mirror of https://github.com/danny-avila/LibreChat.git synced 2026-04-03 06:17:21 +02:00

Enhanced ChatGPT Clone: Features Agents, MCP, DeepSeek, Anthropic, AWS, OpenAI, Responses API, Azure, Groq, o1, GPT-5, Mistral, OpenRouter, Vertex AI, Gemini, Artifacts, AI model switching, message search, Code Interpreter, langchain, DALL-E-3, OpenAPI Actions, Functions, Secure Multi-User Auth, Presets, open-source for self-hosting. Active. https://librechat.ai/

ai anthropic artifacts aws azure chatgpt chatgpt-clone claude clone deepseek gemini google gpt-5 librechat mcp o1 openai responses-api vision webui

Find a file

Danny Avila aa575b274b 🛡️ refactor: Self-Healing Tenant Isolation Update Guard (#12506 ) * refactor: self-healing tenant isolation update guard Replace the strict throw-on-any-tenantId guard with a strip-or-throw approach: - $set/$setOnInsert: strip when value matches current tenant or no context is active; throw only on cross-tenant mutations - $unset/$rename: always strip (unsetting/renaming tenantId is never valid) - Top-level tenantId: same logic as $set This eliminates the entire class of "tenantId in update payload" bugs at the plugin level while preserving the cross-tenant security invariant. * test: update mutation guard tests for self-healing behavior - Convert same-tenant $set/$setOnInsert tests to expect silent stripping instead of throws - Convert $unset test to expect silent stripping - Add cross-tenant throw tests for $set, $setOnInsert, top-level - Add same-tenant stripping tests for $set, $setOnInsert, top-level - Add $rename stripping test - Add no-context stripping test - Update error message assertions to match new cross-tenant message * revert: remove call-site tenantId stripping patches Revert the per-call-site tenantId stripping from #12498 and the excludedKeys patch from #12501. These are no longer needed since the self-healing guard handles tenantId in update payloads at the plugin level. Reverted patches: - conversation.ts: delete update.tenantId in saveConvo(), tenantId destructuring in bulkSaveConvos() - message.ts: delete update.tenantId in saveMessage() and recordMessage(), tenantId destructuring in bulkSaveMessages() and updateMessage() - config.ts: tenantId in excludedKeys Set - config.spec.ts: tenantId in excludedKeys test assertion * fix: strip tenantId from update documents in tenantSafeBulkWrite Mongoose middleware does not fire for bulkWrite, so the plugin-level guard never sees update payloads in bulk operations. Extend injectTenantId() to strip tenantId from update documents for updateOne/updateMany operations, preventing cross-tenant overwrites. * refactor: rename guard, add empty-op cleanup and strict-mode warning - Rename assertNoTenantIdMutation to sanitizeTenantIdMutation - Remove empty operator objects after stripping to avoid MongoDB errors - Log warning in strict mode when stripping tenantId without context - Fix $setOnInsert test to use upsert:true with non-matching filter * test: fix bulk-save tests and add negative excludedKeys assertion - Wrap bulkSaveConvos/bulkSaveMessages tests in tenantStorage.run() to exercise the actual multi-tenant stripping path - Assert tenantId equals the real tenant, not undefined - Add negative assertion: excludedKeys must NOT contain tenantId * fix: type-safe tenantId stripping in tenantSafeBulkWrite - Fix TS2345 error: replace conditional type inference with UpdateQuery<Record<string, unknown>> for stripTenantIdFromUpdate - Handle empty updates after stripping (e.g., $set: { tenantId } as sole field) by filtering null ops from the bulk array - Add 4 tests for bulk update tenantId stripping: plain-object update, $set stripping, $unset stripping, and sole-field-in-$set edge case * fix: resolve TS2345 in stripTenantIdFromUpdate parameter type Use Record<string, unknown> instead of UpdateQuery<> to avoid type incompatibility with Mongoose's AnyObject-based UpdateQuery resolution in CI. * fix: strip tenantId from bulk updates unconditionally Separate sanitization from injection in tenantSafeBulkWrite: tenantId is now stripped from all update documents before any tenant-context checks, closing the gap where no-context and system-context paths passed caller-supplied tenantId through to MongoDB unmodified. * refactor: address review findings in tenant isolation - Fix early-return gap in stripTenantIdFromUpdate that skipped operator-level tenantId when top-level was also present - Lazy-allocate copy in stripTenantIdFromUpdate (no allocation when no tenantId is present) - Document behavioral asymmetry: plugin throws on cross-tenant, bulkWrite strips silently (intentional, documented in JSDoc) - Remove double JSDoc on injectTenantId - Remove redundant cast in stripTenantIdFromUpdate - Use shared frozen EMPTY_BULK_RESULT constant - Remove Record<string, unknown> annotation in recordMessage - Isolate bulkSave* tests: pre-create docs then update with cross-tenant payload, read via runAsSystem to prove stripping is independent of filter injection * fix: no-op empty updates after tenantId sanitization When tenantId is the sole field in an update (e.g., { $set: { tenantId } }), sanitization leaves an empty update object that would fail with "Update document requires atomic operators." The updateGuard now detects this and short-circuits the query by adding an unmatchable filter condition and disabling upsert, matching the bulk-write handling that filters out null ops. * refactor: remove dead logger.warn branches, add mixed-case test - Remove unreachable logger.warn calls in sanitizeTenantIdMutation: queryMiddleware throws before updateGuard in strict+no-context, and isStrict() is false in non-strict+no-context - Add test for combined top-level + operator-level tenantId stripping to lock in the early-return fix * feat: ESLint rule to ban raw bulkWrite and collection.* in data-schemas Add no-restricted-syntax rules to the data-schemas ESLint config that flag direct Model.bulkWrite() and Model.collection.* calls. These bypass Mongoose middleware and the tenant isolation plugin — all bulk writes must use tenantSafeBulkWrite() instead. Test files are excluded since they intentionally use raw driver calls for fixture setup. Also migrate the one remaining raw bulkWrite in seedSystemGrants() to use tenantSafeBulkWrite() for consistency. * test: add findByIdAndUpdate coverage to mutation guard tests * fix: keep tenantSafeBulkWrite in seedSystemGrants, fix ESLint config - Revert to tenantSafeBulkWrite in seedSystemGrants (always runs under runAsSystem, so the wrapper passes through correctly) - Split data-schemas ESLint config: shared TS rules for all files, no-restricted-syntax only for production non-wrapper files - Fix unused destructure vars to use _tenantId pattern		2026-04-01 19:07:52 -04:00
.devcontainer	🪦 refactor: Remove Legacy Code (#10533 )	2025-12-11 16:36:12 -05:00
.github	🔬 ci: Add TypeScript Type Checks to Backend Workflow and Fix All Type Errors (#12451 )	2026-03-28 21:06:39 -04:00
.husky	🎨 refactor: Redesign Sidebar with Unified Icon Strip Layout (#12013 )	2026-03-22 01:15:20 -04:00
.vscode	🔐 feat: Granular Role-based Permissions + Entra ID Group Discovery (#7804 )	2025-08-13 16:24:17 -04:00
api	🛡️ fix: Restrict System Grants to Role Principals (#12491 )	2026-03-31 19:25:14 -04:00
client	🔑 fix: Auth-Aware Startup Config Caching for Fresh Sessions (#12505 )	2026-04-01 17:20:39 -04:00
config	📦 refactor: Consolidate DB models, encapsulating Mongoose usage in `data-schemas` (#11830 )	2026-03-21 14:28:53 -04:00
e2e	🐘 feat: FerretDB Compatibility (#11769 )	2026-03-21 14:28:49 -04:00
helm	✨ v0.8.4 (#12339 )	2026-03-20 18:01:00 -04:00
packages	🛡️ refactor: Self-Healing Tenant Isolation Update Guard (#12506 )	2026-04-01 19:07:52 -04:00
redis-config	🔄 refactor: Migrate Cache Logic to TypeScript (#9771 )	2025-10-02 09:33:58 -04:00
src/tests	🆔 feat: Add OpenID Connect Federated Provider Token Support (#9931 )	2025-11-21 09:51:11 -05:00
utils	🐳 chore: Update image registry references in Docker/Helm configurations (#12026 )	2026-03-02 22:14:50 -05:00
.dockerignore	🐳 : Further Docker build Cleanup & Docs Update (#1502 )	2024-01-06 11:59:08 -05:00
.env.example	⚗️ feat: Agent Context Compaction/Summarization (#12287 )	2026-03-21 14:28:56 -04:00
.gitattributes	🎛️ feat: DB-Backed Per-Principal Config System (#12354 )	2026-03-25 19:39:29 -04:00
.gitignore	🧩 feat: Redesign Tool Call UI with Contextual Icons, Smart Grouping, and Rich Output Rendering (#12163 )	2026-03-25 12:31:39 -04:00
.prettierrc	🧹 chore: Migrate to Flat ESLint Config & Update Prettier Settings (#5737 )	2025-02-09 12:15:20 -05:00
AGENTS.md	📋 chore: Move project instructions from AGENTS.md to CLAUDE.md	2026-03-31 21:50:38 -04:00
bun.lock	✨ v0.8.4 (#12339 )	2026-03-20 18:01:00 -04:00
CLAUDE.md	📋 chore: Move project instructions from AGENTS.md to CLAUDE.md	2026-03-31 21:50:38 -04:00
deploy-compose.yml	🔒 chore: Bump MongoDB from 8.0.17 to 8.0.20 in Docker Compose Files (#12399 )	2026-03-25 13:56:43 -04:00
docker-compose.override.yml.example	🐳 chore: Update image registry references in Docker/Helm configurations (#12026 )	2026-03-02 22:14:50 -05:00
docker-compose.yml	🔒 chore: Bump MongoDB from 8.0.17 to 8.0.20 in Docker Compose Files (#12399 )	2026-03-25 13:56:43 -04:00
Dockerfile	✨ v0.8.4 (#12339 )	2026-03-20 18:01:00 -04:00
Dockerfile.multi	✨ v0.8.4 (#12339 )	2026-03-20 18:01:00 -04:00
eslint.config.mjs	🛡️ refactor: Self-Healing Tenant Isolation Update Guard (#12506 )	2026-04-01 19:07:52 -04:00
librechat.example.yaml	✨ v0.8.3 (#12161 )	2026-03-09 15:19:57 -04:00
LICENSE	⚖️ docs: Update LICENSE.md Year: 2024 -> 2025 (#5915 )	2025-02-17 10:39:46 -05:00
package-lock.json	📦 chore: bump `axios` to exact v1.13.6, `@librechat/agents` to v3.1.63, `@aws-sdk/client-bedrock-runtime` to v3.1013.0 (#12488 )	2026-03-31 14:49:31 -04:00
package.json	✨ v0.8.4 (#12339 )	2026-03-20 18:01:00 -04:00
rag.yml	🐳 chore: Update image registry references in Docker/Helm configurations (#12026 )	2026-03-02 22:14:50 -05:00
README.md	📝 docs: update deployment link for Railway in README and README.zh.md (#12449 )	2026-03-28 20:10:36 -04:00
README.zh.md	📝 docs: update deployment link for Railway in README and README.zh.md (#12449 )	2026-03-28 20:10:36 -04:00
turbo.json	🏎️ feat: Smart Reinstall with Turborepo Caching for Better DX (#11785 )	2026-02-13 14:25:26 -05:00

README.md

LibreChat

English · 中文

✨ Features

🖥️ UI & Experience inspired by ChatGPT with enhanced design and features
🤖 AI Model Selection:
- Anthropic (Claude), AWS Bedrock, OpenAI, Azure OpenAI, Google, Vertex AI, OpenAI Responses API (incl. Azure)
- Custom Endpoints: Use any OpenAI-compatible API with LibreChat, no proxy required
- Compatible with Local & Remote AI Providers:
  - Ollama, groq, Cohere, Mistral AI, Apple MLX, koboldcpp, together.ai,
  - OpenRouter, Helicone, Perplexity, ShuttleAI, Deepseek, Qwen, and more
🔧 Code Interpreter API:
- Secure, Sandboxed Execution in Python, Node.js (JS/TS), Go, C/C++, Java, PHP, Rust, and Fortran
- Seamless File Handling: Upload, process, and download files directly
- No Privacy Concerns: Fully isolated and secure execution
🔦 Agents & Tools Integration:
- LibreChat Agents:
  - No-Code Custom Assistants: Build specialized, AI-driven helpers
  - Agent Marketplace: Discover and deploy community-built agents
  - Collaborative Sharing: Share agents with specific users and groups
  - Flexible & Extensible: Use MCP Servers, tools, file search, code execution, and more
  - Compatible with Custom Endpoints, OpenAI, Azure, Anthropic, AWS Bedrock, Google, Vertex AI, Responses API, and more
  - Model Context Protocol (MCP) Support for Tools
🔍 Web Search:
- Search the internet and retrieve relevant information to enhance your AI context
- Combines search providers, content scrapers, and result rerankers for optimal results
- Customizable Jina Reranking: Configure custom Jina API URLs for reranking services
- Learn More →
🪄 Generative UI with Code Artifacts:
- Code Artifacts allow creation of React, HTML, and Mermaid diagrams directly in chat
🎨 Image Generation & Editing
- Text-to-image and image-to-image with GPT-Image-1
- Text-to-image with DALL-E (3/2), Stable Diffusion, Flux, or any MCP server
- Produce stunning visuals from prompts or refine existing images with a single instruction
💾 Presets & Context Management:
- Create, Save, & Share Custom Presets
- Switch between AI Endpoints and Presets mid-chat
- Edit, Resubmit, and Continue Messages with Conversation branching
- Create and share prompts with specific users and groups
- Fork Messages & Conversations for Advanced Context control
💬 Multimodal & File Interactions:
- Upload and analyze images with Claude 3, GPT-4.5, GPT-4o, o1, Llama-Vision, and Gemini 📸
- Chat with Files using Custom Endpoints, OpenAI, Azure, Anthropic, AWS Bedrock, & Google 🗃️
🌎 Multilingual UI:
- English, 中文 (简体), 中文 (繁體), العربية, Deutsch, Español, Français, Italiano
- Polski, Português (PT), Português (BR), Русский, 日本語, Svenska, 한국어, Tiếng Việt
- Türkçe, Nederlands, עברית, Català, Čeština, Dansk, Eesti, فارسی
- Suomi, Magyar, Հայերեն, Bahasa Indonesia, ქართული, Latviešu, ไทย, ئۇيغۇرچە
🧠 Reasoning UI:
- Dynamic Reasoning UI for Chain-of-Thought/Reasoning AI models like DeepSeek-R1
🎨 Customizable Interface:
- Customizable Dropdown & Interface that adapts to both power users and newcomers
🌊 Resumable Streams:
- Never lose a response: AI responses automatically reconnect and resume if your connection drops
- Multi-Tab & Multi-Device Sync: Open the same chat in multiple tabs or pick up on another device
- Production-Ready: Works from single-server setups to horizontally scaled deployments with Redis
🗣️ Speech & Audio:
- Chat hands-free with Speech-to-Text and Text-to-Speech
- Automatically send and play Audio
- Supports OpenAI, Azure OpenAI, and Elevenlabs
📥 Import & Export Conversations:
- Import Conversations from LibreChat, ChatGPT, Chatbot UI
- Export conversations as screenshots, markdown, text, json
🔍 Search & Discovery:
- Search all messages/conversations
👥 Multi-User & Secure Access:
- Multi-User, Secure Authentication with OAuth2, LDAP, & Email Login Support
- Built-in Moderation, and Token spend tools
⚙️ Configuration & Deployment:
- Configure Proxy, Reverse Proxy, Docker, & many Deployment options
- Use completely local or deploy on the cloud
📖 Open-Source & Community:
- Completely Open-Source & Built in Public
- Community-driven development, support, and feedback

For a thorough review of our features, see our docs here 📚

🪶 All-In-One AI Conversations with LibreChat

LibreChat is a self-hosted AI chat platform that unifies all major AI providers in a single, privacy-focused interface.

Beyond chat, LibreChat provides AI Agents, Model Context Protocol (MCP) support, Artifacts, Code Interpreter, custom actions, conversation search, and enterprise-ready multi-user authentication.

Open source, actively developed, and built for anyone who values control over their AI infrastructure.

🌐 Resources

GitHub Repo:

RAG API: github.com/danny-avila/rag_api
Website: github.com/LibreChat-AI/librechat.ai

Other:

Website: librechat.ai
Documentation: librechat.ai/docs
Blog: librechat.ai/blog

📝 Changelog

Keep up with the latest updates by visiting the releases page and notes:

⚠️ Please consult the changelog for breaking changes before updating.

⭐ Star History

✨ Contributions

Contributions, suggestions, bug reports and fixes are welcome!

For new features, components, or extensions, please open an issue and discuss before sending a PR.

If you'd like to help translate LibreChat into your language, we'd love your contribution! Improving our translations not only makes LibreChat more accessible to users around the world but also enhances the overall user experience. Please check out our Translation Guide.

💖 This project exists in its current state thanks to all the people who contribute

🎉 Special Thanks

We thank Locize for their translation management tools that support multiple languages in LibreChat.