- problem: `addImageUrls` had a side effect that was being leveraged before to populate both the `ocr` message field, now `fileContext`, and `client.options.attachments`, which would record the user's uploaded message attachments to the user message when saved to the database and returned at the end of the request lifecycle
- solution: created dedicated handling for file context, and made sure to populate `allFiles` with non-provider attachments
* Check file size of conversation being imported against a configured max size to prevent bringing down the application by uploading a large file
chore: remove non-english localization as needs to be added via locize
* feat: Implement file size validation for conversation imports to prevent oversized uploads
---------
Co-authored-by: Marc Amick <MarcAmick@jhu.edu>
Co-authored-by: Danny Avila <danny@librechat.ai>
* 📎 feat: Direct Provider Attachment Support for Multimodal Content
* 📑 feat: Anthropic Direct Provider Upload (#9072)
* feat: implement Anthropic native PDF support with document preservation
- Add comprehensive debug logging throughout PDF processing pipeline
- Refactor attachment processing to separate image and document handling
- Create distinct addImageURLs(), addDocuments(), and processAttachments() methods
- Fix critical bugs in stream handling and parameter passing
- Add streamToBuffer utility for proper stream-to-buffer conversion
- Remove api/agents submodule from repository
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* chore: remove out of scope formatting changes
* fix: stop duplication of file in chat on end of response stream
* chore: bring back file search and ocr options
* chore: localize upload to provider string in file menu
* refactor: change createMenuItems args to fit new pattern introduced by anthropic-native-pdf-support
* feat: add cache point for pdfs processed by anthropic endpoint since they are unlikely to change and should benefit from caching
* feat: combine Upload Image into Upload to Provider since they both perform direct upload and change provider upload icon to reflect multimodal upload
* feat: add citations support according to docs
* refactor: remove redundant 'document' check since documents are handled properly by formatMessage in the agents repo now
* refactor: change upload logic so anthropic endpoint isn't exempted from normal upload path using Agents for consistency with the rest of the upload logic
* fix: include width and height in return from uploadLocalFile so images are correctly identified when going through an AgentUpload in addImageURLs
* chore: remove client specific handling since the direct provider stuff is handled by the agent client
* feat: handle documents in AgentClient so no need for change to agents repo
* chore: removed unused changes
* chore: remove auto generated comments from OG commit
* feat: add logic for agents to use direct to provider uploads if supported (currently just anthropic)
* fix: reintroduce role check to fix render error because of undefined value for Content Part
* fix: actually fix render bug by using proper isCreatedByUser check and making sure our mutation of formattedMessage.content is consistent
---------
Co-authored-by: Andres Restrepo <andres@thelinuxkid.com>
Co-authored-by: Claude <noreply@anthropic.com>
📁 feat: Send Attachments Directly to Provider (OpenAI) (#9098)
* refactor: change references from direct upload to direct attach to better reflect functionality
since we are just using base64 encoding strategy now rather than Files/File API for sending our attachments directly to the provider, the upload nomenclature no longer makes sense. direct_attach better describes the different methods of sending attachments to providers anyways even if we later introduce direct upload support
* feat: add upload to provider option for openai (and agent) ui
* chore: move anthropic pdf validator over to packages/api
* feat: simple pdf validation according to openai docs
* feat: add provider agnostic validatePdf logic to start handling multiple endpoints
* feat: add handling for openai specific documentPart formatting
* refactor: move require statement to proper place at top of file
* chore: add in openAI endpoint for the rest of the document handling logic
* feat: add direct attach support for azureOpenAI endpoint and agents
* feat: add pdf validation for azureOpenAI endpoint
* refactor: unify all the endpoint checks with isDocumentSupportedEndpoint
* refactor: consolidate Upload to Provider vs Upload image logic for clarity
* refactor: remove anthropic from anthropic_multimodal fileType since we support multiple providers now
🗂️ feat: Send Attachments Directly to Provider (Google) (#9100)
* feat: add validation for google PDFs and add google endpoint as a document supporting endpoint
* feat: add proper pdf formatting for google endpoints (requires PR #14 in agents)
* feat: add multimodal support for google endpoint attachments
* feat: add audio file svg
* fix: refactor attachments logic so multi-attachment messages work properly
* feat: add video file svg
* fix: allows for followup questions of uploaded multimodal attachments
* fix: remove incorrect final message filtering that was breaking Attachment component rendering
fix: manualy rename 'documents' to 'Documents' in git since it wasn't picked up due to case insensitivity in dir name
fix: add logic so filepicker for a google agent has proper filetype filtering
🛫 refactor: Move Encoding Logic to packages/api (#9182)
* refactor: move audio encode over to TS
* refactor: audio encoding now functional in LC again
* refactor: move video encode over to TS
* refactor: move document encode over to TS
* refactor: video encoding now functional in LC again
* refactor: document encoding now functional in LC again
* fix: extend file type options in AttachFileMenu to include 'google_multimodal' and update dependency array to include agent?.provider
* feat: only accept pdfs if responses api is enabled for openai convos
chore: address ESLint comments
chore: add missing audio mimetype
* fix: type safety for message content parts and improve null handling
* chore: reorder AttachFileMenuProps for consistency and clarity
* chore: import order in AttachFileMenu
* fix: improve null handling for text parts in parseTextParts function
* fix: remove no longer used unsupported capability error message for file uploads
* fix: OpenAI Direct File Attachment Format
* fix: update encodeAndFormatDocuments to support OpenAI responses API and enhance document result types
* refactor: broaden providers supported for documents
* feat: enhance DragDrop context and modal to support document uploads based on provider capabilities
* fix: reorder import statements for consistency in video encoding module
---------
Co-authored-by: Dustin Healy <54083382+dustinhealy@users.noreply.github.com>
* 🔧 chore: Update @librechat/agents to v2.4.84 in package.json and package-lock.json
* feat: Serper as new scraperProvider for Web Search and add firecrawlVersion support
* fix: TWebSearchKeys and ensure unique API keys extraction
* chore: Add build:packages script to streamline package builds
* chore: linting for `loadCustomConfig`
* refactor: decouple CDN init and variable/health checks from AppService
* refactor: move AppService to packages/data-schemas
* chore: update AppConfig import path to use data-schemas
* chore: update JsonSchemaType import path to use data-schemas
* refactor: update UserController to import webSearchKeys and redefine FunctionTool typedef
* chore: remove AppService.js
* refactor: update AppConfig interface to use Partial<TCustomConfig> and make paths and fileStrategies optional
* refactor: update checkConfig function to accept Partial<TCustomConfig>
* chore: fix types
* refactor: move handleRateLimits to startup checks as is an effect
* test: remove outdated rate limit tests from AppService.spec and add new handleRateLimits tests in checks.spec
* ⚙️ chore: Resolve Build Warning and `keyvMongo` types
* 🔄 chore: Update mongodb version to ^6.14.2 in package.json and package-lock.json
* chore: remove @langchain/openai dep
* 🔄 refactor: Change log level from warn to debug for missing endpoint config
* 🔄 refactor: Improve temp chat expiration date calculation in tests and implementation
* initialize servers sequentially
* adjust for exported properties that are not nullable anymore
* use underscore separator
* mock with set
* customize init timeout via env var
* refactor for readability, use loaded conns for tool functions
* address PR comments
* clean up fire-and-forget
* fix tests
* Refactor: Moved Redis cache infra logic into `packages/api`
- Moved cacheFactory and redisClients from `api/cache` into `packages/api/src/cache` so that features in `packages/api` can use cache without importing backward from the backend.
- Converted all moved files into TS with proper typing.
- Created integration tests to run against actual Redis servers for redisClients and cacheFactory.
- Added a GitHub workflow to run integration tests for the cache feature.
- Bug fix: keyvRedisClient now implements the PING feature properly.
* chore: consolidate imports in getLogStores.js
* chore: reorder imports
* chore: re-add fs-extra as dev dep.
* chore: reorder imports in cacheConfig.ts, cacheFactory.ts, and keyvMongo.ts
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* 🧹 chore: Update logger imports to use @librechat/data-schemas across multiple files and remove unused sleep function from queue.js (#9930)
* chore: Replace local isEnabled utility with @librechat/api import across multiple files, update test files
* chore: Replace local logger import with @librechat/data-schemas logger in countTokens.js and fork.js
* chore: Update logs volume path in docker-compose.yml to correct directory
* chore: import order of isEnabled in static.js
* initialize servers sequentially
* adjust for exported properties that are not nullable anymore
* use underscore separator
* mock with set
* customize init timeout via env var
* chore: move domain related functions to `packages/api`
* fix: isEmailDomainAllowed for case-insensitive domain matching
- Added tests to validate case-insensitive matching for email domains in various scenarios.
- Updated isEmailDomainAllowed function to convert email domains to lowercase for consistent comparison.
- Improved handling of null/undefined entries in allowedDomains.
* ci: Mock isEmailDomainAllowed in samlStrategy tests
- Added a mock implementation for isEmailDomainAllowed to return true in samlStrategy tests, ensuring consistent behavior during test execution.
* ci: Update import of isEmailDomainAllowed in ldapStrategy tests
- Changed the import of isEmailDomainAllowed from the domains service to the api package for consistency and to reflect recent refactoring.
* refactor: move `loadOCRConfig` from `packages/data-provider` to `packages/api` and return `undefined` if not explicitly configured
* fix: loadOCRConfig import from @librechat/api
* refactor: update defaultTextMimeTypes to support virtually all file types for text parsing
* fix: improve OCR capability check and error message for unsupported file types
* ci: remove unnecessary ocr expectation from AppService test
- Fixed a bug in reinitMCPServer where a user connection was created for an app-level server whenever this server is reinitialized
- Made MCPManager.getUserConnection to return an error if the connection is app-level
- Add MCPManager.getConnection to return either an app connection or a user connection based on the serverName
- Made MCPManager.appConnections public to avoid unnecessary wrapper methods.
* 🕵️ feat: Enhance Index Sync and MeiliSearch filtering for User Field
- Implemented `ensureFilterableAttributes` function to configure MeiliSearch indexes for messages and conversations to filter by user.
- Updated sync logic to trigger a full re-sync if the user field is missing or index settings are modified.
- Adjusted search queries in Conversation and Message models to include user filtering.
- Ensured 'user' field is marked as filterable in MongoDB schema for both messages and conversations.
This update improves data integrity and search capabilities by ensuring user-related data is properly indexed and retrievable.
* fix: message processing in Search component to use linear list and not tree
* feat: Implement user filtering in MeiliSearch for shared links
* refactor: Optimize message search retrieval by batching database calls
* chore: Update MeiliSearch parameters type to use SearchParams for improved type safety
* add use of immutable claims to identify user object
* fix semicolons
* update email attribute on change
* replace ternary expressions
* fix semicolon
* chore: add typing
* chore: reorder fields in `findOpenIDUser`
* refactor: optimize user lookup logic in `findOpenIDUser` function to minimize database roundtrips
* refactor: integrate findOpenIDUser for improved user retrieval in refreshController
* refactor: improve error logging for invalid refresh tokens in refreshController
* ci: mock findUser correctly in openidStrategy tests
* test: add unit tests for findOpenIDUser function to enhance user retrieval logic
---------
Co-authored-by: Joachim Keltsch <joachim.keltsch@daimlertruck.com>
🔄 refactor: Optimize MCP Tool Initialization
fix: update tool caching to use separated mcp logic
refactor: Replace `req.user` with `userId` in MCP handling functions
refactor: Replace `req` parameter with `userId` in file search tool functions
fix: Update user connection parameter to use object format in reinitMCPServer
refactor: Simplify MCP tool creation logic and improve handling of tool configurations to avoid capturing too much in closures
refactor: ensure MCP available tools are fetched from cache only when needed
* fix: axios response logging for text parsing, remove console logging, remove jsdoc
* refactor: error logging in logAxiosError function to handle various error types with type guards
* refactor: enhance text parsing with improved error handling and async file reading
* refactor: replace synchronous file reading with asynchronous methods for improved performance and memory management
* ci: update tests
* fix: increment tag counters when forking/duplicating conversations
- Add bulkIncrementTagCounts to update existing tag counts in bulk
- Integrate tag count updates into importBatchBuilder.saveBatch() using Promise.all
- Update frontend mutations to directly update cache instead of invalidating queries
- Optimize bulkIncrementTagCounts to skip unnecessary database queries
Fixes issue where forked/duplicated conversations with bookmarks would not increment
tag counters, leading to negative counts when bookmarks were later removed.
* chore: reorder import statements for clarity in fork.spec.js
* fix: respect server's token endpoint auth methods for MCP OAuth refresh
Previously, LibreChat always used Basic Auth when refreshing OAuth tokens if a
client_secret was present. This caused issues with servers (like FastMCP) that
only support client_secret_post. Now properly checks and respects the server's
advertised token_endpoint_auth_methods_supported.
Fixes token refresh failures with error: "refresh_token.client_id: Field required"
* chore: remove MCP OAuth URL Logging
* WIP: conversion of `ocr` to `context`
* refactor: make `primeResources` backwards-compatible for `ocr` tool_resources
* refactor: Convert legacy `ocr` tool resource to `context` in agent updates
- Implemented conversion logic to replace `ocr` with `context` in both incoming updates and existing agent data.
- Merged file IDs and files from `ocr` into `context` while ensuring deduplication.
- Updated tools array to reflect the change from `ocr` to `context`.
* refactor: Enhance context file handling in agent processing
- Updated the logic for managing context files by consolidating file IDs from both `ocr` and `context` resources.
- Improved backwards compatibility by ensuring that context files are correctly populated and handled.
- Simplified the iteration over context files for better readability and maintainability.
* refactor: Enhance tool_resources handling in primeResources
- Added tests to verify the deletion behavior of tool_resources fields, ensuring original objects remain unchanged.
- Implemented logic to delete `ocr` and `context` fields after fetching and re-categorizing files.
- Preserved context field when the context capability is disabled, ensuring correct behavior in various scenarios.
* refactor: Replace `ocrEnabled` with `contextEnabled` in AgentConfig
* refactor: Adjust legacy tool handling order for improved clarity
* refactor: Implement OCR to context conversion functions and remove original conversion logic in update agent handling
* refactor: Move contextEnabled declaration to maintain consistent order in capabilities
* refactor: Update localization keys for file context to improve clarity and accuracy
* chore: Update localization key for file context information to improve clarity
- Implemented `getAgents` function to retrieve multiple agent documents based on search parameters.
- Updated `fileAccess` middleware to utilize `getAgents` instead of `getAgent` for improved file access checks.
- Added comprehensive tests for file access middleware, covering various scenarios including user permissions and agent ownership.
* ✂️ refactor: use artifacts and callbacks to pass UI resources
* chore: imports
* refactor: Update UIResource type imports and definitions across components and tests
* refactor: Update ToolCallInfo test data structure and enhance TAttachment type definition
---------
Co-authored-by: Samuel Path <samuel.path@shopify.com>
* refactor: Optimize Email Domain Validation in OpenID, SAML, and Social Login Strategies
- Implemented email domain validation for user authentication in OpenID and SAML strategies, ensuring only allowed domains are processed.
- Adjusted error messages for clarity and consistency across authentication methods.
- Refactored social login to validate email domains before checking for existing users, improving registration flow.
* refactor: Email Domain Validation in LDAP and Social Login Strategies
* Remove unused STATIC_CONFIG and LIBRECHAT_YAML_CONFIG cache keys.
These cache keys were identified as dead code - they were being written to but never read from anywhere in the codebase after a recent refactor:
- STATIC_CONFIG was used as a cache namespace that stored configuration data
- LIBRECHAT_YAML_CONFIG was the key used within that namespace to store parsed YAML config
- The cache.set() operation in loadCustomConfig.js stored the config but no cache.get() operations retrieved it
- Configuration data is already handled through other mechanisms without caching
* # removed tests regarding cache
- This allows use APP_CONFIG in FORCED_IN_MEMORY_CACHE_NAMESPACES
- Remove the complexity of nested namespace (e.g. we no longer have to worry about the prefix of every role key)
* fix: ChatGPT import logic breaks message graph when it encounters a system message
- Implemented `findNonSystemParent` to maintain parent-child relationships by skipping system messages.
- Added a test case to ensure system messages do not disrupt the conversation flow during import.
* fix: ChatGPT import, correct sender for user messages with GPT-4 model
* fix: Enhance model name extraction for assistant messages in import process
- Updated sender assignment logic to dynamically extract model names from model slugs, improving accuracy for various GPT models.
- Added comprehensive tests to validate the extraction and formatting of model names from different model slugs, ensuring robustness in the import functionality.
* refactor: modularize openai llm config logic into new getOpenAILLMConfig function (#9412)
* ✈️ refactor: Migrate Anthropic's getLLMConfig to TypeScript (#9413)
* refactor: move tokens.js over to packages/api and update imports
* refactor: port tokens.js to typescript
* refactor: move helpers.js over to packages/api and update imports
* refactor: port helpers.js to typescript
* refactor: move anthropic/llm.js over to packages/api and update imports
* refactor: port anthropic/llm.js to typescript with supporting types in types/anthropic.ts and updated tests in llm.spec.js
* refactor: move llm.spec.js over to packages/api and update import
* refactor: port llm.spec.js over to typescript
* 📝 Add Prompt Parameter Support for Anthropic Custom Endpoints (#9414)
feat: add anthropic llm config support for openai-like (custom) endpoints
* fix: missed compiler / type issues from addition of getAnthropicLLMConfig
* refactor: update tokens.ts to export constants and functions, enhance type definitions, and adjust default values
* WIP: first pass, decouple `llmConfig` from `configOptions`
* chore: update import path for OpenAI configuration from 'llm' to 'config'
* refactor: enhance type definitions for ThinkingConfig and update modelOptions in AnthropicConfigOptions
* refactor: cleanup type, introduce openai transform from alt provider
* chore: integrate removeNullishValues in Google llmConfig and update OpenAI exports
* chore: bump version of @librechat/api to 1.3.5 in package.json and package-lock.json
* refactor: update customParams type in OpenAIConfigOptions to use TConfig['customParams']
* refactor: enhance transformToOpenAIConfig to include fromEndpoint and improve config extraction
* refactor: conform userId field for anthropic/openai, cleanup anthropic typing
* ci: add backward compatibility tests for getOpenAIConfig with various endpoints and configurations
* ci: replace userId with user in clientOptions for getLLMConfig
* test: add Azure OpenAI endpoint tests for various configurations in getOpenAIConfig
* refactor: defaultHeaders retrieval for prompt caching for anthropic-based custom endpoint (litellm)
* test: add unit tests for getOpenAIConfig with various Anthropic model configurations
* test: enhance Anthropic compatibility tests with addParams and dropParams handling
* chore: update @librechat/agents dependency to version 2.4.78 in package.json and package-lock.json
* chore: update @librechat/agents dependency to version 2.4.79 in package.json and package-lock.json
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* fix: freq. and pres. penalty use camelcase
* ci: OpenAI Configuration Tests
* ci: Enhance OpenAI Configuration Tests with Azure and Custom Endpoint Scenarios
* Added integration tests for OpenAI and Azure configurations simulating various initialization scenarios.
* Updated OpenAIConfigOptions to allow null values for reverseProxyUrl and proxy.
* Improved handling of reasoning parameters in tests for both OpenAI and Azure setups.
* Ensured robust error handling for missing API keys and malformed configurations.
* Optimized performance for large parameter sets in configuration.
* test: Add comprehensive integration tests for Anthropic LLM configuration
* Introduced real usage integration tests for various Anthropic endpoint configurations, including handling of proxy and reverse proxy setups.
* Implemented model-specific scenarios for Claude-3.7 and web search functionality.
* Enhanced error handling for missing user IDs and large parameter sets.
* Validated parameter logic, including default values, boundary conditions, and type handling for numeric and array parameters.
* Ensured proper exclusion of system options from model options and maintained expected behavior across different model variations.
* feat: added support for custom JINA_API_URL
* fixed tests
* chore: Update @librechat/agents dependency to version 2.4.77 in package-lock.json and package.json files
* fix: Update Jina API URL to use environment variable in configuration files
* Refactor AppService, web.ts, and config.ts to replace hardcoded Jina API URL with an environment variable placeholder.
* Ensure consistency across tests and configuration for Jina API URL.
* chore: alphabetical order translation.json
* fix: alphabetical order
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* Refactor deleteTokens to use an array of conditions for querying, ensuring only specified fields are considered for deletion.
* Add error handling to prevent accidental deletion when no query parameters are provided.
* Update AuthService to match the new deleteTokens signature by passing an object instead of a string for email.
* Make file search citations conditional
* refactor: improve permission handling to avoid redundant checks by including it in artifact
* chore: reorder imports for better organization and clarity
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
