* feat: Add granular role-based permissions system with Entra ID integration
- Implement RBAC with viewer/editor/owner roles using bitwise permissions
- Add AccessRole, AclEntry, and Group models for permission management
- Create PermissionService for core permission logic and validation
- Integrate Microsoft Graph API for Entra ID user/group search
- Add middleware for resource access validation with custom ID resolvers
- Implement bulk permission updates with transaction support
- Create permission management UI with people picker and role selection
- Add public sharing capabilities for resources
- Include database migration for existing agent ownership
- Support hybrid local/Entra ID identity management
- Add comprehensive test coverage for all new services
chore: Update @librechat/data-schemas to version 0.0.9 and export common module in index.ts
fix: Update userGroup tests to mock logger correctly and change principalId expectation from null to undefined
* fix(data-schemas): use partial index for group idOnTheSource uniqueness
Replace sparse index with partial filter expression to allow multiple local groups
while maintaining unique constraint for external source IDs. The sparse option
on compound indexes doesn't work as expected when one field is always present.
* fix: imports in migrate-agent-permissions.js
* chore(data-schemas): add comprehensive README for data schemas package
- Introduced a detailed README.md file outlining the structure, architecture patterns, and best practices for the LibreChat Data Schemas package.
- Included guidelines for creating new entities, type definitions, schema files, model factory functions, and database methods.
- Added examples and common patterns to enhance understanding and usage of the package.
* chore: remove unused translation keys from localization file
* ci: fix existing tests based off new permission handling
- Renamed test cases to reflect changes in permission checks being handled at the route level.
- Updated assertions to verify that agents are returned regardless of user permissions due to the new permission system.
- Adjusted mocks in AppService and PermissionService tests to ensure proper functionality without relying on actual implementations.
* ci: add unit tests for access control middleware
- Introduced tests for the `canAccessAgentResource` middleware to validate permission checks for agent resources.
- Implemented tests for various scenarios including user roles, ACL entries, and permission levels.
- Added tests for the `checkAccess` function to ensure proper permission handling based on user roles and permissions.
- Utilized MongoDB in-memory server for isolated test environments.
* refactor: remove unused mocks from GraphApiService tests
* ci: enhance AgentFooter tests with improved mocks and permission handling
- Updated mocks for `useWatch`, `useAuthContext`, `useHasAccess`, and `useResourcePermissions` to streamline test setup.
- Adjusted assertions to reflect changes in UI based on agent ID and user roles.
- Replaced `share-agent` component with `grant-access-dialog` in tests to align with recent UI updates.
- Added tests for handling null agent data and permissions loading scenarios.
* ci: enhance GraphApiService tests with MongoDB in-memory server
- Updated test setup to use MongoDB in-memory server for isolated testing.
- Refactored beforeEach to beforeAll for database connection management.
- Cleared database before each test to ensure a clean state.
- Retained existing mocks while improving test structure for better clarity.
* ci: enhance GraphApiService tests with additional logger mocks
- Added mock implementation for logger methods in GraphApiService tests to improve error and debug logging during test execution.
- Ensured existing mocks remain intact while enhancing test coverage and clarity.
* chore: address ESLint Warnings
* - add cursor-based pagination to getListAgentsByAccess and update handler
- add index on updatedAt and _id in agent schema for improved query performance
* refactor permission service with reuse of model methods from data-schema package
* - Fix ObjectId comparison in getListAgentsHandler using .equals() method instead of strict equality
- Add findPubliclyAccessibleResources function to PermissionService for bulk public resource queries
- Add hasPublicPermission function to PermissionService for individual resource public permission checks
- Update getAgentHandler to use hasPublicPermission for accurate individual agent public status
- Replace instanceProjectId-based global checks with isPublic property from backend in client code
- Add isPublic property to Agent type definition
- Add NODE_TLS_REJECT_UNAUTHORIZED debug setting to VS Code launch config
* feat: add check for People.Read scope in searchContacts
* fix: add roleId parameter to grantPermission and update tests for GraphApiService
* refactor: remove problematic projection pipelines in getResourcePermissions for document db aws compatibility
* feat: enhance agent permissions migration with DocumentDB compatibility and add dry-run script
* feat: add support for including Entra ID group owners as members in permissions management + fix Group members paging
* feat: enforce at least one owner requirement for permission updates and add corresponding localization messages
* refactor: remove German locale (must be added via i18n)
* chore: linting in `api/models/Agent.js` and removed unused variables
* chore: linting, remove unused vars, and remove project-related parameters from `updateAgentHandler`
* chore: address ESLint errors
* chore: revert removal of unused vars for versioning
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
* chore: Update import for isEnabled utility in convoAccess middleware
* refactor: Migrate Share functionality to new methods structure in `@librechat/data-schemas`
- Deleted the old Share.js model and moved its functionality to a new share.ts file within the data-schemas package.
- Updated imports across the codebase to reflect the new structure.
- Enhanced error handling and logging in shared link operations.
- Introduced TypeScript types for shared links and related operations to improve type safety and maintainability.
* chore: Update promptGroupSchema validation with typing
* fix: error handling and logging in createSharedLink
* fix: don't allow empty shared link or shared link without messages
* ci: add tests for shared link methods
* chore: Bump version of @librechat/data-schemas to 0.0.9 in package.json and package-lock.json
* chore: Add nanoid as peer dependency
- Introduced `nanoid` as a dependency in `package.json` and `package-lock.json`.
- Replaced UUID generation with `nanoid` for creating unique conversation and message IDs in share methods tests.
* fix: apply mongoMeili when models are created to use main runtime mongoose
* chore: update @librechat/data-schemas version to 0.0.8
* refactor: remove unused useDebounceCodeBlock
* fix: ensure setter function is stable and handle numeric conversion in useDebouncedInput
* refactor: replace useCallback with useMemo for stable debounced function in useDebouncedInput
* refactor: move model definitions and database-related methods to packages/data-schemas
* ci: update tests due to new DB structure
fix: disable mocking `librechat-data-provider`
feat: Add schema exports to data-schemas package
- Introduced a new schema module that exports various schemas including action, agent, and user schemas.
- Updated index.ts to include the new schema exports for better modularity and organization.
ci: fix appleStrategy tests
fix: Agent.spec.js
ci: refactor handleTools tests to use MongoMemoryServer for in-memory database
fix: getLogStores imports
ci: update banViolation tests to use MongoMemoryServer and improve session mocking
test: refactor samlStrategy tests to improve mock configurations and user handling
ci: fix crypto mock in handleText tests for improved accuracy
ci: refactor spendTokens tests to improve model imports and setup
ci: refactor Message model tests to use MongoMemoryServer and improve database interactions
* refactor: streamline IMessage interface and move feedback properties to types/message.ts
* refactor: use exported initializeRoles from `data-schemas`, remove api workspace version (this serves as an example of future migrations that still need to happen)
* refactor: update model imports to use destructuring from `~/db/models` for consistency and clarity
* refactor: remove unused mongoose imports from model files for cleaner code
* refactor: remove unused mongoose imports from Share, Prompt, and Transaction model files for cleaner code
* refactor: remove unused import in Transaction model for cleaner code
* ci: update deploy workflow to reference new Docker Dev Branch Images Build and add new workflow for building Docker images on dev branch
* chore: cleanup imports
* ✨ v0.7.8
* chore: bump data-provider to v0.7.82
* chore: update CONFIG_VERSION to 1.2.5
* chore: bump librechat-mcp version to 1.2.2
* chore: bump @librechat/data-schemas version to 0.0.7
* chore: update @librechat/agents dependency to version 2.4.15
* refactor: Prevent memory leaks by nullifying boundModel.client in disposeClient function
* fix: use of proxy, use undici
* chore: update @librechat/agents dependency to version 2.4.16
* Revert "fix: use of proxy, use undici"
This reverts commit 83153cd582.
* fix: ensure fetch is imported for HTTP requests
* fix: replace direct OpenAI import with CustomOpenAIClient from @librechat/agents
* fix: update keyv peer dependency to version 5.3.2
* fix: update keyv dependency to version 5.3.2
* refactor: replace KeyvMongo with custom implementation and update flow state manager usage
* fix: update @librechat/agents dependency to version 2.4.17
* ci: update OpenAIClient tests to use CustomOpenAIClient from @librechat/agents
* refactor: remove KeyvMongo mock and related dependencies
* 🏗️ feat: Add Group model and schema with GroupType enum
* 🏗️ feat: Introduce Permissions module and refactor role-based access control
* 🏗️ feat: Refactor permissions handling and consolidate permission schemas
* 🏗️ feat: Refactor role permissions handling and improve role initialization logic
* 🏗️ feat: Update Role.spec.js to improve imports and enhance test structure
* 🏗️ feat: Update access control logic to ensure proper permission checks in role handling
* 🏗️ chore: Bump versions for librechat-data-provider to 0.7.75 and @librechat/data-schemas to 0.0.6
* 🏗️ feat: Improve role permissions handling by ensuring defaults are applied correctly
* 🏗️ feat: Update role permissions schema to comment out unused SHARE permission
* 🏗️ chore: Bump version of librechat-data-provider to 0.7.77 and remove unused groups field from IUser interface
* 🏗️ chore: Downgrade version of librechat-data-provider to 0.7.76
* 🔧 chore: Bump versions for librechat-data-provider to 0.7.77 and data-schemas to 0.0.6
* 🏗️ chore: Update version of librechat-data-provider to 0.7.789
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* 🚀 feat: Add automatic refill settings to balance schema
* 🚀 feat: Refactor balance feature to use global interface configuration
* 🚀 feat: Implement auto-refill functionality for balance management
* 🚀 feat: Enhance auto-refill logic and configuration for balance management
* 🚀 chore: Bump version to 0.7.74 in package.json and package-lock.json
* 🚀 chore: Bump version to 0.0.5 in package.json and package-lock.json
* 🚀 docs: Update comment for balance settings in librechat.example.yaml
* chore: space in `.env.example`
* 🚀 feat: Implement balance configuration loading and refactor related components
* 🚀 test: Refactor tests to use custom config for balance feature
* 🚀 fix: Update balance response handling in Transaction.js to use Balance model
* 🚀 test: Update AppService tests to include balance configuration in mock setup
* 🚀 test: Enhance AppService tests with complete balance configuration scenarios
* 🚀 refactor: Rename balanceConfig to balance and update related tests for clarity
* 🚀 refactor: Remove loadDefaultBalance and update balance handling in AppService
* 🚀 test: Update AppService tests to reflect new balance structure and defaults
* 🚀 test: Mock getCustomConfig in BaseClient tests to control balance configuration
* 🚀 test: Add get method to mockCache in OpenAIClient tests for improved cache handling
* 🚀 test: Mock getCustomConfig in OpenAIClient tests to control balance configuration
* 🚀 test: Remove mock for getCustomConfig in OpenAIClient tests to streamline configuration handling
* 🚀 fix: Update balance configuration reference in config.js for consistency
* refactor: Add getBalanceConfig function to retrieve balance configuration
* chore: Comment out example balance settings in librechat.example.yaml
* refactor: Replace getCustomConfig with getBalanceConfig for balance handling
* fix: tests
* refactor: Replace getBalanceConfig call with balance from request locals
* refactor: Update balance handling to use environment variables for configuration
* refactor: Replace getBalanceConfig calls with balance from request locals
* refactor: Simplify balance configuration logic in getBalanceConfig
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* wip: first pass, dropdown for selecting sequential agents
* refactor: Improve agent selection logic and enhance performance in SequentialAgents component
* wip: seq. agents working ideas
* wip: sequential agents style change
* refactor: move agent form options/submission outside of AgentConfig
* refactor: prevent repeating code
* refactor: simplify current agent display in SequentialAgents component
* feat: persist form value handling in AgentSelect component for agent_ids
* feat: first pass, sequential agnets agent update
* feat: enhance message display with agent updates and empty text handling
* chore: update Icon component to use EModelEndpoint for agent endpoints
* feat: update content type checks in BaseClient to use constants for better readability
* feat: adjust max context tokens calculation to use 90% of the model's max tokens
* feat: first pass, agent run message pruning
* chore: increase max listeners for abort controller to prevent memory leaks
* feat: enhance runAgent function to include current index count map for improved token tracking
* chore: update @librechat/agents dependency to version 2.2.5
* feat: update icons and style of SequentialAgents component for improved UI consistency
* feat: add AdvancedButton and AdvancedPanel components for enhanced agent settings navigation, update styling for agent form
* chore: adjust minimum height of AdvancedPanel component for better layout consistency
* chore: update @librechat/agents dependency to version 2.2.6
* feat: enhance message formatting by incorporating tool set into agent message processing, in order to allow better mix/matching of agents (as tool calls for tools not found in set will be stringified)
* refactor: reorder components in AgentConfig for improved readability and maintainability
* refactor: enhance layout of AgentUpdate component for improved visual structure
* feat: add DeepSeek provider to Bedrock settings and schemas
* feat: enhance link styling in mobile.css for better visibility and accessibility
* fix: update banner model import in update banner script; export Banner model
* refactor: `duplicateAgentHandler` to include tool_resources only for OCR context files
* feat: add 'qwen-vl' to visionModels for enhanced model support
* fix: change image format from JPEG to PNG in DALLE3 response
* feat: reorganize Advanced components and add localizations
* refactor: simplify JSX structure in AgentChain component to defer container styling to parent
* feat: add FormInput component for reusable input handling
* feat: make agent recursion limit configurable from builder
* feat: add support for agent capabilities chain in AdvancedPanel and update data-provider version
* feat: add maxRecursionLimit configuration for agents and update related documentation
* fix: update CONFIG_VERSION to 1.2.3 in data provider configuration
* feat: replace recursion limit input with MaxAgentSteps component and enhance input handling
* feat: enhance AgentChain component with hover card for additional information and update related labels
* fix: pass request and response objects to `createActionTool` when using assistant actions to prevent auth error
* feat: update AgentChain component layout to include agent count display
* feat: increase default max listeners and implement capability check function for agent chain
* fix: update link styles in mobile.css for better visibility in dark mode
* chore: temp. remove agents package while bumping shared packages
* chore: update @langchain/google-genai package to version 0.1.11
* chore: update @langchain/google-vertexai package to version 0.2.2
* chore: add @librechat/agents package at version 2.2.8
* feat: add deepseek.r1 model with token rate and context values for bedrock
* 🌟 feat: Implement Two-Factor Authentication (2FA) functionality
* fix: Two-Factor Authentication Logic and State Management
* 🌟 feat: Add LICENSE file and update package version to 0.0.2 with MIT license
