/api/src/mcp/utils.ts
index ff367725fc..653a96d5bd 100644
--- a/packages/api/src/mcp/utils.ts
+++ b/packages/api/src/mcp/utils.ts
@@ -8,6 +8,15 @@ export function hasCustomUserVars(config: Pick<ParsedServerConfig, 'customUserVa
   return !!config.customUserVars && Object.keys(config.customUserVars).length > 0;
 }
 
+/**
+ * Determines whether a server config is user-sourced (sandboxed placeholder resolution).
+ * When `source` is set, it is authoritative. When absent (pre-upgrade cached configs),
+ * falls back to the legacy `dbId` heuristic for backward compatibility.
+ */
+export function isUserSourced(config: Pick<ParsedServerConfig, 'source' | 'dbId'>): boolean {
+  return config.source != null ? config.source === 'user' : !!config.dbId;
+}
+
 /**
  * Allowlist-based sanitization for API responses. Only explicitly listed fields are included;
  * new fields added to ParsedServerConfig are excluded by default until allowlisted here.
@@ -31,6 +40,8 @@ export function redactServerSecrets(config: ParsedServerConfig): Partial<ParsedS
     initDuration: config.initDuration,
     updatedAt: config.updatedAt,
     dbId: config.dbId,
+    /** Trust tier (yaml/config/user) — safe to expose; used by the UI for display purposes. */
+    source: config.source,
     consumeOnly: config.consumeOnly,
     inspectionFailed: config.inspectionFailed,
     customUserVars: config.customUserVars,
@@ -97,6 +108,22 @@ export function normalizeServerName(serverName: string): string {
   return normalized;
 }
 
+/**
+ * Builds the synthetic tool-call name used during MCP OAuth flows.
+ * Format: `oauth<mcp_delimiter><normalizedServerName>`
+ *
+ * Guards against the caller passing a pre-wrapped name (one that already
+ * starts with the oauth prefix in its original, un-normalized form) to
+ * prevent double-wrapping.
+ */
+export function buildOAuthToolCallName(serverName: string): string {
+  const oauthPrefix = `oauth${Constants.mcp_delimiter}`;
+  if (serverName.startsWith(oauthPrefix)) {
+    return normalizeServerName(serverName);
+  }
+  return `${oauthPrefix}${normalizeServerName(serverName)}`;
+}
+
 /**
  * Sanitizes a URL by removing query parameters to prevent credential leakage in logs.
  * @param url - The URL to sanitize (string or URL object)
diff --git a/packages/api/src/middleware/__tests__/tenant.spec.ts b/packages/api/src/middleware/__tests__/tenant.spec.ts
new file mode 100644
index 0000000000..7451817941
--- /dev/null
+++ b/packages/api/src/middleware/__tests__/tenant.spec.ts
@@ -0,0 +1,101 @@
+import { getTenantId } from '@librechat/data-schemas';
+import type { Response, NextFunction } from 'express';
+import type { ServerRequest } from '~/types/http';
+// Import directly from source file — _resetTenantMiddlewareStrictCache is intentionally
+// excluded from the public barrel export (index.ts).
+import { tenantContextMiddleware, _resetTenantMiddlewareStrictCache } from '../tenant';
+
+function mockReq(user?: Record<string, unknown>): ServerRequest {
+  return { user } as unknown as ServerRequest;
+}
+
+function mockRes(): Response {
+  const res = {
+    status: jest.fn().mockReturnThis(),
+    json: jest.fn().mockReturnThis(),
+  };
+  return res as unknown as Response;
+}
+
+/** Runs the middleware and returns a Promise that resolves when next() is called. */
+function runMiddleware(req: ServerRequest, res: Response): Promise<string | undefined> {
+  return new Promise((resolve) => {
+    const next: NextFunction = () => {
+      resolve(getTenantId());
+    };
+    tenantContextMiddleware(req, res, next);
+  });
+}
+
+describe('tenantContextMiddleware', () => {
+  afterEach(() => {
+    _resetTenantMiddlewareStrictCache();
+    delete process.env.TENANT_ISOLATION_STRICT;
+  });
+
+  it('sets ALS tenant context for authenticated requests with tenantId', async () => {
+    const req = mockReq({ tenantId: 'tenant-x', role: 'user' });
+    const res = mockRes();
+
+    const tenantId = await runMiddleware(req, res);
+    expect(tenantId).toBe('tenant-x');
+  });
+
+  it('is a no-op for unauthenticated requests (no user)', async () => {
+    const req = mockReq();
+    const res = mockRes();
+
+    const tenantId = await runMiddleware(req, res);
+    expect(tenantId).toBeUndefined();
+  });
+
+  it('passes through without ALS when user has no tenantId in non-strict mode', async () => {
+    const req = mockReq({ role: 'user' });
+    const res = mockRes();
+
+    const tenantId = await runMiddleware(req, res);
+    expect(tenantId).toBeUndefined();
+  });
+
+  it('returns 403 when user has no tenantId in strict mode', () => {
+    process.env.TENANT_ISOLATION_STRICT = 'true';
+    _resetTenantMiddlewareStrictCache();
+
+    const req = mockReq({ role: 'user' });
+    const res = mockRes();
+    const next: NextFunction = jest.fn();
+
+    tenantContextMiddleware(req, res, next);
+
+    expect(res.status).toHaveBeenCalledWith(403);
+    expect(res.json).toHaveBeenCalledWith(
+      expect.objectContaining({ error: expect.stringContaining('Tenant context required') }),
+    );
+    expect(next).not.toHaveBeenCalled();
+  });
+
+  it('allows authenticated requests with tenantId in strict mode', async () => {
+    process.env.TENANT_ISOLATION_STRICT = 'true';
+    _resetTenantMiddlewareStrictCache();
+
+    const req = mockReq({ tenantId: 'tenant-y', role: 'admin' });
+    const res = mockRes();
+
+    const tenantId = await runMiddleware(req, res);
+    expect(tenantId).toBe('tenant-y');
+  });
+
+  it('different requests get independent tenant contexts', async () => {
+    const runRequest = (tid: string) => {
+      const req = mockReq({ tenantId: tid, role: 'user' });
+      const res = mockRes();
+      return runMiddleware(req, res);
+    };
+
+    const results = await Promise.all([runRequest('tenant-1'), runRequest('tenant-2')]);
+
+    expect(results).toHaveLength(2);
+    expect(results).toContain('tenant-1');
+    expect(results).toContain('tenant-2');
+  });
+});
diff --git a/packages/api/src/middleware/balance.ts b/packages/api/src/middleware/balance.ts
index 8c6b149cdd..19719680ec 100644
--- a/packages/api/src/middleware/balance.ts
+++ b/packages/api/src/middleware/balance.ts
@@ -12,7 +12,11 @@ import type { BalanceUpdateFields } from '~/types';
 import { getBalanceConfig } from '~/app/config';
 
 export interface BalanceMiddlewareOptions {
-  getAppConfig: (options?: { role?: string; refresh?: boolean }) => Promise<AppConfig>;
+  getAppConfig: (options?: {
+    role?: string;
+    tenantId?: string;
+    refresh?: boolean;
+  }) => Promise<AppConfig>;
   findBalanceByUser: (userId: string) => Promise<IBalance | null>;
   upsertBalanceFields: (userId: string, fields: IBalanceUpdate) => Promise<IBalance | null>;
 }
@@ -92,7 +96,10 @@ export function createSetBalanceConfig({
   return async (req: ServerRequest, res: ServerResponse, next: NextFunction): Promise<void> => {
     try {
       const user = req.user as IUser & { _id: string | ObjectId };
-      const appConfig = await getAppConfig({ role: user?.role });
+      const appConfig = await getAppConfig({
+        role: user?.role,
+        tenantId: user?.tenantId,
+      });
       const balanceConfig = getBalanceConfig(appConfig);
       if (!balanceConfig?.enabled) {
         return next();
diff --git a/packages/api/src/middleware/capabilities.spec.ts b/packages/api/src/middleware/capabilities.spec.ts
index 75d3142369..bfcc43f43d 100644
--- a/packages/api/src/middleware/capabilities.spec.ts
+++ b/packages/api/src/middleware/capabilities.spec.ts
@@ -11,6 +11,7 @@ import { generateCapabilityCheck } from './capabilities';
 jest.mock('@librechat/data-schemas', () => ({
   ...jest.requireActual('@librechat/data-schemas'),
   logger: {
+    warn: jest.fn(),
     error: jest.fn(),
   },
 }));
diff --git a/packages/api/src/middleware/capabilities.ts b/packages/api/src/middleware/capabilities.ts
index c06a90ac8e..7be93888c7 100644
--- a/packages/api/src/middleware/capabilities.ts
+++ b/packages/api/src/middleware/capabilities.ts
@@ -6,19 +6,17 @@ import {
   SystemCapabilities,
   readConfigCapability,
 } from '@librechat/data-schemas';
-import type { PrincipalType } from 'librechat-data-provider';
 import type { SystemCapability, ConfigSection } from '@librechat/data-schemas';
 import type { NextFunction, Response } from 'express';
-import type { Types } from 'mongoose';
+import type { Types, ClientSession } from 'mongoose';
+import type { ResolvedPrincipal } from '~/types/principal';
 import type { ServerRequest } from '~/types/http';
 
-interface ResolvedPrincipal {
-  principalType: PrincipalType;
-  principalId?: string | Types.ObjectId;
-}
-
 interface CapabilityDeps {
-  getUserPrincipals: (params: { userId: string; role: string }) => Promise<ResolvedPrincipal[]>;
+  getUserPrincipals: (
+    params: { userId: string | Types.ObjectId; role?: string | null },
+    session?: ClientSession,
+  ) => Promise<ResolvedPrincipal[]>;
   hasCapabilityForPrincipals: (params: {
     principals: ResolvedPrincipal[];
     capability: SystemCapability;
@@ -26,7 +24,7 @@ interface CapabilityDeps {
   }) => Promise<boolean>;
 }
 
-interface CapabilityUser {
+export interface CapabilityUser {
   id: string;
   role: string;
   tenantId?: string;
@@ -48,7 +46,7 @@ export type RequireCapabilityFn = (
 
 export type HasConfigCapabilityFn = (
   user: CapabilityUser,
-  section: ConfigSection,
+  section: ConfigSection | null,
   verb?: 'manage' | 'read',
 ) => Promise<boolean>;
 
@@ -77,6 +75,20 @@ export function capabilityContextMiddleware(
   capabilityStore.run({ principals: new Map(), results: new Map() }, next);
 }
 
+/**
+ * Reads principals from the per-request ALS cache without side effects.
+ * Returns `undefined` when called outside a request context or before
+ * `requireCapability` has populated the cache for this user.
+ */
+export function getCachedPrincipals(user: CapabilityUser): ResolvedPrincipal[] | undefined {
+  const store = capabilityStore.getStore();
+  if (!store) {
+    return undefined;
+  }
+  const key = `${user.id}:${user.role}:${user.tenantId ?? ''}`;
+  return store.principals.get(key);
+}
+
 /**
  * Factory that creates `hasCapability` and `requireCapability` with injected
  * database methods. Follows the same dependency-injection pattern as
@@ -138,11 +150,14 @@ export function generateCapabilityCheck(deps: CapabilityDeps): {
    */
   async function hasConfigCapability(
     user: CapabilityUser,
-    section: ConfigSection,
+    section: ConfigSection | null,
     verb: 'manage' | 'read' = 'manage',
   ): Promise<boolean> {
     const broadCap =
       verb === 'manage' ? SystemCapabilities.MANAGE_CONFIGS : SystemCapabilities.READ_CONFIGS;
+    if (section == null) {
+      return hasCapability(user, broadCap);
+    }
     if (await hasCapability(user, broadCap)) {
       return true;
     }
@@ -176,6 +191,7 @@ export function generateCapabilityCheck(deps: CapabilityDeps): {
           return;
         }
 
+        logger.warn(`[requireCapability] Forbidden: user ${id} missing capability '${capability}'`);
         res.status(403).json({ message: 'Forbidden' });
       } catch (err) {
         logger.error(`[requireCapability] Error checking capability: ${capability}`, err);
diff --git a/packages/api/src/middleware/checkBalance.spec.ts b/packages/api/src/middleware/checkBalance.spec.ts
new file mode 100644
index 0000000000..8d272d2e60
--- /dev/null
+++ b/packages/api/src/middleware/checkBalance.spec.ts
@@ -0,0 +1,266 @@
+import { ViolationTypes } from 'librechat-data-provider';
+import type { Response } from 'express';
+import type { CheckBalanceDeps } from './checkBalance';
+import type { ServerRequest } from '~/types/http';
+import { checkBalance } from './checkBalance';
+
+jest.mock('@librechat/data-schemas', () => ({
+  ...jest.requireActual('@librechat/data-schemas'),
+  logger: {
+    debug: jest.fn(),
+    error: jest.fn(),
+  },
+}));
+
+describe('checkBalance', () => {
+  const createMockDeps = (overrides: Partial<CheckBalanceDeps> = {}): CheckBalanceDeps => ({
+    findBalanceByUser: jest.fn().mockResolvedValue({ tokenCredits: 1000 }),
+    getMultiplier: jest.fn().mockReturnValue(1),
+    createAutoRefillTransaction: jest.fn(),
+    logViolation: jest.fn().mockResolvedValue(undefined),
+    ...overrides,
+  });
+
+  const req = { user: { id: 'user-1' } } as ServerRequest;
+  const res = {} as Response;
+
+  const baseTxData = {
+    user: 'user-1',
+    tokenType: 'prompt',
+    amount: 100,
+    endpoint: 'openAI',
+    model: 'gpt-4',
+  };
+
+  it('should return true when user has sufficient balance', async () => {
+    const deps = createMockDeps();
+
+    const result = await checkBalance({ req, res, txData: baseTxData }, deps);
+    expect(result).toBe(true);
+  });
+
+  it('should throw when user has insufficient balance', async () => {
+    const deps = createMockDeps({
+      findBalanceByUser: jest.fn().mockResolvedValue({ tokenCredits: 10 }),
+      getMultiplier: jest.fn().mockReturnValue(1),
+    });
+
+    await expect(
+      checkBalance({ req, res, txData: { ...baseTxData, amount: 100 } }, deps),
+    ).rejects.toThrow();
+
+    expect(deps.logViolation).toHaveBeenCalledWith(
+      req,
+      res,
+      ViolationTypes.TOKEN_BALANCE,
+      expect.objectContaining({ balance: 10, tokenCost: 100 }),
+      0,
+    );
+  });
+
+  describe('lazy balance initialization', () => {
+    it('should create balance record when no record exists and startBalance is configured', async () => {
+      const upsertBalanceFields = jest.fn().mockResolvedValue({ tokenCredits: 5000 });
+      const deps = createMockDeps({
+        findBalanceByUser: jest.fn().mockResolvedValue(null),
+        balanceConfig: { startBalance: 5000 },
+        upsertBalanceFields,
+      });
+
+      const result = await checkBalance({ req, res, txData: baseTxData }, deps);
+
+      expect(result).toBe(true);
+      expect(upsertBalanceFields).toHaveBeenCalledWith('user-1', {
+        user: 'user-1',
+        tokenCredits: 5000,
+      });
+    });
+
+    it('should include auto-refill fields when configured', async () => {
+      const upsertBalanceFields = jest.fn().mockResolvedValue({ tokenCredits: 5000 });
+      const deps = createMockDeps({
+        findBalanceByUser: jest.fn().mockResolvedValue(null),
+        balanceConfig: {
+          startBalance: 5000,
+          autoRefillEnabled: true,
+          refillIntervalValue: 1,
+          refillIntervalUnit: 'days',
+          refillAmount: 1000,
+        },
+        upsertBalanceFields,
+      });
+
+      await checkBalance({ req, res, txData: baseTxData }, deps);
+
+      expect(upsertBalanceFields).toHaveBeenCalledWith(
+        'user-1',
+        expect.objectContaining({
+          user: 'user-1',
+          tokenCredits: 5000,
+          autoRefillEnabled: true,
+          refillIntervalValue: 1,
+          refillIntervalUnit: 'days',
+          refillAmount: 1000,
+          lastRefill: expect.any(Date),
+        }),
+      );
+    });
+
+    it('should not include auto-refill fields when config is partial', async () => {
+      const upsertBalanceFields = jest.fn().mockResolvedValue({ tokenCredits: 5000 });
+      const deps = createMockDeps({
+        findBalanceByUser: jest.fn().mockResolvedValue(null),
+        balanceConfig: { startBalance: 5000, autoRefillEnabled: true },
+        upsertBalanceFields,
+      });
+
+      await checkBalance({ req, res, txData: baseTxData }, deps);
+
+      expect(upsertBalanceFields).toHaveBeenCalledWith('user-1', {
+        user: 'user-1',
+        tokenCredits: 5000,
+      });
+    });
+
+    it('should throw a TOKEN_BALANCE violation when lazy-initialized balance is less than token cost', async () => {
+      const upsertBalanceFields = jest.fn().mockResolvedValue({ tokenCredits: 50 });
+      const deps = createMockDeps({
+        findBalanceByUser: jest.fn().mockResolvedValue(null),
+        getMultiplier: jest.fn().mockReturnValue(1),
+        balanceConfig: { startBalance: 50 },
+        upsertBalanceFields,
+      });
+
+      await expect(
+        checkBalance({ req, res, txData: { ...baseTxData, amount: 100 } }, deps),
+      ).rejects.toThrow();
+
+      expect(upsertBalanceFields).toHaveBeenCalledWith('user-1', {
+        user: 'user-1',
+        tokenCredits: 50,
+      });
+      expect(deps.logViolation).toHaveBeenCalledWith(
+        req,
+        res,
+        ViolationTypes.TOKEN_BALANCE,
+        expect.objectContaining({ balance: 50, tokenCost: 100 }),
+        0,
+      );
+    });
+
+    it('should use DB-returned tokenCredits over raw startBalance config constant', async () => {
+      const upsertBalanceFields = jest.fn().mockResolvedValue({ tokenCredits: 3000 });
+      const deps = createMockDeps({
+        findBalanceByUser: jest.fn().mockResolvedValue(null),
+        getMultiplier: jest.fn().mockReturnValue(1),
+        balanceConfig: { startBalance: 5000 },
+        upsertBalanceFields,
+      });
+
+      await expect(
+        checkBalance({ req, res, txData: { ...baseTxData, amount: 4000 } }, deps),
+      ).rejects.toThrow();
+
+      expect(deps.logViolation).toHaveBeenCalledWith(
+        req,
+        res,
+        ViolationTypes.TOKEN_BALANCE,
+        expect.objectContaining({ balance: 3000, tokenCost: 4000 }),
+        0,
+      );
+    });
+
+    it('should throw a TOKEN_BALANCE violation when no record and no balanceConfig', async () => {
+      const deps = createMockDeps({
+        findBalanceByUser: jest.fn().mockResolvedValue(null),
+      });
+
+      await expect(checkBalance({ req, res, txData: baseTxData }, deps)).rejects.toThrow();
+      expect(deps.logViolation).toHaveBeenCalledWith(
+        req,
+        res,
+        ViolationTypes.TOKEN_BALANCE,
+        expect.objectContaining({ balance: 0 }),
+        0,
+      );
+    });
+
+    it('should throw a TOKEN_BALANCE violation when no record and startBalance is undefined', async () => {
+      const deps = createMockDeps({
+        findBalanceByUser: jest.fn().mockResolvedValue(null),
+        balanceConfig: {},
+        upsertBalanceFields: jest.fn(),
+      });
+
+      await expect(checkBalance({ req, res, txData: baseTxData }, deps)).rejects.toThrow();
+      expect(deps.upsertBalanceFields).not.toHaveBeenCalled();
+      expect(deps.logViolation).toHaveBeenCalledWith(
+        req,
+        res,
+        ViolationTypes.TOKEN_BALANCE,
+        expect.objectContaining({ balance: 0 }),
+        0,
+      );
+    });
+
+    it('should throw a TOKEN_BALANCE violation when upsertBalanceFields is not provided', async () => {
+      const deps = createMockDeps({
+        findBalanceByUser: jest.fn().mockResolvedValue(null),
+        balanceConfig: { startBalance: 5000 },
+      });
+
+      await expect(checkBalance({ req, res, txData: baseTxData }, deps)).rejects.toThrow();
+      expect(deps.logViolation).toHaveBeenCalledWith(
+        req,
+        res,
+        ViolationTypes.TOKEN_BALANCE,
+        expect.objectContaining({ balance: 0 }),
+        0,
+      );
+    });
+
+    it('should handle startBalance of 0', async () => {
+      const upsertBalanceFields = jest.fn().mockResolvedValue({ tokenCredits: 0 });
+      const deps = createMockDeps({
+        findBalanceByUser: jest.fn().mockResolvedValue(null),
+        getMultiplier: jest.fn().mockReturnValue(1),
+        balanceConfig: { startBalance: 0 },
+        upsertBalanceFields,
+      });
+
+      await expect(
+        checkBalance({ req, res, txData: { ...baseTxData, amount: 100 } }, deps),
+      ).rejects.toThrow();
+
+      expect(upsertBalanceFields).toHaveBeenCalledWith('user-1', {
+        user: 'user-1',
+        tokenCredits: 0,
+      });
+      expect(deps.logViolation).toHaveBeenCalledWith(
+        req,
+        res,
+        ViolationTypes.TOKEN_BALANCE,
+        expect.objectContaining({ balance: 0, tokenCost: 100 }),
+        0,
+      );
+    });
+
+    it('should fall back to balance: 0 when upsertBalanceFields rejects', async () => {
+      const upsertBalanceFields = jest.fn().mockRejectedValue(new Error('DB unavailable'));
+      const deps = createMockDeps({
+        findBalanceByUser: jest.fn().mockResolvedValue(null),
+        balanceConfig: { startBalance: 5000 },
+        upsertBalanceFields,
+      });
+
+      await expect(checkBalance({ req, res, txData: baseTxData }, deps)).rejects.toThrow();
+      expect(deps.logViolation).toHaveBeenCalledWith(
+        req,
+        res,
+        ViolationTypes.TOKEN_BALANCE,
+        expect.objectContaining({ balance: 0 }),
+        0,
+      );
+    });
+  });
+});
diff --git a/packages/api/src/middleware/checkBalance.ts b/packages/api/src/middleware/checkBalance.ts
index d99874dc07..d285614826 100644
--- a/packages/api/src/middleware/checkBalance.ts
+++ b/packages/api/src/middleware/checkBalance.ts
@@ -1,7 +1,8 @@
 import { logger } from '@librechat/data-schemas';
 import { ViolationTypes } from 'librechat-data-provider';
-import type { ServerRequest } from '~/types/http';
+import type { BalanceConfig, IBalanceUpdate } from '@librechat/data-schemas';
 import type { Response } from 'express';
+import type { ServerRequest } from '~/types/http';
 
 type TimeUnit = 'seconds' | 'minutes' | 'hours' | 'days' | 'weeks' | 'months';
 
@@ -38,6 +39,10 @@ export interface CheckBalanceDeps {
     errorMessage: Record<string, unknown>,
     score: number,
   ) => Promise<void>;
+  /** Balance config for lazy initialization when no record exists */
+  balanceConfig?: BalanceConfig;
+  /** Upsert function for lazy initialization when no record exists */
+  upsertBalanceFields?: (userId: string, fields: IBalanceUpdate) => Promise<BalanceRecord | null>;
 }
 
 function addIntervalToDate(date: Date, value: number, unit: TimeUnit): Date {
@@ -84,6 +89,37 @@ async function checkBalanceRecord(
 
   const record = await deps.findBalanceByUser(user);
   if (!record) {
+    if (deps.balanceConfig?.startBalance != null && deps.upsertBalanceFields) {
+      logger.debug('[Balance.check] Lazy-initializing balance record for user', {
+        user,
+        startBalance: deps.balanceConfig.startBalance,
+      });
+      try {
+        const fields: IBalanceUpdate = {
+          user,
+          tokenCredits: deps.balanceConfig.startBalance,
+        };
+        const config = deps.balanceConfig;
+        if (
+          config.autoRefillEnabled &&
+          config.refillIntervalValue != null &&
+          config.refillIntervalUnit != null &&
+          config.refillAmount != null
+        ) {
+          fields.autoRefillEnabled = config.autoRefillEnabled;
+          fields.refillIntervalValue = config.refillIntervalValue;
+          fields.refillIntervalUnit = config.refillIntervalUnit;
+          fields.refillAmount = config.refillAmount;
+          fields.lastRefill = new Date();
+        }
+        const created = await deps.upsertBalanceFields(user, fields);
+        const balance = created?.tokenCredits ?? deps.balanceConfig.startBalance;
+        return { canSpend: balance >= tokenCost, balance, tokenCost };
+      } catch (error) {
+        logger.error('[Balance.check] Failed to lazy-initialize balance record', { user, error });
+        return { canSpend: false, balance: 0, tokenCost };
+      }
+    }
     logger.debug('[Balance.check] No balance record found for user', { user });
     return { canSpend: false, balance: 0, tokenCost };
   }
diff --git a/packages/api/src/middleware/index.ts b/packages/api/src/middleware/index.ts
index a56b8e4a3e..b91fee2999 100644
--- a/packages/api/src/middleware/index.ts
+++ b/packages/api/src/middleware/index.ts
@@ -5,5 +5,7 @@ export * from './notFound';
 export * from './balance';
 export * from './json';
 export * from './capabilities';
+export { tenantContextMiddleware } from './tenant';
+export { preAuthTenantMiddleware } from './preAuthTenant';
 export * from './concurrency';
 export * from './checkBalance';
diff --git a/packages/api/src/middleware/preAuthTenant.spec.ts b/packages/api/src/middleware/preAuthTenant.spec.ts
new file mode 100644
index 0000000000..669a43c84f
--- /dev/null
+++ b/packages/api/src/middleware/preAuthTenant.spec.ts
@@ -0,0 +1,129 @@
+import { getTenantId, logger } from '@librechat/data-schemas';
+import { preAuthTenantMiddleware } from './preAuthTenant';
+import type { Request, Response, NextFunction } from 'express';
+
+jest.mock('@librechat/data-schemas', () => ({
+  ...jest.requireActual('@librechat/data-schemas'),
+  logger: {
+    warn: jest.fn(),
+    error: jest.fn(),
+    info: jest.fn(),
+    debug: jest.fn(),
+  },
+}));
+
+describe('preAuthTenantMiddleware', () => {
+  let req: { headers: Record<string, string | string[] | undefined>; ip?: string; path?: string };
+  let res: Partial<Response>;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    req = { headers: {} };
+    res = {};
+  });
+
+  it('calls next() without ALS context when no X-Tenant-Id header is present', () => {
+    let capturedTenantId: string | undefined = 'sentinel';
+    const capturedNext: NextFunction = () => {
+      capturedTenantId = getTenantId();
+    };
+
+    preAuthTenantMiddleware(req as Request, res as Response, capturedNext);
+    expect(capturedTenantId).toBeUndefined();
+  });
+
+  it('calls next() without ALS context when X-Tenant-Id header is empty', () => {
+    req.headers = { 'x-tenant-id': '' };
+    let capturedTenantId: string | undefined = 'sentinel';
+    const capturedNext: NextFunction = () => {
+      capturedTenantId = getTenantId();
+    };
+
+    preAuthTenantMiddleware(req as Request, res as Response, capturedNext);
+    expect(capturedTenantId).toBeUndefined();
+  });
+
+  it('wraps downstream in ALS context when X-Tenant-Id header is present', () => {
+    req.headers = { 'x-tenant-id': 'acme-corp' };
+    let capturedTenantId: string | undefined;
+    const capturedNext: NextFunction = () => {
+      capturedTenantId = getTenantId();
+    };
+
+    preAuthTenantMiddleware(req as Request, res as Response, capturedNext);
+    expect(capturedTenantId).toBe('acme-corp');
+  });
+
+  it('ignores __SYSTEM__ sentinel and logs warning', () => {
+    req.headers = { 'x-tenant-id': '__SYSTEM__' };
+    req.ip = '10.0.0.1';
+    req.path = '/api/config';
+    let capturedTenantId: string | undefined = 'should-be-overwritten';
+    const capturedNext: NextFunction = () => {
+      capturedTenantId = getTenantId();
+    };
+
+    preAuthTenantMiddleware(req as Request, res as Response, capturedNext);
+    expect(capturedTenantId).toBeUndefined();
+    expect(logger.warn).toHaveBeenCalledWith(
+      expect.stringContaining('__SYSTEM__'),
+      expect.objectContaining({ ip: '10.0.0.1', path: '/api/config' }),
+    );
+  });
+
+  it('ignores array-valued headers (Express can produce these)', () => {
+    req.headers = { 'x-tenant-id': ['a', 'b'] as unknown as string };
+    let capturedTenantId: string | undefined = 'sentinel';
+    const capturedNext: NextFunction = () => {
+      capturedTenantId = getTenantId();
+    };
+
+    preAuthTenantMiddleware(req as Request, res as Response, capturedNext);
+    expect(capturedTenantId).toBeUndefined();
+  });
+
+  it('ignores tenant IDs containing invalid characters and logs warning', () => {
+    req.headers = { 'x-tenant-id': 'tenant:injected' };
+    req.ip = '192.168.1.1';
+    req.path = '/api/auth/login';
+    let capturedTenantId: string | undefined = 'sentinel';
+    const capturedNext: NextFunction = () => {
+      capturedTenantId = getTenantId();
+    };
+
+    preAuthTenantMiddleware(req as Request, res as Response, capturedNext);
+    expect(capturedTenantId).toBeUndefined();
+    expect(logger.warn).toHaveBeenCalledWith(
+      expect.stringContaining('malformed'),
+      expect.objectContaining({ ip: '192.168.1.1', path: '/api/auth/login' }),
+    );
+  });
+
+  it('trims whitespace from tenant ID header', () => {
+    req.headers = { 'x-tenant-id': '  acme-corp  ' };
+    let capturedTenantId: string | undefined;
+    const capturedNext: NextFunction = () => {
+      capturedTenantId = getTenantId();
+    };
+
+    preAuthTenantMiddleware(req as Request, res as Response, capturedNext);
+    expect(capturedTenantId).toBe('acme-corp');
+  });
+
+  it('ignores tenant IDs exceeding max length and logs warning', () => {
+    req.headers = { 'x-tenant-id': 'a'.repeat(200) };
+    req.ip = '192.168.1.1';
+    req.path = '/api/share/abc';
+    let capturedTenantId: string | undefined = 'sentinel';
+    const capturedNext: NextFunction = () => {
+      capturedTenantId = getTenantId();
+    };
+
+    preAuthTenantMiddleware(req as Request, res as Response, capturedNext);
+    expect(capturedTenantId).toBeUndefined();
+    expect(logger.warn).toHaveBeenCalledWith(
+      expect.stringContaining('malformed'),
+      expect.objectContaining({ ip: '192.168.1.1', length: 200, path: '/api/share/abc' }),
+    );
+  });
+});
diff --git a/packages/api/src/middleware/preAuthTenant.ts b/packages/api/src/middleware/preAuthTenant.ts
new file mode 100644
index 0000000000..bab91f3a18
--- /dev/null
+++ b/packages/api/src/middleware/preAuthTenant.ts
@@ -0,0 +1,72 @@
+import { tenantStorage, logger, SYSTEM_TENANT_ID } from '@librechat/data-schemas';
+import type { Request, Response, NextFunction } from 'express';
+
+/**
+ * Pre-authentication tenant context middleware for unauthenticated routes.
+ *
+ * Reads the tenant identifier from the `X-Tenant-Id` request header and wraps
+ * downstream handlers in `tenantStorage.run()` so that Mongoose queries and
+ * config resolution run within the correct tenant scope.
+ *
+ * **Where to use**: Mount on routes that must be tenant-aware before
+ * authentication has occurred:
+ * - `GET /api/config` — login page needs tenant-specific config (social logins, registration)
+ * - `/api/auth/*` — login, register, password reset
+ * - `/oauth/*` — OAuth callback flows
+ * - `GET /api/share/:shareId` — public shared conversation links
+ *
+ * **How the header gets set**: The deployment's reverse proxy, auth gateway,
+ * or OpenID strategy sets `X-Tenant-Id` based on subdomain, path, or OIDC claim.
+ * This middleware does NOT resolve tenants from subdomains or tokens — that is
+ * the responsibility of the deployment layer.
+ *
+ * **Design**: Intentionally minimal. No subdomain parsing, no OIDC claim
+ * extraction, no YAML-driven strategy. Multi-tenant deployments can:
+ * 1. Set the header in the reverse proxy / ingress (simplest),
+ * 2. Replace this middleware's resolver logic entirely, or
+ * 3. Layer additional resolution on top (e.g., OpenID `tenant` claim → header).
+ *
+ * If no header is present, downstream runs without tenant ALS context (same as
+ * single-tenant mode). This preserves backward compatibility.
+ */
+const MAX_TENANT_ID_LENGTH = 128;
+const VALID_TENANT_ID = /^[-a-zA-Z0-9_.]+$/;
+
+export function preAuthTenantMiddleware(req: Request, res: Response, next: NextFunction): void {
+  const raw = req.headers['x-tenant-id'];
+
+  if (!raw || typeof raw !== 'string') {
+    next();
+    return;
+  }
+
+  const tenantId = raw.trim();
+
+  if (!tenantId) {
+    next();
+    return;
+  }
+
+  if (tenantId === SYSTEM_TENANT_ID) {
+    logger.warn('[preAuthTenant] Rejected __SYSTEM__ sentinel in X-Tenant-Id header', {
+      ip: req.ip,
+      path: req.path,
+    });
+    next();
+    return;
+  }
+
+  if (tenantId.length > MAX_TENANT_ID_LENGTH || !VALID_TENANT_ID.test(tenantId)) {
+    logger.warn('[preAuthTenant] Rejected malformed X-Tenant-Id header', {
+      ip: req.ip,
+      length: tenantId.length,
+      path: req.path,
+    });
+    next();
+    return;
+  }
+
+  return void tenantStorage.run({ tenantId }, async () => {
+    next();
+  });
+}
diff --git a/packages/api/src/middleware/tenant.ts b/packages/api/src/middleware/tenant.ts
new file mode 100644
index 0000000000..0b0e003991
--- /dev/null
+++ b/packages/api/src/middleware/tenant.ts
@@ -0,0 +1,70 @@
+import { isMainThread } from 'worker_threads';
+import { tenantStorage, logger } from '@librechat/data-schemas';
+import type { Response, NextFunction } from 'express';
+import type { ServerRequest } from '~/types/http';
+
+let _checkedThread = false;
+
+let _strictMode: boolean | undefined;
+
+function isStrict(): boolean {
+  return (_strictMode ??= process.env.TENANT_ISOLATION_STRICT === 'true');
+}
+
+/** Resets the cached strict-mode flag. Exposed for test teardown only. */
+export function _resetTenantMiddlewareStrictCache(): void {
+  _strictMode = undefined;
+}
+
+/**
+ * Express middleware that propagates the authenticated user's `tenantId` into
+ * the AsyncLocalStorage context used by the Mongoose tenant-isolation plugin.
+ *
+ * **Placement**: Chained automatically by `requireJwtAuth` after successful
+ * passport authentication (req.user is populated). Must NOT be registered at
+ * global `app.use()` scope — `req.user` is undefined at that stage.
+ *
+ * Behaviour:
+ * - Authenticated request with `tenantId` → wraps downstream in `tenantStorage.run({ tenantId })`
+ * - Authenticated request **without** `tenantId`:
+ *   - Strict mode (`TENANT_ISOLATION_STRICT=true`) → responds 403
+ *   - Non-strict (default) → passes through without ALS context (backward compat)
+ * - Unauthenticated request → no-op (calls `next()` directly)
+ */
+export function tenantContextMiddleware(
+  req: ServerRequest,
+  res: Response,
+  next: NextFunction,
+): void {
+  if (!_checkedThread) {
+    _checkedThread = true;
+    if (!isMainThread) {
+      logger.error(
+        '[tenantContextMiddleware] Running in a worker thread — ' +
+          'ALS context will not propagate. This middleware must only run in the main Express process.',
+      );
+    }
+  }
+
+  const user = req.user as { tenantId?: string } | undefined;
+
+  if (!user) {
+    next();
+    return;
+  }
+
+  const tenantId = user.tenantId;
+
+  if (!tenantId) {
+    if (isStrict()) {
+      res.status(403).json({ error: 'Tenant context required in strict isolation mode' });
+      return;
+    }
+    next();
+    return;
+  }
+
+  return void tenantStorage.run({ tenantId }, async () => {
+    next();
+  });
+}
diff --git a/packages/api/src/stream/GenerationJobManager.ts b/packages/api/src/stream/GenerationJobManager.ts
index 3e04ab734b..5993c911ff 100644
--- a/packages/api/src/stream/GenerationJobManager.ts
+++ b/packages/api/src/stream/GenerationJobManager.ts
@@ -1,4 +1,4 @@
-import { logger } from '@librechat/data-schemas';
+import { logger, getTenantId, SYSTEM_TENANT_ID } from '@librechat/data-schemas';
 import type { StandardGraph } from '@librechat/agents';
 import { parseTextParts } from 'librechat-data-provider';
 import type { Agents, TMessageContentParts } from 'librechat-data-provider';
@@ -197,7 +197,9 @@ class GenerationJobManagerClass {
     userId: string,
     conversationId?: string,
   ): Promise<t.GenerationJob> {
-    const jobData = await this.jobStore.createJob(streamId, userId, conversationId);
+    const tenantId = getTenantId();
+    const safeTenantId = tenantId && tenantId !== SYSTEM_TENANT_ID ? tenantId : undefined;
+    const jobData = await this.jobStore.createJob(streamId, userId, conversationId, safeTenantId);
 
     /**
      * Create runtime state with readyPromise.
@@ -355,6 +357,7 @@ class GenerationJobManagerClass {
       error: jobData.error,
       metadata: {
         userId: jobData.userId,
+        tenantId: jobData.tenantId,
         conversationId: jobData.conversationId,
         userMessage: jobData.userMessage,
         responseMessageId: jobData.responseMessageId,
@@ -1255,8 +1258,8 @@ class GenerationJobManagerClass {
    * @param userId - The user ID to query
    * @returns Array of conversation IDs with active jobs
    */
-  async getActiveJobIdsForUser(userId: string): Promise<string[]> {
-    return this.jobStore.getActiveJobIdsByUser(userId);
+  async getActiveJobIdsForUser(userId: string, tenantId?: string): Promise<string[]> {
+    return this.jobStore.getActiveJobIdsByUser(userId, tenantId);
   }
 
   /**
diff --git a/packages/api/src/stream/implementations/InMemoryJobStore.ts b/packages/api/src/stream/implementations/InMemoryJobStore.ts
index cc82a69963..7280c3ce80 100644
--- a/packages/api/src/stream/implementations/InMemoryJobStore.ts
+++ b/packages/api/src/stream/implementations/InMemoryJobStore.ts
@@ -70,6 +70,7 @@ export class InMemoryJobStore implements IJobStore {
     streamId: string,
     userId: string,
     conversationId?: string,
+    tenantId?: string,
   ): Promise<SerializableJobData> {
     if (this.jobs.size >= this.maxJobs) {
       await this.evictOldest();
@@ -78,6 +79,7 @@ export class InMemoryJobStore implements IJobStore {
     const job: SerializableJobData = {
       streamId,
       userId,
+      ...(tenantId && { tenantId }),
       status: 'running',
       createdAt: Date.now(),
       conversationId,
@@ -86,11 +88,12 @@ export class InMemoryJobStore implements IJobStore {
 
     this.jobs.set(streamId, job);
 
-    // Track job by userId for efficient user-scoped queries
-    let userJobs = this.userJobMap.get(userId);
+    // Track job by userId (tenant-qualified when available) for efficient user-scoped queries
+    const userKey = tenantId ? `${tenantId}:${userId}` : userId;
+    let userJobs = this.userJobMap.get(userKey);
     if (!userJobs) {
       userJobs = new Set();
-      this.userJobMap.set(userId, userJobs);
+      this.userJobMap.set(userKey, userJobs);
     }
     userJobs.add(streamId);
 
@@ -146,6 +149,17 @@ export class InMemoryJobStore implements IJobStore {
     }
 
     for (const id of toDelete) {
+      const job = this.jobs.get(id);
+      if (job) {
+        const userKey = job.tenantId ? `${job.tenantId}:${job.userId}` : job.userId;
+        const userJobs = this.userJobMap.get(userKey);
+        if (userJobs) {
+          userJobs.delete(id);
+          if (userJobs.size === 0) {
+            this.userJobMap.delete(userKey);
+          }
+        }
+      }
       await this.deleteJob(id);
     }
 
@@ -169,6 +183,17 @@ export class InMemoryJobStore implements IJobStore {
 
     if (oldestId) {
       logger.warn(`[InMemoryJobStore] Evicting oldest job: ${oldestId}`);
+      const job = this.jobs.get(oldestId);
+      if (job) {
+        const userKey = job.tenantId ? `${job.tenantId}:${job.userId}` : job.userId;
+        const userJobs = this.userJobMap.get(userKey);
+        if (userJobs) {
+          userJobs.delete(oldestId);
+          if (userJobs.size === 0) {
+            this.userJobMap.delete(userKey);
+          }
+        }
+      }
       await this.deleteJob(oldestId);
     }
   }
@@ -205,8 +230,9 @@ export class InMemoryJobStore implements IJobStore {
    * Returns conversation IDs of running jobs belonging to the user.
    * Also performs self-healing cleanup: removes stale entries for jobs that no longer exist.
    */
-  async getActiveJobIdsByUser(userId: string): Promise<string[]> {
-    const trackedIds = this.userJobMap.get(userId);
+  async getActiveJobIdsByUser(userId: string, tenantId?: string): Promise<string[]> {
+    const userKey = tenantId ? `${tenantId}:${userId}` : userId;
+    const trackedIds = this.userJobMap.get(userKey);
     if (!trackedIds || trackedIds.size === 0) {
       return [];
     }
@@ -226,7 +252,7 @@ export class InMemoryJobStore implements IJobStore {
 
     // Clean up empty set
     if (trackedIds.size === 0) {
-      this.userJobMap.delete(userId);
+      this.userJobMap.delete(userKey);
     }
 
     return activeIds;
diff --git a/packages/api/src/stream/implementations/RedisJobStore.ts b/packages/api/src/stream/implementations/RedisJobStore.ts
index 727fe066eb..a631bc2044 100644
--- a/packages/api/src/stream/implementations/RedisJobStore.ts
+++ b/packages/api/src/stream/implementations/RedisJobStore.ts
@@ -29,8 +29,9 @@ const KEYS = {
   runSteps: (streamId: string) => `stream:{${streamId}}:runsteps`,
   /** Running jobs set for cleanup (global set - single slot) */
   runningJobs: 'stream:running',
-  /** User's active jobs set: stream:user:{userId}:jobs */
-  userJobs: (userId: string) => `stream:user:{${userId}}:jobs`,
+  /** User's active jobs set, tenant-qualified when tenantId is available */
+  userJobs: (userId: string, tenantId?: string) =>
+    tenantId ? `stream:user:{${tenantId}:${userId}}:jobs` : `stream:user:{${userId}}:jobs`,
 };
 
 /**
@@ -140,10 +141,12 @@ export class RedisJobStore implements IJobStore {
     streamId: string,
     userId: string,
     conversationId?: string,
+    tenantId?: string,
   ): Promise<SerializableJobData> {
     const job: SerializableJobData = {
       streamId,
       userId,
+      ...(tenantId && { tenantId }),
       status: 'running',
       createdAt: Date.now(),
       conversationId,
@@ -151,7 +154,7 @@ export class RedisJobStore implements IJobStore {
     };
 
     const key = KEYS.job(streamId);
-    const userJobsKey = KEYS.userJobs(userId);
+    const userJobsKey = KEYS.userJobs(userId, tenantId);
 
     // For cluster mode, we can't pipeline keys on different slots
     // The job key uses hash tag {streamId}, runningJobs and userJobs are on different slots
@@ -377,8 +380,8 @@ export class RedisJobStore implements IJobStore {
    * @param userId - The user ID to query
    * @returns Array of conversation IDs with active jobs
    */
-  async getActiveJobIdsByUser(userId: string): Promise<string[]> {
-    const userJobsKey = KEYS.userJobs(userId);
+  async getActiveJobIdsByUser(userId: string, tenantId?: string): Promise<string[]> {
+    const userJobsKey = KEYS.userJobs(userId, tenantId);
     const trackedIds = await this.redis.smembers(userJobsKey);
 
     if (trackedIds.length === 0) {
@@ -868,6 +871,7 @@ export class RedisJobStore implements IJobStore {
     return {
       streamId: data.streamId,
       userId: data.userId,
+      tenantId: data.tenantId || undefined,
       status: data.status as JobStatus,
       createdAt: parseInt(data.createdAt, 10),
       completedAt: data.completedAt ? parseInt(data.completedAt, 10) : undefined,
diff --git a/packages/api/src/stream/interfaces/IJobStore.ts b/packages/api/src/stream/interfaces/IJobStore.ts
index fadddb840d..b59eed66f8 100644
--- a/packages/api/src/stream/interfaces/IJobStore.ts
+++ b/packages/api/src/stream/interfaces/IJobStore.ts
@@ -12,6 +12,7 @@ export type JobStatus = 'running' | 'complete' | 'error' | 'aborted';
 export interface SerializableJobData {
   streamId: string;
   userId: string;
+  tenantId?: string;
   status: JobStatus;
   createdAt: number;
   completedAt?: number;
@@ -149,6 +150,7 @@ export interface IJobStore {
     streamId: string,
     userId: string,
     conversationId?: string,
+    tenantId?: string,
   ): Promise<SerializableJobData>;
 
   /** Get a job by streamId (streamId === conversationId) */
@@ -186,7 +188,7 @@ export interface IJobStore {
    * @param userId - The user ID to query
    * @returns Array of conversation IDs with active jobs
    */
-  getActiveJobIdsByUser(userId: string): Promise<string[]>;
+  getActiveJobIdsByUser(userId: string, tenantId?: string): Promise<string[]>;
 
   // ===== Content State Methods =====
   // These methods manage volatile content state tied to each job.
diff --git a/packages/api/src/tools/definitions.spec.ts b/packages/api/src/tools/definitions.spec.ts
index dc58327a2e..e7ba2f5ce9 100644
--- a/packages/api/src/tools/definitions.spec.ts
+++ b/packages/api/src/tools/definitions.spec.ts
@@ -119,6 +119,39 @@ describe('definitions.ts', () => {
         expect(actionDef?.parameters).toBeUndefined();
       });
 
+      it('should not classify MCP tools with _action in name as action tools', async () => {
+        const mockGetActionToolDefinitions = jest.fn();
+        const mcpTool = 'get_action_mcp_myserver';
+
+        mockGetOrFetchMCPServerTools.mockResolvedValue({
+          tools: [
+            {
+              name: 'get_action',
+              description: 'Gets an action',
+              inputSchema: { type: 'object', properties: {} },
+            },
+          ],
+        });
+
+        const params: LoadToolDefinitionsParams = {
+          userId: 'user-123',
+          agentId: 'agent-123',
+          tools: [mcpTool],
+        };
+
+        const deps: LoadToolDefinitionsDeps = {
+          getOrFetchMCPServerTools: mockGetOrFetchMCPServerTools,
+          isBuiltInTool: mockIsBuiltInTool,
+          loadAuthValues: mockLoadAuthValues,
+          getActionToolDefinitions: mockGetActionToolDefinitions,
+        };
+
+        await loadToolDefinitions(params, deps);
+
+        expect(mockGetActionToolDefinitions).not.toHaveBeenCalled();
+        expect(mockGetOrFetchMCPServerTools).toHaveBeenCalled();
+      });
+
       it('should not call getActionToolDefinitions when no action tools present', async () => {
         const mockGetActionToolDefinitions = jest.fn();
         mockIsBuiltInTool.mockReturnValue(true);
diff --git a/packages/api/src/tools/definitions.ts b/packages/api/src/tools/definitions.ts
index 1598baee70..8ca60e9aaf 100644
--- a/packages/api/src/tools/definitions.ts
+++ b/packages/api/src/tools/definitions.ts
@@ -5,7 +5,7 @@
  * @module packages/api/src/tools/definitions
  */
 
-import { Constants, actionDelimiter } from 'librechat-data-provider';
+import { Constants, isActionTool } from 'librechat-data-provider';
 import type { AgentToolOptions } from 'librechat-data-provider';
 import type { LCToolRegistry, JsonSchemaType, LCTool, GenericTool } from '@librechat/agents';
 import type { ToolDefinition } from './classification';
@@ -99,7 +99,7 @@ export async function loadToolDefinitions(
   const mcpAllPattern = `${Constants.mcp_all}${Constants.mcp_delimiter}`;
 
   for (const toolName of tools) {
-    if (toolName.includes(actionDelimiter)) {
+    if (isActionTool(toolName)) {
       actionToolNames.push(toolName);
       continue;
     }
diff --git a/packages/api/src/types/es2024-string.d.ts b/packages/api/src/types/es2024-string.d.ts
new file mode 100644
index 0000000000..f25bc46bda
--- /dev/null
+++ b/packages/api/src/types/es2024-string.d.ts
@@ -0,0 +1,4 @@
+/** String.prototype.isWellFormed — ES2024 API, available in Node 20+ but absent from TS 5.3 lib */
+interface String {
+  isWellFormed(): boolean;
+}
diff --git a/packages/api/src/types/index.ts b/packages/api/src/types/index.ts
index 31adc3b9bb..62267a3b53 100644
--- a/packages/api/src/types/index.ts
+++ b/packages/api/src/types/index.ts
@@ -14,3 +14,4 @@ export * from './prompts';
 export * from './run';
 export * from './tokens';
 export * from './stream';
+export * from './principal';
diff --git a/packages/api/src/types/principal.ts b/packages/api/src/types/principal.ts
new file mode 100644
index 0000000000..d95ff9abc4
--- /dev/null
+++ b/packages/api/src/types/principal.ts
@@ -0,0 +1,7 @@
+import type { PrincipalType } from 'librechat-data-provider';
+import type { Types } from 'mongoose';
+
+export interface ResolvedPrincipal {
+  principalType: PrincipalType;
+  principalId?: string | Types.ObjectId;
+}
diff --git a/packages/api/src/types/stream.ts b/packages/api/src/types/stream.ts
index 068d9c8db8..dd125a1aab 100644
--- a/packages/api/src/types/stream.ts
+++ b/packages/api/src/types/stream.ts
@@ -4,6 +4,7 @@ import type { ServerSentEvent } from '~/types';
 
 export interface GenerationJobMetadata {
   userId: string;
+  tenantId?: string;
   conversationId?: string;
   /** User message data for rebuilding submission on reconnect */
   userMessage?: Agents.UserMessageMeta;
diff --git a/packages/api/src/utils/env.ts b/packages/api/src/utils/env.ts
index adeeb24b34..f71a131c09 100644
--- a/packages/api/src/utils/env.ts
+++ b/packages/api/src/utils/env.ts
@@ -84,12 +84,12 @@ export function encodeHeaderValue(value: string): string {
  */
 export function createSafeUser(
   user: IUser | null | undefined,
-): Partial<SafeUser> & { federatedTokens?: unknown } {
+): Partial<SafeUser> & { federatedTokens?: IUser['federatedTokens'] } {
   if (!user) {
     return {};
   }
 
-  const safeUser: Partial<SafeUser> & { federatedTokens?: unknown } = {};
+  const safeUser: Partial<SafeUser> & { federatedTokens?: IUser['federatedTokens'] } = {};
   for (const field of ALLOWED_USER_FIELDS) {
     if (field in user) {
       safeUser[field] = user[field];
diff --git a/packages/api/src/utils/graph.spec.ts b/packages/api/src/utils/graph.spec.ts
index 4f1fa14983..91f8a29eff 100644
--- a/packages/api/src/utils/graph.spec.ts
+++ b/packages/api/src/utils/graph.spec.ts
@@ -1,4 +1,4 @@
-import type { TUser } from 'librechat-data-provider';
+import type { IUser } from '@librechat/data-schemas';
 import type { GraphTokenResolver, GraphTokenOptions } from './graph';
 import {
   containsGraphTokenPlaceholder,
@@ -94,9 +94,9 @@ describe('Graph Token Utilities', () => {
     });
 
     it('should return false for non-object values', () => {
-      expect(recordContainsGraphTokenPlaceholder('string' as unknown as Record<string, string>)).toBe(
-        false,
-      );
+      expect(
+        recordContainsGraphTokenPlaceholder('string' as unknown as Record<string, string>),
+      ).toBe(false);
     });
   });
 
@@ -141,7 +141,7 @@ describe('Graph Token Utilities', () => {
   });
 
   describe('resolveGraphTokenPlaceholder', () => {
-    const mockUser: Partial<TUser> = {
+    const mockUser: Partial<IUser> = {
       id: 'user-123',
       provider: 'openid',
       openidId: 'oidc-sub-456',
@@ -157,7 +157,7 @@ describe('Graph Token Utilities', () => {
     it('should return original value when no placeholder is present', async () => {
       const value = 'Bearer static-token';
       const result = await resolveGraphTokenPlaceholder(value, {
-        user: mockUser as TUser,
+        user: mockUser as Partial<IUser> as IUser,
         graphTokenResolver: mockGraphTokenResolver,
       });
       expect(result).toBe('Bearer static-token');
@@ -174,7 +174,7 @@ describe('Graph Token Utilities', () => {
     it('should return original value when graphTokenResolver is not provided', async () => {
       const value = 'Bearer {{LIBRECHAT_GRAPH_ACCESS_TOKEN}}';
       const result = await resolveGraphTokenPlaceholder(value, {
-        user: mockUser as TUser,
+        user: mockUser as Partial<IUser> as IUser,
       });
       expect(result).toBe(value);
     });
@@ -184,7 +184,7 @@ describe('Graph Token Utilities', () => {
 
       const value = 'Bearer {{LIBRECHAT_GRAPH_ACCESS_TOKEN}}';
       const result = await resolveGraphTokenPlaceholder(value, {
-        user: mockUser as TUser,
+        user: mockUser as Partial<IUser> as IUser,
         graphTokenResolver: mockGraphTokenResolver,
       });
       expect(result).toBe(value);
@@ -196,7 +196,7 @@ describe('Graph Token Utilities', () => {
 
       const value = 'Bearer {{LIBRECHAT_GRAPH_ACCESS_TOKEN}}';
       const result = await resolveGraphTokenPlaceholder(value, {
-        user: mockUser as TUser,
+        user: mockUser as Partial<IUser> as IUser,
         graphTokenResolver: mockGraphTokenResolver,
       });
       expect(result).toBe(value);
@@ -208,7 +208,7 @@ describe('Graph Token Utilities', () => {
 
       const value = 'Bearer {{LIBRECHAT_GRAPH_ACCESS_TOKEN}}';
       const result = await resolveGraphTokenPlaceholder(value, {
-        user: mockUser as TUser,
+        user: mockUser as Partial<IUser> as IUser,
         graphTokenResolver: mockGraphTokenResolver,
       });
       expect(result).toBe(value);
@@ -220,7 +220,7 @@ describe('Graph Token Utilities', () => {
 
       const value = 'Bearer {{LIBRECHAT_GRAPH_ACCESS_TOKEN}}';
       const result = await resolveGraphTokenPlaceholder(value, {
-        user: mockUser as TUser,
+        user: mockUser as Partial<IUser> as IUser,
         graphTokenResolver: mockGraphTokenResolver,
       });
       expect(result).toBe('Bearer resolved-graph-token');
@@ -233,7 +233,7 @@ describe('Graph Token Utilities', () => {
       const value =
         'Primary: {{LIBRECHAT_GRAPH_ACCESS_TOKEN}}, Secondary: {{LIBRECHAT_GRAPH_ACCESS_TOKEN}}';
       const result = await resolveGraphTokenPlaceholder(value, {
-        user: mockUser as TUser,
+        user: mockUser as Partial<IUser> as IUser,
         graphTokenResolver: mockGraphTokenResolver,
       });
       expect(result).toBe('Primary: resolved-graph-token, Secondary: resolved-graph-token');
@@ -242,11 +242,13 @@ describe('Graph Token Utilities', () => {
     it('should return original value when graph token exchange fails', async () => {
       mockExtractOpenIDTokenInfo.mockReturnValue({ accessToken: 'access-token' });
       mockIsOpenIDTokenValid.mockReturnValue(true);
-      const failingResolver: GraphTokenResolver = jest.fn().mockRejectedValue(new Error('Exchange failed'));
+      const failingResolver: GraphTokenResolver = jest
+        .fn()
+        .mockRejectedValue(new Error('Exchange failed'));
 
       const value = 'Bearer {{LIBRECHAT_GRAPH_ACCESS_TOKEN}}';
       const result = await resolveGraphTokenPlaceholder(value, {
-        user: mockUser as TUser,
+        user: mockUser as Partial<IUser> as IUser,
         graphTokenResolver: failingResolver,
       });
       expect(result).toBe(value);
@@ -259,7 +261,7 @@ describe('Graph Token Utilities', () => {
 
       const value = 'Bearer {{LIBRECHAT_GRAPH_ACCESS_TOKEN}}';
       const result = await resolveGraphTokenPlaceholder(value, {
-        user: mockUser as TUser,
+        user: mockUser as Partial<IUser> as IUser,
         graphTokenResolver: emptyResolver,
       });
       expect(result).toBe(value);
@@ -271,7 +273,7 @@ describe('Graph Token Utilities', () => {
 
       const value = 'Bearer {{LIBRECHAT_GRAPH_ACCESS_TOKEN}}';
       await resolveGraphTokenPlaceholder(value, {
-        user: mockUser as TUser,
+        user: mockUser as Partial<IUser> as IUser,
         graphTokenResolver: mockGraphTokenResolver,
         scopes: 'custom-scope',
       });
@@ -286,7 +288,7 @@ describe('Graph Token Utilities', () => {
   });
 
   describe('resolveGraphTokensInRecord', () => {
-    const mockUser: Partial<TUser> = {
+    const mockUser: Partial<IUser> = {
       id: 'user-123',
       provider: 'openid',
     };
@@ -299,7 +301,7 @@ describe('Graph Token Utilities', () => {
     });
 
     const options: GraphTokenOptions = {
-      user: mockUser as TUser,
+      user: mockUser as Partial<IUser> as IUser,
       graphTokenResolver: mockGraphTokenResolver,
     };
 
@@ -348,7 +350,7 @@ describe('Graph Token Utilities', () => {
   });
 
   describe('preProcessGraphTokens', () => {
-    const mockUser: Partial<TUser> = {
+    const mockUser: Partial<IUser> = {
       id: 'user-123',
       provider: 'openid',
     };
@@ -361,7 +363,7 @@ describe('Graph Token Utilities', () => {
     });
 
     const graphOptions: GraphTokenOptions = {
-      user: mockUser as TUser,
+      user: mockUser as Partial<IUser> as IUser,
       graphTokenResolver: mockGraphTokenResolver,
     };
 
diff --git a/packages/api/src/utils/oidc.spec.ts b/packages/api/src/utils/oidc.spec.ts
index 0d7216304b..e7088d9897 100644
--- a/packages/api/src/utils/oidc.spec.ts
+++ b/packages/api/src/utils/oidc.spec.ts
@@ -1,10 +1,10 @@
 import { extractOpenIDTokenInfo, isOpenIDTokenValid, processOpenIDPlaceholders } from './oidc';
-import type { TUser } from 'librechat-data-provider';
+import type { IUser } from '@librechat/data-schemas';
 
 describe('OpenID Token Utilities', () => {
   describe('extractOpenIDTokenInfo', () => {
     it('should extract token info from user with federatedTokens', () => {
-      const user: Partial<TUser> = {
+      const user: Partial<IUser> = {
         id: 'user-123',
         provider: 'openid',
         openidId: 'oidc-sub-456',
@@ -36,7 +36,7 @@ describe('OpenID Token Utilities', () => {
     });
 
     it('should return null when user is not OpenID provider', () => {
-      const user: Partial<TUser> = {
+      const user: Partial<IUser> = {
         id: 'user-123',
         provider: 'email',
       };
@@ -46,7 +46,7 @@ describe('OpenID Token Utilities', () => {
     });
 
     it('should return token info when user has no federatedTokens but is OpenID provider', () => {
-      const user: Partial<TUser> = {
+      const user: Partial<IUser> = {
         id: 'user-123',
         provider: 'openid',
         openidId: 'oidc-sub-456',
@@ -66,7 +66,7 @@ describe('OpenID Token Utilities', () => {
     });
 
     it('should extract partial token info when some tokens are missing', () => {
-      const user: Partial<TUser> = {
+      const user: Partial<IUser> = {
         id: 'user-123',
         provider: 'openid',
         openidId: 'oidc-sub-456',
@@ -89,7 +89,7 @@ describe('OpenID Token Utilities', () => {
     });
 
     it('should prioritize openidId over regular id', () => {
-      const user: Partial<TUser> = {
+      const user: Partial<IUser> = {
         id: 'user-123',
         provider: 'openid',
         openidId: 'oidc-sub-456',
@@ -104,7 +104,7 @@ describe('OpenID Token Utilities', () => {
     });
 
     it('should fall back to regular id when openidId is not available', () => {
-      const user: Partial<TUser> = {
+      const user: Partial<IUser> = {
         id: 'user-123',
         provider: 'openid',
         federatedTokens: {
@@ -397,7 +397,7 @@ describe('OpenID Token Utilities', () => {
 
   describe('Integration: Full OpenID Token Flow', () => {
     it('should extract, validate, and process tokens correctly', () => {
-      const user: Partial<TUser> = {
+      const user: Partial<IUser> = {
         id: 'user-123',
         provider: 'openid',
         openidId: 'oidc-sub-456',
@@ -428,7 +428,7 @@ describe('OpenID Token Utilities', () => {
     });
 
     it('should resolve LIBRECHAT_OPENID_ID_TOKEN and LIBRECHAT_OPENID_ACCESS_TOKEN to different values', () => {
-      const user: Partial<TUser> = {
+      const user: Partial<IUser> = {
         id: 'user-123',
         provider: 'openid',
         openidId: 'oidc-sub-456',
@@ -457,7 +457,7 @@ describe('OpenID Token Utilities', () => {
     });
 
     it('should handle expired tokens correctly', () => {
-      const user: Partial<TUser> = {
+      const user: Partial<IUser> = {
         id: 'user-123',
         provider: 'openid',
         openidId: 'oidc-sub-456',
@@ -481,7 +481,7 @@ describe('OpenID Token Utilities', () => {
     });
 
     it('should handle user with no federatedTokens but still has OpenID provider', () => {
-      const user: Partial<TUser> = {
+      const user: Partial<IUser> = {
         id: 'user-123',
         provider: 'openid',
         openidId: 'oidc-sub-456',
@@ -499,7 +499,7 @@ describe('OpenID Token Utilities', () => {
     });
 
     it('should handle non-OpenID users', () => {
-      const user: Partial<TUser> = {
+      const user: Partial<IUser> = {
         id: 'user-123',
         provider: 'email',
       };
diff --git a/packages/api/src/utils/oidc.ts b/packages/api/src/utils/oidc.ts
index dbf41818c4..51056406c1 100644
--- a/packages/api/src/utils/oidc.ts
+++ b/packages/api/src/utils/oidc.ts
@@ -1,5 +1,5 @@
 import { logger } from '@librechat/data-schemas';
-import type { IUser } from '@librechat/data-schemas';
+import type { IUser, OIDCTokens } from '@librechat/data-schemas';
 
 export interface OpenIDTokenInfo {
   accessToken?: string;
@@ -11,14 +11,7 @@ export interface OpenIDTokenInfo {
   claims?: Record<string, unknown>;
 }
 
-interface FederatedTokens {
-  access_token?: string;
-  id_token?: string;
-  refresh_token?: string;
-  expires_at?: number;
-}
-
-function isFederatedTokens(obj: unknown): obj is FederatedTokens {
+function isFederatedTokens(obj: unknown): obj is OIDCTokens {
   if (!obj || typeof obj !== 'object') {
     return false;
   }
@@ -61,23 +54,24 @@ export function extractOpenIDTokenInfo(
 
     const tokenInfo: OpenIDTokenInfo = {};
 
-    if ('federatedTokens' in user && isFederatedTokens(user.federatedTokens)) {
-      const tokens = user.federatedTokens;
+    const federated = user.federatedTokens;
+    const openid = user.openidTokens;
+
+    if (federated && isFederatedTokens(federated)) {
       logger.debug('[extractOpenIDTokenInfo] Found federatedTokens:', {
-        has_access_token: !!tokens.access_token,
-        has_id_token: !!tokens.id_token,
-        has_refresh_token: !!tokens.refresh_token,
-        expires_at: tokens.expires_at,
+        has_access_token: !!federated.access_token,
+        has_id_token: !!federated.id_token,
+        has_refresh_token: !!federated.refresh_token,
+        expires_at: federated.expires_at,
       });
-      tokenInfo.accessToken = tokens.access_token;
-      tokenInfo.idToken = tokens.id_token;
-      tokenInfo.expiresAt = tokens.expires_at;
-    } else if ('openidTokens' in user && isFederatedTokens(user.openidTokens)) {
-      const tokens = user.openidTokens;
+      tokenInfo.accessToken = federated.access_token;
+      tokenInfo.idToken = federated.id_token;
+      tokenInfo.expiresAt = federated.expires_at;
+    } else if (openid && isFederatedTokens(openid)) {
       logger.debug('[extractOpenIDTokenInfo] Found openidTokens');
-      tokenInfo.accessToken = tokens.access_token;
-      tokenInfo.idToken = tokens.id_token;
-      tokenInfo.expiresAt = tokens.expires_at;
+      tokenInfo.accessToken = openid.access_token;
+      tokenInfo.idToken = openid.id_token;
+      tokenInfo.expiresAt = openid.expires_at;
     }
 
     tokenInfo.userId = user.openidId || user.id;
diff --git a/packages/api/src/utils/tokens.ts b/packages/api/src/utils/tokens.ts
index ae09da4f28..14215698a6 100644
--- a/packages/api/src/utils/tokens.ts
+++ b/packages/api/src/utils/tokens.ts
@@ -72,6 +72,7 @@ const mistralModels = {
   'mistral-large-2402': 127500,
   'mistral-large-2407': 127500,
   'mistral-large': 131000,
+  'mistral-large-3': 255000,
   'mistral-saba': 32000,
   'ministral-3b': 131000,
   'ministral-8b': 131000,
diff --git a/packages/api/types/index.d.ts b/packages/api/types/index.d.ts
new file mode 100644
index 0000000000..f25bc46bda
--- /dev/null
+++ b/packages/api/types/index.d.ts
@@ -0,0 +1,4 @@
+/** String.prototype.isWellFormed — ES2024 API, available in Node 20+ but absent from TS 5.3 lib */
+interface String {
+  isWellFormed(): boolean;
+}
diff --git a/packages/client/package.json b/packages/client/package.json
index 434a45121e..b4e02ce1a4 100644
--- a/packages/client/package.json
+++ b/packages/client/package.json
@@ -108,7 +108,7 @@
     "rollup": "^4.34.9",
     "rollup-plugin-peer-deps-external": "^2.2.4",
     "rollup-plugin-postcss": "^4.0.2",
-    "rollup-plugin-typescript2": "^0.35.0",
+    "rollup-plugin-typescript2": "^0.37.0",
     "tailwindcss-radix": "^2.8.0",
     "typescript": "^5.0.0"
   }
diff --git a/packages/client/src/components/OGDialogTemplate.tsx b/packages/client/src/components/OGDialogTemplate.tsx
index 300ae5b194..2414915a4b 100644
--- a/packages/client/src/components/OGDialogTemplate.tsx
+++ b/packages/client/src/components/OGDialogTemplate.tsx
@@ -80,9 +80,8 @@ const OGDialogTemplate = forwardRef((props: DialogTemplateProps, ref: Ref<HTMLDi
     showCancelButton = true,
   } = props;
   const isLegacySelection = isSelectionProps(selection);
-  const { selectHandler, selectClasses, selectText, isLoading } = isLegacySelection
-    ? selection
-    : {};
+  const legacySelection = isLegacySelection ? selection : null;
+  const { selectHandler, selectClasses, selectText, isLoading } = legacySelection ?? {};
 
   const defaultSelect =
     'bg-gray-800 text-white transition-colors hover:bg-gray-700 disabled:cursor-not-allowed disabled:opacity-50 dark:bg-gray-200 dark:text-gray-800 dark:hover:bg-gray-200';
diff --git a/packages/client/src/svgs/FileIcon.tsx b/packages/client/src/svgs/FileIcon.tsx
index 8abc59136f..b02976bbf4 100644
--- a/packages/client/src/svgs/FileIcon.tsx
+++ b/packages/client/src/svgs/FileIcon.tsx
@@ -1,11 +1,10 @@
 import type { TFile } from 'librechat-data-provider';
-import type { ExtendedFile } from '~/common';
 
 export default function FileIcon({
   file,
   fileType,
 }: {
-  file?: Partial<ExtendedFile | TFile>;
+  file?: Partial<TFile> & { progress?: number };
   fileType: {
     fill: string;
     paths: React.FC;
diff --git a/packages/data-provider/package.json b/packages/data-provider/package.json
index a66f4eec4e..67eebf9cad 100644
--- a/packages/data-provider/package.json
+++ b/packages/data-provider/package.json
@@ -1,6 +1,6 @@
 {
   "name": "librechat-data-provider",
-  "version": "0.8.401",
+  "version": "0.8.406",
   "description": "data services for librechat apps",
   "main": "dist/index.js",
   "module": "dist/index.es.js",
@@ -18,6 +18,9 @@
       "types": "./dist/types/react-query/index.d.ts"
     }
   },
+  "files": [
+    "dist"
+  ],
   "scripts": {
     "clean": "rimraf dist",
     "build": "npm run clean && rollup -c --silent --bundleConfigAsCjs",
@@ -40,7 +43,7 @@
   },
   "homepage": "https://librechat.ai",
   "dependencies": {
-    "axios": "^1.13.5",
+    "axios": "1.13.6",
     "dayjs": "^1.11.13",
     "js-yaml": "^4.1.1",
     "zod": "^3.22.4"
@@ -54,7 +57,7 @@
     "@rollup/plugin-json": "^6.1.0",
     "@rollup/plugin-node-resolve": "^15.1.0",
     "@rollup/plugin-replace": "^5.0.5",
-    "@rollup/plugin-terser": "^0.4.4",
+    "@rollup/plugin-terser": "^1.0.0",
     "@types/jest": "^29.5.2",
     "@types/js-yaml": "^4.0.9",
     "@types/node": "^20.3.0",
@@ -66,7 +69,7 @@
     "rimraf": "^6.1.3",
     "rollup": "^4.34.9",
     "rollup-plugin-peer-deps-external": "^2.2.4",
-    "rollup-plugin-typescript2": "^0.35.0",
+    "rollup-plugin-typescript2": "^0.37.0",
     "typescript": "^5.0.4"
   },
   "peerDependencies": {
diff --git a/packages/data-provider/react-query/package-lock.json b/packages/data-provider/react-query/package-lock.json
index 02bef28d6a..5b0b6bf3f4 100644
--- a/packages/data-provider/react-query/package-lock.json
+++ b/packages/data-provider/react-query/package-lock.json
@@ -6,7 +6,7 @@
     "": {
       "name": "librechat-data-provider/react-query",
       "dependencies": {
-        "axios": "^1.13.5"
+        "axios": "1.13.6"
       }
     },
     "node_modules/asynckit": {
@@ -16,9 +16,9 @@
       "license": "MIT"
     },
     "node_modules/axios": {
-      "version": "1.13.5",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz",
-      "integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==",
+      "version": "1.13.6",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.6.tgz",
+      "integrity": "sha512-ChTCHMouEe2kn713WHbQGcuYrr6fXTBiu460OTwWrWob16g1bXn4vtz07Ope7ewMozJAnEquLk5lWQWtBig9DQ==",
       "license": "MIT",
       "dependencies": {
         "follow-redirects": "^1.15.11",
diff --git a/packages/data-provider/react-query/package.json b/packages/data-provider/react-query/package.json
index 8bdf17a83c..13f9314643 100644
--- a/packages/data-provider/react-query/package.json
+++ b/packages/data-provider/react-query/package.json
@@ -5,6 +5,6 @@
   "module": "./index.es.js",
   "types": "../dist/types/react-query/index.d.ts",
   "dependencies": {
-    "axios": "^1.13.5"
+    "axios": "1.13.6"
   }
 }
diff --git a/packages/data-provider/specs/config-schemas.spec.ts b/packages/data-provider/specs/config-schemas.spec.ts
new file mode 100644
index 0000000000..fabd35cec9
--- /dev/null
+++ b/packages/data-provider/specs/config-schemas.spec.ts
@@ -0,0 +1,254 @@
+import {
+  endpointSchema,
+  paramDefinitionSchema,
+  agentsEndpointSchema,
+  azureEndpointSchema,
+} from '../src/config';
+import { tModelSpecPresetSchema, EModelEndpoint } from '../src/schemas';
+
+describe('paramDefinitionSchema', () => {
+  it('accepts a minimal definition with only key', () => {
+    const result = paramDefinitionSchema.safeParse({ key: 'temperature' });
+    expect(result.success).toBe(true);
+  });
+
+  it('accepts a full definition with all fields', () => {
+    const result = paramDefinitionSchema.safeParse({
+      key: 'temperature',
+      type: 'number',
+      component: 'slider',
+      default: 0.7,
+      label: 'Temperature',
+      range: { min: 0, max: 2, step: 0.01 },
+      columns: 2,
+      columnSpan: 1,
+      includeInput: true,
+      descriptionSide: 'right',
+    });
+    expect(result.success).toBe(true);
+  });
+
+  it('rejects columns > 4', () => {
+    const result = paramDefinitionSchema.safeParse({
+      key: 'test',
+      columns: 5,
+    });
+    expect(result.success).toBe(false);
+  });
+
+  it('rejects columns < 1', () => {
+    const result = paramDefinitionSchema.safeParse({
+      key: 'test',
+      columns: 0,
+    });
+    expect(result.success).toBe(false);
+  });
+
+  it('rejects non-integer columns', () => {
+    const result = paramDefinitionSchema.safeParse({
+      key: 'test',
+      columns: 2.5,
+    });
+    expect(result.success).toBe(false);
+  });
+
+  it('rejects non-integer columnSpan', () => {
+    const result = paramDefinitionSchema.safeParse({
+      key: 'test',
+      columnSpan: 1.5,
+    });
+    expect(result.success).toBe(false);
+  });
+
+  it('rejects negative minTags', () => {
+    const result = paramDefinitionSchema.safeParse({
+      key: 'test',
+      minTags: -1,
+    });
+    expect(result.success).toBe(false);
+  });
+
+  it('rejects invalid descriptionSide', () => {
+    const result = paramDefinitionSchema.safeParse({
+      key: 'test',
+      descriptionSide: 'diagonal',
+    });
+    expect(result.success).toBe(false);
+  });
+
+  it('rejects invalid type enum value', () => {
+    const result = paramDefinitionSchema.safeParse({
+      key: 'test',
+      type: 'invalid',
+    });
+    expect(result.success).toBe(false);
+  });
+
+  it('rejects invalid component enum value', () => {
+    const result = paramDefinitionSchema.safeParse({
+      key: 'test',
+      component: 'wheel',
+    });
+    expect(result.success).toBe(false);
+  });
+
+  it('allows type and component to be omitted (merged from defaults at runtime)', () => {
+    const result = paramDefinitionSchema.safeParse({
+      key: 'temperature',
+      range: { min: 0, max: 2, step: 0.01 },
+    });
+    expect(result.success).toBe(true);
+    expect(result.data).not.toHaveProperty('type');
+    expect(result.data).not.toHaveProperty('component');
+  });
+});
+
+describe('tModelSpecPresetSchema', () => {
+  it('strips system/DB fields from preset', () => {
+    const result = tModelSpecPresetSchema.safeParse({
+      conversationId: 'conv-123',
+      presetId: 'preset-456',
+      title: 'My Preset',
+      defaultPreset: true,
+      order: 3,
+      isArchived: true,
+      user: 'user123',
+      messages: ['msg1'],
+      tags: ['tag1'],
+      file_ids: ['file1'],
+      expiredAt: '2026-12-31',
+      parentMessageId: 'parent1',
+      model: 'gpt-4o',
+      endpoint: EModelEndpoint.openAI,
+    });
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.data).not.toHaveProperty('conversationId');
+      expect(result.data).not.toHaveProperty('presetId');
+      expect(result.data).not.toHaveProperty('title');
+      expect(result.data).not.toHaveProperty('defaultPreset');
+      expect(result.data).not.toHaveProperty('order');
+      expect(result.data).not.toHaveProperty('isArchived');
+      expect(result.data).not.toHaveProperty('user');
+      expect(result.data).not.toHaveProperty('messages');
+      expect(result.data).not.toHaveProperty('tags');
+      expect(result.data).not.toHaveProperty('file_ids');
+      expect(result.data).not.toHaveProperty('expiredAt');
+      expect(result.data).not.toHaveProperty('parentMessageId');
+      expect(result.data).toHaveProperty('model', 'gpt-4o');
+    }
+  });
+
+  it('strips deprecated fields', () => {
+    const result = tModelSpecPresetSchema.safeParse({
+      resendImages: true,
+      chatGptLabel: 'old-label',
+      model: 'gpt-4o',
+      endpoint: EModelEndpoint.openAI,
+    });
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.data).not.toHaveProperty('resendImages');
+      expect(result.data).not.toHaveProperty('chatGptLabel');
+    }
+  });
+
+  it('strips frontend-only fields', () => {
+    const result = tModelSpecPresetSchema.safeParse({
+      greeting: 'Hello!',
+      iconURL: 'https://example.com/icon.png',
+      spec: 'some-spec',
+      presetOverride: { model: 'other' },
+      model: 'gpt-4o',
+      endpoint: EModelEndpoint.openAI,
+    });
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.data).not.toHaveProperty('greeting');
+      expect(result.data).not.toHaveProperty('iconURL');
+      expect(result.data).not.toHaveProperty('spec');
+      expect(result.data).not.toHaveProperty('presetOverride');
+    }
+  });
+
+  it('preserves valid preset fields', () => {
+    const result = tModelSpecPresetSchema.safeParse({
+      model: 'gpt-4o',
+      endpoint: EModelEndpoint.openAI,
+      temperature: 0.7,
+      topP: 0.9,
+      maxOutputTokens: 4096,
+    });
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.data.model).toBe('gpt-4o');
+      expect(result.data.temperature).toBe(0.7);
+      expect(result.data.topP).toBe(0.9);
+      expect(result.data.maxOutputTokens).toBe(4096);
+    }
+  });
+});
+
+describe('endpointSchema deprecated fields', () => {
+  const validEndpoint = {
+    name: 'CustomEndpoint',
+    apiKey: 'test-key',
+    baseURL: 'https://api.example.com',
+    models: { default: ['model-1'] },
+  };
+
+  it('silently strips deprecated summarize field', () => {
+    const result = endpointSchema.safeParse({
+      ...validEndpoint,
+      summarize: true,
+      summaryModel: 'gpt-4o',
+    });
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.data).not.toHaveProperty('summarize');
+      expect(result.data).not.toHaveProperty('summaryModel');
+    }
+  });
+
+  it('silently strips deprecated customOrder field', () => {
+    const result = endpointSchema.safeParse({
+      ...validEndpoint,
+      customOrder: 5,
+    });
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.data).not.toHaveProperty('customOrder');
+    }
+  });
+});
+
+describe('agentsEndpointSchema', () => {
+  it('does not accept baseURL', () => {
+    const result = agentsEndpointSchema.safeParse({
+      baseURL: 'https://example.com',
+    });
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.data).not.toHaveProperty('baseURL');
+    }
+  });
+});
+
+describe('azureEndpointSchema', () => {
+  it('silently strips plugins field', () => {
+    const result = azureEndpointSchema.safeParse({
+      groups: [
+        {
+          group: 'test-group',
+          apiKey: 'test-key',
+          models: { 'gpt-4': true },
+        },
+      ],
+      plugins: true,
+    });
+    expect(result.success).toBe(true);
+    if (result.success) {
+      expect(result.data).not.toHaveProperty('plugins');
+    }
+  });
+});
diff --git a/packages/data-provider/specs/filetypes.spec.ts b/packages/data-provider/specs/filetypes.spec.ts
index 39711dadd9..dba6cd4795 100644
--- a/packages/data-provider/specs/filetypes.spec.ts
+++ b/packages/data-provider/specs/filetypes.spec.ts
@@ -8,7 +8,6 @@ import {
   retrievalMimeTypes,
   excelFileTypes,
   excelMimeTypes,
-  fileConfigSchema,
   mergeFileConfig,
   mbToBytes,
 } from '../src/file-config';
@@ -126,8 +125,6 @@ describe('mergeFileConfig', () => {
   test('merges minimal update correctly', () => {
     const result = mergeFileConfig(dynamicConfigs.minimalUpdate);
     expect(result.serverFileSizeLimit).toEqual(mbToBytes(1024));
-    const parsedResult = fileConfigSchema.safeParse(result);
-    expect(parsedResult.success).toBeTruthy();
   });
 
   test('overrides default endpoint with full new configuration', () => {
@@ -136,8 +133,6 @@ describe('mergeFileConfig', () => {
     expect(result.endpoints.default.supportedMimeTypes).toEqual(
       expect.arrayContaining([new RegExp('^video/.*$')]),
     );
-    const parsedResult = fileConfigSchema.safeParse(result);
-    expect(parsedResult.success).toBeTruthy();
   });
 
   test('adds new endpoint configuration correctly', () => {
@@ -147,8 +142,6 @@ describe('mergeFileConfig', () => {
     expect(result.endpoints.newEndpoint.supportedMimeTypes).toEqual(
       expect.arrayContaining([new RegExp('^application/json$')]),
     );
-    const parsedResult = fileConfigSchema.safeParse(result);
-    expect(parsedResult.success).toBeTruthy();
   });
 
   test('disables an endpoint and sets numeric fields to 0 and empties supportedMimeTypes', () => {
diff --git a/packages/data-provider/src/config.spec.ts b/packages/data-provider/src/config.spec.ts
index 4197cb754e..6658a5af5a 100644
--- a/packages/data-provider/src/config.spec.ts
+++ b/packages/data-provider/src/config.spec.ts
@@ -1,7 +1,7 @@
 import type { TEndpointsConfig } from './types';
 import { EModelEndpoint, isDocumentSupportedProvider } from './schemas';
 import { getEndpointFileConfig, mergeFileConfig } from './file-config';
-import { resolveEndpointType } from './config';
+import { resolveEndpointType, excludedKeys } from './config';
 
 const endpointsConfig: TEndpointsConfig = {
   [EModelEndpoint.openAI]: { userProvide: false, order: 0 },
@@ -13,6 +13,16 @@ const endpointsConfig: TEndpointsConfig = {
   Gemini: { type: EModelEndpoint.custom, userProvide: false, order: 9999 },
 };
 
+describe('excludedKeys', () => {
+  it.each(['_id', 'user', 'conversationId', '__v'])('excludes system field "%s"', (field) => {
+    expect(excludedKeys.has(field)).toBe(true);
+  });
+
+  it('does not exclude tenantId (plugin-level guard owns this)', () => {
+    expect(excludedKeys.has('tenantId')).toBe(false);
+  });
+});
+
 describe('resolveEndpointType', () => {
   describe('non-agents endpoints', () => {
     it('returns the config type for a custom endpoint', () => {
diff --git a/packages/data-provider/src/config.ts b/packages/data-provider/src/config.ts
index 9bc3822c4b..ae3f5b9560 100644
--- a/packages/data-provider/src/config.ts
+++ b/packages/data-provider/src/config.ts
@@ -2,6 +2,7 @@ import { z } from 'zod';
 import type { ZodError } from 'zod';
 import type { TEndpointsConfig, TModelsConfig, TConfig } from './types';
 import { EModelEndpoint, eModelEndpointSchema, isAgentsEndpoint } from './schemas';
+import { ComponentTypes, SettingTypes, OptionTypes } from './generate';
 import { specsConfigSchema, TSpecsConfig } from './models';
 import { fileConfigSchema } from './file-config';
 import { apiBaseUrl } from './api-endpoints';
@@ -120,11 +121,11 @@ export const azureBaseSchema = z.object({
   instanceName: z.string().optional(),
   deploymentName: z.string().optional(),
   assistants: z.boolean().optional(),
-  addParams: z.record(z.any()).optional(),
+  addParams: z.record(z.union([z.string(), z.number(), z.boolean(), z.null()])).optional(),
   dropParams: z.array(z.string()).optional(),
   version: z.string().optional(),
   baseURL: z.string().optional(),
-  additionalHeaders: z.record(z.any()).optional(),
+  additionalHeaders: z.record(z.string()).optional(),
 });
 
 export type TAzureBaseSchema = z.infer<typeof azureBaseSchema>;
@@ -257,7 +258,7 @@ export const assistantEndpointSchema = baseEndpointSchema.merge(
         userIdQuery: z.boolean().optional(),
       })
       .optional(),
-    headers: z.record(z.any()).optional(),
+    headers: z.record(z.string()).optional(),
   }),
 );
 
@@ -279,6 +280,7 @@ export const defaultAgentCapabilities = [
 ];
 
 export const agentsEndpointSchema = baseEndpointSchema
+  .omit({ baseURL: true })
   .merge(
     z.object({
       /* agents specific */
@@ -305,6 +307,43 @@ export const agentsEndpointSchema = baseEndpointSchema
 
 export type TAgentsEndpoint = z.infer<typeof agentsEndpointSchema>;
 
+export const paramDefinitionSchema = z.object({
+  key: z.string(),
+  description: z.string().optional(),
+  type: z.nativeEnum(SettingTypes).optional(),
+  default: z.union([z.number(), z.boolean(), z.string(), z.array(z.string())]).optional(),
+  showLabel: z.boolean().optional(),
+  showDefault: z.boolean().optional(),
+  options: z.array(z.string()).optional(),
+  range: z
+    .object({
+      min: z.number(),
+      max: z.number(),
+      step: z.number().optional(),
+    })
+    .optional(),
+  enumMappings: z.record(z.union([z.number(), z.boolean(), z.string()])).optional(),
+  component: z.nativeEnum(ComponentTypes).optional(),
+  optionType: z.nativeEnum(OptionTypes).optional(),
+  columnSpan: z.number().int().nonnegative().optional(),
+  columns: z.number().int().min(1).max(4).optional(),
+  label: z.string().optional(),
+  placeholder: z.string().optional(),
+  labelCode: z.boolean().optional(),
+  placeholderCode: z.boolean().optional(),
+  descriptionCode: z.boolean().optional(),
+  minText: z.number().optional(),
+  maxText: z.number().optional(),
+  minTags: z.number().min(0).optional(),
+  maxTags: z.number().min(0).optional(),
+  includeInput: z.boolean().optional(),
+  descriptionSide: z.enum(['top', 'right', 'bottom', 'left']).optional(),
+  searchPlaceholder: z.string().optional(),
+  selectPlaceholder: z.string().optional(),
+  searchPlaceholderCode: z.boolean().optional(),
+  selectPlaceholderCode: z.boolean().optional(),
+});
+
 export const endpointSchema = baseEndpointSchema.merge(
   z.object({
     name: z.string().refine((value) => !eModelEndpointSchema.safeParse(value).success, {
@@ -319,23 +358,20 @@ export const endpointSchema = baseEndpointSchema.merge(
       fetch: z.boolean().optional(),
       userIdQuery: z.boolean().optional(),
     }),
-    summarize: z.boolean().optional(),
-    summaryModel: z.string().optional(),
     iconURL: z.string().optional(),
     modelDisplayLabel: z.string().optional(),
-    headers: z.record(z.any()).optional(),
-    addParams: z.record(z.any()).optional(),
+    headers: z.record(z.string()).optional(),
+    addParams: z.record(z.union([z.string(), z.number(), z.boolean(), z.null()])).optional(),
     dropParams: z.array(z.string()).optional(),
     customParams: z
       .object({
         defaultParamsEndpoint: z.string().default('custom'),
-        paramDefinitions: z.array(z.record(z.any())).optional(),
+        paramDefinitions: z.array(paramDefinitionSchema).optional(),
       })
       .strict()
       .optional(),
-    customOrder: z.number().optional(),
     directEndpoint: z.boolean().optional(),
-    titleMessageRole: z.string().optional(),
+    titleMessageRole: z.enum(['system', 'user', 'assistant']).optional(),
   }),
 );
 
@@ -344,7 +380,6 @@ export type TEndpoint = z.infer<typeof endpointSchema>;
 export const azureEndpointSchema = z
   .object({
     groups: azureGroupConfigsSchema,
-    plugins: z.boolean().optional(),
     assistants: z.boolean().optional(),
   })
   .and(
@@ -356,9 +391,6 @@ export const azureEndpointSchema = z
         titleModel: true,
         titlePrompt: true,
         titlePromptTemplate: true,
-        summarize: true,
-        summaryModel: true,
-        customOrder: true,
       })
       .partial(),
   );
@@ -501,7 +533,8 @@ const speechTab = z
       .optional()
       .or(
         z.object({
-          engineSTT: z.string().optional(),
+          /** Keep in sync with STTProviders enum (defined below — cannot reference due to eval order) */
+          engineSTT: z.enum(['openai', 'azureOpenAI']).optional(),
           languageSTT: z.string().optional(),
           autoTranscribeAudio: z.boolean().optional(),
           decibelValue: z.number().optional(),
@@ -514,11 +547,12 @@ const speechTab = z
       .optional()
       .or(
         z.object({
-          engineTTS: z.string().optional(),
+          /** Keep in sync with TTSProviders enum (defined below — cannot reference due to eval order) */
+          engineTTS: z.enum(['openai', 'azureOpenAI', 'elevenlabs', 'localai']).optional(),
           voice: z.string().optional(),
           languageTTS: z.string().optional(),
           automaticPlayback: z.boolean().optional(),
-          playbackRate: z.number().optional(),
+          playbackRate: z.number().min(0.25).max(4).optional(),
           cacheTTS: z.boolean().optional(),
         }),
       )
@@ -864,7 +898,7 @@ export const webSearchSchema = z.object({
   searchProvider: z.nativeEnum(SearchProviders).optional(),
   scraperProvider: z.nativeEnum(ScraperProviders).optional(),
   rerankerType: z.nativeEnum(RerankerTypes).optional(),
-  scraperTimeout: z.number().optional(),
+  scraperTimeout: z.number().int().nonnegative().optional(),
   safeSearch: z.nativeEnum(SafeSearchTypes).default(SafeSearchTypes.MODERATE),
   firecrawlOptions: z
     .object({
@@ -873,7 +907,7 @@ export const webSearchSchema = z.object({
       excludeTags: z.array(z.string()).optional(),
       headers: z.record(z.string()).optional(),
       waitFor: z.number().optional(),
-      timeout: z.number().optional(),
+      timeout: z.number().int().nonnegative().optional(),
       maxAge: z.number().optional(),
       mobile: z.boolean().optional(),
       skipTlsVerification: z.boolean().optional(),
@@ -942,7 +976,7 @@ export const memorySchema = z.object({
         provider: z.string(),
         model: z.string(),
         instructions: z.string().optional(),
-        model_parameters: z.record(z.any()).optional(),
+        model_parameters: z.record(z.union([z.string(), z.number(), z.boolean()])).optional(),
       }),
     ])
     .optional(),
@@ -1026,7 +1060,7 @@ export const configSchema = z.object({
   modelSpecs: specsConfigSchema.optional(),
   endpoints: z
     .object({
-      all: baseEndpointSchema.optional(),
+      all: baseEndpointSchema.omit({ baseURL: true }).optional(),
       [EModelEndpoint.openAI]: baseEndpointSchema.optional(),
       [EModelEndpoint.google]: baseEndpointSchema.optional(),
       [EModelEndpoint.anthropic]: anthropicEndpointSchema.optional(),
@@ -1238,9 +1272,6 @@ export const defaultModels = {
     'gemini-2.5-pro',
     'gemini-2.5-flash',
     'gemini-2.5-flash-lite',
-    // Gemini 2.0 Models
-    'gemini-2.0-flash-001',
-    'gemini-2.0-flash-lite',
   ],
   [EModelEndpoint.anthropic]: sharedAnthropicModels,
   [EModelEndpoint.openAI]: [
@@ -1857,8 +1888,8 @@ export enum LocalStorageKeys {
   LAST_PROMPT_CATEGORY = 'lastPromptCategory',
   /** Key for rendering User Messages as Markdown */
   ENABLE_USER_MSG_MARKDOWN = 'enableUserMsgMarkdown',
-  /** Key for displaying analysis tool code input */
-  SHOW_ANALYSIS_CODE = 'showAnalysisCode',
+  /** Key for auto-expanding tool call details */
+  AUTO_EXPAND_TOOLS = 'autoExpandTools',
   /** Last selected MCP values per conversation ID */
   LAST_MCP_ = 'LAST_MCP_',
   /** Last checked toggle for Code Interpreter API per conversation ID */
diff --git a/packages/data-provider/src/file-config.ts b/packages/data-provider/src/file-config.ts
index 32a1a28cc9..7ec184755d 100644
--- a/packages/data-provider/src/file-config.ts
+++ b/packages/data-provider/src/file-config.ts
@@ -442,22 +442,7 @@ export const fileConfig = {
   },
 };
 
-const supportedMimeTypesSchema = z
-  .array(z.any())
-  .optional()
-  .refine(
-    (mimeTypes) => {
-      if (!mimeTypes) {
-        return true;
-      }
-      return mimeTypes.every(
-        (mimeType) => mimeType instanceof RegExp || typeof mimeType === 'string',
-      );
-    },
-    {
-      message: 'Each mimeType must be a string or a RegExp object.',
-    },
-  );
+const supportedMimeTypesSchema = z.array(z.string()).optional();
 
 export const endpointFileConfigSchema = z.object({
   disabled: z.boolean().optional(),
@@ -690,22 +675,24 @@ export function mergeFileConfig(dynamic: z.infer<typeof fileConfigSchema> | unde
   }
 
   if (dynamic.ocr !== undefined) {
+    const { supportedMimeTypes: ocrMimeTypes, ...ocrRest } = dynamic.ocr;
     mergedConfig.ocr = {
       ...mergedConfig.ocr,
-      ...dynamic.ocr,
+      ...ocrRest,
     };
-    if (dynamic.ocr.supportedMimeTypes) {
-      mergedConfig.ocr.supportedMimeTypes = convertStringsToRegex(dynamic.ocr.supportedMimeTypes);
+    if (ocrMimeTypes) {
+      mergedConfig.ocr.supportedMimeTypes = convertStringsToRegex(ocrMimeTypes);
     }
   }
 
   if (dynamic.text !== undefined) {
+    const { supportedMimeTypes: textMimeTypes, ...textRest } = dynamic.text;
     mergedConfig.text = {
       ...mergedConfig.text,
-      ...dynamic.text,
+      ...textRest,
     };
-    if (dynamic.text.supportedMimeTypes) {
-      mergedConfig.text.supportedMimeTypes = convertStringsToRegex(dynamic.text.supportedMimeTypes);
+    if (textMimeTypes) {
+      mergedConfig.text.supportedMimeTypes = convertStringsToRegex(textMimeTypes);
     }
   }
 
diff --git a/packages/data-provider/src/mcp.ts b/packages/data-provider/src/mcp.ts
index 3ad296c4ec..b22a599b9b 100644
--- a/packages/data-provider/src/mcp.ts
+++ b/packages/data-provider/src/mcp.ts
@@ -18,10 +18,10 @@ const BaseOptionsSchema = z.object({
    */
   startup: z.boolean().optional(),
   iconPath: z.string().optional(),
-  timeout: z.number().optional(),
+  timeout: z.number().int().nonnegative().optional(),
   /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
-  sseReadTimeout: z.number().positive().optional(),
-  initTimeout: z.number().optional(),
+  sseReadTimeout: z.number().int().positive().optional(),
+  initTimeout: z.number().int().nonnegative().optional(),
   /** Controls visibility in chat dropdown menu (MCPSelect) */
   chatMenu: z.boolean().optional(),
   /**
@@ -104,7 +104,7 @@ const BaseOptionsSchema = z.object({
 });
 
 export const StdioOptionsSchema = BaseOptionsSchema.extend({
-  type: z.literal('stdio').optional(),
+  type: z.literal('stdio').default('stdio'),
   /**
    * The executable to run to start the server.
    */
@@ -134,17 +134,17 @@ export const StdioOptionsSchema = BaseOptionsSchema.extend({
       return processedEnv;
     }),
   /**
-   * How to handle stderr of the child process. This matches the semantics of Node's `child_process.spawn`.
-   *
-   * @type {import('node:child_process').IOType | import('node:stream').Stream | number}
-   *
-   * The default is "inherit", meaning messages to stderr will be printed to the parent process's stderr.
+   * How to handle stderr of the child process.
+   * Accepts: 'pipe' | 'ignore' | 'inherit' | file descriptor number.
+   * Defaults to "inherit".
    */
-  stderr: z.any().optional(),
+  stderr: z
+    .union([z.enum(['pipe', 'ignore', 'inherit']), z.number().int().nonnegative()])
+    .optional(),
 });
 
 export const WebSocketOptionsSchema = BaseOptionsSchema.extend({
-  type: z.literal('websocket').optional(),
+  type: z.literal('websocket').default('websocket'),
   url: z
     .string()
     .transform((val: string) => extractEnvVariable(val))
@@ -161,7 +161,7 @@ export const WebSocketOptionsSchema = BaseOptionsSchema.extend({
 });
 
 export const SSEOptionsSchema = BaseOptionsSchema.extend({
-  type: z.literal('sse').optional(),
+  type: z.literal('sse').default('sse'),
   headers: z.record(z.string(), z.string()).optional(),
   url: z
     .string()
diff --git a/packages/data-provider/src/models.ts b/packages/data-provider/src/models.ts
index c2dbe2cf77..82c2042d8a 100644
--- a/packages/data-provider/src/models.ts
+++ b/packages/data-provider/src/models.ts
@@ -1,8 +1,8 @@
 import { z } from 'zod';
-import type { TPreset } from './schemas';
+import type { TModelSpecPreset } from './schemas';
 import {
   EModelEndpoint,
-  tPresetSchema,
+  tModelSpecPresetSchema,
   eModelEndpointSchema,
   AuthType,
   authTypeSchema,
@@ -11,7 +11,7 @@ import {
 export type TModelSpec = {
   name: string;
   label: string;
-  preset: TPreset;
+  preset: TModelSpecPreset;
   order?: number;
   default?: boolean;
   description?: string;
@@ -42,7 +42,7 @@ export type TModelSpec = {
 export const tModelSpecSchema = z.object({
   name: z.string(),
   label: z.string(),
-  preset: tPresetSchema,
+  preset: tModelSpecPresetSchema,
   order: z.number().optional(),
   default: z.boolean().optional(),
   description: z.string().optional(),
diff --git a/packages/data-provider/src/permissions.ts b/packages/data-provider/src/permissions.ts
index 7a3144c82d..58cf0df15d 100644
--- a/packages/data-provider/src/permissions.ts
+++ b/packages/data-provider/src/permissions.ts
@@ -62,6 +62,55 @@ export enum PermissionTypes {
   REMOTE_AGENTS = 'REMOTE_AGENTS',
 }
 
+/**
+ * Maps PermissionTypes to their corresponding `interface` config field names.
+ * Used to identify which interface fields seed role permissions at startup
+ * and must NOT be overridden via DB config (use the role permissions editor instead).
+ */
+export const PERMISSION_TYPE_INTERFACE_FIELDS: Record<PermissionTypes, string> = {
+  [PermissionTypes.PROMPTS]: 'prompts',
+  [PermissionTypes.AGENTS]: 'agents',
+  [PermissionTypes.BOOKMARKS]: 'bookmarks',
+  [PermissionTypes.MEMORIES]: 'memories',
+  [PermissionTypes.MULTI_CONVO]: 'multiConvo',
+  [PermissionTypes.TEMPORARY_CHAT]: 'temporaryChat',
+  [PermissionTypes.RUN_CODE]: 'runCode',
+  [PermissionTypes.WEB_SEARCH]: 'webSearch',
+  [PermissionTypes.FILE_SEARCH]: 'fileSearch',
+  [PermissionTypes.FILE_CITATIONS]: 'fileCitations',
+  [PermissionTypes.PEOPLE_PICKER]: 'peoplePicker',
+  [PermissionTypes.MARKETPLACE]: 'marketplace',
+  [PermissionTypes.MCP_SERVERS]: 'mcpServers',
+  [PermissionTypes.REMOTE_AGENTS]: 'remoteAgents',
+};
+
+/** Set of interface config field names that correspond to role permissions. */
+export const INTERFACE_PERMISSION_FIELDS = new Set(Object.values(PERMISSION_TYPE_INTERFACE_FIELDS));
+
+/**
+ * YAML sub-keys within composite interface permission fields that map to permission bits.
+ * When an interface permission field is an object, only these sub-keys are stripped from
+ * DB overrides — other sub-keys (like `placeholder`, `trustCheckbox`) are UI-only and pass through.
+ *
+ * Mapping to Permissions enum:
+ *   'use'    → Permissions.USE       (agents, prompts, mcpServers, remoteAgents, marketplace)
+ *   'create' → Permissions.CREATE    (agents, prompts, mcpServers, remoteAgents)
+ *   'share'  → Permissions.SHARE     (agents, prompts, mcpServers, remoteAgents)
+ *   'public' → Permissions.SHARE_PUBLIC (agents, prompts, mcpServers, remoteAgents)
+ *   'users'  → Permissions.VIEW_USERS   (peoplePicker only)
+ *   'groups' → Permissions.VIEW_GROUPS  (peoplePicker only)
+ *   'roles'  → Permissions.VIEW_ROLES   (peoplePicker only)
+ */
+export const PERMISSION_SUB_KEYS = new Set([
+  'use',
+  'create',
+  'share',
+  'public',
+  'users',
+  'groups',
+  'roles',
+]);
+
 /**
  * Enum for Role-Based Access Control Constants
  */
diff --git a/packages/data-provider/src/react-query/react-query-service.ts b/packages/data-provider/src/react-query/react-query-service.ts
index 9d08d9d56a..571dce5830 100644
--- a/packages/data-provider/src/react-query/react-query-service.ts
+++ b/packages/data-provider/src/react-query/react-query-service.ts
@@ -124,6 +124,7 @@ export const useUpdateUserKeysMutation = (): UseMutationResult<
   return useMutation((payload: t.TUpdateUserKeyRequest) => dataService.updateUserKey(payload), {
     onSuccess: (data, variables) => {
       queryClient.invalidateQueries([QueryKeys.name, variables.name]);
+      queryClient.invalidateQueries([QueryKeys.models]);
     },
   });
 };
@@ -142,6 +143,7 @@ export const useRevokeUserKeyMutation = (name: string): UseMutationResult<unknow
   return useMutation(() => dataService.revokeUserKey(name), {
     onSuccess: () => {
       queryClient.invalidateQueries([QueryKeys.name, name]);
+      queryClient.invalidateQueries([QueryKeys.models]);
       if (s.isAssistantsEndpoint(name)) {
         queryClient.invalidateQueries([QueryKeys.assistants, name, defaultOrderQuery]);
         queryClient.invalidateQueries([QueryKeys.assistantDocs]);
@@ -176,6 +178,7 @@ export const useRevokeAllUserKeysMutation = (): UseMutationResult<unknown> => {
       queryClient.invalidateQueries([QueryKeys.mcpTools]);
       queryClient.invalidateQueries([QueryKeys.actions]);
       queryClient.invalidateQueries([QueryKeys.tools]);
+      queryClient.invalidateQueries([QueryKeys.models]);
     },
   });
 };
diff --git a/packages/data-provider/src/schemas.ts b/packages/data-provider/src/schemas.ts
index 19ba804556..084f74af86 100644
--- a/packages/data-provider/src/schemas.ts
+++ b/packages/data-provider/src/schemas.ts
@@ -635,11 +635,15 @@ export const tMessageSchema = z.object({
       calibrationRatio: z
         .number()
         .optional()
-        .describe('EMA ratio of provider-reported vs local token estimates; seeds the pruner on subsequent runs'),
+        .describe(
+          'EMA ratio of provider-reported vs local token estimates; seeds the pruner on subsequent runs',
+        ),
       encoding: z
         .string()
         .optional()
-        .describe('Tokenizer encoding used when this ratio was computed (e.g. "claude", "o200k_base")'),
+        .describe(
+          'Tokenizer encoding used when this ratio was computed (e.g. "claude", "o200k_base")',
+        ),
     })
     .optional(),
 });
@@ -919,6 +923,30 @@ export const tQueryParamsSchema = tConversationSchema
     }),
   );
 
+/** Narrowed preset schema for use in model specs — omits system/DB/deprecated fields */
+export const tModelSpecPresetSchema = tPresetSchema.omit({
+  conversationId: true,
+  presetId: true,
+  title: true,
+  defaultPreset: true,
+  order: true,
+  isArchived: true,
+  user: true,
+  messages: true,
+  tags: true,
+  file_ids: true,
+  expiredAt: true,
+  parentMessageId: true,
+  resendImages: true,
+  chatGptLabel: true,
+  presetOverride: true,
+  greeting: true,
+  iconURL: true,
+  spec: true,
+});
+
+export type TModelSpecPreset = z.infer<typeof tModelSpecPresetSchema>;
+
 export type TPreset = z.infer<typeof tPresetSchema>;
 
 export type TSetOption = (
diff --git a/packages/data-provider/src/types.ts b/packages/data-provider/src/types.ts
index 3716f67b05..d0792c1fdf 100644
--- a/packages/data-provider/src/types.ts
+++ b/packages/data-provider/src/types.ts
@@ -366,6 +366,7 @@ export type TConfig = {
   azure?: boolean;
   availableTools?: [];
   availableRegions?: string[];
+  allowedProviders?: (string | EModelEndpoint)[];
   plugins?: Record<string, string>;
   name?: string;
   iconURL?: string;
diff --git a/packages/data-provider/src/types/assistants.ts b/packages/data-provider/src/types/assistants.ts
index 690b2e06d2..2ee30490c3 100644
--- a/packages/data-provider/src/types/assistants.ts
+++ b/packages/data-provider/src/types/assistants.ts
@@ -583,6 +583,35 @@ export type TContentData = StreamContentData & {
 
 export const actionDelimiter = '_action_';
 export const actionDomainSeparator = '---';
+/** Mirrors `Constants.mcp_delimiter`; duplicated here to avoid a circular import from `config.ts`. */
+const mcpDelimiter = '_mcp_';
+
+/**
+ * Checks whether a tool name is an OpenAPI action tool.
+ *
+ * Action format: `operationId_action_normalizedDomain`
+ * MCP format:    `toolName_mcp_serverName`
+ *
+ * Cross-delimiter collision: an MCP tool like `get_action_mcp_srv` contains
+ * `_action_` as a false positive. Guarded by checking whether `_mcp_` appears
+ * after `_action_`. In the collision case the `_mcp_` suffix always follows
+ * `_action_`; in a valid action tool whose operationId contains `_mcp_`, the
+ * `_mcp_` precedes `_action_`.
+ *
+ * Theoretical limitation: a non-RFC-compliant domain containing literal
+ * underscores that form `_mcp_` (e.g. `api_mcp_internal.com`) would produce
+ * a false negative. RFC 952/1123 prohibit underscores in hostnames, so this
+ * is not expected in practice.
+ */
+export function isActionTool(toolName: string): boolean {
+  const actionIdx = toolName.indexOf(actionDelimiter);
+  if (actionIdx < 0) {
+    return false;
+  }
+  const mcpIdx = toolName.indexOf(mcpDelimiter);
+  return mcpIdx < 0 || mcpIdx < actionIdx;
+}
+
 export const hostImageIdSuffix = '_host_copy';
 export const hostImageNamePrefix = 'host_copy_';
 
diff --git a/packages/data-schemas/package.json b/packages/data-schemas/package.json
index 0376804ad4..b257d73e59 100644
--- a/packages/data-schemas/package.json
+++ b/packages/data-schemas/package.json
@@ -1,16 +1,22 @@
 {
   "name": "@librechat/data-schemas",
-  "version": "0.0.40",
+  "version": "0.0.48",
   "description": "Mongoose schemas and models for LibreChat",
   "type": "module",
   "main": "dist/index.cjs",
   "module": "dist/index.es.js",
   "types": "./dist/types/index.d.ts",
+  "sideEffects": false,
   "exports": {
     ".": {
       "import": "./dist/index.es.js",
       "require": "./dist/index.cjs",
       "types": "./dist/types/index.d.ts"
+    },
+    "./capabilities": {
+      "import": "./dist/admin/capabilities.es.js",
+      "require": "./dist/admin/capabilities.cjs",
+      "types": "./dist/types/admin/capabilities.d.ts"
     }
   },
   "files": [
@@ -42,7 +48,7 @@
     "@rollup/plugin-json": "^6.1.0",
     "@rollup/plugin-node-resolve": "^15.1.0",
     "@rollup/plugin-replace": "^5.0.5",
-    "@rollup/plugin-terser": "^0.4.4",
+    "@rollup/plugin-terser": "^1.0.0",
     "@rollup/plugin-typescript": "^12.1.2",
     "@types/express": "^5.0.0",
     "@types/jest": "^29.5.2",
@@ -53,7 +59,7 @@
     "rimraf": "^6.1.3",
     "rollup": "^4.34.9",
     "rollup-plugin-peer-deps-external": "^2.2.4",
-    "rollup-plugin-typescript2": "^0.35.0",
+    "rollup-plugin-typescript2": "^0.37.0",
     "ts-node": "^10.9.2",
     "typescript": "^5.0.4"
   },
diff --git a/packages/data-schemas/rollup.config.js b/packages/data-schemas/rollup.config.js
index d58331feee..703630e121 100644
--- a/packages/data-schemas/rollup.config.js
+++ b/packages/data-schemas/rollup.config.js
@@ -8,14 +8,20 @@ export default {
   input: 'src/index.ts',
   output: [
     {
-      file: 'dist/index.es.js',
+      dir: 'dist',
       format: 'es',
       sourcemap: true,
+      preserveModules: true,
+      preserveModulesRoot: 'src',
+      entryFileNames: '[name].es.js',
     },
     {
-      file: 'dist/index.cjs',
+      dir: 'dist',
       format: 'cjs',
       sourcemap: true,
+      preserveModules: true,
+      preserveModulesRoot: 'src',
+      entryFileNames: '[name].cjs',
     },
   ],
   plugins: [
diff --git a/packages/data-schemas/src/admin/capabilities.spec.ts b/packages/data-schemas/src/admin/capabilities.spec.ts
new file mode 100644
index 0000000000..fe6222a5d4
--- /dev/null
+++ b/packages/data-schemas/src/admin/capabilities.spec.ts
@@ -0,0 +1,38 @@
+import { SystemCapabilities, isValidCapability } from './capabilities';
+
+describe('isValidCapability', () => {
+  it.each(Object.values(SystemCapabilities))('accepts base capability: %s', (cap) => {
+    expect(isValidCapability(cap)).toBe(true);
+  });
+
+  it.each(['manage:configs:endpoints', 'read:configs:registration', 'manage:configs:speech'])(
+    'accepts section-level capability: %s',
+    (cap) => {
+      expect(isValidCapability(cap)).toBe(true);
+    },
+  );
+
+  it.each(['assign:configs:user', 'assign:configs:group', 'assign:configs:role'])(
+    'accepts assignment capability: %s',
+    (cap) => {
+      expect(isValidCapability(cap)).toBe(true);
+    },
+  );
+
+  it.each([
+    '',
+    'fake',
+    'god:mode',
+    'manage:configs:',
+    'manage:configs: spaces',
+    'manage:configs:a:b',
+    'delete:configs:endpoints',
+    'assign:configs:admin',
+    'assign:configs:',
+    'MANAGE:USERS',
+    'manage:users:extra',
+    'read:configs:end points',
+  ])('rejects invalid capability: "%s"', (cap) => {
+    expect(isValidCapability(cap)).toBe(false);
+  });
+});
diff --git a/packages/data-schemas/src/admin/capabilities.ts b/packages/data-schemas/src/admin/capabilities.ts
new file mode 100644
index 0000000000..44b9eaab4c
--- /dev/null
+++ b/packages/data-schemas/src/admin/capabilities.ts
@@ -0,0 +1,217 @@
+import { ResourceType } from 'librechat-data-provider';
+import type {
+  BaseSystemCapability,
+  SystemCapability,
+  ConfigSection,
+  CapabilityCategory,
+} from '~/types/admin';
+
+// ---------------------------------------------------------------------------
+// System Capabilities
+// ---------------------------------------------------------------------------
+
+/**
+ * The canonical set of base system capabilities.
+ *
+ * These are used by the admin panel and LibreChat API to gate access to
+ * admin features. Config-section-derived capabilities (e.g.
+ * `manage:configs:endpoints`) are built on top of these where the
+ * configSchema is available.
+ */
+export const SystemCapabilities = {
+  ACCESS_ADMIN: 'access:admin',
+  READ_USERS: 'read:users',
+  MANAGE_USERS: 'manage:users',
+  READ_GROUPS: 'read:groups',
+  MANAGE_GROUPS: 'manage:groups',
+  READ_ROLES: 'read:roles',
+  MANAGE_ROLES: 'manage:roles',
+  READ_CONFIGS: 'read:configs',
+  MANAGE_CONFIGS: 'manage:configs',
+  ASSIGN_CONFIGS: 'assign:configs',
+  READ_USAGE: 'read:usage',
+  READ_AGENTS: 'read:agents',
+  MANAGE_AGENTS: 'manage:agents',
+  MANAGE_MCP_SERVERS: 'manage:mcpservers',
+  READ_PROMPTS: 'read:prompts',
+  MANAGE_PROMPTS: 'manage:prompts',
+  /** Reserved — not yet enforced by any middleware. */
+  READ_ASSISTANTS: 'read:assistants',
+  MANAGE_ASSISTANTS: 'manage:assistants',
+} as const;
+
+/**
+ * Capabilities that are implied by holding a broader capability.
+ * e.g. `MANAGE_USERS` implies `READ_USERS`.
+ */
+export const CapabilityImplications: Partial<Record<BaseSystemCapability, BaseSystemCapability[]>> =
+  {
+    [SystemCapabilities.MANAGE_USERS]: [SystemCapabilities.READ_USERS],
+    [SystemCapabilities.MANAGE_GROUPS]: [SystemCapabilities.READ_GROUPS],
+    [SystemCapabilities.MANAGE_ROLES]: [SystemCapabilities.READ_ROLES],
+    [SystemCapabilities.MANAGE_CONFIGS]: [SystemCapabilities.READ_CONFIGS],
+    [SystemCapabilities.MANAGE_AGENTS]: [SystemCapabilities.READ_AGENTS],
+    [SystemCapabilities.MANAGE_PROMPTS]: [SystemCapabilities.READ_PROMPTS],
+    [SystemCapabilities.MANAGE_ASSISTANTS]: [SystemCapabilities.READ_ASSISTANTS],
+  };
+
+// ---------------------------------------------------------------------------
+// Capability validation
+// ---------------------------------------------------------------------------
+
+const baseCapabilitySet = new Set<string>(Object.values(SystemCapabilities));
+const sectionCapPattern = /^(?:manage|read):configs:\w+$/;
+const assignCapPattern = /^assign:configs:(?:user|group|role)$/;
+
+/**
+ * Runtime validator for the full `SystemCapability` union:
+ * base capabilities, section-level config capabilities, and config assignment capabilities.
+ */
+export function isValidCapability(value: string): boolean {
+  return (
+    baseCapabilitySet.has(value) || sectionCapPattern.test(value) || assignCapPattern.test(value)
+  );
+}
+
+// ---------------------------------------------------------------------------
+// Capability utility functions
+// ---------------------------------------------------------------------------
+
+/** Reverse map: for a given read capability, which manage capabilities imply it? */
+const impliedByMap: Record<string, string[]> = {};
+for (const [manage, reads] of Object.entries(CapabilityImplications)) {
+  for (const read of reads as string[]) {
+    if (!impliedByMap[read]) {
+      impliedByMap[read] = [];
+    }
+    impliedByMap[read].push(manage);
+  }
+}
+
+/**
+ * Check whether a set of held capabilities satisfies a required capability,
+ * accounting for the manage→read implication hierarchy.
+ */
+export function hasImpliedCapability(held: string[], required: string): boolean {
+  if (held.includes(required)) {
+    return true;
+  }
+  const impliers = impliedByMap[required];
+  if (impliers) {
+    for (const cap of impliers) {
+      if (held.includes(cap)) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+
+/**
+ * Given a set of directly-held capabilities, compute the full set including
+ * all implied capabilities.
+ */
+export function expandImplications(directCaps: string[]): string[] {
+  const expanded = new Set(directCaps);
+  for (const cap of directCaps) {
+    const implied = CapabilityImplications[cap as BaseSystemCapability];
+    if (implied) {
+      for (const imp of implied) {
+        expanded.add(imp);
+      }
+    }
+  }
+  return Array.from(expanded);
+}
+
+// ---------------------------------------------------------------------------
+// Resource & config capability mappings
+// ---------------------------------------------------------------------------
+
+/**
+ * Maps each ACL ResourceType to the SystemCapability that grants
+ * unrestricted management access. Typed as `Record<ResourceType, …>`
+ * so adding a new ResourceType variant causes a compile error until a
+ * capability is assigned here.
+ */
+export const ResourceCapabilityMap: Record<ResourceType, SystemCapability> = {
+  [ResourceType.AGENT]: SystemCapabilities.MANAGE_AGENTS,
+  [ResourceType.PROMPTGROUP]: SystemCapabilities.MANAGE_PROMPTS,
+  [ResourceType.MCPSERVER]: SystemCapabilities.MANAGE_MCP_SERVERS,
+  [ResourceType.REMOTE_AGENT]: SystemCapabilities.MANAGE_AGENTS,
+};
+
+/**
+ * Derives a section-level config management capability from a configSchema key.
+ * @example configCapability('endpoints') → 'manage:configs:endpoints'
+ *
+ * TODO: Section-level config capabilities are scaffolded but not yet active.
+ * To activate delegated config management:
+ *  1. Expose POST/DELETE /api/admin/grants endpoints (wiring grantCapability/revokeCapability)
+ *  2. Seed section-specific grants for delegated admin roles via those endpoints
+ *  3. Guard config write handlers with hasConfigCapability(user, section)
+ */
+export function configCapability(section: ConfigSection): `manage:configs:${ConfigSection}` {
+  return `manage:configs:${section}`;
+}
+
+/**
+ * Derives a section-level config read capability from a configSchema key.
+ * @example readConfigCapability('endpoints') → 'read:configs:endpoints'
+ */
+export function readConfigCapability(section: ConfigSection): `read:configs:${ConfigSection}` {
+  return `read:configs:${section}`;
+}
+
+// ---------------------------------------------------------------------------
+// Reserved principal IDs
+// ---------------------------------------------------------------------------
+
+/** Reserved principalId for the DB base config (overrides YAML defaults). */
+export const BASE_CONFIG_PRINCIPAL_ID = '__base__';
+
+/** Pre-defined UI categories for grouping capabilities in the admin panel. */
+export const CAPABILITY_CATEGORIES: CapabilityCategory[] = [
+  {
+    key: 'users',
+    labelKey: 'com_cap_cat_users',
+    capabilities: [SystemCapabilities.MANAGE_USERS, SystemCapabilities.READ_USERS],
+  },
+  {
+    key: 'groups',
+    labelKey: 'com_cap_cat_groups',
+    capabilities: [SystemCapabilities.MANAGE_GROUPS, SystemCapabilities.READ_GROUPS],
+  },
+  {
+    key: 'roles',
+    labelKey: 'com_cap_cat_roles',
+    capabilities: [SystemCapabilities.MANAGE_ROLES, SystemCapabilities.READ_ROLES],
+  },
+  {
+    key: 'config',
+    labelKey: 'com_cap_cat_config',
+    capabilities: [
+      SystemCapabilities.MANAGE_CONFIGS,
+      SystemCapabilities.READ_CONFIGS,
+      SystemCapabilities.ASSIGN_CONFIGS,
+    ],
+  },
+  {
+    key: 'content',
+    labelKey: 'com_cap_cat_content',
+    capabilities: [
+      SystemCapabilities.MANAGE_AGENTS,
+      SystemCapabilities.READ_AGENTS,
+      SystemCapabilities.MANAGE_PROMPTS,
+      SystemCapabilities.READ_PROMPTS,
+      SystemCapabilities.MANAGE_ASSISTANTS,
+      SystemCapabilities.READ_ASSISTANTS,
+      SystemCapabilities.MANAGE_MCP_SERVERS,
+    ],
+  },
+  {
+    key: 'system',
+    labelKey: 'com_cap_cat_system',
+    capabilities: [SystemCapabilities.ACCESS_ADMIN, SystemCapabilities.READ_USAGE],
+  },
+];
diff --git a/packages/data-schemas/src/admin/index.ts b/packages/data-schemas/src/admin/index.ts
new file mode 100644
index 0000000000..8d43daada6
--- /dev/null
+++ b/packages/data-schemas/src/admin/index.ts
@@ -0,0 +1 @@
+export * from './capabilities';
diff --git a/packages/data-schemas/src/app/index.ts b/packages/data-schemas/src/app/index.ts
index 77cb799f8c..b07a36acd0 100644
--- a/packages/data-schemas/src/app/index.ts
+++ b/packages/data-schemas/src/app/index.ts
@@ -5,3 +5,4 @@ export * from './specs';
 export * from './turnstile';
 export * from './vertex';
 export * from './web';
+export * from './resolution';
diff --git a/packages/data-schemas/src/app/resolution.spec.ts b/packages/data-schemas/src/app/resolution.spec.ts
new file mode 100644
index 0000000000..991f6afb40
--- /dev/null
+++ b/packages/data-schemas/src/app/resolution.spec.ts
@@ -0,0 +1,289 @@
+import { INTERFACE_PERMISSION_FIELDS, PermissionTypes } from 'librechat-data-provider';
+import { mergeConfigOverrides } from './resolution';
+import type { AppConfig, IConfig } from '~/types';
+
+function fakeConfig(overrides: Record<string, unknown>, priority: number): IConfig {
+  return {
+    _id: 'fake',
+    principalType: 'role',
+    principalId: 'test',
+    principalModel: 'Role',
+    priority,
+    overrides,
+    isActive: true,
+    configVersion: 1,
+  } as unknown as IConfig;
+}
+
+const baseConfig = {
+  interfaceConfig: { endpointsMenu: true, sidePanel: true },
+  registration: { enabled: true },
+  endpoints: ['openAI'],
+} as unknown as AppConfig;
+
+describe('mergeConfigOverrides', () => {
+  it('returns base config when configs array is empty', () => {
+    expect(mergeConfigOverrides(baseConfig, [])).toBe(baseConfig);
+  });
+
+  it('returns base config when configs is null/undefined', () => {
+    expect(mergeConfigOverrides(baseConfig, null as unknown as IConfig[])).toBe(baseConfig);
+    expect(mergeConfigOverrides(baseConfig, undefined as unknown as IConfig[])).toBe(baseConfig);
+  });
+
+  it('deep merges interface UI fields into interfaceConfig', () => {
+    const configs = [fakeConfig({ interface: { endpointsMenu: false } }, 10)];
+    const result = mergeConfigOverrides(baseConfig, configs) as unknown as Record<string, unknown>;
+    const iface = result.interfaceConfig as Record<string, unknown>;
+    expect(iface.endpointsMenu).toBe(false);
+    expect(iface.sidePanel).toBe(true);
+  });
+
+  it('sorts by priority — higher priority wins', () => {
+    const configs = [
+      fakeConfig({ registration: { enabled: false } }, 100),
+      fakeConfig({ registration: { enabled: true, custom: 'yes' } }, 10),
+    ];
+    const result = mergeConfigOverrides(baseConfig, configs) as unknown as Record<string, unknown>;
+    const reg = result.registration as Record<string, unknown>;
+    expect(reg.enabled).toBe(false);
+    expect(reg.custom).toBe('yes');
+  });
+
+  it('replaces arrays instead of concatenating', () => {
+    const configs = [fakeConfig({ endpoints: ['anthropic', 'google'] }, 10)];
+    const result = mergeConfigOverrides(baseConfig, configs) as unknown as Record<string, unknown>;
+    expect(result.endpoints).toEqual(['anthropic', 'google']);
+  });
+
+  it('does not mutate the base config', () => {
+    const original = JSON.parse(JSON.stringify(baseConfig));
+    const configs = [fakeConfig({ interface: { endpointsMenu: false } }, 10)];
+    mergeConfigOverrides(baseConfig, configs);
+    expect(baseConfig).toEqual(original);
+  });
+
+  it('handles null override values', () => {
+    const configs = [fakeConfig({ interface: { endpointsMenu: null } }, 10)];
+    const result = mergeConfigOverrides(baseConfig, configs) as unknown as Record<string, unknown>;
+    const iface = result.interfaceConfig as Record<string, unknown>;
+    expect(iface.endpointsMenu).toBeNull();
+  });
+
+  it('skips configs with no overrides object', () => {
+    const configs = [fakeConfig(undefined as unknown as Record<string, unknown>, 10)];
+    const result = mergeConfigOverrides(baseConfig, configs);
+    expect(result).toEqual(baseConfig);
+  });
+
+  it('strips __proto__, constructor, and prototype keys from overrides', () => {
+    const configs = [
+      fakeConfig(
+        {
+          __proto__: { polluted: true },
+          constructor: { bad: true },
+          prototype: { evil: true },
+          safe: 'ok',
+        },
+        10,
+      ),
+    ];
+    const result = mergeConfigOverrides(baseConfig, configs) as unknown as Record<string, unknown>;
+    expect(result.safe).toBe('ok');
+    expect(({} as Record<string, unknown>).polluted).toBeUndefined();
+    expect(Object.prototype.hasOwnProperty.call(result, 'constructor')).toBe(false);
+    expect(Object.prototype.hasOwnProperty.call(result, 'prototype')).toBe(false);
+  });
+
+  it('merges three priority levels in order', () => {
+    const configs = [
+      fakeConfig({ interface: { endpointsMenu: false } }, 0),
+      fakeConfig({ interface: { endpointsMenu: true, sidePanel: false } }, 10),
+      fakeConfig({ interface: { sidePanel: true } }, 100),
+    ];
+    const result = mergeConfigOverrides(baseConfig, configs) as unknown as Record<string, unknown>;
+    const iface = result.interfaceConfig as Record<string, unknown>;
+    expect(iface.endpointsMenu).toBe(true);
+    expect(iface.sidePanel).toBe(true);
+  });
+
+  it('remaps all renamed YAML keys (exhaustiveness check)', () => {
+    const base = {
+      mcpConfig: null,
+      interfaceConfig: { endpointsMenu: true },
+      turnstileConfig: {},
+    } as unknown as AppConfig;
+
+    const configs = [
+      fakeConfig(
+        {
+          mcpServers: { srv: { url: 'http://mcp' } },
+          interface: { endpointsMenu: false },
+          turnstile: { siteKey: 'key-123' },
+        },
+        10,
+      ),
+    ];
+    const result = mergeConfigOverrides(base, configs) as unknown as Record<string, unknown>;
+
+    expect(result.mcpConfig).toEqual({ srv: { url: 'http://mcp' } });
+    expect((result.interfaceConfig as Record<string, unknown>).endpointsMenu).toBe(false);
+    expect((result.turnstileConfig as Record<string, unknown>).siteKey).toBe('key-123');
+
+    expect(result.mcpServers).toBeUndefined();
+    expect(result.interface).toBeUndefined();
+    expect(result.turnstile).toBeUndefined();
+  });
+
+  it('strips interface permission fields from overrides', () => {
+    const base = {
+      interfaceConfig: { endpointsMenu: true, sidePanel: true },
+    } as unknown as AppConfig;
+
+    const configs = [
+      fakeConfig(
+        {
+          interface: {
+            endpointsMenu: false,
+            prompts: false,
+            agents: { use: false },
+            marketplace: { use: false },
+          },
+        },
+        10,
+      ),
+    ];
+    const result = mergeConfigOverrides(base, configs) as unknown as Record<string, unknown>;
+    const iface = result.interfaceConfig as Record<string, unknown>;
+
+    // UI field should be merged
+    expect(iface.endpointsMenu).toBe(false);
+    // Boolean permission fields should be stripped
+    expect(iface.prompts).toBeUndefined();
+    // Object permission fields with only permission sub-keys should be stripped
+    expect(iface.agents).toBeUndefined();
+    expect(iface.marketplace).toBeUndefined();
+    // Untouched base field preserved
+    expect(iface.sidePanel).toBe(true);
+  });
+
+  it('preserves UI sub-keys in composite permission fields like mcpServers', () => {
+    const base = {
+      interfaceConfig: {},
+    } as unknown as AppConfig;
+
+    const configs = [
+      fakeConfig(
+        {
+          interface: {
+            mcpServers: {
+              use: true,
+              create: false,
+              share: false,
+              public: false,
+              placeholder: 'Search MCP servers...',
+              trustCheckbox: { label: 'I trust this server' },
+            },
+          },
+        },
+        10,
+      ),
+    ];
+    const result = mergeConfigOverrides(base, configs) as unknown as Record<string, unknown>;
+    const iface = result.interfaceConfig as Record<string, unknown>;
+    const mcp = iface.mcpServers as Record<string, unknown>;
+
+    // UI sub-keys preserved
+    expect(mcp.placeholder).toBe('Search MCP servers...');
+    expect(mcp.trustCheckbox).toEqual({ label: 'I trust this server' });
+    // Permission sub-keys stripped
+    expect(mcp.use).toBeUndefined();
+    expect(mcp.create).toBeUndefined();
+    expect(mcp.share).toBeUndefined();
+    expect(mcp.public).toBeUndefined();
+  });
+
+  it('strips peoplePicker permission sub-keys (users, groups, roles)', () => {
+    const base = {
+      interfaceConfig: {},
+    } as unknown as AppConfig;
+
+    const configs = [
+      fakeConfig({ interface: { peoplePicker: { users: false, groups: true, roles: true } } }, 10),
+    ];
+    const result = mergeConfigOverrides(base, configs) as unknown as Record<string, unknown>;
+    const iface = result.interfaceConfig as Record<string, unknown>;
+
+    // All sub-keys are permission bits → entire field stripped
+    expect(iface.peoplePicker).toBeUndefined();
+  });
+
+  it('drops interface entirely when only permission fields are present', () => {
+    const base = {
+      interfaceConfig: { endpointsMenu: true },
+    } as unknown as AppConfig;
+
+    const configs = [fakeConfig({ interface: { prompts: false, agents: false } }, 10)];
+    const result = mergeConfigOverrides(base, configs) as unknown as Record<string, unknown>;
+    const iface = result.interfaceConfig as Record<string, unknown>;
+
+    // Base should be unchanged
+    expect(iface.endpointsMenu).toBe(true);
+    expect(iface.prompts).toBeUndefined();
+    expect(iface.agents).toBeUndefined();
+  });
+
+  it('remaps YAML-level keys to AppConfig equivalents', () => {
+    const configs = [
+      fakeConfig(
+        {
+          mcpServers: { 'test-server': { type: 'streamable-http', url: 'https://example.com' } },
+        },
+        10,
+      ),
+    ];
+    const result = mergeConfigOverrides(baseConfig, configs) as unknown as Record<string, unknown>;
+    const mcpConfig = result.mcpConfig as Record<string, unknown>;
+    expect(mcpConfig).toBeDefined();
+    expect(mcpConfig['test-server']).toEqual({
+      type: 'streamable-http',
+      url: 'https://example.com',
+    });
+    expect(result.mcpServers).toBeUndefined();
+  });
+});
+
+describe('INTERFACE_PERMISSION_FIELDS', () => {
+  it('contains all expected permission fields', () => {
+    const expected = [
+      'prompts',
+      'agents',
+      'bookmarks',
+      'memories',
+      'multiConvo',
+      'temporaryChat',
+      'runCode',
+      'webSearch',
+      'fileSearch',
+      'fileCitations',
+      'peoplePicker',
+      'marketplace',
+      'mcpServers',
+      'remoteAgents',
+    ];
+    for (const field of expected) {
+      expect(INTERFACE_PERMISSION_FIELDS.has(field)).toBe(true);
+    }
+  });
+
+  it('has one entry per PermissionType — no duplicates or missing', () => {
+    expect(INTERFACE_PERMISSION_FIELDS.size).toBe(Object.values(PermissionTypes).length);
+  });
+
+  it('does not contain UI-only fields', () => {
+    const uiFields = ['endpointsMenu', 'modelSelect', 'parameters', 'presets', 'sidePanel'];
+    for (const field of uiFields) {
+      expect(INTERFACE_PERMISSION_FIELDS.has(field)).toBe(false);
+    }
+  });
+});
diff --git a/packages/data-schemas/src/app/resolution.ts b/packages/data-schemas/src/app/resolution.ts
new file mode 100644
index 0000000000..08b4d1b12d
--- /dev/null
+++ b/packages/data-schemas/src/app/resolution.ts
@@ -0,0 +1,111 @@
+import { INTERFACE_PERMISSION_FIELDS, PERMISSION_SUB_KEYS } from 'librechat-data-provider';
+import type { TCustomConfig } from 'librechat-data-provider';
+import type { AppConfig, IConfig } from '~/types';
+
+type AnyObject = { [key: string]: unknown };
+
+const MAX_MERGE_DEPTH = 10;
+const UNSAFE_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+
+/**
+ * Maps YAML-level override keys (TCustomConfig) to their AppConfig equivalents.
+ * Overrides are stored with YAML keys but merged into the already-processed AppConfig
+ * where some fields have been renamed by AppService.
+ *
+ * When AppService renames a field, add the mapping here. Map entries are
+ * type-checked: keys must be valid TCustomConfig fields, values must be
+ * valid AppConfig fields. The runtime lookup casts string keys to satisfy
+ * strict indexing — unknown keys safely fall through via the ?? fallback.
+ */
+const OVERRIDE_KEY_MAP: Partial<Record<keyof TCustomConfig, keyof AppConfig>> = {
+  mcpServers: 'mcpConfig',
+  interface: 'interfaceConfig',
+  turnstile: 'turnstileConfig',
+};
+
+function deepMerge<T extends AnyObject>(target: T, source: AnyObject, depth = 0): T {
+  const result = { ...target } as AnyObject;
+  for (const key of Object.keys(source)) {
+    if (UNSAFE_KEYS.has(key)) {
+      continue;
+    }
+    const sourceVal = source[key];
+    const targetVal = result[key];
+    if (
+      depth < MAX_MERGE_DEPTH &&
+      sourceVal != null &&
+      typeof sourceVal === 'object' &&
+      !Array.isArray(sourceVal) &&
+      targetVal != null &&
+      typeof targetVal === 'object' &&
+      !Array.isArray(targetVal)
+    ) {
+      result[key] = deepMerge(targetVal as AnyObject, sourceVal as AnyObject, depth + 1);
+    } else {
+      result[key] = sourceVal;
+    }
+  }
+  return result as T;
+}
+
+/**
+ * Merge DB config overrides into a base AppConfig.
+ *
+ * Configs are sorted by priority ascending (lowest first, highest wins).
+ * Each config's `overrides` is deep-merged into the base config in order.
+ */
+export function mergeConfigOverrides(baseConfig: AppConfig, configs: IConfig[]): AppConfig {
+  if (!configs || configs.length === 0) {
+    return baseConfig;
+  }
+
+  const sorted = [...configs].sort((a, b) => a.priority - b.priority);
+
+  let merged = { ...baseConfig };
+  for (const config of sorted) {
+    if (config.overrides && typeof config.overrides === 'object') {
+      const remapped: AnyObject = {};
+      for (const [key, value] of Object.entries(config.overrides)) {
+        const mappedKey = OVERRIDE_KEY_MAP[key as keyof typeof OVERRIDE_KEY_MAP] ?? key;
+        if (
+          key === 'interface' &&
+          value != null &&
+          typeof value === 'object' &&
+          !Array.isArray(value)
+        ) {
+          const filtered: AnyObject = {};
+          for (const [field, fieldVal] of Object.entries(value as AnyObject)) {
+            if (!INTERFACE_PERMISSION_FIELDS.has(field)) {
+              filtered[field] = fieldVal;
+            } else if (
+              fieldVal != null &&
+              typeof fieldVal === 'object' &&
+              !Array.isArray(fieldVal)
+            ) {
+              // Composite permission field (e.g. mcpServers): strip permission
+              // sub-keys but preserve UI-only sub-keys like placeholder/trustCheckbox.
+              const uiOnly: AnyObject = {};
+              for (const [sub, subVal] of Object.entries(fieldVal as AnyObject)) {
+                if (!PERMISSION_SUB_KEYS.has(sub)) {
+                  uiOnly[sub] = subVal;
+                }
+              }
+              if (Object.keys(uiOnly).length > 0) {
+                filtered[field] = uiOnly;
+              }
+            }
+            // boolean permission fields (e.g. runCode: false) are fully stripped
+          }
+          if (Object.keys(filtered).length > 0) {
+            remapped[mappedKey] = filtered;
+          }
+        } else {
+          remapped[mappedKey] = value;
+        }
+      }
+      merged = deepMerge(merged, remapped);
+    }
+  }
+
+  return merged;
+}
diff --git a/packages/data-schemas/src/config/tenantContext.spec.ts b/packages/data-schemas/src/config/tenantContext.spec.ts
new file mode 100644
index 0000000000..7e6cc0748d
--- /dev/null
+++ b/packages/data-schemas/src/config/tenantContext.spec.ts
@@ -0,0 +1,26 @@
+import { tenantStorage, runAsSystem, scopedCacheKey } from './tenantContext';
+
+describe('scopedCacheKey', () => {
+  it('returns base key when no ALS context is set', () => {
+    expect(scopedCacheKey('MODELS_CONFIG')).toBe('MODELS_CONFIG');
+  });
+
+  it('returns base key in SYSTEM_TENANT_ID context', async () => {
+    await runAsSystem(async () => {
+      expect(scopedCacheKey('MODELS_CONFIG')).toBe('MODELS_CONFIG');
+    });
+  });
+
+  it('appends tenantId when tenant context is active', async () => {
+    await tenantStorage.run({ tenantId: 'acme' }, async () => {
+      expect(scopedCacheKey('MODELS_CONFIG')).toBe('MODELS_CONFIG:acme');
+    });
+  });
+
+  it('does not leak tenant context outside ALS scope', async () => {
+    await tenantStorage.run({ tenantId: 'acme' }, async () => {
+      expect(scopedCacheKey('KEY')).toBe('KEY:acme');
+    });
+    expect(scopedCacheKey('KEY')).toBe('KEY');
+  });
+});
diff --git a/packages/data-schemas/src/config/tenantContext.ts b/packages/data-schemas/src/config/tenantContext.ts
index e5e4376a90..eb77edb27d 100644
--- a/packages/data-schemas/src/config/tenantContext.ts
+++ b/packages/data-schemas/src/config/tenantContext.ts
@@ -26,3 +26,16 @@ export function getTenantId(): string | undefined {
 export function runAsSystem<T>(fn: () => Promise<T>): Promise<T> {
   return tenantStorage.run({ tenantId: SYSTEM_TENANT_ID }, fn);
 }
+
+/**
+ * Appends `:${tenantId}` to a cache key when a non-system tenant context is active.
+ * Returns the base key unchanged when no ALS context is set or when running
+ * inside `runAsSystem()` (SYSTEM_TENANT_ID context).
+ */
+export function scopedCacheKey(baseKey: string): string {
+  const tenantId = getTenantId();
+  if (!tenantId || tenantId === SYSTEM_TENANT_ID) {
+    return baseKey;
+  }
+  return `${baseKey}:${tenantId}`;
+}
diff --git a/packages/data-schemas/src/index.ts b/packages/data-schemas/src/index.ts
index aa92b3b2e6..1139f83f17 100644
--- a/packages/data-schemas/src/index.ts
+++ b/packages/data-schemas/src/index.ts
@@ -1,5 +1,5 @@
 export * from './app';
-export * from './systemCapabilities';
+export * from './admin';
 export * from './common';
 export * from './crypto';
 export * from './schema';
@@ -7,6 +7,7 @@ export * from './utils';
 export { createModels } from './models';
 export {
   createMethods,
+  RoleConflictError,
   DEFAULT_REFRESH_TOKEN_EXPIRY,
   DEFAULT_SESSION_EXPIRY,
   tokenValues,
@@ -18,6 +19,12 @@ export type * from './types';
 export type * from './methods';
 export { default as logger } from './config/winston';
 export { default as meiliLogger } from './config/meiliLogger';
-export { tenantStorage, getTenantId, runAsSystem, SYSTEM_TENANT_ID } from './config/tenantContext';
+export {
+  tenantStorage,
+  getTenantId,
+  runAsSystem,
+  scopedCacheKey,
+  SYSTEM_TENANT_ID,
+} from './config/tenantContext';
 export type { TenantContext } from './config/tenantContext';
 export { dropSupersededTenantIndexes, dropSupersededPromptGroupIndexes } from './migrations';
diff --git a/packages/data-schemas/src/methods/aclEntry.ts b/packages/data-schemas/src/methods/aclEntry.ts
index 82e277254a..d93693641c 100644
--- a/packages/data-schemas/src/methods/aclEntry.ts
+++ b/packages/data-schemas/src/methods/aclEntry.ts
@@ -7,7 +7,8 @@ import type {
   DeleteResult,
   Model,
 } from 'mongoose';
-import type { IAclEntry } from '~/types';
+import type { AclEntry, IAclEntry } from '~/types';
+import { tenantSafeBulkWrite } from '~/utils/tenantBulkWrite';
 
 export function createAclEntryMethods(mongoose: typeof import('mongoose')) {
   /**
@@ -374,11 +375,11 @@ export function createAclEntryMethods(mongoose: typeof import('mongoose')) {
    * @param options - Optional query options (e.g., { session })
    */
   async function bulkWriteAclEntries(
-    ops: AnyBulkWriteOperation<IAclEntry>[],
+    ops: AnyBulkWriteOperation<AclEntry>[],
     options?: { session?: ClientSession },
   ) {
     const AclEntry = mongoose.models.AclEntry as Model<IAclEntry>;
-    return AclEntry.bulkWrite(ops, options || {});
+    return tenantSafeBulkWrite(AclEntry, ops as AnyBulkWriteOperation[], options || {});
   }
 
   /**
@@ -448,7 +449,9 @@ export function createAclEntryMethods(mongoose: typeof import('mongoose')) {
       { $group: { _id: '$resourceId' } },
     ]);
 
-    const multiOwnerIds = new Set(otherOwners.map((doc: { _id: Types.ObjectId }) => doc._id.toString()));
+    const multiOwnerIds = new Set(
+      otherOwners.map((doc: { _id: Types.ObjectId }) => doc._id.toString()),
+    );
     return ownedIds.filter((id) => !multiOwnerIds.has(id.toString()));
   }
 
diff --git a/packages/data-schemas/src/methods/agentCategory.ts b/packages/data-schemas/src/methods/agentCategory.ts
index 2dd4678075..baf33207aa 100644
--- a/packages/data-schemas/src/methods/agentCategory.ts
+++ b/packages/data-schemas/src/methods/agentCategory.ts
@@ -1,5 +1,6 @@
 import type { Model, Types } from 'mongoose';
 import type { IAgentCategory } from '~/types';
+import { tenantSafeBulkWrite } from '~/utils/tenantBulkWrite';
 
 export function createAgentCategoryMethods(mongoose: typeof import('mongoose')) {
   /**
@@ -74,7 +75,7 @@ export function createAgentCategoryMethods(mongoose: typeof import('mongoose'))
       },
     }));
 
-    return await AgentCategory.bulkWrite(operations);
+    return await tenantSafeBulkWrite(AgentCategory, operations);
   }
 
   /**
@@ -241,7 +242,7 @@ export function createAgentCategoryMethods(mongoose: typeof import('mongoose'))
         },
       }));
 
-      await AgentCategory.bulkWrite(bulkOps, { ordered: false });
+      await tenantSafeBulkWrite(AgentCategory, bulkOps, { ordered: false });
     }
 
     return updates.length > 0 || created > 0;
diff --git a/packages/data-schemas/src/methods/config.spec.ts b/packages/data-schemas/src/methods/config.spec.ts
new file mode 100644
index 0000000000..8bcf73a733
--- /dev/null
+++ b/packages/data-schemas/src/methods/config.spec.ts
@@ -0,0 +1,333 @@
+import mongoose, { Types } from 'mongoose';
+import { MongoMemoryServer } from 'mongodb-memory-server';
+import { PrincipalType, PrincipalModel } from 'librechat-data-provider';
+import { createConfigMethods } from './config';
+import configSchema from '~/schema/config';
+import type { IConfig } from '~/types';
+
+let mongoServer: MongoMemoryServer;
+let methods: ReturnType<typeof createConfigMethods>;
+
+beforeAll(async () => {
+  mongoServer = await MongoMemoryServer.create();
+  await mongoose.connect(mongoServer.getUri());
+  if (!mongoose.models.Config) {
+    mongoose.model<IConfig>('Config', configSchema);
+  }
+  methods = createConfigMethods(mongoose);
+});
+
+afterAll(async () => {
+  await mongoose.disconnect();
+  await mongoServer.stop();
+});
+
+beforeEach(async () => {
+  await mongoose.models.Config.deleteMany({});
+});
+
+describe('upsertConfig', () => {
+  it('creates a new config document', async () => {
+    const result = await methods.upsertConfig(
+      PrincipalType.ROLE,
+      'admin',
+      PrincipalModel.ROLE,
+      { interface: { endpointsMenu: false } },
+      10,
+    );
+
+    expect(result).toBeTruthy();
+    expect(result!.principalType).toBe(PrincipalType.ROLE);
+    expect(result!.principalId).toBe('admin');
+    expect(result!.priority).toBe(10);
+    expect(result!.isActive).toBe(true);
+    expect(result!.configVersion).toBe(1);
+  });
+
+  it('is idempotent — second upsert updates the same doc', async () => {
+    await methods.upsertConfig(
+      PrincipalType.ROLE,
+      'admin',
+      PrincipalModel.ROLE,
+      { interface: { endpointsMenu: false } },
+      10,
+    );
+
+    await methods.upsertConfig(
+      PrincipalType.ROLE,
+      'admin',
+      PrincipalModel.ROLE,
+      { interface: { endpointsMenu: true } },
+      10,
+    );
+
+    const count = await mongoose.models.Config.countDocuments({});
+    expect(count).toBe(1);
+  });
+
+  it('increments configVersion on each upsert', async () => {
+    const first = await methods.upsertConfig(
+      PrincipalType.ROLE,
+      'admin',
+      PrincipalModel.ROLE,
+      { interface: { endpointsMenu: true } },
+      10,
+    );
+
+    const second = await methods.upsertConfig(
+      PrincipalType.ROLE,
+      'admin',
+      PrincipalModel.ROLE,
+      { interface: { endpointsMenu: false } },
+      10,
+    );
+
+    expect(first!.configVersion).toBe(1);
+    expect(second!.configVersion).toBe(2);
+  });
+
+  it('normalizes ObjectId principalId to string', async () => {
+    const oid = new Types.ObjectId();
+    await methods.upsertConfig(PrincipalType.USER, oid, PrincipalModel.USER, { cache: true }, 100);
+
+    const found = await methods.findConfigByPrincipal(PrincipalType.USER, oid.toString());
+    expect(found).toBeTruthy();
+    expect(found!.principalId).toBe(oid.toString());
+  });
+});
+
+describe('findConfigByPrincipal', () => {
+  it('finds an active config', async () => {
+    await methods.upsertConfig(
+      PrincipalType.ROLE,
+      'admin',
+      PrincipalModel.ROLE,
+      { cache: true },
+      10,
+    );
+
+    const result = await methods.findConfigByPrincipal(PrincipalType.ROLE, 'admin');
+    expect(result).toBeTruthy();
+    expect(result!.principalType).toBe(PrincipalType.ROLE);
+  });
+
+  it('returns null when no config exists', async () => {
+    const result = await methods.findConfigByPrincipal(PrincipalType.ROLE, 'nonexistent');
+    expect(result).toBeNull();
+  });
+
+  it('does not find inactive configs', async () => {
+    await methods.upsertConfig(
+      PrincipalType.ROLE,
+      'admin',
+      PrincipalModel.ROLE,
+      { cache: true },
+      10,
+    );
+    await methods.toggleConfigActive(PrincipalType.ROLE, 'admin', false);
+
+    const result = await methods.findConfigByPrincipal(PrincipalType.ROLE, 'admin');
+    expect(result).toBeNull();
+  });
+});
+
+describe('listAllConfigs', () => {
+  it('returns all configs when no filter', async () => {
+    await methods.upsertConfig(PrincipalType.ROLE, 'a', PrincipalModel.ROLE, {}, 10);
+    await methods.upsertConfig(PrincipalType.ROLE, 'b', PrincipalModel.ROLE, {}, 20);
+    await methods.toggleConfigActive(PrincipalType.ROLE, 'b', false);
+
+    const all = await methods.listAllConfigs();
+    expect(all).toHaveLength(2);
+  });
+
+  it('filters by isActive when specified', async () => {
+    await methods.upsertConfig(PrincipalType.ROLE, 'a', PrincipalModel.ROLE, {}, 10);
+    await methods.upsertConfig(PrincipalType.ROLE, 'b', PrincipalModel.ROLE, {}, 20);
+    await methods.toggleConfigActive(PrincipalType.ROLE, 'b', false);
+
+    const active = await methods.listAllConfigs({ isActive: true });
+    expect(active).toHaveLength(1);
+    expect(active[0].principalId).toBe('a');
+
+    const inactive = await methods.listAllConfigs({ isActive: false });
+    expect(inactive).toHaveLength(1);
+    expect(inactive[0].principalId).toBe('b');
+  });
+
+  it('returns configs sorted by priority ascending', async () => {
+    await methods.upsertConfig(PrincipalType.ROLE, 'high', PrincipalModel.ROLE, {}, 100);
+    await methods.upsertConfig(PrincipalType.ROLE, 'low', PrincipalModel.ROLE, {}, 0);
+    await methods.upsertConfig(PrincipalType.ROLE, 'mid', PrincipalModel.ROLE, {}, 50);
+
+    const configs = await methods.listAllConfigs();
+    expect(configs.map((c) => c.principalId)).toEqual(['low', 'mid', 'high']);
+  });
+});
+
+describe('getApplicableConfigs', () => {
+  it('always includes the __base__ config', async () => {
+    await methods.upsertConfig(
+      PrincipalType.ROLE,
+      '__base__',
+      PrincipalModel.ROLE,
+      { cache: true },
+      0,
+    );
+
+    const configs = await methods.getApplicableConfigs([]);
+    expect(configs).toHaveLength(1);
+    expect(configs[0].principalId).toBe('__base__');
+  });
+
+  it('returns base + matching principals', async () => {
+    await methods.upsertConfig(
+      PrincipalType.ROLE,
+      '__base__',
+      PrincipalModel.ROLE,
+      { cache: true },
+      0,
+    );
+    await methods.upsertConfig(
+      PrincipalType.ROLE,
+      'admin',
+      PrincipalModel.ROLE,
+      { version: '2' },
+      10,
+    );
+    await methods.upsertConfig(
+      PrincipalType.ROLE,
+      'user',
+      PrincipalModel.ROLE,
+      { version: '3' },
+      10,
+    );
+
+    const configs = await methods.getApplicableConfigs([
+      { principalType: PrincipalType.ROLE, principalId: 'admin' },
+    ]);
+
+    expect(configs).toHaveLength(2);
+    expect(configs.map((c) => c.principalId).sort()).toEqual(['__base__', 'admin']);
+  });
+
+  it('returns sorted by priority', async () => {
+    await methods.upsertConfig(PrincipalType.ROLE, '__base__', PrincipalModel.ROLE, {}, 0);
+    await methods.upsertConfig(PrincipalType.ROLE, 'admin', PrincipalModel.ROLE, {}, 10);
+
+    const configs = await methods.getApplicableConfigs([
+      { principalType: PrincipalType.ROLE, principalId: 'admin' },
+    ]);
+
+    expect(configs[0].principalId).toBe('__base__');
+    expect(configs[1].principalId).toBe('admin');
+  });
+
+  it('skips principals with undefined principalId', async () => {
+    await methods.upsertConfig(PrincipalType.ROLE, '__base__', PrincipalModel.ROLE, {}, 0);
+
+    const configs = await methods.getApplicableConfigs([
+      { principalType: PrincipalType.GROUP, principalId: undefined },
+    ]);
+
+    expect(configs).toHaveLength(1);
+  });
+});
+
+describe('patchConfigFields', () => {
+  it('atomically sets specific fields via $set', async () => {
+    await methods.upsertConfig(
+      PrincipalType.ROLE,
+      'admin',
+      PrincipalModel.ROLE,
+      { interface: { endpointsMenu: true, sidePanel: true } },
+      10,
+    );
+
+    const result = await methods.patchConfigFields(
+      PrincipalType.ROLE,
+      'admin',
+      PrincipalModel.ROLE,
+      { 'interface.endpointsMenu': false },
+      10,
+    );
+
+    const overrides = result!.overrides as Record<string, unknown>;
+    const iface = overrides.interface as Record<string, unknown>;
+    expect(iface.endpointsMenu).toBe(false);
+    expect(iface.sidePanel).toBe(true);
+  });
+
+  it('creates a config if none exists (upsert)', async () => {
+    const result = await methods.patchConfigFields(
+      PrincipalType.ROLE,
+      'newrole',
+      PrincipalModel.ROLE,
+      { 'interface.endpointsMenu': false },
+      10,
+    );
+
+    expect(result).toBeTruthy();
+    expect(result!.principalId).toBe('newrole');
+  });
+});
+
+describe('unsetConfigField', () => {
+  it('removes a field from overrides via $unset', async () => {
+    await methods.upsertConfig(
+      PrincipalType.ROLE,
+      'admin',
+      PrincipalModel.ROLE,
+      { interface: { endpointsMenu: false, sidePanel: false } },
+      10,
+    );
+
+    const result = await methods.unsetConfigField(
+      PrincipalType.ROLE,
+      'admin',
+      'interface.endpointsMenu',
+    );
+    const overrides = result!.overrides as Record<string, unknown>;
+    const iface = overrides.interface as Record<string, unknown>;
+    expect(iface.endpointsMenu).toBeUndefined();
+    expect(iface.sidePanel).toBe(false);
+  });
+
+  it('returns null for non-existent config', async () => {
+    const result = await methods.unsetConfigField(PrincipalType.ROLE, 'ghost', 'a.b');
+    expect(result).toBeNull();
+  });
+});
+
+describe('deleteConfig', () => {
+  it('deletes and returns the config', async () => {
+    await methods.upsertConfig(PrincipalType.ROLE, 'admin', PrincipalModel.ROLE, {}, 10);
+    const deleted = await methods.deleteConfig(PrincipalType.ROLE, 'admin');
+    expect(deleted).toBeTruthy();
+
+    const found = await methods.findConfigByPrincipal(PrincipalType.ROLE, 'admin');
+    expect(found).toBeNull();
+  });
+
+  it('returns null when deleting non-existent config', async () => {
+    const result = await methods.deleteConfig(PrincipalType.ROLE, 'ghost');
+    expect(result).toBeNull();
+  });
+});
+
+describe('toggleConfigActive', () => {
+  it('deactivates an active config', async () => {
+    await methods.upsertConfig(PrincipalType.ROLE, 'admin', PrincipalModel.ROLE, {}, 10);
+
+    const result = await methods.toggleConfigActive(PrincipalType.ROLE, 'admin', false);
+    expect(result!.isActive).toBe(false);
+  });
+
+  it('reactivates an inactive config', async () => {
+    await methods.upsertConfig(PrincipalType.ROLE, 'admin', PrincipalModel.ROLE, {}, 10);
+    await methods.toggleConfigActive(PrincipalType.ROLE, 'admin', false);
+
+    const result = await methods.toggleConfigActive(PrincipalType.ROLE, 'admin', true);
+    expect(result!.isActive).toBe(true);
+  });
+});
diff --git a/packages/data-schemas/src/methods/config.ts b/packages/data-schemas/src/methods/config.ts
new file mode 100644
index 0000000000..42047d216f
--- /dev/null
+++ b/packages/data-schemas/src/methods/config.ts
@@ -0,0 +1,215 @@
+import { Types } from 'mongoose';
+import { PrincipalType, PrincipalModel } from 'librechat-data-provider';
+import { BASE_CONFIG_PRINCIPAL_ID } from '~/admin/capabilities';
+import type { TCustomConfig } from 'librechat-data-provider';
+import type { Model, ClientSession } from 'mongoose';
+import type { IConfig } from '~/types';
+
+export function createConfigMethods(mongoose: typeof import('mongoose')) {
+  async function findConfigByPrincipal(
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    options?: { includeInactive?: boolean },
+    session?: ClientSession,
+  ): Promise<IConfig | null> {
+    const Config = mongoose.models.Config as Model<IConfig>;
+    const filter: { principalType: PrincipalType; principalId: string; isActive?: boolean } = {
+      principalType,
+      principalId: principalId.toString(),
+    };
+    if (!options?.includeInactive) {
+      filter.isActive = true;
+    }
+    return await Config.findOne(filter)
+      .session(session ?? null)
+      .lean();
+  }
+
+  async function listAllConfigs(
+    filter?: { isActive?: boolean },
+    session?: ClientSession,
+  ): Promise<IConfig[]> {
+    const Config = mongoose.models.Config as Model<IConfig>;
+    const where: { isActive?: boolean } = {};
+    if (filter?.isActive !== undefined) {
+      where.isActive = filter.isActive;
+    }
+    return await Config.find(where)
+      .sort({ priority: 1 })
+      .session(session ?? null)
+      .lean();
+  }
+
+  async function getApplicableConfigs(
+    principals?: Array<{ principalType: string; principalId?: string | Types.ObjectId }>,
+    session?: ClientSession,
+  ): Promise<IConfig[]> {
+    const Config = mongoose.models.Config as Model<IConfig>;
+
+    const basePrincipal = {
+      principalType: PrincipalType.ROLE as string,
+      principalId: BASE_CONFIG_PRINCIPAL_ID,
+    };
+
+    const principalsQuery = [basePrincipal];
+
+    if (principals && principals.length > 0) {
+      for (const p of principals) {
+        if (p.principalId !== undefined) {
+          principalsQuery.push({
+            principalType: p.principalType,
+            principalId: p.principalId.toString(),
+          });
+        }
+      }
+    }
+
+    return await Config.find({
+      $or: principalsQuery,
+      isActive: true,
+    })
+      .sort({ priority: 1 })
+      .session(session ?? null)
+      .lean();
+  }
+
+  async function upsertConfig(
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    principalModel: PrincipalModel,
+    overrides: Partial<TCustomConfig>,
+    priority: number,
+    session?: ClientSession,
+  ): Promise<IConfig | null> {
+    const Config = mongoose.models.Config as Model<IConfig>;
+
+    const query = {
+      principalType,
+      principalId: principalId.toString(),
+    };
+
+    const update = {
+      $set: {
+        principalModel,
+        overrides,
+        priority,
+        isActive: true,
+      },
+      $inc: { configVersion: 1 },
+    };
+
+    const options = {
+      upsert: true,
+      new: true,
+      setDefaultsOnInsert: true,
+      ...(session ? { session } : {}),
+    };
+
+    try {
+      return await Config.findOneAndUpdate(query, update, options);
+    } catch (err: unknown) {
+      if ((err as { code?: number }).code === 11000) {
+        return await Config.findOneAndUpdate(
+          query,
+          { $set: update.$set, $inc: update.$inc },
+          { new: true, ...(session ? { session } : {}) },
+        );
+      }
+      throw err;
+    }
+  }
+
+  async function patchConfigFields(
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    principalModel: PrincipalModel,
+    fields: Record<string, unknown>,
+    priority: number,
+    session?: ClientSession,
+  ): Promise<IConfig | null> {
+    const Config = mongoose.models.Config as Model<IConfig>;
+
+    const setPayload: { principalModel: PrincipalModel; priority: number; [key: string]: unknown } =
+      {
+        principalModel,
+        priority,
+      };
+
+    for (const [path, value] of Object.entries(fields)) {
+      setPayload[`overrides.${path}`] = value;
+    }
+
+    const options = {
+      upsert: true,
+      new: true,
+      setDefaultsOnInsert: true,
+      ...(session ? { session } : {}),
+    };
+
+    return await Config.findOneAndUpdate(
+      { principalType, principalId: principalId.toString() },
+      { $set: setPayload, $inc: { configVersion: 1 } },
+      options,
+    );
+  }
+
+  async function unsetConfigField(
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    fieldPath: string,
+    session?: ClientSession,
+  ): Promise<IConfig | null> {
+    const Config = mongoose.models.Config as Model<IConfig>;
+
+    const options = {
+      new: true,
+      ...(session ? { session } : {}),
+    };
+
+    return await Config.findOneAndUpdate(
+      { principalType, principalId: principalId.toString() },
+      { $unset: { [`overrides.${fieldPath}`]: '' }, $inc: { configVersion: 1 } },
+      options,
+    );
+  }
+
+  async function deleteConfig(
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    session?: ClientSession,
+  ): Promise<IConfig | null> {
+    const Config = mongoose.models.Config as Model<IConfig>;
+
+    return await Config.findOneAndDelete({
+      principalType,
+      principalId: principalId.toString(),
+    }).session(session ?? null);
+  }
+
+  async function toggleConfigActive(
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    isActive: boolean,
+    session?: ClientSession,
+  ): Promise<IConfig | null> {
+    const Config = mongoose.models.Config as Model<IConfig>;
+    return await Config.findOneAndUpdate(
+      { principalType, principalId: principalId.toString() },
+      { $set: { isActive } },
+      { new: true, ...(session ? { session } : {}) },
+    );
+  }
+
+  return {
+    listAllConfigs,
+    findConfigByPrincipal,
+    getApplicableConfigs,
+    upsertConfig,
+    patchConfigFields,
+    unsetConfigField,
+    deleteConfig,
+    toggleConfigActive,
+  };
+}
+
+export type ConfigMethods = ReturnType<typeof createConfigMethods>;
diff --git a/packages/data-schemas/src/methods/conversation.spec.ts b/packages/data-schemas/src/methods/conversation.spec.ts
index ae19efaf68..9e4c2d2f5d 100644
--- a/packages/data-schemas/src/methods/conversation.spec.ts
+++ b/packages/data-schemas/src/methods/conversation.spec.ts
@@ -4,6 +4,7 @@ import { EModelEndpoint } from 'librechat-data-provider';
 import type { IConversation } from '../types';
 import { MongoMemoryServer } from 'mongodb-memory-server';
 import { ConversationMethods, createConversationMethods } from './conversation';
+import { tenantStorage, runAsSystem } from '~/config/tenantContext';
 import { createModels } from '../models';
 
 jest.mock('~/config/winston', () => ({
@@ -907,4 +908,50 @@ describe('Conversation Operations', () => {
       expect(result?.nextCursor).toBeNull(); // No next page
     });
   });
+
+  describe('tenantId stripping', () => {
+    it('saveConvo should not write caller-supplied tenantId to the document', async () => {
+      const conversationId = uuidv4();
+      const result = await saveConvo(
+        { userId: 'user123' },
+        { conversationId, tenantId: 'malicious-tenant', title: 'Tenant Test' },
+      );
+
+      expect(result).not.toBeNull();
+      const doc = await Conversation.findOne({ conversationId }).lean();
+      expect(doc).not.toBeNull();
+      expect(doc?.title).toBe('Tenant Test');
+      expect(doc?.tenantId).toBeUndefined();
+    });
+
+    it('bulkSaveConvos should not overwrite tenantId via update payload', async () => {
+      const conversationId = uuidv4();
+
+      await tenantStorage.run({ tenantId: 'real-tenant' }, async () => {
+        await Conversation.create({
+          conversationId,
+          user: 'user123',
+          title: 'Original',
+          endpoint: EModelEndpoint.openAI,
+        });
+      });
+
+      await tenantStorage.run({ tenantId: 'real-tenant' }, async () => {
+        await methods.bulkSaveConvos([
+          {
+            conversationId,
+            user: 'user123',
+            title: 'Updated',
+            tenantId: 'malicious-tenant',
+            endpoint: EModelEndpoint.openAI,
+          },
+        ]);
+      });
+
+      const doc = await runAsSystem(async () => Conversation.findOne({ conversationId }).lean());
+      expect(doc).not.toBeNull();
+      expect(doc?.title).toBe('Updated');
+      expect(doc?.tenantId).toBe('real-tenant');
+    });
+  });
 });
diff --git a/packages/data-schemas/src/methods/conversation.ts b/packages/data-schemas/src/methods/conversation.ts
index 7a62afef9e..00b5cfee7a 100644
--- a/packages/data-schemas/src/methods/conversation.ts
+++ b/packages/data-schemas/src/methods/conversation.ts
@@ -1,6 +1,7 @@
 import type { FilterQuery, Model, SortOrder } from 'mongoose';
-import logger from '~/config/winston';
 import { createTempChatExpirationDate } from '~/utils/tempChatRetention';
+import { tenantSafeBulkWrite } from '~/utils/tenantBulkWrite';
+import logger from '~/config/winston';
 import type { AppConfig, IConversation } from '~/types';
 import type { MessageMethods } from './message';
 import type { DeleteResult } from 'mongoose';
@@ -221,14 +222,17 @@ export function createConversationMethods(
       const Conversation = mongoose.models.Conversation as Model<IConversation>;
       const bulkOps = conversations.map((convo) => ({
         updateOne: {
-          filter: { conversationId: convo.conversationId, user: convo.user },
+          filter: {
+            conversationId: convo.conversationId,
+            user: convo.user,
+          },
           update: convo,
           upsert: true,
           timestamps: false,
         },
       }));
 
-      const result = await Conversation.bulkWrite(bulkOps);
+      const result = await tenantSafeBulkWrite(Conversation, bulkOps);
       return result;
     } catch (error) {
       logger.error('[bulkSaveConvos] Error saving conversations in bulk', error);
diff --git a/packages/data-schemas/src/methods/conversationTag.ts b/packages/data-schemas/src/methods/conversationTag.ts
index af1e43babb..085948bab5 100644
--- a/packages/data-schemas/src/methods/conversationTag.ts
+++ b/packages/data-schemas/src/methods/conversationTag.ts
@@ -1,4 +1,5 @@
 import type { Model } from 'mongoose';
+import { tenantSafeBulkWrite } from '~/utils/tenantBulkWrite';
 import logger from '~/config/winston';
 
 interface IConversationTag {
@@ -233,7 +234,7 @@ export function createConversationTagMethods(mongoose: typeof import('mongoose')
       }
 
       if (bulkOps.length > 0) {
-        await ConversationTag.bulkWrite(bulkOps);
+        await tenantSafeBulkWrite(ConversationTag, bulkOps);
       }
 
       const updatedConversation = (
@@ -273,7 +274,7 @@ export function createConversationTagMethods(mongoose: typeof import('mongoose')
         },
       }));
 
-      const result = await ConversationTag.bulkWrite(bulkOps);
+      const result = await tenantSafeBulkWrite(ConversationTag, bulkOps);
       if (result && result.modifiedCount > 0) {
         logger.debug(
           `user: ${user} | Incremented tag counts - modified ${result.modifiedCount} tags`,
diff --git a/packages/data-schemas/src/methods/file.ts b/packages/data-schemas/src/methods/file.ts
index 3d7db88c3f..4c0969afb3 100644
--- a/packages/data-schemas/src/methods/file.ts
+++ b/packages/data-schemas/src/methods/file.ts
@@ -2,6 +2,7 @@ import logger from '../config/winston';
 import { EToolResources, FileContext } from 'librechat-data-provider';
 import type { FilterQuery, SortOrder, Model } from 'mongoose';
 import type { IMongoFile } from '~/types/file';
+import { tenantSafeBulkWrite } from '~/utils/tenantBulkWrite';
 
 /** Factory function that takes mongoose instance and returns the file methods */
 export function createFileMethods(mongoose: typeof import('mongoose')) {
@@ -322,7 +323,7 @@ export function createFileMethods(mongoose: typeof import('mongoose')) {
       },
     }));
 
-    const result = await File.bulkWrite(bulkOperations);
+    const result = await tenantSafeBulkWrite(File, bulkOperations);
     logger.info(`Updated ${result.modifiedCount} files with new S3 URLs`);
   }
 
diff --git a/packages/data-schemas/src/methods/index.ts b/packages/data-schemas/src/methods/index.ts
index 11f00e7827..830d88ff4c 100644
--- a/packages/data-schemas/src/methods/index.ts
+++ b/packages/data-schemas/src/methods/index.ts
@@ -1,9 +1,8 @@
 import { createSessionMethods, DEFAULT_REFRESH_TOKEN_EXPIRY, type SessionMethods } from './session';
 import { createTokenMethods, type TokenMethods } from './token';
-import { createRoleMethods, type RoleMethods, type RoleDeps } from './role';
+import { createRoleMethods, RoleConflictError } from './role';
+import type { RoleMethods, RoleDeps } from './role';
 import { createUserMethods, DEFAULT_SESSION_EXPIRY, type UserMethods } from './user';
-
-export { DEFAULT_REFRESH_TOKEN_EXPIRY, DEFAULT_SESSION_EXPIRY };
 import { createKeyMethods, type KeyMethods } from './key';
 import { createFileMethods, type FileMethods } from './file';
 /* Memories */
@@ -48,7 +47,10 @@ import { createSpendTokensMethods, type SpendTokensMethods } from './spendTokens
 import { createPromptMethods, type PromptMethods, type PromptDeps } from './prompt';
 /* Tier 5 — Agent */
 import { createAgentMethods, type AgentMethods, type AgentDeps } from './agent';
+/* Config */
+import { createConfigMethods, type ConfigMethods } from './config';
 
+export { RoleConflictError, DEFAULT_REFRESH_TOKEN_EXPIRY, DEFAULT_SESSION_EXPIRY };
 export { tokenValues, cacheTokenValues, premiumTokenValues, defaultRate };
 
 export type AllMethods = UserMethods &
@@ -80,7 +82,8 @@ export type AllMethods = UserMethods &
   TransactionMethods &
   SpendTokensMethods &
   PromptMethods &
-  AgentMethods;
+  AgentMethods &
+  ConfigMethods;
 
 /** Dependencies injected from the api layer into createMethods */
 export interface CreateMethodsDeps {
@@ -201,6 +204,8 @@ export function createMethods(
     ...promptMethods,
     /* Tier 5 */
     ...agentMethods,
+    /* Config */
+    ...createConfigMethods(mongoose),
   };
 }
 
@@ -235,4 +240,5 @@ export type {
   SpendTokensMethods,
   PromptMethods,
   AgentMethods,
+  ConfigMethods,
 };
diff --git a/packages/data-schemas/src/methods/message.spec.ts b/packages/data-schemas/src/methods/message.spec.ts
index ac85a035b7..dfa34c0eec 100644
--- a/packages/data-schemas/src/methods/message.spec.ts
+++ b/packages/data-schemas/src/methods/message.spec.ts
@@ -3,6 +3,7 @@ import { v4 as uuidv4 } from 'uuid';
 import { MongoMemoryServer } from 'mongodb-memory-server';
 import type { IMessage } from '..';
 import { createMessageMethods } from './message';
+import { tenantStorage, runAsSystem } from '~/config/tenantContext';
 import { createModels } from '../models';
 
 jest.mock('~/config/winston', () => ({
@@ -21,6 +22,7 @@ let deleteMessages: ReturnType<typeof createMessageMethods>['deleteMessages'];
 let bulkSaveMessages: ReturnType<typeof createMessageMethods>['bulkSaveMessages'];
 let updateMessageText: ReturnType<typeof createMessageMethods>['updateMessageText'];
 let deleteMessagesSince: ReturnType<typeof createMessageMethods>['deleteMessagesSince'];
+let recordMessage: ReturnType<typeof createMessageMethods>['recordMessage'];
 
 beforeAll(async () => {
   mongoServer = await MongoMemoryServer.create();
@@ -38,6 +40,7 @@ beforeAll(async () => {
   bulkSaveMessages = methods.bulkSaveMessages;
   updateMessageText = methods.updateMessageText;
   deleteMessagesSince = methods.deleteMessagesSince;
+  recordMessage = methods.recordMessage;
 
   await mongoose.connect(mongoUri);
 });
@@ -937,4 +940,86 @@ describe('Message Operations', () => {
       expect(result?.messages).toHaveLength(5);
     });
   });
+
+  describe('tenantId stripping', () => {
+    it('saveMessage should not write caller-supplied tenantId to the document', async () => {
+      const messageId = uuidv4();
+      const conversationId = uuidv4();
+      const result = await saveMessage(
+        { userId: 'user123' },
+        { messageId, conversationId, text: 'Tenant test', tenantId: 'malicious-tenant' },
+      );
+
+      expect(result).not.toBeNull();
+      expect(result).toBeDefined();
+      const doc = await Message.findOne({ messageId }).lean();
+      expect(doc).not.toBeNull();
+      expect(doc?.text).toBe('Tenant test');
+      expect(doc?.tenantId).toBeUndefined();
+    });
+
+    it('bulkSaveMessages should not overwrite tenantId via update payload', async () => {
+      const messageId = uuidv4();
+      const conversationId = uuidv4();
+
+      await tenantStorage.run({ tenantId: 'real-tenant' }, async () => {
+        await Message.create({
+          messageId,
+          conversationId,
+          user: 'user123',
+          text: 'Original',
+        });
+      });
+
+      await tenantStorage.run({ tenantId: 'real-tenant' }, async () => {
+        await bulkSaveMessages([
+          {
+            messageId,
+            conversationId,
+            user: 'user123',
+            text: 'Updated',
+            tenantId: 'malicious-tenant',
+          },
+        ]);
+      });
+
+      const doc = await runAsSystem(async () => Message.findOne({ messageId }).lean());
+      expect(doc).not.toBeNull();
+      expect(doc?.text).toBe('Updated');
+      expect(doc?.tenantId).toBe('real-tenant');
+    });
+
+    it('recordMessage should not write caller-supplied tenantId to the document', async () => {
+      const messageId = uuidv4();
+      const conversationId = uuidv4();
+      await recordMessage({
+        user: 'user123',
+        messageId,
+        conversationId,
+        text: 'Record tenant test',
+        tenantId: 'malicious-tenant',
+      });
+
+      const doc = await Message.findOne({ messageId }).lean();
+      expect(doc).not.toBeNull();
+      expect(doc?.text).toBe('Record tenant test');
+      expect(doc?.tenantId).toBeUndefined();
+    });
+
+    it('updateMessage should not write caller-supplied tenantId to the document', async () => {
+      const messageId = uuidv4();
+      const conversationId = uuidv4();
+      await saveMessage({ userId: 'user123' }, { messageId, conversationId, text: 'Original' });
+
+      await updateMessage('user123', {
+        messageId,
+        text: 'Updated',
+        tenantId: 'malicious-tenant',
+      });
+
+      const doc = await Message.findOne({ messageId }).lean();
+      expect(doc?.text).toBe('Updated');
+      expect(doc?.tenantId).toBeUndefined();
+    });
+  });
 });
diff --git a/packages/data-schemas/src/methods/message.ts b/packages/data-schemas/src/methods/message.ts
index ae5ca72b12..2e638b6bfb 100644
--- a/packages/data-schemas/src/methods/message.ts
+++ b/packages/data-schemas/src/methods/message.ts
@@ -1,6 +1,7 @@
 import type { DeleteResult, FilterQuery, Model } from 'mongoose';
 import logger from '~/config/winston';
 import { createTempChatExpirationDate } from '~/utils/tempChatRetention';
+import { tenantSafeBulkWrite } from '~/utils/tenantBulkWrite';
 import type { AppConfig, IMessage } from '~/types';
 
 /** Simple UUID v4 regex to replace zod validation */
@@ -165,7 +166,7 @@ export function createMessageMethods(mongoose: typeof import('mongoose')): Messa
           upsert: true,
         },
       }));
-      const result = await Message.bulkWrite(bulkOps);
+      const result = await tenantSafeBulkWrite(Message, bulkOps);
       return result;
     } catch (err) {
       logger.error('Error saving messages in bulk:', err);
diff --git a/packages/data-schemas/src/methods/prompt.ts b/packages/data-schemas/src/methods/prompt.ts
index a1b6bfde37..86d830fecd 100644
--- a/packages/data-schemas/src/methods/prompt.ts
+++ b/packages/data-schemas/src/methods/prompt.ts
@@ -1,8 +1,9 @@
 import { ResourceType, SystemCategories } from 'librechat-data-provider';
 import type { Model, Types } from 'mongoose';
 import type { IAclEntry, IPrompt, IPromptGroup, IPromptGroupDocument } from '~/types';
-import { escapeRegExp } from '~/utils/string';
+import { getTenantId, SYSTEM_TENANT_ID } from '~/config/tenantContext';
 import { isValidObjectIdString } from '~/utils/objectId';
+import { escapeRegExp } from '~/utils/string';
 import logger from '~/config/winston';
 
 export interface PromptDeps {
@@ -508,16 +509,37 @@ export function createPromptMethods(mongoose: typeof import('mongoose'), deps: P
       if (typeof matchFilter._id === 'string') {
         matchFilter._id = new ObjectId(matchFilter._id);
       }
+      const tenantId = getTenantId();
+      const useTenantFilter = tenantId && tenantId !== SYSTEM_TENANT_ID;
+
+      const lookupStage = useTenantFilter
+        ? {
+            $lookup: {
+              from: 'prompts',
+              let: { prodId: '$productionId' },
+              pipeline: [
+                {
+                  $match: {
+                    $expr: { $eq: ['$_id', '$$prodId'] },
+                    tenantId,
+                  },
+                },
+              ],
+              as: 'productionPrompt',
+            },
+          }
+        : {
+            $lookup: {
+              from: 'prompts',
+              localField: 'productionId',
+              foreignField: '_id',
+              as: 'productionPrompt',
+            },
+          };
+
       const result = await PromptGroup.aggregate([
         { $match: matchFilter },
-        {
-          $lookup: {
-            from: 'prompts',
-            localField: 'productionId',
-            foreignField: '_id',
-            as: 'productionPrompt',
-          },
-        },
+        lookupStage,
         { $unwind: { path: '$productionPrompt', preserveNullAndEmptyArrays: true } },
       ]);
       const group = result[0] || null;
diff --git a/packages/data-schemas/src/methods/role.methods.spec.ts b/packages/data-schemas/src/methods/role.methods.spec.ts
index 78d7f98ea1..be75be7b6f 100644
--- a/packages/data-schemas/src/methods/role.methods.spec.ts
+++ b/packages/data-schemas/src/methods/role.methods.spec.ts
@@ -1,10 +1,17 @@
 import mongoose from 'mongoose';
 import { MongoMemoryServer } from 'mongodb-memory-server';
 import { SystemRoles, Permissions, roleDefaults, PermissionTypes } from 'librechat-data-provider';
-import type { IRole, RolePermissions } from '..';
+import type { IRole, IUser, RolePermissions } from '..';
 import { createRoleMethods } from './role';
 import { createModels } from '../models';
 
+jest.mock('~/config/winston', () => ({
+  error: jest.fn(),
+  warn: jest.fn(),
+  info: jest.fn(),
+  debug: jest.fn(),
+}));
+
 const mockCache = {
   get: jest.fn(),
   set: jest.fn(),
@@ -14,9 +21,18 @@ const mockCache = {
 const mockGetCache = jest.fn().mockReturnValue(mockCache);
 
 let Role: mongoose.Model<IRole>;
+let User: mongoose.Model<IUser>;
 let getRoleByName: ReturnType<typeof createRoleMethods>['getRoleByName'];
 let updateAccessPermissions: ReturnType<typeof createRoleMethods>['updateAccessPermissions'];
 let initializeRoles: ReturnType<typeof createRoleMethods>['initializeRoles'];
+let createRoleByName: ReturnType<typeof createRoleMethods>['createRoleByName'];
+let deleteRoleByName: ReturnType<typeof createRoleMethods>['deleteRoleByName'];
+let updateUsersByRole: ReturnType<typeof createRoleMethods>['updateUsersByRole'];
+let listUsersByRole: ReturnType<typeof createRoleMethods>['listUsersByRole'];
+let countUsersByRole: ReturnType<typeof createRoleMethods>['countUsersByRole'];
+let updateRoleByName: ReturnType<typeof createRoleMethods>['updateRoleByName'];
+let listRoles: ReturnType<typeof createRoleMethods>['listRoles'];
+let countRoles: ReturnType<typeof createRoleMethods>['countRoles'];
 let mongoServer: MongoMemoryServer;
 
 beforeAll(async () => {
@@ -25,10 +41,19 @@ beforeAll(async () => {
   await mongoose.connect(mongoUri);
   createModels(mongoose);
   Role = mongoose.models.Role;
+  User = mongoose.models.User as mongoose.Model<IUser>;
   const methods = createRoleMethods(mongoose, { getCache: mockGetCache });
   getRoleByName = methods.getRoleByName;
   updateAccessPermissions = methods.updateAccessPermissions;
   initializeRoles = methods.initializeRoles;
+  createRoleByName = methods.createRoleByName;
+  deleteRoleByName = methods.deleteRoleByName;
+  updateRoleByName = methods.updateRoleByName;
+  updateUsersByRole = methods.updateUsersByRole;
+  listUsersByRole = methods.listUsersByRole;
+  countUsersByRole = methods.countUsersByRole;
+  listRoles = methods.listRoles;
+  countRoles = methods.countRoles;
 });
 
 afterAll(async () => {
@@ -38,6 +63,7 @@ afterAll(async () => {
 
 beforeEach(async () => {
   await Role.deleteMany({});
+  await User.deleteMany({});
   mockGetCache.mockClear();
   mockCache.get.mockClear();
   mockCache.set.mockClear();
@@ -259,12 +285,12 @@ describe('updateAccessPermissions', () => {
     const updatedRole = await getRoleByName(SystemRoles.USER);
 
     // SHARED_GLOBAL=true → SHARE=true (inherited)
-    expect(updatedRole.permissions[PermissionTypes.PROMPTS].SHARE).toBe(true);
+    expect(updatedRole.permissions[PermissionTypes.PROMPTS]!.SHARE).toBe(true);
     // SHARED_GLOBAL=false → SHARE=false (inherited)
-    expect(updatedRole.permissions[PermissionTypes.AGENTS].SHARE).toBe(false);
+    expect(updatedRole.permissions[PermissionTypes.AGENTS]!.SHARE).toBe(false);
     // SHARED_GLOBAL cleaned up
-    expect(updatedRole.permissions[PermissionTypes.PROMPTS].SHARED_GLOBAL).toBeUndefined();
-    expect(updatedRole.permissions[PermissionTypes.AGENTS].SHARED_GLOBAL).toBeUndefined();
+    expect(updatedRole.permissions[PermissionTypes.PROMPTS]).not.toHaveProperty('SHARED_GLOBAL');
+    expect(updatedRole.permissions[PermissionTypes.AGENTS]).not.toHaveProperty('SHARED_GLOBAL');
   });
 
   it('should respect explicit SHARE in update payload and not override it with SHARED_GLOBAL', async () => {
@@ -283,8 +309,8 @@ describe('updateAccessPermissions', () => {
 
     const updatedRole = await getRoleByName(SystemRoles.USER);
 
-    expect(updatedRole.permissions[PermissionTypes.PROMPTS].SHARE).toBe(false);
-    expect(updatedRole.permissions[PermissionTypes.PROMPTS].SHARED_GLOBAL).toBeUndefined();
+    expect(updatedRole.permissions[PermissionTypes.PROMPTS]!.SHARE).toBe(false);
+    expect(updatedRole.permissions[PermissionTypes.PROMPTS]).not.toHaveProperty('SHARED_GLOBAL');
   });
 
   it('should migrate SHARED_GLOBAL to SHARE even when the permType is not in the update payload', async () => {
@@ -310,13 +336,13 @@ describe('updateAccessPermissions', () => {
     const updatedRole = await getRoleByName(SystemRoles.USER);
 
     // SHARE should have been inherited from SHARED_GLOBAL, not silently dropped
-    expect(updatedRole.permissions[PermissionTypes.PROMPTS].SHARE).toBe(true);
+    expect(updatedRole.permissions[PermissionTypes.PROMPTS]!.SHARE).toBe(true);
     // SHARED_GLOBAL should be removed
-    expect(updatedRole.permissions[PermissionTypes.PROMPTS].SHARED_GLOBAL).toBeUndefined();
+    expect(updatedRole.permissions[PermissionTypes.PROMPTS]).not.toHaveProperty('SHARED_GLOBAL');
     // Original USE should be untouched
-    expect(updatedRole.permissions[PermissionTypes.PROMPTS].USE).toBe(true);
+    expect(updatedRole.permissions[PermissionTypes.PROMPTS]!.USE).toBe(true);
     // The actual update should have applied
-    expect(updatedRole.permissions[PermissionTypes.MULTI_CONVO].USE).toBe(true);
+    expect(updatedRole.permissions[PermissionTypes.MULTI_CONVO]!.USE).toBe(true);
   });
 
   it('should remove orphaned SHARED_GLOBAL when SHARE already exists and permType is not in update', async () => {
@@ -340,9 +366,9 @@ describe('updateAccessPermissions', () => {
 
     const updatedRole = await getRoleByName(SystemRoles.USER);
 
-    expect(updatedRole.permissions[PermissionTypes.PROMPTS].SHARED_GLOBAL).toBeUndefined();
-    expect(updatedRole.permissions[PermissionTypes.PROMPTS].SHARE).toBe(true);
-    expect(updatedRole.permissions[PermissionTypes.MULTI_CONVO].USE).toBe(true);
+    expect(updatedRole.permissions[PermissionTypes.PROMPTS]).not.toHaveProperty('SHARED_GLOBAL');
+    expect(updatedRole.permissions[PermissionTypes.PROMPTS]!.SHARE).toBe(true);
+    expect(updatedRole.permissions[PermissionTypes.MULTI_CONVO]!.USE).toBe(true);
   });
 
   it('should not update MULTI_CONVO permissions when no changes are needed', async () => {
@@ -515,3 +541,362 @@ describe('initializeRoles', () => {
     expect(userRole.permissions[PermissionTypes.MULTI_CONVO]?.USE).toBeDefined();
   });
 });
+
+describe('createRoleByName', () => {
+  it('creates a custom role and caches it', async () => {
+    const role = await createRoleByName({ name: 'editor', description: 'Can edit' });
+
+    expect(role.name).toBe('editor');
+    expect(role.description).toBe('Can edit');
+    expect(mockCache.set).toHaveBeenCalledWith(
+      'editor',
+      expect.objectContaining({ name: 'editor' }),
+    );
+
+    const persisted = await Role.findOne({ name: 'editor' }).lean();
+    expect(persisted).toBeTruthy();
+  });
+
+  it('trims whitespace from role name', async () => {
+    const role = await createRoleByName({ name: '  editor  ' });
+
+    expect(role.name).toBe('editor');
+  });
+
+  it('throws when name is empty', async () => {
+    await expect(createRoleByName({ name: '' })).rejects.toThrow('Role name is required');
+  });
+
+  it('throws when name is whitespace-only', async () => {
+    await expect(createRoleByName({ name: '   ' })).rejects.toThrow('Role name is required');
+  });
+
+  it('throws when name is undefined', async () => {
+    await expect(createRoleByName({})).rejects.toThrow('Role name is required');
+  });
+
+  it('throws for reserved system role names', async () => {
+    await expect(createRoleByName({ name: SystemRoles.ADMIN })).rejects.toThrow(
+      /reserved system name/,
+    );
+    await expect(createRoleByName({ name: SystemRoles.USER })).rejects.toThrow(
+      /reserved system name/,
+    );
+  });
+
+  it('throws when role already exists', async () => {
+    await createRoleByName({ name: 'editor' });
+
+    await expect(createRoleByName({ name: 'editor' })).rejects.toThrow(/already exists/);
+  });
+});
+
+describe('deleteRoleByName', () => {
+  it('deletes a custom role and reassigns users to USER', async () => {
+    await createRoleByName({ name: 'editor' });
+    await User.create([
+      { name: 'Alice', email: 'alice@test.com', role: 'editor', username: 'alice' },
+      { name: 'Bob', email: 'bob@test.com', role: 'editor', username: 'bob' },
+      { name: 'Carol', email: 'carol@test.com', role: SystemRoles.USER, username: 'carol' },
+    ]);
+
+    const deleted = await deleteRoleByName('editor');
+
+    expect(deleted).toBeTruthy();
+    expect(deleted!.name).toBe('editor');
+
+    const alice = await User.findOne({ email: 'alice@test.com' }).lean();
+    const bob = await User.findOne({ email: 'bob@test.com' }).lean();
+    const carol = await User.findOne({ email: 'carol@test.com' }).lean();
+    expect(alice!.role).toBe(SystemRoles.USER);
+    expect(bob!.role).toBe(SystemRoles.USER);
+    expect(carol!.role).toBe(SystemRoles.USER);
+  });
+
+  it('returns null when role does not exist', async () => {
+    const result = await deleteRoleByName('nonexistent');
+    expect(result).toBeNull();
+  });
+
+  it('throws for system roles', async () => {
+    await expect(deleteRoleByName(SystemRoles.ADMIN)).rejects.toThrow(/Cannot delete system role/);
+    await expect(deleteRoleByName(SystemRoles.USER)).rejects.toThrow(/Cannot delete system role/);
+  });
+
+  it('sets cache entry to null after deletion', async () => {
+    await createRoleByName({ name: 'editor' });
+    mockCache.set.mockClear();
+
+    await deleteRoleByName('editor');
+
+    expect(mockCache.set).toHaveBeenCalledWith('editor', null);
+  });
+
+  it('returns null and invalidates cache when role does not exist', async () => {
+    mockCache.set.mockClear();
+
+    const result = await deleteRoleByName('nonexistent');
+
+    expect(result).toBeNull();
+    expect(mockCache.set).toHaveBeenCalledWith('nonexistent', null);
+  });
+});
+
+describe('updateRoleByName - cache on rename', () => {
+  it('invalidates old key and populates new key on rename', async () => {
+    await createRoleByName({ name: 'editor', description: 'Can edit' });
+    mockCache.set.mockClear();
+
+    const updated = await updateRoleByName('editor', { name: 'senior-editor' });
+
+    expect(updated.name).toBe('senior-editor');
+    expect(mockCache.set).toHaveBeenCalledWith('editor', null);
+    expect(mockCache.set).toHaveBeenCalledWith(
+      'senior-editor',
+      expect.objectContaining({ name: 'senior-editor' }),
+    );
+  });
+
+  it('writes same key when name unchanged', async () => {
+    await createRoleByName({ name: 'editor' });
+    mockCache.set.mockClear();
+
+    await updateRoleByName('editor', { description: 'Updated desc' });
+
+    expect(mockCache.set).toHaveBeenCalledWith(
+      'editor',
+      expect.objectContaining({ name: 'editor', description: 'Updated desc' }),
+    );
+    expect(mockCache.set).toHaveBeenCalledTimes(1);
+  });
+});
+
+describe('listUsersByRole', () => {
+  it('returns users matching the role', async () => {
+    await User.create([
+      { name: 'Alice', email: 'alice@test.com', role: 'editor', username: 'alice' },
+      { name: 'Bob', email: 'bob@test.com', role: 'editor', username: 'bob' },
+      { name: 'Carol', email: 'carol@test.com', role: SystemRoles.USER, username: 'carol' },
+    ]);
+
+    const users = await listUsersByRole('editor');
+
+    expect(users).toHaveLength(2);
+    const names = users.map((u) => u.name).sort();
+    expect(names).toEqual(['Alice', 'Bob']);
+  });
+
+  it('returns empty array when no users have the role', async () => {
+    const users = await listUsersByRole('nonexistent');
+    expect(users).toEqual([]);
+  });
+
+  it('respects limit and offset for pagination', async () => {
+    await User.create([
+      { name: 'Alice', email: 'a@test.com', role: 'editor', username: 'a' },
+      { name: 'Bob', email: 'b@test.com', role: 'editor', username: 'b' },
+      { name: 'Carol', email: 'c@test.com', role: 'editor', username: 'c' },
+      { name: 'Dave', email: 'd@test.com', role: 'editor', username: 'd' },
+      { name: 'Eve', email: 'e@test.com', role: 'editor', username: 'e' },
+    ]);
+
+    const page1 = await listUsersByRole('editor', { limit: 2, offset: 0 });
+    const page2 = await listUsersByRole('editor', { limit: 2, offset: 2 });
+    const page3 = await listUsersByRole('editor', { limit: 2, offset: 4 });
+
+    expect(page1).toHaveLength(2);
+    expect(page2).toHaveLength(2);
+    expect(page3).toHaveLength(1);
+
+    const allIds = [...page1, ...page2, ...page3].map((u) => u._id!.toString());
+    expect(new Set(allIds).size).toBe(5);
+  });
+
+  it('selects only expected fields', async () => {
+    await User.create({
+      name: 'Alice',
+      email: 'alice@test.com',
+      role: 'editor',
+      username: 'alice',
+      password: 'secret123',
+    });
+
+    const users = await listUsersByRole('editor');
+
+    expect(users).toHaveLength(1);
+    expect(users[0].name).toBe('Alice');
+    expect(users[0].email).toBe('alice@test.com');
+    expect(users[0]._id).toBeDefined();
+    expect('password' in users[0]).toBe(false);
+    expect('username' in users[0]).toBe(false);
+  });
+});
+
+describe('updateUsersByRole', () => {
+  it('migrates all users from one role to another', async () => {
+    await User.create([
+      { name: 'Alice', email: 'alice@test.com', role: 'editor', username: 'alice' },
+      { name: 'Bob', email: 'bob@test.com', role: 'editor', username: 'bob' },
+      { name: 'Carol', email: 'carol@test.com', role: SystemRoles.USER, username: 'carol' },
+    ]);
+
+    await updateUsersByRole('editor', 'senior-editor');
+
+    const alice = await User.findOne({ email: 'alice@test.com' }).lean();
+    const bob = await User.findOne({ email: 'bob@test.com' }).lean();
+    const carol = await User.findOne({ email: 'carol@test.com' }).lean();
+    expect(alice!.role).toBe('senior-editor');
+    expect(bob!.role).toBe('senior-editor');
+    expect(carol!.role).toBe(SystemRoles.USER);
+  });
+
+  it('is a no-op when no users have the source role', async () => {
+    await User.create({
+      name: 'Alice',
+      email: 'alice@test.com',
+      role: SystemRoles.USER,
+      username: 'alice',
+    });
+
+    await updateUsersByRole('nonexistent', 'new-role');
+
+    const alice = await User.findOne({ email: 'alice@test.com' }).lean();
+    expect(alice!.role).toBe(SystemRoles.USER);
+  });
+});
+
+describe('countUsersByRole', () => {
+  it('returns the count of users with the given role', async () => {
+    await User.create([
+      { name: 'Alice', email: 'alice@test.com', role: 'editor', username: 'alice' },
+      { name: 'Bob', email: 'bob@test.com', role: 'editor', username: 'bob' },
+      { name: 'Carol', email: 'carol@test.com', role: SystemRoles.USER, username: 'carol' },
+    ]);
+
+    expect(await countUsersByRole('editor')).toBe(2);
+    expect(await countUsersByRole(SystemRoles.USER)).toBe(1);
+  });
+
+  it('returns 0 when no users have the role', async () => {
+    expect(await countUsersByRole('nonexistent')).toBe(0);
+  });
+});
+
+describe('listRoles', () => {
+  beforeEach(async () => {
+    await Role.deleteMany({});
+  });
+
+  it('returns roles sorted alphabetically by name', async () => {
+    await Role.create([
+      { name: 'zebra', permissions: {} },
+      { name: 'alpha', permissions: {} },
+      { name: 'middle', permissions: {} },
+    ]);
+
+    const roles = await listRoles();
+
+    expect(roles.map((r) => r.name)).toEqual(['alpha', 'middle', 'zebra']);
+  });
+
+  it('respects limit and offset for pagination', async () => {
+    await Role.create([
+      { name: 'a-role', permissions: {} },
+      { name: 'b-role', permissions: {} },
+      { name: 'c-role', permissions: {} },
+      { name: 'd-role', permissions: {} },
+      { name: 'e-role', permissions: {} },
+    ]);
+
+    const page1 = await listRoles({ limit: 2, offset: 0 });
+    const page2 = await listRoles({ limit: 2, offset: 2 });
+    const page3 = await listRoles({ limit: 2, offset: 4 });
+
+    expect(page1).toHaveLength(2);
+    expect(page1.map((r) => r.name)).toEqual(['a-role', 'b-role']);
+    expect(page2).toHaveLength(2);
+    expect(page2.map((r) => r.name)).toEqual(['c-role', 'd-role']);
+    expect(page3).toHaveLength(1);
+    expect(page3.map((r) => r.name)).toEqual(['e-role']);
+  });
+
+  it('defaults to limit 50 and offset 0', async () => {
+    await Role.create({ name: 'only-role', permissions: {} });
+
+    const roles = await listRoles();
+
+    expect(roles).toHaveLength(1);
+    expect(roles[0].name).toBe('only-role');
+  });
+
+  it('returns only name and description fields', async () => {
+    await Role.create({
+      name: 'editor',
+      description: 'Can edit',
+      permissions: { PROMPTS: { USE: true } },
+    });
+
+    const roles = await listRoles();
+
+    expect(roles).toHaveLength(1);
+    expect(roles[0].name).toBe('editor');
+    expect(roles[0].description).toBe('Can edit');
+    expect(roles[0]._id).toBeDefined();
+    expect('permissions' in roles[0]).toBe(false);
+  });
+
+  it('returns empty array when no roles exist', async () => {
+    const roles = await listRoles();
+    expect(roles).toEqual([]);
+  });
+
+  it('returns undefined description for pre-existing roles without the field', async () => {
+    await Role.collection.insertOne({ name: 'legacy', permissions: {} });
+
+    const roles = await listRoles();
+
+    expect(roles).toHaveLength(1);
+    expect(roles[0].name).toBe('legacy');
+    expect(roles[0].description).toBeUndefined();
+  });
+});
+
+describe('countRoles', () => {
+  beforeEach(async () => {
+    await Role.deleteMany({});
+  });
+
+  it('returns the total number of roles', async () => {
+    await Role.create([
+      { name: 'a', permissions: {} },
+      { name: 'b', permissions: {} },
+      { name: 'c', permissions: {} },
+    ]);
+
+    expect(await countRoles()).toBe(3);
+  });
+
+  it('returns 0 when no roles exist', async () => {
+    expect(await countRoles()).toBe(0);
+  });
+});
+
+describe('createRoleByName - duplicate key race', () => {
+  beforeEach(async () => {
+    await Role.deleteMany({});
+  });
+
+  it('throws RoleConflictError on concurrent insert (11000)', async () => {
+    await createRoleByName({ name: 'editor' });
+
+    const insertSpy = jest.spyOn(Role.prototype, 'save').mockImplementationOnce(() => {
+      const err = new Error('E11000 duplicate key error') as Error & { code: number };
+      err.code = 11000;
+      throw err;
+    });
+
+    await expect(createRoleByName({ name: 'editor2' })).rejects.toThrow(/already exists/);
+
+    insertSpy.mockRestore();
+  });
+});
diff --git a/packages/data-schemas/src/methods/role.ts b/packages/data-schemas/src/methods/role.ts
index 7b51e45330..e84b91420a 100644
--- a/packages/data-schemas/src/methods/role.ts
+++ b/packages/data-schemas/src/methods/role.ts
@@ -5,9 +5,24 @@ import {
   permissionsSchema,
   removeNullishValues,
 } from 'librechat-data-provider';
-import type { IRole } from '~/types';
+import type { Model } from 'mongoose';
+import type { IRole, IUser } from '~/types';
 import logger from '~/config/winston';
 
+const systemRoleValues = new Set<string>(Object.values(SystemRoles));
+
+/** Case-insensitive check — the legacy roles route uppercases params. */
+function isSystemRoleName(name: string): boolean {
+  return systemRoleValues.has(name.toUpperCase());
+}
+
+export class RoleConflictError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'RoleConflictError';
+  }
+}
+
 export interface RoleDeps {
   /** Returns a cache store for the given key. Injected from getLogStores. */
   getCache?: (key: string) => {
@@ -30,8 +45,11 @@ export function createRoleMethods(mongoose: typeof import('mongoose'), deps: Rol
       const defaultPerms = roleDefaults[roleName].permissions;
 
       if (!role) {
-        role = new Role(roleDefaults[roleName]);
+        role = new Role({ ...roleDefaults[roleName], description: '' });
       } else {
+        if (role.description == null) {
+          role.description = '';
+        }
         const permissions = role.toObject()?.permissions ?? {};
         role.permissions = role.permissions || {};
         for (const permType of Object.keys(defaultPerms)) {
@@ -45,11 +63,26 @@ export function createRoleMethods(mongoose: typeof import('mongoose'), deps: Rol
   }
 
   /**
-   * List all roles in the system.
+   * List all roles in the system. Returns only name and description (projected).
    */
-  async function listRoles() {
+  async function listRoles(options?: {
+    limit?: number;
+    offset?: number;
+  }): Promise<Pick<IRole, '_id' | 'name' | 'description'>[]> {
+    const Role = mongoose.models.Role as Model<IRole>;
+    const limit = options?.limit ?? 50;
+    const offset = options?.offset ?? 0;
+    return await Role.find({})
+      .select('name description')
+      .sort({ name: 1 })
+      .skip(offset)
+      .limit(limit)
+      .lean();
+  }
+
+  async function countRoles(): Promise<number> {
     const Role = mongoose.models.Role;
-    return await Role.find({}).select('name permissions').lean();
+    return await Role.countDocuments({});
   }
 
   /**
@@ -73,7 +106,7 @@ export function createRoleMethods(mongoose: typeof import('mongoose'), deps: Rol
       }
       const role = await query.lean().exec();
 
-      if (!role && SystemRoles[roleName as keyof typeof SystemRoles]) {
+      if (!role && systemRoleValues.has(roleName)) {
         const newRole = await new Role(roleDefaults[roleName as keyof typeof roleDefaults]).save();
         if (cache) {
           await cache.set(roleName, newRole);
@@ -96,20 +129,24 @@ export function createRoleMethods(mongoose: typeof import('mongoose'), deps: Rol
     const cache = deps.getCache?.(CacheKeys.ROLES);
     try {
       const Role = mongoose.models.Role;
-      const role = await Role.findOneAndUpdate(
-        { name: roleName },
-        { $set: updates },
-        { new: true, lean: true },
-      )
+      const role = await Role.findOneAndUpdate({ name: roleName }, { $set: updates }, { new: true })
         .select('-__v')
         .lean()
         .exec();
       if (cache) {
-        await cache.set(roleName, role);
+        if (updates.name && updates.name !== roleName) {
+          await Promise.all([cache.set(roleName, null), cache.set(updates.name, role)]);
+        } else {
+          await cache.set(roleName, role);
+        }
       }
       return role as unknown as IRole;
     } catch (error) {
-      throw new Error(`Failed to update role: ${(error as Error).message}`);
+      if (error && typeof error === 'object' && 'code' in error && error.code === 11000) {
+        const targetName = updates.name ?? roleName;
+        throw new RoleConflictError(`Role "${targetName}" already exists`);
+      }
+      throw new Error(`Failed to update role: ${(error as Error).message}`, { cause: error });
     }
   }
 
@@ -342,13 +379,137 @@ export function createRoleMethods(mongoose: typeof import('mongoose'), deps: Rol
     }
   }
 
+  /** Rejects names that match system roles. */
+  async function createRoleByName(roleData: Partial<IRole>): Promise<IRole> {
+    const { name } = roleData;
+    if (!name || typeof name !== 'string' || !name.trim()) {
+      throw new Error('Role name is required');
+    }
+    const trimmed = name.trim();
+    if (isSystemRoleName(trimmed)) {
+      throw new RoleConflictError(`Cannot create role with reserved system name: ${name}`);
+    }
+    const Role = mongoose.models.Role;
+    const existing = await Role.findOne({ name: trimmed }).lean();
+    if (existing) {
+      throw new RoleConflictError(`Role "${trimmed}" already exists`);
+    }
+    let role;
+    try {
+      role = await new Role({ ...roleData, name: trimmed }).save();
+    } catch (err) {
+      /**
+       * The compound unique index `{ name: 1, tenantId: 1 }` on the role schema
+       * (roleSchema.index in schema/role.ts) triggers error 11000 when a concurrent
+       * request races past the findOne check above. This catch converts it into
+       * the same user-facing message as the application-level duplicate check.
+       */
+      if (err && typeof err === 'object' && 'code' in err && err.code === 11000) {
+        throw new RoleConflictError(`Role "${trimmed}" already exists`);
+      }
+      throw err;
+    }
+    try {
+      const cache = deps.getCache?.(CacheKeys.ROLES);
+      if (cache) {
+        await cache.set(role.name, role.toObject());
+      }
+    } catch (cacheError) {
+      logger.error(`[createRoleByName] cache set failed for "${role.name}":`, cacheError);
+    }
+    return role.toObject() as IRole;
+  }
+
+  /**
+   * Guards against deleting system roles. Reassigns affected users back to USER.
+   *
+   * No existence pre-check is performed: for a nonexistent role the `updateMany`
+   * is a harmless no-op and `findOneAndDelete` returns null. This makes the
+   * function idempotent — a retry after a partial failure will still clean up
+   * orphaned user references and cache entries.
+   *
+   * Without a MongoDB transaction the two writes are non-atomic — if the delete
+   * fails after the reassignment, users will already have been moved to USER
+   * while the role document still exists. Recovery requires the caller to retry
+   * the delete call, which will succeed since the `updateMany` is a no-op on
+   * the second pass.
+   */
+  async function deleteRoleByName(roleName: string): Promise<IRole | null> {
+    if (isSystemRoleName(roleName)) {
+      throw new Error(`Cannot delete system role: ${roleName}`);
+    }
+    const Role = mongoose.models.Role;
+    const User = mongoose.models.User as Model<IUser>;
+    await User.updateMany({ role: roleName }, { $set: { role: SystemRoles.USER } });
+    const deleted = await Role.findOneAndDelete({ name: roleName }).lean();
+    try {
+      const cache = deps.getCache?.(CacheKeys.ROLES);
+      if (cache) {
+        // Setting null evicts the stale document. getRoleByName treats falsy cached
+        // values as a miss and falls through to the DB, so this does not provide
+        // negative caching — it only prevents serving the pre-deletion document.
+        await cache.set(roleName, null);
+      }
+    } catch (cacheError) {
+      logger.error(`[deleteRoleByName] cache invalidation failed for "${roleName}":`, cacheError);
+    }
+    return deleted as IRole | null;
+  }
+
+  async function updateUsersByRole(oldRole: string, newRole: string): Promise<void> {
+    const User = mongoose.models.User as Model<IUser>;
+    await User.updateMany({ role: oldRole }, { $set: { role: newRole } });
+  }
+
+  async function findUserIdsByRole(roleName: string): Promise<string[]> {
+    const User = mongoose.models.User as Model<IUser>;
+    const users = await User.find({ role: roleName }).select('_id').lean();
+    return users.map((u) => u._id.toString());
+  }
+
+  async function updateUsersRoleByIds(userIds: string[], newRole: string): Promise<void> {
+    if (userIds.length === 0) {
+      return;
+    }
+    const User = mongoose.models.User as Model<IUser>;
+    await User.updateMany({ _id: { $in: userIds } }, { $set: { role: newRole } });
+  }
+
+  async function listUsersByRole(
+    roleName: string,
+    options?: { limit?: number; offset?: number },
+  ): Promise<IUser[]> {
+    const User = mongoose.models.User as Model<IUser>;
+    const limit = options?.limit ?? 50;
+    const offset = options?.offset ?? 0;
+    return await User.find({ role: roleName })
+      .select('_id name email avatar')
+      .sort({ _id: 1 })
+      .skip(offset)
+      .limit(limit)
+      .lean();
+  }
+
+  async function countUsersByRole(roleName: string): Promise<number> {
+    const User = mongoose.models.User as Model<IUser>;
+    return await User.countDocuments({ role: roleName });
+  }
+
   return {
     listRoles,
+    countRoles,
     initializeRoles,
     getRoleByName,
     updateRoleByName,
     updateAccessPermissions,
     migrateRoleSchema,
+    createRoleByName,
+    deleteRoleByName,
+    updateUsersByRole,
+    findUserIdsByRole,
+    updateUsersRoleByIds,
+    listUsersByRole,
+    countUsersByRole,
   };
 }
 
diff --git a/packages/data-schemas/src/methods/spendTokens.spec.ts b/packages/data-schemas/src/methods/spendTokens.spec.ts
index 5730bc7bdd..d505663d57 100644
--- a/packages/data-schemas/src/methods/spendTokens.spec.ts
+++ b/packages/data-schemas/src/methods/spendTokens.spec.ts
@@ -864,8 +864,8 @@ describe('spendTokens', () => {
       const expectedCompletionCost = tokenUsage.completionTokens * premiumCompletionRate;
 
       expect(result).not.toBeNull();
-      expect(result!.prompt.prompt).toBeCloseTo(-expectedPromptCost, 0);
-      expect(result!.completion.completion).toBeCloseTo(-expectedCompletionCost, 0);
+      expect(result!.prompt!.prompt).toBeCloseTo(-expectedPromptCost, 0);
+      expect(result!.completion!.completion).toBeCloseTo(-expectedCompletionCost, 0);
     });
 
     it('should charge standard rates for structured tokens when below threshold', async () => {
@@ -907,8 +907,8 @@ describe('spendTokens', () => {
       const expectedCompletionCost = tokenUsage.completionTokens * standardCompletionRate;
 
       expect(result).not.toBeNull();
-      expect(result!.prompt.prompt).toBeCloseTo(-expectedPromptCost, 0);
-      expect(result!.completion.completion).toBeCloseTo(-expectedCompletionCost, 0);
+      expect(result!.prompt!.prompt).toBeCloseTo(-expectedPromptCost, 0);
+      expect(result!.completion!.completion).toBeCloseTo(-expectedCompletionCost, 0);
     });
 
     it('should charge standard rates for gemini-3.1-pro-preview when prompt tokens are below threshold', async () => {
@@ -937,7 +937,7 @@ describe('spendTokens', () => {
         completionTokens * tokenValues['gemini-3.1'].completion;
 
       const balance = await Balance.findOne({ user: userId });
-      expect(balance.tokenCredits).toBeCloseTo(initialBalance - expectedCost, 0);
+      expect(balance!.tokenCredits).toBeCloseTo(initialBalance - expectedCost, 0);
     });
 
     it('should charge premium rates for gemini-3.1-pro-preview when prompt tokens exceed threshold', async () => {
@@ -966,7 +966,7 @@ describe('spendTokens', () => {
         completionTokens * premiumTokenValues['gemini-3.1'].completion;
 
       const balance = await Balance.findOne({ user: userId });
-      expect(balance.tokenCredits).toBeCloseTo(initialBalance - expectedCost, 0);
+      expect(balance!.tokenCredits).toBeCloseTo(initialBalance - expectedCost, 0);
     });
 
     it('should charge premium rates for gemini-3.1-pro-preview-customtools when prompt tokens exceed threshold', async () => {
@@ -995,7 +995,7 @@ describe('spendTokens', () => {
         completionTokens * premiumTokenValues['gemini-3.1'].completion;
 
       const balance = await Balance.findOne({ user: userId });
-      expect(balance.tokenCredits).toBeCloseTo(initialBalance - expectedCost, 0);
+      expect(balance!.tokenCredits).toBeCloseTo(initialBalance - expectedCost, 0);
     });
 
     it('should charge premium rates for structured gemini-3.1 tokens when total input exceeds threshold', async () => {
@@ -1032,13 +1032,13 @@ describe('spendTokens', () => {
 
       const expectedPromptCost =
         tokenUsage.promptTokens.input * premiumPromptRate +
-        tokenUsage.promptTokens.write * writeRate +
-        tokenUsage.promptTokens.read * readRate;
+        tokenUsage.promptTokens.write * writeRate! +
+        tokenUsage.promptTokens.read * readRate!;
       const expectedCompletionCost = tokenUsage.completionTokens * premiumCompletionRate;
 
       expect(result).not.toBeNull();
-      expect(result!.prompt.prompt).toBeCloseTo(-expectedPromptCost, 0);
-      expect(result!.completion.completion).toBeCloseTo(-expectedCompletionCost, 0);
+      expect(result!.prompt!.prompt).toBeCloseTo(-expectedPromptCost, 0);
+      expect(result!.completion!.completion).toBeCloseTo(-expectedCompletionCost, 0);
     });
 
     it('should not apply premium pricing to non-premium models regardless of prompt size', async () => {
diff --git a/packages/data-schemas/src/methods/systemGrant.spec.ts b/packages/data-schemas/src/methods/systemGrant.spec.ts
index 188d31b544..1eef781fa9 100644
--- a/packages/data-schemas/src/methods/systemGrant.spec.ts
+++ b/packages/data-schemas/src/methods/systemGrant.spec.ts
@@ -2,8 +2,8 @@ import mongoose, { Types } from 'mongoose';
 import { PrincipalType, SystemRoles } from 'librechat-data-provider';
 import { MongoMemoryServer } from 'mongodb-memory-server';
 import type * as t from '~/types';
-import type { SystemCapability } from '~/systemCapabilities';
-import { SystemCapabilities, CapabilityImplications } from '~/systemCapabilities';
+import type { SystemCapability } from '~/types/admin';
+import { SystemCapabilities, CapabilityImplications } from '~/admin/capabilities';
 import { createSystemGrantMethods } from './systemGrant';
 import systemGrantSchema from '~/schema/systemGrant';
 import logger from '~/config/winston';
@@ -542,6 +542,74 @@ describe('systemGrant methods', () => {
       });
     });
 
+    describe('hierarchical config capabilities', () => {
+      it('manage:configs satisfies manage:configs:<section>', async () => {
+        const userId = new Types.ObjectId();
+        await methods.grantCapability({
+          principalType: PrincipalType.USER,
+          principalId: userId,
+          capability: SystemCapabilities.MANAGE_CONFIGS,
+        });
+
+        const result = await methods.hasCapabilityForPrincipals({
+          principals: [{ principalType: PrincipalType.USER, principalId: userId }],
+          capability: 'manage:configs:endpoints' as SystemCapability,
+        });
+        expect(result).toBe(true);
+      });
+
+      it('manage:configs satisfies read:configs:<section> transitively', async () => {
+        const userId = new Types.ObjectId();
+        await methods.grantCapability({
+          principalType: PrincipalType.USER,
+          principalId: userId,
+          capability: SystemCapabilities.MANAGE_CONFIGS,
+        });
+
+        const result = await methods.hasCapabilityForPrincipals({
+          principals: [{ principalType: PrincipalType.USER, principalId: userId }],
+          capability: 'read:configs:endpoints' as SystemCapability,
+        });
+        expect(result).toBe(true);
+      });
+
+      it('read:configs satisfies read:configs:<section> but NOT manage:configs:<section>', async () => {
+        const userId = new Types.ObjectId();
+        await methods.grantCapability({
+          principalType: PrincipalType.USER,
+          principalId: userId,
+          capability: SystemCapabilities.READ_CONFIGS,
+        });
+
+        const readResult = await methods.hasCapabilityForPrincipals({
+          principals: [{ principalType: PrincipalType.USER, principalId: userId }],
+          capability: 'read:configs:endpoints' as SystemCapability,
+        });
+        expect(readResult).toBe(true);
+
+        const manageResult = await methods.hasCapabilityForPrincipals({
+          principals: [{ principalType: PrincipalType.USER, principalId: userId }],
+          capability: 'manage:configs:endpoints' as SystemCapability,
+        });
+        expect(manageResult).toBe(false);
+      });
+
+      it('assign:configs satisfies assign:configs:<target>', async () => {
+        const userId = new Types.ObjectId();
+        await methods.grantCapability({
+          principalType: PrincipalType.USER,
+          principalId: userId,
+          capability: SystemCapabilities.ASSIGN_CONFIGS,
+        });
+
+        const result = await methods.hasCapabilityForPrincipals({
+          principals: [{ principalType: PrincipalType.USER, principalId: userId }],
+          capability: 'assign:configs:user' as SystemCapability,
+        });
+        expect(result).toBe(true);
+      });
+    });
+
     describe('tenant scoping', () => {
       it('tenant-scoped grant does not match platform-level query', async () => {
         const userId = new Types.ObjectId();
@@ -702,6 +770,125 @@ describe('systemGrant methods', () => {
     });
   });
 
+  describe('deleteGrantsForPrincipal', () => {
+    it('deletes all grants for a principal', async () => {
+      const groupId = new Types.ObjectId();
+
+      await methods.grantCapability({
+        principalType: PrincipalType.GROUP,
+        principalId: groupId,
+        capability: SystemCapabilities.READ_USERS,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.GROUP,
+        principalId: groupId,
+        capability: SystemCapabilities.READ_CONFIGS,
+      });
+
+      await methods.deleteGrantsForPrincipal(PrincipalType.GROUP, groupId);
+
+      const remaining = await SystemGrant.countDocuments({
+        principalType: PrincipalType.GROUP,
+        principalId: groupId,
+      });
+      expect(remaining).toBe(0);
+    });
+
+    it('is a no-op for principal with no grants', async () => {
+      const groupId = new Types.ObjectId();
+
+      await expect(
+        methods.deleteGrantsForPrincipal(PrincipalType.GROUP, groupId),
+      ).resolves.not.toThrow();
+    });
+
+    it('does not affect other principals', async () => {
+      const groupA = new Types.ObjectId();
+      const groupB = new Types.ObjectId();
+
+      await methods.grantCapability({
+        principalType: PrincipalType.GROUP,
+        principalId: groupA,
+        capability: SystemCapabilities.READ_USERS,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.GROUP,
+        principalId: groupB,
+        capability: SystemCapabilities.READ_USERS,
+      });
+
+      await methods.deleteGrantsForPrincipal(PrincipalType.GROUP, groupA);
+
+      const remainingA = await SystemGrant.countDocuments({
+        principalType: PrincipalType.GROUP,
+        principalId: groupA,
+      });
+      const remainingB = await SystemGrant.countDocuments({
+        principalType: PrincipalType.GROUP,
+        principalId: groupB,
+      });
+      expect(remainingA).toBe(0);
+      expect(remainingB).toBe(1);
+    });
+
+    it('with tenantId deletes only tenant-scoped grants, not platform-level grants', async () => {
+      // Platform-level grant (no tenantId)
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'editor',
+        capability: SystemCapabilities.READ_USERS,
+      });
+      // Tenant-scoped grant
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'editor',
+        capability: SystemCapabilities.READ_CONFIGS,
+        tenantId: 'tenant-1',
+      });
+      // Different tenant grant
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'editor',
+        capability: SystemCapabilities.READ_GROUPS,
+        tenantId: 'tenant-2',
+      });
+
+      await methods.deleteGrantsForPrincipal(PrincipalType.ROLE, 'editor', {
+        tenantId: 'tenant-1',
+      });
+
+      const remaining = await SystemGrant.find({
+        principalType: PrincipalType.ROLE,
+        principalId: 'editor',
+      }).lean();
+      const caps = remaining.map((g) => g.capability).sort();
+      // Platform-level and tenant-2 grants survive
+      expect(caps).toEqual([SystemCapabilities.READ_GROUPS, SystemCapabilities.READ_USERS]);
+    });
+
+    it('without tenantId deletes all grants across all tenants', async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'temp-role',
+        capability: SystemCapabilities.READ_USERS,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'temp-role',
+        capability: SystemCapabilities.READ_CONFIGS,
+        tenantId: 'tenant-a',
+      });
+
+      await methods.deleteGrantsForPrincipal(PrincipalType.ROLE, 'temp-role');
+
+      const remaining = await SystemGrant.countDocuments({
+        principalType: PrincipalType.ROLE,
+        principalId: 'temp-role',
+      });
+      expect(remaining).toBe(0);
+    });
+  });
+
   describe('schema validation', () => {
     it('rejects null tenantId at the schema level', async () => {
       await expect(
@@ -850,4 +1037,438 @@ describe('systemGrant methods', () => {
       expect(count).toBe(2);
     });
   });
+
+  describe('listGrants', () => {
+    beforeEach(async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.ACCESS_ADMIN,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'editor',
+        capability: SystemCapabilities.READ_USERS,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.GROUP,
+        principalId: new Types.ObjectId(),
+        capability: SystemCapabilities.READ_CONFIGS,
+      });
+    });
+
+    it('returns all platform-level grants when called without options', async () => {
+      const grants = await methods.listGrants();
+      expect(grants).toHaveLength(3);
+    });
+
+    it('respects limit parameter', async () => {
+      const grants = await methods.listGrants({ limit: 2 });
+      expect(grants).toHaveLength(2);
+    });
+
+    it('respects offset parameter', async () => {
+      const all = await methods.listGrants();
+      const page2 = await methods.listGrants({ offset: 2, limit: 10 });
+      expect(page2).toHaveLength(1);
+      expect(page2[0].capability).toBe(all[2].capability);
+    });
+
+    it('filters by principalTypes', async () => {
+      const grants = await methods.listGrants({
+        principalTypes: [PrincipalType.ROLE],
+      });
+      expect(grants).toHaveLength(2);
+      for (const g of grants) {
+        expect(g.principalType).toBe(PrincipalType.ROLE);
+      }
+    });
+
+    it('returns empty array for principalTypes with no grants', async () => {
+      const grants = await methods.listGrants({
+        principalTypes: [PrincipalType.USER],
+      });
+      expect(grants).toHaveLength(0);
+    });
+
+    it('excludes tenant-scoped grants when no tenantId provided', async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.MANAGE_USERS,
+        tenantId: 'tenant-1',
+      });
+
+      const grants = await methods.listGrants();
+      expect(grants.every((g) => !('tenantId' in g && g.tenantId))).toBe(true);
+    });
+
+    it('includes tenant and platform grants when tenantId provided', async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.MANAGE_USERS,
+        tenantId: 'tenant-1',
+      });
+
+      const grants = await methods.listGrants({ tenantId: 'tenant-1' });
+      expect(grants).toHaveLength(4);
+    });
+
+    it('sorts by principalType then capability', async () => {
+      const grants = await methods.listGrants();
+      for (let i = 1; i < grants.length; i++) {
+        const prev = `${grants[i - 1].principalType}:${grants[i - 1].capability}`;
+        const curr = `${grants[i].principalType}:${grants[i].capability}`;
+        expect(prev <= curr).toBe(true);
+      }
+    });
+  });
+
+  describe('countGrants', () => {
+    it('returns total count matching the filter', async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.ACCESS_ADMIN,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'editor',
+        capability: SystemCapabilities.READ_USERS,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.GROUP,
+        principalId: new Types.ObjectId(),
+        capability: SystemCapabilities.READ_CONFIGS,
+      });
+
+      const total = await methods.countGrants();
+      expect(total).toBe(3);
+    });
+
+    it('filters by principalTypes', async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.ACCESS_ADMIN,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.GROUP,
+        principalId: new Types.ObjectId(),
+        capability: SystemCapabilities.READ_CONFIGS,
+      });
+
+      const count = await methods.countGrants({
+        principalTypes: [PrincipalType.ROLE],
+      });
+      expect(count).toBe(1);
+    });
+
+    it('returns 0 when no grants match', async () => {
+      const count = await methods.countGrants();
+      expect(count).toBe(0);
+    });
+  });
+
+  describe('getCapabilitiesForPrincipals', () => {
+    it('returns grants across multiple principals in a single query', async () => {
+      const userId = new Types.ObjectId();
+      await methods.grantCapability({
+        principalType: PrincipalType.USER,
+        principalId: userId,
+        capability: SystemCapabilities.READ_USERS,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'editor',
+        capability: SystemCapabilities.READ_ROLES,
+      });
+
+      const grants = await methods.getCapabilitiesForPrincipals({
+        principals: [
+          { principalType: PrincipalType.USER, principalId: userId },
+          { principalType: PrincipalType.ROLE, principalId: 'editor' },
+        ],
+      });
+
+      expect(grants).toHaveLength(2);
+      const caps = grants.map((g) => g.capability).sort();
+      expect(caps).toEqual([SystemCapabilities.READ_ROLES, SystemCapabilities.READ_USERS]);
+    });
+
+    it('returns empty array for empty principals list', async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.ACCESS_ADMIN,
+      });
+
+      const grants = await methods.getCapabilitiesForPrincipals({ principals: [] });
+      expect(grants).toEqual([]);
+    });
+
+    it('returns only matching principals, not all grants', async () => {
+      const userId = new Types.ObjectId();
+      await methods.grantCapability({
+        principalType: PrincipalType.USER,
+        principalId: userId,
+        capability: SystemCapabilities.READ_USERS,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'unrelated',
+        capability: SystemCapabilities.MANAGE_ROLES,
+      });
+
+      const grants = await methods.getCapabilitiesForPrincipals({
+        principals: [{ principalType: PrincipalType.USER, principalId: userId }],
+      });
+
+      expect(grants).toHaveLength(1);
+      expect(grants[0].capability).toBe(SystemCapabilities.READ_USERS);
+    });
+
+    it('returns multiple grants for the same principal', async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.ACCESS_ADMIN,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.MANAGE_ROLES,
+      });
+
+      const grants = await methods.getCapabilitiesForPrincipals({
+        principals: [{ principalType: PrincipalType.ROLE, principalId: 'admin' }],
+      });
+
+      expect(grants).toHaveLength(2);
+    });
+
+    it('excludes tenant-scoped grants when no tenantId provided', async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.ACCESS_ADMIN,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.MANAGE_USERS,
+        tenantId: 'tenant-1',
+      });
+
+      const grants = await methods.getCapabilitiesForPrincipals({
+        principals: [{ principalType: PrincipalType.ROLE, principalId: 'admin' }],
+      });
+
+      expect(grants).toHaveLength(1);
+      expect(grants[0].capability).toBe(SystemCapabilities.ACCESS_ADMIN);
+    });
+
+    it('includes both platform and tenant grants when tenantId provided', async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.ACCESS_ADMIN,
+      });
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.MANAGE_USERS,
+        tenantId: 'tenant-1',
+      });
+
+      const grants = await methods.getCapabilitiesForPrincipals({
+        principals: [{ principalType: PrincipalType.ROLE, principalId: 'admin' }],
+        tenantId: 'tenant-1',
+      });
+
+      expect(grants).toHaveLength(2);
+    });
+
+    it('filters out PUBLIC principals before querying', async () => {
+      const userId = new Types.ObjectId();
+      await methods.grantCapability({
+        principalType: PrincipalType.USER,
+        principalId: userId,
+        capability: SystemCapabilities.READ_USERS,
+      });
+
+      const grants = await methods.getCapabilitiesForPrincipals({
+        principals: [
+          { principalType: PrincipalType.PUBLIC, principalId: '' },
+          { principalType: PrincipalType.USER, principalId: userId },
+        ],
+      });
+
+      expect(grants).toHaveLength(1);
+      expect(grants[0].capability).toBe(SystemCapabilities.READ_USERS);
+    });
+
+    it('returns empty array when all principals are PUBLIC', async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.ACCESS_ADMIN,
+      });
+
+      const grants = await methods.getCapabilitiesForPrincipals({
+        principals: [{ principalType: PrincipalType.PUBLIC, principalId: '' }],
+      });
+
+      expect(grants).toEqual([]);
+    });
+  });
+
+  describe('getHeldCapabilities', () => {
+    const userId = new Types.ObjectId();
+
+    it('returns the subset of capabilities the principals hold', async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.USER,
+        principalId: userId,
+        capability: SystemCapabilities.READ_ROLES,
+      });
+
+      const held = await methods.getHeldCapabilities({
+        principals: [{ principalType: PrincipalType.USER, principalId: userId }],
+        capabilities: [SystemCapabilities.READ_ROLES, SystemCapabilities.READ_GROUPS],
+      });
+
+      expect(held).toEqual(new Set([SystemCapabilities.READ_ROLES]));
+    });
+
+    it('returns empty set when no capabilities match', async () => {
+      const held = await methods.getHeldCapabilities({
+        principals: [{ principalType: PrincipalType.USER, principalId: new Types.ObjectId() }],
+        capabilities: [SystemCapabilities.MANAGE_ROLES],
+      });
+
+      expect(held.size).toBe(0);
+    });
+
+    it('returns empty set for empty principals', async () => {
+      const held = await methods.getHeldCapabilities({
+        principals: [],
+        capabilities: [SystemCapabilities.READ_ROLES],
+      });
+
+      expect(held.size).toBe(0);
+    });
+
+    it('returns empty set for empty capabilities', async () => {
+      const held = await methods.getHeldCapabilities({
+        principals: [{ principalType: PrincipalType.USER, principalId: userId }],
+        capabilities: [],
+      });
+
+      expect(held.size).toBe(0);
+    });
+
+    it('resolves implied capabilities via reverse implication map', async () => {
+      const implUser = new Types.ObjectId();
+      await methods.grantCapability({
+        principalType: PrincipalType.USER,
+        principalId: implUser,
+        capability: SystemCapabilities.MANAGE_ROLES,
+      });
+
+      const held = await methods.getHeldCapabilities({
+        principals: [{ principalType: PrincipalType.USER, principalId: implUser }],
+        capabilities: [SystemCapabilities.READ_ROLES, SystemCapabilities.MANAGE_GROUPS],
+      });
+
+      expect(held).toEqual(new Set([SystemCapabilities.READ_ROLES]));
+    });
+
+    it('excludes principals with undefined principalId', async () => {
+      await methods.grantCapability({
+        principalType: PrincipalType.ROLE,
+        principalId: 'admin',
+        capability: SystemCapabilities.READ_ROLES,
+      });
+
+      const held = await methods.getHeldCapabilities({
+        principals: [{ principalType: PrincipalType.ROLE }],
+        capabilities: [SystemCapabilities.READ_ROLES],
+      });
+
+      expect(held.size).toBe(0);
+    });
+
+    it('filters out PUBLIC principals', async () => {
+      const held = await methods.getHeldCapabilities({
+        principals: [{ principalType: PrincipalType.PUBLIC, principalId: '' }],
+        capabilities: [SystemCapabilities.READ_ROLES],
+      });
+
+      expect(held.size).toBe(0);
+    });
+
+    it('respects tenant scoping', async () => {
+      const tenantUser = new Types.ObjectId();
+      await methods.grantCapability({
+        principalType: PrincipalType.USER,
+        principalId: tenantUser,
+        capability: SystemCapabilities.READ_ROLES,
+        tenantId: 'tenant-a',
+      });
+
+      const held = await methods.getHeldCapabilities({
+        principals: [{ principalType: PrincipalType.USER, principalId: tenantUser }],
+        capabilities: [SystemCapabilities.READ_ROLES],
+        tenantId: 'tenant-a',
+      });
+      expect(held).toEqual(new Set([SystemCapabilities.READ_ROLES]));
+
+      const heldOther = await methods.getHeldCapabilities({
+        principals: [{ principalType: PrincipalType.USER, principalId: tenantUser }],
+        capabilities: [SystemCapabilities.READ_ROLES],
+        tenantId: 'tenant-b',
+      });
+      expect(heldOther.size).toBe(0);
+
+      const heldNoTenant = await methods.getHeldCapabilities({
+        principals: [{ principalType: PrincipalType.USER, principalId: tenantUser }],
+        capabilities: [SystemCapabilities.READ_ROLES],
+      });
+      expect(heldNoTenant.size).toBe(0);
+    });
+
+    it('resolves extended capability when principal holds the parent base capability', async () => {
+      const extUser = new Types.ObjectId();
+      await methods.grantCapability({
+        principalType: PrincipalType.USER,
+        principalId: extUser,
+        capability: SystemCapabilities.MANAGE_CONFIGS,
+      });
+
+      const held = await methods.getHeldCapabilities({
+        principals: [{ principalType: PrincipalType.USER, principalId: extUser }],
+        capabilities: ['manage:configs:endpoints' as SystemCapability],
+      });
+
+      expect(held).toEqual(new Set(['manage:configs:endpoints']));
+    });
+
+    it('does not resolve extended capability when principal holds a different verb parent', async () => {
+      const readOnlyUser = new Types.ObjectId();
+      await methods.grantCapability({
+        principalType: PrincipalType.USER,
+        principalId: readOnlyUser,
+        capability: SystemCapabilities.READ_CONFIGS,
+      });
+
+      const held = await methods.getHeldCapabilities({
+        principals: [{ principalType: PrincipalType.USER, principalId: readOnlyUser }],
+        capabilities: ['manage:configs:endpoints' as SystemCapability],
+      });
+
+      expect(held.size).toBe(0);
+    });
+  });
 });
diff --git a/packages/data-schemas/src/methods/systemGrant.ts b/packages/data-schemas/src/methods/systemGrant.ts
index f0f389d762..5b31619706 100644
--- a/packages/data-schemas/src/methods/systemGrant.ts
+++ b/packages/data-schemas/src/methods/systemGrant.ts
@@ -1,8 +1,9 @@
 import { PrincipalType, SystemRoles } from 'librechat-data-provider';
-import type { Types, Model, ClientSession } from 'mongoose';
-import type { SystemCapability } from '~/systemCapabilities';
+import type { Types, Model, ClientSession, FilterQuery } from 'mongoose';
+import type { SystemCapability } from '~/types/admin';
 import type { ISystemGrant } from '~/types';
-import { SystemCapabilities, CapabilityImplications } from '~/systemCapabilities';
+import { SystemCapabilities, CapabilityImplications } from '~/admin/capabilities';
+import { tenantSafeBulkWrite } from '~/utils/tenantBulkWrite';
 import { normalizePrincipalId } from '~/utils/principal';
 import logger from '~/config/winston';
 
@@ -18,7 +19,40 @@ for (const [broad, implied] of Object.entries(CapabilityImplications)) {
   }
 }
 
+const baseCapabilityValues = new Set<string>(Object.values(SystemCapabilities));
+
+/**
+ * For a section/assignment capability like `manage:configs:endpoints` or
+ * `assign:configs:user`, returns all base capabilities that subsume it:
+ * the direct parent (`manage:configs`) plus any that imply the parent
+ * via `reverseImplications` (`manage:configs` has no reverse, but
+ * `read:configs` is implied by `manage:configs`—so `read:configs:endpoints`
+ * is satisfied by holding `manage:configs`).
+ */
+function getParentCapabilities(capability: string): string[] {
+  const lastColon = capability.lastIndexOf(':');
+  if (lastColon === -1) {
+    return [];
+  }
+  const parent = capability.slice(0, lastColon);
+  if (!baseCapabilityValues.has(parent)) {
+    return [];
+  }
+  const parents = [parent];
+  const implied = reverseImplications[parent as keyof typeof reverseImplications];
+  if (implied) {
+    parents.push(...implied);
+  }
+  return parents;
+}
+
 export function createSystemGrantMethods(mongoose: typeof import('mongoose')) {
+  function tenantCondition(tenantId?: string): FilterQuery<ISystemGrant> {
+    return tenantId != null
+      ? { $and: [{ $or: [{ tenantId }, { tenantId: { $exists: false } }] }] }
+      : { tenantId: { $exists: false } };
+  }
+
   /**
    * Check if any of the given principals holds a specific capability.
    * Follows the same principal-resolution pattern as AclEntry:
@@ -39,31 +73,99 @@ export function createSystemGrantMethods(mongoose: typeof import('mongoose')) {
   }): Promise<boolean> {
     const SystemGrant = mongoose.models.SystemGrant as Model<ISystemGrant>;
     const principalsQuery = principals
-      .filter((p) => p.principalType !== PrincipalType.PUBLIC)
-      .map((p) => ({ principalType: p.principalType, principalId: p.principalId }));
+      .filter(
+        (p): p is typeof p & { principalId: string | Types.ObjectId } =>
+          p.principalType !== PrincipalType.PUBLIC && p.principalId != null,
+      )
+      .map((p) => ({
+        principalType: p.principalType,
+        principalId: normalizePrincipalId(p.principalId, p.principalType),
+      }));
 
     if (!principalsQuery.length) {
       return false;
     }
 
     const impliedBy = reverseImplications[capability as keyof typeof reverseImplications] ?? [];
-    const capabilityQuery = impliedBy.length ? { $in: [capability, ...impliedBy] } : capability;
+    const parents = getParentCapabilities(capability);
+    const allMatches = [capability, ...impliedBy, ...parents];
+    const capabilityQuery = allMatches.length > 1 ? { $in: allMatches } : capability;
 
-    const query: Record<string, unknown> = {
+    const query: FilterQuery<ISystemGrant> = {
       $or: principalsQuery,
       capability: capabilityQuery,
+      ...tenantCondition(tenantId),
     };
 
-    if (tenantId != null) {
-      query.$and = [{ $or: [{ tenantId }, { tenantId: { $exists: false } }] }];
-    } else {
-      query.tenantId = { $exists: false };
-    }
-
     const doc = await SystemGrant.exists(query);
     return doc != null;
   }
 
+  /**
+   * Returns the subset of `capabilities` that any of the given principals hold.
+   * Single DB round-trip — replaces N parallel `hasCapabilityForPrincipals` calls.
+   */
+  async function getHeldCapabilities({
+    principals,
+    capabilities,
+    tenantId,
+  }: {
+    principals: Array<{ principalType: PrincipalType; principalId?: string | Types.ObjectId }>;
+    capabilities: SystemCapability[];
+    tenantId?: string;
+  }): Promise<Set<SystemCapability>> {
+    const SystemGrant = mongoose.models.SystemGrant as Model<ISystemGrant>;
+    const principalsQuery = principals
+      .filter(
+        (p): p is typeof p & { principalId: string | Types.ObjectId } =>
+          p.principalType !== PrincipalType.PUBLIC && p.principalId != null,
+      )
+      .map((p) => ({
+        principalType: p.principalType,
+        principalId: normalizePrincipalId(p.principalId, p.principalType as PrincipalType),
+      }));
+
+    if (!principalsQuery.length || !capabilities.length) {
+      return new Set();
+    }
+
+    const allCaps = new Set<string>([
+      ...capabilities,
+      ...capabilities.flatMap(
+        (cap) => reverseImplications[cap as keyof typeof reverseImplications] ?? [],
+      ),
+      ...capabilities.flatMap(getParentCapabilities),
+    ]);
+
+    const docs = await SystemGrant.find(
+      {
+        $or: principalsQuery,
+        capability: { $in: [...allCaps] },
+        ...tenantCondition(tenantId),
+      },
+      { capability: 1, _id: 0 },
+    ).lean();
+
+    const held = new Set<string>(docs.map((d) => d.capability));
+    const result = new Set<SystemCapability>();
+    for (const cap of capabilities) {
+      if (held.has(cap)) {
+        result.add(cap);
+        continue;
+      }
+      const implied = reverseImplications[cap as keyof typeof reverseImplications];
+      if (implied?.some((imp) => held.has(imp))) {
+        result.add(cap);
+        continue;
+      }
+      if (getParentCapabilities(cap).some((p) => held.has(p))) {
+        result.add(cap);
+      }
+    }
+
+    return result;
+  }
+
   /**
    * Grant a capability to a principal. Upsert — idempotent.
    */
@@ -87,18 +189,13 @@ export function createSystemGrantMethods(mongoose: typeof import('mongoose')) {
 
     const normalizedPrincipalId = normalizePrincipalId(principalId, principalType);
 
-    const filter: Record<string, unknown> = {
+    const filter: FilterQuery<ISystemGrant> = {
       principalType,
       principalId: normalizedPrincipalId,
       capability,
+      tenantId: tenantId != null ? tenantId : { $exists: false },
     };
 
-    if (tenantId != null) {
-      filter.tenantId = tenantId;
-    } else {
-      filter.tenantId = { $exists: false };
-    }
-
     const update = {
       $set: {
         grantedAt: new Date(),
@@ -149,18 +246,13 @@ export function createSystemGrantMethods(mongoose: typeof import('mongoose')) {
 
     const normalizedPrincipalId = normalizePrincipalId(principalId, principalType);
 
-    const filter: Record<string, unknown> = {
+    const filter: FilterQuery<ISystemGrant> = {
       principalType,
       principalId: normalizedPrincipalId,
       capability,
+      tenantId: tenantId != null ? tenantId : { $exists: false },
     };
 
-    if (tenantId != null) {
-      filter.tenantId = tenantId;
-    } else {
-      filter.tenantId = { $exists: false };
-    }
-
     const options = session ? { session } : {};
     await SystemGrant.deleteOne(filter, options);
   }
@@ -180,22 +272,87 @@ export function createSystemGrantMethods(mongoose: typeof import('mongoose')) {
   }): Promise<ISystemGrant[]> {
     const SystemGrant = mongoose.models.SystemGrant as Model<ISystemGrant>;
 
-    const filter: Record<string, unknown> = {
+    const filter: FilterQuery<ISystemGrant> = {
       principalType,
       principalId: normalizePrincipalId(principalId, principalType),
+      ...tenantCondition(tenantId),
     };
 
-    if (tenantId != null) {
-      filter.$or = [{ tenantId }, { tenantId: { $exists: false } }];
-    } else {
-      filter.tenantId = { $exists: false };
+    return await SystemGrant.find(filter).lean();
+  }
+
+  const GRANTS_DEFAULT_LIMIT = 50;
+  const GRANTS_MAX_LIMIT = 200;
+
+  async function listGrants(options?: {
+    tenantId?: string;
+    principalTypes?: PrincipalType[];
+    limit?: number;
+    offset?: number;
+  }): Promise<ISystemGrant[]> {
+    const SystemGrant = mongoose.models.SystemGrant as Model<ISystemGrant>;
+    const limit = Math.min(GRANTS_MAX_LIMIT, Math.max(1, options?.limit ?? GRANTS_DEFAULT_LIMIT));
+    const offset = options?.offset ?? 0;
+    const filter: FilterQuery<ISystemGrant> = {
+      ...(options?.principalTypes?.length && { principalType: { $in: options.principalTypes } }),
+      ...tenantCondition(options?.tenantId),
+    };
+
+    return SystemGrant.find(filter)
+      .sort({ principalType: 1, capability: 1 })
+      .skip(offset)
+      .limit(limit)
+      .lean();
+  }
+
+  async function countGrants(options?: {
+    tenantId?: string;
+    principalTypes?: PrincipalType[];
+  }): Promise<number> {
+    const SystemGrant = mongoose.models.SystemGrant as Model<ISystemGrant>;
+    const filter: FilterQuery<ISystemGrant> = {
+      ...(options?.principalTypes?.length && { principalType: { $in: options.principalTypes } }),
+      ...tenantCondition(options?.tenantId),
+    };
+
+    return SystemGrant.countDocuments(filter);
+  }
+
+  async function getCapabilitiesForPrincipals({
+    principals,
+    tenantId,
+  }: {
+    principals: Array<{ principalType: PrincipalType; principalId: string | Types.ObjectId }>;
+    tenantId?: string;
+  }): Promise<ISystemGrant[]> {
+    if (!principals.length) {
+      return [];
     }
 
+    const SystemGrant = mongoose.models.SystemGrant as Model<ISystemGrant>;
+    const principalsQuery = principals
+      .filter((p) => p.principalType !== PrincipalType.PUBLIC)
+      .map((p) => ({
+        principalType: p.principalType,
+        principalId: normalizePrincipalId(p.principalId, p.principalType),
+      }));
+
+    if (!principalsQuery.length) {
+      return [];
+    }
+
+    const filter: FilterQuery<ISystemGrant> = {
+      $or: principalsQuery,
+      ...tenantCondition(tenantId),
+    };
+
     return await SystemGrant.find(filter).lean();
   }
 
   /**
-   * Seed the ADMIN role with all system capabilities (no tenantId — single-instance mode).
+   * Seed the ADMIN role with all system capabilities.
+   * Context-agnostic: caller provides tenant context (e.g., `runAsSystem()` for
+   * startup, `tenantStorage.run()` for future per-tenant provisioning).
    * Idempotent and concurrency-safe: uses bulkWrite with ordered:false so parallel
    * server instances (K8s rolling deploy, PM2 cluster) do not race on E11000.
    * Retries up to 3 times with exponential backoff on transient failures.
@@ -225,7 +382,7 @@ export function createSystemGrantMethods(mongoose: typeof import('mongoose')) {
             upsert: true,
           },
         }));
-        await SystemGrant.bulkWrite(ops, { ordered: false });
+        await tenantSafeBulkWrite(SystemGrant, ops, { ordered: false });
         return;
       } catch (err) {
         if (attempt < maxRetries) {
@@ -246,12 +403,44 @@ export function createSystemGrantMethods(mongoose: typeof import('mongoose')) {
     }
   }
 
+  /**
+   * Delete system grants for a principal.
+   * Used for cascade cleanup when a principal (group, role) is deleted.
+   *
+   * When `tenantId` is provided, only grants scoped to **exactly** that
+   * tenant are removed — platform-level grants (no tenantId) are left
+   * intact so they continue to serve other tenants.
+   * When `tenantId` is omitted, ALL grants for the principal are removed
+   * regardless of tenant scope.
+   */
+  async function deleteGrantsForPrincipal(
+    principalType: PrincipalType,
+    principalId: string | Types.ObjectId,
+    options?: { tenantId?: string; session?: ClientSession },
+  ): Promise<void> {
+    const SystemGrant = mongoose.models.SystemGrant as Model<ISystemGrant>;
+    const normalizedPrincipalId = normalizePrincipalId(principalId, principalType);
+
+    const filter: FilterQuery<ISystemGrant> = {
+      principalType,
+      principalId: normalizedPrincipalId,
+      ...(options?.tenantId != null && { tenantId: options.tenantId }),
+    };
+    const queryOptions = options?.session ? { session: options.session } : {};
+    await SystemGrant.deleteMany(filter, queryOptions);
+  }
+
   return {
     grantCapability,
     seedSystemGrants,
     revokeCapability,
     hasCapabilityForPrincipals,
+    getHeldCapabilities,
+    listGrants,
+    countGrants,
     getCapabilitiesForPrincipal,
+    getCapabilitiesForPrincipals,
+    deleteGrantsForPrincipal,
   };
 }
 
diff --git a/packages/data-schemas/src/methods/tx.ts b/packages/data-schemas/src/methods/tx.ts
index a1be4190ba..a048874457 100644
--- a/packages/data-schemas/src/methods/tx.ts
+++ b/packages/data-schemas/src/methods/tx.ts
@@ -387,7 +387,7 @@ export function createTxMethods(_mongoose: typeof import('mongoose'), txDeps: Tx
   function getPremiumRate(
     valueKey: string,
     tokenType: string,
-    inputTokenCount?: number,
+    inputTokenCount?: number | null,
   ): number | null {
     if (inputTokenCount == null) {
       return null;
diff --git a/packages/data-schemas/src/methods/user.methods.spec.ts b/packages/data-schemas/src/methods/user.methods.spec.ts
index 9fd33c5031..90f9100d1d 100644
--- a/packages/data-schemas/src/methods/user.methods.spec.ts
+++ b/packages/data-schemas/src/methods/user.methods.spec.ts
@@ -620,4 +620,62 @@ describe('User Methods - Database Tests', () => {
       expect(found?.provider).toBe('saml');
     });
   });
+
+  describe('findUsers with options', () => {
+    beforeEach(async () => {
+      await User.create([
+        { name: 'Alice', email: 'alice@example.com', provider: 'local' },
+        { name: 'Bob', email: 'bob@example.com', provider: 'local' },
+        { name: 'Charlie', email: 'charlie@example.com', provider: 'local' },
+        { name: 'Diana', email: 'diana@example.com', provider: 'local' },
+        { name: 'Eve', email: 'eve@example.com', provider: 'local' },
+      ]);
+    });
+
+    test('limit restricts the number of returned documents', async () => {
+      const users = await methods.findUsers({}, null, { limit: 2 });
+      expect(users).toHaveLength(2);
+    });
+
+    test('offset skips the first N documents', async () => {
+      const all = await methods.findUsers({}, 'name', { sort: { name: 1 } });
+      const skipped = await methods.findUsers({}, 'name', { offset: 2, sort: { name: 1 } });
+
+      expect(skipped).toHaveLength(3);
+      expect(skipped[0].name).toBe(all[2].name);
+    });
+
+    test('sort orders results by the specified field', async () => {
+      const asc = await methods.findUsers({}, 'name', { sort: { name: 1 } });
+      const desc = await methods.findUsers({}, 'name', { sort: { name: -1 } });
+
+      expect(asc[0].name).toBe('Alice');
+      expect(asc[4].name).toBe('Eve');
+      expect(desc[0].name).toBe('Eve');
+      expect(desc[4].name).toBe('Alice');
+    });
+
+    test('limit + offset returns the correct page', async () => {
+      const sorted = await methods.findUsers({}, 'name', { sort: { name: 1 } });
+      const page2 = await methods.findUsers({}, 'name', {
+        limit: 2,
+        offset: 2,
+        sort: { name: 1 },
+      });
+
+      expect(page2).toHaveLength(2);
+      expect(page2[0].name).toBe(sorted[2].name);
+      expect(page2[1].name).toBe(sorted[3].name);
+    });
+
+    test('limit of 0 does not restrict results', async () => {
+      const users = await methods.findUsers({}, null, { limit: 0 });
+      expect(users).toHaveLength(5);
+    });
+
+    test('returns all documents when no options provided', async () => {
+      const users = await methods.findUsers({});
+      expect(users).toHaveLength(5);
+    });
+  });
 });
diff --git a/packages/data-schemas/src/methods/user.test.ts b/packages/data-schemas/src/methods/user.test.ts
index 522e4fe158..5e557805e4 100644
--- a/packages/data-schemas/src/methods/user.test.ts
+++ b/packages/data-schemas/src/methods/user.test.ts
@@ -18,7 +18,7 @@ describe('User Methods', () => {
 
   describe('generateToken', () => {
     const mockUser = {
-      _id: 'user123',
+      _id: new mongoose.Types.ObjectId('aaaaaaaaaaaaaaaaaaaaaaaa'),
       username: 'testuser',
       provider: 'local',
       email: 'test@example.com',
diff --git a/packages/data-schemas/src/methods/user.ts b/packages/data-schemas/src/methods/user.ts
index 74cb4a1e1c..3c886f8b16 100644
--- a/packages/data-schemas/src/methods/user.ts
+++ b/packages/data-schemas/src/methods/user.ts
@@ -35,13 +35,36 @@ export function createUserMethods(mongoose: typeof import('mongoose')) {
     searchCriteria: FilterQuery<IUser>,
     fieldsToSelect?: string | string[] | null,
   ): Promise<IUser | null> {
-    const User = mongoose.models.User;
+    const User = mongoose.models.User as mongoose.Model<IUser>;
     const normalizedCriteria = normalizeEmailInCriteria(searchCriteria);
     const query = User.findOne(normalizedCriteria);
     if (fieldsToSelect) {
       query.select(fieldsToSelect);
     }
-    return (await query.lean()) as IUser | null;
+    return await query.lean();
+  }
+
+  async function findUsers(
+    searchCriteria: FilterQuery<IUser>,
+    fieldsToSelect?: string | string[] | null,
+    options?: { limit?: number; offset?: number; sort?: Record<string, 1 | -1> },
+  ): Promise<IUser[]> {
+    const User = mongoose.models.User as mongoose.Model<IUser>;
+    const normalizedCriteria = normalizeEmailInCriteria(searchCriteria);
+    const query = User.find(normalizedCriteria);
+    if (fieldsToSelect) {
+      query.select(fieldsToSelect);
+    }
+    if (options?.sort != null) {
+      query.sort(options.sort);
+    }
+    if (options?.offset != null) {
+      query.skip(options.offset);
+    }
+    if (options?.limit != null && options.limit > 0) {
+      query.limit(options.limit);
+    }
+    return (await query.lean()) as IUser[];
   }
 
   /**
@@ -288,8 +311,6 @@ export function createUserMethods(mongoose: typeof import('mongoose')) {
       .sort((a, b) => b._searchScore - a._searchScore)
       .slice(0, limit)
       .map((user) => {
-        // Remove the search score from final results
-        // eslint-disable-next-line @typescript-eslint/no-unused-vars
         const { _searchScore, ...userWithoutScore } = user;
         return userWithoutScore;
       });
@@ -323,6 +344,7 @@ export function createUserMethods(mongoose: typeof import('mongoose')) {
 
   return {
     findUser,
+    findUsers,
     countUsers,
     createUser,
     updateUser,
diff --git a/packages/data-schemas/src/methods/userGroup.methods.spec.ts b/packages/data-schemas/src/methods/userGroup.methods.spec.ts
index 8a31544018..51848de091 100644
--- a/packages/data-schemas/src/methods/userGroup.methods.spec.ts
+++ b/packages/data-schemas/src/methods/userGroup.methods.spec.ts
@@ -600,6 +600,155 @@ describe('UserGroup Methods - Detailed Tests', () => {
     });
   });
 
+  describe('listGroups', () => {
+    beforeEach(async () => {
+      await Group.create([
+        { name: 'Beta', source: 'local', memberIds: [], email: 'beta@test.com' },
+        { name: 'Alpha', source: 'local', memberIds: [], description: 'first group' },
+        { name: 'Gamma', source: 'entra', idOnTheSource: 'ext-g', memberIds: [] },
+      ]);
+    });
+
+    test('returns groups sorted by name', async () => {
+      const groups = await methods.listGroups();
+
+      expect(groups).toHaveLength(3);
+      expect(groups[0].name).toBe('Alpha');
+      expect(groups[1].name).toBe('Beta');
+      expect(groups[2].name).toBe('Gamma');
+    });
+
+    test('filters by source', async () => {
+      const groups = await methods.listGroups({ source: 'entra' });
+
+      expect(groups).toHaveLength(1);
+      expect(groups[0].name).toBe('Gamma');
+    });
+
+    test('filters by search (name)', async () => {
+      const groups = await methods.listGroups({ search: 'alpha' });
+
+      expect(groups).toHaveLength(1);
+      expect(groups[0].name).toBe('Alpha');
+    });
+
+    test('filters by search (email)', async () => {
+      const groups = await methods.listGroups({ search: 'beta@test' });
+
+      expect(groups).toHaveLength(1);
+      expect(groups[0].name).toBe('Beta');
+    });
+
+    test('filters by search (description)', async () => {
+      const groups = await methods.listGroups({ search: 'first group' });
+
+      expect(groups).toHaveLength(1);
+      expect(groups[0].name).toBe('Alpha');
+    });
+
+    test('respects limit and offset', async () => {
+      const groups = await methods.listGroups({ limit: 1, offset: 1 });
+
+      expect(groups).toHaveLength(1);
+      expect(groups[0].name).toBe('Beta');
+    });
+
+    test('returns empty for no matches', async () => {
+      const groups = await methods.listGroups({ search: 'nonexistent' });
+
+      expect(groups).toHaveLength(0);
+    });
+  });
+
+  describe('countGroups', () => {
+    beforeEach(async () => {
+      await Group.create([
+        { name: 'A', source: 'local', memberIds: [] },
+        { name: 'B', source: 'local', memberIds: [] },
+        { name: 'C', source: 'entra', idOnTheSource: 'ext-c', memberIds: [] },
+      ]);
+    });
+
+    test('returns total count', async () => {
+      const count = await methods.countGroups();
+
+      expect(count).toBe(3);
+    });
+
+    test('respects source filter', async () => {
+      const count = await methods.countGroups({ source: 'local' });
+
+      expect(count).toBe(2);
+    });
+
+    test('respects search filter', async () => {
+      const count = await methods.countGroups({ search: 'A' });
+
+      expect(count).toBe(1);
+    });
+  });
+
+  describe('deleteGroup', () => {
+    test('returns deleted group', async () => {
+      const group = await Group.create({ name: 'ToDelete', source: 'local', memberIds: [] });
+
+      const deleted = await methods.deleteGroup(group._id as mongoose.Types.ObjectId);
+
+      expect(deleted).toBeDefined();
+      expect(deleted?.name).toBe('ToDelete');
+      const remaining = await Group.findById(group._id);
+      expect(remaining).toBeNull();
+    });
+
+    test('returns null for non-existent ID', async () => {
+      const fakeId = new mongoose.Types.ObjectId();
+      const result = await methods.deleteGroup(fakeId);
+
+      expect(result).toBeNull();
+    });
+  });
+
+  describe('removeMemberById', () => {
+    test('removes member from memberIds array', async () => {
+      const group = await Group.create({
+        name: 'Test',
+        source: 'local',
+        memberIds: ['m1', 'm2', 'm3'],
+      });
+
+      const updated = await methods.removeMemberById(
+        group._id as mongoose.Types.ObjectId,
+        'm2',
+      );
+
+      expect(updated).toBeDefined();
+      expect(updated?.memberIds).toEqual(['m1', 'm3']);
+    });
+
+    test('is idempotent when memberId not present', async () => {
+      const group = await Group.create({
+        name: 'Test',
+        source: 'local',
+        memberIds: ['m1'],
+      });
+
+      const updated = await methods.removeMemberById(
+        group._id as mongoose.Types.ObjectId,
+        'nonexistent',
+      );
+
+      expect(updated).toBeDefined();
+      expect(updated?.memberIds).toEqual(['m1']);
+    });
+
+    test('returns null for non-existent group', async () => {
+      const fakeId = new mongoose.Types.ObjectId();
+      const result = await methods.removeMemberById(fakeId, 'any-id');
+
+      expect(result).toBeNull();
+    });
+  });
+
   describe('sortPrincipalsByRelevance', () => {
     test('should sort principals by relevance score', async () => {
       const principals = [
diff --git a/packages/data-schemas/src/methods/userGroup.spec.ts b/packages/data-schemas/src/methods/userGroup.spec.ts
index 675fdb2592..ca83ced7d9 100644
--- a/packages/data-schemas/src/methods/userGroup.spec.ts
+++ b/packages/data-schemas/src/methods/userGroup.spec.ts
@@ -496,7 +496,7 @@ describe('userGroup methods', () => {
     it('returns the updated user document', async () => {
       const user = await createTestUser({ idOnTheSource: 'user-ext-1' });
       const { user: updatedUser } = await methods.syncUserEntraGroups(user._id, []);
-      expect(updatedUser._id.toString()).toBe(user._id.toString());
+      expect((updatedUser._id as Types.ObjectId).toString()).toBe(user._id.toString());
     });
   });
 
diff --git a/packages/data-schemas/src/methods/userGroup.ts b/packages/data-schemas/src/methods/userGroup.ts
index 5e11c26135..0e6b57adb2 100644
--- a/packages/data-schemas/src/methods/userGroup.ts
+++ b/packages/data-schemas/src/methods/userGroup.ts
@@ -1,8 +1,9 @@
 import { Types } from 'mongoose';
 import { PrincipalType } from 'librechat-data-provider';
 import type { TUser, TPrincipalSearchResult } from 'librechat-data-provider';
-import type { Model, ClientSession } from 'mongoose';
+import type { Model, ClientSession, FilterQuery } from 'mongoose';
 import type { IGroup, IRole, IUser } from '~/types';
+import { escapeRegExp } from '~/utils/string';
 
 export function createUserGroupMethods(mongoose: typeof import('mongoose')) {
   /**
@@ -14,7 +15,7 @@ export function createUserGroupMethods(mongoose: typeof import('mongoose')) {
    */
   async function findGroupById(
     groupId: string | Types.ObjectId,
-    projection: Record<string, unknown> = {},
+    projection: Record<string, 0 | 1> = {},
     session?: ClientSession,
   ): Promise<IGroup | null> {
     const Group = mongoose.models.Group as Model<IGroup>;
@@ -36,7 +37,7 @@ export function createUserGroupMethods(mongoose: typeof import('mongoose')) {
   async function findGroupByExternalId(
     idOnTheSource: string,
     source: 'entra' | 'local' = 'entra',
-    projection: Record<string, unknown> = {},
+    projection: Record<string, 0 | 1> = {},
     session?: ClientSession,
   ): Promise<IGroup | null> {
     const Group = mongoose.models.Group as Model<IGroup>;
@@ -236,34 +237,42 @@ export function createUserGroupMethods(mongoose: typeof import('mongoose')) {
   }
 
   /**
-   * Get a list of all principal identifiers for a user (user ID + group IDs + public)
-   * For use in permission checks
+   * Get a list of all principal identifiers for a user (user ID + group IDs + public).
+   * For use in permission checks.
+   *
+   * Tenant filtering for group memberships is handled automatically by the
+   * `applyTenantIsolation` Mongoose plugin on the Group schema. The
+   * `tenantContextMiddleware` (chained by `requireJwtAuth` after passport auth)
+   * sets the ALS context, so `getUserGroups()` → `findGroupsByMemberId()` queries
+   * are scoped to the requesting tenant. No explicit tenantId parameter is needed.
+   *
+   * IMPORTANT: This relies on the ALS tenant context being active. If this
+   * function is called outside a request context (e.g. startup, background jobs),
+   * group queries will be unscoped. In strict mode, the Mongoose plugin will
+   * reject such queries.
+   *
+   * Ref: #12091 (resolved by tenant context middleware in requireJwtAuth)
+   *
    * @param params - Parameters object
    * @param params.userId - The user ID
    * @param params.role - Optional user role (if not provided, will query from DB)
    * @param session - Optional MongoDB session for transactions
    * @returns Array of principal objects with type and id
    */
-  /**
-   * TODO(#12091): This method has no tenantId parameter — it returns ALL group
-   * memberships for a user regardless of tenant. In multi-tenant mode, group
-   * principals from other tenants will be included in capability checks, which
-   * could grant cross-tenant capabilities. Add tenantId filtering here when
-   * tenant isolation is activated.
-   */
   async function getUserPrincipals(
     params: {
       userId: string | Types.ObjectId;
       role?: string | null;
     },
     session?: ClientSession,
-  ): Promise<Array<{ principalType: string; principalId?: string | Types.ObjectId }>> {
+  ): Promise<Array<{ principalType: PrincipalType; principalId?: string | Types.ObjectId }>> {
     const { userId, role } = params;
     /** `userId` must be an `ObjectId` for USER principal since ACL entries store `ObjectId`s */
     const userObjectId = typeof userId === 'string' ? new Types.ObjectId(userId) : userId;
-    const principals: Array<{ principalType: string; principalId?: string | Types.ObjectId }> = [
-      { principalType: PrincipalType.USER, principalId: userObjectId },
-    ];
+    const principals: Array<{
+      principalType: PrincipalType;
+      principalId?: string | Types.ObjectId;
+    }> = [{ principalType: PrincipalType.USER, principalId: userObjectId }];
 
     // If role is not provided, query user to get it
     let userRole = role;
@@ -651,6 +660,97 @@ export function createUserGroupMethods(mongoose: typeof import('mongoose')) {
     return Group.updateMany(filter, update, options || {});
   }
 
+  function buildGroupQuery(filter: {
+    source?: 'local' | 'entra';
+    search?: string;
+  }): FilterQuery<IGroup> {
+    const query: FilterQuery<IGroup> = {};
+    if (filter.source) {
+      query.source = filter.source;
+    }
+    if (filter.search) {
+      const regex = new RegExp(escapeRegExp(filter.search), 'i');
+      query.$or = [{ name: regex }, { email: regex }, { description: regex }];
+    }
+    return query;
+  }
+
+  /**
+   * List groups with optional source, search, and pagination filters.
+   * Results are sorted by name.
+   * @param filter - Optional filter with source, search, limit, and offset fields
+   * @param session - Optional MongoDB session for transactions
+   */
+  async function listGroups(
+    filter: {
+      source?: 'local' | 'entra';
+      search?: string;
+      limit?: number;
+      offset?: number;
+    } = {},
+    session?: ClientSession,
+  ): Promise<IGroup[]> {
+    const Group = mongoose.models.Group as Model<IGroup>;
+    const query = buildGroupQuery(filter);
+    const limit = filter.limit ?? 50;
+    const offset = filter.offset ?? 0;
+    return await Group.find(query)
+      .sort({ name: 1 })
+      .skip(offset)
+      .limit(limit)
+      .session(session ?? null)
+      .lean();
+  }
+
+  /**
+   * Count groups matching optional source and search filters.
+   * @param filter - Optional filter with source and search fields
+   * @param session - Optional MongoDB session for transactions
+   */
+  async function countGroups(
+    filter: { source?: 'local' | 'entra'; search?: string } = {},
+    session?: ClientSession,
+  ): Promise<number> {
+    const Group = mongoose.models.Group as Model<IGroup>;
+    const query = buildGroupQuery(filter);
+    return await Group.countDocuments(query).session(session ?? null);
+  }
+
+  /**
+   * Delete a group by its ID.
+   * @param groupId - The group's ObjectId
+   * @param session - Optional MongoDB session for transactions
+   */
+  async function deleteGroup(
+    groupId: string | Types.ObjectId,
+    session?: ClientSession,
+  ): Promise<IGroup | null> {
+    const Group = mongoose.models.Group as Model<IGroup>;
+    const options = session ? { session } : {};
+    return await Group.findByIdAndDelete(groupId, options).lean();
+  }
+
+  /**
+   * Remove a member from a group by raw memberId string ($pull from memberIds).
+   * Unlike removeUserFromGroup, this does not look up the user first.
+   * @param groupId - The group's ObjectId
+   * @param memberId - The raw memberId string to remove (ObjectId or idOnTheSource)
+   * @param session - Optional MongoDB session for transactions
+   */
+  async function removeMemberById(
+    groupId: string | Types.ObjectId,
+    memberId: string,
+    session?: ClientSession,
+  ): Promise<IGroup | null> {
+    const Group = mongoose.models.Group as Model<IGroup>;
+    const options = { new: true, ...(session ? { session } : {}) };
+    return await Group.findByIdAndUpdate(
+      groupId,
+      { $pull: { memberIds: memberId } },
+      options,
+    ).lean();
+  }
+
   return {
     findGroupById,
     findGroupByExternalId,
@@ -670,6 +770,10 @@ export function createUserGroupMethods(mongoose: typeof import('mongoose')) {
     searchPrincipals,
     calculateRelevanceScore,
     sortPrincipalsByRelevance,
+    listGroups,
+    countGroups,
+    deleteGroup,
+    removeMemberById,
   };
 }
 
diff --git a/packages/data-schemas/src/migrations/promptGroupIndexes.ts b/packages/data-schemas/src/migrations/promptGroupIndexes.ts
index 4b6013c9e4..2d389f3f09 100644
--- a/packages/data-schemas/src/migrations/promptGroupIndexes.ts
+++ b/packages/data-schemas/src/migrations/promptGroupIndexes.ts
@@ -18,7 +18,7 @@ export async function dropSupersededPromptGroupIndexes(
 
   let collection;
   try {
-    collection = connection.db.collection(collectionName);
+    collection = connection.db!.collection(collectionName);
   } catch {
     result.skipped.push(
       ...SUPERSEDED_PROMPT_GROUP_INDEXES.map(
diff --git a/packages/data-schemas/src/migrations/tenantIndexes.spec.ts b/packages/data-schemas/src/migrations/tenantIndexes.spec.ts
index 4637e7d0ad..6a0987d757 100644
--- a/packages/data-schemas/src/migrations/tenantIndexes.spec.ts
+++ b/packages/data-schemas/src/migrations/tenantIndexes.spec.ts
@@ -1,4 +1,4 @@
-import mongoose, { Schema } from 'mongoose';
+import mongoose from 'mongoose';
 import { MongoMemoryServer } from 'mongodb-memory-server';
 import { dropSupersededTenantIndexes, SUPERSEDED_INDEXES } from './tenantIndexes';
 
@@ -24,7 +24,7 @@ afterAll(async () => {
 describe('dropSupersededTenantIndexes', () => {
   describe('with pre-existing single-field unique indexes (simulates upgrade)', () => {
     beforeAll(async () => {
-      const db = mongoose.connection.db;
+      const db = mongoose.connection.db!;
 
       await db.createCollection('users');
       const users = db.collection('users');
@@ -47,7 +47,13 @@ describe('dropSupersededTenantIndexes', () => {
       await db.createCollection('roles');
       await db.collection('roles').createIndex({ name: 1 }, { unique: true, name: 'name_1' });
 
+      await db.createCollection('agents');
+      await db.collection('agents').createIndex({ id: 1 }, { unique: true, name: 'id_1' });
+
       await db.createCollection('conversations');
+      await db
+        .collection('conversations')
+        .createIndex({ conversationId: 1 }, { unique: true, name: 'conversationId_1' });
       await db
         .collection('conversations')
         .createIndex(
@@ -56,10 +62,18 @@ describe('dropSupersededTenantIndexes', () => {
         );
 
       await db.createCollection('messages');
+      await db
+        .collection('messages')
+        .createIndex({ messageId: 1 }, { unique: true, name: 'messageId_1' });
       await db
         .collection('messages')
         .createIndex({ messageId: 1, user: 1 }, { unique: true, name: 'messageId_1_user_1' });
 
+      await db.createCollection('presets');
+      await db
+        .collection('presets')
+        .createIndex({ presetId: 1 }, { unique: true, name: 'presetId_1' });
+
       await db.createCollection('agentcategories');
       await db
         .collection('agentcategories')
@@ -119,7 +133,7 @@ describe('dropSupersededTenantIndexes', () => {
     });
 
     it('old unique indexes are actually gone from users collection', async () => {
-      const indexes = await mongoose.connection.db.collection('users').indexes();
+      const indexes = await mongoose.connection.db!.collection('users').indexes();
       const indexNames = indexes.map((idx) => idx.name);
 
       expect(indexNames).not.toContain('email_1');
@@ -129,14 +143,14 @@ describe('dropSupersededTenantIndexes', () => {
     });
 
     it('old unique indexes are actually gone from roles collection', async () => {
-      const indexes = await mongoose.connection.db.collection('roles').indexes();
+      const indexes = await mongoose.connection.db!.collection('roles').indexes();
       const indexNames = indexes.map((idx) => idx.name);
 
       expect(indexNames).not.toContain('name_1');
     });
 
     it('old compound unique indexes are gone from conversations collection', async () => {
-      const indexes = await mongoose.connection.db.collection('conversations').indexes();
+      const indexes = await mongoose.connection.db!.collection('conversations').indexes();
       const indexNames = indexes.map((idx) => idx.name);
 
       expect(indexNames).not.toContain('conversationId_1_user_1');
@@ -145,7 +159,7 @@ describe('dropSupersededTenantIndexes', () => {
 
   describe('multi-tenant writes after migration', () => {
     beforeAll(async () => {
-      const db = mongoose.connection.db;
+      const db = mongoose.connection.db!;
 
       const users = db.collection('users');
       await users.createIndex(
@@ -155,7 +169,7 @@ describe('dropSupersededTenantIndexes', () => {
     });
 
     it('allows same email in different tenants after old index is dropped', async () => {
-      const users = mongoose.connection.db.collection('users');
+      const users = mongoose.connection.db!.collection('users');
 
       await users.insertOne({
         email: 'shared@example.com',
@@ -182,7 +196,7 @@ describe('dropSupersededTenantIndexes', () => {
     });
 
     it('still rejects duplicate email within same tenant', async () => {
-      const users = mongoose.connection.db.collection('users');
+      const users = mongoose.connection.db!.collection('users');
 
       await users.insertOne({
         email: 'unique-within@example.com',
@@ -233,7 +247,7 @@ describe('dropSupersededTenantIndexes', () => {
       partialConnection = mongoose.createConnection(partialServer.getUri());
       await partialConnection.asPromise();
 
-      const db = partialConnection.db;
+      const db = partialConnection.db!;
       await db.createCollection('users');
       await db.collection('users').createIndex({ email: 1 }, { unique: true, name: 'email_1' });
     });
diff --git a/packages/data-schemas/src/migrations/tenantIndexes.ts b/packages/data-schemas/src/migrations/tenantIndexes.ts
index c68df4db2b..6536423ad2 100644
--- a/packages/data-schemas/src/migrations/tenantIndexes.ts
+++ b/packages/data-schemas/src/migrations/tenantIndexes.ts
@@ -24,8 +24,10 @@ const SUPERSEDED_INDEXES: Record<string, string[]> = {
     'appleId_1',
   ],
   roles: ['name_1'],
-  conversations: ['conversationId_1_user_1'],
-  messages: ['messageId_1_user_1'],
+  agents: ['id_1'],
+  conversations: ['conversationId_1', 'conversationId_1_user_1'],
+  messages: ['messageId_1', 'messageId_1_user_1'],
+  presets: ['presetId_1'],
   agentcategories: ['value_1'],
   accessroles: ['accessRoleId_1'],
   conversationtags: ['tag_1_user_1'],
@@ -53,7 +55,7 @@ export async function dropSupersededTenantIndexes(
   const result: MigrationResult = { dropped: [], skipped: [], errors: [] };
 
   for (const [collectionName, indexNames] of Object.entries(SUPERSEDED_INDEXES)) {
-    const collection = connection.db.collection(collectionName);
+    const collection = connection.db!.collection(collectionName);
 
     let existingIndexes: Array<{ name?: string }>;
     try {
diff --git a/packages/data-schemas/src/models/config.ts b/packages/data-schemas/src/models/config.ts
new file mode 100644
index 0000000000..97c08ce1da
--- /dev/null
+++ b/packages/data-schemas/src/models/config.ts
@@ -0,0 +1,8 @@
+import configSchema from '~/schema/config';
+import { applyTenantIsolation } from '~/models/plugins/tenantIsolation';
+import type * as t from '~/types';
+
+export function createConfigModel(mongoose: typeof import('mongoose')) {
+  applyTenantIsolation(configSchema);
+  return mongoose.models.Config || mongoose.model<t.IConfig>('Config', configSchema);
+}
diff --git a/packages/data-schemas/src/models/index.ts b/packages/data-schemas/src/models/index.ts
index 44d94c6ab4..5a8e8f1c2c 100644
--- a/packages/data-schemas/src/models/index.ts
+++ b/packages/data-schemas/src/models/index.ts
@@ -27,6 +27,7 @@ import { createAccessRoleModel } from './accessRole';
 import { createAclEntryModel } from './aclEntry';
 import { createSystemGrantModel } from './systemGrant';
 import { createGroupModel } from './group';
+import { createConfigModel } from './config';
 
 /**
  * Creates all database models for all collections
@@ -62,5 +63,6 @@ export function createModels(mongoose: typeof import('mongoose')) {
     AclEntry: createAclEntryModel(mongoose),
     SystemGrant: createSystemGrantModel(mongoose),
     Group: createGroupModel(mongoose),
+    Config: createConfigModel(mongoose),
   };
 }
diff --git a/packages/data-schemas/src/models/plugins/tenantIsolation.spec.ts b/packages/data-schemas/src/models/plugins/tenantIsolation.spec.ts
index 52c40c54bc..82e74d2cea 100644
--- a/packages/data-schemas/src/models/plugins/tenantIsolation.spec.ts
+++ b/packages/data-schemas/src/models/plugins/tenantIsolation.spec.ts
@@ -320,23 +320,43 @@ describe('applyTenantIsolation', () => {
       await TestModel.create({ name: 'guarded', tenantId: 'tenant-a' });
     });
 
-    it('blocks $set of tenantId via findOneAndUpdate', async () => {
+    it('throws on cross-tenant $set of tenantId', async () => {
       await expect(
         tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
           TestModel.findOneAndUpdate({ name: 'guarded' }, { $set: { tenantId: 'tenant-b' } }),
         ),
-      ).rejects.toThrow('[TenantIsolation] Modifying tenantId via update operators is not allowed');
+      ).rejects.toThrow('[TenantIsolation] Cross-tenant tenantId mutation is not allowed');
     });
 
-    it('blocks $unset of tenantId via updateOne', async () => {
-      await expect(
-        tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
-          TestModel.updateOne({ name: 'guarded' }, { $unset: { tenantId: 1 } }),
-        ),
-      ).rejects.toThrow('[TenantIsolation] Modifying tenantId via update operators is not allowed');
+    it('strips same-tenant tenantId from $set', async () => {
+      const result = await tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
+        TestModel.findOneAndUpdate(
+          { name: 'guarded' },
+          { $set: { tenantId: 'tenant-a', name: 'updated-same' } },
+          { new: true },
+        ).lean(),
+      );
+
+      expect(result).not.toBeNull();
+      expect(result!.name).toBe('updated-same');
+      expect(result!.tenantId).toBe('tenant-a');
     });
 
-    it('blocks top-level tenantId in update payload', async () => {
+    it('strips tenantId from $unset', async () => {
+      const result = await tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
+        TestModel.findOneAndUpdate(
+          { name: 'guarded' },
+          { $unset: { tenantId: 1 }, $set: { name: 'unset-attempt' } },
+          { new: true },
+        ).lean(),
+      );
+
+      expect(result).not.toBeNull();
+      expect(result!.name).toBe('unset-attempt');
+      expect(result!.tenantId).toBe('tenant-a');
+    });
+
+    it('throws on cross-tenant top-level tenantId', async () => {
       await expect(
         tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
           TestModel.updateOne({ name: 'guarded' }, { tenantId: 'tenant-b' } as Record<
@@ -344,15 +364,63 @@ describe('applyTenantIsolation', () => {
             string
           >),
         ),
-      ).rejects.toThrow('[TenantIsolation] Modifying tenantId via update operators is not allowed');
+      ).rejects.toThrow('[TenantIsolation] Cross-tenant tenantId mutation is not allowed');
     });
 
-    it('blocks $setOnInsert of tenantId via updateMany', async () => {
+    it('strips same-tenant top-level tenantId', async () => {
+      const result = await tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
+        TestModel.findOneAndUpdate(
+          { name: 'guarded' },
+          { tenantId: 'tenant-a', name: 'top-level-same' } as Record<string, string>,
+          { new: true },
+        ).lean(),
+      );
+
+      expect(result).not.toBeNull();
+      expect(result!.name).toBe('top-level-same');
+      expect(result!.tenantId).toBe('tenant-a');
+    });
+
+    it('throws on cross-tenant $setOnInsert of tenantId', async () => {
       await expect(
         tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
           TestModel.updateMany({}, { $setOnInsert: { tenantId: 'tenant-b' } }),
         ),
-      ).rejects.toThrow('[TenantIsolation] Modifying tenantId via update operators is not allowed');
+      ).rejects.toThrow('[TenantIsolation] Cross-tenant tenantId mutation is not allowed');
+    });
+
+    it('strips same-tenant tenantId from $setOnInsert on upsert', async () => {
+      const uniqueName = `upsert-soi-${Date.now()}`;
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
+        TestModel.updateOne(
+          { name: uniqueName },
+          { $setOnInsert: { tenantId: 'tenant-a', name: uniqueName } },
+          { upsert: true },
+        ),
+      );
+
+      const doc = await tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
+        TestModel.findOne({ name: uniqueName }).lean(),
+      );
+      expect(doc).not.toBeNull();
+      expect(doc!.tenantId).toBe('tenant-a');
+    });
+
+    it('strips same-tenant tenantId from $set via findByIdAndUpdate', async () => {
+      const doc = await tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
+        TestModel.findOne({ name: 'guarded' }).lean(),
+      );
+      const result = await tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
+        TestModel.findByIdAndUpdate(
+          doc!._id,
+          { $set: { tenantId: 'tenant-a', name: 'byId-same' } },
+          { new: true },
+        ).lean(),
+      );
+
+      expect(result).not.toBeNull();
+      expect(result!.name).toBe('byId-same');
+      expect(result!.tenantId).toBe('tenant-a');
     });
 
     it('allows updates that do not touch tenantId', async () => {
@@ -382,10 +450,48 @@ describe('applyTenantIsolation', () => {
       expect(result!.tenantId).toBe('tenant-b');
     });
 
-    it('blocks tenantId mutation even without tenant context', async () => {
-      await expect(
-        TestModel.updateOne({ name: 'guarded' }, { $set: { tenantId: 'tenant-b' } }),
-      ).rejects.toThrow('[TenantIsolation] Modifying tenantId via update operators is not allowed');
+    it('strips tenantId from $set without tenant context', async () => {
+      await TestModel.updateOne(
+        { name: 'guarded' },
+        { $set: { tenantId: 'tenant-b', name: 'no-ctx' } },
+      );
+
+      const doc = await TestModel.findOne({ name: 'no-ctx' }).lean();
+      expect(doc).not.toBeNull();
+      expect(doc!.tenantId).toBe('tenant-a');
+    });
+
+    it('strips tenantId from $rename without tenant context', async () => {
+      await TestModel.updateOne({ name: 'guarded' }, { $rename: { tenantId: 'oldTenant' } });
+
+      const doc = await TestModel.findOne({ name: 'guarded' }).lean();
+      expect(doc).not.toBeNull();
+      expect(doc!.tenantId).toBe('tenant-a');
+    });
+
+    it('no-ops when update contains only tenantId', async () => {
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
+        TestModel.updateOne({ name: 'guarded' }, { $set: { tenantId: 'tenant-a' } }),
+      );
+
+      const doc = await tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
+        TestModel.findOne({ name: 'guarded' }).lean(),
+      );
+      expect(doc).not.toBeNull();
+      expect(doc!.name).toBe('guarded');
+      expect(doc!.tenantId).toBe('tenant-a');
+    });
+
+    it('no-ops when top-level update contains only tenantId', async () => {
+      const result = await tenantStorage.run({ tenantId: 'tenant-a' }, async () =>
+        TestModel.findOneAndUpdate(
+          { name: 'guarded' },
+          { tenantId: 'tenant-a' } as Record<string, string>,
+          { new: true },
+        ).lean(),
+      );
+
+      expect(result).toBeNull();
     });
 
     it('blocks tenantId in replaceOne replacement document', async () => {
diff --git a/packages/data-schemas/src/models/plugins/tenantIsolation.ts b/packages/data-schemas/src/models/plugins/tenantIsolation.ts
index ddb98f9aa9..06f8e035fb 100644
--- a/packages/data-schemas/src/models/plugins/tenantIsolation.ts
+++ b/packages/data-schemas/src/models/plugins/tenantIsolation.ts
@@ -26,20 +26,51 @@ if (
 
 const TENANT_ISOLATION_APPLIED = Symbol.for('librechat:tenantIsolation');
 
-const MUTATION_OPERATORS = ['$set', '$unset', '$setOnInsert', '$rename'] as const;
+const VALUE_OPERATORS = ['$set', '$setOnInsert'] as const;
+const STRIP_OPERATORS = ['$unset', '$rename'] as const;
 
-function assertNoTenantIdMutation(update: UpdateQuery<unknown> | null): void {
+/**
+ * Strips `tenantId` from update payloads when it matches the current tenant
+ * (or no context is active). Throws on cross-tenant mutations.
+ *
+ * `$unset`/`$rename` always strip — unsetting/renaming tenantId is never valid.
+ * Empty operator objects are removed after stripping to avoid MongoDB errors.
+ */
+function sanitizeTenantIdMutation(update: UpdateQuery<unknown> | null): void {
   if (!update) {
     return;
   }
-  for (const op of MUTATION_OPERATORS) {
+
+  const currentTenantId = getTenantId();
+
+  for (const op of VALUE_OPERATORS) {
     const payload = update[op] as Record<string, unknown> | undefined;
     if (payload && 'tenantId' in payload) {
-      throw new Error('[TenantIsolation] Modifying tenantId via update operators is not allowed');
+      if (currentTenantId && payload.tenantId !== currentTenantId) {
+        throw new Error('[TenantIsolation] Cross-tenant tenantId mutation is not allowed');
+      }
+      delete payload.tenantId;
+      if (Object.keys(payload).length === 0) {
+        delete (update as Record<string, unknown>)[op];
+      }
     }
   }
+
+  for (const op of STRIP_OPERATORS) {
+    const payload = update[op] as Record<string, unknown> | undefined;
+    if (payload && 'tenantId' in payload) {
+      delete payload.tenantId;
+      if (Object.keys(payload).length === 0) {
+        delete (update as Record<string, unknown>)[op];
+      }
+    }
+  }
+
   if ('tenantId' in update) {
-    throw new Error('[TenantIsolation] Modifying tenantId via update operators is not allowed');
+    if (currentTenantId && update.tenantId !== currentTenantId) {
+      throw new Error('[TenantIsolation] Cross-tenant tenantId mutation is not allowed');
+    }
+    delete (update as Record<string, unknown>).tenantId;
   }
 }
 
@@ -78,7 +109,13 @@ export function applyTenantIsolation(schema: Schema): void {
     if (tenantId === SYSTEM_TENANT_ID) {
       return;
     }
-    assertNoTenantIdMutation(this.getUpdate() as UpdateQuery<unknown> | null);
+    sanitizeTenantIdMutation(this.getUpdate() as UpdateQuery<unknown> | null);
+
+    const update = this.getUpdate() as Record<string, unknown> | null;
+    if (update && Object.keys(update).length === 0) {
+      this.where({ _id: { $in: [] } });
+      this.setOptions({ upsert: false });
+    }
   };
 
   const replaceGuard = function (this: Query<unknown, unknown>) {
diff --git a/packages/data-schemas/src/schema/agent.ts b/packages/data-schemas/src/schema/agent.ts
index 42a7ca5418..70734d0ceb 100644
--- a/packages/data-schemas/src/schema/agent.ts
+++ b/packages/data-schemas/src/schema/agent.ts
@@ -5,8 +5,6 @@ const agentSchema = new Schema<IAgent>(
   {
     id: {
       type: String,
-      index: true,
-      unique: true,
       required: true,
     },
     name: {
@@ -124,6 +122,7 @@ const agentSchema = new Schema<IAgent>(
   },
 );
 
+agentSchema.index({ id: 1, tenantId: 1 }, { unique: true });
 agentSchema.index({ updatedAt: -1, _id: 1 });
 agentSchema.index({ 'edges.to': 1 });
 
diff --git a/packages/data-schemas/src/schema/config.ts b/packages/data-schemas/src/schema/config.ts
new file mode 100644
index 0000000000..be3784d55e
--- /dev/null
+++ b/packages/data-schemas/src/schema/config.ts
@@ -0,0 +1,55 @@
+import { Schema } from 'mongoose';
+import { PrincipalType, PrincipalModel } from 'librechat-data-provider';
+import type { IConfig } from '~/types';
+
+const configSchema = new Schema<IConfig>(
+  {
+    principalType: {
+      type: String,
+      enum: Object.values(PrincipalType),
+      required: true,
+      index: true,
+    },
+    principalId: {
+      type: String,
+      refPath: 'principalModel',
+      required: true,
+      index: true,
+    },
+    principalModel: {
+      type: String,
+      enum: Object.values(PrincipalModel),
+      required: true,
+    },
+    priority: {
+      type: Number,
+      required: true,
+      index: true,
+    },
+    overrides: {
+      type: Schema.Types.Mixed,
+      default: {},
+    },
+    isActive: {
+      type: Boolean,
+      default: true,
+      index: true,
+    },
+    configVersion: {
+      type: Number,
+      default: 0,
+    },
+    tenantId: {
+      type: String,
+      index: true,
+    },
+  },
+  { timestamps: true },
+);
+
+// Enforce 1:1 principal-to-config (one config document per principal per tenant)
+configSchema.index({ principalType: 1, principalId: 1, tenantId: 1 }, { unique: true });
+configSchema.index({ principalType: 1, principalId: 1, isActive: 1, tenantId: 1 });
+configSchema.index({ priority: 1, isActive: 1, tenantId: 1 });
+
+export default configSchema;
diff --git a/packages/data-schemas/src/schema/convo.ts b/packages/data-schemas/src/schema/convo.ts
index 9ed8949e9c..c8f394935a 100644
--- a/packages/data-schemas/src/schema/convo.ts
+++ b/packages/data-schemas/src/schema/convo.ts
@@ -6,7 +6,6 @@ const convoSchema: Schema<IConversation> = new Schema(
   {
     conversationId: {
       type: String,
-      unique: true,
       required: true,
       index: true,
       meiliIndex: true,
diff --git a/packages/data-schemas/src/schema/index.ts b/packages/data-schemas/src/schema/index.ts
index 456eb03ac2..2a5eff658b 100644
--- a/packages/data-schemas/src/schema/index.ts
+++ b/packages/data-schemas/src/schema/index.ts
@@ -25,3 +25,4 @@ export { default as userSchema } from './user';
 export { default as memorySchema } from './memory';
 export { default as groupSchema } from './group';
 export { default as systemGrantSchema } from './systemGrant';
+export { default as configSchema } from './config';
diff --git a/packages/data-schemas/src/schema/message.ts b/packages/data-schemas/src/schema/message.ts
index ff3468918e..9879efae55 100644
--- a/packages/data-schemas/src/schema/message.ts
+++ b/packages/data-schemas/src/schema/message.ts
@@ -5,7 +5,6 @@ const messageSchema: Schema<IMessage> = new Schema(
   {
     messageId: {
       type: String,
-      unique: true,
       required: true,
       index: true,
       meiliIndex: true,
diff --git a/packages/data-schemas/src/schema/preset.ts b/packages/data-schemas/src/schema/preset.ts
index 33c217ea23..5af5163fd3 100644
--- a/packages/data-schemas/src/schema/preset.ts
+++ b/packages/data-schemas/src/schema/preset.ts
@@ -60,7 +60,6 @@ const presetSchema: Schema<IPreset> = new Schema(
   {
     presetId: {
       type: String,
-      unique: true,
       required: true,
       index: true,
     },
@@ -88,4 +87,6 @@ const presetSchema: Schema<IPreset> = new Schema(
   { timestamps: true },
 );
 
+presetSchema.index({ presetId: 1, tenantId: 1 }, { unique: true });
+
 export default presetSchema;
diff --git a/packages/data-schemas/src/schema/role.ts b/packages/data-schemas/src/schema/role.ts
index 1c27478ef6..ac478c2a83 100644
--- a/packages/data-schemas/src/schema/role.ts
+++ b/packages/data-schemas/src/schema/role.ts
@@ -73,6 +73,7 @@ const rolePermissionsSchema = new Schema(
 
 const roleSchema: Schema<IRole> = new Schema({
   name: { type: String, required: true, index: true },
+  description: { type: String, default: '' },
   permissions: {
     type: rolePermissionsSchema,
   },
diff --git a/packages/data-schemas/src/schema/systemGrant.ts b/packages/data-schemas/src/schema/systemGrant.ts
index 0366f6080d..61ba319ba4 100644
--- a/packages/data-schemas/src/schema/systemGrant.ts
+++ b/packages/data-schemas/src/schema/systemGrant.ts
@@ -1,13 +1,8 @@
 import { Schema } from 'mongoose';
 import { PrincipalType } from 'librechat-data-provider';
-import { SystemCapabilities } from '~/systemCapabilities';
-import type { SystemCapability } from '~/systemCapabilities';
+import { isValidCapability } from '~/admin/capabilities';
 import type { ISystemGrant } from '~/types';
 
-const baseCapabilities = new Set<SystemCapability>(Object.values(SystemCapabilities));
-const sectionCapPattern = /^(?:manage|read):configs:\w+$/;
-const assignCapPattern = /^assign:configs:(?:user|group|role)$/;
-
 const systemGrantSchema = new Schema<ISystemGrant>(
   {
     principalType: {
@@ -23,8 +18,7 @@ const systemGrantSchema = new Schema<ISystemGrant>(
       type: String,
       required: true,
       validate: {
-        validator: (v: SystemCapability) =>
-          baseCapabilities.has(v) || sectionCapPattern.test(v) || assignCapPattern.test(v),
+        validator: isValidCapability,
         message: 'Invalid capability string: "{VALUE}"',
       },
     },
@@ -72,5 +66,6 @@ systemGrantSchema.index(
 );
 
 systemGrantSchema.index({ capability: 1, tenantId: 1 });
+systemGrantSchema.index({ principalType: 1, capability: 1, tenantId: 1 });
 
 export default systemGrantSchema;
diff --git a/packages/data-schemas/src/schema/user.ts b/packages/data-schemas/src/schema/user.ts
index 92680415bd..f807ddd8d6 100644
--- a/packages/data-schemas/src/schema/user.ts
+++ b/packages/data-schemas/src/schema/user.ts
@@ -158,6 +158,7 @@ const userSchema = new Schema<IUser>(
 );
 
 userSchema.index({ email: 1, tenantId: 1 }, { unique: true });
+userSchema.index({ role: 1, tenantId: 1 });
 
 const oAuthIdFields = [
   'googleId',
diff --git a/packages/data-schemas/src/systemCapabilities.ts b/packages/data-schemas/src/systemCapabilities.ts
deleted file mode 100644
index cf2acfbf88..0000000000
--- a/packages/data-schemas/src/systemCapabilities.ts
+++ /dev/null
@@ -1,106 +0,0 @@
-import type { z } from 'zod';
-import type { configSchema } from 'librechat-data-provider';
-import { ResourceType } from 'librechat-data-provider';
-
-export const SystemCapabilities = {
-  ACCESS_ADMIN: 'access:admin',
-  READ_USERS: 'read:users',
-  MANAGE_USERS: 'manage:users',
-  READ_GROUPS: 'read:groups',
-  MANAGE_GROUPS: 'manage:groups',
-  READ_ROLES: 'read:roles',
-  MANAGE_ROLES: 'manage:roles',
-  READ_CONFIGS: 'read:configs',
-  MANAGE_CONFIGS: 'manage:configs',
-  ASSIGN_CONFIGS: 'assign:configs',
-  READ_USAGE: 'read:usage',
-  READ_AGENTS: 'read:agents',
-  MANAGE_AGENTS: 'manage:agents',
-  MANAGE_MCP_SERVERS: 'manage:mcpservers',
-  READ_PROMPTS: 'read:prompts',
-  MANAGE_PROMPTS: 'manage:prompts',
-  /** Reserved — not yet enforced by any middleware. Grant has no effect until assistant listing is gated. */
-  READ_ASSISTANTS: 'read:assistants',
-  MANAGE_ASSISTANTS: 'manage:assistants',
-} as const;
-
-/** Top-level keys of the configSchema from librechat.yaml. */
-export type ConfigSection = keyof z.infer<typeof configSchema>;
-
-/** Principal types that can receive config overrides. */
-export type ConfigAssignTarget = 'user' | 'group' | 'role';
-
-/** Base capabilities defined in the SystemCapabilities object. */
-type BaseSystemCapability = (typeof SystemCapabilities)[keyof typeof SystemCapabilities];
-
-/** Section-level config capabilities derived from configSchema keys. */
-type ConfigSectionCapability = `manage:configs:${ConfigSection}` | `read:configs:${ConfigSection}`;
-
-/** Principal-scoped config assignment capabilities. */
-type ConfigAssignCapability = `assign:configs:${ConfigAssignTarget}`;
-
-/**
- * Union of all valid capability strings:
- * - Base capabilities from SystemCapabilities
- * - Section-level config capabilities (manage:configs:<section>, read:configs:<section>)
- * - Config assignment capabilities (assign:configs:<user|group|role>)
- */
-export type SystemCapability =
-  | BaseSystemCapability
-  | ConfigSectionCapability
-  | ConfigAssignCapability;
-
-/**
- * Capabilities that are implied by holding a broader capability.
- * When `hasCapability` checks for an implied capability, it first expands
- * the principal's grant set — so granting `MANAGE_USERS` automatically
- * satisfies a `READ_USERS` check without a separate grant.
- *
- * Implication is one-directional: `MANAGE_USERS` implies `READ_USERS`,
- * but `READ_USERS` does NOT imply `MANAGE_USERS`.
- */
-export const CapabilityImplications: Partial<Record<BaseSystemCapability, BaseSystemCapability[]>> =
-  {
-    [SystemCapabilities.MANAGE_USERS]: [SystemCapabilities.READ_USERS],
-    [SystemCapabilities.MANAGE_GROUPS]: [SystemCapabilities.READ_GROUPS],
-    [SystemCapabilities.MANAGE_ROLES]: [SystemCapabilities.READ_ROLES],
-    [SystemCapabilities.MANAGE_CONFIGS]: [SystemCapabilities.READ_CONFIGS],
-    [SystemCapabilities.MANAGE_AGENTS]: [SystemCapabilities.READ_AGENTS],
-    [SystemCapabilities.MANAGE_PROMPTS]: [SystemCapabilities.READ_PROMPTS],
-    [SystemCapabilities.MANAGE_ASSISTANTS]: [SystemCapabilities.READ_ASSISTANTS],
-  };
-
-/**
- * Maps each ACL ResourceType to the SystemCapability that grants
- * unrestricted management access. Typed as `Record<ResourceType, …>`
- * so adding a new ResourceType variant causes a compile error until a
- * capability is assigned here.
- */
-export const ResourceCapabilityMap: Record<ResourceType, SystemCapability> = {
-  [ResourceType.AGENT]: SystemCapabilities.MANAGE_AGENTS,
-  [ResourceType.PROMPTGROUP]: SystemCapabilities.MANAGE_PROMPTS,
-  [ResourceType.MCPSERVER]: SystemCapabilities.MANAGE_MCP_SERVERS,
-  [ResourceType.REMOTE_AGENT]: SystemCapabilities.MANAGE_AGENTS,
-};
-
-/**
- * Derives a section-level config management capability from a configSchema key.
- * @example configCapability('endpoints') → 'manage:configs:endpoints'
- *
- * TODO: Section-level config capabilities are scaffolded but not yet active.
- * To activate delegated config management:
- *  1. Expose POST/DELETE /api/admin/grants endpoints (wiring grantCapability/revokeCapability)
- *  2. Seed section-specific grants for delegated admin roles via those endpoints
- *  3. Guard config write handlers with hasConfigCapability(user, section)
- */
-export function configCapability(section: ConfigSection): `manage:configs:${ConfigSection}` {
-  return `manage:configs:${section}`;
-}
-
-/**
- * Derives a section-level config read capability from a configSchema key.
- * @example readConfigCapability('endpoints') → 'read:configs:endpoints'
- */
-export function readConfigCapability(section: ConfigSection): `read:configs:${ConfigSection}` {
-  return `read:configs:${section}`;
-}
diff --git a/packages/data-schemas/src/types/admin.ts b/packages/data-schemas/src/types/admin.ts
new file mode 100644
index 0000000000..755bb7a2e6
--- /dev/null
+++ b/packages/data-schemas/src/types/admin.ts
@@ -0,0 +1,134 @@
+import type { PrincipalType, PrincipalModel, TCustomConfig } from 'librechat-data-provider';
+import type { SystemCapabilities } from '~/admin/capabilities';
+
+/* ── Capability types ───────────────────────────────────────────────── */
+
+/** Base capabilities derived from the SystemCapabilities constant. */
+export type BaseSystemCapability = (typeof SystemCapabilities)[keyof typeof SystemCapabilities];
+
+/** Principal types that can receive config overrides. */
+export type ConfigAssignTarget = 'user' | 'group' | 'role';
+
+/** Top-level keys of the configSchema from librechat.yaml. */
+export type ConfigSection = string & keyof TCustomConfig;
+
+/** Section-level config capabilities derived from configSchema keys. */
+type ConfigSectionCapability = `manage:configs:${ConfigSection}` | `read:configs:${ConfigSection}`;
+
+/** Principal-scoped config assignment capabilities. */
+type ConfigAssignCapability = `assign:configs:${ConfigAssignTarget}`;
+
+/**
+ * Union of all valid capability strings:
+ * - Base capabilities from SystemCapabilities
+ * - Section-level config capabilities (manage:configs:<section>, read:configs:<section>)
+ * - Config assignment capabilities (assign:configs:<user|group|role>)
+ */
+export type SystemCapability =
+  | BaseSystemCapability
+  | ConfigSectionCapability
+  | ConfigAssignCapability;
+
+/** UI grouping of capabilities for the admin panel's capability editor. */
+export type CapabilityCategory = {
+  key: string;
+  labelKey: string;
+  capabilities: BaseSystemCapability[];
+};
+
+/* ── Admin API response types ───────────────────────────────────────── */
+
+/** Config document as returned by the admin API (no Mongoose internals). */
+export type AdminConfig = {
+  _id: string;
+  principalType: PrincipalType;
+  principalId: string;
+  principalModel: PrincipalModel;
+  priority: number;
+  overrides: Partial<TCustomConfig>;
+  isActive: boolean;
+  configVersion: number;
+  tenantId?: string;
+  createdAt?: string;
+  updatedAt?: string;
+};
+
+export type AdminConfigListResponse = {
+  configs: AdminConfig[];
+};
+
+export type AdminConfigResponse = {
+  config: AdminConfig;
+};
+
+export type AdminConfigDeleteResponse = {
+  success: boolean;
+};
+
+/** Audit action types for grant changes. */
+export type AuditAction = 'grant_assigned' | 'grant_removed';
+
+/** SystemGrant document as returned by the admin API. */
+export type AdminSystemGrant = {
+  id: string;
+  principalType: PrincipalType;
+  principalId: string;
+  capability: string;
+  grantedBy?: string;
+  grantedAt: string;
+  expiresAt?: string;
+};
+
+/** Audit log entry for grant changes as returned by the admin API. */
+export type AdminAuditLogEntry = {
+  id: string;
+  action: AuditAction;
+  actorId: string;
+  actorName: string;
+  targetPrincipalType: PrincipalType;
+  targetPrincipalId: string;
+  targetName: string;
+  capability: string;
+  timestamp: string;
+};
+
+/** Group as returned by the admin API. */
+export type AdminGroup = {
+  id: string;
+  name: string;
+  description: string;
+  memberCount: number;
+  topMembers: { name: string }[];
+  isActive: boolean;
+};
+
+/** Member entry as returned by the admin API for group/role membership lists. */
+export type AdminMember = {
+  userId: string;
+  name: string;
+  email: string;
+  avatarUrl?: string;
+  joinedAt?: string;
+};
+
+/** Full user info returned by the admin user list endpoint. */
+export type AdminUserListItem = {
+  id: string;
+  name: string;
+  username: string;
+  email: string;
+  avatar: string;
+  role: string;
+  provider: string;
+  createdAt?: string;
+  updatedAt?: string;
+};
+
+/** Minimal user info returned by user search endpoints. */
+export type AdminUserSearchResult = {
+  id: string;
+  name: string;
+  email: string;
+  username?: string;
+  avatarUrl?: string;
+};
diff --git a/packages/data-schemas/src/types/config.ts b/packages/data-schemas/src/types/config.ts
new file mode 100644
index 0000000000..04e0ca58ab
--- /dev/null
+++ b/packages/data-schemas/src/types/config.ts
@@ -0,0 +1,36 @@
+import { PrincipalType, PrincipalModel } from 'librechat-data-provider';
+import type { TCustomConfig } from 'librechat-data-provider';
+import type { Document, Types } from 'mongoose';
+
+/**
+ * Configuration override for a principal (user, group, or role).
+ * Stores partial overrides at the TCustomConfig (YAML) level,
+ * which are merged with the base config before processing through AppService.
+ */
+export type Config = {
+  /** The type of principal (user, group, role) */
+  principalType: PrincipalType;
+  /** The ID of the principal (ObjectId for users/groups, string for roles) */
+  principalId: Types.ObjectId | string;
+  /** The model name for the principal */
+  principalModel: PrincipalModel;
+  /** Priority level for determining merge order (higher = more specific) */
+  priority: number;
+  /** Configuration overrides matching librechat.yaml structure */
+  overrides: Partial<TCustomConfig>;
+  /** Whether this config override is currently active */
+  isActive: boolean;
+  /** Version number for cache invalidation, auto-increments on overrides change */
+  configVersion: number;
+  /** Tenant identifier for multi-tenancy isolation */
+  tenantId?: string;
+  /** When this config was created */
+  createdAt?: Date;
+  /** When this config was last updated */
+  updatedAt?: Date;
+};
+
+export type IConfig = Config &
+  Document & {
+    _id: Types.ObjectId;
+  };
diff --git a/packages/data-schemas/src/types/index.ts b/packages/data-schemas/src/types/index.ts
index 26238cbda1..748ea5d77d 100644
--- a/packages/data-schemas/src/types/index.ts
+++ b/packages/data-schemas/src/types/index.ts
@@ -28,6 +28,10 @@ export * from './accessRole';
 export * from './aclEntry';
 export * from './systemGrant';
 export * from './group';
+/* Config */
+export * from './config';
+/* Admin */
+export * from './admin';
 /* Web */
 export * from './web';
 /* MCP Servers */
diff --git a/packages/data-schemas/src/types/role.ts b/packages/data-schemas/src/types/role.ts
index 60a579240c..bc85284c34 100644
--- a/packages/data-schemas/src/types/role.ts
+++ b/packages/data-schemas/src/types/role.ts
@@ -5,6 +5,7 @@ import { CursorPaginationParams } from '~/common';
 
 export interface IRole extends Document {
   name: string;
+  description?: string;
   permissions: {
     [PermissionTypes.BOOKMARKS]?: {
       [Permissions.USE]?: boolean;
@@ -74,11 +75,13 @@ export type RolePermissionsInput = DeepPartial<RolePermissions>;
 
 export interface CreateRoleRequest {
   name: string;
+  description?: string;
   permissions: RolePermissionsInput;
 }
 
 export interface UpdateRoleRequest {
   name?: string;
+  description?: string;
   permissions?: RolePermissionsInput;
 }
 
diff --git a/packages/data-schemas/src/types/systemGrant.ts b/packages/data-schemas/src/types/systemGrant.ts
index 9f0d576503..09cff1aec6 100644
--- a/packages/data-schemas/src/types/systemGrant.ts
+++ b/packages/data-schemas/src/types/systemGrant.ts
@@ -1,6 +1,6 @@
 import type { Document, Types } from 'mongoose';
 import type { PrincipalType } from 'librechat-data-provider';
-import type { SystemCapability } from '~/systemCapabilities';
+import type { SystemCapability } from '~/types/admin';
 
 export type SystemGrant = {
   /** The type of principal — matches PrincipalType enum values */
diff --git a/packages/data-schemas/src/types/user.ts b/packages/data-schemas/src/types/user.ts
index 0fac46ee63..2d8eb82f47 100644
--- a/packages/data-schemas/src/types/user.ts
+++ b/packages/data-schemas/src/types/user.ts
@@ -2,6 +2,7 @@ import type { Document, Types } from 'mongoose';
 import { CursorPaginationParams } from '~/common';
 
 export interface IUser extends Document {
+  _id: Types.ObjectId;
   name?: string;
   username?: string;
   email: string;
@@ -50,6 +51,15 @@ export interface IUser extends Document {
   /** Field for external source identification (for consistency with TPrincipal schema) */
   idOnTheSource?: string;
   tenantId?: string;
+  federatedTokens?: OIDCTokens;
+  openidTokens?: OIDCTokens;
+}
+
+export interface OIDCTokens {
+  access_token?: string;
+  id_token?: string;
+  refresh_token?: string;
+  expires_at?: number;
 }
 
 export interface BalanceConfig {
diff --git a/packages/data-schemas/src/types/winston-transports.d.ts b/packages/data-schemas/src/types/winston-transports.d.ts
new file mode 100644
index 0000000000..704486e5ce
--- /dev/null
+++ b/packages/data-schemas/src/types/winston-transports.d.ts
@@ -0,0 +1,34 @@
+import type TransportStream from 'winston-transport';
+
+/**
+ * Module augmentation for winston's transports namespace.
+ *
+ * `winston-daily-rotate-file` ships its own augmentation targeting
+ * `'winston/lib/winston/transports'`, but it fails when winston and
+ * winston-daily-rotate-file resolve from different node_modules trees
+ * (which happens in this monorepo due to npm hoisting). This local
+ * declaration bridges the gap so `tsc --noEmit` passes.
+ */
+declare module 'winston/lib/winston/transports' {
+  interface Transports {
+    DailyRotateFile: new (
+      opts?: {
+        level?: string;
+        filename?: string;
+        datePattern?: string;
+        zippedArchive?: boolean;
+        maxSize?: string | number;
+        maxFiles?: string | number;
+        dirname?: string;
+        stream?: NodeJS.WritableStream;
+        frequency?: string;
+        utc?: boolean;
+        extension?: string;
+        createSymlink?: boolean;
+        symlinkName?: string;
+        auditFile?: string;
+        format?: import('logform').Format;
+      } & TransportStream.TransportStreamOptions,
+    ) => TransportStream;
+  }
+}
diff --git a/packages/data-schemas/src/utils/index.ts b/packages/data-schemas/src/utils/index.ts
index c071f4e827..17e43ac3ca 100644
--- a/packages/data-schemas/src/utils/index.ts
+++ b/packages/data-schemas/src/utils/index.ts
@@ -1,5 +1,6 @@
 export * from './principal';
 export * from './string';
 export * from './tempChatRetention';
+export { tenantSafeBulkWrite } from './tenantBulkWrite';
 export * from './transactions';
 export * from './objectId';
diff --git a/packages/data-schemas/src/utils/tenantBulkWrite.spec.ts b/packages/data-schemas/src/utils/tenantBulkWrite.spec.ts
new file mode 100644
index 0000000000..d2db95d448
--- /dev/null
+++ b/packages/data-schemas/src/utils/tenantBulkWrite.spec.ts
@@ -0,0 +1,526 @@
+import mongoose, { Schema } from 'mongoose';
+import { MongoMemoryServer } from 'mongodb-memory-server';
+import { tenantStorage, runAsSystem, SYSTEM_TENANT_ID } from '~/config/tenantContext';
+import { applyTenantIsolation, _resetStrictCache } from '~/models/plugins/tenantIsolation';
+import { tenantSafeBulkWrite, _resetBulkWriteStrictCache } from './tenantBulkWrite';
+
+let mongoServer: InstanceType<typeof MongoMemoryServer>;
+
+interface ITestDoc {
+  name: string;
+  value?: number;
+  tenantId?: string;
+}
+
+function createTestModel(suffix: string) {
+  const schema = new Schema<ITestDoc>({
+    name: { type: String, required: true },
+    value: { type: Number, default: 0 },
+    tenantId: { type: String, index: true },
+  });
+  applyTenantIsolation(schema);
+  const modelName = `TestBulkWrite_${suffix}_${Date.now()}`;
+  return mongoose.model<ITestDoc>(modelName, schema);
+}
+
+beforeAll(async () => {
+  mongoServer = await MongoMemoryServer.create();
+  await mongoose.connect(mongoServer.getUri());
+});
+
+afterAll(async () => {
+  await mongoose.disconnect();
+  await mongoServer.stop();
+});
+
+afterEach(() => {
+  delete process.env.TENANT_ISOLATION_STRICT;
+  _resetStrictCache();
+  _resetBulkWriteStrictCache();
+});
+
+describe('tenantSafeBulkWrite', () => {
+  describe('with tenant context', () => {
+    it('injects tenantId into updateOne filters', async () => {
+      const Model = createTestModel('updateOne');
+
+      // Seed data for two tenants
+      await runAsSystem(async () => {
+        await Model.create([
+          { name: 'doc1', value: 1, tenantId: 'tenant-a' },
+          { name: 'doc1', value: 1, tenantId: 'tenant-b' },
+        ]);
+      });
+
+      // Update only tenant-a's doc
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            updateOne: {
+              filter: { name: 'doc1' },
+              update: { $set: { value: 99 } },
+            },
+          },
+        ]);
+      });
+
+      // Verify tenant-a was updated, tenant-b was not
+      const docs = await runAsSystem(async () => Model.find({}).lean());
+      const docA = docs.find((d) => d.tenantId === 'tenant-a');
+      const docB = docs.find((d) => d.tenantId === 'tenant-b');
+      expect(docA?.value).toBe(99);
+      expect(docB?.value).toBe(1);
+    });
+
+    it('injects tenantId into insertOne documents', async () => {
+      const Model = createTestModel('insertOne');
+
+      await tenantStorage.run({ tenantId: 'tenant-x' }, async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            insertOne: {
+              document: { name: 'new-doc', value: 42 } as ITestDoc,
+            },
+          },
+        ]);
+      });
+
+      const docs = await runAsSystem(async () => Model.find({}).lean());
+      expect(docs).toHaveLength(1);
+      expect(docs[0].tenantId).toBe('tenant-x');
+      expect(docs[0].name).toBe('new-doc');
+    });
+
+    it('injects tenantId into deleteOne filters', async () => {
+      const Model = createTestModel('deleteOne');
+
+      await runAsSystem(async () => {
+        await Model.create([
+          { name: 'to-delete', tenantId: 'tenant-a' },
+          { name: 'to-delete', tenantId: 'tenant-b' },
+        ]);
+      });
+
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            deleteOne: {
+              filter: { name: 'to-delete' },
+            },
+          },
+        ]);
+      });
+
+      const docs = await runAsSystem(async () => Model.find({}).lean());
+      expect(docs).toHaveLength(1);
+      expect(docs[0].tenantId).toBe('tenant-b');
+    });
+
+    it('injects tenantId into updateMany filters', async () => {
+      const Model = createTestModel('updateMany');
+
+      await runAsSystem(async () => {
+        await Model.create([
+          { name: 'batch', value: 0, tenantId: 'tenant-a' },
+          { name: 'batch', value: 0, tenantId: 'tenant-a' },
+          { name: 'batch', value: 0, tenantId: 'tenant-b' },
+        ]);
+      });
+
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            updateMany: {
+              filter: { name: 'batch' },
+              update: { $set: { value: 5 } },
+            },
+          },
+        ]);
+      });
+
+      const docs = await runAsSystem(async () => Model.find({}).lean());
+      const tenantADocs = docs.filter((d) => d.tenantId === 'tenant-a');
+      const tenantBDocs = docs.filter((d) => d.tenantId === 'tenant-b');
+      expect(tenantADocs.every((d) => d.value === 5)).toBe(true);
+      expect(tenantBDocs[0].value).toBe(0);
+    });
+  });
+
+  describe('with SYSTEM_TENANT_ID', () => {
+    it('skips tenantId injection (cross-tenant operation)', async () => {
+      const Model = createTestModel('system');
+
+      await runAsSystem(async () => {
+        await Model.create([
+          { name: 'sys-doc', value: 0, tenantId: 'tenant-a' },
+          { name: 'sys-doc', value: 0, tenantId: 'tenant-b' },
+        ]);
+      });
+
+      // System context should update ALL docs regardless of tenant
+      await runAsSystem(async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            updateMany: {
+              filter: { name: 'sys-doc' },
+              update: { $set: { value: 100 } },
+            },
+          },
+        ]);
+      });
+
+      const docs = await runAsSystem(async () => Model.find({}).lean());
+      expect(docs.every((d) => d.value === 100)).toBe(true);
+    });
+  });
+
+  describe('with SYSTEM_TENANT_ID in strict mode', () => {
+    it('does not throw when runAsSystem is used in strict mode', async () => {
+      process.env.TENANT_ISOLATION_STRICT = 'true';
+      _resetBulkWriteStrictCache();
+
+      const Model = createTestModel('systemStrict');
+
+      await runAsSystem(async () => {
+        await Model.create({ name: 'strict-sys', value: 0 });
+      });
+
+      await expect(
+        runAsSystem(async () =>
+          tenantSafeBulkWrite(Model, [
+            {
+              updateOne: {
+                filter: { name: 'strict-sys' },
+                update: { $set: { value: 42 } },
+              },
+            },
+          ]),
+        ),
+      ).resolves.toBeDefined();
+    });
+  });
+
+  describe('deleteMany and replaceOne', () => {
+    it('injects tenantId into deleteMany filters', async () => {
+      const Model = createTestModel('deleteMany');
+
+      await runAsSystem(async () => {
+        await Model.create([
+          { name: 'batch-del', value: 0, tenantId: 'tenant-a' },
+          { name: 'batch-del', value: 0, tenantId: 'tenant-a' },
+          { name: 'batch-del', value: 0, tenantId: 'tenant-b' },
+        ]);
+      });
+
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+        await tenantSafeBulkWrite(Model, [{ deleteMany: { filter: { name: 'batch-del' } } }]);
+      });
+
+      const docs = await runAsSystem(async () => Model.find({}).lean());
+      expect(docs).toHaveLength(1);
+      expect(docs[0].tenantId).toBe('tenant-b');
+    });
+
+    it('injects tenantId into replaceOne filter and replacement', async () => {
+      const Model = createTestModel('replaceOne');
+
+      await runAsSystem(async () => {
+        await Model.create([
+          { name: 'to-replace', value: 1, tenantId: 'tenant-a' },
+          { name: 'to-replace', value: 1, tenantId: 'tenant-b' },
+        ]);
+      });
+
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            replaceOne: {
+              filter: { name: 'to-replace' },
+              replacement: { name: 'replaced', value: 99 },
+            },
+          },
+        ]);
+      });
+
+      const docs = await runAsSystem(async () => Model.find({}).sort({ name: 1 }).lean());
+      const replaced = docs.find((d) => d.name === 'replaced');
+      const untouched = docs.find((d) => d.tenantId === 'tenant-b');
+      expect(replaced?.value).toBe(99);
+      expect(replaced?.tenantId).toBe('tenant-a');
+      expect(untouched?.value).toBe(1);
+    });
+
+    it('replaceOne overwrites a conflicting tenantId in the replacement document', async () => {
+      const Model = createTestModel('replaceOverwrite');
+
+      await runAsSystem(async () => {
+        await Model.create({ name: 'conflict', value: 1, tenantId: 'tenant-a' });
+      });
+
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            replaceOne: {
+              filter: { name: 'conflict' },
+              replacement: { name: 'conflict', value: 2, tenantId: 'tenant-evil' } as ITestDoc,
+            },
+          },
+        ]);
+      });
+
+      const docs = await runAsSystem(async () => Model.find({}).lean());
+      expect(docs).toHaveLength(1);
+      expect(docs[0].tenantId).toBe('tenant-a');
+      expect(docs[0].value).toBe(2);
+    });
+  });
+
+  describe('tenantId stripping from update documents', () => {
+    it('strips top-level tenantId from updateOne plain-object update', async () => {
+      const Model = createTestModel('stripPlain');
+
+      await runAsSystem(async () => {
+        await Model.create({ name: 'target', value: 1, tenantId: 'tenant-a' });
+      });
+
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            updateOne: {
+              filter: { name: 'target' },
+              update: { value: 99, tenantId: 'cross-tenant' } as Record<string, unknown>,
+              upsert: true,
+            },
+          },
+        ]);
+      });
+
+      const doc = await runAsSystem(async () => Model.findOne({ name: 'target' }).lean());
+      expect(doc?.value).toBe(99);
+      expect(doc?.tenantId).toBe('tenant-a');
+    });
+
+    it('strips tenantId from $set in updateOne', async () => {
+      const Model = createTestModel('stripSet');
+
+      await runAsSystem(async () => {
+        await Model.create({ name: 'target', value: 1, tenantId: 'tenant-a' });
+      });
+
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            updateOne: {
+              filter: { name: 'target' },
+              update: { $set: { value: 50, tenantId: 'cross-tenant' } },
+            },
+          },
+        ]);
+      });
+
+      const doc = await runAsSystem(async () => Model.findOne({ name: 'target' }).lean());
+      expect(doc?.value).toBe(50);
+      expect(doc?.tenantId).toBe('tenant-a');
+    });
+
+    it('strips tenantId from $unset in updateMany', async () => {
+      const Model = createTestModel('stripUnset');
+
+      await runAsSystem(async () => {
+        await Model.create([
+          { name: 'batch', value: 1, tenantId: 'tenant-a' },
+          { name: 'batch', value: 2, tenantId: 'tenant-a' },
+        ]);
+      });
+
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            updateMany: {
+              filter: { name: 'batch' },
+              update: { $unset: { tenantId: 1 }, $set: { value: 0 } },
+            },
+          },
+        ]);
+      });
+
+      const docs = await runAsSystem(async () => Model.find({ name: 'batch' }).lean());
+      expect(docs).toHaveLength(2);
+      for (const doc of docs) {
+        expect(doc.value).toBe(0);
+        expect(doc.tenantId).toBe('tenant-a');
+      }
+    });
+
+    it('handles update where tenantId is the only field in $set', async () => {
+      const Model = createTestModel('stripOnlyField');
+
+      await runAsSystem(async () => {
+        await Model.create({ name: 'target', value: 5, tenantId: 'tenant-a' });
+      });
+
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            updateOne: {
+              filter: { name: 'target' },
+              update: { $set: { tenantId: 'cross-tenant' } },
+            },
+          },
+        ]);
+      });
+
+      const doc = await runAsSystem(async () => Model.findOne({ name: 'target' }).lean());
+      expect(doc?.tenantId).toBe('tenant-a');
+      expect(doc?.value).toBe(5);
+    });
+  });
+
+  describe('mixed top-level and operator tenantId', () => {
+    it('strips both top-level and $set tenantId when both are present', async () => {
+      const Model = createTestModel('stripBoth');
+
+      await runAsSystem(async () => {
+        await Model.create({ name: 'target', value: 1, tenantId: 'tenant-a' });
+      });
+
+      await tenantStorage.run({ tenantId: 'tenant-a' }, async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            updateOne: {
+              filter: { name: 'target' },
+              update: {
+                tenantId: 'top-cross',
+                $set: { value: 99, tenantId: 'set-cross' },
+              } as Record<string, unknown>,
+            },
+          },
+        ]);
+      });
+
+      const doc = await runAsSystem(async () => Model.findOne({ name: 'target' }).lean());
+      expect(doc?.value).toBe(99);
+      expect(doc?.tenantId).toBe('tenant-a');
+    });
+  });
+
+  describe('edge cases', () => {
+    it('handles empty ops array', async () => {
+      const Model = createTestModel('emptyOps');
+      const result = await tenantStorage.run({ tenantId: 'tenant-x' }, async () =>
+        tenantSafeBulkWrite(Model, []),
+      );
+      expect(result.insertedCount).toBe(0);
+      expect(result.modifiedCount).toBe(0);
+    });
+  });
+
+  describe('without tenant context', () => {
+    it('passes through in non-strict mode', async () => {
+      const Model = createTestModel('noCtx');
+
+      await runAsSystem(async () => {
+        await Model.create({ name: 'no-ctx', value: 0 });
+      });
+
+      // No ALS context — non-strict should pass through
+      const result = await tenantSafeBulkWrite(Model, [
+        {
+          updateOne: {
+            filter: { name: 'no-ctx' },
+            update: { $set: { value: 10 } },
+          },
+        },
+      ]);
+
+      expect(result.modifiedCount).toBe(1);
+    });
+
+    it('strips tenantId from updates even without tenant context', async () => {
+      const Model = createTestModel('noCtxStrip');
+
+      await runAsSystem(async () => {
+        await Model.create({ name: 'no-ctx-strip', value: 1, tenantId: 'original' });
+      });
+
+      await tenantSafeBulkWrite(Model, [
+        {
+          updateOne: {
+            filter: { name: 'no-ctx-strip' },
+            update: { $set: { value: 50, tenantId: 'injected' } },
+          },
+        },
+      ]);
+
+      const doc = await runAsSystem(async () => Model.findOne({ name: 'no-ctx-strip' }).lean());
+      expect(doc?.value).toBe(50);
+      expect(doc?.tenantId).toBe('original');
+    });
+
+    it('throws in strict mode', async () => {
+      process.env.TENANT_ISOLATION_STRICT = 'true';
+      _resetBulkWriteStrictCache();
+
+      const Model = createTestModel('strict');
+
+      await expect(
+        tenantSafeBulkWrite(Model, [
+          {
+            updateOne: {
+              filter: { name: 'any' },
+              update: { $set: { value: 1 } },
+            },
+          },
+        ]),
+      ).rejects.toThrow('bulkWrite on TestBulkWrite_strict');
+    });
+  });
+
+  describe('mixed operations', () => {
+    it('handles a batch of mixed insert, update, delete operations', async () => {
+      const Model = createTestModel('mixed');
+
+      await runAsSystem(async () => {
+        await Model.create([
+          { name: 'existing1', value: 1, tenantId: 'tenant-m' },
+          { name: 'to-remove', value: 2, tenantId: 'tenant-m' },
+          { name: 'existing1', value: 1, tenantId: 'tenant-other' },
+        ]);
+      });
+
+      await tenantStorage.run({ tenantId: 'tenant-m' }, async () => {
+        await tenantSafeBulkWrite(Model, [
+          {
+            insertOne: {
+              document: { name: 'new-item', value: 10 } as ITestDoc,
+            },
+          },
+          {
+            updateOne: {
+              filter: { name: 'existing1' },
+              update: { $set: { value: 50 } },
+            },
+          },
+          {
+            deleteOne: {
+              filter: { name: 'to-remove' },
+            },
+          },
+        ]);
+      });
+
+      const docs = await runAsSystem(async () => Model.find({}).sort({ name: 1 }).lean());
+
+      // tenant-other's doc should be untouched
+      const otherDoc = docs.find((d) => d.tenantId === 'tenant-other' && d.name === 'existing1');
+      expect(otherDoc?.value).toBe(1);
+
+      // tenant-m: existing1 updated, to-remove deleted, new-item inserted
+      const tenantMDocs = docs.filter((d) => d.tenantId === 'tenant-m');
+      expect(tenantMDocs).toHaveLength(2);
+      expect(tenantMDocs.find((d) => d.name === 'existing1')?.value).toBe(50);
+      expect(tenantMDocs.find((d) => d.name === 'new-item')?.value).toBe(10);
+      expect(tenantMDocs.find((d) => d.name === 'to-remove')).toBeUndefined();
+    });
+  });
+});
diff --git a/packages/data-schemas/src/utils/tenantBulkWrite.ts b/packages/data-schemas/src/utils/tenantBulkWrite.ts
new file mode 100644
index 0000000000..e8e104ca72
--- /dev/null
+++ b/packages/data-schemas/src/utils/tenantBulkWrite.ts
@@ -0,0 +1,180 @@
+import type { AnyBulkWriteOperation, Model, MongooseBulkWriteOptions } from 'mongoose';
+import type { BulkWriteResult } from 'mongodb';
+import { getTenantId, SYSTEM_TENANT_ID } from '~/config/tenantContext';
+import logger from '~/config/winston';
+
+let _strictMode: boolean | undefined;
+
+function isStrict(): boolean {
+  return (_strictMode ??= process.env.TENANT_ISOLATION_STRICT === 'true');
+}
+
+/** Resets the cached strict-mode flag. Exposed for test teardown only. */
+export function _resetBulkWriteStrictCache(): void {
+  _strictMode = undefined;
+}
+
+/**
+ * Tenant-safe wrapper around Mongoose `Model.bulkWrite()`.
+ *
+ * Mongoose's `bulkWrite` does not trigger schema-level middleware hooks, so the
+ * `applyTenantIsolation` plugin cannot intercept it. This wrapper:
+ *
+ * 1. **Sanitizes** every update document by stripping `tenantId` unconditionally
+ *    (both top-level and inside `$set`/`$unset`/`$setOnInsert`/`$rename`).
+ * 2. **Injects** `tenantId` into operation filters and insert documents when a
+ *    tenant context is active.
+ *
+ * Unlike the Mongoose middleware guard (`sanitizeTenantIdMutation`), which throws
+ * on cross-tenant values, this wrapper strips silently. Throwing mid-batch would
+ * abort the entire write for one bad field; the filter injection already scopes
+ * every operation to the correct tenant.
+ *
+ * Behavior:
+ * - **tenantId present** (normal request): sanitize + inject into filters/documents.
+ * - **SYSTEM_TENANT_ID**: sanitize only, skip injection (cross-tenant system op).
+ * - **No tenantId + strict mode**: throws (fail-closed, same as the plugin).
+ * - **No tenantId + non-strict**: sanitize only, no injection (backward compat).
+ */
+export async function tenantSafeBulkWrite<T>(
+  model: Model<T>,
+  ops: AnyBulkWriteOperation[],
+  options?: MongooseBulkWriteOptions,
+): Promise<BulkWriteResult> {
+  const tenantId = getTenantId();
+
+  // Strip tenantId from update documents unconditionally — application code
+  // must never control tenantId via update payloads regardless of context.
+  const sanitized = ops.map(sanitizeBulkOp).filter((op): op is AnyBulkWriteOperation => op != null);
+
+  if (!tenantId) {
+    if (isStrict()) {
+      throw new Error(
+        `[TenantIsolation] bulkWrite on ${model.modelName} attempted without tenant context in strict mode`,
+      );
+    }
+    return sanitized.length > 0 ? model.bulkWrite(sanitized, options) : EMPTY_BULK_RESULT;
+  }
+
+  if (tenantId === SYSTEM_TENANT_ID) {
+    return sanitized.length > 0 ? model.bulkWrite(sanitized, options) : EMPTY_BULK_RESULT;
+  }
+
+  const injected = sanitized.map((op) => injectTenantId(op, tenantId));
+  return injected.length > 0 ? model.bulkWrite(injected, options) : EMPTY_BULK_RESULT;
+}
+
+/** Returned when all ops are dropped after sanitization. Single shared instance. */
+const EMPTY_BULK_RESULT = Object.freeze({
+  insertedCount: 0,
+  matchedCount: 0,
+  modifiedCount: 0,
+  deletedCount: 0,
+  upsertedCount: 0,
+  upsertedIds: {},
+  insertedIds: {},
+}) as unknown as BulkWriteResult;
+
+/** Strips tenantId from update documents. Returns null if the op becomes empty. */
+function sanitizeBulkOp(op: AnyBulkWriteOperation): AnyBulkWriteOperation | null {
+  if ('updateOne' in op) {
+    const { update, ...rest } = op.updateOne;
+    const stripped = stripTenantIdFromUpdate(update as Record<string, unknown>);
+    return Object.keys(stripped).length === 0 ? null : { updateOne: { ...rest, update: stripped } };
+  }
+
+  if ('updateMany' in op) {
+    const { update, ...rest } = op.updateMany;
+    const stripped = stripTenantIdFromUpdate(update as Record<string, unknown>);
+    return Object.keys(stripped).length === 0
+      ? null
+      : { updateMany: { ...rest, update: stripped } };
+  }
+
+  return op;
+}
+
+/**
+ * Injects tenantId into every operation's filter and document.
+ * Assumes update payloads have already been sanitized by `sanitizeBulkOp`.
+ * Returns a new operation object — does not mutate the original.
+ */
+function injectTenantId(op: AnyBulkWriteOperation, tenantId: string): AnyBulkWriteOperation {
+  if ('insertOne' in op) {
+    return { insertOne: { document: { ...op.insertOne.document, tenantId } } };
+  }
+
+  if ('updateOne' in op) {
+    const { filter, ...rest } = op.updateOne;
+    return { updateOne: { ...rest, filter: { ...filter, tenantId } } };
+  }
+
+  if ('updateMany' in op) {
+    const { filter, ...rest } = op.updateMany;
+    return { updateMany: { ...rest, filter: { ...filter, tenantId } } };
+  }
+
+  if ('deleteOne' in op) {
+    const { filter, ...rest } = op.deleteOne;
+    return { deleteOne: { ...rest, filter: { ...filter, tenantId } } };
+  }
+
+  if ('deleteMany' in op) {
+    const { filter, ...rest } = op.deleteMany;
+    return { deleteMany: { ...rest, filter: { ...filter, tenantId } } };
+  }
+
+  if ('replaceOne' in op) {
+    const { filter, replacement, ...rest } = op.replaceOne;
+    return {
+      replaceOne: {
+        ...rest,
+        filter: { ...filter, tenantId },
+        replacement: { ...replacement, tenantId },
+      },
+    };
+  }
+
+  if (isStrict()) {
+    throw new Error(
+      '[TenantIsolation] Unknown bulkWrite operation type in strict mode — refusing to pass through without tenant injection',
+    );
+  }
+  logger.warn(
+    '[tenantSafeBulkWrite] Unknown bulk op type, passing through without tenant injection',
+  );
+  return op;
+}
+
+const MUTATION_OPS = ['$set', '$unset', '$setOnInsert', '$rename'] as const;
+
+/**
+ * Strips `tenantId` from a bulk-write update document — both top-level
+ * and inside mutation operators. Allocates only when stripping is needed.
+ */
+function stripTenantIdFromUpdate(update: Record<string, unknown>): Record<string, unknown> {
+  let result: Record<string, unknown> | null = null;
+
+  if ('tenantId' in update) {
+    const { tenantId: _tenantId, ...rest } = update;
+    result = rest;
+  }
+
+  for (const op of MUTATION_OPS) {
+    const source = result ?? update;
+    const payload = source[op] as Record<string, unknown> | undefined;
+    if (payload && 'tenantId' in payload) {
+      if (!result) {
+        result = { ...update };
+      }
+      const { tenantId: _tenantId, ...rest } = payload;
+      if (Object.keys(rest).length > 0) {
+        result[op] = rest;
+      } else {
+        delete result[op];
+      }
+    }
+  }
+
+  return result ?? update;
+}