fix: per-user model list support with resolved headers#63
Open
fix: per-user model list support with resolved headers#63
Conversation
…anny-avila#11710) * fix: prevent truncated responses when Redis resumable streams are enabled Race condition in RedisEventTransport.subscribe() caused early events (seq 0+) to be lost. The Redis SUBSCRIBE command was fired as fire-and-forget, but GenerationJobManager immediately set hasSubscriber=true, disabling the earlyEventBuffer. Events published during the gap between subscribe() returning and the Redis subscription actually taking effect were neither buffered nor received — they were silently dropped by Pub/Sub. This manifested as "timeout waiting for seq 0, force-flushing N messages" warnings followed by truncated or missing response text in the UI. The fix: - IEventTransport.subscribe() now returns an optional `ready` promise that resolves once the transport can actually receive messages - RedisEventTransport returns the Redis SUBSCRIBE acknowledgment as the `ready` promise instead of firing it as fire-and-forget - GenerationJobManager.subscribe() awaits `ready` before setting hasSubscriber=true, keeping the earlyEventBuffer active during the subscription window so no events are lost - GenerationJobManager.emitChunk() early-returns after buffering when no subscriber is connected, avoiding wasteful Redis PUBLISHes that nobody would receive Adds 5 regression tests covering the race condition for both in-memory and Redis transports, verifying that events emitted before subscribe are buffered and replayed, that the ready promise contract is correct for both transport implementations, and that no events are lost across the subscribe boundary. * refactor: Update import paths in GenerationJobManager integration tests - Refactored import statements in the GenerationJobManager integration test file to use absolute paths instead of relative paths, improving code readability and maintainability. - Removed redundant imports and ensured consistent usage of the updated import structure across the test cases. * chore: Remove redundant await from GenerationJobManager initialization in tests - Updated multiple test cases to call GenerationJobManager.initialize() without awaiting, improving test performance and clarity. - Ensured consistent initialization across various scenarios in the CollectedUsage and AbortJob test suites. * refactor: Enhance GenerationJobManager integration tests and RedisEventTransport cleanup - Updated GenerationJobManager integration tests to utilize dynamic Redis clients and removed unnecessary awaits from initialization calls, improving test performance. - Refactored RedisEventTransport's destroy method to safely disconnect the subscriber, enhancing resource management and preventing potential errors during cleanup. * feat: Enhance GenerationJobManager and RedisEventTransport for improved event handling - Added a resetSequence method to IEventTransport and implemented it in RedisEventTransport to manage publish sequence counters effectively. - Updated GenerationJobManager to utilize the new resetSequence method, ensuring proper event handling during stream operations. - Introduced integration tests for GenerationJobManager to validate cross-replica event publishing and subscriber readiness in Redis, enhancing test coverage and reliability. * test: Add integration tests for GenerationJobManager sequence reset and error recovery with Redis - Introduced new tests to validate the behavior of GenerationJobManager during sequence resets, ensuring no stale events are received after a reset. - Added tests to confirm that the sequence is not reset when a second subscriber joins mid-stream, maintaining event integrity. - Implemented a test for resubscription after a Redis subscribe failure, verifying that events can still be received post-error. - Enhanced overall test coverage for Redis-related functionalities in GenerationJobManager. * fix: Update GenerationJobManager and RedisEventTransport for improved event synchronization - Replaced the resetSequence method with syncReorderBuffer in GenerationJobManager to enhance cross-replica event handling without resetting the publisher sequence. - Added a new syncReorderBuffer method in RedisEventTransport to advance the subscriber reorder buffer safely, ensuring no data loss during subscriber transitions. - Introduced a new integration test to validate that local subscribers joining do not cause data loss for cross-replica subscribers, enhancing the reliability of event delivery. - Updated existing tests to reflect changes in event handling logic, improving overall test coverage and robustness. * fix: Clear flushTimeout in RedisEventTransport to prevent potential memory leaks - Added logic to clear the flushTimeout in the reorderBuffer when resetting the sequence counters, ensuring proper resource management and preventing memory leaks during state transitions in RedisEventTransport.
`_new` is not a recognized keyword for the `target` attribute. While browsers treat it as a named window, `_blank` is the standard value for opening links in a new tab/window.
…11714) - Increased z-index values for the DialogPrimitive overlay and content in ImagePreview.tsx to ensure proper stacking order and visibility of modal elements. This change enhances the user experience by preventing modal content from being obscured by other UI elements.
…ix (danny-avila#11723) * 🔧 chore: Update @librechat/agents to version 3.1.39 in package.json and package-lock.json * 🔧 chore: Update axios to version 1.13.5 in package.json and package-lock.json across multiple packages
…anny-avila#11585) * style: update input IDs in BasicInfoSection for consistency and improve accessibility * style: add border-destructive variable for improved design consistency * style: update error border color for title input in BasicInfoSection * style: update delete confirmation dialog title and description for MCP Server * style: add text-destructive variable for improved design consistency * style: update error message and border color for URL and trust fields for consistency * style: reorder imports and update error message styling for consistency across sections * style: enhance MCPServerDialog with copy link functionality and UI improvements * style: enhance MCPServerDialog with improved accessibility and loading indicators * style: bump @librechat/client to 0.4.51 and enhance OGDialogTemplate for improved selection handling * a11y: enhance accessibility and error handling in MCPServerDialog sections * style: enhance MCPServerDialog accessibility and improve resource name handling * style: improve accessibility in MCPServerDialog and AuthSection, update translation for delete confirmation * style: update aria-invalid attributes to use string values for improved accessibility in form sections * style: enhance accessibility in AuthSection by updating aria attributes and adding error messages * style: remove unnecessary aria-hidden attributes from Spinner components in MCPServerDialog * style: simplify legacy selection check in OGDialogTemplate
…nny-avila#11722) * refactor: better SSRF Protection in Action and Tool Services - Added `createSSRFSafeAgents` function to create HTTP/HTTPS agents that block connections to private/reserved IP addresses, enhancing security against SSRF attacks. - Updated `createActionTool` to accept a `useSSRFProtection` parameter, allowing the use of SSRF-safe agents during tool execution. - Modified `processRequiredActions` and `loadAgentTools` to utilize the new SSRF protection feature based on allowed domains configuration. - Introduced `resolveHostnameSSRF` function to validate resolved IPs against private ranges, preventing potential SSRF vulnerabilities. - Enhanced tests for domain resolution and private IP detection to ensure robust SSRF protection mechanisms are in place. * feat: Implement SSRF protection in MCP connections - Added `createSSRFSafeUndiciConnect` function to provide SSRF-safe DNS lookup options for undici agents. - Updated `MCPConnection`, `MCPConnectionFactory`, and `ConnectionsRepository` to include `useSSRFProtection` parameter, enabling SSRF protection based on server configuration. - Enhanced `MCPManager` and `UserConnectionManager` to utilize SSRF protection when establishing connections. - Updated tests to validate the integration of SSRF protection across various components, ensuring robust security measures are in place. * refactor: WS MCPConnection with SSRF protection and async transport construction - Added `resolveHostnameSSRF` to validate WebSocket hostnames against private IP addresses, enhancing SSRF protection. - Updated `constructTransport` method to be asynchronous, ensuring proper handling of SSRF checks before establishing connections. - Improved error handling for WebSocket transport to prevent connections to potentially unsafe addresses. * test: Enhance ActionRequest tests for SSRF-safe agent passthrough - Added tests to verify that httpAgent and httpsAgent are correctly passed to axios.create when provided in ActionRequest. - Included scenarios to ensure agents are not included when no options are specified. - Enhanced coverage for POST requests to confirm agent passthrough functionality. - Improved overall test robustness for SSRF protection in ActionRequest execution.
…la#11557) small fix add tests reorder Update api/strategies/openidStrategy.spec.js Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Update api/strategies/openidStrategy.js Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> some fixes and fix fix more fixes fix
…danny-avila#11738) * 🔧 refactor: Introduce TOOL_CACHE for isolated caching of tools - Added TOOL_CACHE key to CacheKeys enum for managing tool-related cache. - Updated various services and controllers to utilize TOOL_CACHE instead of CONFIG_STORE for better separation of concerns in caching logic. - Enhanced .env.example with comments on using in-memory cache for blue/green deployments. * 🔧 refactor: Update cache configuration for in-memory storage handling - Enhanced the handling of `FORCED_IN_MEMORY_CACHE_NAMESPACES` in `cacheConfig.ts` to default to `CONFIG_STORE` and `APP_CONFIG`, ensuring safer blue/green deployments. - Updated `.env.example` with clearer comments regarding the usage of in-memory cache namespaces. - Improved unit tests to validate the new default behavior and handling of empty strings for cache namespaces.
* fix: theme picker selection * refactor: remove problematic Jotai use and replace with React state and localStorage implementation * chore: address comments from Copilot + LibreChat Agent assisted reviewers * chore: remove unnecessary edit * chore: remove space
…#11739) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
… Cache Cleanup (danny-avila#11756) * 🔧 fix: Update OAuth error message for clarity - Changed the default error message in the OAuth error route from 'Unknown error' to 'Unknown OAuth error' to provide clearer context during authentication failures. * 🔒 feat: Enhance OAuth flow with CSRF protection and session management - Implemented CSRF protection for OAuth flows by introducing `generateOAuthCsrfToken`, `setOAuthCsrfCookie`, and `validateOAuthCsrf` functions. - Added session management for OAuth with `setOAuthSession` and `validateOAuthSession` middleware. - Updated routes to bind CSRF tokens for MCP and action OAuth flows, ensuring secure authentication. - Enhanced tests to validate CSRF handling and session management in OAuth processes. * 🔧 refactor: Invalidate cached tools after user plugin disconnection - Added a call to `invalidateCachedTools` in the `updateUserPluginsController` to ensure that cached tools are refreshed when a user disconnects from an MCP server after a plugin authentication update. This change improves the accuracy of tool data for users. * chore: imports order * fix: domain separator regex usage in ToolService - Moved the declaration of `domainSeparatorRegex` to avoid redundancy in the `loadActionToolsForExecution` function, improving code clarity and performance. * chore: OAuth flow error handling and CSRF token generation - Enhanced the OAuth callback route to validate the flow ID format, ensuring proper error handling for invalid states. - Updated the CSRF token generation function to require a JWT secret, throwing an error if not provided, which improves security and clarity in token generation. - Adjusted tests to reflect changes in flow ID handling and ensure robust validation across various scenarios.
…lers (danny-avila#11757) * 🔧 refactor: Consolidate aggregateContent calls in agent handlers - Moved aggregateContent function calls to the beginning of the event handling functions in the agent callbacks to ensure consistent data aggregation before processing events. This change improves code clarity and maintains the intended functionality without redundancy. * 🔧 chore: Update @librechat/agents to version 3.1.40 in package.json and package-lock.json across multiple packages * 🔧 fix: Increase default recursion limit in AgentClient from 25 to 50 for improved processing capability
…h Sync (danny-avila#11745) * fix: document with undefined _meiliIndex not synced missing property _meiliIndex is not being synced into meilisearch * fix: updated comments to reflect changes to fix_meiliSearch property usage
…11760) * 🔧 feat: Update user key handling in keys route and add comprehensive tests - Enhanced the PUT /api/keys route to destructure request body for better clarity and maintainability. - Introduced a new test suite for keys route, covering key update, deletion, and retrieval functionalities, ensuring robust validation and IDOR prevention. - Added tests to verify handling of extraneous fields and missing optional parameters in requests. * 🔧 fix: Enhance conversation deletion route with parameter validation - Updated the DELETE /api/convos route to handle cases where the request body is empty or the 'arg' parameter is null/undefined, returning a 400 status with an appropriate error message for DoS prevention. - Added corresponding tests to ensure proper validation and error handling for these scenarios, enhancing the robustness of the API. * 🔧 fix: Improve request body validation in keys and convos routes - Updated the DELETE /api/convos and PUT /api/keys routes to validate the request body, returning a 400 status for null or invalid bodies to enhance security and prevent potential DoS attacks. - Added corresponding tests to ensure proper error handling for these scenarios, improving the robustness of the API.
* 🔧 fix: Optimize job update logic in RedisJobStore - Refactored the updateJob method to use a Lua script for atomic updates, ensuring that jobs are only updated if they exist in Redis. - Removed redundant existence check and streamlined the serialization process for better performance and clarity. * 🔧 test: Add race condition tests for RedisJobStore - Introduced tests to verify behavior of updateJob after deleteJob, ensuring no job hash is recreated post-deletion. - Added checks for orphan keys when concurrent deleteJob and updateJob operations occur, enhancing reliability in job management. * 🔧 test: Refactor Redis client readiness checks in violationCache tests - Introduced a new helper function `waitForRedisClients` to streamline the readiness checks for Redis clients in the violationCache integration tests. - Removed redundant Redis client readiness checks from individual test cases, improving code clarity and maintainability. * 🔧 fix: Update RedisJobStore to use hset instead of hmset - Replaced instances of `hmset` with `hset` in the RedisJobStore implementation to align with the latest Redis command updates. - Updated Lua script in the eval method to reflect the change, ensuring consistent job handling in both cluster and non-cluster modes.
…-avila#11741) * 🐳 feat: Expose enableServiceLinks in Helm Deployment templates (danny-avila#11740) Allow users to disable Kubernetes service link injection via enableServiceLinks in both LibreChat and RAG API Helm charts. This prevents pod startup failures caused by "argument list too long" errors in namespaces with many services. * Update helm/librechat/templates/deployment.yaml * Update helm/librechat-rag-api/templates/rag-deployment.yaml * set enableServiceLinks default to true --------- Co-authored-by: Ganesh Bhat <ganesh.bhat@fullscript.com>
…uthService (danny-avila#11782) * 🔒 fix: Secure Cookie Localhost Bypass and OpenID Token Selection in AuthService Two independent bugs in `api/server/services/AuthService.js` cause complete authentication failure when using `OPENID_REUSE_TOKENS=true` with Microsoft Entra ID (or Auth0) on `http://localhost` with `NODE_ENV=production`: Bug 1: `secure: isProduction` prevents auth cookies on localhost PR danny-avila#11518 introduced `shouldUseSecureCookie()` in `socialLogins.js` to handle the case where `NODE_ENV=production` but the server runs on `http://localhost`. However, `AuthService.js` was not updated — it still used `secure: isProduction` in 6 cookie locations across `setAuthTokens()` and `setOpenIDAuthTokens()`. The `token_provider` cookie being dropped is critical: without it, `requireJwtAuth` middleware defaults to the `jwt` strategy instead of `openidJwt`, causing all authenticated requests to return 401. Bug 2: `setOpenIDAuthTokens()` returns `access_token` instead of `id_token` The `openIdJwtStrategy` validates the Bearer token via JWKS. For Entra ID without `OPENID_AUDIENCE`, the `access_token` is a Microsoft Graph API token (opaque or signed for a different audience), which fails JWKS validation. The `id_token` is always a standard JWT signed by the IdP's JWKS keys with the app's `client_id` as audience — which is what the strategy expects. This is the same root cause as issue danny-avila#8796 (Auth0 encrypted access tokens). Changes: - Consolidate `shouldUseSecureCookie()` into `packages/api/src/oauth/csrf.ts` as a shared, typed utility exported from `@librechat/api`, replacing the duplicate definitions in `AuthService.js` and `socialLogins.js` - Move `isProduction` check inside the function body so it is evaluated at call time rather than module load time - Fix `packages/api/src/oauth/csrf.ts` which also used bare `secure: isProduction` for CSRF and session cookies (same localhost bug) - Return `tokenset.id_token || tokenset.access_token` from `setOpenIDAuthTokens()` so JWKS validation works with standard OIDC providers; falls back to `access_token` for backward compatibility - Add 15 tests for `shouldUseSecureCookie()` covering production/dev modes, localhost variants, edge cases, and a documented IPv6 bracket limitation - Add 13 tests for `setOpenIDAuthTokens()` covering token selection, session storage, cookie secure flag delegation, and edge cases Refs: danny-avila#8796, danny-avila#11518, danny-avila#11236, danny-avila#9931 * chore: Adjust Import Order and Type Definitions in AgentPanel Component - Reordered imports in `AgentPanel.tsx` for better organization and clarity. - Updated type imports to ensure proper usage of `FieldNamesMarkedBoolean` and `TranslationKeys`. - Removed redundant imports to streamline the codebase.
…vila#11680) Fixed an issue where memory agents would fail with 'Provider Ollama not supported' error when using Ollama as a custom endpoint. The getCustomEndpointConfig function was only normalizing the endpoint config name but not the endpoint parameter during comparison. Changes: - Modified getCustomEndpointConfig to normalize both sides of the endpoint comparison - Added comprehensive test coverage for getCustomEndpointConfig including: - Test for case-insensitive Ollama endpoint matching (main fix) - Tests for various edge cases and error handling This ensures that endpoint name matching works correctly for Ollama regardless of case sensitivity in the configuration.
…d Auth (danny-avila#11711) * fix(openid): distinguish ID tokens from access tokens in federated auth Fix OpenID Connect token handling to properly distinguish ID tokens from access tokens. ID tokens and access tokens are now stored and propagated separately, preventing token placeholders from resolving to identical values. - AuthService.js: Added idToken field to session storage - openIdJwtStrategy.js: Updated to read idToken from session - openidStrategy.js: Explicitly included id_token in federatedTokens - Test suites: Added comprehensive test coverage for token distinction Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(openid): add separate openid_id_token cookie for ID token storage Store the OIDC ID token in its own cookie rather than relying solely on the access token, ensuring correct token type is used for identity verification vs API authorization. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * test(openid): add JWT strategy cookie fallback tests Cover the token source resolution logic in openIdJwtStrategy: session-only, cookie-only, partial session fallback, raw Bearer fallback, and distinct id_token/access_token from cookies. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
danny-avila#11783) - Introduced new model entries for 'moonshotai.kimi' and 'moonshotai.kimi-k2.5' in tokens.ts. - Updated parameterSettings.ts to include configurations for MoonshotAI and ZAI providers. - Enhanced schemas.ts by adding MoonshotAI and ZAI to the BedrockProviders enum for better integration.
…ity (danny-avila#11784) * fix: Convert `const` to `enum` in MCP tool schemas for Gemini/Vertex AI compatibility Gemini/Vertex AI rejects the JSON Schema `const` keyword in function declarations with a 400 error. Previously, the Zod conversion layer accidentally stripped `const`, but after migrating to pass raw JSON schemas directly to providers, the unsupported keyword now reaches Gemini verbatim. Add `normalizeJsonSchema` to recursively convert `const: X` → `enum: [X]`, which is semantically equivalent per the JSON Schema spec and supported by all providers. * fix: Update secure cookie handling in AuthService to use dynamic secure flag Replaced the static `secure: isProduction` with a call to `shouldUseSecureCookie()` in the `setOpenIDAuthTokens` function. This change ensures that the secure cookie setting is evaluated at runtime, improving cookie handling in development environments while maintaining security in production. * refactor: Simplify MCP tool key formatting and remove unused mocks in tests - Updated MCP test suite to replace static tool key formatting with a dynamic delimiter from Constants, enhancing consistency and maintainability. - Removed unused mock implementations for `@langchain/core/tools` and `@librechat/agents`, streamlining the test setup. - Adjusted related test cases to reflect the new tool key format, ensuring all tests remain functional. * chore: import order
…avila#11785) * chore: Add Turborepo support and smart reinstall script - Updated .gitignore to include Turborepo cache directory. - Added Turbo as a dependency in package.json and package-lock.json. - Introduced turbo.json configuration for build tasks. - Created smart-reinstall.js script to optimize dependency installation and package builds using Turborepo caching. * fix: Address PR review feedback for smart reinstall - Fix Windows compatibility in hasTurbo() by checking for .cmd/.ps1 shims - Remove Unix-specific shell syntax (> /dev/null 2>&1) from cache clearing - Split try/catch blocks so daemon stop failure doesn't block cache clear - Add actionable tips in error output pointing to --force and --verbose
…a#11786) * 🔧 refactor: Implement tab-isolated storage for favorites and MCP selections - Replaced `createStorageAtom` with `createTabIsolatedAtom` in favorites store to prevent cross-tab synchronization of favorites. - Introduced `createTabIsolatedStorage` and `createTabIsolatedAtom` in `jotai-utils` to facilitate tab-specific state management. - Updated MCP values atom family to utilize tab-isolated storage, ensuring independent MCP server selections across tabs. * 🔧 fix: Update MCP selection logic to ensure active MCPs are only set when configured servers are available - Modified the condition in `useMCPSelect` to check for both available MCPs and configured servers before setting MCP values. This change prevents potential issues when no servers are configured, enhancing the reliability of MCP selections.
- Introduced a new `EndpointMenuContent` component to lazily render endpoint submenu content, improving performance by deferring expensive model-list rendering until the submenu is mounted. - Refactored `EndpointItem` to utilize the new component, simplifying the code and enhancing readability. - Removed redundant filtering logic and model specifications handling from `EndpointItem`, centralizing it within `EndpointMenuContent` for better maintainability.
danny-avila#11788) * 🔧 refactor: Simplify payload parsing and enhance getSaveOptions logic - Removed unused bedrockInputSchema from payloadParser, streamlining the function. - Updated payloadParser to handle optional chaining for model parameters. - Enhanced getSaveOptions to ensure runOptions defaults to an empty object if parsing fails, improving robustness. - Adjusted the assignment of maxContextTokens to use the instance variable for consistency. * 🔧 fix: Update maxContextTokens assignment logic in initializeAgent function - Enhanced the maxContextTokens assignment to allow for user-defined values, ensuring it defaults to a calculated value only when not provided or invalid. This change improves flexibility in agent initialization. * 🧪 test: Add unit tests for initializeAgent function - Introduced comprehensive unit tests for the initializeAgent function, focusing on maxContextTokens behavior. - Tests cover scenarios for user-defined values, fallback calculations, and edge cases such as zero and negative values, enhancing overall test coverage and reliability of agent initialization logic. * refactor: default params Endpoint Configuration Handling - Integrated `getEndpointsConfig` to fetch endpoint configurations, allowing for dynamic handling of `defaultParamsEndpoint`. - Updated `buildEndpointOption` to pass `defaultParamsEndpoint` to `parseCompactConvo`, ensuring correct parameter handling based on endpoint type. - Added comprehensive unit tests for `buildDefaultConvo` and `cleanupPreset` to validate behavior with `defaultParamsEndpoint`, covering various scenarios and edge cases. - Refactored related hooks and utility functions to support the new configuration structure, improving overall flexibility and maintainability. * refactor: Centralize defaultParamsEndpoint retrieval - Introduced `getDefaultParamsEndpoint` function to streamline the retrieval of `defaultParamsEndpoint` across various hooks and middleware. - Updated multiple files to utilize the new function, enhancing code consistency and maintainability. - Removed redundant logic for fetching `defaultParamsEndpoint`, simplifying the codebase.
…la#11789) Extract 7 standalone utilities from api/server/controllers/agents/client.js into packages/api/src/agents/client.ts for TypeScript support and to declutter the 1400-line controller module: - omitTitleOptions: Set of keys to exclude from title generation options - payloadParser: Extracts model_parameters from request body for non-agent endpoints - createTokenCounter: Factory for langchain-compatible token counting functions - logToolError: Callback handler for agent tool execution errors - findPrimaryAgentId: Resolves primary agent from suffixed parallel agent IDs - createMultiAgentMapper: Message content processor that filters parallel agent output to primary agents and applies agent labels for handoff/multi-agent flows Supporting changes: - Add endpointOption and endpointType to RequestBody type (packages/api/src/types/http.ts) so payloadParser can access middleware-attached fields without type casts - Add @typescript-eslint/no-unused-vars with underscore ignore patterns to the packages/api eslint config block, matching the convention used by client/ and data-provider/ blocks - Update agent controller imports to consume the moved functions from @librechat/api and remove now-unused direct imports (logAxiosError, labelContentByAgent, getTokenCountForMessage)
…nny-avila#11791) - Updated the rendering logic in the Part component to handle whitespace-only text more effectively. - Introduced a placeholder for whitespace-only last parts during streaming to enhance user experience. - Ensured non-last whitespace-only parts are skipped to avoid rendering empty containers, improving layout stability.
…#11813) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…ext (danny-avila#11816) * 🔧 refactor: Simplify Event Handling with Consumer Callbacks only Removed direct handling of tool calls from the ModelEndHandler and using ChatModelStreamHandler outside of graph contexts, as are now managed within the graph execution context to maintain it as a producer of events, and the model end handler as a consumer. This change eliminates potential race conditions and streamlines the processing of model end events. /** * handleToolCalls is now called from within the graph execution context * (Graph.createCallModel, after attemptInvoke) rather than here in the * stream consumer. This eliminates the race condition where ToolNode * could read toolCallStepIds before this handler had populated it, * since the stream consumer and graph execution run concurrently. */ * 📦 chore: Update `@librechat/agents` to v3.1.50
* 🤖 feat: Claude Sonnet 4.6 support - Updated .env.example to include claude-sonnet-4-6 in the list of available models. - Enhanced token value assignments in api/models/tx.js and packages/api/src/utils/tokens.ts to accommodate claude-sonnet-4-6. - Added tests in packages/data-provider/specs/bedrock.spec.ts to verify support for claude-sonnet-4-6 in adaptive thinking and context-1m functionalities. - Modified bedrock.ts to correctly parse and identify the version of claude-sonnet-4-6 for adaptive thinking checks. - Included claude-sonnet-4-6 in sharedAnthropicModels and bedrockModels for consistent model availability. * chore: additional Claude Sonnet 4.6 tests - Added unit tests for Claude Sonnet 4.6 in `tokens.spec.js` to verify context length and max output tokens. - Updated `helpers.ts` documentation to reflect adaptive thinking support for Sonnet 4.6. - Enhanced `llm.spec.ts` with tests for context headers and adaptive thinking configurations for Claude Sonnet 4.6. - Improved `bedrock.spec.ts` to ensure correct parsing and handling of Claude Sonnet 4.6 model variations with adaptive thinking.
…#11831) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* 📦 chore: Update axios and form-data dependencies in react-query/package.json and lockfile - Upgraded axios from version 1.12.1 to 1.13.5. - Updated form-data from version 4.0.4 to 4.0.5. - Adjusted follow-redirects dependency version in package-lock.json. * 📦 chore: Update mermaid and chevrotain dependencies in package.json and package-lock.json - Upgraded mermaid from version 11.12.2 to 11.12.3. - Updated chevrotain and its related packages to version 11.1.1. - Adjusted lodash-es version to 4.17.23 and langium dependency in @mermaid-js/parser to ^4.0.0. * 📦 chore: Update langsmith dependency to version 0.4.12 in package.json and package-lock.json
…efault to available (danny-avila#11839) * feat: Implement reconnection staggering and backoff jitter for MCP connections - Enhanced the reconnection logic in OAuthReconnectionManager to stagger reconnection attempts for multiple servers, reducing the risk of connection storms. - Introduced a backoff delay with random jitter in MCPConnection to improve reconnection behavior during network issues. - Updated the ConnectionsRepository to handle multiple server connections concurrently with a defined concurrency limit. Added tests to ensure the new reconnection strategy works as intended. * refactor: Update MCP server query configuration for improved data freshness - Reduced stale time from 5 minutes to 30 seconds to ensure quicker updates on server initialization. - Enabled refetching on window focus and mount to enhance data accuracy during user interactions. * ♻️ refactor: On-demand MCP connections; remove proactive reconnection, default to available - Remove reconnectServers() from refresh controller (connection storm root cause) - Stop gating server selection on connection status; add to selection immediately - Render agent panel tools from DB cache, not live connection status - Proceed to cached tools on init failure (only gate on OAuth) - Remove unused batchToggleServers() - Reduce useMCPServersQuery staleTime from 5min to 30s, enable refetchOnMount/WindowFocus * refactor: Optimize MCP tool initialization and server connection logic - Adjusted tool initialization to only occur if no cached tools are available, improving efficiency. - Updated comments for clarity on server connection and tool fetching processes. - Removed unnecessary connection status checks during server selection to streamline the user experience.
…on (danny-avila#11835) * 🐛 fix: Normalize `output_text` blocks in Responses API input conversion Treat `output_text` content blocks the same as `input_text` when converting Responses API input to internal message format. Previously, assistant messages containing `output_text` blocks fell through to the default handler, producing `{ type: 'output_text' }` without a `text` field, which caused downstream provider adapters (e.g. Bedrock) to fail with "Unsupported content block type: output_text". Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: Remove ChatModelStreamHandler from OpenAI and Responses controllers Eliminated the ChatModelStreamHandler from both OpenAIChatCompletionController and createResponse functions to streamline event handling. This change simplifies the code by relying on existing handlers for message deltas and reasoning deltas, enhancing maintainability and reducing complexity in the agent's event processing logic. * feat: Enhance input conversion in Responses API Updated the `convertInputToMessages` function to handle additional content types, including `input_file` and `refusal` blocks, ensuring they are converted to appropriate message formats. Implemented null filtering for content arrays and default values for missing fields, improving robustness. Added comprehensive unit tests to validate these changes and ensure correct behavior across various input scenarios. * fix: Forward upstream provider status codes in error responses Updated error handling in OpenAIChatCompletionController and createResponse functions to forward upstream provider status codes (e.g., Anthropic 400s) instead of masking them as 500. This change improves error reporting by providing more accurate status codes and error types, enhancing the clarity of error responses for clients. --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…yments (danny-avila#11840) * fix: Redis scalability improvements for high-throughput deployments Replace INCR+check+DECR race in concurrency middleware with atomic Lua scripts. The old approach allowed 3-4 concurrent requests through a limit of 2 at 300 req/s because another request could slip between the INCR returning and the DECR executing. The Lua scripts run atomically on the Redis server, eliminating the race window entirely. Add exponential backoff with jitter to all three Redis retry strategies (ioredis single-node, cluster, keyv). Previously all instances retried at the same millisecond after an outage, causing a connection storm. Batch the RedisJobStore cleanup loop into parallel chunks of 50. With 1000 stale jobs, this reduces cleanup from ~20s of sequential calls to ~2s. Also pipeline appendChunk (xadd + expire) into a single round-trip and refresh TTL on every chunk instead of only the first, preventing TTL expiry during long-running streams. Propagate publish errors in RedisEventTransport.emitDone and emitError so callers can detect dropped completion/error events. emitChunk is left as swallow-and-log because its callers fire-and-forget without await. Add jest.config.js for the API package with babel TypeScript support and path alias resolution. Fix existing stream integration tests that were silently broken due to missing USE_REDIS_CLUSTER=false env var. * chore: Migrate Jest configuration from jest.config.js to jest.config.mjs Removed the old jest.config.js file and integrated the Jest configuration into jest.config.mjs, adding Babel TypeScript support and path alias resolution. This change streamlines the configuration for the API package. * fix: Ensure Redis retry delays do not exceed maximum configured delay Updated the delay calculation in Redis retry strategies to enforce a maximum delay defined in the configuration. This change prevents excessive delays during reconnection attempts, improving overall connection stability and performance. * fix: Update RedisJobStore cleanup to handle job failures gracefully Changed the cleanup process in RedisJobStore to use Promise.allSettled instead of Promise.all, allowing for individual job failures to be logged without interrupting the entire cleanup operation. This enhances error handling and provides better visibility into issues during job cleanup.
…fer Desync (danny-avila#11842) When all subscribers left a stream, both RedisEventTransport and InMemoryEventTransport deleted the entire stream state, destroying the allSubscribersLeftCallbacks and abortCallbacks registered by GenerationJobManager.createJob(). On the next subscribe/unsubscribe cycle, the callback that resets hasSubscriber was gone, causing syncReorderBuffer to be skipped on subsequent reconnects. This led to the reorder buffer expecting seq 0 while the publisher was at seq 300+, triggering a 500ms force-flush timeout and "skipping N missing messages" warnings. Fix: preserve stream state (callbacks, abort handlers) when the last subscriber leaves instead of deleting it. State is fully cleaned up by cleanup() when the job completes, aborts, or is collected by periodic orphan cleanup.
… fetching
The models config was cached globally (MODELS_CONFIG key) which meant all
users saw the same model list regardless of their role or permissions.
This is incorrect when the upstream provider (e.g. LiteLLM) returns
different models per user based on JWT/OIDC tokens forwarded via custom
headers.
Changes:
- Remove MODELS_CONFIG cache from ModelController so models are fetched
fresh on each request, supporting per-user model lists
- Resolve custom headers through resolveHeaders() before merging into
the request options in fetchModels(), enabling template placeholders
like {{LIBRECHAT_OPENID_ID_TOKEN}} to be expanded per-user
- Merge resolved custom headers after default auth headers so config
headers (e.g. authorization) take precedence over the default Bearer
token
- Update tests to verify header resolution and override behavior
* fix: route to new conversation when conversation not found * Addressed PR feedback * fix: Robust 404 conversation redirect handling - Extract `isNotFoundError` utility to `utils/errors.ts` so axios stays contained in one place rather than leaking into route/query layers - Add `initialConvoQuery.isError` to the useEffect dependency array so the redirect actually fires when the 404 response arrives after other deps have already settled (was the root cause of the blank screen) - Show a warning toast so users understand why they were redirected - Add `com_ui_conversation_not_found` i18n key * fix: Enhance error handling in getResponseStatus function - Update the getResponseStatus function to ensure it correctly returns the status from error objects only if the status is a number. This improves robustness in error handling by preventing potential type issues. * fix: Improve conversation not found handling in ChatRoute - Enhance error handling when a conversation is not found by checking additional conditions before showing a warning toast. - Update the newConversation function to include model data and preset options, improving user experience during error scenarios. * fix: Log error details for conversation not found in ChatRoute - Added logging for the initial conversation query error when a conversation is not found, improving debugging capabilities and error tracking in the ChatRoute component. --------- Co-authored-by: Dan Lew <daniel@mightyacorn.com>
…LOBAL Fields (danny-avila#11854) * chore: Migrate legacy SHARED_GLOBAL permissions to SHARE and clean up orphaned fields - Implemented migration logic to convert legacy SHARED_GLOBAL permissions to SHARE for PROMPTS and AGENTS, preserving user intent. - Added cleanup process to remove orphaned SHARED_GLOBAL fields from the database after the schema change. - Enhanced unit tests to verify migration and cleanup functionality, ensuring correct behavior for existing roles and permissions. * fix: Enhance migration of SHARED_GLOBAL to SHARE permissions - Updated the `updateAccessPermissions` function to ensure that SHARED_GLOBAL values are inherited into SHARE when SHARE is absent from both the database and the update payload. - Implemented logic to prevent overwriting explicit SHARE values provided in the update, preserving user intent. - Enhanced unit tests to cover various scenarios, including migration from SHARED_GLOBAL to SHARE and ensuring orphaned SHARED_GLOBAL fields are cleaned up appropriately.
* 🔧 chore: Update configuration version to 1.3.4 in librechat.example.yaml and data-provider config.ts - Bumped the configuration version in both librechat.example.yaml and data-provider/src/config.ts to 1.3.4. - Added new options for creating prompts and agents in the interface section of the YAML configuration. - Updated capabilities list in the endpoints section to include 'deferred_tools'. * 🔧 chore: Bump version to 0.8.3-rc1 across multiple packages and update related configurations - Updated version to 0.8.3-rc1 in bun.lock, package.json, and various package.json files for frontend, backend, and data provider. - Adjusted Dockerfile and Dockerfile.multi to reflect the new version. - Incremented version for @librechat/api from 1.7.22 to 1.7.23 and for @librechat/client from 0.4.51 to 0.4.52. - Updated appVersion in helm Chart.yaml to 0.8.3-rc1. - Enhanced test configuration to align with the new version. * 🔧 chore: Update version to 0.8.300 across multiple packages - Bumped version to 0.8.300 in bun.lock, package-lock.json, and package.json for the data provider. - Ensured consistency in versioning across the frontend, backend, and data provider packages. * 🔧 chore: Bump package versions in bun.lock - Updated version for @librechat/api from 1.7.22 to 1.7.23. - Incremented version for @librechat/client from 0.4.51 to 0.4.52. - Bumped version for @librechat/data-schemas from 0.0.35 to 0.0.36.
|
Important Review skippedToo many files! This PR contains 228 files, which is 78 over the limit of 150. You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Tip Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…ny-avila#11866) * 📝 docs: Add AGENTS.md for project structure and coding standards - Introduced AGENTS.md to outline project workspaces, coding standards, and development commands. - Defined workspace boundaries for backend and frontend development, emphasizing TypeScript usage. - Established guidelines for code style, iteration performance, type safety, and import order. - Updated CONTRIBUTING.md to reference AGENTS.md for coding standards and project conventions. - Modified package.json to streamline build commands, consolidating frontend and backend build processes. * chore: Update build commands and improve smart reinstall process - Modified AGENTS.md to clarify the purpose of `npm run smart-reinstall` and other build commands, emphasizing Turborepo's role in dependency management and builds. - Updated package.json to streamline build commands, replacing the legacy frontend build with a Turborepo-based approach for improved performance. - Enhanced the smart reinstall script to fully delegate build processes to Turborepo, including cache management and dependency checks, ensuring a more efficient build workflow.
- Bumped MeiliSearch image version from v1.12.3 to v1.35.1 in both deploy-compose.yml and docker-compose.yml - Updated volume paths to reflect the new version for data storage consistency.
- Added support for the new Gemini 3.1 models, including 'gemini-3.1-pro-preview' and 'gemini-3.1-pro-preview-customtools'. - Updated pricing logic to apply standard and premium rates based on token usage thresholds for the new models. - Enhanced tests to validate pricing behavior for both standard and premium scenarios. - Modified configuration files to include Gemini 3.1 models in the default model lists and token value mappings. - Updated environment example file to reflect the new model options.
* ✨ feat: Enhance S3 URL handling and add comprehensive tests for CRUD operations * 🔒 fix: Improve S3 URL key extraction with enhanced logging and additional test cases * chore: removed some duplicate testcases and fixed incorrect apostrophes * fix: Log error for malformed URLs * test: Add additional test case for extracting keys from S3 URLs * fix: Enhance S3 URL key extraction logic and improve error handling with additional test cases * test: Add test case for stripping bucket from custom endpoint URLs with forcePathStyle enabled * refactor: Update S3 path style handling and enhance environment configuration for S3-compatible services * refactor: Remove S3_FORCE_PATH_STYLE dependency and streamline S3 URL key extraction logic --------- Co-authored-by: Danny Avila <danny@librechat.ai>
…#11887) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…OBO assertion (danny-avila#11893) - Removed the extraction of access token from the Authorization header. - Implemented logic to use the federated access token from the user object. - Added error handling for missing federated access token. - Updated related documentation in GraphTokenService to reflect changes in access token usage. - Introduced unit tests for various scenarios in AuthController.spec.js to ensure proper functionality.
…avila#11892) * fix: handle space/comma-separated string roles claim in OpenID strategy When an OpenID provider returns the roles claim as a delimited string (e.g. "role1 role2 admin"), the previous code wrapped the entire string as a single array element, causing role checks to always fail even for users with the required role. Split string claims on whitespace and commas before comparison so that both array and delimited-string formats are handled correctly. Adds regression tests for space-separated, comma-separated, mixed, and non-matching delimited string cases. * fix: enhance admin role handling in OpenID strategy Updated the OpenID strategy to correctly handle admin roles specified as space-separated or comma-separated strings. The logic now splits these strings into an array for accurate role checks. Added tests to verify that admin roles are granted or denied based on the presence of the specified admin role in the delimited string format.
…anny-avila#11894) * 🪣 fix: S3 path-style URL support for MinIO, R2, and custom endpoints `extractKeyFromS3Url` now uses `AWS_BUCKET_NAME` to automatically detect and strip the bucket prefix from path-style URLs, fixing `NoSuchKey` errors on URL refresh for any S3-compatible provider using a custom endpoint (MinIO, Cloudflare R2, Hetzner, Backblaze B2, etc.). No additional configuration required — the bucket name is already a required env var for S3 to function. `initializeS3` now passes `forcePathStyle: true` to the S3Client constructor when `AWS_FORCE_PATH_STYLE=true` is set. Required for providers whose SSL certificates do not support virtual-hosted-style bucket subdomains (e.g. Hetzner Object Storage), which previously caused 401 / SignatureDoesNotMatch on upload. Additional fixes: - Suppress error log noise in `extractKeyFromS3Url` catch path: plain S3 keys no longer log as errors, only inputs that start with http(s):// do - Fix test env var ordering so module-level constants pick up `AWS_BUCKET_NAME` and `S3_URL_EXPIRY_SECONDS` correctly before the module is required - Add missing `deleteRagFile` mock and assertion in `deleteFileFromS3` tests - Add `AWS_BUCKET_NAME` cleanup to `afterEach` to prevent cross-test pollution - Add `initializeS3` unit tests covering endpoint, forcePathStyle, credentials, singleton, and IRSA code paths - Document `AWS_FORCE_PATH_STYLE` in `.env.example`, `dotenv.mdx`, and `s3.mdx` * 🪣 fix: Enhance S3 URL key extraction for custom endpoints Updated `extractKeyFromS3Url` to support precise key extraction when using custom endpoints with path-style URLs. The logic now accounts for the `AWS_ENDPOINT_URL` and `AWS_FORCE_PATH_STYLE` environment variables, ensuring correct key handling for various S3-compatible providers. Added unit tests to verify the new functionality, including scenarios for endpoints with base paths. This improves compatibility and reduces potential errors when interacting with S3-like services.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When using an upstream model provider like LiteLLM with JWT/OIDC-based authentication, different users may have access to different models based on their role and permissions. The previous implementation cached the models config globally (
MODELS_CONFIGkey), causing all users to see the same model list regardless of their identity or authorization level.This PR fixes two issues:
Removes global model config caching in
ModelController.js— models are now fetched fresh on each request, ensuring per-user model lists are correctly returned. This applies to both master-key and user-token scenarios, but is especially important when tokens vary per user.Resolves custom headers through
resolveHeaders()infetchModels()— template placeholders like{{LIBRECHAT_OPENID_ID_TOKEN}}in config headers are now properly expanded per-user before the model fetch request. Custom headers are merged after default auth headers, so config-levelauthorizationheaders (e.g. forwarding an OIDC token) take precedence over the defaultBearer <apiKey>.Example config that now works correctly:
Change Type
Testing
models.spec.tsto verify:resolveHeaders()before being sentauthorizationheader overrides the default Bearer tokenModelController.jsno longer referencesCacheKeysorgetLogStoresTest Configuration:
headers.authorization: "Bearer {{LIBRECHAT_OPENID_ID_TOKEN}}"Checklist