- Replace index-based resource markers with stable resource IDs
- Update plugin to parse \ui{resourceId} format instead of \ui0
- Refactor components to use useMessagesOperations instead of useSubmitMessage
- Add ShareMessagesProvider for UI resources in share view
- Add useConversationUIResources hook for cross-turn resource lookups
- Update parsers to generate resource IDs from content hashes
- Update all tests to use resource IDs instead of indices
- Add sandbox permissions for iframe popups
- Remove deprecated MCP tool context instructions
* fix(nav): handle search disabled/error states to stop skeleton loading
* fix(ui): correct chevron direction for chats expand/collapse toggle
* feat(Conversations): Introduce MeasuredRow and ChatsHeader components for improved rendering and layout
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* Feature: Dynamic MCP Server with Full UI Management
* 🚦 feat: Add MCP Connection Status icons to MCPBuilder panel (#10805)
* feature: Add MCP server connection status icons to MCPBuilder panel
* refactor: Simplify MCPConfigDialog rendering in MCPBuilderPanel
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
* fix: address code review feedback for MCP server management
- Fix OAuth secret preservation to avoid mutating input parameter
by creating a merged config copy in ServerConfigsDB.update()
- Improve error handling in getResourcePermissionsMap to propagate
critical errors instead of silently returning empty Map
- Extract duplicated MCP server filter logic by exposing selectableServers
from useMCPServerManager hook and using it in MCPSelect component
* test: Update PermissionService tests to throw errors on invalid resource types
- Changed the test for handling invalid resource types to ensure it throws an error instead of returning an empty permissions map.
- Updated the expectation to check for the specific error message when an invalid resource type is provided.
* feat: Implement retry logic for MCP server creation to handle race conditions
- Enhanced the createMCPServer method to include retry logic with exponential backoff for handling duplicate key errors during concurrent server creation.
- Updated tests to verify that all concurrent requests succeed and that unique server names are generated.
- Added a helper function to identify MongoDB duplicate key errors, improving error handling during server creation.
* refactor: StatusIcon to use CircleCheck for connected status
- Replaced the PlugZap icon with CircleCheck in the ConnectedStatusIcon component to better represent the connected state.
- Ensured consistent icon usage across the component for improved visual clarity.
* test: Update AccessControlService tests to throw errors on invalid resource types
- Modified the test for invalid resource types to ensure it throws an error with a specific message instead of returning an empty permissions map.
- This change enhances error handling and improves test coverage for the AccessControlService.
* fix: Update error message for missing server name in MCP server retrieval
- Changed the error message returned when the server name is not provided from 'MCP ID is required' to 'Server name is required' for better clarity and accuracy in the API response.
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
* 🪦 refactor: Remove Legacy Code (#10533)
* 🗑️ chore: Remove unused Legacy Provider clients and related helpers
* Deleted OpenAIClient and GoogleClient files along with their associated tests.
* Removed references to these clients in the clients index file.
* Cleaned up typedefs by removing the OpenAISpecClient export.
* Updated chat controllers to use the OpenAI SDK directly instead of the removed client classes.
* chore/remove-openapi-specs
* 🗑️ chore: Remove unused mergeSort and misc utility functions
* Deleted mergeSort.js and misc.js files as they are no longer needed.
* Removed references to cleanUpPrimaryKeyValue in messages.js and adjusted related logic.
* Updated mongoMeili.ts to eliminate local implementations of removed functions.
* chore: remove legacy endpoints
* chore: remove all plugins endpoint related code
* chore: remove unused prompt handling code and clean up imports
* Deleted handleInputs.js and instructions.js files as they are no longer needed.
* Removed references to these files in the prompts index.js.
* Updated docker-compose.yml to simplify reverse proxy configuration.
* chore: remove unused LightningIcon import from Icons.tsx
* chore: clean up translation.json by removing deprecated and unused keys
* chore: update Jest configuration and remove unused mock file
* Simplified the setupFiles array in jest.config.js by removing the fetchEventSource mock.
* Deleted the fetchEventSource.js mock file as it is no longer needed.
* fix: simplify endpoint type check in Landing and ConversationStarters components
* Updated the endpoint type check to use strict equality for better clarity and performance.
* Ensured consistency in the handling of the azureOpenAI endpoint across both components.
* chore: remove unused dependencies from package.json and package-lock.json
* chore: remove legacy EditController, associated routes and imports
* chore: update banResponse logic to refine request handling for banned users
* chore: remove unused validateEndpoint middleware and its references
* chore: remove unused 'res' parameter from initializeClient in multiple endpoint files
* chore: remove unused 'isSmallScreen' prop from BookmarkNav and NewChat components; clean up imports in ArchivedChatsTable and useSetIndexOptions hooks; enhance localization in PromptVersions
* chore: remove unused import of Constants and TMessage from MobileNav; retain only necessary QueryKeys import
* chore: remove unused TResPlugin type and related references; clean up imports in types and schemas
* 📦 chore: Bump Express.js to v5 (#10671)
* chore: update express to version 5.1.0 in package.json
* chore: update express-rate-limit to version 8.2.1 in package.json and package-lock.json
* fix: Enhance server startup error handling in experimental and index files
* Added error handling for server startup in both experimental.js and index.js to log errors and exit the process if the server fails to start.
* Updated comments in openidStrategy.js to clarify the purpose of the CustomOpenIDStrategy class and its relation to Express version changes.
* chore: Implement rate limiting for all POST routes excluding /speech, required for express v5
* Added middleware to apply IP and user rate limiters to all POST requests, ensuring that the /speech route remains unaffected.
* Enhanced code clarity with comments explaining the new rate limiting logic.
* chore: Enable writable req.query for mongoSanitize compatibility in Express 5
* chore: Ensure req.body exists in multiple middleware and route files for Express 5 compatibility
* 🪨 feat: Add PROXY support for AWS Bedrock endpoints (#8871)
* feat: added PROXY support for AWS Bedrock endpoint
* chore: explicit install of new packages required for bedrock proxy
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: add shift key tracking and instant delete functionality in conversation options
* refactor(Convo): simplify classname logic
* fix: restore package-lock after rebase
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
Co-authored-by: Arthur Barrett <abarrett@fas.harvard.edu>
* 🪦 refactor: Remove Legacy Code (#10533)
* 🗑️ chore: Remove unused Legacy Provider clients and related helpers
* Deleted OpenAIClient and GoogleClient files along with their associated tests.
* Removed references to these clients in the clients index file.
* Cleaned up typedefs by removing the OpenAISpecClient export.
* Updated chat controllers to use the OpenAI SDK directly instead of the removed client classes.
* chore/remove-openapi-specs
* 🗑️ chore: Remove unused mergeSort and misc utility functions
* Deleted mergeSort.js and misc.js files as they are no longer needed.
* Removed references to cleanUpPrimaryKeyValue in messages.js and adjusted related logic.
* Updated mongoMeili.ts to eliminate local implementations of removed functions.
* chore: remove legacy endpoints
* chore: remove all plugins endpoint related code
* chore: remove unused prompt handling code and clean up imports
* Deleted handleInputs.js and instructions.js files as they are no longer needed.
* Removed references to these files in the prompts index.js.
* Updated docker-compose.yml to simplify reverse proxy configuration.
* chore: remove unused LightningIcon import from Icons.tsx
* chore: clean up translation.json by removing deprecated and unused keys
* chore: update Jest configuration and remove unused mock file
* Simplified the setupFiles array in jest.config.js by removing the fetchEventSource mock.
* Deleted the fetchEventSource.js mock file as it is no longer needed.
* fix: simplify endpoint type check in Landing and ConversationStarters components
* Updated the endpoint type check to use strict equality for better clarity and performance.
* Ensured consistency in the handling of the azureOpenAI endpoint across both components.
* chore: remove unused dependencies from package.json and package-lock.json
* chore: remove legacy EditController, associated routes and imports
* chore: update banResponse logic to refine request handling for banned users
* chore: remove unused validateEndpoint middleware and its references
* chore: remove unused 'res' parameter from initializeClient in multiple endpoint files
* chore: remove unused 'isSmallScreen' prop from BookmarkNav and NewChat components; clean up imports in ArchivedChatsTable and useSetIndexOptions hooks; enhance localization in PromptVersions
* chore: remove unused import of Constants and TMessage from MobileNav; retain only necessary QueryKeys import
* chore: remove unused TResPlugin type and related references; clean up imports in types and schemas
* 🪦 refactor: Remove Legacy Code (#10533)
* 🗑️ chore: Remove unused Legacy Provider clients and related helpers
* Deleted OpenAIClient and GoogleClient files along with their associated tests.
* Removed references to these clients in the clients index file.
* Cleaned up typedefs by removing the OpenAISpecClient export.
* Updated chat controllers to use the OpenAI SDK directly instead of the removed client classes.
* chore/remove-openapi-specs
* 🗑️ chore: Remove unused mergeSort and misc utility functions
* Deleted mergeSort.js and misc.js files as they are no longer needed.
* Removed references to cleanUpPrimaryKeyValue in messages.js and adjusted related logic.
* Updated mongoMeili.ts to eliminate local implementations of removed functions.
* chore: remove legacy endpoints
* chore: remove all plugins endpoint related code
* chore: remove unused prompt handling code and clean up imports
* Deleted handleInputs.js and instructions.js files as they are no longer needed.
* Removed references to these files in the prompts index.js.
* Updated docker-compose.yml to simplify reverse proxy configuration.
* chore: remove unused LightningIcon import from Icons.tsx
* chore: clean up translation.json by removing deprecated and unused keys
* chore: update Jest configuration and remove unused mock file
* Simplified the setupFiles array in jest.config.js by removing the fetchEventSource mock.
* Deleted the fetchEventSource.js mock file as it is no longer needed.
* fix: simplify endpoint type check in Landing and ConversationStarters components
* Updated the endpoint type check to use strict equality for better clarity and performance.
* Ensured consistency in the handling of the azureOpenAI endpoint across both components.
* chore: remove unused dependencies from package.json and package-lock.json
* chore: remove legacy EditController, associated routes and imports
* chore: update banResponse logic to refine request handling for banned users
* chore: remove unused validateEndpoint middleware and its references
* chore: remove unused 'res' parameter from initializeClient in multiple endpoint files
* chore: remove unused 'isSmallScreen' prop from BookmarkNav and NewChat components; clean up imports in ArchivedChatsTable and useSetIndexOptions hooks; enhance localization in PromptVersions
* chore: remove unused import of Constants and TMessage from MobileNav; retain only necessary QueryKeys import
* chore: remove unused TResPlugin type and related references; clean up imports in types and schemas
* 📦 chore: Bump Express.js to v5 (#10671)
* chore: update express to version 5.1.0 in package.json
* chore: update express-rate-limit to version 8.2.1 in package.json and package-lock.json
* fix: Enhance server startup error handling in experimental and index files
* Added error handling for server startup in both experimental.js and index.js to log errors and exit the process if the server fails to start.
* Updated comments in openidStrategy.js to clarify the purpose of the CustomOpenIDStrategy class and its relation to Express version changes.
* chore: Implement rate limiting for all POST routes excluding /speech, required for express v5
* Added middleware to apply IP and user rate limiters to all POST requests, ensuring that the /speech route remains unaffected.
* Enhanced code clarity with comments explaining the new rate limiting logic.
* chore: Enable writable req.query for mongoSanitize compatibility in Express 5
* chore: Ensure req.body exists in multiple middleware and route files for Express 5 compatibility
* 🗣 feat: MCP Status Accessibility Improvements (#10738)
* feat: make MultiSelect highlight same opacity as other focus highlights in app
* feat: add better screenreader announcements for mcp server and variable states
* feat: memoize fullTitle calculation
* 🪨 feat: Add PROXY support for AWS Bedrock endpoints (#8871)
* feat: added PROXY support for AWS Bedrock endpoint
* chore: explicit install of new packages required for bedrock proxy
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* ✨ feat: Implement Favorites functionality with controllers, hooks, and UI components
* ✨ feat: Refactor Favorites functionality to support new data structure and enhance UI interactions
* ✨ feat: Add endpoint to new conversation for agent favorites
* ✨ feat: Enhance Conversations and Favorites components with expanded functionality and improved UI interactions
* ✨ feat: Remove 'Pinned' label from UI translations for cleaner interface
* feat: clean up comments and improve code readability in favorites and agent components; bump @librechat/data-schemas to 0.0.24
* ✨ feat: Enhance favorites management with validation, update data structure, and improve UI interactions
* ✨ feat: Simplify rendering logic in EndpointModelItem and optimize useEffect dependencies in Conversations component
* ✨ test: Update favorites mock implementation and improve button focus styles in AgentDetail tests
* ✨ feat: Enhance favorites management by adding loading and error states, and refactor related hooks and components
* ✨ feat: Add loading skeletons for favorites while agents are being fetched
* ✨ feat: Improve loading experience in FavoritesList by adding skeleton placeholders for favorites and marketplace
* feat: Optimize cache handling in Conversations and enhance FavoritesList to notify height changes on loading completion
* ✨ feat: Add loading skeleton for SearchBar in Nav component and update agent avatar fallback icon to Feather
* feat: Refactor FavoritesController validation, streamline ModelSelector component, and enhance EndpointModelItem with selection state
* feat: Adjust padding in Conversations and FavoritesList components for improved layout consistency
* feat: Refactor FavoritesController to use model methods for user updates and retrieval
* feat: Enhance Favorites functionality with validation, cleanup, and improved error handling
* tests: Update AgentCard and agent utilities to use Feather icon fallback instead of Bot icon
* refactor: Remove collapsible animation styles from CSS
* feat: Migrate favorites state management from Recoil to Jotai
* fix: Correct type definition in useGetFavoritesQuery and ensure useFavorites is exported
* refactor: Simplify AuthField component by removing TooltipAnchor and directly rendering Label
* fix: Ensure favorites are always an array and update references in FavoritesList
* style: Update Conversation component styles for improved UI consistency
* feat: re-integrate AuthContext to manage agent marketplace visibility based on authentication state
* fix: Improve optimistic updates in favorites mutation handling
* feat: Implement error handling for favorites limit and consolidate marketplace access logic
* fix: package-lock
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
Co-authored-by: Dustin Healy <54083382+dustinhealy@users.noreply.github.com>
Co-authored-by: Arthur Barrett <abarrett@fas.harvard.edu>
* refactor: move endpoint initialization methods to typescript
* refactor: move agent init to packages/api
- Introduced `initialize.ts` for agent initialization, including file processing and tool loading.
- Updated `resources.ts` to allow optional appConfig parameter.
- Enhanced endpoint configuration handling in various initialization files to support model parameters.
- Added new artifacts and prompts for React component generation.
- Refactored existing code to improve type safety and maintainability.
* refactor: streamline endpoint initialization and enhance type safety
- Updated initialization functions across various endpoints to use a consistent request structure, replacing `unknown` types with `ServerResponse`.
- Simplified request handling by directly extracting keys from the request body.
- Improved type safety by ensuring user IDs are safely accessed with optional chaining.
- Removed unnecessary parameters and streamlined model options handling for better clarity and maintainability.
* refactor: moved ModelService and extractBaseURL to packages/api
- Added comprehensive tests for the models fetching functionality, covering scenarios for OpenAI, Anthropic, Google, and Ollama models.
- Updated existing endpoint index to include the new models module.
- Enhanced utility functions for URL extraction and model data processing.
- Improved type safety and error handling across the models fetching logic.
* refactor: consolidate utility functions and remove unused files
- Merged `deriveBaseURL` and `extractBaseURL` into the `@librechat/api` module for better organization.
- Removed redundant utility files and their associated tests to streamline the codebase.
- Updated imports across various client files to utilize the new consolidated functions.
- Enhanced overall maintainability by reducing the number of utility modules.
* refactor: replace ModelService references with direct imports from @librechat/api and remove ModelService file
* refactor: move encrypt/decrypt methods and key db methods to data-schemas, use `getProviderConfig` from `@librechat/api`
* chore: remove unused 'res' from options in AgentClient
* refactor: file model imports and methods
- Updated imports in various controllers and services to use the unified file model from '~/models' instead of '~/models/File'.
- Consolidated file-related methods into a new file methods module in the data-schemas package.
- Added comprehensive tests for file methods including creation, retrieval, updating, and deletion.
- Enhanced the initializeAgent function to accept dependency injection for file-related methods.
- Improved error handling and logging in file methods.
* refactor: streamline database method references in agent initialization
* refactor: enhance file method tests and update type references to IMongoFile
* refactor: consolidate database method imports in agent client and initialization
* chore: remove redundant import of initializeAgent from @librechat/api
* refactor: move checkUserKeyExpiry utility to @librechat/api and update references across endpoints
* refactor: move updateUserPlugins logic to user.ts and simplify UserController
* refactor: update imports for user key management and remove UserService
* refactor: remove unused Anthropics and Bedrock endpoint files and clean up imports
* refactor: consolidate and update encryption imports across various files to use @librechat/data-schemas
* chore: update file model mock to use unified import from '~/models'
* chore: import order
* refactor: remove migrated to TS agent.js file and its associated logic from the endpoints
* chore: add reusable function to extract imports from source code in unused-packages workflow
* chore: enhance unused-packages workflow to include @librechat/api dependencies and improve dependency extraction
* chore: improve dependency extraction in unused-packages workflow with enhanced error handling and debugging output
* chore: add detailed debugging output to unused-packages workflow for better visibility into unused dependencies and exclusion lists
* chore: refine subpath handling in unused-packages workflow to correctly process scoped and non-scoped package imports
* chore: clean up unused debug output in unused-packages workflow and reorganize type imports in initialize.ts
* feat: allow keyboard nav in presetItems
(previously edit / pin / delete buttons would only render on hover, so when the element was focused with keybaord navigation, those buttons wouldn't render and couldn't be focused or actuated)
* feat: add aria-labels and TooltipAnchors to buttons in PresetItems
* fix: stop keypresses from triggering parent menuitem instead of buttons
* feat: better focus management on modal close with trigger refs
* feat: use OGDialog modal for preset deletion
* feat: add toast for successful preset deletion
* chore: address copilot comments
* chore: address comments
* chore: import order
* feat: added PROXY support for AWS Bedrock endpoint
* chore: explicit install of new packages required for bedrock proxy
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: make MultiSelect highlight same opacity as other focus highlights in app
* feat: add better screenreader announcements for mcp server and variable states
* feat: memoize fullTitle calculation
* Refactor: MCPServersRegistry Singleton Pattern with Dependency Injection for DB methods consumption
* refactor: error handling in MCP initialization and improve logging for MCPServersRegistry instance creation.
- Added checks for mongoose instance in ServerConfigsDB constructor and refined error messages for clarity.
- Reorder and use type imports
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: add aria-label for expansion chevron in Agent Builder's MCP tool list dropdown
* fix: remove duplicate tool info button in MCPTool so it doesn't get picked up via keyboard nav (still exists on mouse hover as it should to provide tooltip description of tool)
* feat: use InfoHoverCard rather than Ariakit components for tool descriptions
* chore: remove unused i18n keys
The active conversation state previously failed WCAG 1.4.11 Non-text Contrast
requirements (~1.2:1 contrast ratio). Added a left border indicator using
border-xheavy which provides 6:1+ contrast in both light and dark modes.
- Add border-l-2 with border-xheavy color for active state
- Conditionally apply rounded-r-lg (active) vs rounded-lg (inactive)
- Use transition-[background-color] to prevent border/radius animation glitch
Problem:
--------
Commit 5ed1f2991 introduced a layout shift regression when opening the
sidebar. The UI would visibly "jump" as elements shifted right before
the animation completed. Closing the sidebar worked correctly.
Root Cause Analysis:
--------------------
The accessibility PR added a redundant `{navVisible && ...}` conditional
wrapper around the `<nav>` content inside Nav.tsx's `motion.div`. This
caused a race condition:
1. User clicks "Open Sidebar" button
2. `navVisible` state becomes `true`
3. React renders the `motion.div` AND its children simultaneously
4. The inner `{navVisible && (<nav>...)}` renders content at full width
(320px/260px) BEFORE framer-motion applies `initial={{ width: 0 }}`
5. Brief flash of full-width content causes visible layout shift
6. Animation then starts from width: 0, but damage is done
The ref-based focus management (passing `openSidebarRef`/`closeSidebarRef`
through context) was suspected but was not the actual cause. However,
`requestAnimationFrame` focus calls during animation start could trigger
forced layout calculations, exacerbating the issue.
Solution:
---------
1. Remove redundant conditional rendering in Nav.tsx
- The outer `{navVisible && (<motion.div>...)}` already controls
visibility
- The `overflow-x-hidden` class on motion.div clips content during
animation
- Content should always exist inside motion.div for smooth clipping
2. Replace ref-based focus with ID-based focus management
- Refs passed through component tree can affect React's reconciliation
- Using `document.getElementById()` decouples focus from render cycle
- Exported `CLOSE_SIDEBAR_ID` and `OPEN_SIDEBAR_ID` constants for
consistency
3. Delay focus until after animation completes
- Changed from `requestAnimationFrame` to `setTimeout(..., 250)`
- Animation duration is 200ms; 250ms ensures completion
- Prevents layout thrashing during animation
4. Clean up prop drilling
- Removed `openSidebarRef`/`closeSidebarRef` from Root.tsx context
- Simplified Nav.tsx, Header.tsx, NewChat.tsx prop signatures
- Updated ContextType to remove ref properties
Files Changed:
--------------
- client/src/routes/Root.tsx
- client/src/components/Nav/Nav.tsx
- client/src/components/Nav/NewChat.tsx
- client/src/components/Chat/Header.tsx
- client/src/components/Chat/Menus/OpenSidebar.tsx
- client/src/common/types.ts
Accessibility Note:
-------------------
The original inner conditional was added to prevent keyboard navigation
to hidden sidebar content for screen readers. This is still handled by:
- AnimatePresence unmounting the motion.div after exit animation
- The motion.div having width: 0 during exit (content not reachable)
- Screen readers typically skip content being animated out
- Other: removed non-existant prop from BookmarkNav
Testing:
--------
- Verified smooth animation when opening sidebar (no layout shift)
- Verified smooth animation when closing sidebar (unchanged)
- Verified focus transfers correctly between open/close buttons
- Verified keyboard navigation works as expected
* Decouple mcp config from start up config
* Chore: Work on AI Review and Copilot Comments
- setRawConfig is not needed since the private raw config is not needed any more
- !!serversLoading bug fixed
- added unit tests for route /api/mcp/servers
- copilot comments addressed
* chore: remove comments
* chore: rename data-provider dir for MCP
* chore: reorganize mcp specific query hooks
* fix: consolidate imports for MCP server manager
* chore: add dev-staging branch to frontend review workflow triggers
* feat: add GitHub Actions workflow for building and pushing Docker images to GitHub Container Registry and Docker Hub
* fix: update label for tag input in BookmarkForm tests to improve clarity
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
* fix: show ModelSelector and other buttons properly
* chore: remove string templates and fix import order
* chore: import order
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: add light/dark differentiation on text color for login footer links for more accessible contrast in light mode
* feat: add darker color focus ring on ThemeSelector in light mode for more accessible contrast
* feat: increase contrast on text color for rendered error messages in light and dark mode so that they pass the 4.5:1 accessibility contrast threshold against their backgrounds
* feat: add more accessible color vars to style.css for better contrast against light/dark backgrounds
* feat: un-nest DropdownMenu from ListCard and make them siblings instead for better accessibility
* feat: tweak --border-heavy in light mode so that it uses --gray-410 rather than --gray-400 so that the contrast ratio threshold is hit for accessibility
* feat: switch email and password input border to border-heavy for more accessible contrast on Login page
* fix: add proper focus ring for Action menu button in Prompts Sidenav
* fix: align light and dark focus rings with surrounding elements on preview/edit menu dropdown button in Prompt Card
* fix: remove aria-hidden on parent div with focusable child element according to accessibility guidelines
* fix: add missing aria-readonly false property that should have been in previous accessibility PR
* feat: add horizontal padding on rowRenderer's CellMeasurer div so that focus ring on rows doesnt clip behind virtualized table borders side-to-side
(still need to figure out vertical clipping on final row / a better solution to be able to get overflows to work properly within the virtualized table)
* feat: remove render prop override so that Share and Delete Buttons in Conversation dropdown can be pressed with Enter keystroke
* fix: undo additional colors and changes to --surface-hover
the initial changes came from a misunderstanding of contrast threshold requirements for hover effect accessibility
* feat: better layout for non-nested prompt card / action menu combination
* fix: add proper focus restoration behavior for Preview modal on close
* fix: undo change to --border-heavy in light mode
* fix: set borders for login input boxes back to light
* feat: add announcement for state change when link copied to clipboard in conversation share modal
* feat: add announcement to Refresh Link button
* feat: add announcement for archiving chats
* feat: make date sections in conversation history list <h2> rather than generic <div> for improved screen reader support
* feat: ensure Share Link modal is accessible at high zoom percentage and low viewport width / height requirements by adding max height and overflow attributes to allow scrolling
* feat: bold toast text so that it hits font size accessibility threshold (above 14 px when bolded - change makes text 16 px bold) so that the more disruptive contrast change of the toast background color is no longer necessary.
The background color would need to achieve a 4.5:1 contrast ratio, which would significantly affect the established aesthetic of the current toast system if achieved.
* fix: do not render side nav when it is hidden to avoid keyboard navigation with screen reader
* fix: add side nav button state change announcements and don't render components that were previosuly reachable via keyboard navigation while in the side nav
* feat: add tooltip anchor for Model Select
* fix: only hide the model selector, export, and temp chat buttons when in mobile view and the sidenav is expanded
* feat: add aria-haspopup support for MenuItems and add aria-haspopup: 'dialog' for Share and Delete buttons in ConvoOptions
* feat: add label for DataTable search so that it does not rely on placeholder attribute for function identification
* feat: make X buttons on dialogs 24x24px to achieve AA compliance
* feat: add announcements for the search bar for model selector
* feat: persistent label for DataTable
* feat: make filter files text contrast compliant
* feat: add non-color visual indicator to AudioRecorder listening state
* feat: add aria-expanded attribute to tool call dropdown for screen reader
* feat: add high contrast and rounded outlines for focus indicators on Run Code and Copy Code buttons for code blocks
* fix: change Button to anchor tag in Shared Links component when linking to original conversation
* fix: allow overflow in datatable cells so that focus indicators dont get cut off
* feat: round out focus outline for link name in SharedLinks modal
* feat: add aria-controls and aria-haspopup: "dialog" to SharedLinks delete button and modal
* feat: add aria-controls for dropdown menu items on ConvoOptions for share and delete modals
* feat: add trigger ref to 2FA button and modal in settings menu so focus returns to button on modal close
* feat: add refs so that open sidebar and close sidebar buttons transfer focus to one another
* chore: formatting
* feat: make sure settings modal is accessible at 200% zoom for screen size 1366x768 viewport
* feat: round out focus outline for link names in archived chats modal
* feat: add result announcements for screen reader in DataTable search
* feat: simplify layout for checkbox / api key components for better accessibility
* feat: return focus to chat input on prompt variables modal close
* feat: add persistent labels to TextareaAutosize Inputs in Variable form
* feat: tighten max width so side scrolling not necessary at 400% zoom for VariableForm modal
* feat: add persistent labels to prompt management page
* feat: announce results found for search bars in prompts page and improve them in datatable
* feat: de-nest DashGroupItem buttons in Prompts page to allow better navigation and comply with accessibility standard
* feat: add heading for new prompt creation page for screen readers
* feat: remove non-compliant description truncation for small screen sizes by making labels static on small enough viewport width
* feat: add mobile view sidebar for prompts page
* feat: add bolded text on select for AdvancedSwitch so that there is a visual indicator of selection and it does not rely solely on color as an indication of state
* feat: add persistent labels to ModelSelector search inputs
* feat: align aria-label with visual label for speech recognition users
* feat: make MemoryCreateDialog accessible at 400% zoom (introduce max viewport height attr and make scrollable)
* feat: add persistent label to Filter input for DataTable in file attach sidebar menu
* feat: add persistent label for bookmark filter input in bookmarks sidebar menu
* feat: add alert for screen readers for invalid inputs when editting bookmarks
* feat: bold font in BookmarkForm error readout to pass contrast compliance thresholds for 14pt text
* feat: align aria-label with visual label for BookmarkForm Ttile input
* feat: add 400% zoom support for ALL modals utilizing OriginalDialog to prevent clipping
* feat: remove state change on aria label and give consistent labelling for button, offload state change notification to the announcement div and make more assertive
* feat: add aria-labels which convey that the buttons are sortable (divergence from visual text because iconography is used to signify sort functionality)
* feat: add supplemental visuals to indicate link is clickable other than color in SharedLinks
* feat: increase saturation to hit contrast threshold minimums on Link color in SharedLinks
* feat: stop DataTable from disappearing at 400% zoom in SharedLinks
* feat: increase contrast to hit contrast threshold minimums on Animated Search Input visual indicators
* feat: add aria-label for AnimatedSearchInput (doesn't require explicit labelling because of Search icon)
* fix: stop long example variable declaration from clipping at high zoom in variables info
* feat: add aria-label to bettter describe sort button functionality for vision impaired users
* chore: remove unused translation key
* chore: address ESLint comments
* fix: modify test to account for new alert on theme toggle switch for login page
* chore: interpolate translation key
* 🔄 Refactoring: MCP Runtime Configuration Reload
- PrivateServerConfigs own cache classes (inMemory and Redis).
- Connections staleness detection by comparing (connection.createdAt and config.LastUpdatedAt)
- ConnectionsRepo access Registry instead of in memory config dict and renew stale connections
- MCPManager: adjusted init of ConnectionsRepo (app level)
- UserConnectionManager: renew stale connections
- skipped test, to test "should only clear keys in its own namespace"
- MCPPrivateServerLoader: new component to manage logic of loading / editing private servers on runtime
- PrivateServersLoadStatusCache to track private server cache status
- New unit and integration tests.
Misc:
- add es lint rule to enforce line between class methods
* Fix cluster mode batch update and delete workarround. Fixed unit tests for cluster mode.
* Fix Keyv redis clear cache namespace awareness issue + Integration tests fixes
* chore: address copilot comments
* Fixing rebase issue: removed the mcp config fallback in single getServerConfig method:
- to not to interfere with the logic of the right Tier (APP/USER/Private)
- If userId is null, the getServerConfig should not return configs that are a SharedUser tier and not APP tier
* chore: add dev-staging branch to workflow triggers for backend, cache integration, and ESLint checks
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
* chore: update express to version 5.1.0 in package.json
* chore: update express-rate-limit to version 8.2.1 in package.json and package-lock.json
* fix: Enhance server startup error handling in experimental and index files
* Added error handling for server startup in both experimental.js and index.js to log errors and exit the process if the server fails to start.
* Updated comments in openidStrategy.js to clarify the purpose of the CustomOpenIDStrategy class and its relation to Express version changes.
* chore: Implement rate limiting for all POST routes excluding /speech, required for express v5
* Added middleware to apply IP and user rate limiters to all POST requests, ensuring that the /speech route remains unaffected.
* Enhanced code clarity with comments explaining the new rate limiting logic.
* chore: Enable writable req.query for mongoSanitize compatibility in Express 5
* chore: Ensure req.body exists in multiple middleware and route files for Express 5 compatibility
* 🗑️ chore: Remove unused Legacy Provider clients and related helpers
* Deleted OpenAIClient and GoogleClient files along with their associated tests.
* Removed references to these clients in the clients index file.
* Cleaned up typedefs by removing the OpenAISpecClient export.
* Updated chat controllers to use the OpenAI SDK directly instead of the removed client classes.
* chore/remove-openapi-specs
* 🗑️ chore: Remove unused mergeSort and misc utility functions
* Deleted mergeSort.js and misc.js files as they are no longer needed.
* Removed references to cleanUpPrimaryKeyValue in messages.js and adjusted related logic.
* Updated mongoMeili.ts to eliminate local implementations of removed functions.
* chore: remove legacy endpoints
* chore: remove all plugins endpoint related code
* chore: remove unused prompt handling code and clean up imports
* Deleted handleInputs.js and instructions.js files as they are no longer needed.
* Removed references to these files in the prompts index.js.
* Updated docker-compose.yml to simplify reverse proxy configuration.
* chore: remove unused LightningIcon import from Icons.tsx
* chore: clean up translation.json by removing deprecated and unused keys
* chore: update Jest configuration and remove unused mock file
* Simplified the setupFiles array in jest.config.js by removing the fetchEventSource mock.
* Deleted the fetchEventSource.js mock file as it is no longer needed.
* fix: simplify endpoint type check in Landing and ConversationStarters components
* Updated the endpoint type check to use strict equality for better clarity and performance.
* Ensured consistency in the handling of the azureOpenAI endpoint across both components.
* chore: remove unused dependencies from package.json and package-lock.json
* chore: remove legacy EditController, associated routes and imports
* chore: update banResponse logic to refine request handling for banned users
* chore: remove unused validateEndpoint middleware and its references
* chore: remove unused 'res' parameter from initializeClient in multiple endpoint files
* chore: remove unused 'isSmallScreen' prop from BookmarkNav and NewChat components; clean up imports in ArchivedChatsTable and useSetIndexOptions hooks; enhance localization in PromptVersions
* chore: remove unused import of Constants and TMessage from MobileNav; retain only necessary QueryKeys import
* chore: remove unused TResPlugin type and related references; clean up imports in types and schemas
* fix: replace string concatenation of localization keys with interpolations and add keys for unlocalized string literals
* chore: update test for new localization key
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: wrap main content of page in <main> tag for screen reader landmarks (439)
* feat: add italic on active convo when selected so that selection state does not rely on bg contrast ratio (562)
* feat: add border ring around SearchBar so that it passes focus contrast minimums (577)
* fix: hide decorative SVGs from screen readers (578)
* fix: stop clipping of focus outlines in My Files modal (593)
* feat: programmatically declare state of Temporary Chat toggle for screen readers (606)
* feat: add sr-only components to warn screen readers that footer links open in new tab (611)
* feat: add aria-labels to archived chat table buttons
* feat: add screen reader heading for prompt edit page (776)
* feat: increase contrast to threshold minimum for production tag in prompts advanced view (773)
* feat: increase contrast to thehold minimums for production tag and version card border highlights (770)
* fix: h2 now reads as 'control bar' to screen readers in edit prompt page (768)
* feat: add selected state tracking for simple / advanced toggle for screen readers (765)
* feat: add left padding to theme selector in prompts side nav panel so that focus outline doesnt clip
* feat: darken orange bg for warning toasts to hit 3:1 contrast minimum with white text (725)
* fix: return focus to triggering element on modal close for image preview in attach files panel (717)
* fix: hide SVG for AddMultiConvo button from screen readers (708)
* feat: add persistent label to Filter Memories... input in memory side panel
- Introduced `inferMimeType` utility to improve MIME type detection for uploaded files, including support for HEIC and HEIF formats.
- Updated DragDropModal to utilize the new inference logic for validating file types, ensuring compatibility with various document upload providers.
- Added comprehensive tests for `inferMimeType` to cover various scenarios, including handling of unknown extensions and preserving browser-provided types.
* 🔧 fix: Gemini as Custom Endpoint Auth. Error for OAI-compatible API
* refactor: Google Compatibility in OpenAI Config
- Added a test to ensure `googleSearch` is filtered out when `web_search` is only present in `modelOptions`, not in `addParams` or `defaultParams`.
- Updated `transformToOpenAIConfig` to preserve `googleSearch` tools if `web_search` is explicitly enabled via `addParams` or `defaultParams`.
- Refactored the filtering logic for Google-specific tools to accommodate the new behavior.
* refactor: implement sanitizeFileForTransmit and sanitizeMessageForTransmit functions for smaller payload to client transmission
* refactor: enhance sanitizeMessageForTransmit to preserve empty files array and avoid mutating original message
* refactor: update sanitizeMessageForTransmit to ensure immutability of files array and improve test clarity
* refactor: Token Limit Processing with Enhanced Efficiency
- Added a new test suite for `processTextWithTokenLimit`, ensuring comprehensive coverage of various scenarios including under, at, and exceeding token limits.
- Refactored the `processTextWithTokenLimit` function to utilize a ratio-based estimation method, significantly reducing the number of token counting function calls compared to the previous binary search approach.
- Improved handling of edge cases and variable token density, ensuring accurate truncation and performance across diverse text inputs.
- Included direct comparisons with the old implementation to validate correctness and efficiency improvements.
* refactor: Remove Tokenizer Route and Related References
- Deleted the tokenizer route from the server and removed its references from the routes index and server files, streamlining the API structure.
- This change simplifies the routing configuration by eliminating unused endpoints.
* refactor: Migrate countTokens Utility to API Module
- Removed the local countTokens utility and integrated it into the @librechat/api module for centralized access.
- Updated various files to reference the new countTokens import from the API module, ensuring consistent usage across the application.
- Cleaned up unused references and imports related to the previous countTokens implementation.
* refactor: Centralize escapeRegExp Utility in API Module
- Moved the escapeRegExp function from local utility files to the @librechat/api module for consistent usage across the application.
- Updated imports in various files to reference the new centralized escapeRegExp function, ensuring cleaner code and reducing redundancy.
- Removed duplicate implementations of escapeRegExp from multiple files, streamlining the codebase.
* refactor: Enhance Token Counting Flexibility in Text Processing
- Updated the `processTextWithTokenLimit` function to accept both synchronous and asynchronous token counting functions, improving its versatility.
- Introduced a new `TokenCountFn` type to define the token counting function signature.
- Added comprehensive tests to validate the behavior of `processTextWithTokenLimit` with both sync and async token counting functions, ensuring consistent results.
- Implemented a wrapper to track call counts for the `countTokens` function, optimizing performance and reducing unnecessary calls.
- Enhanced existing tests to compare the performance of the new implementation against the old one, demonstrating significant improvements in efficiency.
* chore: documentation for Truncation Safety Buffer in Token Processing
- Added a safety buffer multiplier to the character position estimates during text truncation to prevent overshooting token limits.
- Updated the `processTextWithTokenLimit` function to utilize the new `TRUNCATION_SAFETY_BUFFER` constant, enhancing the accuracy of token limit processing.
- Improved documentation to clarify the rationale behind the buffer and its impact on performance and efficiency in token counting.
- Updated `useChatFunctions` to derive `iconURL` from conversation data before parsing
- Modified `parseCompactConvo` to explicitly omit `iconURL` from parsed conversations, reinforcing security measures around URL handling.
* 🖥️ feat: Add Proxy Support for Tavily API Tool
- Integrated ProxyAgent from undici to enable proxy support for API requests in TavilySearch and TavilySearchResults.
- Updated fetch options to conditionally include the proxy configuration based on the environment variable, enhancing flexibility for network requests.
* ci: TavilySearchResults with Proxy Support Tests
- Added tests to verify the integration of ProxyAgent for API requests in TavilySearchResults.
- Implemented conditional logic to check for the PROXY environment variable, ensuring correct usage of ProxyAgent based on its presence.
- Updated test setup to clear mocks before each test for improved isolation and reliability.
* refactor: Add back user variable descriptions for MCP under input and not as Tooltips
- Integrated DOMPurify to sanitize HTML content in user variable descriptions, ensuring safe rendering of links and formatting.
- Updated the AuthField component to display sanitized descriptions, enhancing security and user experience.
- Removed TooltipAnchor in favor of direct label rendering for improved clarity.
* 📦 chore: Update `dompurify` to v3.3.0 in package dependencies
- Added `dompurify` version 3.3.0 to `package.json` and `package-lock.json` for improved HTML sanitization.
- Updated existing references to `dompurify` to ensure consistency across the project.
* refactor: Update tooltip styles for sanitized description in AuthField component
* 🗨️ fix: Safe Validation for Prompt Updates
- Added `safeValidatePromptGroupUpdate` function to validate and sanitize prompt group update requests, ensuring only allowed fields are processed and sensitive fields are stripped.
- Updated the `patchPromptGroup` route to utilize the new validation function, returning appropriate error messages for invalid requests.
- Introduced comprehensive tests for the validation logic, covering various scenarios including allowed and disallowed fields, enhancing overall request integrity and security.
- Created a new schema file for prompt group updates, defining validation rules and types for better maintainability.
* 🔒 feat: Add JSON parse error handling middleware
* 🔒 fix: `iconURL` in conversation parsing
- Updated the `buildEndpointOption` middleware to derive `iconURL` from model specs when not provided by the client, improving security by preventing malicious URLs.
- Modified the `parseCompactConvo` function to strip `iconURL` from conversation inputs, ensuring it is only set server-side.
- Added comprehensive tests to validate the stripping of `iconURL` across various endpoint types, enhancing overall input sanitization.
* ✨ feat: Add ESLint rule for unused variables
- Introduced a new ESLint rule to warn about unused variables, allowing for better code quality and maintainability.
- Configured the rule to ignore variables and arguments that start with an underscore, accommodating common coding practices.
* 🔧 chore: Update @librechat/agents to version 3.0.35
* ✨ feat: Add DeepSeek Model Pricing and Token Handling
- Introduced pricing and token limits for 'deepseek-chat' and 'deepseek-reasoner' models, including prompt and completion rates.
- Enhanced tests to validate pricing and token limits for DeepSeek models, ensuring correct handling of model variations and provider prefixes.
- Updated cache multipliers for DeepSeek models to reflect new pricing structure.
- Improved max output token handling for DeepSeek models, ensuring consistency across different endpoints.
* 🔧 fix: Handle null content parts in message processing
- Added checks to filter out null content parts in various message handling functions, ensuring robustness against undefined values.
- Updated the `extractMessageContent`, `useContentHandler`, `useEventHandlers`, and `useStepHandler` hooks to prevent errors caused by null parts.
- Enhanced the `getAllContentText` utility to only include valid content types, improving overall message integrity.
* 🔧 fix: Enhance error handling in event and SSE handlers
- Wrapped critical sections in try-catch blocks within `useEventHandlers` and `useSSE` hooks to improve error management and prevent application crashes.
- Added console error logging for better debugging and tracking of issues during message processing and conversation aborting.
- Ensured that UI states like `setIsSubmitting` and `setShowStopButton` are correctly updated in case of errors, maintaining a consistent user experience.
* 🔧 fix: Filter out null and empty content in message export
- Enhanced the `useExportConversation` hook to filter out null content parts and empty strings during message processing, ensuring only valid content is included in the export.
- This change improves the integrity of exported conversations by preventing unnecessary empty entries in the output.
