chore: revert removal of unused vars for versioning

- Add findPubliclyAccessibleResources function to PermissionService for bulk public resource queries
  - Add hasPublicPermission function to PermissionService for individual resource public permission checks
  - Update getAgentHandler to use hasPublicPermission for accurate individual agent public status
  - Replace instanceProjectId-based global checks with isPublic property from backend in client code
  - Add isPublic property to Agent type definition
  - Add NODE_TLS_REJECT_UNAUTHORIZED debug setting to VS Code launch config

.env.example

@@ -485,6 +485,21 @@ SAML_IMAGE_URL=
 # SAML_USE_AUTHN_RESPONSE_SIGNED=
 
 
+#===============================================#
+# Microsoft Graph API / Entra ID Integration  #
+#===============================================#
+
+# Enable Entra ID people search integration in permissions/sharing system
+# When enabled, the people picker will search both local database and Entra ID
+USE_ENTRA_ID_FOR_PEOPLE_SEARCH=false
+
+# When enabled, entra id groups owners will be considered as members of the group
+ENTRA_ID_INCLUDE_OWNERS_AS_MEMBERS=false
+
+# Microsoft Graph API scopes needed for people/group search
+# Default scopes provide access to user profiles and group memberships
+OPENID_GRAPH_SCOPES=User.Read,People.Read,GroupMember.Read.All
+
 # LDAP
 LDAP_URL=
 LDAP_BIND_DN=
@@ -515,6 +530,18 @@ EMAIL_PASSWORD=
 EMAIL_FROM_NAME=
 EMAIL_FROM=noreply@librechat.ai
 
+#========================#
+#      Mailgun API       #
+#========================#
+
+# MAILGUN_API_KEY=your-mailgun-api-key
+# MAILGUN_DOMAIN=mg.yourdomain.com
+# EMAIL_FROM=noreply@yourdomain.com
+# EMAIL_FROM_NAME="LibreChat"
+
+# # Optional: For EU region
+# MAILGUN_HOST=https://api.eu.mailgun.net
+
 #========================#
 # Firebase CDN           #
 #========================#

.github/CONTRIBUTING.md

@@ -30,8 +30,8 @@ Project maintainers have the right and responsibility to remove, edit, or reject
 2. Install typescript globally: `npm i -g typescript`.
 3. Run `npm ci` to install dependencies.
 4. Build the data provider: `npm run build:data-provider`.
-5. Build MCP: `npm run build:mcp`.
-6. Build data schemas: `npm run build:data-schemas`.
+5. Build data schemas: `npm run build:data-schemas`.
+6. Build API methods: `npm run build:api`.
 7. Setup and run unit tests:
     - Copy `.env.test`: `cp api/test/.env.test.example api/test/.env.test`.
     - Run backend unit tests: `npm run test:api`.

.github/workflows/backend-review.yml

@@ -7,6 +7,7 @@ on:
       - release/*
     paths:
       - 'api/**'
+      - 'packages/api/**'
 jobs:
   tests_Backend:
     name: Run Backend unit tests
@@ -36,12 +37,12 @@ jobs:
       - name: Install Data Provider Package
         run: npm run build:data-provider
 
-      - name: Install MCP Package
-        run: npm run build:mcp
-
       - name: Install Data Schemas Package
         run: npm run build:data-schemas
 
+      - name: Install API Package
+        run: npm run build:api
+
       - name: Create empty auth.json file
         run: |
           mkdir -p api/data
@@ -66,5 +67,8 @@ jobs:
       - name: Run librechat-data-provider unit tests
         run: cd packages/data-provider && npm run test:ci
 
-      - name: Run librechat-mcp unit tests
-        run: cd packages/mcp && npm run test:ci
+      - name: Run @librechat/data-schemas unit tests
+        run: cd packages/data-schemas && npm run test:ci
+
+      - name: Run @librechat/api unit tests
+        run: cd packages/api && npm run test:ci

.github/workflows/deploy-dev.yml

@@ -2,7 +2,7 @@ name: Update Test Server
 
 on:
   workflow_run:
-    workflows: ["Docker Dev Images Build"]
+    workflows: ["Docker Dev Branch Images Build"]
     types:
       - completed
   workflow_dispatch:
@@ -12,7 +12,8 @@ jobs:
     runs-on: ubuntu-latest
     if: |
       github.repository == 'danny-avila/LibreChat' &&
-      (github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success')
+      (github.event_name == 'workflow_dispatch' || 
+       (github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'dev'))
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
@@ -29,13 +30,17 @@ jobs:
         DO_USER: ${{ secrets.DO_USER }}
       run: |
         ssh -o StrictHostKeyChecking=no ${DO_USER}@${DO_HOST} << EOF
-        sudo -i -u danny bash << EEOF
+        sudo -i -u danny bash << 'EEOF'
         cd ~/LibreChat && \
         git fetch origin main && \
-        npm run update:deployed && \
+        sudo npm run stop:deployed && \
+        sudo docker images --format "{{.Repository}}:{{.ID}}" | grep -E "lc-dev|librechat" | cut -d: -f2 | xargs -r sudo docker rmi -f || true && \
+        sudo npm run update:deployed && \
+        git checkout dev && \
+        git pull origin dev && \
         git checkout do-deploy && \
-        git rebase main && \
-        npm run start:deployed && \
+        git rebase dev && \
+        sudo npm run start:deployed && \
         echo "Update completed. Application should be running now."
         EEOF
         EOF

.github/workflows/dev-branch-images.yml

@@ -0,0 +1,72 @@
+name: Docker Dev Branch Images Build
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - dev
+    paths:
+      - 'api/**'
+      - 'client/**'
+      - 'packages/**'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - target: api-build
+            file: Dockerfile.multi
+            image_name: lc-dev-api
+          - target: node
+            file: Dockerfile
+            image_name: lc-dev
+
+    steps:
+      # Check out the repository
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # Set up QEMU
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      # Set up Docker Buildx
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Log in to GitHub Container Registry
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Login to Docker Hub
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      # Prepare the environment
+      - name: Prepare environment
+        run: |
+          cp .env.example .env
+
+      # Build and push Docker images for each target
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ${{ matrix.file }}
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/${{ matrix.image_name }}:${{ github.sha }}
+            ghcr.io/${{ github.repository_owner }}/${{ matrix.image_name }}:latest
+            ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image_name }}:${{ github.sha }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image_name }}:latest
+          platforms: linux/amd64,linux/arm64
+          target: ${{ matrix.target }} 

.github/workflows/i18n-unused-keys.yml

@@ -5,12 +5,13 @@ on:
     paths:
       - "client/src/**"
       - "api/**"
+      - "packages/data-provider/src/**"
 
 jobs:
   detect-unused-i18n-keys:
     runs-on: ubuntu-latest
     permissions:
-      pull-requests: write  # Required for posting PR comments
+      pull-requests: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3

.github/workflows/unused-packages.yml

@@ -98,6 +98,8 @@ jobs:
             cd client
             UNUSED=$(depcheck --json | jq -r '.dependencies | join("\n")' || echo "")
             UNUSED=$(comm -23 <(echo "$UNUSED" | sort) <(cat ../client_used_deps.txt ../client_used_code.txt | sort) || echo "")
+            # Filter out false positives
+            UNUSED=$(echo "$UNUSED" | grep -v "^micromark-extension-llm-math$" || echo "")
             echo "CLIENT_UNUSED<<EOF" >> $GITHUB_ENV
             echo "$UNUSED" >> $GITHUB_ENV
             echo "EOF" >> $GITHUB_ENV

.gitignore

@@ -55,6 +55,7 @@ bower_components/
 # AI
 .clineignore
 .cursor
+.aider*
 
 # Floobits
 .floo

.vscode/launch.json

@@ -8,7 +8,8 @@
       "skipFiles": ["<node_internals>/**"],
       "program": "${workspaceFolder}/api/server/index.js",
       "env": {
-        "NODE_ENV": "production"
+        "NODE_ENV": "production",
+         "NODE_TLS_REJECT_UNAUTHORIZED": "0"
       },
       "console": "integratedTerminal",
       "envFile": "${workspaceFolder}/.env"

Dockerfile.multi

@@ -14,7 +14,7 @@ RUN npm config set fetch-retry-maxtimeout 600000 && \
     npm config set fetch-retry-mintimeout 15000
 COPY package*.json ./
 COPY packages/data-provider/package*.json ./packages/data-provider/
-COPY packages/mcp/package*.json ./packages/mcp/
+COPY packages/api/package*.json ./packages/api/
 COPY packages/data-schemas/package*.json ./packages/data-schemas/
 COPY client/package*.json ./client/
 COPY api/package*.json ./api/
@@ -24,26 +24,27 @@ FROM base-min AS base
 WORKDIR /app
 RUN npm ci
 
-# Build data-provider
+# Build `data-provider` package
 FROM base AS data-provider-build
 WORKDIR /app/packages/data-provider
 COPY packages/data-provider ./
 RUN npm run build
 
-# Build mcp package
-FROM base AS mcp-build
-WORKDIR /app/packages/mcp
-COPY packages/mcp ./
-COPY --from=data-provider-build /app/packages/data-provider/dist /app/packages/data-provider/dist
-RUN npm run build
-
-# Build data-schemas
+# Build `data-schemas` package
 FROM base AS data-schemas-build
 WORKDIR /app/packages/data-schemas
 COPY packages/data-schemas ./
 COPY --from=data-provider-build /app/packages/data-provider/dist /app/packages/data-provider/dist
 RUN npm run build
 
+# Build `api` package
+FROM base AS api-package-build
+WORKDIR /app/packages/api
+COPY packages/api ./
+COPY --from=data-provider-build /app/packages/data-provider/dist /app/packages/data-provider/dist
+COPY --from=data-schemas-build /app/packages/data-schemas/dist /app/packages/data-schemas/dist
+RUN npm run build
+
 # Client build
 FROM base AS client-build
 WORKDIR /app/client
@@ -63,8 +64,8 @@ RUN npm ci --omit=dev
 COPY api ./api
 COPY config ./config
 COPY --from=data-provider-build /app/packages/data-provider/dist ./packages/data-provider/dist
-COPY --from=mcp-build /app/packages/mcp/dist ./packages/mcp/dist
 COPY --from=data-schemas-build /app/packages/data-schemas/dist ./packages/data-schemas/dist
+COPY --from=api-package-build /app/packages/api/dist ./packages/api/dist
 COPY --from=client-build /app/client/dist ./client/dist
 WORKDIR /app/api
 EXPOSE 3080

README.md

@@ -150,8 +150,8 @@ Click on the thumbnail to open the video☝️
 
 **Other:**
   - **Website:** [librechat.ai](https://librechat.ai)
-  - **Documentation:** [docs.librechat.ai](https://docs.librechat.ai)
-  - **Blog:** [blog.librechat.ai](https://blog.librechat.ai)
+  - **Documentation:** [librechat.ai/docs](https://librechat.ai/docs)
+  - **Blog:** [librechat.ai/blog](https://librechat.ai/blog)
 
 ---
 

api/app/clients/AnthropicClient.js

@@ -10,6 +10,7 @@ const {
   validateVisionModel,
 } = require('librechat-data-provider');
 const { SplitStreamHandler: _Handler } = require('@librechat/agents');
+const { Tokenizer, createFetch, createStreamEventHandlers } = require('@librechat/api');
 const {
   truncateText,
   formatMessage,
@@ -26,8 +27,6 @@ const {
 const { getModelMaxTokens, getModelMaxOutputTokens, matchModelName } = require('~/utils');
 const { spendTokens, spendStructuredTokens } = require('~/models/spendTokens');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
-const { createFetch, createStreamEventHandlers } = require('./generators');
-const Tokenizer = require('~/server/services/Tokenizer');
 const { sleep } = require('~/server/utils');
 const BaseClient = require('./BaseClient');
 const { logger } = require('~/config');
@@ -191,10 +190,11 @@ class AnthropicClient extends BaseClient {
         reverseProxyUrl: this.options.reverseProxyUrl,
       }),
       apiKey: this.apiKey,
+      fetchOptions: {},
     };
 
     if (this.options.proxy) {
-      options.httpAgent = new HttpsProxyAgent(this.options.proxy);
+      options.fetchOptions.agent = new HttpsProxyAgent(this.options.proxy);
     }
 
     if (this.options.reverseProxyUrl) {

api/app/clients/ChatGPTClient.js

@@ -2,6 +2,7 @@ const { Keyv } = require('keyv');
 const crypto = require('crypto');
 const { CohereClient } = require('cohere-ai');
 const { fetchEventSource } = require('@waylaidwanderer/fetch-event-source');
+const { constructAzureURL, genAzureChatCompletion } = require('@librechat/api');
 const { encoding_for_model: encodingForModel, get_encoding: getEncoding } = require('tiktoken');
 const {
   ImageDetail,
@@ -10,9 +11,9 @@ const {
   CohereConstants,
   mapModelToAzureConfig,
 } = require('librechat-data-provider');
-const { extractBaseURL, constructAzureURL, genAzureChatCompletion } = require('~/utils');
 const { createContextHandlers } = require('./prompts');
 const { createCoherePayload } = require('./llm');
+const { extractBaseURL } = require('~/utils');
 const BaseClient = require('./BaseClient');
 const { logger } = require('~/config');
 

api/app/clients/GoogleClient.js

@@ -1,4 +1,5 @@
 const { google } = require('googleapis');
+const { Tokenizer } = require('@librechat/api');
 const { concat } = require('@langchain/core/utils/stream');
 const { ChatVertexAI } = require('@langchain/google-vertexai');
 const { ChatGoogleGenerativeAI } = require('@langchain/google-genai');
@@ -19,7 +20,6 @@ const {
 } = require('librechat-data-provider');
 const { getSafetySettings } = require('~/server/services/Endpoints/google/llm');
 const { encodeAndFormat } = require('~/server/services/Files/images');
-const Tokenizer = require('~/server/services/Tokenizer');
 const { spendTokens } = require('~/models/spendTokens');
 const { getModelMaxTokens } = require('~/utils');
 const { sleep } = require('~/server/utils');
@@ -34,7 +34,8 @@ const BaseClient = require('./BaseClient');
 
 const loc = process.env.GOOGLE_LOC || 'us-central1';
 const publisher = 'google';
-const endpointPrefix = `${loc}-aiplatform.googleapis.com`;
+const endpointPrefix =
+  loc === 'global' ? 'aiplatform.googleapis.com' : `${loc}-aiplatform.googleapis.com`;
 
 const settings = endpointSettings[EModelEndpoint.google];
 const EXCLUDED_GENAI_MODELS = /gemini-(?:1\.0|1-0|pro)/;

api/app/clients/OllamaClient.js

@@ -1,10 +1,11 @@
 const { z } = require('zod');
 const axios = require('axios');
 const { Ollama } = require('ollama');
+const { sleep } = require('@librechat/agents');
+const { logAxiosError } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { Constants } = require('librechat-data-provider');
-const { deriveBaseURL, logAxiosError } = require('~/utils');
-const { sleep } = require('~/server/utils');
-const { logger } = require('~/config');
+const { deriveBaseURL } = require('~/utils');
 
 const ollamaPayloadSchema = z.object({
   mirostat: z.number().optional(),

api/app/clients/OpenAIClient.js

@@ -1,6 +1,14 @@
 const { OllamaClient } = require('./OllamaClient');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const { SplitStreamHandler, CustomOpenAIClient: OpenAI } = require('@librechat/agents');
+const {
+  isEnabled,
+  Tokenizer,
+  createFetch,
+  constructAzureURL,
+  genAzureChatCompletion,
+  createStreamEventHandlers,
+} = require('@librechat/api');
 const {
   Constants,
   ImageDetail,
@@ -16,13 +24,6 @@ const {
   validateVisionModel,
   mapModelToAzureConfig,
 } = require('librechat-data-provider');
-const {
-  extractBaseURL,
-  constructAzureURL,
-  getModelMaxTokens,
-  genAzureChatCompletion,
-  getModelMaxOutputTokens,
-} = require('~/utils');
 const {
   truncateText,
   formatMessage,
@@ -30,10 +31,9 @@ const {
   titleInstruction,
   createContextHandlers,
 } = require('./prompts');
+const { extractBaseURL, getModelMaxTokens, getModelMaxOutputTokens } = require('~/utils');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
-const { createFetch, createStreamEventHandlers } = require('./generators');
-const { addSpaceIfNeeded, isEnabled, sleep } = require('~/server/utils');
-const Tokenizer = require('~/server/services/Tokenizer');
+const { addSpaceIfNeeded, sleep } = require('~/server/utils');
 const { spendTokens } = require('~/models/spendTokens');
 const { handleOpenAIErrors } = require('./tools/util');
 const { createLLM, RunManager } = require('./llm');
@@ -1159,6 +1159,7 @@ ${convo}
       logger.debug('[OpenAIClient] chatCompletion', { baseURL, modelOptions });
       const opts = {
         baseURL,
+        fetchOptions: {},
       };
 
       if (this.useOpenRouter) {
@@ -1177,7 +1178,7 @@ ${convo}
       }
 
       if (this.options.proxy) {
-        opts.httpAgent = new HttpsProxyAgent(this.options.proxy);
+        opts.fetchOptions.agent = new HttpsProxyAgent(this.options.proxy);
       }
 
       /** @type {TAzureConfig | undefined} */
@@ -1395,7 +1396,7 @@ ${convo}
           ...modelOptions,
           stream: true,
         };
-        const stream = await openai.beta.chat.completions
+        const stream = await openai.chat.completions
           .stream(params)
           .on('abort', () => {
             /* Do nothing here */

api/app/clients/generators.js

@@ -1,71 +0,0 @@
-const fetch = require('node-fetch');
-const { GraphEvents } = require('@librechat/agents');
-const { logger, sendEvent } = require('~/config');
-const { sleep } = require('~/server/utils');
-
-/**
- * Makes a function to make HTTP request and logs the process.
- * @param {Object} params
- * @param {boolean} [params.directEndpoint] - Whether to use a direct endpoint.
- * @param {string} [params.reverseProxyUrl] - The reverse proxy URL to use for the request.
- * @returns {Promise<Response>} - A promise that resolves to the response of the fetch request.
- */
-function createFetch({ directEndpoint = false, reverseProxyUrl = '' }) {
-  /**
-   * Makes an HTTP request and logs the process.
-   * @param {RequestInfo} url - The URL to make the request to. Can be a string or a Request object.
-   * @param {RequestInit} [init] - Optional init options for the request.
-   * @returns {Promise<Response>} - A promise that resolves to the response of the fetch request.
-   */
-  return async (_url, init) => {
-    let url = _url;
-    if (directEndpoint) {
-      url = reverseProxyUrl;
-    }
-    logger.debug(`Making request to ${url}`);
-    if (typeof Bun !== 'undefined') {
-      return await fetch(url, init);
-    }
-    return await fetch(url, init);
-  };
-}
-
-// Add this at the module level outside the class
-/**
- * Creates event handlers for stream events that don't capture client references
- * @param {Object} res - The response object to send events to
- * @returns {Object} Object containing handler functions
- */
-function createStreamEventHandlers(res) {
-  return {
-    [GraphEvents.ON_RUN_STEP]: (event) => {
-      if (res) {
-        sendEvent(res, event);
-      }
-    },
-    [GraphEvents.ON_MESSAGE_DELTA]: (event) => {
-      if (res) {
-        sendEvent(res, event);
-      }
-    },
-    [GraphEvents.ON_REASONING_DELTA]: (event) => {
-      if (res) {
-        sendEvent(res, event);
-      }
-    },
-  };
-}
-
-function createHandleLLMNewToken(streamRate) {
-  return async () => {
-    if (streamRate) {
-      await sleep(streamRate);
-    }
-  };
-}
-
-module.exports = {
-  createFetch,
-  createHandleLLMNewToken,
-  createStreamEventHandlers,
-};

api/app/clients/llm/createLLM.js

@@ -1,6 +1,5 @@
 const { ChatOpenAI } = require('@langchain/openai');
-const { sanitizeModelName, constructAzureURL } = require('~/utils');
-const { isEnabled } = require('~/server/utils');
+const { isEnabled, sanitizeModelName, constructAzureURL } = require('@librechat/api');
 
 /**
  * Creates a new instance of a language model (LLM) for chat interactions.

api/app/clients/memory/example.js

@@ -22,17 +22,17 @@
       '\n' +
       'Celestia had the power to grant one wish to anyone who dared to find her abode. Ethan, captivated by the tales he had read and yearning for something greater, approached the cottage with trepidation. When he shared his desire to embark on a grand adventure, Celestia smiled warmly and agreed to grant his wish.\n' +
       '\n' +
-      "With a wave of her wand and a sprinkle of stardust, Celestia bestowed upon Ethan a magical necklace. This necklace, adorned with a rare gemstone called the Eye of Imagination, had the power to turn dreams and imagination into reality. From that moment forward, Ethan's every thought and idea became manifest.\n" +
+      'With a wave of her wand and a sprinkle of stardust, Celestia bestowed upon Ethan a magical necklace. This necklace, adorned with a rare gemstone called the Eye of Imagination, had the power to turn dreams and imagination into reality. From that moment forward, Ethan\'s every thought and idea became manifest.\n' +
       '\n' +
       'Energized by this newfound power, Ethan continued his journey, encountering mythical creatures, solving riddles, and overcoming treacherous obstacles along the way. With the Eye of Imagination, he brought life to ancient statues, unlocked hidden doors, and even tamed fiery dragons.\n' +
       '\n' +
       'As days turned into weeks and weeks into months, Ethan became wiser and more in tune with the world around him. He learned that true adventure was not merely about seeking thrills and conquering the unknown, but also about fostering compassion, friendship, and a deep appreciation for the beauty of the ordinary.\n' +
       '\n' +
-      "Eventually, Ethan's journey led him back to his village. With the Eye of Imagination, he transformed the village into a place of wonders and endless possibilities. Fields blossomed into vibrant gardens, simple tools turned into intricate works of art, and the villagers felt a renewed sense of hope and inspiration.\n" +
+      'Eventually, Ethan\'s journey led him back to his village. With the Eye of Imagination, he transformed the village into a place of wonders and endless possibilities. Fields blossomed into vibrant gardens, simple tools turned into intricate works of art, and the villagers felt a renewed sense of hope and inspiration.\n' +
       '\n' +
-      "Ethan, now known as the Village Magician, realized that the true magic lied within everyone's hearts. He taught the villagers to embrace their creativity, to dream big, and to never underestimate the power of imagination. And so, the village flourished, becoming a beacon of wonder and creativity for all to see.\n" +
+      'Ethan, now known as the Village Magician, realized that the true magic lied within everyone\'s hearts. He taught the villagers to embrace their creativity, to dream big, and to never underestimate the power of imagination. And so, the village flourished, becoming a beacon of wonder and creativity for all to see.\n' +
       '\n' +
-      "In the years that followed, Ethan's adventures continued, though mostly within the confines of his beloved village. But he never forgot the thrill of that first grand adventure. And every now and then, when looking up at the starry night sky, he would allow his mind to wander, knowing that the greatest adventures were still waiting to be discovered.",
+      'In the years that followed, Ethan\'s adventures continued, though mostly within the confines of his beloved village. But he never forgot the thrill of that first grand adventure. And every now and then, when looking up at the starry night sky, he would allow his mind to wander, knowing that the greatest adventures were still waiting to be discovered.',
   },
   {
     role: 'user',
@@ -41,30 +41,30 @@
       '\n' +
       'Once there was a young lad by the name of Ethan, raised in a little hamlet nestled betwixt the verdant knolls, who possessed an irrepressible yearning for knowledge, a thirst unquenchable and a spirit teeming with curiosity. As the golden sun bathed the bucolic land in its effulgent light, he would tread through the village, his ears attuned to the tales spun by the townsfolk, his eyes absorbing the tapestry woven by the world surrounding him.\n' +
       '\n' +
-      "One radiant day, whilst exploring the periphery of the settlement, Ethan chanced upon a timeworn tome, ensconced amidst the roots of an ancient oak, cloaked in the shroud of neglect. The dust gathered upon it spoke of time's relentless march. A book of fairy tales – garnished with vivid descriptions of mystical woods, fantastical beasts, and ventures daring beyond the ordinary humdrum existence. Intrigued and beguiled, Ethan pried open the weathered pages and succumbed to their beckoning whispers.\n" +
+      'One radiant day, whilst exploring the periphery of the settlement, Ethan chanced upon a timeworn tome, ensconced amidst the roots of an ancient oak, cloaked in the shroud of neglect. The dust gathered upon it spoke of time\'s relentless march. A book of fairy tales – garnished with vivid descriptions of mystical woods, fantastical beasts, and ventures daring beyond the ordinary humdrum existence. Intrigued and beguiled, Ethan pried open the weathered pages and succumbed to their beckoning whispers.\n' +
       '\n' +
-      "In each tale, he was transported to a realm of enchantment and wonderment, inexorably tugging at the strings of his yearning for peripatetic exploration. Inspired by the narratives he had devoured, Ethan resolved to bid adieu to kinfolk and embark upon a sojourn, with dreams of procuring a firsthand glimpse into the domain of mystique that lay beyond the village's circumscribed boundary.\n" +
+      'In each tale, he was transported to a realm of enchantment and wonderment, inexorably tugging at the strings of his yearning for peripatetic exploration. Inspired by the narratives he had devoured, Ethan resolved to bid adieu to kinfolk and embark upon a sojourn, with dreams of procuring a firsthand glimpse into the domain of mystique that lay beyond the village\'s circumscribed boundary.\n' +
       '\n' +
       'Thus, he bade tearful farewells, girding himself for a path that guided him to a dense and captivating woodland, whispered of as a sanctuary to mythical beings and clandestine troves of treasures. As Ethan plunged deeper into the heart of the arboreal labyrinth, he felt a palpable surge of electricity, as though the sylvan sentinels whispered enigmatic secrets that only the perceptive ear could discern.\n' +
       '\n' +
-      "It wasn't long before his path intertwined with that of a capricious sprite christened Sparkle, bearing an impish grin and eyes sparkling with mischief. Sparkle played the role of Virgil to Ethan's Dante, guiding him through the intricate tapestry of arboreal scions, issuing warnings of perils concealed and spinning tales of ancient entities that called this very bosky enclave home.\n" +
+      'It wasn\'t long before his path intertwined with that of a capricious sprite christened Sparkle, bearing an impish grin and eyes sparkling with mischief. Sparkle played the role of Virgil to Ethan\'s Dante, guiding him through the intricate tapestry of arboreal scions, issuing warnings of perils concealed and spinning tales of ancient entities that called this very bosky enclave home.\n' +
       '\n' +
       'Together, they stumbled upon a luminous lake, its shimmering waters imbued with a celestial light. At the center lay a diminutive island, upon which reposed a cottage fashioned from tender petals and verdant leaves. It belonged to an ancient sorceress of considerable wisdom, Celestia by name.\n' +
       '\n' +
-      "Celestia, with her power to bestow a single wish on any intrepid soul who happened upon her abode, met Ethan's desire with a congenial nod, his fervor for a grand expedition not lost on her penetrating gaze. In response, she bequeathed unto him a necklace of magical manufacture – adorned with the rare gemstone known as the Eye of Imagination – whose very essence transformed dreams into vivid reality. From that moment forward, not a single cogitation nor nebulous fanciful notion of Ethan's ever lacked physicality.\n" +
+      'Celestia, with her power to bestow a single wish on any intrepid soul who happened upon her abode, met Ethan\'s desire with a congenial nod, his fervor for a grand expedition not lost on her penetrating gaze. In response, she bequeathed unto him a necklace of magical manufacture – adorned with the rare gemstone known as the Eye of Imagination – whose very essence transformed dreams into vivid reality. From that moment forward, not a single cogitation nor nebulous fanciful notion of Ethan\'s ever lacked physicality.\n' +
       '\n' +
       'Energized by this newfound potency, Ethan continued his sojourn, encountering mythical creatures, unraveling cerebral enigmas, and braving perils aplenty along the winding roads of destiny. Armed with the Eye of Imagination, he brought forth life from immobile statuary, unlocked forbidding portals, and even tamed the ferocious beasts of yore – their fiery breath reduced to a whisper.\n' +
       '\n' +
-      "As the weeks metamorphosed into months, Ethan grew wiser and more attuned to the ebb and flow of the world enveloping him. He gleaned that true adventure isn't solely confined to sating a thirst for adrenaline and conquering the unknown; indeed, it resides in fostering compassion, fostering amicable bonds, and cherishing the beauty entwined within the quotidian veld.\n" +
+      'As the weeks metamorphosed into months, Ethan grew wiser and more attuned to the ebb and flow of the world enveloping him. He gleaned that true adventure isn\'t solely confined to sating a thirst for adrenaline and conquering the unknown; indeed, it resides in fostering compassion, fostering amicable bonds, and cherishing the beauty entwined within the quotidian veld.\n' +
       '\n' +
-      "Eventually, Ethan's quest drew him homeward, back to his village. Buoying the Eye of Imagination's ethereal power, he imbued the hitherto unremarkable settlement with the patina of infinite possibilities. The bounteous fields bloomed into kaleidoscopic gardens, simple instruments transmuting into intricate masterpieces, and the villagers themselves clasped within their hearts a renewed ardor, a conflagration of hope and inspiration.\n" +
+      'Eventually, Ethan\'s quest drew him homeward, back to his village. Buoying the Eye of Imagination\'s ethereal power, he imbued the hitherto unremarkable settlement with the patina of infinite possibilities. The bounteous fields bloomed into kaleidoscopic gardens, simple instruments transmuting into intricate masterpieces, and the villagers themselves clasped within their hearts a renewed ardor, a conflagration of hope and inspiration.\n' +
       '\n' +
-      "Behold Ethan, at present hailed as the Village Magician – a cognomen befitting his sorcery wielded within the confines of the community he adored. His exploits may have become tethered to a geographical locale, but the flame kindled by that premier sojourn never flickered. Occasionally, beneath the veiled twilight canopy, when peering skyward toward the astral canvas bedecked with countless luminescent diamonds, he'd allow his mind to wander, cognizant of boundless adventures yet to take flight, forever awaiting his indomitable spirit.",
+      'Behold Ethan, at present hailed as the Village Magician – a cognomen befitting his sorcery wielded within the confines of the community he adored. His exploits may have become tethered to a geographical locale, but the flame kindled by that premier sojourn never flickered. Occasionally, beneath the veiled twilight canopy, when peering skyward toward the astral canvas bedecked with countless luminescent diamonds, he\'d allow his mind to wander, cognizant of boundless adventures yet to take flight, forever awaiting his indomitable spirit.',
   },
   {
     role: 'assistant',
     content:
-      "Beautifully rewritten! It captures the essence of Cormac McCarthy's style, with its descriptive language and evocative imagery. The story retains the spirit of adventure and the power of imagination seen in the original. Well done! If you have any more requests or if there's anything else I can assist you with, feel free to let me know.",
+      'Beautifully rewritten! It captures the essence of Cormac McCarthy\'s style, with its descriptive language and evocative imagery. The story retains the spirit of adventure and the power of imagination seen in the original. Well done! If you have any more requests or if there\'s anything else I can assist you with, feel free to let me know.',
   },
   {
     role: 'user',
@@ -73,19 +73,19 @@
   {
     role: 'assistant',
     content:
-      "Certainly! Here's a short story reflecting Cormac McCarthy's style:\n" +
+      'Certainly! Here\'s a short story reflecting Cormac McCarthy\'s style:\n' +
       '\n' +
       'In a desolate wasteland scarred by the sins of mankind, a lone traveler ventured forth, his name forgotten by time, etched upon the shadows of memory. He navigated the barren plains, where the sun beat down, merciless and unrelenting, scorching the parched earth beneath his weary boots.\n' +
       '\n' +
       'Desolation was his only companion, the forsaken landscape a testament to the darkness that had befallen this forsaken realm. The wind whispered secrets long lost, carrying with it the echoes of a civilization long since undone, swallowed by the abyss.\n' +
       '\n' +
-      "Amongst the shattered remnants of fallen cities, he sought solace, a glimmer of hope amidst the desolation. Rusted remnants of steel and concrete stood as sentinels of mankind's hubris, their jagged edges a chilling reminder of the fragility of all that was once deemed invincible.\n" +
+      'Amongst the shattered remnants of fallen cities, he sought solace, a glimmer of hope amidst the desolation. Rusted remnants of steel and concrete stood as sentinels of mankind\'s hubris, their jagged edges a chilling reminder of the fragility of all that was once deemed invincible.\n' +
       '\n' +
       'As twilight descended, casting a pallid hue upon the lifeless land, he happened upon a dilapidated house, its walls crumbling under the weight of time. Drawn to the desolation, he pushed open the creaking door, its rusty hinges screaming in protest.\n' +
       '\n' +
       'Inside, a world frozen in time awaited him. Dust particles danced through the air, illuminated by slivers of light that pierced the broken windows. Here, the past lay trapped, a melancholic tableau of lives lost and dreams shattered.\n' +
       '\n' +
-      "He wandered through the empty rooms, bare walls whispering stories untold. In the corner, a dilapidated piano stood, its ivory keys long since abandoned by a musician's touch. He approached it cautiously, a faint glimmer of anticipation igniting in his weather-worn eyes.\n" +
+      'He wandered through the empty rooms, bare walls whispering stories untold. In the corner, a dilapidated piano stood, its ivory keys long since abandoned by a musician\'s touch. He approached it cautiously, a faint glimmer of anticipation igniting in his weather-worn eyes.\n' +
       '\n' +
       'Determined, he carefully brushed away the dust and debris that cloaked the instrument. With trembling hands, he pressed a key, and a discordant note filled the air, mingling with the sighs of forgotten melodies. The sound echoed through the silence, bringing with it the remnants of forgotten symphonies.\n' +
       '\n' +
@@ -103,13 +103,13 @@
   {
     role: 'assistant',
     content:
-      "Thank you! I'm glad you enjoyed it. If you have any more writing requests or if there's anything else I can assist you with, feel free to let me know.",
+      'Thank you! I\'m glad you enjoyed it. If you have any more writing requests or if there\'s anything else I can assist you with, feel free to let me know.',
   },
   { role: 'user', content: 'you are very helpful' },
   {
     role: 'assistant',
     content:
-      "Thank you for your kind words! I'm here to assist you in any way I can. If you have any more questions, need further assistance, or just want to chat, feel free to reach out.",
+      'Thank you for your kind words! I\'m here to assist you in any way I can. If you have any more questions, need further assistance, or just want to chat, feel free to reach out.',
   },
   { role: 'user', content: 'no you man' },
 ];

api/app/clients/memory/summaryBuffer.demo.js

@@ -9,7 +9,7 @@ const chatPromptMemory = new ConversationSummaryBufferMemory({
 });
 
 (async () => {
-  await chatPromptMemory.saveContext({ input: "hi my name's Danny" }, { output: 'whats up' });
+  await chatPromptMemory.saveContext({ input: 'hi my name\'s Danny' }, { output: 'whats up' });
   await chatPromptMemory.saveContext({ input: 'not much you' }, { output: 'not much' });
   await chatPromptMemory.saveContext(
     { input: 'are you excited for the olympics?' },

api/app/clients/output_parsers/addImages.spec.js

@@ -74,7 +74,7 @@ describe('addImages', () => {
 
   it('should append correctly from a real scenario', () => {
     responseMessage.text =
-      "Here is the generated image based on your request. It depicts a surreal landscape filled with floating musical notes. The style is impressionistic, with vibrant sunset hues dominating the scene. At the center, there's a silhouette of a grand piano, adding a dreamy emotion to the overall image. This could serve as a unique and creative music album cover. Would you like to make any changes or generate another image?";
+      'Here is the generated image based on your request. It depicts a surreal landscape filled with floating musical notes. The style is impressionistic, with vibrant sunset hues dominating the scene. At the center, there\'s a silhouette of a grand piano, adding a dreamy emotion to the overall image. This could serve as a unique and creative music album cover. Would you like to make any changes or generate another image?';
     const originalText = responseMessage.text;
     const imageMarkdown = '![generated image](/images/img-RnVWaYo2Yg4x3e0isICiMuf5.png)';
     intermediateSteps.push({ observation: imageMarkdown });

api/app/clients/output_parsers/handleOutputs.js

@@ -65,14 +65,14 @@ function buildPromptPrefix({ result, message, functionsAgent }) {
   const preliminaryAnswer =
     result.output?.length > 0 ? `Preliminary Answer: "${result.output.trim()}"` : '';
   const prefix = preliminaryAnswer
-    ? "review and improve the answer you generated using plugins in response to the User Message below. The user hasn't seen your answer or thoughts yet."
+    ? 'review and improve the answer you generated using plugins in response to the User Message below. The user hasn\'t seen your answer or thoughts yet.'
     : 'respond to the User Message below based on your preliminary thoughts & actions.';
 
   return `As a helpful AI Assistant, ${prefix}${errorMessage}\n${internalActions}
 ${preliminaryAnswer}
 Reply conversationally to the User based on your ${
-    preliminaryAnswer ? 'preliminary answer, ' : ''
-  }internal actions, thoughts, and observations, making improvements wherever possible, but do not modify URLs.
+  preliminaryAnswer ? 'preliminary answer, ' : ''
+}internal actions, thoughts, and observations, making improvements wherever possible, but do not modify URLs.
 ${
   preliminaryAnswer
     ? ''

api/app/clients/prompts/addCacheControl.spec.js

@@ -6,7 +6,7 @@ describe('addCacheControl', () => {
       { role: 'user', content: [{ type: 'text', text: 'Hello' }] },
       { role: 'assistant', content: [{ type: 'text', text: 'Hi there' }] },
       { role: 'user', content: [{ type: 'text', text: 'How are you?' }] },
-      { role: 'assistant', content: [{ type: 'text', text: "I'm doing well, thanks!" }] },
+      { role: 'assistant', content: [{ type: 'text', text: 'I\'m doing well, thanks!' }] },
       { role: 'user', content: [{ type: 'text', text: 'Great!' }] },
     ];
 
@@ -22,7 +22,7 @@ describe('addCacheControl', () => {
       { role: 'user', content: 'Hello' },
       { role: 'assistant', content: 'Hi there' },
       { role: 'user', content: 'How are you?' },
-      { role: 'assistant', content: "I'm doing well, thanks!" },
+      { role: 'assistant', content: 'I\'m doing well, thanks!' },
       { role: 'user', content: 'Great!' },
     ];
 
@@ -140,7 +140,7 @@ describe('addCacheControl', () => {
       { role: 'user', content: 'Hello' },
       { role: 'assistant', content: 'Hi there' },
       { role: 'user', content: [{ type: 'text', text: 'How are you?' }] },
-      { role: 'assistant', content: "I'm doing well, thanks!" },
+      { role: 'assistant', content: 'I\'m doing well, thanks!' },
       { role: 'user', content: 'Great!' },
     ];
 
@@ -160,7 +160,7 @@ describe('addCacheControl', () => {
       },
     ]);
     expect(result[1].content).toBe('Hi there');
-    expect(result[3].content).toBe("I'm doing well, thanks!");
+    expect(result[3].content).toBe('I\'m doing well, thanks!');
   });
 
   test('should handle edge case with multiple content types', () => {

api/app/clients/prompts/artifacts.js

@@ -3,6 +3,7 @@ const { EModelEndpoint, ArtifactModes } = require('librechat-data-provider');
 const { generateShadcnPrompt } = require('~/app/clients/prompts/shadcn-docs/generate');
 const { components } = require('~/app/clients/prompts/shadcn-docs/components');
 
+// eslint-disable-next-line no-unused-vars
 const artifactsPromptV1 = dedent`The assistant can create and reference artifacts during conversations.
   
 Artifacts are for substantial, self-contained content that users might modify or reuse, displayed in a separate UI window for clarity.

api/app/clients/prompts/createContextHandlers.js

@@ -96,35 +96,35 @@ function createContextHandlers(req, userMessageContent) {
         resolvedQueries.length === 0
           ? '\n\tThe semantic search did not return any results.'
           : resolvedQueries
-              .map((queryResult, index) => {
-                const file = processedFiles[index];
-                let contextItems = queryResult.data;
+            .map((queryResult, index) => {
+              const file = processedFiles[index];
+              let contextItems = queryResult.data;
 
-                const generateContext = (currentContext) =>
-                  `
+              const generateContext = (currentContext) =>
+                `
           <file>
             <filename>${file.filename}</filename>
             <context>${currentContext}
             </context>
           </file>`;
 
-                if (useFullContext) {
-                  return generateContext(`\n${contextItems}`);
-                }
+              if (useFullContext) {
+                return generateContext(`\n${contextItems}`);
+              }
 
-                contextItems = queryResult.data
-                  .map((item) => {
-                    const pageContent = item[0].page_content;
-                    return `
+              contextItems = queryResult.data
+                .map((item) => {
+                  const pageContent = item[0].page_content;
+                  return `
             <contextItem>
               <![CDATA[${pageContent?.trim()}]]>
             </contextItem>`;
-                  })
-                  .join('');
+                })
+                .join('');
 
-                return generateContext(contextItems);
-              })
-              .join('');
+              return generateContext(contextItems);
+            })
+            .join('');
 
       if (useFullContext) {
         const prompt = `${header}

api/app/clients/prompts/formatAgentMessages.spec.js

@@ -130,7 +130,7 @@ describe('formatAgentMessages', () => {
         content: [
           {
             type: ContentTypes.TEXT,
-            [ContentTypes.TEXT]: "I'll search for that information.",
+            [ContentTypes.TEXT]: 'I\'ll search for that information.',
             tool_call_ids: ['search_1'],
           },
           {
@@ -144,7 +144,7 @@ describe('formatAgentMessages', () => {
           },
           {
             type: ContentTypes.TEXT,
-            [ContentTypes.TEXT]: "Now, I'll convert the temperature.",
+            [ContentTypes.TEXT]: 'Now, I\'ll convert the temperature.',
             tool_call_ids: ['convert_1'],
           },
           {
@@ -156,7 +156,7 @@ describe('formatAgentMessages', () => {
               output: '23.89°C',
             },
           },
-          { type: ContentTypes.TEXT, [ContentTypes.TEXT]: "Here's your answer." },
+          { type: ContentTypes.TEXT, [ContentTypes.TEXT]: 'Here\'s your answer.' },
         ],
       },
     ];
@@ -171,7 +171,7 @@ describe('formatAgentMessages', () => {
     expect(result[4]).toBeInstanceOf(AIMessage);
 
     // Check first AIMessage
-    expect(result[0].content).toBe("I'll search for that information.");
+    expect(result[0].content).toBe('I\'ll search for that information.');
     expect(result[0].tool_calls).toHaveLength(1);
     expect(result[0].tool_calls[0]).toEqual({
       id: 'search_1',
@@ -187,7 +187,7 @@ describe('formatAgentMessages', () => {
     );
 
     // Check second AIMessage
-    expect(result[2].content).toBe("Now, I'll convert the temperature.");
+    expect(result[2].content).toBe('Now, I\'ll convert the temperature.');
     expect(result[2].tool_calls).toHaveLength(1);
     expect(result[2].tool_calls[0]).toEqual({
       id: 'convert_1',
@@ -202,7 +202,7 @@ describe('formatAgentMessages', () => {
 
     // Check final AIMessage
     expect(result[4].content).toStrictEqual([
-      { [ContentTypes.TEXT]: "Here's your answer.", type: ContentTypes.TEXT },
+      { [ContentTypes.TEXT]: 'Here\'s your answer.', type: ContentTypes.TEXT },
     ]);
   });
 
@@ -217,7 +217,7 @@ describe('formatAgentMessages', () => {
         role: 'assistant',
         content: [{ type: ContentTypes.TEXT, [ContentTypes.TEXT]: 'How can I help you?' }],
       },
-      { role: 'user', content: "What's the weather?" },
+      { role: 'user', content: 'What\'s the weather?' },
       {
         role: 'assistant',
         content: [
@@ -240,7 +240,7 @@ describe('formatAgentMessages', () => {
       {
         role: 'assistant',
         content: [
-          { type: ContentTypes.TEXT, [ContentTypes.TEXT]: "Here's the weather information." },
+          { type: ContentTypes.TEXT, [ContentTypes.TEXT]: 'Here\'s the weather information.' },
         ],
       },
     ];
@@ -265,12 +265,12 @@ describe('formatAgentMessages', () => {
       { [ContentTypes.TEXT]: 'How can I help you?', type: ContentTypes.TEXT },
     ]);
     expect(result[2].content).toStrictEqual([
-      { [ContentTypes.TEXT]: "What's the weather?", type: ContentTypes.TEXT },
+      { [ContentTypes.TEXT]: 'What\'s the weather?', type: ContentTypes.TEXT },
     ]);
     expect(result[3].content).toBe('Let me check that for you.');
     expect(result[4].content).toBe('Sunny, 75°F');
     expect(result[5].content).toStrictEqual([
-      { [ContentTypes.TEXT]: "Here's the weather information.", type: ContentTypes.TEXT },
+      { [ContentTypes.TEXT]: 'Here\'s the weather information.', type: ContentTypes.TEXT },
     ]);
 
     // Check that there are no consecutive AIMessages

api/app/clients/prompts/instructions.js

@@ -1,8 +1,8 @@
 module.exports = {
   instructions:
-    "Remember, all your responses MUST be in the format described. Do not respond unless it's in the format described, using the structure of Action, Action Input, etc.",
+    'Remember, all your responses MUST be in the format described. Do not respond unless it\'s in the format described, using the structure of Action, Action Input, etc.',
   errorInstructions:
-    "\nYou encountered an error in attempting a response. The user is not aware of the error so you shouldn't mention it.\nReview the actions taken carefully in case there is a partial or complete answer within them.\nError Message:",
+    '\nYou encountered an error in attempting a response. The user is not aware of the error so you shouldn\'t mention it.\nReview the actions taken carefully in case there is a partial or complete answer within them.\nError Message:',
   imageInstructions:
     'You must include the exact image paths from above, formatted in Markdown syntax: ![alt-text](URL)',
   completionInstructions:

api/app/clients/prompts/shadcn-docs/generate.js

@@ -18,17 +18,17 @@ function generateShadcnPrompt(options) {
     Here are the components that are available, along with how to import them, and how to use them:
 
     ${Object.values(components)
-      .map((component) => {
-        if (useXML) {
-          return dedent`
+    .map((component) => {
+      if (useXML) {
+        return dedent`
             <component>
               <name>${component.componentName}</name>
               <import-instructions>${component.importDocs}</import-instructions>
               <usage-instructions>${component.usageDocs}</usage-instructions>
             </component>
           `;
-        } else {
-          return dedent`
+      } else {
+        return dedent`
             # ${component.componentName}
 
             ## Import Instructions
@@ -37,9 +37,9 @@ function generateShadcnPrompt(options) {
             ## Usage Instructions
             ${component.usageDocs}
           `;
-        }
-      })
-      .join('\n\n')}
+      }
+    })
+    .join('\n\n')}
   `;
 
   return systemPrompt;

api/app/clients/specs/AnthropicClient.test.js

@@ -309,7 +309,7 @@ describe('AnthropicClient', () => {
       };
       client.setOptions({ modelOptions, promptCache: true });
       const anthropicClient = client.getClient(modelOptions);
-      expect(anthropicClient.defaultHeaders).not.toHaveProperty('anthropic-beta');
+      expect(anthropicClient._options.defaultHeaders).toBeUndefined();
     });
 
     it('should not add beta header for other models', () => {
@@ -320,7 +320,7 @@ describe('AnthropicClient', () => {
         },
       });
       const anthropicClient = client.getClient();
-      expect(anthropicClient.defaultHeaders).not.toHaveProperty('anthropic-beta');
+      expect(anthropicClient._options.defaultHeaders).toBeUndefined();
     });
   });
 

api/app/clients/specs/BaseClient.test.js

@@ -1,7 +1,7 @@
 const { Constants } = require('librechat-data-provider');
 const { initializeFakeClient } = require('./FakeClient');
 
-jest.mock('~/lib/db/connectDb');
+jest.mock('~/db/connect');
 jest.mock('~/models', () => ({
   User: jest.fn(),
   Key: jest.fn(),
@@ -33,7 +33,9 @@ jest.mock('~/models', () => ({
 const { getConvo, saveConvo } = require('~/models');
 
 jest.mock('@librechat/agents', () => {
+  const { Providers } = jest.requireActual('@librechat/agents');
   return {
+    Providers,
     ChatOpenAI: jest.fn().mockImplementation(() => {
       return {};
     }),

api/app/clients/specs/OpenAIClient.test.js

@@ -5,7 +5,7 @@ const getLogStores = require('~/cache/getLogStores');
 const OpenAIClient = require('../OpenAIClient');
 jest.mock('meilisearch');
 
-jest.mock('~/lib/db/connectDb');
+jest.mock('~/db/connect');
 jest.mock('~/models', () => ({
   User: jest.fn(),
   Key: jest.fn(),

api/app/clients/specs/PluginsClient.test.js

@@ -3,7 +3,7 @@ const { Constants } = require('librechat-data-provider');
 const { HumanMessage, AIMessage } = require('@langchain/core/messages');
 const PluginsClient = require('../PluginsClient');
 
-jest.mock('~/lib/db/connectDb');
+jest.mock('~/db/connect');
 jest.mock('~/models/Conversation', () => {
   return function () {
     return {

api/app/clients/tools/dynamic/OpenAPIPlugin.js

@@ -1,184 +0,0 @@
-require('dotenv').config();
-const fs = require('fs');
-const { z } = require('zod');
-const path = require('path');
-const yaml = require('js-yaml');
-const { createOpenAPIChain } = require('langchain/chains');
-const { DynamicStructuredTool } = require('@langchain/core/tools');
-const { ChatPromptTemplate, HumanMessagePromptTemplate } = require('@langchain/core/prompts');
-const { logger } = require('~/config');
-
-function addLinePrefix(text, prefix = '// ') {
-  return text
-    .split('\n')
-    .map((line) => prefix + line)
-    .join('\n');
-}
-
-function createPrompt(name, functions) {
-  const prefix = `// The ${name} tool has the following functions. Determine the desired or most optimal function for the user's query:`;
-  const functionDescriptions = functions
-    .map((func) => `// - ${func.name}: ${func.description}`)
-    .join('\n');
-  return `${prefix}\n${functionDescriptions}
-// You are an expert manager and scrum master. You must provide a detailed intent to better execute the function.
-// Always format as such: {{"func": "function_name", "intent": "intent and expected result"}}`;
-}
-
-const AuthBearer = z
-  .object({
-    type: z.string().includes('service_http'),
-    authorization_type: z.string().includes('bearer'),
-    verification_tokens: z.object({
-      openai: z.string(),
-    }),
-  })
-  .catch(() => false);
-
-const AuthDefinition = z
-  .object({
-    type: z.string(),
-    authorization_type: z.string(),
-    verification_tokens: z.object({
-      openai: z.string(),
-    }),
-  })
-  .catch(() => false);
-
-async function readSpecFile(filePath) {
-  try {
-    const fileContents = await fs.promises.readFile(filePath, 'utf8');
-    if (path.extname(filePath) === '.json') {
-      return JSON.parse(fileContents);
-    }
-    return yaml.load(fileContents);
-  } catch (e) {
-    logger.error('[readSpecFile] error', e);
-    return false;
-  }
-}
-
-async function getSpec(url) {
-  const RegularUrl = z
-    .string()
-    .url()
-    .catch(() => false);
-
-  if (RegularUrl.parse(url) && path.extname(url) === '.json') {
-    const response = await fetch(url);
-    return await response.json();
-  }
-
-  const ValidSpecPath = z
-    .string()
-    .url()
-    .catch(async () => {
-      const spec = path.join(__dirname, '..', '.well-known', 'openapi', url);
-      if (!fs.existsSync(spec)) {
-        return false;
-      }
-
-      return await readSpecFile(spec);
-    });
-
-  return ValidSpecPath.parse(url);
-}
-
-async function createOpenAPIPlugin({ data, llm, user, message, memory, signal }) {
-  let spec;
-  try {
-    spec = await getSpec(data.api.url);
-  } catch (error) {
-    logger.error('[createOpenAPIPlugin] getSpec error', error);
-    return null;
-  }
-
-  if (!spec) {
-    logger.warn('[createOpenAPIPlugin] No spec found');
-    return null;
-  }
-
-  const headers = {};
-  const { auth, name_for_model, description_for_model, description_for_human } = data;
-  if (auth && AuthDefinition.parse(auth)) {
-    logger.debug('[createOpenAPIPlugin] auth detected', auth);
-    const { openai } = auth.verification_tokens;
-    if (AuthBearer.parse(auth)) {
-      headers.authorization = `Bearer ${openai}`;
-      logger.debug('[createOpenAPIPlugin] added auth bearer', headers);
-    }
-  }
-
-  const chainOptions = { llm };
-
-  if (data.headers && data.headers['librechat_user_id']) {
-    logger.debug('[createOpenAPIPlugin] id detected', headers);
-    headers[data.headers['librechat_user_id']] = user;
-  }
-
-  if (Object.keys(headers).length > 0) {
-    logger.debug('[createOpenAPIPlugin] headers detected', headers);
-    chainOptions.headers = headers;
-  }
-
-  if (data.params) {
-    logger.debug('[createOpenAPIPlugin] params detected', data.params);
-    chainOptions.params = data.params;
-  }
-
-  let history = '';
-  if (memory) {
-    logger.debug('[createOpenAPIPlugin] openAPI chain: memory detected', memory);
-    const { history: chat_history } = await memory.loadMemoryVariables({});
-    history = chat_history?.length > 0 ? `\n\n## Chat History:\n${chat_history}\n` : '';
-  }
-
-  chainOptions.prompt = ChatPromptTemplate.fromMessages([
-    HumanMessagePromptTemplate.fromTemplate(
-      `# Use the provided API's to respond to this query:\n\n{query}\n\n## Instructions:\n${addLinePrefix(
-        description_for_model,
-      )}${history}`,
-    ),
-  ]);
-
-  const chain = await createOpenAPIChain(spec, chainOptions);
-
-  const { functions } = chain.chains[0].lc_kwargs.llmKwargs;
-
-  return new DynamicStructuredTool({
-    name: name_for_model,
-    description_for_model: `${addLinePrefix(description_for_human)}${createPrompt(
-      name_for_model,
-      functions,
-    )}`,
-    description: `${description_for_human}`,
-    schema: z.object({
-      func: z
-        .string()
-        .describe(
-          `The function to invoke. The functions available are: ${functions
-            .map((func) => func.name)
-            .join(', ')}`,
-        ),
-      intent: z
-        .string()
-        .describe('Describe your intent with the function and your expected result'),
-    }),
-    func: async ({ func = '', intent = '' }) => {
-      const filteredFunctions = functions.filter((f) => f.name === func);
-      chain.chains[0].lc_kwargs.llmKwargs.functions = filteredFunctions;
-      const query = `${message}${func?.length > 0 ? `\n// Intent: ${intent}` : ''}`;
-      const result = await chain.call({
-        query,
-        signal,
-      });
-      return result.response;
-    },
-  });
-}
-
-module.exports = {
-  getSpec,
-  readSpecFile,
-  createOpenAPIPlugin,
-};

api/app/clients/tools/dynamic/OpenAPIPlugin.spec.js

@@ -1,72 +0,0 @@
-const fs = require('fs');
-const { createOpenAPIPlugin, getSpec, readSpecFile } = require('./OpenAPIPlugin');
-
-global.fetch = jest.fn().mockImplementationOnce(() => {
-  return new Promise((resolve) => {
-    resolve({
-      ok: true,
-      json: () => Promise.resolve({ key: 'value' }),
-    });
-  });
-});
-jest.mock('fs', () => ({
-  promises: {
-    readFile: jest.fn(),
-  },
-  existsSync: jest.fn(),
-}));
-
-describe('readSpecFile', () => {
-  it('reads JSON file correctly', async () => {
-    fs.promises.readFile.mockResolvedValue(JSON.stringify({ test: 'value' }));
-    const result = await readSpecFile('test.json');
-    expect(result).toEqual({ test: 'value' });
-  });
-
-  it('reads YAML file correctly', async () => {
-    fs.promises.readFile.mockResolvedValue('test: value');
-    const result = await readSpecFile('test.yaml');
-    expect(result).toEqual({ test: 'value' });
-  });
-
-  it('handles error correctly', async () => {
-    fs.promises.readFile.mockRejectedValue(new Error('test error'));
-    const result = await readSpecFile('test.json');
-    expect(result).toBe(false);
-  });
-});
-
-describe('getSpec', () => {
-  it('fetches spec from url correctly', async () => {
-    const parsedJson = await getSpec('https://www.instacart.com/.well-known/ai-plugin.json');
-    const isObject = typeof parsedJson === 'object';
-    expect(isObject).toEqual(true);
-  });
-
-  it('reads spec from file correctly', async () => {
-    fs.existsSync.mockReturnValue(true);
-    fs.promises.readFile.mockResolvedValue(JSON.stringify({ test: 'value' }));
-    const result = await getSpec('test.json');
-    expect(result).toEqual({ test: 'value' });
-  });
-
-  it('returns false when file does not exist', async () => {
-    fs.existsSync.mockReturnValue(false);
-    const result = await getSpec('test.json');
-    expect(result).toBe(false);
-  });
-});
-
-describe('createOpenAPIPlugin', () => {
-  it('returns null when getSpec throws an error', async () => {
-    const result = await createOpenAPIPlugin({ data: { api: { url: 'invalid' } } });
-    expect(result).toBe(null);
-  });
-
-  it('returns null when no spec is found', async () => {
-    const result = await createOpenAPIPlugin({});
-    expect(result).toBe(null);
-  });
-
-  // Add more tests here for different scenarios
-});

api/app/clients/tools/structured/AzureAISearch.js

@@ -18,7 +18,7 @@ class AzureAISearch extends Tool {
     super();
     this.name = 'azure-ai-search';
     this.description =
-      "Use the 'azure-ai-search' tool to retrieve search results relevant to your input";
+      'Use the \'azure-ai-search\' tool to retrieve search results relevant to your input';
     /* Used to initialize the Tool without necessary variables. */
     this.override = fields.override ?? false;
 

api/app/clients/tools/structured/DALLE3.js

@@ -8,7 +8,7 @@ const { HttpsProxyAgent } = require('https-proxy-agent');
 const { FileContext, ContentTypes } = require('librechat-data-provider');
 const { getImageBasename } = require('~/server/services/Files/images');
 const extractBaseURL = require('~/utils/extractBaseURL');
-const { logger } = require('~/config');
+const logger = require('~/config/winston');
 
 const displayMessage =
   "DALL-E displayed an image. All generated images are already plainly visible, so don't repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.";

api/app/clients/tools/structured/FluxAPI.js

@@ -8,7 +8,7 @@ const { FileContext, ContentTypes } = require('librechat-data-provider');
 const { logger } = require('~/config');
 
 const displayMessage =
-  "Flux displayed an image. All generated images are already plainly visible, so don't repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.";
+  'Flux displayed an image. All generated images are already plainly visible, so don\'t repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.';
 
 /**
  * FluxAPI - A tool for generating high-quality images from text prompts using the Flux API.

api/app/clients/tools/structured/OpenAIImageTools.js

@@ -4,12 +4,13 @@ const { v4 } = require('uuid');
 const OpenAI = require('openai');
 const FormData = require('form-data');
 const { tool } = require('@langchain/core/tools');
+const { logAxiosError } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const { ContentTypes, EImageOutputType } = require('librechat-data-provider');
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
-const { logAxiosError, extractBaseURL } = require('~/utils');
+const { extractBaseURL } = require('~/utils');
 const { getFiles } = require('~/models/File');
-const { logger } = require('~/config');
 
 /** Default descriptions for image generation tool  */
 const DEFAULT_IMAGE_GEN_DESCRIPTION = `

api/app/clients/tools/structured/OpenWeather.js

@@ -232,7 +232,7 @@ class OpenWeather extends Tool {
 
       if (['current_forecast', 'timestamp', 'daily_aggregation', 'overview'].includes(action)) {
         if (typeof finalLat !== 'number' || typeof finalLon !== 'number') {
-          return "Error: lat and lon are required and must be numbers for this action (or specify 'city').";
+          return 'Error: lat and lon are required and must be numbers for this action (or specify \'city\').';
         }
       }
 
@@ -243,7 +243,7 @@ class OpenWeather extends Tool {
       let dt;
       if (action === 'timestamp') {
         if (!date) {
-          return "Error: For timestamp action, a 'date' in YYYY-MM-DD format is required.";
+          return 'Error: For timestamp action, a \'date\' in YYYY-MM-DD format is required.';
         }
         dt = this.convertDateToUnix(date);
       }

api/app/clients/tools/structured/StableDiffusion.js

@@ -11,7 +11,7 @@ const paths = require('~/config/paths');
 const { logger } = require('~/config');
 
 const displayMessage =
-  "Stable Diffusion displayed an image. All generated images are already plainly visible, so don't repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.";
+  'Stable Diffusion displayed an image. All generated images are already plainly visible, so don\'t repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.';
 
 class StableDiffusionAPI extends Tool {
   constructor(fields) {
@@ -44,7 +44,7 @@ class StableDiffusionAPI extends Tool {
 // "negative_prompt":"semi-realistic, cgi, 3d, render, sketch, cartoon, drawing, anime, out of frame, low quality, ugly, mutation, deformed"
 // - Generate images only once per human query unless explicitly requested by the user`;
     this.description =
-      "You can generate images using text with 'stable-diffusion'. This tool is exclusively for visual content.";
+      'You can generate images using text with \'stable-diffusion\'. This tool is exclusively for visual content.';
     this.schema = z.object({
       prompt: z
         .string()

api/app/clients/tools/structured/TraversaalSearch.js

@@ -21,7 +21,7 @@ class TraversaalSearch extends Tool {
       query: z
         .string()
         .describe(
-          "A properly written sentence to be interpreted by an AI to search the web according to the user's request.",
+          'A properly written sentence to be interpreted by an AI to search the web according to the user\'s request.',
         ),
     });
 
@@ -38,6 +38,7 @@ class TraversaalSearch extends Tool {
     return apiKey;
   }
 
+  // eslint-disable-next-line no-unused-vars
   async _call({ query }, _runManager) {
     const body = {
       query: [query],

api/app/clients/tools/structured/YouTube.js

@@ -29,7 +29,7 @@ function parseTranscript(transcriptResponse) {
     .map((entry) => entry.text.trim())
     .filter((text) => text)
     .join(' ')
-    .replaceAll(''', "'");
+    .replaceAll(''', '\'');
 }
 
 function createYouTubeTools(fields = {}) {

api/app/clients/tools/structured/specs/DALLE3.spec.js

@@ -1,10 +1,29 @@
 const OpenAI = require('openai');
 const DALLE3 = require('../DALLE3');
-
-const { logger } = require('~/config');
+const logger = require('~/config/winston');
 
 jest.mock('openai');
 
+jest.mock('@librechat/data-schemas', () => {
+  return {
+    logger: {
+      info: jest.fn(),
+      warn: jest.fn(),
+      debug: jest.fn(),
+      error: jest.fn(),
+    },
+  };
+});
+
+jest.mock('tiktoken', () => {
+  return {
+    encoding_for_model: jest.fn().mockReturnValue({
+      encode: jest.fn(),
+      decode: jest.fn(),
+    }),
+  };
+});
+
 const processFileURL = jest.fn();
 
 jest.mock('~/server/services/Files/images', () => ({
@@ -37,6 +56,11 @@ jest.mock('fs', () => {
   return {
     existsSync: jest.fn(),
     mkdirSync: jest.fn(),
+    promises: {
+      writeFile: jest.fn(),
+      readFile: jest.fn(),
+      unlink: jest.fn(),
+    },
   };
 });
 

api/app/clients/tools/util/handleTools.js

@@ -1,14 +1,14 @@
+const { mcpToolPattern } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { SerpAPI } = require('@langchain/community/tools/serpapi');
 const { Calculator } = require('@langchain/community/tools/calculator');
 const { EnvVar, createCodeExecutionTool, createSearchTool } = require('@librechat/agents');
 const {
   Tools,
-  Constants,
   EToolResources,
   loadWebSearchAuth,
   replaceSpecialVars,
 } = require('librechat-data-provider');
-const { getUserPluginAuthValue } = require('~/server/services/PluginService');
 const {
   availableTools,
   manifestToolMap,
@@ -28,11 +28,10 @@ const {
 } = require('../');
 const { primeFiles: primeCodeFiles } = require('~/server/services/Files/Code/process');
 const { createFileSearchTool, primeFiles: primeSearchFiles } = require('./fileSearch');
+const { getUserPluginAuthValue } = require('~/server/services/PluginService');
 const { loadAuthValues } = require('~/server/services/Tools/credentials');
+const { getCachedTools } = require('~/server/services/Config');
 const { createMCPTool } = require('~/server/services/MCP');
-const { logger } = require('~/config');
-
-const mcpToolPattern = new RegExp(`^.+${Constants.mcp_delimiter}.+$`);
 
 /**
  * Validates the availability and authentication of tools for a user based on environment variables or user-specific plugin authentication values.
@@ -93,7 +92,7 @@ const validateTools = async (user, tools = []) => {
     return Array.from(validToolsSet.values());
   } catch (err) {
     logger.error('[validateTools] There was a problem validating tools', err);
-    throw new Error('There was a problem validating tools');
+    throw new Error(err);
   }
 };
 
@@ -236,7 +235,7 @@ const loadTools = async ({
 
   /** @type {Record<string, string>} */
   const toolContextMap = {};
-  const appTools = options.req?.app?.locals?.availableTools ?? {};
+  const appTools = (await getCachedTools({ includeGlobal: true })) ?? {};
 
   for (const tool of tools) {
     if (tool === Tools.execute_code) {
@@ -299,6 +298,7 @@ Current Date & Time: ${replaceSpecialVars({ text: '{{iso_datetime}}' })}
       requestedTools[tool] = async () =>
         createMCPTool({
           req: options.req,
+          res: options.res,
           toolKey: tool,
           model: agent?.model ?? model,
           provider: agent?.provider ?? endpoint,

api/app/clients/tools/util/handleTools.test.js

@@ -1,8 +1,5 @@
-const mockUser = {
-  _id: 'fakeId',
-  save: jest.fn(),
-  findByIdAndDelete: jest.fn(),
-};
+const mongoose = require('mongoose');
+const { MongoMemoryServer } = require('mongodb-memory-server');
 
 const mockPluginService = {
   updateUserPluginAuth: jest.fn(),
@@ -10,23 +7,18 @@ const mockPluginService = {
   getUserPluginAuthValue: jest.fn(),
 };
 
-jest.mock('~/models/User', () => {
-  return function () {
-    return mockUser;
-  };
-});
-
 jest.mock('~/server/services/PluginService', () => mockPluginService);
 
 const { BaseLLM } = require('@langchain/openai');
 const { Calculator } = require('@langchain/community/tools/calculator');
 
-const User = require('~/models/User');
+const { User } = require('~/db/models');
 const PluginService = require('~/server/services/PluginService');
 const { validateTools, loadTools, loadToolWithAuth } = require('./handleTools');
 const { StructuredSD, availableTools, DALLE3 } = require('../');
 
 describe('Tool Handlers', () => {
+  let mongoServer;
   let fakeUser;
   const pluginKey = 'dalle';
   const pluginKey2 = 'wolfram';
@@ -37,7 +29,9 @@ describe('Tool Handlers', () => {
   const authConfigs = mainPlugin.authConfig;
 
   beforeAll(async () => {
-    mockUser.save.mockResolvedValue(undefined);
+    mongoServer = await MongoMemoryServer.create();
+    const mongoUri = mongoServer.getUri();
+    await mongoose.connect(mongoUri);
 
     const userAuthValues = {};
     mockPluginService.getUserPluginAuthValue.mockImplementation((userId, authField) => {
@@ -78,9 +72,36 @@ describe('Tool Handlers', () => {
   });
 
   afterAll(async () => {
-    await mockUser.findByIdAndDelete(fakeUser._id);
+    await mongoose.disconnect();
+    await mongoServer.stop();
+  });
+
+  beforeEach(async () => {
+    // Clear mocks but not the database since we need the user to persist
+    jest.clearAllMocks();
+
+    // Reset the mock implementations
+    const userAuthValues = {};
+    mockPluginService.getUserPluginAuthValue.mockImplementation((userId, authField) => {
+      return userAuthValues[`${userId}-${authField}`];
+    });
+    mockPluginService.updateUserPluginAuth.mockImplementation(
+      (userId, authField, _pluginKey, credential) => {
+        const fields = authField.split('||');
+        fields.forEach((field) => {
+          userAuthValues[`${userId}-${field}`] = credential;
+        });
+      },
+    );
+
+    // Re-add the auth configs for the user
     for (const authConfig of authConfigs) {
-      await PluginService.deleteUserPluginAuth(fakeUser._id, authConfig.authField);
+      await PluginService.updateUserPluginAuth(
+        fakeUser._id,
+        authConfig.authField,
+        pluginKey,
+        mockCredential,
+      );
     }
   });
 

api/cache/banViolation.js

@@ -1,8 +1,8 @@
+const { logger } = require('@librechat/data-schemas');
 const { ViolationTypes } = require('librechat-data-provider');
 const { isEnabled, math, removePorts } = require('~/server/utils');
 const { deleteAllUserSessions } = require('~/models');
 const getLogStores = require('./getLogStores');
-const { logger } = require('~/config');
 
 const { BAN_VIOLATIONS, BAN_INTERVAL } = process.env ?? {};
 const interval = math(BAN_INTERVAL, 20);
@@ -32,7 +32,6 @@ const banViolation = async (req, res, errorMessage) => {
   if (!isEnabled(BAN_VIOLATIONS)) {
     return;
   }
-
   if (!errorMessage) {
     return;
   }
@@ -51,7 +50,6 @@ const banViolation = async (req, res, errorMessage) => {
 
   const banLogs = getLogStores(ViolationTypes.BAN);
   const duration = errorMessage.duration || banLogs.opts.ttl;
-
   if (duration <= 0) {
     return;
   }

api/cache/banViolation.spec.js

@@ -1,48 +1,28 @@
+const mongoose = require('mongoose');
+const { MongoMemoryServer } = require('mongodb-memory-server');
 const banViolation = require('./banViolation');
 
-jest.mock('keyv');
-jest.mock('../models/Session');
-// Mocking the getLogStores function
-jest.mock('./getLogStores', () => {
-  return jest.fn().mockImplementation(() => {
-    const EventEmitter = require('events');
-    const { CacheKeys } = require('librechat-data-provider');
-    const math = require('../server/utils/math');
-    const mockGet = jest.fn();
-    const mockSet = jest.fn();
-    class KeyvMongo extends EventEmitter {
-      constructor(url = 'mongodb://127.0.0.1:27017', options) {
-        super();
-        this.ttlSupport = false;
-        url = url ?? {};
-        if (typeof url === 'string') {
-          url = { url };
-        }
-        if (url.uri) {
-          url = { url: url.uri, ...url };
-        }
-        this.opts = {
-          url,
-          collection: 'keyv',
-          ...url,
-          ...options,
-        };
-      }
-
-      get = mockGet;
-      set = mockSet;
-    }
-
-    return new KeyvMongo('', {
-      namespace: CacheKeys.BANS,
-      ttl: math(process.env.BAN_DURATION, 7200000),
-    });
-  });
-});
+// Mock deleteAllUserSessions since we're testing ban logic, not session deletion
+jest.mock('~/models', () => ({
+  ...jest.requireActual('~/models'),
+  deleteAllUserSessions: jest.fn().mockResolvedValue(true),
+}));
 
 describe('banViolation', () => {
+  let mongoServer;
   let req, res, errorMessage;
 
+  beforeAll(async () => {
+    mongoServer = await MongoMemoryServer.create();
+    const mongoUri = mongoServer.getUri();
+    await mongoose.connect(mongoUri);
+  });
+
+  afterAll(async () => {
+    await mongoose.disconnect();
+    await mongoServer.stop();
+  });
+
   beforeEach(() => {
     req = {
       ip: '127.0.0.1',
@@ -55,7 +35,7 @@ describe('banViolation', () => {
     };
     errorMessage = {
       type: 'someViolation',
-      user_id: '12345',
+      user_id: new mongoose.Types.ObjectId().toString(), // Use valid ObjectId
       prev_count: 0,
       violation_count: 0,
     };

api/cache/getLogStores.js

@@ -1,7 +1,7 @@
 const { Keyv } = require('keyv');
 const { CacheKeys, ViolationTypes, Time } = require('librechat-data-provider');
 const { logFile, violationFile } = require('./keyvFiles');
-const { math, isEnabled } = require('~/server/utils');
+const { isEnabled, math } = require('~/server/utils');
 const keyvRedis = require('./keyvRedis');
 const keyvMongo = require('./keyvMongo');
 
@@ -29,6 +29,10 @@ const roles = isRedisEnabled
   ? new Keyv({ store: keyvRedis })
   : new Keyv({ namespace: CacheKeys.ROLES });
 
+const mcpTools = isRedisEnabled
+  ? new Keyv({ store: keyvRedis })
+  : new Keyv({ namespace: CacheKeys.MCP_TOOLS });
+
 const audioRuns = isRedisEnabled
   ? new Keyv({ store: keyvRedis, ttl: Time.TEN_MINUTES })
   : new Keyv({ namespace: CacheKeys.AUDIO_RUNS, ttl: Time.TEN_MINUTES });
@@ -67,6 +71,7 @@ const openIdExchangedTokensCache = isRedisEnabled
 
 const namespaces = {
   [CacheKeys.ROLES]: roles,
+  [CacheKeys.MCP_TOOLS]: mcpTools,
   [CacheKeys.CONFIG_STORE]: config,
   [CacheKeys.PENDING_REQ]: pending_req,
   [ViolationTypes.BAN]: new Keyv({ store: keyvMongo, namespace: CacheKeys.BANS, ttl: duration }),

api/config/index.js

@@ -1,7 +1,6 @@
-const axios = require('axios');
 const { EventSource } = require('eventsource');
-const { Time, CacheKeys } = require('librechat-data-provider');
-const { MCPManager, FlowStateManager } = require('librechat-mcp');
+const { Time } = require('librechat-data-provider');
+const { MCPManager, FlowStateManager } = require('@librechat/api');
 const logger = require('./winston');
 
 global.EventSource = EventSource;
@@ -16,7 +15,7 @@ let flowManager = null;
  */
 function getMCPManager(userId) {
   if (!mcpManager) {
-    mcpManager = MCPManager.getInstance(logger);
+    mcpManager = MCPManager.getInstance();
   } else {
     mcpManager.checkIdleConnections(userId);
   }
@@ -31,66 +30,13 @@ function getFlowStateManager(flowsCache) {
   if (!flowManager) {
     flowManager = new FlowStateManager(flowsCache, {
       ttl: Time.ONE_MINUTE * 3,
-      logger,
     });
   }
   return flowManager;
 }
 
-/**
- * Sends message data in Server Sent Events format.
- * @param {ServerResponse} res - The server response.
- * @param {{ data: string | Record<string, unknown>, event?: string }} event - The message event.
- * @param {string} event.event - The type of event.
- * @param {string} event.data - The message to be sent.
- */
-const sendEvent = (res, event) => {
-  if (typeof event.data === 'string' && event.data.length === 0) {
-    return;
-  }
-  res.write(`event: message\ndata: ${JSON.stringify(event)}\n\n`);
-};
-
-/**
- * Creates and configures an Axios instance with optional proxy settings.
- *
- * @typedef {import('axios').AxiosInstance} AxiosInstance
- * @typedef {import('axios').AxiosProxyConfig} AxiosProxyConfig
- *
- * @returns {AxiosInstance} A configured Axios instance
- * @throws {Error} If there's an issue creating the Axios instance or parsing the proxy URL
- */
-function createAxiosInstance() {
-  const instance = axios.create();
-
-  if (process.env.proxy) {
-    try {
-      const url = new URL(process.env.proxy);
-
-      /** @type {AxiosProxyConfig} */
-      const proxyConfig = {
-        host: url.hostname.replace(/^\[|\]$/g, ''),
-        protocol: url.protocol.replace(':', ''),
-      };
-
-      if (url.port) {
-        proxyConfig.port = parseInt(url.port, 10);
-      }
-
-      instance.defaults.proxy = proxyConfig;
-    } catch (error) {
-      console.error('Error parsing proxy URL:', error);
-      throw new Error(`Invalid proxy URL: ${process.env.proxy}`);
-    }
-  }
-
-  return instance;
-}
-
 module.exports = {
   logger,
-  sendEvent,
   getMCPManager,
-  createAxiosInstance,
   getFlowStateManager,
 };

api/db/connect.js

@@ -39,7 +39,10 @@ async function connectDb() {
     });
   }
   cached.conn = await cached.promise;
+
   return cached.conn;
 }
 
-module.exports = connectDb;
+module.exports = {
+  connectDb,
+};

api/db/index.js

@@ -0,0 +1,8 @@
+const mongoose = require('mongoose');
+const { createModels } = require('@librechat/data-schemas');
+const { connectDb } = require('./connect');
+const indexSync = require('./indexSync');
+
+createModels(mongoose);
+
+module.exports = { connectDb, indexSync };

api/db/indexSync.js

@@ -1,8 +1,11 @@
+const mongoose = require('mongoose');
 const { MeiliSearch } = require('meilisearch');
-const { Conversation } = require('~/models/Conversation');
-const { Message } = require('~/models/Message');
+const { logger } = require('@librechat/data-schemas');
+
 const { isEnabled } = require('~/server/utils');
-const { logger } = require('~/config');
+
+const Conversation = mongoose.models.Conversation;
+const Message = mongoose.models.Message;
 
 const searchEnabled = isEnabled(process.env.SEARCH);
 const indexingDisabled = isEnabled(process.env.MEILI_NO_SYNC);
@@ -29,7 +32,6 @@ async function indexSync() {
   if (!searchEnabled) {
     return;
   }
-
   try {
     const client = MeiliSearchClient.getInstance();
 

api/db/models.js

@@ -0,0 +1,5 @@
+const mongoose = require('mongoose');
+const { createModels } = require('@librechat/data-schemas');
+const models = createModels(mongoose);
+
+module.exports = { ...models };

api/lib/db/index.js

@@ -1,4 +0,0 @@
-const connectDb = require('./connectDb');
-const indexSync = require('./indexSync');
-
-module.exports = { connectDb, indexSync };

api/models/Action.js

@@ -1,7 +1,4 @@
-const mongoose = require('mongoose');
-const { actionSchema } = require('@librechat/data-schemas');
-
-const Action = mongoose.model('action', actionSchema);
+const { Action } = require('~/db/models');
 
 /**
  * Update an action with new data without overwriting existing properties,

api/models/Agent.js

@@ -1,21 +1,18 @@
 const mongoose = require('mongoose');
 const crypto = require('node:crypto');
-const { agentSchema } = require('@librechat/data-schemas');
+const { logger } = require('@librechat/data-schemas');
 const { SystemRoles, Tools, actionDelimiter } = require('librechat-data-provider');
 const { GLOBAL_PROJECT_NAME, EPHEMERAL_AGENT_ID, mcp_delimiter } =
   require('librechat-data-provider').Constants;
-const { CONFIG_STORE, STARTUP_CONFIG } = require('librechat-data-provider').CacheKeys;
 const {
   getProjectByName,
   addAgentIdsToProject,
   removeAgentIdsFromProject,
   removeAgentFromAllProjects,
 } = require('./Project');
-const getLogStores = require('~/cache/getLogStores');
+const { getCachedTools } = require('~/server/services/Config');
 const { getActions } = require('./Action');
-const { logger } = require('~/config');
-
-const Agent = mongoose.model('agent', agentSchema);
+const { Agent } = require('~/db/models');
 
 /**
  * Create an agent with the provided data.
@@ -24,7 +21,7 @@ const Agent = mongoose.model('agent', agentSchema);
  * @throws {Error} If the agent creation fails.
  */
 const createAgent = async (agentData) => {
-  const { author, ...versionData } = agentData;
+  const { author: _author, ...versionData } = agentData;
   const timestamp = new Date();
   const initialAgentData = {
     ...agentData,
@@ -57,12 +54,12 @@ const getAgent = async (searchParameter) => await Agent.findOne(searchParameter)
  * @param {string} params.agent_id
  * @param {string} params.endpoint
  * @param {import('@librechat/agents').ClientOptions} [params.model_parameters]
- * @returns {Agent|null} The agent document as a plain object, or null if not found.
+ * @returns {Promise<Agent|null>} The agent document as a plain object, or null if not found.
  */
-const loadEphemeralAgent = ({ req, agent_id, endpoint, model_parameters: _m }) => {
+const loadEphemeralAgent = async ({ req, agent_id, endpoint, model_parameters: _m }) => {
   const { model, ...model_parameters } = _m;
   /** @type {Record<string, FunctionTool>} */
-  const availableTools = req.app.locals.availableTools;
+  const availableTools = await getCachedTools({ includeGlobal: true });
   /** @type {TEphemeralAgent | null} */
   const ephemeralAgent = req.body.ephemeralAgent;
   const mcpServers = new Set(ephemeralAgent?.mcp);
@@ -113,7 +110,7 @@ const loadAgent = async ({ req, agent_id, endpoint, model_parameters }) => {
     return null;
   }
   if (agent_id === EPHEMERAL_AGENT_ID) {
-    return loadEphemeralAgent({ req, agent_id, endpoint, model_parameters });
+    return await loadEphemeralAgent({ req, agent_id, endpoint, model_parameters });
   }
   const agent = await getAgent({
     id: agent_id,
@@ -124,29 +121,7 @@ const loadAgent = async ({ req, agent_id, endpoint, model_parameters }) => {
   }
 
   agent.version = agent.versions ? agent.versions.length : 0;
-
-  if (agent.author.toString() === req.user.id) {
-    return agent;
-  }
-
-  if (!agent.projectIds) {
-    return null;
-  }
-
-  const cache = getLogStores(CONFIG_STORE);
-  /** @type {TStartupConfig} */
-  const cachedStartupConfig = await cache.get(STARTUP_CONFIG);
-  let { instanceProjectId } = cachedStartupConfig ?? {};
-  if (!instanceProjectId) {
-    instanceProjectId = (await getProjectByName(GLOBAL_PROJECT_NAME, '_id'))._id.toString();
-  }
-
-  for (const projectObjectId of agent.projectIds) {
-    const projectId = projectObjectId.toString();
-    if (projectId === instanceProjectId) {
-      return agent;
-    }
-  }
+  return agent;
 };
 
 /**
@@ -172,12 +147,11 @@ const isDuplicateVersion = (updateData, currentData, versions, actionsHash = nul
     'created_at',
     'updated_at',
     '__v',
-    'agent_ids',
     'versions',
     'actionsHash', // Exclude actionsHash from direct comparison
   ];
 
-  const { $push, $pull, $addToSet, ...directUpdates } = updateData;
+  const { $push: _$push, $pull: _$pull, $addToSet: _$addToSet, ...directUpdates } = updateData;
 
   if (Object.keys(directUpdates).length === 0 && !actionsHash) {
     return null;
@@ -262,16 +236,24 @@ const isDuplicateVersion = (updateData, currentData, versions, actionsHash = nul
  * @param {Object} [options] - Optional configuration object.
  * @param {string} [options.updatingUserId] - The ID of the user performing the update (used for tracking non-author updates).
  * @param {boolean} [options.forceVersion] - Force creation of a new version even if no fields changed.
+ * @param {boolean} [options.skipVersioning] - Skip version creation entirely (useful for isolated operations like sharing).
  * @returns {Promise<Agent>} The updated or newly created agent document as a plain object.
  * @throws {Error} If the update would create a duplicate version
  */
 const updateAgent = async (searchParameter, updateData, options = {}) => {
-  const { updatingUserId = null, forceVersion = false } = options;
+  const { updatingUserId = null, forceVersion = false, skipVersioning = false } = options;
   const mongoOptions = { new: true, upsert: false };
 
   const currentAgent = await Agent.findOne(searchParameter);
   if (currentAgent) {
-    const { __v, _id, id, versions, author, ...versionData } = currentAgent.toObject();
+    const {
+      __v,
+      _id,
+      id: __id,
+      versions,
+      author: _author,
+      ...versionData
+    } = currentAgent.toObject();
     const { $push, $pull, $addToSet, ...directUpdates } = updateData;
 
     let actionsHash = null;
@@ -303,10 +285,8 @@ const updateAgent = async (searchParameter, updateData, options = {}) => {
     }
 
     const shouldCreateVersion =
-      forceVersion ||
-      (versions &&
-        versions.length > 0 &&
-        (Object.keys(directUpdates).length > 0 || $push || $pull || $addToSet));
+      !skipVersioning &&
+      (forceVersion || Object.keys(directUpdates).length > 0 || $push || $pull || $addToSet);
 
     if (shouldCreateVersion) {
       const duplicateVersion = isDuplicateVersion(updateData, versionData, versions, actionsHash);
@@ -341,7 +321,7 @@ const updateAgent = async (searchParameter, updateData, options = {}) => {
       versionEntry.updatedBy = new mongoose.Types.ObjectId(updatingUserId);
     }
 
-    if (shouldCreateVersion || forceVersion) {
+    if (shouldCreateVersion) {
       updateData.$push = {
         ...($push || {}),
         versions: versionEntry,
@@ -464,8 +444,110 @@ const deleteAgent = async (searchParameter) => {
   return agent;
 };
 
+/**
+ * Get agents by accessible IDs with optional cursor-based pagination.
+ * @param {Object} params - The parameters for getting accessible agents.
+ * @param {Array} [params.accessibleIds] - Array of agent ObjectIds the user has ACL access to.
+ * @param {Object} [params.otherParams] - Additional query parameters (including author filter).
+ * @param {number} [params.limit] - Number of agents to return (max 100). If not provided, returns all agents.
+ * @param {string} [params.after] - Cursor for pagination - get agents after this cursor. // base64 encoded JSON string with updatedAt and _id.
+ * @returns {Promise<Object>} A promise that resolves to an object containing the agents data and pagination info.
+ */
+const getListAgentsByAccess = async ({
+  accessibleIds = [],
+  otherParams = {},
+  limit = null,
+  after = null,
+}) => {
+  const isPaginated = limit !== null && limit !== undefined;
+  const normalizedLimit = isPaginated ? Math.min(Math.max(1, parseInt(limit) || 20), 100) : null;
+
+  // Build base query combining ACL accessible agents with other filters
+  const baseQuery = { ...otherParams };
+
+  if (accessibleIds.length > 0) {
+    baseQuery._id = { $in: accessibleIds };
+  }
+
+  // Add cursor condition
+  if (after) {
+    try {
+      const cursor = JSON.parse(Buffer.from(after, 'base64').toString('utf8'));
+      const { updatedAt, _id } = cursor;
+
+      const cursorCondition = {
+        $or: [
+          { updatedAt: { $lt: new Date(updatedAt) } },
+          { updatedAt: new Date(updatedAt), _id: { $gt: mongoose.Types.ObjectId(_id) } },
+        ],
+      };
+
+      // Merge cursor condition with base query
+      if (Object.keys(baseQuery).length > 0) {
+        baseQuery.$and = [{ ...baseQuery }, cursorCondition];
+        // Remove the original conditions from baseQuery to avoid duplication
+        Object.keys(baseQuery).forEach((key) => {
+          if (key !== '$and') delete baseQuery[key];
+        });
+      } else {
+        Object.assign(baseQuery, cursorCondition);
+      }
+    } catch (error) {
+      logger.warn('Invalid cursor:', error.message);
+    }
+  }
+
+  let query = Agent.find(baseQuery, {
+    id: 1,
+    _id: 1,
+    name: 1,
+    avatar: 1,
+    author: 1,
+    projectIds: 1,
+    description: 1,
+    updatedAt: 1,
+  }).sort({ updatedAt: -1, _id: 1 });
+
+  // Only apply limit if pagination is requested
+  if (isPaginated) {
+    query = query.limit(normalizedLimit + 1);
+  }
+
+  const agents = await query.lean();
+
+  const hasMore = isPaginated ? agents.length > normalizedLimit : false;
+  const data = (isPaginated ? agents.slice(0, normalizedLimit) : agents).map((agent) => {
+    if (agent.author) {
+      agent.author = agent.author.toString();
+    }
+    return agent;
+  });
+
+  // Generate next cursor only if paginated
+  let nextCursor = null;
+  if (isPaginated && hasMore && data.length > 0) {
+    const lastAgent = agents[normalizedLimit - 1];
+    nextCursor = Buffer.from(
+      JSON.stringify({
+        updatedAt: lastAgent.updatedAt.toISOString(),
+        _id: lastAgent._id.toString(),
+      }),
+    ).toString('base64');
+  }
+
+  return {
+    object: 'list',
+    data,
+    first_id: data.length > 0 ? data[0].id : null,
+    last_id: data.length > 0 ? data[data.length - 1].id : null,
+    has_more: hasMore,
+    after: nextCursor,
+  };
+};
+
 /**
  * Get all agents.
+ * @deprecated Use getListAgentsByAccess for ACL-aware agent listing
  * @param {Object} searchParameter - The search parameters to find matching agents.
  * @param {string} searchParameter.author - The user ID of the agent's author.
  * @returns {Promise<Object>} A promise that resolves to an object containing the agents data and pagination info.
@@ -481,16 +563,16 @@ const getListAgents = async (searchParameter) => {
     delete globalQuery.author;
     query = { $or: [globalQuery, query] };
   }
-
   const agents = (
     await Agent.find(query, {
       id: 1,
-      _id: 0,
+      _id: 1,
       name: 1,
       avatar: 1,
       author: 1,
       projectIds: 1,
       description: 1,
+      // @deprecated - isCollaborative replaced by ACL permissions
       isCollaborative: 1,
     }).lean()
   ).map((agent) => {
@@ -553,7 +635,10 @@ const updateAgentProjects = async ({ user, agentId, projectIds, removeProjectIds
     delete updateQuery.author;
   }
 
-  const updatedAgent = await updateAgent(updateQuery, updateOps, { updatingUserId: user.id });
+  const updatedAgent = await updateAgent(updateQuery, updateOps, {
+    updatingUserId: user.id,
+    skipVersioning: true,
+  });
   if (updatedAgent) {
     return updatedAgent;
   }
@@ -662,7 +747,6 @@ const generateActionMetadataHash = async (actionIds, actions) => {
  */
 
 module.exports = {
-  Agent,
   getAgent,
   loadAgent,
   createAgent,
@@ -672,6 +756,7 @@ module.exports = {
   revertAgentVersion,
   updateAgentProjects,
   addAgentResourceFile,
+  getListAgentsByAccess,
   removeAgentResourceFiles,
   generateActionMetadataHash,
 };

api/models/Assistant.js

@@ -1,7 +1,4 @@
-const mongoose = require('mongoose');
-const { assistantSchema } = require('@librechat/data-schemas');
-
-const Assistant = mongoose.model('assistant', assistantSchema);
+const { Assistant } = require('~/db/models');
 
 /**
  * Update an assistant with new data without overwriting existing properties,

api/models/Balance.js

@@ -1,4 +0,0 @@
-const mongoose = require('mongoose');
-const { balanceSchema } = require('@librechat/data-schemas');
-
-module.exports = mongoose.model('Balance', balanceSchema);

api/models/Banner.js

@@ -1,8 +1,5 @@
-const mongoose = require('mongoose');
-const logger = require('~/config/winston');
-const { bannerSchema } = require('@librechat/data-schemas');
-
-const Banner = mongoose.model('Banner', bannerSchema);
+const { logger } = require('@librechat/data-schemas');
+const { Banner } = require('~/db/models');
 
 /**
  * Retrieves the current active banner.
@@ -28,4 +25,4 @@ const getBanner = async (user) => {
   }
 };
 
-module.exports = { Banner, getBanner };
+module.exports = { getBanner };

api/models/Config.js

@@ -1,86 +0,0 @@
-const mongoose = require('mongoose');
-const { logger } = require('~/config');
-
-const major = [0, 0];
-const minor = [0, 0];
-const patch = [0, 5];
-
-const configSchema = mongoose.Schema(
-  {
-    tag: {
-      type: String,
-      required: true,
-      validate: {
-        validator: function (tag) {
-          const [part1, part2, part3] = tag.replace('v', '').split('.').map(Number);
-
-          // Check if all parts are numbers
-          if (isNaN(part1) || isNaN(part2) || isNaN(part3)) {
-            return false;
-          }
-
-          // Check if all parts are within their respective ranges
-          if (part1 < major[0] || part1 > major[1]) {
-            return false;
-          }
-          if (part2 < minor[0] || part2 > minor[1]) {
-            return false;
-          }
-          if (part3 < patch[0] || part3 > patch[1]) {
-            return false;
-          }
-          return true;
-        },
-        message: 'Invalid tag value',
-      },
-    },
-    searchEnabled: {
-      type: Boolean,
-      default: false,
-    },
-    usersEnabled: {
-      type: Boolean,
-      default: false,
-    },
-    startupCounts: {
-      type: Number,
-      default: 0,
-    },
-  },
-  { timestamps: true },
-);
-
-// Instance method
-configSchema.methods.incrementCount = function () {
-  this.startupCounts += 1;
-};
-
-// Static methods
-configSchema.statics.findByTag = async function (tag) {
-  return await this.findOne({ tag }).lean();
-};
-
-configSchema.statics.updateByTag = async function (tag, update) {
-  return await this.findOneAndUpdate({ tag }, update, { new: true });
-};
-
-const Config = mongoose.models.Config || mongoose.model('Config', configSchema);
-
-module.exports = {
-  getConfigs: async (filter) => {
-    try {
-      return await Config.find(filter).lean();
-    } catch (error) {
-      logger.error('Error getting configs', error);
-      return { config: 'Error getting configs' };
-    }
-  },
-  deleteConfigs: async (filter) => {
-    try {
-      return await Config.deleteMany(filter);
-    } catch (error) {
-      logger.error('Error deleting configs', error);
-      return { config: 'Error deleting configs' };
-    }
-  },
-};

api/models/Conversation.js

@@ -1,6 +1,6 @@
-const Conversation = require('./schema/convoSchema');
+const { logger } = require('@librechat/data-schemas');
 const { getMessages, deleteMessages } = require('./Message');
-const logger = require('~/config/winston');
+const { Conversation } = require('~/db/models');
 
 /**
  * Searches for a conversation by conversationId and returns a lean document with only conversationId and user.
@@ -75,7 +75,6 @@ const getConvoFiles = async (conversationId) => {
 };
 
 module.exports = {
-  Conversation,
   getConvoFiles,
   searchConversation,
   deleteNullOrEmptyConversations,
@@ -155,7 +154,6 @@ module.exports = {
     { cursor, limit = 25, isArchived = false, tags, search, order = 'desc' } = {},
   ) => {
     const filters = [{ user }];
-
     if (isArchived) {
       filters.push({ isArchived: true });
     } else {
@@ -288,7 +286,6 @@ module.exports = {
   deleteConvos: async (user, filter) => {
     try {
       const userFilter = { ...filter, user };
-
       const conversations = await Conversation.find(userFilter).select('conversationId');
       const conversationIds = conversations.map((c) => c.conversationId);
 

api/models/ConversationTag.js

@@ -1,10 +1,5 @@
-const mongoose = require('mongoose');
-const Conversation = require('./schema/convoSchema');
-const logger = require('~/config/winston');
-
-const { conversationTagSchema } = require('@librechat/data-schemas');
-
-const ConversationTag = mongoose.model('ConversationTag', conversationTagSchema);
+const { logger } = require('@librechat/data-schemas');
+const { ConversationTag, Conversation } = require('~/db/models');
 
 /**
  * Retrieves all conversation tags for a user.

api/models/File.js

@@ -1,9 +1,6 @@
-const mongoose = require('mongoose');
+const { logger } = require('@librechat/data-schemas');
 const { EToolResources } = require('librechat-data-provider');
-const { fileSchema } = require('@librechat/data-schemas');
-const { logger } = require('~/config');
-
-const File = mongoose.model('File', fileSchema);
+const { File } = require('~/db/models');
 
 /**
  * Finds a file by its file_id with additional query options.
@@ -169,7 +166,6 @@ async function batchUpdateFiles(updates) {
 }
 
 module.exports = {
-  File,
   findFileById,
   getFiles,
   getToolFilesByIds,

api/models/Key.js

@@ -1,4 +0,0 @@
-const mongoose = require('mongoose');
-const { keySchema } = require('@librechat/data-schemas');
-
-module.exports = mongoose.model('Key', keySchema);

api/models/Message.js

@@ -1,6 +1,6 @@
 const { z } = require('zod');
-const Message = require('./schema/messageSchema');
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');
+const { Message } = require('~/db/models');
 
 const idSchema = z.string().uuid();
 
@@ -68,7 +68,6 @@ async function saveMessage(req, params, metadata) {
       logger.info(`---\`saveMessage\` context: ${metadata?.context}`);
       update.tokenCount = 0;
     }
-
     const message = await Message.findOneAndUpdate(
       { messageId: params.messageId, user: req.user.id },
       update,
@@ -140,7 +139,6 @@ async function bulkSaveMessages(messages, overrideTimestamp = false) {
         upsert: true,
       },
     }));
-
     const result = await Message.bulkWrite(bulkOps);
     return result;
   } catch (err) {
@@ -255,6 +253,7 @@ async function updateMessage(req, message, metadata) {
       text: updatedMessage.text,
       isCreatedByUser: updatedMessage.isCreatedByUser,
       tokenCount: updatedMessage.tokenCount,
+      feedback: updatedMessage.feedback,
     };
   } catch (err) {
     logger.error('Error updating message:', err);
@@ -355,7 +354,6 @@ async function deleteMessages(filter) {
 }
 
 module.exports = {
-  Message,
   saveMessage,
   bulkSaveMessages,
   recordMessage,

api/models/Message.spec.js

@@ -1,32 +1,7 @@
 const mongoose = require('mongoose');
+const { MongoMemoryServer } = require('mongodb-memory-server');
 const { v4: uuidv4 } = require('uuid');
-
-jest.mock('mongoose');
-
-const mockFindQuery = {
-  select: jest.fn().mockReturnThis(),
-  sort: jest.fn().mockReturnThis(),
-  lean: jest.fn().mockReturnThis(),
-  deleteMany: jest.fn().mockResolvedValue({ deletedCount: 1 }),
-};
-
-const mockSchema = {
-  findOneAndUpdate: jest.fn(),
-  updateOne: jest.fn(),
-  findOne: jest.fn(() => ({
-    lean: jest.fn(),
-  })),
-  find: jest.fn(() => mockFindQuery),
-  deleteMany: jest.fn(),
-};
-
-mongoose.model.mockReturnValue(mockSchema);
-
-jest.mock('~/models/schema/messageSchema', () => mockSchema);
-
-jest.mock('~/config/winston', () => ({
-  error: jest.fn(),
-}));
+const { messageSchema } = require('@librechat/data-schemas');
 
 const {
   saveMessage,
@@ -35,77 +10,102 @@ const {
   deleteMessages,
   updateMessageText,
   deleteMessagesSince,
-} = require('~/models/Message');
+} = require('./Message');
+
+/**
+ * @type {import('mongoose').Model<import('@librechat/data-schemas').IMessage>}
+ */
+let Message;
 
 describe('Message Operations', () => {
+  let mongoServer;
   let mockReq;
-  let mockMessage;
+  let mockMessageData;
 
-  beforeEach(() => {
-    jest.clearAllMocks();
+  beforeAll(async () => {
+    mongoServer = await MongoMemoryServer.create();
+    const mongoUri = mongoServer.getUri();
+    Message = mongoose.models.Message || mongoose.model('Message', messageSchema);
+    await mongoose.connect(mongoUri);
+  });
+
+  afterAll(async () => {
+    await mongoose.disconnect();
+    await mongoServer.stop();
+  });
+
+  beforeEach(async () => {
+    // Clear database
+    await Message.deleteMany({});
 
     mockReq = {
       user: { id: 'user123' },
     };
 
-    mockMessage = {
+    mockMessageData = {
       messageId: 'msg123',
       conversationId: uuidv4(),
       text: 'Hello, world!',
       user: 'user123',
     };
-
-    mockSchema.findOneAndUpdate.mockResolvedValue({
-      toObject: () => mockMessage,
-    });
   });
 
   describe('saveMessage', () => {
     it('should save a message for an authenticated user', async () => {
-      const result = await saveMessage(mockReq, mockMessage);
-      expect(result).toEqual(mockMessage);
-      expect(mockSchema.findOneAndUpdate).toHaveBeenCalledWith(
-        { messageId: 'msg123', user: 'user123' },
-        expect.objectContaining({ user: 'user123' }),
-        expect.any(Object),
-      );
+      const result = await saveMessage(mockReq, mockMessageData);
+
+      expect(result.messageId).toBe('msg123');
+      expect(result.user).toBe('user123');
+      expect(result.text).toBe('Hello, world!');
+
+      // Verify the message was actually saved to the database
+      const savedMessage = await Message.findOne({ messageId: 'msg123', user: 'user123' });
+      expect(savedMessage).toBeTruthy();
+      expect(savedMessage.text).toBe('Hello, world!');
     });
 
     it('should throw an error for unauthenticated user', async () => {
       mockReq.user = null;
-      await expect(saveMessage(mockReq, mockMessage)).rejects.toThrow('User not authenticated');
+      await expect(saveMessage(mockReq, mockMessageData)).rejects.toThrow('User not authenticated');
     });
 
-    it('should throw an error for invalid conversation ID', async () => {
-      mockMessage.conversationId = 'invalid-id';
-      await expect(saveMessage(mockReq, mockMessage)).resolves.toBeUndefined();
+    it('should handle invalid conversation ID gracefully', async () => {
+      mockMessageData.conversationId = 'invalid-id';
+      const result = await saveMessage(mockReq, mockMessageData);
+      expect(result).toBeUndefined();
     });
   });
 
   describe('updateMessageText', () => {
     it('should update message text for the authenticated user', async () => {
+      // First save a message
+      await saveMessage(mockReq, mockMessageData);
+
+      // Then update it
       await updateMessageText(mockReq, { messageId: 'msg123', text: 'Updated text' });
-      expect(mockSchema.updateOne).toHaveBeenCalledWith(
-        { messageId: 'msg123', user: 'user123' },
-        { text: 'Updated text' },
-      );
+
+      // Verify the update
+      const updatedMessage = await Message.findOne({ messageId: 'msg123', user: 'user123' });
+      expect(updatedMessage.text).toBe('Updated text');
     });
   });
 
   describe('updateMessage', () => {
     it('should update a message for the authenticated user', async () => {
-      mockSchema.findOneAndUpdate.mockResolvedValue(mockMessage);
+      // First save a message
+      await saveMessage(mockReq, mockMessageData);
+
       const result = await updateMessage(mockReq, { messageId: 'msg123', text: 'Updated text' });
-      expect(result).toEqual(
-        expect.objectContaining({
-          messageId: 'msg123',
-          text: 'Hello, world!',
-        }),
-      );
+
+      expect(result.messageId).toBe('msg123');
+      expect(result.text).toBe('Updated text');
+
+      // Verify in database
+      const updatedMessage = await Message.findOne({ messageId: 'msg123', user: 'user123' });
+      expect(updatedMessage.text).toBe('Updated text');
     });
 
     it('should throw an error if message is not found', async () => {
-      mockSchema.findOneAndUpdate.mockResolvedValue(null);
       await expect(
         updateMessage(mockReq, { messageId: 'nonexistent', text: 'Test' }),
       ).rejects.toThrow('Message not found or user not authorized.');
@@ -114,19 +114,45 @@ describe('Message Operations', () => {
 
   describe('deleteMessagesSince', () => {
     it('should delete messages only for the authenticated user', async () => {
-      mockSchema.findOne().lean.mockResolvedValueOnce({ createdAt: new Date() });
-      mockFindQuery.deleteMany.mockResolvedValueOnce({ deletedCount: 1 });
-      const result = await deleteMessagesSince(mockReq, {
-        messageId: 'msg123',
-        conversationId: 'convo123',
+      const conversationId = uuidv4();
+
+      // Create multiple messages in the same conversation
+      const message1 = await saveMessage(mockReq, {
+        messageId: 'msg1',
+        conversationId,
+        text: 'First message',
+        user: 'user123',
       });
-      expect(mockSchema.findOne).toHaveBeenCalledWith({ messageId: 'msg123', user: 'user123' });
-      expect(mockSchema.find).not.toHaveBeenCalled();
-      expect(result).toBeUndefined();
+
+      const message2 = await saveMessage(mockReq, {
+        messageId: 'msg2',
+        conversationId,
+        text: 'Second message',
+        user: 'user123',
+      });
+
+      const message3 = await saveMessage(mockReq, {
+        messageId: 'msg3',
+        conversationId,
+        text: 'Third message',
+        user: 'user123',
+      });
+
+      // Delete messages since message2 (this should only delete messages created AFTER msg2)
+      await deleteMessagesSince(mockReq, {
+        messageId: 'msg2',
+        conversationId,
+      });
+
+      // Verify msg1 and msg2 remain, msg3 is deleted
+      const remainingMessages = await Message.find({ conversationId, user: 'user123' });
+      expect(remainingMessages).toHaveLength(2);
+      expect(remainingMessages.map((m) => m.messageId)).toContain('msg1');
+      expect(remainingMessages.map((m) => m.messageId)).toContain('msg2');
+      expect(remainingMessages.map((m) => m.messageId)).not.toContain('msg3');
     });
 
     it('should return undefined if no message is found', async () => {
-      mockSchema.findOne().lean.mockResolvedValueOnce(null);
       const result = await deleteMessagesSince(mockReq, {
         messageId: 'nonexistent',
         conversationId: 'convo123',
@@ -137,29 +163,71 @@ describe('Message Operations', () => {
 
   describe('getMessages', () => {
     it('should retrieve messages with the correct filter', async () => {
-      const filter = { conversationId: 'convo123' };
-      await getMessages(filter);
-      expect(mockSchema.find).toHaveBeenCalledWith(filter);
-      expect(mockFindQuery.sort).toHaveBeenCalledWith({ createdAt: 1 });
-      expect(mockFindQuery.lean).toHaveBeenCalled();
+      const conversationId = uuidv4();
+
+      // Save some messages
+      await saveMessage(mockReq, {
+        messageId: 'msg1',
+        conversationId,
+        text: 'First message',
+        user: 'user123',
+      });
+
+      await saveMessage(mockReq, {
+        messageId: 'msg2',
+        conversationId,
+        text: 'Second message',
+        user: 'user123',
+      });
+
+      const messages = await getMessages({ conversationId });
+      expect(messages).toHaveLength(2);
+      expect(messages[0].text).toBe('First message');
+      expect(messages[1].text).toBe('Second message');
     });
   });
 
   describe('deleteMessages', () => {
     it('should delete messages with the correct filter', async () => {
+      // Save some messages for different users
+      await saveMessage(mockReq, mockMessageData);
+      await saveMessage(
+        { user: { id: 'user456' } },
+        {
+          messageId: 'msg456',
+          conversationId: uuidv4(),
+          text: 'Other user message',
+          user: 'user456',
+        },
+      );
+
       await deleteMessages({ user: 'user123' });
-      expect(mockSchema.deleteMany).toHaveBeenCalledWith({ user: 'user123' });
+
+      // Verify only user123's messages were deleted
+      const user123Messages = await Message.find({ user: 'user123' });
+      const user456Messages = await Message.find({ user: 'user456' });
+
+      expect(user123Messages).toHaveLength(0);
+      expect(user456Messages).toHaveLength(1);
     });
   });
 
   describe('Conversation Hijacking Prevention', () => {
     it("should not allow editing a message in another user's conversation", async () => {
       const attackerReq = { user: { id: 'attacker123' } };
-      const victimConversationId = 'victim-convo-123';
+      const victimConversationId = uuidv4();
       const victimMessageId = 'victim-msg-123';
 
-      mockSchema.findOneAndUpdate.mockResolvedValue(null);
+      // First, save a message as the victim (but we'll try to edit as attacker)
+      const victimReq = { user: { id: 'victim123' } };
+      await saveMessage(victimReq, {
+        messageId: victimMessageId,
+        conversationId: victimConversationId,
+        text: 'Victim message',
+        user: 'victim123',
+      });
 
+      // Attacker tries to edit the victim's message
       await expect(
         updateMessage(attackerReq, {
           messageId: victimMessageId,
@@ -168,71 +236,82 @@ describe('Message Operations', () => {
         }),
       ).rejects.toThrow('Message not found or user not authorized.');
 
-      expect(mockSchema.findOneAndUpdate).toHaveBeenCalledWith(
-        { messageId: victimMessageId, user: 'attacker123' },
-        expect.anything(),
-        expect.anything(),
-      );
+      // Verify the original message is unchanged
+      const originalMessage = await Message.findOne({
+        messageId: victimMessageId,
+        user: 'victim123',
+      });
+      expect(originalMessage.text).toBe('Victim message');
     });
 
     it("should not allow deleting messages from another user's conversation", async () => {
       const attackerReq = { user: { id: 'attacker123' } };
-      const victimConversationId = 'victim-convo-123';
+      const victimConversationId = uuidv4();
       const victimMessageId = 'victim-msg-123';
 
-      mockSchema.findOne().lean.mockResolvedValueOnce(null); // Simulating message not found for this user
+      // Save a message as the victim
+      const victimReq = { user: { id: 'victim123' } };
+      await saveMessage(victimReq, {
+        messageId: victimMessageId,
+        conversationId: victimConversationId,
+        text: 'Victim message',
+        user: 'victim123',
+      });
+
+      // Attacker tries to delete from victim's conversation
       const result = await deleteMessagesSince(attackerReq, {
         messageId: victimMessageId,
         conversationId: victimConversationId,
       });
 
       expect(result).toBeUndefined();
-      expect(mockSchema.findOne).toHaveBeenCalledWith({
+
+      // Verify the victim's message still exists
+      const victimMessage = await Message.findOne({
         messageId: victimMessageId,
-        user: 'attacker123',
+        user: 'victim123',
       });
+      expect(victimMessage).toBeTruthy();
+      expect(victimMessage.text).toBe('Victim message');
     });
 
     it("should not allow inserting a new message into another user's conversation", async () => {
       const attackerReq = { user: { id: 'attacker123' } };
-      const victimConversationId = uuidv4(); // Use a valid UUID
+      const victimConversationId = uuidv4();
 
-      await expect(
-        saveMessage(attackerReq, {
-          conversationId: victimConversationId,
-          text: 'Inserted malicious message',
-          messageId: 'new-msg-123',
-        }),
-      ).resolves.not.toThrow(); // It should not throw an error
+      // Attacker tries to save a message - this should succeed but with attacker's user ID
+      const result = await saveMessage(attackerReq, {
+        conversationId: victimConversationId,
+        text: 'Inserted malicious message',
+        messageId: 'new-msg-123',
+        user: 'attacker123',
+      });
 
-      // Check that the message was saved with the attacker's user ID
-      expect(mockSchema.findOneAndUpdate).toHaveBeenCalledWith(
-        { messageId: 'new-msg-123', user: 'attacker123' },
-        expect.objectContaining({
-          user: 'attacker123',
-          conversationId: victimConversationId,
-        }),
-        expect.anything(),
-      );
+      expect(result).toBeTruthy();
+      expect(result.user).toBe('attacker123');
+
+      // Verify the message was saved with the attacker's user ID, not as an anonymous message
+      const savedMessage = await Message.findOne({ messageId: 'new-msg-123' });
+      expect(savedMessage.user).toBe('attacker123');
+      expect(savedMessage.conversationId).toBe(victimConversationId);
     });
 
     it('should allow retrieving messages from any conversation', async () => {
-      const victimConversationId = 'victim-convo-123';
+      const victimConversationId = uuidv4();
 
-      await getMessages({ conversationId: victimConversationId });
-
-      expect(mockSchema.find).toHaveBeenCalledWith({
+      // Save a message in the victim's conversation
+      const victimReq = { user: { id: 'victim123' } };
+      await saveMessage(victimReq, {
+        messageId: 'victim-msg',
         conversationId: victimConversationId,
+        text: 'Victim message',
+        user: 'victim123',
       });
 
-      mockSchema.find.mockReturnValueOnce({
-        select: jest.fn().mockReturnThis(),
-        sort: jest.fn().mockReturnThis(),
-        lean: jest.fn().mockResolvedValue([{ text: 'Test message' }]),
-      });
-
-      const result = await getMessages({ conversationId: victimConversationId });
-      expect(result).toEqual([{ text: 'Test message' }]);
+      // Anyone should be able to retrieve messages by conversation ID
+      const messages = await getMessages({ conversationId: victimConversationId });
+      expect(messages).toHaveLength(1);
+      expect(messages[0].text).toBe('Victim message');
     });
   });
 });

api/models/Preset.js

@@ -1,5 +1,5 @@
-const Preset = require('./schema/presetSchema');
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');
+const { Preset } = require('~/db/models');
 
 const getPreset = async (user, presetId) => {
   try {
@@ -11,7 +11,6 @@ const getPreset = async (user, presetId) => {
 };
 
 module.exports = {
-  Preset,
   getPreset,
   getPresets: async (user, filter) => {
     try {

api/models/Project.js

@@ -1,8 +1,5 @@
-const { model } = require('mongoose');
 const { GLOBAL_PROJECT_NAME } = require('librechat-data-provider').Constants;
-const { projectSchema } = require('@librechat/data-schemas');
-
-const Project = model('Project', projectSchema);
+const { Project } = require('~/db/models');
 
 /**
  * Retrieve a project by ID and convert the found project document to a plain object.

api/models/Prompt.js

@@ -1,5 +1,5 @@
-const mongoose = require('mongoose');
 const { ObjectId } = require('mongodb');
+const { logger } = require('@librechat/data-schemas');
 const { SystemRoles, SystemCategories, Constants } = require('librechat-data-provider');
 const {
   getProjectByName,
@@ -7,12 +7,8 @@ const {
   removeGroupIdsFromProject,
   removeGroupFromAllProjects,
 } = require('./Project');
-const { promptGroupSchema, promptSchema } = require('@librechat/data-schemas');
+const { PromptGroup, Prompt } = require('~/db/models');
 const { escapeRegExp } = require('~/server/utils');
-const { logger } = require('~/config');
-
-const PromptGroup = mongoose.model('PromptGroup', promptGroupSchema);
-const Prompt = mongoose.model('Prompt', promptSchema);
 
 /**
  * Create a pipeline for the aggregation to get prompt groups

api/models/Role.js

@@ -1,4 +1,3 @@
-const mongoose = require('mongoose');
 const {
   CacheKeys,
   SystemRoles,
@@ -7,11 +6,9 @@ const {
   permissionsSchema,
   removeNullishValues,
 } = require('librechat-data-provider');
+const { logger } = require('@librechat/data-schemas');
 const getLogStores = require('~/cache/getLogStores');
-const { roleSchema } = require('@librechat/data-schemas');
-const { logger } = require('~/config');
-
-const Role = mongoose.model('Role', roleSchema);
+const { Role } = require('~/db/models');
 
 /**
  * Retrieve a role by name and convert the found role document to a plain object.
@@ -173,35 +170,6 @@ async function updateAccessPermissions(roleName, permissionsUpdate) {
   }
 }
 
-/**
- * Initialize default roles in the system.
- * Creates the default roles (ADMIN, USER) if they don't exist in the database.
- * Updates existing roles with new permission types if they're missing.
- *
- * @returns {Promise<void>}
- */
-const initializeRoles = async function () {
-  for (const roleName of [SystemRoles.ADMIN, SystemRoles.USER]) {
-    let role = await Role.findOne({ name: roleName });
-    const defaultPerms = roleDefaults[roleName].permissions;
-
-    if (!role) {
-      // Create new role if it doesn't exist.
-      role = new Role(roleDefaults[roleName]);
-    } else {
-      // Ensure role.permissions is defined.
-      role.permissions = role.permissions || {};
-      // For each permission type in defaults, add it if missing.
-      for (const permType of Object.keys(defaultPerms)) {
-        if (role.permissions[permType] == null) {
-          role.permissions[permType] = defaultPerms[permType];
-        }
-      }
-    }
-    await role.save();
-  }
-};
-
 /**
  * Migrates roles from old schema to new schema structure.
  * This can be called directly to fix existing roles.
@@ -282,10 +250,8 @@ const migrateRoleSchema = async function (roleName) {
 };
 
 module.exports = {
-  Role,
   getRoleByName,
-  initializeRoles,
   updateRoleByName,
-  updateAccessPermissions,
   migrateRoleSchema,
+  updateAccessPermissions,
 };

api/models/Role.spec.js

@@ -6,8 +6,10 @@ const {
   roleDefaults,
   PermissionTypes,
 } = require('librechat-data-provider');
-const { Role, getRoleByName, updateAccessPermissions, initializeRoles } = require('~/models/Role');
+const { getRoleByName, updateAccessPermissions } = require('~/models/Role');
 const getLogStores = require('~/cache/getLogStores');
+const { initializeRoles } = require('~/models');
+const { Role } = require('~/db/models');
 
 // Mock the cache
 jest.mock('~/cache/getLogStores', () =>

api/models/Session.js

@@ -1,275 +0,0 @@
-const mongoose = require('mongoose');
-const signPayload = require('~/server/services/signPayload');
-const { hashToken } = require('~/server/utils/crypto');
-const { sessionSchema } = require('@librechat/data-schemas');
-const { logger } = require('~/config');
-
-const Session = mongoose.model('Session', sessionSchema);
-
-const { REFRESH_TOKEN_EXPIRY } = process.env ?? {};
-const expires = eval(REFRESH_TOKEN_EXPIRY) ?? 1000 * 60 * 60 * 24 * 7; // 7 days default
-
-/**
- * Error class for Session-related errors
- */
-class SessionError extends Error {
-  constructor(message, code = 'SESSION_ERROR') {
-    super(message);
-    this.name = 'SessionError';
-    this.code = code;
-  }
-}
-
-/**
- * Creates a new session for a user
- * @param {string} userId - The ID of the user
- * @param {Object} options - Additional options for session creation
- * @param {Date} options.expiration - Custom expiration date
- * @returns {Promise<{session: Session, refreshToken: string}>}
- * @throws {SessionError}
- */
-const createSession = async (userId, options = {}) => {
-  if (!userId) {
-    throw new SessionError('User ID is required', 'INVALID_USER_ID');
-  }
-
-  try {
-    const session = new Session({
-      user: userId,
-      expiration: options.expiration || new Date(Date.now() + expires),
-    });
-    const refreshToken = await generateRefreshToken(session);
-    return { session, refreshToken };
-  } catch (error) {
-    logger.error('[createSession] Error creating session:', error);
-    throw new SessionError('Failed to create session', 'CREATE_SESSION_FAILED');
-  }
-};
-
-/**
- * Finds a session by various parameters
- * @param {Object} params - Search parameters
- * @param {string} [params.refreshToken] - The refresh token to search by
- * @param {string} [params.userId] - The user ID to search by
- * @param {string} [params.sessionId] - The session ID to search by
- * @param {Object} [options] - Additional options
- * @param {boolean} [options.lean=true] - Whether to return plain objects instead of documents
- * @returns {Promise<Session|null>}
- * @throws {SessionError}
- */
-const findSession = async (params, options = { lean: true }) => {
-  try {
-    const query = {};
-
-    if (!params.refreshToken && !params.userId && !params.sessionId) {
-      throw new SessionError('At least one search parameter is required', 'INVALID_SEARCH_PARAMS');
-    }
-
-    if (params.refreshToken) {
-      const tokenHash = await hashToken(params.refreshToken);
-      query.refreshTokenHash = tokenHash;
-    }
-
-    if (params.userId) {
-      query.user = params.userId;
-    }
-
-    if (params.sessionId) {
-      const sessionId = params.sessionId.sessionId || params.sessionId;
-      if (!mongoose.Types.ObjectId.isValid(sessionId)) {
-        throw new SessionError('Invalid session ID format', 'INVALID_SESSION_ID');
-      }
-      query._id = sessionId;
-    }
-
-    // Add expiration check to only return valid sessions
-    query.expiration = { $gt: new Date() };
-
-    const sessionQuery = Session.findOne(query);
-
-    if (options.lean) {
-      return await sessionQuery.lean();
-    }
-
-    return await sessionQuery.exec();
-  } catch (error) {
-    logger.error('[findSession] Error finding session:', error);
-    throw new SessionError('Failed to find session', 'FIND_SESSION_FAILED');
-  }
-};
-
-/**
- * Updates session expiration
- * @param {Session|string} session - The session or session ID to update
- * @param {Date} [newExpiration] - Optional new expiration date
- * @returns {Promise<Session>}
- * @throws {SessionError}
- */
-const updateExpiration = async (session, newExpiration) => {
-  try {
-    const sessionDoc = typeof session === 'string' ? await Session.findById(session) : session;
-
-    if (!sessionDoc) {
-      throw new SessionError('Session not found', 'SESSION_NOT_FOUND');
-    }
-
-    sessionDoc.expiration = newExpiration || new Date(Date.now() + expires);
-    return await sessionDoc.save();
-  } catch (error) {
-    logger.error('[updateExpiration] Error updating session:', error);
-    throw new SessionError('Failed to update session expiration', 'UPDATE_EXPIRATION_FAILED');
-  }
-};
-
-/**
- * Deletes a session by refresh token or session ID
- * @param {Object} params - Delete parameters
- * @param {string} [params.refreshToken] - The refresh token of the session to delete
- * @param {string} [params.sessionId] - The ID of the session to delete
- * @returns {Promise<Object>}
- * @throws {SessionError}
- */
-const deleteSession = async (params) => {
-  try {
-    if (!params.refreshToken && !params.sessionId) {
-      throw new SessionError(
-        'Either refreshToken or sessionId is required',
-        'INVALID_DELETE_PARAMS',
-      );
-    }
-
-    const query = {};
-
-    if (params.refreshToken) {
-      query.refreshTokenHash = await hashToken(params.refreshToken);
-    }
-
-    if (params.sessionId) {
-      query._id = params.sessionId;
-    }
-
-    const result = await Session.deleteOne(query);
-
-    if (result.deletedCount === 0) {
-      logger.warn('[deleteSession] No session found to delete');
-    }
-
-    return result;
-  } catch (error) {
-    logger.error('[deleteSession] Error deleting session:', error);
-    throw new SessionError('Failed to delete session', 'DELETE_SESSION_FAILED');
-  }
-};
-
-/**
- * Deletes all sessions for a user
- * @param {string} userId - The ID of the user
- * @param {Object} [options] - Additional options
- * @param {boolean} [options.excludeCurrentSession] - Whether to exclude the current session
- * @param {string} [options.currentSessionId] - The ID of the current session to exclude
- * @returns {Promise<Object>}
- * @throws {SessionError}
- */
-const deleteAllUserSessions = async (userId, options = {}) => {
-  try {
-    if (!userId) {
-      throw new SessionError('User ID is required', 'INVALID_USER_ID');
-    }
-
-    // Extract userId if it's passed as an object
-    const userIdString = userId.userId || userId;
-
-    if (!mongoose.Types.ObjectId.isValid(userIdString)) {
-      throw new SessionError('Invalid user ID format', 'INVALID_USER_ID_FORMAT');
-    }
-
-    const query = { user: userIdString };
-
-    if (options.excludeCurrentSession && options.currentSessionId) {
-      query._id = { $ne: options.currentSessionId };
-    }
-
-    const result = await Session.deleteMany(query);
-
-    if (result.deletedCount > 0) {
-      logger.debug(
-        `[deleteAllUserSessions] Deleted ${result.deletedCount} sessions for user ${userIdString}.`,
-      );
-    }
-
-    return result;
-  } catch (error) {
-    logger.error('[deleteAllUserSessions] Error deleting user sessions:', error);
-    throw new SessionError('Failed to delete user sessions', 'DELETE_ALL_SESSIONS_FAILED');
-  }
-};
-
-/**
- * Generates a refresh token for a session
- * @param {Session} session - The session to generate a token for
- * @returns {Promise<string>}
- * @throws {SessionError}
- */
-const generateRefreshToken = async (session) => {
-  if (!session || !session.user) {
-    throw new SessionError('Invalid session object', 'INVALID_SESSION');
-  }
-
-  try {
-    const expiresIn = session.expiration ? session.expiration.getTime() : Date.now() + expires;
-
-    if (!session.expiration) {
-      session.expiration = new Date(expiresIn);
-    }
-
-    const refreshToken = await signPayload({
-      payload: {
-        id: session.user,
-        sessionId: session._id,
-      },
-      secret: process.env.JWT_REFRESH_SECRET,
-      expirationTime: Math.floor((expiresIn - Date.now()) / 1000),
-    });
-
-    session.refreshTokenHash = await hashToken(refreshToken);
-    await session.save();
-
-    return refreshToken;
-  } catch (error) {
-    logger.error('[generateRefreshToken] Error generating refresh token:', error);
-    throw new SessionError('Failed to generate refresh token', 'GENERATE_TOKEN_FAILED');
-  }
-};
-
-/**
- * Counts active sessions for a user
- * @param {string} userId - The ID of the user
- * @returns {Promise<number>}
- * @throws {SessionError}
- */
-const countActiveSessions = async (userId) => {
-  try {
-    if (!userId) {
-      throw new SessionError('User ID is required', 'INVALID_USER_ID');
-    }
-
-    return await Session.countDocuments({
-      user: userId,
-      expiration: { $gt: new Date() },
-    });
-  } catch (error) {
-    logger.error('[countActiveSessions] Error counting active sessions:', error);
-    throw new SessionError('Failed to count active sessions', 'COUNT_SESSIONS_FAILED');
-  }
-};
-
-module.exports = {
-  createSession,
-  findSession,
-  updateExpiration,
-  deleteSession,
-  deleteAllUserSessions,
-  generateRefreshToken,
-  countActiveSessions,
-  SessionError,
-};

api/models/Share.js

@@ -1,351 +0,0 @@
-const mongoose = require('mongoose');
-const { nanoid } = require('nanoid');
-const { Constants } = require('librechat-data-provider');
-const { Conversation } = require('~/models/Conversation');
-const { shareSchema } = require('@librechat/data-schemas');
-const SharedLink = mongoose.model('SharedLink', shareSchema);
-const { getMessages } = require('./Message');
-const logger = require('~/config/winston');
-
-class ShareServiceError extends Error {
-  constructor(message, code) {
-    super(message);
-    this.name = 'ShareServiceError';
-    this.code = code;
-  }
-}
-
-const memoizedAnonymizeId = (prefix) => {
-  const memo = new Map();
-  return (id) => {
-    if (!memo.has(id)) {
-      memo.set(id, `${prefix}_${nanoid()}`);
-    }
-    return memo.get(id);
-  };
-};
-
-const anonymizeConvoId = memoizedAnonymizeId('convo');
-const anonymizeAssistantId = memoizedAnonymizeId('a');
-const anonymizeMessageId = (id) =>
-  id === Constants.NO_PARENT ? id : memoizedAnonymizeId('msg')(id);
-
-function anonymizeConvo(conversation) {
-  if (!conversation) {
-    return null;
-  }
-
-  const newConvo = { ...conversation };
-  if (newConvo.assistant_id) {
-    newConvo.assistant_id = anonymizeAssistantId(newConvo.assistant_id);
-  }
-  return newConvo;
-}
-
-function anonymizeMessages(messages, newConvoId) {
-  if (!Array.isArray(messages)) {
-    return [];
-  }
-
-  const idMap = new Map();
-  return messages.map((message) => {
-    const newMessageId = anonymizeMessageId(message.messageId);
-    idMap.set(message.messageId, newMessageId);
-
-    const anonymizedAttachments = message.attachments?.map((attachment) => {
-      return {
-        ...attachment,
-        messageId: newMessageId,
-        conversationId: newConvoId,
-      };
-    });
-
-    return {
-      ...message,
-      messageId: newMessageId,
-      parentMessageId:
-        idMap.get(message.parentMessageId) || anonymizeMessageId(message.parentMessageId),
-      conversationId: newConvoId,
-      model: message.model?.startsWith('asst_')
-        ? anonymizeAssistantId(message.model)
-        : message.model,
-      attachments: anonymizedAttachments,
-    };
-  });
-}
-
-async function getSharedMessages(shareId) {
-  try {
-    const share = await SharedLink.findOne({ shareId, isPublic: true })
-      .populate({
-        path: 'messages',
-        select: '-_id -__v -user',
-      })
-      .select('-_id -__v -user')
-      .lean();
-
-    if (!share?.conversationId || !share.isPublic) {
-      return null;
-    }
-
-    const newConvoId = anonymizeConvoId(share.conversationId);
-    const result = {
-      ...share,
-      conversationId: newConvoId,
-      messages: anonymizeMessages(share.messages, newConvoId),
-    };
-
-    return result;
-  } catch (error) {
-    logger.error('[getShare] Error getting share link', {
-      error: error.message,
-      shareId,
-    });
-    throw new ShareServiceError('Error getting share link', 'SHARE_FETCH_ERROR');
-  }
-}
-
-async function getSharedLinks(user, pageParam, pageSize, isPublic, sortBy, sortDirection, search) {
-  try {
-    const query = { user, isPublic };
-
-    if (pageParam) {
-      if (sortDirection === 'desc') {
-        query[sortBy] = { $lt: pageParam };
-      } else {
-        query[sortBy] = { $gt: pageParam };
-      }
-    }
-
-    if (search && search.trim()) {
-      try {
-        const searchResults = await Conversation.meiliSearch(search);
-
-        if (!searchResults?.hits?.length) {
-          return {
-            links: [],
-            nextCursor: undefined,
-            hasNextPage: false,
-          };
-        }
-
-        const conversationIds = searchResults.hits.map((hit) => hit.conversationId);
-        query['conversationId'] = { $in: conversationIds };
-      } catch (searchError) {
-        logger.error('[getSharedLinks] Meilisearch error', {
-          error: searchError.message,
-          user,
-        });
-        return {
-          links: [],
-          nextCursor: undefined,
-          hasNextPage: false,
-        };
-      }
-    }
-
-    const sort = {};
-    sort[sortBy] = sortDirection === 'desc' ? -1 : 1;
-
-    if (Array.isArray(query.conversationId)) {
-      query.conversationId = { $in: query.conversationId };
-    }
-
-    const sharedLinks = await SharedLink.find(query)
-      .sort(sort)
-      .limit(pageSize + 1)
-      .select('-__v -user')
-      .lean();
-
-    const hasNextPage = sharedLinks.length > pageSize;
-    const links = sharedLinks.slice(0, pageSize);
-
-    const nextCursor = hasNextPage ? links[links.length - 1][sortBy] : undefined;
-
-    return {
-      links: links.map((link) => ({
-        shareId: link.shareId,
-        title: link?.title || 'Untitled',
-        isPublic: link.isPublic,
-        createdAt: link.createdAt,
-        conversationId: link.conversationId,
-      })),
-      nextCursor,
-      hasNextPage,
-    };
-  } catch (error) {
-    logger.error('[getSharedLinks] Error getting shares', {
-      error: error.message,
-      user,
-    });
-    throw new ShareServiceError('Error getting shares', 'SHARES_FETCH_ERROR');
-  }
-}
-
-async function deleteAllSharedLinks(user) {
-  try {
-    const result = await SharedLink.deleteMany({ user });
-    return {
-      message: 'All shared links deleted successfully',
-      deletedCount: result.deletedCount,
-    };
-  } catch (error) {
-    logger.error('[deleteAllSharedLinks] Error deleting shared links', {
-      error: error.message,
-      user,
-    });
-    throw new ShareServiceError('Error deleting shared links', 'BULK_DELETE_ERROR');
-  }
-}
-
-async function createSharedLink(user, conversationId) {
-  if (!user || !conversationId) {
-    throw new ShareServiceError('Missing required parameters', 'INVALID_PARAMS');
-  }
-
-  try {
-    const [existingShare, conversationMessages] = await Promise.all([
-      SharedLink.findOne({ conversationId, isPublic: true }).select('-_id -__v -user').lean(),
-      getMessages({ conversationId }),
-    ]);
-
-    if (existingShare && existingShare.isPublic) {
-      throw new ShareServiceError('Share already exists', 'SHARE_EXISTS');
-    } else if (existingShare) {
-      await SharedLink.deleteOne({ conversationId });
-    }
-
-    const conversation = await Conversation.findOne({ conversationId }).lean();
-    const title = conversation?.title || 'Untitled';
-
-    const shareId = nanoid();
-    await SharedLink.create({
-      shareId,
-      conversationId,
-      messages: conversationMessages,
-      title,
-      user,
-    });
-
-    return { shareId, conversationId };
-  } catch (error) {
-    logger.error('[createSharedLink] Error creating shared link', {
-      error: error.message,
-      user,
-      conversationId,
-    });
-    throw new ShareServiceError('Error creating shared link', 'SHARE_CREATE_ERROR');
-  }
-}
-
-async function getSharedLink(user, conversationId) {
-  if (!user || !conversationId) {
-    throw new ShareServiceError('Missing required parameters', 'INVALID_PARAMS');
-  }
-
-  try {
-    const share = await SharedLink.findOne({ conversationId, user, isPublic: true })
-      .select('shareId -_id')
-      .lean();
-
-    if (!share) {
-      return { shareId: null, success: false };
-    }
-
-    return { shareId: share.shareId, success: true };
-  } catch (error) {
-    logger.error('[getSharedLink] Error getting shared link', {
-      error: error.message,
-      user,
-      conversationId,
-    });
-    throw new ShareServiceError('Error getting shared link', 'SHARE_FETCH_ERROR');
-  }
-}
-
-async function updateSharedLink(user, shareId) {
-  if (!user || !shareId) {
-    throw new ShareServiceError('Missing required parameters', 'INVALID_PARAMS');
-  }
-
-  try {
-    const share = await SharedLink.findOne({ shareId }).select('-_id -__v -user').lean();
-
-    if (!share) {
-      throw new ShareServiceError('Share not found', 'SHARE_NOT_FOUND');
-    }
-
-    const [updatedMessages] = await Promise.all([
-      getMessages({ conversationId: share.conversationId }),
-    ]);
-
-    const newShareId = nanoid();
-    const update = {
-      messages: updatedMessages,
-      user,
-      shareId: newShareId,
-    };
-
-    const updatedShare = await SharedLink.findOneAndUpdate({ shareId, user }, update, {
-      new: true,
-      upsert: false,
-      runValidators: true,
-    }).lean();
-
-    if (!updatedShare) {
-      throw new ShareServiceError('Share update failed', 'SHARE_UPDATE_ERROR');
-    }
-
-    anonymizeConvo(updatedShare);
-
-    return { shareId: newShareId, conversationId: updatedShare.conversationId };
-  } catch (error) {
-    logger.error('[updateSharedLink] Error updating shared link', {
-      error: error.message,
-      user,
-      shareId,
-    });
-    throw new ShareServiceError(
-      error.code === 'SHARE_UPDATE_ERROR' ? error.message : 'Error updating shared link',
-      error.code || 'SHARE_UPDATE_ERROR',
-    );
-  }
-}
-
-async function deleteSharedLink(user, shareId) {
-  if (!user || !shareId) {
-    throw new ShareServiceError('Missing required parameters', 'INVALID_PARAMS');
-  }
-
-  try {
-    const result = await SharedLink.findOneAndDelete({ shareId, user }).lean();
-
-    if (!result) {
-      return null;
-    }
-
-    return {
-      success: true,
-      shareId,
-      message: 'Share deleted successfully',
-    };
-  } catch (error) {
-    logger.error('[deleteSharedLink] Error deleting shared link', {
-      error: error.message,
-      user,
-      shareId,
-    });
-    throw new ShareServiceError('Error deleting shared link', 'SHARE_DELETE_ERROR');
-  }
-}
-
-module.exports = {
-  SharedLink,
-  getSharedLink,
-  getSharedLinks,
-  createSharedLink,
-  updateSharedLink,
-  deleteSharedLink,
-  getSharedMessages,
-  deleteAllSharedLinks,
-};

api/models/Token.js

@@ -1,199 +0,0 @@
-const mongoose = require('mongoose');
-const { encryptV2 } = require('~/server/utils/crypto');
-const { tokenSchema } = require('@librechat/data-schemas');
-const { logger } = require('~/config');
-
-/**
- * Token model.
- * @type {mongoose.Model}
- */
-const Token = mongoose.model('Token', tokenSchema);
-/**
- * Fixes the indexes for the Token collection from legacy TTL indexes to the new expiresAt index.
- */
-async function fixIndexes() {
-  try {
-    if (
-      process.env.NODE_ENV === 'CI' ||
-      process.env.NODE_ENV === 'development' ||
-      process.env.NODE_ENV === 'test'
-    ) {
-      return;
-    }
-    const indexes = await Token.collection.indexes();
-    logger.debug('Existing Token Indexes:', JSON.stringify(indexes, null, 2));
-    const unwantedTTLIndexes = indexes.filter(
-      (index) => index.key.createdAt === 1 && index.expireAfterSeconds !== undefined,
-    );
-    if (unwantedTTLIndexes.length === 0) {
-      logger.debug('No unwanted Token indexes found.');
-      return;
-    }
-    for (const index of unwantedTTLIndexes) {
-      logger.debug(`Dropping unwanted Token index: ${index.name}`);
-      await Token.collection.dropIndex(index.name);
-      logger.debug(`Dropped Token index: ${index.name}`);
-    }
-    logger.debug('Token index cleanup completed successfully.');
-  } catch (error) {
-    logger.error('An error occurred while fixing Token indexes:', error);
-  }
-}
-
-fixIndexes();
-
-/**
- * Creates a new Token instance.
- * @param {Object} tokenData - The data for the new Token.
- * @param {mongoose.Types.ObjectId} tokenData.userId - The user's ID. It is required.
- * @param {String} tokenData.email - The user's email.
- * @param {String} tokenData.token - The token. It is required.
- * @param {Number} tokenData.expiresIn - The number of seconds until the token expires.
- * @returns {Promise<mongoose.Document>} The new Token instance.
- * @throws Will throw an error if token creation fails.
- */
-async function createToken(tokenData) {
-  try {
-    const currentTime = new Date();
-    const expiresAt = new Date(currentTime.getTime() + tokenData.expiresIn * 1000);
-
-    const newTokenData = {
-      ...tokenData,
-      createdAt: currentTime,
-      expiresAt,
-    };
-
-    return await Token.create(newTokenData);
-  } catch (error) {
-    logger.debug('An error occurred while creating token:', error);
-    throw error;
-  }
-}
-
-/**
- * Finds a Token document that matches the provided query.
- * @param {Object} query - The query to match against.
- * @param {mongoose.Types.ObjectId|String} query.userId - The ID of the user.
- * @param {String} query.token - The token value.
- * @param {String} [query.email] - The email of the user.
- * @param {String} [query.identifier] - Unique, alternative identifier for the token.
- * @returns {Promise<Object|null>} The matched Token document, or null if not found.
- * @throws Will throw an error if the find operation fails.
- */
-async function findToken(query) {
-  try {
-    const conditions = [];
-
-    if (query.userId) {
-      conditions.push({ userId: query.userId });
-    }
-    if (query.token) {
-      conditions.push({ token: query.token });
-    }
-    if (query.email) {
-      conditions.push({ email: query.email });
-    }
-    if (query.identifier) {
-      conditions.push({ identifier: query.identifier });
-    }
-
-    const token = await Token.findOne({
-      $and: conditions,
-    }).lean();
-
-    return token;
-  } catch (error) {
-    logger.debug('An error occurred while finding token:', error);
-    throw error;
-  }
-}
-
-/**
- * Updates a Token document that matches the provided query.
- * @param {Object} query - The query to match against.
- * @param {mongoose.Types.ObjectId|String} query.userId - The ID of the user.
- * @param {String} query.token - The token value.
- * @param {String} [query.email] - The email of the user.
- * @param {String} [query.identifier] - Unique, alternative identifier for the token.
- * @param {Object} updateData - The data to update the Token with.
- * @returns {Promise<mongoose.Document|null>} The updated Token document, or null if not found.
- * @throws Will throw an error if the update operation fails.
- */
-async function updateToken(query, updateData) {
-  try {
-    return await Token.findOneAndUpdate(query, updateData, { new: true });
-  } catch (error) {
-    logger.debug('An error occurred while updating token:', error);
-    throw error;
-  }
-}
-
-/**
- * Deletes all Token documents that match the provided token, user ID, or email.
- * @param {Object} query - The query to match against.
- * @param {mongoose.Types.ObjectId|String} query.userId - The ID of the user.
- * @param {String} query.token - The token value.
- * @param {String} [query.email] - The email of the user.
- * @param {String} [query.identifier] - Unique, alternative identifier for the token.
- * @returns {Promise<Object>} The result of the delete operation.
- * @throws Will throw an error if the delete operation fails.
- */
-async function deleteTokens(query) {
-  try {
-    return await Token.deleteMany({
-      $or: [
-        { userId: query.userId },
-        { token: query.token },
-        { email: query.email },
-        { identifier: query.identifier },
-      ],
-    });
-  } catch (error) {
-    logger.debug('An error occurred while deleting tokens:', error);
-    throw error;
-  }
-}
-
-/**
- * Handles the OAuth token by creating or updating the token.
- * @param {object} fields
- * @param {string} fields.userId - The user's ID.
- * @param {string} fields.token - The full token to store.
- * @param {string} fields.identifier - Unique, alternative identifier for the token.
- * @param {number} fields.expiresIn - The number of seconds until the token expires.
- * @param {object} fields.metadata - Additional metadata to store with the token.
- * @param {string} [fields.type="oauth"] - The type of token. Default is 'oauth'.
- */
-async function handleOAuthToken({
-  token,
-  userId,
-  identifier,
-  expiresIn,
-  metadata,
-  type = 'oauth',
-}) {
-  const encrypedToken = await encryptV2(token);
-  const tokenData = {
-    type,
-    userId,
-    metadata,
-    identifier,
-    token: encrypedToken,
-    expiresIn: parseInt(expiresIn, 10) || 3600,
-  };
-
-  const existingToken = await findToken({ userId, identifier });
-  if (existingToken) {
-    return await updateToken({ identifier }, tokenData);
-  } else {
-    return await createToken(tokenData);
-  }
-}
-
-module.exports = {
-  findToken,
-  createToken,
-  updateToken,
-  deleteTokens,
-  handleOAuthToken,
-};

api/models/ToolCall.js

@@ -1,6 +1,4 @@
-const mongoose = require('mongoose');
-const { toolCallSchema } = require('@librechat/data-schemas');
-const ToolCall = mongoose.model('ToolCall', toolCallSchema);
+const { ToolCall } = require('~/db/models');
 
 /**
  * Create a new tool call

api/models/Transaction.js

@@ -1,9 +1,7 @@
-const mongoose = require('mongoose');
-const { transactionSchema } = require('@librechat/data-schemas');
+const { logger } = require('@librechat/data-schemas');
 const { getBalanceConfig } = require('~/server/services/Config');
 const { getMultiplier, getCacheMultiplier } = require('./tx');
-const { logger } = require('~/config');
-const Balance = require('./Balance');
+const { Transaction, Balance } = require('~/db/models');
 
 const cancelRate = 1.15;
 
@@ -140,19 +138,19 @@ const updateBalance = async ({ user, incrementValue, setValues }) => {
 };
 
 /** Method to calculate and set the tokenValue for a transaction */
-transactionSchema.methods.calculateTokenValue = function () {
-  if (!this.valueKey || !this.tokenType) {
-    this.tokenValue = this.rawAmount;
+function calculateTokenValue(txn) {
+  if (!txn.valueKey || !txn.tokenType) {
+    txn.tokenValue = txn.rawAmount;
   }
-  const { valueKey, tokenType, model, endpointTokenConfig } = this;
+  const { valueKey, tokenType, model, endpointTokenConfig } = txn;
   const multiplier = Math.abs(getMultiplier({ valueKey, tokenType, model, endpointTokenConfig }));
-  this.rate = multiplier;
-  this.tokenValue = this.rawAmount * multiplier;
-  if (this.context && this.tokenType === 'completion' && this.context === 'incomplete') {
-    this.tokenValue = Math.ceil(this.tokenValue * cancelRate);
-    this.rate *= cancelRate;
+  txn.rate = multiplier;
+  txn.tokenValue = txn.rawAmount * multiplier;
+  if (txn.context && txn.tokenType === 'completion' && txn.context === 'incomplete') {
+    txn.tokenValue = Math.ceil(txn.tokenValue * cancelRate);
+    txn.rate *= cancelRate;
   }
-};
+}
 
 /**
  * New static method to create an auto-refill transaction that does NOT trigger a balance update.
@@ -163,13 +161,13 @@ transactionSchema.methods.calculateTokenValue = function () {
  * @param {number} txData.rawAmount - The raw amount of tokens.
  * @returns {Promise<object>} - The created transaction.
  */
-transactionSchema.statics.createAutoRefillTransaction = async function (txData) {
+async function createAutoRefillTransaction(txData) {
   if (txData.rawAmount != null && isNaN(txData.rawAmount)) {
     return;
   }
-  const transaction = new this(txData);
+  const transaction = new Transaction(txData);
   transaction.endpointTokenConfig = txData.endpointTokenConfig;
-  transaction.calculateTokenValue();
+  calculateTokenValue(transaction);
   await transaction.save();
 
   const balanceResponse = await updateBalance({
@@ -185,21 +183,20 @@ transactionSchema.statics.createAutoRefillTransaction = async function (txData)
   logger.debug('[Balance.check] Auto-refill performed', result);
   result.transaction = transaction;
   return result;
-};
+}
 
 /**
  * Static method to create a transaction and update the balance
  * @param {txData} txData - Transaction data.
  */
-transactionSchema.statics.create = async function (txData) {
-  const Transaction = this;
+async function createTransaction(txData) {
   if (txData.rawAmount != null && isNaN(txData.rawAmount)) {
     return;
   }
 
   const transaction = new Transaction(txData);
   transaction.endpointTokenConfig = txData.endpointTokenConfig;
-  transaction.calculateTokenValue();
+  calculateTokenValue(transaction);
 
   await transaction.save();
 
@@ -209,7 +206,6 @@ transactionSchema.statics.create = async function (txData) {
   }
 
   let incrementValue = transaction.tokenValue;
-
   const balanceResponse = await updateBalance({
     user: transaction.user,
     incrementValue,
@@ -221,21 +217,19 @@ transactionSchema.statics.create = async function (txData) {
     balance: balanceResponse.tokenCredits,
     [transaction.tokenType]: incrementValue,
   };
-};
+}
 
 /**
  * Static method to create a structured transaction and update the balance
  * @param {txData} txData - Transaction data.
  */
-transactionSchema.statics.createStructured = async function (txData) {
-  const Transaction = this;
-
+async function createStructuredTransaction(txData) {
   const transaction = new Transaction({
     ...txData,
     endpointTokenConfig: txData.endpointTokenConfig,
   });
 
-  transaction.calculateStructuredTokenValue();
+  calculateStructuredTokenValue(transaction);
 
   await transaction.save();
 
@@ -257,71 +251,69 @@ transactionSchema.statics.createStructured = async function (txData) {
     balance: balanceResponse.tokenCredits,
     [transaction.tokenType]: incrementValue,
   };
-};
+}
 
 /** Method to calculate token value for structured tokens */
-transactionSchema.methods.calculateStructuredTokenValue = function () {
-  if (!this.tokenType) {
-    this.tokenValue = this.rawAmount;
+function calculateStructuredTokenValue(txn) {
+  if (!txn.tokenType) {
+    txn.tokenValue = txn.rawAmount;
     return;
   }
 
-  const { model, endpointTokenConfig } = this;
+  const { model, endpointTokenConfig } = txn;
 
-  if (this.tokenType === 'prompt') {
+  if (txn.tokenType === 'prompt') {
     const inputMultiplier = getMultiplier({ tokenType: 'prompt', model, endpointTokenConfig });
     const writeMultiplier =
       getCacheMultiplier({ cacheType: 'write', model, endpointTokenConfig }) ?? inputMultiplier;
     const readMultiplier =
       getCacheMultiplier({ cacheType: 'read', model, endpointTokenConfig }) ?? inputMultiplier;
 
-    this.rateDetail = {
+    txn.rateDetail = {
       input: inputMultiplier,
       write: writeMultiplier,
       read: readMultiplier,
     };
 
     const totalPromptTokens =
-      Math.abs(this.inputTokens || 0) +
-      Math.abs(this.writeTokens || 0) +
-      Math.abs(this.readTokens || 0);
+      Math.abs(txn.inputTokens || 0) +
+      Math.abs(txn.writeTokens || 0) +
+      Math.abs(txn.readTokens || 0);
 
     if (totalPromptTokens > 0) {
-      this.rate =
-        (Math.abs(inputMultiplier * (this.inputTokens || 0)) +
-          Math.abs(writeMultiplier * (this.writeTokens || 0)) +
-          Math.abs(readMultiplier * (this.readTokens || 0))) /
+      txn.rate =
+        (Math.abs(inputMultiplier * (txn.inputTokens || 0)) +
+          Math.abs(writeMultiplier * (txn.writeTokens || 0)) +
+          Math.abs(readMultiplier * (txn.readTokens || 0))) /
         totalPromptTokens;
     } else {
-      this.rate = Math.abs(inputMultiplier); // Default to input rate if no tokens
+      txn.rate = Math.abs(inputMultiplier); // Default to input rate if no tokens
     }
 
-    this.tokenValue = -(
-      Math.abs(this.inputTokens || 0) * inputMultiplier +
-      Math.abs(this.writeTokens || 0) * writeMultiplier +
-      Math.abs(this.readTokens || 0) * readMultiplier
+    txn.tokenValue = -(
+      Math.abs(txn.inputTokens || 0) * inputMultiplier +
+      Math.abs(txn.writeTokens || 0) * writeMultiplier +
+      Math.abs(txn.readTokens || 0) * readMultiplier
     );
 
-    this.rawAmount = -totalPromptTokens;
-  } else if (this.tokenType === 'completion') {
-    const multiplier = getMultiplier({ tokenType: this.tokenType, model, endpointTokenConfig });
-    this.rate = Math.abs(multiplier);
-    this.tokenValue = -Math.abs(this.rawAmount) * multiplier;
-    this.rawAmount = -Math.abs(this.rawAmount);
+    txn.rawAmount = -totalPromptTokens;
+  } else if (txn.tokenType === 'completion') {
+    const multiplier = getMultiplier({ tokenType: txn.tokenType, model, endpointTokenConfig });
+    txn.rate = Math.abs(multiplier);
+    txn.tokenValue = -Math.abs(txn.rawAmount) * multiplier;
+    txn.rawAmount = -Math.abs(txn.rawAmount);
   }
 
-  if (this.context && this.tokenType === 'completion' && this.context === 'incomplete') {
-    this.tokenValue = Math.ceil(this.tokenValue * cancelRate);
-    this.rate *= cancelRate;
-    if (this.rateDetail) {
-      this.rateDetail = Object.fromEntries(
-        Object.entries(this.rateDetail).map(([k, v]) => [k, v * cancelRate]),
+  if (txn.context && txn.tokenType === 'completion' && txn.context === 'incomplete') {
+    txn.tokenValue = Math.ceil(txn.tokenValue * cancelRate);
+    txn.rate *= cancelRate;
+    if (txn.rateDetail) {
+      txn.rateDetail = Object.fromEntries(
+        Object.entries(txn.rateDetail).map(([k, v]) => [k, v * cancelRate]),
       );
     }
   }
-};
-
-const Transaction = mongoose.model('Transaction', transactionSchema);
+}
 
 /**
  * Queries and retrieves transactions based on a given filter.
@@ -340,4 +332,9 @@ async function getTransactions(filter) {
   }
 }
 
-module.exports = { Transaction, getTransactions };
+module.exports = {
+  getTransactions,
+  createTransaction,
+  createAutoRefillTransaction,
+  createStructuredTransaction,
+};

api/models/Transaction.spec.js

@@ -3,14 +3,13 @@ const { MongoMemoryServer } = require('mongodb-memory-server');
 const { spendTokens, spendStructuredTokens } = require('./spendTokens');
 const { getBalanceConfig } = require('~/server/services/Config');
 const { getMultiplier, getCacheMultiplier } = require('./tx');
-const { Transaction } = require('./Transaction');
-const Balance = require('./Balance');
+const { createTransaction } = require('./Transaction');
+const { Balance } = require('~/db/models');
 
 // Mock the custom config module so we can control the balance flag.
 jest.mock('~/server/services/Config');
 
 let mongoServer;
-
 beforeAll(async () => {
   mongoServer = await MongoMemoryServer.create();
   const mongoUri = mongoServer.getUri();
@@ -368,7 +367,7 @@ describe('NaN Handling Tests', () => {
     };
 
     // Act
-    const result = await Transaction.create(txData);
+    const result = await createTransaction(txData);
 
     // Assert: No transaction should be created and balance remains unchanged.
     expect(result).toBeUndefined();

api/models/User.js

@@ -1,6 +0,0 @@
-const mongoose = require('mongoose');
-const { userSchema } = require('@librechat/data-schemas');
-
-const User = mongoose.model('User', userSchema);
-
-module.exports = User;

api/models/balanceMethods.js

@@ -1,9 +1,9 @@
+const { logger } = require('@librechat/data-schemas');
 const { ViolationTypes } = require('librechat-data-provider');
-const { Transaction } = require('./Transaction');
+const { createAutoRefillTransaction } = require('./Transaction');
 const { logViolation } = require('~/cache');
 const { getMultiplier } = require('./tx');
-const { logger } = require('~/config');
-const Balance = require('./Balance');
+const { Balance } = require('~/db/models');
 
 function isInvalidDate(date) {
   return isNaN(date);
@@ -60,7 +60,7 @@ const checkBalanceRecord = async function ({
     ) {
       try {
         /** @type {{ rate: number, user: string, balance: number, transaction: import('@librechat/data-schemas').ITransaction}} */
-        const result = await Transaction.createAutoRefillTransaction({
+        const result = await createAutoRefillTransaction({
           user: user,
           tokenType: 'credits',
           context: 'autoRefill',

api/models/convoStructure.spec.js

@@ -1,6 +1,7 @@
 const mongoose = require('mongoose');
 const { MongoMemoryServer } = require('mongodb-memory-server');
-const { Message, getMessages, bulkSaveMessages } = require('./Message');
+const { getMessages, bulkSaveMessages } = require('./Message');
+const { Message } = require('~/db/models');
 
 // Original version of buildTree function
 function buildTree({ messages, fileMap }) {
@@ -42,7 +43,6 @@ function buildTree({ messages, fileMap }) {
 }
 
 let mongod;
-
 beforeAll(async () => {
   mongod = await MongoMemoryServer.create();
   const uri = mongod.getUri();

api/models/index.js

@@ -1,13 +1,7 @@
-const {
-  comparePassword,
-  deleteUserById,
-  generateToken,
-  getUserById,
-  updateUser,
-  createUser,
-  countUsers,
-  findUser,
-} = require('./userMethods');
+const mongoose = require('mongoose');
+const { createMethods } = require('@librechat/data-schemas');
+const methods = createMethods(mongoose);
+const { comparePassword } = require('./userMethods');
 const {
   findFileById,
   createFile,
@@ -26,32 +20,12 @@ const {
   deleteMessagesSince,
   deleteMessages,
 } = require('./Message');
-const {
-  createSession,
-  findSession,
-  updateExpiration,
-  deleteSession,
-  deleteAllUserSessions,
-  generateRefreshToken,
-  countActiveSessions,
-} = require('./Session');
 const { getConvoTitle, getConvo, saveConvo, deleteConvos } = require('./Conversation');
 const { getPreset, getPresets, savePreset, deletePresets } = require('./Preset');
-const { createToken, findToken, updateToken, deleteTokens } = require('./Token');
-const Balance = require('./Balance');
-const User = require('./User');
-const Key = require('./Key');
 
 module.exports = {
+  ...methods,
   comparePassword,
-  deleteUserById,
-  generateToken,
-  getUserById,
-  updateUser,
-  createUser,
-  countUsers,
-  findUser,
-
   findFileById,
   createFile,
   updateFile,
@@ -77,21 +51,4 @@ module.exports = {
   getPresets,
   savePreset,
   deletePresets,
-
-  createToken,
-  findToken,
-  updateToken,
-  deleteTokens,
-
-  createSession,
-  findSession,
-  updateExpiration,
-  deleteSession,
-  deleteAllUserSessions,
-  generateRefreshToken,
-  countActiveSessions,
-
-  User,
-  Key,
-  Balance,
 };

api/models/inviteUser.js

@@ -1,7 +1,7 @@
 const mongoose = require('mongoose');
-const { getRandomValues, hashToken } = require('~/server/utils/crypto');
-const { createToken, findToken } = require('./Token');
-const logger = require('~/config/winston');
+const { getRandomValues } = require('@librechat/api');
+const { logger, hashToken } = require('@librechat/data-schemas');
+const { createToken, findToken } = require('~/models');
 
 /**
  * @module inviteUser

api/models/plugins/mongoMeili.js

@@ -1,475 +0,0 @@
-const _ = require('lodash');
-const mongoose = require('mongoose');
-const { MeiliSearch } = require('meilisearch');
-const { parseTextParts, ContentTypes } = require('librechat-data-provider');
-const { cleanUpPrimaryKeyValue } = require('~/lib/utils/misc');
-const logger = require('~/config/meiliLogger');
-
-// Environment flags
-/**
- * Flag to indicate if search is enabled based on environment variables.
- * @type {boolean}
- */
-const searchEnabled = process.env.SEARCH && process.env.SEARCH.toLowerCase() === 'true';
-
-/**
- * Flag to indicate if MeiliSearch is enabled based on required environment variables.
- * @type {boolean}
- */
-const meiliEnabled = process.env.MEILI_HOST && process.env.MEILI_MASTER_KEY && searchEnabled;
-
-/**
- * Validates the required options for configuring the mongoMeili plugin.
- *
- * @param {Object} options - The configuration options.
- * @param {string} options.host - The MeiliSearch host.
- * @param {string} options.apiKey - The MeiliSearch API key.
- * @param {string} options.indexName - The name of the index.
- * @throws {Error} Throws an error if any required option is missing.
- */
-const validateOptions = function (options) {
-  const requiredKeys = ['host', 'apiKey', 'indexName'];
-  requiredKeys.forEach((key) => {
-    if (!options[key]) {
-      throw new Error(`Missing mongoMeili Option: ${key}`);
-    }
-  });
-};
-
-/**
- * Factory function to create a MeiliMongooseModel class which extends a Mongoose model.
- * This class contains static and instance methods to synchronize and manage the MeiliSearch index
- * corresponding to the MongoDB collection.
- *
- * @param {Object} config - Configuration object.
- * @param {Object} config.index - The MeiliSearch index object.
- * @param {Array<string>} config.attributesToIndex - List of attributes to index.
- * @returns {Function} A class definition that will be loaded into the Mongoose schema.
- */
-const createMeiliMongooseModel = function ({ index, attributesToIndex }) {
-  // The primary key is assumed to be the first attribute in the attributesToIndex array.
-  const primaryKey = attributesToIndex[0];
-
-  class MeiliMongooseModel {
-    /**
-     * Synchronizes the data between the MongoDB collection and the MeiliSearch index.
-     *
-     * The synchronization process involves:
-     *   1. Fetching all documents from the MongoDB collection and MeiliSearch index.
-     *   2. Comparing documents from both sources.
-     *   3. Deleting documents from MeiliSearch that no longer exist in MongoDB.
-     *   4. Adding documents to MeiliSearch that exist in MongoDB but not in the index.
-     *   5. Updating documents in MeiliSearch if key fields (such as `text` or `title`) differ.
-     *   6. Updating the `_meiliIndex` field in MongoDB to indicate the indexing status.
-     *
-     * Note: The function processes documents in batches because MeiliSearch's
-     * `index.getDocuments` requires an exact limit and `index.addDocuments` does not handle
-     * partial failures in a batch.
-     *
-     * @returns {Promise<void>} Resolves when the synchronization is complete.
-     */
-    static async syncWithMeili() {
-      try {
-        let moreDocuments = true;
-        // Retrieve all MongoDB documents from the collection as plain JavaScript objects.
-        const mongoDocuments = await this.find().lean();
-
-        // Helper function to format a document by selecting only the attributes to index
-        // and omitting keys starting with '$'.
-        const format = (doc) =>
-          _.omitBy(_.pick(doc, attributesToIndex), (v, k) => k.startsWith('$'));
-
-        // Build a map of MongoDB documents for quick lookup based on the primary key.
-        const mongoMap = new Map(mongoDocuments.map((doc) => [doc[primaryKey], format(doc)]));
-        const indexMap = new Map();
-        let offset = 0;
-        const batchSize = 1000;
-
-        // Fetch documents from the MeiliSearch index in batches.
-        while (moreDocuments) {
-          const batch = await index.getDocuments({ limit: batchSize, offset });
-          if (batch.results.length === 0) {
-            moreDocuments = false;
-          }
-          for (const doc of batch.results) {
-            indexMap.set(doc[primaryKey], format(doc));
-          }
-          offset += batchSize;
-        }
-
-        logger.debug('[syncWithMeili]', { indexMap: indexMap.size, mongoMap: mongoMap.size });
-
-        const updateOps = [];
-
-        // Process documents present in the MeiliSearch index.
-        for (const [id, doc] of indexMap) {
-          const update = {};
-          update[primaryKey] = id;
-          if (mongoMap.has(id)) {
-            // If document exists in MongoDB, check for discrepancies in key fields.
-            if (
-              (doc.text && doc.text !== mongoMap.get(id).text) ||
-              (doc.title && doc.title !== mongoMap.get(id).title)
-            ) {
-              logger.debug(
-                `[syncWithMeili] ${id} had document discrepancy in ${
-                  doc.text ? 'text' : 'title'
-                } field`,
-              );
-              updateOps.push({
-                updateOne: { filter: update, update: { $set: { _meiliIndex: true } } },
-              });
-              await index.addDocuments([doc]);
-            }
-          } else {
-            // If the document does not exist in MongoDB, delete it from MeiliSearch.
-            await index.deleteDocument(id);
-            updateOps.push({
-              updateOne: { filter: update, update: { $set: { _meiliIndex: false } } },
-            });
-          }
-        }
-
-        // Process documents present in MongoDB.
-        for (const [id, doc] of mongoMap) {
-          const update = {};
-          update[primaryKey] = id;
-          // If the document is missing in the Meili index, add it.
-          if (!indexMap.has(id)) {
-            await index.addDocuments([doc]);
-            updateOps.push({
-              updateOne: { filter: update, update: { $set: { _meiliIndex: true } } },
-            });
-          } else if (doc._meiliIndex === false) {
-            // If the document exists but is marked as not indexed, update the flag.
-            updateOps.push({
-              updateOne: { filter: update, update: { $set: { _meiliIndex: true } } },
-            });
-          }
-        }
-
-        // Execute bulk update operations in MongoDB to update the _meiliIndex flags.
-        if (updateOps.length > 0) {
-          await this.collection.bulkWrite(updateOps);
-          logger.debug(
-            `[syncWithMeili] Finished indexing ${
-              primaryKey === 'messageId' ? 'messages' : 'conversations'
-            }`,
-          );
-        }
-      } catch (error) {
-        logger.error('[syncWithMeili] Error adding document to Meili', error);
-      }
-    }
-
-    /**
-     * Updates settings for the MeiliSearch index.
-     *
-     * @param {Object} settings - The settings to update on the MeiliSearch index.
-     * @returns {Promise<Object>} Promise resolving to the update result.
-     */
-    static async setMeiliIndexSettings(settings) {
-      return await index.updateSettings(settings);
-    }
-
-    /**
-     * Searches the MeiliSearch index and optionally populates the results with data from MongoDB.
-     *
-     * @param {string} q - The search query.
-     * @param {Object} params - Additional search parameters for MeiliSearch.
-     * @param {boolean} populate - Whether to populate search hits with full MongoDB documents.
-     * @returns {Promise<Object>} The search results with populated hits if requested.
-     */
-    static async meiliSearch(q, params, populate) {
-      const data = await index.search(q, params);
-
-      if (populate) {
-        // Build a query using the primary key values from the search hits.
-        const query = {};
-        query[primaryKey] = _.map(data.hits, (hit) => cleanUpPrimaryKeyValue(hit[primaryKey]));
-
-        // Build a projection object, including only keys that do not start with '$'.
-        const projection = Object.keys(this.schema.obj).reduce(
-          (results, key) => {
-            if (!key.startsWith('$')) {
-              results[key] = 1;
-            }
-            return results;
-          },
-          { _id: 1, __v: 1 },
-        );
-
-        // Retrieve the full documents from MongoDB.
-        const hitsFromMongoose = await this.find(query, projection).lean();
-
-        // Merge the MongoDB documents with the search hits.
-        const populatedHits = data.hits.map(function (hit) {
-          const query = {};
-          query[primaryKey] = hit[primaryKey];
-          const originalHit = _.find(hitsFromMongoose, query);
-
-          return {
-            ...(originalHit ?? {}),
-            ...hit,
-          };
-        });
-        data.hits = populatedHits;
-      }
-
-      return data;
-    }
-
-    /**
-     * Preprocesses the current document for indexing.
-     *
-     * This method:
-     *  - Picks only the defined attributes to index.
-     *  - Omits any keys starting with '$'.
-     *  - Replaces pipe characters ('|') in `conversationId` with '--'.
-     *  - Extracts and concatenates text from an array of content items.
-     *
-     * @returns {Object} The preprocessed object ready for indexing.
-     */
-    preprocessObjectForIndex() {
-      const object = _.omitBy(_.pick(this.toJSON(), attributesToIndex), (v, k) =>
-        k.startsWith('$'),
-      );
-      if (object.conversationId && object.conversationId.includes('|')) {
-        object.conversationId = object.conversationId.replace(/\|/g, '--');
-      }
-
-      if (object.content && Array.isArray(object.content)) {
-        object.text = parseTextParts(object.content);
-        delete object.content;
-      }
-
-      return object;
-    }
-
-    /**
-     * Adds the current document to the MeiliSearch index.
-     *
-     * The method preprocesses the document, adds it to MeiliSearch, and then updates
-     * the MongoDB document's `_meiliIndex` flag to true.
-     *
-     * @returns {Promise<void>}
-     */
-    async addObjectToMeili() {
-      const object = this.preprocessObjectForIndex();
-      try {
-        await index.addDocuments([object]);
-      } catch (error) {
-        // Error handling can be enhanced as needed.
-        logger.error('[addObjectToMeili] Error adding document to Meili', error);
-      }
-
-      await this.collection.updateMany({ _id: this._id }, { $set: { _meiliIndex: true } });
-    }
-
-    /**
-     * Updates the current document in the MeiliSearch index.
-     *
-     * @returns {Promise<void>}
-     */
-    async updateObjectToMeili() {
-      const object = _.omitBy(_.pick(this.toJSON(), attributesToIndex), (v, k) =>
-        k.startsWith('$'),
-      );
-      await index.updateDocuments([object]);
-    }
-
-    /**
-     * Deletes the current document from the MeiliSearch index.
-     *
-     * @returns {Promise<void>}
-     */
-    async deleteObjectFromMeili() {
-      await index.deleteDocument(this._id);
-    }
-
-    /**
-     * Post-save hook to synchronize the document with MeiliSearch.
-     *
-     * If the document is already indexed (i.e. `_meiliIndex` is true), it updates it;
-     * otherwise, it adds the document to the index.
-     */
-    postSaveHook() {
-      if (this._meiliIndex) {
-        this.updateObjectToMeili();
-      } else {
-        this.addObjectToMeili();
-      }
-    }
-
-    /**
-     * Post-update hook to update the document in MeiliSearch.
-     *
-     * This hook is triggered after a document update, ensuring that changes are
-     * propagated to the MeiliSearch index if the document is indexed.
-     */
-    postUpdateHook() {
-      if (this._meiliIndex) {
-        this.updateObjectToMeili();
-      }
-    }
-
-    /**
-     * Post-remove hook to delete the document from MeiliSearch.
-     *
-     * This hook is triggered after a document is removed, ensuring that the document
-     * is also removed from the MeiliSearch index if it was previously indexed.
-     */
-    postRemoveHook() {
-      if (this._meiliIndex) {
-        this.deleteObjectFromMeili();
-      }
-    }
-  }
-
-  return MeiliMongooseModel;
-};
-
-/**
- * Mongoose plugin to synchronize MongoDB collections with a MeiliSearch index.
- *
- * This plugin:
- *   - Validates the provided options.
- *   - Adds a `_meiliIndex` field to the schema to track indexing status.
- *   - Sets up a MeiliSearch client and creates an index if it doesn't already exist.
- *   - Loads class methods for syncing, searching, and managing documents in MeiliSearch.
- *   - Registers Mongoose hooks (post-save, post-update, post-remove, etc.) to maintain index consistency.
- *
- * @param {mongoose.Schema} schema - The Mongoose schema to which the plugin is applied.
- * @param {Object} options - Configuration options.
- * @param {string} options.host - The MeiliSearch host.
- * @param {string} options.apiKey - The MeiliSearch API key.
- * @param {string} options.indexName - The name of the MeiliSearch index.
- * @param {string} options.primaryKey - The primary key field for indexing.
- */
-module.exports = function mongoMeili(schema, options) {
-  validateOptions(options);
-
-  // Add _meiliIndex field to the schema to track if a document has been indexed in MeiliSearch.
-  schema.add({
-    _meiliIndex: {
-      type: Boolean,
-      required: false,
-      select: false,
-      default: false,
-    },
-  });
-
-  const { host, apiKey, indexName, primaryKey } = options;
-
-  // Setup the MeiliSearch client.
-  const client = new MeiliSearch({ host, apiKey });
-
-  // Create the index asynchronously if it doesn't exist.
-  client.createIndex(indexName, { primaryKey });
-
-  // Setup the MeiliSearch index for this schema.
-  const index = client.index(indexName);
-
-  // Collect attributes from the schema that should be indexed.
-  const attributesToIndex = [
-    ..._.reduce(
-      schema.obj,
-      function (results, value, key) {
-        return value.meiliIndex ? [...results, key] : results;
-      },
-      [],
-    ),
-  ];
-
-  // Load the class methods into the schema.
-  schema.loadClass(createMeiliMongooseModel({ index, indexName, client, attributesToIndex }));
-
-  // Register Mongoose hooks to synchronize with MeiliSearch.
-
-  // Post-save: synchronize after a document is saved.
-  schema.post('save', function (doc) {
-    doc.postSaveHook();
-  });
-
-  // Post-update: synchronize after a document is updated.
-  schema.post('update', function (doc) {
-    doc.postUpdateHook();
-  });
-
-  // Post-remove: synchronize after a document is removed.
-  schema.post('remove', function (doc) {
-    doc.postRemoveHook();
-  });
-
-  // Pre-deleteMany hook: remove corresponding documents from MeiliSearch when multiple documents are deleted.
-  schema.pre('deleteMany', async function (next) {
-    if (!meiliEnabled) {
-      return next();
-    }
-
-    try {
-      // Check if the schema has a "messages" field to determine if it's a conversation schema.
-      if (Object.prototype.hasOwnProperty.call(schema.obj, 'messages')) {
-        const convoIndex = client.index('convos');
-        const deletedConvos = await mongoose.model('Conversation').find(this._conditions).lean();
-        const promises = deletedConvos.map((convo) =>
-          convoIndex.deleteDocument(convo.conversationId),
-        );
-        await Promise.all(promises);
-      }
-
-      // Check if the schema has a "messageId" field to determine if it's a message schema.
-      if (Object.prototype.hasOwnProperty.call(schema.obj, 'messageId')) {
-        const messageIndex = client.index('messages');
-        const deletedMessages = await mongoose.model('Message').find(this._conditions).lean();
-        const promises = deletedMessages.map((message) =>
-          messageIndex.deleteDocument(message.messageId),
-        );
-        await Promise.all(promises);
-      }
-      return next();
-    } catch (error) {
-      if (meiliEnabled) {
-        logger.error(
-          '[MeiliMongooseModel.deleteMany] There was an issue deleting conversation indexes upon deletion. Next startup may be slow due to syncing.',
-          error,
-        );
-      }
-      return next();
-    }
-  });
-
-  // Post-findOneAndUpdate hook: update MeiliSearch index after a document is updated via findOneAndUpdate.
-  schema.post('findOneAndUpdate', async function (doc) {
-    if (!meiliEnabled) {
-      return;
-    }
-
-    // If the document is unfinished, do not update the index.
-    if (doc.unfinished) {
-      return;
-    }
-
-    let meiliDoc;
-    // For conversation documents, try to fetch the document from the "convos" index.
-    if (doc.messages) {
-      try {
-        meiliDoc = await client.index('convos').getDocument(doc.conversationId);
-      } catch (error) {
-        logger.debug(
-          '[MeiliMongooseModel.findOneAndUpdate] Convo not found in MeiliSearch and will index ' +
-            doc.conversationId,
-          error,
-        );
-      }
-    }
-
-    // If the MeiliSearch document exists and the title is unchanged, do nothing.
-    if (meiliDoc && meiliDoc.title === doc.title) {
-      return;
-    }
-
-    // Otherwise, trigger a post-save hook to synchronize the document.
-    doc.postSaveHook();
-  });
-};

api/models/schema/convoSchema.js

@@ -1,18 +0,0 @@
-const mongoose = require('mongoose');
-const mongoMeili = require('../plugins/mongoMeili');
-
-const { convoSchema } = require('@librechat/data-schemas');
-
-if (process.env.MEILI_HOST && process.env.MEILI_MASTER_KEY) {
-  convoSchema.plugin(mongoMeili, {
-    host: process.env.MEILI_HOST,
-    apiKey: process.env.MEILI_MASTER_KEY,
-    /** Note: Will get created automatically if it doesn't exist already */
-    indexName: 'convos',
-    primaryKey: 'conversationId',
-  });
-}
-
-const Conversation = mongoose.models.Conversation || mongoose.model('Conversation', convoSchema);
-
-module.exports = Conversation;

api/models/schema/messageSchema.js

@@ -1,16 +0,0 @@
-const mongoose = require('mongoose');
-const mongoMeili = require('~/models/plugins/mongoMeili');
-const { messageSchema } = require('@librechat/data-schemas');
-
-if (process.env.MEILI_HOST && process.env.MEILI_MASTER_KEY) {
-  messageSchema.plugin(mongoMeili, {
-    host: process.env.MEILI_HOST,
-    apiKey: process.env.MEILI_MASTER_KEY,
-    indexName: 'messages',
-    primaryKey: 'messageId',
-  });
-}
-
-const Message = mongoose.models.Message || mongoose.model('Message', messageSchema);
-
-module.exports = Message;

api/models/schema/pluginAuthSchema.js

@@ -1,6 +0,0 @@
-const mongoose = require('mongoose');
-const { pluginAuthSchema } = require('@librechat/data-schemas');
-
-const PluginAuth = mongoose.models.Plugin || mongoose.model('PluginAuth', pluginAuthSchema);
-
-module.exports = PluginAuth;

api/models/schema/presetSchema.js

@@ -1,6 +0,0 @@
-const mongoose = require('mongoose');
-const { presetSchema } = require('@librechat/data-schemas');
-
-const Preset = mongoose.models.Preset || mongoose.model('Preset', presetSchema);
-
-module.exports = Preset;

api/models/spendTokens.js

@@ -1,6 +1,5 @@
-const { Transaction } = require('./Transaction');
 const { logger } = require('~/config');
-
+const { createTransaction, createStructuredTransaction } = require('./Transaction');
 /**
  * Creates up to two transactions to record the spending of tokens.
  *
@@ -33,7 +32,7 @@ const spendTokens = async (txData, tokenUsage) => {
   let prompt, completion;
   try {
     if (promptTokens !== undefined) {
-      prompt = await Transaction.create({
+      prompt = await createTransaction({
         ...txData,
         tokenType: 'prompt',
         rawAmount: promptTokens === 0 ? 0 : -Math.max(promptTokens, 0),
@@ -41,7 +40,7 @@ const spendTokens = async (txData, tokenUsage) => {
     }
 
     if (completionTokens !== undefined) {
-      completion = await Transaction.create({
+      completion = await createTransaction({
         ...txData,
         tokenType: 'completion',
         rawAmount: completionTokens === 0 ? 0 : -Math.max(completionTokens, 0),
@@ -101,7 +100,7 @@ const spendStructuredTokens = async (txData, tokenUsage) => {
   try {
     if (promptTokens) {
       const { input = 0, write = 0, read = 0 } = promptTokens;
-      prompt = await Transaction.createStructured({
+      prompt = await createStructuredTransaction({
         ...txData,
         tokenType: 'prompt',
         inputTokens: -input,
@@ -111,7 +110,7 @@ const spendStructuredTokens = async (txData, tokenUsage) => {
     }
 
     if (completionTokens) {
-      completion = await Transaction.create({
+      completion = await createTransaction({
         ...txData,
         tokenType: 'completion',
         rawAmount: -completionTokens,

api/models/spendTokens.spec.js

@@ -1,8 +1,9 @@
 const mongoose = require('mongoose');
 const { MongoMemoryServer } = require('mongodb-memory-server');
-const { Transaction } = require('./Transaction');
-const Balance = require('./Balance');
 const { spendTokens, spendStructuredTokens } = require('./spendTokens');
+const { createTransaction, createAutoRefillTransaction } = require('./Transaction');
+
+require('~/db/models');
 
 // Mock the logger to prevent console output during tests
 jest.mock('~/config', () => ({
@@ -19,11 +20,15 @@ jest.mock('~/server/services/Config');
 describe('spendTokens', () => {
   let mongoServer;
   let userId;
+  let Transaction;
+  let Balance;
 
   beforeAll(async () => {
     mongoServer = await MongoMemoryServer.create();
-    const mongoUri = mongoServer.getUri();
-    await mongoose.connect(mongoUri);
+    await mongoose.connect(mongoServer.getUri());
+
+    Transaction = mongoose.model('Transaction');
+    Balance = mongoose.model('Balance');
   });
 
   afterAll(async () => {
@@ -197,7 +202,7 @@ describe('spendTokens', () => {
     // Check that the transaction records show the adjusted values
     const transactionResults = await Promise.all(
       transactions.map((t) =>
-        Transaction.create({
+        createTransaction({
           ...txData,
           tokenType: t.tokenType,
           rawAmount: t.rawAmount,
@@ -280,7 +285,7 @@ describe('spendTokens', () => {
 
     // Check the return values from Transaction.create directly
     // This is to verify that the incrementValue is not becoming positive
-    const directResult = await Transaction.create({
+    const directResult = await createTransaction({
       user: userId,
       conversationId: 'test-convo-3',
       model: 'gpt-4',
@@ -607,7 +612,7 @@ describe('spendTokens', () => {
     const promises = [];
     for (let i = 0; i < numberOfRefills; i++) {
       promises.push(
-        Transaction.createAutoRefillTransaction({
+        createAutoRefillTransaction({
           user: userId,
           tokenType: 'credits',
           context: 'concurrent-refill-test',

api/models/tx.js

@@ -78,7 +78,7 @@ const tokenValues = Object.assign(
     'gpt-3.5-turbo-1106': { prompt: 1, completion: 2 },
     'o4-mini': { prompt: 1.1, completion: 4.4 },
     'o3-mini': { prompt: 1.1, completion: 4.4 },
-    o3: { prompt: 10, completion: 40 },
+    o3: { prompt: 2, completion: 8 },
     'o1-mini': { prompt: 1.1, completion: 4.4 },
     'o1-preview': { prompt: 15, completion: 60 },
     o1: { prompt: 15, completion: 60 },

api/models/userMethods.js

@@ -1,159 +1,4 @@
 const bcrypt = require('bcryptjs');
-const { getBalanceConfig } = require('~/server/services/Config');
-const signPayload = require('~/server/services/signPayload');
-const Balance = require('./Balance');
-const User = require('./User');
-
-/**
- * Retrieve a user by ID and convert the found user document to a plain object.
- *
- * @param {string} userId - The ID of the user to find and return as a plain object.
- * @param {string|string[]} [fieldsToSelect] - The fields to include or exclude in the returned document.
- * @returns {Promise<MongoUser>} A plain object representing the user document, or `null` if no user is found.
- */
-const getUserById = async function (userId, fieldsToSelect = null) {
-  const query = User.findById(userId);
-  if (fieldsToSelect) {
-    query.select(fieldsToSelect);
-  }
-  return await query.lean();
-};
-
-/**
- * Search for a single user based on partial data and return matching user document as plain object.
- * @param {Partial<MongoUser>} searchCriteria - The partial data to use for searching the user.
- * @param {string|string[]} [fieldsToSelect] - The fields to include or exclude in the returned document.
- * @returns {Promise<MongoUser>} A plain object representing the user document, or `null` if no user is found.
- */
-const findUser = async function (searchCriteria, fieldsToSelect = null) {
-  const query = User.findOne(searchCriteria);
-  if (fieldsToSelect) {
-    query.select(fieldsToSelect);
-  }
-  return await query.lean();
-};
-
-/**
- * Update a user with new data without overwriting existing properties.
- *
- * @param {string} userId - The ID of the user to update.
- * @param {Object} updateData - An object containing the properties to update.
- * @returns {Promise<MongoUser>} The updated user document as a plain object, or `null` if no user is found.
- */
-const updateUser = async function (userId, updateData) {
-  const updateOperation = {
-    $set: updateData,
-    $unset: { expiresAt: '' }, // Remove the expiresAt field to prevent TTL
-  };
-  return await User.findByIdAndUpdate(userId, updateOperation, {
-    new: true,
-    runValidators: true,
-  }).lean();
-};
-
-/**
- * Creates a new user, optionally with a TTL of 1 week.
- * @param {MongoUser} data - The user data to be created, must contain user_id.
- * @param {boolean} [disableTTL=true] - Whether to disable the TTL. Defaults to `true`.
- * @param {boolean} [returnUser=false] - Whether to return the created user object.
- * @returns {Promise<ObjectId|MongoUser>} A promise that resolves to the created user document ID or user object.
- * @throws {Error} If a user with the same user_id already exists.
- */
-const createUser = async (data, disableTTL = true, returnUser = false) => {
-  const balance = await getBalanceConfig();
-  const userData = {
-    ...data,
-    expiresAt: disableTTL ? null : new Date(Date.now() + 604800 * 1000), // 1 week in milliseconds
-  };
-
-  if (disableTTL) {
-    delete userData.expiresAt;
-  }
-
-  const user = await User.create(userData);
-
-  // If balance is enabled, create or update a balance record for the user using global.interfaceConfig.balance
-  if (balance?.enabled && balance?.startBalance) {
-    const update = {
-      $inc: { tokenCredits: balance.startBalance },
-    };
-
-    if (
-      balance.autoRefillEnabled &&
-      balance.refillIntervalValue != null &&
-      balance.refillIntervalUnit != null &&
-      balance.refillAmount != null
-    ) {
-      update.$set = {
-        autoRefillEnabled: true,
-        refillIntervalValue: balance.refillIntervalValue,
-        refillIntervalUnit: balance.refillIntervalUnit,
-        refillAmount: balance.refillAmount,
-      };
-    }
-
-    await Balance.findOneAndUpdate({ user: user._id }, update, { upsert: true, new: true }).lean();
-  }
-
-  if (returnUser) {
-    return user.toObject();
-  }
-  return user._id;
-};
-
-/**
- * Count the number of user documents in the collection based on the provided filter.
- *
- * @param {Object} [filter={}] - The filter to apply when counting the documents.
- * @returns {Promise<number>} The count of documents that match the filter.
- */
-const countUsers = async function (filter = {}) {
-  return await User.countDocuments(filter);
-};
-
-/**
- * Delete a user by their unique ID.
- *
- * @param {string} userId - The ID of the user to delete.
- * @returns {Promise<{ deletedCount: number }>} An object indicating the number of deleted documents.
- */
-const deleteUserById = async function (userId) {
-  try {
-    const result = await User.deleteOne({ _id: userId });
-    if (result.deletedCount === 0) {
-      return { deletedCount: 0, message: 'No user found with that ID.' };
-    }
-    return { deletedCount: result.deletedCount, message: 'User was deleted successfully.' };
-  } catch (error) {
-    throw new Error('Error deleting user: ' + error.message);
-  }
-};
-
-const { SESSION_EXPIRY } = process.env ?? {};
-const expires = eval(SESSION_EXPIRY) ?? 1000 * 60 * 15;
-
-/**
- * Generates a JWT token for a given user.
- *
- * @param {MongoUser} user - The user for whom the token is being generated.
- * @returns {Promise<string>} A promise that resolves to a JWT token.
- */
-const generateToken = async (user) => {
-  if (!user) {
-    throw new Error('No user provided');
-  }
-
-  return await signPayload({
-    payload: {
-      id: user._id,
-      username: user.username,
-      provider: user.provider,
-      email: user.email,
-    },
-    secret: process.env.JWT_SECRET,
-    expirationTime: expires / 1000,
-  });
-};
 
 /**
  * Compares the provided password with the user's password.
@@ -167,6 +12,10 @@ const comparePassword = async (user, candidatePassword) => {
     throw new Error('No user provided');
   }
 
+  if (!user.password) {
+    throw new Error('No password, likely an email first registered via Social/OIDC login');
+  }
+
   return new Promise((resolve, reject) => {
     bcrypt.compare(candidatePassword, user.password, (err, isMatch) => {
       if (err) {
@@ -179,11 +28,4 @@ const comparePassword = async (user, candidatePassword) => {
 
 module.exports = {
   comparePassword,
-  deleteUserById,
-  generateToken,
-  getUserById,
-  countUsers,
-  createUser,
-  updateUser,
-  findUser,
 };

api/package.json

@@ -34,23 +34,25 @@
   },
   "homepage": "https://librechat.ai",
   "dependencies": {
-    "@anthropic-ai/sdk": "^0.37.0",
+    "@anthropic-ai/sdk": "^0.52.0",
     "@aws-sdk/client-s3": "^3.758.0",
     "@aws-sdk/s3-request-presigner": "^3.758.0",
     "@azure/identity": "^4.7.0",
     "@azure/search-documents": "^12.0.0",
     "@azure/storage-blob": "^12.27.0",
-    "@google/generative-ai": "^0.23.0",
+    "@google/generative-ai": "^0.24.0",
     "@googleapis/youtube": "^20.0.0",
     "@keyv/redis": "^4.3.3",
-    "@langchain/community": "^0.3.44",
-    "@langchain/core": "^0.3.57",
-    "@langchain/google-genai": "^0.2.9",
-    "@langchain/google-vertexai": "^0.2.9",
+    "@langchain/community": "^0.3.47",
+    "@langchain/core": "^0.3.60",
+    "@langchain/google-genai": "^0.2.13",
+    "@langchain/google-vertexai": "^0.2.13",
     "@langchain/textsplitters": "^0.1.0",
-    "@librechat/agents": "^2.4.37",
+    "@librechat/agents": "^2.4.41",
+    "@librechat/api": "*",
     "@librechat/data-schemas": "*",
     "@node-saml/passport-saml": "^5.0.0",
+    "@microsoft/microsoft-graph-client": "^3.0.7",
     "@waylaidwanderer/fetch-event-source": "^3.0.1",
     "axios": "^1.8.2",
     "bcryptjs": "^2.4.3",
@@ -81,15 +83,15 @@
     "keyv-file": "^5.1.2",
     "klona": "^2.0.6",
     "librechat-data-provider": "*",
-    "librechat-mcp": "*",
     "lodash": "^4.17.21",
     "meilisearch": "^0.38.0",
     "memorystore": "^1.6.7",
     "mime": "^3.0.0",
     "module-alias": "^2.2.3",
     "mongoose": "^8.12.1",
-    "multer": "^2.0.0",
+    "multer": "^2.0.1",
     "nanoid": "^3.3.7",
+    "node-fetch": "^2.7.0",
     "nodemailer": "^6.9.15",
     "ollama": "^0.5.0",
     "openai": "^4.96.2",
@@ -109,8 +111,9 @@
     "tiktoken": "^1.0.15",
     "traverse": "^0.6.7",
     "ua-parser-js": "^1.0.36",
+    "undici": "^7.10.0",
     "winston": "^3.11.0",
-    "winston-daily-rotate-file": "^4.7.1",
+    "winston-daily-rotate-file": "^5.0.0",
     "youtube-transcript": "^1.2.1",
     "zod": "^3.22.4"
   },

api/server/cleanup.js

@@ -220,6 +220,9 @@ function disposeClient(client) {
     if (client.maxResponseTokens) {
       client.maxResponseTokens = null;
     }
+    if (client.processMemory) {
+      client.processMemory = null;
+    }
     if (client.run) {
       // Break circular references in run
       if (client.run.Graph) {

api/server/controllers/AuthController.js

@@ -1,6 +1,7 @@
-const openIdClient = require('openid-client');
 const cookies = require('cookie');
 const jwt = require('jsonwebtoken');
+const openIdClient = require('openid-client');
+const { logger } = require('@librechat/data-schemas');
 const {
   registerUser,
   resetPassword,
@@ -8,9 +9,8 @@ const {
   requestPasswordReset,
   setOpenIDAuthTokens,
 } = require('~/server/services/AuthService');
-const { findSession, getUserById, deleteAllUserSessions, findUser } = require('~/models');
+const { findUser, getUserById, deleteAllUserSessions, findSession } = require('~/models');
 const { getOpenIdConfig } = require('~/strategies');
-const { logger } = require('~/config');
 const { isEnabled } = require('~/server/utils');
 
 const registrationController = async (req, res) => {
@@ -96,7 +96,10 @@ const refreshController = async (req, res) => {
     }
 
     // Find the session with the hashed refresh token
-    const session = await findSession({ userId: userId, refreshToken: refreshToken });
+    const session = await findSession({
+      userId: userId,
+      refreshToken: refreshToken,
+    });
 
     if (session && session.expiration > new Date()) {
       const token = await setAuthTokens(userId, res, session._id);

api/server/controllers/Balance.js

@@ -1,4 +1,4 @@
-const Balance = require('~/models/Balance');
+const { Balance } = require('~/db/models');
 
 async function balanceController(req, res) {
   const balanceData = await Balance.findOne(

api/server/controllers/ErrorController.js

@@ -24,6 +24,7 @@ const handleValidationError = (err, res) => {
   }
 };
 
+// eslint-disable-next-line no-unused-vars
 module.exports = (err, req, res, next) => {
   try {
     if (err.name === 'ValidationError') {

api/server/controllers/PermissionsController.js

@@ -0,0 +1,437 @@
+/**
+ * @import { TUpdateResourcePermissionsRequest, TUpdateResourcePermissionsResponse } from 'librechat-data-provider'
+ */
+
+const mongoose = require('mongoose');
+const { logger } = require('@librechat/data-schemas');
+const {
+  getAvailableRoles,
+  ensurePrincipalExists,
+  getEffectivePermissions,
+  ensureGroupPrincipalExists,
+  bulkUpdateResourcePermissions,
+} = require('~/server/services/PermissionService');
+const { AclEntry } = require('~/db/models');
+const {
+  searchPrincipals: searchLocalPrincipals,
+  sortPrincipalsByRelevance,
+  calculateRelevanceScore,
+} = require('~/models');
+const {
+  searchEntraIdPrincipals,
+  entraIdPrincipalFeatureEnabled,
+} = require('~/server/services/GraphApiService');
+
+/**
+ * Generic controller for resource permission endpoints
+ * Delegates validation and logic to PermissionService
+ */
+
+/**
+ * Bulk update permissions for a resource (grant, update, remove)
+ * @route PUT /api/{resourceType}/{resourceId}/permissions
+ * @param {Object} req - Express request object
+ * @param {Object} req.params - Route parameters
+ * @param {string} req.params.resourceType - Resource type (e.g., 'agent')
+ * @param {string} req.params.resourceId - Resource ID
+ * @param {TUpdateResourcePermissionsRequest} req.body - Request body
+ * @param {Object} res - Express response object
+ * @returns {Promise<TUpdateResourcePermissionsResponse>} Updated permissions response
+ */
+const updateResourcePermissions = async (req, res) => {
+  try {
+    const { resourceType, resourceId } = req.params;
+    /** @type {TUpdateResourcePermissionsRequest} */
+    const { updated, removed, public: isPublic, publicAccessRoleId } = req.body;
+    const { id: userId } = req.user;
+
+    // Prepare principals for the service call
+    const updatedPrincipals = [];
+    const revokedPrincipals = [];
+
+    // Add updated principals
+    if (updated && Array.isArray(updated)) {
+      updatedPrincipals.push(...updated);
+    }
+
+    // Add public permission if enabled
+    if (isPublic && publicAccessRoleId) {
+      updatedPrincipals.push({
+        type: 'public',
+        id: null,
+        accessRoleId: publicAccessRoleId,
+      });
+    }
+
+    // Prepare authentication context for enhanced group member fetching
+    const useEntraId = entraIdPrincipalFeatureEnabled(req.user);
+    const authHeader = req.headers.authorization;
+    const accessToken =
+      authHeader && authHeader.startsWith('Bearer ') ? authHeader.substring(7) : null;
+    const authContext =
+      useEntraId && accessToken
+        ? {
+            accessToken,
+            sub: req.user.openidId,
+          }
+        : null;
+
+    // Ensure updated principals exist in the database before processing permissions
+    const validatedPrincipals = [];
+    for (const principal of updatedPrincipals) {
+      try {
+        let principalId;
+
+        if (principal.type === 'public') {
+          principalId = null; // Public principals don't need database records
+        } else if (principal.type === 'user') {
+          principalId = await ensurePrincipalExists(principal);
+        } else if (principal.type === 'group') {
+          // Pass authContext to enable member fetching for Entra ID groups when available
+          principalId = await ensureGroupPrincipalExists(principal, authContext);
+        } else {
+          logger.error(`Unsupported principal type: ${principal.type}`);
+          continue; // Skip invalid principal types
+        }
+
+        // Update the principal with the validated ID for ACL operations
+        validatedPrincipals.push({
+          ...principal,
+          id: principalId,
+        });
+      } catch (error) {
+        logger.error('Error ensuring principal exists:', {
+          principal: {
+            type: principal.type,
+            id: principal.id,
+            name: principal.name,
+            source: principal.source,
+          },
+          error: error.message,
+        });
+        // Continue with other principals instead of failing the entire operation
+        continue;
+      }
+    }
+
+    // Add removed principals
+    if (removed && Array.isArray(removed)) {
+      revokedPrincipals.push(...removed);
+    }
+
+    // If public is disabled, add public to revoked list
+    if (!isPublic) {
+      revokedPrincipals.push({
+        type: 'public',
+        id: null,
+      });
+    }
+
+    const results = await bulkUpdateResourcePermissions({
+      resourceType,
+      resourceId,
+      updatedPrincipals: validatedPrincipals,
+      revokedPrincipals,
+      grantedBy: userId,
+    });
+
+    /** @type {TUpdateResourcePermissionsResponse} */
+    const response = {
+      message: 'Permissions updated successfully',
+      results: {
+        principals: results.granted,
+        public: isPublic || false,
+        publicAccessRoleId: isPublic ? publicAccessRoleId : undefined,
+      },
+    };
+
+    res.status(200).json(response);
+  } catch (error) {
+    logger.error('Error updating resource permissions:', error);
+    res.status(400).json({
+      error: 'Failed to update permissions',
+      details: error.message,
+    });
+  }
+};
+
+/**
+ * Get principals with their permission roles for a resource (UI-friendly format)
+ * Uses efficient aggregation pipeline to join User/Group data in single query
+ * @route GET /api/permissions/{resourceType}/{resourceId}
+ */
+const getResourcePermissions = async (req, res) => {
+  try {
+    const { resourceType, resourceId } = req.params;
+
+    // Use aggregation pipeline for efficient single-query data retrieval
+    const results = await AclEntry.aggregate([
+      // Match ACL entries for this resource
+      {
+        $match: {
+          resourceType,
+          resourceId: mongoose.Types.ObjectId.isValid(resourceId)
+            ? mongoose.Types.ObjectId.createFromHexString(resourceId)
+            : resourceId,
+        },
+      },
+      // Lookup AccessRole information
+      {
+        $lookup: {
+          from: 'accessroles',
+          localField: 'roleId',
+          foreignField: '_id',
+          as: 'role',
+        },
+      },
+      // Lookup User information (for user principals)
+      {
+        $lookup: {
+          from: 'users',
+          localField: 'principalId',
+          foreignField: '_id',
+          as: 'userInfo',
+        },
+      },
+      // Lookup Group information (for group principals)
+      {
+        $lookup: {
+          from: 'groups',
+          localField: 'principalId',
+          foreignField: '_id',
+          as: 'groupInfo',
+        },
+      },
+      // Project final structure
+      {
+        $project: {
+          principalType: 1,
+          principalId: 1,
+          accessRoleId: { $arrayElemAt: ['$role.accessRoleId', 0] },
+          userInfo: { $arrayElemAt: ['$userInfo', 0] },
+          groupInfo: { $arrayElemAt: ['$groupInfo', 0] },
+        },
+      },
+    ]);
+
+    const principals = [];
+    let publicPermission = null;
+
+    // Process aggregation results
+    for (const result of results) {
+      if (result.principalType === 'public') {
+        publicPermission = {
+          public: true,
+          publicAccessRoleId: result.accessRoleId,
+        };
+      } else if (result.principalType === 'user' && result.userInfo) {
+        principals.push({
+          type: 'user',
+          id: result.userInfo._id.toString(),
+          name: result.userInfo.name || result.userInfo.username,
+          email: result.userInfo.email,
+          avatar: result.userInfo.avatar,
+          source: !result.userInfo._id ? 'entra' : 'local',
+          idOnTheSource: result.userInfo.idOnTheSource || result.userInfo._id.toString(),
+          accessRoleId: result.accessRoleId,
+        });
+      } else if (result.principalType === 'group' && result.groupInfo) {
+        principals.push({
+          type: 'group',
+          id: result.groupInfo._id.toString(),
+          name: result.groupInfo.name,
+          email: result.groupInfo.email,
+          description: result.groupInfo.description,
+          avatar: result.groupInfo.avatar,
+          source: result.groupInfo.source || 'local',
+          idOnTheSource: result.groupInfo.idOnTheSource || result.groupInfo._id.toString(),
+          accessRoleId: result.accessRoleId,
+        });
+      }
+    }
+
+    // Return response in format expected by frontend
+    const response = {
+      resourceType,
+      resourceId,
+      principals,
+      public: publicPermission?.public || false,
+      ...(publicPermission?.publicAccessRoleId && {
+        publicAccessRoleId: publicPermission.publicAccessRoleId,
+      }),
+    };
+
+    res.status(200).json(response);
+  } catch (error) {
+    logger.error('Error getting resource permissions principals:', error);
+    res.status(500).json({
+      error: 'Failed to get permissions principals',
+      details: error.message,
+    });
+  }
+};
+
+/**
+ * Get available roles for a resource type
+ * @route GET /api/{resourceType}/roles
+ */
+const getResourceRoles = async (req, res) => {
+  try {
+    const { resourceType } = req.params;
+
+    const roles = await getAvailableRoles({ resourceType });
+
+    res.status(200).json(
+      roles.map((role) => ({
+        accessRoleId: role.accessRoleId,
+        name: role.name,
+        description: role.description,
+        permBits: role.permBits,
+      })),
+    );
+  } catch (error) {
+    logger.error('Error getting resource roles:', error);
+    res.status(500).json({
+      error: 'Failed to get roles',
+      details: error.message,
+    });
+  }
+};
+
+/**
+ * Get user's effective permission bitmask for a resource
+ * @route GET /api/{resourceType}/{resourceId}/effective
+ */
+const getUserEffectivePermissions = async (req, res) => {
+  try {
+    const { resourceType, resourceId } = req.params;
+    const { id: userId } = req.user;
+
+    const permissionBits = await getEffectivePermissions({
+      userId,
+      resourceType,
+      resourceId,
+    });
+
+    res.status(200).json({
+      permissionBits,
+    });
+  } catch (error) {
+    logger.error('Error getting user effective permissions:', error);
+    res.status(500).json({
+      error: 'Failed to get effective permissions',
+      details: error.message,
+    });
+  }
+};
+
+/**
+ * Search for users and groups to grant permissions
+ * Supports hybrid local database + Entra ID search when configured
+ * @route GET /api/permissions/search-principals
+ */
+const searchPrincipals = async (req, res) => {
+  try {
+    const { q: query, limit = 20, type } = req.query;
+
+    if (!query || query.trim().length === 0) {
+      return res.status(400).json({
+        error: 'Query parameter "q" is required and must not be empty',
+      });
+    }
+
+    if (query.trim().length < 2) {
+      return res.status(400).json({
+        error: 'Query must be at least 2 characters long',
+      });
+    }
+
+    const searchLimit = Math.min(Math.max(1, parseInt(limit) || 10), 50);
+    const typeFilter = ['user', 'group'].includes(type) ? type : null;
+
+    const localResults = await searchLocalPrincipals(query.trim(), searchLimit, typeFilter);
+    let allPrincipals = [...localResults];
+
+    const useEntraId = entraIdPrincipalFeatureEnabled(req.user);
+
+    if (useEntraId && localResults.length < searchLimit) {
+      try {
+        const graphTypeMap = {
+          user: 'users',
+          group: 'groups',
+          null: 'all',
+        };
+
+        const authHeader = req.headers.authorization;
+        const accessToken =
+          authHeader && authHeader.startsWith('Bearer ') ? authHeader.substring(7) : null;
+
+        if (accessToken) {
+          const graphResults = await searchEntraIdPrincipals(
+            accessToken,
+            req.user.openidId,
+            query.trim(),
+            graphTypeMap[typeFilter],
+            searchLimit - localResults.length,
+          );
+
+          const localEmails = new Set(
+            localResults.map((p) => p.email?.toLowerCase()).filter(Boolean),
+          );
+          const localGroupSourceIds = new Set(
+            localResults.map((p) => p.idOnTheSource).filter(Boolean),
+          );
+
+          for (const principal of graphResults) {
+            const isDuplicateByEmail =
+              principal.email && localEmails.has(principal.email.toLowerCase());
+            const isDuplicateBySourceId =
+              principal.idOnTheSource && localGroupSourceIds.has(principal.idOnTheSource);
+
+            if (!isDuplicateByEmail && !isDuplicateBySourceId) {
+              allPrincipals.push(principal);
+            }
+          }
+        }
+      } catch (graphError) {
+        logger.warn('Graph API search failed, falling back to local results:', graphError.message);
+      }
+    }
+    const scoredResults = allPrincipals.map((item) => ({
+      ...item,
+      _searchScore: calculateRelevanceScore(item, query.trim()),
+    }));
+
+    allPrincipals = sortPrincipalsByRelevance(scoredResults)
+      .slice(0, searchLimit)
+      .map((result) => {
+        const { _searchScore, ...resultWithoutScore } = result;
+        return resultWithoutScore;
+      });
+    res.status(200).json({
+      query: query.trim(),
+      limit: searchLimit,
+      type: typeFilter,
+      results: allPrincipals,
+      count: allPrincipals.length,
+      sources: {
+        local: allPrincipals.filter((r) => r.source === 'local').length,
+        entra: allPrincipals.filter((r) => r.source === 'entra').length,
+      },
+    });
+  } catch (error) {
+    logger.error('Error searching principals:', error);
+    res.status(500).json({
+      error: 'Failed to search principals',
+      details: error.message,
+    });
+  }
+};
+
+module.exports = {
+  updateResourcePermissions,
+  getResourcePermissions,
+  getResourceRoles,
+  getUserEffectivePermissions,
+  searchPrincipals,
+};

api/server/controllers/PluginController.js

@@ -1,9 +1,11 @@
+const { logger } = require('@librechat/data-schemas');
 const { CacheKeys, AuthType } = require('librechat-data-provider');
+const { getCustomConfig, getCachedTools } = require('~/server/services/Config');
 const { getToolkitKey } = require('~/server/services/ToolService');
-const { getCustomConfig } = require('~/server/services/Config');
+const { getMCPManager, getFlowStateManager } = require('~/config');
 const { availableTools } = require('~/app/clients/tools');
-const { getMCPManager } = require('~/config');
 const { getLogStores } = require('~/cache');
+const { Constants } = require('librechat-data-provider');
 
 /**
  * Filters out duplicate plugins from the list of plugins.
@@ -84,6 +86,45 @@ const getAvailablePluginsController = async (req, res) => {
   }
 };
 
+function createServerToolsCallback() {
+  /**
+   * @param {string} serverName
+   * @param {TPlugin[] | null} serverTools
+   */
+  return async function (serverName, serverTools) {
+    try {
+      const mcpToolsCache = getLogStores(CacheKeys.MCP_TOOLS);
+      if (!serverName || !mcpToolsCache) {
+        return;
+      }
+      await mcpToolsCache.set(serverName, serverTools);
+      logger.debug(`MCP tools for ${serverName} added to cache.`);
+    } catch (error) {
+      logger.error('Error retrieving MCP tools from cache:', error);
+    }
+  };
+}
+
+function createGetServerTools() {
+  /**
+   * Retrieves cached server tools
+   * @param {string} serverName
+   * @returns {Promise<TPlugin[] | null>}
+   */
+  return async function (serverName) {
+    try {
+      const mcpToolsCache = getLogStores(CacheKeys.MCP_TOOLS);
+      if (!mcpToolsCache) {
+        return null;
+      }
+      return await mcpToolsCache.get(serverName);
+    } catch (error) {
+      logger.error('Error retrieving MCP tools from cache:', error);
+      return null;
+    }
+  };
+}
+
 /**
  * Retrieves and returns a list of available tools, either from a cache or by reading a plugin manifest file.
  *
@@ -109,7 +150,16 @@ const getAvailableTools = async (req, res) => {
     const customConfig = await getCustomConfig();
     if (customConfig?.mcpServers != null) {
       const mcpManager = getMCPManager();
-      pluginManifest = await mcpManager.loadManifestTools(pluginManifest);
+      const flowsCache = getLogStores(CacheKeys.FLOWS);
+      const flowManager = flowsCache ? getFlowStateManager(flowsCache) : null;
+      const serverToolsCallback = createServerToolsCallback();
+      const getServerTools = createGetServerTools();
+      const mcpTools = await mcpManager.loadManifestTools({
+        flowManager,
+        serverToolsCallback,
+        getServerTools,
+      });
+      pluginManifest = [...mcpTools, ...pluginManifest];
     }
 
     /** @type {TPlugin[]} */
@@ -123,17 +173,57 @@ const getAvailableTools = async (req, res) => {
       }
     });
 
-    const toolDefinitions = req.app.locals.availableTools;
-    const tools = authenticatedPlugins.filter(
-      (plugin) =>
-        toolDefinitions[plugin.pluginKey] !== undefined ||
-        (plugin.toolkit === true &&
-          Object.keys(toolDefinitions).some((key) => getToolkitKey(key) === plugin.pluginKey)),
-    );
+    const toolDefinitions = await getCachedTools({ includeGlobal: true });
 
-    await cache.set(CacheKeys.TOOLS, tools);
-    res.status(200).json(tools);
+    const toolsOutput = [];
+    for (const plugin of authenticatedPlugins) {
+      const isToolDefined = toolDefinitions[plugin.pluginKey] !== undefined;
+      const isToolkit =
+        plugin.toolkit === true &&
+        Object.keys(toolDefinitions).some((key) => getToolkitKey(key) === plugin.pluginKey);
+
+      if (!isToolDefined && !isToolkit) {
+        continue;
+      }
+
+      const toolToAdd = { ...plugin };
+
+      if (!plugin.pluginKey.includes(Constants.mcp_delimiter)) {
+        toolsOutput.push(toolToAdd);
+        continue;
+      }
+
+      const parts = plugin.pluginKey.split(Constants.mcp_delimiter);
+      const serverName = parts[parts.length - 1];
+      const serverConfig = customConfig?.mcpServers?.[serverName];
+
+      if (!serverConfig?.customUserVars) {
+        toolsOutput.push(toolToAdd);
+        continue;
+      }
+
+      const customVarKeys = Object.keys(serverConfig.customUserVars);
+
+      if (customVarKeys.length === 0) {
+        toolToAdd.authConfig = [];
+        toolToAdd.authenticated = true;
+      } else {
+        toolToAdd.authConfig = Object.entries(serverConfig.customUserVars).map(([key, value]) => ({
+          authField: key,
+          label: value.title || key,
+          description: value.description || '',
+        }));
+        toolToAdd.authenticated = false;
+      }
+
+      toolsOutput.push(toolToAdd);
+    }
+
+    const finalTools = filterUniquePlugins(toolsOutput);
+    await cache.set(CacheKeys.TOOLS, finalTools);
+    res.status(200).json(finalTools);
   } catch (error) {
+    logger.error('[getAvailableTools]', error);
     res.status(500).json({ message: error.message });
   }
 };

api/server/controllers/TwoFactorController.js

@@ -1,13 +1,13 @@
+const { encryptV3 } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const {
+  verifyTOTP,
+  getTOTPSecret,
+  verifyBackupCode,
   generateTOTPSecret,
   generateBackupCodes,
-  verifyTOTP,
-  verifyBackupCode,
-  getTOTPSecret,
 } = require('~/server/services/twoFactorService');
-const { updateUser, getUserById } = require('~/models');
-const { logger } = require('~/config');
-const { encryptV3 } = require('~/server/utils/crypto');
+const { getUserById, updateUser } = require('~/models');
 
 const safeAppTitle = (process.env.APP_TITLE || 'LibreChat').replace(/\s+/g, '');