* fix: filter dropdown now closable with escape, doesn't close whole modal
* refactor: simplify escapekeydown handler logic for tooltips and dropdown menus
* refactor: more specific conditions for preventDefault
* 🔧 refactor: Update MCP connection handling to improve performance and testing
* refactor: Replace getAll() with getLoaded() in MCP.js to prevent unnecessary connection creation for user-context servers.
* test: Adjust MCP.spec.js to mock getLoaded() instead of getAll() for consistency with the new implementation.
* feat: Enhance MCPServersInitializer to reset initialization flag for better handling of process restarts and stale data.
* test: Add integration tests to verify re-initialization behavior and ensure stale data is cleared when necessary.
* 🔧 refactor: Enhance cached endpoints config handling for GPT plugins
* refactor: Update MCPServersInitializer tests to use new server management methods
* refactor: Replace direct Redis server manipulation with registry.addServer and registry.getServerConfig for better abstraction and consistency.
* test: Adjust integration tests to verify server initialization and stale data handling using the updated methods.
* 🔧 refactor: Increase retry limits and delay for MCP server creation
* Updated MAX_CREATE_RETRIES from 3 to 5 to allow for more attempts during server creation.
* Increased RETRY_BASE_DELAY_MS from 10 to 25 milliseconds to provide a longer wait time between retries, improving stability in server initialization.
* refactor: Update MCPServersInitializer tests to utilize new registry methods
* refactor: Replace direct access to sharedAppServers with registry.getServerConfig for improved abstraction.
* test: Adjust tests to verify server initialization and stale data handling using the updated registry methods, ensuring consistency and clarity in the test structure.
* refactor: Reuse conversation switching logic from useSelectMention hook for Favorite Items
- Added onSelectEndpoint prop to FavoriteItem for improved endpoint selection handling.
- Refactored conversation initiation logic to utilize the new prop instead of direct navigation.
- Updated FavoritesList to pass onSelectEndpoint to FavoriteItem, streamlining the interaction flow.
- Replaced EndpointIcon with MinimalIcon for a cleaner UI representation of favorite models.
* refactor: Enhance FavoriteItem and FavoritesList for improved accessibility and interaction
- Added onRemoveFocus prop to FavoriteItem for better focus management after item removal.
- Refactored event handling in FavoriteItem to support keyboard interactions for accessibility.
- Updated FavoritesList to utilize the new onRemoveFocus prop, ensuring focus shifts appropriately after removing favorites.
- Enhanced aria-labels and roles for better screen reader support and user experience.
* refactor: Enhance EndpointModelItem for improved accessibility and interaction
- Added useRef and useState hooks to manage active state and focus behavior.
- Implemented MutationObserver to track changes in the data-active-item attribute for better accessibility.
- Refactored favorite button handling to improve interaction and accessibility.
- Updated button tabIndex based on active state to enhance keyboard navigation.
* chore: Update Radix UI dependencies in package-lock and package.json files
- Upgraded @radix-ui/react-alert-dialog and @radix-ui/react-dialog to version 1.1.15 across client and packages/client.
- Updated related dependencies for improved compatibility and performance.
- Removed outdated debug module references from package-lock.json.
* refactor: Improve accessibility and interaction in conversation options
- Added event handling to prevent unintended actions when renaming conversations.
- Updated ConvoOptions to use Ariakit components for better accessibility and interaction.
- Refactored button handlers for sharing and deleting conversations for clarity and consistency.
- Enhanced dialog components with proper aria attributes and improved structure for better screen reader support.
* refactor: Improve nested dialog accessibility for deleting shared link
- Eliminated the setShareDialogOpen prop from both ShareButton and SharedLinkButton components to streamline the code.
- Updated the delete mutation success handler in SharedLinkButton to improve focus management for accessibility.
- Enhanced the OGDialog component in SharedLinkButton with a triggerRef for better interaction.
* fix: create new flows on invalid_grant errors
* chore: fix failing test
* chore: keep isOAuthError test function in sync with implementation
* test: add tests for OAuth error detection on invalid grant errors
* test: add tests for creating new flows when token expires
* test: add test for flow clean up prior to creation
* refactor: consolidate token expiration handling in FlowStateManager
- Removed the old token expiration checks and replaced them with a new method, `isTokenExpired`, to streamline the logic.
- Introduced `normalizeExpirationTimestamp` to handle timestamp normalization for both seconds and milliseconds.
- Updated tests to ensure proper functionality of flow management with token expiration scenarios.
* fix: conditionally setup cleanup handlers in FlowStateManager
- Updated the FlowStateManager constructor to only call setupCleanupHandlers if the ci parameter is not set, improving flexibility in flow management.
* chore: enhance OAuth token refresh logging
- Introduced a new method, `processRefreshResponse`, to streamline the processing of token refresh responses from the OAuth server.
- Improved logging to provide detailed information about token refresh operations, including whether new tokens were received and if the refresh token was rotated.
- Updated existing token handling logic to utilize the new method, ensuring consistency and clarity in token management.
* chore: enhance logging for MCP server reinitialization
- Updated the logging in the reinitMCPServer function to provide more detailed information about the response, including success status, OAuth requirements, presence of the OAuth URL, and the count of tools involved. This improves the clarity and usefulness of logs for debugging purposes.
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* 🚏 feat: Rate Limit Error handling in MCPConnection
* chore: Added detailed logging for rate limit scenarios to improve debugging.
- Updated comments to clarify the behavior during rate limiting and reconnection attempts.
- Ensured that the connection state is properly managed when encountering rate limit errors.
* fix: Enhance error handling for rate limiting in MCPConnection
- Updated comments to clarify the rationale for throwing errors in the connectClient() method during rate limit scenarios.
- Ensured consistency in error handling between public API and internal methods.
* 💻 feat: deeper MCP UI integration in the chat UI using plugins
---------
Co-authored-by: Samuel Path <samuel.path@shopify.com>
Co-authored-by: Pierre-Luc Godin <pierreluc.godin@shopify.com>
* 💻 refactor: Migrate MCP UI resources from index-based to ID-based referencing
- Replace index-based resource markers with stable resource IDs
- Update plugin to parse \ui{resourceId} format instead of \ui0
- Refactor components to use useMessagesOperations instead of useSubmitMessage
- Add ShareMessagesProvider for UI resources in share view
- Add useConversationUIResources hook for cross-turn resource lookups
- Update parsers to generate resource IDs from content hashes
- Update all tests to use resource IDs instead of indices
- Add sandbox permissions for iframe popups
- Remove deprecated MCP tool context instructions
---------
Co-authored-by: Pierre-Luc Godin <pierreluc.godin@shopify.com>
* 🔱 fix: Fork Menu Accessibility Improvements (#10910)
* feat: more accessible aria-label for fork button
* fix: alignment between text and checkbox
* feat: add text change on focus for parity with on hover for keyboard accessibility
* 🤔 fix: Programmatic Expansion State for Thinking Button (#10912)
* 🙋♂️ feat: Accessible Default User Icon Colors (#10909)
* fix: downshift values for all non-compliant default bg-colors for user icons to achieve 4.5:1 contrast threshold minimums with text
* 🚪 feat: Open Sidebar Label Accessibility (#10893)
* feat: more accessible labelling on open / close sidebar
* feat: show column sort direction in all headers for my files datatable
* fix: refactor SortFilterHeader to use DropdownPopup so that keyboard nav and portaling actually work
* feat: visually indicate when a column filter is active
* chore: remove debug visuals
* chore: fix types and import order
* chore: add missing subItems prop to MenuItemProps interface
* feat: add arrow indicator for name column
* fix: page counter no longer shows 1/0 when no results
* feat: keep my files datatable size consistent to avoid issues with sizing of dropdown filter menus which made it difficult to see options
* fix: refactor filter cols button in my files datatable to use ariakit dropdown so keyboard nav works
* feat: better datatable column spacing following tanstack docs
* chore: ESlint complaints
* fix: localize string literals
* fix: move localize hook call inside the function components
* feat: add tooltip label for select all
* feat: better styling on floating label for file filter input
* feat: focus outline on search input
* feat: add search icon
* feat: add aria-sort props to header sort buttons
* feat: better screen reader labels to include information visually conveyed by filter and sort icons
* feat: add descriptive tooltips for headers for better accessibility for cognitive impairments
* chore: import orders
* feat: add more aria states for better feedback of filtered and sorted columns
* chore: add translation key
* chore: Remove @rollup/plugin-terser from package.json and rollup.config.js
* 🔧 chore: Revert Shared Links / Data-Table Changes from #9698
- Added sorting functionality for title and creation date in the Shared Links table.
- Implemented debounced search filtering for improved performance.
- Updated DataTable integration to support new features and improved user experience.
- Refactored delete handling to support bulk deletion of shared links.
- Adjusted dialog components for better accessibility and user feedback.
* 🗑️ chore: Remove unused translation keys from English locale
- Deleted keys related to managing archived chats, deleting archived chats, and opening conversations to streamline the translation file.
* fix: pad cards so focus outline doesn't clip in prompts list
* feat: pad snippet top for space between text and button
* fix: prompt menu focus outline clipping with overflow-visible
* fix: clipping in AgentBuilder for advanced and admin buttons
* fix: clipping in memory panel for admin settings
* fix: better contrast thresholds on focus outlines for admin settings and advanced buttons in agent builder
* fix: better contrast thresholds on focus outlines for admin settings button in memory panel
* fix: clipping on focus outline for manage files button in files panel
* fix: focus outline clipping table cells for files panel table
* fix: clipping on new bookmark button in bookmarks panel
* fix: clipping on Admin Settings button in MCP Settings panel
* fix: better contrast threshold outline and aria-label for Admin Settings button in MCP Settings panel
* fix: misaligned globe because of new unnested menu button positioning
* fix: localize global group aria-label
* fix: screen reader not reading out proper prompt name for dropdown menu button
* 🎨 feat: Enhance Import Conversations UI with loading state and new localization key
* fix: Correct pluralization in selected items message in translation.json
* Refactor Chat Input File Table Headers to Use SortFilterHeader Component
- Replaced button-based sorting headers in the Chat Input Files Table with a new SortFilterHeader component for better code organization and consistency.
- Updated the header for filename, updatedAt, and bytes columns to utilize the new component.
Enhance Navigation Component with Skeleton Loading States
- Added Skeleton loading states to the Nav component for better user experience during data fetching.
- Updated Suspense fallbacks for AgentMarketplaceButton and BookmarkNav components to display Skeletons.
Refactor Avatar Component for Improved UI
- Enhanced the Avatar component by adding a Label for drag-and-drop functionality.
- Improved styling and structure for the file upload area.
Update Shared Links Component for Better Error Handling and Sorting
- Improved error handling in the Shared Links component for fetching next pages and deleting shared links.
- Simplified the header rendering for sorting columns and added sorting functionality to the title and createdAt columns.
Refactor Archived Chats Component
- Merged ArchivedChats and ArchivedChatsTable components into a single ArchivedChats component for better maintainability.
- Implemented sorting and searching functionality with debouncing for improved performance.
- Enhanced the UI with better loading states and error handling.
Update DataTable Component for Sorting Icons
- Added sorting icons (ChevronUp, ChevronDown, ChevronsUpDown) to the DataTable headers for better visual feedback on sorting state.
Localization Updates
- Updated translation.json to fix missing translations and improve existing ones for better user experience.
* ✨ feat: Update DataTable component to streamline props and enhance sorting icons
* fix: TS issues
* feat: polish and redefine DataTable + shared links and archived chats
* feat: enhance DataTable with column pinning and improve sorting functionality
* feat: enhance deepEqual function for array support and improve column style stability
* refactor: DataTable and ArchivedChats; fix: sorting ArchivedChats API
* feat(DataTable): Implement new DataTable component with hooks and optimized features
- Added DataTable component with support for virtual scrolling, row selection, and customizable columns.
- Introduced hooks for debouncing search input, managing row selection, and calculating column styles.
- Enhanced accessibility with keyboard navigation and selection checkboxes.
- Implemented skeleton loading state for better user experience during data fetching.
- Added DataTableSearch component for filtering data with debounced input.
- Created utility logger for improved debugging in development.
- Updated translations to support new UI elements and actions.
* refactor: update SharedLinks and ArchivedChats to use desktopOnly instead of hideOnMobile; remove unused DataTableColumnHeader component
* fix: ensure desktopOnly columns are hidden on mobile in DataTable
* refactor: reorganize imports in DataTable components and update index exports
* refactor: improve styling and animations in Artifacts, ArtifactsSubMenu, and MCPSubMenu components; update border-radius in style.css
* refactor(Artifacts): enhance button toggle functionality and manage expanded state with useEffect
* refactor: comment out desktopOnly property in SharedLinks and ArchivedChats components; update translation.json with new keys for link actions
* refactor(DataTable): streamline column visibility logic and enhance type definitions; improve cleanup timers and optimize rendering
* refactor(DataTable): enhance type definitions for processed data rows and update custom actions renderer type
* refactor(DataTable): optimize processed data handling and improve warning for missing IDs; streamline DataTableComponents imports
* refactor(DataTable): enhance accessibility features and improve localization for selection and loading states
* refactor: improve padding in dialog content and enhance row selection functionality in ArchivedChats and DataTable components
* refactor(DataTable): remove unnecessary role and tabindex attributes from select all button for improved accessibility
* refactor(translation): remove outdated error messages and unused UI strings for cleaner localization
* refactor(DataTable): enhance virtualization and scrolling performance with dynamic overscan adjustments
* refactor(DataTableErrorBoundary): enhance error handling and localization support
* refactor(DataTable): improve column sizing and visibility handling; remove deprecated features
* refactor: enhance UI components with improved class handling and state management
* refactor(DataTable): improve column width handling and responsiveness; disable row selection
* refactor(DataTable): enhance accessibility with row header support and improve column visibility handling
* chore(DataTable): comments update
* refactor(Table): add unwrapped prop for direct table rendering; adjust minWidth calculation for responsiveness
* refactor(DataTable): simplify search handling by removing unnecessary trimming; adjust column width handling for better responsiveness
* refactor(translation): remove redundant drag and drop UI text for clarity
* refactor(parsers): change uiResources to a constant and streamline artifacts handling
* chore: remove unused file, bump @librechat/client to 0.3.2; fix(SharedLinks): missing import;
* refactor: change button variant from destructive to ghost for delete actions in SharedLinks and ArchivedChats components
* refactor(DataTable): simplify aria-sort assignment for better readability
* refactor(DataTable): update aria-label and ariaLabel to use indexed placeholder for localization
* refactor(translation): update no data messages for consistency
* Refactor code structure for improved readability and maintainability
* chore: restore linting fixes
* chore: restore linting fixes 2; refactor: remove unused translation keys
* feat(tests): add unit tests for DataTable components and error handling
- Implement tests for SelectionCheckbox and SkeletonRows components in DataTable.
- Add tests for DataTableErrorBoundary to ensure proper error handling and UI rendering.
- Create tests for DataTableSearch to validate search functionality and accessibility.
- Update DialogTemplate tests to reflect hardcoded cancel text.
- Remove redundant IntersectionObserver mock in SplitText tests.
- Unmock react-i18next in Translation tests to validate actual i18n functionality.
* refactor: Remove jest-environment-jsdom dependency from package.json; fix: reset package-lock
* chore: revert lint fixes
* chore: clean up package.json by removing unused devDependencies and redundant test scripts
* chore: update package dependencies in package.json and package-lock.json
- Added new devDependencies: @babel/core, @babel/preset-env, @babel/preset-react, @babel/preset-typescript, @tanstack/react-table, @tanstack/react-virtual, @testing-library/jest-dom, identity-obj-proxy, jest, jest-environment-jsdom, and lucide-react.
- Updated existing devDependencies to their latest versions.
- Added new module @asamuzakjp/css-color to package-lock.json with its dependencies.
- Updated version of @babel/plugin-transform-destructuring and added @babel/plugin-transform-explicit-resource-management in package-lock.json.
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* chore: Bump @modelcontextprotocol/sdk to version 1.24.3
* refactor: Update resource handling in MCP parsers and types
- Simplified resource text checks in `parseAsString` and `formatToolContent` functions to ensure proper existence checks.
- Removed unnecessary resource name and description handling to streamline output.
- Updated type definitions in `index.ts` to align with the new structure from `@modelcontextprotocol/sdk`, enhancing type safety and clarity.
- Added `logo_uri` and `tos_uri` properties to `MCPOAuthHandler` for improved OAuth metadata support.
* refactor: Update custom endpoint configurations and type definitions
- Removed unused type imports and streamlined the custom parameters handling in `loadCustomEndpointsConfig`.
- Adjusted the `TCustomEndpointsConfig` type to utilize `TConfig` instead of `TEndpoint`, enhancing type accuracy.
- Made the endpoint schema optional in the configuration to improve flexibility.
* fix: Implement token cleanup and error handling for invalid OAuth tokens
- Added `cleanupInvalidTokens` method to remove invalid OAuth tokens from storage when detected.
- Introduced `isInvalidTokenError` method to identify errors indicating revoked or expired tokens.
- Integrated token cleanup logic into the connection attempt process to ensure fresh OAuth flow on invalid token detection.
* feat: Add revoke OAuth functionality in Server Initialization
- Introduced a new button to revoke OAuth for servers, enhancing user control over OAuth permissions.
- Updated the `useMCPServerManager` hook to include a standalone `revokeOAuthForServer` function for managing OAuth revocation.
- Adjusted the UI to conditionally render the revoke button based on server requirements.
* fix: error handling for authentication in MCPConnection
- Updated the error handling logic in MCPConnection to better identify various authentication error indicators, including 401 status, invalid tokens, and unauthorized messages.
- Removed the deprecated cleanupInvalidTokens method and integrated its logic into the connection attempt process for improved clarity and efficiency.
- Adjusted the MCPConnectionFactory to streamline the connection attempt process and handle OAuth errors more effectively.
* refactor: Update button rendering in ServerInitializationSection
- Removed the existing button for server initialization and replaced it with a new button implementation, maintaining the same functionality.
- Ensured consistent rendering of the button within the component's layout.
* chore: update resource type usage in parsers.test.ts
* Feature: Dynamic MCP Server with Full UI Management
* 🚦 feat: Add MCP Connection Status icons to MCPBuilder panel (#10805)
* feature: Add MCP server connection status icons to MCPBuilder panel
* refactor: Simplify MCPConfigDialog rendering in MCPBuilderPanel
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
* fix: address code review feedback for MCP server management
- Fix OAuth secret preservation to avoid mutating input parameter
by creating a merged config copy in ServerConfigsDB.update()
- Improve error handling in getResourcePermissionsMap to propagate
critical errors instead of silently returning empty Map
- Extract duplicated MCP server filter logic by exposing selectableServers
from useMCPServerManager hook and using it in MCPSelect component
* test: Update PermissionService tests to throw errors on invalid resource types
- Changed the test for handling invalid resource types to ensure it throws an error instead of returning an empty permissions map.
- Updated the expectation to check for the specific error message when an invalid resource type is provided.
* feat: Implement retry logic for MCP server creation to handle race conditions
- Enhanced the createMCPServer method to include retry logic with exponential backoff for handling duplicate key errors during concurrent server creation.
- Updated tests to verify that all concurrent requests succeed and that unique server names are generated.
- Added a helper function to identify MongoDB duplicate key errors, improving error handling during server creation.
* refactor: StatusIcon to use CircleCheck for connected status
- Replaced the PlugZap icon with CircleCheck in the ConnectedStatusIcon component to better represent the connected state.
- Ensured consistent icon usage across the component for improved visual clarity.
* test: Update AccessControlService tests to throw errors on invalid resource types
- Modified the test for invalid resource types to ensure it throws an error with a specific message instead of returning an empty permissions map.
- This change enhances error handling and improves test coverage for the AccessControlService.
* fix: Update error message for missing server name in MCP server retrieval
- Changed the error message returned when the server name is not provided from 'MCP ID is required' to 'Server name is required' for better clarity and accuracy in the API response.
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
* 🪦 refactor: Remove Legacy Code (#10533)
* 🗑️ chore: Remove unused Legacy Provider clients and related helpers
* Deleted OpenAIClient and GoogleClient files along with their associated tests.
* Removed references to these clients in the clients index file.
* Cleaned up typedefs by removing the OpenAISpecClient export.
* Updated chat controllers to use the OpenAI SDK directly instead of the removed client classes.
* chore/remove-openapi-specs
* 🗑️ chore: Remove unused mergeSort and misc utility functions
* Deleted mergeSort.js and misc.js files as they are no longer needed.
* Removed references to cleanUpPrimaryKeyValue in messages.js and adjusted related logic.
* Updated mongoMeili.ts to eliminate local implementations of removed functions.
* chore: remove legacy endpoints
* chore: remove all plugins endpoint related code
* chore: remove unused prompt handling code and clean up imports
* Deleted handleInputs.js and instructions.js files as they are no longer needed.
* Removed references to these files in the prompts index.js.
* Updated docker-compose.yml to simplify reverse proxy configuration.
* chore: remove unused LightningIcon import from Icons.tsx
* chore: clean up translation.json by removing deprecated and unused keys
* chore: update Jest configuration and remove unused mock file
* Simplified the setupFiles array in jest.config.js by removing the fetchEventSource mock.
* Deleted the fetchEventSource.js mock file as it is no longer needed.
* fix: simplify endpoint type check in Landing and ConversationStarters components
* Updated the endpoint type check to use strict equality for better clarity and performance.
* Ensured consistency in the handling of the azureOpenAI endpoint across both components.
* chore: remove unused dependencies from package.json and package-lock.json
* chore: remove legacy EditController, associated routes and imports
* chore: update banResponse logic to refine request handling for banned users
* chore: remove unused validateEndpoint middleware and its references
* chore: remove unused 'res' parameter from initializeClient in multiple endpoint files
* chore: remove unused 'isSmallScreen' prop from BookmarkNav and NewChat components; clean up imports in ArchivedChatsTable and useSetIndexOptions hooks; enhance localization in PromptVersions
* chore: remove unused import of Constants and TMessage from MobileNav; retain only necessary QueryKeys import
* chore: remove unused TResPlugin type and related references; clean up imports in types and schemas
* 🪦 refactor: Remove Legacy Code (#10533)
* 🗑️ chore: Remove unused Legacy Provider clients and related helpers
* Deleted OpenAIClient and GoogleClient files along with their associated tests.
* Removed references to these clients in the clients index file.
* Cleaned up typedefs by removing the OpenAISpecClient export.
* Updated chat controllers to use the OpenAI SDK directly instead of the removed client classes.
* chore/remove-openapi-specs
* 🗑️ chore: Remove unused mergeSort and misc utility functions
* Deleted mergeSort.js and misc.js files as they are no longer needed.
* Removed references to cleanUpPrimaryKeyValue in messages.js and adjusted related logic.
* Updated mongoMeili.ts to eliminate local implementations of removed functions.
* chore: remove legacy endpoints
* chore: remove all plugins endpoint related code
* chore: remove unused prompt handling code and clean up imports
* Deleted handleInputs.js and instructions.js files as they are no longer needed.
* Removed references to these files in the prompts index.js.
* Updated docker-compose.yml to simplify reverse proxy configuration.
* chore: remove unused LightningIcon import from Icons.tsx
* chore: clean up translation.json by removing deprecated and unused keys
* chore: update Jest configuration and remove unused mock file
* Simplified the setupFiles array in jest.config.js by removing the fetchEventSource mock.
* Deleted the fetchEventSource.js mock file as it is no longer needed.
* fix: simplify endpoint type check in Landing and ConversationStarters components
* Updated the endpoint type check to use strict equality for better clarity and performance.
* Ensured consistency in the handling of the azureOpenAI endpoint across both components.
* chore: remove unused dependencies from package.json and package-lock.json
* chore: remove legacy EditController, associated routes and imports
* chore: update banResponse logic to refine request handling for banned users
* chore: remove unused validateEndpoint middleware and its references
* chore: remove unused 'res' parameter from initializeClient in multiple endpoint files
* chore: remove unused 'isSmallScreen' prop from BookmarkNav and NewChat components; clean up imports in ArchivedChatsTable and useSetIndexOptions hooks; enhance localization in PromptVersions
* chore: remove unused import of Constants and TMessage from MobileNav; retain only necessary QueryKeys import
* chore: remove unused TResPlugin type and related references; clean up imports in types and schemas
* 📦 chore: Bump Express.js to v5 (#10671)
* chore: update express to version 5.1.0 in package.json
* chore: update express-rate-limit to version 8.2.1 in package.json and package-lock.json
* fix: Enhance server startup error handling in experimental and index files
* Added error handling for server startup in both experimental.js and index.js to log errors and exit the process if the server fails to start.
* Updated comments in openidStrategy.js to clarify the purpose of the CustomOpenIDStrategy class and its relation to Express version changes.
* chore: Implement rate limiting for all POST routes excluding /speech, required for express v5
* Added middleware to apply IP and user rate limiters to all POST requests, ensuring that the /speech route remains unaffected.
* Enhanced code clarity with comments explaining the new rate limiting logic.
* chore: Enable writable req.query for mongoSanitize compatibility in Express 5
* chore: Ensure req.body exists in multiple middleware and route files for Express 5 compatibility
* 🗣 feat: MCP Status Accessibility Improvements (#10738)
* feat: make MultiSelect highlight same opacity as other focus highlights in app
* feat: add better screenreader announcements for mcp server and variable states
* feat: memoize fullTitle calculation
* 🪨 feat: Add PROXY support for AWS Bedrock endpoints (#8871)
* feat: added PROXY support for AWS Bedrock endpoint
* chore: explicit install of new packages required for bedrock proxy
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* ✨ feat: Implement Favorites functionality with controllers, hooks, and UI components
* ✨ feat: Refactor Favorites functionality to support new data structure and enhance UI interactions
* ✨ feat: Add endpoint to new conversation for agent favorites
* ✨ feat: Enhance Conversations and Favorites components with expanded functionality and improved UI interactions
* ✨ feat: Remove 'Pinned' label from UI translations for cleaner interface
* feat: clean up comments and improve code readability in favorites and agent components; bump @librechat/data-schemas to 0.0.24
* ✨ feat: Enhance favorites management with validation, update data structure, and improve UI interactions
* ✨ feat: Simplify rendering logic in EndpointModelItem and optimize useEffect dependencies in Conversations component
* ✨ test: Update favorites mock implementation and improve button focus styles in AgentDetail tests
* ✨ feat: Enhance favorites management by adding loading and error states, and refactor related hooks and components
* ✨ feat: Add loading skeletons for favorites while agents are being fetched
* ✨ feat: Improve loading experience in FavoritesList by adding skeleton placeholders for favorites and marketplace
* feat: Optimize cache handling in Conversations and enhance FavoritesList to notify height changes on loading completion
* ✨ feat: Add loading skeleton for SearchBar in Nav component and update agent avatar fallback icon to Feather
* feat: Refactor FavoritesController validation, streamline ModelSelector component, and enhance EndpointModelItem with selection state
* feat: Adjust padding in Conversations and FavoritesList components for improved layout consistency
* feat: Refactor FavoritesController to use model methods for user updates and retrieval
* feat: Enhance Favorites functionality with validation, cleanup, and improved error handling
* tests: Update AgentCard and agent utilities to use Feather icon fallback instead of Bot icon
* refactor: Remove collapsible animation styles from CSS
* feat: Migrate favorites state management from Recoil to Jotai
* fix: Correct type definition in useGetFavoritesQuery and ensure useFavorites is exported
* refactor: Simplify AuthField component by removing TooltipAnchor and directly rendering Label
* fix: Ensure favorites are always an array and update references in FavoritesList
* style: Update Conversation component styles for improved UI consistency
* feat: re-integrate AuthContext to manage agent marketplace visibility based on authentication state
* fix: Improve optimistic updates in favorites mutation handling
* feat: Implement error handling for favorites limit and consolidate marketplace access logic
* fix: package-lock
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
Co-authored-by: Dustin Healy <54083382+dustinhealy@users.noreply.github.com>
Co-authored-by: Arthur Barrett <abarrett@fas.harvard.edu>
* refactor: move endpoint initialization methods to typescript
* refactor: move agent init to packages/api
- Introduced `initialize.ts` for agent initialization, including file processing and tool loading.
- Updated `resources.ts` to allow optional appConfig parameter.
- Enhanced endpoint configuration handling in various initialization files to support model parameters.
- Added new artifacts and prompts for React component generation.
- Refactored existing code to improve type safety and maintainability.
* refactor: streamline endpoint initialization and enhance type safety
- Updated initialization functions across various endpoints to use a consistent request structure, replacing `unknown` types with `ServerResponse`.
- Simplified request handling by directly extracting keys from the request body.
- Improved type safety by ensuring user IDs are safely accessed with optional chaining.
- Removed unnecessary parameters and streamlined model options handling for better clarity and maintainability.
* refactor: moved ModelService and extractBaseURL to packages/api
- Added comprehensive tests for the models fetching functionality, covering scenarios for OpenAI, Anthropic, Google, and Ollama models.
- Updated existing endpoint index to include the new models module.
- Enhanced utility functions for URL extraction and model data processing.
- Improved type safety and error handling across the models fetching logic.
* refactor: consolidate utility functions and remove unused files
- Merged `deriveBaseURL` and `extractBaseURL` into the `@librechat/api` module for better organization.
- Removed redundant utility files and their associated tests to streamline the codebase.
- Updated imports across various client files to utilize the new consolidated functions.
- Enhanced overall maintainability by reducing the number of utility modules.
* refactor: replace ModelService references with direct imports from @librechat/api and remove ModelService file
* refactor: move encrypt/decrypt methods and key db methods to data-schemas, use `getProviderConfig` from `@librechat/api`
* chore: remove unused 'res' from options in AgentClient
* refactor: file model imports and methods
- Updated imports in various controllers and services to use the unified file model from '~/models' instead of '~/models/File'.
- Consolidated file-related methods into a new file methods module in the data-schemas package.
- Added comprehensive tests for file methods including creation, retrieval, updating, and deletion.
- Enhanced the initializeAgent function to accept dependency injection for file-related methods.
- Improved error handling and logging in file methods.
* refactor: streamline database method references in agent initialization
* refactor: enhance file method tests and update type references to IMongoFile
* refactor: consolidate database method imports in agent client and initialization
* chore: remove redundant import of initializeAgent from @librechat/api
* refactor: move checkUserKeyExpiry utility to @librechat/api and update references across endpoints
* refactor: move updateUserPlugins logic to user.ts and simplify UserController
* refactor: update imports for user key management and remove UserService
* refactor: remove unused Anthropics and Bedrock endpoint files and clean up imports
* refactor: consolidate and update encryption imports across various files to use @librechat/data-schemas
* chore: update file model mock to use unified import from '~/models'
* chore: import order
* refactor: remove migrated to TS agent.js file and its associated logic from the endpoints
* chore: add reusable function to extract imports from source code in unused-packages workflow
* chore: enhance unused-packages workflow to include @librechat/api dependencies and improve dependency extraction
* chore: improve dependency extraction in unused-packages workflow with enhanced error handling and debugging output
* chore: add detailed debugging output to unused-packages workflow for better visibility into unused dependencies and exclusion lists
* chore: refine subpath handling in unused-packages workflow to correctly process scoped and non-scoped package imports
* chore: clean up unused debug output in unused-packages workflow and reorganize type imports in initialize.ts
* feat: allow keyboard nav in presetItems
(previously edit / pin / delete buttons would only render on hover, so when the element was focused with keybaord navigation, those buttons wouldn't render and couldn't be focused or actuated)
* feat: add aria-labels and TooltipAnchors to buttons in PresetItems
* fix: stop keypresses from triggering parent menuitem instead of buttons
* feat: better focus management on modal close with trigger refs
* feat: use OGDialog modal for preset deletion
* feat: add toast for successful preset deletion
* chore: address copilot comments
* chore: address comments
* chore: import order
* feat: make MultiSelect highlight same opacity as other focus highlights in app
* feat: add better screenreader announcements for mcp server and variable states
* feat: memoize fullTitle calculation
* Refactor: MCPServersRegistry Singleton Pattern with Dependency Injection for DB methods consumption
* refactor: error handling in MCP initialization and improve logging for MCPServersRegistry instance creation.
- Added checks for mongoose instance in ServerConfigsDB constructor and refined error messages for clarity.
- Reorder and use type imports
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
* Decouple mcp config from start up config
* Chore: Work on AI Review and Copilot Comments
- setRawConfig is not needed since the private raw config is not needed any more
- !!serversLoading bug fixed
- added unit tests for route /api/mcp/servers
- copilot comments addressed
* chore: remove comments
* chore: rename data-provider dir for MCP
* chore: reorganize mcp specific query hooks
* fix: consolidate imports for MCP server manager
* chore: add dev-staging branch to frontend review workflow triggers
* feat: add GitHub Actions workflow for building and pushing Docker images to GitHub Container Registry and Docker Hub
* fix: update label for tag input in BookmarkForm tests to improve clarity
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: add light/dark differentiation on text color for login footer links for more accessible contrast in light mode
* feat: add darker color focus ring on ThemeSelector in light mode for more accessible contrast
* feat: increase contrast on text color for rendered error messages in light and dark mode so that they pass the 4.5:1 accessibility contrast threshold against their backgrounds
* feat: add more accessible color vars to style.css for better contrast against light/dark backgrounds
* feat: un-nest DropdownMenu from ListCard and make them siblings instead for better accessibility
* feat: tweak --border-heavy in light mode so that it uses --gray-410 rather than --gray-400 so that the contrast ratio threshold is hit for accessibility
* feat: switch email and password input border to border-heavy for more accessible contrast on Login page
* fix: add proper focus ring for Action menu button in Prompts Sidenav
* fix: align light and dark focus rings with surrounding elements on preview/edit menu dropdown button in Prompt Card
* fix: remove aria-hidden on parent div with focusable child element according to accessibility guidelines
* fix: add missing aria-readonly false property that should have been in previous accessibility PR
* feat: add horizontal padding on rowRenderer's CellMeasurer div so that focus ring on rows doesnt clip behind virtualized table borders side-to-side
(still need to figure out vertical clipping on final row / a better solution to be able to get overflows to work properly within the virtualized table)
* feat: remove render prop override so that Share and Delete Buttons in Conversation dropdown can be pressed with Enter keystroke
* fix: undo additional colors and changes to --surface-hover
the initial changes came from a misunderstanding of contrast threshold requirements for hover effect accessibility
* feat: better layout for non-nested prompt card / action menu combination
* fix: add proper focus restoration behavior for Preview modal on close
* fix: undo change to --border-heavy in light mode
* fix: set borders for login input boxes back to light
* feat: add announcement for state change when link copied to clipboard in conversation share modal
* feat: add announcement to Refresh Link button
* feat: add announcement for archiving chats
* feat: make date sections in conversation history list <h2> rather than generic <div> for improved screen reader support
* feat: ensure Share Link modal is accessible at high zoom percentage and low viewport width / height requirements by adding max height and overflow attributes to allow scrolling
* feat: bold toast text so that it hits font size accessibility threshold (above 14 px when bolded - change makes text 16 px bold) so that the more disruptive contrast change of the toast background color is no longer necessary.
The background color would need to achieve a 4.5:1 contrast ratio, which would significantly affect the established aesthetic of the current toast system if achieved.
* fix: do not render side nav when it is hidden to avoid keyboard navigation with screen reader
* fix: add side nav button state change announcements and don't render components that were previosuly reachable via keyboard navigation while in the side nav
* feat: add tooltip anchor for Model Select
* fix: only hide the model selector, export, and temp chat buttons when in mobile view and the sidenav is expanded
* feat: add aria-haspopup support for MenuItems and add aria-haspopup: 'dialog' for Share and Delete buttons in ConvoOptions
* feat: add label for DataTable search so that it does not rely on placeholder attribute for function identification
* feat: make X buttons on dialogs 24x24px to achieve AA compliance
* feat: add announcements for the search bar for model selector
* feat: persistent label for DataTable
* feat: make filter files text contrast compliant
* feat: add non-color visual indicator to AudioRecorder listening state
* feat: add aria-expanded attribute to tool call dropdown for screen reader
* feat: add high contrast and rounded outlines for focus indicators on Run Code and Copy Code buttons for code blocks
* fix: change Button to anchor tag in Shared Links component when linking to original conversation
* fix: allow overflow in datatable cells so that focus indicators dont get cut off
* feat: round out focus outline for link name in SharedLinks modal
* feat: add aria-controls and aria-haspopup: "dialog" to SharedLinks delete button and modal
* feat: add aria-controls for dropdown menu items on ConvoOptions for share and delete modals
* feat: add trigger ref to 2FA button and modal in settings menu so focus returns to button on modal close
* feat: add refs so that open sidebar and close sidebar buttons transfer focus to one another
* chore: formatting
* feat: make sure settings modal is accessible at 200% zoom for screen size 1366x768 viewport
* feat: round out focus outline for link names in archived chats modal
* feat: add result announcements for screen reader in DataTable search
* feat: simplify layout for checkbox / api key components for better accessibility
* feat: return focus to chat input on prompt variables modal close
* feat: add persistent labels to TextareaAutosize Inputs in Variable form
* feat: tighten max width so side scrolling not necessary at 400% zoom for VariableForm modal
* feat: add persistent labels to prompt management page
* feat: announce results found for search bars in prompts page and improve them in datatable
* feat: de-nest DashGroupItem buttons in Prompts page to allow better navigation and comply with accessibility standard
* feat: add heading for new prompt creation page for screen readers
* feat: remove non-compliant description truncation for small screen sizes by making labels static on small enough viewport width
* feat: add mobile view sidebar for prompts page
* feat: add bolded text on select for AdvancedSwitch so that there is a visual indicator of selection and it does not rely solely on color as an indication of state
* feat: add persistent labels to ModelSelector search inputs
* feat: align aria-label with visual label for speech recognition users
* feat: make MemoryCreateDialog accessible at 400% zoom (introduce max viewport height attr and make scrollable)
* feat: add persistent label to Filter input for DataTable in file attach sidebar menu
* feat: add persistent label for bookmark filter input in bookmarks sidebar menu
* feat: add alert for screen readers for invalid inputs when editting bookmarks
* feat: bold font in BookmarkForm error readout to pass contrast compliance thresholds for 14pt text
* feat: align aria-label with visual label for BookmarkForm Ttile input
* feat: add 400% zoom support for ALL modals utilizing OriginalDialog to prevent clipping
* feat: remove state change on aria label and give consistent labelling for button, offload state change notification to the announcement div and make more assertive
* feat: add aria-labels which convey that the buttons are sortable (divergence from visual text because iconography is used to signify sort functionality)
* feat: add supplemental visuals to indicate link is clickable other than color in SharedLinks
* feat: increase saturation to hit contrast threshold minimums on Link color in SharedLinks
* feat: stop DataTable from disappearing at 400% zoom in SharedLinks
* feat: increase contrast to hit contrast threshold minimums on Animated Search Input visual indicators
* feat: add aria-label for AnimatedSearchInput (doesn't require explicit labelling because of Search icon)
* fix: stop long example variable declaration from clipping at high zoom in variables info
* feat: add aria-label to bettter describe sort button functionality for vision impaired users
* chore: remove unused translation key
* chore: address ESLint comments
* fix: modify test to account for new alert on theme toggle switch for login page
* chore: interpolate translation key
* 🔄 Refactoring: MCP Runtime Configuration Reload
- PrivateServerConfigs own cache classes (inMemory and Redis).
- Connections staleness detection by comparing (connection.createdAt and config.LastUpdatedAt)
- ConnectionsRepo access Registry instead of in memory config dict and renew stale connections
- MCPManager: adjusted init of ConnectionsRepo (app level)
- UserConnectionManager: renew stale connections
- skipped test, to test "should only clear keys in its own namespace"
- MCPPrivateServerLoader: new component to manage logic of loading / editing private servers on runtime
- PrivateServersLoadStatusCache to track private server cache status
- New unit and integration tests.
Misc:
- add es lint rule to enforce line between class methods
* Fix cluster mode batch update and delete workarround. Fixed unit tests for cluster mode.
* Fix Keyv redis clear cache namespace awareness issue + Integration tests fixes
* chore: address copilot comments
* Fixing rebase issue: removed the mcp config fallback in single getServerConfig method:
- to not to interfere with the logic of the right Tier (APP/USER/Private)
- If userId is null, the getServerConfig should not return configs that are a SharedUser tier and not APP tier
* chore: add dev-staging branch to workflow triggers for backend, cache integration, and ESLint checks
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
* chore: update express to version 5.1.0 in package.json
* chore: update express-rate-limit to version 8.2.1 in package.json and package-lock.json
* fix: Enhance server startup error handling in experimental and index files
* Added error handling for server startup in both experimental.js and index.js to log errors and exit the process if the server fails to start.
* Updated comments in openidStrategy.js to clarify the purpose of the CustomOpenIDStrategy class and its relation to Express version changes.
* chore: Implement rate limiting for all POST routes excluding /speech, required for express v5
* Added middleware to apply IP and user rate limiters to all POST requests, ensuring that the /speech route remains unaffected.
* Enhanced code clarity with comments explaining the new rate limiting logic.
* chore: Enable writable req.query for mongoSanitize compatibility in Express 5
* chore: Ensure req.body exists in multiple middleware and route files for Express 5 compatibility
* 🗑️ chore: Remove unused Legacy Provider clients and related helpers
* Deleted OpenAIClient and GoogleClient files along with their associated tests.
* Removed references to these clients in the clients index file.
* Cleaned up typedefs by removing the OpenAISpecClient export.
* Updated chat controllers to use the OpenAI SDK directly instead of the removed client classes.
* chore/remove-openapi-specs
* 🗑️ chore: Remove unused mergeSort and misc utility functions
* Deleted mergeSort.js and misc.js files as they are no longer needed.
* Removed references to cleanUpPrimaryKeyValue in messages.js and adjusted related logic.
* Updated mongoMeili.ts to eliminate local implementations of removed functions.
* chore: remove legacy endpoints
* chore: remove all plugins endpoint related code
* chore: remove unused prompt handling code and clean up imports
* Deleted handleInputs.js and instructions.js files as they are no longer needed.
* Removed references to these files in the prompts index.js.
* Updated docker-compose.yml to simplify reverse proxy configuration.
* chore: remove unused LightningIcon import from Icons.tsx
* chore: clean up translation.json by removing deprecated and unused keys
* chore: update Jest configuration and remove unused mock file
* Simplified the setupFiles array in jest.config.js by removing the fetchEventSource mock.
* Deleted the fetchEventSource.js mock file as it is no longer needed.
* fix: simplify endpoint type check in Landing and ConversationStarters components
* Updated the endpoint type check to use strict equality for better clarity and performance.
* Ensured consistency in the handling of the azureOpenAI endpoint across both components.
* chore: remove unused dependencies from package.json and package-lock.json
* chore: remove legacy EditController, associated routes and imports
* chore: update banResponse logic to refine request handling for banned users
* chore: remove unused validateEndpoint middleware and its references
* chore: remove unused 'res' parameter from initializeClient in multiple endpoint files
* chore: remove unused 'isSmallScreen' prop from BookmarkNav and NewChat components; clean up imports in ArchivedChatsTable and useSetIndexOptions hooks; enhance localization in PromptVersions
* chore: remove unused import of Constants and TMessage from MobileNav; retain only necessary QueryKeys import
* chore: remove unused TResPlugin type and related references; clean up imports in types and schemas
* feat: wrap main content of page in <main> tag for screen reader landmarks (439)
* feat: add italic on active convo when selected so that selection state does not rely on bg contrast ratio (562)
* feat: add border ring around SearchBar so that it passes focus contrast minimums (577)
* fix: hide decorative SVGs from screen readers (578)
* fix: stop clipping of focus outlines in My Files modal (593)
* feat: programmatically declare state of Temporary Chat toggle for screen readers (606)
* feat: add sr-only components to warn screen readers that footer links open in new tab (611)
* feat: add aria-labels to archived chat table buttons
* feat: add screen reader heading for prompt edit page (776)
* feat: increase contrast to threshold minimum for production tag in prompts advanced view (773)
* feat: increase contrast to thehold minimums for production tag and version card border highlights (770)
* fix: h2 now reads as 'control bar' to screen readers in edit prompt page (768)
* feat: add selected state tracking for simple / advanced toggle for screen readers (765)
* feat: add left padding to theme selector in prompts side nav panel so that focus outline doesnt clip
* feat: darken orange bg for warning toasts to hit 3:1 contrast minimum with white text (725)
* fix: return focus to triggering element on modal close for image preview in attach files panel (717)
* fix: hide SVG for AddMultiConvo button from screen readers (708)
* feat: add persistent label to Filter Memories... input in memory side panel
If you've got a screen reader that is reading out the whole page,
each icon button (i.e., `<button><SVG></button>`) will have both
the button's aria-label read out as well as the title from the
SVG (which is usually just "image").
Since we are pretty good about setting aria-labels, we should instead
use `aria-hidden="true"` on these images, since they are not useful
to be read out.
I don't consider this a comprehensive review of all icons in the app,
but I knocked out all the low hanging fruit in this commit.
Adds support for MCP servers like StackOverflow that use OAuth but don't
provide standard discovery metadata at .well-known endpoints.
Changes:
- Add fallback OAuth endpoints (/authorize, /token, /register) when
discoverAuthorizationServerMetadata returns undefined
- Add POST fallback in OAuth detection when HEAD returns non-401
(StackOverflow returns 405 for HEAD, 401 for POST)
- Detect OAuth requirement from WWW-Authenticate: Bearer header even
without resource_metadata URL
- Add fallback /token endpoint for token refresh when metadata
discovery fails
- Add registration_endpoint to OAuthMetadata type
This mirrors the MCP SDK's behavior where it gracefully falls back to
default OAuth endpoint paths when .well-known metadata isn't available.
Tests:
- Add unit tests for detectOAuth.ts (POST fallback, Bearer detection)
- Add unit tests for handler.ts (fallback metadata, fallback refresh)
- Add StackOverflow to integration test servers
Fixes OAuth flow for servers that:
- Return 405 for HEAD requests (only support POST)
- Return 401 with simple "Bearer" in WWW-Authenticate
- Don't have .well-known/oauth-authorization-server endpoint
- Use standard /authorize, /token, /register paths
- Updated @librechat/api to version 1.7.0
- Updated @librechat/client to version 0.4.1
- Updated librechat-data-provider to version 0.8.200
- Updated @librechat/data-schemas to version 0.0.31
* v0.8.1
* fix: GitHub workflows for OIDC trusted publishing
- Added permissions for OIDC trusted publishing in client, data-provider, and data-schemas workflows.
- Updated npm installation to support OIDC in all workflows.
- Changed npm publish commands to include `--provenance` for better package integrity.
- Updated repository URLs in package.json files for client, data-provider, and data-schemas to remove `git+` prefix.
- Created a new `bun.lock` file to manage project dependencies effectively.
- Removed the obsolete `bun.lockb` file.
- Updated `package.json` scripts to streamline the build process for the client and API, enhancing the overall development workflow.
- Introduced new build commands for the client package to improve modularity and clarity in the build process.
- Introduced `inferMimeType` utility to improve MIME type detection for uploaded files, including support for HEIC and HEIF formats.
- Updated DragDropModal to utilize the new inference logic for validating file types, ensuring compatibility with various document upload providers.
- Added comprehensive tests for `inferMimeType` to cover various scenarios, including handling of unknown extensions and preserving browser-provided types.
* 🔧 fix: Gemini as Custom Endpoint Auth. Error for OAI-compatible API
* refactor: Google Compatibility in OpenAI Config
- Added a test to ensure `googleSearch` is filtered out when `web_search` is only present in `modelOptions`, not in `addParams` or `defaultParams`.
- Updated `transformToOpenAIConfig` to preserve `googleSearch` tools if `web_search` is explicitly enabled via `addParams` or `defaultParams`.
- Refactored the filtering logic for Google-specific tools to accommodate the new behavior.
* refactor: implement sanitizeFileForTransmit and sanitizeMessageForTransmit functions for smaller payload to client transmission
* refactor: enhance sanitizeMessageForTransmit to preserve empty files array and avoid mutating original message
* refactor: update sanitizeMessageForTransmit to ensure immutability of files array and improve test clarity
