* fix: change google multimodal attachments to use type: 'media'
* chore: Update @librechat/agents to version 3.0.27 in package.json and package-lock.json
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* Added a new `isIP` function for validating IP addresses in both Node.js and browser environments, replacing the previous reliance on the Node.js `net` module.
* Updated domain extraction and validation logic to utilize the new `isIP` function, ensuring consistent IP validation across the application.
* Enhanced handling of IPv4 and IPv6 addresses, including proper formatting for URLs.
* 🔒 feat: Enhance SSRF Protection with Comprehensive IP and Domain Validation
* Added extensive tests for validating IP addresses and domains to prevent SSRF attacks, including checks for internal, private, and link-local addresses.
* Improved domain validation logic to handle various edge cases, ensuring only legitimate requests are processed.
* Implemented security measures against common cloud provider metadata access and internal service exploitation.
* Updated existing tests to reflect changes in validation logic and ensure robust security coverage.
* chore: cleanup comments
* 🔒 feat: Improve Domain Validation Logic for Enhanced Security
* Added logic to extract and normalize hostnames from client-provided domains, including handling of URLs and IP addresses.
* Implemented checks using Node.js's net module to validate IP addresses, ensuring robust domain validation.
* Updated existing validation conditions to enhance security against potential SSRF attacks.
* feat: Additional Protocol Checks and IPv6 Support
* Added tests to reject unsupported protocols (FTP, WebSocket, file) in client domains to strengthen SSRF protection.
* Improved domain extraction logic to preserve brackets for IPv6 addresses, ensuring correct URL formatting.
* Updated validation logic to handle various edge cases for client-provided domains, enhancing overall security.
* feat: Expand Domain Validation Tests for Enhanced SSRF Protection
* Added comprehensive tests for handling various URL formats, including IPv6 addresses, authentication credentials, and special characters in paths.
* Implemented additional validation scenarios for client domains, covering edge cases such as malformed URLs, empty strings, and unsupported protocols.
* Enhanced handling of internationalized domain names and localhost variations to ensure robust domain extraction and validation.
* chore: Add experimental backend server for multi-pod simulation
* Introduced a new backend script (`experimental.js`) to manage a clustered server environment with Redis cache flushing on startup.
* Updated `package.json` to include a new script command for the experimental backend.
* This setup aims to enhance scalability and performance for production environments.
* refactor: Remove server disconnection handling logic from useMCPServerManager
TooltipAnchor was automatically adding an `aria-describedby`
tag which often duplicated the labeling already present inside
of the anchor. E.g., the screen reader might say
"New Chat, New Chat, button" instead of just "New Chat, button."
I've removed the TooltipAnchor's automatic `aria-describedby` and
worked to make sure that anyone using TooltipAnchor properly defines
its labeling.
* feat: Add support for model in token configurations and tests
* chore: Update @librechat/agents to version 3.0.26 in package.json and package-lock.json
* 🔧 fix: Enhance error handling for agents system in uncaughtException logger
* Added specific logging for errors originating from the agents system to improve debugging and maintain application stability.
* 📦 chore: Update dependencies for `@librechat/agents` and related packages to v3.0.25 and improve version consistency across modules
* 🔧 fix: Handle errors when fetching server tools and log missing tools in MCP tools controller, to prevent all MCP tools from not getting listed
* 🔧 fix: Remove trailing colons from error messages in MCPConnection class
* chore: Update test command patterns in package.json for cache integration tests
* Refactored `openFileDialog` to use `useCallback` for better performance.
* Introduced `handleSelectFileClick` to manage file selection click events, enhancing user interaction.
* ✨ feat: Enhance agent avatar management with upload and reset functionality
* ✨ feat: Refactor AvatarMenu to use DropdownPopup for improved UI and functionality
* ✨ feat: Improve avatar upload handling in AgentPanel to suppress misleading "no changes" toast
* ✨ feat: Refactor toast message handling and payload composition in AgentPanel for improved clarity and functionality
* ✨ feat: Enhance agent avatar functionality with upload, reset, and validation improvements
* ✨ feat: Refactor agent avatar upload handling and enhance related components for improved functionality and user experience
* feat(agents): tighten ACL, harden GETs/search, and sanitize action metadata
stop persisting refreshed S3 URLs on GET; compute per-response only
enforce ACL EDIT on revert route; remove legacy admin/author/collab checks
sanitize action metadata before persisting during duplication (api_key, oauth_client_id, oauth_client_secret)
escape user search input, cap length (100), and use Set for public flag mapping
add explicit req.file guard in avatar upload; fix empty catch lint; remove unused imports
* feat: Remove outdated avatar-related translation keys
* feat: Improve error logging for avatar updates and streamline file input handling
* feat(agents): implement caching for S3 avatar refresh in agent list responses
* fix: replace unconventional 'void e' with explicit comment to clarify intentionally ignored error
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* feat(agents): enhance avatar handling and improve search functionality
* fix: clarify intentionally ignored error in agent list handler
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* chore: update @librechat/agents dependency to version 3.0.18
* refactor: add optional metadata field to message schema and types
* chore: update @librechat/agents to v3.0.19
* refactor: update return type of sendCompletion method to include metadata
* chore: linting
* chore: update @librechat/agents dependency to v3.0.20
* refactor: implement agent labeling for conversation history in multi-agent scenarios
* refactor: improve error handling for capturing agent ID map in AgentClient
* refactor: clear agentIdMap and related properties during client disposal to prevent memory leaks
* chore: update sendCompletion method for FakeClient to return an object with completion and metadata fields
* ✨ feat: Implement scanIterator method for Redis cluster client
This resolves the bug where `ServerConfigsCacheRedis#getAll` returns an empty object when a Redis Cluster (instead of a single node server is used)
* ✨ feat: Update cache integration tests for Redis cluster support
* chore: update js-yaml to v4.1.1
* chore: update eslint to v9.39.1 in package.json and package-lock.json
* chore: update prettier-eslint to v16.4.2 in package.json and package-lock.json
* chore: update @eslint/eslintrc to v3.3.1 in package.json and package-lock.json
* chore: update ts-jest to v29.4.5 in package.json and package-lock.json
* chore: update jest to version 30.2.0 across multiple packages and update related dependencies
* feat: Integrate logger for MessageIcon component
* feat: Enhance artifact sharing functionality with updated path checks and read-only state management
* feat: Refactor Thinking and Reasoning components for improved structure and styling
* feat: Enhance artifact sharing with context value management and responsive layout
* feat: Enhance ShareView with theme and language management features
* feat: Improve ThinkingButton accessibility and styling for better user interaction
* feat: Introduce isArtifactRoute utility for route validation in Artifact components
* feat: Add latest message text extraction in SharedView for improved message display
* feat: Update locale handling in SharedView for dynamic date formatting
* feat: Refactor ArtifactsContext and SharedView for improved context handling and styling adjustments
* feat: Enhance artifact panel size management with local storage integration
* chore: imports
* refactor: move ShareArtifactsContainer out of ShareView
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: Add Bedrock Cache Control Functionality
- fix: Update Bedrock Cache Control to Require cachePoint as a Separate Content Block
- Modified the addBedrockCacheControl function to ensure cachePoint is added as a separate content block in the content array, rather than as a property of text objects.
- refactor: move addBedrockCacheControl over to packages/api
- ci: add tests for addBedrockCacheControl until full coverage reached
* ci: add test similar to example from the langchain PR
* refactor: move addBedrockCacheControl logic and tests to agents repository
* chore: remove extraneous comment
* chore: update @librechat/agents dependency to version 3.0.12
* chore: update @librechat/agents dependency to version 3.0.13
* chore: update @librechat/agents dependency to version 3.0.14
* chore: update @librechat/agents to v3.0.15
* chore: update default value for prompt cache setting to true
* refactor: set default promptCache to true for claude and nova models
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: integrate Helicone AI gateway provider
- Add Helicone provider support with automatic model fetching
- Implement custom API logic for Helicone model registry endpoint
- Enable access to 75+ models from multiple AI providers through Helicone gateway
- Add Helicone to supported providers list in README
- Include Helicone configuration in example YAML
* docs: add Helicone to supported providers list
* fix comments
* fixed backgroundless helicone icon asset
* removed unecessesary changes
* replace svg helicone image instead of png
* feat: Add error handling for model refusal and update translations
* refactor: error handling in AgentClient to improve logging and cleanup process
* refactor: Update error message for response refusal to improve clarity
* ✨ feat: Enhance Artifact Management with Version Control and UI Improvements
✨ feat: Improve mobile layout and responsiveness in Artifacts component
✨ feat: Refactor imports and remove unnecessary props in Artifact components
✨ feat: Enhance Artifacts and SidePanel components with improved mobile responsiveness and layout transitions
feat: Enhance artifact panel animations and improve UI responsiveness
- Updated Thinking component button styles for smoother transitions.
- Implemented dynamic rendering for artifacts panel with animation effects.
- Refactored localization keys for consistency across multiple languages.
- Added new CSS animations for iOS-inspired smooth transitions.
- Improved Tailwind CSS configuration to support enhanced animation effects.
✨ feat: Add fullWidth and icon support to Radio component for enhanced flexibility
refactor: Remove unused PreviewProps import in ArtifactPreview component
refactor: Improve button class handling and blur effect constants in Artifact components
✨ feat: Refactor Artifacts component structure and add mobile/desktop variants for improved UI
chore: Bump @librechat/client version to 0.3.2
refactor: Update button styles and transition durations for improved UI responsiveness
refactor: revert back localization key
refactor: remove unused scaling and animation properties for cleaner CSS
refactor: remove unused animation properties for cleaner configuration
* ✨ refactor: Simplify className usage in ArtifactTabs, ArtifactsHeader, and SidePanelGroup components
* refactor: Remove cycleArtifact function from useArtifacts hook
* ✨ feat: Implement Chromium resize lag fix with performance optimizations and new ArtifactsPanel component
* ✨ feat: Update Badge component for responsive design and improve tap scaling behavior
* chore: Update react-resizable-panels dependency to version 3.0.6
* ✨ feat: Refactor Artifacts components for improved structure and performance; remove unused files and optimize styles
* ✨ style: Update text color for improved visibility in Artifacts component
* ✨ style: Remove text color class for improved Spinner styling in Artifacts component
* refactor: Split EditorContext into MutationContext and CodeContext to optimize re-renders; update related components to use new hooks
* refactor: Optimize debounced mutation handling in CodeEditor component using refs to maintain current values and reduce re-renders
* fix: Correct endpoint for message artifacts by changing URL segment from 'artifacts' to 'artifact'
* feat: Enhance useEditArtifact mutation with optimistic updates and rollback on error; improve type safety with context management
* fix: proper switch to preview as soon as artifact becomes enclosed
* refactor: Remove optimistic updates from useEditArtifact mutation to prevent errors; simplify onMutate logic
* test: Add comprehensive unit tests for useArtifacts hook to validate artifact handling, tab switching, and state management
* test: Enhance unit tests for useArtifacts hook to cover new conversation transitions and null message handling
---------
Co-authored-by: Marco Beretta <81851188+berry-13@users.noreply.github.com>
* 🔒 feat: Implement idempotency check for OAuth flow completion
- Added a check to prevent duplicate token exchanges if the OAuth flow has already been completed.
- Updated the OAuth callback route to redirect appropriately when a completed flow is detected.
- Refactored token storage logic to use original flow state credentials instead of updated ones.
- Enhanced tests to cover the new idempotency behavior and ensure correct handling of OAuth flow states.
* chore: add back scope for logging
* refactor: Add isFlowStale method to FlowStateManager for stale flow detection
- Implemented a new method to check if a flow is stale based on its age and status.
- Updated MCPConnectionFactory to utilize the isFlowStale method for cleaning up stale OAuth flows.
- Enhanced logging to provide more informative messages regarding flow status and age during cleanup.
* test: Add unit tests for isFlowStale method in FlowStateManager
- Implemented comprehensive tests for the isFlowStale method to verify its behavior across various flow statuses (PENDING, COMPLETED, FAILED) and age thresholds.
- Ensured correct handling of edge cases, including flows with missing timestamps and custom stale thresholds.
- Enhanced test coverage to validate the logic for determining flow staleness based on createdAt, completedAt, and failedAt timestamps.
* feat: add support for known/add/drop parameters in Anthropic and Google LLM configurations
* ci: add tests for web search support for Anthropic and Google configurations with addParams and dropParams handling
- Implemented validation for OpenAPI specifications to ensure the server URL matches the client-provided domain, preventing SSRF attacks.
- Added domain extraction and validation functions to improve security checks.
- Updated relevant services and routes to utilize the new validation logic, ensuring robust handling of client-provided domains against the OpenAPI spec.
- Introduced comprehensive tests to validate the new security features and ensure correct behavior across various scenarios.
- Added DEBUG_MESSAGE_LENGTH constant to allow dynamic adjustment of debug message length based on environment variable.
- Updated logging format to utilize the new constant for truncating debug messages, enhancing flexibility in log output.
* refactor: add image file size validation as part of payload build
* feat: implement file size and MIME type filtering in endpoint configuration
* chore: import order
* feat: add filterFilesByEndpointConfig to filter disabled file processing by provider
* chore: explicit define of endpointFileConfig for better debugging
* refactor: move `normalizeEndpointName` to data-provider as used app-wide
* chore: remove overrideEndpoint from useFileHandling
* refactor: improve endpoint file config selection
* refactor: update filterFilesByEndpointConfig to accept structured parameters and improve endpoint file config handling
* refactor: replace defaultFileConfig with getEndpointFileConfig for improved file configuration handling across components
* test: add comprehensive unit tests for getEndpointFileConfig to validate endpoint configuration handling
* refactor: streamline agent endpoint assignment and improve file filtering logic
* feat: add error handling for disabled file uploads in endpoint configuration
* refactor: update encodeAndFormat functions to accept structured parameters for provider and endpoint
* refactor: streamline requestFiles handling in initializeAgent function
* fix: getEndpointFileConfig partial config merging scenarios
* refactor: enhance mergeWithDefault function to support document-supported providers with comprehensive MIME types
* refactor: user-configured default file config in getEndpointFileConfig
* fix: prevent file handling when endpoint is disabled and file is dragged to chat
* refactor: move `getEndpointField` to `data-provider` and update usage across components and hooks
* fix: prioritize endpointType based on agent.endpoint in file filtering logic
* fix: prioritize agent.endpoint in file filtering logic and remove unnecessary endpointType defaulting
* chore: temp. remove @librechat/agents
* 🔧 chore: update @langchain/core to version 0.3.79
* chore: update dependencies for @langchain/core and add back latest @librechat/agents
* chore: update @librechat/agents to version 3.0.11
* fix: enhance error handling for uncaught exceptions due to abort errors
* fix: standardize warning message for uncatchable abort errors
* fix: improve tool call handling in ModelEndHandler for unprocessed edge case
* fix: prevent content type mismatch in message updates and preserve args in final updates
* chore: add debug logging for client disposal in disposeClient function
* fix: update agent context handling in ModelEndHandler due to new MultiAgentGraph
* refactor: streamline client cleanup process by utilizing property arrays for potential circular reference removal
