* refactor: self-healing tenant isolation update guard
Replace the strict throw-on-any-tenantId guard with a
strip-or-throw approach:
- $set/$setOnInsert: strip when value matches current tenant
or no context is active; throw only on cross-tenant mutations
- $unset/$rename: always strip (unsetting/renaming tenantId
is never valid)
- Top-level tenantId: same logic as $set
This eliminates the entire class of "tenantId in update payload"
bugs at the plugin level while preserving the cross-tenant
security invariant.
* test: update mutation guard tests for self-healing behavior
- Convert same-tenant $set/$setOnInsert tests to expect silent
stripping instead of throws
- Convert $unset test to expect silent stripping
- Add cross-tenant throw tests for $set, $setOnInsert, top-level
- Add same-tenant stripping tests for $set, $setOnInsert, top-level
- Add $rename stripping test
- Add no-context stripping test
- Update error message assertions to match new cross-tenant message
* revert: remove call-site tenantId stripping patches
Revert the per-call-site tenantId stripping from #12498 and
the excludedKeys patch from #12501. These are no longer needed
since the self-healing guard handles tenantId in update payloads
at the plugin level.
Reverted patches:
- conversation.ts: delete update.tenantId in saveConvo(),
tenantId destructuring in bulkSaveConvos()
- message.ts: delete update.tenantId in saveMessage() and
recordMessage(), tenantId destructuring in bulkSaveMessages()
and updateMessage()
- config.ts: tenantId in excludedKeys Set
- config.spec.ts: tenantId in excludedKeys test assertion
* fix: strip tenantId from update documents in tenantSafeBulkWrite
Mongoose middleware does not fire for bulkWrite, so the plugin-level
guard never sees update payloads in bulk operations. Extend
injectTenantId() to strip tenantId from update documents for
updateOne/updateMany operations, preventing cross-tenant overwrites.
* refactor: rename guard, add empty-op cleanup and strict-mode warning
- Rename assertNoTenantIdMutation to sanitizeTenantIdMutation
- Remove empty operator objects after stripping to avoid MongoDB errors
- Log warning in strict mode when stripping tenantId without context
- Fix $setOnInsert test to use upsert:true with non-matching filter
* test: fix bulk-save tests and add negative excludedKeys assertion
- Wrap bulkSaveConvos/bulkSaveMessages tests in tenantStorage.run()
to exercise the actual multi-tenant stripping path
- Assert tenantId equals the real tenant, not undefined
- Add negative assertion: excludedKeys must NOT contain tenantId
* fix: type-safe tenantId stripping in tenantSafeBulkWrite
- Fix TS2345 error: replace conditional type inference with
UpdateQuery<Record<string, unknown>> for stripTenantIdFromUpdate
- Handle empty updates after stripping (e.g., $set: { tenantId } as
sole field) by filtering null ops from the bulk array
- Add 4 tests for bulk update tenantId stripping: plain-object update,
$set stripping, $unset stripping, and sole-field-in-$set edge case
* fix: resolve TS2345 in stripTenantIdFromUpdate parameter type
Use Record<string, unknown> instead of UpdateQuery<> to avoid
type incompatibility with Mongoose's AnyObject-based UpdateQuery
resolution in CI.
* fix: strip tenantId from bulk updates unconditionally
Separate sanitization from injection in tenantSafeBulkWrite:
tenantId is now stripped from all update documents before any
tenant-context checks, closing the gap where no-context and
system-context paths passed caller-supplied tenantId through
to MongoDB unmodified.
* refactor: address review findings in tenant isolation
- Fix early-return gap in stripTenantIdFromUpdate that skipped
operator-level tenantId when top-level was also present
- Lazy-allocate copy in stripTenantIdFromUpdate (no allocation
when no tenantId is present)
- Document behavioral asymmetry: plugin throws on cross-tenant,
bulkWrite strips silently (intentional, documented in JSDoc)
- Remove double JSDoc on injectTenantId
- Remove redundant cast in stripTenantIdFromUpdate
- Use shared frozen EMPTY_BULK_RESULT constant
- Remove Record<string, unknown> annotation in recordMessage
- Isolate bulkSave* tests: pre-create docs then update with
cross-tenant payload, read via runAsSystem to prove stripping
is independent of filter injection
* fix: no-op empty updates after tenantId sanitization
When tenantId is the sole field in an update (e.g., { $set: { tenantId } }),
sanitization leaves an empty update object that would fail with
"Update document requires atomic operators." The updateGuard now
detects this and short-circuits the query by adding an unmatchable
filter condition and disabling upsert, matching the bulk-write
handling that filters out null ops.
* refactor: remove dead logger.warn branches, add mixed-case test
- Remove unreachable logger.warn calls in sanitizeTenantIdMutation:
queryMiddleware throws before updateGuard in strict+no-context,
and isStrict() is false in non-strict+no-context
- Add test for combined top-level + operator-level tenantId stripping
to lock in the early-return fix
* feat: ESLint rule to ban raw bulkWrite and collection.* in data-schemas
Add no-restricted-syntax rules to the data-schemas ESLint config that
flag direct Model.bulkWrite() and Model.collection.* calls. These
bypass Mongoose middleware and the tenant isolation plugin — all bulk
writes must use tenantSafeBulkWrite() instead.
Test files are excluded since they intentionally use raw driver calls
for fixture setup.
Also migrate the one remaining raw bulkWrite in seedSystemGrants() to
use tenantSafeBulkWrite() for consistency.
* test: add findByIdAndUpdate coverage to mutation guard tests
* fix: keep tenantSafeBulkWrite in seedSystemGrants, fix ESLint config
- Revert to tenantSafeBulkWrite in seedSystemGrants (always runs
under runAsSystem, so the wrapper passes through correctly)
- Split data-schemas ESLint config: shared TS rules for all files,
no-restricted-syntax only for production non-wrapper files
- Fix unused destructure vars to use _tenantId pattern
* chore: move database model methods to /packages/data-schemas
* chore: add TypeScript ESLint rule to warn on unused variables
* refactor: model imports to streamline access
- Consolidated model imports across various files to improve code organization and reduce redundancy.
- Updated imports for models such as Assistant, Message, Conversation, and others to a unified import path.
- Adjusted middleware and service files to reflect the new import structure, ensuring functionality remains intact.
- Enhanced test files to align with the new import paths, maintaining test coverage and integrity.
* chore: migrate database models to packages/data-schemas and refactor all direct Mongoose Model usage outside of data-schemas
* test: update agent model mocks in unit tests
- Added `getAgent` mock to `client.test.js` to enhance test coverage for agent-related functionality.
- Removed redundant `getAgent` and `getAgents` mocks from `openai.spec.js` and `responses.unit.spec.js` to streamline test setup and reduce duplication.
- Ensured consistency in agent mock implementations across test files.
* fix: update types in data-schemas
* refactor: enhance type definitions in transaction and spending methods
- Updated type definitions in `checkBalance.ts` to use specific request and response types.
- Refined `spendTokens.ts` to utilize a new `SpendTxData` interface for better clarity and type safety.
- Improved transaction handling in `transaction.ts` by introducing `TransactionResult` and `TxData` interfaces, ensuring consistent data structures across methods.
- Adjusted unit tests in `transaction.spec.ts` to accommodate new type definitions and enhance robustness.
* refactor: streamline model imports and enhance code organization
- Consolidated model imports across various controllers and services to a unified import path, improving code clarity and reducing redundancy.
- Updated multiple files to reflect the new import structure, ensuring all functionalities remain intact.
- Enhanced overall code organization by removing duplicate import statements and optimizing the usage of model methods.
* feat: implement loadAddedAgent and refactor agent loading logic
- Introduced `loadAddedAgent` function to handle loading agents from added conversations, supporting multi-convo parallel execution.
- Created a new `load.ts` file to encapsulate agent loading functionalities, including `loadEphemeralAgent` and `loadAgent`.
- Updated the `index.ts` file to export the new `load` module instead of the deprecated `loadAgent`.
- Enhanced type definitions and improved error handling in the agent loading process.
- Adjusted unit tests to reflect changes in the agent loading structure and ensure comprehensive coverage.
* refactor: enhance balance handling with new update interface
- Introduced `IBalanceUpdate` interface to streamline balance update operations across the codebase.
- Updated `upsertBalanceFields` method signatures in `balance.ts`, `transaction.ts`, and related tests to utilize the new interface for improved type safety.
- Adjusted type imports in `balance.spec.ts` to include `IBalanceUpdate`, ensuring consistency in balance management functionalities.
- Enhanced overall code clarity and maintainability by refining type definitions related to balance operations.
* feat: add unit tests for loadAgent functionality and enhance agent loading logic
- Introduced comprehensive unit tests for the `loadAgent` function, covering various scenarios including null and empty agent IDs, loading of ephemeral agents, and permission checks.
- Enhanced the `initializeClient` function by moving `getConvoFiles` to the correct position in the database method exports, ensuring proper functionality.
- Improved test coverage for agent loading, including handling of non-existent agents and user permissions.
* chore: reorder memory method exports for consistency
- Moved `deleteAllUserMemories` to the correct position in the exported memory methods, ensuring a consistent and logical order of method exports in `memory.ts`.
* feat: replace unsupported MongoDB aggregation operators for FerretDB compatibility
Replace $lookup, $unwind, $sample, $replaceRoot, and $addFields aggregation
stages which are unsupported on FerretDB v2.x (postgres-documentdb backend).
- Prompt.js: Replace $lookup/$unwind/$project pipelines with find().select().lean()
+ attachProductionPrompts() batch helper. Replace $group/$replaceRoot/$sample
in getRandomPromptGroups with distinct() + Fisher-Yates shuffle.
- Agent/Prompt migration scripts: Replace $lookup anti-join pattern with
distinct() + $nin two-step queries for finding un-migrated resources.
All replacement patterns verified against FerretDB v2.7.0.
* fix: use $pullAll for simple array removals, fix memberIds type mismatches
Replace $pull with $pullAll for exact-value scalar array removals. Both
operators work on MongoDB and FerretDB, but $pullAll is more explicit for
exact matching (no condition expressions).
Fix critical type mismatch bugs where ObjectId values were used against
String[] memberIds arrays in Group queries:
- config/delete-user.js: use string uid instead of ObjectId user._id
- e2e/setup/cleanupUser.ts: convert userId.toString() before query
Harden PermissionService.bulkUpdateResourcePermissions abort handling to
prevent crash when abortTransaction is called after commitTransaction.
All changes verified against FerretDB v2.7.0 and MongoDB Memory Server.
* fix: harden transaction support probe for FerretDB compatibility
Commit the transaction before aborting in supportsTransactions probe, and
wrap abortTransaction in try-catch to prevent crashes when abort is called
after a successful commit (observed behavior on FerretDB).
* feat: add FerretDB compatibility test suite, retry utilities, and CI config
Add comprehensive FerretDB integration test suite covering:
- $pullAll scalar array operations
- $pull with subdocument conditions
- $lookup replacement (find + manual join)
- $sample replacement (distinct + Fisher-Yates)
- $bit and $bitsAllSet operations
- Migration anti-join pattern
- Multi-tenancy (useDb, scaling, write amplification)
- Sharding proof-of-concept
- Production operations (backup/restore, schema migration, deadlock retry)
Add production retryWithBackoff utility for deadlock recovery during
concurrent index creation on FerretDB/DocumentDB backends.
Add UserController.spec.js tests for deleteUserController (runs in CI).
Configure jest and eslint to isolate FerretDB tests from CI pipelines:
- packages/data-schemas/jest.config.mjs: ignore misc/ directory
- eslint.config.mjs: ignore packages/data-schemas/misc/
Include Docker Compose config for local FerretDB v2.7 + postgres-documentdb,
dedicated jest/tsconfig for the test files, and multi-tenancy findings doc.
* style: brace formatting in aclEntry.ts modifyPermissionBits
* refactor: reorganize retry utilities and update imports
- Moved retryWithBackoff utility to a new file `retry.ts` for better structure.
- Updated imports in `orgOperations.ferretdb.spec.ts` to reflect the new location of retry utilities.
- Removed old import statement for retryWithBackoff from index.ts to streamline exports.
* test: add $pullAll coverage for ConversationTag and PermissionService
Add integration tests for deleteConversationTag verifying $pullAll
removes tags from conversations correctly, and for
syncUserEntraGroupMemberships verifying $pullAll removes user from
non-matching Entra groups while preserving local group membership.
---------
Extract 7 standalone utilities from api/server/controllers/agents/client.js
into packages/api/src/agents/client.ts for TypeScript support and to
declutter the 1400-line controller module:
- omitTitleOptions: Set of keys to exclude from title generation options
- payloadParser: Extracts model_parameters from request body for non-agent endpoints
- createTokenCounter: Factory for langchain-compatible token counting functions
- logToolError: Callback handler for agent tool execution errors
- findPrimaryAgentId: Resolves primary agent from suffixed parallel agent IDs
- createMultiAgentMapper: Message content processor that filters parallel agent
output to primary agents and applies agent labels for handoff/multi-agent flows
Supporting changes:
- Add endpointOption and endpointType to RequestBody type (packages/api/src/types/http.ts)
so payloadParser can access middleware-attached fields without type casts
- Add @typescript-eslint/no-unused-vars with underscore ignore patterns to the
packages/api eslint config block, matching the convention used by client/ and
data-provider/ blocks
- Update agent controller imports to consume the moved functions from @librechat/api
and remove now-unused direct imports (logAxiosError, labelContentByAgent,
getTokenCountForMessage)
* 🔄 Refactoring: MCP Runtime Configuration Reload
- PrivateServerConfigs own cache classes (inMemory and Redis).
- Connections staleness detection by comparing (connection.createdAt and config.LastUpdatedAt)
- ConnectionsRepo access Registry instead of in memory config dict and renew stale connections
- MCPManager: adjusted init of ConnectionsRepo (app level)
- UserConnectionManager: renew stale connections
- skipped test, to test "should only clear keys in its own namespace"
- MCPPrivateServerLoader: new component to manage logic of loading / editing private servers on runtime
- PrivateServersLoadStatusCache to track private server cache status
- New unit and integration tests.
Misc:
- add es lint rule to enforce line between class methods
* Fix cluster mode batch update and delete workarround. Fixed unit tests for cluster mode.
* Fix Keyv redis clear cache namespace awareness issue + Integration tests fixes
* chore: address copilot comments
* Fixing rebase issue: removed the mcp config fallback in single getServerConfig method:
- to not to interfere with the logic of the right Tier (APP/USER/Private)
- If userId is null, the getServerConfig should not return configs that are a SharedUser tier and not APP tier
* chore: add dev-staging branch to workflow triggers for backend, cache integration, and ESLint checks
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
* 🔒 fix: `iconURL` in conversation parsing
- Updated the `buildEndpointOption` middleware to derive `iconURL` from model specs when not provided by the client, improving security by preventing malicious URLs.
- Modified the `parseCompactConvo` function to strip `iconURL` from conversation inputs, ensuring it is only set server-side.
- Added comprehensive tests to validate the stripping of `iconURL` across various endpoint types, enhancing overall input sanitization.
* ✨ feat: Add ESLint rule for unused variables
- Introduced a new ESLint rule to warn about unused variables, allowing for better code quality and maintainability.
- Configured the rule to ignore variables and arguments that start with an underscore, accommodating common coding practices.
* chore: Remove eslint-plugin-perfectionist from dependencies
* 🚌 fix: MCP Runtime Errors while Initializing
* chore: Bump @librechat/api version to 1.3.1
* chore: import order
* chore: import order
* 🧠 feat: User Memories for Conversational Context
chore: mcp typing, use `t`
WIP: first pass, Memories UI
- Added MemoryViewer component for displaying, editing, and deleting user memories.
- Integrated data provider hooks for fetching, updating, and deleting memories.
- Implemented pagination and loading states for better user experience.
- Created unit tests for MemoryViewer to ensure functionality and interaction with data provider.
- Updated translation files to include new UI strings related to memories.
chore: move mcp-related files to own directory
chore: rename librechat-mcp to librechat-api
WIP: first pass, memory processing and data schemas
chore: linting in fileSearch.js query description
chore: rename librechat-api to @librechat/api across the project
WIP: first pass, functional memory agent
feat: add MemoryEditDialog and MemoryViewer components for managing user memories
- Introduced MemoryEditDialog for editing memory entries with validation and toast notifications.
- Updated MemoryViewer to support editing and deleting memories, including pagination and loading states.
- Enhanced data provider to handle memory updates with optional original key for better management.
- Added new localization strings for memory-related UI elements.
feat: add memory permissions management
- Implemented memory permissions in the backend, allowing roles to have specific permissions for using, creating, updating, and reading memories.
- Added new API endpoints for updating memory permissions associated with roles.
- Created a new AdminSettings component for managing memory permissions in the frontend.
- Integrated memory permissions into the existing roles and permissions schemas.
- Updated the interface to include memory settings and permissions.
- Enhanced the MemoryViewer component to conditionally render admin settings based on user roles.
- Added localization support for memory permissions in the translation files.
feat: move AdminSettings component to a new position in MemoryViewer for better visibility
refactor: clean up commented code in MemoryViewer component
feat: enhance MemoryViewer with search functionality and improve MemoryEditDialog integration
- Added a search input to filter memories in the MemoryViewer component.
- Refactored MemoryEditDialog to accept children for better customization.
- Updated MemoryViewer to utilize the new EditMemoryButton and DeleteMemoryButton components for editing and deleting memories.
- Improved localization support by adding new strings for memory filtering and deletion confirmation.
refactor: optimize memory filtering in MemoryViewer using match-sorter
- Replaced manual filtering logic with match-sorter for improved search functionality.
- Enhanced performance and readability of the filteredMemories computation.
feat: enhance MemoryEditDialog with triggerRef and improve updateMemory mutation handling
feat: implement access control for MemoryEditDialog and MemoryViewer components
refactor: remove commented out code and create runMemory method
refactor: rename role based files
feat: implement access control for memory usage in AgentClient
refactor: simplify checkVisionRequest method in AgentClient by removing commented-out code
refactor: make `agents` dir in api package
refactor: migrate Azure utilities to TypeScript and consolidate imports
refactor: move sanitizeFilename function to a new file and update imports, add related tests
refactor: update LLM configuration types and consolidate Azure options in the API package
chore: linting
chore: import order
refactor: replace getLLMConfig with getOpenAIConfig and remove unused LLM configuration file
chore: update winston-daily-rotate-file to version 5.0.0 and add object-hash dependency in package-lock.json
refactor: move primeResources and optionalChainWithEmptyCheck functions to resources.ts and update imports
refactor: move createRun function to a new run.ts file and update related imports
fix: ensure safeAttachments is correctly typed as an array of TFile
chore: add node-fetch dependency and refactor fetch-related functions into packages/api/utils, removing the old generators file
refactor: enhance TEndpointOption type by using Pick to streamline endpoint fields and add new properties for model parameters and client options
feat: implement initializeOpenAIOptions function and update OpenAI types for enhanced configuration handling
fix: update types due to new TEndpointOption typing
fix: ensure safe access to group parameters in initializeOpenAIOptions function
fix: remove redundant API key validation comment in initializeOpenAIOptions function
refactor: rename initializeOpenAIOptions to initializeOpenAI for consistency and update related documentation
refactor: decouple req.body fields and tool loading from initializeAgentOptions
chore: linting
refactor: adjust column widths in MemoryViewer for improved layout
refactor: simplify agent initialization by creating loadAgent function and removing unused code
feat: add memory configuration loading and validation functions
WIP: first pass, memory processing with config
feat: implement memory callback and artifact handling
feat: implement memory artifacts display and processing updates
feat: add memory configuration options and schema validation for validKeys
fix: update MemoryEditDialog and MemoryViewer to handle memory state and display improvements
refactor: remove padding from BookmarkTable and MemoryViewer headers for consistent styling
WIP: initial tokenLimit config and move Tokenizer to @librechat/api
refactor: update mongoMeili plugin methods to use callback for better error handling
feat: enhance memory management with token tracking and usage metrics
- Added token counting for memory entries to enforce limits and provide usage statistics.
- Updated memory retrieval and update routes to include total token usage and limit.
- Enhanced MemoryEditDialog and MemoryViewer components to display memory usage and token information.
- Refactored memory processing functions to handle token limits and provide feedback on memory capacity.
feat: implement memory artifact handling in attachment handler
- Enhanced useAttachmentHandler to process memory artifacts when receiving updates.
- Introduced handleMemoryArtifact utility to manage memory updates and deletions.
- Updated query client to reflect changes in memory state based on incoming data.
refactor: restructure web search key extraction logic
- Moved the logic for extracting API keys from the webSearchAuth configuration into a dedicated function, getWebSearchKeys.
- Updated webSearchKeys to utilize the new function for improved clarity and maintainability.
- Prevents build time errors
feat: add personalization settings and memory preferences management
- Introduced a new Personalization tab in settings to manage user memory preferences.
- Implemented API endpoints and client-side logic for updating memory preferences.
- Enhanced user interface components to reflect personalization options and memory usage.
- Updated permissions to allow users to opt out of memory features.
- Added localization support for new settings and messages related to personalization.
style: personalization switch class
feat: add PersonalizationIcon and align Side Panel UI
feat: implement memory creation functionality
- Added a new API endpoint for creating memory entries, including validation for key and value.
- Introduced MemoryCreateDialog component for user interface to facilitate memory creation.
- Integrated token limit checks to prevent exceeding user memory capacity.
- Updated MemoryViewer to include a button for opening the memory creation dialog.
- Enhanced localization support for new messages related to memory creation.
feat: enhance message processing with configurable window size
- Updated AgentClient to use a configurable message window size for processing messages.
- Introduced messageWindowSize option in memory configuration schema with a default value of 5.
- Improved logic for selecting messages to process based on the configured window size.
chore: update librechat-data-provider version to 0.7.87 in package.json and package-lock.json
chore: remove OpenAPIPlugin and its associated tests
chore: remove MIGRATION_README.md as migration tasks are completed
ci: fix backend tests
chore: remove unused translation keys from localization file
chore: remove problematic test file and unused var in AgentClient
chore: remove unused import and import directly for JSDoc
* feat: add api package build stage in Dockerfile for improved modularity
* docs: reorder build steps in contributing guide for clarity
* 🔧 fix: Update ProgressText and ToolCall components for improved error handling and localization
* 🔧 chore: Format ESLint configuration for improved readability and remove unused rule
* 🔧 refactor: Simplify ProgressText component logic for better readability and maintainability
* 🔧 refactor: Update ProgressText and ToolCall components for improved layout consistency
* 🔧 refactor: Simplify icon rendering in TTS components and enhance button rendering logic in HoverButtons
* 🔧 refactor: Update placeholder logic in VariableForm component to simply use variable name
* fix: .docx. .pptx Mistral OCR Error with `image_limit=0`
* chore: Update deploy workflow to include conditions for successful dev branch deployment and streamline deployment steps
* ci: Set image_limit to 0 in MistralOCR service tests for consistent behavior
* refactor: Enhance initial conversation query condition for better state management and prevent unused network requests
* ifx: Add Prettier plugin to ESLint configuration
* chore: linting and typing in convos.spec.ts
* fix: add back fresh data fetching and improve error handling for conversation navigation
* fix: set conversation only with conversation state change intent, to prevent double queries for messages
* chore: include all assets for service worker, remove unused tsconfig.node.json, eslint ignore vite config
* chore: exclude image files from service worker caching
* refactor: simplify googleSchema transformation and error handling
* fix: max output tokens cap for 3.7 models
* fix: skip index fixing in CI, development, and test environments
* ci: add maxOutputTokens handling tests for Claude models
* refactor: drop top_k and top_p parameters for claude-3.7 in AnthropicClient and add tests for new behavior
* refactor: conditionally include top_k and top_p parameters for non-claude-3.7 models
* ci: add unit tests for getLLMConfig function with various model options
* chore: remove all OPENROUTER_API_KEY legacy logic
* refactor: optimize stream chunk handling
* feat: reset model parameters button
* refactor: remove unused examples field from convoSchema and presetSchema
* chore: update librechat-data-provider version to 0.7.6993
* refactor: move excludedKeys set to data-provider for better reusability
* feat: enhance saveMessageToDatabase to handle unset fields and fetched conversation state
* feat: add 'iconURL' and 'greeting' to excludedKeys in data provider config
* fix: add optional chaining to user ID retrieval in getConvo call
* chore: enforcing language keys to adhere to the new standard.
* chore: enforcing i18n forbids to write plain text in JSX markup
* chore: enforcing i18n forbids to write plain text in JSX markup
* fix: ci with checkbox for unused keys :)
* refactor: removed all the unused `i18n` keys
* ✨feat: OAuth for Actions
* WIP: PoC flow state manager
* refactor: Add identifier field to token model from action schema
* chore: fix potential file type issues
* ci: fix type issue with action metadata auth
* fix: ensure FlowManagerOptions has a default ttl value
* WIP: OAUTH actions
* WIP: first pass OAuth Action
* fix: standardize identifier usage in OAuth flow handling
* fix: update token retrieval to include userId in query and use correct identifier
* refacotr: update token retrieval to use userId for OAuth token query
* feat: Tool Call Auth styling
* fix: streamline token creation and add type field to token schema
* refactor: cleanup OAuth flow by encrypting client credentials and ensuring oauth operations only run under condition
* refactor: use encrypted credentials in OAuth callback
* fix: update Token collection indexes to use expiresAt TTL index and not createdAt legacy index
* refactor: enhance Token index cleanup by improving logging and removing redundant index creation logic
* refactor: remove unused OAuth login route and related logic for improved clarity
* refactor: replace fetch with axios for OAuth token exchange and improve error handling
* refactor: better UX after authentication before oauth tool execution
* refactor: implement cleanup handlers for FlowStateManager intervals to enhance resource management
* refactor: encrypt OAuth tokens before storing and decrypt upon retrieval for enhanced security
* refactor: enhance authentication success page with improved styling and countdown feature
* refactor: add response_type parameter to OAuth redirect URI for improved compatibility
* chore: update translation.json new localizations
* chore: remove unused OGDialog import from OGDialogTemplate component
* refactor: Actions Auth using new Dialog styling, use same component with Agents/Assistants
* refactor: update removeNullishValues function to support removal of empty strings and adjust transform usage in schemas
* chore: bump version of librechat-data-provider to 0.7.6991
* refactor: integrate removeNullishValues function to clean metadata before encryption in agent and assistant routes
* refactor: update OAuth input fields to use 'password' type for better security
* refactor: update localization placeholders for sign-in message to use double curly braces
* refactor: add access_type parameter for offline access in createActionTool function
* refactor: implement handleOAuthToken function for token management and encryption
* feat: refresh token support
* refactor: add default expiration for access token and error handling for missing token
* feat: localizations for ActionAuth
* refactor: set refresh token expiration to null to not expire if expiry never given
* fix: prevent crash fromerror within async handleAbortError in AskController, EditController, and AgentController
* feat: Action Callback URL
* 🌍 i18n: Update translation.json with latest translations
* refactor: handle errors in flow state checking to prevent unhandled promise rejections
* fix: improve flow state concurrency to prevent multiple token creation calls
* refactor: RequestExecutor to use separate axios instance
* refactor: improve concurrency flows by keeping completed state until TTL expiry
* refactor: increase TTL for flow state management and adjust monitoring interval
* ci: mock axios instance creation in actions spec
* feat: add Babel and Jest configuration files; implement FlowStateManager tests with concurrency handling
* chore: add disableOAuth prop to ActionsAuth (not implemented for Assistants yet)
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: migrated eslint v8 to v9
* chore: migrated eslint v8 to v9
* ESLint only checks the files that have changed in the pull request.
* fix: ESLint only checks the files that have changed in the pull request.
* refactor: eslint only on changed files
* refactor: eslint only on changed files or added files
* refactor: eslint only on changed files or added files
* refactor: eslint only on changed files or added files
but only include files that are not deleted (ACMRTUXB: A, C, M, R, T, U, X, B).
* whoops missed something
