- Replaced string literals for principal types ('user', 'group', 'public') with the new PrincipalType enum across various models, services, and tests for improved type safety and consistency.
- Updated permission handling in multiple files to utilize the PrincipalType enum, enhancing maintainability and reducing potential errors.
- Ensured all relevant tests reflect these changes to maintain coverage and functionality.
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
feat: Implement prompt permissions management and access control middleware
fix: agent deletion process to remove associated permissions and ACL entries
fix: Import Permissions for enhanced access control in GrantAccessDialog
feat: use PromptGroup for access control
- Added migration script for PromptGroup permissions, categorizing groups into global view access and private groups.
- Created unit tests for the migration script to ensure correct categorization and permission granting.
- Introduced middleware for checking access permissions on PromptGroups and prompts via their groups.
- Updated routes to utilize new access control middleware for PromptGroups.
- Enhanced access role definitions to include roles specific to PromptGroups.
- Modified ACL entry schema and types to accommodate PromptGroup resource type.
- Updated data provider to include new access role identifiers for PromptGroups.
feat: add generic access management dialogs and hooks for resource permissions
fix: remove duplicate imports in FileContext component
fix: remove duplicate mongoose dependency in package.json
feat: add access permissions handling for dynamic resource types and add promptGroup roles
feat: implement centralized role localization and update access role types
refactor: simplify author handling in prompt group routes and enhance ACL checks
feat: implement addPromptToGroup functionality and update PromptForm to use it
feat: enhance permission handling in ChatGroupItem, DashGroupItem, and PromptForm components
chore: rename migration script for prompt group permissions and update package.json scripts
chore: update prompt tests
bugfix: Enhance Agent and AgentCategory schemas with new fields for category, support contact, and promotion status
refactored and moved agent category methods and schema to data-schema package
🔧 fix: Merge and Rebase Conflicts
- Move AgentCategory from api/models to @packages/data-schemas structure
- Add schema, types, methods, and model following codebase conventions
- Implement auto-seeding of default categories during AppService startup
- Update marketplace controller to use new data-schemas methods
- Remove old model file and standalone seed script
refactor: unify agent marketplace to single endpoint with cursor pagination
- Replace multiple marketplace routes with unified /marketplace endpoint
- Add query string controls: category, search, limit, cursor, promoted, requiredPermission
- Implement cursor-based pagination replacing page-based system
- Integrate ACL permissions for proper access control
- Fix ObjectId constructor error in Agent model
- Update React components to use unified useGetMarketplaceAgentsQuery hook
- Enhance type safety and remove deprecated useDynamicAgentQuery
- Update tests for new marketplace architecture
-Known issues:
see more button after category switching + Unit tests
feat: add icon property to ProcessedAgentCategory interface
- Add useMarketplaceAgentsInfiniteQuery and useGetAgentCategoriesQuery to client/src/data-provider/Agents/
- Replace manual pagination in AgentGrid with infinite query pattern
- Update imports to use local data provider instead of librechat-data-provider
- Add proper permission handling with PERMISSION_BITS.VIEW/EDIT constants
- Improve agent access control by adding requiredPermission validation in backend
- Remove manual cursor/state management in favor of infinite query built-ins
- Maintain existing search and category filtering functionality
refactor: consolidate agent marketplace endpoints into main agents API and improve data management consistency
- Remove dedicated marketplace controller and routes, merging functionality into main agents v1 API
- Add countPromotedAgents function to Agent model for promoted agents count
- Enhance getListAgents handler with marketplace filtering (category, search, promoted status)
- Move getAgentCategories from marketplace to v1 controller with same functionality
- Update agent mutations to invalidate marketplace queries and handle multiple permission levels
- Improve cache management by updating all agent query variants (VIEW/EDIT permissions)
- Consolidate agent data access patterns for better maintainability and consistency
- Remove duplicate marketplace route definitions and middleware
selected view only agents injected in the drop down
fix: remove minlength validation for support contact name in agent schema
feat: add validation and error messages for agent name in AgentConfig and AgentPanel
fix: update agent permission check logic in AgentPanel to simplify condition
Fix linting WIP
Fix Unit tests WIP
ESLint fixes
eslint fix
refactor: enhance isDuplicateVersion function in Agent model for improved comparison logic
- Introduced handling for undefined/null values in array and object comparisons.
- Normalized array comparisons to treat undefined/null as empty arrays.
- Added deep comparison for objects and improved handling of primitive values.
- Enhanced projectIds comparison to ensure consistent MongoDB ObjectId handling.
refactor: remove redundant properties from IAgent interface in agent schema
chore: update localization for agent detail component and clean up imports
ci: update access middleware tests
chore: remove unused PermissionTypes import from Role model
ci: update AclEntry model tests
ci: update button accessibility labels in AgentDetail tests
refactor: update exhaustive dep. lint warning
🔧 fix: Fixed agent actions access
feat: Add role-level permissions for agent sharing people picker
- Add PEOPLE_PICKER permission type with VIEW_USERS and VIEW_GROUPS permissions
- Create custom middleware for query-aware permission validation
- Implement permission-based type filtering in PeoplePicker component
- Hide people picker UI when user lacks permissions, show only public toggle
- Support granular access: users-only, groups-only, or mixed search modes
refactor: Replace marketplace interface config with permission-based system
- Add MARKETPLACE permission type to handle marketplace access control
- Update interface configuration to use role-based marketplace settings (admin/user)
- Replace direct marketplace boolean config with permission-based checks
- Modify frontend components to use marketplace permissions instead of interface config
- Update agent query hooks to use marketplace permissions for determining permission levels
- Add marketplace configuration structure similar to peoplePicker in YAML config
- Backend now sets MARKETPLACE permissions based on interface configuration
- When marketplace enabled: users get agents with EDIT permissions in dropdown lists (builder mode)
- When marketplace disabled: users get agents with VIEW permissions in dropdown lists (browse mode)
🔧 fix: Redirect to New Chat if No Marketplace Access and Required Agent Name Placeholder (#8213)
* Fix: Fix the redirect to new chat page if access to marketplace is denied
* Fixed the required agent name placeholder
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
chore: fix tests, remove unnecessary imports
refactor: Implement permission checks for file access via agents
- Updated `hasAccessToFilesViaAgent` to utilize permission checks for VIEW and EDIT access.
- Replaced project-based access validation with permission-based checks.
- Enhanced tests to cover new permission logic and ensure proper access control for files associated with agents.
- Cleaned up imports and initialized models in test files for consistency.
refactor: Enhance test setup and cleanup for file access control
- Introduced modelsToCleanup array to track models added during tests for proper cleanup.
- Updated afterAll hooks in test files to ensure all collections are cleared and only added models are deleted.
- Improved consistency in model initialization across test files.
- Added comments for clarity on cleanup processes and test data management.
chore: Update Jest configuration and test setup for improved timeout handling
- Added a global test timeout of 30 seconds in jest.config.js.
- Configured jest.setTimeout in jestSetup.js to allow individual test overrides if needed.
- Enhanced test reliability by ensuring consistent timeout settings across all tests.
refactor: Implement file access filtering based on agent permissions
- Introduced `filterFilesByAgentAccess` function to filter files based on user access through agents.
- Updated `getFiles` and `primeFiles` functions to utilize the new filtering logic.
- Moved `hasAccessToFilesViaAgent` function from the File model to permission services, adjusting imports accordingly
- Enhanced tests to ensure proper access control and filtering behavior for files associated with agents.
fix: make support_contact field a nested object rather than a sub-document
refactor: Update support_contact field initialization in agent model
- Removed handling for empty support_contact object in createAgent function.
- Changed default value of support_contact in agent schema to undefined.
test: Add comprehensive tests for support_contact field handling and versioning
refactor: remove unused avatar upload mutation field and add informational toast for success
chore: add missing SidePanelProvider for AgentMarketplace and organize imports
fix: resolve agent selection race condition in marketplace HandleStartChat
- Set agent in localStorage before newConversation to prevent useSelectorEffects from auto-selecting previous agent
fix: resolve agent dropdown showing raw ID instead of agent info from URL
- Add proactive agent fetching when agent_id is present in URL parameters
- Inject fetched agent into agents cache so dropdowns display proper name/avatar
- Use useAgentsMap dependency to ensure proper cache initialization timing
- Prevents raw agent IDs from showing in UI when visiting shared agent links
Fix: Agents endpoint renamed to "My Agent" for less confusion with the Marketplace agents.
chore: fix ESLint issues and Test Mocks
ci: update permissions structure in loadDefaultInterface tests
- Refactored permissions for MEMORY and added new permissions for MARKETPLACE and PEOPLE_PICKER.
- Ensured consistent structure for permissions across different types.
feat: support_contact validation to allow empty email strings
WIP: pre-granular-permissions commit
feat: Add category and support contact fields to Agent schema and UI components
Revert "feat: Add category and support contact fields to Agent schema and UI components"
This reverts commit c43a52b4c9.
Fix: Update import for renderHook in useAgentCategories.spec.tsx
fix: Update icon rendering in AgentCategoryDisplay tests to use empty spans
refactor: Improve category synchronization logic and clean up AgentConfig component
refactor: Remove unused UI flow translations from translation.json
feat: agent marketplace features
🔐 feat: Granular Role-based Permissions + Entra ID Group Discovery (#7804)
* chore: Remove eslint-plugin-perfectionist from dependencies
* 🚌 fix: MCP Runtime Errors while Initializing
* chore: Bump @librechat/api version to 1.3.1
* chore: import order
* chore: import order
* fix: social login provider crossover
* feat: Enhance OpenID login handling and add tests for provider validation
* refactor: authentication error handling to use ErrorTypes.AUTH_FAILED enum
* refactor: update authentication error handling in LDAP and SAML strategies to use ErrorTypes.AUTH_FAILED enum
* ci: Add validation for login with existing email and different provider in SAML strategy
chore: Add logging for existing users with different providers in LDAP, SAML, and Social Login strategies
* fix: localization string had unused template var
* fix: add normalizeHttpError to hopefully stop UI hangs when an error is returned in UserController
- Ensures updateUserPluginsController always returns valid HTTP status codes instead of undefined
- Add normalizeHttpError() helper to safely extract status/message from errors
- Default to 400 status code when Error.status is undefined/invalid
* refactor: move normalizeHttpError to packages/api
* WIP: Verbosity OpenAI Parameter
* 🔧 chore: remove unused import of extractEnvVariable from parsers.ts
* ✨ feat: add comprehensive tests for getOpenAIConfig and enhance verbosity handling
* fix: Handling for maxTokens in GPT-5+ models and add corresponding tests
* feat: Implement GPT-5+ model handling in processMemory function
* ✨ feat: Enhance Tooltip component with HTML support and styling improvements
* ✨ feat: Integrate DOMPurify for HTML sanitization in Tooltip component
* feat: Update client version to 0.2.2 and add animation styles for popovers and tooltips
* refactor: Remove focus outline styles from Dropdown component
* feat: Update client version to 0.2.3 and add Select component export
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* chore: Handle optional token_endpoint in OAuth metadata discovery
* chore: Simplify permission typing logic in checkAccess function
* feat: Implement `deleteMistralFile` function and integrate file cleanup in `uploadMistralOCR`
* refactor: Enhance MCP components with improved UI elements and localization updates
* refactor: Clean up MCP components by removing unused imports and improving layout
* refactor: Update server status badge styling for improved UI consistency
* refactor: Move group up a level so 'X' and background highlight occur at same time for cancellation button
* refactor: Remove unused translation keys from the localization file
---------
Co-authored-by: Dustin Healy <dustinhealy1@gmail.com>
* Use discoverAuthorizationServerMetadata instead of discoverMetadata
Uses the discoverAuthorizationServerMetadata function from the upstream
TS SDK. This has the advantage of falling back to OIDC discovery
metadata if the OAuth discovery metadata doesn't exist which is the case
with e.g. keycloak.
* chore: import order
---------
Co-authored-by: Danny Avila <danacordially@gmail.com>
* feat: add OAuth servers to conditional rendering logic for MCPPanel in SideNav
* feat: add startup flag check to conditional rendering logic
* fix: correct improper handling of failure state in reinitialize endpoint
* fix: change MCP config components to better handle servers without customUserVars
- removes the subtle reinitialize button from config components of servers without customUserVars or OAuth
- adds a placeholder message for components where servers have no customUserVars configured
* style: swap CustomUserVarsSection and ServerInitializationSection positions
* style: fix coloring for light mode and align more with existing design patterns
* chore: remove extraneous comments
* chore: reorder imports and `isEnabled` from api package
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* ✨ feat: Enhance MCP Connection Status Management
- Introduced new functions to retrieve and manage connection status for multiple MCP servers, including OAuth flow checks and server-specific status retrieval.
- Refactored the MCP connection status endpoints to support both all servers and individual server queries.
- Replaced the old server initialization hook with a new `useMCPServerManager` hook for improved state management and handling of multiple OAuth flows.
- Updated the MCPPanel component to utilize the new context provider for better state handling and UI updates.
- Fixed a number of UI bugs when initializing servers
* 🗣️ i18n: Remove unused strings from translation.json
* refactor: move helper functions out of the route module into mcp service file
* ci: add tests for newly added functions in mcp service file
* fix: memoize setMCPValues to avoid render loop
* 📦 feat: Add Radio component
* 📦 feat: Integrate localization for 'No options available' message in Radio component
* 📦 feat: Bump version to 0.2.0 in package.json
* 📦 feat: Update client package version to 0.2.0 in package-lock.json
* feat: init @librechat/client
* feat: Add common types and interfaces for accessibility, agents, artifacts, assistants, and tools
* feat: Add jotai as a peer dependency
* fix build client package
* feat: cleanup unused types from common/index.ts
- Remove 104 unused type exports from packages/client/src/common/index.ts
- Keep only 7 actually used exports (93% reduction)
- Add cleanup script with enhanced import pattern detection
- Support both named imports and namespace imports (* as t)
- Create automatic backups and comprehensive documentation
- Maintain type safety with build verification
- No breaking changes to existing code
Kept exports:
- TShowToast, Option, OptionWithIcon, DropdownValueSetter
- MentionOption, NotificationSeverity, MenuItemProps
Scripts: cleanup-common-types-safe.js, README-CLEANUP.md
* fix: cleanup
* fix: package; refactor: tsconfig
* feat: add back `recoil`
* fix: move dependencies to peerDependencies in client package
* feat: add @librechat/client as a dependency in package.json and package-lock.json
* feat: update client package configuration and dependencies
- Added new dependencies for Rollup plugins and updated existing ones in package.json and package-lock.json.
- Introduced a new Rollup configuration file for building the client package.
- Refactored build scripts to include a dedicated build command for the client.
- Updated TypeScript configuration for improved module resolution and type declaration output.
- Integrated a Toast component from the client package into the main App component.
* feat: enhance Rollup configuration for client package
- Updated terser plugin settings to preserve directives like 'use client'.
- Added custom warning handler to ignore "use client" directive warnings during the build process.
* chore: rename package/client build script command
* feat: update client package dependencies and Rollup configuration
- Added rollup-plugin-postcss to package.json and updated package-lock.json.
- Enhanced Rollup configuration to include postcss plugin for CSS handling.
- Updated index.ts to export all components from the components directory for better modularity.
* feat: add client package directory to update configuration
- Included the 'client' package directory in the update.js configuration to ensure it is recognized during updates.
* feat: export Toast component in client package
- Added export for the Toast component in index.ts to enhance modularity and accessibility of components.
* feat: /client transition to @librechat/client
* chore: fixed formatting issues
* fix: update peer dependencies in @librechat/client to prevent bundling them
* fix: correct useSprings implementation in SplitText component
* fix: circular dependencies in DataTable
* fix: add remaining peer dependencies and match actual versions previously used in `client/package.json`
* fix: correct frontend:ci script to include client package build
* chore: enhance unused package detection for @librechat/client and improve dependency extraction
* fix: add missing peer dependency for @radix-ui/react-collapsible
* chore: include "packages/client" in unused i18next keys detection
* test: update AgentFooter tests to use document.querySelector for spinner checks
test: mock window.matchMedia in setupTests.js for consistent test environment
* feat: add react-hook-form dependency and update FormInput component to use its types
* chore: linting
* refactor: remove unused defaultSelectedValues prop from MCPSelect and MultiSelect components
* chore: linting
* feat: update GitHub Actions workflow to publish @librechat/client
* chore: update GitHub Actions workflow to install and build data-provider and client dependencies
* chore: add missing @testing-library/react dependency to client package
* chore: update tsconfig.json to exclude additional test files
* chore: fix build issues, resolve latest LC changes
* chore: move MCP components outside of `~/components/ui`
* feat: implement dynamic theme system with environment variable support and Tailwind CSS integration
* chore: remove unnecessary logging of sttExternal and ttsExternal in Speech component
* chore: squashed cleanup commits
chore: move @tanstack/react-virtual to dependencies and remove recoil from package.json
chore: move dependencies to peerDependencies in package.json
feat: update package.json and rollup.config.js to include jotai and enhance bundling configuration
feat: update package.json and rollup.config.js to include jotai and enhance bundling configuration
refactor: reorganize exports in index.ts for improved clarity
refactor: remove unused types and interfaces from common files
refactor: update peer dependencies and improve component typings
- Removed duplicate peer dependencies from package.json and organized them.
- Updated rollup.config.js to disable TypeScript checking during the build process.
- Modified AnimatedTabs component to use React.ReactNode for label and content types, and added TypeScript workarounds for compatibility.
- Enhanced Label and Separator components to accept an optional className prop and improved prop spreading.
- Updated Slider component to include an optional className prop and refined prop handling for better type safety.
refactor: clean up client workflow and update package dependencies
refactor: update package dependencies and improve PostCSS and Rollup configurations
chore: bump version to 0.1.2 in package.json
chore: bump client version to 0.1.2 in package-lock.json
chore: bump client version to 0.1.3 and update dependencies
chore: bump client version to 0.1.4 and update @react-spring dependencies
chore: update package version to 0.1.5 and adjust peer dependencies
- Bump version in package.json from 0.1.4 to 0.1.5.
- Update peer dependency for @tanstack/react-query to allow version 5.0.0.
- Add @tanstack/react-table and @tanstack/react-virtual as dependencies.
- Update various dependencies to their latest compatible versions.
- Simplify postcss.config.js by removing unnecessary options.
- Clean up rollup.config.js by removing ignored PostCSS warnings.
- Update CheckboxButton component to cast icon as React JSX element.
- Adjust Combobox component's class names for better styling.
- Change DropdownPopup component to use React's namespace import.
- Modify InputOTP component to use 'any' type for OTPInputContext.
- Ensure displayLabel and value in ModelParameters are converted to strings.
- Update MultiSearch component's placeholder to ensure it's a string.
- Cast selectIcon in MultiSelect as React JSX element for consistency.
- Update OGDialogTemplate to cast selectText as React JSX element.
- Initialize animationRef in PixelCard with undefined for clarity.
- Add TypeScript ignore comments in Select and SelectDropDown components for Radix UI type conflicts.
- Ensure title in SelectDropDown is a string and adjust rendering of options.
- Update useLocalize hook to cast options as any for compatibility.
refactor: code structure; chore: translations cleanup
chore: remove unused imports and clean up code in NewChat component
refactor: enhance Menu component to support custom render functions for menu items
style: update itemClassName in ToolsDropdown for improved UI consistency
fix: merge conflicts
chore: update @radix-ui/react-accordion to version 1.2.11
* refactor: remove unnecessary TypeScript type assertions in AnimatedTabs, Label, Separator, and Slider components
* feat: enhance theme system with localStorage persistence and new theme atoms
* chore: bump version of @librechat/client to 0.1.7
* chore: fix ci/cd warnings/errors related to linting and unused localization keys
* chore: update dependencies for class-variance-authority, clsx, and match-sorter
* chore: bump @librechat/client to v0.1.8
* feat: add utility colors for theme customization and remove unused tailwindConfig
* v0.1.9
---------
Co-authored-by: Marco Beretta <81851188+berry-13@users.noreply.github.com>
* 📦 chore: Remove `keyv` from peerDependencies in package.json and package-lock.json for data-schemas
* refactor: replace traverse import with custom object-traverse utility for better control and error handling during logging
* chore(data-schemas): bump version to 0.0.15 and remove unused dependencies
* refactor: optimize message construction in debugTraverse
* chore: update Node.js version to 20.x in data-schemas workflow
* ✨ feat: Add support for forced in-memory cache keys configuration
* refactor: Update cache keys to use uppercase constants and moved cache for `librechat.yaml` into its own cache namespace (STATIC_CONFIG) and with a more descriptive key (LIBRECHAT_YAML_CONFIG)
