feat: Add lazy-loaded Mermaid diagram support with loading fallback and zoom features

chore: Replace lodash with lodash-es for better tree-shaking support
feat: Add Inline Mermaid Diagram Component with Error Handling and Zoom Features
2025-07-12 12:38:33 -04:00 · 2025-07-12 11:37:17 -04:00 · 2025-07-12 11:37:16 -04:00 · 2025-07-12 11:37:07 -04:00 · 2025-07-12 01:52:46 -04:00 · 2025-07-12 01:52:17 -04:00
437 changed files with 24063 additions and 8280 deletions
--- a/.env.example
+++ b/.env.example
@@ -58,7 +58,7 @@ DEBUG_CONSOLE=false
 #                     Endpoints                     #
 #===================================================#

-# ENDPOINTS=openAI,assistants,azureOpenAI,google,gptPlugins,anthropic
+# ENDPOINTS=openAI,assistants,azureOpenAI,google,anthropic

 PROXY=

@@ -142,10 +142,10 @@ GOOGLE_KEY=user_provided
 # GOOGLE_AUTH_HEADER=true

 # Gemini API (AI Studio)
-# GOOGLE_MODELS=gemini-2.5-pro-preview-05-06,gemini-2.5-flash-preview-04-17,gemini-2.0-flash-001,gemini-2.0-flash-exp,gemini-2.0-flash-lite-001,gemini-1.5-pro-002,gemini-1.5-flash-002
+# GOOGLE_MODELS=gemini-2.5-pro,gemini-2.5-flash,gemini-2.5-flash-lite-preview-06-17,gemini-2.0-flash,gemini-2.0-flash-lite

 # Vertex AI
-# GOOGLE_MODELS=gemini-2.5-pro-preview-05-06,gemini-2.5-flash-preview-04-17,gemini-2.0-flash-001,gemini-2.0-flash-exp,gemini-2.0-flash-lite-001,gemini-1.5-pro-002,gemini-1.5-flash-002
+# GOOGLE_MODELS=gemini-2.5-pro,gemini-2.5-flash,gemini-2.5-flash-lite-preview-06-17,gemini-2.0-flash-001,gemini-2.0-flash-lite-001

 # GOOGLE_TITLE_MODEL=gemini-2.0-flash-lite-001

@@ -349,6 +349,11 @@ REGISTRATION_VIOLATION_SCORE=1
 CONCURRENT_VIOLATION_SCORE=1
 MESSAGE_VIOLATION_SCORE=1
 NON_BROWSER_VIOLATION_SCORE=20
+TTS_VIOLATION_SCORE=0
+STT_VIOLATION_SCORE=0
+FORK_VIOLATION_SCORE=0
+IMPORT_VIOLATION_SCORE=0
+FILE_UPLOAD_VIOLATION_SCORE=0

 LOGIN_MAX=7
 LOGIN_WINDOW=5
@@ -453,8 +458,8 @@ OPENID_REUSE_TOKENS=
 OPENID_JWKS_URL_CACHE_ENABLED=
 OPENID_JWKS_URL_CACHE_TIME= # 600000 ms eq to 10 minutes leave empty to disable caching
 #Set to true to trigger token exchange flow to acquire access token for the userinfo endpoint.
-OPENID_ON_BEHALF_FLOW_FOR_USERINFRO_REQUIRED=
-OPENID_ON_BEHALF_FLOW_USERINFRO_SCOPE = "user.read" # example for Scope Needed for Microsoft Graph API
+OPENID_ON_BEHALF_FLOW_FOR_USERINFO_REQUIRED=
+OPENID_ON_BEHALF_FLOW_USERINFO_SCOPE="user.read" # example for Scope Needed for Microsoft Graph API
 # Set to true to use the OpenID Connect end session endpoint for logout
 OPENID_USE_END_SESSION_ENDPOINT=

@@ -575,6 +580,10 @@ ALLOW_SHARED_LINKS_PUBLIC=true
 # If you have another service in front of your LibreChat doing compression, disable express based compression here
 # DISABLE_COMPRESSION=true

+# If you have gzipped version of uploaded image images in the same folder, this will enable gzip scan and serving of these images
+# Note: The images folder will be scanned on startup and a ma kept in memory. Be careful for large number of images.
+# ENABLE_IMAGE_OUTPUT_GZIP_SCAN=true
+
 #===================================================#
 #                        UI                         #
 #===================================================#
@@ -657,4 +666,4 @@ OPENWEATHER_API_KEY=
 # Reranker (Required)
 # JINA_API_KEY=your_jina_api_key
 # or
-# COHERE_API_KEY=your_cohere_api_key
+# COHERE_API_KEY=your_cohere_api_key
--- a/.github/workflows/unused-packages.yml
+++ b/.github/workflows/unused-packages.yml
@@ -98,6 +98,8 @@ jobs:
            cd client
            UNUSED=$(depcheck --json | jq -r '.dependencies | join("\n")' || echo "")
            UNUSED=$(comm -23 <(echo "$UNUSED" | sort) <(cat ../client_used_deps.txt ../client_used_code.txt | sort) || echo "")
+            # Filter out false positives
+            UNUSED=$(echo "$UNUSED" | grep -v "^micromark-extension-llm-math$" || echo "")
            echo "CLIENT_UNUSED<<EOF" >> $GITHUB_ENV
            echo "$UNUSED" >> $GITHUB_ENV
            echo "EOF" >> $GITHUB_ENV
--- a/.gitignore
+++ b/.gitignore
@@ -55,6 +55,8 @@ bower_components/
 # AI
 .clineignore
 .cursor
+.aider*
+CLAUDE.md

 # Floobits
 .floo
@@ -123,4 +125,4 @@ helm/**/.values.yaml
 !/client/src/@types/i18next.d.ts

 # SAML Idp cert
-*.cert
+*.cert
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-# v0.7.8
+# v0.7.9-rc1

 # Base node image
 FROM node:20-alpine AS node
--- a/Dockerfile.multi
+++ b/Dockerfile.multi
@@ -1,5 +1,5 @@
 # Dockerfile.multi
-# v0.7.8
+# v0.7.9-rc1

 # Base for all builds
 FROM node:20-alpine AS base-min
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@
 - 🖥️ **UI & Experience** inspired by ChatGPT with enhanced design and features

 - 🤖 **AI Model Selection**:  
-  - Anthropic (Claude), AWS Bedrock, OpenAI, Azure OpenAI, Google, Vertex AI, OpenAI Assistants API (incl. Azure)
+  - Anthropic (Claude), AWS Bedrock, OpenAI, Azure OpenAI, Google, Vertex AI, OpenAI Responses API (incl. Azure)
  - [Custom Endpoints](https://www.librechat.ai/docs/quick_start/custom_endpoints): Use any OpenAI-compatible API with LibreChat, no proxy required
  - Compatible with [Local & Remote AI Providers](https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints):
    - Ollama, groq, Cohere, Mistral AI, Apple MLX, koboldcpp, together.ai,
@@ -66,10 +66,9 @@
 - 🔦 **Agents & Tools Integration**:  
  - **[LibreChat Agents](https://www.librechat.ai/docs/features/agents)**:
    - No-Code Custom Assistants: Build specialized, AI-driven helpers without coding  
-    - Flexible & Extensible: Attach tools like DALL-E-3, file search, code execution, and more  
-    - Compatible with Custom Endpoints, OpenAI, Azure, Anthropic, AWS Bedrock, and more
+    - Flexible & Extensible: Use MCP Servers, tools, file search, code execution, and more  
+    - Compatible with Custom Endpoints, OpenAI, Azure, Anthropic, AWS Bedrock, Google, Vertex AI, Responses API, and more
    - [Model Context Protocol (MCP) Support](https://modelcontextprotocol.io/clients#librechat) for Tools
-  - Use LibreChat Agents and OpenAI Assistants with Files, Code Interpreter, Tools, and API Actions

 - 🔍 **Web Search**:  
  - Search the internet and retrieve relevant information to enhance your AI context
--- a/api/app/clients/AnthropicClient.js
+++ b/api/app/clients/AnthropicClient.js
@@ -190,10 +190,11 @@ class AnthropicClient extends BaseClient {
        reverseProxyUrl: this.options.reverseProxyUrl,
      }),
      apiKey: this.apiKey,
+      fetchOptions: {},
    };

    if (this.options.proxy) {
-      options.httpAgent = new HttpsProxyAgent(this.options.proxy);
+      options.fetchOptions.agent = new HttpsProxyAgent(this.options.proxy);
    }

    if (this.options.reverseProxyUrl) {
--- a/api/app/clients/BaseClient.js
+++ b/api/app/clients/BaseClient.js
@@ -13,7 +13,6 @@ const {
 const { getMessages, saveMessage, updateMessage, saveConvo, getConvo } = require('~/models');
 const { checkBalance } = require('~/models/balanceMethods');
 const { truncateToolCallOutputs } = require('./prompts');
-const { addSpaceIfNeeded } = require('~/server/utils');
 const { getFiles } = require('~/models/File');
 const TextStream = require('./TextStream');
 const { logger } = require('~/config');
@@ -572,7 +571,7 @@ class BaseClient {
      });
    }

-    const { generation = '' } = opts;
+    const { editedContent } = opts;

    // It's not necessary to push to currentMessages
    // depending on subclass implementation of handling messages
@@ -587,11 +586,21 @@ class BaseClient {
          isCreatedByUser: false,
          model: this.modelOptions?.model ?? this.model,
          sender: this.sender,
-          text: generation,
        };
        this.currentMessages.push(userMessage, latestMessage);
-      } else {
-        latestMessage.text = generation;
+      } else if (editedContent != null) {
+        // Handle editedContent for content parts
+        if (editedContent && latestMessage.content && Array.isArray(latestMessage.content)) {
+          const { index, text, type } = editedContent;
+          if (index >= 0 && index < latestMessage.content.length) {
+            const contentPart = latestMessage.content[index];
+            if (type === ContentTypes.THINK && contentPart.type === ContentTypes.THINK) {
+              contentPart[ContentTypes.THINK] = text;
+            } else if (type === ContentTypes.TEXT && contentPart.type === ContentTypes.TEXT) {
+              contentPart[ContentTypes.TEXT] = text;
+            }
+          }
+        }
      }
      this.continued = true;
    } else {
@@ -672,16 +681,32 @@ class BaseClient {
    };

    if (typeof completion === 'string') {
-      responseMessage.text = addSpaceIfNeeded(generation) + completion;
+      responseMessage.text = completion;
    } else if (
      Array.isArray(completion) &&
      (this.clientName === EModelEndpoint.agents ||
        isParamEndpoint(this.options.endpoint, this.options.endpointType))
    ) {
      responseMessage.text = '';
-      responseMessage.content = completion;
+
+      if (!opts.editedContent || this.currentMessages.length === 0) {
+        responseMessage.content = completion;
+      } else {
+        const latestMessage = this.currentMessages[this.currentMessages.length - 1];
+        if (!latestMessage?.content) {
+          responseMessage.content = completion;
+        } else {
+          const existingContent = [...latestMessage.content];
+          const { type: editedType } = opts.editedContent;
+          responseMessage.content = this.mergeEditedContent(
+            existingContent,
+            completion,
+            editedType,
+          );
+        }
+      }
    } else if (Array.isArray(completion)) {
-      responseMessage.text = addSpaceIfNeeded(generation) + completion.join('');
+      responseMessage.text = completion.join('');
    }

    if (
@@ -792,7 +817,8 @@ class BaseClient {

    userMessage.tokenCount = userMessageTokenCount;
    /*
-      Note: `AskController` saves the user message, so we update the count of its `userMessage` reference
+      Note: `AgentController` saves the user message if not saved here
+      (noted by `savedMessageIds`), so we update the count of its `userMessage` reference
    */
    if (typeof opts?.getReqData === 'function') {
      opts.getReqData({
@@ -801,7 +827,8 @@ class BaseClient {
    }
    /*
      Note: we update the user message to be sure it gets the calculated token count;
-      though `AskController` saves the user message, EditController does not
+      though `AgentController` saves the user message if not saved here
+      (noted by `savedMessageIds`), EditController does not
    */
    await userMessagePromise;
    await this.updateMessageInDatabase({
@@ -1093,6 +1120,50 @@ class BaseClient {
    return numTokens;
  }

+  /**
+   * Merges completion content with existing content when editing TEXT or THINK types
+   * @param {Array} existingContent - The existing content array
+   * @param {Array} newCompletion - The new completion content
+   * @param {string} editedType - The type of content being edited
+   * @returns {Array} The merged content array
+   */
+  mergeEditedContent(existingContent, newCompletion, editedType) {
+    if (!newCompletion.length) {
+      return existingContent.concat(newCompletion);
+    }
+
+    if (editedType !== ContentTypes.TEXT && editedType !== ContentTypes.THINK) {
+      return existingContent.concat(newCompletion);
+    }
+
+    const lastIndex = existingContent.length - 1;
+    const lastExisting = existingContent[lastIndex];
+    const firstNew = newCompletion[0];
+
+    if (lastExisting?.type !== firstNew?.type || firstNew?.type !== editedType) {
+      return existingContent.concat(newCompletion);
+    }
+
+    const mergedContent = [...existingContent];
+    if (editedType === ContentTypes.TEXT) {
+      mergedContent[lastIndex] = {
+        ...mergedContent[lastIndex],
+        [ContentTypes.TEXT]:
+          (mergedContent[lastIndex][ContentTypes.TEXT] || '') + (firstNew[ContentTypes.TEXT] || ''),
+      };
+    } else {
+      mergedContent[lastIndex] = {
+        ...mergedContent[lastIndex],
+        [ContentTypes.THINK]:
+          (mergedContent[lastIndex][ContentTypes.THINK] || '') +
+          (firstNew[ContentTypes.THINK] || ''),
+      };
+    }
+
+    // Add remaining completion items
+    return mergedContent.concat(newCompletion.slice(1));
+  }
+
  async sendPayload(payload, opts = {}) {
    if (opts && typeof opts === 'object') {
      this.setOptions(opts);
--- a/api/app/clients/ChatGPTClient.js
+++ b/api/app/clients/ChatGPTClient.js
@@ -1,804 +0,0 @@
-const { Keyv } = require('keyv');
-const crypto = require('crypto');
-const { CohereClient } = require('cohere-ai');
-const { fetchEventSource } = require('@waylaidwanderer/fetch-event-source');
-const { constructAzureURL, genAzureChatCompletion } = require('@librechat/api');
-const { encoding_for_model: encodingForModel, get_encoding: getEncoding } = require('tiktoken');
-const {
-  ImageDetail,
-  EModelEndpoint,
-  resolveHeaders,
-  CohereConstants,
-  mapModelToAzureConfig,
-} = require('librechat-data-provider');
-const { createContextHandlers } = require('./prompts');
-const { createCoherePayload } = require('./llm');
-const { extractBaseURL } = require('~/utils');
-const BaseClient = require('./BaseClient');
-const { logger } = require('~/config');
-
-const CHATGPT_MODEL = 'gpt-3.5-turbo';
-const tokenizersCache = {};
-
-class ChatGPTClient extends BaseClient {
-  constructor(apiKey, options = {}, cacheOptions = {}) {
-    super(apiKey, options, cacheOptions);
-
-    cacheOptions.namespace = cacheOptions.namespace || 'chatgpt';
-    this.conversationsCache = new Keyv(cacheOptions);
-    this.setOptions(options);
-  }
-
-  setOptions(options) {
-    if (this.options && !this.options.replaceOptions) {
-      // nested options aren't spread properly, so we need to do this manually
-      this.options.modelOptions = {
-        ...this.options.modelOptions,
-        ...options.modelOptions,
-      };
-      delete options.modelOptions;
-      // now we can merge options
-      this.options = {
-        ...this.options,
-        ...options,
-      };
-    } else {
-      this.options = options;
-    }
-
-    if (this.options.openaiApiKey) {
-      this.apiKey = this.options.openaiApiKey;
-    }
-
-    const modelOptions = this.options.modelOptions || {};
-    this.modelOptions = {
-      ...modelOptions,
-      // set some good defaults (check for undefined in some cases because they may be 0)
-      model: modelOptions.model || CHATGPT_MODEL,
-      temperature: typeof modelOptions.temperature === 'undefined' ? 0.8 : modelOptions.temperature,
-      top_p: typeof modelOptions.top_p === 'undefined' ? 1 : modelOptions.top_p,
-      presence_penalty:
-        typeof modelOptions.presence_penalty === 'undefined' ? 1 : modelOptions.presence_penalty,
-      stop: modelOptions.stop,
-    };
-
-    this.isChatGptModel = this.modelOptions.model.includes('gpt-');
-    const { isChatGptModel } = this;
-    this.isUnofficialChatGptModel =
-      this.modelOptions.model.startsWith('text-chat') ||
-      this.modelOptions.model.startsWith('text-davinci-002-render');
-    const { isUnofficialChatGptModel } = this;
-
-    // Davinci models have a max context length of 4097 tokens.
-    this.maxContextTokens = this.options.maxContextTokens || (isChatGptModel ? 4095 : 4097);
-    // I decided to reserve 1024 tokens for the response.
-    // The max prompt tokens is determined by the max context tokens minus the max response tokens.
-    // Earlier messages will be dropped until the prompt is within the limit.
-    this.maxResponseTokens = this.modelOptions.max_tokens || 1024;
-    this.maxPromptTokens =
-      this.options.maxPromptTokens || this.maxContextTokens - this.maxResponseTokens;
-
-    if (this.maxPromptTokens + this.maxResponseTokens > this.maxContextTokens) {
-      throw new Error(
-        `maxPromptTokens + max_tokens (${this.maxPromptTokens} + ${this.maxResponseTokens} = ${
-          this.maxPromptTokens + this.maxResponseTokens
-        }) must be less than or equal to maxContextTokens (${this.maxContextTokens})`,
-      );
-    }
-
-    this.userLabel = this.options.userLabel || 'User';
-    this.chatGptLabel = this.options.chatGptLabel || 'ChatGPT';
-
-    if (isChatGptModel) {
-      // Use these faux tokens to help the AI understand the context since we are building the chat log ourselves.
-      // Trying to use "<|im_start|>" causes the AI to still generate "<" or "<|" at the end sometimes for some reason,
-      // without tripping the stop sequences, so I'm using "||>" instead.
-      this.startToken = '||>';
-      this.endToken = '';
-      this.gptEncoder = this.constructor.getTokenizer('cl100k_base');
-    } else if (isUnofficialChatGptModel) {
-      this.startToken = '<|im_start|>';
-      this.endToken = '<|im_end|>';
-      this.gptEncoder = this.constructor.getTokenizer('text-davinci-003', true, {
-        '<|im_start|>': 100264,
-        '<|im_end|>': 100265,
-      });
-    } else {
-      // Previously I was trying to use "<|endoftext|>" but there seems to be some bug with OpenAI's token counting
-      // system that causes only the first "<|endoftext|>" to be counted as 1 token, and the rest are not treated
-      // as a single token. So we're using this instead.
-      this.startToken = '||>';
-      this.endToken = '';
-      try {
-        this.gptEncoder = this.constructor.getTokenizer(this.modelOptions.model, true);
-      } catch {
-        this.gptEncoder = this.constructor.getTokenizer('text-davinci-003', true);
-      }
-    }
-
-    if (!this.modelOptions.stop) {
-      const stopTokens = [this.startToken];
-      if (this.endToken && this.endToken !== this.startToken) {
-        stopTokens.push(this.endToken);
-      }
-      stopTokens.push(`\n${this.userLabel}:`);
-      stopTokens.push('<|diff_marker|>');
-      // I chose not to do one for `chatGptLabel` because I've never seen it happen
-      this.modelOptions.stop = stopTokens;
-    }
-
-    if (this.options.reverseProxyUrl) {
-      this.completionsUrl = this.options.reverseProxyUrl;
-    } else if (isChatGptModel) {
-      this.completionsUrl = 'https://api.openai.com/v1/chat/completions';
-    } else {
-      this.completionsUrl = 'https://api.openai.com/v1/completions';
-    }
-
-    return this;
-  }
-
-  static getTokenizer(encoding, isModelName = false, extendSpecialTokens = {}) {
-    if (tokenizersCache[encoding]) {
-      return tokenizersCache[encoding];
-    }
-    let tokenizer;
-    if (isModelName) {
-      tokenizer = encodingForModel(encoding, extendSpecialTokens);
-    } else {
-      tokenizer = getEncoding(encoding, extendSpecialTokens);
-    }
-    tokenizersCache[encoding] = tokenizer;
-    return tokenizer;
-  }
-
-  /** @type {getCompletion} */
-  async getCompletion(input, onProgress, onTokenProgress, abortController = null) {
-    if (!abortController) {
-      abortController = new AbortController();
-    }
-
-    let modelOptions = { ...this.modelOptions };
-    if (typeof onProgress === 'function') {
-      modelOptions.stream = true;
-    }
-    if (this.isChatGptModel) {
-      modelOptions.messages = input;
-    } else {
-      modelOptions.prompt = input;
-    }
-
-    if (this.useOpenRouter && modelOptions.prompt) {
-      delete modelOptions.stop;
-    }
-
-    const { debug } = this.options;
-    let baseURL = this.completionsUrl;
-    if (debug) {
-      console.debug();
-      console.debug(baseURL);
-      console.debug(modelOptions);
-      console.debug();
-    }
-
-    const opts = {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-    };
-
-    if (this.isVisionModel) {
-      modelOptions.max_tokens = 4000;
-    }
-
-    /** @type {TAzureConfig | undefined} */
-    const azureConfig = this.options?.req?.app?.locals?.[EModelEndpoint.azureOpenAI];
-
-    const isAzure = this.azure || this.options.azure;
-    if (
-      (isAzure && this.isVisionModel && azureConfig) ||
-      (azureConfig && this.isVisionModel && this.options.endpoint === EModelEndpoint.azureOpenAI)
-    ) {
-      const { modelGroupMap, groupMap } = azureConfig;
-      const {
-        azureOptions,
-        baseURL,
-        headers = {},
-        serverless,
-      } = mapModelToAzureConfig({
-        modelName: modelOptions.model,
-        modelGroupMap,
-        groupMap,
-      });
-      opts.headers = resolveHeaders(headers);
-      this.langchainProxy = extractBaseURL(baseURL);
-      this.apiKey = azureOptions.azureOpenAIApiKey;
-
-      const groupName = modelGroupMap[modelOptions.model].group;
-      this.options.addParams = azureConfig.groupMap[groupName].addParams;
-      this.options.dropParams = azureConfig.groupMap[groupName].dropParams;
-      // Note: `forcePrompt` not re-assigned as only chat models are vision models
-
-      this.azure = !serverless && azureOptions;
-      this.azureEndpoint =
-        !serverless && genAzureChatCompletion(this.azure, modelOptions.model, this);
-      if (serverless === true) {
-        this.options.defaultQuery = azureOptions.azureOpenAIApiVersion
-          ? { 'api-version': azureOptions.azureOpenAIApiVersion }
-          : undefined;
-        this.options.headers['api-key'] = this.apiKey;
-      }
-    }
-
-    if (this.options.defaultQuery) {
-      opts.defaultQuery = this.options.defaultQuery;
-    }
-
-    if (this.options.headers) {
-      opts.headers = { ...opts.headers, ...this.options.headers };
-    }
-
-    if (isAzure) {
-      // Azure does not accept `model` in the body, so we need to remove it.
-      delete modelOptions.model;
-
-      baseURL = this.langchainProxy
-        ? constructAzureURL({
-            baseURL: this.langchainProxy,
-            azureOptions: this.azure,
-          })
-        : this.azureEndpoint.split(/(?<!\/)\/(chat|completion)\//)[0];
-
-      if (this.options.forcePrompt) {
-        baseURL += '/completions';
-      } else {
-        baseURL += '/chat/completions';
-      }
-
-      opts.defaultQuery = { 'api-version': this.azure.azureOpenAIApiVersion };
-      opts.headers = { ...opts.headers, 'api-key': this.apiKey };
-    } else if (this.apiKey) {
-      opts.headers.Authorization = `Bearer ${this.apiKey}`;
-    }
-
-    if (process.env.OPENAI_ORGANIZATION) {
-      opts.headers['OpenAI-Organization'] = process.env.OPENAI_ORGANIZATION;
-    }
-
-    if (this.useOpenRouter) {
-      opts.headers['HTTP-Referer'] = 'https://librechat.ai';
-      opts.headers['X-Title'] = 'LibreChat';
-    }
-
-    /* hacky fixes for Mistral AI API:
-      - Re-orders system message to the top of the messages payload, as not allowed anywhere else
-      - If there is only one message and it's a system message, change the role to user
-      */
-    if (baseURL.includes('https://api.mistral.ai/v1') && modelOptions.messages) {
-      const { messages } = modelOptions;
-
-      const systemMessageIndex = messages.findIndex((msg) => msg.role === 'system');
-
-      if (systemMessageIndex > 0) {
-        const [systemMessage] = messages.splice(systemMessageIndex, 1);
-        messages.unshift(systemMessage);
-      }
-
-      modelOptions.messages = messages;
-
-      if (messages.length === 1 && messages[0].role === 'system') {
-        modelOptions.messages[0].role = 'user';
-      }
-    }
-
-    if (this.options.addParams && typeof this.options.addParams === 'object') {
-      modelOptions = {
-        ...modelOptions,
-        ...this.options.addParams,
-      };
-      logger.debug('[ChatGPTClient] chatCompletion: added params', {
-        addParams: this.options.addParams,
-        modelOptions,
-      });
-    }
-
-    if (this.options.dropParams && Array.isArray(this.options.dropParams)) {
-      this.options.dropParams.forEach((param) => {
-        delete modelOptions[param];
-      });
-      logger.debug('[ChatGPTClient] chatCompletion: dropped params', {
-        dropParams: this.options.dropParams,
-        modelOptions,
-      });
-    }
-
-    if (baseURL.startsWith(CohereConstants.API_URL)) {
-      const payload = createCoherePayload({ modelOptions });
-      return await this.cohereChatCompletion({ payload, onTokenProgress });
-    }
-
-    if (baseURL.includes('v1') && !baseURL.includes('/completions') && !this.isChatCompletion) {
-      baseURL = baseURL.split('v1')[0] + 'v1/completions';
-    } else if (
-      baseURL.includes('v1') &&
-      !baseURL.includes('/chat/completions') &&
-      this.isChatCompletion
-    ) {
-      baseURL = baseURL.split('v1')[0] + 'v1/chat/completions';
-    }
-
-    const BASE_URL = new URL(baseURL);
-    if (opts.defaultQuery) {
-      Object.entries(opts.defaultQuery).forEach(([key, value]) => {
-        BASE_URL.searchParams.append(key, value);
-      });
-      delete opts.defaultQuery;
-    }
-
-    const completionsURL = BASE_URL.toString();
-    opts.body = JSON.stringify(modelOptions);
-
-    if (modelOptions.stream) {
-      return new Promise(async (resolve, reject) => {
-        try {
-          let done = false;
-          await fetchEventSource(completionsURL, {
-            ...opts,
-            signal: abortController.signal,
-            async onopen(response) {
-              if (response.status === 200) {
-                return;
-              }
-              if (debug) {
-                console.debug(response);
-              }
-              let error;
-              try {
-                const body = await response.text();
-                error = new Error(`Failed to send message. HTTP ${response.status} - ${body}`);
-                error.status = response.status;
-                error.json = JSON.parse(body);
-              } catch {
-                error = error || new Error(`Failed to send message. HTTP ${response.status}`);
-              }
-              throw error;
-            },
-            onclose() {
-              if (debug) {
-                console.debug('Server closed the connection unexpectedly, returning...');
-              }
-              // workaround for private API not sending [DONE] event
-              if (!done) {
-                onProgress('[DONE]');
-                resolve();
-              }
-            },
-            onerror(err) {
-              if (debug) {
-                console.debug(err);
-              }
-              // rethrow to stop the operation
-              throw err;
-            },
-            onmessage(message) {
-              if (debug) {
-                console.debug(message);
-              }
-              if (!message.data || message.event === 'ping') {
-                return;
-              }
-              if (message.data === '[DONE]') {
-                onProgress('[DONE]');
-                resolve();
-                done = true;
-                return;
-              }
-              onProgress(JSON.parse(message.data));
-            },
-          });
-        } catch (err) {
-          reject(err);
-        }
-      });
-    }
-    const response = await fetch(completionsURL, {
-      ...opts,
-      signal: abortController.signal,
-    });
-    if (response.status !== 200) {
-      const body = await response.text();
-      const error = new Error(`Failed to send message. HTTP ${response.status} - ${body}`);
-      error.status = response.status;
-      try {
-        error.json = JSON.parse(body);
-      } catch {
-        error.body = body;
-      }
-      throw error;
-    }
-    return response.json();
-  }
-
-  /** @type {cohereChatCompletion} */
-  async cohereChatCompletion({ payload, onTokenProgress }) {
-    const cohere = new CohereClient({
-      token: this.apiKey,
-      environment: this.completionsUrl,
-    });
-
-    if (!payload.stream) {
-      const chatResponse = await cohere.chat(payload);
-      return chatResponse.text;
-    }
-
-    const chatStream = await cohere.chatStream(payload);
-    let reply = '';
-    for await (const message of chatStream) {
-      if (!message) {
-        continue;
-      }
-
-      if (message.eventType === 'text-generation' && message.text) {
-        onTokenProgress(message.text);
-        reply += message.text;
-      }
-      /*
-      Cohere API Chinese Unicode character replacement hotfix.
-      Should be un-commented when the following issue is resolved:
-      https://github.com/cohere-ai/cohere-typescript/issues/151
-
-      else if (message.eventType === 'stream-end' && message.response) {
-        reply = message.response.text;
-      }
-      */
-    }
-
-    return reply;
-  }
-
-  async generateTitle(userMessage, botMessage) {
-    const instructionsPayload = {
-      role: 'system',
-      content: `Write an extremely concise subtitle for this conversation with no more than a few words. All words should be capitalized. Exclude punctuation.
-
-||>Message:
-${userMessage.message}
-||>Response:
-${botMessage.message}
-
-||>Title:`,
-    };
-
-    const titleGenClientOptions = JSON.parse(JSON.stringify(this.options));
-    titleGenClientOptions.modelOptions = {
-      model: 'gpt-3.5-turbo',
-      temperature: 0,
-      presence_penalty: 0,
-      frequency_penalty: 0,
-    };
-    const titleGenClient = new ChatGPTClient(this.apiKey, titleGenClientOptions);
-    const result = await titleGenClient.getCompletion([instructionsPayload], null);
-    // remove any non-alphanumeric characters, replace multiple spaces with 1, and then trim
-    return result.choices[0].message.content
-      .replace(/[^a-zA-Z0-9' ]/g, '')
-      .replace(/\s+/g, ' ')
-      .trim();
-  }
-
-  async sendMessage(message, opts = {}) {
-    if (opts.clientOptions && typeof opts.clientOptions === 'object') {
-      this.setOptions(opts.clientOptions);
-    }
-
-    const conversationId = opts.conversationId || crypto.randomUUID();
-    const parentMessageId = opts.parentMessageId || crypto.randomUUID();
-
-    let conversation =
-      typeof opts.conversation === 'object'
-        ? opts.conversation
-        : await this.conversationsCache.get(conversationId);
-
-    let isNewConversation = false;
-    if (!conversation) {
-      conversation = {
-        messages: [],
-        createdAt: Date.now(),
-      };
-      isNewConversation = true;
-    }
-
-    const shouldGenerateTitle = opts.shouldGenerateTitle && isNewConversation;
-
-    const userMessage = {
-      id: crypto.randomUUID(),
-      parentMessageId,
-      role: 'User',
-      message,
-    };
-    conversation.messages.push(userMessage);
-
-    // Doing it this way instead of having each message be a separate element in the array seems to be more reliable,
-    // especially when it comes to keeping the AI in character. It also seems to improve coherency and context retention.
-    const { prompt: payload, context } = await this.buildPrompt(
-      conversation.messages,
-      userMessage.id,
-      {
-        isChatGptModel: this.isChatGptModel,
-        promptPrefix: opts.promptPrefix,
-      },
-    );
-
-    if (this.options.keepNecessaryMessagesOnly) {
-      conversation.messages = context;
-    }
-
-    let reply = '';
-    let result = null;
-    if (typeof opts.onProgress === 'function') {
-      await this.getCompletion(
-        payload,
-        (progressMessage) => {
-          if (progressMessage === '[DONE]') {
-            return;
-          }
-          const token = this.isChatGptModel
-            ? progressMessage.choices[0].delta.content
-            : progressMessage.choices[0].text;
-          // first event's delta content is always undefined
-          if (!token) {
-            return;
-          }
-          if (this.options.debug) {
-            console.debug(token);
-          }
-          if (token === this.endToken) {
-            return;
-          }
-          opts.onProgress(token);
-          reply += token;
-        },
-        opts.abortController || new AbortController(),
-      );
-    } else {
-      result = await this.getCompletion(
-        payload,
-        null,
-        opts.abortController || new AbortController(),
-      );
-      if (this.options.debug) {
-        console.debug(JSON.stringify(result));
-      }
-      if (this.isChatGptModel) {
-        reply = result.choices[0].message.content;
-      } else {
-        reply = result.choices[0].text.replace(this.endToken, '');
-      }
-    }
-
-    // avoids some rendering issues when using the CLI app
-    if (this.options.debug) {
-      console.debug();
-    }
-
-    reply = reply.trim();
-
-    const replyMessage = {
-      id: crypto.randomUUID(),
-      parentMessageId: userMessage.id,
-      role: 'ChatGPT',
-      message: reply,
-    };
-    conversation.messages.push(replyMessage);
-
-    const returnData = {
-      response: replyMessage.message,
-      conversationId,
-      parentMessageId: replyMessage.parentMessageId,
-      messageId: replyMessage.id,
-      details: result || {},
-    };
-
-    if (shouldGenerateTitle) {
-      conversation.title = await this.generateTitle(userMessage, replyMessage);
-      returnData.title = conversation.title;
-    }
-
-    await this.conversationsCache.set(conversationId, conversation);
-
-    if (this.options.returnConversation) {
-      returnData.conversation = conversation;
-    }
-
-    return returnData;
-  }
-
-  async buildPrompt(messages, { isChatGptModel = false, promptPrefix = null }) {
-    promptPrefix = (promptPrefix || this.options.promptPrefix || '').trim();
-
-    // Handle attachments and create augmentedPrompt
-    if (this.options.attachments) {
-      const attachments = await this.options.attachments;
-      const lastMessage = messages[messages.length - 1];
-
-      if (this.message_file_map) {
-        this.message_file_map[lastMessage.messageId] = attachments;
-      } else {
-        this.message_file_map = {
-          [lastMessage.messageId]: attachments,
-        };
-      }
-
-      const files = await this.addImageURLs(lastMessage, attachments);
-      this.options.attachments = files;
-
-      this.contextHandlers = createContextHandlers(this.options.req, lastMessage.text);
-    }
-
-    if (this.message_file_map) {
-      this.contextHandlers = createContextHandlers(
-        this.options.req,
-        messages[messages.length - 1].text,
-      );
-    }
-
-    // Calculate image token cost and process embedded files
-    messages.forEach((message, i) => {
-      if (this.message_file_map && this.message_file_map[message.messageId]) {
-        const attachments = this.message_file_map[message.messageId];
-        for (const file of attachments) {
-          if (file.embedded) {
-            this.contextHandlers?.processFile(file);
-            continue;
-          }
-
-          messages[i].tokenCount =
-            (messages[i].tokenCount || 0) +
-            this.calculateImageTokenCost({
-              width: file.width,
-              height: file.height,
-              detail: this.options.imageDetail ?? ImageDetail.auto,
-            });
-        }
-      }
-    });
-
-    if (this.contextHandlers) {
-      this.augmentedPrompt = await this.contextHandlers.createContext();
-      promptPrefix = this.augmentedPrompt + promptPrefix;
-    }
-
-    if (promptPrefix) {
-      // If the prompt prefix doesn't end with the end token, add it.
-      if (!promptPrefix.endsWith(`${this.endToken}`)) {
-        promptPrefix = `${promptPrefix.trim()}${this.endToken}\n\n`;
-      }
-      promptPrefix = `${this.startToken}Instructions:\n${promptPrefix}`;
-    }
-    const promptSuffix = `${this.startToken}${this.chatGptLabel}:\n`; // Prompt ChatGPT to respond.
-
-    const instructionsPayload = {
-      role: 'system',
-      content: promptPrefix,
-    };
-
-    const messagePayload = {
-      role: 'system',
-      content: promptSuffix,
-    };
-
-    let currentTokenCount;
-    if (isChatGptModel) {
-      currentTokenCount =
-        this.getTokenCountForMessage(instructionsPayload) +
-        this.getTokenCountForMessage(messagePayload);
-    } else {
-      currentTokenCount = this.getTokenCount(`${promptPrefix}${promptSuffix}`);
-    }
-    let promptBody = '';
-    const maxTokenCount = this.maxPromptTokens;
-
-    const context = [];
-
-    // Iterate backwards through the messages, adding them to the prompt until we reach the max token count.
-    // Do this within a recursive async function so that it doesn't block the event loop for too long.
-    const buildPromptBody = async () => {
-      if (currentTokenCount < maxTokenCount && messages.length > 0) {
-        const message = messages.pop();
-        const roleLabel =
-          message?.isCreatedByUser || message?.role?.toLowerCase() === 'user'
-            ? this.userLabel
-            : this.chatGptLabel;
-        const messageString = `${this.startToken}${roleLabel}:\n${
-          message?.text ?? message?.message
-        }${this.endToken}\n`;
-        let newPromptBody;
-        if (promptBody || isChatGptModel) {
-          newPromptBody = `${messageString}${promptBody}`;
-        } else {
-          // Always insert prompt prefix before the last user message, if not gpt-3.5-turbo.
-          // This makes the AI obey the prompt instructions better, which is important for custom instructions.
-          // After a bunch of testing, it doesn't seem to cause the AI any confusion, even if you ask it things
-          // like "what's the last thing I wrote?".
-          newPromptBody = `${promptPrefix}${messageString}${promptBody}`;
-        }
-
-        context.unshift(message);
-
-        const tokenCountForMessage = this.getTokenCount(messageString);
-        const newTokenCount = currentTokenCount + tokenCountForMessage;
-        if (newTokenCount > maxTokenCount) {
-          if (promptBody) {
-            // This message would put us over the token limit, so don't add it.
-            return false;
-          }
-          // This is the first message, so we can't add it. Just throw an error.
-          throw new Error(
-            `Prompt is too long. Max token count is ${maxTokenCount}, but prompt is ${newTokenCount} tokens long.`,
-          );
-        }
-        promptBody = newPromptBody;
-        currentTokenCount = newTokenCount;
-        // wait for next tick to avoid blocking the event loop
-        await new Promise((resolve) => setImmediate(resolve));
-        return buildPromptBody();
-      }
-      return true;
-    };
-
-    await buildPromptBody();
-
-    const prompt = `${promptBody}${promptSuffix}`;
-    if (isChatGptModel) {
-      messagePayload.content = prompt;
-      // Add 3 tokens for Assistant Label priming after all messages have been counted.
-      currentTokenCount += 3;
-    }
-
-    // Use up to `this.maxContextTokens` tokens (prompt + response), but try to leave `this.maxTokens` tokens for the response.
-    this.modelOptions.max_tokens = Math.min(
-      this.maxContextTokens - currentTokenCount,
-      this.maxResponseTokens,
-    );
-
-    if (isChatGptModel) {
-      return { prompt: [instructionsPayload, messagePayload], context };
-    }
-    return { prompt, context, promptTokens: currentTokenCount };
-  }
-
-  getTokenCount(text) {
-    return this.gptEncoder.encode(text, 'all').length;
-  }
-
-  /**
-   * Algorithm adapted from "6. Counting tokens for chat API calls" of
-   * https://github.com/openai/openai-cookbook/blob/main/examples/How_to_count_tokens_with_tiktoken.ipynb
-   *
-   * An additional 3 tokens need to be added for assistant label priming after all messages have been counted.
-   *
-   * @param {Object} message
-   */
-  getTokenCountForMessage(message) {
-    // Note: gpt-3.5-turbo and gpt-4 may update over time. Use default for these as well as for unknown models
-    let tokensPerMessage = 3;
-    let tokensPerName = 1;
-
-    if (this.modelOptions.model === 'gpt-3.5-turbo-0301') {
-      tokensPerMessage = 4;
-      tokensPerName = -1;
-    }
-
-    let numTokens = tokensPerMessage;
-    for (let [key, value] of Object.entries(message)) {
-      numTokens += this.getTokenCount(value);
-      if (key === 'name') {
-        numTokens += tokensPerName;
-      }
-    }
-
-    return numTokens;
-  }
-}
-
-module.exports = ChatGPTClient;
--- a/api/app/clients/GoogleClient.js
+++ b/api/app/clients/GoogleClient.js
@@ -1,7 +1,7 @@
 const { google } = require('googleapis');
-const { Tokenizer } = require('@librechat/api');
 const { concat } = require('@langchain/core/utils/stream');
 const { ChatVertexAI } = require('@langchain/google-vertexai');
+const { Tokenizer, getSafetySettings } = require('@librechat/api');
 const { ChatGoogleGenerativeAI } = require('@langchain/google-genai');
 const { GoogleGenerativeAI: GenAI } = require('@google/generative-ai');
 const { HumanMessage, SystemMessage } = require('@langchain/core/messages');
@@ -12,13 +12,13 @@ const {
  endpointSettings,
  parseTextParts,
  EModelEndpoint,
+  googleSettings,
  ContentTypes,
  VisionModes,
  ErrorTypes,
  Constants,
  AuthKeys,
 } = require('librechat-data-provider');
-const { getSafetySettings } = require('~/server/services/Endpoints/google/llm');
 const { encodeAndFormat } = require('~/server/services/Files/images');
 const { spendTokens } = require('~/models/spendTokens');
 const { getModelMaxTokens } = require('~/utils');
@@ -166,6 +166,16 @@ class GoogleClient extends BaseClient {
      );
    }

+    // Add thinking configuration
+    this.modelOptions.thinkingConfig = {
+      thinkingBudget:
+        (this.modelOptions.thinking ?? googleSettings.thinking.default)
+          ? this.modelOptions.thinkingBudget
+          : 0,
+    };
+    delete this.modelOptions.thinking;
+    delete this.modelOptions.thinkingBudget;
+
    this.sender =
      this.options.sender ??
      getResponseSender({
--- a/api/app/clients/OpenAIClient.js
+++ b/api/app/clients/OpenAIClient.js
@@ -5,6 +5,7 @@ const {
  isEnabled,
  Tokenizer,
  createFetch,
+  resolveHeaders,
  constructAzureURL,
  genAzureChatCompletion,
  createStreamEventHandlers,
@@ -15,7 +16,6 @@ const {
  ContentTypes,
  parseTextParts,
  EModelEndpoint,
-  resolveHeaders,
  KnownEndpoints,
  openAISettings,
  ImageDetailCost,
@@ -37,7 +37,6 @@ const { addSpaceIfNeeded, sleep } = require('~/server/utils');
 const { spendTokens } = require('~/models/spendTokens');
 const { handleOpenAIErrors } = require('./tools/util');
 const { createLLM, RunManager } = require('./llm');
-const ChatGPTClient = require('./ChatGPTClient');
 const { summaryBuffer } = require('./memory');
 const { runTitleChain } = require('./chains');
 const { tokenSplit } = require('./document');
@@ -47,12 +46,6 @@ const { logger } = require('~/config');
 class OpenAIClient extends BaseClient {
  constructor(apiKey, options = {}) {
    super(apiKey, options);
-    this.ChatGPTClient = new ChatGPTClient();
-    this.buildPrompt = this.ChatGPTClient.buildPrompt.bind(this);
-    /** @type {getCompletion} */
-    this.getCompletion = this.ChatGPTClient.getCompletion.bind(this);
-    /** @type {cohereChatCompletion} */
-    this.cohereChatCompletion = this.ChatGPTClient.cohereChatCompletion.bind(this);
    this.contextStrategy = options.contextStrategy
      ? options.contextStrategy.toLowerCase()
      : 'discard';
@@ -379,23 +372,12 @@ class OpenAIClient extends BaseClient {
    return files;
  }

-  async buildMessages(
-    messages,
-    parentMessageId,
-    { isChatCompletion = false, promptPrefix = null },
-    opts,
-  ) {
+  async buildMessages(messages, parentMessageId, { promptPrefix = null }, opts) {
    let orderedMessages = this.constructor.getMessagesForConversation({
      messages,
      parentMessageId,
      summary: this.shouldSummarize,
    });
-    if (!isChatCompletion) {
-      return await this.buildPrompt(orderedMessages, {
-        isChatGptModel: isChatCompletion,
-        promptPrefix,
-      });
-    }

    let payload;
    let instructions;
@@ -1159,6 +1141,7 @@ ${convo}
      logger.debug('[OpenAIClient] chatCompletion', { baseURL, modelOptions });
      const opts = {
        baseURL,
+        fetchOptions: {},
      };

      if (this.useOpenRouter) {
@@ -1177,7 +1160,7 @@ ${convo}
      }

      if (this.options.proxy) {
-        opts.httpAgent = new HttpsProxyAgent(this.options.proxy);
+        opts.fetchOptions.agent = new HttpsProxyAgent(this.options.proxy);
      }

      /** @type {TAzureConfig | undefined} */
@@ -1395,7 +1378,7 @@ ${convo}
          ...modelOptions,
          stream: true,
        };
-        const stream = await openai.beta.chat.completions
+        const stream = await openai.chat.completions
          .stream(params)
          .on('abort', () => {
            /* Do nothing here */
--- a/api/app/clients/PluginsClient.js
+++ b/api/app/clients/PluginsClient.js
@@ -1,542 +0,0 @@
-const OpenAIClient = require('./OpenAIClient');
-const { CallbackManager } = require('@langchain/core/callbacks/manager');
-const { BufferMemory, ChatMessageHistory } = require('langchain/memory');
-const { addImages, buildErrorInput, buildPromptPrefix } = require('./output_parsers');
-const { initializeCustomAgent, initializeFunctionsAgent } = require('./agents');
-const { processFileURL } = require('~/server/services/Files/process');
-const { EModelEndpoint } = require('librechat-data-provider');
-const { checkBalance } = require('~/models/balanceMethods');
-const { formatLangChainMessages } = require('./prompts');
-const { extractBaseURL } = require('~/utils');
-const { loadTools } = require('./tools/util');
-const { logger } = require('~/config');
-
-class PluginsClient extends OpenAIClient {
-  constructor(apiKey, options = {}) {
-    super(apiKey, options);
-    this.sender = options.sender ?? 'Assistant';
-    this.tools = [];
-    this.actions = [];
-    this.setOptions(options);
-    this.openAIApiKey = this.apiKey;
-    this.executor = null;
-  }
-
-  setOptions(options) {
-    this.agentOptions = { ...options.agentOptions };
-    this.functionsAgent = this.agentOptions?.agent === 'functions';
-    this.agentIsGpt3 = this.agentOptions?.model?.includes('gpt-3');
-
-    super.setOptions(options);
-
-    this.isGpt3 = this.modelOptions?.model?.includes('gpt-3');
-
-    if (this.options.reverseProxyUrl) {
-      this.langchainProxy = extractBaseURL(this.options.reverseProxyUrl);
-    }
-  }
-
-  getSaveOptions() {
-    return {
-      artifacts: this.options.artifacts,
-      chatGptLabel: this.options.chatGptLabel,
-      modelLabel: this.options.modelLabel,
-      promptPrefix: this.options.promptPrefix,
-      tools: this.options.tools,
-      ...this.modelOptions,
-      agentOptions: this.agentOptions,
-      iconURL: this.options.iconURL,
-      greeting: this.options.greeting,
-      spec: this.options.spec,
-    };
-  }
-
-  saveLatestAction(action) {
-    this.actions.push(action);
-  }
-
-  getFunctionModelName(input) {
-    if (/-(?!0314)\d{4}/.test(input)) {
-      return input;
-    } else if (input.includes('gpt-3.5-turbo')) {
-      return 'gpt-3.5-turbo';
-    } else if (input.includes('gpt-4')) {
-      return 'gpt-4';
-    } else {
-      return 'gpt-3.5-turbo';
-    }
-  }
-
-  getBuildMessagesOptions(opts) {
-    return {
-      isChatCompletion: true,
-      promptPrefix: opts.promptPrefix,
-      abortController: opts.abortController,
-    };
-  }
-
-  async initialize({ user, message, onAgentAction, onChainEnd, signal }) {
-    const modelOptions = {
-      modelName: this.agentOptions.model,
-      temperature: this.agentOptions.temperature,
-    };
-
-    const model = this.initializeLLM({
-      ...modelOptions,
-      context: 'plugins',
-      initialMessageCount: this.currentMessages.length + 1,
-    });
-
-    logger.debug(
-      `[PluginsClient] Agent Model: ${model.modelName} | Temp: ${model.temperature} | Functions: ${this.functionsAgent}`,
-    );
-
-    // Map Messages to Langchain format
-    const pastMessages = formatLangChainMessages(this.currentMessages.slice(0, -1), {
-      userName: this.options?.name,
-    });
-    logger.debug('[PluginsClient] pastMessages: ' + pastMessages.length);
-
-    // TODO: use readOnly memory, TokenBufferMemory? (both unavailable in LangChainJS)
-    const memory = new BufferMemory({
-      llm: model,
-      chatHistory: new ChatMessageHistory(pastMessages),
-    });
-
-    const { loadedTools } = await loadTools({
-      user,
-      model,
-      tools: this.options.tools,
-      functions: this.functionsAgent,
-      options: {
-        memory,
-        signal: this.abortController.signal,
-        openAIApiKey: this.openAIApiKey,
-        conversationId: this.conversationId,
-        fileStrategy: this.options.req.app.locals.fileStrategy,
-        processFileURL,
-        message,
-      },
-      useSpecs: true,
-    });
-
-    if (loadedTools.length === 0) {
-      return;
-    }
-
-    this.tools = loadedTools;
-
-    logger.debug('[PluginsClient] Requested Tools', this.options.tools);
-    logger.debug(
-      '[PluginsClient] Loaded Tools',
-      this.tools.map((tool) => tool.name),
-    );
-
-    const handleAction = (action, runId, callback = null) => {
-      this.saveLatestAction(action);
-
-      logger.debug('[PluginsClient] Latest Agent Action ', this.actions[this.actions.length - 1]);
-
-      if (typeof callback === 'function') {
-        callback(action, runId);
-      }
-    };
-
-    // initialize agent
-    const initializer = this.functionsAgent ? initializeFunctionsAgent : initializeCustomAgent;
-
-    let customInstructions = (this.options.promptPrefix ?? '').trim();
-    if (typeof this.options.artifactsPrompt === 'string' && this.options.artifactsPrompt) {
-      customInstructions = `${customInstructions ?? ''}\n${this.options.artifactsPrompt}`.trim();
-    }
-
-    this.executor = await initializer({
-      model,
-      signal,
-      pastMessages,
-      tools: this.tools,
-      customInstructions,
-      verbose: this.options.debug,
-      returnIntermediateSteps: true,
-      customName: this.options.chatGptLabel,
-      currentDateString: this.currentDateString,
-      callbackManager: CallbackManager.fromHandlers({
-        async handleAgentAction(action, runId) {
-          handleAction(action, runId, onAgentAction);
-        },
-        async handleChainEnd(action) {
-          if (typeof onChainEnd === 'function') {
-            onChainEnd(action);
-          }
-        },
-      }),
-    });
-
-    logger.debug('[PluginsClient] Loaded agent.');
-  }
-
-  async executorCall(message, { signal, stream, onToolStart, onToolEnd }) {
-    let errorMessage = '';
-    const maxAttempts = 1;
-
-    for (let attempts = 1; attempts <= maxAttempts; attempts++) {
-      const errorInput = buildErrorInput({
-        message,
-        errorMessage,
-        actions: this.actions,
-        functionsAgent: this.functionsAgent,
-      });
-      const input = attempts > 1 ? errorInput : message;
-
-      logger.debug(`[PluginsClient] Attempt ${attempts} of ${maxAttempts}`);
-
-      if (errorMessage.length > 0) {
-        logger.debug('[PluginsClient] Caught error, input: ' + JSON.stringify(input));
-      }
-
-      try {
-        this.result = await this.executor.call({ input, signal }, [
-          {
-            async handleToolStart(...args) {
-              await onToolStart(...args);
-            },
-            async handleToolEnd(...args) {
-              await onToolEnd(...args);
-            },
-            async handleLLMEnd(output) {
-              const { generations } = output;
-              const { text } = generations[0][0];
-              if (text && typeof stream === 'function') {
-                await stream(text);
-              }
-            },
-          },
-        ]);
-        break; // Exit the loop if the function call is successful
-      } catch (err) {
-        logger.error('[PluginsClient] executorCall error:', err);
-        if (attempts === maxAttempts) {
-          const { run } = this.runManager.getRunByConversationId(this.conversationId);
-          const defaultOutput = `Encountered an error while attempting to respond: ${err.message}`;
-          this.result.output = run && run.error ? run.error : defaultOutput;
-          this.result.errorMessage = run && run.error ? run.error : err.message;
-          this.result.intermediateSteps = this.actions;
-          break;
-        }
-      }
-    }
-  }
-
-  /**
-   *
-   * @param {TMessage} responseMessage
-   * @param {Partial<TMessage>} saveOptions
-   * @param {string} user
-   * @returns
-   */
-  async handleResponseMessage(responseMessage, saveOptions, user) {
-    const { output, errorMessage, ...result } = this.result;
-    logger.debug('[PluginsClient][handleResponseMessage] Output:', {
-      output,
-      errorMessage,
-      ...result,
-    });
-    const { error } = responseMessage;
-    if (!error) {
-      responseMessage.tokenCount = this.getTokenCountForResponse(responseMessage);
-      responseMessage.completionTokens = this.getTokenCount(responseMessage.text);
-    }
-
-    // Record usage only when completion is skipped as it is already recorded in the agent phase.
-    if (!this.agentOptions.skipCompletion && !error) {
-      await this.recordTokenUsage(responseMessage);
-    }
-
-    const databasePromise = this.saveMessageToDatabase(responseMessage, saveOptions, user);
-    delete responseMessage.tokenCount;
-    return { ...responseMessage, ...result, databasePromise };
-  }
-
-  async sendMessage(message, opts = {}) {
-    /** @type {Promise<TMessage>} */
-    let userMessagePromise;
-    /** @type {{ filteredTools: string[], includedTools: string[] }} */
-    const { filteredTools = [], includedTools = [] } = this.options.req.app.locals;
-
-    if (includedTools.length > 0) {
-      const tools = this.options.tools.filter((plugin) => includedTools.includes(plugin));
-      this.options.tools = tools;
-    } else {
-      const tools = this.options.tools.filter((plugin) => !filteredTools.includes(plugin));
-      this.options.tools = tools;
-    }
-
-    // If a message is edited, no tools can be used.
-    const completionMode = this.options.tools.length === 0 || opts.isEdited;
-    if (completionMode) {
-      this.setOptions(opts);
-      return super.sendMessage(message, opts);
-    }
-
-    logger.debug('[PluginsClient] sendMessage', { userMessageText: message, opts });
-    const {
-      user,
-      conversationId,
-      responseMessageId,
-      saveOptions,
-      userMessage,
-      onAgentAction,
-      onChainEnd,
-      onToolStart,
-      onToolEnd,
-    } = await this.handleStartMethods(message, opts);
-
-    if (opts.progressCallback) {
-      opts.onProgress = opts.progressCallback.call(null, {
-        ...(opts.progressOptions ?? {}),
-        parentMessageId: userMessage.messageId,
-        messageId: responseMessageId,
-      });
-    }
-
-    this.currentMessages.push(userMessage);
-
-    let {
-      prompt: payload,
-      tokenCountMap,
-      promptTokens,
-    } = await this.buildMessages(
-      this.currentMessages,
-      userMessage.messageId,
-      this.getBuildMessagesOptions({
-        promptPrefix: null,
-        abortController: this.abortController,
-      }),
-    );
-
-    if (tokenCountMap) {
-      logger.debug('[PluginsClient] tokenCountMap', { tokenCountMap });
-      if (tokenCountMap[userMessage.messageId]) {
-        userMessage.tokenCount = tokenCountMap[userMessage.messageId];
-        logger.debug('[PluginsClient] userMessage.tokenCount', userMessage.tokenCount);
-      }
-      this.handleTokenCountMap(tokenCountMap);
-    }
-
-    this.result = {};
-    if (payload) {
-      this.currentMessages = payload;
-    }
-
-    if (!this.skipSaveUserMessage) {
-      userMessagePromise = this.saveMessageToDatabase(userMessage, saveOptions, user);
-      if (typeof opts?.getReqData === 'function') {
-        opts.getReqData({
-          userMessagePromise,
-        });
-      }
-    }
-
-    const balance = this.options.req?.app?.locals?.balance;
-    if (balance?.enabled) {
-      await checkBalance({
-        req: this.options.req,
-        res: this.options.res,
-        txData: {
-          user: this.user,
-          tokenType: 'prompt',
-          amount: promptTokens,
-          debug: this.options.debug,
-          model: this.modelOptions.model,
-          endpoint: EModelEndpoint.openAI,
-        },
-      });
-    }
-
-    const responseMessage = {
-      endpoint: EModelEndpoint.gptPlugins,
-      iconURL: this.options.iconURL,
-      messageId: responseMessageId,
-      conversationId,
-      parentMessageId: userMessage.messageId,
-      isCreatedByUser: false,
-      model: this.modelOptions.model,
-      sender: this.sender,
-      promptTokens,
-    };
-
-    await this.initialize({
-      user,
-      message,
-      onAgentAction,
-      onChainEnd,
-      signal: this.abortController.signal,
-      onProgress: opts.onProgress,
-    });
-
-    // const stream = async (text) => {
-    //   await this.generateTextStream.call(this, text, opts.onProgress, { delay: 1 });
-    // };
-    await this.executorCall(message, {
-      signal: this.abortController.signal,
-      // stream,
-      onToolStart,
-      onToolEnd,
-    });
-
-    // If message was aborted mid-generation
-    if (this.result?.errorMessage?.length > 0 && this.result?.errorMessage?.includes('cancel')) {
-      responseMessage.text = 'Cancelled.';
-      return await this.handleResponseMessage(responseMessage, saveOptions, user);
-    }
-
-    // If error occurred during generation (likely token_balance)
-    if (this.result?.errorMessage?.length > 0) {
-      responseMessage.error = true;
-      responseMessage.text = this.result.output;
-      return await this.handleResponseMessage(responseMessage, saveOptions, user);
-    }
-
-    if (this.agentOptions.skipCompletion && this.result.output && this.functionsAgent) {
-      const partialText = opts.getPartialText();
-      const trimmedPartial = opts.getPartialText().replaceAll(':::plugin:::\n', '');
-      responseMessage.text =
-        trimmedPartial.length === 0 ? `${partialText}${this.result.output}` : partialText;
-      addImages(this.result.intermediateSteps, responseMessage);
-      await this.generateTextStream(this.result.output, opts.onProgress, { delay: 5 });
-      return await this.handleResponseMessage(responseMessage, saveOptions, user);
-    }
-
-    if (this.agentOptions.skipCompletion && this.result.output) {
-      responseMessage.text = this.result.output;
-      addImages(this.result.intermediateSteps, responseMessage);
-      await this.generateTextStream(this.result.output, opts.onProgress, { delay: 5 });
-      return await this.handleResponseMessage(responseMessage, saveOptions, user);
-    }
-
-    logger.debug('[PluginsClient] Completion phase: this.result', this.result);
-
-    const promptPrefix = buildPromptPrefix({
-      result: this.result,
-      message,
-      functionsAgent: this.functionsAgent,
-    });
-
-    logger.debug('[PluginsClient]', { promptPrefix });
-
-    payload = await this.buildCompletionPrompt({
-      messages: this.currentMessages,
-      promptPrefix,
-    });
-
-    logger.debug('[PluginsClient] buildCompletionPrompt Payload', payload);
-    responseMessage.text = await this.sendCompletion(payload, opts);
-    return await this.handleResponseMessage(responseMessage, saveOptions, user);
-  }
-
-  async buildCompletionPrompt({ messages, promptPrefix: _promptPrefix }) {
-    logger.debug('[PluginsClient] buildCompletionPrompt messages', messages);
-
-    const orderedMessages = messages;
-    let promptPrefix = _promptPrefix.trim();
-    // If the prompt prefix doesn't end with the end token, add it.
-    if (!promptPrefix.endsWith(`${this.endToken}`)) {
-      promptPrefix = `${promptPrefix.trim()}${this.endToken}\n\n`;
-    }
-    promptPrefix = `${this.startToken}Instructions:\n${promptPrefix}`;
-    const promptSuffix = `${this.startToken}${this.chatGptLabel ?? 'Assistant'}:\n`;
-
-    const instructionsPayload = {
-      role: 'system',
-      content: promptPrefix,
-    };
-
-    const messagePayload = {
-      role: 'system',
-      content: promptSuffix,
-    };
-
-    if (this.isGpt3) {
-      instructionsPayload.role = 'user';
-      messagePayload.role = 'user';
-      instructionsPayload.content += `\n${promptSuffix}`;
-    }
-
-    // testing if this works with browser endpoint
-    if (!this.isGpt3 && this.options.reverseProxyUrl) {
-      instructionsPayload.role = 'user';
-    }
-
-    let currentTokenCount =
-      this.getTokenCountForMessage(instructionsPayload) +
-      this.getTokenCountForMessage(messagePayload);
-
-    let promptBody = '';
-    const maxTokenCount = this.maxPromptTokens;
-    // Iterate backwards through the messages, adding them to the prompt until we reach the max token count.
-    // Do this within a recursive async function so that it doesn't block the event loop for too long.
-    const buildPromptBody = async () => {
-      if (currentTokenCount < maxTokenCount && orderedMessages.length > 0) {
-        const message = orderedMessages.pop();
-        const isCreatedByUser = message.isCreatedByUser || message.role?.toLowerCase() === 'user';
-        const roleLabel = isCreatedByUser ? this.userLabel : this.chatGptLabel;
-        let messageString = `${this.startToken}${roleLabel}:\n${
-          message.text ?? message.content ?? ''
-        }${this.endToken}\n`;
-        let newPromptBody = `${messageString}${promptBody}`;
-
-        const tokenCountForMessage = this.getTokenCount(messageString);
-        const newTokenCount = currentTokenCount + tokenCountForMessage;
-        if (newTokenCount > maxTokenCount) {
-          if (promptBody) {
-            // This message would put us over the token limit, so don't add it.
-            return false;
-          }
-          // This is the first message, so we can't add it. Just throw an error.
-          throw new Error(
-            `Prompt is too long. Max token count is ${maxTokenCount}, but prompt is ${newTokenCount} tokens long.`,
-          );
-        }
-        promptBody = newPromptBody;
-        currentTokenCount = newTokenCount;
-        // wait for next tick to avoid blocking the event loop
-        await new Promise((resolve) => setTimeout(resolve, 0));
-        return buildPromptBody();
-      }
-      return true;
-    };
-
-    await buildPromptBody();
-    const prompt = promptBody;
-    messagePayload.content = prompt;
-    // Add 2 tokens for metadata after all messages have been counted.
-    currentTokenCount += 2;
-
-    if (this.isGpt3 && messagePayload.content.length > 0) {
-      const context = 'Chat History:\n';
-      messagePayload.content = `${context}${prompt}`;
-      currentTokenCount += this.getTokenCount(context);
-    }
-
-    // Use up to `this.maxContextTokens` tokens (prompt + response), but try to leave `this.maxTokens` tokens for the response.
-    this.modelOptions.max_tokens = Math.min(
-      this.maxContextTokens - currentTokenCount,
-      this.maxResponseTokens,
-    );
-
-    if (this.isGpt3) {
-      messagePayload.content += promptSuffix;
-      return [instructionsPayload, messagePayload];
-    }
-
-    const result = [messagePayload, instructionsPayload];
-
-    if (this.functionsAgent && !this.isGpt3) {
-      result[1].content = `${result[1].content}\n${this.startToken}${this.chatGptLabel}:\nSure thing! Here is the output you requested:\n`;
-    }
-
-    return result.filter((message) => message.content.length > 0);
-  }
-}
-
-module.exports = PluginsClient;
--- a/api/app/clients/index.js
+++ b/api/app/clients/index.js
@@ -1,15 +1,11 @@
-const ChatGPTClient = require('./ChatGPTClient');
 const OpenAIClient = require('./OpenAIClient');
-const PluginsClient = require('./PluginsClient');
 const GoogleClient = require('./GoogleClient');
 const TextStream = require('./TextStream');
 const AnthropicClient = require('./AnthropicClient');
 const toolUtils = require('./tools/util');

 module.exports = {
-  ChatGPTClient,
  OpenAIClient,
-  PluginsClient,
  GoogleClient,
  TextStream,
  AnthropicClient,
--- a/api/app/clients/prompts/createContextHandlers.js
+++ b/api/app/clients/prompts/createContextHandlers.js
@@ -1,6 +1,7 @@
 const axios = require('axios');
-const { isEnabled } = require('~/server/utils');
-const { logger } = require('~/config');
+const { isEnabled } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
+const { generateShortLivedToken } = require('~/server/services/AuthService');

 const footer = `Use the context as your learned knowledge to better answer the user.

@@ -18,7 +19,7 @@ function createContextHandlers(req, userMessageContent) {
  const queryPromises = [];
  const processedFiles = [];
  const processedIds = new Set();
-  const jwtToken = req.headers.authorization.split(' ')[1];
+  const jwtToken = generateShortLivedToken(req.user.id);
  const useFullContext = isEnabled(process.env.RAG_USE_FULL_CONTEXT);

  const query = async (file) => {
@@ -96,35 +97,35 @@ function createContextHandlers(req, userMessageContent) {
        resolvedQueries.length === 0
          ? '\n\tThe semantic search did not return any results.'
          : resolvedQueries
-            .map((queryResult, index) => {
-              const file = processedFiles[index];
-              let contextItems = queryResult.data;
+              .map((queryResult, index) => {
+                const file = processedFiles[index];
+                let contextItems = queryResult.data;

-              const generateContext = (currentContext) =>
-                `
+                const generateContext = (currentContext) =>
+                  `
          <file>
            <filename>${file.filename}</filename>
            <context>${currentContext}
            </context>
          </file>`;

-              if (useFullContext) {
-                return generateContext(`\n${contextItems}`);
-              }
+                if (useFullContext) {
+                  return generateContext(`\n${contextItems}`);
+                }

-              contextItems = queryResult.data
-                .map((item) => {
-                  const pageContent = item[0].page_content;
-                  return `
+                contextItems = queryResult.data
+                  .map((item) => {
+                    const pageContent = item[0].page_content;
+                    return `
            <contextItem>
              <![CDATA[${pageContent?.trim()}]]>
            </contextItem>`;
-                })
-                .join('');
+                  })
+                  .join('');

-              return generateContext(contextItems);
-            })
-            .join('');
+                return generateContext(contextItems);
+              })
+              .join('');

      if (useFullContext) {
        const prompt = `${header}
--- a/api/app/clients/specs/AnthropicClient.test.js
+++ b/api/app/clients/specs/AnthropicClient.test.js
@@ -309,7 +309,7 @@ describe('AnthropicClient', () => {
      };
      client.setOptions({ modelOptions, promptCache: true });
      const anthropicClient = client.getClient(modelOptions);
-      expect(anthropicClient.defaultHeaders).not.toHaveProperty('anthropic-beta');
+      expect(anthropicClient._options.defaultHeaders).toBeUndefined();
    });

    it('should not add beta header for other models', () => {
@@ -320,7 +320,7 @@ describe('AnthropicClient', () => {
        },
      });
      const anthropicClient = client.getClient();
-      expect(anthropicClient.defaultHeaders).not.toHaveProperty('anthropic-beta');
+      expect(anthropicClient._options.defaultHeaders).toBeUndefined();
    });
  });

--- a/api/app/clients/specs/OpenAIClient.test.js
+++ b/api/app/clients/specs/OpenAIClient.test.js
@@ -531,44 +531,6 @@ describe('OpenAIClient', () => {
    });
  });

-  describe('sendMessage/getCompletion/chatCompletion', () => {
-    afterEach(() => {
-      delete process.env.AZURE_OPENAI_DEFAULT_MODEL;
-      delete process.env.AZURE_USE_MODEL_AS_DEPLOYMENT_NAME;
-    });
-
-    it('should call getCompletion and fetchEventSource when using a text/instruct model', async () => {
-      const model = 'text-davinci-003';
-      const onProgress = jest.fn().mockImplementation(() => ({}));
-
-      const testClient = new OpenAIClient('test-api-key', {
-        ...defaultOptions,
-        modelOptions: { model },
-      });
-
-      const getCompletion = jest.spyOn(testClient, 'getCompletion');
-      await testClient.sendMessage('Hi mom!', { onProgress });
-
-      expect(getCompletion).toHaveBeenCalled();
-      expect(getCompletion.mock.calls.length).toBe(1);
-
-      expect(getCompletion.mock.calls[0][0]).toBe('||>User:\nHi mom!\n||>Assistant:\n');
-
-      expect(fetchEventSource).toHaveBeenCalled();
-      expect(fetchEventSource.mock.calls.length).toBe(1);
-
-      // Check if the first argument (url) is correct
-      const firstCallArgs = fetchEventSource.mock.calls[0];
-
-      const expectedURL = 'https://api.openai.com/v1/completions';
-      expect(firstCallArgs[0]).toBe(expectedURL);
-
-      const requestBody = JSON.parse(firstCallArgs[1].body);
-      expect(requestBody).toHaveProperty('model');
-      expect(requestBody.model).toBe(model);
-    });
-  });
-
  describe('checkVisionRequest functionality', () => {
    let client;
    const attachments = [{ type: 'image/png' }];
--- a/api/app/clients/specs/PluginsClient.test.js
+++ b/api/app/clients/specs/PluginsClient.test.js
@@ -1,314 +0,0 @@
-const crypto = require('crypto');
-const { Constants } = require('librechat-data-provider');
-const { HumanMessage, AIMessage } = require('@langchain/core/messages');
-const PluginsClient = require('../PluginsClient');
-
-jest.mock('~/db/connect');
-jest.mock('~/models/Conversation', () => {
-  return function () {
-    return {
-      save: jest.fn(),
-      deleteConvos: jest.fn(),
-    };
-  };
-});
-
-const defaultAzureOptions = {
-  azureOpenAIApiInstanceName: 'your-instance-name',
-  azureOpenAIApiDeploymentName: 'your-deployment-name',
-  azureOpenAIApiVersion: '2020-07-01-preview',
-};
-
-describe('PluginsClient', () => {
-  let TestAgent;
-  let options = {
-    tools: [],
-    modelOptions: {
-      model: 'gpt-3.5-turbo',
-      temperature: 0,
-      max_tokens: 2,
-    },
-    agentOptions: {
-      model: 'gpt-3.5-turbo',
-    },
-  };
-  let parentMessageId;
-  let conversationId;
-  const fakeMessages = [];
-  const userMessage = 'Hello, ChatGPT!';
-  const apiKey = 'fake-api-key';
-
-  beforeEach(() => {
-    TestAgent = new PluginsClient(apiKey, options);
-    TestAgent.loadHistory = jest
-      .fn()
-      .mockImplementation((conversationId, parentMessageId = null) => {
-        if (!conversationId) {
-          TestAgent.currentMessages = [];
-          return Promise.resolve([]);
-        }
-
-        const orderedMessages = TestAgent.constructor.getMessagesForConversation({
-          messages: fakeMessages,
-          parentMessageId,
-        });
-
-        const chatMessages = orderedMessages.map((msg) =>
-          msg?.isCreatedByUser || msg?.role?.toLowerCase() === 'user'
-            ? new HumanMessage(msg.text)
-            : new AIMessage(msg.text),
-        );
-
-        TestAgent.currentMessages = orderedMessages;
-        return Promise.resolve(chatMessages);
-      });
-    TestAgent.sendMessage = jest.fn().mockImplementation(async (message, opts = {}) => {
-      if (opts && typeof opts === 'object') {
-        TestAgent.setOptions(opts);
-      }
-      const conversationId = opts.conversationId || crypto.randomUUID();
-      const parentMessageId = opts.parentMessageId || Constants.NO_PARENT;
-      const userMessageId = opts.overrideParentMessageId || crypto.randomUUID();
-      this.pastMessages = await TestAgent.loadHistory(
-        conversationId,
-        TestAgent.options?.parentMessageId,
-      );
-
-      const userMessage = {
-        text: message,
-        sender: 'ChatGPT',
-        isCreatedByUser: true,
-        messageId: userMessageId,
-        parentMessageId,
-        conversationId,
-      };
-
-      const response = {
-        sender: 'ChatGPT',
-        text: 'Hello, User!',
-        isCreatedByUser: false,
-        messageId: crypto.randomUUID(),
-        parentMessageId: userMessage.messageId,
-        conversationId,
-      };
-
-      fakeMessages.push(userMessage);
-      fakeMessages.push(response);
-      return response;
-    });
-  });
-
-  test('initializes PluginsClient without crashing', () => {
-    expect(TestAgent).toBeInstanceOf(PluginsClient);
-  });
-
-  test('check setOptions function', () => {
-    expect(TestAgent.agentIsGpt3).toBe(true);
-  });
-
-  describe('sendMessage', () => {
-    test('sendMessage should return a response message', async () => {
-      const expectedResult = expect.objectContaining({
-        sender: 'ChatGPT',
-        text: expect.any(String),
-        isCreatedByUser: false,
-        messageId: expect.any(String),
-        parentMessageId: expect.any(String),
-        conversationId: expect.any(String),
-      });
-
-      const response = await TestAgent.sendMessage(userMessage);
-      parentMessageId = response.messageId;
-      conversationId = response.conversationId;
-      expect(response).toEqual(expectedResult);
-    });
-
-    test('sendMessage should work with provided conversationId and parentMessageId', async () => {
-      const userMessage = 'Second message in the conversation';
-      const opts = {
-        conversationId,
-        parentMessageId,
-      };
-
-      const expectedResult = expect.objectContaining({
-        sender: 'ChatGPT',
-        text: expect.any(String),
-        isCreatedByUser: false,
-        messageId: expect.any(String),
-        parentMessageId: expect.any(String),
-        conversationId: opts.conversationId,
-      });
-
-      const response = await TestAgent.sendMessage(userMessage, opts);
-      parentMessageId = response.messageId;
-      expect(response.conversationId).toEqual(conversationId);
-      expect(response).toEqual(expectedResult);
-    });
-
-    test('should return chat history', async () => {
-      const chatMessages = await TestAgent.loadHistory(conversationId, parentMessageId);
-      expect(TestAgent.currentMessages).toHaveLength(4);
-      expect(chatMessages[0].text).toEqual(userMessage);
-    });
-  });
-
-  describe('getFunctionModelName', () => {
-    let client;
-
-    beforeEach(() => {
-      client = new PluginsClient('dummy_api_key');
-    });
-
-    test('should return the input when it includes a dash followed by four digits', () => {
-      expect(client.getFunctionModelName('-1234')).toBe('-1234');
-      expect(client.getFunctionModelName('gpt-4-5678-preview')).toBe('gpt-4-5678-preview');
-    });
-
-    test('should return the input for all function-capable models (`0613` models and above)', () => {
-      expect(client.getFunctionModelName('gpt-4-0613')).toBe('gpt-4-0613');
-      expect(client.getFunctionModelName('gpt-4-32k-0613')).toBe('gpt-4-32k-0613');
-      expect(client.getFunctionModelName('gpt-3.5-turbo-0613')).toBe('gpt-3.5-turbo-0613');
-      expect(client.getFunctionModelName('gpt-3.5-turbo-16k-0613')).toBe('gpt-3.5-turbo-16k-0613');
-      expect(client.getFunctionModelName('gpt-3.5-turbo-1106')).toBe('gpt-3.5-turbo-1106');
-      expect(client.getFunctionModelName('gpt-4-1106-preview')).toBe('gpt-4-1106-preview');
-      expect(client.getFunctionModelName('gpt-4-1106')).toBe('gpt-4-1106');
-    });
-
-    test('should return the corresponding model if input is non-function capable (`0314` models)', () => {
-      expect(client.getFunctionModelName('gpt-4-0314')).toBe('gpt-4');
-      expect(client.getFunctionModelName('gpt-4-32k-0314')).toBe('gpt-4');
-      expect(client.getFunctionModelName('gpt-3.5-turbo-0314')).toBe('gpt-3.5-turbo');
-      expect(client.getFunctionModelName('gpt-3.5-turbo-16k-0314')).toBe('gpt-3.5-turbo');
-    });
-
-    test('should return "gpt-3.5-turbo" when the input includes "gpt-3.5-turbo"', () => {
-      expect(client.getFunctionModelName('test gpt-3.5-turbo model')).toBe('gpt-3.5-turbo');
-    });
-
-    test('should return "gpt-4" when the input includes "gpt-4"', () => {
-      expect(client.getFunctionModelName('testing gpt-4')).toBe('gpt-4');
-    });
-
-    test('should return "gpt-3.5-turbo" for input that does not meet any specific condition', () => {
-      expect(client.getFunctionModelName('random string')).toBe('gpt-3.5-turbo');
-      expect(client.getFunctionModelName('')).toBe('gpt-3.5-turbo');
-    });
-  });
-
-  describe('Azure OpenAI tests specific to Plugins', () => {
-    // TODO: add more tests for Azure OpenAI integration with Plugins
-    // let client;
-    // beforeEach(() => {
-    //   client = new PluginsClient('dummy_api_key');
-    // });
-
-    test('should not call getFunctionModelName when azure options are set', () => {
-      const spy = jest.spyOn(PluginsClient.prototype, 'getFunctionModelName');
-      const model = 'gpt-4-turbo';
-
-      // note, without the azure change in PR #1766, `getFunctionModelName` is called twice
-      const testClient = new PluginsClient('dummy_api_key', {
-        agentOptions: {
-          model,
-          agent: 'functions',
-        },
-        azure: defaultAzureOptions,
-      });
-
-      expect(spy).not.toHaveBeenCalled();
-      expect(testClient.agentOptions.model).toBe(model);
-
-      spy.mockRestore();
-    });
-  });
-
-  describe('sendMessage with filtered tools', () => {
-    let TestAgent;
-    const apiKey = 'fake-api-key';
-    const mockTools = [{ name: 'tool1' }, { name: 'tool2' }, { name: 'tool3' }, { name: 'tool4' }];
-
-    beforeEach(() => {
-      TestAgent = new PluginsClient(apiKey, {
-        tools: mockTools,
-        modelOptions: {
-          model: 'gpt-3.5-turbo',
-          temperature: 0,
-          max_tokens: 2,
-        },
-        agentOptions: {
-          model: 'gpt-3.5-turbo',
-        },
-      });
-
-      TestAgent.options.req = {
-        app: {
-          locals: {},
-        },
-      };
-
-      TestAgent.sendMessage = jest.fn().mockImplementation(async () => {
-        const { filteredTools = [], includedTools = [] } = TestAgent.options.req.app.locals;
-
-        if (includedTools.length > 0) {
-          const tools = TestAgent.options.tools.filter((plugin) =>
-            includedTools.includes(plugin.name),
-          );
-          TestAgent.options.tools = tools;
-        } else {
-          const tools = TestAgent.options.tools.filter(
-            (plugin) => !filteredTools.includes(plugin.name),
-          );
-          TestAgent.options.tools = tools;
-        }
-
-        return {
-          text: 'Mocked response',
-          tools: TestAgent.options.tools,
-        };
-      });
-    });
-
-    test('should filter out tools when filteredTools is provided', async () => {
-      TestAgent.options.req.app.locals.filteredTools = ['tool1', 'tool3'];
-      const response = await TestAgent.sendMessage('Test message');
-      expect(response.tools).toHaveLength(2);
-      expect(response.tools).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ name: 'tool2' }),
-          expect.objectContaining({ name: 'tool4' }),
-        ]),
-      );
-    });
-
-    test('should only include specified tools when includedTools is provided', async () => {
-      TestAgent.options.req.app.locals.includedTools = ['tool2', 'tool4'];
-      const response = await TestAgent.sendMessage('Test message');
-      expect(response.tools).toHaveLength(2);
-      expect(response.tools).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ name: 'tool2' }),
-          expect.objectContaining({ name: 'tool4' }),
-        ]),
-      );
-    });
-
-    test('should prioritize includedTools over filteredTools', async () => {
-      TestAgent.options.req.app.locals.filteredTools = ['tool1', 'tool3'];
-      TestAgent.options.req.app.locals.includedTools = ['tool1', 'tool2'];
-      const response = await TestAgent.sendMessage('Test message');
-      expect(response.tools).toHaveLength(2);
-      expect(response.tools).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ name: 'tool1' }),
-          expect.objectContaining({ name: 'tool2' }),
-        ]),
-      );
-    });
-
-    test('should not modify tools when no filters are provided', async () => {
-      const response = await TestAgent.sendMessage('Test message');
-      expect(response.tools).toHaveLength(4);
-      expect(response.tools).toEqual(expect.arrayContaining(mockTools));
-    });
-  });
-});
--- a/api/app/clients/tools/structured/OpenAIImageTools.js
+++ b/api/app/clients/tools/structured/OpenAIImageTools.js
@@ -107,6 +107,12 @@ const getImageEditPromptDescription = () => {
  return process.env.IMAGE_EDIT_OAI_PROMPT_DESCRIPTION || DEFAULT_IMAGE_EDIT_PROMPT_DESCRIPTION;
 };

+function createAbortHandler() {
+  return function () {
+    logger.debug('[ImageGenOAI] Image generation aborted');
+  };
+}
+
 /**
 * Creates OpenAI Image tools (generation and editing)
 * @param {Object} fields - Configuration fields
@@ -201,10 +207,18 @@ function createOpenAIImageTools(fields = {}) {
      }

      let resp;
+      /** @type {AbortSignal} */
+      let derivedSignal = null;
+      /** @type {() => void} */
+      let abortHandler = null;
+
      try {
-        const derivedSignal = runnableConfig?.signal
-          ? AbortSignal.any([runnableConfig.signal])
-          : undefined;
+        if (runnableConfig?.signal) {
+          derivedSignal = AbortSignal.any([runnableConfig.signal]);
+          abortHandler = createAbortHandler();
+          derivedSignal.addEventListener('abort', abortHandler, { once: true });
+        }
+
        resp = await openai.images.generate(
          {
            model: 'gpt-image-1',
@@ -228,6 +242,10 @@ function createOpenAIImageTools(fields = {}) {
        logAxiosError({ error, message });
        return returnValue(`Something went wrong when trying to generate the image. The OpenAI API may be unavailable:
 Error Message: ${error.message}`);
+      } finally {
+        if (abortHandler && derivedSignal) {
+          derivedSignal.removeEventListener('abort', abortHandler);
+        }
      }

      if (!resp) {
@@ -409,10 +427,17 @@ Error Message: ${error.message}`);
        headers['Authorization'] = `Bearer ${apiKey}`;
      }

+      /** @type {AbortSignal} */
+      let derivedSignal = null;
+      /** @type {() => void} */
+      let abortHandler = null;
+
      try {
-        const derivedSignal = runnableConfig?.signal
-          ? AbortSignal.any([runnableConfig.signal])
-          : undefined;
+        if (runnableConfig?.signal) {
+          derivedSignal = AbortSignal.any([runnableConfig.signal]);
+          abortHandler = createAbortHandler();
+          derivedSignal.addEventListener('abort', abortHandler, { once: true });
+        }

        /** @type {import('axios').AxiosRequestConfig} */
        const axiosConfig = {
@@ -467,6 +492,10 @@ Error Message: ${error.message}`);
        logAxiosError({ error, message });
        return returnValue(`Something went wrong when trying to edit the image. The OpenAI API may be unavailable:
 Error Message: ${error.message || 'Unknown error'}`);
+      } finally {
+        if (abortHandler && derivedSignal) {
+          derivedSignal.removeEventListener('abort', abortHandler);
+        }
      }
    },
    {
--- a/api/app/clients/tools/util/fileSearch.js
+++ b/api/app/clients/tools/util/fileSearch.js
@@ -1,26 +1,35 @@
 const { z } = require('zod');
 const axios = require('axios');
 const { tool } = require('@langchain/core/tools');
+const { logger } = require('@librechat/data-schemas');
 const { Tools, EToolResources } = require('librechat-data-provider');
+const { generateShortLivedToken } = require('~/server/services/AuthService');
 const { getFiles } = require('~/models/File');
-const { logger } = require('~/config');

 /**
 *
 * @param {Object} options
 * @param {ServerRequest} options.req
 * @param {Agent['tool_resources']} options.tool_resources
+ * @param {string} [options.agentId] - The agent ID for file access control
 * @returns {Promise<{
 *   files: Array<{ file_id: string; filename: string }>,
 *   toolContext: string
 * }>}
 */
 const primeFiles = async (options) => {
-  const { tool_resources } = options;
+  const { tool_resources, req, agentId } = options;
  const file_ids = tool_resources?.[EToolResources.file_search]?.file_ids ?? [];
  const agentResourceIds = new Set(file_ids);
  const resourceFiles = tool_resources?.[EToolResources.file_search]?.files ?? [];
-  const dbFiles = ((await getFiles({ file_id: { $in: file_ids } })) ?? []).concat(resourceFiles);
+  const dbFiles = (
+    (await getFiles(
+      { file_id: { $in: file_ids } },
+      null,
+      { text: 0 },
+      { userId: req?.user?.id, agentId },
+    )) ?? []
+  ).concat(resourceFiles);

  let toolContext = `- Note: Semantic search is available through the ${Tools.file_search} tool but no files are currently loaded. Request the user to upload documents to search through.`;

@@ -59,7 +68,7 @@ const createFileSearchTool = async ({ req, files, entity_id }) => {
      if (files.length === 0) {
        return 'No files to search. Instruct the user to add files for the search.';
      }
-      const jwtToken = req.headers.authorization.split(' ')[1];
+      const jwtToken = generateShortLivedToken(req.user.id);
      if (!jwtToken) {
        return 'There was an error authenticating the file search request.';
      }
--- a/api/app/clients/tools/util/handleTools.js
+++ b/api/app/clients/tools/util/handleTools.js
@@ -1,14 +1,14 @@
+const { mcpToolPattern } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { SerpAPI } = require('@langchain/community/tools/serpapi');
 const { Calculator } = require('@langchain/community/tools/calculator');
 const { EnvVar, createCodeExecutionTool, createSearchTool } = require('@librechat/agents');
 const {
  Tools,
-  Constants,
  EToolResources,
  loadWebSearchAuth,
  replaceSpecialVars,
 } = require('librechat-data-provider');
-const { getUserPluginAuthValue } = require('~/server/services/PluginService');
 const {
  availableTools,
  manifestToolMap,
@@ -28,11 +28,10 @@ const {
 } = require('../');
 const { primeFiles: primeCodeFiles } = require('~/server/services/Files/Code/process');
 const { createFileSearchTool, primeFiles: primeSearchFiles } = require('./fileSearch');
+const { getUserPluginAuthValue } = require('~/server/services/PluginService');
 const { loadAuthValues } = require('~/server/services/Tools/credentials');
+const { getCachedTools } = require('~/server/services/Config');
 const { createMCPTool } = require('~/server/services/MCP');
-const { logger } = require('~/config');
-
-const mcpToolPattern = new RegExp(`^.+${Constants.mcp_delimiter}.+$`);

 /**
 * Validates the availability and authentication of tools for a user based on environment variables or user-specific plugin authentication values.
@@ -93,7 +92,7 @@ const validateTools = async (user, tools = []) => {
    return Array.from(validToolsSet.values());
  } catch (err) {
    logger.error('[validateTools] There was a problem validating tools', err);
-    throw new Error('There was a problem validating tools');
+    throw new Error(err);
  }
 };

@@ -236,7 +235,7 @@ const loadTools = async ({

  /** @type {Record<string, string>} */
  const toolContextMap = {};
-  const appTools = options.req?.app?.locals?.availableTools ?? {};
+  const appTools = (await getCachedTools({ includeGlobal: true })) ?? {};

  for (const tool of tools) {
    if (tool === Tools.execute_code) {
@@ -246,7 +245,13 @@ const loadTools = async ({
          authFields: [EnvVar.CODE_API_KEY],
        });
        const codeApiKey = authValues[EnvVar.CODE_API_KEY];
-        const { files, toolContext } = await primeCodeFiles(options, codeApiKey);
+        const { files, toolContext } = await primeCodeFiles(
+          {
+            ...options,
+            agentId: agent?.id,
+          },
+          codeApiKey,
+        );
        if (toolContext) {
          toolContextMap[tool] = toolContext;
        }
@@ -261,7 +266,10 @@ const loadTools = async ({
      continue;
    } else if (tool === Tools.file_search) {
      requestedTools[tool] = async () => {
-        const { files, toolContext } = await primeSearchFiles(options);
+        const { files, toolContext } = await primeSearchFiles({
+          ...options,
+          agentId: agent?.id,
+        });
        if (toolContext) {
          toolContextMap[tool] = toolContext;
        }
@@ -299,6 +307,7 @@ Current Date & Time: ${replaceSpecialVars({ text: '{{iso_datetime}}' })}
      requestedTools[tool] = async () =>
        createMCPTool({
          req: options.req,
+          res: options.res,
          toolKey: tool,
          model: agent?.model ?? model,
          provider: agent?.provider ?? endpoint,
--- a/api/cache/banViolation.js
+++ b/api/cache/banViolation.js
@@ -1,7 +1,8 @@
 const { logger } = require('@librechat/data-schemas');
+const { isEnabled, math } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
-const { isEnabled, math, removePorts } = require('~/server/utils');
 const { deleteAllUserSessions } = require('~/models');
+const { removePorts } = require('~/server/utils');
 const getLogStores = require('./getLogStores');

 const { BAN_VIOLATIONS, BAN_INTERVAL } = process.env ?? {};
--- a/api/cache/getLogStores.js
+++ b/api/cache/getLogStores.js
@@ -1,7 +1,7 @@
 const { Keyv } = require('keyv');
+const { isEnabled, math } = require('@librechat/api');
 const { CacheKeys, ViolationTypes, Time } = require('librechat-data-provider');
 const { logFile, violationFile } = require('./keyvFiles');
-const { isEnabled, math } = require('~/server/utils');
 const keyvRedis = require('./keyvRedis');
 const keyvMongo = require('./keyvMongo');

@@ -29,6 +29,10 @@ const roles = isRedisEnabled
  ? new Keyv({ store: keyvRedis })
  : new Keyv({ namespace: CacheKeys.ROLES });

+const mcpTools = isRedisEnabled
+  ? new Keyv({ store: keyvRedis })
+  : new Keyv({ namespace: CacheKeys.MCP_TOOLS });
+
 const audioRuns = isRedisEnabled
  ? new Keyv({ store: keyvRedis, ttl: Time.TEN_MINUTES })
  : new Keyv({ namespace: CacheKeys.AUDIO_RUNS, ttl: Time.TEN_MINUTES });
@@ -67,6 +71,7 @@ const openIdExchangedTokensCache = isRedisEnabled

 const namespaces = {
  [CacheKeys.ROLES]: roles,
+  [CacheKeys.MCP_TOOLS]: mcpTools,
  [CacheKeys.CONFIG_STORE]: config,
  [CacheKeys.PENDING_REQ]: pending_req,
  [ViolationTypes.BAN]: new Keyv({ store: keyvMongo, namespace: CacheKeys.BANS, ttl: duration }),
--- a/api/cache/logViolation.js
+++ b/api/cache/logViolation.js
@@ -9,7 +9,7 @@ const banViolation = require('./banViolation');
 * @param {Object} res - Express response object.
 * @param {string} type - The type of violation.
 * @param {Object} errorMessage - The error message to log.
- * @param {number} [score=1] - The severity of the violation. Defaults to 1
+ * @param {number | string} [score=1] - The severity of the violation. Defaults to 1
 */
 const logViolation = async (req, res, type, errorMessage, score = 1) => {
  const userId = req.user?.id ?? req.user?._id;
--- a/api/config/index.js
+++ b/api/config/index.js
@@ -15,7 +15,7 @@ let flowManager = null;
 */
 function getMCPManager(userId) {
  if (!mcpManager) {
-    mcpManager = MCPManager.getInstance(logger);
+    mcpManager = MCPManager.getInstance();
  } else {
    mcpManager.checkIdleConnections(userId);
  }
@@ -30,7 +30,6 @@ function getFlowStateManager(flowsCache) {
  if (!flowManager) {
    flowManager = new FlowStateManager(flowsCache, {
      ttl: Time.ONE_MINUTE * 3,
-      logger,
    });
  }
  return flowManager;
--- a/api/db/indexSync.js
+++ b/api/db/indexSync.js
@@ -1,8 +1,11 @@
 const mongoose = require('mongoose');
 const { MeiliSearch } = require('meilisearch');
 const { logger } = require('@librechat/data-schemas');
+const { FlowStateManager } = require('@librechat/api');
+const { CacheKeys } = require('librechat-data-provider');

 const { isEnabled } = require('~/server/utils');
+const { getLogStores } = require('~/cache');

 const Conversation = mongoose.models.Conversation;
 const Message = mongoose.models.Message;
@@ -28,43 +31,123 @@ class MeiliSearchClient {
  }
 }

+/**
+ * Performs the actual sync operations for messages and conversations
+ */
+async function performSync() {
+  const client = MeiliSearchClient.getInstance();
+
+  const { status } = await client.health();
+  if (status !== 'available') {
+    throw new Error('Meilisearch not available');
+  }
+
+  if (indexingDisabled === true) {
+    logger.info('[indexSync] Indexing is disabled, skipping...');
+    return { messagesSync: false, convosSync: false };
+  }
+
+  let messagesSync = false;
+  let convosSync = false;
+
+  // Check if we need to sync messages
+  const messageProgress = await Message.getSyncProgress();
+  if (!messageProgress.isComplete) {
+    logger.info(
+      `[indexSync] Messages need syncing: ${messageProgress.totalProcessed}/${messageProgress.totalDocuments} indexed`,
+    );
+
+    // Check if we should do a full sync or incremental
+    const messageCount = await Message.countDocuments();
+    const messagesIndexed = messageProgress.totalProcessed;
+    const syncThreshold = parseInt(process.env.MEILI_SYNC_THRESHOLD || '1000', 10);
+
+    if (messageCount - messagesIndexed > syncThreshold) {
+      logger.info('[indexSync] Starting full message sync due to large difference');
+      await Message.syncWithMeili();
+      messagesSync = true;
+    } else if (messageCount !== messagesIndexed) {
+      logger.warn('[indexSync] Messages out of sync, performing incremental sync');
+      await Message.syncWithMeili();
+      messagesSync = true;
+    }
+  } else {
+    logger.info(
+      `[indexSync] Messages are fully synced: ${messageProgress.totalProcessed}/${messageProgress.totalDocuments}`,
+    );
+  }
+
+  // Check if we need to sync conversations
+  const convoProgress = await Conversation.getSyncProgress();
+  if (!convoProgress.isComplete) {
+    logger.info(
+      `[indexSync] Conversations need syncing: ${convoProgress.totalProcessed}/${convoProgress.totalDocuments} indexed`,
+    );
+
+    const convoCount = await Conversation.countDocuments();
+    const convosIndexed = convoProgress.totalProcessed;
+    const syncThreshold = parseInt(process.env.MEILI_SYNC_THRESHOLD || '1000', 10);
+
+    if (convoCount - convosIndexed > syncThreshold) {
+      logger.info('[indexSync] Starting full conversation sync due to large difference');
+      await Conversation.syncWithMeili();
+      convosSync = true;
+    } else if (convoCount !== convosIndexed) {
+      logger.warn('[indexSync] Convos out of sync, performing incremental sync');
+      await Conversation.syncWithMeili();
+      convosSync = true;
+    }
+  } else {
+    logger.info(
+      `[indexSync] Conversations are fully synced: ${convoProgress.totalProcessed}/${convoProgress.totalDocuments}`,
+    );
+  }
+
+  return { messagesSync, convosSync };
+}
+
+/**
+ * Main index sync function that uses FlowStateManager to prevent concurrent execution
+ */
 async function indexSync() {
  if (!searchEnabled) {
    return;
  }
-  try {
-    const client = MeiliSearchClient.getInstance();

-    const { status } = await client.health();
-    if (status !== 'available') {
-      throw new Error('Meilisearch not available');
+  logger.info('[indexSync] Starting index synchronization check...');
+
+  try {
+    // Get or create FlowStateManager instance
+    const flowsCache = getLogStores(CacheKeys.FLOWS);
+    if (!flowsCache) {
+      logger.warn('[indexSync] Flows cache not available, falling back to direct sync');
+      return await performSync();
    }

-    if (indexingDisabled === true) {
-      logger.info('[indexSync] Indexing is disabled, skipping...');
+    const flowManager = new FlowStateManager(flowsCache, {
+      ttl: 60000 * 10, // 10 minutes TTL for sync operations
+    });
+
+    // Use a unique flow ID for the sync operation
+    const flowId = 'meili-index-sync';
+    const flowType = 'MEILI_SYNC';
+
+    // This will only execute the handler if no other instance is running the sync
+    const result = await flowManager.createFlowWithHandler(flowId, flowType, performSync);
+
+    if (result.messagesSync || result.convosSync) {
+      logger.info('[indexSync] Sync completed successfully');
+    } else {
+      logger.debug('[indexSync] No sync was needed');
+    }
+
+    return result;
+  } catch (err) {
+    if (err.message.includes('flow already exists')) {
+      logger.info('[indexSync] Sync already running on another instance');
      return;
    }

-    const messageCount = await Message.countDocuments();
-    const convoCount = await Conversation.countDocuments();
-    const messages = await client.index('messages').getStats();
-    const convos = await client.index('convos').getStats();
-    const messagesIndexed = messages.numberOfDocuments;
-    const convosIndexed = convos.numberOfDocuments;
-
-    logger.debug(`[indexSync] There are ${messageCount} messages and ${messagesIndexed} indexed`);
-    logger.debug(`[indexSync] There are ${convoCount} convos and ${convosIndexed} indexed`);
-
-    if (messageCount !== messagesIndexed) {
-      logger.debug('[indexSync] Messages out of sync, indexing');
-      Message.syncWithMeili();
-    }
-
-    if (convoCount !== convosIndexed) {
-      logger.debug('[indexSync] Convos out of sync, indexing');
-      Conversation.syncWithMeili();
-    }
-  } catch (err) {
    if (err.message.includes('not found')) {
      logger.debug('[indexSync] Creating indices...');
      currentTimeout = setTimeout(async () => {
--- a/api/models/Agent.js
+++ b/api/models/Agent.js
@@ -11,6 +11,7 @@ const {
  removeAgentIdsFromProject,
  removeAgentFromAllProjects,
 } = require('./Project');
+const { getCachedTools } = require('~/server/services/Config');
 const getLogStores = require('~/cache/getLogStores');
 const { getActions } = require('./Action');
 const { Agent } = require('~/db/models');
@@ -55,12 +56,12 @@ const getAgent = async (searchParameter) => await Agent.findOne(searchParameter)
 * @param {string} params.agent_id
 * @param {string} params.endpoint
 * @param {import('@librechat/agents').ClientOptions} [params.model_parameters]
- * @returns {Agent|null} The agent document as a plain object, or null if not found.
+ * @returns {Promise<Agent|null>} The agent document as a plain object, or null if not found.
 */
-const loadEphemeralAgent = ({ req, agent_id, endpoint, model_parameters: _m }) => {
+const loadEphemeralAgent = async ({ req, agent_id, endpoint, model_parameters: _m }) => {
  const { model, ...model_parameters } = _m;
  /** @type {Record<string, FunctionTool>} */
-  const availableTools = req.app.locals.availableTools;
+  const availableTools = await getCachedTools({ includeGlobal: true });
  /** @type {TEphemeralAgent | null} */
  const ephemeralAgent = req.body.ephemeralAgent;
  const mcpServers = new Set(ephemeralAgent?.mcp);
@@ -69,6 +70,9 @@ const loadEphemeralAgent = ({ req, agent_id, endpoint, model_parameters: _m }) =
  if (ephemeralAgent?.execute_code === true) {
    tools.push(Tools.execute_code);
  }
+  if (ephemeralAgent?.file_search === true) {
+    tools.push(Tools.file_search);
+  }
  if (ephemeralAgent?.web_search === true) {
    tools.push(Tools.web_search);
  }
@@ -86,7 +90,7 @@ const loadEphemeralAgent = ({ req, agent_id, endpoint, model_parameters: _m }) =
  }

  const instructions = req.body.promptPrefix;
-  return {
+  const result = {
    id: agent_id,
    instructions,
    provider: endpoint,
@@ -94,6 +98,11 @@ const loadEphemeralAgent = ({ req, agent_id, endpoint, model_parameters: _m }) =
    model,
    tools,
  };
+
+  if (ephemeralAgent?.artifacts != null && ephemeralAgent.artifacts) {
+    result.artifacts = ephemeralAgent.artifacts;
+  }
+  return result;
 };

 /**
@@ -111,7 +120,7 @@ const loadAgent = async ({ req, agent_id, endpoint, model_parameters }) => {
    return null;
  }
  if (agent_id === EPHEMERAL_AGENT_ID) {
-    return loadEphemeralAgent({ req, agent_id, endpoint, model_parameters });
+    return await loadEphemeralAgent({ req, agent_id, endpoint, model_parameters });
  }
  const agent = await getAgent({
    id: agent_id,
--- a/api/models/Agent.spec.js
+++ b/api/models/Agent.spec.js
@@ -6,6 +6,10 @@ const originalEnv = {
 process.env.CREDS_KEY = '0123456789abcdef0123456789abcdef';
 process.env.CREDS_IV = '0123456789abcdef';

+jest.mock('~/server/services/Config', () => ({
+  getCachedTools: jest.fn(),
+}));
+
 const mongoose = require('mongoose');
 const { v4: uuidv4 } = require('uuid');
 const { agentSchema } = require('@librechat/data-schemas');
@@ -23,6 +27,7 @@ const {
  generateActionMetadataHash,
  revertAgentVersion,
 } = require('./Agent');
+const { getCachedTools } = require('~/server/services/Config');

 /**
 * @type {import('mongoose').Model<import('@librechat/data-schemas').IAgent>}
@@ -38,7 +43,7 @@ describe('models/Agent', () => {
      const mongoUri = mongoServer.getUri();
      Agent = mongoose.models.Agent || mongoose.model('Agent', agentSchema);
      await mongoose.connect(mongoUri);
-    });
+    }, 20000);

    afterAll(async () => {
      await mongoose.disconnect();
@@ -406,8 +411,9 @@ describe('models/Agent', () => {
    beforeAll(async () => {
      mongoServer = await MongoMemoryServer.create();
      const mongoUri = mongoServer.getUri();
+      Agent = mongoose.models.Agent || mongoose.model('Agent', agentSchema);
      await mongoose.connect(mongoUri);
-    });
+    }, 20000);

    afterAll(async () => {
      await mongoose.disconnect();
@@ -664,7 +670,7 @@ describe('models/Agent', () => {
      const mongoUri = mongoServer.getUri();
      Agent = mongoose.models.Agent || mongoose.model('Agent', agentSchema);
      await mongoose.connect(mongoUri);
-    });
+    }, 20000);

    afterAll(async () => {
      await mongoose.disconnect();
@@ -1326,7 +1332,7 @@ describe('models/Agent', () => {
      const mongoUri = mongoServer.getUri();
      Agent = mongoose.models.Agent || mongoose.model('Agent', agentSchema);
      await mongoose.connect(mongoUri);
-    });
+    }, 20000);

    afterAll(async () => {
      await mongoose.disconnect();
@@ -1508,7 +1514,7 @@ describe('models/Agent', () => {
      const mongoUri = mongoServer.getUri();
      Agent = mongoose.models.Agent || mongoose.model('Agent', agentSchema);
      await mongoose.connect(mongoUri);
-    });
+    }, 20000);

    afterAll(async () => {
      await mongoose.disconnect();
@@ -1546,6 +1552,12 @@ describe('models/Agent', () => {
    test('should test ephemeral agent loading logic', async () => {
      const { EPHEMERAL_AGENT_ID } = require('librechat-data-provider').Constants;

+      getCachedTools.mockResolvedValue({
+        tool1_mcp_server1: {},
+        tool2_mcp_server2: {},
+        another_tool: {},
+      });
+
      const mockReq = {
        user: { id: 'user123' },
        body: {
@@ -1556,15 +1568,6 @@ describe('models/Agent', () => {
            mcp: ['server1', 'server2'],
          },
        },
-        app: {
-          locals: {
-            availableTools: {
-              tool1_mcp_server1: {},
-              tool2_mcp_server2: {},
-              another_tool: {},
-            },
-          },
-        },
      };

      const result = await loadAgent({
@@ -1657,6 +1660,8 @@ describe('models/Agent', () => {
    test('should handle ephemeral agent with no MCP servers', async () => {
      const { EPHEMERAL_AGENT_ID } = require('librechat-data-provider').Constants;

+      getCachedTools.mockResolvedValue({});
+
      const mockReq = {
        user: { id: 'user123' },
        body: {
@@ -1667,11 +1672,6 @@ describe('models/Agent', () => {
            mcp: [],
          },
        },
-        app: {
-          locals: {
-            availableTools: {},
-          },
-        },
      };

      const result = await loadAgent({
@@ -1692,16 +1692,13 @@ describe('models/Agent', () => {
    test('should handle ephemeral agent with undefined ephemeralAgent in body', async () => {
      const { EPHEMERAL_AGENT_ID } = require('librechat-data-provider').Constants;

+      getCachedTools.mockResolvedValue({});
+
      const mockReq = {
        user: { id: 'user123' },
        body: {
          promptPrefix: 'Basic instructions',
        },
-        app: {
-          locals: {
-            availableTools: {},
-          },
-        },
      };

      const result = await loadAgent({
@@ -1734,6 +1731,13 @@ describe('models/Agent', () => {
        const { EPHEMERAL_AGENT_ID } = require('librechat-data-provider').Constants;

        const largeToolList = Array.from({ length: 100 }, (_, i) => `tool_${i}_mcp_server1`);
+        const availableTools = largeToolList.reduce((acc, tool) => {
+          acc[tool] = {};
+          return acc;
+        }, {});
+
+        getCachedTools.mockResolvedValue(availableTools);
+
        const mockReq = {
          user: { id: 'user123' },
          body: {
@@ -1744,14 +1748,6 @@ describe('models/Agent', () => {
              mcp: ['server1'],
            },
          },
-          app: {
-            locals: {
-              availableTools: largeToolList.reduce((acc, tool) => {
-                acc[tool] = {};
-                return acc;
-              }, {}),
-            },
-          },
        };

        const result = await loadAgent({
@@ -1802,7 +1798,7 @@ describe('models/Agent', () => {
      const mongoUri = mongoServer.getUri();
      Agent = mongoose.models.Agent || mongoose.model('Agent', agentSchema);
      await mongoose.connect(mongoUri);
-    });
+    }, 20000);

    afterAll(async () => {
      await mongoose.disconnect();
@@ -2272,6 +2268,13 @@ describe('models/Agent', () => {
    test('should handle loadEphemeralAgent with malformed MCP tool names', async () => {
      const { EPHEMERAL_AGENT_ID } = require('librechat-data-provider').Constants;

+      getCachedTools.mockResolvedValue({
+        malformed_tool_name: {}, // No mcp delimiter
+        tool__server1: {}, // Wrong delimiter
+        tool_mcp_server1: {}, // Correct format
+        tool_mcp_server2: {}, // Different server
+      });
+
      const mockReq = {
        user: { id: 'user123' },
        body: {
@@ -2282,16 +2285,6 @@ describe('models/Agent', () => {
            mcp: ['server1'],
          },
        },
-        app: {
-          locals: {
-            availableTools: {
-              malformed_tool_name: {}, // No mcp delimiter
-              tool__server1: {}, // Wrong delimiter
-              tool_mcp_server1: {}, // Correct format
-              tool_mcp_server2: {}, // Different server
-            },
-          },
-        },
      };

      const result = await loadAgent({
@@ -2357,7 +2350,7 @@ describe('models/Agent', () => {
      const mongoUri = mongoServer.getUri();
      Agent = mongoose.models.Agent || mongoose.model('Agent', agentSchema);
      await mongoose.connect(mongoUri);
-    });
+    }, 20000);

    afterAll(async () => {
      await mongoose.disconnect();
--- a/api/models/Conversation.js
+++ b/api/models/Conversation.js
@@ -1,4 +1,6 @@
 const { logger } = require('@librechat/data-schemas');
+const { createTempChatExpirationDate } = require('@librechat/api');
+const getCustomConfig = require('~/server/services/Config/getCustomConfig');
 const { getMessages, deleteMessages } = require('./Message');
 const { Conversation } = require('~/db/models');

@@ -98,10 +100,15 @@ module.exports = {
        update.conversationId = newConversationId;
      }

-      if (req.body.isTemporary) {
-        const expiredAt = new Date();
-        expiredAt.setDate(expiredAt.getDate() + 30);
-        update.expiredAt = expiredAt;
+      if (req?.body?.isTemporary) {
+        try {
+          const customConfig = await getCustomConfig();
+          update.expiredAt = createTempChatExpirationDate(customConfig);
+        } catch (err) {
+          logger.error('Error creating temporary chat expiration date:', err);
+          logger.info(`---\`saveConvo\` context: ${metadata?.context}`);
+          update.expiredAt = null;
+        }
      } else {
        update.expiredAt = null;
      }
--- a/api/models/File.js
+++ b/api/models/File.js
@@ -1,5 +1,7 @@
 const { logger } = require('@librechat/data-schemas');
-const { EToolResources } = require('librechat-data-provider');
+const { EToolResources, FileContext, Constants } = require('librechat-data-provider');
+const { getProjectByName } = require('./Project');
+const { getAgent } = require('./Agent');
 const { File } = require('~/db/models');

 /**
@@ -12,17 +14,119 @@ const findFileById = async (file_id, options = {}) => {
  return await File.findOne({ file_id, ...options }).lean();
 };

+/**
+ * Checks if a user has access to multiple files through a shared agent (batch operation)
+ * @param {string} userId - The user ID to check access for
+ * @param {string[]} fileIds - Array of file IDs to check
+ * @param {string} agentId - The agent ID that might grant access
+ * @returns {Promise<Map<string, boolean>>} Map of fileId to access status
+ */
+const hasAccessToFilesViaAgent = async (userId, fileIds, agentId) => {
+  const accessMap = new Map();
+
+  // Initialize all files as no access
+  fileIds.forEach((fileId) => accessMap.set(fileId, false));
+
+  try {
+    const agent = await getAgent({ id: agentId });
+
+    if (!agent) {
+      return accessMap;
+    }
+
+    // Check if user is the author - if so, grant access to all files
+    if (agent.author.toString() === userId) {
+      fileIds.forEach((fileId) => accessMap.set(fileId, true));
+      return accessMap;
+    }
+
+    // Check if agent is shared with the user via projects
+    if (!agent.projectIds || agent.projectIds.length === 0) {
+      return accessMap;
+    }
+
+    // Check if agent is in global project
+    const globalProject = await getProjectByName(Constants.GLOBAL_PROJECT_NAME, '_id');
+    if (
+      !globalProject ||
+      !agent.projectIds.some((pid) => pid.toString() === globalProject._id.toString())
+    ) {
+      return accessMap;
+    }
+
+    // Agent is globally shared - check if it's collaborative
+    if (!agent.isCollaborative) {
+      return accessMap;
+    }
+
+    // Agent is globally shared and collaborative - check which files are actually attached
+    const attachedFileIds = new Set();
+    if (agent.tool_resources) {
+      for (const [_resourceType, resource] of Object.entries(agent.tool_resources)) {
+        if (resource?.file_ids && Array.isArray(resource.file_ids)) {
+          resource.file_ids.forEach((fileId) => attachedFileIds.add(fileId));
+        }
+      }
+    }
+
+    // Grant access only to files that are attached to this agent
+    fileIds.forEach((fileId) => {
+      if (attachedFileIds.has(fileId)) {
+        accessMap.set(fileId, true);
+      }
+    });
+
+    return accessMap;
+  } catch (error) {
+    logger.error('[hasAccessToFilesViaAgent] Error checking file access:', error);
+    return accessMap;
+  }
+};
+
 /**
 * Retrieves files matching a given filter, sorted by the most recently updated.
 * @param {Object} filter - The filter criteria to apply.
 * @param {Object} [_sortOptions] - Optional sort parameters.
 * @param {Object|String} [selectFields={ text: 0 }] - Fields to include/exclude in the query results.
 *                                                   Default excludes the 'text' field.
+ * @param {Object} [options] - Additional options
+ * @param {string} [options.userId] - User ID for access control
+ * @param {string} [options.agentId] - Agent ID that might grant access to files
 * @returns {Promise<Array<MongoFile>>} A promise that resolves to an array of file documents.
 */
-const getFiles = async (filter, _sortOptions, selectFields = { text: 0 }) => {
+const getFiles = async (filter, _sortOptions, selectFields = { text: 0 }, options = {}) => {
  const sortOptions = { updatedAt: -1, ..._sortOptions };
-  return await File.find(filter).select(selectFields).sort(sortOptions).lean();
+  const files = await File.find(filter).select(selectFields).sort(sortOptions).lean();
+
+  // If userId and agentId are provided, filter files based on access
+  if (options.userId && options.agentId) {
+    // Collect file IDs that need access check
+    const filesToCheck = [];
+    const ownedFiles = [];
+
+    for (const file of files) {
+      if (file.user && file.user.toString() === options.userId) {
+        ownedFiles.push(file);
+      } else {
+        filesToCheck.push(file);
+      }
+    }
+
+    if (filesToCheck.length === 0) {
+      return ownedFiles;
+    }
+
+    // Batch check access for all non-owned files
+    const fileIds = filesToCheck.map((f) => f.file_id);
+    const accessMap = await hasAccessToFilesViaAgent(options.userId, fileIds, options.agentId);
+
+    // Filter files based on access
+    const accessibleFiles = filesToCheck.filter((file) => accessMap.get(file.file_id));
+
+    return [...ownedFiles, ...accessibleFiles];
+  }
+
+  return files;
 };

 /**
@@ -32,19 +136,19 @@ const getFiles = async (filter, _sortOptions, selectFields = { text: 0 }) => {
 * @returns {Promise<Array<MongoFile>>} Files that match the criteria
 */
 const getToolFilesByIds = async (fileIds, toolResourceSet) => {
-  if (!fileIds || !fileIds.length) {
+  if (!fileIds || !fileIds.length || !toolResourceSet?.size) {
    return [];
  }

  try {
    const filter = {
      file_id: { $in: fileIds },
+      $or: [],
    };

-    if (toolResourceSet.size) {
-      filter.$or = [];
+    if (toolResourceSet.has(EToolResources.ocr)) {
+      filter.$or.push({ text: { $exists: true, $ne: null }, context: FileContext.agents });
    }
-
    if (toolResourceSet.has(EToolResources.file_search)) {
      filter.$or.push({ embedded: true });
    }
@@ -176,4 +280,5 @@ module.exports = {
  deleteFiles,
  deleteFileByFilter,
  batchUpdateFiles,
+  hasAccessToFilesViaAgent,
 };
--- a/api/models/File.spec.js
+++ b/api/models/File.spec.js
@@ -0,0 +1,264 @@
+const mongoose = require('mongoose');
+const { v4: uuidv4 } = require('uuid');
+const { fileSchema } = require('@librechat/data-schemas');
+const { agentSchema } = require('@librechat/data-schemas');
+const { projectSchema } = require('@librechat/data-schemas');
+const { MongoMemoryServer } = require('mongodb-memory-server');
+const { GLOBAL_PROJECT_NAME } = require('librechat-data-provider').Constants;
+const { getFiles, createFile } = require('./File');
+const { getProjectByName } = require('./Project');
+const { createAgent } = require('./Agent');
+
+let File;
+let Agent;
+let Project;
+
+describe('File Access Control', () => {
+  let mongoServer;
+
+  beforeAll(async () => {
+    mongoServer = await MongoMemoryServer.create();
+    const mongoUri = mongoServer.getUri();
+    File = mongoose.models.File || mongoose.model('File', fileSchema);
+    Agent = mongoose.models.Agent || mongoose.model('Agent', agentSchema);
+    Project = mongoose.models.Project || mongoose.model('Project', projectSchema);
+    await mongoose.connect(mongoUri);
+  });
+
+  afterAll(async () => {
+    await mongoose.disconnect();
+    await mongoServer.stop();
+  });
+
+  beforeEach(async () => {
+    await File.deleteMany({});
+    await Agent.deleteMany({});
+    await Project.deleteMany({});
+  });
+
+  describe('hasAccessToFilesViaAgent', () => {
+    it('should efficiently check access for multiple files at once', async () => {
+      const userId = new mongoose.Types.ObjectId().toString();
+      const authorId = new mongoose.Types.ObjectId().toString();
+      const agentId = uuidv4();
+      const fileIds = [uuidv4(), uuidv4(), uuidv4(), uuidv4()];
+
+      // Create files
+      for (const fileId of fileIds) {
+        await createFile({
+          user: authorId,
+          file_id: fileId,
+          filename: `file-${fileId}.txt`,
+          filepath: `/uploads/${fileId}`,
+        });
+      }
+
+      // Create agent with only first two files attached
+      await createAgent({
+        id: agentId,
+        name: 'Test Agent',
+        author: authorId,
+        model: 'gpt-4',
+        provider: 'openai',
+        isCollaborative: true,
+        tool_resources: {
+          file_search: {
+            file_ids: [fileIds[0], fileIds[1]],
+          },
+        },
+      });
+
+      // Get or create global project
+      const globalProject = await getProjectByName(GLOBAL_PROJECT_NAME, '_id');
+
+      // Share agent globally
+      await Agent.updateOne({ id: agentId }, { $push: { projectIds: globalProject._id } });
+
+      // Check access for all files
+      const { hasAccessToFilesViaAgent } = require('./File');
+      const accessMap = await hasAccessToFilesViaAgent(userId, fileIds, agentId);
+
+      // Should have access only to the first two files
+      expect(accessMap.get(fileIds[0])).toBe(true);
+      expect(accessMap.get(fileIds[1])).toBe(true);
+      expect(accessMap.get(fileIds[2])).toBe(false);
+      expect(accessMap.get(fileIds[3])).toBe(false);
+    });
+
+    it('should grant access to all files when user is the agent author', async () => {
+      const authorId = new mongoose.Types.ObjectId().toString();
+      const agentId = uuidv4();
+      const fileIds = [uuidv4(), uuidv4(), uuidv4()];
+
+      // Create agent
+      await createAgent({
+        id: agentId,
+        name: 'Test Agent',
+        author: authorId,
+        model: 'gpt-4',
+        provider: 'openai',
+        tool_resources: {
+          file_search: {
+            file_ids: [fileIds[0]], // Only one file attached
+          },
+        },
+      });
+
+      // Check access as the author
+      const { hasAccessToFilesViaAgent } = require('./File');
+      const accessMap = await hasAccessToFilesViaAgent(authorId, fileIds, agentId);
+
+      // Author should have access to all files
+      expect(accessMap.get(fileIds[0])).toBe(true);
+      expect(accessMap.get(fileIds[1])).toBe(true);
+      expect(accessMap.get(fileIds[2])).toBe(true);
+    });
+
+    it('should handle non-existent agent gracefully', async () => {
+      const userId = new mongoose.Types.ObjectId().toString();
+      const fileIds = [uuidv4(), uuidv4()];
+
+      const { hasAccessToFilesViaAgent } = require('./File');
+      const accessMap = await hasAccessToFilesViaAgent(userId, fileIds, 'non-existent-agent');
+
+      // Should have no access to any files
+      expect(accessMap.get(fileIds[0])).toBe(false);
+      expect(accessMap.get(fileIds[1])).toBe(false);
+    });
+
+    it('should deny access when agent is not collaborative', async () => {
+      const userId = new mongoose.Types.ObjectId().toString();
+      const authorId = new mongoose.Types.ObjectId().toString();
+      const agentId = uuidv4();
+      const fileIds = [uuidv4(), uuidv4()];
+
+      // Create agent with files but isCollaborative: false
+      await createAgent({
+        id: agentId,
+        name: 'Non-Collaborative Agent',
+        author: authorId,
+        model: 'gpt-4',
+        provider: 'openai',
+        isCollaborative: false,
+        tool_resources: {
+          file_search: {
+            file_ids: fileIds,
+          },
+        },
+      });
+
+      // Get or create global project
+      const globalProject = await getProjectByName(GLOBAL_PROJECT_NAME, '_id');
+
+      // Share agent globally
+      await Agent.updateOne({ id: agentId }, { $push: { projectIds: globalProject._id } });
+
+      // Check access for files
+      const { hasAccessToFilesViaAgent } = require('./File');
+      const accessMap = await hasAccessToFilesViaAgent(userId, fileIds, agentId);
+
+      // Should have no access to any files when isCollaborative is false
+      expect(accessMap.get(fileIds[0])).toBe(false);
+      expect(accessMap.get(fileIds[1])).toBe(false);
+    });
+  });
+
+  describe('getFiles with agent access control', () => {
+    test('should return files owned by user and files accessible through agent', async () => {
+      const authorId = new mongoose.Types.ObjectId();
+      const userId = new mongoose.Types.ObjectId();
+      const agentId = `agent_${uuidv4()}`;
+      const ownedFileId = `file_${uuidv4()}`;
+      const sharedFileId = `file_${uuidv4()}`;
+      const inaccessibleFileId = `file_${uuidv4()}`;
+
+      // Create/get global project using getProjectByName which will upsert
+      const globalProject = await getProjectByName(GLOBAL_PROJECT_NAME);
+
+      // Create agent with shared file
+      await createAgent({
+        id: agentId,
+        name: 'Shared Agent',
+        provider: 'test',
+        model: 'test-model',
+        author: authorId,
+        projectIds: [globalProject._id],
+        isCollaborative: true,
+        tool_resources: {
+          file_search: {
+            file_ids: [sharedFileId],
+          },
+        },
+      });
+
+      // Create files
+      await createFile({
+        file_id: ownedFileId,
+        user: userId,
+        filename: 'owned.txt',
+        filepath: '/uploads/owned.txt',
+        type: 'text/plain',
+        bytes: 100,
+      });
+
+      await createFile({
+        file_id: sharedFileId,
+        user: authorId,
+        filename: 'shared.txt',
+        filepath: '/uploads/shared.txt',
+        type: 'text/plain',
+        bytes: 200,
+        embedded: true,
+      });
+
+      await createFile({
+        file_id: inaccessibleFileId,
+        user: authorId,
+        filename: 'inaccessible.txt',
+        filepath: '/uploads/inaccessible.txt',
+        type: 'text/plain',
+        bytes: 300,
+      });
+
+      // Get files with access control
+      const files = await getFiles(
+        { file_id: { $in: [ownedFileId, sharedFileId, inaccessibleFileId] } },
+        null,
+        { text: 0 },
+        { userId: userId.toString(), agentId },
+      );
+
+      expect(files).toHaveLength(2);
+      expect(files.map((f) => f.file_id)).toContain(ownedFileId);
+      expect(files.map((f) => f.file_id)).toContain(sharedFileId);
+      expect(files.map((f) => f.file_id)).not.toContain(inaccessibleFileId);
+    });
+
+    test('should return all files when no userId/agentId provided', async () => {
+      const userId = new mongoose.Types.ObjectId();
+      const fileId1 = `file_${uuidv4()}`;
+      const fileId2 = `file_${uuidv4()}`;
+
+      await createFile({
+        file_id: fileId1,
+        user: userId,
+        filename: 'file1.txt',
+        filepath: '/uploads/file1.txt',
+        type: 'text/plain',
+        bytes: 100,
+      });
+
+      await createFile({
+        file_id: fileId2,
+        user: new mongoose.Types.ObjectId(),
+        filename: 'file2.txt',
+        filepath: '/uploads/file2.txt',
+        type: 'text/plain',
+        bytes: 200,
+      });
+
+      const files = await getFiles({ file_id: { $in: [fileId1, fileId2] } });
+      expect(files).toHaveLength(2);
+    });
+  });
+});
--- a/api/models/Message.js
+++ b/api/models/Message.js
@@ -1,5 +1,7 @@
 const { z } = require('zod');
 const { logger } = require('@librechat/data-schemas');
+const { createTempChatExpirationDate } = require('@librechat/api');
+const getCustomConfig = require('~/server/services/Config/getCustomConfig');
 const { Message } = require('~/db/models');

 const idSchema = z.string().uuid();
@@ -54,9 +56,14 @@ async function saveMessage(req, params, metadata) {
    };

    if (req?.body?.isTemporary) {
-      const expiredAt = new Date();
-      expiredAt.setDate(expiredAt.getDate() + 30);
-      update.expiredAt = expiredAt;
+      try {
+        const customConfig = await getCustomConfig();
+        update.expiredAt = createTempChatExpirationDate(customConfig);
+      } catch (err) {
+        logger.error('Error creating temporary chat expiration date:', err);
+        logger.info(`---\`saveMessage\` context: ${metadata?.context}`);
+        update.expiredAt = null;
+      }
    } else {
      update.expiredAt = null;
    }
--- a/api/models/Token.js
+++ b/api/models/Token.js
@@ -1,42 +0,0 @@
-const { findToken, updateToken, createToken } = require('~/models');
-const { encryptV2 } = require('~/server/utils/crypto');
-
-/**
- * Handles the OAuth token by creating or updating the token.
- * @param {object} fields
- * @param {string} fields.userId - The user's ID.
- * @param {string} fields.token - The full token to store.
- * @param {string} fields.identifier - Unique, alternative identifier for the token.
- * @param {number} fields.expiresIn - The number of seconds until the token expires.
- * @param {object} fields.metadata - Additional metadata to store with the token.
- * @param {string} [fields.type="oauth"] - The type of token. Default is 'oauth'.
- */
-async function handleOAuthToken({
-  token,
-  userId,
-  identifier,
-  expiresIn,
-  metadata,
-  type = 'oauth',
-}) {
-  const encrypedToken = await encryptV2(token);
-  const tokenData = {
-    type,
-    userId,
-    metadata,
-    identifier,
-    token: encrypedToken,
-    expiresIn: parseInt(expiresIn, 10) || 3600,
-  };
-
-  const existingToken = await findToken({ userId, identifier });
-  if (existingToken) {
-    return await updateToken({ identifier }, tokenData);
-  } else {
-    return await createToken(tokenData);
-  }
-}
-
-module.exports = {
-  handleOAuthToken,
-};
--- a/api/models/inviteUser.js
+++ b/api/models/inviteUser.js
@@ -1,6 +1,6 @@
 const mongoose = require('mongoose');
+const { getRandomValues } = require('@librechat/api');
 const { logger, hashToken } = require('@librechat/data-schemas');
-const { getRandomValues } = require('~/server/utils/crypto');
 const { createToken, findToken } = require('~/models');

 /**
--- a/api/models/tx.js
+++ b/api/models/tx.js
@@ -78,7 +78,7 @@ const tokenValues = Object.assign(
    'gpt-3.5-turbo-1106': { prompt: 1, completion: 2 },
    'o4-mini': { prompt: 1.1, completion: 4.4 },
    'o3-mini': { prompt: 1.1, completion: 4.4 },
-    o3: { prompt: 10, completion: 40 },
+    o3: { prompt: 2, completion: 8 },
    'o1-mini': { prompt: 1.1, completion: 4.4 },
    'o1-preview': { prompt: 15, completion: 60 },
    o1: { prompt: 15, completion: 60 },
@@ -135,10 +135,11 @@ const tokenValues = Object.assign(
    'grok-2-1212': { prompt: 2.0, completion: 10.0 },
    'grok-2-latest': { prompt: 2.0, completion: 10.0 },
    'grok-2': { prompt: 2.0, completion: 10.0 },
-    'grok-3-mini-fast': { prompt: 0.4, completion: 4 },
+    'grok-3-mini-fast': { prompt: 0.6, completion: 4 },
    'grok-3-mini': { prompt: 0.3, completion: 0.5 },
    'grok-3-fast': { prompt: 5.0, completion: 25.0 },
    'grok-3': { prompt: 3.0, completion: 15.0 },
+    'grok-4': { prompt: 3.0, completion: 15.0 },
    'grok-beta': { prompt: 5.0, completion: 15.0 },
    'mistral-large': { prompt: 2.0, completion: 6.0 },
    'pixtral-large': { prompt: 2.0, completion: 6.0 },
--- a/api/models/tx.spec.js
+++ b/api/models/tx.spec.js
@@ -636,6 +636,15 @@ describe('Grok Model Tests - Pricing', () => {
      );
    });

+    test('should return correct prompt and completion rates for Grok 4 model', () => {
+      expect(getMultiplier({ model: 'grok-4-0709', tokenType: 'prompt' })).toBe(
+        tokenValues['grok-4'].prompt,
+      );
+      expect(getMultiplier({ model: 'grok-4-0709', tokenType: 'completion' })).toBe(
+        tokenValues['grok-4'].completion,
+      );
+    });
+
    test('should return correct prompt and completion rates for Grok 3 models with prefixes', () => {
      expect(getMultiplier({ model: 'xai/grok-3', tokenType: 'prompt' })).toBe(
        tokenValues['grok-3'].prompt,
@@ -662,6 +671,15 @@ describe('Grok Model Tests - Pricing', () => {
        tokenValues['grok-3-mini-fast'].completion,
      );
    });
+
+    test('should return correct prompt and completion rates for Grok 4 model with prefixes', () => {
+      expect(getMultiplier({ model: 'xai/grok-4-0709', tokenType: 'prompt' })).toBe(
+        tokenValues['grok-4'].prompt,
+      );
+      expect(getMultiplier({ model: 'xai/grok-4-0709', tokenType: 'completion' })).toBe(
+        tokenValues['grok-4'].completion,
+      );
+    });
  });
 });

--- a/api/package.json
+++ b/api/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@librechat/backend",
-  "version": "v0.7.8",
+  "version": "v0.7.9-rc1",
  "description": "",
  "scripts": {
    "start": "echo 'please run this from the root directory'",
@@ -34,28 +34,27 @@
  },
  "homepage": "https://librechat.ai",
  "dependencies": {
-    "@anthropic-ai/sdk": "^0.37.0",
+    "@anthropic-ai/sdk": "^0.52.0",
    "@aws-sdk/client-s3": "^3.758.0",
    "@aws-sdk/s3-request-presigner": "^3.758.0",
    "@azure/identity": "^4.7.0",
    "@azure/search-documents": "^12.0.0",
    "@azure/storage-blob": "^12.27.0",
-    "@google/generative-ai": "^0.23.0",
+    "@google/generative-ai": "^0.24.0",
    "@googleapis/youtube": "^20.0.0",
    "@keyv/redis": "^4.3.3",
-    "@langchain/community": "^0.3.44",
-    "@langchain/core": "^0.3.57",
-    "@langchain/google-genai": "^0.2.9",
-    "@langchain/google-vertexai": "^0.2.9",
+    "@langchain/community": "^0.3.47",
+    "@langchain/core": "^0.3.60",
+    "@langchain/google-genai": "^0.2.13",
+    "@langchain/google-vertexai": "^0.2.13",
    "@langchain/textsplitters": "^0.1.0",
-    "@librechat/agents": "^2.4.38",
+    "@librechat/agents": "^2.4.59",
    "@librechat/api": "*",
    "@librechat/data-schemas": "*",
    "@node-saml/passport-saml": "^5.0.0",
    "@waylaidwanderer/fetch-event-source": "^3.0.1",
    "axios": "^1.8.2",
    "bcryptjs": "^2.4.3",
-    "cohere-ai": "^7.9.1",
    "compression": "^1.7.4",
    "connect-redis": "^7.1.0",
    "cookie": "^0.7.2",
--- a/api/server/cleanup.js
+++ b/api/server/cleanup.js
@@ -169,9 +169,6 @@ function disposeClient(client) {
      client.isGenerativeModel = null;
    }
    // Properties specific to OpenAIClient
-    if (client.ChatGPTClient) {
-      client.ChatGPTClient = null;
-    }
    if (client.completionsUrl) {
      client.completionsUrl = null;
    }
--- a/api/server/controllers/AskController.js
+++ b/api/server/controllers/AskController.js
@@ -1,282 +0,0 @@
-const { getResponseSender, Constants } = require('librechat-data-provider');
-const {
-  handleAbortError,
-  createAbortController,
-  cleanupAbortController,
-} = require('~/server/middleware');
-const {
-  disposeClient,
-  processReqData,
-  clientRegistry,
-  requestDataMap,
-} = require('~/server/cleanup');
-const { sendMessage, createOnProgress } = require('~/server/utils');
-const { saveMessage } = require('~/models');
-const { logger } = require('~/config');
-
-const AskController = async (req, res, next, initializeClient, addTitle) => {
-  let {
-    text,
-    endpointOption,
-    conversationId,
-    modelDisplayLabel,
-    parentMessageId = null,
-    overrideParentMessageId = null,
-  } = req.body;
-
-  let client = null;
-  let abortKey = null;
-  let cleanupHandlers = [];
-  let clientRef = null;
-
-  logger.debug('[AskController]', {
-    text,
-    conversationId,
-    ...endpointOption,
-    modelsConfig: endpointOption?.modelsConfig ? 'exists' : '',
-  });
-
-  let userMessage = null;
-  let userMessagePromise = null;
-  let promptTokens = null;
-  let userMessageId = null;
-  let responseMessageId = null;
-  let getAbortData = null;
-
-  const sender = getResponseSender({
-    ...endpointOption,
-    model: endpointOption.modelOptions.model,
-    modelDisplayLabel,
-  });
-  const initialConversationId = conversationId;
-  const newConvo = !initialConversationId;
-  const userId = req.user.id;
-
-  let reqDataContext = {
-    userMessage,
-    userMessagePromise,
-    responseMessageId,
-    promptTokens,
-    conversationId,
-    userMessageId,
-  };
-
-  const updateReqData = (data = {}) => {
-    reqDataContext = processReqData(data, reqDataContext);
-    abortKey = reqDataContext.abortKey;
-    userMessage = reqDataContext.userMessage;
-    userMessagePromise = reqDataContext.userMessagePromise;
-    responseMessageId = reqDataContext.responseMessageId;
-    promptTokens = reqDataContext.promptTokens;
-    conversationId = reqDataContext.conversationId;
-    userMessageId = reqDataContext.userMessageId;
-  };
-
-  let { onProgress: progressCallback, getPartialText } = createOnProgress();
-
-  const performCleanup = () => {
-    logger.debug('[AskController] Performing cleanup');
-    if (Array.isArray(cleanupHandlers)) {
-      for (const handler of cleanupHandlers) {
-        try {
-          if (typeof handler === 'function') {
-            handler();
-          }
-        } catch (e) {
-          // Ignore
-        }
-      }
-    }
-
-    if (abortKey) {
-      logger.debug('[AskController] Cleaning up abort controller');
-      cleanupAbortController(abortKey);
-      abortKey = null;
-    }
-
-    if (client) {
-      disposeClient(client);
-      client = null;
-    }
-
-    reqDataContext = null;
-    userMessage = null;
-    userMessagePromise = null;
-    promptTokens = null;
-    getAbortData = null;
-    progressCallback = null;
-    endpointOption = null;
-    cleanupHandlers = null;
-    addTitle = null;
-
-    if (requestDataMap.has(req)) {
-      requestDataMap.delete(req);
-    }
-    logger.debug('[AskController] Cleanup completed');
-  };
-
-  try {
-    ({ client } = await initializeClient({ req, res, endpointOption }));
-    if (clientRegistry && client) {
-      clientRegistry.register(client, { userId }, client);
-    }
-
-    if (client) {
-      requestDataMap.set(req, { client });
-    }
-
-    clientRef = new WeakRef(client);
-
-    getAbortData = () => {
-      const currentClient = clientRef?.deref();
-      const currentText =
-        currentClient?.getStreamText != null ? currentClient.getStreamText() : getPartialText();
-
-      return {
-        sender,
-        conversationId,
-        messageId: reqDataContext.responseMessageId,
-        parentMessageId: overrideParentMessageId ?? userMessageId,
-        text: currentText,
-        userMessage: userMessage,
-        userMessagePromise: userMessagePromise,
-        promptTokens: reqDataContext.promptTokens,
-      };
-    };
-
-    const { onStart, abortController } = createAbortController(
-      req,
-      res,
-      getAbortData,
-      updateReqData,
-    );
-
-    const closeHandler = () => {
-      logger.debug('[AskController] Request closed');
-      if (!abortController || abortController.signal.aborted || abortController.requestCompleted) {
-        return;
-      }
-      abortController.abort();
-      logger.debug('[AskController] Request aborted on close');
-    };
-
-    res.on('close', closeHandler);
-    cleanupHandlers.push(() => {
-      try {
-        res.removeListener('close', closeHandler);
-      } catch (e) {
-        // Ignore
-      }
-    });
-
-    const messageOptions = {
-      user: userId,
-      parentMessageId,
-      conversationId: reqDataContext.conversationId,
-      overrideParentMessageId,
-      getReqData: updateReqData,
-      onStart,
-      abortController,
-      progressCallback,
-      progressOptions: {
-        res,
-      },
-    };
-
-    /** @type {TMessage} */
-    let response = await client.sendMessage(text, messageOptions);
-    response.endpoint = endpointOption.endpoint;
-
-    const databasePromise = response.databasePromise;
-    delete response.databasePromise;
-
-    const { conversation: convoData = {} } = await databasePromise;
-    const conversation = { ...convoData };
-    conversation.title =
-      conversation && !conversation.title ? null : conversation?.title || 'New Chat';
-
-    const latestUserMessage = reqDataContext.userMessage;
-
-    if (client?.options?.attachments && latestUserMessage) {
-      latestUserMessage.files = client.options.attachments;
-      if (endpointOption?.modelOptions?.model) {
-        conversation.model = endpointOption.modelOptions.model;
-      }
-      delete latestUserMessage.image_urls;
-    }
-
-    if (!abortController.signal.aborted) {
-      const finalResponseMessage = { ...response };
-
-      sendMessage(res, {
-        final: true,
-        conversation,
-        title: conversation.title,
-        requestMessage: latestUserMessage,
-        responseMessage: finalResponseMessage,
-      });
-      res.end();
-
-      if (client?.savedMessageIds && !client.savedMessageIds.has(response.messageId)) {
-        await saveMessage(
-          req,
-          { ...finalResponseMessage, user: userId },
-          { context: 'api/server/controllers/AskController.js - response end' },
-        );
-      }
-    }
-
-    if (!client?.skipSaveUserMessage && latestUserMessage) {
-      await saveMessage(req, latestUserMessage, {
-        context: "api/server/controllers/AskController.js - don't skip saving user message",
-      });
-    }
-
-    if (typeof addTitle === 'function' && parentMessageId === Constants.NO_PARENT && newConvo) {
-      addTitle(req, {
-        text,
-        response: { ...response },
-        client,
-      })
-        .then(() => {
-          logger.debug('[AskController] Title generation started');
-        })
-        .catch((err) => {
-          logger.error('[AskController] Error in title generation', err);
-        })
-        .finally(() => {
-          logger.debug('[AskController] Title generation completed');
-          performCleanup();
-        });
-    } else {
-      performCleanup();
-    }
-  } catch (error) {
-    logger.error('[AskController] Error handling request', error);
-    let partialText = '';
-    try {
-      const currentClient = clientRef?.deref();
-      partialText =
-        currentClient?.getStreamText != null ? currentClient.getStreamText() : getPartialText();
-    } catch (getTextError) {
-      logger.error('[AskController] Error calling getText() during error handling', getTextError);
-    }
-
-    handleAbortError(res, req, error, {
-      sender,
-      partialText,
-      conversationId: reqDataContext.conversationId,
-      messageId: reqDataContext.responseMessageId,
-      parentMessageId: overrideParentMessageId ?? reqDataContext.userMessageId ?? parentMessageId,
-      userMessageId: reqDataContext.userMessageId,
-    })
-      .catch((err) => {
-        logger.error('[AskController] Error in `handleAbortError` during catch block', err);
-      })
-      .finally(() => {
-        performCleanup();
-      });
-  }
-};
-
-module.exports = AskController;
--- a/api/server/controllers/AuthController.js
+++ b/api/server/controllers/AuthController.js
@@ -1,17 +1,17 @@
 const cookies = require('cookie');
 const jwt = require('jsonwebtoken');
 const openIdClient = require('openid-client');
+const { isEnabled } = require('@librechat/api');
 const { logger } = require('@librechat/data-schemas');
 const {
-  registerUser,
-  resetPassword,
-  setAuthTokens,
  requestPasswordReset,
  setOpenIDAuthTokens,
+  resetPassword,
+  setAuthTokens,
+  registerUser,
 } = require('~/server/services/AuthService');
 const { findUser, getUserById, deleteAllUserSessions, findSession } = require('~/models');
 const { getOpenIdConfig } = require('~/strategies');
-const { isEnabled } = require('~/server/utils');

 const registrationController = async (req, res) => {
  try {
--- a/api/server/controllers/EditController.js
+++ b/api/server/controllers/EditController.js
@@ -1,3 +1,5 @@
+const { sendEvent } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { getResponseSender } = require('librechat-data-provider');
 const {
  handleAbortError,
@@ -10,9 +12,8 @@ const {
  clientRegistry,
  requestDataMap,
 } = require('~/server/cleanup');
-const { sendMessage, createOnProgress } = require('~/server/utils');
+const { createOnProgress } = require('~/server/utils');
 const { saveMessage } = require('~/models');
-const { logger } = require('~/config');

 const EditController = async (req, res, next, initializeClient) => {
  let {
@@ -84,7 +85,7 @@ const EditController = async (req, res, next, initializeClient) => {
    }

    if (abortKey) {
-      logger.debug('[AskController] Cleaning up abort controller');
+      logger.debug('[EditController] Cleaning up abort controller');
      cleanupAbortController(abortKey);
      abortKey = null;
    }
@@ -198,7 +199,7 @@ const EditController = async (req, res, next, initializeClient) => {
      const finalUserMessage = reqDataContext.userMessage;
      const finalResponseMessage = { ...response };

-      sendMessage(res, {
+      sendEvent(res, {
        final: true,
        conversation,
        title: conversation.title,
--- a/api/server/controllers/ErrorController.js
+++ b/api/server/controllers/ErrorController.js
@@ -24,17 +24,23 @@ const handleValidationError = (err, res) => {
  }
 };

-// eslint-disable-next-line no-unused-vars
-module.exports = (err, req, res, next) => {
+module.exports = (err, _req, res, _next) => {
  try {
    if (err.name === 'ValidationError') {
-      return (err = handleValidationError(err, res));
+      return handleValidationError(err, res);
    }
    if (err.code && err.code == 11000) {
-      return (err = handleDuplicateKeyError(err, res));
+      return handleDuplicateKeyError(err, res);
    }
-  } catch (err) {
+    // Special handling for errors like SyntaxError
+    if (err.statusCode && err.body) {
+      return res.status(err.statusCode).send(err.body);
+    }
+
    logger.error('ErrorController => error', err);
-    res.status(500).send('An unknown error occurred.');
+    return res.status(500).send('An unknown error occurred.');
+  } catch (err) {
+    logger.error('ErrorController => processing error', err);
+    return res.status(500).send('Processing error in ErrorController.');
  }
 };
--- a/api/server/controllers/ErrorController.spec.js
+++ b/api/server/controllers/ErrorController.spec.js
@@ -0,0 +1,241 @@
+const errorController = require('./ErrorController');
+const { logger } = require('~/config');
+
+// Mock the logger
+jest.mock('~/config', () => ({
+  logger: {
+    error: jest.fn(),
+  },
+}));
+
+describe('ErrorController', () => {
+  let mockReq, mockRes, mockNext;
+
+  beforeEach(() => {
+    mockReq = {};
+    mockRes = {
+      status: jest.fn().mockReturnThis(),
+      send: jest.fn(),
+    };
+    mockNext = jest.fn();
+    logger.error.mockClear();
+  });
+
+  describe('ValidationError handling', () => {
+    it('should handle ValidationError with single error', () => {
+      const validationError = {
+        name: 'ValidationError',
+        errors: {
+          email: { message: 'Email is required', path: 'email' },
+        },
+      };
+
+      errorController(validationError, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(400);
+      expect(mockRes.send).toHaveBeenCalledWith({
+        messages: '["Email is required"]',
+        fields: '["email"]',
+      });
+      expect(logger.error).toHaveBeenCalledWith('Validation error:', validationError.errors);
+    });
+
+    it('should handle ValidationError with multiple errors', () => {
+      const validationError = {
+        name: 'ValidationError',
+        errors: {
+          email: { message: 'Email is required', path: 'email' },
+          password: { message: 'Password is required', path: 'password' },
+        },
+      };
+
+      errorController(validationError, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(400);
+      expect(mockRes.send).toHaveBeenCalledWith({
+        messages: '"Email is required Password is required"',
+        fields: '["email","password"]',
+      });
+      expect(logger.error).toHaveBeenCalledWith('Validation error:', validationError.errors);
+    });
+
+    it('should handle ValidationError with empty errors object', () => {
+      const validationError = {
+        name: 'ValidationError',
+        errors: {},
+      };
+
+      errorController(validationError, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(400);
+      expect(mockRes.send).toHaveBeenCalledWith({
+        messages: '[]',
+        fields: '[]',
+      });
+    });
+  });
+
+  describe('Duplicate key error handling', () => {
+    it('should handle duplicate key error (code 11000)', () => {
+      const duplicateKeyError = {
+        code: 11000,
+        keyValue: { email: 'test@example.com' },
+      };
+
+      errorController(duplicateKeyError, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(409);
+      expect(mockRes.send).toHaveBeenCalledWith({
+        messages: 'An document with that ["email"] already exists.',
+        fields: '["email"]',
+      });
+      expect(logger.error).toHaveBeenCalledWith('Duplicate key error:', duplicateKeyError.keyValue);
+    });
+
+    it('should handle duplicate key error with multiple fields', () => {
+      const duplicateKeyError = {
+        code: 11000,
+        keyValue: { email: 'test@example.com', username: 'testuser' },
+      };
+
+      errorController(duplicateKeyError, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(409);
+      expect(mockRes.send).toHaveBeenCalledWith({
+        messages: 'An document with that ["email","username"] already exists.',
+        fields: '["email","username"]',
+      });
+      expect(logger.error).toHaveBeenCalledWith('Duplicate key error:', duplicateKeyError.keyValue);
+    });
+
+    it('should handle error with code 11000 as string', () => {
+      const duplicateKeyError = {
+        code: '11000',
+        keyValue: { email: 'test@example.com' },
+      };
+
+      errorController(duplicateKeyError, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(409);
+      expect(mockRes.send).toHaveBeenCalledWith({
+        messages: 'An document with that ["email"] already exists.',
+        fields: '["email"]',
+      });
+    });
+  });
+
+  describe('SyntaxError handling', () => {
+    it('should handle errors with statusCode and body', () => {
+      const syntaxError = {
+        statusCode: 400,
+        body: 'Invalid JSON syntax',
+      };
+
+      errorController(syntaxError, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(400);
+      expect(mockRes.send).toHaveBeenCalledWith('Invalid JSON syntax');
+    });
+
+    it('should handle errors with different statusCode and body', () => {
+      const customError = {
+        statusCode: 422,
+        body: { error: 'Unprocessable entity' },
+      };
+
+      errorController(customError, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(422);
+      expect(mockRes.send).toHaveBeenCalledWith({ error: 'Unprocessable entity' });
+    });
+
+    it('should handle error with statusCode but no body', () => {
+      const partialError = {
+        statusCode: 400,
+      };
+
+      errorController(partialError, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(500);
+      expect(mockRes.send).toHaveBeenCalledWith('An unknown error occurred.');
+    });
+
+    it('should handle error with body but no statusCode', () => {
+      const partialError = {
+        body: 'Some error message',
+      };
+
+      errorController(partialError, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(500);
+      expect(mockRes.send).toHaveBeenCalledWith('An unknown error occurred.');
+    });
+  });
+
+  describe('Unknown error handling', () => {
+    it('should handle unknown errors', () => {
+      const unknownError = new Error('Some unknown error');
+
+      errorController(unknownError, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(500);
+      expect(mockRes.send).toHaveBeenCalledWith('An unknown error occurred.');
+      expect(logger.error).toHaveBeenCalledWith('ErrorController => error', unknownError);
+    });
+
+    it('should handle errors with code other than 11000', () => {
+      const mongoError = {
+        code: 11100,
+        message: 'Some MongoDB error',
+      };
+
+      errorController(mongoError, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(500);
+      expect(mockRes.send).toHaveBeenCalledWith('An unknown error occurred.');
+      expect(logger.error).toHaveBeenCalledWith('ErrorController => error', mongoError);
+    });
+
+    it('should handle null/undefined errors', () => {
+      errorController(null, mockReq, mockRes, mockNext);
+
+      expect(mockRes.status).toHaveBeenCalledWith(500);
+      expect(mockRes.send).toHaveBeenCalledWith('Processing error in ErrorController.');
+      expect(logger.error).toHaveBeenCalledWith(
+        'ErrorController => processing error',
+        expect.any(Error),
+      );
+    });
+  });
+
+  describe('Catch block handling', () => {
+    beforeEach(() => {
+      // Restore logger mock to normal behavior for these tests
+      logger.error.mockRestore();
+      logger.error = jest.fn();
+    });
+
+    it('should handle errors when logger.error throws', () => {
+      // Create fresh mocks for this test
+      const freshMockRes = {
+        status: jest.fn().mockReturnThis(),
+        send: jest.fn(),
+      };
+
+      // Mock logger to throw on the first call, succeed on the second
+      logger.error
+        .mockImplementationOnce(() => {
+          throw new Error('Logger error');
+        })
+        .mockImplementation(() => {});
+
+      const testError = new Error('Test error');
+
+      errorController(testError, mockReq, freshMockRes, mockNext);
+
+      expect(freshMockRes.status).toHaveBeenCalledWith(500);
+      expect(freshMockRes.send).toHaveBeenCalledWith('Processing error in ErrorController.');
+      expect(logger.error).toHaveBeenCalledTimes(2);
+    });
+  });
+});
--- a/api/server/controllers/PluginController.js
+++ b/api/server/controllers/PluginController.js
@@ -1,8 +1,9 @@
-const { CacheKeys, AuthType } = require('librechat-data-provider');
+const { logger } = require('@librechat/data-schemas');
+const { CacheKeys, AuthType, Constants } = require('librechat-data-provider');
+const { getCustomConfig, getCachedTools } = require('~/server/services/Config');
 const { getToolkitKey } = require('~/server/services/ToolService');
-const { getCustomConfig } = require('~/server/services/Config');
+const { getMCPManager, getFlowStateManager } = require('~/config');
 const { availableTools } = require('~/app/clients/tools');
-const { getMCPManager } = require('~/config');
 const { getLogStores } = require('~/cache');

 /**
@@ -84,6 +85,45 @@ const getAvailablePluginsController = async (req, res) => {
  }
 };

+function createServerToolsCallback() {
+  /**
+   * @param {string} serverName
+   * @param {TPlugin[] | null} serverTools
+   */
+  return async function (serverName, serverTools) {
+    try {
+      const mcpToolsCache = getLogStores(CacheKeys.MCP_TOOLS);
+      if (!serverName || !mcpToolsCache) {
+        return;
+      }
+      await mcpToolsCache.set(serverName, serverTools);
+      logger.debug(`MCP tools for ${serverName} added to cache.`);
+    } catch (error) {
+      logger.error('Error retrieving MCP tools from cache:', error);
+    }
+  };
+}
+
+function createGetServerTools() {
+  /**
+   * Retrieves cached server tools
+   * @param {string} serverName
+   * @returns {Promise<TPlugin[] | null>}
+   */
+  return async function (serverName) {
+    try {
+      const mcpToolsCache = getLogStores(CacheKeys.MCP_TOOLS);
+      if (!mcpToolsCache) {
+        return null;
+      }
+      return await mcpToolsCache.get(serverName);
+    } catch (error) {
+      logger.error('Error retrieving MCP tools from cache:', error);
+      return null;
+    }
+  };
+}
+
 /**
 * Retrieves and returns a list of available tools, either from a cache or by reading a plugin manifest file.
 *
@@ -99,9 +139,9 @@ const getAvailablePluginsController = async (req, res) => {
 const getAvailableTools = async (req, res) => {
  try {
    const cache = getLogStores(CacheKeys.CONFIG_STORE);
-    const cachedTools = await cache.get(CacheKeys.TOOLS);
-    if (cachedTools) {
-      res.status(200).json(cachedTools);
+    const cachedToolsArray = await cache.get(CacheKeys.TOOLS);
+    if (cachedToolsArray) {
+      res.status(200).json(cachedToolsArray);
      return;
    }

@@ -109,7 +149,16 @@ const getAvailableTools = async (req, res) => {
    const customConfig = await getCustomConfig();
    if (customConfig?.mcpServers != null) {
      const mcpManager = getMCPManager();
-      pluginManifest = await mcpManager.loadManifestTools(pluginManifest);
+      const flowsCache = getLogStores(CacheKeys.FLOWS);
+      const flowManager = flowsCache ? getFlowStateManager(flowsCache) : null;
+      const serverToolsCallback = createServerToolsCallback();
+      const getServerTools = createGetServerTools();
+      const mcpTools = await mcpManager.loadManifestTools({
+        flowManager,
+        serverToolsCallback,
+        getServerTools,
+      });
+      pluginManifest = [...mcpTools, ...pluginManifest];
    }

    /** @type {TPlugin[]} */
@@ -123,17 +172,57 @@ const getAvailableTools = async (req, res) => {
      }
    });

-    const toolDefinitions = req.app.locals.availableTools;
-    const tools = authenticatedPlugins.filter(
-      (plugin) =>
-        toolDefinitions[plugin.pluginKey] !== undefined ||
-        (plugin.toolkit === true &&
-          Object.keys(toolDefinitions).some((key) => getToolkitKey(key) === plugin.pluginKey)),
-    );
+    const toolDefinitions = (await getCachedTools({ includeGlobal: true })) || {};

-    await cache.set(CacheKeys.TOOLS, tools);
-    res.status(200).json(tools);
+    const toolsOutput = [];
+    for (const plugin of authenticatedPlugins) {
+      const isToolDefined = toolDefinitions[plugin.pluginKey] !== undefined;
+      const isToolkit =
+        plugin.toolkit === true &&
+        Object.keys(toolDefinitions).some((key) => getToolkitKey(key) === plugin.pluginKey);
+
+      if (!isToolDefined && !isToolkit) {
+        continue;
+      }
+
+      const toolToAdd = { ...plugin };
+
+      if (!plugin.pluginKey.includes(Constants.mcp_delimiter)) {
+        toolsOutput.push(toolToAdd);
+        continue;
+      }
+
+      const parts = plugin.pluginKey.split(Constants.mcp_delimiter);
+      const serverName = parts[parts.length - 1];
+      const serverConfig = customConfig?.mcpServers?.[serverName];
+
+      if (!serverConfig?.customUserVars) {
+        toolsOutput.push(toolToAdd);
+        continue;
+      }
+
+      const customVarKeys = Object.keys(serverConfig.customUserVars);
+
+      if (customVarKeys.length === 0) {
+        toolToAdd.authConfig = [];
+        toolToAdd.authenticated = true;
+      } else {
+        toolToAdd.authConfig = Object.entries(serverConfig.customUserVars).map(([key, value]) => ({
+          authField: key,
+          label: value.title || key,
+          description: value.description || '',
+        }));
+        toolToAdd.authenticated = false;
+      }
+
+      toolsOutput.push(toolToAdd);
+    }
+
+    const finalTools = filterUniquePlugins(toolsOutput);
+    await cache.set(CacheKeys.TOOLS, finalTools);
+    res.status(200).json(finalTools);
  } catch (error) {
+    logger.error('[getAvailableTools]', error);
    res.status(500).json({ message: error.message });
  }
 };
--- a/api/server/controllers/TwoFactorController.js
+++ b/api/server/controllers/TwoFactorController.js
@@ -1,3 +1,4 @@
+const { encryptV3 } = require('@librechat/api');
 const { logger } = require('@librechat/data-schemas');
 const {
  verifyTOTP,
@@ -7,7 +8,6 @@ const {
  generateBackupCodes,
 } = require('~/server/services/twoFactorService');
 const { getUserById, updateUser } = require('~/models');
-const { encryptV3 } = require('~/server/utils/crypto');

 const safeAppTitle = (process.env.APP_TITLE || 'LibreChat').replace(/\s+/g, '');

--- a/api/server/controllers/UserController.js
+++ b/api/server/controllers/UserController.js
@@ -1,5 +1,6 @@
 const {
  Tools,
+  Constants,
  FileSources,
  webSearchKeys,
  extractWebSearchEnvVars,
@@ -23,6 +24,7 @@ const { processDeleteRequest } = require('~/server/services/Files/process');
 const { Transaction, Balance, User } = require('~/db/models');
 const { deleteToolCalls } = require('~/models/ToolCall');
 const { deleteAllSharedLinks } = require('~/models');
+const { getMCPManager } = require('~/config');

 const getUserController = async (req, res) => {
  /** @type {MongoUser} */
@@ -102,10 +104,22 @@ const updateUserPluginsController = async (req, res) => {
    }

    let keys = Object.keys(auth);
-    if (keys.length === 0 && pluginKey !== Tools.web_search) {
+    const values = Object.values(auth); // Used in 'install' block
+
+    const isMCPTool = pluginKey.startsWith('mcp_') || pluginKey.includes(Constants.mcp_delimiter);
+
+    // Early exit condition:
+    // If keys are empty (meaning auth: {} was likely sent for uninstall, or auth was empty for install)
+    // AND it's not web_search (which has special key handling to populate `keys` for uninstall)
+    // AND it's NOT (an uninstall action FOR an MCP tool - we need to proceed for this case to clear all its auth)
+    // THEN return.
+    if (
+      keys.length === 0 &&
+      pluginKey !== Tools.web_search &&
+      !(action === 'uninstall' && isMCPTool)
+    ) {
      return res.status(200).send();
    }
-    const values = Object.values(auth);

    /** @type {number} */
    let status = 200;
@@ -132,16 +146,53 @@ const updateUserPluginsController = async (req, res) => {
        }
      }
    } else if (action === 'uninstall') {
-      for (let i = 0; i < keys.length; i++) {
-        authService = await deleteUserPluginAuth(user.id, keys[i]);
+      // const isMCPTool was defined earlier
+      if (isMCPTool && keys.length === 0) {
+        // This handles the case where auth: {} is sent for an MCP tool uninstall.
+        // It means "delete all credentials associated with this MCP pluginKey".
+        authService = await deleteUserPluginAuth(user.id, null, true, pluginKey);
        if (authService instanceof Error) {
-          logger.error('[authService]', authService);
+          logger.error(
+            `[authService] Error deleting all auth for MCP tool ${pluginKey}:`,
+            authService,
+          );
          ({ status, message } = authService);
        }
+      } else {
+        // This handles:
+        // 1. Web_search uninstall (keys will be populated with all webSearchKeys if auth was {}).
+        // 2. Other tools uninstall (if keys were provided).
+        // 3. MCP tool uninstall if specific keys were provided in `auth` (not current frontend behavior).
+        // If keys is empty for non-MCP tools (and not web_search), this loop won't run, and nothing is deleted.
+        for (let i = 0; i < keys.length; i++) {
+          authService = await deleteUserPluginAuth(user.id, keys[i]); // Deletes by authField name
+          if (authService instanceof Error) {
+            logger.error('[authService] Error deleting specific auth key:', authService);
+            ({ status, message } = authService);
+          }
+        }
      }
    }

    if (status === 200) {
+      // If auth was updated successfully, disconnect MCP sessions as they might use these credentials
+      if (pluginKey.startsWith(Constants.mcp_prefix)) {
+        try {
+          const mcpManager = getMCPManager(user.id);
+          if (mcpManager) {
+            logger.info(
+              `[updateUserPluginsController] Disconnecting MCP connections for user ${user.id} after plugin auth update for ${pluginKey}.`,
+            );
+            await mcpManager.disconnectUserConnections(user.id);
+          }
+        } catch (disconnectError) {
+          logger.error(
+            `[updateUserPluginsController] Error disconnecting MCP connections for user ${user.id} after plugin auth update:`,
+            disconnectError,
+          );
+          // Do not fail the request for this, but log it.
+        }
+      }
      return res.status(status).send();
    }

--- a/api/server/controllers/agents/tests/v1.spec.js
+++ b/api/server/controllers/agents/tests/v1.spec.js
@@ -0,0 +1,195 @@
+const { duplicateAgent } = require('../v1');
+const { getAgent, createAgent } = require('~/models/Agent');
+const { getActions } = require('~/models/Action');
+const { nanoid } = require('nanoid');
+
+jest.mock('~/models/Agent');
+jest.mock('~/models/Action');
+jest.mock('nanoid');
+
+describe('duplicateAgent', () => {
+  let req, res;
+
+  beforeEach(() => {
+    req = {
+      params: { id: 'agent_123' },
+      user: { id: 'user_456' },
+    };
+    res = {
+      status: jest.fn().mockReturnThis(),
+      json: jest.fn(),
+    };
+    jest.clearAllMocks();
+  });
+
+  it('should duplicate an agent successfully', async () => {
+    const mockAgent = {
+      id: 'agent_123',
+      name: 'Test Agent',
+      description: 'Test Description',
+      instructions: 'Test Instructions',
+      provider: 'openai',
+      model: 'gpt-4',
+      tools: ['file_search'],
+      actions: [],
+      author: 'user_789',
+      versions: [{ name: 'Test Agent', version: 1 }],
+      __v: 0,
+    };
+
+    const mockNewAgent = {
+      id: 'agent_new_123',
+      name: 'Test Agent (1/2/23, 12:34)',
+      description: 'Test Description',
+      instructions: 'Test Instructions',
+      provider: 'openai',
+      model: 'gpt-4',
+      tools: ['file_search'],
+      actions: [],
+      author: 'user_456',
+      versions: [
+        {
+          name: 'Test Agent (1/2/23, 12:34)',
+          description: 'Test Description',
+          instructions: 'Test Instructions',
+          provider: 'openai',
+          model: 'gpt-4',
+          tools: ['file_search'],
+          actions: [],
+          createdAt: new Date(),
+          updatedAt: new Date(),
+        },
+      ],
+    };
+
+    getAgent.mockResolvedValue(mockAgent);
+    getActions.mockResolvedValue([]);
+    nanoid.mockReturnValue('new_123');
+    createAgent.mockResolvedValue(mockNewAgent);
+
+    await duplicateAgent(req, res);
+
+    expect(getAgent).toHaveBeenCalledWith({ id: 'agent_123' });
+    expect(getActions).toHaveBeenCalledWith({ agent_id: 'agent_123' }, true);
+    expect(createAgent).toHaveBeenCalledWith(
+      expect.objectContaining({
+        id: 'agent_new_123',
+        author: 'user_456',
+        name: expect.stringContaining('Test Agent ('),
+        description: 'Test Description',
+        instructions: 'Test Instructions',
+        provider: 'openai',
+        model: 'gpt-4',
+        tools: ['file_search'],
+        actions: [],
+      }),
+    );
+
+    expect(createAgent).toHaveBeenCalledWith(
+      expect.not.objectContaining({
+        versions: expect.anything(),
+        __v: expect.anything(),
+      }),
+    );
+
+    expect(res.status).toHaveBeenCalledWith(201);
+    expect(res.json).toHaveBeenCalledWith({
+      agent: mockNewAgent,
+      actions: [],
+    });
+  });
+
+  it('should ensure duplicated agent has clean versions array without nested fields', async () => {
+    const mockAgent = {
+      id: 'agent_123',
+      name: 'Test Agent',
+      description: 'Test Description',
+      versions: [
+        {
+          name: 'Test Agent',
+          versions: [{ name: 'Nested' }],
+          __v: 1,
+        },
+      ],
+      __v: 2,
+    };
+
+    const mockNewAgent = {
+      id: 'agent_new_123',
+      name: 'Test Agent (1/2/23, 12:34)',
+      description: 'Test Description',
+      versions: [
+        {
+          name: 'Test Agent (1/2/23, 12:34)',
+          description: 'Test Description',
+          createdAt: new Date(),
+          updatedAt: new Date(),
+        },
+      ],
+    };
+
+    getAgent.mockResolvedValue(mockAgent);
+    getActions.mockResolvedValue([]);
+    nanoid.mockReturnValue('new_123');
+    createAgent.mockResolvedValue(mockNewAgent);
+
+    await duplicateAgent(req, res);
+
+    expect(mockNewAgent.versions).toHaveLength(1);
+
+    const firstVersion = mockNewAgent.versions[0];
+    expect(firstVersion).not.toHaveProperty('versions');
+    expect(firstVersion).not.toHaveProperty('__v');
+
+    expect(mockNewAgent).not.toHaveProperty('__v');
+
+    expect(res.status).toHaveBeenCalledWith(201);
+  });
+
+  it('should return 404 if agent not found', async () => {
+    getAgent.mockResolvedValue(null);
+
+    await duplicateAgent(req, res);
+
+    expect(res.status).toHaveBeenCalledWith(404);
+    expect(res.json).toHaveBeenCalledWith({
+      error: 'Agent not found',
+      status: 'error',
+    });
+  });
+
+  it('should handle tool_resources.ocr correctly', async () => {
+    const mockAgent = {
+      id: 'agent_123',
+      name: 'Test Agent',
+      tool_resources: {
+        ocr: { enabled: true, config: 'test' },
+        other: { should: 'not be copied' },
+      },
+    };
+
+    getAgent.mockResolvedValue(mockAgent);
+    getActions.mockResolvedValue([]);
+    nanoid.mockReturnValue('new_123');
+    createAgent.mockResolvedValue({ id: 'agent_new_123' });
+
+    await duplicateAgent(req, res);
+
+    expect(createAgent).toHaveBeenCalledWith(
+      expect.objectContaining({
+        tool_resources: {
+          ocr: { enabled: true, config: 'test' },
+        },
+      }),
+    );
+  });
+
+  it('should handle errors gracefully', async () => {
+    getAgent.mockRejectedValue(new Error('Database error'));
+
+    await duplicateAgent(req, res);
+
+    expect(res.status).toHaveBeenCalledWith(500);
+    expect(res.json).toHaveBeenCalledWith({ error: 'Database error' });
+  });
+});
--- a/api/server/controllers/agents/client.js
+++ b/api/server/controllers/agents/client.js
@@ -1,14 +1,18 @@
 require('events').EventEmitter.defaultMaxListeners = 100;
 const { logger } = require('@librechat/data-schemas');
+const { DynamicStructuredTool } = require('@langchain/core/tools');
+const { getBufferString, HumanMessage } = require('@langchain/core/messages');
 const {
  sendEvent,
  createRun,
  Tokenizer,
+  checkAccess,
  memoryInstructions,
  createMemoryProcessor,
 } = require('@librechat/api');
 const {
  Callback,
+  Providers,
  GraphEvents,
  formatMessage,
  formatAgentMessages,
@@ -29,20 +33,35 @@ const {
  bedrockInputSchema,
  removeNullishValues,
 } = require('librechat-data-provider');
-const { DynamicStructuredTool } = require('@langchain/core/tools');
-const { getBufferString, HumanMessage } = require('@langchain/core/messages');
-const { getCustomEndpointConfig, checkCapability } = require('~/server/services/Config');
+const {
+  findPluginAuthsByKeys,
+  getFormattedMemories,
+  deleteMemory,
+  setMemory,
+} = require('~/models');
+const { getMCPAuthMap, checkCapability, hasCustomUserVars } = require('~/server/services/Config');
 const { addCacheControl, createContextHandlers } = require('~/app/clients/prompts');
 const { initializeAgent } = require('~/server/services/Endpoints/agents/agent');
 const { spendTokens, spendStructuredTokens } = require('~/models/spendTokens');
-const { setMemory, deleteMemory, getFormattedMemories } = require('~/models');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
-const initOpenAI = require('~/server/services/Endpoints/openAI/initialize');
-const { checkAccess } = require('~/server/middleware/roles/access');
+const { getProviderConfig } = require('~/server/services/Endpoints');
 const BaseClient = require('~/app/clients/BaseClient');
+const { getRoleByName } = require('~/models/Role');
 const { loadAgent } = require('~/models/Agent');
 const { getMCPManager } = require('~/config');

+const omitTitleOptions = new Set([
+  'stream',
+  'thinking',
+  'streaming',
+  'clientOptions',
+  'thinkingConfig',
+  'thinkingBudget',
+  'includeThoughts',
+  'maxOutputTokens',
+  'additionalModelRequestFields',
+]);
+
 /**
 * @param {ServerRequest} req
 * @param {Agent} agent
@@ -389,7 +408,12 @@ class AgentClient extends BaseClient {
    if (user.personalization?.memories === false) {
      return;
    }
-    const hasAccess = await checkAccess(user, PermissionTypes.MEMORIES, [Permissions.USE]);
+    const hasAccess = await checkAccess({
+      user,
+      permissionType: PermissionTypes.MEMORIES,
+      permissions: [Permissions.USE],
+      getRoleByName,
+    });

    if (!hasAccess) {
      logger.debug(
@@ -507,7 +531,10 @@ class AgentClient extends BaseClient {
          messagesToProcess = [...messages.slice(-messageWindowSize)];
        }
      }
-      return await this.processMemory(messagesToProcess);
+
+      const bufferString = getBufferString(messagesToProcess);
+      const bufferMessage = new HumanMessage(`# Current Chat:\n\n${bufferString}`);
+      return await this.processMemory([bufferMessage]);
    } catch (error) {
      logger.error('Memory Agent failed to process memory', error);
    }
@@ -673,7 +700,7 @@ class AgentClient extends BaseClient {
          hide_sequential_outputs: this.options.agent.hide_sequential_outputs,
          user: this.options.req.user,
        },
-        recursionLimit: agentsEConfig?.recursionLimit,
+        recursionLimit: agentsEConfig?.recursionLimit ?? 25,
        signal: abortController.signal,
        streamMode: 'values',
        version: 'v2',
@@ -798,6 +825,21 @@ class AgentClient extends BaseClient {
          run.Graph.contentData = contentData;
        }

+        try {
+          if (await hasCustomUserVars()) {
+            config.configurable.userMCPAuthMap = await getMCPAuthMap({
+              tools: agent.tools,
+              userId: this.options.req.user.id,
+              findPluginAuthsByKeys,
+            });
+          }
+        } catch (err) {
+          logger.error(
+            `[api/server/controllers/agents/client.js #chatCompletion] Error getting custom user vars for agent ${agent.id}`,
+            err,
+          );
+        }
+
        await run.processStream({ messages }, config, {
          keepContent: i !== 0,
          tokenCounter: createTokenCounter(this.getEncoding()),
@@ -963,23 +1005,26 @@ class AgentClient extends BaseClient {
      throw new Error('Run not initialized');
    }
    const { handleLLMEnd, collected: collectedMetadata } = createMetadataAggregator();
-    const endpoint = this.options.agent.endpoint;
-    const { req, res } = this.options;
+    const { req, res, agent } = this.options;
+    const endpoint = agent.endpoint;
+
    /** @type {import('@librechat/agents').ClientOptions} */
    let clientOptions = {
      maxTokens: 75,
+      model: agent.model_parameters.model,
    };
-    let endpointConfig = req.app.locals[endpoint];
+
+    const { getOptions, overrideProvider, customEndpointConfig } =
+      await getProviderConfig(endpoint);
+
+    /** @type {TEndpoint | undefined} */
+    const endpointConfig = req.app.locals[endpoint] ?? customEndpointConfig;
    if (!endpointConfig) {
-      try {
-        endpointConfig = await getCustomEndpointConfig(endpoint);
-      } catch (err) {
-        logger.error(
-          '[api/server/controllers/agents/client.js #titleConvo] Error getting custom endpoint config',
-          err,
-        );
-      }
+      logger.warn(
+        '[api/server/controllers/agents/client.js #titleConvo] Error getting endpoint config',
+      );
    }
+
    if (
      endpointConfig &&
      endpointConfig.titleModel &&
@@ -987,30 +1032,56 @@ class AgentClient extends BaseClient {
    ) {
      clientOptions.model = endpointConfig.titleModel;
    }
+
+    const options = await getOptions({
+      req,
+      res,
+      optionsOnly: true,
+      overrideEndpoint: endpoint,
+      overrideModel: clientOptions.model,
+      endpointOption: { model_parameters: clientOptions },
+    });
+
+    let provider = options.provider ?? overrideProvider ?? agent.provider;
    if (
      endpoint === EModelEndpoint.azureOpenAI &&
-      clientOptions.model &&
-      this.options.agent.model_parameters.model !== clientOptions.model
+      options.llmConfig?.azureOpenAIApiInstanceName == null
    ) {
-      clientOptions =
-        (
-          await initOpenAI({
-            req,
-            res,
-            optionsOnly: true,
-            overrideModel: clientOptions.model,
-            overrideEndpoint: endpoint,
-            endpointOption: {
-              model_parameters: clientOptions,
-            },
-          })
-        )?.llmConfig ?? clientOptions;
+      provider = Providers.OPENAI;
+    } else if (
+      endpoint === EModelEndpoint.azureOpenAI &&
+      options.llmConfig?.azureOpenAIApiInstanceName != null &&
+      provider !== Providers.AZURE
+    ) {
+      provider = Providers.AZURE;
    }
-    if (/\b(o\d)\b/i.test(clientOptions.model) && clientOptions.maxTokens != null) {
+
+    /** @type {import('@librechat/agents').ClientOptions} */
+    clientOptions = { ...options.llmConfig };
+    if (options.configOptions) {
+      clientOptions.configuration = options.configOptions;
+    }
+
+    // Ensure maxTokens is set for non-o1 models
+    if (!/\b(o\d)\b/i.test(clientOptions.model) && !clientOptions.maxTokens) {
+      clientOptions.maxTokens = 75;
+    } else if (/\b(o\d)\b/i.test(clientOptions.model) && clientOptions.maxTokens != null) {
      delete clientOptions.maxTokens;
    }
+
+    clientOptions = Object.assign(
+      Object.fromEntries(
+        Object.entries(clientOptions).filter(([key]) => !omitTitleOptions.has(key)),
+      ),
+    );
+
+    if (provider === Providers.GOOGLE) {
+      clientOptions.json = true;
+    }
+
    try {
      const titleResult = await this.run.generateTitle({
+        provider,
        inputText: text,
        contentParts: this.contentParts,
        clientOptions,
@@ -1028,8 +1099,10 @@ class AgentClient extends BaseClient {
        let input_tokens, output_tokens;

        if (item.usage) {
-          input_tokens = item.usage.input_tokens || item.usage.inputTokens;
-          output_tokens = item.usage.output_tokens || item.usage.outputTokens;
+          input_tokens =
+            item.usage.prompt_tokens || item.usage.input_tokens || item.usage.inputTokens;
+          output_tokens =
+            item.usage.completion_tokens || item.usage.output_tokens || item.usage.outputTokens;
        } else if (item.tokenUsage) {
          input_tokens = item.tokenUsage.promptTokens;
          output_tokens = item.tokenUsage.completionTokens;
--- a/api/server/controllers/agents/errors.js
+++ b/api/server/controllers/agents/errors.js
@@ -1,10 +1,10 @@
 // errorHandler.js
-const { logger } = require('~/config');
-const getLogStores = require('~/cache/getLogStores');
+const { logger } = require('@librechat/data-schemas');
 const { CacheKeys, ViolationTypes } = require('librechat-data-provider');
+const { sendResponse } = require('~/server/middleware/error');
 const { recordUsage } = require('~/server/services/Threads');
 const { getConvo } = require('~/models/Conversation');
-const { sendResponse } = require('~/server/utils');
+const getLogStores = require('~/cache/getLogStores');

 /**
 * @typedef {Object} ErrorHandlerContext
@@ -75,7 +75,7 @@ const createErrorHandler = ({ req, res, getContext, originPath = '/assistants/ch
    } else if (/Files.*are invalid/.test(error.message)) {
      const errorMessage = `Files are invalid, or may not have uploaded yet.${
        endpoint === 'azureAssistants'
-          ? ' If using Azure OpenAI, files are only available in the region of the assistant\'s model at the time of upload.'
+          ? " If using Azure OpenAI, files are only available in the region of the assistant's model at the time of upload."
          : ''
      }`;
      return sendResponse(req, res, messageData, errorMessage);
--- a/api/server/controllers/agents/llm.js
+++ b/api/server/controllers/agents/llm.js
@@ -1,106 +0,0 @@
-const { HttpsProxyAgent } = require('https-proxy-agent');
-const { resolveHeaders } = require('librechat-data-provider');
-const { createLLM } = require('~/app/clients/llm');
-
-/**
- * Initializes and returns a Language Learning Model (LLM) instance.
- *
- * @param {Object} options - Configuration options for the LLM.
- * @param {string} options.model - The model identifier.
- * @param {string} options.modelName - The specific name of the model.
- * @param {number} options.temperature - The temperature setting for the model.
- * @param {number} options.presence_penalty - The presence penalty for the model.
- * @param {number} options.frequency_penalty - The frequency penalty for the model.
- * @param {number} options.max_tokens - The maximum number of tokens for the model output.
- * @param {boolean} options.streaming - Whether to use streaming for the model output.
- * @param {Object} options.context - The context for the conversation.
- * @param {number} options.tokenBuffer - The token buffer size.
- * @param {number} options.initialMessageCount - The initial message count.
- * @param {string} options.conversationId - The ID of the conversation.
- * @param {string} options.user - The user identifier.
- * @param {string} options.langchainProxy - The langchain proxy URL.
- * @param {boolean} options.useOpenRouter - Whether to use OpenRouter.
- * @param {Object} options.options - Additional options.
- * @param {Object} options.options.headers - Custom headers for the request.
- * @param {string} options.options.proxy - Proxy URL.
- * @param {Object} options.options.req - The request object.
- * @param {Object} options.options.res - The response object.
- * @param {boolean} options.options.debug - Whether to enable debug mode.
- * @param {string} options.apiKey - The API key for authentication.
- * @param {Object} options.azure - Azure-specific configuration.
- * @param {Object} options.abortController - The AbortController instance.
- * @returns {Object} The initialized LLM instance.
- */
-function initializeLLM(options) {
-  const {
-    model,
-    modelName,
-    temperature,
-    presence_penalty,
-    frequency_penalty,
-    max_tokens,
-    streaming,
-    user,
-    langchainProxy,
-    useOpenRouter,
-    options: { headers, proxy },
-    apiKey,
-    azure,
-  } = options;
-
-  const modelOptions = {
-    modelName: modelName || model,
-    temperature,
-    presence_penalty,
-    frequency_penalty,
-    user,
-  };
-
-  if (max_tokens) {
-    modelOptions.max_tokens = max_tokens;
-  }
-
-  const configOptions = {};
-
-  if (langchainProxy) {
-    configOptions.basePath = langchainProxy;
-  }
-
-  if (useOpenRouter) {
-    configOptions.basePath = 'https://openrouter.ai/api/v1';
-    configOptions.baseOptions = {
-      headers: {
-        'HTTP-Referer': 'https://librechat.ai',
-        'X-Title': 'LibreChat',
-      },
-    };
-  }
-
-  if (headers && typeof headers === 'object' && !Array.isArray(headers)) {
-    configOptions.baseOptions = {
-      headers: resolveHeaders({
-        ...headers,
-        ...configOptions?.baseOptions?.headers,
-      }),
-    };
-  }
-
-  if (proxy) {
-    configOptions.httpAgent = new HttpsProxyAgent(proxy);
-    configOptions.httpsAgent = new HttpsProxyAgent(proxy);
-  }
-
-  const llm = createLLM({
-    modelOptions,
-    configOptions,
-    openAIApiKey: apiKey,
-    azure,
-    streaming,
-  });
-
-  return llm;
-}
-
-module.exports = {
-  initializeLLM,
-};
--- a/api/server/controllers/agents/request.js
+++ b/api/server/controllers/agents/request.js
@@ -1,3 +1,5 @@
+const { sendEvent } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { Constants } = require('librechat-data-provider');
 const {
  handleAbortError,
@@ -5,17 +7,18 @@ const {
  cleanupAbortController,
 } = require('~/server/middleware');
 const { disposeClient, clientRegistry, requestDataMap } = require('~/server/cleanup');
-const { sendMessage } = require('~/server/utils');
 const { saveMessage } = require('~/models');
-const { logger } = require('~/config');

 const AgentController = async (req, res, next, initializeClient, addTitle) => {
  let {
    text,
    endpointOption,
    conversationId,
+    isContinued = false,
+    editedContent = null,
    parentMessageId = null,
    overrideParentMessageId = null,
+    responseMessageId: editedResponseMessageId = null,
  } = req.body;

  let sender;
@@ -67,7 +70,7 @@ const AgentController = async (req, res, next, initializeClient, addTitle) => {
            handler();
          }
        } catch (e) {
-          // Ignore cleanup errors
+          logger.error('[AgentController] Error in cleanup handler', e);
        }
      }
    }
@@ -155,7 +158,7 @@ const AgentController = async (req, res, next, initializeClient, addTitle) => {
      try {
        res.removeListener('close', closeHandler);
      } catch (e) {
-        // Ignore
+        logger.error('[AgentController] Error removing close listener', e);
      }
    });

@@ -163,10 +166,14 @@ const AgentController = async (req, res, next, initializeClient, addTitle) => {
      user: userId,
      onStart,
      getReqData,
+      isContinued,
+      editedContent,
      conversationId,
      parentMessageId,
      abortController,
      overrideParentMessageId,
+      isEdited: !!editedContent,
+      responseMessageId: editedResponseMessageId,
      progressOptions: {
        res,
      },
@@ -206,7 +213,7 @@ const AgentController = async (req, res, next, initializeClient, addTitle) => {
      // Create a new response object with minimal copies
      const finalResponse = { ...response };

-      sendMessage(res, {
+      sendEvent(res, {
        final: true,
        conversation,
        title: conversation.title,
--- a/api/server/controllers/agents/v1.js
+++ b/api/server/controllers/agents/v1.js
@@ -1,13 +1,16 @@
+const { z } = require('zod');
 const fs = require('fs').promises;
 const { nanoid } = require('nanoid');
+const { logger } = require('@librechat/data-schemas');
+const { agentCreateSchema, agentUpdateSchema } = require('@librechat/api');
 const {
  Tools,
  Constants,
-  FileContext,
  FileSources,
  SystemRoles,
  EToolResources,
  actionDelimiter,
+  removeNullishValues,
 } = require('librechat-data-provider');
 const {
  getAgent,
@@ -16,20 +19,21 @@ const {
  deleteAgent,
  getListAgents,
 } = require('~/models/Agent');
-const { uploadImageBuffer, filterFile } = require('~/server/services/Files/process');
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
 const { resizeAvatar } = require('~/server/services/Files/images/avatar');
 const { refreshS3Url } = require('~/server/services/Files/S3/crud');
+const { filterFile } = require('~/server/services/Files/process');
 const { updateAction, getActions } = require('~/models/Action');
+const { getCachedTools } = require('~/server/services/Config');
 const { updateAgentProjects } = require('~/models/Agent');
 const { getProjectByName } = require('~/models/Project');
-const { deleteFileByFilter } = require('~/models/File');
 const { revertAgentVersion } = require('~/models/Agent');
-const { logger } = require('~/config');
+const { deleteFileByFilter } = require('~/models/File');

 const systemTools = {
  [Tools.execute_code]: true,
  [Tools.file_search]: true,
+  [Tools.web_search]: true,
 };

 /**
@@ -42,13 +46,18 @@ const systemTools = {
 */
 const createAgentHandler = async (req, res) => {
  try {
-    const { tools = [], provider, name, description, instructions, model, ...agentData } = req.body;
+    const validatedData = agentCreateSchema.parse(req.body);
+    const { tools = [], ...agentData } = removeNullishValues(validatedData);
+
    const { id: userId } = req.user;

+    agentData.id = `agent_${nanoid()}`;
+    agentData.author = userId;
    agentData.tools = [];

+    const availableTools = await getCachedTools({ includeGlobal: true });
    for (const tool of tools) {
-      if (req.app.locals.availableTools[tool]) {
+      if (availableTools[tool]) {
        agentData.tools.push(tool);
      }

@@ -57,19 +66,13 @@ const createAgentHandler = async (req, res) => {
      }
    }

-    Object.assign(agentData, {
-      author: userId,
-      name,
-      description,
-      instructions,
-      provider,
-      model,
-    });
-
-    agentData.id = `agent_${nanoid()}`;
    const agent = await createAgent(agentData);
    res.status(201).json(agent);
  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.error('[/Agents] Validation error', error.errors);
+      return res.status(400).json({ error: 'Invalid request data', details: error.errors });
+    }
    logger.error('[/Agents] Error creating agent', error);
    res.status(500).json({ error: error.message });
  }
@@ -153,14 +156,16 @@ const getAgentHandler = async (req, res) => {
 const updateAgentHandler = async (req, res) => {
  try {
    const id = req.params.id;
-    const { projectIds, removeProjectIds, ...updateData } = req.body;
+    const validatedData = agentUpdateSchema.parse(req.body);
+    const { projectIds, removeProjectIds, ...updateData } = removeNullishValues(validatedData);
    const isAdmin = req.user.role === SystemRoles.ADMIN;
    const existingAgent = await getAgent({ id });
-    const isAuthor = existingAgent.author.toString() === req.user.id;

    if (!existingAgent) {
      return res.status(404).json({ error: 'Agent not found' });
    }
+
+    const isAuthor = existingAgent.author.toString() === req.user.id;
    const hasEditPermission = existingAgent.isCollaborative || isAdmin || isAuthor;

    if (!hasEditPermission) {
@@ -199,6 +204,11 @@ const updateAgentHandler = async (req, res) => {

    return res.json(updatedAgent);
  } catch (error) {
+    if (error instanceof z.ZodError) {
+      logger.error('[/Agents/:id] Validation error', error.errors);
+      return res.status(400).json({ error: 'Invalid request data', details: error.errors });
+    }
+
    logger.error('[/Agents/:id] Error updating Agent', error);

    if (error.statusCode === 409) {
@@ -241,6 +251,8 @@ const duplicateAgentHandler = async (req, res) => {
      createdAt: _createdAt,
      updatedAt: _updatedAt,
      tool_resources: _tool_resources = {},
+      versions: _versions,
+      __v: _v,
      ...cloneData
    } = agent;
    cloneData.name = `${agent.name} (${new Date().toLocaleString('en-US', {
@@ -379,6 +391,22 @@ const uploadAgentAvatarHandler = async (req, res) => {
      return res.status(400).json({ message: 'Agent ID is required' });
    }

+    const isAdmin = req.user.role === SystemRoles.ADMIN;
+    const existingAgent = await getAgent({ id: agent_id });
+
+    if (!existingAgent) {
+      return res.status(404).json({ error: 'Agent not found' });
+    }
+
+    const isAuthor = existingAgent.author.toString() === req.user.id;
+    const hasEditPermission = existingAgent.isCollaborative || isAdmin || isAuthor;
+
+    if (!hasEditPermission) {
+      return res.status(403).json({
+        error: 'You do not have permission to modify this non-collaborative agent',
+      });
+    }
+
    const buffer = await fs.readFile(req.file.path);

    const fileStrategy = req.app.locals.fileStrategy;
@@ -401,14 +429,7 @@ const uploadAgentAvatarHandler = async (req, res) => {
      source: fileStrategy,
    };

-    let _avatar;
-    try {
-      const agent = await getAgent({ id: agent_id });
-      _avatar = agent.avatar;
-    } catch (error) {
-      logger.error('[/:agent_id/avatar] Error fetching agent', error);
-      _avatar = {};
-    }
+    let _avatar = existingAgent.avatar;

    if (_avatar && _avatar.source) {
      const { deleteFile } = getStrategyFunctions(_avatar.source);
@@ -430,7 +451,7 @@ const uploadAgentAvatarHandler = async (req, res) => {
    };

    promises.push(
-      await updateAgent({ id: agent_id, author: req.user.id }, data, {
+      await updateAgent({ id: agent_id }, data, {
        updatingUserId: req.user.id,
      }),
    );
@@ -445,7 +466,7 @@ const uploadAgentAvatarHandler = async (req, res) => {
    try {
      await fs.unlink(req.file.path);
      logger.debug('[/:agent_id/avatar] Temp. image upload file deleted');
-    } catch (error) {
+    } catch {
      logger.debug('[/:agent_id/avatar] Temp. image upload file already deleted');
    }
  }
--- a/api/server/controllers/agents/v1.spec.js
+++ b/api/server/controllers/agents/v1.spec.js
@@ -0,0 +1,659 @@
+const mongoose = require('mongoose');
+const { v4: uuidv4 } = require('uuid');
+const { MongoMemoryServer } = require('mongodb-memory-server');
+const { agentSchema } = require('@librechat/data-schemas');
+
+// Only mock the dependencies that are not database-related
+jest.mock('~/server/services/Config', () => ({
+  getCachedTools: jest.fn().mockResolvedValue({
+    web_search: true,
+    execute_code: true,
+    file_search: true,
+  }),
+}));
+
+jest.mock('~/models/Project', () => ({
+  getProjectByName: jest.fn().mockResolvedValue(null),
+}));
+
+jest.mock('~/server/services/Files/strategies', () => ({
+  getStrategyFunctions: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/images/avatar', () => ({
+  resizeAvatar: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/S3/crud', () => ({
+  refreshS3Url: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/process', () => ({
+  filterFile: jest.fn(),
+}));
+
+jest.mock('~/models/Action', () => ({
+  updateAction: jest.fn(),
+  getActions: jest.fn().mockResolvedValue([]),
+}));
+
+jest.mock('~/models/File', () => ({
+  deleteFileByFilter: jest.fn(),
+}));
+
+const { createAgent: createAgentHandler, updateAgent: updateAgentHandler } = require('./v1');
+
+/**
+ * @type {import('mongoose').Model<import('@librechat/data-schemas').IAgent>}
+ */
+let Agent;
+
+describe('Agent Controllers - Mass Assignment Protection', () => {
+  let mongoServer;
+  let mockReq;
+  let mockRes;
+
+  beforeAll(async () => {
+    mongoServer = await MongoMemoryServer.create();
+    const mongoUri = mongoServer.getUri();
+    await mongoose.connect(mongoUri);
+    Agent = mongoose.models.Agent || mongoose.model('Agent', agentSchema);
+  }, 20000);
+
+  afterAll(async () => {
+    await mongoose.disconnect();
+    await mongoServer.stop();
+  });
+
+  beforeEach(async () => {
+    await Agent.deleteMany({});
+
+    // Reset all mocks
+    jest.clearAllMocks();
+
+    // Setup mock request and response objects
+    mockReq = {
+      user: {
+        id: new mongoose.Types.ObjectId().toString(),
+        role: 'USER',
+      },
+      body: {},
+      params: {},
+      app: {
+        locals: {
+          fileStrategy: 'local',
+        },
+      },
+    };
+
+    mockRes = {
+      status: jest.fn().mockReturnThis(),
+      json: jest.fn().mockReturnThis(),
+    };
+  });
+
+  describe('createAgentHandler', () => {
+    test('should create agent with allowed fields only', async () => {
+      const validData = {
+        name: 'Test Agent',
+        description: 'A test agent',
+        instructions: 'Be helpful',
+        provider: 'openai',
+        model: 'gpt-4',
+        tools: ['web_search'],
+        model_parameters: { temperature: 0.7 },
+        tool_resources: {
+          file_search: { file_ids: ['file1', 'file2'] },
+        },
+      };
+
+      mockReq.body = validData;
+
+      await createAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).toHaveBeenCalledWith(201);
+      expect(mockRes.json).toHaveBeenCalled();
+
+      const createdAgent = mockRes.json.mock.calls[0][0];
+      expect(createdAgent.name).toBe('Test Agent');
+      expect(createdAgent.description).toBe('A test agent');
+      expect(createdAgent.provider).toBe('openai');
+      expect(createdAgent.model).toBe('gpt-4');
+      expect(createdAgent.author.toString()).toBe(mockReq.user.id);
+      expect(createdAgent.tools).toContain('web_search');
+
+      // Verify in database
+      const agentInDb = await Agent.findOne({ id: createdAgent.id });
+      expect(agentInDb).toBeDefined();
+      expect(agentInDb.name).toBe('Test Agent');
+      expect(agentInDb.author.toString()).toBe(mockReq.user.id);
+    });
+
+    test('should reject creation with unauthorized fields (mass assignment protection)', async () => {
+      const maliciousData = {
+        // Required fields
+        provider: 'openai',
+        model: 'gpt-4',
+        name: 'Malicious Agent',
+
+        // Unauthorized fields that should be stripped
+        author: new mongoose.Types.ObjectId().toString(), // Should not be able to set author
+        authorName: 'Hacker', // Should be stripped
+        isCollaborative: true, // Should be stripped on creation
+        versions: [], // Should be stripped
+        _id: new mongoose.Types.ObjectId(), // Should be stripped
+        id: 'custom_agent_id', // Should be overridden
+        createdAt: new Date('2020-01-01'), // Should be stripped
+        updatedAt: new Date('2020-01-01'), // Should be stripped
+      };
+
+      mockReq.body = maliciousData;
+
+      await createAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).toHaveBeenCalledWith(201);
+
+      const createdAgent = mockRes.json.mock.calls[0][0];
+
+      // Verify unauthorized fields were not set
+      expect(createdAgent.author.toString()).toBe(mockReq.user.id); // Should be the request user, not the malicious value
+      expect(createdAgent.authorName).toBeUndefined();
+      expect(createdAgent.isCollaborative).toBeFalsy();
+      expect(createdAgent.versions).toHaveLength(1); // Should have exactly 1 version from creation
+      expect(createdAgent.id).not.toBe('custom_agent_id'); // Should have generated ID
+      expect(createdAgent.id).toMatch(/^agent_/); // Should have proper prefix
+
+      // Verify timestamps are recent (not the malicious dates)
+      const createdTime = new Date(createdAgent.createdAt).getTime();
+      const now = Date.now();
+      expect(now - createdTime).toBeLessThan(5000); // Created within last 5 seconds
+
+      // Verify in database
+      const agentInDb = await Agent.findOne({ id: createdAgent.id });
+      expect(agentInDb.author.toString()).toBe(mockReq.user.id);
+      expect(agentInDb.authorName).toBeUndefined();
+    });
+
+    test('should validate required fields', async () => {
+      const invalidData = {
+        name: 'Missing Required Fields',
+        // Missing provider and model
+      };
+
+      mockReq.body = invalidData;
+
+      await createAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).toHaveBeenCalledWith(400);
+      expect(mockRes.json).toHaveBeenCalledWith(
+        expect.objectContaining({
+          error: 'Invalid request data',
+          details: expect.any(Array),
+        }),
+      );
+
+      // Verify nothing was created in database
+      const count = await Agent.countDocuments();
+      expect(count).toBe(0);
+    });
+
+    test('should handle tool_resources validation', async () => {
+      const dataWithInvalidToolResources = {
+        provider: 'openai',
+        model: 'gpt-4',
+        name: 'Agent with Tool Resources',
+        tool_resources: {
+          // Valid resources
+          file_search: {
+            file_ids: ['file1', 'file2'],
+            vector_store_ids: ['vs1'],
+          },
+          execute_code: {
+            file_ids: ['file3'],
+          },
+          // Invalid resource (should be stripped by schema)
+          invalid_resource: {
+            file_ids: ['file4'],
+          },
+        },
+      };
+
+      mockReq.body = dataWithInvalidToolResources;
+
+      await createAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).toHaveBeenCalledWith(201);
+
+      const createdAgent = mockRes.json.mock.calls[0][0];
+      expect(createdAgent.tool_resources).toBeDefined();
+      expect(createdAgent.tool_resources.file_search).toBeDefined();
+      expect(createdAgent.tool_resources.execute_code).toBeDefined();
+      expect(createdAgent.tool_resources.invalid_resource).toBeUndefined(); // Should be stripped
+
+      // Verify in database
+      const agentInDb = await Agent.findOne({ id: createdAgent.id });
+      expect(agentInDb.tool_resources.invalid_resource).toBeUndefined();
+    });
+
+    test('should handle avatar validation', async () => {
+      const dataWithAvatar = {
+        provider: 'openai',
+        model: 'gpt-4',
+        name: 'Agent with Avatar',
+        avatar: {
+          filepath: 'https://example.com/avatar.png',
+          source: 's3',
+        },
+      };
+
+      mockReq.body = dataWithAvatar;
+
+      await createAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).toHaveBeenCalledWith(201);
+
+      const createdAgent = mockRes.json.mock.calls[0][0];
+      expect(createdAgent.avatar).toEqual({
+        filepath: 'https://example.com/avatar.png',
+        source: 's3',
+      });
+    });
+
+    test('should handle invalid avatar format', async () => {
+      const dataWithInvalidAvatar = {
+        provider: 'openai',
+        model: 'gpt-4',
+        name: 'Agent with Invalid Avatar',
+        avatar: 'just-a-string', // Invalid format
+      };
+
+      mockReq.body = dataWithInvalidAvatar;
+
+      await createAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).toHaveBeenCalledWith(400);
+      expect(mockRes.json).toHaveBeenCalledWith(
+        expect.objectContaining({
+          error: 'Invalid request data',
+        }),
+      );
+    });
+  });
+
+  describe('updateAgentHandler', () => {
+    let existingAgentId;
+    let existingAgentAuthorId;
+
+    beforeEach(async () => {
+      // Create an existing agent for update tests
+      existingAgentAuthorId = new mongoose.Types.ObjectId();
+      const agent = await Agent.create({
+        id: `agent_${uuidv4()}`,
+        name: 'Original Agent',
+        provider: 'openai',
+        model: 'gpt-3.5-turbo',
+        author: existingAgentAuthorId,
+        description: 'Original description',
+        isCollaborative: false,
+        versions: [
+          {
+            name: 'Original Agent',
+            provider: 'openai',
+            model: 'gpt-3.5-turbo',
+            description: 'Original description',
+            createdAt: new Date(),
+            updatedAt: new Date(),
+          },
+        ],
+      });
+      existingAgentId = agent.id;
+    });
+
+    test('should update agent with allowed fields only', async () => {
+      mockReq.user.id = existingAgentAuthorId.toString(); // Set as author
+      mockReq.params.id = existingAgentId;
+      mockReq.body = {
+        name: 'Updated Agent',
+        description: 'Updated description',
+        model: 'gpt-4',
+        isCollaborative: true, // This IS allowed in updates
+      };
+
+      await updateAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).not.toHaveBeenCalledWith(400);
+      expect(mockRes.status).not.toHaveBeenCalledWith(403);
+      expect(mockRes.json).toHaveBeenCalled();
+
+      const updatedAgent = mockRes.json.mock.calls[0][0];
+      expect(updatedAgent.name).toBe('Updated Agent');
+      expect(updatedAgent.description).toBe('Updated description');
+      expect(updatedAgent.model).toBe('gpt-4');
+      expect(updatedAgent.isCollaborative).toBe(true);
+      expect(updatedAgent.author).toBe(existingAgentAuthorId.toString());
+
+      // Verify in database
+      const agentInDb = await Agent.findOne({ id: existingAgentId });
+      expect(agentInDb.name).toBe('Updated Agent');
+      expect(agentInDb.isCollaborative).toBe(true);
+    });
+
+    test('should reject update with unauthorized fields (mass assignment protection)', async () => {
+      mockReq.user.id = existingAgentAuthorId.toString();
+      mockReq.params.id = existingAgentId;
+      mockReq.body = {
+        name: 'Updated Name',
+
+        // Unauthorized fields that should be stripped
+        author: new mongoose.Types.ObjectId().toString(), // Should not be able to change author
+        authorName: 'Hacker', // Should be stripped
+        id: 'different_agent_id', // Should be stripped
+        _id: new mongoose.Types.ObjectId(), // Should be stripped
+        versions: [], // Should be stripped
+        createdAt: new Date('2020-01-01'), // Should be stripped
+        updatedAt: new Date('2020-01-01'), // Should be stripped
+      };
+
+      await updateAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.json).toHaveBeenCalled();
+
+      const updatedAgent = mockRes.json.mock.calls[0][0];
+
+      // Verify unauthorized fields were not changed
+      expect(updatedAgent.author).toBe(existingAgentAuthorId.toString()); // Should not have changed
+      expect(updatedAgent.authorName).toBeUndefined();
+      expect(updatedAgent.id).toBe(existingAgentId); // Should not have changed
+      expect(updatedAgent.name).toBe('Updated Name'); // Only this should have changed
+
+      // Verify in database
+      const agentInDb = await Agent.findOne({ id: existingAgentId });
+      expect(agentInDb.author.toString()).toBe(existingAgentAuthorId.toString());
+      expect(agentInDb.id).toBe(existingAgentId);
+    });
+
+    test('should reject update from non-author when not collaborative', async () => {
+      const differentUserId = new mongoose.Types.ObjectId().toString();
+      mockReq.user.id = differentUserId; // Different user
+      mockReq.params.id = existingAgentId;
+      mockReq.body = {
+        name: 'Unauthorized Update',
+      };
+
+      await updateAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).toHaveBeenCalledWith(403);
+      expect(mockRes.json).toHaveBeenCalledWith({
+        error: 'You do not have permission to modify this non-collaborative agent',
+      });
+
+      // Verify agent was not modified in database
+      const agentInDb = await Agent.findOne({ id: existingAgentId });
+      expect(agentInDb.name).toBe('Original Agent');
+    });
+
+    test('should allow update from non-author when collaborative', async () => {
+      // First make the agent collaborative
+      await Agent.updateOne({ id: existingAgentId }, { isCollaborative: true });
+
+      const differentUserId = new mongoose.Types.ObjectId().toString();
+      mockReq.user.id = differentUserId; // Different user
+      mockReq.params.id = existingAgentId;
+      mockReq.body = {
+        name: 'Collaborative Update',
+      };
+
+      await updateAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).not.toHaveBeenCalledWith(403);
+      expect(mockRes.json).toHaveBeenCalled();
+
+      const updatedAgent = mockRes.json.mock.calls[0][0];
+      expect(updatedAgent.name).toBe('Collaborative Update');
+      // Author field should be removed for non-author
+      expect(updatedAgent.author).toBeUndefined();
+
+      // Verify in database
+      const agentInDb = await Agent.findOne({ id: existingAgentId });
+      expect(agentInDb.name).toBe('Collaborative Update');
+    });
+
+    test('should allow admin to update any agent', async () => {
+      const adminUserId = new mongoose.Types.ObjectId().toString();
+      mockReq.user.id = adminUserId;
+      mockReq.user.role = 'ADMIN'; // Set as admin
+      mockReq.params.id = existingAgentId;
+      mockReq.body = {
+        name: 'Admin Update',
+      };
+
+      await updateAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).not.toHaveBeenCalledWith(403);
+      expect(mockRes.json).toHaveBeenCalled();
+
+      const updatedAgent = mockRes.json.mock.calls[0][0];
+      expect(updatedAgent.name).toBe('Admin Update');
+    });
+
+    test('should handle projectIds updates', async () => {
+      mockReq.user.id = existingAgentAuthorId.toString();
+      mockReq.params.id = existingAgentId;
+
+      const projectId1 = new mongoose.Types.ObjectId().toString();
+      const projectId2 = new mongoose.Types.ObjectId().toString();
+
+      mockReq.body = {
+        projectIds: [projectId1, projectId2],
+      };
+
+      await updateAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.json).toHaveBeenCalled();
+
+      const updatedAgent = mockRes.json.mock.calls[0][0];
+      expect(updatedAgent).toBeDefined();
+      // Note: updateAgentProjects requires more setup, so we just verify the handler doesn't crash
+    });
+
+    test('should validate tool_resources in updates', async () => {
+      mockReq.user.id = existingAgentAuthorId.toString();
+      mockReq.params.id = existingAgentId;
+      mockReq.body = {
+        tool_resources: {
+          ocr: {
+            file_ids: ['ocr1', 'ocr2'],
+          },
+          execute_code: {
+            file_ids: ['img1'],
+          },
+          // Invalid tool resource
+          invalid_tool: {
+            file_ids: ['invalid'],
+          },
+        },
+      };
+
+      await updateAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.json).toHaveBeenCalled();
+
+      const updatedAgent = mockRes.json.mock.calls[0][0];
+      expect(updatedAgent.tool_resources).toBeDefined();
+      expect(updatedAgent.tool_resources.ocr).toBeDefined();
+      expect(updatedAgent.tool_resources.execute_code).toBeDefined();
+      expect(updatedAgent.tool_resources.invalid_tool).toBeUndefined();
+    });
+
+    test('should return 404 for non-existent agent', async () => {
+      mockReq.user.id = existingAgentAuthorId.toString();
+      mockReq.params.id = `agent_${uuidv4()}`; // Non-existent ID
+      mockReq.body = {
+        name: 'Update Non-existent',
+      };
+
+      await updateAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).toHaveBeenCalledWith(404);
+      expect(mockRes.json).toHaveBeenCalledWith({ error: 'Agent not found' });
+    });
+
+    test('should handle validation errors properly', async () => {
+      mockReq.user.id = existingAgentAuthorId.toString();
+      mockReq.params.id = existingAgentId;
+      mockReq.body = {
+        model_parameters: 'invalid-not-an-object', // Should be an object
+      };
+
+      await updateAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).toHaveBeenCalledWith(400);
+      expect(mockRes.json).toHaveBeenCalledWith(
+        expect.objectContaining({
+          error: 'Invalid request data',
+          details: expect.any(Array),
+        }),
+      );
+    });
+  });
+
+  describe('Mass Assignment Attack Scenarios', () => {
+    test('should prevent setting system fields during creation', async () => {
+      const systemFields = {
+        provider: 'openai',
+        model: 'gpt-4',
+        name: 'System Fields Test',
+
+        // System fields that should never be settable by users
+        __v: 99,
+        _id: new mongoose.Types.ObjectId(),
+        versions: [
+          {
+            name: 'Fake Version',
+            provider: 'fake',
+            model: 'fake-model',
+          },
+        ],
+      };
+
+      mockReq.body = systemFields;
+
+      await createAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).toHaveBeenCalledWith(201);
+
+      const createdAgent = mockRes.json.mock.calls[0][0];
+
+      // Verify system fields were not affected
+      expect(createdAgent.__v).not.toBe(99);
+      expect(createdAgent.versions).toHaveLength(1); // Should only have the auto-created version
+      expect(createdAgent.versions[0].name).toBe('System Fields Test'); // From actual creation
+      expect(createdAgent.versions[0].provider).toBe('openai'); // From actual creation
+
+      // Verify in database
+      const agentInDb = await Agent.findOne({ id: createdAgent.id });
+      expect(agentInDb.__v).not.toBe(99);
+    });
+
+    test('should prevent privilege escalation through isCollaborative', async () => {
+      // Create a non-collaborative agent
+      const authorId = new mongoose.Types.ObjectId();
+      const agent = await Agent.create({
+        id: `agent_${uuidv4()}`,
+        name: 'Private Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: authorId,
+        isCollaborative: false,
+        versions: [
+          {
+            name: 'Private Agent',
+            provider: 'openai',
+            model: 'gpt-4',
+            createdAt: new Date(),
+            updatedAt: new Date(),
+          },
+        ],
+      });
+
+      // Try to make it collaborative as a different user
+      const attackerId = new mongoose.Types.ObjectId().toString();
+      mockReq.user.id = attackerId;
+      mockReq.params.id = agent.id;
+      mockReq.body = {
+        isCollaborative: true, // Trying to escalate privileges
+      };
+
+      await updateAgentHandler(mockReq, mockRes);
+
+      // Should be rejected
+      expect(mockRes.status).toHaveBeenCalledWith(403);
+
+      // Verify in database that it's still not collaborative
+      const agentInDb = await Agent.findOne({ id: agent.id });
+      expect(agentInDb.isCollaborative).toBe(false);
+    });
+
+    test('should prevent author hijacking', async () => {
+      const originalAuthorId = new mongoose.Types.ObjectId();
+      const attackerId = new mongoose.Types.ObjectId();
+
+      // Admin creates an agent
+      mockReq.user.id = originalAuthorId.toString();
+      mockReq.user.role = 'ADMIN';
+      mockReq.body = {
+        provider: 'openai',
+        model: 'gpt-4',
+        name: 'Admin Agent',
+        author: attackerId.toString(), // Trying to set different author
+      };
+
+      await createAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).toHaveBeenCalledWith(201);
+
+      const createdAgent = mockRes.json.mock.calls[0][0];
+
+      // Author should be the actual user, not the attempted value
+      expect(createdAgent.author.toString()).toBe(originalAuthorId.toString());
+      expect(createdAgent.author.toString()).not.toBe(attackerId.toString());
+
+      // Verify in database
+      const agentInDb = await Agent.findOne({ id: createdAgent.id });
+      expect(agentInDb.author.toString()).toBe(originalAuthorId.toString());
+    });
+
+    test('should strip unknown fields to prevent future vulnerabilities', async () => {
+      mockReq.body = {
+        provider: 'openai',
+        model: 'gpt-4',
+        name: 'Future Proof Test',
+
+        // Unknown fields that might be added in future
+        superAdminAccess: true,
+        bypassAllChecks: true,
+        internalFlag: 'secret',
+        futureFeature: 'exploit',
+      };
+
+      await createAgentHandler(mockReq, mockRes);
+
+      expect(mockRes.status).toHaveBeenCalledWith(201);
+
+      const createdAgent = mockRes.json.mock.calls[0][0];
+
+      // Verify unknown fields were stripped
+      expect(createdAgent.superAdminAccess).toBeUndefined();
+      expect(createdAgent.bypassAllChecks).toBeUndefined();
+      expect(createdAgent.internalFlag).toBeUndefined();
+      expect(createdAgent.futureFeature).toBeUndefined();
+
+      // Also check in database
+      const agentInDb = await Agent.findOne({ id: createdAgent.id }).lean();
+      expect(agentInDb.superAdminAccess).toBeUndefined();
+      expect(agentInDb.bypassAllChecks).toBeUndefined();
+      expect(agentInDb.internalFlag).toBeUndefined();
+      expect(agentInDb.futureFeature).toBeUndefined();
+    });
+  });
+});
--- a/api/server/controllers/assistants/chatV1.js
+++ b/api/server/controllers/assistants/chatV1.js
@@ -1,4 +1,7 @@
 const { v4 } = require('uuid');
+const { sleep } = require('@librechat/agents');
+const { sendEvent } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const {
  Time,
  Constants,
@@ -19,20 +22,20 @@ const {
  addThreadMetadata,
  saveAssistantMessage,
 } = require('~/server/services/Threads');
-const { sendResponse, sendMessage, sleep, countTokens } = require('~/server/utils');
 const { runAssistant, createOnTextProgress } = require('~/server/services/AssistantService');
 const validateAuthor = require('~/server/middleware/assistants/validateAuthor');
 const { formatMessage, createVisionPrompt } = require('~/app/clients/prompts');
 const { createRun, StreamRunManager } = require('~/server/services/Runs');
 const { addTitle } = require('~/server/services/Endpoints/assistants');
 const { createRunBody } = require('~/server/services/createRunBody');
+const { sendResponse } = require('~/server/middleware/error');
 const { getTransactions } = require('~/models/Transaction');
 const { checkBalance } = require('~/models/balanceMethods');
 const { getConvo } = require('~/models/Conversation');
 const getLogStores = require('~/cache/getLogStores');
+const { countTokens } = require('~/server/utils');
 const { getModelMaxTokens } = require('~/utils');
 const { getOpenAIClient } = require('./helpers');
-const { logger } = require('~/config');

 /**
 * @route POST /
@@ -471,7 +474,7 @@ const chatV1 = async (req, res) => {
    await Promise.all(promises);

    const sendInitialResponse = () => {
-      sendMessage(res, {
+      sendEvent(res, {
        sync: true,
        conversationId,
        // messages: previousMessages,
@@ -587,7 +590,7 @@ const chatV1 = async (req, res) => {
      iconURL: endpointOption.iconURL,
    };

-    sendMessage(res, {
+    sendEvent(res, {
      final: true,
      conversation,
      requestMessage: {
--- a/api/server/controllers/assistants/chatV2.js
+++ b/api/server/controllers/assistants/chatV2.js
@@ -1,4 +1,7 @@
 const { v4 } = require('uuid');
+const { sleep } = require('@librechat/agents');
+const { sendEvent } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const {
  Time,
  Constants,
@@ -22,15 +25,14 @@ const { createErrorHandler } = require('~/server/controllers/assistants/errors')
 const validateAuthor = require('~/server/middleware/assistants/validateAuthor');
 const { createRun, StreamRunManager } = require('~/server/services/Runs');
 const { addTitle } = require('~/server/services/Endpoints/assistants');
-const { sendMessage, sleep, countTokens } = require('~/server/utils');
 const { createRunBody } = require('~/server/services/createRunBody');
 const { getTransactions } = require('~/models/Transaction');
 const { checkBalance } = require('~/models/balanceMethods');
 const { getConvo } = require('~/models/Conversation');
 const getLogStores = require('~/cache/getLogStores');
+const { countTokens } = require('~/server/utils');
 const { getModelMaxTokens } = require('~/utils');
 const { getOpenAIClient } = require('./helpers');
-const { logger } = require('~/config');

 /**
 * @route POST /
@@ -309,7 +311,7 @@ const chatV2 = async (req, res) => {
    await Promise.all(promises);

    const sendInitialResponse = () => {
-      sendMessage(res, {
+      sendEvent(res, {
        sync: true,
        conversationId,
        // messages: previousMessages,
@@ -432,7 +434,7 @@ const chatV2 = async (req, res) => {
      iconURL: endpointOption.iconURL,
    };

-    sendMessage(res, {
+    sendEvent(res, {
      final: true,
      conversation,
      requestMessage: {
--- a/api/server/controllers/assistants/errors.js
+++ b/api/server/controllers/assistants/errors.js
@@ -1,10 +1,10 @@
 // errorHandler.js
-const { sendResponse } = require('~/server/utils');
-const { logger } = require('~/config');
-const getLogStores = require('~/cache/getLogStores');
+const { logger } = require('@librechat/data-schemas');
 const { CacheKeys, ViolationTypes, ContentTypes } = require('librechat-data-provider');
-const { getConvo } = require('~/models/Conversation');
 const { recordUsage, checkMessageGaps } = require('~/server/services/Threads');
+const { sendResponse } = require('~/server/middleware/error');
+const { getConvo } = require('~/models/Conversation');
+const getLogStores = require('~/cache/getLogStores');

 /**
 * @typedef {Object} ErrorHandlerContext
@@ -78,7 +78,7 @@ const createErrorHandler = ({ req, res, getContext, originPath = '/assistants/ch
    } else if (/Files.*are invalid/.test(error.message)) {
      const errorMessage = `Files are invalid, or may not have uploaded yet.${
        endpoint === 'azureAssistants'
-          ? ' If using Azure OpenAI, files are only available in the region of the assistant\'s model at the time of upload.'
+          ? " If using Azure OpenAI, files are only available in the region of the assistant's model at the time of upload."
          : ''
      }`;
      return sendResponse(req, res, messageData, errorMessage);
--- a/api/server/controllers/assistants/v1.js
+++ b/api/server/controllers/assistants/v1.js
@@ -1,4 +1,5 @@
 const fs = require('fs').promises;
+const { logger } = require('@librechat/data-schemas');
 const { FileContext } = require('librechat-data-provider');
 const { uploadImageBuffer, filterFile } = require('~/server/services/Files/process');
 const validateAuthor = require('~/server/middleware/assistants/validateAuthor');
@@ -6,9 +7,9 @@ const { getStrategyFunctions } = require('~/server/services/Files/strategies');
 const { deleteAssistantActions } = require('~/server/services/ActionService');
 const { updateAssistantDoc, getAssistants } = require('~/models/Assistant');
 const { getOpenAIClient, fetchAssistants } = require('./helpers');
+const { getCachedTools } = require('~/server/services/Config');
 const { manifestToolMap } = require('~/app/clients/tools');
 const { deleteFileByFilter } = require('~/models/File');
-const { logger } = require('~/config');

 /**
 * Create an assistant.
@@ -30,21 +31,20 @@ const createAssistant = async (req, res) => {
    delete assistantData.conversation_starters;
    delete assistantData.append_current_datetime;

+    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+
    assistantData.tools = tools
      .map((tool) => {
        if (typeof tool !== 'string') {
          return tool;
        }

-        const toolDefinitions = req.app.locals.availableTools;
        const toolDef = toolDefinitions[tool];
        if (!toolDef && manifestToolMap[tool] && manifestToolMap[tool].toolkit === true) {
-          return (
-            Object.entries(toolDefinitions)
-              .filter(([key]) => key.startsWith(`${tool}_`))
-              // eslint-disable-next-line no-unused-vars
-              .map(([_, val]) => val)
-          );
+          return Object.entries(toolDefinitions)
+            .filter(([key]) => key.startsWith(`${tool}_`))
+
+            .map(([_, val]) => val);
        }

        return toolDef;
@@ -135,21 +135,21 @@ const patchAssistant = async (req, res) => {
      append_current_datetime,
      ...updateData
    } = req.body;
+
+    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+
    updateData.tools = (updateData.tools ?? [])
      .map((tool) => {
        if (typeof tool !== 'string') {
          return tool;
        }

-        const toolDefinitions = req.app.locals.availableTools;
        const toolDef = toolDefinitions[tool];
        if (!toolDef && manifestToolMap[tool] && manifestToolMap[tool].toolkit === true) {
-          return (
-            Object.entries(toolDefinitions)
-              .filter(([key]) => key.startsWith(`${tool}_`))
-              // eslint-disable-next-line no-unused-vars
-              .map(([_, val]) => val)
-          );
+          return Object.entries(toolDefinitions)
+            .filter(([key]) => key.startsWith(`${tool}_`))
+
+            .map(([_, val]) => val);
        }

        return toolDef;
--- a/api/server/controllers/assistants/v2.js
+++ b/api/server/controllers/assistants/v2.js
@@ -1,10 +1,11 @@
+const { logger } = require('@librechat/data-schemas');
 const { ToolCallTypes } = require('librechat-data-provider');
 const validateAuthor = require('~/server/middleware/assistants/validateAuthor');
 const { validateAndUpdateTool } = require('~/server/services/ActionService');
+const { getCachedTools } = require('~/server/services/Config');
 const { updateAssistantDoc } = require('~/models/Assistant');
 const { manifestToolMap } = require('~/app/clients/tools');
 const { getOpenAIClient } = require('./helpers');
-const { logger } = require('~/config');

 /**
 * Create an assistant.
@@ -27,21 +28,20 @@ const createAssistant = async (req, res) => {
    delete assistantData.conversation_starters;
    delete assistantData.append_current_datetime;

+    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+
    assistantData.tools = tools
      .map((tool) => {
        if (typeof tool !== 'string') {
          return tool;
        }

-        const toolDefinitions = req.app.locals.availableTools;
        const toolDef = toolDefinitions[tool];
        if (!toolDef && manifestToolMap[tool] && manifestToolMap[tool].toolkit === true) {
-          return (
-            Object.entries(toolDefinitions)
-              .filter(([key]) => key.startsWith(`${tool}_`))
-              // eslint-disable-next-line no-unused-vars
-              .map(([_, val]) => val)
-          );
+          return Object.entries(toolDefinitions)
+            .filter(([key]) => key.startsWith(`${tool}_`))
+
+            .map(([_, val]) => val);
        }

        return toolDef;
@@ -125,13 +125,13 @@ const updateAssistant = async ({ req, openai, assistant_id, updateData }) => {

  let hasFileSearch = false;
  for (const tool of updateData.tools ?? []) {
-    const toolDefinitions = req.app.locals.availableTools;
+    const toolDefinitions = await getCachedTools({ includeGlobal: true });
    let actualTool = typeof tool === 'string' ? toolDefinitions[tool] : tool;

    if (!actualTool && manifestToolMap[tool] && manifestToolMap[tool].toolkit === true) {
      actualTool = Object.entries(toolDefinitions)
        .filter(([key]) => key.startsWith(`${tool}_`))
-        // eslint-disable-next-line no-unused-vars
+
        .map(([_, val]) => val);
    } else if (!actualTool) {
      continue;
--- a/api/server/controllers/tools.js
+++ b/api/server/controllers/tools.js
@@ -1,5 +1,7 @@
 const { nanoid } = require('nanoid');
 const { EnvVar } = require('@librechat/agents');
+const { checkAccess } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const {
  Tools,
  AuthType,
@@ -13,9 +15,8 @@ const { processCodeOutput } = require('~/server/services/Files/Code/process');
 const { createToolCall, getToolCallsByConvo } = require('~/models/ToolCall');
 const { loadAuthValues } = require('~/server/services/Tools/credentials');
 const { loadTools } = require('~/app/clients/tools/util');
-const { checkAccess } = require('~/server/middleware');
+const { getRoleByName } = require('~/models/Role');
 const { getMessage } = require('~/models/Message');
-const { logger } = require('~/config');

 const fieldsMap = {
  [Tools.execute_code]: [EnvVar.CODE_API_KEY],
@@ -79,6 +80,7 @@ const verifyToolAuth = async (req, res) => {
        throwError: false,
      });
    } catch (error) {
+      logger.error('Error loading auth values', error);
      res.status(200).json({ authenticated: false, message: AuthType.USER_PROVIDED });
      return;
    }
@@ -132,7 +134,12 @@ const callTool = async (req, res) => {
    logger.debug(`[${toolId}/call] User: ${req.user.id}`);
    let hasAccess = true;
    if (toolAccessPermType[toolId]) {
-      hasAccess = await checkAccess(req.user, toolAccessPermType[toolId], [Permissions.USE]);
+      hasAccess = await checkAccess({
+        user: req.user,
+        permissionType: toolAccessPermType[toolId],
+        permissions: [Permissions.USE],
+        getRoleByName,
+      });
    }
    if (!hasAccess) {
      logger.warn(
--- a/api/server/index.js
+++ b/api/server/index.js
@@ -1,22 +1,22 @@
 require('dotenv').config();
+const fs = require('fs');
 const path = require('path');
 require('module-alias')({ base: path.resolve(__dirname, '..') });
 const cors = require('cors');
 const axios = require('axios');
 const express = require('express');
-const compression = require('compression');
 const passport = require('passport');
-const mongoSanitize = require('express-mongo-sanitize');
-const fs = require('fs');
+const compression = require('compression');
 const cookieParser = require('cookie-parser');
+const { isEnabled } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
+const mongoSanitize = require('express-mongo-sanitize');
 const { connectDb, indexSync } = require('~/db');

-const { jwtLogin, passportLogin } = require('~/strategies');
-const { isEnabled } = require('~/server/utils');
-const { ldapLogin } = require('~/strategies');
-const { logger } = require('~/config');
 const validateImageRequest = require('./middleware/validateImageRequest');
+const { jwtLogin, ldapLogin, passportLogin } = require('~/strategies');
 const errorController = require('./controllers/ErrorController');
+const initializeMCP = require('./services/initializeMCP');
 const configureSocialLogins = require('./socialLogins');
 const AppService = require('./services/AppService');
 const staticCache = require('./utils/staticCache');
@@ -39,7 +39,9 @@ const startServer = async () => {
  await connectDb();

  logger.info('Connected to MongoDB');
-  await indexSync();
+  indexSync().catch((err) => {
+    logger.error('[indexSync] Background sync failed:', err);
+  });

  app.disable('x-powered-by');
  app.set('trust proxy', trusted_proxy);
@@ -53,7 +55,6 @@ const startServer = async () => {

  /* Middleware */
  app.use(noIndex);
-  app.use(errorController);
  app.use(express.json({ limit: '3mb' }));
  app.use(express.urlencoded({ extended: true, limit: '3mb' }));
  app.use(mongoSanitize());
@@ -95,7 +96,6 @@ const startServer = async () => {
  app.use('/api/actions', routes.actions);
  app.use('/api/keys', routes.keys);
  app.use('/api/user', routes.user);
-  app.use('/api/ask', routes.ask);
  app.use('/api/search', routes.search);
  app.use('/api/edit', routes.edit);
  app.use('/api/messages', routes.messages);
@@ -116,9 +116,12 @@ const startServer = async () => {
  app.use('/api/roles', routes.roles);
  app.use('/api/agents', routes.agents);
  app.use('/api/banner', routes.banner);
-  app.use('/api/bedrock', routes.bedrock);
  app.use('/api/memories', routes.memories);
  app.use('/api/tags', routes.tags);
+  app.use('/api/mcp', routes.mcp);
+
+  // Add the error controller one more time after all routes
+  app.use(errorController);

  app.use((req, res) => {
    res.set({
@@ -142,6 +145,8 @@ const startServer = async () => {
    } else {
      logger.info(`Server listening at http://${host == '0.0.0.0' ? 'localhost' : host}:${port}`);
    }
+
+    initializeMCP(app);
  });
 };

@@ -184,5 +189,5 @@ process.on('uncaughtException', (err) => {
  process.exit(1);
 });

-// export app for easier testing purposes
+/** Export app for easier testing purposes */
 module.exports = app;
--- a/api/server/index.spec.js
+++ b/api/server/index.spec.js
@@ -1,5 +1,4 @@
 const fs = require('fs');
-const path = require('path');
 const request = require('supertest');
 const { MongoMemoryServer } = require('mongodb-memory-server');
 const mongoose = require('mongoose');
@@ -59,6 +58,30 @@ describe('Server Configuration', () => {
    expect(response.headers['pragma']).toBe('no-cache');
    expect(response.headers['expires']).toBe('0');
  });
+
+  it('should return 500 for unknown errors via ErrorController', async () => {
+    // Testing the error handling here on top of unit tests to ensure the middleware is correctly integrated
+
+    // Mock MongoDB operations to fail
+    const originalFindOne = mongoose.models.User.findOne;
+    const mockError = new Error('MongoDB operation failed');
+    mongoose.models.User.findOne = jest.fn().mockImplementation(() => {
+      throw mockError;
+    });
+
+    try {
+      const response = await request(app).post('/api/auth/login').send({
+        email: 'test@example.com',
+        password: 'password123',
+      });
+
+      expect(response.status).toBe(500);
+      expect(response.text).toBe('An unknown error occurred.');
+    } finally {
+      // Restore original function
+      mongoose.models.User.findOne = originalFindOne;
+    }
+  });
 });

 // Polls the /health endpoint every 30ms for up to 10 seconds to wait for the server to start completely
--- a/api/server/middleware/abortMiddleware.js
+++ b/api/server/middleware/abortMiddleware.js
@@ -1,13 +1,13 @@
-// abortMiddleware.js
+const { logger } = require('@librechat/data-schemas');
+const { countTokens, isEnabled, sendEvent } = require('@librechat/api');
 const { isAssistantsEndpoint, ErrorTypes } = require('librechat-data-provider');
-const { sendMessage, sendError, countTokens, isEnabled } = require('~/server/utils');
 const { truncateText, smartTruncateText } = require('~/app/clients/prompts');
 const clearPendingReq = require('~/cache/clearPendingReq');
+const { sendError } = require('~/server/middleware/error');
 const { spendTokens } = require('~/models/spendTokens');
 const abortControllers = require('./abortControllers');
 const { saveMessage, getConvo } = require('~/models');
 const { abortRun } = require('./abortRun');
-const { logger } = require('~/config');

 const abortDataMap = new WeakMap();

@@ -101,7 +101,7 @@ async function abortMessage(req, res) {
  cleanupAbortController(abortKey);

  if (res.headersSent && finalEvent) {
-    return sendMessage(res, finalEvent);
+    return sendEvent(res, finalEvent);
  }

  res.setHeader('Content-Type', 'application/json');
@@ -174,7 +174,7 @@ const createAbortController = (req, res, getAbortData, getReqData) => {
   * @param {string} responseMessageId
   */
  const onStart = (userMessage, responseMessageId) => {
-    sendMessage(res, { message: userMessage, created: true });
+    sendEvent(res, { message: userMessage, created: true });

    const abortKey = userMessage?.conversationId ?? req.user.id;
    getReqData({ abortKey });
--- a/api/server/middleware/abortRun.js
+++ b/api/server/middleware/abortRun.js
@@ -1,11 +1,11 @@
+const { sendEvent } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { CacheKeys, RunStatus, isUUID } = require('librechat-data-provider');
 const { initializeClient } = require('~/server/services/Endpoints/assistants');
 const { checkMessageGaps, recordUsage } = require('~/server/services/Threads');
 const { deleteMessages } = require('~/models/Message');
 const { getConvo } = require('~/models/Conversation');
 const getLogStores = require('~/cache/getLogStores');
-const { sendMessage } = require('~/server/utils');
-const { logger } = require('~/config');

 const three_minutes = 1000 * 60 * 3;

@@ -34,7 +34,7 @@ async function abortRun(req, res) {
  const [thread_id, run_id] = runValues.split(':');

  if (!run_id) {
-    logger.warn('[abortRun] Couldn\'t find run for cancel request', { thread_id });
+    logger.warn("[abortRun] Couldn't find run for cancel request", { thread_id });
    return res.status(204).send({ message: 'Run not found' });
  } else if (run_id === 'cancelled') {
    logger.warn('[abortRun] Run already cancelled', { thread_id });
@@ -93,7 +93,7 @@ async function abortRun(req, res) {
  };

  if (res.headersSent && finalEvent) {
-    return sendMessage(res, finalEvent);
+    return sendEvent(res, finalEvent);
  }

  res.json(finalEvent);
--- a/api/server/middleware/buildEndpointOption.js
+++ b/api/server/middleware/buildEndpointOption.js
@@ -1,13 +1,13 @@
+const { handleError } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const {
-  parseCompactConvo,
+  EndpointURLs,
  EModelEndpoint,
  isAgentsEndpoint,
-  EndpointURLs,
+  parseCompactConvo,
 } = require('librechat-data-provider');
 const azureAssistants = require('~/server/services/Endpoints/azureAssistants');
-const { getModelsConfig } = require('~/server/controllers/ModelController');
 const assistants = require('~/server/services/Endpoints/assistants');
-const gptPlugins = require('~/server/services/Endpoints/gptPlugins');
 const { processFiles } = require('~/server/services/Files/process');
 const anthropic = require('~/server/services/Endpoints/anthropic');
 const bedrock = require('~/server/services/Endpoints/bedrock');
@@ -15,7 +15,6 @@ const openAI = require('~/server/services/Endpoints/openAI');
 const agents = require('~/server/services/Endpoints/agents');
 const custom = require('~/server/services/Endpoints/custom');
 const google = require('~/server/services/Endpoints/google');
-const { handleError } = require('~/server/utils');

 const buildFunction = {
  [EModelEndpoint.openAI]: openAI.buildOptions,
@@ -25,7 +24,6 @@ const buildFunction = {
  [EModelEndpoint.bedrock]: bedrock.buildOptions,
  [EModelEndpoint.azureOpenAI]: openAI.buildOptions,
  [EModelEndpoint.anthropic]: anthropic.buildOptions,
-  [EModelEndpoint.gptPlugins]: gptPlugins.buildOptions,
  [EModelEndpoint.assistants]: assistants.buildOptions,
  [EModelEndpoint.azureAssistants]: azureAssistants.buildOptions,
 };
@@ -36,6 +34,9 @@ async function buildEndpointOption(req, res, next) {
  try {
    parsedBody = parseCompactConvo({ endpoint, endpointType, conversation: req.body });
  } catch (error) {
+    logger.warn(
+      `Error parsing conversation for endpoint ${endpoint}${error?.message ? `: ${error.message}` : ''}`,
+    );
    return handleError(res, { text: 'Error parsing conversation' });
  }

@@ -57,15 +58,6 @@ async function buildEndpointOption(req, res, next) {
      return handleError(res, { text: 'Model spec mismatch' });
    }

-    if (
-      currentModelSpec.preset.endpoint !== EModelEndpoint.gptPlugins &&
-      currentModelSpec.preset.tools
-    ) {
-      return handleError(res, {
-        text: `Only the "${EModelEndpoint.gptPlugins}" endpoint can have tools defined in the preset`,
-      });
-    }
-
    try {
      currentModelSpec.preset.spec = spec;
      if (currentModelSpec.iconURL != null && currentModelSpec.iconURL !== '') {
@@ -77,6 +69,7 @@ async function buildEndpointOption(req, res, next) {
        conversation: currentModelSpec.preset,
      });
    } catch (error) {
+      logger.error(`Error parsing model spec for endpoint ${endpoint}`, error);
      return handleError(res, { text: 'Error parsing model spec' });
    }
  }
@@ -84,20 +77,23 @@ async function buildEndpointOption(req, res, next) {
  try {
    const isAgents =
      isAgentsEndpoint(endpoint) || req.baseUrl.startsWith(EndpointURLs[EModelEndpoint.agents]);
-    const endpointFn = buildFunction[isAgents ? EModelEndpoint.agents : (endpointType ?? endpoint)];
-    const builder = isAgents ? (...args) => endpointFn(req, ...args) : endpointFn;
+    const builder = isAgents
+      ? (...args) => buildFunction[EModelEndpoint.agents](req, ...args)
+      : buildFunction[endpointType ?? endpoint];

    // TODO: use object params
    req.body.endpointOption = await builder(endpoint, parsedBody, endpointType);

-    // TODO: use `getModelsConfig` only when necessary
-    const modelsConfig = await getModelsConfig(req);
-    req.body.endpointOption.modelsConfig = modelsConfig;
    if (req.body.files && !isAgents) {
      req.body.endpointOption.attachments = processFiles(req.body.files);
    }
+
    next();
  } catch (error) {
+    logger.error(
+      `Error building endpoint option for endpoint ${endpoint} with type ${endpointType}`,
+      error,
+    );
    return handleError(res, { text: 'Error building endpoint option' });
  }
 }
--- a/api/server/middleware/checkBan.js
+++ b/api/server/middleware/checkBan.js
@@ -18,7 +18,6 @@ const message = 'Your account has been temporarily banned due to violations of o
 * @function
 * @param {Object} req - Express Request object.
 * @param {Object} res - Express Response object.
- * @param {String} errorMessage - Error message to be displayed in case of /api/ask or /api/edit request.
 *
 * @returns {Promise<Object>} - Returns a Promise which when resolved sends a response status of 403 with a specific message if request is not of api/ask or api/edit types. If it is, calls `denyRequest()` function.
 */
@@ -135,6 +134,7 @@ const checkBan = async (req, res, next = () => {}) => {
    return await banResponse(req, res);
  } catch (error) {
    logger.error('Error in checkBan middleware:', error);
+    return next(error);
  }
 };

--- a/api/server/middleware/denyRequest.js
+++ b/api/server/middleware/denyRequest.js
@@ -1,6 +1,7 @@
 const crypto = require('crypto');
+const { sendEvent } = require('@librechat/api');
 const { getResponseSender, Constants } = require('librechat-data-provider');
-const { sendMessage, sendError } = require('~/server/utils');
+const { sendError } = require('~/server/middleware/error');
 const { saveMessage } = require('~/models');

 /**
@@ -36,7 +37,7 @@ const denyRequest = async (req, res, errorMessage) => {
    isCreatedByUser: true,
    text,
  };
-  sendMessage(res, { message: userMessage, created: true });
+  sendEvent(res, { message: userMessage, created: true });

  const shouldSaveMessage = _convoId && parentMessageId && parentMessageId !== Constants.NO_PARENT;

--- a/api/server/utils/streamResponse.js
+++ b/api/server/utils/streamResponse.js
@@ -1,31 +1,9 @@
 const crypto = require('crypto');
+const { logger } = require('@librechat/data-schemas');
 const { parseConvo } = require('librechat-data-provider');
+const { sendEvent, handleError } = require('@librechat/api');
 const { saveMessage, getMessages } = require('~/models/Message');
 const { getConvo } = require('~/models/Conversation');
-const { logger } = require('~/config');
-
-/**
- * Sends error data in Server Sent Events format and ends the response.
- * @param {object} res - The server response.
- * @param {string} message - The error message.
- */
-const handleError = (res, message) => {
-  res.write(`event: error\ndata: ${JSON.stringify(message)}\n\n`);
-  res.end();
-};
-
-/**
- * Sends message data in Server Sent Events format.
- * @param {Express.Response} res - - The server response.
- * @param {string | Object} message - The message to be sent.
- * @param {'message' | 'error' | 'cancel'} event - [Optional] The type of event. Default is 'message'.
- */
-const sendMessage = (res, message, event = 'message') => {
-  if (typeof message === 'string' && message.length === 0) {
-    return;
-  }
-  res.write(`event: ${event}\ndata: ${JSON.stringify(message)}\n\n`);
-};

 /**
 * Processes an error with provided options, saves the error message and sends a corresponding SSE response
@@ -91,7 +69,7 @@ const sendError = async (req, res, options, callback) => {
      convo = parseConvo(errorMessage);
    }

-    return sendMessage(res, {
+    return sendEvent(res, {
      final: true,
      requestMessage: query?.[0] ? query[0] : requestMessage,
      responseMessage: errorMessage,
@@ -120,12 +98,10 @@ const sendResponse = (req, res, data, errorMessage) => {
  if (errorMessage) {
    return sendError(req, res, { ...data, text: errorMessage });
  }
-  return sendMessage(res, data);
+  return sendEvent(res, data);
 };

 module.exports = {
-  sendResponse,
-  handleError,
-  sendMessage,
  sendError,
+  sendResponse,
 };
--- a/api/server/middleware/limiters/forkLimiters.js
+++ b/api/server/middleware/limiters/forkLimiters.js
@@ -0,0 +1,95 @@
+const rateLimit = require('express-rate-limit');
+const { isEnabled } = require('@librechat/api');
+const { RedisStore } = require('rate-limit-redis');
+const { logger } = require('@librechat/data-schemas');
+const { ViolationTypes } = require('librechat-data-provider');
+const ioredisClient = require('~/cache/ioredisClient');
+const logViolation = require('~/cache/logViolation');
+
+const getEnvironmentVariables = () => {
+  const FORK_IP_MAX = parseInt(process.env.FORK_IP_MAX) || 30;
+  const FORK_IP_WINDOW = parseInt(process.env.FORK_IP_WINDOW) || 1;
+  const FORK_USER_MAX = parseInt(process.env.FORK_USER_MAX) || 7;
+  const FORK_USER_WINDOW = parseInt(process.env.FORK_USER_WINDOW) || 1;
+  const FORK_VIOLATION_SCORE = process.env.FORK_VIOLATION_SCORE;
+
+  const forkIpWindowMs = FORK_IP_WINDOW * 60 * 1000;
+  const forkIpMax = FORK_IP_MAX;
+  const forkIpWindowInMinutes = forkIpWindowMs / 60000;
+
+  const forkUserWindowMs = FORK_USER_WINDOW * 60 * 1000;
+  const forkUserMax = FORK_USER_MAX;
+  const forkUserWindowInMinutes = forkUserWindowMs / 60000;
+
+  return {
+    forkIpWindowMs,
+    forkIpMax,
+    forkIpWindowInMinutes,
+    forkUserWindowMs,
+    forkUserMax,
+    forkUserWindowInMinutes,
+    forkViolationScore: FORK_VIOLATION_SCORE,
+  };
+};
+
+const createForkHandler = (ip = true) => {
+  const {
+    forkIpMax,
+    forkUserMax,
+    forkViolationScore,
+    forkIpWindowInMinutes,
+    forkUserWindowInMinutes,
+  } = getEnvironmentVariables();
+
+  return async (req, res) => {
+    const type = ViolationTypes.FILE_UPLOAD_LIMIT;
+    const errorMessage = {
+      type,
+      max: ip ? forkIpMax : forkUserMax,
+      limiter: ip ? 'ip' : 'user',
+      windowInMinutes: ip ? forkIpWindowInMinutes : forkUserWindowInMinutes,
+    };
+
+    await logViolation(req, res, type, errorMessage, forkViolationScore);
+    res.status(429).json({ message: 'Too many conversation fork requests. Try again later' });
+  };
+};
+
+const createForkLimiters = () => {
+  const { forkIpWindowMs, forkIpMax, forkUserWindowMs, forkUserMax } = getEnvironmentVariables();
+
+  const ipLimiterOptions = {
+    windowMs: forkIpWindowMs,
+    max: forkIpMax,
+    handler: createForkHandler(),
+  };
+  const userLimiterOptions = {
+    windowMs: forkUserWindowMs,
+    max: forkUserMax,
+    handler: createForkHandler(false),
+    keyGenerator: function (req) {
+      return req.user?.id;
+    },
+  };
+
+  if (isEnabled(process.env.USE_REDIS) && ioredisClient) {
+    logger.debug('Using Redis for fork rate limiters.');
+    const sendCommand = (...args) => ioredisClient.call(...args);
+    const ipStore = new RedisStore({
+      sendCommand,
+      prefix: 'fork_ip_limiter:',
+    });
+    const userStore = new RedisStore({
+      sendCommand,
+      prefix: 'fork_user_limiter:',
+    });
+    ipLimiterOptions.store = ipStore;
+    userLimiterOptions.store = userStore;
+  }
+
+  const forkIpLimiter = rateLimit(ipLimiterOptions);
+  const forkUserLimiter = rateLimit(userLimiterOptions);
+  return { forkIpLimiter, forkUserLimiter };
+};
+
+module.exports = { createForkLimiters };
--- a/api/server/middleware/limiters/importLimiters.js
+++ b/api/server/middleware/limiters/importLimiters.js
@@ -1,16 +1,17 @@
 const rateLimit = require('express-rate-limit');
+const { isEnabled } = require('@librechat/api');
 const { RedisStore } = require('rate-limit-redis');
+const { logger } = require('@librechat/data-schemas');
 const { ViolationTypes } = require('librechat-data-provider');
 const ioredisClient = require('~/cache/ioredisClient');
 const logViolation = require('~/cache/logViolation');
-const { isEnabled } = require('~/server/utils');
-const { logger } = require('~/config');

 const getEnvironmentVariables = () => {
  const IMPORT_IP_MAX = parseInt(process.env.IMPORT_IP_MAX) || 100;
  const IMPORT_IP_WINDOW = parseInt(process.env.IMPORT_IP_WINDOW) || 15;
  const IMPORT_USER_MAX = parseInt(process.env.IMPORT_USER_MAX) || 50;
  const IMPORT_USER_WINDOW = parseInt(process.env.IMPORT_USER_WINDOW) || 15;
+  const IMPORT_VIOLATION_SCORE = process.env.IMPORT_VIOLATION_SCORE;

  const importIpWindowMs = IMPORT_IP_WINDOW * 60 * 1000;
  const importIpMax = IMPORT_IP_MAX;
@@ -27,12 +28,18 @@ const getEnvironmentVariables = () => {
    importUserWindowMs,
    importUserMax,
    importUserWindowInMinutes,
+    importViolationScore: IMPORT_VIOLATION_SCORE,
  };
 };

 const createImportHandler = (ip = true) => {
-  const { importIpMax, importIpWindowInMinutes, importUserMax, importUserWindowInMinutes } =
-    getEnvironmentVariables();
+  const {
+    importIpMax,
+    importUserMax,
+    importViolationScore,
+    importIpWindowInMinutes,
+    importUserWindowInMinutes,
+  } = getEnvironmentVariables();

  return async (req, res) => {
    const type = ViolationTypes.FILE_UPLOAD_LIMIT;
@@ -43,7 +50,7 @@ const createImportHandler = (ip = true) => {
      windowInMinutes: ip ? importIpWindowInMinutes : importUserWindowInMinutes,
    };

-    await logViolation(req, res, type, errorMessage);
+    await logViolation(req, res, type, errorMessage, importViolationScore);
    res.status(429).json({ message: 'Too many conversation import requests. Try again later' });
  };
 };
--- a/api/server/middleware/limiters/index.js
+++ b/api/server/middleware/limiters/index.js
@@ -4,6 +4,7 @@ const createSTTLimiters = require('./sttLimiters');
 const loginLimiter = require('./loginLimiter');
 const importLimiters = require('./importLimiters');
 const uploadLimiters = require('./uploadLimiters');
+const forkLimiters = require('./forkLimiters');
 const registerLimiter = require('./registerLimiter');
 const toolCallLimiter = require('./toolCallLimiter');
 const messageLimiters = require('./messageLimiters');
@@ -14,6 +15,7 @@ module.exports = {
  ...uploadLimiters,
  ...importLimiters,
  ...messageLimiters,
+  ...forkLimiters,
  loginLimiter,
  registerLimiter,
  toolCallLimiter,
--- a/api/server/middleware/limiters/messageLimiters.js
+++ b/api/server/middleware/limiters/messageLimiters.js
@@ -11,6 +11,7 @@ const {
  MESSAGE_IP_WINDOW = 1,
  MESSAGE_USER_MAX = 40,
  MESSAGE_USER_WINDOW = 1,
+  MESSAGE_VIOLATION_SCORE: score,
 } = process.env;

 const ipWindowMs = MESSAGE_IP_WINDOW * 60 * 1000;
@@ -39,7 +40,7 @@ const createHandler = (ip = true) => {
      windowInMinutes: ip ? ipWindowInMinutes : userWindowInMinutes,
    };

-    await logViolation(req, res, type, errorMessage);
+    await logViolation(req, res, type, errorMessage, score);
    return await denyRequest(req, res, errorMessage);
  };
 };
--- a/api/server/middleware/limiters/sttLimiters.js
+++ b/api/server/middleware/limiters/sttLimiters.js
@@ -11,6 +11,7 @@ const getEnvironmentVariables = () => {
  const STT_IP_WINDOW = parseInt(process.env.STT_IP_WINDOW) || 1;
  const STT_USER_MAX = parseInt(process.env.STT_USER_MAX) || 50;
  const STT_USER_WINDOW = parseInt(process.env.STT_USER_WINDOW) || 1;
+  const STT_VIOLATION_SCORE = process.env.STT_VIOLATION_SCORE;

  const sttIpWindowMs = STT_IP_WINDOW * 60 * 1000;
  const sttIpMax = STT_IP_MAX;
@@ -27,11 +28,12 @@ const getEnvironmentVariables = () => {
    sttUserWindowMs,
    sttUserMax,
    sttUserWindowInMinutes,
+    sttViolationScore: STT_VIOLATION_SCORE,
  };
 };

 const createSTTHandler = (ip = true) => {
-  const { sttIpMax, sttIpWindowInMinutes, sttUserMax, sttUserWindowInMinutes } =
+  const { sttIpMax, sttIpWindowInMinutes, sttUserMax, sttUserWindowInMinutes, sttViolationScore } =
    getEnvironmentVariables();

  return async (req, res) => {
@@ -43,7 +45,7 @@ const createSTTHandler = (ip = true) => {
      windowInMinutes: ip ? sttIpWindowInMinutes : sttUserWindowInMinutes,
    };

-    await logViolation(req, res, type, errorMessage);
+    await logViolation(req, res, type, errorMessage, sttViolationScore);
    res.status(429).json({ message: 'Too many STT requests. Try again later' });
  };
 };
--- a/api/server/middleware/limiters/toolCallLimiter.js
+++ b/api/server/middleware/limiters/toolCallLimiter.js
@@ -6,6 +6,8 @@ const logViolation = require('~/cache/logViolation');
 const { isEnabled } = require('~/server/utils');
 const { logger } = require('~/config');

+const { TOOL_CALL_VIOLATION_SCORE: score } = process.env;
+
 const handler = async (req, res) => {
  const type = ViolationTypes.TOOL_CALL_LIMIT;
  const errorMessage = {
@@ -15,7 +17,7 @@ const handler = async (req, res) => {
    windowInMinutes: 1,
  };

-  await logViolation(req, res, type, errorMessage, 0);
+  await logViolation(req, res, type, errorMessage, score);
  res.status(429).json({ message: 'Too many tool call requests. Try again later' });
 };

--- a/api/server/middleware/limiters/ttsLimiters.js
+++ b/api/server/middleware/limiters/ttsLimiters.js
@@ -11,6 +11,7 @@ const getEnvironmentVariables = () => {
  const TTS_IP_WINDOW = parseInt(process.env.TTS_IP_WINDOW) || 1;
  const TTS_USER_MAX = parseInt(process.env.TTS_USER_MAX) || 50;
  const TTS_USER_WINDOW = parseInt(process.env.TTS_USER_WINDOW) || 1;
+  const TTS_VIOLATION_SCORE = process.env.TTS_VIOLATION_SCORE;

  const ttsIpWindowMs = TTS_IP_WINDOW * 60 * 1000;
  const ttsIpMax = TTS_IP_MAX;
@@ -27,11 +28,12 @@ const getEnvironmentVariables = () => {
    ttsUserWindowMs,
    ttsUserMax,
    ttsUserWindowInMinutes,
+    ttsViolationScore: TTS_VIOLATION_SCORE,
  };
 };

 const createTTSHandler = (ip = true) => {
-  const { ttsIpMax, ttsIpWindowInMinutes, ttsUserMax, ttsUserWindowInMinutes } =
+  const { ttsIpMax, ttsIpWindowInMinutes, ttsUserMax, ttsUserWindowInMinutes, ttsViolationScore } =
    getEnvironmentVariables();

  return async (req, res) => {
@@ -43,7 +45,7 @@ const createTTSHandler = (ip = true) => {
      windowInMinutes: ip ? ttsIpWindowInMinutes : ttsUserWindowInMinutes,
    };

-    await logViolation(req, res, type, errorMessage);
+    await logViolation(req, res, type, errorMessage, ttsViolationScore);
    res.status(429).json({ message: 'Too many TTS requests. Try again later' });
  };
 };
--- a/api/server/middleware/limiters/uploadLimiters.js
+++ b/api/server/middleware/limiters/uploadLimiters.js
@@ -11,6 +11,7 @@ const getEnvironmentVariables = () => {
  const FILE_UPLOAD_IP_WINDOW = parseInt(process.env.FILE_UPLOAD_IP_WINDOW) || 15;
  const FILE_UPLOAD_USER_MAX = parseInt(process.env.FILE_UPLOAD_USER_MAX) || 50;
  const FILE_UPLOAD_USER_WINDOW = parseInt(process.env.FILE_UPLOAD_USER_WINDOW) || 15;
+  const FILE_UPLOAD_VIOLATION_SCORE = process.env.FILE_UPLOAD_VIOLATION_SCORE;

  const fileUploadIpWindowMs = FILE_UPLOAD_IP_WINDOW * 60 * 1000;
  const fileUploadIpMax = FILE_UPLOAD_IP_MAX;
@@ -27,6 +28,7 @@ const getEnvironmentVariables = () => {
    fileUploadUserWindowMs,
    fileUploadUserMax,
    fileUploadUserWindowInMinutes,
+    fileUploadViolationScore: FILE_UPLOAD_VIOLATION_SCORE,
  };
 };

@@ -36,6 +38,7 @@ const createFileUploadHandler = (ip = true) => {
    fileUploadIpWindowInMinutes,
    fileUploadUserMax,
    fileUploadUserWindowInMinutes,
+    fileUploadViolationScore,
  } = getEnvironmentVariables();

  return async (req, res) => {
@@ -47,7 +50,7 @@ const createFileUploadHandler = (ip = true) => {
      windowInMinutes: ip ? fileUploadIpWindowInMinutes : fileUploadUserWindowInMinutes,
    };

-    await logViolation(req, res, type, errorMessage);
+    await logViolation(req, res, type, errorMessage, fileUploadViolationScore);
    res.status(429).json({ message: 'Too many file upload requests. Try again later' });
  };
 };
--- a/api/server/middleware/roles/access.js
+++ b/api/server/middleware/roles/access.js
@@ -1,78 +0,0 @@
-const { getRoleByName } = require('~/models/Role');
-const { logger } = require('~/config');
-
-/**
- * Core function to check if a user has one or more required permissions
- *
- * @param {object} user - The user object
- * @param {PermissionTypes} permissionType - The type of permission to check
- * @param {Permissions[]} permissions - The list of specific permissions to check
- * @param {Record<Permissions, string[]>} [bodyProps] - An optional object where keys are permissions and values are arrays of properties to check
- * @param {object} [checkObject] - The object to check properties against
- * @returns {Promise<boolean>} Whether the user has the required permissions
- */
-const checkAccess = async (user, permissionType, permissions, bodyProps = {}, checkObject = {}) => {
-  if (!user) {
-    return false;
-  }
-
-  const role = await getRoleByName(user.role);
-  if (role && role.permissions && role.permissions[permissionType]) {
-    const hasAnyPermission = permissions.some((permission) => {
-      if (role.permissions[permissionType][permission]) {
-        return true;
-      }
-
-      if (bodyProps[permission] && checkObject) {
-        return bodyProps[permission].some((prop) =>
-          Object.prototype.hasOwnProperty.call(checkObject, prop),
-        );
-      }
-
-      return false;
-    });
-
-    return hasAnyPermission;
-  }
-
-  return false;
-};
-
-/**
- * Middleware to check if a user has one or more required permissions, optionally based on `req.body` properties.
- *
- * @param {PermissionTypes} permissionType - The type of permission to check.
- * @param {Permissions[]} permissions - The list of specific permissions to check.
- * @param {Record<Permissions, string[]>} [bodyProps] - An optional object where keys are permissions and values are arrays of `req.body` properties to check.
- * @returns {(req: ServerRequest, res: ServerResponse, next: NextFunction) => Promise<void>} Express middleware function.
- */
-const generateCheckAccess = (permissionType, permissions, bodyProps = {}) => {
-  return async (req, res, next) => {
-    try {
-      const hasAccess = await checkAccess(
-        req.user,
-        permissionType,
-        permissions,
-        bodyProps,
-        req.body,
-      );
-
-      if (hasAccess) {
-        return next();
-      }
-
-      logger.warn(
-        `[${permissionType}] Forbidden: Insufficient permissions for User ${req.user.id}: ${permissions.join(', ')}`,
-      );
-      return res.status(403).json({ message: 'Forbidden: Insufficient permissions' });
-    } catch (error) {
-      logger.error(error);
-      return res.status(500).json({ message: `Server error: ${error.message}` });
-    }
-  };
-};
-
-module.exports = {
-  checkAccess,
-  generateCheckAccess,
-};
--- a/api/server/middleware/roles/index.js
+++ b/api/server/middleware/roles/index.js
@@ -1,8 +1,5 @@
 const checkAdmin = require('./admin');
-const { checkAccess, generateCheckAccess } = require('./access');

 module.exports = {
  checkAdmin,
-  checkAccess,
-  generateCheckAccess,
 };
--- a/api/server/middleware/uaParser.js
+++ b/api/server/middleware/uaParser.js
@@ -1,5 +1,5 @@
 const uap = require('ua-parser-js');
-const { handleError } = require('../utils');
+const { handleError } = require('@librechat/api');
 const { logViolation } = require('../../cache');

 /**
--- a/api/server/middleware/validateEndpoint.js
+++ b/api/server/middleware/validateEndpoint.js
@@ -1,4 +1,4 @@
-const { handleError } = require('../utils');
+const { handleError } = require('@librechat/api');

 function validateEndpoint(req, res, next) {
  const { endpoint: _endpoint, endpointType } = req.body;
--- a/api/server/middleware/validateModel.js
+++ b/api/server/middleware/validateModel.js
@@ -1,6 +1,6 @@
+const { handleError } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
 const { getModelsConfig } = require('~/server/controllers/ModelController');
-const { handleError } = require('~/server/utils');
 const { logViolation } = require('~/cache');
 /**
 * Validates the model of the request.
--- a/api/server/routes/tests/static.spec.js
+++ b/api/server/routes/tests/static.spec.js
@@ -0,0 +1,162 @@
+const fs = require('fs');
+const path = require('path');
+const express = require('express');
+const request = require('supertest');
+const zlib = require('zlib');
+
+// Create test setup
+const mockTestDir = path.join(__dirname, 'test-static-route');
+
+// Mock the paths module to point to our test directory
+jest.mock('~/config/paths', () => ({
+  imageOutput: mockTestDir,
+}));
+
+describe('Static Route Integration', () => {
+  let app;
+  let staticRoute;
+  let testDir;
+  let testImagePath;
+
+  beforeAll(() => {
+    // Create a test directory and files
+    testDir = mockTestDir;
+    testImagePath = path.join(testDir, 'test-image.jpg');
+
+    if (!fs.existsSync(testDir)) {
+      fs.mkdirSync(testDir, { recursive: true });
+    }
+
+    // Create a test image file
+    fs.writeFileSync(testImagePath, 'fake-image-data');
+
+    // Create a gzipped version of the test image (for gzip scanning tests)
+    fs.writeFileSync(testImagePath + '.gz', zlib.gzipSync('fake-image-data'));
+  });
+
+  afterAll(() => {
+    // Clean up test files
+    if (fs.existsSync(testDir)) {
+      fs.rmSync(testDir, { recursive: true, force: true });
+    }
+  });
+
+  // Helper function to set up static route with specific config
+  const setupStaticRoute = (skipGzipScan = false) => {
+    if (skipGzipScan) {
+      delete process.env.ENABLE_IMAGE_OUTPUT_GZIP_SCAN;
+    } else {
+      process.env.ENABLE_IMAGE_OUTPUT_GZIP_SCAN = 'true';
+    }
+
+    staticRoute = require('../static');
+    app.use('/images', staticRoute);
+  };
+
+  beforeEach(() => {
+    // Clear the module cache to get fresh imports
+    jest.resetModules();
+
+    app = express();
+
+    // Clear environment variables
+    delete process.env.ENABLE_IMAGE_OUTPUT_GZIP_SCAN;
+    delete process.env.NODE_ENV;
+  });
+
+  describe('route functionality', () => {
+    it('should serve static image files', async () => {
+      process.env.NODE_ENV = 'production';
+      setupStaticRoute();
+
+      const response = await request(app).get('/images/test-image.jpg').expect(200);
+
+      expect(response.body.toString()).toBe('fake-image-data');
+    });
+
+    it('should return 404 for non-existent files', async () => {
+      setupStaticRoute();
+
+      const response = await request(app).get('/images/nonexistent.jpg');
+      expect(response.status).toBe(404);
+    });
+  });
+
+  describe('cache behavior', () => {
+    it('should set cache headers for images in production', async () => {
+      process.env.NODE_ENV = 'production';
+      setupStaticRoute();
+
+      const response = await request(app).get('/images/test-image.jpg').expect(200);
+
+      expect(response.headers['cache-control']).toBe('public, max-age=172800, s-maxage=86400');
+    });
+
+    it('should not set cache headers in development', async () => {
+      process.env.NODE_ENV = 'development';
+      setupStaticRoute();
+
+      const response = await request(app).get('/images/test-image.jpg').expect(200);
+
+      // Our middleware should not set the production cache-control header in development
+      expect(response.headers['cache-control']).not.toBe('public, max-age=172800, s-maxage=86400');
+    });
+  });
+
+  describe('gzip compression behavior', () => {
+    beforeEach(() => {
+      process.env.NODE_ENV = 'production';
+    });
+
+    it('should serve gzipped files when gzip scanning is enabled', async () => {
+      setupStaticRoute(false); // Enable gzip scanning
+
+      const response = await request(app)
+        .get('/images/test-image.jpg')
+        .set('Accept-Encoding', 'gzip')
+        .expect(200);
+
+      expect(response.headers['content-encoding']).toBe('gzip');
+      expect(response.body.toString()).toBe('fake-image-data');
+    });
+
+    it('should not serve gzipped files when gzip scanning is disabled', async () => {
+      setupStaticRoute(true); // Disable gzip scanning
+
+      const response = await request(app)
+        .get('/images/test-image.jpg')
+        .set('Accept-Encoding', 'gzip')
+        .expect(200);
+
+      expect(response.headers['content-encoding']).toBeUndefined();
+      expect(response.body.toString()).toBe('fake-image-data');
+    });
+  });
+
+  describe('path configuration', () => {
+    it('should use the configured imageOutput path', async () => {
+      setupStaticRoute();
+
+      const response = await request(app).get('/images/test-image.jpg').expect(200);
+
+      expect(response.body.toString()).toBe('fake-image-data');
+    });
+
+    it('should serve from subdirectories', async () => {
+      // Create a subdirectory with a file
+      const subDir = path.join(testDir, 'thumbs');
+      fs.mkdirSync(subDir, { recursive: true });
+      const thumbPath = path.join(subDir, 'thumb.jpg');
+      fs.writeFileSync(thumbPath, 'thumbnail-data');
+
+      setupStaticRoute();
+
+      const response = await request(app).get('/images/thumbs/thumb.jpg').expect(200);
+
+      expect(response.body.toString()).toBe('thumbnail-data');
+
+      // Clean up
+      fs.rmSync(subDir, { recursive: true, force: true });
+    });
+  });
+});
--- a/api/server/routes/actions.js
+++ b/api/server/routes/actions.js
@@ -1,8 +1,10 @@
 const express = require('express');
 const jwt = require('jsonwebtoken');
+const { getAccessToken } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { CacheKeys } = require('librechat-data-provider');
-const { getAccessToken } = require('~/server/services/TokenService');
-const { logger, getFlowStateManager } = require('~/config');
+const { findToken, updateToken, createToken } = require('~/models');
+const { getFlowStateManager } = require('~/config');
 const { getLogStores } = require('~/cache');

 const router = express.Router();
@@ -28,18 +30,19 @@ router.get('/:action_id/oauth/callback', async (req, res) => {
    try {
      decodedState = jwt.verify(state, JWT_SECRET);
    } catch (err) {
+      logger.error('Error verifying state parameter:', err);
      await flowManager.failFlow(identifier, 'oauth', 'Invalid or expired state parameter');
-      return res.status(400).send('Invalid or expired state parameter');
+      return res.redirect('/oauth/error?error=invalid_state');
    }

    if (decodedState.action_id !== action_id) {
      await flowManager.failFlow(identifier, 'oauth', 'Mismatched action ID in state parameter');
-      return res.status(400).send('Mismatched action ID in state parameter');
+      return res.redirect('/oauth/error?error=invalid_state');
    }

    if (!decodedState.user) {
      await flowManager.failFlow(identifier, 'oauth', 'Invalid user ID in state parameter');
-      return res.status(400).send('Invalid user ID in state parameter');
+      return res.redirect('/oauth/error?error=invalid_state');
    }
    identifier = `${decodedState.user}:${action_id}`;
    const flowState = await flowManager.getFlowState(identifier, 'oauth');
@@ -47,91 +50,34 @@ router.get('/:action_id/oauth/callback', async (req, res) => {
      throw new Error('OAuth flow not found');
    }

-    const tokenData = await getAccessToken({
-      code,
-      userId: decodedState.user,
-      identifier,
-      client_url: flowState.metadata.client_url,
-      redirect_uri: flowState.metadata.redirect_uri,
-      token_exchange_method: flowState.metadata.token_exchange_method,
-      /** Encrypted values */
-      encrypted_oauth_client_id: flowState.metadata.encrypted_oauth_client_id,
-      encrypted_oauth_client_secret: flowState.metadata.encrypted_oauth_client_secret,
-    });
+    const tokenData = await getAccessToken(
+      {
+        code,
+        userId: decodedState.user,
+        identifier,
+        client_url: flowState.metadata.client_url,
+        redirect_uri: flowState.metadata.redirect_uri,
+        token_exchange_method: flowState.metadata.token_exchange_method,
+        /** Encrypted values */
+        encrypted_oauth_client_id: flowState.metadata.encrypted_oauth_client_id,
+        encrypted_oauth_client_secret: flowState.metadata.encrypted_oauth_client_secret,
+      },
+      {
+        findToken,
+        updateToken,
+        createToken,
+      },
+    );
    await flowManager.completeFlow(identifier, 'oauth', tokenData);
-    res.send(`
-      <!DOCTYPE html>
-      <html>
-        <head>
-          <title>Authentication Successful</title>
-          <meta name="viewport" content="width=device-width, initial-scale=1.0">
-          <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-          <style>
-            body {
-              font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont;
-              background-color: rgb(249, 250, 251);
-              margin: 0;
-              padding: 2rem;
-              display: flex;
-              justify-content: center;
-              align-items: center;
-              min-height: 100vh;
-            }
-            .card {
-              background-color: white;
-              border-radius: 0.5rem;
-              padding: 2rem;
-              max-width: 28rem;
-              width: 100%;
-              box-shadow: 0 4px 6px -1px rgb(0 0 0 / 0.1), 0 2px 4px -2px rgb(0 0 0 / 0.1);
-              text-align: center;
-            }
-            .heading {
-              color: rgb(17, 24, 39);
-              font-size: 1.875rem;
-              font-weight: 700;
-              margin: 0 0 1rem;
-            }
-            .description {
-              color: rgb(75, 85, 99);
-              font-size: 0.875rem;
-              margin: 0.5rem 0;
-            }
-            .countdown {
-              color: rgb(99, 102, 241);
-              font-weight: 500;
-            }
-          </style>
-        </head>
-        <body>
-          <div class="card">
-            <h1 class="heading">Authentication Successful</h1>
-            <p class="description">
-              Your authentication was successful. This window will close in 
-              <span class="countdown" id="countdown">3</span> seconds.
-            </p>
-          </div>
-          <script>
-            let secondsLeft = 3;
-            const countdownElement = document.getElementById('countdown');
-            
-            const countdown = setInterval(() => {
-              secondsLeft--;
-              countdownElement.textContent = secondsLeft;
-              
-              if (secondsLeft <= 0) {
-                clearInterval(countdown);
-                window.close();
-              }
-            }, 1000);
-          </script>
-        </body>
-      </html>
-    `);
+
+    /** Redirect to React success page */
+    const serverName = flowState.metadata?.action_name || `Action ${action_id}`;
+    const redirectUrl = `/oauth/success?serverName=${encodeURIComponent(serverName)}`;
+    res.redirect(redirectUrl);
  } catch (error) {
    logger.error('Error in OAuth callback:', error);
    await flowManager.failFlow(identifier, 'oauth', error);
-    res.status(500).send('Authentication failed. Please try again.');
+    res.redirect('/oauth/error?error=callback_failed');
  }
 });

--- a/api/server/routes/agents/actions.js
+++ b/api/server/routes/agents/actions.js
@@ -1,14 +1,28 @@
 const express = require('express');
 const { nanoid } = require('nanoid');
-const { actionDelimiter, SystemRoles, removeNullishValues } = require('librechat-data-provider');
+const { logger } = require('@librechat/data-schemas');
+const { generateCheckAccess } = require('@librechat/api');
+const {
+  SystemRoles,
+  Permissions,
+  PermissionTypes,
+  actionDelimiter,
+  removeNullishValues,
+} = require('librechat-data-provider');
 const { encryptMetadata, domainParser } = require('~/server/services/ActionService');
 const { updateAction, getActions, deleteAction } = require('~/models/Action');
 const { isActionDomainAllowed } = require('~/server/services/domains');
 const { getAgent, updateAgent } = require('~/models/Agent');
-const { logger } = require('~/config');
+const { getRoleByName } = require('~/models/Role');

 const router = express.Router();

+const checkAgentCreate = generateCheckAccess({
+  permissionType: PermissionTypes.AGENTS,
+  permissions: [Permissions.USE, Permissions.CREATE],
+  getRoleByName,
+});
+
 // If the user has ADMIN role
 // then action edition is possible even if not owner of the assistant
 const isAdmin = (req) => {
@@ -41,7 +55,7 @@ router.get('/', async (req, res) => {
 * @param {ActionMetadata} req.body.metadata - Metadata for the action.
 * @returns {Object} 200 - success response - application/json
 */
-router.post('/:agent_id', async (req, res) => {
+router.post('/:agent_id', checkAgentCreate, async (req, res) => {
  try {
    const { agent_id } = req.params;

@@ -149,7 +163,7 @@ router.post('/:agent_id', async (req, res) => {
 * @param {string} req.params.action_id - The ID of the action to delete.
 * @returns {Object} 200 - success response - application/json
 */
-router.delete('/:agent_id/:action_id', async (req, res) => {
+router.delete('/:agent_id/:action_id', checkAgentCreate, async (req, res) => {
  try {
    const { agent_id, action_id } = req.params;
    const admin = isAdmin(req);
--- a/api/server/routes/agents/chat.js
+++ b/api/server/routes/agents/chat.js
@@ -1,22 +1,28 @@
 const express = require('express');
+const { generateCheckAccess, skipAgentCheck } = require('@librechat/api');
 const { PermissionTypes, Permissions } = require('librechat-data-provider');
 const {
  setHeaders,
  moderateText,
  // validateModel,
-  generateCheckAccess,
  validateConvoAccess,
  buildEndpointOption,
 } = require('~/server/middleware');
 const { initializeClient } = require('~/server/services/Endpoints/agents');
 const AgentController = require('~/server/controllers/agents/request');
 const addTitle = require('~/server/services/Endpoints/agents/title');
+const { getRoleByName } = require('~/models/Role');

 const router = express.Router();

 router.use(moderateText);

-const checkAgentAccess = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.USE]);
+const checkAgentAccess = generateCheckAccess({
+  permissionType: PermissionTypes.AGENTS,
+  permissions: [Permissions.USE],
+  skipCheck: skipAgentCheck,
+  getRoleByName,
+});

 router.use(checkAgentAccess);
 router.use(validateConvoAccess);
--- a/api/server/routes/agents/v1.js
+++ b/api/server/routes/agents/v1.js
@@ -1,29 +1,36 @@
 const express = require('express');
+const { generateCheckAccess } = require('@librechat/api');
 const { PermissionTypes, Permissions } = require('librechat-data-provider');
-const { requireJwtAuth, generateCheckAccess } = require('~/server/middleware');
+const { requireJwtAuth } = require('~/server/middleware');
 const v1 = require('~/server/controllers/agents/v1');
+const { getRoleByName } = require('~/models/Role');
 const actions = require('./actions');
 const tools = require('./tools');

 const router = express.Router();
 const avatar = express.Router();

-const checkAgentAccess = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.USE]);
-const checkAgentCreate = generateCheckAccess(PermissionTypes.AGENTS, [
-  Permissions.USE,
-  Permissions.CREATE,
-]);
+const checkAgentAccess = generateCheckAccess({
+  permissionType: PermissionTypes.AGENTS,
+  permissions: [Permissions.USE],
+  getRoleByName,
+});
+const checkAgentCreate = generateCheckAccess({
+  permissionType: PermissionTypes.AGENTS,
+  permissions: [Permissions.USE, Permissions.CREATE],
+  getRoleByName,
+});

-const checkGlobalAgentShare = generateCheckAccess(
-  PermissionTypes.AGENTS,
-  [Permissions.USE, Permissions.CREATE],
-  {
+const checkGlobalAgentShare = generateCheckAccess({
+  permissionType: PermissionTypes.AGENTS,
+  permissions: [Permissions.USE, Permissions.CREATE],
+  bodyProps: {
    [Permissions.SHARED_GLOBAL]: ['projectIds', 'removeProjectIds'],
  },
-);
+  getRoleByName,
+});

 router.use(requireJwtAuth);
-router.use(checkAgentAccess);

 /**
 * Agent actions route.
--- a/api/server/routes/ask/addToCache.js
+++ b/api/server/routes/ask/addToCache.js
@@ -1,63 +0,0 @@
-const { Keyv } = require('keyv');
-const { KeyvFile } = require('keyv-file');
-const { logger } = require('~/config');
-
-const addToCache = async ({ endpoint, endpointOption, userMessage, responseMessage }) => {
-  try {
-    const conversationsCache = new Keyv({
-      store: new KeyvFile({ filename: './data/cache.json' }),
-      namespace: 'chatgpt', // should be 'bing' for bing/sydney
-    });
-
-    const {
-      conversationId,
-      messageId: userMessageId,
-      parentMessageId: userParentMessageId,
-      text: userText,
-    } = userMessage;
-    const {
-      messageId: responseMessageId,
-      parentMessageId: responseParentMessageId,
-      text: responseText,
-    } = responseMessage;
-
-    let conversation = await conversationsCache.get(conversationId);
-    // used to generate a title for the conversation if none exists
-    // let isNewConversation = false;
-    if (!conversation) {
-      conversation = {
-        messages: [],
-        createdAt: Date.now(),
-      };
-      // isNewConversation = true;
-    }
-
-    const roles = (options) => {
-      if (endpoint === 'openAI') {
-        return options?.chatGptLabel || 'ChatGPT';
-      }
-    };
-
-    let _userMessage = {
-      id: userMessageId,
-      parentMessageId: userParentMessageId,
-      role: 'User',
-      message: userText,
-    };
-
-    let _responseMessage = {
-      id: responseMessageId,
-      parentMessageId: responseParentMessageId,
-      role: roles(endpointOption),
-      message: responseText,
-    };
-
-    conversation.messages.push(_userMessage, _responseMessage);
-
-    await conversationsCache.set(conversationId, conversation);
-  } catch (error) {
-    logger.error('[addToCache] Error adding conversation to cache', error);
-  }
-};
-
-module.exports = addToCache;
--- a/api/server/routes/ask/anthropic.js
+++ b/api/server/routes/ask/anthropic.js
@@ -1,25 +0,0 @@
-const express = require('express');
-const AskController = require('~/server/controllers/AskController');
-const { addTitle, initializeClient } = require('~/server/services/Endpoints/anthropic');
-const {
-  setHeaders,
-  handleAbort,
-  validateModel,
-  validateEndpoint,
-  buildEndpointOption,
-} = require('~/server/middleware');
-
-const router = express.Router();
-
-router.post(
-  '/',
-  validateEndpoint,
-  validateModel,
-  buildEndpointOption,
-  setHeaders,
-  async (req, res, next) => {
-    await AskController(req, res, next, initializeClient, addTitle);
-  },
-);
-
-module.exports = router;
--- a/api/server/routes/ask/custom.js
+++ b/api/server/routes/ask/custom.js
@@ -1,25 +0,0 @@
-const express = require('express');
-const AskController = require('~/server/controllers/AskController');
-const { initializeClient } = require('~/server/services/Endpoints/custom');
-const { addTitle } = require('~/server/services/Endpoints/openAI');
-const {
-  setHeaders,
-  validateModel,
-  validateEndpoint,
-  buildEndpointOption,
-} = require('~/server/middleware');
-
-const router = express.Router();
-
-router.post(
-  '/',
-  validateEndpoint,
-  validateModel,
-  buildEndpointOption,
-  setHeaders,
-  async (req, res, next) => {
-    await AskController(req, res, next, initializeClient, addTitle);
-  },
-);
-
-module.exports = router;
--- a/api/server/routes/ask/google.js
+++ b/api/server/routes/ask/google.js
@@ -1,24 +0,0 @@
-const express = require('express');
-const AskController = require('~/server/controllers/AskController');
-const { initializeClient, addTitle } = require('~/server/services/Endpoints/google');
-const {
-  setHeaders,
-  validateModel,
-  validateEndpoint,
-  buildEndpointOption,
-} = require('~/server/middleware');
-
-const router = express.Router();
-
-router.post(
-  '/',
-  validateEndpoint,
-  validateModel,
-  buildEndpointOption,
-  setHeaders,
-  async (req, res, next) => {
-    await AskController(req, res, next, initializeClient, addTitle);
-  },
-);
-
-module.exports = router;
--- a/api/server/routes/ask/gptPlugins.js
+++ b/api/server/routes/ask/gptPlugins.js
@@ -1,241 +0,0 @@
-const express = require('express');
-const { getResponseSender, Constants } = require('librechat-data-provider');
-const { initializeClient } = require('~/server/services/Endpoints/gptPlugins');
-const { sendMessage, createOnProgress } = require('~/server/utils');
-const { addTitle } = require('~/server/services/Endpoints/openAI');
-const { saveMessage, updateMessage } = require('~/models');
-const {
-  handleAbort,
-  createAbortController,
-  handleAbortError,
-  setHeaders,
-  validateModel,
-  validateEndpoint,
-  buildEndpointOption,
-  moderateText,
-} = require('~/server/middleware');
-const { validateTools } = require('~/app');
-const { logger } = require('~/config');
-
-const router = express.Router();
-
-router.use(moderateText);
-
-router.post(
-  '/',
-  validateEndpoint,
-  validateModel,
-  buildEndpointOption,
-  setHeaders,
-  async (req, res) => {
-    let {
-      text,
-      endpointOption,
-      conversationId,
-      parentMessageId = null,
-      overrideParentMessageId = null,
-    } = req.body;
-
-    logger.debug('[/ask/gptPlugins]', { text, conversationId, ...endpointOption });
-
-    let userMessage;
-    let userMessagePromise;
-    let promptTokens;
-    let userMessageId;
-    let responseMessageId;
-    const sender = getResponseSender({
-      ...endpointOption,
-      model: endpointOption.modelOptions.model,
-    });
-    const newConvo = !conversationId;
-    const user = req.user.id;
-
-    const plugins = [];
-
-    const getReqData = (data = {}) => {
-      for (let key in data) {
-        if (key === 'userMessage') {
-          userMessage = data[key];
-          userMessageId = data[key].messageId;
-        } else if (key === 'userMessagePromise') {
-          userMessagePromise = data[key];
-        } else if (key === 'responseMessageId') {
-          responseMessageId = data[key];
-        } else if (key === 'promptTokens') {
-          promptTokens = data[key];
-        } else if (!conversationId && key === 'conversationId') {
-          conversationId = data[key];
-        }
-      }
-    };
-
-    let streaming = null;
-    let timer = null;
-
-    const {
-      onProgress: progressCallback,
-      sendIntermediateMessage,
-      getPartialText,
-    } = createOnProgress({
-      onProgress: () => {
-        if (timer) {
-          clearTimeout(timer);
-        }
-
-        streaming = new Promise((resolve) => {
-          timer = setTimeout(() => {
-            resolve();
-          }, 250);
-        });
-      },
-    });
-
-    const pluginMap = new Map();
-    const onAgentAction = async (action, runId) => {
-      pluginMap.set(runId, action.tool);
-      sendIntermediateMessage(res, {
-        plugins,
-        parentMessageId: userMessage.messageId,
-        messageId: responseMessageId,
-      });
-    };
-
-    const onToolStart = async (tool, input, runId, parentRunId) => {
-      const pluginName = pluginMap.get(parentRunId);
-      const latestPlugin = {
-        runId,
-        loading: true,
-        inputs: [input],
-        latest: pluginName,
-        outputs: null,
-      };
-
-      if (streaming) {
-        await streaming;
-      }
-      const extraTokens = ':::plugin:::\n';
-      plugins.push(latestPlugin);
-      sendIntermediateMessage(
-        res,
-        { plugins, parentMessageId: userMessage.messageId, messageId: responseMessageId },
-        extraTokens,
-      );
-    };
-
-    const onToolEnd = async (output, runId) => {
-      if (streaming) {
-        await streaming;
-      }
-
-      const pluginIndex = plugins.findIndex((plugin) => plugin.runId === runId);
-
-      if (pluginIndex !== -1) {
-        plugins[pluginIndex].loading = false;
-        plugins[pluginIndex].outputs = output;
-      }
-    };
-
-    const getAbortData = () => ({
-      sender,
-      conversationId,
-      userMessagePromise,
-      messageId: responseMessageId,
-      parentMessageId: overrideParentMessageId ?? userMessageId,
-      text: getPartialText(),
-      plugins: plugins.map((p) => ({ ...p, loading: false })),
-      userMessage,
-      promptTokens,
-    });
-    const { abortController, onStart } = createAbortController(req, res, getAbortData, getReqData);
-
-    try {
-      endpointOption.tools = await validateTools(user, endpointOption.tools);
-      const { client } = await initializeClient({ req, res, endpointOption });
-
-      const onChainEnd = () => {
-        if (!client.skipSaveUserMessage) {
-          saveMessage(
-            req,
-            { ...userMessage, user },
-            { context: 'api/server/routes/ask/gptPlugins.js - onChainEnd' },
-          );
-        }
-        sendIntermediateMessage(res, {
-          plugins,
-          parentMessageId: userMessage.messageId,
-          messageId: responseMessageId,
-        });
-      };
-
-      let response = await client.sendMessage(text, {
-        user,
-        conversationId,
-        parentMessageId,
-        overrideParentMessageId,
-        getReqData,
-        onAgentAction,
-        onChainEnd,
-        onToolStart,
-        onToolEnd,
-        onStart,
-        getPartialText,
-        ...endpointOption,
-        progressCallback,
-        progressOptions: {
-          res,
-          // parentMessageId: overrideParentMessageId || userMessageId,
-          plugins,
-        },
-        abortController,
-      });
-
-      if (overrideParentMessageId) {
-        response.parentMessageId = overrideParentMessageId;
-      }
-
-      logger.debug('[/ask/gptPlugins]', response);
-
-      const { conversation = {} } = await response.databasePromise;
-      delete response.databasePromise;
-      conversation.title =
-        conversation && !conversation.title ? null : conversation?.title || 'New Chat';
-
-      sendMessage(res, {
-        title: conversation.title,
-        final: true,
-        conversation,
-        requestMessage: userMessage,
-        responseMessage: response,
-      });
-      res.end();
-
-      if (parentMessageId === Constants.NO_PARENT && newConvo) {
-        addTitle(req, {
-          text,
-          response,
-          client,
-        });
-      }
-
-      response.plugins = plugins.map((p) => ({ ...p, loading: false }));
-      if (response.plugins?.length > 0) {
-        await updateMessage(
-          req,
-          { ...response, user },
-          { context: 'api/server/routes/ask/gptPlugins.js - save plugins used' },
-        );
-      }
-    } catch (error) {
-      const partialText = getPartialText();
-      handleAbortError(res, req, error, {
-        partialText,
-        conversationId,
-        sender,
-        messageId: responseMessageId,
-        parentMessageId: userMessageId ?? parentMessageId,
-      });
-    }
-  },
-);
-
-module.exports = router;
--- a/api/server/routes/ask/index.js
+++ b/api/server/routes/ask/index.js
@@ -1,47 +0,0 @@
-const express = require('express');
-const { EModelEndpoint } = require('librechat-data-provider');
-const {
-  uaParser,
-  checkBan,
-  requireJwtAuth,
-  messageIpLimiter,
-  concurrentLimiter,
-  messageUserLimiter,
-  validateConvoAccess,
-} = require('~/server/middleware');
-const { isEnabled } = require('~/server/utils');
-const gptPlugins = require('./gptPlugins');
-const anthropic = require('./anthropic');
-const custom = require('./custom');
-const google = require('./google');
-const openAI = require('./openAI');
-
-const { LIMIT_CONCURRENT_MESSAGES, LIMIT_MESSAGE_IP, LIMIT_MESSAGE_USER } = process.env ?? {};
-
-const router = express.Router();
-
-router.use(requireJwtAuth);
-router.use(checkBan);
-router.use(uaParser);
-
-if (isEnabled(LIMIT_CONCURRENT_MESSAGES)) {
-  router.use(concurrentLimiter);
-}
-
-if (isEnabled(LIMIT_MESSAGE_IP)) {
-  router.use(messageIpLimiter);
-}
-
-if (isEnabled(LIMIT_MESSAGE_USER)) {
-  router.use(messageUserLimiter);
-}
-
-router.use(validateConvoAccess);
-
-router.use([`/${EModelEndpoint.azureOpenAI}`, `/${EModelEndpoint.openAI}`], openAI);
-router.use(`/${EModelEndpoint.gptPlugins}`, gptPlugins);
-router.use(`/${EModelEndpoint.anthropic}`, anthropic);
-router.use(`/${EModelEndpoint.google}`, google);
-router.use(`/${EModelEndpoint.custom}`, custom);
-
-module.exports = router;
--- a/api/server/routes/ask/openAI.js
+++ b/api/server/routes/ask/openAI.js
@@ -1,27 +0,0 @@
-const express = require('express');
-const AskController = require('~/server/controllers/AskController');
-const { addTitle, initializeClient } = require('~/server/services/Endpoints/openAI');
-const {
-  handleAbort,
-  setHeaders,
-  validateModel,
-  validateEndpoint,
-  buildEndpointOption,
-  moderateText,
-} = require('~/server/middleware');
-
-const router = express.Router();
-router.use(moderateText);
-
-router.post(
-  '/',
-  validateEndpoint,
-  validateModel,
-  buildEndpointOption,
-  setHeaders,
-  async (req, res, next) => {
-    await AskController(req, res, next, initializeClient, addTitle);
-  },
-);
-
-module.exports = router;
--- a/api/server/routes/bedrock/chat.js
+++ b/api/server/routes/bedrock/chat.js
@@ -1,37 +0,0 @@
-const express = require('express');
-
-const router = express.Router();
-const {
-  setHeaders,
-  handleAbort,
-  moderateText,
-  // validateModel,
-  // validateEndpoint,
-  buildEndpointOption,
-} = require('~/server/middleware');
-const { initializeClient } = require('~/server/services/Endpoints/bedrock');
-const AgentController = require('~/server/controllers/agents/request');
-const addTitle = require('~/server/services/Endpoints/agents/title');
-
-router.use(moderateText);
-
-/**
- * @route POST /
- * @desc Chat with an assistant
- * @access Public
- * @param {express.Request} req - The request object, containing the request data.
- * @param {express.Response} res - The response object, used to send back a response.
- * @returns {void}
- */
-router.post(
-  '/',
-  // validateModel,
-  // validateEndpoint,
-  buildEndpointOption,
-  setHeaders,
-  async (req, res, next) => {
-    await AgentController(req, res, next, initializeClient, addTitle);
-  },
-);
-
-module.exports = router;
--- a/api/server/routes/bedrock/index.js
+++ b/api/server/routes/bedrock/index.js
@@ -1,35 +0,0 @@
-const express = require('express');
-const {
-  uaParser,
-  checkBan,
-  requireJwtAuth,
-  messageIpLimiter,
-  concurrentLimiter,
-  messageUserLimiter,
-} = require('~/server/middleware');
-const { isEnabled } = require('~/server/utils');
-const chat = require('./chat');
-
-const { LIMIT_CONCURRENT_MESSAGES, LIMIT_MESSAGE_IP, LIMIT_MESSAGE_USER } = process.env ?? {};
-
-const router = express.Router();
-
-router.use(requireJwtAuth);
-router.use(checkBan);
-router.use(uaParser);
-
-if (isEnabled(LIMIT_CONCURRENT_MESSAGES)) {
-  router.use(concurrentLimiter);
-}
-
-if (isEnabled(LIMIT_MESSAGE_IP)) {
-  router.use(messageIpLimiter);
-}
-
-if (isEnabled(LIMIT_MESSAGE_USER)) {
-  router.use(messageUserLimiter);
-}
-
-router.use('/chat', chat);
-
-module.exports = router;
--- a/api/server/routes/config.js
+++ b/api/server/routes/config.js
@@ -1,10 +1,11 @@
 const express = require('express');
+const { logger } = require('@librechat/data-schemas');
 const { CacheKeys, defaultSocialLogins, Constants } = require('librechat-data-provider');
+const { getCustomConfig } = require('~/server/services/Config/getCustomConfig');
 const { getLdapConfig } = require('~/server/services/Config/ldap');
 const { getProjectByName } = require('~/models/Project');
 const { isEnabled } = require('~/server/utils');
 const { getLogStores } = require('~/cache');
-const { logger } = require('~/config');

 const router = express.Router();
 const emailLoginEnabled =
@@ -21,6 +22,7 @@ const publicSharedLinksEnabled =

 router.get('/', async function (req, res) {
  const cache = getLogStores(CacheKeys.CONFIG_STORE);
+
  const cachedStartupConfig = await cache.get(CacheKeys.STARTUP_CONFIG);
  if (cachedStartupConfig) {
    res.send(cachedStartupConfig);
@@ -96,6 +98,18 @@ router.get('/', async function (req, res) {
      bundlerURL: process.env.SANDPACK_BUNDLER_URL,
      staticBundlerURL: process.env.SANDPACK_STATIC_BUNDLER_URL,
    };
+
+    payload.mcpServers = {};
+    const config = await getCustomConfig();
+    if (config?.mcpServers != null) {
+      for (const serverName in config.mcpServers) {
+        const serverConfig = config.mcpServers[serverName];
+        payload.mcpServers[serverName] = {
+          customUserVars: serverConfig?.customUserVars || {},
+        };
+      }
+    }
+
    /** @type {TCustomConfig['webSearch']} */
    const webSearchConfig = req.app.locals.webSearch;
    if (
--- a/api/server/routes/convos.js
+++ b/api/server/routes/convos.js
@@ -1,16 +1,17 @@
 const multer = require('multer');
 const express = require('express');
+const { sleep } = require('@librechat/agents');
+const { isEnabled } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { CacheKeys, EModelEndpoint } = require('librechat-data-provider');
 const { getConvosByCursor, deleteConvos, getConvo, saveConvo } = require('~/models/Conversation');
 const { forkConversation, duplicateConversation } = require('~/server/utils/import/fork');
+const { createImportLimiters, createForkLimiters } = require('~/server/middleware');
 const { storage, importFileFilter } = require('~/server/routes/files/multer');
 const requireJwtAuth = require('~/server/middleware/requireJwtAuth');
 const { importConversations } = require('~/server/utils/import');
-const { createImportLimiters } = require('~/server/middleware');
 const { deleteToolCalls } = require('~/models/ToolCall');
-const { isEnabled, sleep } = require('~/server/utils');
 const getLogStores = require('~/cache/getLogStores');
-const { logger } = require('~/config');

 const assistantClients = {
  [EModelEndpoint.azureAssistants]: require('~/server/services/Endpoints/azureAssistants'),
@@ -43,6 +44,7 @@ router.get('/', async (req, res) => {
    });
    res.status(200).json(result);
  } catch (error) {
+    logger.error('Error fetching conversations', error);
    res.status(500).json({ error: 'Error fetching conversations' });
  }
 });
@@ -156,6 +158,7 @@ router.post('/update', async (req, res) => {
 });

 const { importIpLimiter, importUserLimiter } = createImportLimiters();
+const { forkIpLimiter, forkUserLimiter } = createForkLimiters();
 const upload = multer({ storage: storage, fileFilter: importFileFilter });

 /**
@@ -189,7 +192,7 @@ router.post(
 * @param {express.Response<TForkConvoResponse>} res - Express response object.
 * @returns {Promise<void>} - The response after forking the conversation.
 */
-router.post('/fork', async (req, res) => {
+router.post('/fork', forkIpLimiter, forkUserLimiter, async (req, res) => {
  try {
    /** @type {TForkConvoRequest} */
    const { conversationId, messageId, option, splitAtTarget, latestMessageId } = req.body;
--- a/api/server/routes/edit/gptPlugins.js
+++ b/api/server/routes/edit/gptPlugins.js
@@ -1,207 +0,0 @@
-const express = require('express');
-const { getResponseSender } = require('librechat-data-provider');
-const {
-  setHeaders,
-  moderateText,
-  validateModel,
-  handleAbortError,
-  validateEndpoint,
-  buildEndpointOption,
-  createAbortController,
-} = require('~/server/middleware');
-const { sendMessage, createOnProgress, formatSteps, formatAction } = require('~/server/utils');
-const { initializeClient } = require('~/server/services/Endpoints/gptPlugins');
-const { saveMessage, updateMessage } = require('~/models');
-const { validateTools } = require('~/app');
-const { logger } = require('~/config');
-
-const router = express.Router();
-
-router.use(moderateText);
-
-router.post(
-  '/',
-  validateEndpoint,
-  validateModel,
-  buildEndpointOption,
-  setHeaders,
-  async (req, res) => {
-    let {
-      text,
-      generation,
-      endpointOption,
-      conversationId,
-      responseMessageId,
-      isContinued = false,
-      parentMessageId = null,
-      overrideParentMessageId = null,
-    } = req.body;
-
-    logger.debug('[/edit/gptPlugins]', {
-      text,
-      generation,
-      isContinued,
-      conversationId,
-      ...endpointOption,
-    });
-
-    let userMessage;
-    let userMessagePromise;
-    let promptTokens;
-    const sender = getResponseSender({
-      ...endpointOption,
-      model: endpointOption.modelOptions.model,
-    });
-    const userMessageId = parentMessageId;
-    const user = req.user.id;
-
-    const plugin = {
-      loading: true,
-      inputs: [],
-      latest: null,
-      outputs: null,
-    };
-
-    const getReqData = (data = {}) => {
-      for (let key in data) {
-        if (key === 'userMessage') {
-          userMessage = data[key];
-        } else if (key === 'userMessagePromise') {
-          userMessagePromise = data[key];
-        } else if (key === 'responseMessageId') {
-          responseMessageId = data[key];
-        } else if (key === 'promptTokens') {
-          promptTokens = data[key];
-        }
-      }
-    };
-
-    const {
-      onProgress: progressCallback,
-      sendIntermediateMessage,
-      getPartialText,
-    } = createOnProgress({
-      generation,
-      onProgress: () => {
-        if (plugin.loading === true) {
-          plugin.loading = false;
-        }
-      },
-    });
-
-    const onChainEnd = (data) => {
-      let { intermediateSteps: steps } = data;
-      plugin.outputs = steps && steps[0].action ? formatSteps(steps) : 'An error occurred.';
-      plugin.loading = false;
-      saveMessage(
-        req,
-        { ...userMessage, user },
-        { context: 'api/server/routes/ask/gptPlugins.js - onChainEnd' },
-      );
-      sendIntermediateMessage(res, {
-        plugin,
-        parentMessageId: userMessage.messageId,
-        messageId: responseMessageId,
-      });
-      // logger.debug('CHAIN END', plugin.outputs);
-    };
-
-    const getAbortData = () => ({
-      sender,
-      conversationId,
-      userMessagePromise,
-      messageId: responseMessageId,
-      parentMessageId: overrideParentMessageId ?? userMessageId,
-      text: getPartialText(),
-      plugin: { ...plugin, loading: false },
-      userMessage,
-      promptTokens,
-    });
-    const { abortController, onStart } = createAbortController(req, res, getAbortData, getReqData);
-
-    try {
-      endpointOption.tools = await validateTools(user, endpointOption.tools);
-      const { client } = await initializeClient({ req, res, endpointOption });
-
-      const onAgentAction = (action, start = false) => {
-        const formattedAction = formatAction(action);
-        plugin.inputs.push(formattedAction);
-        plugin.latest = formattedAction.plugin;
-        if (!start && !client.skipSaveUserMessage) {
-          saveMessage(
-            req,
-            { ...userMessage, user },
-            { context: 'api/server/routes/ask/gptPlugins.js - onAgentAction' },
-          );
-        }
-        sendIntermediateMessage(res, {
-          plugin,
-          parentMessageId: userMessage.messageId,
-          messageId: responseMessageId,
-        });
-        // logger.debug('PLUGIN ACTION', formattedAction);
-      };
-
-      let response = await client.sendMessage(text, {
-        user,
-        generation,
-        isContinued,
-        isEdited: true,
-        conversationId,
-        parentMessageId,
-        responseMessageId,
-        overrideParentMessageId,
-        getReqData,
-        onAgentAction,
-        onChainEnd,
-        onStart,
-        ...endpointOption,
-        progressCallback,
-        progressOptions: {
-          res,
-          plugin,
-          // parentMessageId: overrideParentMessageId || userMessageId,
-        },
-        abortController,
-      });
-
-      if (overrideParentMessageId) {
-        response.parentMessageId = overrideParentMessageId;
-      }
-
-      logger.debug('[/edit/gptPlugins] CLIENT RESPONSE', response);
-
-      const { conversation = {} } = await response.databasePromise;
-      delete response.databasePromise;
-      conversation.title =
-        conversation && !conversation.title ? null : conversation?.title || 'New Chat';
-
-      sendMessage(res, {
-        title: conversation.title,
-        final: true,
-        conversation,
-        requestMessage: userMessage,
-        responseMessage: response,
-      });
-      res.end();
-
-      response.plugin = { ...plugin, loading: false };
-      await updateMessage(
-        req,
-        { ...response, user },
-        { context: 'api/server/routes/edit/gptPlugins.js' },
-      );
-    } catch (error) {
-      const partialText = getPartialText();
-      handleAbortError(res, req, error, {
-        partialText,
-        conversationId,
-        sender,
-        messageId: responseMessageId,
-        parentMessageId: userMessageId ?? parentMessageId,
-      });
-    }
-  },
-);
-
-module.exports = router;
--- a/api/server/routes/edit/index.js
+++ b/api/server/routes/edit/index.js
@@ -3,7 +3,6 @@ const openAI = require('./openAI');
 const custom = require('./custom');
 const google = require('./google');
 const anthropic = require('./anthropic');
-const gptPlugins = require('./gptPlugins');
 const { isEnabled } = require('~/server/utils');
 const { EModelEndpoint } = require('librechat-data-provider');
 const {
@@ -39,7 +38,6 @@ if (isEnabled(LIMIT_MESSAGE_USER)) {
 router.use(validateConvoAccess);

 router.use([`/${EModelEndpoint.azureOpenAI}`, `/${EModelEndpoint.openAI}`], openAI);
-router.use(`/${EModelEndpoint.gptPlugins}`, gptPlugins);
 router.use(`/${EModelEndpoint.anthropic}`, anthropic);
 router.use(`/${EModelEndpoint.google}`, google);
 router.use(`/${EModelEndpoint.custom}`, custom);
--- a/api/server/routes/files/files.agents.test.js
+++ b/api/server/routes/files/files.agents.test.js
@@ -0,0 +1,282 @@
+const express = require('express');
+const request = require('supertest');
+const mongoose = require('mongoose');
+const { v4: uuidv4 } = require('uuid');
+const { MongoMemoryServer } = require('mongodb-memory-server');
+const { GLOBAL_PROJECT_NAME } = require('librechat-data-provider').Constants;
+
+// Mock dependencies
+jest.mock('~/server/services/Files/process', () => ({
+  processDeleteRequest: jest.fn().mockResolvedValue({}),
+  filterFile: jest.fn(),
+  processFileUpload: jest.fn(),
+  processAgentFileUpload: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/strategies', () => ({
+  getStrategyFunctions: jest.fn(() => ({})),
+}));
+
+jest.mock('~/server/controllers/assistants/helpers', () => ({
+  getOpenAIClient: jest.fn(),
+}));
+
+jest.mock('~/server/services/Tools/credentials', () => ({
+  loadAuthValues: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/S3/crud', () => ({
+  refreshS3FileUrls: jest.fn(),
+}));
+
+jest.mock('~/cache', () => ({
+  getLogStores: jest.fn(() => ({
+    get: jest.fn(),
+    set: jest.fn(),
+  })),
+}));
+
+jest.mock('~/config', () => ({
+  logger: {
+    error: jest.fn(),
+    warn: jest.fn(),
+    debug: jest.fn(),
+  },
+}));
+
+const { createFile } = require('~/models/File');
+const { createAgent } = require('~/models/Agent');
+const { getProjectByName } = require('~/models/Project');
+
+// Import the router after mocks
+const router = require('./files');
+
+describe('File Routes - Agent Files Endpoint', () => {
+  let app;
+  let mongoServer;
+  let authorId;
+  let otherUserId;
+  let agentId;
+  let fileId1;
+  let fileId2;
+  let fileId3;
+
+  beforeAll(async () => {
+    mongoServer = await MongoMemoryServer.create();
+    await mongoose.connect(mongoServer.getUri());
+
+    // Initialize models
+    require('~/db/models');
+
+    app = express();
+    app.use(express.json());
+
+    // Mock authentication middleware
+    app.use((req, res, next) => {
+      req.user = { id: otherUserId || 'default-user' };
+      req.app = { locals: {} };
+      next();
+    });
+
+    app.use('/files', router);
+  });
+
+  afterAll(async () => {
+    await mongoose.disconnect();
+    await mongoServer.stop();
+  });
+
+  beforeEach(async () => {
+    jest.clearAllMocks();
+
+    // Clear database
+    const collections = mongoose.connection.collections;
+    for (const key in collections) {
+      await collections[key].deleteMany({});
+    }
+
+    authorId = new mongoose.Types.ObjectId().toString();
+    otherUserId = new mongoose.Types.ObjectId().toString();
+    agentId = uuidv4();
+    fileId1 = uuidv4();
+    fileId2 = uuidv4();
+    fileId3 = uuidv4();
+
+    // Create files
+    await createFile({
+      user: authorId,
+      file_id: fileId1,
+      filename: 'agent-file1.txt',
+      filepath: `/uploads/${authorId}/${fileId1}`,
+      bytes: 1024,
+      type: 'text/plain',
+    });
+
+    await createFile({
+      user: authorId,
+      file_id: fileId2,
+      filename: 'agent-file2.txt',
+      filepath: `/uploads/${authorId}/${fileId2}`,
+      bytes: 2048,
+      type: 'text/plain',
+    });
+
+    await createFile({
+      user: otherUserId,
+      file_id: fileId3,
+      filename: 'user-file.txt',
+      filepath: `/uploads/${otherUserId}/${fileId3}`,
+      bytes: 512,
+      type: 'text/plain',
+    });
+
+    // Create an agent with files attached
+    await createAgent({
+      id: agentId,
+      name: 'Test Agent',
+      author: authorId,
+      model: 'gpt-4',
+      provider: 'openai',
+      isCollaborative: true,
+      tool_resources: {
+        file_search: {
+          file_ids: [fileId1, fileId2],
+        },
+      },
+    });
+
+    // Share the agent globally
+    const globalProject = await getProjectByName(GLOBAL_PROJECT_NAME, '_id');
+    if (globalProject) {
+      const { updateAgent } = require('~/models/Agent');
+      await updateAgent({ id: agentId }, { projectIds: [globalProject._id] });
+    }
+  });
+
+  describe('GET /files/agent/:agent_id', () => {
+    it('should return files accessible through the agent for non-author', async () => {
+      const response = await request(app).get(`/files/agent/${agentId}`);
+
+      expect(response.status).toBe(200);
+      expect(response.body).toHaveLength(2); // Only agent files, not user-owned files
+
+      const fileIds = response.body.map((f) => f.file_id);
+      expect(fileIds).toContain(fileId1);
+      expect(fileIds).toContain(fileId2);
+      expect(fileIds).not.toContain(fileId3); // User's own file not included
+    });
+
+    it('should return 400 when agent_id is not provided', async () => {
+      const response = await request(app).get('/files/agent/');
+
+      expect(response.status).toBe(404); // Express returns 404 for missing route parameter
+    });
+
+    it('should return empty array for non-existent agent', async () => {
+      const response = await request(app).get('/files/agent/non-existent-agent');
+
+      expect(response.status).toBe(200);
+      expect(response.body).toEqual([]); // Empty array for non-existent agent
+    });
+
+    it('should return empty array when agent is not collaborative', async () => {
+      // Create a non-collaborative agent
+      const nonCollabAgentId = uuidv4();
+      await createAgent({
+        id: nonCollabAgentId,
+        name: 'Non-Collaborative Agent',
+        author: authorId,
+        model: 'gpt-4',
+        provider: 'openai',
+        isCollaborative: false,
+        tool_resources: {
+          file_search: {
+            file_ids: [fileId1],
+          },
+        },
+      });
+
+      // Share it globally
+      const globalProject = await getProjectByName(GLOBAL_PROJECT_NAME, '_id');
+      if (globalProject) {
+        const { updateAgent } = require('~/models/Agent');
+        await updateAgent({ id: nonCollabAgentId }, { projectIds: [globalProject._id] });
+      }
+
+      const response = await request(app).get(`/files/agent/${nonCollabAgentId}`);
+
+      expect(response.status).toBe(200);
+      expect(response.body).toEqual([]); // Empty array when not collaborative
+    });
+
+    it('should return agent files for agent author', async () => {
+      // Create a new app instance with author authentication
+      const authorApp = express();
+      authorApp.use(express.json());
+      authorApp.use((req, res, next) => {
+        req.user = { id: authorId };
+        req.app = { locals: {} };
+        next();
+      });
+      authorApp.use('/files', router);
+
+      const response = await request(authorApp).get(`/files/agent/${agentId}`);
+
+      expect(response.status).toBe(200);
+      expect(response.body).toHaveLength(2); // Agent files for author
+
+      const fileIds = response.body.map((f) => f.file_id);
+      expect(fileIds).toContain(fileId1);
+      expect(fileIds).toContain(fileId2);
+      expect(fileIds).not.toContain(fileId3); // User's own file not included
+    });
+
+    it('should return files uploaded by other users to shared agent for author', async () => {
+      // Create a file uploaded by another user
+      const otherUserFileId = uuidv4();
+      const anotherUserId = new mongoose.Types.ObjectId().toString();
+
+      await createFile({
+        user: anotherUserId,
+        file_id: otherUserFileId,
+        filename: 'other-user-file.txt',
+        filepath: `/uploads/${anotherUserId}/${otherUserFileId}`,
+        bytes: 4096,
+        type: 'text/plain',
+      });
+
+      // Update agent to include the file uploaded by another user
+      const { updateAgent } = require('~/models/Agent');
+      await updateAgent(
+        { id: agentId },
+        {
+          tool_resources: {
+            file_search: {
+              file_ids: [fileId1, fileId2, otherUserFileId],
+            },
+          },
+        },
+      );
+
+      // Create app instance with author authentication
+      const authorApp = express();
+      authorApp.use(express.json());
+      authorApp.use((req, res, next) => {
+        req.user = { id: authorId };
+        req.app = { locals: {} };
+        next();
+      });
+      authorApp.use('/files', router);
+
+      const response = await request(authorApp).get(`/files/agent/${agentId}`);
+
+      expect(response.status).toBe(200);
+      expect(response.body).toHaveLength(3); // Including file from another user
+
+      const fileIds = response.body.map((f) => f.file_id);
+      expect(fileIds).toContain(fileId1);
+      expect(fileIds).toContain(fileId2);
+      expect(fileIds).toContain(otherUserFileId); // File uploaded by another user
+    });
+  });
+});
--- a/api/server/routes/files/files.js
+++ b/api/server/routes/files/files.js
@@ -5,6 +5,7 @@ const {
  Time,
  isUUID,
  CacheKeys,
+  Constants,
  FileSources,
  EModelEndpoint,
  isAgentsEndpoint,
@@ -16,11 +17,12 @@ const {
  processDeleteRequest,
  processAgentFileUpload,
 } = require('~/server/services/Files/process');
+const { getFiles, batchUpdateFiles, hasAccessToFilesViaAgent } = require('~/models/File');
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
 const { getOpenAIClient } = require('~/server/controllers/assistants/helpers');
 const { loadAuthValues } = require('~/server/services/Tools/credentials');
 const { refreshS3FileUrls } = require('~/server/services/Files/S3/crud');
-const { getFiles, batchUpdateFiles } = require('~/models/File');
+const { getProjectByName } = require('~/models/Project');
 const { getAssistant } = require('~/models/Assistant');
 const { getAgent } = require('~/models/Agent');
 const { getLogStores } = require('~/cache');
@@ -50,6 +52,68 @@ router.get('/', async (req, res) => {
  }
 });

+/**
+ * Get files specific to an agent
+ * @route GET /files/agent/:agent_id
+ * @param {string} agent_id - The agent ID to get files for
+ * @returns {Promise<TFile[]>} Array of files attached to the agent
+ */
+router.get('/agent/:agent_id', async (req, res) => {
+  try {
+    const { agent_id } = req.params;
+    const userId = req.user.id;
+
+    if (!agent_id) {
+      return res.status(400).json({ error: 'Agent ID is required' });
+    }
+
+    // Get the agent to check ownership and attached files
+    const agent = await getAgent({ id: agent_id });
+
+    if (!agent) {
+      // No agent found, return empty array
+      return res.status(200).json([]);
+    }
+
+    // Check if user has access to the agent
+    if (agent.author.toString() !== userId) {
+      // Non-authors need the agent to be globally shared and collaborative
+      const globalProject = await getProjectByName(Constants.GLOBAL_PROJECT_NAME, '_id');
+
+      if (
+        !globalProject ||
+        !agent.projectIds.some((pid) => pid.toString() === globalProject._id.toString()) ||
+        !agent.isCollaborative
+      ) {
+        return res.status(200).json([]);
+      }
+    }
+
+    // Collect all file IDs from agent's tool resources
+    const agentFileIds = [];
+    if (agent.tool_resources) {
+      for (const [, resource] of Object.entries(agent.tool_resources)) {
+        if (resource?.file_ids && Array.isArray(resource.file_ids)) {
+          agentFileIds.push(...resource.file_ids);
+        }
+      }
+    }
+
+    // If no files attached to agent, return empty array
+    if (agentFileIds.length === 0) {
+      return res.status(200).json([]);
+    }
+
+    // Get only the files attached to this agent
+    const files = await getFiles({ file_id: { $in: agentFileIds } }, null, { text: 0 });
+
+    res.status(200).json(files);
+  } catch (error) {
+    logger.error('[/files/agent/:agent_id] Error fetching agent files:', error);
+    res.status(500).json({ error: 'Failed to fetch agent files' });
+  }
+});
+
 router.get('/config', async (req, res) => {
  try {
    res.status(200).json(req.app.locals.fileConfig);
@@ -86,11 +150,62 @@ router.delete('/', async (req, res) => {

    const fileIds = files.map((file) => file.file_id);
    const dbFiles = await getFiles({ file_id: { $in: fileIds } });
-    const unauthorizedFiles = dbFiles.filter((file) => file.user.toString() !== req.user.id);
+
+    const ownedFiles = [];
+    const nonOwnedFiles = [];
+    const fileMap = new Map();
+
+    for (const file of dbFiles) {
+      fileMap.set(file.file_id, file);
+      if (file.user.toString() === req.user.id) {
+        ownedFiles.push(file);
+      } else {
+        nonOwnedFiles.push(file);
+      }
+    }
+
+    // If all files are owned by the user, no need for further checks
+    if (nonOwnedFiles.length === 0) {
+      await processDeleteRequest({ req, files: ownedFiles });
+      logger.debug(
+        `[/files] Files deleted successfully: ${ownedFiles
+          .filter((f) => f.file_id)
+          .map((f) => f.file_id)
+          .join(', ')}`,
+      );
+      res.status(200).json({ message: 'Files deleted successfully' });
+      return;
+    }
+
+    // Check access for non-owned files
+    let authorizedFiles = [...ownedFiles];
+    let unauthorizedFiles = [];
+
+    if (req.body.agent_id && nonOwnedFiles.length > 0) {
+      // Batch check access for all non-owned files
+      const nonOwnedFileIds = nonOwnedFiles.map((f) => f.file_id);
+      const accessMap = await hasAccessToFilesViaAgent(
+        req.user.id,
+        nonOwnedFileIds,
+        req.body.agent_id,
+      );
+
+      // Separate authorized and unauthorized files
+      for (const file of nonOwnedFiles) {
+        if (accessMap.get(file.file_id)) {
+          authorizedFiles.push(file);
+        } else {
+          unauthorizedFiles.push(file);
+        }
+      }
+    } else {
+      // No agent context, all non-owned files are unauthorized
+      unauthorizedFiles = nonOwnedFiles;
+    }

    if (unauthorizedFiles.length > 0) {
      return res.status(403).json({
-        message: 'You can only delete your own files',
+        message: 'You can only delete files you have access to',
        unauthorizedFiles: unauthorizedFiles.map((f) => f.file_id),
      });
    }
@@ -131,10 +246,10 @@ router.delete('/', async (req, res) => {
        .json({ message: 'File associations removed successfully from Azure Assistant' });
    }

-    await processDeleteRequest({ req, files: dbFiles });
+    await processDeleteRequest({ req, files: authorizedFiles });

    logger.debug(
-      `[/files] Files deleted successfully: ${files
+      `[/files] Files deleted successfully: ${authorizedFiles
        .filter((f) => f.file_id)
        .map((f) => f.file_id)
        .join(', ')}`,
@@ -283,7 +398,10 @@ router.post('/', async (req, res) => {
      message += ': ' + error.message;
    }

-    if (error.message?.includes('Invalid file format')) {
+    if (
+      error.message?.includes('Invalid file format') ||
+      error.message?.includes('No OCR result')
+    ) {
      message = error.message;
    }

--- a/api/server/routes/files/files.test.js
+++ b/api/server/routes/files/files.test.js
@@ -0,0 +1,302 @@
+const express = require('express');
+const request = require('supertest');
+const mongoose = require('mongoose');
+const { v4: uuidv4 } = require('uuid');
+const { MongoMemoryServer } = require('mongodb-memory-server');
+const { GLOBAL_PROJECT_NAME } = require('librechat-data-provider').Constants;
+
+// Mock dependencies
+jest.mock('~/server/services/Files/process', () => ({
+  processDeleteRequest: jest.fn().mockResolvedValue({}),
+  filterFile: jest.fn(),
+  processFileUpload: jest.fn(),
+  processAgentFileUpload: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/strategies', () => ({
+  getStrategyFunctions: jest.fn(() => ({})),
+}));
+
+jest.mock('~/server/controllers/assistants/helpers', () => ({
+  getOpenAIClient: jest.fn(),
+}));
+
+jest.mock('~/server/services/Tools/credentials', () => ({
+  loadAuthValues: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/S3/crud', () => ({
+  refreshS3FileUrls: jest.fn(),
+}));
+
+jest.mock('~/cache', () => ({
+  getLogStores: jest.fn(() => ({
+    get: jest.fn(),
+    set: jest.fn(),
+  })),
+}));
+
+jest.mock('~/config', () => ({
+  logger: {
+    error: jest.fn(),
+    warn: jest.fn(),
+    debug: jest.fn(),
+  },
+}));
+
+const { createFile } = require('~/models/File');
+const { createAgent } = require('~/models/Agent');
+const { getProjectByName } = require('~/models/Project');
+const { processDeleteRequest } = require('~/server/services/Files/process');
+
+// Import the router after mocks
+const router = require('./files');
+
+describe('File Routes - Delete with Agent Access', () => {
+  let app;
+  let mongoServer;
+  let authorId;
+  let otherUserId;
+  let agentId;
+  let fileId;
+
+  beforeAll(async () => {
+    mongoServer = await MongoMemoryServer.create();
+    await mongoose.connect(mongoServer.getUri());
+
+    // Initialize models
+    require('~/db/models');
+
+    app = express();
+    app.use(express.json());
+
+    // Mock authentication middleware
+    app.use((req, res, next) => {
+      req.user = { id: otherUserId || 'default-user' };
+      req.app = { locals: {} };
+      next();
+    });
+
+    app.use('/files', router);
+  });
+
+  afterAll(async () => {
+    await mongoose.disconnect();
+    await mongoServer.stop();
+  });
+
+  beforeEach(async () => {
+    jest.clearAllMocks();
+
+    // Clear database
+    const collections = mongoose.connection.collections;
+    for (const key in collections) {
+      await collections[key].deleteMany({});
+    }
+
+    authorId = new mongoose.Types.ObjectId().toString();
+    otherUserId = new mongoose.Types.ObjectId().toString();
+    fileId = uuidv4();
+
+    // Create a file owned by the author
+    await createFile({
+      user: authorId,
+      file_id: fileId,
+      filename: 'test.txt',
+      filepath: `/uploads/${authorId}/${fileId}`,
+      bytes: 1024,
+      type: 'text/plain',
+    });
+
+    // Create an agent with the file attached
+    const agent = await createAgent({
+      id: uuidv4(),
+      name: 'Test Agent',
+      author: authorId,
+      model: 'gpt-4',
+      provider: 'openai',
+      isCollaborative: true,
+      tool_resources: {
+        file_search: {
+          file_ids: [fileId],
+        },
+      },
+    });
+    agentId = agent.id;
+
+    // Share the agent globally
+    const globalProject = await getProjectByName(GLOBAL_PROJECT_NAME, '_id');
+    if (globalProject) {
+      const { updateAgent } = require('~/models/Agent');
+      await updateAgent({ id: agentId }, { projectIds: [globalProject._id] });
+    }
+  });
+
+  describe('DELETE /files', () => {
+    it('should allow deleting files owned by the user', async () => {
+      // Create a file owned by the current user
+      const userFileId = uuidv4();
+      await createFile({
+        user: otherUserId,
+        file_id: userFileId,
+        filename: 'user-file.txt',
+        filepath: `/uploads/${otherUserId}/${userFileId}`,
+        bytes: 1024,
+        type: 'text/plain',
+      });
+
+      const response = await request(app)
+        .delete('/files')
+        .send({
+          files: [
+            {
+              file_id: userFileId,
+              filepath: `/uploads/${otherUserId}/${userFileId}`,
+            },
+          ],
+        });
+
+      expect(response.status).toBe(200);
+      expect(response.body.message).toBe('Files deleted successfully');
+      expect(processDeleteRequest).toHaveBeenCalled();
+    });
+
+    it('should prevent deleting files not owned by user without agent context', async () => {
+      const response = await request(app)
+        .delete('/files')
+        .send({
+          files: [
+            {
+              file_id: fileId,
+              filepath: `/uploads/${authorId}/${fileId}`,
+            },
+          ],
+        });
+
+      expect(response.status).toBe(403);
+      expect(response.body.message).toBe('You can only delete files you have access to');
+      expect(response.body.unauthorizedFiles).toContain(fileId);
+      expect(processDeleteRequest).not.toHaveBeenCalled();
+    });
+
+    it('should allow deleting files accessible through shared agent', async () => {
+      const response = await request(app)
+        .delete('/files')
+        .send({
+          agent_id: agentId,
+          files: [
+            {
+              file_id: fileId,
+              filepath: `/uploads/${authorId}/${fileId}`,
+            },
+          ],
+        });
+
+      expect(response.status).toBe(200);
+      expect(response.body.message).toBe('Files deleted successfully');
+      expect(processDeleteRequest).toHaveBeenCalled();
+    });
+
+    it('should prevent deleting files not attached to the specified agent', async () => {
+      // Create another file not attached to the agent
+      const unattachedFileId = uuidv4();
+      await createFile({
+        user: authorId,
+        file_id: unattachedFileId,
+        filename: 'unattached.txt',
+        filepath: `/uploads/${authorId}/${unattachedFileId}`,
+        bytes: 1024,
+        type: 'text/plain',
+      });
+
+      const response = await request(app)
+        .delete('/files')
+        .send({
+          agent_id: agentId,
+          files: [
+            {
+              file_id: unattachedFileId,
+              filepath: `/uploads/${authorId}/${unattachedFileId}`,
+            },
+          ],
+        });
+
+      expect(response.status).toBe(403);
+      expect(response.body.message).toBe('You can only delete files you have access to');
+      expect(response.body.unauthorizedFiles).toContain(unattachedFileId);
+    });
+
+    it('should handle mixed authorized and unauthorized files', async () => {
+      // Create a file owned by the current user
+      const userFileId = uuidv4();
+      await createFile({
+        user: otherUserId,
+        file_id: userFileId,
+        filename: 'user-file.txt',
+        filepath: `/uploads/${otherUserId}/${userFileId}`,
+        bytes: 1024,
+        type: 'text/plain',
+      });
+
+      // Create an unauthorized file
+      const unauthorizedFileId = uuidv4();
+      await createFile({
+        user: authorId,
+        file_id: unauthorizedFileId,
+        filename: 'unauthorized.txt',
+        filepath: `/uploads/${authorId}/${unauthorizedFileId}`,
+        bytes: 1024,
+        type: 'text/plain',
+      });
+
+      const response = await request(app)
+        .delete('/files')
+        .send({
+          agent_id: agentId,
+          files: [
+            {
+              file_id: fileId, // Authorized through agent
+              filepath: `/uploads/${authorId}/${fileId}`,
+            },
+            {
+              file_id: userFileId, // Owned by user
+              filepath: `/uploads/${otherUserId}/${userFileId}`,
+            },
+            {
+              file_id: unauthorizedFileId, // Not authorized
+              filepath: `/uploads/${authorId}/${unauthorizedFileId}`,
+            },
+          ],
+        });
+
+      expect(response.status).toBe(403);
+      expect(response.body.message).toBe('You can only delete files you have access to');
+      expect(response.body.unauthorizedFiles).toContain(unauthorizedFileId);
+      expect(response.body.unauthorizedFiles).not.toContain(fileId);
+      expect(response.body.unauthorizedFiles).not.toContain(userFileId);
+    });
+
+    it('should prevent deleting files when agent is not collaborative', async () => {
+      // Update the agent to be non-collaborative
+      const { updateAgent } = require('~/models/Agent');
+      await updateAgent({ id: agentId }, { isCollaborative: false });
+
+      const response = await request(app)
+        .delete('/files')
+        .send({
+          agent_id: agentId,
+          files: [
+            {
+              file_id: fileId,
+              filepath: `/uploads/${authorId}/${fileId}`,
+            },
+          ],
+        });
+
+      expect(response.status).toBe(403);
+      expect(response.body.message).toBe('You can only delete files you have access to');
+      expect(response.body.unauthorizedFiles).toContain(fileId);
+      expect(processDeleteRequest).not.toHaveBeenCalled();
+    });
+  });
+});
--- a/Show More
+++ b/Show More