- fix: Update Bedrock Cache Control to Require cachePoint as a Separate Content Block
- Modified the addBedrockCacheControl function to ensure cachePoint is added as a separate content block in the content array, rather than as a property of text objects.
- refactor: move addBedrockCacheControl over to packages/api
- ci: add tests for addBedrockCacheControl until full coverage reached
* fix: freq. and pres. penalty use camelcase
* ci: OpenAI Configuration Tests
* ci: Enhance OpenAI Configuration Tests with Azure and Custom Endpoint Scenarios
* Added integration tests for OpenAI and Azure configurations simulating various initialization scenarios.
* Updated OpenAIConfigOptions to allow null values for reverseProxyUrl and proxy.
* Improved handling of reasoning parameters in tests for both OpenAI and Azure setups.
* Ensured robust error handling for missing API keys and malformed configurations.
* Optimized performance for large parameter sets in configuration.
* test: Add comprehensive integration tests for Anthropic LLM configuration
* Introduced real usage integration tests for various Anthropic endpoint configurations, including handling of proxy and reverse proxy setups.
* Implemented model-specific scenarios for Claude-3.7 and web search functionality.
* Enhanced error handling for missing user IDs and large parameter sets.
* Validated parameter logic, including default values, boundary conditions, and type handling for numeric and array parameters.
* Ensured proper exclusion of system options from model options and maintained expected behavior across different model variations.
* feat: added support for custom JINA_API_URL
* fixed tests
* chore: Update @librechat/agents dependency to version 2.4.77 in package-lock.json and package.json files
* fix: Update Jina API URL to use environment variable in configuration files
* Refactor AppService, web.ts, and config.ts to replace hardcoded Jina API URL with an environment variable placeholder.
* Ensure consistency across tests and configuration for Jina API URL.
* chore: alphabetical order translation.json
* fix: alphabetical order
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* 🔧 fix: Enhance OpenID token handling with user ID for image path validation
* 🔧 fix: Change logger level to error for user info fetch failure and remove redundant info log in OpenID user lookup
* 🔧 refactor: Remove validateImageRequest from middleware exports and enhance validation logic in validateImageRequest.js
* Removed validateImageRequest from the middleware index.
* Improved error handling and validation checks in validateImageRequest.js, including handling of OpenID tokens, URL length, and malformed URLs.
* Updated tests in validateImages.spec.js to cover new validation scenarios and edge cases.
* 🪶 feat: Add Support for Uploading Plaintext Files
feat: delineate between OCR and text handling in fileConfig field of config file
- also adds support for passing in mimetypes as just plain file extensions
feat: add showLabel bool to support future synthetic component DynamicDropdownInput
feat: add new combination dropdown-input component in params panel to support file type token limits
refactor: move hovercard to side to align with other hovercards
chore: clean up autogenerated comments
feat: add delineation to file upload path between text and ocr configured filetypes
feat: add token limit checks during file upload
refactor: move textParsing out of ocrEnabled logic
refactor: clean up types for filetype config
refactor: finish decoupling DynamicDropdownInput from fileTokenLimits
fix: move image token cost function into file to fix circular dependency causing unittest to fail and remove unused var for linter
chore: remove out of scope code following review
refactor: make fileTokenLimit conform to existing styles
chore: remove unused localization string
chore: undo changes to DynamicInput and other strays
feat: add fileTokenLimit to all provider config panels
fix: move textParsing back into ocr tool_resource block for now so that it doesn't interfere with other upload types
* 📤 feat: Add RAG API Endpoint Support for Text Parsing (#8849)
* feat: implement RAG API integration for text parsing with fallback to native parsing
* chore: remove TODO now that placeholder and fllback are implemented
* ✈️ refactor: Migrate Text Parsing to TS (#8892)
* refactor: move generateShortLivedToken to packages/api
* refactor: move textParsing logic into packages/api
* refactor: reduce nesting and dry code with createTextFile
* fix: add proper source handling
* fix: mock new parseText and parseTextNative functions in jest file
* ci: add test coverage for textParser
* 💬 feat: Add Audio File Support to Upload as Text (#8893)
* feat: add STT support for Upload as Text
* refactor: move processAudioFile to packages/api
* refactor: move textParsing from utils to files
* fix: remove audio/mp3 from unsupported mimetypes test since it is now supported
* ✂️ feat: Configurable File Token Limits and Truncation (#8911)
* feat: add configurable fileTokenLimit default value
* fix: add stt to fileConfig merge logic
* fix: add fileTokenLimit to mergeFileConfig logic so configurable value is actually respected from yaml
* feat: add token limiting to parsed text files
* fix: add extraction logic and update tests so fileTokenLimit isnt sent to LLM providers
* fix: address comments
* refactor: rename textTokenLimiter.ts to text.ts
* chore: update form-data package to address CVE-2025-7783 and update package-lock
* feat: use default supported mime types for ocr on frontend file validation
* fix: should be using logger.debug not console.debug
* fix: mock existsSync in text.spec.ts
* fix: mock logger rather than every one of its function calls
* fix: reorganize imports and streamline file upload processing logic
* refactor: update createTextFile function to use destructured parameters and improve readability
* chore: update file validation to use EToolResources for improved type safety
* chore: update import path for types in audio processing module
* fix: update file configuration access and replace console.debug with logger.debug for improved logging
---------
Co-authored-by: Dustin Healy <dustinhealy1@gmail.com>
Co-authored-by: Dustin Healy <54083382+dustinhealy@users.noreply.github.com>
* WIP: app.locals refactoring
WIP: appConfig
fix: update memory configuration retrieval to use getAppConfig based on user role
fix: update comment for AppConfig interface to clarify purpose
🏷️ refactor: Update tests to use getAppConfig for endpoint configurations
ci: Update AppService tests to initialize app config instead of app.locals
ci: Integrate getAppConfig into remaining tests
refactor: Update multer storage destination to use promise-based getAppConfig and improve error handling in tests
refactor: Rename initializeAppConfig to setAppConfig and update related tests
ci: Mock getAppConfig in various tests to provide default configurations
refactor: Update convertMCPToolsToPlugins to use mcpManager for server configuration and adjust related tests
chore: rename `Config/getAppConfig` -> `Config/app`
fix: streamline OpenAI image tools configuration by removing direct appConfig dependency and using function parameters
chore: correct parameter documentation for imageOutputType in ToolService.js
refactor: remove `getCustomConfig` dependency in config route
refactor: update domain validation to use appConfig for allowed domains
refactor: use appConfig registration property
chore: remove app parameter from AppService invocation
refactor: update AppConfig interface to correct registration and turnstile configurations
refactor: remove getCustomConfig dependency and use getAppConfig in PluginController, multer, and MCP services
refactor: replace getCustomConfig with getAppConfig in STTService, TTSService, and related files
refactor: replace getCustomConfig with getAppConfig in Conversation and Message models, update tempChatRetention functions to use AppConfig type
refactor: update getAppConfig calls in Conversation and Message models to include user role for temporary chat expiration
ci: update related tests
refactor: update getAppConfig call in getCustomConfigSpeech to include user role
fix: update appConfig usage to access allowedDomains from actions instead of registration
refactor: enhance AppConfig to include fileStrategies and update related file strategy logic
refactor: update imports to use normalizeEndpointName from @librechat/api and remove redundant definitions
chore: remove deprecated unused RunManager
refactor: get balance config primarily from appConfig
refactor: remove customConfig dependency for appConfig and streamline loadConfigModels logic
refactor: remove getCustomConfig usage and use app config in file citations
refactor: consolidate endpoint loading logic into loadEndpoints function
refactor: update appConfig access to use endpoints structure across various services
refactor: implement custom endpoints configuration and streamline endpoint loading logic
refactor: update getAppConfig call to include user role parameter
refactor: streamline endpoint configuration and enhance appConfig usage across services
refactor: replace getMCPAuthMap with getUserMCPAuthMap and remove unused getCustomConfig file
refactor: add type annotation for loadedEndpoints in loadEndpoints function
refactor: move /services/Files/images/parse to TS API
chore: add missing FILE_CITATIONS permission to IRole interface
refactor: restructure toolkits to TS API
refactor: separate manifest logic into its own module
refactor: consolidate tool loading logic into a new tools module for startup logic
refactor: move interface config logic to TS API
refactor: migrate checkEmailConfig to TypeScript and update imports
refactor: add FunctionTool interface and availableTools to AppConfig
refactor: decouple caching and DB operations from AppService, make part of consolidated `getAppConfig`
WIP: fix tests
* fix: rebase conflicts
* refactor: remove app.locals references
* refactor: replace getBalanceConfig with getAppConfig in various strategies and middleware
* refactor: replace appConfig?.balance with getBalanceConfig in various controllers and clients
* test: add balance configuration to titleConvo method in AgentClient tests
* chore: remove unused `openai-chat-tokens` package
* chore: remove unused imports in initializeMCPs.js
* refactor: update balance configuration to use getAppConfig instead of getBalanceConfig
* refactor: integrate configMiddleware for centralized configuration handling
* refactor: optimize email domain validation by removing unnecessary async calls
* refactor: simplify multer storage configuration by removing async calls
* refactor: reorder imports for better readability in user.js
* refactor: replace getAppConfig calls with req.config for improved performance
* chore: replace getAppConfig calls with req.config in tests for centralized configuration handling
* chore: remove unused override config
* refactor: add configMiddleware to endpoint route and replace getAppConfig with req.config
* chore: remove customConfig parameter from TTSService constructor
* refactor: pass appConfig from request to processFileCitations for improved configuration handling
* refactor: remove configMiddleware from endpoint route and retrieve appConfig directly in getEndpointsConfig if not in `req.config`
* test: add mockAppConfig to processFileCitations tests for improved configuration handling
* fix: pass req.config to hasCustomUserVars and call without await after synchronous refactor
* fix: type safety in useExportConversation
* refactor: retrieve appConfig using getAppConfig in PluginController and remove configMiddleware from plugins route, to avoid always retrieving when plugins are cached
* chore: change `MongoUser` typedef to `IUser`
* fix: Add `user` and `config` fields to ServerRequest and update JSDoc type annotations from Express.Request to ServerRequest
* fix: remove unused setAppConfig mock from Server configuration tests
* refactor: Resource Migration Scripts for DocumentDB compatibility
* fix: Correct type annotation for `db` parameter in ensureCollectionExists function
* fix: available tools retrieval with correct mcp caching and conversion
* test: Enhance PluginController tests with MCP tool mocking and conversion
* refactor: Simplify PluginController tests by removing unused mocks and enhancing test clarity
* feat: Add directEndpoint option to OpenAIConfigOptions and update fetch logic to override /chat/completions URL
* feat: Add directEndpoint support to fetchModels and update loadConfigModels logic
* 📦 chore: Bump `@librechat/api` to v1.3.3
* 📦 chore: Bump `librechat-data-provider` to v0.8.003
* 📦 chore: Bump `@librechat/data-schemas` to v0.0.18
* 📦 chore: Bump `@librechat/client` to v0.2.6
* 📦 chore: Update workflow name for `librechat-data-provider` and add manual dispatch
* 📦 chore: Update Node.js version to 20 in data provider workflow
* feat: Add conversation ID support to custom endpoint headers
- Add LIBRECHAT_CONVERSATION_ID to customUserVars when provided
- Pass conversation ID to header resolution for dynamic headers
- Add comprehensive test coverage
Enables custom endpoints to access conversation context using {{LIBRECHAT_CONVERSATION_ID}} placeholder.
* fix: filter out unresolved placeholders from headers (thanks @MrunmayS)
* feat: add support for request body placeholders in custom endpoint headers
- Add {{LIBRECHAT_BODY_*}} placeholders for conversationId, parentMessageId, messageId
- Update tests to reflect new body placeholder functionality
* refactor resolveHeaders
* style: minor styling cleanup
* fix: type error in unit test
* feat: add body to other endpoints
* feat: add body for mcp tool calls
* chore: remove changes that unnecessarily increase scope after clarification of requirements
* refactor: move http.ts to packages/api and have RequestBody intersect with Express request body
* refactor: processMCPEnv now uses single object argument pattern
* refactor: update processMCPEnv to use 'options' parameter and align types across MCP connection classes
* feat: enhance MCP connection handling with dynamic request headers to pass request body fields
---------
Co-authored-by: Gopal Sharma <gopalsharma@gopal.sharma1>
Co-authored-by: s10gopal <36487439+s10gopal@users.noreply.github.com>
Co-authored-by: Dustin Healy <dustinhealy1@gmail.com>
* refactor: `packages/api` build scripts for better inline debugging
* refactor: Explicitly select secure fields as no longer returned by default, exclude backupCodes from user data retrieval in authentication and 2FA processes
* refactor: Backup Codes UI to not expect backup codes, only regeneration
* refactor: Ensure secure fields are deleted from user data in getUserController
- Deleted setBalanceConfig middleware and its associated file.
- Introduced createSetBalanceConfig factory function to create middleware for synchronizing user balance settings.
- Updated auth and oauth routes to use the new balance configuration middleware.
- Added comprehensive tests for the new balance middleware functionality.
- Updated package versions and dependencies in package.json and package-lock.json.
- Added balance types and updated middleware index to export new balance middleware.
* chore: fix mock typing in packages/api tests
* chore: improve imports, type handling and method signatures for MCPServersRegistry
* chore: use enum in migration scripts
* chore: ParsedServerConfig type to enhance server configuration handling
* feat: Implement agent permissions migration check and logging
* feat: Integrate migration checks into server initialization process
* feat: Add prompt permissions migration check and logging to server initialization
* chore: move prompt formatting functions to dedicated prompts dir
feat: Refactor prompt and prompt group schemas; move types to separate file
feat: Implement paginated access to prompt groups with filtering and public visibility
refactor: Add PromptGroups context provider and integrate it into relevant components
refactor: Optimize filter change handling and query invalidation in usePromptGroupsNav hook
refactor: Simplify context usage in FilterPrompts and GroupSidePanel components
bugfix: Enhance Agent and AgentCategory schemas with new fields for category, support contact, and promotion status
refactored and moved agent category methods and schema to data-schema package
🔧 fix: Merge and Rebase Conflicts
- Move AgentCategory from api/models to @packages/data-schemas structure
- Add schema, types, methods, and model following codebase conventions
- Implement auto-seeding of default categories during AppService startup
- Update marketplace controller to use new data-schemas methods
- Remove old model file and standalone seed script
refactor: unify agent marketplace to single endpoint with cursor pagination
- Replace multiple marketplace routes with unified /marketplace endpoint
- Add query string controls: category, search, limit, cursor, promoted, requiredPermission
- Implement cursor-based pagination replacing page-based system
- Integrate ACL permissions for proper access control
- Fix ObjectId constructor error in Agent model
- Update React components to use unified useGetMarketplaceAgentsQuery hook
- Enhance type safety and remove deprecated useDynamicAgentQuery
- Update tests for new marketplace architecture
-Known issues:
see more button after category switching + Unit tests
feat: add icon property to ProcessedAgentCategory interface
- Add useMarketplaceAgentsInfiniteQuery and useGetAgentCategoriesQuery to client/src/data-provider/Agents/
- Replace manual pagination in AgentGrid with infinite query pattern
- Update imports to use local data provider instead of librechat-data-provider
- Add proper permission handling with PERMISSION_BITS.VIEW/EDIT constants
- Improve agent access control by adding requiredPermission validation in backend
- Remove manual cursor/state management in favor of infinite query built-ins
- Maintain existing search and category filtering functionality
refactor: consolidate agent marketplace endpoints into main agents API and improve data management consistency
- Remove dedicated marketplace controller and routes, merging functionality into main agents v1 API
- Add countPromotedAgents function to Agent model for promoted agents count
- Enhance getListAgents handler with marketplace filtering (category, search, promoted status)
- Move getAgentCategories from marketplace to v1 controller with same functionality
- Update agent mutations to invalidate marketplace queries and handle multiple permission levels
- Improve cache management by updating all agent query variants (VIEW/EDIT permissions)
- Consolidate agent data access patterns for better maintainability and consistency
- Remove duplicate marketplace route definitions and middleware
selected view only agents injected in the drop down
fix: remove minlength validation for support contact name in agent schema
feat: add validation and error messages for agent name in AgentConfig and AgentPanel
fix: update agent permission check logic in AgentPanel to simplify condition
Fix linting WIP
Fix Unit tests WIP
ESLint fixes
eslint fix
refactor: enhance isDuplicateVersion function in Agent model for improved comparison logic
- Introduced handling for undefined/null values in array and object comparisons.
- Normalized array comparisons to treat undefined/null as empty arrays.
- Added deep comparison for objects and improved handling of primitive values.
- Enhanced projectIds comparison to ensure consistent MongoDB ObjectId handling.
refactor: remove redundant properties from IAgent interface in agent schema
chore: update localization for agent detail component and clean up imports
ci: update access middleware tests
chore: remove unused PermissionTypes import from Role model
ci: update AclEntry model tests
ci: update button accessibility labels in AgentDetail tests
refactor: update exhaustive dep. lint warning
🔧 fix: Fixed agent actions access
feat: Add role-level permissions for agent sharing people picker
- Add PEOPLE_PICKER permission type with VIEW_USERS and VIEW_GROUPS permissions
- Create custom middleware for query-aware permission validation
- Implement permission-based type filtering in PeoplePicker component
- Hide people picker UI when user lacks permissions, show only public toggle
- Support granular access: users-only, groups-only, or mixed search modes
refactor: Replace marketplace interface config with permission-based system
- Add MARKETPLACE permission type to handle marketplace access control
- Update interface configuration to use role-based marketplace settings (admin/user)
- Replace direct marketplace boolean config with permission-based checks
- Modify frontend components to use marketplace permissions instead of interface config
- Update agent query hooks to use marketplace permissions for determining permission levels
- Add marketplace configuration structure similar to peoplePicker in YAML config
- Backend now sets MARKETPLACE permissions based on interface configuration
- When marketplace enabled: users get agents with EDIT permissions in dropdown lists (builder mode)
- When marketplace disabled: users get agents with VIEW permissions in dropdown lists (browse mode)
🔧 fix: Redirect to New Chat if No Marketplace Access and Required Agent Name Placeholder (#8213)
* Fix: Fix the redirect to new chat page if access to marketplace is denied
* Fixed the required agent name placeholder
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
chore: fix tests, remove unnecessary imports
refactor: Implement permission checks for file access via agents
- Updated `hasAccessToFilesViaAgent` to utilize permission checks for VIEW and EDIT access.
- Replaced project-based access validation with permission-based checks.
- Enhanced tests to cover new permission logic and ensure proper access control for files associated with agents.
- Cleaned up imports and initialized models in test files for consistency.
refactor: Enhance test setup and cleanup for file access control
- Introduced modelsToCleanup array to track models added during tests for proper cleanup.
- Updated afterAll hooks in test files to ensure all collections are cleared and only added models are deleted.
- Improved consistency in model initialization across test files.
- Added comments for clarity on cleanup processes and test data management.
chore: Update Jest configuration and test setup for improved timeout handling
- Added a global test timeout of 30 seconds in jest.config.js.
- Configured jest.setTimeout in jestSetup.js to allow individual test overrides if needed.
- Enhanced test reliability by ensuring consistent timeout settings across all tests.
refactor: Implement file access filtering based on agent permissions
- Introduced `filterFilesByAgentAccess` function to filter files based on user access through agents.
- Updated `getFiles` and `primeFiles` functions to utilize the new filtering logic.
- Moved `hasAccessToFilesViaAgent` function from the File model to permission services, adjusting imports accordingly
- Enhanced tests to ensure proper access control and filtering behavior for files associated with agents.
fix: make support_contact field a nested object rather than a sub-document
refactor: Update support_contact field initialization in agent model
- Removed handling for empty support_contact object in createAgent function.
- Changed default value of support_contact in agent schema to undefined.
test: Add comprehensive tests for support_contact field handling and versioning
refactor: remove unused avatar upload mutation field and add informational toast for success
chore: add missing SidePanelProvider for AgentMarketplace and organize imports
fix: resolve agent selection race condition in marketplace HandleStartChat
- Set agent in localStorage before newConversation to prevent useSelectorEffects from auto-selecting previous agent
fix: resolve agent dropdown showing raw ID instead of agent info from URL
- Add proactive agent fetching when agent_id is present in URL parameters
- Inject fetched agent into agents cache so dropdowns display proper name/avatar
- Use useAgentsMap dependency to ensure proper cache initialization timing
- Prevents raw agent IDs from showing in UI when visiting shared agent links
Fix: Agents endpoint renamed to "My Agent" for less confusion with the Marketplace agents.
chore: fix ESLint issues and Test Mocks
ci: update permissions structure in loadDefaultInterface tests
- Refactored permissions for MEMORY and added new permissions for MARKETPLACE and PEOPLE_PICKER.
- Ensured consistent structure for permissions across different types.
feat: support_contact validation to allow empty email strings
* chore: Remove eslint-plugin-perfectionist from dependencies
* 🚌 fix: MCP Runtime Errors while Initializing
* chore: Bump @librechat/api version to 1.3.1
* chore: import order
* chore: import order
* fix: social login provider crossover
* feat: Enhance OpenID login handling and add tests for provider validation
* refactor: authentication error handling to use ErrorTypes.AUTH_FAILED enum
* refactor: update authentication error handling in LDAP and SAML strategies to use ErrorTypes.AUTH_FAILED enum
* ci: Add validation for login with existing email and different provider in SAML strategy
chore: Add logging for existing users with different providers in LDAP, SAML, and Social Login strategies
* fix: localization string had unused template var
* fix: add normalizeHttpError to hopefully stop UI hangs when an error is returned in UserController
- Ensures updateUserPluginsController always returns valid HTTP status codes instead of undefined
- Add normalizeHttpError() helper to safely extract status/message from errors
- Default to 400 status code when Error.status is undefined/invalid
* refactor: move normalizeHttpError to packages/api
* WIP: Verbosity OpenAI Parameter
* 🔧 chore: remove unused import of extractEnvVariable from parsers.ts
* ✨ feat: add comprehensive tests for getOpenAIConfig and enhance verbosity handling
* fix: Handling for maxTokens in GPT-5+ models and add corresponding tests
* feat: Implement GPT-5+ model handling in processMemory function
