mirror of https://github.com/danny-avila/LibreChat.git synced 2026-04-03 06:17:21 +02:00

Enhanced ChatGPT Clone: Features Agents, MCP, DeepSeek, Anthropic, AWS, OpenAI, Responses API, Azure, Groq, o1, GPT-5, Mistral, OpenRouter, Vertex AI, Gemini, Artifacts, AI model switching, message search, Code Interpreter, langchain, DALL-E-3, OpenAPI Actions, Functions, Secure Multi-User Auth, Presets, open-source for self-hosting. Active. https://librechat.ai/

ai anthropic artifacts aws azure chatgpt chatgpt-clone claude clone deepseek gemini google gpt-5 librechat mcp o1 openai responses-api vision webui

Find a file

Danny Avila 9f6d8c6e93 🧵 feat: ALS Context Middleware, Tenant Threading, and Config Cache Invalidation (#12407 ) * feat: add tenant context middleware for ALS-based isolation Introduces tenantContextMiddleware that propagates req.user.tenantId into AsyncLocalStorage, activating the Mongoose applyTenantIsolation plugin for all downstream DB queries within a request. - Strict mode (TENANT_ISOLATION_STRICT=true) returns 403 if no tenantId - Non-strict mode passes through for backward compatibility - No-op for unauthenticated requests - Includes 6 unit tests covering all paths * feat: register tenant middleware and wrap startup/auth in runAsSystem() - Register tenantContextMiddleware in Express app after capability middleware - Wrap server startup initialization in runAsSystem() for strict mode compat - Wrap auth strategy getAppConfig() calls in runAsSystem() since they run before user context is established (LDAP, SAML, OpenID, social login, AuthService) * feat: thread tenantId through all getAppConfig callers Pass tenantId from req.user to getAppConfig() across all callers that have request context, ensuring correct per-tenant cache key resolution. Also fixes getBaseConfig admin endpoint to scope to requesting admin's tenant instead of returning the unscoped base config. Files updated: - Controllers: UserController, PluginController - Middleware: checkDomainAllowed, balance - Routes: config - Services: loadConfigModels, loadDefaultModels, getEndpointsConfig, MCP - Audio services: TTSService, STTService, getVoices, getCustomConfigSpeech - Admin: getBaseConfig endpoint * feat: add config cache invalidation on admin mutations - Add clearOverrideCache(tenantId?) to flush per-principal override caches by enumerating Keyv store keys matching _OVERRIDE_: prefix - Add invalidateConfigCaches() helper that clears base config, override caches, tool caches, and endpoint config cache in one call - Wire invalidation into all 5 admin config mutation handlers (upsert, patch, delete field, delete overrides, toggle active) - Add strict mode warning when __default__ tenant fallback is used - Add 3 new tests for clearOverrideCache (all/scoped/base-preserving) * chore: update getUserPrincipals comment to reflect ALS-based tenant filtering The TODO(#12091) about missing tenantId filtering is resolved by the tenant context middleware + applyTenantIsolation Mongoose plugin. Group queries are now automatically scoped by tenantId via ALS. * fix: replace runAsSystem with baseOnly for pre-tenant code paths App configs are tenant-owned — runAsSystem() would bypass tenant isolation and return cross-tenant DB overrides. Instead, add baseOnly option to getAppConfig() that returns YAML-derived config only, with zero DB queries. All startup code, auth strategies, and MCP initialization now use getAppConfig({ baseOnly: true }) to get the YAML config without touching the Config collection. * fix: address PR review findings — middleware ordering, types, cache safety - Chain tenantContextMiddleware inside requireJwtAuth after passport auth instead of global app.use() where req.user is always undefined (Finding 1) - Remove global tenantContextMiddleware registration from index.js - Update BalanceMiddlewareOptions to include tenantId, remove redundant cast (Finding 4) - Add warning log when clearOverrideCache cannot enumerate keys on Redis (Finding 3) - Use startsWith instead of includes for cache key filtering (Finding 12) - Use generator loop instead of Array.from for key enumeration (Finding 3) - Selective barrel export — exclude _resetTenantMiddlewareStrictCache (Finding 5) - Move isMainThread check to module level, remove per-request check (Finding 9) - Move mid-file require to top of app.js (Finding 8) - Parallelize invalidateConfigCaches with Promise.all (Finding 10) - Remove clearOverrideCache from public app.js exports (internal only) - Strengthen getUserPrincipals comment re: ALS dependency (Finding 2) * fix: restore runAsSystem for startup DB ops, consolidate require, clarify baseOnly - Restore runAsSystem() around performStartupChecks, updateInterfacePermissions, initializeMCPs, and initializeOAuthReconnectManager — these make Mongoose queries that need system context in strict tenant mode (NEW-3) - Consolidate duplicate require('@librechat/api') in requireJwtAuth.js (NEW-1) - Document that baseOnly ignores role/userId/tenantId in JSDoc (NEW-2) * test: add requireJwtAuth tenant chaining + invalidateConfigCaches tests - requireJwtAuth: 5 tests verifying ALS tenant context is set after passport auth, isolated between concurrent requests, and not set when user has no tenantId (Finding 6) - invalidateConfigCaches: 4 tests verifying all four caches are cleared, tenantId is threaded through, partial failure is handled gracefully, and operations run in parallel via Promise.all (Finding 11) * fix: address Copilot review — passport errors, namespaced cache keys, /base scoping - Forward passport errors in requireJwtAuth before entering tenant middleware — prevents silent auth failures from reaching handlers (P1) - Account for Keyv namespace prefix in clearOverrideCache — stored keys are namespaced as "APP_CONFIG:_OVERRIDE_:..." not "_OVERRIDE_:...", so override caches were never actually matched/cleared (P2) - Remove role from getBaseConfig — /base should return tenant-scoped base config, not role-merged config that drifts per admin role (P2) - Return tenantStorage.run() for cleaner async semantics - Update mock cache in service.spec.ts to simulate Keyv namespacing * fix: address second review — cache safety, code quality, test reliability - Decouple cache invalidation from mutation response: fire-and-forget with logging so DB mutation success is not masked by cache failures - Extract clearEndpointConfigCache helper from inline IIFE - Move isMainThread check to lazy once-per-process guard (no import side effect) - Memoize process.env read in overrideCacheKey to avoid per-request env lookups and log flooding in strict mode - Remove flaky timer-based parallelism assertion, use structural check - Merge orphaned double JSDoc block on getUserPrincipals - Fix stale [getAppConfig] log prefix → [ensureBaseConfig] - Fix import order in tenant.spec.ts (package types before local values) - Replace "Finding 1" reference with self-contained description - Use real tenantStorage primitives in requireJwtAuth spec mock * fix: move JSDoc to correct function after clearEndpointConfigCache extraction * refactor: remove Redis SCAN from clearOverrideCache, rely on TTL expiry Redis SCAN causes 60s+ stalls under concurrent load (see #12410). APP_CONFIG defaults to FORCED_IN_MEMORY_CACHE_NAMESPACES, so the in-memory store.keys() path handles the standard case. When APP_CONFIG is Redis-backed, overrides expire naturally via overrideCacheTtl (60s default) — an acceptable window for admin config mutations. * fix: remove return from tenantStorage.run to satisfy void middleware signature * fix: address second review — cache safety, code quality, test reliability - Switch invalidateConfigCaches from Promise.all to Promise.allSettled so partial failures are logged individually instead of producing one undifferentiated error (Finding 3) - Gate overrideCacheKey strict-mode warning behind a once-per-process flag to prevent log flooding under load (Finding 4) - Add test for passport error forwarding in requireJwtAuth — the if (err) { return next(err) } branch now has coverage (Finding 5) - Add test for real partial failure in invalidateConfigCaches where clearAppConfigCache rejects (not just the swallowed endpoint error) * chore: reorder imports in index.js and app.js for consistency - Moved logger and runAsSystem imports to maintain a consistent import order across files. - Improved code readability by ensuring related imports are grouped together.		2026-03-26 17:35:00 -04:00
.devcontainer	🪦 refactor: Remove Legacy Code (#10533 )	2025-12-11 16:36:12 -05:00
.github	⚡ refactor: Parallelize CI Workflows with Isolated Caching and Fan-Out Test Jobs (#12088 )	2026-03-05 13:56:07 -05:00
.husky	🎨 refactor: Redesign Sidebar with Unified Icon Strip Layout (#12013 )	2026-03-22 01:15:20 -04:00
.vscode	🔐 feat: Granular Role-based Permissions + Entra ID Group Discovery (#7804 )	2025-08-13 16:24:17 -04:00
api	🧵 feat: ALS Context Middleware, Tenant Threading, and Config Cache Invalidation (#12407 )	2026-03-26 17:35:00 -04:00
client	🪝 fix: Safe Hook Fallbacks for Tool-Call Components in Search Route (#12423 )	2026-03-26 16:40:37 -04:00
config	📦 refactor: Consolidate DB models, encapsulating Mongoose usage in `data-schemas` (#11830 )	2026-03-21 14:28:53 -04:00
e2e	🐘 feat: FerretDB Compatibility (#11769 )	2026-03-21 14:28:49 -04:00
helm	✨ v0.8.4 (#12339 )	2026-03-20 18:01:00 -04:00
packages	🧵 feat: ALS Context Middleware, Tenant Threading, and Config Cache Invalidation (#12407 )	2026-03-26 17:35:00 -04:00
redis-config	🔄 refactor: Migrate Cache Logic to TypeScript (#9771 )	2025-10-02 09:33:58 -04:00
src/tests	🆔 feat: Add OpenID Connect Federated Provider Token Support (#9931 )	2025-11-21 09:51:11 -05:00
utils	🐳 chore: Update image registry references in Docker/Helm configurations (#12026 )	2026-03-02 22:14:50 -05:00
.dockerignore	🐳 : Further Docker build Cleanup & Docs Update (#1502 )	2024-01-06 11:59:08 -05:00
.env.example	⚗️ feat: Agent Context Compaction/Summarization (#12287 )	2026-03-21 14:28:56 -04:00
.gitattributes	🎛️ feat: DB-Backed Per-Principal Config System (#12354 )	2026-03-25 19:39:29 -04:00
.gitignore	🧩 feat: Redesign Tool Call UI with Contextual Icons, Smart Grouping, and Rich Output Rendering (#12163 )	2026-03-25 12:31:39 -04:00
.prettierrc	🧹 chore: Migrate to Flat ESLint Config & Update Prettier Settings (#5737 )	2025-02-09 12:15:20 -05:00
AGENTS.md	🎛️ feat: DB-Backed Per-Principal Config System (#12354 )	2026-03-25 19:39:29 -04:00
bun.lock	✨ v0.8.4 (#12339 )	2026-03-20 18:01:00 -04:00
CLAUDE.md	✳️ docs: Point CLAUDE.md to AGENTS.md (#11886 )	2026-02-20 16:23:33 -05:00
deploy-compose.yml	🔒 chore: Bump MongoDB from 8.0.17 to 8.0.20 in Docker Compose Files (#12399 )	2026-03-25 13:56:43 -04:00
docker-compose.override.yml.example	🐳 chore: Update image registry references in Docker/Helm configurations (#12026 )	2026-03-02 22:14:50 -05:00
docker-compose.yml	🔒 chore: Bump MongoDB from 8.0.17 to 8.0.20 in Docker Compose Files (#12399 )	2026-03-25 13:56:43 -04:00
Dockerfile	✨ v0.8.4 (#12339 )	2026-03-20 18:01:00 -04:00
Dockerfile.multi	✨ v0.8.4 (#12339 )	2026-03-20 18:01:00 -04:00
eslint.config.mjs	📦 refactor: Consolidate DB models, encapsulating Mongoose usage in `data-schemas` (#11830 )	2026-03-21 14:28:53 -04:00
librechat.example.yaml	✨ v0.8.3 (#12161 )	2026-03-09 15:19:57 -04:00
LICENSE	⚖️ docs: Update LICENSE.md Year: 2024 -> 2025 (#5915 )	2025-02-17 10:39:46 -05:00
package-lock.json	🔄 refactor: Migrate to `react-resizable-panels` v4 with Artifacts Header polish (#12356 )	2026-03-22 02:21:27 -04:00
package.json	✨ v0.8.4 (#12339 )	2026-03-20 18:01:00 -04:00
rag.yml	🐳 chore: Update image registry references in Docker/Helm configurations (#12026 )	2026-03-02 22:14:50 -05:00
README.md	📝 docs: add UTM tracking parameters to Railway deployment links (#12228 )	2026-03-26 13:43:33 -04:00
README.zh.md	🏮 docs: Add Simplified Chinese README Translation (#12323 )	2026-03-20 13:08:48 -04:00
turbo.json	🏎️ feat: Smart Reinstall with Turborepo Caching for Better DX (#11785 )	2026-02-13 14:25:26 -05:00

README.md

LibreChat

English · 中文

✨ Features

🖥️ UI & Experience inspired by ChatGPT with enhanced design and features
🤖 AI Model Selection:
- Anthropic (Claude), AWS Bedrock, OpenAI, Azure OpenAI, Google, Vertex AI, OpenAI Responses API (incl. Azure)
- Custom Endpoints: Use any OpenAI-compatible API with LibreChat, no proxy required
- Compatible with Local & Remote AI Providers:
  - Ollama, groq, Cohere, Mistral AI, Apple MLX, koboldcpp, together.ai,
  - OpenRouter, Helicone, Perplexity, ShuttleAI, Deepseek, Qwen, and more
🔧 Code Interpreter API:
- Secure, Sandboxed Execution in Python, Node.js (JS/TS), Go, C/C++, Java, PHP, Rust, and Fortran
- Seamless File Handling: Upload, process, and download files directly
- No Privacy Concerns: Fully isolated and secure execution
🔦 Agents & Tools Integration:
- LibreChat Agents:
  - No-Code Custom Assistants: Build specialized, AI-driven helpers
  - Agent Marketplace: Discover and deploy community-built agents
  - Collaborative Sharing: Share agents with specific users and groups
  - Flexible & Extensible: Use MCP Servers, tools, file search, code execution, and more
  - Compatible with Custom Endpoints, OpenAI, Azure, Anthropic, AWS Bedrock, Google, Vertex AI, Responses API, and more
  - Model Context Protocol (MCP) Support for Tools
🔍 Web Search:
- Search the internet and retrieve relevant information to enhance your AI context
- Combines search providers, content scrapers, and result rerankers for optimal results
- Customizable Jina Reranking: Configure custom Jina API URLs for reranking services
- Learn More →
🪄 Generative UI with Code Artifacts:
- Code Artifacts allow creation of React, HTML, and Mermaid diagrams directly in chat
🎨 Image Generation & Editing
- Text-to-image and image-to-image with GPT-Image-1
- Text-to-image with DALL-E (3/2), Stable Diffusion, Flux, or any MCP server
- Produce stunning visuals from prompts or refine existing images with a single instruction
💾 Presets & Context Management:
- Create, Save, & Share Custom Presets
- Switch between AI Endpoints and Presets mid-chat
- Edit, Resubmit, and Continue Messages with Conversation branching
- Create and share prompts with specific users and groups
- Fork Messages & Conversations for Advanced Context control
💬 Multimodal & File Interactions:
- Upload and analyze images with Claude 3, GPT-4.5, GPT-4o, o1, Llama-Vision, and Gemini 📸
- Chat with Files using Custom Endpoints, OpenAI, Azure, Anthropic, AWS Bedrock, & Google 🗃️
🌎 Multilingual UI:
- English, 中文 (简体), 中文 (繁體), العربية, Deutsch, Español, Français, Italiano
- Polski, Português (PT), Português (BR), Русский, 日本語, Svenska, 한국어, Tiếng Việt
- Türkçe, Nederlands, עברית, Català, Čeština, Dansk, Eesti, فارسی
- Suomi, Magyar, Հայերեն, Bahasa Indonesia, ქართული, Latviešu, ไทย, ئۇيغۇرچە
🧠 Reasoning UI:
- Dynamic Reasoning UI for Chain-of-Thought/Reasoning AI models like DeepSeek-R1
🎨 Customizable Interface:
- Customizable Dropdown & Interface that adapts to both power users and newcomers
🌊 Resumable Streams:
- Never lose a response: AI responses automatically reconnect and resume if your connection drops
- Multi-Tab & Multi-Device Sync: Open the same chat in multiple tabs or pick up on another device
- Production-Ready: Works from single-server setups to horizontally scaled deployments with Redis
🗣️ Speech & Audio:
- Chat hands-free with Speech-to-Text and Text-to-Speech
- Automatically send and play Audio
- Supports OpenAI, Azure OpenAI, and Elevenlabs
📥 Import & Export Conversations:
- Import Conversations from LibreChat, ChatGPT, Chatbot UI
- Export conversations as screenshots, markdown, text, json
🔍 Search & Discovery:
- Search all messages/conversations
👥 Multi-User & Secure Access:
- Multi-User, Secure Authentication with OAuth2, LDAP, & Email Login Support
- Built-in Moderation, and Token spend tools
⚙️ Configuration & Deployment:
- Configure Proxy, Reverse Proxy, Docker, & many Deployment options
- Use completely local or deploy on the cloud
📖 Open-Source & Community:
- Completely Open-Source & Built in Public
- Community-driven development, support, and feedback

For a thorough review of our features, see our docs here 📚

🪶 All-In-One AI Conversations with LibreChat

LibreChat is a self-hosted AI chat platform that unifies all major AI providers in a single, privacy-focused interface.

Beyond chat, LibreChat provides AI Agents, Model Context Protocol (MCP) support, Artifacts, Code Interpreter, custom actions, conversation search, and enterprise-ready multi-user authentication.

Open source, actively developed, and built for anyone who values control over their AI infrastructure.

🌐 Resources

GitHub Repo:

RAG API: github.com/danny-avila/rag_api
Website: github.com/LibreChat-AI/librechat.ai

Other:

Website: librechat.ai
Documentation: librechat.ai/docs
Blog: librechat.ai/blog

📝 Changelog

Keep up with the latest updates by visiting the releases page and notes:

⚠️ Please consult the changelog for breaking changes before updating.

⭐ Star History

✨ Contributions

Contributions, suggestions, bug reports and fixes are welcome!

For new features, components, or extensions, please open an issue and discuss before sending a PR.

If you'd like to help translate LibreChat into your language, we'd love your contribution! Improving our translations not only makes LibreChat more accessible to users around the world but also enhances the overall user experience. Please check out our Translation Guide.

💖 This project exists in its current state thanks to all the people who contribute

🎉 Special Thanks

We thank Locize for their translation management tools that support multiple languages in LibreChat.