From e5518fc6261118023d4b41a913333910f86103e2 Mon Sep 17 00:00:00 2001
From: Gabriel Rosendo <gmarcelino@paychex.com>
Date: Wed, 4 Mar 2026 17:19:39 -0500
Subject: [PATCH 1/2] feat: restrict access to "LangGraph Agents" provider

---
 .../accessResources/canAccessAgentFromBody.js       | 13 +++++++++++++
 librechat.n1.yml                                    |  3 +++
 librechat.n2a.yml                                   |  3 +++
 librechat.prod.yml                                  |  3 +++
 4 files changed, 22 insertions(+)

diff --git a/api/server/middleware/accessResources/canAccessAgentFromBody.js b/api/server/middleware/accessResources/canAccessAgentFromBody.js
index e2b20d4886d9..be1f37d6f3f5 100644
--- a/api/server/middleware/accessResources/canAccessAgentFromBody.js
+++ b/api/server/middleware/accessResources/canAccessAgentFromBody.js
@@ -50,7 +50,20 @@ const canAccessAgentFromBody = (options) => {
       const { endpoint, agent_id } = req.body;
       let agentId = agent_id;
 
+      // Check if endpoint is in allowedProviders (provider-only endpoints)
+      // These endpoints can only be used through created agents, not via ephemeral access
+      const allowedProviders = req.config?.endpoints?.agents?.allowedProviders || [];
+      const isProviderOnly = allowedProviders.includes(endpoint);
+
       if (!isAgentsEndpoint(endpoint)) {
+        // If this is a provider-only endpoint, completely block direct access
+        // These must go through the agents endpoint, not as standalone requests
+        if (isProviderOnly) {
+          return res.status(403).json({
+            error: 'Forbidden',
+            message: 'This endpoint can only be accessed through created agents with proper permissions',
+          });
+        }
         agentId = Constants.EPHEMERAL_AGENT_ID;
       }
 
diff --git a/librechat.n1.yml b/librechat.n1.yml
index d49ef2beb24b..ab9759803081 100644
--- a/librechat.n1.yml
+++ b/librechat.n1.yml
@@ -73,6 +73,9 @@ mcpServers:
     chatMenu: false
     requiresOAuth: false
 endpoints:
+  agents:
+    allowedProviders:
+      - "LangGraph Agents"
   azureOpenAI:
     # Endpoint-level configuration
     titleModel: "gpt-4o"
diff --git a/librechat.n2a.yml b/librechat.n2a.yml
index 934c606b5f32..13c6bc82ec59 100644
--- a/librechat.n2a.yml
+++ b/librechat.n2a.yml
@@ -74,6 +74,9 @@ mcpServers:
     chatMenu: false
     requiresOAuth: false
 endpoints:
+  agents:
+    allowedProviders:
+      - "LangGraph Agents"
   azureOpenAI:
     # Endpoint-level configuration
     titleModel: "gpt-4o"
diff --git a/librechat.prod.yml b/librechat.prod.yml
index c587d93e1e9a..81ed44225651 100644
--- a/librechat.prod.yml
+++ b/librechat.prod.yml
@@ -72,6 +72,9 @@ mcpServers:
     chatMenu: false
     requiresOAuth: false
 endpoints:
+  agents:
+    allowedProviders:
+      - "LangGraph Agents"
   azureOpenAI:
     # Endpoint-level configuration
     titleModel: "gpt-4o"

From 10a7f8c63427299c6070384c202aa33934df667b Mon Sep 17 00:00:00 2001
From: Gabriel Rosendo <gmarcelino@paychex.com>
Date: Wed, 4 Mar 2026 17:28:13 -0500
Subject: [PATCH 2/2] fix lint

---
 .../middleware/accessResources/canAccessAgentFromBody.js       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/server/middleware/accessResources/canAccessAgentFromBody.js b/api/server/middleware/accessResources/canAccessAgentFromBody.js
index be1f37d6f3f5..5b2d1db2c063 100644
--- a/api/server/middleware/accessResources/canAccessAgentFromBody.js
+++ b/api/server/middleware/accessResources/canAccessAgentFromBody.js
@@ -61,7 +61,8 @@ const canAccessAgentFromBody = (options) => {
         if (isProviderOnly) {
           return res.status(403).json({
             error: 'Forbidden',
-            message: 'This endpoint can only be accessed through created agents with proper permissions',
+            message:
+              'This endpoint can only be accessed through created agents with proper permissions',
           });
         }
         agentId = Constants.EPHEMERAL_AGENT_ID;