* feat: Add error handling for model refusal and update translations
* refactor: error handling in AgentClient to improve logging and cleanup process
* refactor: Update error message for response refusal to improve clarity
* 🔒 feat: Implement idempotency check for OAuth flow completion
- Added a check to prevent duplicate token exchanges if the OAuth flow has already been completed.
- Updated the OAuth callback route to redirect appropriately when a completed flow is detected.
- Refactored token storage logic to use original flow state credentials instead of updated ones.
- Enhanced tests to cover the new idempotency behavior and ensure correct handling of OAuth flow states.
* chore: add back scope for logging
* refactor: Add isFlowStale method to FlowStateManager for stale flow detection
- Implemented a new method to check if a flow is stale based on its age and status.
- Updated MCPConnectionFactory to utilize the isFlowStale method for cleaning up stale OAuth flows.
- Enhanced logging to provide more informative messages regarding flow status and age during cleanup.
* test: Add unit tests for isFlowStale method in FlowStateManager
- Implemented comprehensive tests for the isFlowStale method to verify its behavior across various flow statuses (PENDING, COMPLETED, FAILED) and age thresholds.
- Ensured correct handling of edge cases, including flows with missing timestamps and custom stale thresholds.
- Enhanced test coverage to validate the logic for determining flow staleness based on createdAt, completedAt, and failedAt timestamps.
- Implemented validation for OpenAPI specifications to ensure the server URL matches the client-provided domain, preventing SSRF attacks.
- Added domain extraction and validation functions to improve security checks.
- Updated relevant services and routes to utilize the new validation logic, ensuring robust handling of client-provided domains against the OpenAPI spec.
- Introduced comprehensive tests to validate the new security features and ensure correct behavior across various scenarios.
- Added DEBUG_MESSAGE_LENGTH constant to allow dynamic adjustment of debug message length based on environment variable.
- Updated logging format to utilize the new constant for truncating debug messages, enhancing flexibility in log output.
* refactor: add image file size validation as part of payload build
* feat: implement file size and MIME type filtering in endpoint configuration
* chore: import order
* feat: add filterFilesByEndpointConfig to filter disabled file processing by provider
* chore: explicit define of endpointFileConfig for better debugging
* refactor: move `normalizeEndpointName` to data-provider as used app-wide
* chore: remove overrideEndpoint from useFileHandling
* refactor: improve endpoint file config selection
* refactor: update filterFilesByEndpointConfig to accept structured parameters and improve endpoint file config handling
* refactor: replace defaultFileConfig with getEndpointFileConfig for improved file configuration handling across components
* test: add comprehensive unit tests for getEndpointFileConfig to validate endpoint configuration handling
* refactor: streamline agent endpoint assignment and improve file filtering logic
* feat: add error handling for disabled file uploads in endpoint configuration
* refactor: update encodeAndFormat functions to accept structured parameters for provider and endpoint
* refactor: streamline requestFiles handling in initializeAgent function
* fix: getEndpointFileConfig partial config merging scenarios
* refactor: enhance mergeWithDefault function to support document-supported providers with comprehensive MIME types
* refactor: user-configured default file config in getEndpointFileConfig
* fix: prevent file handling when endpoint is disabled and file is dragged to chat
* refactor: move `getEndpointField` to `data-provider` and update usage across components and hooks
* fix: prioritize endpointType based on agent.endpoint in file filtering logic
* fix: prioritize agent.endpoint in file filtering logic and remove unnecessary endpointType defaulting
* chore: temp. remove @librechat/agents
* 🔧 chore: update @langchain/core to version 0.3.79
* chore: update dependencies for @langchain/core and add back latest @librechat/agents
* chore: update @librechat/agents to version 3.0.11
* fix: enhance error handling for uncaught exceptions due to abort errors
* fix: standardize warning message for uncatchable abort errors
* fix: improve tool call handling in ModelEndHandler for unprocessed edge case
* fix: prevent content type mismatch in message updates and preserve args in final updates
* chore: add debug logging for client disposal in disposeClient function
* fix: update agent context handling in ModelEndHandler due to new MultiAgentGraph
* refactor: streamline client cleanup process by utilizing property arrays for potential circular reference removal
* ✨ feat: Enhance DELETE /all endpoint to remove shared links alongside conversations and tool calls
- Added functionality to delete all shared links for a user when clearing conversations.
- Introduced comprehensive tests to ensure correct behavior and error handling for the new deletion process.
* ✨ feat: Implement deleteConvoSharedLink method and update conversation deletion logic to remove associated shared links
* chore: remove `@langchain/community` dependency
* refactor: remove SerpAPI integration and update related imports
* chore: remove legacy code with unnecessary dependencies
* chore: cleanup packages
* chore: cleanup packages
* chore: update openai dependency version to 5.10.1
* chore: add back @librechat/agents dependency
* chore: downgrade openai dependency from 5.10.1 to 5.8.2
* Remove dependency on @librechat/agents from the API package
* chore: add @librechat/agents dependency to the API package
* fix: add useLegacyContent property to RunAgent type and propagate it in createRun function
* chore: remove openai dependency version 5.10.1 from package.json
* feat: Add support for agent handoffs with edges in agent forms and schemas
chore: Mark `agent_ids` field as deprecated in favor of edges across various schemas and types
chore: Update dependencies for @langchain/core and @librechat/agents to latest versions
chore: Update peer dependency for @librechat/agents to version 3.0.0-rc2 in package.json
chore: Update @librechat/agents dependency to version 3.0.0-rc3 in package.json and package-lock.json
feat: first pass, multi-agent handoffs
fix: update output type to ToolMessage in memory handling functions
fix: improve type checking for graphConfig in createRun function
refactor: remove unused content filtering logic in AgentClient
chore: update @librechat/agents dependency to version 3.0.0-rc4 in package.json and package-lock.json
fix: update @langchain/core peer dependency version to ^0.3.72 in package.json and package-lock.json
fix: update @librechat/agents dependency to version 3.0.0-rc6 in package.json and package-lock.json; refactor stream rate handling in various endpoints
feat: Agent handoff UI
chore: update @librechat/agents dependency to version 3.0.0-rc8 in package.json and package-lock.json
fix: improve hasInfo condition and adjust UI element classes in AgentHandoff component
refactor: remove current fixed agent display from AgentHandoffs component due to redundancy
feat: enhance AgentHandoffs UI with localized beta label and improved layout
chore: update @librechat/agents dependency to version 3.0.0-rc10 in package.json and package-lock.json
feat: add `createSequentialChainEdges` function to add back agent chaining via multi-agents
feat: update `createSequentialChainEdges` call to only provide conversation context between agents
feat: deprecate Agent Chain functionality and update related methods for improved clarity
* chore: update @librechat/agents dependency to version 3.0.0-rc11 in package.json and package-lock.json
* refactor: remove unused addCacheControl function and related imports and import from @librechat/agents
* chore: remove unused i18n keys
* refactor: remove unused format export from index.ts
* chore: update @librechat/agents to v3.0.0-rc13
* chore: remove BEDROCK_LEGACY provider from Providers enum
* chore: update @librechat/agents to version 3.0.2 in package.json
* refactor: Restructure MCP registry system with caching
- Split MCPServersRegistry into modular components:
- MCPServerInspector: handles server inspection and health checks
- MCPServersInitializer: manages server initialization logic
- MCPServersRegistry: simplified registry coordination
- Add distributed caching layer:
- ServerConfigsCacheRedis: Redis-backed configuration cache
- ServerConfigsCacheInMemory: in-memory fallback cache
- RegistryStatusCache: distributed leader election state
- Add promise utilities (withTimeout) replacing Promise.race patterns
- Add comprehensive cache integration tests for all cache implementations
- Remove unused MCPManager.getAllToolFunctions method
* fix: Update OAuth flow to include user-specific headers
* chore: Update Jest configuration to ignore additional test files
- Added patterns to ignore files ending with .helper.ts and .helper.d.ts in testPathIgnorePatterns for cleaner test runs.
* fix: oauth headers in callback
* chore: Update Jest testPathIgnorePatterns to exclude helper files
- Modified testPathIgnorePatterns in package.json to ignore files ending with .helper.ts and .helper.d.ts for cleaner test execution.
* ci: update test mocks
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* 🦙 fix: Ollama Custom Headers
* chore: Correct import order for resolveHeaders in OllamaClient.js
* fix: Improve error logging for Ollama API model fetch failure
* ci: update Ollama model fetch tests
* ci: Add unit test for passing headers and user object to Ollama fetchModels
* Refactored the logic for determining max output tokens in the agent initialization process.
* Changed variable names for clarity, updating from `maxTokens` to `maxOutputTokens` to better reflect their purpose.
* Adjusted calculations for `maxContextTokens` to use the new `maxOutputTokens` variable.
* 📫 refactor: Enhance OpenID email Fallback
* Updated email retrieval logic to use preferred_username or upn if email is not available.
* Adjusted logging and user data assignment to reflect the new email handling approach.
* Ensured email domain validation checks the correct email source.
* 🔄 refactor: Update Email Domain Validation Logic
* Modified `isEmailDomainAllowed` function to return true for falsy emails and missing domain restrictions.
* Added new test cases to cover scenarios with and without domain restrictions.
* Ensured proper validation when domain restrictions are present.
* fix: Sanitize LLM titles by stripping <think> tags and fix modal overflow
* chore: linting
* chore: Simplify title sanitization by removing unnecessary variable assignment and import order
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* 📦 feat: `@librechat/agents` v2.4.87 for LangFuse Support
* 📦 chore: update @librechat/agents to v2.4.88 in package.json and package-lock.json
* 📦 chore: update @librechat/agents to v2.4.89
* feat: Add runName configuration to AgentClient and Memory agent for improved tracing
* chore: correct startupConfig usage in ImportConversations component
* refactor: properly process configured speechToText and textToSpeech settings in getCustomConfigSpeech
* refactor: proxy configuration by utilizing HttpsProxyAgent for OpenAI Image Edits
* refactor: remove `useChatContext` from `useSelectMention`, explicitly pass `conversation` object
* feat: ephemeral agents via model specs
* refactor: Sync Jotai state with ephemeral agent state, also when Ephemeral Agent has no MCP servers selected
* refactor: move `useUpdateEphemeralAgent` to store and clean up imports
* refactor: reorder imports and invalidate queries for mcpConnectionStatus in event handler
* refactor: replace useApplyModelSpecEffects with useApplyModelSpecAgents and update event handlers to use new agent template logic
* ci: update useMCPSelect test to verify mcpValues sync with empty ephemeralAgent.mcp
* updated gpt5-pro
it is here and on openrouter
https://platform.openai.com/docs/models/gpt-5-pro
* feat: Add gpt-5-pro pricing
- Implemented handling for the new gpt-5-pro model in the getValueKey function.
- Updated tests to ensure correct behavior for gpt-5-pro across various scenarios.
- Adjusted token limits and multipliers for gpt-5-pro in the tokens utility files.
- Enhanced model matching functionality to include gpt-5-pro variations.
* refactor: optimize model pricing and validation logic
- Added new model pricing entries for llama2, llama3, and qwen variants in tx.js.
- Updated tokenValues to include additional models and their pricing structures.
- Implemented validation tests in tx.spec.js to ensure all models resolve correctly to pricing.
- Refactored getValueKey function to improve model matching and resolution efficiency.
- Removed outdated model entries from tokens.ts to streamline pricing management.
* fix: add missing pricing
* chore: update model pricing for qwen and gemma variants
* chore: update model pricing and add validation for context windows
- Removed outdated model entries from tx.js and updated tokenValues with new models.
- Added a test in tx.spec.js to ensure all models with pricing have corresponding context windows defined in tokens.ts.
- Introduced 'command-text' model pricing in tokens.ts to maintain consistency across model definitions.
* chore: update model names and pricing for AI21 and Amazon models
- Refactored model names in tx.js for AI21 and Amazon models to remove versioning and improve consistency.
- Updated pricing values in tokens.ts to reflect the new model names.
- Added comprehensive tests in tx.spec.js to validate pricing for both short and full model names across AI21 and Amazon models.
* feat: add pricing and validation for Claude Haiku 4.5 model
* chore: increase default max context tokens to 18000 for agents
* feat: add Qwen3 model pricing and validation tests
* chore: reorganize and update Qwen model pricing in tx.js and tokens.ts
---------
Co-authored-by: khfung <68192841+khfung@users.noreply.github.com>
* Add Markdown rendering support for artifacts
* Add tests
* Remove custom code for mermaid
* Remove unnecessary dark mode hook
* refactor: optimize mermaid dependencies
- Added support for additional MIME types in artifact templates.
- Updated mermaidDependencies to include new packages: class-variance-authority, clsx, tailwind-merge, and @radix-ui/react-slot.
- Refactored zoom and refresh icons in MermaidDiagram component for improved clarity and maintainability.
* fix: add Markdown support for artifacts rendering
* feat: support 'text/md' as an additional MIME type for Markdown artifacts
* refactor: simplify markdownDependencies structure in artifacts utility
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: Add group field to modelSpecs for flexible grouping
* resolve lint issues
* fix test
* docs: enhance modelSpecs group field documentation for clarity
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* Update prompt value for gemini-2.5-flash-lite
New Input price (text, image, video) --> $0.10
https://ai.google.dev/gemini-api/docs/pricing
* Fix formatting of gemini-2.5-flash-lite values
changed 0.10 to 0.1 to follow standards
* feat: Enhance shared link functionality with target message support
* refactor: Remove comment on compound index in share schema
* chore: Reorganize imports in ShareButton component for clarity
* refactor: Integrate Recoil for latest message tracking in ShareButton component
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
- problem: `addImageUrls` had a side effect that was being leveraged before to populate both the `ocr` message field, now `fileContext`, and `client.options.attachments`, which would record the user's uploaded message attachments to the user message when saved to the database and returned at the end of the request lifecycle
- solution: created dedicated handling for file context, and made sure to populate `allFiles` with non-provider attachments
* feat: Add support for users to be admins when logging in using OpenID
* fix: Linting issues
* fix: whitespace
* chore: add unit tests for OIDC_ADMIN_ROLE
* refactor: Replace custom property retrieval function with lodash's get for improved readability and maintainability
* feat: Enhance OpenID role extraction and error handling in setupOpenId function
- Improved role validation to check for both array and string types.
- Added detailed error messages for missing or invalid role paths in tokens.
- Expanded unit tests to cover various scenarios for nested role extraction and error handling.
* fix: Improve error handling for role extraction in OpenID strategy
- Enhanced validation to check for invalid role types (array or string).
- Updated error messages for clarity when roles are missing or of incorrect type.
- Added unit tests to cover scenarios where roles return invalid types (object, number).
* feat: Implement user role demotion in OpenID strategy when admin role is absent from token
- Added logic to demote users from 'ADMIN' to 'USER' if the admin role is not present in the token.
- Enhanced logging to capture role changes for better traceability.
- Introduced unit tests to verify the demotion behavior and ensure correct handling when admin role environment variables are not configured.
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* Check file size of conversation being imported against a configured max size to prevent bringing down the application by uploading a large file
chore: remove non-english localization as needs to be added via locize
* feat: Implement file size validation for conversation imports to prevent oversized uploads
---------
Co-authored-by: Marc Amick <MarcAmick@jhu.edu>
Co-authored-by: Danny Avila <danny@librechat.ai>
* 📎 feat: Direct Provider Attachment Support for Multimodal Content
* 📑 feat: Anthropic Direct Provider Upload (#9072)
* feat: implement Anthropic native PDF support with document preservation
- Add comprehensive debug logging throughout PDF processing pipeline
- Refactor attachment processing to separate image and document handling
- Create distinct addImageURLs(), addDocuments(), and processAttachments() methods
- Fix critical bugs in stream handling and parameter passing
- Add streamToBuffer utility for proper stream-to-buffer conversion
- Remove api/agents submodule from repository
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* chore: remove out of scope formatting changes
* fix: stop duplication of file in chat on end of response stream
* chore: bring back file search and ocr options
* chore: localize upload to provider string in file menu
* refactor: change createMenuItems args to fit new pattern introduced by anthropic-native-pdf-support
* feat: add cache point for pdfs processed by anthropic endpoint since they are unlikely to change and should benefit from caching
* feat: combine Upload Image into Upload to Provider since they both perform direct upload and change provider upload icon to reflect multimodal upload
* feat: add citations support according to docs
* refactor: remove redundant 'document' check since documents are handled properly by formatMessage in the agents repo now
* refactor: change upload logic so anthropic endpoint isn't exempted from normal upload path using Agents for consistency with the rest of the upload logic
* fix: include width and height in return from uploadLocalFile so images are correctly identified when going through an AgentUpload in addImageURLs
* chore: remove client specific handling since the direct provider stuff is handled by the agent client
* feat: handle documents in AgentClient so no need for change to agents repo
* chore: removed unused changes
* chore: remove auto generated comments from OG commit
* feat: add logic for agents to use direct to provider uploads if supported (currently just anthropic)
* fix: reintroduce role check to fix render error because of undefined value for Content Part
* fix: actually fix render bug by using proper isCreatedByUser check and making sure our mutation of formattedMessage.content is consistent
---------
Co-authored-by: Andres Restrepo <andres@thelinuxkid.com>
Co-authored-by: Claude <noreply@anthropic.com>
📁 feat: Send Attachments Directly to Provider (OpenAI) (#9098)
* refactor: change references from direct upload to direct attach to better reflect functionality
since we are just using base64 encoding strategy now rather than Files/File API for sending our attachments directly to the provider, the upload nomenclature no longer makes sense. direct_attach better describes the different methods of sending attachments to providers anyways even if we later introduce direct upload support
* feat: add upload to provider option for openai (and agent) ui
* chore: move anthropic pdf validator over to packages/api
* feat: simple pdf validation according to openai docs
* feat: add provider agnostic validatePdf logic to start handling multiple endpoints
* feat: add handling for openai specific documentPart formatting
* refactor: move require statement to proper place at top of file
* chore: add in openAI endpoint for the rest of the document handling logic
* feat: add direct attach support for azureOpenAI endpoint and agents
* feat: add pdf validation for azureOpenAI endpoint
* refactor: unify all the endpoint checks with isDocumentSupportedEndpoint
* refactor: consolidate Upload to Provider vs Upload image logic for clarity
* refactor: remove anthropic from anthropic_multimodal fileType since we support multiple providers now
🗂️ feat: Send Attachments Directly to Provider (Google) (#9100)
* feat: add validation for google PDFs and add google endpoint as a document supporting endpoint
* feat: add proper pdf formatting for google endpoints (requires PR #14 in agents)
* feat: add multimodal support for google endpoint attachments
* feat: add audio file svg
* fix: refactor attachments logic so multi-attachment messages work properly
* feat: add video file svg
* fix: allows for followup questions of uploaded multimodal attachments
* fix: remove incorrect final message filtering that was breaking Attachment component rendering
fix: manualy rename 'documents' to 'Documents' in git since it wasn't picked up due to case insensitivity in dir name
fix: add logic so filepicker for a google agent has proper filetype filtering
🛫 refactor: Move Encoding Logic to packages/api (#9182)
* refactor: move audio encode over to TS
* refactor: audio encoding now functional in LC again
* refactor: move video encode over to TS
* refactor: move document encode over to TS
* refactor: video encoding now functional in LC again
* refactor: document encoding now functional in LC again
* fix: extend file type options in AttachFileMenu to include 'google_multimodal' and update dependency array to include agent?.provider
* feat: only accept pdfs if responses api is enabled for openai convos
chore: address ESLint comments
chore: add missing audio mimetype
* fix: type safety for message content parts and improve null handling
* chore: reorder AttachFileMenuProps for consistency and clarity
* chore: import order in AttachFileMenu
* fix: improve null handling for text parts in parseTextParts function
* fix: remove no longer used unsupported capability error message for file uploads
* fix: OpenAI Direct File Attachment Format
* fix: update encodeAndFormatDocuments to support OpenAI responses API and enhance document result types
* refactor: broaden providers supported for documents
* feat: enhance DragDrop context and modal to support document uploads based on provider capabilities
* fix: reorder import statements for consistency in video encoding module
---------
Co-authored-by: Dustin Healy <54083382+dustinhealy@users.noreply.github.com>
* 🔧 chore: Update @librechat/agents to v2.4.84 in package.json and package-lock.json
* feat: Serper as new scraperProvider for Web Search and add firecrawlVersion support
* fix: TWebSearchKeys and ensure unique API keys extraction
* chore: Add build:packages script to streamline package builds
- Added a new function `deleteDocumentsWithoutUserField` to remove documents lacking the user field from the specified MeiliSearch index.
- Integrated this function into the `ensureFilterableAttributes` method to clean up orphaned documents when existing messages or conversations are found without a user field.
🔧 feat: Enhance Index Synchronization Logic
- Updated `ensureFilterableAttributes` to return an object indicating whether settings were updated and if orphaned documents were found.
- Integrated orphaned document cleanup directly into the index synchronization process without forcing a full re-sync unless settings were updated.
- Improved logging for clarity on index configuration updates and orphaned document handling.
🔧 feat: Improve Flow State Management in Index Synchronization
- Refactored flow state management logic to ensure cleanup occurs after synchronization, regardless of success or error.
- Enhanced logging for flow state cleanup to provide better visibility into the synchronization process.
- Streamlined the structure of the index synchronization function for improved readability.
* fix: update @librechat/agents to v2.4.83 to handle reasoning edge case encountered with GLM models
* feat: GLM Context Window & Pricing Support
* feat: Add support for glm4 model in token values and tests
* chore: linting for `loadCustomConfig`
* refactor: decouple CDN init and variable/health checks from AppService
* refactor: move AppService to packages/data-schemas
* chore: update AppConfig import path to use data-schemas
* chore: update JsonSchemaType import path to use data-schemas
* refactor: update UserController to import webSearchKeys and redefine FunctionTool typedef
* chore: remove AppService.js
* refactor: update AppConfig interface to use Partial<TCustomConfig> and make paths and fileStrategies optional
* refactor: update checkConfig function to accept Partial<TCustomConfig>
* chore: fix types
* refactor: move handleRateLimits to startup checks as is an effect
* test: remove outdated rate limit tests from AppService.spec and add new handleRateLimits tests in checks.spec
