* Decouple mcp config from start up config
* Chore: Work on AI Review and Copilot Comments
- setRawConfig is not needed since the private raw config is not needed any more
- !!serversLoading bug fixed
- added unit tests for route /api/mcp/servers
- copilot comments addressed
* chore: remove comments
* chore: rename data-provider dir for MCP
* chore: reorganize mcp specific query hooks
* fix: consolidate imports for MCP server manager
* chore: add dev-staging branch to frontend review workflow triggers
* feat: add GitHub Actions workflow for building and pushing Docker images to GitHub Container Registry and Docker Hub
* fix: update label for tag input in BookmarkForm tests to improve clarity
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
* 🗑️ chore: Remove unused Legacy Provider clients and related helpers
* Deleted OpenAIClient and GoogleClient files along with their associated tests.
* Removed references to these clients in the clients index file.
* Cleaned up typedefs by removing the OpenAISpecClient export.
* Updated chat controllers to use the OpenAI SDK directly instead of the removed client classes.
* chore/remove-openapi-specs
* 🗑️ chore: Remove unused mergeSort and misc utility functions
* Deleted mergeSort.js and misc.js files as they are no longer needed.
* Removed references to cleanUpPrimaryKeyValue in messages.js and adjusted related logic.
* Updated mongoMeili.ts to eliminate local implementations of removed functions.
* chore: remove legacy endpoints
* chore: remove all plugins endpoint related code
* chore: remove unused prompt handling code and clean up imports
* Deleted handleInputs.js and instructions.js files as they are no longer needed.
* Removed references to these files in the prompts index.js.
* Updated docker-compose.yml to simplify reverse proxy configuration.
* chore: remove unused LightningIcon import from Icons.tsx
* chore: clean up translation.json by removing deprecated and unused keys
* chore: update Jest configuration and remove unused mock file
* Simplified the setupFiles array in jest.config.js by removing the fetchEventSource mock.
* Deleted the fetchEventSource.js mock file as it is no longer needed.
* fix: simplify endpoint type check in Landing and ConversationStarters components
* Updated the endpoint type check to use strict equality for better clarity and performance.
* Ensured consistency in the handling of the azureOpenAI endpoint across both components.
* chore: remove unused dependencies from package.json and package-lock.json
* chore: remove legacy EditController, associated routes and imports
* chore: update banResponse logic to refine request handling for banned users
* chore: remove unused validateEndpoint middleware and its references
* chore: remove unused 'res' parameter from initializeClient in multiple endpoint files
* chore: remove unused 'isSmallScreen' prop from BookmarkNav and NewChat components; clean up imports in ArchivedChatsTable and useSetIndexOptions hooks; enhance localization in PromptVersions
* chore: remove unused import of Constants and TMessage from MobileNav; retain only necessary QueryKeys import
* chore: remove unused TResPlugin type and related references; clean up imports in types and schemas
- Added try-catch blocks to handle errors during document deletion from the RAG API.
- Implemented logging for 404 errors indicating that the document may have already been deleted.
- Improved error logging for other deletion errors in both Firebase and Local file services.
* 🔊 fix: Validate language format for OpenAI STT model
* fix: Normalize input language model assignment in STTService
* refactor: Enhance error logging and language validation in STT and TTS services
* fix: Improve language validation in getValidatedLanguageCode function
* refactor: Token Limit Processing with Enhanced Efficiency
- Added a new test suite for `processTextWithTokenLimit`, ensuring comprehensive coverage of various scenarios including under, at, and exceeding token limits.
- Refactored the `processTextWithTokenLimit` function to utilize a ratio-based estimation method, significantly reducing the number of token counting function calls compared to the previous binary search approach.
- Improved handling of edge cases and variable token density, ensuring accurate truncation and performance across diverse text inputs.
- Included direct comparisons with the old implementation to validate correctness and efficiency improvements.
* refactor: Remove Tokenizer Route and Related References
- Deleted the tokenizer route from the server and removed its references from the routes index and server files, streamlining the API structure.
- This change simplifies the routing configuration by eliminating unused endpoints.
* refactor: Migrate countTokens Utility to API Module
- Removed the local countTokens utility and integrated it into the @librechat/api module for centralized access.
- Updated various files to reference the new countTokens import from the API module, ensuring consistent usage across the application.
- Cleaned up unused references and imports related to the previous countTokens implementation.
* refactor: Centralize escapeRegExp Utility in API Module
- Moved the escapeRegExp function from local utility files to the @librechat/api module for consistent usage across the application.
- Updated imports in various files to reference the new centralized escapeRegExp function, ensuring cleaner code and reducing redundancy.
- Removed duplicate implementations of escapeRegExp from multiple files, streamlining the codebase.
* refactor: Enhance Token Counting Flexibility in Text Processing
- Updated the `processTextWithTokenLimit` function to accept both synchronous and asynchronous token counting functions, improving its versatility.
- Introduced a new `TokenCountFn` type to define the token counting function signature.
- Added comprehensive tests to validate the behavior of `processTextWithTokenLimit` with both sync and async token counting functions, ensuring consistent results.
- Implemented a wrapper to track call counts for the `countTokens` function, optimizing performance and reducing unnecessary calls.
- Enhanced existing tests to compare the performance of the new implementation against the old one, demonstrating significant improvements in efficiency.
* chore: documentation for Truncation Safety Buffer in Token Processing
- Added a safety buffer multiplier to the character position estimates during text truncation to prevent overshooting token limits.
- Updated the `processTextWithTokenLimit` function to utilize the new `TRUNCATION_SAFETY_BUFFER` constant, enhancing the accuracy of token limit processing.
- Improved documentation to clarify the rationale behind the buffer and its impact on performance and efficiency in token counting.
- Updated the `findUser` method to normalize email fields to lowercase and trimmed whitespace for case-insensitive matching.
- Enhanced the `normalizeEmailInCriteria` function to handle email normalization in search criteria, including `` conditions.
- Added tests to ensure email normalization works correctly across various scenarios, including case differences and whitespace handling.
* 🔧 fix: Correct URL Construction in fetchModels Function
Updated the URL construction in the fetchModels function to ensure proper formatting by removing trailing slashes from the base URL. This change prevents potential issues with API endpoint calls.
* 🔧 fix: Remove OLLAMA from Known Custom Providers
Updated the isKnownCustomProvider function and providerConfigMap to exclude OLLAMA as a known custom provider, streamlining the provider checks and configurations.
* 🔧 test: Enhance fetchModels Tests for URL Construction
Added new test cases to validate the URL construction in the fetchModels function, ensuring it handles trailing slashes correctly and appends query parameters as expected. This improves the robustness of the API endpoint calls.
* chore: remove ollama provider-specific handling
* chore: Refactor imports to use isUserProvided from @librechat/api
* fix: Header and Environment Variable Handling Bug from #9931
* refactor: Remove warning log for missing tokens in extractOpenIDTokenInfo function
* feat: Enhance resolveNestedObject function for improved placeholder processing
- Added a new function `resolveNestedObject` to recursively process nested objects, replacing placeholders in string values while preserving the original structure.
- Updated `createTestUser` to use `IUser` type and modified user ID generation.
- Added comprehensive unit tests for `resolveNestedObject` to cover various scenarios, including nested structures, arrays, and custom user variables.
- Improved type handling in `processMCPEnv` to ensure correct processing of mixed numeric and placeholder values.
* refactor: Remove unnecessary manipulation of Bedrock options introduced in #9931
- Eliminated the resolveHeaders function call from the getOptions method in options.js, as it was no longer necessary for processing additional model request fields.
- This change simplifies the code and improves maintainability.
* 🗑️ chore: Remove @microsoft/eslint-formatter-sarif from dependencies and update ESLint CI workflow
- Removed @microsoft/eslint-formatter-sarif from package.json and package-lock.json.
- Updated ESLint CI workflow to eliminate SARIF upload logic and related environment variables.
* chore: Remove ts-jest from dependencies in jest.config and package files
* chore: Update package dependencies to latest versions
- Upgraded @rollup/plugin-commonjs from 25.0.2 to 29.0.0 across multiple packages.
- Updated rimraf from 5.0.1 to 6.1.2 in packages/api, client, data-provider, and data-schemas.
- Added new dependencies: @isaacs/balanced-match and @isaacs/brace-expansion in package-lock.json.
- Updated glob from 8.1.0 to 13.0.0 and adjusted related dependencies accordingly.
* chore: remove prettier-eslint dependency from package.json
* chore: npm audit fix
* fix: correct `getBasePath` import
* fix: add basePath pattern to support login/register and image paths
* Fix linter errors
* refactor: Update import statements for getBasePath and isEnabled, and add path utility functions with tests
- Refactored imports in addImages.js and StableDiffusion.js to use getBasePath from '@librechat/api'.
- Consolidated isEnabled and getBasePath imports in validateImageRequest.js.
- Introduced new path utility functions in path.ts and corresponding unit tests in path.spec.ts to validate base path extraction logic.
* fix: Update domain server base URL in MarkdownComponents and refactor authentication redirection logic
- Changed the domain server base URL in MarkdownComponents.tsx to use the API base URL.
- Refactored the useAuthRedirect hook to utilize React Router's navigate for redirection instead of window.location, ensuring a smoother SPA experience.
- Added unit tests for the useAuthRedirect hook to verify authentication redirection behavior.
* test: Mock isEnabled in validateImages.spec.js for improved test isolation
- Updated validateImages.spec.js to mock the isEnabled function from @librechat/api, ensuring that tests can run independently of the actual implementation.
- Cleared the DOMAIN_CLIENT environment variable before tests to avoid interference with basePath resolution.
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: Add OpenID Connect federated provider token support
Implements support for passing federated provider tokens (Cognito, Azure AD, Auth0)
as variables in LibreChat's librechat.yaml configuration for both custom endpoints
and MCP servers.
Features:
- New LIBRECHAT_OPENID_* template variables for federated provider tokens
- JWT claims parsing from ID tokens without verification (for claim extraction)
- Token validation with expiration checking
- Support for multiple token storage locations (federatedTokens, openidTokens)
- Integration with existing template variable system
- Comprehensive test suite with Cognito-specific scenarios
- Provider-agnostic design supporting Cognito, Azure AD, Auth0, etc.
Security:
- Server-side only token processing
- Automatic token expiration validation
- Graceful fallbacks for missing/invalid tokens
- No client-side token exposure
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: Add federated token propagation to OIDC authentication strategies
Adds federatedTokens object to user during authentication to enable
federated provider token template variables in LibreChat configuration.
Changes:
- OpenID JWT Strategy: Extract raw JWT from Authorization header and
attach as federatedTokens.access_token to enable {{LIBRECHAT_OPENID_TOKEN}}
placeholder resolution
- OpenID Strategy: Attach tokenset tokens as federatedTokens object to
standardize token access across both authentication strategies
This enables proper token propagation for custom endpoints and MCP
servers that require federated provider tokens for authorization.
Resolves missing token issue reported by @ramden in PR #9931🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Denis Ramic <denis.ramic@nfon.com>
Co-Authored-By: Claude <noreply@anthropic.com>
* test: Add federatedTokens validation tests for OIDC strategies
Adds comprehensive test coverage for the federated token propagation
feature implemented in the authentication strategies.
Tests added:
- Verify federatedTokens object is attached to user with correct structure
(access_token, refresh_token, expires_at)
- Verify both tokenset and federatedTokens are present in user object
- Ensure tokens from OIDC provider are correctly propagated
Also fixes existing test suite by adding missing mocks:
- isEmailDomainAllowed function mock
- findOpenIDUser function mock
These tests validate the fix from commit 5874ba29f that enables
{{LIBRECHAT_OPENID_TOKEN}} template variable functionality.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: Remove implementation documentation file
The PR description already contains all necessary implementation details.
This documentation file is redundant and was requested to be removed.
* fix: skip s256 check
* fix(openid): handle missing refresh token in Cognito token refresh response
When OPENID_REUSE_TOKENS=true, the token refresh flow was failing because
Cognito (and most OAuth providers) don't return a new refresh token in the
refresh grant response - they only return new access and ID tokens.
Changes:
- Modified setOpenIDAuthTokens() to accept optional existingRefreshToken parameter
- Updated validation to only require access_token (refresh_token now optional)
- Added logic to reuse existing refresh token when not provided in tokenset
- Updated refreshController to pass original refresh token as fallback
- Added comments explaining standard OAuth 2.0 refresh token behavior
This fixes the "Token is not present. User is not authenticated." error that
occurred during silent token refresh with Cognito as the OpenID provider.
Fixes: Authentication loop with OPENID_REUSE_TOKENS=true and AWS Cognito
* fix(openid): extract refresh token from cookies for template variable replacement
When OPENID_REUSE_TOKENS=true, the openIdJwtStrategy populates user.federatedTokens
to enable template variable replacement (e.g., {{LIBRECHAT_OPENID_ACCESS_TOKEN}}).
However, the refresh_token field was incorrectly sourced from payload.refresh_token,
which is always undefined because:
1. JWTs don't contain refresh tokens in their payload
2. The JWT itself IS the access token
3. Refresh tokens are separate opaque tokens stored in HTTP-only cookies
This caused extractOpenIDTokenInfo() to receive incomplete federatedTokens,
resulting in template variables remaining unreplaced in headers.
**Root Cause:**
- Line 90: `refresh_token: payload.refresh_token` (always undefined)
- JWTs only contain access token data in their claims
- Refresh tokens are separate, stored securely in cookies
**Solution:**
- Import `cookie` module to parse cookies from request
- Extract refresh token from `refreshToken` cookie
- Populate federatedTokens with both access token (JWT) and refresh token (from cookie)
**Impact:**
- Template variables like {{LIBRECHAT_OPENID_ACCESS_TOKEN}} now work correctly
- Headers in librechat.yaml are properly replaced with actual tokens
- MCP server authentication with federated tokens now functional
**Technical Details:**
- passReqToCallback=true in JWT strategy provides req object access
- Refresh token extracted via cookies.parse(req.headers.cookie).refreshToken
- Falls back gracefully if cookie header or refreshToken is missing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: re-resolve headers on each request to pick up fresh federatedTokens
- OpenAIClient now re-resolves headers in chatCompletion() before each API call
- This ensures template variables like {{LIBRECHAT_OPENID_TOKEN}} are replaced
with actual token values from req.user.federatedTokens
- initialize.js now stores original template headers instead of pre-resolved ones
- Fixes template variable replacement when OPENID_REUSE_TOKENS=true
The issue was that headers were only resolved once during client initialization,
before openIdJwtStrategy had populated user.federatedTokens. Now headers are
re-resolved on every request with the current user's fresh tokens.
* debug: add logging to track header resolution in OpenAIClient
* debug: log tokenset structure after refresh to diagnose missing access_token
* fix: set federatedTokens on user object after OAuth refresh
- After successful OAuth token refresh, the user object was not being
updated with federatedTokens
- This caused template variable resolution to fail on subsequent requests
- Now sets user.federatedTokens with access_token, id_token, refresh_token
and expires_at from the refreshed tokenset
- Fixes template variables like {{LIBRECHAT_OPENID_TOKEN}} not being
replaced after token refresh
- Related to PR #9931 (OpenID federated token support)
* fix(openid): pass user object through agent chain for template variable resolution
Root cause: buildAgentContext in agents/run.ts called resolveHeaders without
the user parameter, preventing OpenID federated token template variables from
being resolved in agent runtime parameters.
Changes:
- packages/api/src/agents/run.ts: Add user parameter to createRun signature
- packages/api/src/agents/run.ts: Pass user to resolveHeaders in buildAgentContext
- api/server/controllers/agents/client.js: Pass user when calling createRun
- api/server/services/Endpoints/bedrock/options.js: Add resolveHeaders call with debug logging
- api/server/services/Endpoints/custom/initialize.js: Add debug logging
- packages/api/src/utils/env.ts: Add comprehensive debug logging and stack traces
- packages/api/src/utils/oidc.ts: Fix eslint errors (unused type, explicit any)
This ensures template variables like {{LIBRECHAT_OPENID_TOKEN}} and
{{LIBRECHAT_USER_OPENIDID}} are properly resolved in both custom endpoint
headers and Bedrock AgentCore runtime parameters.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor: remove debug logging from OpenID token template feature
Removed excessive debug logging that was added during development to make
the PR more suitable for upstream review:
- Removed 7 debug statements from OpenAIClient.js
- Removed all console.log statements from packages/api/src/utils/env.ts
- Removed debug logging from bedrock/options.js
- Removed debug logging from custom/initialize.js
- Removed debug statement from AuthController.js
This reduces the changeset by ~50 lines while maintaining full functionality
of the OpenID federated token template variable feature.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* test(openid): add comprehensive unit tests for template variable substitution
- Add 34 unit tests for OIDC token utilities (oidc.spec.ts)
- Test coverage for token extraction, validation, and placeholder processing
- Integration tests for full OpenID token flow
- All tests pass with comprehensive edge case coverage
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
* test: fix OpenID federated tokens test failures
- Add serverMetadata() mock to openid-client mock configuration
* Fixes TypeError in openIdJwtStrategy.js where serverMetadata() was being called
* Mock now returns jwks_uri and end_session_endpoint as expected by the code
- Update outdated initialize.spec.js test
* Remove test expecting resolveHeaders call during initialization
* Header resolution was refactored to be deferred until LLM request time
* Update test to verify options are returned correctly with useLegacyContent flag
Fixes#9931 CI failures for backend unit tests
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* chore: fix package-lock.json conflict
* chore: sync package-log with upstream
* chore: cleanup
* fix: use createSafeUser
* fix: fix createSafeUser signature
* chore: remove comments
* chore: purge comments
* fix: update Jest testPathPattern to testPathPatterns for Jest 30+ compatibility
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Denis Ramic <denis.ramic@nfon.com>
Co-authored-by: kristjanaapro <kristjana@apro.is>
chore: import order and add back JSDoc for OpenID JWT callback
* 🔧 fix: Handle errors when fetching server tools and log missing tools in MCP tools controller, to prevent all MCP tools from not getting listed
* 🔧 fix: Remove trailing colons from error messages in MCPConnection class
* chore: Update test command patterns in package.json for cache integration tests
- Implemented validation for OpenAPI specifications to ensure the server URL matches the client-provided domain, preventing SSRF attacks.
- Added domain extraction and validation functions to improve security checks.
- Updated relevant services and routes to utilize the new validation logic, ensuring robust handling of client-provided domains against the OpenAPI spec.
- Introduced comprehensive tests to validate the new security features and ensure correct behavior across various scenarios.
* refactor: add image file size validation as part of payload build
* feat: implement file size and MIME type filtering in endpoint configuration
* chore: import order
* feat: add filterFilesByEndpointConfig to filter disabled file processing by provider
* chore: explicit define of endpointFileConfig for better debugging
* refactor: move `normalizeEndpointName` to data-provider as used app-wide
* chore: remove overrideEndpoint from useFileHandling
* refactor: improve endpoint file config selection
* refactor: update filterFilesByEndpointConfig to accept structured parameters and improve endpoint file config handling
* refactor: replace defaultFileConfig with getEndpointFileConfig for improved file configuration handling across components
* test: add comprehensive unit tests for getEndpointFileConfig to validate endpoint configuration handling
* refactor: streamline agent endpoint assignment and improve file filtering logic
* feat: add error handling for disabled file uploads in endpoint configuration
* refactor: update encodeAndFormat functions to accept structured parameters for provider and endpoint
* refactor: streamline requestFiles handling in initializeAgent function
* fix: getEndpointFileConfig partial config merging scenarios
* refactor: enhance mergeWithDefault function to support document-supported providers with comprehensive MIME types
* refactor: user-configured default file config in getEndpointFileConfig
* fix: prevent file handling when endpoint is disabled and file is dragged to chat
* refactor: move `getEndpointField` to `data-provider` and update usage across components and hooks
* fix: prioritize endpointType based on agent.endpoint in file filtering logic
* fix: prioritize agent.endpoint in file filtering logic and remove unnecessary endpointType defaulting
* chore: remove `@langchain/community` dependency
* refactor: remove SerpAPI integration and update related imports
* chore: remove legacy code with unnecessary dependencies
* chore: cleanup packages
* chore: cleanup packages
* chore: update openai dependency version to 5.10.1
* chore: add back @librechat/agents dependency
* chore: downgrade openai dependency from 5.10.1 to 5.8.2
* Remove dependency on @librechat/agents from the API package
* chore: add @librechat/agents dependency to the API package
* fix: add useLegacyContent property to RunAgent type and propagate it in createRun function
* chore: remove openai dependency version 5.10.1 from package.json
* feat: Add support for agent handoffs with edges in agent forms and schemas
chore: Mark `agent_ids` field as deprecated in favor of edges across various schemas and types
chore: Update dependencies for @langchain/core and @librechat/agents to latest versions
chore: Update peer dependency for @librechat/agents to version 3.0.0-rc2 in package.json
chore: Update @librechat/agents dependency to version 3.0.0-rc3 in package.json and package-lock.json
feat: first pass, multi-agent handoffs
fix: update output type to ToolMessage in memory handling functions
fix: improve type checking for graphConfig in createRun function
refactor: remove unused content filtering logic in AgentClient
chore: update @librechat/agents dependency to version 3.0.0-rc4 in package.json and package-lock.json
fix: update @langchain/core peer dependency version to ^0.3.72 in package.json and package-lock.json
fix: update @librechat/agents dependency to version 3.0.0-rc6 in package.json and package-lock.json; refactor stream rate handling in various endpoints
feat: Agent handoff UI
chore: update @librechat/agents dependency to version 3.0.0-rc8 in package.json and package-lock.json
fix: improve hasInfo condition and adjust UI element classes in AgentHandoff component
refactor: remove current fixed agent display from AgentHandoffs component due to redundancy
feat: enhance AgentHandoffs UI with localized beta label and improved layout
chore: update @librechat/agents dependency to version 3.0.0-rc10 in package.json and package-lock.json
feat: add `createSequentialChainEdges` function to add back agent chaining via multi-agents
feat: update `createSequentialChainEdges` call to only provide conversation context between agents
feat: deprecate Agent Chain functionality and update related methods for improved clarity
* chore: update @librechat/agents dependency to version 3.0.0-rc11 in package.json and package-lock.json
* refactor: remove unused addCacheControl function and related imports and import from @librechat/agents
* chore: remove unused i18n keys
* refactor: remove unused format export from index.ts
* chore: update @librechat/agents to v3.0.0-rc13
* chore: remove BEDROCK_LEGACY provider from Providers enum
* chore: update @librechat/agents to version 3.0.2 in package.json
* refactor: Restructure MCP registry system with caching
- Split MCPServersRegistry into modular components:
- MCPServerInspector: handles server inspection and health checks
- MCPServersInitializer: manages server initialization logic
- MCPServersRegistry: simplified registry coordination
- Add distributed caching layer:
- ServerConfigsCacheRedis: Redis-backed configuration cache
- ServerConfigsCacheInMemory: in-memory fallback cache
- RegistryStatusCache: distributed leader election state
- Add promise utilities (withTimeout) replacing Promise.race patterns
- Add comprehensive cache integration tests for all cache implementations
- Remove unused MCPManager.getAllToolFunctions method
* fix: Update OAuth flow to include user-specific headers
* chore: Update Jest configuration to ignore additional test files
- Added patterns to ignore files ending with .helper.ts and .helper.d.ts in testPathIgnorePatterns for cleaner test runs.
* fix: oauth headers in callback
* chore: Update Jest testPathIgnorePatterns to exclude helper files
- Modified testPathIgnorePatterns in package.json to ignore files ending with .helper.ts and .helper.d.ts for cleaner test execution.
* ci: update test mocks
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* 🦙 fix: Ollama Custom Headers
* chore: Correct import order for resolveHeaders in OllamaClient.js
* fix: Improve error logging for Ollama API model fetch failure
* ci: update Ollama model fetch tests
* ci: Add unit test for passing headers and user object to Ollama fetchModels
* Refactored the logic for determining max output tokens in the agent initialization process.
* Changed variable names for clarity, updating from `maxTokens` to `maxOutputTokens` to better reflect their purpose.
* Adjusted calculations for `maxContextTokens` to use the new `maxOutputTokens` variable.
* chore: correct startupConfig usage in ImportConversations component
* refactor: properly process configured speechToText and textToSpeech settings in getCustomConfigSpeech
* refactor: proxy configuration by utilizing HttpsProxyAgent for OpenAI Image Edits
* refactor: remove `useChatContext` from `useSelectMention`, explicitly pass `conversation` object
* feat: ephemeral agents via model specs
* refactor: Sync Jotai state with ephemeral agent state, also when Ephemeral Agent has no MCP servers selected
* refactor: move `useUpdateEphemeralAgent` to store and clean up imports
* refactor: reorder imports and invalidate queries for mcpConnectionStatus in event handler
* refactor: replace useApplyModelSpecEffects with useApplyModelSpecAgents and update event handlers to use new agent template logic
* ci: update useMCPSelect test to verify mcpValues sync with empty ephemeralAgent.mcp
* updated gpt5-pro
it is here and on openrouter
https://platform.openai.com/docs/models/gpt-5-pro
* feat: Add gpt-5-pro pricing
- Implemented handling for the new gpt-5-pro model in the getValueKey function.
- Updated tests to ensure correct behavior for gpt-5-pro across various scenarios.
- Adjusted token limits and multipliers for gpt-5-pro in the tokens utility files.
- Enhanced model matching functionality to include gpt-5-pro variations.
* refactor: optimize model pricing and validation logic
- Added new model pricing entries for llama2, llama3, and qwen variants in tx.js.
- Updated tokenValues to include additional models and their pricing structures.
- Implemented validation tests in tx.spec.js to ensure all models resolve correctly to pricing.
- Refactored getValueKey function to improve model matching and resolution efficiency.
- Removed outdated model entries from tokens.ts to streamline pricing management.
* fix: add missing pricing
* chore: update model pricing for qwen and gemma variants
* chore: update model pricing and add validation for context windows
- Removed outdated model entries from tx.js and updated tokenValues with new models.
- Added a test in tx.spec.js to ensure all models with pricing have corresponding context windows defined in tokens.ts.
- Introduced 'command-text' model pricing in tokens.ts to maintain consistency across model definitions.
* chore: update model names and pricing for AI21 and Amazon models
- Refactored model names in tx.js for AI21 and Amazon models to remove versioning and improve consistency.
- Updated pricing values in tokens.ts to reflect the new model names.
- Added comprehensive tests in tx.spec.js to validate pricing for both short and full model names across AI21 and Amazon models.
* feat: add pricing and validation for Claude Haiku 4.5 model
* chore: increase default max context tokens to 18000 for agents
* feat: add Qwen3 model pricing and validation tests
* chore: reorganize and update Qwen model pricing in tx.js and tokens.ts
---------
Co-authored-by: khfung <68192841+khfung@users.noreply.github.com>
* feat: Add group field to modelSpecs for flexible grouping
* resolve lint issues
* fix test
* docs: enhance modelSpecs group field documentation for clarity
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
- problem: `addImageUrls` had a side effect that was being leveraged before to populate both the `ocr` message field, now `fileContext`, and `client.options.attachments`, which would record the user's uploaded message attachments to the user message when saved to the database and returned at the end of the request lifecycle
- solution: created dedicated handling for file context, and made sure to populate `allFiles` with non-provider attachments
* 📎 feat: Direct Provider Attachment Support for Multimodal Content
* 📑 feat: Anthropic Direct Provider Upload (#9072)
* feat: implement Anthropic native PDF support with document preservation
- Add comprehensive debug logging throughout PDF processing pipeline
- Refactor attachment processing to separate image and document handling
- Create distinct addImageURLs(), addDocuments(), and processAttachments() methods
- Fix critical bugs in stream handling and parameter passing
- Add streamToBuffer utility for proper stream-to-buffer conversion
- Remove api/agents submodule from repository
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* chore: remove out of scope formatting changes
* fix: stop duplication of file in chat on end of response stream
* chore: bring back file search and ocr options
* chore: localize upload to provider string in file menu
* refactor: change createMenuItems args to fit new pattern introduced by anthropic-native-pdf-support
* feat: add cache point for pdfs processed by anthropic endpoint since they are unlikely to change and should benefit from caching
* feat: combine Upload Image into Upload to Provider since they both perform direct upload and change provider upload icon to reflect multimodal upload
* feat: add citations support according to docs
* refactor: remove redundant 'document' check since documents are handled properly by formatMessage in the agents repo now
* refactor: change upload logic so anthropic endpoint isn't exempted from normal upload path using Agents for consistency with the rest of the upload logic
* fix: include width and height in return from uploadLocalFile so images are correctly identified when going through an AgentUpload in addImageURLs
* chore: remove client specific handling since the direct provider stuff is handled by the agent client
* feat: handle documents in AgentClient so no need for change to agents repo
* chore: removed unused changes
* chore: remove auto generated comments from OG commit
* feat: add logic for agents to use direct to provider uploads if supported (currently just anthropic)
* fix: reintroduce role check to fix render error because of undefined value for Content Part
* fix: actually fix render bug by using proper isCreatedByUser check and making sure our mutation of formattedMessage.content is consistent
---------
Co-authored-by: Andres Restrepo <andres@thelinuxkid.com>
Co-authored-by: Claude <noreply@anthropic.com>
📁 feat: Send Attachments Directly to Provider (OpenAI) (#9098)
* refactor: change references from direct upload to direct attach to better reflect functionality
since we are just using base64 encoding strategy now rather than Files/File API for sending our attachments directly to the provider, the upload nomenclature no longer makes sense. direct_attach better describes the different methods of sending attachments to providers anyways even if we later introduce direct upload support
* feat: add upload to provider option for openai (and agent) ui
* chore: move anthropic pdf validator over to packages/api
* feat: simple pdf validation according to openai docs
* feat: add provider agnostic validatePdf logic to start handling multiple endpoints
* feat: add handling for openai specific documentPart formatting
* refactor: move require statement to proper place at top of file
* chore: add in openAI endpoint for the rest of the document handling logic
* feat: add direct attach support for azureOpenAI endpoint and agents
* feat: add pdf validation for azureOpenAI endpoint
* refactor: unify all the endpoint checks with isDocumentSupportedEndpoint
* refactor: consolidate Upload to Provider vs Upload image logic for clarity
* refactor: remove anthropic from anthropic_multimodal fileType since we support multiple providers now
🗂️ feat: Send Attachments Directly to Provider (Google) (#9100)
* feat: add validation for google PDFs and add google endpoint as a document supporting endpoint
* feat: add proper pdf formatting for google endpoints (requires PR #14 in agents)
* feat: add multimodal support for google endpoint attachments
* feat: add audio file svg
* fix: refactor attachments logic so multi-attachment messages work properly
* feat: add video file svg
* fix: allows for followup questions of uploaded multimodal attachments
* fix: remove incorrect final message filtering that was breaking Attachment component rendering
fix: manualy rename 'documents' to 'Documents' in git since it wasn't picked up due to case insensitivity in dir name
fix: add logic so filepicker for a google agent has proper filetype filtering
🛫 refactor: Move Encoding Logic to packages/api (#9182)
* refactor: move audio encode over to TS
* refactor: audio encoding now functional in LC again
* refactor: move video encode over to TS
* refactor: move document encode over to TS
* refactor: video encoding now functional in LC again
* refactor: document encoding now functional in LC again
* fix: extend file type options in AttachFileMenu to include 'google_multimodal' and update dependency array to include agent?.provider
* feat: only accept pdfs if responses api is enabled for openai convos
chore: address ESLint comments
chore: add missing audio mimetype
* fix: type safety for message content parts and improve null handling
* chore: reorder AttachFileMenuProps for consistency and clarity
* chore: import order in AttachFileMenu
* fix: improve null handling for text parts in parseTextParts function
* fix: remove no longer used unsupported capability error message for file uploads
* fix: OpenAI Direct File Attachment Format
* fix: update encodeAndFormatDocuments to support OpenAI responses API and enhance document result types
* refactor: broaden providers supported for documents
* feat: enhance DragDrop context and modal to support document uploads based on provider capabilities
* fix: reorder import statements for consistency in video encoding module
---------
Co-authored-by: Dustin Healy <54083382+dustinhealy@users.noreply.github.com>
* chore: linting for `loadCustomConfig`
* refactor: decouple CDN init and variable/health checks from AppService
* refactor: move AppService to packages/data-schemas
* chore: update AppConfig import path to use data-schemas
* chore: update JsonSchemaType import path to use data-schemas
* refactor: update UserController to import webSearchKeys and redefine FunctionTool typedef
* chore: remove AppService.js
* refactor: update AppConfig interface to use Partial<TCustomConfig> and make paths and fileStrategies optional
* refactor: update checkConfig function to accept Partial<TCustomConfig>
* chore: fix types
* refactor: move handleRateLimits to startup checks as is an effect
* test: remove outdated rate limit tests from AppService.spec and add new handleRateLimits tests in checks.spec
* initialize servers sequentially
* adjust for exported properties that are not nullable anymore
* use underscore separator
* mock with set
* customize init timeout via env var
* refactor for readability, use loaded conns for tool functions
* address PR comments
* clean up fire-and-forget
* fix tests
* 🧹 chore: Update logger imports to use @librechat/data-schemas across multiple files and remove unused sleep function from queue.js (#9930)
* chore: Replace local isEnabled utility with @librechat/api import across multiple files, update test files
* chore: Replace local logger import with @librechat/data-schemas logger in countTokens.js and fork.js
* chore: Update logs volume path in docker-compose.yml to correct directory
* chore: import order of isEnabled in static.js
* initialize servers sequentially
* adjust for exported properties that are not nullable anymore
* use underscore separator
* mock with set
* customize init timeout via env var
* chore: move domain related functions to `packages/api`
* fix: isEmailDomainAllowed for case-insensitive domain matching
- Added tests to validate case-insensitive matching for email domains in various scenarios.
- Updated isEmailDomainAllowed function to convert email domains to lowercase for consistent comparison.
- Improved handling of null/undefined entries in allowedDomains.
* ci: Mock isEmailDomainAllowed in samlStrategy tests
- Added a mock implementation for isEmailDomainAllowed to return true in samlStrategy tests, ensuring consistent behavior during test execution.
* ci: Update import of isEmailDomainAllowed in ldapStrategy tests
- Changed the import of isEmailDomainAllowed from the domains service to the api package for consistency and to reflect recent refactoring.
* refactor: move `loadOCRConfig` from `packages/data-provider` to `packages/api` and return `undefined` if not explicitly configured
* fix: loadOCRConfig import from @librechat/api
* refactor: update defaultTextMimeTypes to support virtually all file types for text parsing
* fix: improve OCR capability check and error message for unsupported file types
* ci: remove unnecessary ocr expectation from AppService test
- Fixed a bug in reinitMCPServer where a user connection was created for an app-level server whenever this server is reinitialized
- Made MCPManager.getUserConnection to return an error if the connection is app-level
- Add MCPManager.getConnection to return either an app connection or a user connection based on the serverName
- Made MCPManager.appConnections public to avoid unnecessary wrapper methods.
🔄 refactor: Optimize MCP Tool Initialization
fix: update tool caching to use separated mcp logic
refactor: Replace `req.user` with `userId` in MCP handling functions
refactor: Replace `req` parameter with `userId` in file search tool functions
fix: Update user connection parameter to use object format in reinitMCPServer
refactor: Simplify MCP tool creation logic and improve handling of tool configurations to avoid capturing too much in closures
refactor: ensure MCP available tools are fetched from cache only when needed
* fix: respect server's token endpoint auth methods for MCP OAuth refresh
Previously, LibreChat always used Basic Auth when refreshing OAuth tokens if a
client_secret was present. This caused issues with servers (like FastMCP) that
only support client_secret_post. Now properly checks and respects the server's
advertised token_endpoint_auth_methods_supported.
Fixes token refresh failures with error: "refresh_token.client_id: Field required"
* chore: remove MCP OAuth URL Logging
* WIP: conversion of `ocr` to `context`
* refactor: make `primeResources` backwards-compatible for `ocr` tool_resources
* refactor: Convert legacy `ocr` tool resource to `context` in agent updates
- Implemented conversion logic to replace `ocr` with `context` in both incoming updates and existing agent data.
- Merged file IDs and files from `ocr` into `context` while ensuring deduplication.
- Updated tools array to reflect the change from `ocr` to `context`.
* refactor: Enhance context file handling in agent processing
- Updated the logic for managing context files by consolidating file IDs from both `ocr` and `context` resources.
- Improved backwards compatibility by ensuring that context files are correctly populated and handled.
- Simplified the iteration over context files for better readability and maintainability.
* refactor: Enhance tool_resources handling in primeResources
- Added tests to verify the deletion behavior of tool_resources fields, ensuring original objects remain unchanged.
- Implemented logic to delete `ocr` and `context` fields after fetching and re-categorizing files.
- Preserved context field when the context capability is disabled, ensuring correct behavior in various scenarios.
* refactor: Replace `ocrEnabled` with `contextEnabled` in AgentConfig
* refactor: Adjust legacy tool handling order for improved clarity
* refactor: Implement OCR to context conversion functions and remove original conversion logic in update agent handling
* refactor: Move contextEnabled declaration to maintain consistent order in capabilities
* refactor: Update localization keys for file context to improve clarity and accuracy
* chore: Update localization key for file context information to improve clarity
