Open
Conversation
…-avila#10888) * 🔖 refactor: citation handling with support for both literal and Unicode formats * refactor: file search messages for edge cases in documents * 🔧 refactor: Enhance citation handling with detailed regex patterns for literal and Unicode formats * 🔧 refactor: Simplify file search query handling by removing unnecessary parameters and improving result formatting * ✨ test: Add comprehensive integration tests for citation processing flow with support for literal and Unicode formats * 🔧 refactor: Improve regex match handling and add performance tests for citation processing
…a#10894) - Added try-catch blocks to handle errors during document deletion from the RAG API. - Implemented logging for 404 errors indicating that the document may have already been deleted. - Improved error logging for other deletion errors in both Firebase and Local file services.
…anny-avila#10917) Adds support for MCP servers like StackOverflow that use OAuth but don't provide standard discovery metadata at .well-known endpoints. Changes: - Add fallback OAuth endpoints (/authorize, /token, /register) when discoverAuthorizationServerMetadata returns undefined - Add POST fallback in OAuth detection when HEAD returns non-401 (StackOverflow returns 405 for HEAD, 401 for POST) - Detect OAuth requirement from WWW-Authenticate: Bearer header even without resource_metadata URL - Add fallback /token endpoint for token refresh when metadata discovery fails - Add registration_endpoint to OAuthMetadata type This mirrors the MCP SDK's behavior where it gracefully falls back to default OAuth endpoint paths when .well-known metadata isn't available. Tests: - Add unit tests for detectOAuth.ts (POST fallback, Bearer detection) - Add unit tests for handler.ts (fallback metadata, fallback refresh) - Add StackOverflow to integration test servers Fixes OAuth flow for servers that: - Return 405 for HEAD requests (only support POST) - Return 401 with simple "Bearer" in WWW-Authenticate - Don't have .well-known/oauth-authorization-server endpoint - Use standard /authorize, /token, /register paths
If you've got a screen reader that is reading out the whole page, each icon button (i.e., `<button><SVG></button>`) will have both the button's aria-label read out as well as the title from the SVG (which is usually just "image"). Since we are pretty good about setting aria-labels, we should instead use `aria-hidden="true"` on these images, since they are not useful to be read out. I don't consider this a comprehensive review of all icons in the app, but I knocked out all the low hanging fruit in this commit.
…a#10607) * feat: wrap main content of page in <main> tag for screen reader landmarks (439) * feat: add italic on active convo when selected so that selection state does not rely on bg contrast ratio (562) * feat: add border ring around SearchBar so that it passes focus contrast minimums (577) * fix: hide decorative SVGs from screen readers (578) * fix: stop clipping of focus outlines in My Files modal (593) * feat: programmatically declare state of Temporary Chat toggle for screen readers (606) * feat: add sr-only components to warn screen readers that footer links open in new tab (611) * feat: add aria-labels to archived chat table buttons * feat: add screen reader heading for prompt edit page (776) * feat: increase contrast to threshold minimum for production tag in prompts advanced view (773) * feat: increase contrast to thehold minimums for production tag and version card border highlights (770) * fix: h2 now reads as 'control bar' to screen readers in edit prompt page (768) * feat: add selected state tracking for simple / advanced toggle for screen readers (765) * feat: add left padding to theme selector in prompts side nav panel so that focus outline doesnt clip * feat: darken orange bg for warning toasts to hit 3:1 contrast minimum with white text (725) * fix: return focus to triggering element on modal close for image preview in attach files panel (717) * fix: hide SVG for AddMultiConvo button from screen readers (708) * feat: add persistent label to Filter Memories... input in memory side panel
* fix: replace string concatenation of localization keys with interpolations and add keys for unlocalized string literals * chore: update test for new localization key --------- Co-authored-by: Danny Avila <danny@librechat.ai>
* 🗑️ chore: Remove unused Legacy Provider clients and related helpers
* Deleted OpenAIClient and GoogleClient files along with their associated tests.
* Removed references to these clients in the clients index file.
* Cleaned up typedefs by removing the OpenAISpecClient export.
* Updated chat controllers to use the OpenAI SDK directly instead of the removed client classes.
* chore/remove-openapi-specs
* 🗑️ chore: Remove unused mergeSort and misc utility functions
* Deleted mergeSort.js and misc.js files as they are no longer needed.
* Removed references to cleanUpPrimaryKeyValue in messages.js and adjusted related logic.
* Updated mongoMeili.ts to eliminate local implementations of removed functions.
* chore: remove legacy endpoints
* chore: remove all plugins endpoint related code
* chore: remove unused prompt handling code and clean up imports
* Deleted handleInputs.js and instructions.js files as they are no longer needed.
* Removed references to these files in the prompts index.js.
* Updated docker-compose.yml to simplify reverse proxy configuration.
* chore: remove unused LightningIcon import from Icons.tsx
* chore: clean up translation.json by removing deprecated and unused keys
* chore: update Jest configuration and remove unused mock file
* Simplified the setupFiles array in jest.config.js by removing the fetchEventSource mock.
* Deleted the fetchEventSource.js mock file as it is no longer needed.
* fix: simplify endpoint type check in Landing and ConversationStarters components
* Updated the endpoint type check to use strict equality for better clarity and performance.
* Ensured consistency in the handling of the azureOpenAI endpoint across both components.
* chore: remove unused dependencies from package.json and package-lock.json
* chore: remove legacy EditController, associated routes and imports
* chore: update banResponse logic to refine request handling for banned users
* chore: remove unused validateEndpoint middleware and its references
* chore: remove unused 'res' parameter from initializeClient in multiple endpoint files
* chore: remove unused 'isSmallScreen' prop from BookmarkNav and NewChat components; clean up imports in ArchivedChatsTable and useSetIndexOptions hooks; enhance localization in PromptVersions
* chore: remove unused import of Constants and TMessage from MobileNav; retain only necessary QueryKeys import
* chore: remove unused TResPlugin type and related references; clean up imports in types and schemas
* chore: update express to version 5.1.0 in package.json * chore: update express-rate-limit to version 8.2.1 in package.json and package-lock.json * fix: Enhance server startup error handling in experimental and index files * Added error handling for server startup in both experimental.js and index.js to log errors and exit the process if the server fails to start. * Updated comments in openidStrategy.js to clarify the purpose of the CustomOpenIDStrategy class and its relation to Express version changes. * chore: Implement rate limiting for all POST routes excluding /speech, required for express v5 * Added middleware to apply IP and user rate limiters to all POST requests, ensuring that the /speech route remains unaffected. * Enhanced code clarity with comments explaining the new rate limiting logic. * chore: Enable writable req.query for mongoSanitize compatibility in Express 5 * chore: Ensure req.body exists in multiple middleware and route files for Express 5 compatibility
…anny-avila#10352) * 🔄 Refactoring: MCP Runtime Configuration Reload - PrivateServerConfigs own cache classes (inMemory and Redis). - Connections staleness detection by comparing (connection.createdAt and config.LastUpdatedAt) - ConnectionsRepo access Registry instead of in memory config dict and renew stale connections - MCPManager: adjusted init of ConnectionsRepo (app level) - UserConnectionManager: renew stale connections - skipped test, to test "should only clear keys in its own namespace" - MCPPrivateServerLoader: new component to manage logic of loading / editing private servers on runtime - PrivateServersLoadStatusCache to track private server cache status - New unit and integration tests. Misc: - add es lint rule to enforce line between class methods * Fix cluster mode batch update and delete workarround. Fixed unit tests for cluster mode. * Fix Keyv redis clear cache namespace awareness issue + Integration tests fixes * chore: address copilot comments * Fixing rebase issue: removed the mcp config fallback in single getServerConfig method: - to not to interfere with the logic of the right Tier (APP/USER/Private) - If userId is null, the getServerConfig should not return configs that are a SharedUser tier and not APP tier * chore: add dev-staging branch to workflow triggers for backend, cache integration, and ESLint checks --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
…a#10521) * feat: add light/dark differentiation on text color for login footer links for more accessible contrast in light mode * feat: add darker color focus ring on ThemeSelector in light mode for more accessible contrast * feat: increase contrast on text color for rendered error messages in light and dark mode so that they pass the 4.5:1 accessibility contrast threshold against their backgrounds * feat: add more accessible color vars to style.css for better contrast against light/dark backgrounds * feat: un-nest DropdownMenu from ListCard and make them siblings instead for better accessibility * feat: tweak --border-heavy in light mode so that it uses --gray-410 rather than --gray-400 so that the contrast ratio threshold is hit for accessibility * feat: switch email and password input border to border-heavy for more accessible contrast on Login page * fix: add proper focus ring for Action menu button in Prompts Sidenav * fix: align light and dark focus rings with surrounding elements on preview/edit menu dropdown button in Prompt Card * fix: remove aria-hidden on parent div with focusable child element according to accessibility guidelines * fix: add missing aria-readonly false property that should have been in previous accessibility PR * feat: add horizontal padding on rowRenderer's CellMeasurer div so that focus ring on rows doesnt clip behind virtualized table borders side-to-side (still need to figure out vertical clipping on final row / a better solution to be able to get overflows to work properly within the virtualized table) * feat: remove render prop override so that Share and Delete Buttons in Conversation dropdown can be pressed with Enter keystroke * fix: undo additional colors and changes to --surface-hover the initial changes came from a misunderstanding of contrast threshold requirements for hover effect accessibility * feat: better layout for non-nested prompt card / action menu combination * fix: add proper focus restoration behavior for Preview modal on close * fix: undo change to --border-heavy in light mode * fix: set borders for login input boxes back to light * feat: add announcement for state change when link copied to clipboard in conversation share modal * feat: add announcement to Refresh Link button * feat: add announcement for archiving chats * feat: make date sections in conversation history list <h2> rather than generic <div> for improved screen reader support * feat: ensure Share Link modal is accessible at high zoom percentage and low viewport width / height requirements by adding max height and overflow attributes to allow scrolling * feat: bold toast text so that it hits font size accessibility threshold (above 14 px when bolded - change makes text 16 px bold) so that the more disruptive contrast change of the toast background color is no longer necessary. The background color would need to achieve a 4.5:1 contrast ratio, which would significantly affect the established aesthetic of the current toast system if achieved. * fix: do not render side nav when it is hidden to avoid keyboard navigation with screen reader * fix: add side nav button state change announcements and don't render components that were previosuly reachable via keyboard navigation while in the side nav * feat: add tooltip anchor for Model Select * fix: only hide the model selector, export, and temp chat buttons when in mobile view and the sidenav is expanded * feat: add aria-haspopup support for MenuItems and add aria-haspopup: 'dialog' for Share and Delete buttons in ConvoOptions * feat: add label for DataTable search so that it does not rely on placeholder attribute for function identification * feat: make X buttons on dialogs 24x24px to achieve AA compliance * feat: add announcements for the search bar for model selector * feat: persistent label for DataTable * feat: make filter files text contrast compliant * feat: add non-color visual indicator to AudioRecorder listening state * feat: add aria-expanded attribute to tool call dropdown for screen reader * feat: add high contrast and rounded outlines for focus indicators on Run Code and Copy Code buttons for code blocks * fix: change Button to anchor tag in Shared Links component when linking to original conversation * fix: allow overflow in datatable cells so that focus indicators dont get cut off * feat: round out focus outline for link name in SharedLinks modal * feat: add aria-controls and aria-haspopup: "dialog" to SharedLinks delete button and modal * feat: add aria-controls for dropdown menu items on ConvoOptions for share and delete modals * feat: add trigger ref to 2FA button and modal in settings menu so focus returns to button on modal close * feat: add refs so that open sidebar and close sidebar buttons transfer focus to one another * chore: formatting * feat: make sure settings modal is accessible at 200% zoom for screen size 1366x768 viewport * feat: round out focus outline for link names in archived chats modal * feat: add result announcements for screen reader in DataTable search * feat: simplify layout for checkbox / api key components for better accessibility * feat: return focus to chat input on prompt variables modal close * feat: add persistent labels to TextareaAutosize Inputs in Variable form * feat: tighten max width so side scrolling not necessary at 400% zoom for VariableForm modal * feat: add persistent labels to prompt management page * feat: announce results found for search bars in prompts page and improve them in datatable * feat: de-nest DashGroupItem buttons in Prompts page to allow better navigation and comply with accessibility standard * feat: add heading for new prompt creation page for screen readers * feat: remove non-compliant description truncation for small screen sizes by making labels static on small enough viewport width * feat: add mobile view sidebar for prompts page * feat: add bolded text on select for AdvancedSwitch so that there is a visual indicator of selection and it does not rely solely on color as an indication of state * feat: add persistent labels to ModelSelector search inputs * feat: align aria-label with visual label for speech recognition users * feat: make MemoryCreateDialog accessible at 400% zoom (introduce max viewport height attr and make scrollable) * feat: add persistent label to Filter input for DataTable in file attach sidebar menu * feat: add persistent label for bookmark filter input in bookmarks sidebar menu * feat: add alert for screen readers for invalid inputs when editting bookmarks * feat: bold font in BookmarkForm error readout to pass contrast compliance thresholds for 14pt text * feat: align aria-label with visual label for BookmarkForm Ttile input * feat: add 400% zoom support for ALL modals utilizing OriginalDialog to prevent clipping * feat: remove state change on aria label and give consistent labelling for button, offload state change notification to the announcement div and make more assertive * feat: add aria-labels which convey that the buttons are sortable (divergence from visual text because iconography is used to signify sort functionality) * feat: add supplemental visuals to indicate link is clickable other than color in SharedLinks * feat: increase saturation to hit contrast threshold minimums on Link color in SharedLinks * feat: stop DataTable from disappearing at 400% zoom in SharedLinks * feat: increase contrast to hit contrast threshold minimums on Animated Search Input visual indicators * feat: add aria-label for AnimatedSearchInput (doesn't require explicit labelling because of Search icon) * fix: stop long example variable declaration from clipping at high zoom in variables info * feat: add aria-label to bettter describe sort button functionality for vision impaired users * chore: remove unused translation key * chore: address ESLint comments * fix: modify test to account for new alert on theme toggle switch for login page * chore: interpolate translation key
…vila#10521 (danny-avila#10690) * fix: show ModelSelector and other buttons properly * chore: remove string templates and fix import order * chore: import order --------- Co-authored-by: Danny Avila <danny@librechat.ai>
* Decouple mcp config from start up config * Chore: Work on AI Review and Copilot Comments - setRawConfig is not needed since the private raw config is not needed any more - !!serversLoading bug fixed - added unit tests for route /api/mcp/servers - copilot comments addressed * chore: remove comments * chore: rename data-provider dir for MCP * chore: reorganize mcp specific query hooks * fix: consolidate imports for MCP server manager * chore: add dev-staging branch to frontend review workflow triggers * feat: add GitHub Actions workflow for building and pushing Docker images to GitHub Container Registry and Docker Hub * fix: update label for tag input in BookmarkForm tests to improve clarity --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com> Co-authored-by: Danny Avila <danny@librechat.ai>
…vila#10521 (danny-avila#10694) Problem: -------- Commit 5ed1f29 introduced a layout shift regression when opening the sidebar. The UI would visibly "jump" as elements shifted right before the animation completed. Closing the sidebar worked correctly. Root Cause Analysis: -------------------- The accessibility PR added a redundant `{navVisible && ...}` conditional wrapper around the `<nav>` content inside Nav.tsx's `motion.div`. This caused a race condition: 1. User clicks "Open Sidebar" button 2. `navVisible` state becomes `true` 3. React renders the `motion.div` AND its children simultaneously 4. The inner `{navVisible && (<nav>...)}` renders content at full width (320px/260px) BEFORE framer-motion applies `initial={{ width: 0 }}` 5. Brief flash of full-width content causes visible layout shift 6. Animation then starts from width: 0, but damage is done The ref-based focus management (passing `openSidebarRef`/`closeSidebarRef` through context) was suspected but was not the actual cause. However, `requestAnimationFrame` focus calls during animation start could trigger forced layout calculations, exacerbating the issue. Solution: --------- 1. Remove redundant conditional rendering in Nav.tsx - The outer `{navVisible && (<motion.div>...)}` already controls visibility - The `overflow-x-hidden` class on motion.div clips content during animation - Content should always exist inside motion.div for smooth clipping 2. Replace ref-based focus with ID-based focus management - Refs passed through component tree can affect React's reconciliation - Using `document.getElementById()` decouples focus from render cycle - Exported `CLOSE_SIDEBAR_ID` and `OPEN_SIDEBAR_ID` constants for consistency 3. Delay focus until after animation completes - Changed from `requestAnimationFrame` to `setTimeout(..., 250)` - Animation duration is 200ms; 250ms ensures completion - Prevents layout thrashing during animation 4. Clean up prop drilling - Removed `openSidebarRef`/`closeSidebarRef` from Root.tsx context - Simplified Nav.tsx, Header.tsx, NewChat.tsx prop signatures - Updated ContextType to remove ref properties Files Changed: -------------- - client/src/routes/Root.tsx - client/src/components/Nav/Nav.tsx - client/src/components/Nav/NewChat.tsx - client/src/components/Chat/Header.tsx - client/src/components/Chat/Menus/OpenSidebar.tsx - client/src/common/types.ts Accessibility Note: ------------------- The original inner conditional was added to prevent keyboard navigation to hidden sidebar content for screen readers. This is still handled by: - AnimatePresence unmounting the motion.div after exit animation - The motion.div having width: 0 during exit (content not reachable) - Screen readers typically skip content being animated out - Other: removed non-existant prop from BookmarkNav Testing: -------- - Verified smooth animation when opening sidebar (no layout shift) - Verified smooth animation when closing sidebar (unchanged) - Verified focus transfers correctly between open/close buttons - Verified keyboard navigation works as expected
… compliance (danny-avila#10696) The active conversation state previously failed WCAG 1.4.11 Non-text Contrast requirements (~1.2:1 contrast ratio). Added a left border indicator using border-xheavy which provides 6:1+ contrast in both light and dark modes. - Add border-l-2 with border-xheavy color for active state - Conditionally apply rounded-r-lg (active) vs rounded-lg (inactive) - Use transition-[background-color] to prevent border/radius animation glitch
* feat: add aria-label for expansion chevron in Agent Builder's MCP tool list dropdown * fix: remove duplicate tool info button in MCPTool so it doesn't get picked up via keyboard nav (still exists on mouse hover as it should to provide tooltip description of tool) * feat: use InfoHoverCard rather than Ariakit components for tool descriptions * chore: remove unused i18n keys
* chore: Update uv version in Dockerfile * chore: fix the path for uv
…nny-avila#10705) * refactor(mcp): simplify registry to two-repository architecture with explicit storage * Chore: address AI Review comments * Simplify MCP config cache architecture and remove legacy code: Follow-up cleanup to commit d2bfdd0 which refactored MCP registry to two-repository architecture. This removes leftover legacy abstractions that were no longer used. What changed: - Simplified ServerConfigsCacheFactory.create() from 3 params to 2 (namespace, leaderOnly) - Removed unused scope: 'Shared' | 'Private' parameter (only 'Shared' was ever used) - Removed dead set() and getNamespace() methods from cache classes - Updated JSDoc to reflect two-repository architecture (Cache + DB) instead of old three-tier system - Fixed stale mocks and comments referencing removed sharedAppServers, sharedUserServers, privateServersCache Files changed: - ServerConfigsCacheFactory.ts - Simplified factory signature - ServerConfigsCacheRedis.ts - Removed scope, renamed owner→namespace - ServerConfigsCacheInMemory.ts - Removed unused methods - MCPServersRegistry.ts - Updated JSDoc, simplified factory call - RegistryStatusCache.ts - Removed stale JSDoc reference - MCPManager.test.ts - Fixed legacy mock - ServerConfigsCacheFactory.test.ts - Updated test assertions * fix: Update error message in MCPServersRegistry for clarity --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com> Co-authored-by: Danny Avila <danny@librechat.ai>
…rn (danny-avila#10715) * Refactor: MCPServersRegistry Singleton Pattern with Dependency Injection for DB methods consumption * refactor: error handling in MCP initialization and improve logging for MCPServersRegistry instance creation. - Added checks for mongoose instance in ServerConfigsDB constructor and refined error messages for clarity. - Reorder and use type imports --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com> Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: make MultiSelect highlight same opacity as other focus highlights in app * feat: add better screenreader announcements for mcp server and variable states * feat: memoize fullTitle calculation
…0735) * fix: use ResourceType enum rather than explicit string * fix: use ResourceType enum rather than explicit string * chore: import order
* feat: added PROXY support for AWS Bedrock endpoint * chore: explicit install of new packages required for bedrock proxy --------- Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: allow keyboard nav in presetItems (previously edit / pin / delete buttons would only render on hover, so when the element was focused with keybaord navigation, those buttons wouldn't render and couldn't be focused or actuated) * feat: add aria-labels and TooltipAnchors to buttons in PresetItems * fix: stop keypresses from triggering parent menuitem instead of buttons * feat: better focus management on modal close with trigger refs * feat: use OGDialog modal for preset deletion * feat: add toast for successful preset deletion * chore: address copilot comments * chore: address comments * chore: import order
…a#10794) * refactor: move endpoint initialization methods to typescript * refactor: move agent init to packages/api - Introduced `initialize.ts` for agent initialization, including file processing and tool loading. - Updated `resources.ts` to allow optional appConfig parameter. - Enhanced endpoint configuration handling in various initialization files to support model parameters. - Added new artifacts and prompts for React component generation. - Refactored existing code to improve type safety and maintainability. * refactor: streamline endpoint initialization and enhance type safety - Updated initialization functions across various endpoints to use a consistent request structure, replacing `unknown` types with `ServerResponse`. - Simplified request handling by directly extracting keys from the request body. - Improved type safety by ensuring user IDs are safely accessed with optional chaining. - Removed unnecessary parameters and streamlined model options handling for better clarity and maintainability. * refactor: moved ModelService and extractBaseURL to packages/api - Added comprehensive tests for the models fetching functionality, covering scenarios for OpenAI, Anthropic, Google, and Ollama models. - Updated existing endpoint index to include the new models module. - Enhanced utility functions for URL extraction and model data processing. - Improved type safety and error handling across the models fetching logic. * refactor: consolidate utility functions and remove unused files - Merged `deriveBaseURL` and `extractBaseURL` into the `@librechat/api` module for better organization. - Removed redundant utility files and their associated tests to streamline the codebase. - Updated imports across various client files to utilize the new consolidated functions. - Enhanced overall maintainability by reducing the number of utility modules. * refactor: replace ModelService references with direct imports from @librechat/api and remove ModelService file * refactor: move encrypt/decrypt methods and key db methods to data-schemas, use `getProviderConfig` from `@librechat/api` * chore: remove unused 'res' from options in AgentClient * refactor: file model imports and methods - Updated imports in various controllers and services to use the unified file model from '~/models' instead of '~/models/File'. - Consolidated file-related methods into a new file methods module in the data-schemas package. - Added comprehensive tests for file methods including creation, retrieval, updating, and deletion. - Enhanced the initializeAgent function to accept dependency injection for file-related methods. - Improved error handling and logging in file methods. * refactor: streamline database method references in agent initialization * refactor: enhance file method tests and update type references to IMongoFile * refactor: consolidate database method imports in agent client and initialization * chore: remove redundant import of initializeAgent from @librechat/api * refactor: move checkUserKeyExpiry utility to @librechat/api and update references across endpoints * refactor: move updateUserPlugins logic to user.ts and simplify UserController * refactor: update imports for user key management and remove UserService * refactor: remove unused Anthropics and Bedrock endpoint files and clean up imports * refactor: consolidate and update encryption imports across various files to use @librechat/data-schemas * chore: update file model mock to use unified import from '~/models' * chore: import order * refactor: remove migrated to TS agent.js file and its associated logic from the endpoints * chore: add reusable function to extract imports from source code in unused-packages workflow * chore: enhance unused-packages workflow to include @librechat/api dependencies and improve dependency extraction * chore: improve dependency extraction in unused-packages workflow with enhanced error handling and debugging output * chore: add detailed debugging output to unused-packages workflow for better visibility into unused dependencies and exclusion lists * chore: refine subpath handling in unused-packages workflow to correctly process scoped and non-scoped package imports * chore: clean up unused debug output in unused-packages workflow and reorganize type imports in initialize.ts
* 🔧 fix: Prevent race conditions in message saving during abort scenarios * Added logic to save partial responses before returning from the abort endpoint to ensure parentMessageId exists in the database. * Updated the ResumableAgentController to save response messages before emitting final events, preventing orphaned parentMessageIds. * Enhanced handling of unfinished responses to improve stability and data integrity in agent interactions. * 🔧 fix: logging and job replacement handling in ResumableAgentController * Added detailed logging for job creation and final event emissions to improve traceability. * Implemented logic to check for job replacement before emitting events, preventing stale requests from affecting newer jobs. * Updated abort handling to log additional context about the abort result, enhancing debugging capabilities. * refactor: abort handling and token spending logic in AgentStream * Added authorization check for abort attempts to prevent unauthorized access. * Improved response message saving logic to ensure valid message IDs are stored. * Implemented token spending for aborted requests to prevent double-spending across parallel agents. * Enhanced logging for better traceability of token spending operations during abort scenarios. * refactor: remove TODO comments for token spending in abort handling * Removed outdated TODO comments regarding token spending for aborted requests in the abort endpoint. * This change streamlines the code and clarifies the current implementation status. * ✅ test: Add comprehensive tests for job replacement and abort handling * Introduced unit tests for job replacement detection in ResumableAgentController, covering job creation timestamp tracking, stale job detection, and response message saving order. * Added tests for the agent abort endpoint, ensuring proper authorization checks, early abort handling, and partial response saving. * Enhanced logging and error handling in tests to improve traceability and robustness of the abort functionality.
…#11432) Fixes ByteString conversion errors when user names contain Unicode characters > 255 (e.g., ć, đ, ł, š, ž) in MCP server headers. - Add encodeHeaderValue() function to Base64 encode extended Unicode - Update processUserPlaceholders() to encode name/username/email in headers - Update processSingleValue() with isHeader parameter - Apply encoding in processMCPEnv() and resolveHeaders() Tested locally with MCP server using user name 'Đorđe' (contains đ=272). Headers are correctly encoded as base64, preventing ByteString errors. Co-authored-by: kenzaelk98 <kenzaelk98@leoninestudios.com> Co-authored-by: heptapod <164861708+leondape@users.noreply.github.com>
…a#11408) * fix: email verification handling in create-user command * set emailVerified to true when the input is 'y' * normalize email verification input and set emailVerified to true by default
…#11465) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* 🔧 fix: Agent Deletion Logic to Update User Favorites * Added functionality to remove agents from user favorites when an agent is deleted. * Implemented updates in the deleteAgent and deleteUserAgents functions to ensure user favorites are correctly modified. * Added comprehensive tests to verify that agents are removed from user favorites across multiple scenarios, ensuring data integrity and user experience. * 🔧 test: Enhance deleteUserAgents Functionality Tests * Added comprehensive tests for the deleteUserAgents function to ensure it correctly removes agents from user favorites across various scenarios. * Verified that user favorites are updated appropriately when agents are deleted, including cases where agents are shared among multiple users and when users have no favorites. * Ensured that existing agents remain unaffected when no agents are associated with the author being deleted. * 🔧 refactor: Remove Deprecated getListAgents Functionality * Removed the deprecated getListAgents function from the Agent model, encouraging the use of getListAgentsByAccess for ACL-aware agent listing. * Updated related tests in Agent.spec.js to eliminate references to getListAgents, ensuring code cleanliness and maintainability. * Adjusted imports and exports accordingly to reflect the removal of the deprecated function.
* chore: bump lodash version to ^4.17.23 across all packages * chore: add diff module version 4.0.4 and remove outdated dependency
* 🧑🏫 fix: Multi-Agent Instructions Handling * Refactored AgentClient to streamline the process of building messages by applying shared run context and agent-specific instructions. * Introduced new utility functions in context.ts for extracting MCP server names, fetching MCP instructions, and building combined agent instructions. * Updated the Agent type to make instructions optional, allowing for more flexible agent configurations. * Improved the handling of context application to agents, ensuring that all relevant information is correctly integrated before execution. * chore: Update EphemeralAgent Type in Context * Enhanced the context.ts file by importing the TEphemeralAgent type from librechat-data-provider. * Updated the applyContextToAgent function to use TEphemeralAgent for the ephemeralAgent parameter, improving type safety and clarity in agent context handling. * ci: Update Agent Instructions in Tests for Clarity * Revised test assertions in AgentClient to clarify the source of agent instructions, ensuring they are explicitly referenced as coming from agent configuration rather than build options. * Updated comments in tests to enhance understanding of the expected behavior regarding base agent instructions and their handling in various scenarios. * ci: Unit Tests for Agent Context Utilities * Introduced comprehensive unit tests for agent context utilities, including functions for extracting MCP servers, fetching MCP instructions, and building agent instructions. * Enhanced test coverage to ensure correct behavior across various scenarios, including handling of empty tools, mixed tool types, and error cases. * Improved type definitions for AgentWithTools to clarify the structure and requirements for agent context operations.
* fix: search result announcements * chore: address Copilot comments * chore: no nested ternary statements allowed * chore: memoize results announcement
…anny-avila#11451) * fix: focus outlines for Settings popup menu items * refactor: tighten scope onto account settings only
…ny-avila#11486) * 🔒 feat: Sanitize Placeholders in User-provider MCP Server Config Headers * Implemented sanitization for dangerous credential placeholders in headers to prevent credential exfiltration when MCP servers are shared. * Added tests to verify that dangerous placeholders are stripped from headers during both add and update operations, while safe placeholders are preserved. * Refactored ServerConfigsDB to include a new sanitizeCredentialPlaceholders function for header processing. * ci: tests for preserving credential placeholders in YAML configs * Introduced new tests to ensure that LIBRECHAT_OPENID and LIBRECHAT_USER placeholders are preserved in admin configuration headers when added to the cache. * Validated that the expected placeholders remain intact during retrieval, enhancing the integrity of configuration management.
…int (danny-avila#11487) * Implemented a check to ensure that only the user associated with a job can access its chat stream, returning a 403 Unauthorized response for mismatched user IDs. * This enhancement improves security by preventing unauthorized access to user-specific job data.
…danny-avila#11488) * 🔧 fix: adjust offset when deleting documents during MeiliSearch cleanup This could cause the cleanup process to skip documents in subsequent batches, potentially leaving orphaned entries in MeiliSearch that no longer exist in MongoDB * 🔧 fix: checking results count instead of total
…11514) * fix: `useMemory` in AgentClient for PrelimAgent Assignment * Updated the useMemory method in AgentClient to handle prelimAgent assignment based on memory configuration. * Added logic to return early if prelimAgent is undefined, improving flow control. * Introduced comprehensive unit tests to validate behavior for various memory configurations, including scenarios for matching and differing agent IDs, as well as handling of ephemeral agents. * Mocked necessary dependencies in tests to ensure isolation and reliability of the new functionality. * fix: Update temperature handling for Bedrock and Anthropic providers in memory management * fix: Replace hardcoded provider strings with constants in memory agent tests * fix: Replace hardcoded provider string with constant in allowedProviders for AgentClient * fix: memory agent tests to use actual Providers and GraphEvents constants
…em (danny-avila#11402) * fix: reset hasInteracted state when mouse leaves conversation item * fix lint * refactor: update state setter types in ConvoOptions and DeleteButton components for Fixing types issue * fix: Add blur handler and focus-aware popover close for Conversation a11y
…-avila#11518) * fix: Added check for secure cookies when running in production mode on localhost * Applied copilot's suggestions
…#11546) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…anny-avila#11551) * Removed the filtering logic for 'context-1m' headers in the filterVertexHeaders function, streamlining header processing.
…ny-avila#11549) * fix: accessibility issues with links and link descriptions + minor ui tweaks * fix: link accessibility in archived chats table * fix: remove open in new tab behavior for other footer links * chore: remove unused translation string * style: formatting * refactor: rename searchState to searchStore for clarity * chore: Reorganize imports and state variables in SharedLinks * chore: re-organize imports/hooks --------- Co-authored-by: Danny Avila <danacordially@gmail.com> Co-authored-by: Danny Avila <danny@librechat.ai>
…#11552) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: Update version from v0.8.2-rc3 to v0.8.2 across multiple files * chore: Update package versions for @librechat/api to 1.7.22 and @librechat/client to 0.4.51 * chore: Bump version of librechat-data-provider from 0.8.230 to 0.8.231 * chore: Bump version of @librechat/data-schemas to 0.0.35 * chore: bump config version to 1.3.2 * chore: bump config version to 1.3.3 * docs: Update README to include new features for resumable streams and enhanced platform capabilities
- Add dompurify (v3.2.6) dependency for HTML sanitization - Update Landing.tsx to render descriptions as sanitized HTML - Convert agent description input to textarea for multi-line support - Maintain 512 character limit with improved UX Changes enable rich HTML formatting in agent descriptions while ensuring security through DOMPurify sanitization. Source: danny-avila#8291 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Pre-create required runtime directories (/app/api/logs, /app/uploads, /app/client/public/images) - Set proper ownership to node user for /app directory - Run container as non-root user (USER node) Fixes EACCES permission denied errors when LibreChat tries to create the logs directory at runtime. Makes multi-stage build compatible with docker-compose user directive. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
When the product feedback feature is enabled (via FEEDBACK_ISSUE_SERVICE_URL env var), clicking thumbs-down on an assistant message opens a feedback modal instead of the default tag popover. The modal collects a categorized issue report that is submitted to an external issue creation service, enabling automated GitHub issue creation from user feedback.
…sues Instead of proxying to an external service, the feedback route now calls the GitHub API directly to create issues. This eliminates the need for a separate middleware service. Configuration uses GITHUB_FEEDBACK_TOKEN and GITHUB_FEEDBACK_REPO env vars. Issues are formatted with structured markdown and labeled based on feedback reason.
…bmitted The existing feedback storage endpoint was not being called when submitting via the product feedback modal. Now handleFeedback is invoked on modal submit to store the thumbs-down rating in MongoDB alongside creating the GitHub issue.
…xt field Instead of creating a separate ProductFeedback MongoDB collection, serialize the entire feedback payload (reason, title, details, suggested fix, conversation context) as a JSON string in the existing message feedback `text` field. This avoids schema changes while preserving all feedback data.
…d add agent routing - Remove all GitHub API integration from feedbackIssues route; feedback is now stored in a new ProductFeedback MongoDB collection for manual review - Add endpoint, model, and agent_id to the feedback payload so feedback can be attributed to the specific agent it was submitted against - Thread agent identity from conversation through HoverButtons → Feedback → ProductFeedbackModal - Change feature flag from GITHUB_FEEDBACK_TOKEN/GITHUB_FEEDBACK_REPO to a simple PRODUCT_FEEDBACK_ENABLED boolean env var - Update response types from issue_url/issue_number to id/request_id - Simplify success toast to a plain confirmation (no GitHub link)
inodb
pushed a commit
that referenced
this pull request
Mar 19, 2026
…anny-avila#12117) * chore: Remove unused setValueOnChange prop from MCPServerMenuItem component * fix: Resolve agent provider endpoint type for file upload support When using the agents endpoint with a custom provider (e.g., Moonshot), the endpointType was resolving to "agents" instead of the provider's actual type ("custom"), causing "Upload to Provider" to not appear in the file attach menu. Adds `resolveEndpointType` utility in data-provider that follows the chain: endpoint (if not agents) → agent.provider → agents. Applied consistently across AttachFileChat, DragDropContext, useDragHelpers, and AgentPanel file components (FileContext, FileSearch, Code/Files). * refactor: Extract useAgentFileConfig hook, restore deleted tests, fix review findings - Extract shared provider resolution logic into useAgentFileConfig hook (Finding #2: DRY violation across FileContext, FileSearch, Code/Files) - Restore 18 deleted test cases in AttachFileMenu.spec.tsx covering agent capabilities, SharePoint, edge cases, and button state (Finding #1: accidental test deletion) - Wrap fileConfigEndpoint in useMemo in AttachFileChat (Finding #3) - Fix misleading test name in AgentFileConfig.spec.tsx (Finding #4) - Fix import order in FileSearch.tsx, FileContext.tsx, Code/Files.tsx (Finding #5) - Add comment about cache gap in useDragHelpers (Finding #6) - Clarify resolveEndpointType JSDoc (Finding #7) * refactor: Memoize Footer component for performance optimization - Converted Footer component to a memoized version to prevent unnecessary re-renders. - Improved import structure by adding memo to the React import statement for clarity. * chore: Fix remaining review nits - Widen useAgentFileConfig return type to EModelEndpoint | string - Fix import order in FileContext.tsx and FileSearch.tsx - Remove dead endpointType param from setupMocks in AttachFileMenu test * fix: Pass resolved provider endpoint to file upload validation AgentPanel file components (FileContext, FileSearch, Code/Files) were hardcoding endpointOverride to "agents", causing both client-side validation (file limits, MIME types) and server-side validation to use the agents config instead of the provider-specific config. Adds endpointTypeOverride to UseFileHandling params so endpoint and endpointType can be set independently. Components now pass the resolved provider name and type from useAgentFileConfig, so the full fallback chain (provider → custom → agents → default) applies to file upload validation on both client and server. * test: Verify any custom endpoint is document-supported regardless of name Adds parameterized tests with arbitrary endpoint names (spaces, hyphens, colons, etc.) confirming that all custom endpoints resolve to document-supported through resolveEndpointType, both as direct endpoints and as agent providers. * fix: Use || for provider fallback, test endpointOverride wiring - Change providerValue ?? to providerValue || so empty string is treated as "no provider" consistently with resolveEndpointType - Add wiring tests to CodeFiles, FileContext, FileSearch verifying endpointOverride and endpointTypeOverride are passed correctly - Update endpointOverride JSDoc to document endpointType fallback
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merge upstream LibreChat v0.8.2 release (440 commits from v0.8.0). Fast-forward merge, no conflicts.