chore: import upstream LibreChat v0.8.3 into develop#125
Draft
paychex-inder wants to merge 432 commits intodevelopfrom
Draft
chore: import upstream LibreChat v0.8.3 into develop#125paychex-inder wants to merge 432 commits intodevelopfrom
paychex-inder wants to merge 432 commits intodevelopfrom
Conversation
…-avila#11339) Co-authored-by: Artyom Bogachenco <a.bogachenko@easyreport.ai>
* 🗑️ refactor: Remove YouTube API integration and related configurations as it's broken and should be integrated via MCP instead. Currently there seems not to be a single MCP out there with working get_transcript methods for months. API seems to have changed and there are no maintainers on these projects. We will work out something soon an MCP solution - Deleted YouTube API key and related configurations from .env.example. - Removed YouTube tools and their references from the API client, including the manifest and structured files. - Updated package.json to remove YouTube-related dependencies. - Cleaned up toolkit exports by removing YouTube toolkit references. * chore: revert package removal to properly remove packages * 🗑️ refactor: Remove YouTube API and related dependencies due to integration issues --------- Co-authored-by: Danny Avila <danny@librechat.ai>
…avila#11329) * 🔧 refactor: use approximate number of documents to improve performance * 🔧 refactor: unittests for approximate document count in meilisearch sync * refactor: limits persentage based on approximate total count & one more test case
…avila#11323) * Refresh all S3 avatars for this user's accessible agent set, not the first page * Cleaner debug messages * Log errors as errors * refactor: avatar refresh logic to process agents in batches and improve error handling. Introduced new utility functions for refreshing S3 avatars and updating agent records. Updated tests to cover various scenarios including cache hits, user ownership checks, and error handling. Added constants for maximum refresh limits. * refactor: update avatar refresh logic to allow users with VIEW access to refresh avatars for all accessible agents. Removed checks for agent ownership and author presence, and updated related tests to reflect new behavior. * chore: Remove YouTube toolkit due to danny-avila#11331 --------- Co-authored-by: Danny Avila <danny@librechat.ai>
- Upgraded several dependencies including browserify-sign (4.2.3 to 4.2.5), hono (4.11.3 to 4.11.4), parse-asn1 (5.1.7 to 5.1.9), pbkdf2 (3.1.3 to 3.1.5), and ripemd160 (2.0.2 to 2.0.3). - Adjusted engine requirements for compatibility with older Node.js versions. - Cleaned up unnecessary nested module entries for pbkdf2.
…#11342) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…ila#11352) - Changed the endpoint check from `isAgentsEndpoint` to `isAssistantsEndpoint` to adjust the logic for processing file uploads. - Reordered the import statements for better organization.
* feat: Bedrock provider support in memory processing - Introduced support for the Bedrock provider in the memory processing logic. - Updated the handling of instructions to ensure they are included in user messages for Bedrock, while maintaining the standard approach for other providers. - Added tests to verify the correct behavior for both Bedrock and non-Bedrock providers regarding instruction handling. * refactor: Bedrock memory processing logic - Improved handling of the first message in Bedrock memory processing to ensure proper content is used. - Added logging for cases where the first message content is not a string. - Adjusted the processed messages to include the original content or fallback to a new HumanMessage if no messages are present. * feat: Enhance Bedrock configuration handling in memory processing - Added logic to set the temperature to 1 when using the Bedrock provider with thinking enabled. - Ensured compatibility with additional model request fields for improved memory processing.
* chore: remove unused 'diff' package from dependencies * chore: update undici package to version 7.18.2 * chore: remove unused '@types/diff' package from dependencies * chore: remove unused '@types/diff' package from package.json and package-lock.json
…#11370) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* 🪨 feat: Anthropic Beta Support for Bedrock - Updated the Bedrock input parser to dynamically generate `anthropic_beta` headers based on the model identifier. - Added a new utility function `getBedrockAnthropicBetaHeaders` to determine applicable headers for various Anthropic models. - Modified existing tests to reflect changes in expected `anthropic_beta` values, including new test cases for full model IDs. * test: Update Bedrock Input Parser Tests for Beta Headers - Modified the test case for explicit thinking configuration to reflect the addition of `anthropic_beta` headers. - Ensured that the test now verifies the presence of specific beta header values in the additional model request fields.
…ny-avila#11372) * 🪵 refactor: Preserve job error state for late stream subscribers * 🔧 fix: Enhance error handling for late subscribers in GenerationJobManager - Implemented a cleanup strategy for error jobs to prevent immediate deletion, allowing late clients to receive error messages. - Updated job status handling to prioritize error notifications over completion events. - Added integration tests to verify error preservation and proper notification to late subscribers, including scenarios with Redis support.
…anny-avila#11373) * 🛠️ fix: unreliable retry logic during meili sync in case of interruption 🛠️ fix: exclude temporary documents from the count on startup for meili sync 🛠️ refactor: improved meili index cleanup before sync * fix: don't swallow the exception to prevent indefinite loop fix: update log messages for more clarity fix: more test coverage for exception handling
…ila#11375) * 🔧 fix: Update z-index values for navigation and mask layers in mobile view - Increased z-index of the .nav-mask class from 63 to 105 for improved layering. - Updated z-index of the nav component from 70 to 110 to ensure it appears above other elements. * 🔧 fix: Adjust z-index for navigation component in mobile view - Updated the z-index of the .nav class from 64 to 110 to ensure proper layering above other elements. * 🔧 fix: Standardize z-index values across conversation and navigation components - Updated z-index to 125 for various components including ConvoOptions, AccountSettings, BookmarkNav, and FavoriteItem to ensure consistent layering and visibility across the application.
* 🔧 fix: Update @librechat/agents version to 3.0.771 in package.json and package-lock.json * 🔧 fix: Update @librechat/agents version to 3.0.772 in package.json and package-lock.json * 🔧 fix: Update @librechat/agents version to 3.0.774 in package.json and package-lock.json
* 🔧 chore: Update version to v0.8.2-rc3 across multiple files * 🔧 chore: Update package versions for api, client, data-provider, and data-schemas
* Updated the background color in mobile.css for improved visibility. * Refactored class names in SidePanelGroup.tsx to utilize a utility function for better consistency and maintainability.
- Added session cookie options for OpenID and SAML configurations, including maxAge and secure attributes based on the environment.
- Introduced DEFAULT_SESSION_EXPIRY from data-schemas for better session handling.
* fix: focus transfer on add tool in Add Tools dialog * fix: focus transfer to inputs on add mcp server in Add MCP Server Tools dialog * chore: add comments disabling ESLint autfocus and documenting the purpose of the override * chore: remove stray newline
…ila#11406) * 🔧 fix: meilisearch incorrect count of total documents & performance improvement Temporary documents were counted & removed 2 redundant heavy calls to the database, use known information instead 🔧 fix: respect MEILI_SYNC_THRESHOLD value Do not sync with meili if threshold was not reached * refactor: reformat lint * fix: forces update if meili index settingsUpdated
* Improved detection of code blocks to support both language identifiers and plain code fences. * Updated tests to cover various scenarios, including edge cases with different language identifiers and multiline content. * Ensured proper handling of code blocks with trailing whitespace and complex syntax.
…#11433) * fix: Token Spending Logic for Multi-Agents on Abort Scenarios * Implemented logic to skip token spending if a conversation is aborted, preventing double-spending. * Introduced `spendCollectedUsage` function to handle token spending for multiple models during aborts, ensuring accurate accounting for parallel agents. * Updated `GenerationJobManager` to store and retrieve collected usage data for improved abort handling. * Added comprehensive tests for the new functionality, covering various scenarios including cache token handling and parallel agent usage. * fix: Memory Context Handling for Multi-Agents * Refactored `buildMessages` method to pass memory context to parallel agents, ensuring they share the same user context. * Improved handling of memory context when no existing instructions are present for parallel agents. * Added comprehensive tests to verify memory context propagation and behavior under various scenarios, including cases with no memory available and empty agent configurations. * Enhanced logging for better traceability of memory context additions to agents. * chore: Memory Context Documentation for Parallel Agents * Updated documentation in the `AgentClient` class to clarify the in-place mutation of agentConfig objects when passing memory context to parallel agents. * Added notes on the implications of mutating objects directly to ensure all parallel agents receive the correct memory context before execution. * chore: UsageMetadata Interface docs for Token Spending * Expanded the UsageMetadata interface to support both OpenAI and Anthropic cache token formats. * Added detailed documentation for cache token properties, including mutually exclusive fields for different model types. * Improved clarity on how to access cache token details for accurate token spending tracking. * fix: Enhance Token Spending Logic in Abort Middleware * Refactored `spendCollectedUsage` function to utilize Promise.all for concurrent token spending, improving performance and ensuring all operations complete before clearing the collectedUsage array. * Added documentation to clarify the importance of clearing the collectedUsage array to prevent double-spending in abort scenarios. * Updated tests to verify the correct behavior of the spending logic and the clearing of the array after spending operations.
…nny-avila#11427) * Updated the dependency array in the useNewConvo hook to include hasAgentAccess for improved state management and functionality.
…#11439) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* fix: focus outline clipping in Conversations panel * chore: address Copilot comments
…ers (danny-avila#12055) * refactor: consistent theming between inline and Artifacts Mermaid Diagram * refactor: Enhance Mermaid component with improved theming and security features - Updated Mermaid component to utilize useCallback for performance optimization. - Increased maximum zoom level from 4 to 10 for better diagram visibility. - Added security level configuration to Mermaid initialization for enhanced security. - Refactored theme handling to ensure consistent theming between inline and artifact diagrams. - Introduced unit tests for Mermaid configuration to validate flowchart settings and theme behavior. * refactor: Improve theme handling in useMermaid hook - Enhanced theme variable management by merging custom theme variables with default values for dark mode. - Ensured consistent theming across Mermaid diagrams by preserving existing theme configurations while applying new defaults. * refactor: Consolidate imports in mermaid test file - Combined multiple imports from the mermaid utility into a single statement for improved readability and organization in the test file. * feat: Add subgraph title contrast adjustment for Mermaid diagrams - Introduced a utility function to enhance text visibility on subgraph titles by adjusting the fill color based on background luminance. - Updated the Mermaid component to utilize this function, ensuring better contrast in rendered SVGs. - Added comprehensive unit tests to validate the contrast adjustment logic across various scenarios. * refactor: Update MermaidHeader component for improved button accessibility and styling - Replaced Button components with TooltipAnchor for better accessibility and user experience. - Consolidated button styles into a single class for consistency. - Enhanced the layout and spacing of the header for a cleaner appearance. * fix: hex color handling and improve contrast adjustment in Mermaid diagrams - Updated hexLuminance function to support 3-character hex shorthand by expanding it to 6 characters. - Refined the fixSubgraphTitleContrast function to avoid double semicolons in style attributes and ensure proper fill color adjustments based on background luminance. - Added unit tests to validate the handling of 3-character hex fills and the prevention of double semicolons in text styles. * chore: Simplify Virtual Scrolling Performance tests by removing performance timing checks - Removed performance timing checks and associated console logs from tests handling 1000 and 5000 agents. - Focused tests on verifying the correct rendering of virtual list items without measuring render time.
- Replaced external icon URLs in manifest.json with local SVG assets for Google Search, DALL-E-3, Tavily Search, Calculator, Stable Diffusion, Azure AI Search, and Flux. - Added new SVG files for Google Search, DALL-E-3, Tavily, Calculator, Stable Diffusion, and Azure AI Search to the assets directory, enhancing performance and reliability by using local resources.
…ven Mode (danny-avila#12066) * chore: Update logging format for tool execution handler to improve clarity * fix: Expand toolkit tools in loadToolDefinitions for event-driven mode The image_gen_oai toolkit contains both image_gen_oai and image_edit_oai tools, but the definitions-only path only returned image_gen_oai. This adds toolkit expansion so child tools are included in definitions, and resolves child tool names to their parent toolkit constructor at runtime. * chore: Remove toolkit flag from gemini_image_gen gemini_image_gen only has a single tool, so it is not a true toolkit. * refactor: Address review findings for toolkit expansion - Guard against duplicate constructor calls when parent and child tools are both in the tools array (Finding 2) - Consolidate image tool descriptions/schemas — registry now derives from toolkit objects (oaiToolkit, geminiToolkit) instead of duplicating them, so env var overrides are respected everywhere (Finding 5) - Move toolkitExpansion/toolkitParent to toolkits/mapping.ts with immutable types (Findings 6, 9) - Add tests for toolkit expansion, deduplication, and mapping invariants (Finding 1) - Fix log format to quote each tool individually (Finding 8) * fix: Correct toolkit constructor lookup to store under requested tool name The previous dedup guard stored the factory under toolKey (parent name) instead of tool (requested name), causing the promise loop to miss child tools like image_edit_oai. Now stores under both the parent key (for dedup) and the requested name (for lookup), with a memoized factory to ensure the constructor runs only once.
…#12070) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…precated Models (danny-avila#12073) * 🔧 fix: Use longest-match in findMatchingPattern, remove deprecated PaLM2/Codey models findMatchingPattern now selects the longest matching key instead of the first reverse-order match, preventing cross-provider substring collisions (e.g., "gpt-5.2-chat-2025-12-11" incorrectly matching Google's "chat-" pattern instead of OpenAI's "gpt-5.2"). Adds early exit when key length equals model name length. Reorders aggregateModels spreads so OpenAI is last (preferred on same-length ties). Removes deprecated PaLM2/Codey entries from googleModels. * refactor: re-order models based on more likely usage * refactor: Improve key matching logic in findMatchingPattern Updated the findMatchingPattern function to enhance key matching by ensuring case-insensitive comparisons and maintaining the longest match priority. Clarified comments regarding key ordering and performance implications, emphasizing the importance of defining older models first for efficiency and the handling of same-length ties. This refactor aims to improve code clarity and maintainability. * test: Enhance findMatchingPattern tests for edge cases and performance Added new test cases to the findMatchingPattern function, covering scenarios such as empty model names, case-insensitive matching, and performance optimizations. Included checks for longest match priority and ensured deprecated PaLM2/Codey models are no longer present in token entries. This update aims to improve test coverage and validate the function's behavior under various conditions. * test: Update findMatchingPattern test to use last key for exact match validation Modified the test for findMatchingPattern to utilize the last key from the openAIMap for exact match checks, ensuring the test accurately reflects the expected behavior of the function. This change enhances the clarity and reliability of the test case.
* chore: npm audit - Bumped versions for several packages: `@hono/node-server` to 1.19.10, `@tootallnate/once` to 3.0.1, `hono` to 4.12.5, `serialize-javascript` to 7.0.4, and `svgo` to 2.8.2. - Removed deprecated `@trysound/sax` package from package-lock.json. - Updated integrity hashes and resolved URLs in package-lock.json to reflect the new versions. * chore: update dependencies and package versions - Bumped `jest-environment-jsdom` to version 30.2.0 in both package.json and client/package.json. - Updated related Jest packages to version 30.2.0 in package-lock.json, ensuring compatibility with the latest features and fixes. - Added `svgo` package with version 2.8.2 to package.json for improved SVG optimization. * chore: add @happy-dom/jest-environment and update test files - Added `@happy-dom/jest-environment` version 20.8.3 to `package.json` and `package-lock.json` for improved testing environment. - Updated test files to utilize the new Jest environment, replacing mock implementations of `window.location` with `window.history.replaceState` for better clarity and maintainability. - Refactored tests in `SourcesErrorBoundary`, `useFocusChatEffect`, `AuthContext`, and `StartupLayout` to enhance reliability and reduce complexity.
- Updated `multer` dependency from version 2.1.0 to 2.1.1 in both package.json and package-lock.json to incorporate the latest improvements and fixes.
…la#12077) * fix: subdirectory redirects * fix: use path-segment boundary check when stripping BASE_URL prefix A bare `startsWith(BASE_URL)` matches on character prefix, not path segments. With BASE_URL="/chat", a path like "/chatroom/c/abc" would incorrectly strip to "room/c/abc" (no leading slash). Guard with an exact-match-or-slash check: `p === BASE_URL || p.startsWith(BASE_URL + '/')`. Also removes the dead `BASE_URL !== '/'` guard — module init already converts '/' to ''. * test: add path-segment boundary tests and clarify subdirectory coverage - Add /chatroom, /chatbot, /app/chatroom regression tests to verify BASE_URL stripping only matches on segment boundaries - Clarify useAuthRedirect subdirectory test documents React Router basename behavior (BASE_URL stripping tested in api-endpoints-subdir) - Use `delete proc.browser` instead of undefined assignment for cleanup - Add rationale to eslint-disable comment for isolateModules require * fix: use relative path and correct instructions in subdirectory test script - Replace hardcoded /home/danny/LibreChat/.env with repo-root-relative path so the script works from any checkout location - Update instructions to use production build (npm run build && npm run backend) since nginx proxies to :3080 which only serves the SPA after a full build, not during frontend:dev on :3090 * fix: skip pointless redirect_to=/ for root path and fix jsdom 26+ compat buildLoginRedirectUrl now returns plain /login when the resolved path is root — redirect_to=/ adds no value since / immediately redirects to /c/new after login anyway. Also rewrites api-endpoints.spec.ts to use window.history.replaceState instead of Object.defineProperty(window, 'location', ...) which jsdom 26+ no longer allows. * test: fix request-interceptor.spec.ts for jsdom 26+ compatibility Switch from jsdom to happy-dom environment which allows Object.defineProperty on window.location. jsdom 26+ made location non-configurable, breaking all 8 tests in this file. * chore: update browser property handling in api-endpoints-subdir test Changed the handling of the `proc.browser` property from deletion to setting it to false, ensuring compatibility with the current testing environment. * chore: update backend restart instructions in test subdirectory setup script Changed the instruction for restarting the backend from "npm run backend:dev" to "npm run backend" to reflect the correct command for the current setup. * refactor: ensure proper cleanup in loadModuleWithBase function Wrapped the module loading logic in a try-finally block to guarantee that the `proc.browser` property is reset to false and the base element is removed, improving reliability in the testing environment. * refactor: improve browser property handling in loadModuleWithBase function Revised the management of the `proc.browser` property to store the original value before modification, ensuring it is restored correctly after module loading. This enhances the reliability of the testing environment.
…danny-avila#12084) * refactor: Add timestamps option to updateMany in createMeiliMongooseModel - Updated the updateMany call in createMeiliMongooseModel to include a timestamps option set to false, ensuring that the operation does not modify the document's timestamps during the indexing process. This change improves the accuracy of document state management in MongoDB. * test: Add tests to ensure updatedAt timestamps are preserved during syncWithMeili - Introduced new test cases for the processSyncBatch function to verify that the original updatedAt timestamps on conversations and messages remain unchanged after synchronization with Meilisearch. This enhancement ensures data integrity during the indexing process. * docs: Update comments in createMeiliMongooseModel to clarify timestamp preservation - Enhanced comments in the createMeiliMongooseModel function to explain the use of the { timestamps: false } option in the updateMany call, ensuring that original conversation/message timestamps are preserved during the indexing process. This change improves code clarity and maintains the integrity of document timestamps. * test: Enhance Meilisearch sync tests to verify updatedAt timestamp preservation - Added assertions to ensure that the updatedAt timestamps of documents remain unchanged before and after synchronization with Meilisearch. This update improves the test coverage for the syncWithMeili function, reinforcing data integrity during the indexing process.
…t Test Jobs (danny-avila#12088) * refactor: CI Workflow for Backend with Build and Test Jobs - Updated the GitHub Actions workflow to include a new build job that compiles packages and uploads build artifacts. - Added separate test jobs for each package (`api`, `data-provider`, and `data-schemas`) to run unit tests after the build process. - Introduced caching for build artifacts to optimize build times. - Configured Jest to utilize 50% of available workers for improved test performance across all Jest configurations in the `api`, `data-schemas`, and `packages/api` directories. * refactor: Update CI Workflow for Backend with Enhanced Build and Cache Management - Modified the GitHub Actions workflow to improve the build process by separating build and cache steps for `data-provider`, `data-schemas`, and `api` packages. - Updated artifact upload and download steps to reflect the new naming conventions for better clarity. - Enhanced caching strategies to optimize build times and ensure efficient artifact management. * chore: Node Modules Caching in CI Workflow - Updated the GitHub Actions workflow to implement caching for the `node_modules` directory, improving build efficiency by restoring cached dependencies. - Adjusted the installation step to conditionally run based on cache availability, optimizing the overall CI process. * refactor: Enhance CI Workflow for Frontend with Build and Test Jobs - Updated the GitHub Actions workflow to introduce a structured build process for frontend packages, including separate jobs for building and testing on both Ubuntu and Windows environments. - Implemented caching strategies for `node_modules` and build artifacts to optimize build times and improve efficiency. - Added artifact upload and download steps for `data-provider` and `client-package` builds, ensuring that builds are reused across jobs. - Adjusted Node.js version specification for consistency and reliability across different jobs. * refactor: Update CI Workflows for Backend and Frontend with Node.js 20.19 and Enhanced Caching - Updated Node.js version to 20.19 across all jobs in both backend and frontend workflows for consistency. - Enhanced caching strategies for build artifacts and `node_modules`, increasing retention days from 1 to 2 for better efficiency. - Adjusted cache keys to include additional files for improved cache hit rates during builds. - Added conditional installation of dependencies to optimize the CI process. * chore: Configure Jest to Use 50% of Available Workers Across Client and Data Provider - Added `maxWorkers: '50%'` setting to Jest configuration files for the client and data provider packages to optimize test performance by utilizing half of the available CPU cores during test execution. * chore: Enhance Node Modules Caching in CI Workflows - Updated caching paths in both backend and frontend GitHub Actions workflows to include additional `node_modules` directories for improved dependency management. - This change optimizes the caching strategy, ensuring that all relevant modules are cached, which can lead to faster build times and more efficient CI processes. * chore: Update Node Modules Cache Keys in CI Workflows - Modified cache keys in both backend and frontend GitHub Actions workflows to include the Node.js version (20.19) for improved cache management. - This change ensures that the caching mechanism is more specific, potentially enhancing cache hit rates and build efficiency. * chore: Refactor Node Modules Cache Keys in CI Workflows - Updated cache keys in backend and frontend GitHub Actions workflows to be more specific, distinguishing between frontend and backend caches. - Removed references to `client/node_modules` in backend workflows to streamline caching paths and improve cache management.
* 🔄 refactor: Update Artifacts and Messages Contexts to Use Latest Message ID and Depth - Modified ArtifactsContext to retrieve latestMessage using Recoil state management. - Updated MessagesViewContext to replace latestMessage with latestMessageId and latestMessageDepth for improved clarity and consistency. - Adjusted various components (HoverButtons, MessageParts, MessageRender, ContentRender) to utilize latestMessageId instead of the entire message object, enhancing performance and reducing unnecessary re-renders. - Refactored useChatHelpers to extract latestMessageId and latestMessageDepth, streamlining message handling across the application. * refactor: Introduce PartWithContext Component for Optimized Message Rendering - Added a new PartWithContext component to encapsulate message part rendering logic, improving context management and reducing redundancy in the ContentParts component. - Updated MessageRender to utilize the new PartWithContext, streamlining the context provider setup and enhancing code clarity. - Refactored related logic to ensure proper context values are passed, improving maintainability and performance in message rendering. * refactor: Update Components to Use Function Declarations and Improve Readability - Refactored several components (MessageContainer, Markdown, MarkdownCode, MarkdownCodeNoExecution, MarkdownAnchor, MarkdownParagraph, MarkdownImage, TextPart, PlaceholderRow) to use function declarations instead of arrow functions, enhancing readability and consistency across the codebase. - Added display names to memoized components for better debugging and profiling in React DevTools. - Improved overall code clarity and maintainability by standardizing component definitions. * refactor: Standardize MessageRender and ContentRender Components for Improved Clarity - Refactored MessageRender and ContentRender components to use function declarations, enhancing readability and consistency. - Streamlined props handling by removing unnecessary parameters and improving the use of hooks for state management. - Updated memoization and rendering logic to optimize performance and reduce unnecessary re-renders. - Enhanced overall code clarity and maintainability by standardizing component definitions and structure. * refactor: Enhance Header Component with Memoization for Performance - Refactored the Header component to utilize React's memoization by wrapping it with the memo function, improving rendering performance by preventing unnecessary re-renders. - Changed the export to a memoized version of the Header component, ensuring better debugging with a display name. - Maintained overall code clarity and consistency in component structure. * refactor: Transition Components to Use Recoil for State Management - Updated multiple components (AddMultiConvo, TemporaryChat, HeaderNewChat, PresetsMenu, ModelSelectorChatContext) to utilize Recoil for state management, enhancing consistency and performance. - Replaced useChatContext with Recoil selectors and atoms, improving data flow and reducing unnecessary re-renders. - Introduced new selectors for conversation ID and endpoint retrieval, streamlining component logic and enhancing maintainability. - Improved overall code clarity by standardizing state management practices across components. * refactor: Integrate getConversation Callback for Enhanced State Management - Updated multiple components (Mention, ModelSelectorChatContext, ModelSelectorContext, FavoritesList) to utilize a getConversation callback instead of directly accessing conversation state, improving encapsulation and maintainability. - Refactored useSelectMention hook to accept getConversation, streamlining conversation retrieval and enhancing code clarity. - Introduced new Recoil selectors for conversation properties, ensuring consistent state management across components. - Enhanced overall code structure by standardizing the approach to conversation handling, reducing redundancy and improving performance. * refactor: Optimize LiveAnnouncer Context Value with useMemo - Updated the LiveAnnouncer component to utilize useMemo for context value creation, enhancing performance by preventing unnecessary recalculations of the context object. - Improved overall code clarity and maintainability by ensuring that context values are only recomputed when their dependencies change. * refactor: Update AgentPanelSwitch to Use Recoil for Agent ID Management - Refactored AgentPanelSwitch component to utilize Recoil for retrieving the current agent ID, replacing the previous use of chat context. - Improved state management by ensuring the agent ID is derived from Recoil, enhancing code clarity and maintainability. - Adjusted useEffect dependencies to reflect the new state management approach, streamlining the component's logic. * refactor: Enhance useLocalize Hook with useCallback for Improved Performance - Updated the useLocalize hook to utilize useCallback for the translation function, optimizing performance by preventing unnecessary re-creations of the function on each render. - Improved code clarity by ensuring that the translation function is memoized, enhancing maintainability and efficiency in localization handling. * refactor: Rename useCreateConversationAtom to useSetConversationAtom for Clarity - Updated the hook name from useCreateConversationAtom to useSetConversationAtom to better reflect its functionality in managing conversation state. - Introduced a new implementation for setting conversation state, enhancing clarity and maintainability in the codebase. - Adjusted related references in the useNewConvo hook to align with the new naming convention. * refactor: Enhance useKeyDialog Hook with useMemo and useCallback for Improved Performance - Updated the useKeyDialog hook to utilize useMemo for returning the dialog state and handlers, optimizing performance by preventing unnecessary recalculations. - Refactored the onOpenChange function to use useCallback, ensuring it only changes when its dependencies do, enhancing maintainability and clarity in the code. - Improved overall code structure and readability by streamlining the hook's logic and dependencies. * feat: Add useRenderChangeLog Hook for Debugging Render Changes - Introduced a new hook, useRenderChangeLog, that logs changes in tracked values between renders when a debug flag is enabled. - Utilizes useEffect and useRef to track previous values and identify changes, enhancing debugging capabilities for component renders. - Provides detailed console output for initial renders and value changes, improving developer insights during the rendering process. * refactor: Update useSelectAgent Hook for Improved State Management and Performance - Refactored the useSelectAgent hook to utilize useRecoilCallback for fetching conversation data, enhancing state management and performance. - Replaced the use of useChatContext with a more efficient approach, streamlining the logic for selecting agents and updating conversations. - Improved error handling and ensured asynchronous operations are properly awaited, enhancing reliability in agent selection and data fetching processes. * refactor: Optimize useDefaultConvo Hook with useCallback for Improved Performance - Refactored the getDefaultConversation function within the useDefaultConvo hook to utilize useCallback, enhancing performance by memoizing the function and preventing unnecessary re-creations on re-renders. - Streamlined the logic for cleaning input and output in the conversation object, improving code clarity and maintainability. - Ensured that dependencies for useCallback are correctly set, enhancing the reliability of the hook's behavior. * refactor: Optimize Agent Components with Memoization for Improved Performance - Refactored multiple agent-related components (AgentAvatar, AgentCategorySelector, AgentSelect, DeleteButton, FileContext, FileSearch, Files) to utilize React.memo for memoization, enhancing rendering performance by preventing unnecessary re-renders. - Updated the FileRow component to make setFilesLoading optional, improving flexibility in file handling. - Streamlined component logic and improved maintainability by ensuring that props are compared efficiently in memoized components. * refactor: Enhance File Handling and Agent Components for Improved Performance - Refactored multiple components (DeleteButton, FileContext, FileSearch, Files) to utilize new file handling hooks that separate chat context from file operations, improving performance and maintainability. - Introduced useFileHandlingNoChatContext and useSharePointFileHandlingNoChatContext hooks to streamline file handling logic, enhancing flexibility in managing file states. - Updated DeleteButton to improve conversation state management and ensure proper handling of agent deletions, enhancing user experience. - Optimized imports and component structure for better clarity and organization across the affected files. * refactor: Enhance useRenderChangeLog Hook with Improved Type Safety and Documentation - Updated the useRenderChangeLog hook to improve type safety by specifying the value types as string, number, boolean, null, or undefined. - Enhanced documentation to clarify usage and enablement of the debug feature, ensuring better developer insights during rendering. - Added a production check to prevent logging in production builds, optimizing performance and maintaining clean console output. * chore: imports * refactor: Replace useRecoilCallback with useGetConversation Hook for Improved Clarity and Performance - Refactored multiple components (AddMultiConvo, ModelSelectorChatContext, FavoritesList, useSelectAgent, usePresets) to utilize the new useGetConversation hook, enhancing clarity and reducing complexity by eliminating the use of useRecoilCallback. - Streamlined conversation retrieval logic across components, improving maintainability and performance. - Updated imports and component structure for better organization and readability. * refactor: Enhance Memoization in DeleteButton Component for Improved Performance - Updated the memoization logic in the DeleteButton component to include a comparison for the setCurrentAgentId prop, ensuring more efficient re-renders. - This change improves performance by preventing unnecessary updates when the agent ID and current agent ID remain unchanged. * chore: fix test * refactor: Improve Memoization Logic in AgentSelect Component - Updated the memoization comparison in the AgentSelect component to directly compare agentQuery.data objects, enhancing performance by ensuring accurate re-renders. - Refactored the useCreateConversationAtom function to streamline the logic for updating conversation keys, improving clarity and maintainability. * refactor: Simplify State Management in DeleteButton Component - Removed unnecessary setConversationOption function, streamlining the logic for updating conversation state after agent deletion. - Updated the conversation state directly within the deleteAgent mutation, improving clarity and maintainability of the component. - Refactored conversationByKeySelector to directly reference conversationByIndex, enhancing performance and reducing complexity in state retrieval. * refactor: Remove Unused Conversation Prop from Mention Component - Eliminated the conversation prop from the Mention component, simplifying its interface and reducing unnecessary dependencies. - Updated the ChatForm component to reflect this change, enhancing clarity and maintainability of the codebase. - Introduced useGetConversation hook for improved conversation retrieval logic, streamlining the component's functionality. * refactor: Simplify File Handling State Management Across Components - Removed the unused setFilesLoading function from FileContext, FileSearch, and Files components, streamlining the file handling state management. - Updated the FileHandlingState type to make setFilesLoading optional, enhancing flexibility in file operations. - Improved memoization logic by directly referencing necessary state properties, ensuring better performance and maintainability. * refactor: Update ArtifactsContext for Improved State Management - Replaced the useChatContext hook with direct Recoil state retrieval for isSubmitting, latestMessage, and conversationId, simplifying the context provider's logic. - Enhanced memoization by ensuring relevant state properties are directly referenced, improving performance and maintainability. - Streamlined the context value creation to reflect the updated state management approach. * refactor: Adjust Memoization Logic in ArtifactsContext for Consistency - Updated the memoization logic in the ArtifactsProvider to ensure the messageId is consistently referenced, improving clarity and maintainability. - This change enhances the performance of the context provider by ensuring all relevant properties are included in the memoization dependencies.
…y-avila#12098) * 🔧 fix: Update Excel sheet parsing to use fs.promises.readFile and correct import for xlsx - Modified the excelSheetToText function to read the file using fs.promises.readFile instead of directly accessing the file path. - Updated the import statement for the xlsx library to use the correct read method, ensuring proper functionality in parsing Excel sheets. * 🔧 fix: Update document parsing methods to use buffer for file reading - Modified the wordDocToText function to read the file as a buffer using fs.promises.readFile, ensuring compatibility with the mammoth library. - Updated the excelSheetToText function to read the Excel file as a buffer, addressing issues with the xlsx library's handling of dynamic imports and file access. * feat: Add tests for empty xlsx document parsing and validate xlsx imports - Introduced a new test case to verify that the `parseDocument` function correctly handles an empty xlsx file with only a sheet name, ensuring it returns the expected document structure. - Added a test to confirm that the `xlsx` library exports `read` and `utils` as named imports, validating the functionality of the library integration. - Included a new empty xlsx file to support the test cases.
* ✨ feat: Add support for new GPT-5.4 and GPT-5.4-pro models - Introduced new token values and cache settings for 'gpt-5.4' and 'gpt-5.4-pro' in the API model configurations. - Updated maximum output limits for the new models in the tokens utility. - Included 'gpt-5.4' and 'gpt-5.4-pro' in the shared OpenAI models list for consistent access across the application. * 🔧 update: Enhance GPT-5.4 and GPT-5.4-pro model configurations - Refined token pricing and cache settings for 'gpt-5.4' and 'gpt-5.4-pro' in the API model configurations. - Added tests for cache multipliers and maximum token limits for the new models. - Updated shared OpenAI models list to include 'gpt-5.4-thinking' and added a note for verifying pricing before release. * 🔧 update: Add clarification to token pricing for 'gpt-5.4-pro' - Added a comment to the 'gpt-5.4-pro' model configuration in tokens.ts to specify that it shares the same token window as 'gpt-5.4', enhancing clarity for future reference.
…iting (danny-avila#12109) * refactor: Code Editor and Auto Scroll Functionality - Added a useEffect hook in CodeEditor to sync streaming content with Sandpack without remounting the provider, improving performance and user experience. - Updated useAutoScroll to accept an optional editorRef, allowing for dynamic scroll container selection based on the editor's state. - Refactored ArtifactTabs to utilize the new editorRef in the useAutoScroll hook, ensuring consistent scrolling behavior during content updates. - Introduced stableFiles and mergedFiles logic in CodeEditor to optimize file handling and prevent unnecessary updates during streaming content changes. * refactor: Update CodeEditor to Sync Streaming Content Based on Read-Only State - Modified the useEffect hook in CodeEditor to conditionally sync streaming content with Sandpack only when in read-only mode, preventing unnecessary updates during user edits. - Enhanced the dependency array of the useEffect hook to include the readOnly state, ensuring accurate synchronization behavior. * refactor: Monaco Editor for Artifact Code Editing * refactor: Clean up ArtifactCodeEditor and ArtifactTabs components - Removed unused scrollbar styles from mobile.css to streamline the code. - Refactored ArtifactCodeEditor to improve content synchronization and read-only state handling. - Enhanced ArtifactTabs by removing unnecessary context usage and optimizing component structure for better readability. * feat: Add support for new artifact type 'application/vnd.ant.react' - Introduced handling for 'application/vnd.ant.react' in artifactFilename, artifactTemplate, and dependenciesMap. - Updated relevant mappings to ensure proper integration of the new artifact type within the application. * refactor:ArtifactCodeEditor with Monaco Editor Configuration - Added support for disabling validation in the Monaco Editor to improve the artifact viewer/editor experience. - Introduced a new type definition for Monaco to enhance type safety. - Updated the handling of the 'application/vnd.ant.react' artifact type to ensure proper integration with the editor. * refactor: Clean up ArtifactCodeEditor and mobile.css - Removed unnecessary whitespace in mobile.css for cleaner code. - Refactored ArtifactCodeEditor to streamline language mapping and type handling, enhancing readability and maintainability. - Consolidated language and type mappings into dedicated constants for improved clarity and efficiency. * feat: Integrate Monaco Editor for Enhanced Code Editing Experience - Added the Monaco Editor as a dependency to improve the code editing capabilities within the ArtifactCodeEditor component. - Refactored the handling of TypeScript and JavaScript defaults in the Monaco Editor configuration for better type safety and clarity. - Streamlined the setup for disabling validation, enhancing the artifact viewer/editor experience. * fix: Update ArtifactCodeEditor to handle null content checks - Modified conditional checks in ArtifactCodeEditor to use `art.content != null` instead of `art.content` for improved null safety. - Ensured consistent handling of artifact content across various useEffect hooks to prevent potential errors when content is null. * fix: Refine content comparison logic in ArtifactCodeEditor - Updated the condition for checking if the code is not original by removing the redundant null check for `art.content`, ensuring more concise and clear logic. - This change enhances the readability of the code and maintains the integrity of content comparison within the editor. * fix: Simplify code comparison logic in ArtifactCodeEditor - Removed redundant null check for the `code` variable, ensuring a more straightforward comparison with the current update reference. - This change improves code clarity and maintains the integrity of the content comparison logic within the editor.
…avila#12089) * fix: remove scaleImage function that stretched vertical images * chore: lint * refactor: Simplify Image Component Usage Across Chat Parts - Removed height and width props from the Image component in various parts (Files, Part, ImageAttachment, LogContent) to streamline image rendering. - Introduced a constant for maximum image height in the Image component for consistent styling. - Updated related components to utilize the new simplified Image component structure, enhancing maintainability and reducing redundancy. * refactor: Simplify LogContent and Enhance Image Component Tests - Removed height and width properties from the ImageAttachment type in LogContent for cleaner code. - Updated the image rendering logic to rely solely on the filepath, improving clarity. - Enhanced the Image component tests with additional assertions for rendering behavior and accessibility. - Introduced new tests for OpenAIImageGen to validate image preloading and progress handling, ensuring robust functionality. --------- Co-authored-by: Danny Avila <danny@librechat.ai>
…la#12107) - Add useHasAccess hook for TEMPORARY_CHAT permission type - Conditionally render TemporaryChat component based on user permissions - Ensures feature respects role-based access control Co-authored-by: Airam Hernández Hernández <airam.hernandez@intelequia.com>
…nny-avila#12100) * fix: default ALLOW_SHARED_LINKS_PUBLIC to false for security Shared links were publicly accessible by default when ALLOW_SHARED_LINKS_PUBLIC was not explicitly set, which could lead to unintentional data exposure. Users may assume their authentication settings protect shared links when they do not. This changes the default behavior so shared links require JWT authentication unless ALLOW_SHARED_LINKS_PUBLIC is explicitly set to true. * Document ALLOW_SHARED_LINKS_PUBLIC in .env.example Add comment explaining ALLOW_SHARED_LINKS_PUBLIC setting. --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Danny Avila <danacordially@gmail.com>
…ion (danny-avila#12114) * refactor: Update Image Component to Remove Lazy Loading and Enhance Rendering - Removed the react-lazy-load-image-component dependency from the Image component, simplifying the image loading process. - Updated the Image component to use a standard <img> tag with async decoding for improved performance and user experience. - Adjusted related tests to reflect changes in image rendering behavior and ensure proper functionality without lazy loading. * refactor: Enhance Image Handling and Caching Across Components - Introduced a new previewCache utility for managing local blob preview URLs, improving image loading efficiency. - Updated the Image component and related parts (FileRow, Files, Part, ImageAttachment, LogContent) to utilize cached previews, enhancing rendering performance and user experience. - Added width and height properties to the Image component for better layout management and consistency across different usages. - Improved file handling logic in useFileHandling to cache previews during file uploads, ensuring quick access to image data. - Enhanced overall code clarity and maintainability by streamlining image rendering logic and reducing redundancy. * refactor: Enhance OpenAIImageGen Component with Image Dimensions - Added width and height properties to the OpenAIImageGen component for improved image rendering and layout management. - Updated the Image component usage within OpenAIImageGen to utilize the new dimensions, enhancing visual consistency and performance. - Improved code clarity by destructuring additional properties from the attachment object, streamlining the component's logic. * refactor: Implement Image Size Caching in DialogImage Component - Introduced an imageSizeCache to store and retrieve image sizes, enhancing performance by reducing redundant fetch requests. - Updated the getImageSize function to first check the cache before making network requests, improving efficiency in image handling. - Added decoding attribute to the image element for optimized rendering behavior. * refactor: Enhance UserAvatar Component with Avatar Caching and Error Handling - Introduced avatar caching logic to optimize avatar resolution based on user ID and avatar source, improving performance and reducing redundant image loads. - Implemented error handling for failed image loads, allowing for fallback to a default avatar when necessary. - Updated UserAvatar props to streamline the interface by removing the user object and directly accepting avatar-related properties. - Enhanced overall code clarity and maintainability by refactoring the component structure and logic. * fix: Layout Shift in Message and Placeholder Components for Consistent Height Management - Adjusted the height of the PlaceholderRow and related message components to ensure consistent rendering with a minimum height of 31px. - Updated the MessageParts and ContentRender components to utilize a minimum height for better layout stability. - Enhanced overall code clarity by standardizing the structure of message-related components. * tests: Update FileRow Component to Prefer Cached Previews for Image Rendering - Modified the image URL selection logic in the FileRow component to prioritize cached previews over file paths when uploads are complete, enhancing rendering performance and user experience. - Updated related tests to reflect changes in image URL handling, ensuring accurate assertions for both preview and file path scenarios. - Introduced a fallback mechanism to use file paths when no preview exists, improving robustness in file handling. * fix: Image cache lifecycle and dialog decoding - Add deletePreview/clearPreviewCache to previewCache.ts for blob URL cleanup - Wire deletePreview into useFileDeletion to revoke blobs on file delete - Move dimensionCache.set into useMemo to avoid side effects during render - Extract IMAGE_MAX_W_PX constant (512) to document coupling with max-w-lg - Export _resetImageCaches for test isolation - Change DialogImage decoding from "sync" to "async" to avoid blocking main thread * fix: Avatar cache invalidation and cleanup - Include avatarSrc in cache invalidation to prevent stale avatars - Remove unused username parameter from resolveAvatar - Skip caching when userId is empty to prevent cache key collisions * test: Fix test isolation and type safety - Reset module-level dimensionCache/paintedUrls in beforeEach via _resetImageCaches - Replace any[] with typed mock signature in cn mock for both test files * chore: Code quality improvements from review - Use barrel imports for previewCache in Files.tsx and Part.tsx - Single Map.get with truthy check instead of has+get in useEventHandlers - Add JSDoc comments explaining EmptyText margin removal and PlaceholderRow height - Fix FileRow toast showing "Deleting file" when file isn't actually deleted (progress < 1) * fix: Address remaining review findings (R1-R3) - Add deletePreview calls to deleteFiles batch path to prevent blob URL leaks - Change useFileDeletion import from deep path to barrel (~/utils) - Change useMemo to useEffect for dimensionCache.set (side effect, not derived value) * fix: Address audit comments 2, 5, and 7 - Fix files preservation to distinguish null (missing) from [] (empty) in finalHandler - Add auto-revoke on overwrite in cachePreview to prevent leaked blobs - Add removePreviewEntry for key transfer without revoke - Clean up stale temp_file_id cache entry after promotion to permanent file_id
…anny-avila#12117) * chore: Remove unused setValueOnChange prop from MCPServerMenuItem component * fix: Resolve agent provider endpoint type for file upload support When using the agents endpoint with a custom provider (e.g., Moonshot), the endpointType was resolving to "agents" instead of the provider's actual type ("custom"), causing "Upload to Provider" to not appear in the file attach menu. Adds `resolveEndpointType` utility in data-provider that follows the chain: endpoint (if not agents) → agent.provider → agents. Applied consistently across AttachFileChat, DragDropContext, useDragHelpers, and AgentPanel file components (FileContext, FileSearch, Code/Files). * refactor: Extract useAgentFileConfig hook, restore deleted tests, fix review findings - Extract shared provider resolution logic into useAgentFileConfig hook (Finding #2: DRY violation across FileContext, FileSearch, Code/Files) - Restore 18 deleted test cases in AttachFileMenu.spec.tsx covering agent capabilities, SharePoint, edge cases, and button state (Finding #1: accidental test deletion) - Wrap fileConfigEndpoint in useMemo in AttachFileChat (Finding #3) - Fix misleading test name in AgentFileConfig.spec.tsx (Finding #4) - Fix import order in FileSearch.tsx, FileContext.tsx, Code/Files.tsx (Finding #5) - Add comment about cache gap in useDragHelpers (Finding #6) - Clarify resolveEndpointType JSDoc (Finding #7) * refactor: Memoize Footer component for performance optimization - Converted Footer component to a memoized version to prevent unnecessary re-renders. - Improved import structure by adding memo to the React import statement for clarity. * chore: Fix remaining review nits - Widen useAgentFileConfig return type to EModelEndpoint | string - Fix import order in FileContext.tsx and FileSearch.tsx - Remove dead endpointType param from setupMocks in AttachFileMenu test * fix: Pass resolved provider endpoint to file upload validation AgentPanel file components (FileContext, FileSearch, Code/Files) were hardcoding endpointOverride to "agents", causing both client-side validation (file limits, MIME types) and server-side validation to use the agents config instead of the provider-specific config. Adds endpointTypeOverride to UseFileHandling params so endpoint and endpointType can be set independently. Components now pass the resolved provider name and type from useAgentFileConfig, so the full fallback chain (provider → custom → agents → default) applies to file upload validation on both client and server. * test: Verify any custom endpoint is document-supported regardless of name Adds parameterized tests with arbitrary endpoint names (spaces, hyphens, colons, etc.) confirming that all custom endpoints resolve to document-supported through resolveEndpointType, both as direct endpoints and as agent providers. * fix: Use || for provider fallback, test endpointOverride wiring - Change providerValue ?? to providerValue || so empty string is treated as "no provider" consistently with resolveEndpointType - Add wiring tests to CodeFiles, FileContext, FileSearch verifying endpointOverride and endpointTypeOverride are passed correctly - Update endpointOverride JSDoc to document endpointType fallback
…ila#12130) * 🔒 fix: handle hex-normalized IPv4-mapped IPv6 in domain validation * fix: Enhance IPv6 private address detection in domain validation - Added tests for detecting IPv4-compatible, 6to4, NAT64, and Teredo addresses. - Implemented `extractEmbeddedIPv4` function to identify private IPv4 addresses within various IPv6 formats. - Updated `isPrivateIP` function to utilize the new extraction logic for improved accuracy in address validation. * fix: Update private IPv4 detection logic in domain validation - Enhanced the `isPrivateIPv4` function to accurately identify additional private and non-routable IPv4 ranges. - Adjusted the return logic in `resolveHostnameSSRF` to utilize the updated private IP detection for improved hostname validation. * test: Expand private IP detection tests in domain validation - Added tests for additional private IPv4 ranges including 0.0.0.0/8, 100.64.0.0/10, 192.0.0.0/24, and 198.18.0.0/15. - Updated existing tests to ensure accurate detection of private and multicast IP addresses in the `isPrivateIP` function. - Enhanced `resolveHostnameSSRF` to correctly identify private literal IPv4 addresses without DNS lookup. * refactor: Rename and enhance embedded IPv4 detection in IPv6 addresses - Renamed `extractEmbeddedIPv4` to `hasPrivateEmbeddedIPv4` for clarity on its purpose. - Updated logic to accurately check for private IPv4 addresses embedded in Teredo, 6to4, and NAT64 IPv6 formats. - Improved the `isPrivateIP` function to utilize the new naming and logic for better readability and accuracy. - Enhanced documentation for clarity on the functionality of the updated methods. * feat: Enhance private IPv4 detection in embedded IPv6 addresses - Added additional checks in `hasPrivateEmbeddedIPv4` to ensure only valid private IPv4 formats are recognized. - Improved the logic for identifying private IPv4 addresses embedded within various IPv6 formats, enhancing overall accuracy. * test: Add additional test for hostname resolution in SSRF detection - Included a new test case in `resolveHostnameSSRF` to validate the detection of private IPv4 addresses embedded in IPv6 formats for the hostname 'meta.example.com'. - Enhanced existing tests to ensure comprehensive coverage of hostname resolution scenarios. * fix: Set redirect option to 'manual' in undiciFetch calls - Updated undiciFetch calls in MCPConnection to include the redirect option set to 'manual' for better control over HTTP redirects. - Added documentation comments regarding SSRF pre-checks for WebSocket connections, highlighting the limitations of the current SDK regarding DNS resolution. * test: Add integration tests for MCP SSRF protections - Introduced a new test suite for MCP SSRF protections, verifying that MCPConnection does not follow HTTP redirects to private IPs and blocks WebSocket connections to private IPs when SSRF protection is enabled. - Implemented tests to ensure correct behavior of the connection under various scenarios, including redirect handling and WebSocket DNS resolution. * refactor: Improve SSRF protection logic for WebSocket connections - Enhanced the SSRF pre-check for WebSocket connections to validate resolved IPs, ensuring that allowlisting a domain does not grant trust to its resolved IPs at runtime. - Updated documentation comments to clarify the limitations of the current SDK regarding DNS resolution and the implications for SSRF protection. * test: Enhance MCP SSRF protection tests for redirect handling and WebSocket connections - Updated tests to ensure that MCPConnection does not follow HTTP redirects to private IPs, regardless of SSRF protection settings. - Added checks to verify that WebSocket connections to hosts resolving to private IPs are blocked, even when SSRF protection is disabled. - Improved documentation comments for clarity on the behavior of the tests and the implications for SSRF protection. * test: Refactor MCP SSRF protection test for WebSocket connection errors - Updated the test to use `await expect(...).rejects.not.toThrow(...)` for better readability and clarity. - Simplified the error handling logic while ensuring that SSRF rejections are correctly validated during connection failures.
…anny-avila#12138) * fix: remove docker images by named tag instead of image ID * refactor: Simplify rebase logic and enhance error handling in deployed-update script - Removed unnecessary condition for rebasing, streamlining the update process. - Renamed variable for clarity when fetching Docker image tags. - Added error handling to catch and log failures during the update process, ensuring better visibility of issues.
…ila#12145) * feat: MCP server reinitialization recovery mechanism - Added functionality to store a stub configuration for MCP servers that fail inspection at startup, allowing for recovery via reinitialization. - Introduced `reinspectServer` method in `MCPServersRegistry` to handle reinspection of previously failed servers. - Enhanced `MCPServersInitializer` to log and manage server initialization failures, ensuring proper handling of inspection failures. - Added integration tests to verify the recovery process for unreachable MCP servers, ensuring that stub configurations are stored and can be reinitialized successfully. - Updated type definitions to include `inspectionFailed` flag in server configurations for better state management. * fix: MCP server handling for inspection failures - Updated `reinitMCPServer` to return a structured response when the server is unreachable, providing clearer feedback on the failure. - Modified `ConnectionsRepository` to prevent connections to servers marked as inspection failed, improving error handling. - Adjusted `MCPServersRegistry` methods to ensure proper management of server states, including throwing errors for non-failed servers during reinspection. - Enhanced integration tests to validate the behavior of the system when dealing with unreachable MCP servers and inspection failures, ensuring robust recovery mechanisms. * fix: Clear all cached server configurations in MCPServersRegistry - Added a comment to clarify the necessity of clearing all cached server configurations when updating a server's configuration, as the cache is keyed by userId without a reverse index for enumeration. * fix: Update integration test for file_tools_server inspection handling - Modified the test to verify that the `file_tools_server` is stored as a stub when inspection fails, ensuring it can be reinitialized correctly. - Adjusted expectations to confirm that the `inspectionFailed` flag is set to true for the stub configuration, enhancing the robustness of the recovery mechanism. * test: Add unit tests for reinspecting servers in MCPServersRegistry - Introduced tests for the `reinspectServer` method to validate error handling when called on a healthy server and when the server does not exist. - Ensured that appropriate exceptions are thrown for both scenarios, enhancing the robustness of server state management. * test: Add integration test for concurrent reinspectServer calls - Introduced a new test to validate that multiple concurrent calls to reinspectServer do not crash or corrupt the server state. - Ensured that at least one call succeeds and any failures are due to the server not being in a failed state, enhancing the reliability of the reinitialization process. * test: Enhance integration test for concurrent MCP server reinitialization - Added a new test to validate that concurrent calls to reinitialize the MCP server do not crash or corrupt the server state. - Ensured that at least one call succeeds and that failures are handled gracefully, improving the reliability of the reinitialization process. - Reset MCPManager instance after each test to maintain a clean state for subsequent tests.
* fix: include remoteAgents config in loadDefaultInterface The loadDefaultInterface function was not passing the remoteAgents configuration from librechat.yaml to the permission system, causing remoteAgents permissions to never update from the YAML config even when explicitly configured. This fix adds the missing remoteAgents field to the returned loadedInterface object, allowing the permission update system to properly detect and apply remoteAgents configuration from the YAML file. Fixes remote agents (API) configuration not being applied from librechat.yaml * test: Add remoteAgents permission tests for USER and ADMIN roles Introduced new tests to validate the application of remoteAgents configuration in user permissions. The tests cover scenarios for explicit configuration, full enablement, and default role behavior when remoteAgents are not configured. This ensures that permissions are correctly applied based on the provided configuration, addressing a regression related to the omission of remoteAgents in the loadDefaultInterface function. --------- Co-authored-by: Airam Hernández Hernández <airam.hernandez@intelequia.com> Co-authored-by: Danny Avila <danny@librechat.ai>
* 📦 chore: bump `mermaid` and `dompurify` - Bump mermaid to version 11.13.0 in both package-lock.json and client/package.json. - Update monaco-editor to version 0.55.1 in both package-lock.json and client/package.json. - Upgrade @Chevrotain packages to version 11.1.2 in package-lock.json. - Add dompurify as a dependency for monaco-editor in package.json. - Update d3-format to version 3.1.2 and dagre-d3-es to version 7.0.14 in package-lock.json. - Upgrade dompurify to version 3.3.2 in package-lock.json. * chore: update language prop in ArtifactCodeEditor for read-only mode for better UX - Adjusted the language prop in the MonacoEditor component to use 'plaintext' when in read-only mode, ensuring proper display of content without syntax highlighting.
- Updated package versions for @librechat/api (1.7.25), @librechat/client (0.4.54), librechat-data-provider (0.8.302), and @librechat/data-schemas (0.0.38). - Incremented configuration version in librechat.example.yaml to 1.3.6.
- Introduced 'X-OpenRouter-Title' and 'X-OpenRouter-Categories' headers in the OpenAI configuration for enhanced compatibility with OpenRouter services. - Updated related tests to ensure the new headers are correctly included in the configuration responses.
- Bumped versions for several dependencies including @eslint/eslintrc to 3.3.4, axios to 1.13.5, express to 5.2.1, and lodash to 4.17.23. - Updated @librechat/backend and @librechat/frontend versions to 0.8.3. - Added new dependencies: turbo and mammoth. - Adjusted various other dependencies to their latest versions for improved compatibility and performance.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
upstream/rel/v0.8.3developwith a draft PRSource
upstream/rel/v0.8.3v0.8.3Notes
This PR intentionally tracks upstream LibreChat
0.8.3as-is so we can review and resolve conflicts againstdevelopin the PR workflow rather than during local branch preparation.