chore: remove test code

- Modified the user creation process to incorporate balance configuration retrieved from the new getBalanceConfig function.
- Adjusted imports for user methods to streamline the code structure.

.env.example

@@ -485,21 +485,6 @@ SAML_IMAGE_URL=
 # SAML_USE_AUTHN_RESPONSE_SIGNED=
 
 
-#===============================================#
-# Microsoft Graph API / Entra ID Integration  #
-#===============================================#
-
-# Enable Entra ID people search integration in permissions/sharing system
-# When enabled, the people picker will search both local database and Entra ID
-USE_ENTRA_ID_FOR_PEOPLE_SEARCH=false
-
-# When enabled, entra id groups owners will be considered as members of the group
-ENTRA_ID_INCLUDE_OWNERS_AS_MEMBERS=false
-
-# Microsoft Graph API scopes needed for people/group search
-# Default scopes provide access to user profiles and group memberships
-OPENID_GRAPH_SCOPES=User.Read,People.Read,GroupMember.Read.All
-
 # LDAP
 LDAP_URL=
 LDAP_BIND_DN=
@@ -530,18 +515,6 @@ EMAIL_PASSWORD=
 EMAIL_FROM_NAME=
 EMAIL_FROM=noreply@librechat.ai
 
-#========================#
-#      Mailgun API       #
-#========================#
-
-# MAILGUN_API_KEY=your-mailgun-api-key
-# MAILGUN_DOMAIN=mg.yourdomain.com
-# EMAIL_FROM=noreply@yourdomain.com
-# EMAIL_FROM_NAME="LibreChat"
-
-# # Optional: For EU region
-# MAILGUN_HOST=https://api.eu.mailgun.net
-
 #========================#
 # Firebase CDN           #
 #========================#

.github/CONTRIBUTING.md

@@ -30,8 +30,8 @@ Project maintainers have the right and responsibility to remove, edit, or reject
 2. Install typescript globally: `npm i -g typescript`.
 3. Run `npm ci` to install dependencies.
 4. Build the data provider: `npm run build:data-provider`.
-5. Build data schemas: `npm run build:data-schemas`.
-6. Build API methods: `npm run build:api`.
+5. Build MCP: `npm run build:mcp`.
+6. Build data schemas: `npm run build:data-schemas`.
 7. Setup and run unit tests:
     - Copy `.env.test`: `cp api/test/.env.test.example api/test/.env.test`.
     - Run backend unit tests: `npm run test:api`.

.github/workflows/backend-review.yml

@@ -7,7 +7,6 @@ on:
       - release/*
     paths:
       - 'api/**'
-      - 'packages/api/**'
 jobs:
   tests_Backend:
     name: Run Backend unit tests
@@ -37,12 +36,12 @@ jobs:
       - name: Install Data Provider Package
         run: npm run build:data-provider
 
+      - name: Install MCP Package
+        run: npm run build:mcp
+
       - name: Install Data Schemas Package
         run: npm run build:data-schemas
 
-      - name: Install API Package
-        run: npm run build:api
-
       - name: Create empty auth.json file
         run: |
           mkdir -p api/data
@@ -67,8 +66,5 @@ jobs:
       - name: Run librechat-data-provider unit tests
         run: cd packages/data-provider && npm run test:ci
 
-      - name: Run @librechat/data-schemas unit tests
-        run: cd packages/data-schemas && npm run test:ci
-
-      - name: Run @librechat/api unit tests
-        run: cd packages/api && npm run test:ci
+      - name: Run librechat-mcp unit tests
+        run: cd packages/mcp && npm run test:ci

.github/workflows/deploy-dev.yml

@@ -2,7 +2,7 @@ name: Update Test Server
 
 on:
   workflow_run:
-    workflows: ["Docker Dev Branch Images Build"]
+    workflows: ["Docker Dev Images Build"]
     types:
       - completed
   workflow_dispatch:
@@ -12,8 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     if: |
       github.repository == 'danny-avila/LibreChat' &&
-      (github.event_name == 'workflow_dispatch' || 
-       (github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'dev'))
+      (github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success')
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
@@ -30,17 +29,13 @@ jobs:
         DO_USER: ${{ secrets.DO_USER }}
       run: |
         ssh -o StrictHostKeyChecking=no ${DO_USER}@${DO_HOST} << EOF
-        sudo -i -u danny bash << 'EEOF'
+        sudo -i -u danny bash << EEOF
         cd ~/LibreChat && \
         git fetch origin main && \
-        sudo npm run stop:deployed && \
-        sudo docker images --format "{{.Repository}}:{{.ID}}" | grep -E "lc-dev|librechat" | cut -d: -f2 | xargs -r sudo docker rmi -f || true && \
-        sudo npm run update:deployed && \
-        git checkout dev && \
-        git pull origin dev && \
+        npm run update:deployed && \
         git checkout do-deploy && \
-        git rebase dev && \
-        sudo npm run start:deployed && \
+        git rebase main && \
+        npm run start:deployed && \
         echo "Update completed. Application should be running now."
         EEOF
         EOF

.github/workflows/dev-branch-images.yml

@@ -1,72 +0,0 @@
-name: Docker Dev Branch Images Build
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - dev
-    paths:
-      - 'api/**'
-      - 'client/**'
-      - 'packages/**'
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        include:
-          - target: api-build
-            file: Dockerfile.multi
-            image_name: lc-dev-api
-          - target: node
-            file: Dockerfile
-            image_name: lc-dev
-
-    steps:
-      # Check out the repository
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      # Set up QEMU
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      # Set up Docker Buildx
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      # Log in to GitHub Container Registry
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Login to Docker Hub
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      # Prepare the environment
-      - name: Prepare environment
-        run: |
-          cp .env.example .env
-
-      # Build and push Docker images for each target
-      - name: Build and push Docker images
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: ${{ matrix.file }}
-          push: true
-          tags: |
-            ghcr.io/${{ github.repository_owner }}/${{ matrix.image_name }}:${{ github.sha }}
-            ghcr.io/${{ github.repository_owner }}/${{ matrix.image_name }}:latest
-            ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image_name }}:${{ github.sha }}
-            ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image_name }}:latest
-          platforms: linux/amd64,linux/arm64
-          target: ${{ matrix.target }} 

.github/workflows/i18n-unused-keys.yml

@@ -5,13 +5,12 @@ on:
     paths:
       - "client/src/**"
       - "api/**"
-      - "packages/data-provider/src/**"
 
 jobs:
   detect-unused-i18n-keys:
     runs-on: ubuntu-latest
     permissions:
-      pull-requests: write
+      pull-requests: write  # Required for posting PR comments
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3

.github/workflows/unused-packages.yml

@@ -98,8 +98,6 @@ jobs:
             cd client
             UNUSED=$(depcheck --json | jq -r '.dependencies | join("\n")' || echo "")
             UNUSED=$(comm -23 <(echo "$UNUSED" | sort) <(cat ../client_used_deps.txt ../client_used_code.txt | sort) || echo "")
-            # Filter out false positives
-            UNUSED=$(echo "$UNUSED" | grep -v "^micromark-extension-llm-math$" || echo "")
             echo "CLIENT_UNUSED<<EOF" >> $GITHUB_ENV
             echo "$UNUSED" >> $GITHUB_ENV
             echo "EOF" >> $GITHUB_ENV

.gitignore

@@ -55,7 +55,6 @@ bower_components/
 # AI
 .clineignore
 .cursor
-.aider*
 
 # Floobits
 .floo

.vscode/launch.json

@@ -8,8 +8,7 @@
       "skipFiles": ["<node_internals>/**"],
       "program": "${workspaceFolder}/api/server/index.js",
       "env": {
-        "NODE_ENV": "production",
-        "NODE_TLS_REJECT_UNAUTHORIZED": "0"
+        "NODE_ENV": "production"
       },
       "console": "integratedTerminal",
       "envFile": "${workspaceFolder}/.env"

Dockerfile.multi

@@ -14,7 +14,7 @@ RUN npm config set fetch-retry-maxtimeout 600000 && \
     npm config set fetch-retry-mintimeout 15000
 COPY package*.json ./
 COPY packages/data-provider/package*.json ./packages/data-provider/
-COPY packages/api/package*.json ./packages/api/
+COPY packages/mcp/package*.json ./packages/mcp/
 COPY packages/data-schemas/package*.json ./packages/data-schemas/
 COPY client/package*.json ./client/
 COPY api/package*.json ./api/
@@ -24,27 +24,26 @@ FROM base-min AS base
 WORKDIR /app
 RUN npm ci
 
-# Build `data-provider` package
+# Build data-provider
 FROM base AS data-provider-build
 WORKDIR /app/packages/data-provider
 COPY packages/data-provider ./
 RUN npm run build
 
-# Build `data-schemas` package
+# Build mcp package
+FROM base AS mcp-build
+WORKDIR /app/packages/mcp
+COPY packages/mcp ./
+COPY --from=data-provider-build /app/packages/data-provider/dist /app/packages/data-provider/dist
+RUN npm run build
+
+# Build data-schemas
 FROM base AS data-schemas-build
 WORKDIR /app/packages/data-schemas
 COPY packages/data-schemas ./
 COPY --from=data-provider-build /app/packages/data-provider/dist /app/packages/data-provider/dist
 RUN npm run build
 
-# Build `api` package
-FROM base AS api-package-build
-WORKDIR /app/packages/api
-COPY packages/api ./
-COPY --from=data-provider-build /app/packages/data-provider/dist /app/packages/data-provider/dist
-COPY --from=data-schemas-build /app/packages/data-schemas/dist /app/packages/data-schemas/dist
-RUN npm run build
-
 # Client build
 FROM base AS client-build
 WORKDIR /app/client
@@ -64,8 +63,8 @@ RUN npm ci --omit=dev
 COPY api ./api
 COPY config ./config
 COPY --from=data-provider-build /app/packages/data-provider/dist ./packages/data-provider/dist
+COPY --from=mcp-build /app/packages/mcp/dist ./packages/mcp/dist
 COPY --from=data-schemas-build /app/packages/data-schemas/dist ./packages/data-schemas/dist
-COPY --from=api-package-build /app/packages/api/dist ./packages/api/dist
 COPY --from=client-build /app/client/dist ./client/dist
 WORKDIR /app/api
 EXPOSE 3080

README.md

@@ -150,8 +150,8 @@ Click on the thumbnail to open the video☝️
 
 **Other:**
   - **Website:** [librechat.ai](https://librechat.ai)
-  - **Documentation:** [librechat.ai/docs](https://librechat.ai/docs)
-  - **Blog:** [librechat.ai/blog](https://librechat.ai/blog)
+  - **Documentation:** [docs.librechat.ai](https://docs.librechat.ai)
+  - **Blog:** [blog.librechat.ai](https://blog.librechat.ai)
 
 ---
 

api/app/clients/AnthropicClient.js

@@ -10,7 +10,6 @@ const {
   validateVisionModel,
 } = require('librechat-data-provider');
 const { SplitStreamHandler: _Handler } = require('@librechat/agents');
-const { Tokenizer, createFetch, createStreamEventHandlers } = require('@librechat/api');
 const {
   truncateText,
   formatMessage,
@@ -27,6 +26,8 @@ const {
 const { getModelMaxTokens, getModelMaxOutputTokens, matchModelName } = require('~/utils');
 const { spendTokens, spendStructuredTokens } = require('~/models/spendTokens');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
+const { createFetch, createStreamEventHandlers } = require('./generators');
+const Tokenizer = require('~/server/services/Tokenizer');
 const { sleep } = require('~/server/utils');
 const BaseClient = require('./BaseClient');
 const { logger } = require('~/config');
@@ -190,11 +191,10 @@ class AnthropicClient extends BaseClient {
         reverseProxyUrl: this.options.reverseProxyUrl,
       }),
       apiKey: this.apiKey,
-      fetchOptions: {},
     };
 
     if (this.options.proxy) {
-      options.fetchOptions.agent = new HttpsProxyAgent(this.options.proxy);
+      options.httpAgent = new HttpsProxyAgent(this.options.proxy);
     }
 
     if (this.options.reverseProxyUrl) {

api/app/clients/BaseClient.js

@@ -792,8 +792,7 @@ class BaseClient {
 
     userMessage.tokenCount = userMessageTokenCount;
     /*
-      Note: `AgentController` saves the user message if not saved here
-      (noted by `savedMessageIds`), so we update the count of its `userMessage` reference
+      Note: `AskController` saves the user message, so we update the count of its `userMessage` reference
     */
     if (typeof opts?.getReqData === 'function') {
       opts.getReqData({
@@ -802,8 +801,7 @@ class BaseClient {
     }
     /*
       Note: we update the user message to be sure it gets the calculated token count;
-      though `AgentController` saves the user message if not saved here
-      (noted by `savedMessageIds`), EditController does not
+      though `AskController` saves the user message, EditController does not
     */
     await userMessagePromise;
     await this.updateMessageInDatabase({

api/app/clients/ChatGPTClient.js

@@ -2,7 +2,6 @@ const { Keyv } = require('keyv');
 const crypto = require('crypto');
 const { CohereClient } = require('cohere-ai');
 const { fetchEventSource } = require('@waylaidwanderer/fetch-event-source');
-const { constructAzureURL, genAzureChatCompletion } = require('@librechat/api');
 const { encoding_for_model: encodingForModel, get_encoding: getEncoding } = require('tiktoken');
 const {
   ImageDetail,
@@ -11,9 +10,9 @@ const {
   CohereConstants,
   mapModelToAzureConfig,
 } = require('librechat-data-provider');
+const { extractBaseURL, constructAzureURL, genAzureChatCompletion } = require('~/utils');
 const { createContextHandlers } = require('./prompts');
 const { createCoherePayload } = require('./llm');
-const { extractBaseURL } = require('~/utils');
 const BaseClient = require('./BaseClient');
 const { logger } = require('~/config');
 
@@ -245,9 +244,9 @@ class ChatGPTClient extends BaseClient {
 
       baseURL = this.langchainProxy
         ? constructAzureURL({
-            baseURL: this.langchainProxy,
-            azureOptions: this.azure,
-          })
+          baseURL: this.langchainProxy,
+          azureOptions: this.azure,
+        })
         : this.azureEndpoint.split(/(?<!\/)\/(chat|completion)\//)[0];
 
       if (this.options.forcePrompt) {
@@ -340,6 +339,7 @@ class ChatGPTClient extends BaseClient {
     opts.body = JSON.stringify(modelOptions);
 
     if (modelOptions.stream) {
+
       return new Promise(async (resolve, reject) => {
         try {
           let done = false;

api/app/clients/GoogleClient.js

@@ -1,5 +1,4 @@
 const { google } = require('googleapis');
-const { Tokenizer } = require('@librechat/api');
 const { concat } = require('@langchain/core/utils/stream');
 const { ChatVertexAI } = require('@langchain/google-vertexai');
 const { ChatGoogleGenerativeAI } = require('@langchain/google-genai');
@@ -20,6 +19,7 @@ const {
 } = require('librechat-data-provider');
 const { getSafetySettings } = require('~/server/services/Endpoints/google/llm');
 const { encodeAndFormat } = require('~/server/services/Files/images');
+const Tokenizer = require('~/server/services/Tokenizer');
 const { spendTokens } = require('~/models/spendTokens');
 const { getModelMaxTokens } = require('~/utils');
 const { sleep } = require('~/server/utils');
@@ -34,8 +34,7 @@ const BaseClient = require('./BaseClient');
 
 const loc = process.env.GOOGLE_LOC || 'us-central1';
 const publisher = 'google';
-const endpointPrefix =
-  loc === 'global' ? 'aiplatform.googleapis.com' : `${loc}-aiplatform.googleapis.com`;
+const endpointPrefix = `${loc}-aiplatform.googleapis.com`;
 
 const settings = endpointSettings[EModelEndpoint.google];
 const EXCLUDED_GENAI_MODELS = /gemini-(?:1\.0|1-0|pro)/;
@@ -237,11 +236,11 @@ class GoogleClient extends BaseClient {
       msg.content = (
         !Array.isArray(msg.content)
           ? [
-              {
-                type: ContentTypes.TEXT,
-                [ContentTypes.TEXT]: msg.content,
-              },
-            ]
+            {
+              type: ContentTypes.TEXT,
+              [ContentTypes.TEXT]: msg.content,
+            },
+          ]
           : msg.content
       ).concat(message.image_urls);
 

api/app/clients/OllamaClient.js

@@ -1,11 +1,10 @@
 const { z } = require('zod');
 const axios = require('axios');
 const { Ollama } = require('ollama');
-const { sleep } = require('@librechat/agents');
-const { logAxiosError } = require('@librechat/api');
-const { logger } = require('@librechat/data-schemas');
 const { Constants } = require('librechat-data-provider');
-const { deriveBaseURL } = require('~/utils');
+const { deriveBaseURL, logAxiosError } = require('~/utils');
+const { sleep } = require('~/server/utils');
+const { logger } = require('~/config');
 
 const ollamaPayloadSchema = z.object({
   mirostat: z.number().optional(),
@@ -68,7 +67,7 @@ class OllamaClient {
       return models;
     } catch (error) {
       const logMessage =
-        "Failed to fetch models from Ollama API. If you are not using Ollama directly, and instead, through some aggregator or reverse proxy that handles fetching via OpenAI spec, ensure the name of the endpoint doesn't start with `ollama` (case-insensitive).";
+        'Failed to fetch models from Ollama API. If you are not using Ollama directly, and instead, through some aggregator or reverse proxy that handles fetching via OpenAI spec, ensure the name of the endpoint doesn\'t start with `ollama` (case-insensitive).';
       logAxiosError({ message: logMessage, error });
       return [];
     }

api/app/clients/OpenAIClient.js

@@ -1,14 +1,6 @@
 const { OllamaClient } = require('./OllamaClient');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const { SplitStreamHandler, CustomOpenAIClient: OpenAI } = require('@librechat/agents');
-const {
-  isEnabled,
-  Tokenizer,
-  createFetch,
-  constructAzureURL,
-  genAzureChatCompletion,
-  createStreamEventHandlers,
-} = require('@librechat/api');
 const {
   Constants,
   ImageDetail,
@@ -24,6 +16,13 @@ const {
   validateVisionModel,
   mapModelToAzureConfig,
 } = require('librechat-data-provider');
+const {
+  extractBaseURL,
+  constructAzureURL,
+  getModelMaxTokens,
+  genAzureChatCompletion,
+  getModelMaxOutputTokens,
+} = require('~/utils');
 const {
   truncateText,
   formatMessage,
@@ -31,9 +30,10 @@ const {
   titleInstruction,
   createContextHandlers,
 } = require('./prompts');
-const { extractBaseURL, getModelMaxTokens, getModelMaxOutputTokens } = require('~/utils');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
-const { addSpaceIfNeeded, sleep } = require('~/server/utils');
+const { createFetch, createStreamEventHandlers } = require('./generators');
+const { addSpaceIfNeeded, isEnabled, sleep } = require('~/server/utils');
+const Tokenizer = require('~/server/services/Tokenizer');
 const { spendTokens } = require('~/models/spendTokens');
 const { handleOpenAIErrors } = require('./tools/util');
 const { createLLM, RunManager } = require('./llm');
@@ -1159,7 +1159,6 @@ ${convo}
       logger.debug('[OpenAIClient] chatCompletion', { baseURL, modelOptions });
       const opts = {
         baseURL,
-        fetchOptions: {},
       };
 
       if (this.useOpenRouter) {
@@ -1178,7 +1177,7 @@ ${convo}
       }
 
       if (this.options.proxy) {
-        opts.fetchOptions.agent = new HttpsProxyAgent(this.options.proxy);
+        opts.httpAgent = new HttpsProxyAgent(this.options.proxy);
       }
 
       /** @type {TAzureConfig | undefined} */
@@ -1396,7 +1395,7 @@ ${convo}
           ...modelOptions,
           stream: true,
         };
-        const stream = await openai.chat.completions
+        const stream = await openai.beta.chat.completions
           .stream(params)
           .on('abort', () => {
             /* Do nothing here */

api/app/clients/generators.js

@@ -0,0 +1,71 @@
+const fetch = require('node-fetch');
+const { GraphEvents } = require('@librechat/agents');
+const { logger, sendEvent } = require('~/config');
+const { sleep } = require('~/server/utils');
+
+/**
+ * Makes a function to make HTTP request and logs the process.
+ * @param {Object} params
+ * @param {boolean} [params.directEndpoint] - Whether to use a direct endpoint.
+ * @param {string} [params.reverseProxyUrl] - The reverse proxy URL to use for the request.
+ * @returns {Promise<Response>} - A promise that resolves to the response of the fetch request.
+ */
+function createFetch({ directEndpoint = false, reverseProxyUrl = '' }) {
+  /**
+   * Makes an HTTP request and logs the process.
+   * @param {RequestInfo} url - The URL to make the request to. Can be a string or a Request object.
+   * @param {RequestInit} [init] - Optional init options for the request.
+   * @returns {Promise<Response>} - A promise that resolves to the response of the fetch request.
+   */
+  return async (_url, init) => {
+    let url = _url;
+    if (directEndpoint) {
+      url = reverseProxyUrl;
+    }
+    logger.debug(`Making request to ${url}`);
+    if (typeof Bun !== 'undefined') {
+      return await fetch(url, init);
+    }
+    return await fetch(url, init);
+  };
+}
+
+// Add this at the module level outside the class
+/**
+ * Creates event handlers for stream events that don't capture client references
+ * @param {Object} res - The response object to send events to
+ * @returns {Object} Object containing handler functions
+ */
+function createStreamEventHandlers(res) {
+  return {
+    [GraphEvents.ON_RUN_STEP]: (event) => {
+      if (res) {
+        sendEvent(res, event);
+      }
+    },
+    [GraphEvents.ON_MESSAGE_DELTA]: (event) => {
+      if (res) {
+        sendEvent(res, event);
+      }
+    },
+    [GraphEvents.ON_REASONING_DELTA]: (event) => {
+      if (res) {
+        sendEvent(res, event);
+      }
+    },
+  };
+}
+
+function createHandleLLMNewToken(streamRate) {
+  return async () => {
+    if (streamRate) {
+      await sleep(streamRate);
+    }
+  };
+}
+
+module.exports = {
+  createFetch,
+  createHandleLLMNewToken,
+  createStreamEventHandlers,
+};

api/app/clients/llm/createLLM.js

@@ -1,5 +1,6 @@
 const { ChatOpenAI } = require('@langchain/openai');
-const { isEnabled, sanitizeModelName, constructAzureURL } = require('@librechat/api');
+const { sanitizeModelName, constructAzureURL } = require('~/utils');
+const { isEnabled } = require('~/server/utils');
 
 /**
  * Creates a new instance of a language model (LLM) for chat interactions.

api/app/clients/prompts/createContextHandlers.js

@@ -96,35 +96,35 @@ function createContextHandlers(req, userMessageContent) {
         resolvedQueries.length === 0
           ? '\n\tThe semantic search did not return any results.'
           : resolvedQueries
-              .map((queryResult, index) => {
-                const file = processedFiles[index];
-                let contextItems = queryResult.data;
+            .map((queryResult, index) => {
+              const file = processedFiles[index];
+              let contextItems = queryResult.data;
 
-                const generateContext = (currentContext) =>
-                  `
+              const generateContext = (currentContext) =>
+                `
           <file>
             <filename>${file.filename}</filename>
             <context>${currentContext}
             </context>
           </file>`;
 
-                if (useFullContext) {
-                  return generateContext(`\n${contextItems}`);
-                }
+              if (useFullContext) {
+                return generateContext(`\n${contextItems}`);
+              }
 
-                contextItems = queryResult.data
-                  .map((item) => {
-                    const pageContent = item[0].page_content;
-                    return `
+              contextItems = queryResult.data
+                .map((item) => {
+                  const pageContent = item[0].page_content;
+                  return `
             <contextItem>
               <![CDATA[${pageContent?.trim()}]]>
             </contextItem>`;
-                  })
-                  .join('');
+                })
+                .join('');
 
-                return generateContext(contextItems);
-              })
-              .join('');
+              return generateContext(contextItems);
+            })
+            .join('');
 
       if (useFullContext) {
         const prompt = `${header}

api/app/clients/specs/AnthropicClient.test.js

@@ -309,7 +309,7 @@ describe('AnthropicClient', () => {
       };
       client.setOptions({ modelOptions, promptCache: true });
       const anthropicClient = client.getClient(modelOptions);
-      expect(anthropicClient._options.defaultHeaders).toBeUndefined();
+      expect(anthropicClient.defaultHeaders).not.toHaveProperty('anthropic-beta');
     });
 
     it('should not add beta header for other models', () => {
@@ -320,7 +320,7 @@ describe('AnthropicClient', () => {
         },
       });
       const anthropicClient = client.getClient();
-      expect(anthropicClient._options.defaultHeaders).toBeUndefined();
+      expect(anthropicClient.defaultHeaders).not.toHaveProperty('anthropic-beta');
     });
   });
 

api/app/clients/specs/BaseClient.test.js

@@ -33,9 +33,7 @@ jest.mock('~/models', () => ({
 const { getConvo, saveConvo } = require('~/models');
 
 jest.mock('@librechat/agents', () => {
-  const { Providers } = jest.requireActual('@librechat/agents');
   return {
-    Providers,
     ChatOpenAI: jest.fn().mockImplementation(() => {
       return {};
     }),

api/app/clients/tools/dynamic/OpenAPIPlugin.js

@@ -0,0 +1,184 @@
+require('dotenv').config();
+const fs = require('fs');
+const { z } = require('zod');
+const path = require('path');
+const yaml = require('js-yaml');
+const { createOpenAPIChain } = require('langchain/chains');
+const { DynamicStructuredTool } = require('@langchain/core/tools');
+const { ChatPromptTemplate, HumanMessagePromptTemplate } = require('@langchain/core/prompts');
+const { logger } = require('~/config');
+
+function addLinePrefix(text, prefix = '// ') {
+  return text
+    .split('\n')
+    .map((line) => prefix + line)
+    .join('\n');
+}
+
+function createPrompt(name, functions) {
+  const prefix = `// The ${name} tool has the following functions. Determine the desired or most optimal function for the user's query:`;
+  const functionDescriptions = functions
+    .map((func) => `// - ${func.name}: ${func.description}`)
+    .join('\n');
+  return `${prefix}\n${functionDescriptions}
+// You are an expert manager and scrum master. You must provide a detailed intent to better execute the function.
+// Always format as such: {{"func": "function_name", "intent": "intent and expected result"}}`;
+}
+
+const AuthBearer = z
+  .object({
+    type: z.string().includes('service_http'),
+    authorization_type: z.string().includes('bearer'),
+    verification_tokens: z.object({
+      openai: z.string(),
+    }),
+  })
+  .catch(() => false);
+
+const AuthDefinition = z
+  .object({
+    type: z.string(),
+    authorization_type: z.string(),
+    verification_tokens: z.object({
+      openai: z.string(),
+    }),
+  })
+  .catch(() => false);
+
+async function readSpecFile(filePath) {
+  try {
+    const fileContents = await fs.promises.readFile(filePath, 'utf8');
+    if (path.extname(filePath) === '.json') {
+      return JSON.parse(fileContents);
+    }
+    return yaml.load(fileContents);
+  } catch (e) {
+    logger.error('[readSpecFile] error', e);
+    return false;
+  }
+}
+
+async function getSpec(url) {
+  const RegularUrl = z
+    .string()
+    .url()
+    .catch(() => false);
+
+  if (RegularUrl.parse(url) && path.extname(url) === '.json') {
+    const response = await fetch(url);
+    return await response.json();
+  }
+
+  const ValidSpecPath = z
+    .string()
+    .url()
+    .catch(async () => {
+      const spec = path.join(__dirname, '..', '.well-known', 'openapi', url);
+      if (!fs.existsSync(spec)) {
+        return false;
+      }
+
+      return await readSpecFile(spec);
+    });
+
+  return ValidSpecPath.parse(url);
+}
+
+async function createOpenAPIPlugin({ data, llm, user, message, memory, signal }) {
+  let spec;
+  try {
+    spec = await getSpec(data.api.url);
+  } catch (error) {
+    logger.error('[createOpenAPIPlugin] getSpec error', error);
+    return null;
+  }
+
+  if (!spec) {
+    logger.warn('[createOpenAPIPlugin] No spec found');
+    return null;
+  }
+
+  const headers = {};
+  const { auth, name_for_model, description_for_model, description_for_human } = data;
+  if (auth && AuthDefinition.parse(auth)) {
+    logger.debug('[createOpenAPIPlugin] auth detected', auth);
+    const { openai } = auth.verification_tokens;
+    if (AuthBearer.parse(auth)) {
+      headers.authorization = `Bearer ${openai}`;
+      logger.debug('[createOpenAPIPlugin] added auth bearer', headers);
+    }
+  }
+
+  const chainOptions = { llm };
+
+  if (data.headers && data.headers['librechat_user_id']) {
+    logger.debug('[createOpenAPIPlugin] id detected', headers);
+    headers[data.headers['librechat_user_id']] = user;
+  }
+
+  if (Object.keys(headers).length > 0) {
+    logger.debug('[createOpenAPIPlugin] headers detected', headers);
+    chainOptions.headers = headers;
+  }
+
+  if (data.params) {
+    logger.debug('[createOpenAPIPlugin] params detected', data.params);
+    chainOptions.params = data.params;
+  }
+
+  let history = '';
+  if (memory) {
+    logger.debug('[createOpenAPIPlugin] openAPI chain: memory detected', memory);
+    const { history: chat_history } = await memory.loadMemoryVariables({});
+    history = chat_history?.length > 0 ? `\n\n## Chat History:\n${chat_history}\n` : '';
+  }
+
+  chainOptions.prompt = ChatPromptTemplate.fromMessages([
+    HumanMessagePromptTemplate.fromTemplate(
+      `# Use the provided API's to respond to this query:\n\n{query}\n\n## Instructions:\n${addLinePrefix(
+        description_for_model,
+      )}${history}`,
+    ),
+  ]);
+
+  const chain = await createOpenAPIChain(spec, chainOptions);
+
+  const { functions } = chain.chains[0].lc_kwargs.llmKwargs;
+
+  return new DynamicStructuredTool({
+    name: name_for_model,
+    description_for_model: `${addLinePrefix(description_for_human)}${createPrompt(
+      name_for_model,
+      functions,
+    )}`,
+    description: `${description_for_human}`,
+    schema: z.object({
+      func: z
+        .string()
+        .describe(
+          `The function to invoke. The functions available are: ${functions
+            .map((func) => func.name)
+            .join(', ')}`,
+        ),
+      intent: z
+        .string()
+        .describe('Describe your intent with the function and your expected result'),
+    }),
+    func: async ({ func = '', intent = '' }) => {
+      const filteredFunctions = functions.filter((f) => f.name === func);
+      chain.chains[0].lc_kwargs.llmKwargs.functions = filteredFunctions;
+      const query = `${message}${func?.length > 0 ? `\n// Intent: ${intent}` : ''}`;
+      const result = await chain.call({
+        query,
+        signal,
+      });
+      return result.response;
+    },
+  });
+}
+
+module.exports = {
+  getSpec,
+  readSpecFile,
+  createOpenAPIPlugin,
+};

api/app/clients/tools/dynamic/OpenAPIPlugin.spec.js

@@ -0,0 +1,72 @@
+const fs = require('fs');
+const { createOpenAPIPlugin, getSpec, readSpecFile } = require('./OpenAPIPlugin');
+
+global.fetch = jest.fn().mockImplementationOnce(() => {
+  return new Promise((resolve) => {
+    resolve({
+      ok: true,
+      json: () => Promise.resolve({ key: 'value' }),
+    });
+  });
+});
+jest.mock('fs', () => ({
+  promises: {
+    readFile: jest.fn(),
+  },
+  existsSync: jest.fn(),
+}));
+
+describe('readSpecFile', () => {
+  it('reads JSON file correctly', async () => {
+    fs.promises.readFile.mockResolvedValue(JSON.stringify({ test: 'value' }));
+    const result = await readSpecFile('test.json');
+    expect(result).toEqual({ test: 'value' });
+  });
+
+  it('reads YAML file correctly', async () => {
+    fs.promises.readFile.mockResolvedValue('test: value');
+    const result = await readSpecFile('test.yaml');
+    expect(result).toEqual({ test: 'value' });
+  });
+
+  it('handles error correctly', async () => {
+    fs.promises.readFile.mockRejectedValue(new Error('test error'));
+    const result = await readSpecFile('test.json');
+    expect(result).toBe(false);
+  });
+});
+
+describe('getSpec', () => {
+  it('fetches spec from url correctly', async () => {
+    const parsedJson = await getSpec('https://www.instacart.com/.well-known/ai-plugin.json');
+    const isObject = typeof parsedJson === 'object';
+    expect(isObject).toEqual(true);
+  });
+
+  it('reads spec from file correctly', async () => {
+    fs.existsSync.mockReturnValue(true);
+    fs.promises.readFile.mockResolvedValue(JSON.stringify({ test: 'value' }));
+    const result = await getSpec('test.json');
+    expect(result).toEqual({ test: 'value' });
+  });
+
+  it('returns false when file does not exist', async () => {
+    fs.existsSync.mockReturnValue(false);
+    const result = await getSpec('test.json');
+    expect(result).toBe(false);
+  });
+});
+
+describe('createOpenAPIPlugin', () => {
+  it('returns null when getSpec throws an error', async () => {
+    const result = await createOpenAPIPlugin({ data: { api: { url: 'invalid' } } });
+    expect(result).toBe(null);
+  });
+
+  it('returns null when no spec is found', async () => {
+    const result = await createOpenAPIPlugin({});
+    expect(result).toBe(null);
+  });
+
+  // Add more tests here for different scenarios
+});

api/app/clients/tools/structured/DALLE3.js

@@ -8,10 +8,10 @@ const { HttpsProxyAgent } = require('https-proxy-agent');
 const { FileContext, ContentTypes } = require('librechat-data-provider');
 const { getImageBasename } = require('~/server/services/Files/images');
 const extractBaseURL = require('~/utils/extractBaseURL');
-const logger = require('~/config/winston');
+const { logger } = require('~/config');
 
 const displayMessage =
-  "DALL-E displayed an image. All generated images are already plainly visible, so don't repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.";
+  'DALL-E displayed an image. All generated images are already plainly visible, so don\'t repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.';
 class DALLE3 extends Tool {
   constructor(fields = {}) {
     super();

api/app/clients/tools/structured/OpenAIImageTools.js

@@ -4,13 +4,12 @@ const { v4 } = require('uuid');
 const OpenAI = require('openai');
 const FormData = require('form-data');
 const { tool } = require('@langchain/core/tools');
-const { logAxiosError } = require('@librechat/api');
-const { logger } = require('@librechat/data-schemas');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const { ContentTypes, EImageOutputType } = require('librechat-data-provider');
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
-const { extractBaseURL } = require('~/utils');
+const { logAxiosError, extractBaseURL } = require('~/utils');
 const { getFiles } = require('~/models/File');
+const { logger } = require('~/config');
 
 /** Default descriptions for image generation tool  */
 const DEFAULT_IMAGE_GEN_DESCRIPTION = `
@@ -65,7 +64,7 @@ const DEFAULT_IMAGE_EDIT_PROMPT_DESCRIPTION = `Describe the changes, enhancement
       Always base this prompt on the most recently uploaded reference images.`;
 
 const displayMessage =
-  "The tool displayed an image. All generated images are already plainly visible, so don't repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.";
+  'The tool displayed an image. All generated images are already plainly visible, so don\'t repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.';
 
 /**
  * Replaces unwanted characters from the input string

api/app/clients/tools/structured/specs/DALLE3.spec.js

@@ -1,29 +1,10 @@
 const OpenAI = require('openai');
 const DALLE3 = require('../DALLE3');
-const logger = require('~/config/winston');
+
+const { logger } = require('~/config');
 
 jest.mock('openai');
 
-jest.mock('@librechat/data-schemas', () => {
-  return {
-    logger: {
-      info: jest.fn(),
-      warn: jest.fn(),
-      debug: jest.fn(),
-      error: jest.fn(),
-    },
-  };
-});
-
-jest.mock('tiktoken', () => {
-  return {
-    encoding_for_model: jest.fn().mockReturnValue({
-      encode: jest.fn(),
-      decode: jest.fn(),
-    }),
-  };
-});
-
 const processFileURL = jest.fn();
 
 jest.mock('~/server/services/Files/images', () => ({
@@ -56,11 +37,6 @@ jest.mock('fs', () => {
   return {
     existsSync: jest.fn(),
     mkdirSync: jest.fn(),
-    promises: {
-      writeFile: jest.fn(),
-      readFile: jest.fn(),
-      unlink: jest.fn(),
-    },
   };
 });
 

api/app/clients/tools/util/fileSearch.js

@@ -135,7 +135,7 @@ const createFileSearchTool = async ({ req, files, entity_id }) => {
         query: z
           .string()
           .describe(
-            "A natural language query to search for relevant information in the files. Be specific and use keywords related to the information you're looking for. The query will be used for semantic similarity matching against the file contents.",
+            'A natural language query to search for relevant information in the files. Be specific and use keywords related to the information you\'re looking for. The query will be used for semantic similarity matching against the file contents.',
           ),
       }),
     },

api/app/clients/tools/util/handleTools.js

@@ -1,14 +1,14 @@
-const { mcpToolPattern } = require('@librechat/api');
-const { logger } = require('@librechat/data-schemas');
 const { SerpAPI } = require('@langchain/community/tools/serpapi');
 const { Calculator } = require('@langchain/community/tools/calculator');
 const { EnvVar, createCodeExecutionTool, createSearchTool } = require('@librechat/agents');
 const {
   Tools,
+  Constants,
   EToolResources,
   loadWebSearchAuth,
   replaceSpecialVars,
 } = require('librechat-data-provider');
+const { getUserPluginAuthValue } = require('~/server/services/PluginService');
 const {
   availableTools,
   manifestToolMap,
@@ -28,10 +28,11 @@ const {
 } = require('../');
 const { primeFiles: primeCodeFiles } = require('~/server/services/Files/Code/process');
 const { createFileSearchTool, primeFiles: primeSearchFiles } = require('./fileSearch');
-const { getUserPluginAuthValue } = require('~/server/services/PluginService');
 const { loadAuthValues } = require('~/server/services/Tools/credentials');
-const { getCachedTools } = require('~/server/services/Config');
 const { createMCPTool } = require('~/server/services/MCP');
+const { logger } = require('~/config');
+
+const mcpToolPattern = new RegExp(`^.+${Constants.mcp_delimiter}.+$`);
 
 /**
  * Validates the availability and authentication of tools for a user based on environment variables or user-specific plugin authentication values.
@@ -92,7 +93,7 @@ const validateTools = async (user, tools = []) => {
     return Array.from(validToolsSet.values());
   } catch (err) {
     logger.error('[validateTools] There was a problem validating tools', err);
-    throw new Error(err);
+    throw new Error('There was a problem validating tools');
   }
 };
 
@@ -235,7 +236,7 @@ const loadTools = async ({
 
   /** @type {Record<string, string>} */
   const toolContextMap = {};
-  const appTools = (await getCachedTools({ includeGlobal: true })) ?? {};
+  const appTools = options.req?.app?.locals?.availableTools ?? {};
 
   for (const tool of tools) {
     if (tool === Tools.execute_code) {
@@ -298,7 +299,6 @@ Current Date & Time: ${replaceSpecialVars({ text: '{{iso_datetime}}' })}
       requestedTools[tool] = async () =>
         createMCPTool({
           req: options.req,
-          res: options.res,
           toolKey: tool,
           model: agent?.model ?? model,
           provider: agent?.provider ?? endpoint,

api/app/clients/tools/util/handleTools.test.js

@@ -1,5 +1,8 @@
-const mongoose = require('mongoose');
-const { MongoMemoryServer } = require('mongodb-memory-server');
+const mockUser = {
+  _id: 'fakeId',
+  save: jest.fn(),
+  findByIdAndDelete: jest.fn(),
+};
 
 const mockPluginService = {
   updateUserPluginAuth: jest.fn(),
@@ -7,18 +10,29 @@ const mockPluginService = {
   getUserPluginAuthValue: jest.fn(),
 };
 
+const mockModels = {
+  User: mockUser,
+};
+jest.mock('~/db/connect', () => {
+  return {
+    connectDb: jest.fn(),
+    User: mockModels.mockUser,
+  };
+});
+jest.mock('~/models/File', () => ({
+  File: jest.fn(),
+}));
+
 jest.mock('~/server/services/PluginService', () => mockPluginService);
 
 const { BaseLLM } = require('@langchain/openai');
 const { Calculator } = require('@langchain/community/tools/calculator');
 
-const { User } = require('~/db/models');
 const PluginService = require('~/server/services/PluginService');
 const { validateTools, loadTools, loadToolWithAuth } = require('./handleTools');
 const { StructuredSD, availableTools, DALLE3 } = require('../');
 
 describe('Tool Handlers', () => {
-  let mongoServer;
   let fakeUser;
   const pluginKey = 'dalle';
   const pluginKey2 = 'wolfram';
@@ -29,9 +43,7 @@ describe('Tool Handlers', () => {
   const authConfigs = mainPlugin.authConfig;
 
   beforeAll(async () => {
-    mongoServer = await MongoMemoryServer.create();
-    const mongoUri = mongoServer.getUri();
-    await mongoose.connect(mongoUri);
+    mockUser.save.mockResolvedValue(undefined);
 
     const userAuthValues = {};
     mockPluginService.getUserPluginAuthValue.mockImplementation((userId, authField) => {
@@ -46,7 +58,7 @@ describe('Tool Handlers', () => {
       },
     );
 
-    fakeUser = new User({
+    fakeUser = await mockModels.User.createUser({
       name: 'Fake User',
       username: 'fakeuser',
       email: 'fakeuser@example.com',
@@ -72,36 +84,9 @@ describe('Tool Handlers', () => {
   });
 
   afterAll(async () => {
-    await mongoose.disconnect();
-    await mongoServer.stop();
-  });
-
-  beforeEach(async () => {
-    // Clear mocks but not the database since we need the user to persist
-    jest.clearAllMocks();
-
-    // Reset the mock implementations
-    const userAuthValues = {};
-    mockPluginService.getUserPluginAuthValue.mockImplementation((userId, authField) => {
-      return userAuthValues[`${userId}-${authField}`];
-    });
-    mockPluginService.updateUserPluginAuth.mockImplementation(
-      (userId, authField, _pluginKey, credential) => {
-        const fields = authField.split('||');
-        fields.forEach((field) => {
-          userAuthValues[`${userId}-${field}`] = credential;
-        });
-      },
-    );
-
-    // Re-add the auth configs for the user
+    await mockUser.findByIdAndDelete(fakeUser._id);
     for (const authConfig of authConfigs) {
-      await PluginService.updateUserPluginAuth(
-        fakeUser._id,
-        authConfig.authField,
-        pluginKey,
-        mockCredential,
-      );
+      await PluginService.deleteUserPluginAuth(fakeUser._id, authConfig.authField);
     }
   });
 

api/cache/banViolation.spec.js

@@ -1,28 +1,69 @@
-const mongoose = require('mongoose');
-const { MongoMemoryServer } = require('mongodb-memory-server');
 const banViolation = require('./banViolation');
 
-// Mock deleteAllUserSessions since we're testing ban logic, not session deletion
-jest.mock('~/models', () => ({
-  ...jest.requireActual('~/models'),
-  deleteAllUserSessions: jest.fn().mockResolvedValue(true),
+const mockModels = {
+  Session: {
+    deleteAllUserSessions: jest.fn(),
+  },
+};
+
+jest.mock('~/db/connect', () => {
+  return {
+    connectDb: jest.fn(),
+    get models() {
+      return mockModels;
+    },
+  };
+});
+
+jest.mock('~/server/utils', () => ({
+  isEnabled: jest.fn(() => true), // default to false, override per test if needed
+  math: jest.fn(() => 20), // default to false, override per test if needed
+  removePorts: jest.fn(),
 }));
 
+jest.mock('keyv');
+// jest.mock('../models/Session');
+// Mocking the getLogStores function
+jest.mock('./getLogStores', () => {
+  return jest.fn().mockImplementation(() => {
+    const EventEmitter = require('events');
+    const { CacheKeys } = require('librechat-data-provider');
+    const math = require('../server/utils/math');
+    const mockGet = jest.fn();
+    const mockSet = jest.fn();
+    class KeyvMongo extends EventEmitter {
+      constructor(url = 'mongodb://127.0.0.1:27017', options) {
+        super();
+        this.ttlSupport = false;
+        url = url ?? {};
+        if (typeof url === 'string') {
+          url = { url };
+        }
+        if (url.uri) {
+          url = { url: url.uri, ...url };
+        }
+        this.opts = {
+          url,
+          collection: 'keyv',
+          ...url,
+          ...options,
+        };
+      }
+
+      get = mockGet;
+      set = mockSet;
+    }
+
+    return new KeyvMongo('', {
+      namespace: CacheKeys.BANS,
+      ttl: math(process.env.BAN_DURATION, 7200000),
+    });
+  });
+});
+
 describe('banViolation', () => {
-  let mongoServer;
   let req, res, errorMessage;
 
-  beforeAll(async () => {
-    mongoServer = await MongoMemoryServer.create();
-    const mongoUri = mongoServer.getUri();
-    await mongoose.connect(mongoUri);
-  });
-
-  afterAll(async () => {
-    await mongoose.disconnect();
-    await mongoServer.stop();
-  });
-
   beforeEach(() => {
     req = {
       ip: '127.0.0.1',
@@ -35,7 +76,7 @@ describe('banViolation', () => {
     };
     errorMessage = {
       type: 'someViolation',
-      user_id: new mongoose.Types.ObjectId().toString(), // Use valid ObjectId
+      user_id: '12345',
       prev_count: 0,
       violation_count: 0,
     };

api/cache/getLogStores.js

@@ -1,7 +1,7 @@
 const { Keyv } = require('keyv');
 const { CacheKeys, ViolationTypes, Time } = require('librechat-data-provider');
 const { logFile, violationFile } = require('./keyvFiles');
-const { isEnabled, math } = require('~/server/utils');
+const { math, isEnabled } = require('~/server/utils');
 const keyvRedis = require('./keyvRedis');
 const keyvMongo = require('./keyvMongo');
 
@@ -29,10 +29,6 @@ const roles = isRedisEnabled
   ? new Keyv({ store: keyvRedis })
   : new Keyv({ namespace: CacheKeys.ROLES });
 
-const mcpTools = isRedisEnabled
-  ? new Keyv({ store: keyvRedis })
-  : new Keyv({ namespace: CacheKeys.MCP_TOOLS });
-
 const audioRuns = isRedisEnabled
   ? new Keyv({ store: keyvRedis, ttl: Time.TEN_MINUTES })
   : new Keyv({ namespace: CacheKeys.AUDIO_RUNS, ttl: Time.TEN_MINUTES });
@@ -71,7 +67,6 @@ const openIdExchangedTokensCache = isRedisEnabled
 
 const namespaces = {
   [CacheKeys.ROLES]: roles,
-  [CacheKeys.MCP_TOOLS]: mcpTools,
   [CacheKeys.CONFIG_STORE]: config,
   [CacheKeys.PENDING_REQ]: pending_req,
   [ViolationTypes.BAN]: new Keyv({ store: keyvMongo, namespace: CacheKeys.BANS, ttl: duration }),

api/config/index.js

@@ -1,6 +1,7 @@
+const axios = require('axios');
 const { EventSource } = require('eventsource');
-const { Time } = require('librechat-data-provider');
-const { MCPManager, FlowStateManager } = require('@librechat/api');
+const { Time, CacheKeys } = require('librechat-data-provider');
+const { MCPManager, FlowStateManager } = require('librechat-mcp');
 const logger = require('./winston');
 
 global.EventSource = EventSource;
@@ -15,7 +16,7 @@ let flowManager = null;
  */
 function getMCPManager(userId) {
   if (!mcpManager) {
-    mcpManager = MCPManager.getInstance();
+    mcpManager = MCPManager.getInstance(logger);
   } else {
     mcpManager.checkIdleConnections(userId);
   }
@@ -30,13 +31,66 @@ function getFlowStateManager(flowsCache) {
   if (!flowManager) {
     flowManager = new FlowStateManager(flowsCache, {
       ttl: Time.ONE_MINUTE * 3,
+      logger,
     });
   }
   return flowManager;
 }
 
+/**
+ * Sends message data in Server Sent Events format.
+ * @param {ServerResponse} res - The server response.
+ * @param {{ data: string | Record<string, unknown>, event?: string }} event - The message event.
+ * @param {string} event.event - The type of event.
+ * @param {string} event.data - The message to be sent.
+ */
+const sendEvent = (res, event) => {
+  if (typeof event.data === 'string' && event.data.length === 0) {
+    return;
+  }
+  res.write(`event: message\ndata: ${JSON.stringify(event)}\n\n`);
+};
+
+/**
+ * Creates and configures an Axios instance with optional proxy settings.
+ *
+ * @typedef {import('axios').AxiosInstance} AxiosInstance
+ * @typedef {import('axios').AxiosProxyConfig} AxiosProxyConfig
+ *
+ * @returns {AxiosInstance} A configured Axios instance
+ * @throws {Error} If there's an issue creating the Axios instance or parsing the proxy URL
+ */
+function createAxiosInstance() {
+  const instance = axios.create();
+
+  if (process.env.proxy) {
+    try {
+      const url = new URL(process.env.proxy);
+
+      /** @type {AxiosProxyConfig} */
+      const proxyConfig = {
+        host: url.hostname.replace(/^\[|\]$/g, ''),
+        protocol: url.protocol.replace(':', ''),
+      };
+
+      if (url.port) {
+        proxyConfig.port = parseInt(url.port, 10);
+      }
+
+      instance.defaults.proxy = proxyConfig;
+    } catch (error) {
+      console.error('Error parsing proxy URL:', error);
+      throw new Error(`Invalid proxy URL: ${process.env.proxy}`);
+    }
+  }
+
+  return instance;
+}
+
 module.exports = {
   logger,
+  sendEvent,
   getMCPManager,
+  createAxiosInstance,
   getFlowStateManager,
 };

api/config/index.spec.js

@@ -1,6 +1,7 @@
-import axios from 'axios';
-import { createAxiosInstance } from './axios';
+const axios = require('axios');
+const { createAxiosInstance } = require('./index');
 
+// Mock axios
 jest.mock('axios', () => ({
   interceptors: {
     request: { use: jest.fn(), eject: jest.fn() },
@@ -19,13 +20,7 @@ jest.mock('axios', () => ({
   post: jest.fn().mockResolvedValue({ data: {} }),
   put: jest.fn().mockResolvedValue({ data: {} }),
   delete: jest.fn().mockResolvedValue({ data: {} }),
-  reset: jest.fn().mockImplementation(function (this: {
-    get: jest.Mock;
-    post: jest.Mock;
-    put: jest.Mock;
-    delete: jest.Mock;
-    create: jest.Mock;
-  }) {
+  reset: jest.fn().mockImplementation(function () {
     this.get.mockClear();
     this.post.mockClear();
     this.put.mockClear();

api/db/indexSync.js

@@ -1,11 +1,8 @@
 const mongoose = require('mongoose');
 const { MeiliSearch } = require('meilisearch');
 const { logger } = require('@librechat/data-schemas');
-const { FlowStateManager } = require('@librechat/api');
-const { CacheKeys } = require('librechat-data-provider');
 
 const { isEnabled } = require('~/server/utils');
-const { getLogStores } = require('~/cache');
 
 const Conversation = mongoose.models.Conversation;
 const Message = mongoose.models.Message;
@@ -31,123 +28,43 @@ class MeiliSearchClient {
   }
 }
 
-/**
- * Performs the actual sync operations for messages and conversations
- */
-async function performSync() {
-  const client = MeiliSearchClient.getInstance();
-
-  const { status } = await client.health();
-  if (status !== 'available') {
-    throw new Error('Meilisearch not available');
-  }
-
-  if (indexingDisabled === true) {
-    logger.info('[indexSync] Indexing is disabled, skipping...');
-    return { messagesSync: false, convosSync: false };
-  }
-
-  let messagesSync = false;
-  let convosSync = false;
-
-  // Check if we need to sync messages
-  const messageProgress = await Message.getSyncProgress();
-  if (!messageProgress.isComplete) {
-    logger.info(
-      `[indexSync] Messages need syncing: ${messageProgress.totalProcessed}/${messageProgress.totalDocuments} indexed`,
-    );
-
-    // Check if we should do a full sync or incremental
-    const messageCount = await Message.countDocuments();
-    const messagesIndexed = messageProgress.totalProcessed;
-    const syncThreshold = parseInt(process.env.MEILI_SYNC_THRESHOLD || '1000', 10);
-
-    if (messageCount - messagesIndexed > syncThreshold) {
-      logger.info('[indexSync] Starting full message sync due to large difference');
-      await Message.syncWithMeili();
-      messagesSync = true;
-    } else if (messageCount !== messagesIndexed) {
-      logger.warn('[indexSync] Messages out of sync, performing incremental sync');
-      await Message.syncWithMeili();
-      messagesSync = true;
-    }
-  } else {
-    logger.info(
-      `[indexSync] Messages are fully synced: ${messageProgress.totalProcessed}/${messageProgress.totalDocuments}`,
-    );
-  }
-
-  // Check if we need to sync conversations
-  const convoProgress = await Conversation.getSyncProgress();
-  if (!convoProgress.isComplete) {
-    logger.info(
-      `[indexSync] Conversations need syncing: ${convoProgress.totalProcessed}/${convoProgress.totalDocuments} indexed`,
-    );
-
-    const convoCount = await Conversation.countDocuments();
-    const convosIndexed = convoProgress.totalProcessed;
-    const syncThreshold = parseInt(process.env.MEILI_SYNC_THRESHOLD || '1000', 10);
-
-    if (convoCount - convosIndexed > syncThreshold) {
-      logger.info('[indexSync] Starting full conversation sync due to large difference');
-      await Conversation.syncWithMeili();
-      convosSync = true;
-    } else if (convoCount !== convosIndexed) {
-      logger.warn('[indexSync] Convos out of sync, performing incremental sync');
-      await Conversation.syncWithMeili();
-      convosSync = true;
-    }
-  } else {
-    logger.info(
-      `[indexSync] Conversations are fully synced: ${convoProgress.totalProcessed}/${convoProgress.totalDocuments}`,
-    );
-  }
-
-  return { messagesSync, convosSync };
-}
-
-/**
- * Main index sync function that uses FlowStateManager to prevent concurrent execution
- */
 async function indexSync() {
   if (!searchEnabled) {
     return;
   }
-
-  logger.info('[indexSync] Starting index synchronization check...');
-
   try {
-    // Get or create FlowStateManager instance
-    const flowsCache = getLogStores(CacheKeys.FLOWS);
-    if (!flowsCache) {
-      logger.warn('[indexSync] Flows cache not available, falling back to direct sync');
-      return await performSync();
+    const client = MeiliSearchClient.getInstance();
+
+    const { status } = await client.health();
+    if (status !== 'available') {
+      throw new Error('Meilisearch not available');
     }
 
-    const flowManager = new FlowStateManager(flowsCache, {
-      ttl: 60000 * 10, // 10 minutes TTL for sync operations
-    });
-
-    // Use a unique flow ID for the sync operation
-    const flowId = 'meili-index-sync';
-    const flowType = 'MEILI_SYNC';
-
-    // This will only execute the handler if no other instance is running the sync
-    const result = await flowManager.createFlowWithHandler(flowId, flowType, performSync);
-
-    if (result.messagesSync || result.convosSync) {
-      logger.info('[indexSync] Sync completed successfully');
-    } else {
-      logger.debug('[indexSync] No sync was needed');
-    }
-
-    return result;
-  } catch (err) {
-    if (err.message.includes('flow already exists')) {
-      logger.info('[indexSync] Sync already running on another instance');
+    if (indexingDisabled === true) {
+      logger.info('[indexSync] Indexing is disabled, skipping...');
       return;
     }
 
+    const messageCount = await Message.countDocuments();
+    const convoCount = await Conversation.countDocuments();
+    const messages = await client.index('messages').getStats();
+    const convos = await client.index('convos').getStats();
+    const messagesIndexed = messages.numberOfDocuments;
+    const convosIndexed = convos.numberOfDocuments;
+
+    logger.debug(`[indexSync] There are ${messageCount} messages and ${messagesIndexed} indexed`);
+    logger.debug(`[indexSync] There are ${convoCount} convos and ${convosIndexed} indexed`);
+
+    if (messageCount !== messagesIndexed) {
+      logger.debug('[indexSync] Messages out of sync, indexing');
+      Message.syncWithMeili();
+    }
+
+    if (convoCount !== convosIndexed) {
+      logger.debug('[indexSync] Convos out of sync, indexing');
+      Conversation.syncWithMeili();
+    }
+  } catch (err) {
     if (err.message.includes('not found')) {
       logger.debug('[indexSync] Creating indices...');
       currentTimeout = setTimeout(async () => {

api/models/Action.js

@@ -1,4 +1,5 @@
-const { Action } = require('~/db/models');
+const mongoose = require('mongoose');
+const Action = require('~/db/models').Action;
 
 /**
  * Update an action with new data without overwriting existing properties,

api/models/Agent.js

@@ -4,19 +4,17 @@ const { logger } = require('@librechat/data-schemas');
 const { SystemRoles, Tools, actionDelimiter } = require('librechat-data-provider');
 const { GLOBAL_PROJECT_NAME, EPHEMERAL_AGENT_ID, mcp_delimiter } =
   require('librechat-data-provider').Constants;
-// Default category value for new agents
+const { CONFIG_STORE, STARTUP_CONFIG } = require('librechat-data-provider').CacheKeys;
 const {
   getProjectByName,
   addAgentIdsToProject,
   removeAgentIdsFromProject,
   removeAgentFromAllProjects,
 } = require('./Project');
-const { getCachedTools } = require('~/server/services/Config');
-
-// Category values are now imported from shared constants
-// Schema fields (category, support_contact, is_promoted) are defined in @librechat/data-schemas
+const getLogStores = require('~/cache/getLogStores');
 const { getActions } = require('./Action');
-const { Agent } = require('~/db/models');
+
+const Agent = require('~/db/models').Agent;
 
 /**
  * Create an agent with the provided data.
@@ -25,7 +23,7 @@ const { Agent } = require('~/db/models');
  * @throws {Error} If the agent creation fails.
  */
 const createAgent = async (agentData) => {
-  const { author: _author, ...versionData } = agentData;
+  const { author, ...versionData } = agentData;
   const timestamp = new Date();
   const initialAgentData = {
     ...agentData,
@@ -36,7 +34,6 @@ const createAgent = async (agentData) => {
         updatedAt: timestamp,
       },
     ],
-    category: agentData.category || 'general',
   };
   return (await Agent.create(initialAgentData)).toObject();
 };
@@ -59,12 +56,12 @@ const getAgent = async (searchParameter) => await Agent.findOne(searchParameter)
  * @param {string} params.agent_id
  * @param {string} params.endpoint
  * @param {import('@librechat/agents').ClientOptions} [params.model_parameters]
- * @returns {Promise<Agent|null>} The agent document as a plain object, or null if not found.
+ * @returns {Agent|null} The agent document as a plain object, or null if not found.
  */
-const loadEphemeralAgent = async ({ req, agent_id, endpoint, model_parameters: _m }) => {
+const loadEphemeralAgent = ({ req, agent_id, endpoint, model_parameters: _m }) => {
   const { model, ...model_parameters } = _m;
   /** @type {Record<string, FunctionTool>} */
-  const availableTools = await getCachedTools({ includeGlobal: true });
+  const availableTools = req.app.locals.availableTools;
   /** @type {TEphemeralAgent | null} */
   const ephemeralAgent = req.body.ephemeralAgent;
   const mcpServers = new Set(ephemeralAgent?.mcp);
@@ -73,9 +70,6 @@ const loadEphemeralAgent = async ({ req, agent_id, endpoint, model_parameters: _
   if (ephemeralAgent?.execute_code === true) {
     tools.push(Tools.execute_code);
   }
-  if (ephemeralAgent?.file_search === true) {
-    tools.push(Tools.file_search);
-  }
   if (ephemeralAgent?.web_search === true) {
     tools.push(Tools.web_search);
   }
@@ -118,7 +112,7 @@ const loadAgent = async ({ req, agent_id, endpoint, model_parameters }) => {
     return null;
   }
   if (agent_id === EPHEMERAL_AGENT_ID) {
-    return await loadEphemeralAgent({ req, agent_id, endpoint, model_parameters });
+    return loadEphemeralAgent({ req, agent_id, endpoint, model_parameters });
   }
   const agent = await getAgent({
     id: agent_id,
@@ -129,7 +123,29 @@ const loadAgent = async ({ req, agent_id, endpoint, model_parameters }) => {
   }
 
   agent.version = agent.versions ? agent.versions.length : 0;
-  return agent;
+
+  if (agent.author.toString() === req.user.id) {
+    return agent;
+  }
+
+  if (!agent.projectIds) {
+    return null;
+  }
+
+  const cache = getLogStores(CONFIG_STORE);
+  /** @type {TStartupConfig} */
+  const cachedStartupConfig = await cache.get(STARTUP_CONFIG);
+  let { instanceProjectId } = cachedStartupConfig ?? {};
+  if (!instanceProjectId) {
+    instanceProjectId = (await getProjectByName(GLOBAL_PROJECT_NAME, '_id'))._id.toString();
+  }
+
+  for (const projectObjectId of agent.projectIds) {
+    const projectId = projectObjectId.toString();
+    if (projectId === instanceProjectId) {
+      return agent;
+    }
+  }
 };
 
 /**
@@ -155,11 +171,12 @@ const isDuplicateVersion = (updateData, currentData, versions, actionsHash = nul
     'created_at',
     'updated_at',
     '__v',
+    'agent_ids',
     'versions',
     'actionsHash', // Exclude actionsHash from direct comparison
   ];
 
-  const { $push: _$push, $pull: _$pull, $addToSet: _$addToSet, ...directUpdates } = updateData;
+  const { $push, $pull, $addToSet, ...directUpdates } = updateData;
 
   if (Object.keys(directUpdates).length === 0 && !actionsHash) {
     return null;
@@ -244,24 +261,16 @@ const isDuplicateVersion = (updateData, currentData, versions, actionsHash = nul
  * @param {Object} [options] - Optional configuration object.
  * @param {string} [options.updatingUserId] - The ID of the user performing the update (used for tracking non-author updates).
  * @param {boolean} [options.forceVersion] - Force creation of a new version even if no fields changed.
- * @param {boolean} [options.skipVersioning] - Skip version creation entirely (useful for isolated operations like sharing).
  * @returns {Promise<Agent>} The updated or newly created agent document as a plain object.
  * @throws {Error} If the update would create a duplicate version
  */
 const updateAgent = async (searchParameter, updateData, options = {}) => {
-  const { updatingUserId = null, forceVersion = false, skipVersioning = false } = options;
+  const { updatingUserId = null, forceVersion = false } = options;
   const mongoOptions = { new: true, upsert: false };
 
   const currentAgent = await Agent.findOne(searchParameter);
   if (currentAgent) {
-    const {
-      __v,
-      _id,
-      id: __id,
-      versions,
-      author: _author,
-      ...versionData
-    } = currentAgent.toObject();
+    const { __v, _id, id, versions, author, ...versionData } = currentAgent.toObject();
     const { $push, $pull, $addToSet, ...directUpdates } = updateData;
 
     let actionsHash = null;
@@ -293,8 +302,10 @@ const updateAgent = async (searchParameter, updateData, options = {}) => {
     }
 
     const shouldCreateVersion =
-      !skipVersioning &&
-      (forceVersion || Object.keys(directUpdates).length > 0 || $push || $pull || $addToSet);
+      forceVersion ||
+      (versions &&
+        versions.length > 0 &&
+        (Object.keys(directUpdates).length > 0 || $push || $pull || $addToSet));
 
     if (shouldCreateVersion) {
       const duplicateVersion = isDuplicateVersion(updateData, versionData, versions, actionsHash);
@@ -329,7 +340,7 @@ const updateAgent = async (searchParameter, updateData, options = {}) => {
       versionEntry.updatedBy = new mongoose.Types.ObjectId(updatingUserId);
     }
 
-    if (shouldCreateVersion) {
+    if (shouldCreateVersion || forceVersion) {
       updateData.$push = {
         ...($push || {}),
         versions: versionEntry,
@@ -452,113 +463,8 @@ const deleteAgent = async (searchParameter) => {
   return agent;
 };
 
-/**
- * Get agents by accessible IDs with optional cursor-based pagination.
- * @param {Object} params - The parameters for getting accessible agents.
- * @param {Array} [params.accessibleIds] - Array of agent ObjectIds the user has ACL access to.
- * @param {Object} [params.otherParams] - Additional query parameters (including author filter).
- * @param {number} [params.limit] - Number of agents to return (max 100). If not provided, returns all agents.
- * @param {string} [params.after] - Cursor for pagination - get agents after this cursor. // base64 encoded JSON string with updatedAt and _id.
- * @returns {Promise<Object>} A promise that resolves to an object containing the agents data and pagination info.
- */
-const getListAgentsByAccess = async ({
-  accessibleIds = [],
-  otherParams = {},
-  limit = null,
-  after = null,
-}) => {
-  const isPaginated = limit !== null && limit !== undefined;
-  const normalizedLimit = isPaginated ? Math.min(Math.max(1, parseInt(limit) || 20), 100) : null;
-
-  // Build base query combining ACL accessible agents with other filters
-  const baseQuery = { ...otherParams };
-
-  if (accessibleIds.length > 0) {
-    baseQuery._id = { $in: accessibleIds };
-  }
-
-  // Add cursor condition
-  if (after) {
-    try {
-      const cursor = JSON.parse(Buffer.from(after, 'base64').toString('utf8'));
-      const { updatedAt, _id } = cursor;
-
-      const cursorCondition = {
-        $or: [
-          { updatedAt: { $lt: new Date(updatedAt) } },
-          { updatedAt: new Date(updatedAt), _id: { $gt: new mongoose.Types.ObjectId(_id) } },
-        ],
-      };
-
-      // Merge cursor condition with base query
-      if (Object.keys(baseQuery).length > 0) {
-        baseQuery.$and = [{ ...baseQuery }, cursorCondition];
-        // Remove the original conditions from baseQuery to avoid duplication
-        Object.keys(baseQuery).forEach((key) => {
-          if (key !== '$and') delete baseQuery[key];
-        });
-      } else {
-        Object.assign(baseQuery, cursorCondition);
-      }
-    } catch (error) {
-      logger.warn('Invalid cursor:', error.message);
-    }
-  }
-
-  let query = Agent.find(baseQuery, {
-    id: 1,
-    _id: 1,
-    name: 1,
-    avatar: 1,
-    author: 1,
-    projectIds: 1,
-    description: 1,
-    updatedAt: 1,
-    category: 1,
-    support_contact: 1,
-    is_promoted: 1,
-  }).sort({ updatedAt: -1, _id: 1 });
-
-  // Only apply limit if pagination is requested
-  if (isPaginated) {
-    query = query.limit(normalizedLimit + 1);
-  }
-
-  const agents = await query.lean();
-
-  const hasMore = isPaginated ? agents.length > normalizedLimit : false;
-  const data = (isPaginated ? agents.slice(0, normalizedLimit) : agents).map((agent) => {
-    if (agent.author) {
-      agent.author = agent.author.toString();
-    }
-    return agent;
-  });
-
-  // Generate next cursor only if paginated
-  let nextCursor = null;
-  if (isPaginated && hasMore && data.length > 0) {
-    const lastAgent = agents[normalizedLimit - 1];
-    nextCursor = Buffer.from(
-      JSON.stringify({
-        updatedAt: lastAgent.updatedAt.toISOString(),
-        _id: lastAgent._id.toString(),
-      }),
-    ).toString('base64');
-  }
-
-  return {
-    object: 'list',
-    data,
-    first_id: data.length > 0 ? data[0].id : null,
-    last_id: data.length > 0 ? data[data.length - 1].id : null,
-    has_more: hasMore,
-    after: nextCursor,
-  };
-};
-
 /**
  * Get all agents.
- * @deprecated Use getListAgentsByAccess for ACL-aware agent listing
  * @param {Object} searchParameter - The search parameters to find matching agents.
  * @param {string} searchParameter.author - The user ID of the agent's author.
  * @returns {Promise<Object>} A promise that resolves to an object containing the agents data and pagination info.
@@ -577,15 +483,13 @@ const getListAgents = async (searchParameter) => {
   const agents = (
     await Agent.find(query, {
       id: 1,
-      _id: 1,
+      _id: 0,
       name: 1,
       avatar: 1,
       author: 1,
       projectIds: 1,
       description: 1,
-      // @deprecated - isCollaborative replaced by ACL permissions
       isCollaborative: 1,
-      category: 1,
     }).lean()
   ).map((agent) => {
     if (agent.author?.toString() !== author) {
@@ -647,10 +551,7 @@ const updateAgentProjects = async ({ user, agentId, projectIds, removeProjectIds
     delete updateQuery.author;
   }
 
-  const updatedAgent = await updateAgent(updateQuery, updateOps, {
-    updatingUserId: user.id,
-    skipVersioning: true,
-  });
+  const updatedAgent = await updateAgent(updateQuery, updateOps, { updatingUserId: user.id });
   if (updatedAgent) {
     return updatedAgent;
   }
@@ -751,14 +652,6 @@ const generateActionMetadataHash = async (actionIds, actions) => {
 
   return hashHex;
 };
-/**
- * Counts the number of promoted agents.
- * @returns  {Promise<number>} - The count of promoted agents
- */
-const countPromotedAgents = async () => {
-  const count = await Agent.countDocuments({ is_promoted: true });
-  return count;
-};
 
 /**
  * Load a default agent based on the endpoint
@@ -776,8 +669,6 @@ module.exports = {
   revertAgentVersion,
   updateAgentProjects,
   addAgentResourceFile,
-  getListAgentsByAccess,
   removeAgentResourceFiles,
   generateActionMetadataHash,
-  countPromotedAgents,
 };

api/models/Assistant.js

@@ -1,4 +1,5 @@
-const { Assistant } = require('~/db/models');
+const mongoose = require('mongoose');
+const Assistant = require('~/db/models').Assistant;
 
 /**
  * Update an assistant with new data without overwriting existing properties,

api/models/Banner.js

@@ -1,5 +1,7 @@
+const mongoose = require('mongoose');
 const { logger } = require('@librechat/data-schemas');
-const { Banner } = require('~/db/models');
+
+const Banner = require('~/db/models').Banner;
 
 /**
  * Retrieves the current active banner.

api/models/Conversation.js

@@ -1,6 +1,8 @@
+const mongoose = require('mongoose');
 const { logger } = require('@librechat/data-schemas');
 const { getMessages, deleteMessages } = require('./Message');
-const { Conversation } = require('~/db/models');
+
+const Conversation = require('~/db/models').Conversation;
 
 /**
  * Searches for a conversation by conversationId and returns a lean document with only conversationId and user.

api/models/ConversationTag.js

@@ -1,5 +1,8 @@
+const mongoose = require('mongoose');
 const { logger } = require('@librechat/data-schemas');
-const { ConversationTag, Conversation } = require('~/db/models');
+
+const ConversationTag = require('~/db/models').ConversationTag;
+const Conversation = require('~/db/models').Conversation;
 
 /**
  * Retrieves all conversation tags for a user.

api/models/File.js

@@ -1,6 +1,8 @@
+const mongoose = require('mongoose');
 const { logger } = require('@librechat/data-schemas');
 const { EToolResources } = require('librechat-data-provider');
-const { File } = require('~/db/models');
+
+const File = require('~/db/models').File;
 
 /**
  * Finds a file by its file_id with additional query options.

api/models/Message.js

@@ -1,7 +1,7 @@
 const { z } = require('zod');
 const { logger } = require('@librechat/data-schemas');
-const { Message } = require('~/db/models');
 
+const Message = require('~/db/models').Message;
 const idSchema = z.string().uuid();
 
 /**
@@ -253,7 +253,6 @@ async function updateMessage(req, message, metadata) {
       text: updatedMessage.text,
       isCreatedByUser: updatedMessage.isCreatedByUser,
       tokenCount: updatedMessage.tokenCount,
-      feedback: updatedMessage.feedback,
     };
   } catch (err) {
     logger.error('Error updating message:', err);

api/models/Message.spec.js

@@ -1,7 +1,37 @@
-const mongoose = require('mongoose');
-const { MongoMemoryServer } = require('mongodb-memory-server');
 const { v4: uuidv4 } = require('uuid');
-const { messageSchema } = require('@librechat/data-schemas');
+
+jest.mock('mongoose');
+
+const mockFindQuery = {
+  select: jest.fn().mockReturnThis(),
+  sort: jest.fn().mockReturnThis(),
+  lean: jest.fn().mockReturnThis(),
+  deleteMany: jest.fn().mockResolvedValue({ deletedCount: 1 }),
+};
+
+const mockSchema = {
+  findOneAndUpdate: jest.fn(),
+  updateOne: jest.fn(),
+  findOne: jest.fn(() => ({
+    lean: jest.fn(),
+  })),
+  find: jest.fn(() => mockFindQuery),
+  deleteMany: jest.fn(),
+};
+
+jest.mock('~/config/winston', () => ({
+  error: jest.fn(),
+}));
+
+const mockModels = {
+  Message: {
+    findOneAndUpdate: mockSchema.findOneAndUpdate,
+    updateOne: mockSchema.updateOne,
+    findOne: mockSchema.findOne,
+    find: mockSchema.find,
+    deleteMany: mockSchema.deleteMany,
+  },
+};
 
 const {
   saveMessage,
@@ -10,102 +40,77 @@ const {
   deleteMessages,
   updateMessageText,
   deleteMessagesSince,
-} = require('./Message');
-
-/**
- * @type {import('mongoose').Model<import('@librechat/data-schemas').IMessage>}
- */
-let Message;
+} = require('~/models/Message');
 
 describe('Message Operations', () => {
-  let mongoServer;
   let mockReq;
-  let mockMessageData;
+  let mockMessage;
 
-  beforeAll(async () => {
-    mongoServer = await MongoMemoryServer.create();
-    const mongoUri = mongoServer.getUri();
-    Message = mongoose.models.Message || mongoose.model('Message', messageSchema);
-    await mongoose.connect(mongoUri);
-  });
-
-  afterAll(async () => {
-    await mongoose.disconnect();
-    await mongoServer.stop();
-  });
-
-  beforeEach(async () => {
-    // Clear database
-    await Message.deleteMany({});
+  beforeEach(() => {
+    jest.clearAllMocks();
 
     mockReq = {
       user: { id: 'user123' },
     };
 
-    mockMessageData = {
+    mockMessage = {
       messageId: 'msg123',
       conversationId: uuidv4(),
       text: 'Hello, world!',
       user: 'user123',
     };
+
+    mockSchema.findOneAndUpdate.mockResolvedValue({
+      toObject: () => mockMessage,
+    });
   });
 
   describe('saveMessage', () => {
     it('should save a message for an authenticated user', async () => {
-      const result = await saveMessage(mockReq, mockMessageData);
-
-      expect(result.messageId).toBe('msg123');
-      expect(result.user).toBe('user123');
-      expect(result.text).toBe('Hello, world!');
-
-      // Verify the message was actually saved to the database
-      const savedMessage = await Message.findOne({ messageId: 'msg123', user: 'user123' });
-      expect(savedMessage).toBeTruthy();
-      expect(savedMessage.text).toBe('Hello, world!');
+      const result = await saveMessage(mockReq, mockMessage);
+      expect(result).toEqual(mockMessage);
+      expect(mockSchema.findOneAndUpdate).toHaveBeenCalledWith(
+        { messageId: 'msg123', user: 'user123' },
+        expect.objectContaining({ user: 'user123' }),
+        expect.any(Object),
+      );
     });
 
     it('should throw an error for unauthenticated user', async () => {
       mockReq.user = null;
-      await expect(saveMessage(mockReq, mockMessageData)).rejects.toThrow('User not authenticated');
+      await expect(saveMessage(mockReq, mockMessage)).rejects.toThrow('User not authenticated');
     });
 
-    it('should handle invalid conversation ID gracefully', async () => {
-      mockMessageData.conversationId = 'invalid-id';
-      const result = await saveMessage(mockReq, mockMessageData);
-      expect(result).toBeUndefined();
+    it('should throw an error for invalid conversation ID', async () => {
+      mockMessage.conversationId = 'invalid-id';
+      await expect(saveMessage(mockReq, mockMessage)).resolves.toBeUndefined();
     });
   });
 
   describe('updateMessageText', () => {
     it('should update message text for the authenticated user', async () => {
-      // First save a message
-      await saveMessage(mockReq, mockMessageData);
-
-      // Then update it
       await updateMessageText(mockReq, { messageId: 'msg123', text: 'Updated text' });
-
-      // Verify the update
-      const updatedMessage = await Message.findOne({ messageId: 'msg123', user: 'user123' });
-      expect(updatedMessage.text).toBe('Updated text');
+      expect(mockSchema.updateOne).toHaveBeenCalledWith(
+        { messageId: 'msg123', user: 'user123' },
+        { text: 'Updated text' },
+      );
     });
   });
 
   describe('updateMessage', () => {
     it('should update a message for the authenticated user', async () => {
-      // First save a message
-      await saveMessage(mockReq, mockMessageData);
-
+      mockSchema.findOneAndUpdate.mockResolvedValue(mockMessage);
       const result = await updateMessage(mockReq, { messageId: 'msg123', text: 'Updated text' });
-
-      expect(result.messageId).toBe('msg123');
-      expect(result.text).toBe('Updated text');
-
-      // Verify in database
-      const updatedMessage = await Message.findOne({ messageId: 'msg123', user: 'user123' });
-      expect(updatedMessage.text).toBe('Updated text');
+      expect(result).toEqual(
+        expect.objectContaining({
+          messageId: 'msg123',
+          text: 'Hello, world!',
+        }),
+      );
     });
 
     it('should throw an error if message is not found', async () => {
+      mockSchema.findOneAndUpdate.mockResolvedValue(null);
       await expect(
         updateMessage(mockReq, { messageId: 'nonexistent', text: 'Test' }),
       ).rejects.toThrow('Message not found or user not authorized.');
@@ -114,45 +119,19 @@ describe('Message Operations', () => {
 
   describe('deleteMessagesSince', () => {
     it('should delete messages only for the authenticated user', async () => {
-      const conversationId = uuidv4();
-
-      // Create multiple messages in the same conversation
-      const message1 = await saveMessage(mockReq, {
-        messageId: 'msg1',
-        conversationId,
-        text: 'First message',
-        user: 'user123',
+      mockSchema.findOne().lean.mockResolvedValueOnce({ createdAt: new Date() });
+      mockFindQuery.deleteMany.mockResolvedValueOnce({ deletedCount: 1 });
+      const result = await deleteMessagesSince(mockReq, {
+        messageId: 'msg123',
+        conversationId: 'convo123',
       });
-
-      const message2 = await saveMessage(mockReq, {
-        messageId: 'msg2',
-        conversationId,
-        text: 'Second message',
-        user: 'user123',
-      });
-
-      const message3 = await saveMessage(mockReq, {
-        messageId: 'msg3',
-        conversationId,
-        text: 'Third message',
-        user: 'user123',
-      });
-
-      // Delete messages since message2 (this should only delete messages created AFTER msg2)
-      await deleteMessagesSince(mockReq, {
-        messageId: 'msg2',
-        conversationId,
-      });
-
-      // Verify msg1 and msg2 remain, msg3 is deleted
-      const remainingMessages = await Message.find({ conversationId, user: 'user123' });
-      expect(remainingMessages).toHaveLength(2);
-      expect(remainingMessages.map((m) => m.messageId)).toContain('msg1');
-      expect(remainingMessages.map((m) => m.messageId)).toContain('msg2');
-      expect(remainingMessages.map((m) => m.messageId)).not.toContain('msg3');
+      expect(mockSchema.findOne).toHaveBeenCalledWith({ messageId: 'msg123', user: 'user123' });
+      expect(mockSchema.find).not.toHaveBeenCalled();
+      expect(result).toBeUndefined();
     });
 
     it('should return undefined if no message is found', async () => {
+      mockSchema.findOne().lean.mockResolvedValueOnce(null);
       const result = await deleteMessagesSince(mockReq, {
         messageId: 'nonexistent',
         conversationId: 'convo123',
@@ -163,71 +142,29 @@ describe('Message Operations', () => {
 
   describe('getMessages', () => {
     it('should retrieve messages with the correct filter', async () => {
-      const conversationId = uuidv4();
-
-      // Save some messages
-      await saveMessage(mockReq, {
-        messageId: 'msg1',
-        conversationId,
-        text: 'First message',
-        user: 'user123',
-      });
-
-      await saveMessage(mockReq, {
-        messageId: 'msg2',
-        conversationId,
-        text: 'Second message',
-        user: 'user123',
-      });
-
-      const messages = await getMessages({ conversationId });
-      expect(messages).toHaveLength(2);
-      expect(messages[0].text).toBe('First message');
-      expect(messages[1].text).toBe('Second message');
+      const filter = { conversationId: 'convo123' };
+      await getMessages(filter);
+      expect(mockSchema.find).toHaveBeenCalledWith(filter);
+      expect(mockFindQuery.sort).toHaveBeenCalledWith({ createdAt: 1 });
+      expect(mockFindQuery.lean).toHaveBeenCalled();
     });
   });
 
   describe('deleteMessages', () => {
     it('should delete messages with the correct filter', async () => {
-      // Save some messages for different users
-      await saveMessage(mockReq, mockMessageData);
-      await saveMessage(
-        { user: { id: 'user456' } },
-        {
-          messageId: 'msg456',
-          conversationId: uuidv4(),
-          text: 'Other user message',
-          user: 'user456',
-        },
-      );
-
       await deleteMessages({ user: 'user123' });
-
-      // Verify only user123's messages were deleted
-      const user123Messages = await Message.find({ user: 'user123' });
-      const user456Messages = await Message.find({ user: 'user456' });
-
-      expect(user123Messages).toHaveLength(0);
-      expect(user456Messages).toHaveLength(1);
+      expect(mockSchema.deleteMany).toHaveBeenCalledWith({ user: 'user123' });
     });
   });
 
   describe('Conversation Hijacking Prevention', () => {
     it("should not allow editing a message in another user's conversation", async () => {
       const attackerReq = { user: { id: 'attacker123' } };
-      const victimConversationId = uuidv4();
+      const victimConversationId = 'victim-convo-123';
       const victimMessageId = 'victim-msg-123';
 
-      // First, save a message as the victim (but we'll try to edit as attacker)
-      const victimReq = { user: { id: 'victim123' } };
-      await saveMessage(victimReq, {
-        messageId: victimMessageId,
-        conversationId: victimConversationId,
-        text: 'Victim message',
-        user: 'victim123',
-      });
+      mockSchema.findOneAndUpdate.mockResolvedValue(null);
 
-      // Attacker tries to edit the victim's message
       await expect(
         updateMessage(attackerReq, {
           messageId: victimMessageId,
@@ -236,82 +173,71 @@ describe('Message Operations', () => {
         }),
       ).rejects.toThrow('Message not found or user not authorized.');
 
-      // Verify the original message is unchanged
-      const originalMessage = await Message.findOne({
-        messageId: victimMessageId,
-        user: 'victim123',
-      });
-      expect(originalMessage.text).toBe('Victim message');
+      expect(mockSchema.findOneAndUpdate).toHaveBeenCalledWith(
+        { messageId: victimMessageId, user: 'attacker123' },
+        expect.anything(),
+        expect.anything(),
+      );
     });
 
     it("should not allow deleting messages from another user's conversation", async () => {
       const attackerReq = { user: { id: 'attacker123' } };
-      const victimConversationId = uuidv4();
+      const victimConversationId = 'victim-convo-123';
       const victimMessageId = 'victim-msg-123';
 
-      // Save a message as the victim
-      const victimReq = { user: { id: 'victim123' } };
-      await saveMessage(victimReq, {
-        messageId: victimMessageId,
-        conversationId: victimConversationId,
-        text: 'Victim message',
-        user: 'victim123',
-      });
-
-      // Attacker tries to delete from victim's conversation
+      mockSchema.findOne().lean.mockResolvedValueOnce(null); // Simulating message not found for this user
       const result = await deleteMessagesSince(attackerReq, {
         messageId: victimMessageId,
         conversationId: victimConversationId,
       });
 
       expect(result).toBeUndefined();
-
-      // Verify the victim's message still exists
-      const victimMessage = await Message.findOne({
+      expect(mockSchema.findOne).toHaveBeenCalledWith({
         messageId: victimMessageId,
-        user: 'victim123',
+        user: 'attacker123',
       });
-      expect(victimMessage).toBeTruthy();
-      expect(victimMessage.text).toBe('Victim message');
     });
 
     it("should not allow inserting a new message into another user's conversation", async () => {
       const attackerReq = { user: { id: 'attacker123' } };
-      const victimConversationId = uuidv4();
+      const victimConversationId = uuidv4(); // Use a valid UUID
 
-      // Attacker tries to save a message - this should succeed but with attacker's user ID
-      const result = await saveMessage(attackerReq, {
-        conversationId: victimConversationId,
-        text: 'Inserted malicious message',
-        messageId: 'new-msg-123',
-        user: 'attacker123',
-      });
+      await expect(
+        saveMessage(attackerReq, {
+          conversationId: victimConversationId,
+          text: 'Inserted malicious message',
+          messageId: 'new-msg-123',
+        }),
+      ).resolves.not.toThrow(); // It should not throw an error
 
-      expect(result).toBeTruthy();
-      expect(result.user).toBe('attacker123');
-
-      // Verify the message was saved with the attacker's user ID, not as an anonymous message
-      const savedMessage = await Message.findOne({ messageId: 'new-msg-123' });
-      expect(savedMessage.user).toBe('attacker123');
-      expect(savedMessage.conversationId).toBe(victimConversationId);
+      // Check that the message was saved with the attacker's user ID
+      expect(mockSchema.findOneAndUpdate).toHaveBeenCalledWith(
+        { messageId: 'new-msg-123', user: 'attacker123' },
+        expect.objectContaining({
+          user: 'attacker123',
+          conversationId: victimConversationId,
+        }),
+        expect.anything(),
+      );
     });
 
     it('should allow retrieving messages from any conversation', async () => {
-      const victimConversationId = uuidv4();
+      const victimConversationId = 'victim-convo-123';
 
-      // Save a message in the victim's conversation
-      const victimReq = { user: { id: 'victim123' } };
-      await saveMessage(victimReq, {
-        messageId: 'victim-msg',
+      await getMessages({ conversationId: victimConversationId });
+
+      expect(mockSchema.find).toHaveBeenCalledWith({
         conversationId: victimConversationId,
-        text: 'Victim message',
-        user: 'victim123',
       });
 
-      // Anyone should be able to retrieve messages by conversation ID
-      const messages = await getMessages({ conversationId: victimConversationId });
-      expect(messages).toHaveLength(1);
-      expect(messages[0].text).toBe('Victim message');
+      mockSchema.find.mockReturnValueOnce({
+        select: jest.fn().mockReturnThis(),
+        sort: jest.fn().mockReturnThis(),
+        lean: jest.fn().mockResolvedValue([{ text: 'Test message' }]),
+      });
+
+      const result = await getMessages({ conversationId: victimConversationId });
+      expect(result).toEqual([{ text: 'Test message' }]);
     });
   });
 });

api/models/Preset.js

@@ -1,5 +1,7 @@
+const mongoose = require('mongoose');
 const { logger } = require('@librechat/data-schemas');
-const { Preset } = require('~/db/models');
+
+const Preset = require('~/db/models').Preset;
 
 const getPreset = async (user, presetId) => {
   try {

api/models/Project.js

@@ -1,5 +1,7 @@
+const mongoose = require('mongoose');
 const { GLOBAL_PROJECT_NAME } = require('librechat-data-provider').Constants;
-const { Project } = require('~/db/models');
+
+const Project = require('~/db/models').Project;
 
 /**
  * Retrieve a project by ID and convert the found project document to a plain object.

api/models/Prompt.js

@@ -1,3 +1,4 @@
+const mongoose = require('mongoose');
 const { ObjectId } = require('mongodb');
 const { logger } = require('@librechat/data-schemas');
 const { SystemRoles, SystemCategories, Constants } = require('librechat-data-provider');
@@ -7,9 +8,11 @@ const {
   removeGroupIdsFromProject,
   removeGroupFromAllProjects,
 } = require('./Project');
-const { PromptGroup, Prompt } = require('~/db/models');
 const { escapeRegExp } = require('~/server/utils');
 
+const PromptGroup = require('~/db/models').PromptGroup;
+const Prompt = require('~/db/models').Prompt;
+
 /**
  * Create a pipeline for the aggregation to get prompt groups
  * @param {Object} query

api/models/Role.js

@@ -8,7 +8,8 @@ const {
 } = require('librechat-data-provider');
 const { logger } = require('@librechat/data-schemas');
 const getLogStores = require('~/cache/getLogStores');
-const { Role } = require('~/db/models');
+
+const Role = require('~/db/models').Role;
 
 /**
  * Retrieve a role by name and convert the found role document to a plain object.
@@ -170,6 +171,35 @@ async function updateAccessPermissions(roleName, permissionsUpdate) {
   }
 }
 
+/**
+ * Initialize default roles in the system.
+ * Creates the default roles (ADMIN, USER) if they don't exist in the database.
+ * Updates existing roles with new permission types if they're missing.
+ *
+ * @returns {Promise<void>}
+ */
+const initializeRoles = async function () {
+  for (const roleName of [SystemRoles.ADMIN, SystemRoles.USER]) {
+    let role = await Role.findOne({ name: roleName });
+    const defaultPerms = roleDefaults[roleName].permissions;
+
+    if (!role) {
+      // Create new role if it doesn't exist.
+      role = new Role(roleDefaults[roleName]);
+    } else {
+      // Ensure role.permissions is defined.
+      role.permissions = role.permissions || {};
+      // For each permission type in defaults, add it if missing.
+      for (const permType of Object.keys(defaultPerms)) {
+        if (role.permissions[permType] == null) {
+          role.permissions[permType] = defaultPerms[permType];
+        }
+      }
+    }
+    await role.save();
+  }
+};
+
 /**
  * Migrates roles from old schema to new schema structure.
  * This can be called directly to fix existing roles.
@@ -251,7 +281,8 @@ const migrateRoleSchema = async function (roleName) {
 
 module.exports = {
   getRoleByName,
+  initializeRoles,
   updateRoleByName,
-  migrateRoleSchema,
   updateAccessPermissions,
+  migrateRoleSchema,
 };

api/models/Role.spec.js

@@ -6,10 +6,10 @@ const {
   roleDefaults,
   PermissionTypes,
 } = require('librechat-data-provider');
-const { getRoleByName, updateAccessPermissions } = require('~/models/Role');
+const { getRoleByName, updateAccessPermissions, initializeRoles } = require('~/models/Role');
 const getLogStores = require('~/cache/getLogStores');
-const { initializeRoles } = require('~/models');
-const { Role } = require('~/db/models');
+
+const Role = require('~/db/models').Role;
 
 // Mock the cache
 jest.mock('~/cache/getLogStores', () =>

api/models/Share.js

@@ -0,0 +1,349 @@
+const { nanoid } = require('nanoid');
+const mongoose = require('mongoose');
+const { Constants } = require('librechat-data-provider');
+const { logger } = require('@librechat/data-schemas');
+const { getMessages } = require('./Message');
+
+const Conversation = require('~/db/models').Conversation;
+const SharedLink = require('~/db/models').SharedLink;
+
+class ShareServiceError extends Error {
+  constructor(message, code) {
+    super(message);
+    this.name = 'ShareServiceError';
+    this.code = code;
+  }
+}
+
+const memoizedAnonymizeId = (prefix) => {
+  const memo = new Map();
+  return (id) => {
+    if (!memo.has(id)) {
+      memo.set(id, `${prefix}_${nanoid()}`);
+    }
+    return memo.get(id);
+  };
+};
+
+const anonymizeConvoId = memoizedAnonymizeId('convo');
+const anonymizeAssistantId = memoizedAnonymizeId('a');
+const anonymizeMessageId = (id) =>
+  id === Constants.NO_PARENT ? id : memoizedAnonymizeId('msg')(id);
+
+function anonymizeConvo(conversation) {
+  if (!conversation) {
+    return null;
+  }
+
+  const newConvo = { ...conversation };
+  if (newConvo.assistant_id) {
+    newConvo.assistant_id = anonymizeAssistantId(newConvo.assistant_id);
+  }
+  return newConvo;
+}
+
+function anonymizeMessages(messages, newConvoId) {
+  if (!Array.isArray(messages)) {
+    return [];
+  }
+
+  const idMap = new Map();
+  return messages.map((message) => {
+    const newMessageId = anonymizeMessageId(message.messageId);
+    idMap.set(message.messageId, newMessageId);
+
+    const anonymizedAttachments = message.attachments?.map((attachment) => {
+      return {
+        ...attachment,
+        messageId: newMessageId,
+        conversationId: newConvoId,
+      };
+    });
+
+    return {
+      ...message,
+      messageId: newMessageId,
+      parentMessageId:
+        idMap.get(message.parentMessageId) || anonymizeMessageId(message.parentMessageId),
+      conversationId: newConvoId,
+      model: message.model?.startsWith('asst_')
+        ? anonymizeAssistantId(message.model)
+        : message.model,
+      attachments: anonymizedAttachments,
+    };
+  });
+}
+
+async function getSharedMessages(shareId) {
+  try {
+    const share = await SharedLink.findOne({ shareId, isPublic: true })
+      .populate({
+        path: 'messages',
+        select: '-_id -__v -user',
+      })
+      .select('-_id -__v -user')
+      .lean();
+
+    if (!share?.conversationId || !share.isPublic) {
+      return null;
+    }
+
+    const newConvoId = anonymizeConvoId(share.conversationId);
+    const result = {
+      ...share,
+      conversationId: newConvoId,
+      messages: anonymizeMessages(share.messages, newConvoId),
+    };
+
+    return result;
+  } catch (error) {
+    logger.error('[getShare] Error getting share link', {
+      error: error.message,
+      shareId,
+    });
+    throw new ShareServiceError('Error getting share link', 'SHARE_FETCH_ERROR');
+  }
+}
+
+async function getSharedLinks(user, pageParam, pageSize, isPublic, sortBy, sortDirection, search) {
+  try {
+    const query = { user, isPublic };
+
+    if (pageParam) {
+      if (sortDirection === 'desc') {
+        query[sortBy] = { $lt: pageParam };
+      } else {
+        query[sortBy] = { $gt: pageParam };
+      }
+    }
+
+    if (search && search.trim()) {
+      try {
+        const searchResults = await Conversation.meiliSearch(search);
+
+        if (!searchResults?.hits?.length) {
+          return {
+            links: [],
+            nextCursor: undefined,
+            hasNextPage: false,
+          };
+        }
+
+        const conversationIds = searchResults.hits.map((hit) => hit.conversationId);
+        query['conversationId'] = { $in: conversationIds };
+      } catch (searchError) {
+        logger.error('[getSharedLinks] Meilisearch error', {
+          error: searchError.message,
+          user,
+        });
+        return {
+          links: [],
+          nextCursor: undefined,
+          hasNextPage: false,
+        };
+      }
+    }
+
+    const sort = {};
+    sort[sortBy] = sortDirection === 'desc' ? -1 : 1;
+
+    if (Array.isArray(query.conversationId)) {
+      query.conversationId = { $in: query.conversationId };
+    }
+
+    const sharedLinks = await SharedLink.find(query)
+      .sort(sort)
+      .limit(pageSize + 1)
+      .select('-__v -user')
+      .lean();
+
+    const hasNextPage = sharedLinks.length > pageSize;
+    const links = sharedLinks.slice(0, pageSize);
+
+    const nextCursor = hasNextPage ? links[links.length - 1][sortBy] : undefined;
+
+    return {
+      links: links.map((link) => ({
+        shareId: link.shareId,
+        title: link?.title || 'Untitled',
+        isPublic: link.isPublic,
+        createdAt: link.createdAt,
+        conversationId: link.conversationId,
+      })),
+      nextCursor,
+      hasNextPage,
+    };
+  } catch (error) {
+    logger.error('[getSharedLinks] Error getting shares', {
+      error: error.message,
+      user,
+    });
+    throw new ShareServiceError('Error getting shares', 'SHARES_FETCH_ERROR');
+  }
+}
+
+async function deleteAllSharedLinks(user) {
+  try {
+    const result = await SharedLink.deleteMany({ user });
+    return {
+      message: 'All shared links deleted successfully',
+      deletedCount: result.deletedCount,
+    };
+  } catch (error) {
+    logger.error('[deleteAllSharedLinks] Error deleting shared links', {
+      error: error.message,
+      user,
+    });
+    throw new ShareServiceError('Error deleting shared links', 'BULK_DELETE_ERROR');
+  }
+}
+
+async function createSharedLink(user, conversationId) {
+  if (!user || !conversationId) {
+    throw new ShareServiceError('Missing required parameters', 'INVALID_PARAMS');
+  }
+  try {
+    const [existingShare, conversationMessages] = await Promise.all([
+      SharedLink.findOne({ conversationId, isPublic: true }).select('-_id -__v -user').lean(),
+      getMessages({ conversationId }),
+    ]);
+
+    if (existingShare && existingShare.isPublic) {
+      throw new ShareServiceError('Share already exists', 'SHARE_EXISTS');
+    } else if (existingShare) {
+      await SharedLink.deleteOne({ conversationId });
+    }
+
+    const conversation = await Conversation.findOne({ conversationId }).lean();
+    const title = conversation?.title || 'Untitled';
+
+    const shareId = nanoid();
+    await SharedLink.create({
+      shareId,
+      conversationId,
+      messages: conversationMessages,
+      title,
+      user,
+    });
+
+    return { shareId, conversationId };
+  } catch (error) {
+    logger.error('[createSharedLink] Error creating shared link', {
+      error: error.message,
+      user,
+      conversationId,
+    });
+    throw new ShareServiceError('Error creating shared link', 'SHARE_CREATE_ERROR');
+  }
+}
+
+async function getSharedLink(user, conversationId) {
+  if (!user || !conversationId) {
+    throw new ShareServiceError('Missing required parameters', 'INVALID_PARAMS');
+  }
+
+  try {
+    const share = await SharedLink.findOne({ conversationId, user, isPublic: true })
+      .select('shareId -_id')
+      .lean();
+
+    if (!share) {
+      return { shareId: null, success: false };
+    }
+
+    return { shareId: share.shareId, success: true };
+  } catch (error) {
+    logger.error('[getSharedLink] Error getting shared link', {
+      error: error.message,
+      user,
+      conversationId,
+    });
+    throw new ShareServiceError('Error getting shared link', 'SHARE_FETCH_ERROR');
+  }
+}
+
+async function updateSharedLink(user, shareId) {
+  if (!user || !shareId) {
+    throw new ShareServiceError('Missing required parameters', 'INVALID_PARAMS');
+  }
+
+  try {
+    const share = await SharedLink.findOne({ shareId }).select('-_id -__v -user').lean();
+
+    if (!share) {
+      throw new ShareServiceError('Share not found', 'SHARE_NOT_FOUND');
+    }
+
+    const [updatedMessages] = await Promise.all([
+      getMessages({ conversationId: share.conversationId }),
+    ]);
+
+    const newShareId = nanoid();
+    const update = {
+      messages: updatedMessages,
+      user,
+      shareId: newShareId,
+    };
+
+    const updatedShare = await SharedLink.findOneAndUpdate({ shareId, user }, update, {
+      new: true,
+      upsert: false,
+      runValidators: true,
+    }).lean();
+
+    if (!updatedShare) {
+      throw new ShareServiceError('Share update failed', 'SHARE_UPDATE_ERROR');
+    }
+
+    anonymizeConvo(updatedShare);
+
+    return { shareId: newShareId, conversationId: updatedShare.conversationId };
+  } catch (error) {
+    logger.error('[updateSharedLink] Error updating shared link', {
+      error: error.message,
+      user,
+      shareId,
+    });
+    throw new ShareServiceError(
+      error.code === 'SHARE_UPDATE_ERROR' ? error.message : 'Error updating shared link',
+      error.code || 'SHARE_UPDATE_ERROR',
+    );
+  }
+}
+
+async function deleteSharedLink(user, shareId) {
+  if (!user || !shareId) {
+    throw new ShareServiceError('Missing required parameters', 'INVALID_PARAMS');
+  }
+
+  try {
+    const result = await SharedLink.findOneAndDelete({ shareId, user }).lean();
+
+    if (!result) {
+      return null;
+    }
+
+    return {
+      success: true,
+      shareId,
+      message: 'Share deleted successfully',
+    };
+  } catch (error) {
+    logger.error('[deleteSharedLink] Error deleting shared link', {
+      error: error.message,
+      user,
+      shareId,
+    });
+    throw new ShareServiceError('Error deleting shared link', 'SHARE_DELETE_ERROR');
+  }
+}
+
+module.exports = {
+  getSharedLink,
+  getSharedLinks,
+  createSharedLink,
+  updateSharedLink,
+  deleteSharedLink,
+  getSharedMessages,
+  deleteAllSharedLinks,
+};

api/models/Token.js

@@ -0,0 +1,42 @@
+const { findToken, updateToken, createToken } = require('~/models');
+const { encryptV2 } = require('~/server/utils/crypto');
+
+/**
+ * Handles the OAuth token by creating or updating the token.
+ * @param {object} fields
+ * @param {string} fields.userId - The user's ID.
+ * @param {string} fields.token - The full token to store.
+ * @param {string} fields.identifier - Unique, alternative identifier for the token.
+ * @param {number} fields.expiresIn - The number of seconds until the token expires.
+ * @param {object} fields.metadata - Additional metadata to store with the token.
+ * @param {string} [fields.type="oauth"] - The type of token. Default is 'oauth'.
+ */
+async function handleOAuthToken({
+  token,
+  userId,
+  identifier,
+  expiresIn,
+  metadata,
+  type = 'oauth',
+}) {
+  const encrypedToken = await encryptV2(token);
+  const tokenData = {
+    type,
+    userId,
+    metadata,
+    identifier,
+    token: encrypedToken,
+    expiresIn: parseInt(expiresIn, 10) || 3600,
+  };
+
+  const existingToken = await findToken({ userId, identifier });
+  if (existingToken) {
+    return await updateToken({ identifier }, tokenData);
+  } else {
+    return await createToken(tokenData);
+  }
+}
+
+module.exports = {
+  handleOAuthToken,
+};

api/models/ToolCall.js

@@ -1,4 +1,6 @@
-const { ToolCall } = require('~/db/models');
+const mongoose = require('mongoose');
+
+const ToolCall = require('~/db/models').ToolCall;
 
 /**
  * Create a new tool call

api/models/Transaction.js

@@ -1,7 +1,10 @@
+const mongoose = require('mongoose');
 const { logger } = require('@librechat/data-schemas');
 const { getBalanceConfig } = require('~/server/services/Config');
 const { getMultiplier, getCacheMultiplier } = require('./tx');
-const { Transaction, Balance } = require('~/db/models');
+
+const Transaction = require('~/db/models').Transaction;
+const Balance = require('~/db/models').Balance;
 
 const cancelRate = 1.15;
 

api/models/Transaction.spec.js

@@ -4,7 +4,7 @@ const { spendTokens, spendStructuredTokens } = require('./spendTokens');
 const { getBalanceConfig } = require('~/server/services/Config');
 const { getMultiplier, getCacheMultiplier } = require('./tx');
 const { createTransaction } = require('./Transaction');
-const { Balance } = require('~/db/models');
+const Balance = require('~/db/models').Balance;
 
 // Mock the custom config module so we can control the balance flag.
 jest.mock('~/server/services/Config');

api/models/balanceMethods.js

@@ -1,9 +1,11 @@
+const mongoose = require('mongoose');
 const { logger } = require('@librechat/data-schemas');
 const { ViolationTypes } = require('librechat-data-provider');
 const { createAutoRefillTransaction } = require('./Transaction');
 const { logViolation } = require('~/cache');
 const { getMultiplier } = require('./tx');
-const { Balance } = require('~/db/models');
+
+const Balance = require('~/db/models').Balance;
 
 function isInvalidDate(date) {
   return isNaN(date);

api/models/convoStructure.spec.js

@@ -1,7 +1,8 @@
 const mongoose = require('mongoose');
 const { MongoMemoryServer } = require('mongodb-memory-server');
 const { getMessages, bulkSaveMessages } = require('./Message');
-const { Message } = require('~/db/models');
+
+const Message = require('~/db/models').Message;
 
 // Original version of buildTree function
 function buildTree({ messages, fileMap }) {

api/models/inviteUser.js

@@ -1,6 +1,6 @@
 const mongoose = require('mongoose');
-const { getRandomValues } = require('@librechat/api');
 const { logger, hashToken } = require('@librechat/data-schemas');
+const { getRandomValues } = require('~/server/utils/crypto');
 const { createToken, findToken } = require('~/models');
 
 /**

api/models/spendTokens.spec.js

@@ -2,8 +2,8 @@ const mongoose = require('mongoose');
 const { MongoMemoryServer } = require('mongodb-memory-server');
 const { spendTokens, spendStructuredTokens } = require('./spendTokens');
 const { createTransaction, createAutoRefillTransaction } = require('./Transaction');
-
-require('~/db/models');
+const Transaction = require('~/db/models').Transaction;
+const Balance = require('~/db/models').Balance;
 
 // Mock the logger to prevent console output during tests
 jest.mock('~/config', () => ({
@@ -20,15 +20,10 @@ jest.mock('~/server/services/Config');
 describe('spendTokens', () => {
   let mongoServer;
   let userId;
-  let Transaction;
-  let Balance;
 
   beforeAll(async () => {
     mongoServer = await MongoMemoryServer.create();
     await mongoose.connect(mongoServer.getUri());
-
-    Transaction = mongoose.model('Transaction');
-    Balance = mongoose.model('Balance');
   });
 
   afterAll(async () => {

api/models/tx.js

@@ -78,7 +78,7 @@ const tokenValues = Object.assign(
     'gpt-3.5-turbo-1106': { prompt: 1, completion: 2 },
     'o4-mini': { prompt: 1.1, completion: 4.4 },
     'o3-mini': { prompt: 1.1, completion: 4.4 },
-    o3: { prompt: 2, completion: 8 },
+    o3: { prompt: 10, completion: 40 },
     'o1-mini': { prompt: 1.1, completion: 4.4 },
     'o1-preview': { prompt: 15, completion: 60 },
     o1: { prompt: 15, completion: 60 },

api/models/userMethods.js

@@ -12,10 +12,6 @@ const comparePassword = async (user, candidatePassword) => {
     throw new Error('No user provided');
   }
 
-  if (!user.password) {
-    throw new Error('No password, likely an email first registered via Social/OIDC login');
-  }
-
   return new Promise((resolve, reject) => {
     bcrypt.compare(candidatePassword, user.password, (err, isMatch) => {
       if (err) {

api/package.json

@@ -34,25 +34,23 @@
   },
   "homepage": "https://librechat.ai",
   "dependencies": {
-    "@anthropic-ai/sdk": "^0.52.0",
+    "@anthropic-ai/sdk": "^0.37.0",
     "@aws-sdk/client-s3": "^3.758.0",
     "@aws-sdk/s3-request-presigner": "^3.758.0",
     "@azure/identity": "^4.7.0",
     "@azure/search-documents": "^12.0.0",
     "@azure/storage-blob": "^12.27.0",
-    "@google/generative-ai": "^0.24.0",
+    "@google/generative-ai": "^0.23.0",
     "@googleapis/youtube": "^20.0.0",
     "@keyv/redis": "^4.3.3",
-    "@langchain/community": "^0.3.47",
-    "@langchain/core": "^0.3.60",
-    "@langchain/google-genai": "^0.2.13",
-    "@langchain/google-vertexai": "^0.2.13",
+    "@langchain/community": "^0.3.44",
+    "@langchain/core": "^0.3.57",
+    "@langchain/google-genai": "^0.2.9",
+    "@langchain/google-vertexai": "^0.2.9",
     "@langchain/textsplitters": "^0.1.0",
-    "@librechat/agents": "^2.4.41",
-    "@librechat/api": "*",
+    "@librechat/agents": "^2.4.37",
     "@librechat/data-schemas": "*",
     "@node-saml/passport-saml": "^5.0.0",
-    "@microsoft/microsoft-graph-client": "^3.0.7",
     "@waylaidwanderer/fetch-event-source": "^3.0.1",
     "axios": "^1.8.2",
     "bcryptjs": "^2.4.3",
@@ -83,15 +81,15 @@
     "keyv-file": "^5.1.2",
     "klona": "^2.0.6",
     "librechat-data-provider": "*",
+    "librechat-mcp": "*",
     "lodash": "^4.17.21",
     "meilisearch": "^0.38.0",
     "memorystore": "^1.6.7",
     "mime": "^3.0.0",
     "module-alias": "^2.2.3",
     "mongoose": "^8.12.1",
-    "multer": "^2.0.1",
+    "multer": "^2.0.0",
     "nanoid": "^3.3.7",
-    "node-fetch": "^2.7.0",
     "nodemailer": "^6.9.15",
     "ollama": "^0.5.0",
     "openai": "^4.96.2",
@@ -111,9 +109,8 @@
     "tiktoken": "^1.0.15",
     "traverse": "^0.6.7",
     "ua-parser-js": "^1.0.36",
-    "undici": "^7.10.0",
     "winston": "^3.11.0",
-    "winston-daily-rotate-file": "^5.0.0",
+    "winston-daily-rotate-file": "^4.7.1",
     "youtube-transcript": "^1.2.1",
     "zod": "^3.22.4"
   },

api/server/cleanup.js

@@ -220,9 +220,6 @@ function disposeClient(client) {
     if (client.maxResponseTokens) {
       client.maxResponseTokens = null;
     }
-    if (client.processMemory) {
-      client.processMemory = null;
-    }
     if (client.run) {
       // Break circular references in run
       if (client.run.Graph) {

api/server/controllers/AskController.js

@@ -0,0 +1,282 @@
+const { getResponseSender, Constants } = require('librechat-data-provider');
+const {
+  handleAbortError,
+  createAbortController,
+  cleanupAbortController,
+} = require('~/server/middleware');
+const {
+  disposeClient,
+  processReqData,
+  clientRegistry,
+  requestDataMap,
+} = require('~/server/cleanup');
+const { sendMessage, createOnProgress } = require('~/server/utils');
+const { saveMessage } = require('~/models');
+const { logger } = require('~/config');
+
+const AskController = async (req, res, next, initializeClient, addTitle) => {
+  let {
+    text,
+    endpointOption,
+    conversationId,
+    modelDisplayLabel,
+    parentMessageId = null,
+    overrideParentMessageId = null,
+  } = req.body;
+
+  let client = null;
+  let abortKey = null;
+  let cleanupHandlers = [];
+  let clientRef = null;
+
+  logger.debug('[AskController]', {
+    text,
+    conversationId,
+    ...endpointOption,
+    modelsConfig: endpointOption?.modelsConfig ? 'exists' : '',
+  });
+
+  let userMessage = null;
+  let userMessagePromise = null;
+  let promptTokens = null;
+  let userMessageId = null;
+  let responseMessageId = null;
+  let getAbortData = null;
+
+  const sender = getResponseSender({
+    ...endpointOption,
+    model: endpointOption.modelOptions.model,
+    modelDisplayLabel,
+  });
+  const initialConversationId = conversationId;
+  const newConvo = !initialConversationId;
+  const userId = req.user.id;
+
+  let reqDataContext = {
+    userMessage,
+    userMessagePromise,
+    responseMessageId,
+    promptTokens,
+    conversationId,
+    userMessageId,
+  };
+
+  const updateReqData = (data = {}) => {
+    reqDataContext = processReqData(data, reqDataContext);
+    abortKey = reqDataContext.abortKey;
+    userMessage = reqDataContext.userMessage;
+    userMessagePromise = reqDataContext.userMessagePromise;
+    responseMessageId = reqDataContext.responseMessageId;
+    promptTokens = reqDataContext.promptTokens;
+    conversationId = reqDataContext.conversationId;
+    userMessageId = reqDataContext.userMessageId;
+  };
+
+  let { onProgress: progressCallback, getPartialText } = createOnProgress();
+
+  const performCleanup = () => {
+    logger.debug('[AskController] Performing cleanup');
+    if (Array.isArray(cleanupHandlers)) {
+      for (const handler of cleanupHandlers) {
+        try {
+          if (typeof handler === 'function') {
+            handler();
+          }
+        } catch (e) {
+          // Ignore
+        }
+      }
+    }
+
+    if (abortKey) {
+      logger.debug('[AskController] Cleaning up abort controller');
+      cleanupAbortController(abortKey);
+      abortKey = null;
+    }
+
+    if (client) {
+      disposeClient(client);
+      client = null;
+    }
+
+    reqDataContext = null;
+    userMessage = null;
+    userMessagePromise = null;
+    promptTokens = null;
+    getAbortData = null;
+    progressCallback = null;
+    endpointOption = null;
+    cleanupHandlers = null;
+    addTitle = null;
+
+    if (requestDataMap.has(req)) {
+      requestDataMap.delete(req);
+    }
+    logger.debug('[AskController] Cleanup completed');
+  };
+
+  try {
+    ({ client } = await initializeClient({ req, res, endpointOption }));
+    if (clientRegistry && client) {
+      clientRegistry.register(client, { userId }, client);
+    }
+
+    if (client) {
+      requestDataMap.set(req, { client });
+    }
+
+    clientRef = new WeakRef(client);
+
+    getAbortData = () => {
+      const currentClient = clientRef?.deref();
+      const currentText =
+        currentClient?.getStreamText != null ? currentClient.getStreamText() : getPartialText();
+
+      return {
+        sender,
+        conversationId,
+        messageId: reqDataContext.responseMessageId,
+        parentMessageId: overrideParentMessageId ?? userMessageId,
+        text: currentText,
+        userMessage: userMessage,
+        userMessagePromise: userMessagePromise,
+        promptTokens: reqDataContext.promptTokens,
+      };
+    };
+
+    const { onStart, abortController } = createAbortController(
+      req,
+      res,
+      getAbortData,
+      updateReqData,
+    );
+
+    const closeHandler = () => {
+      logger.debug('[AskController] Request closed');
+      if (!abortController || abortController.signal.aborted || abortController.requestCompleted) {
+        return;
+      }
+      abortController.abort();
+      logger.debug('[AskController] Request aborted on close');
+    };
+
+    res.on('close', closeHandler);
+    cleanupHandlers.push(() => {
+      try {
+        res.removeListener('close', closeHandler);
+      } catch (e) {
+        // Ignore
+      }
+    });
+
+    const messageOptions = {
+      user: userId,
+      parentMessageId,
+      conversationId: reqDataContext.conversationId,
+      overrideParentMessageId,
+      getReqData: updateReqData,
+      onStart,
+      abortController,
+      progressCallback,
+      progressOptions: {
+        res,
+      },
+    };
+
+    /** @type {TMessage} */
+    let response = await client.sendMessage(text, messageOptions);
+    response.endpoint = endpointOption.endpoint;
+
+    const databasePromise = response.databasePromise;
+    delete response.databasePromise;
+
+    const { conversation: convoData = {} } = await databasePromise;
+    const conversation = { ...convoData };
+    conversation.title =
+      conversation && !conversation.title ? null : conversation?.title || 'New Chat';
+
+    const latestUserMessage = reqDataContext.userMessage;
+
+    if (client?.options?.attachments && latestUserMessage) {
+      latestUserMessage.files = client.options.attachments;
+      if (endpointOption?.modelOptions?.model) {
+        conversation.model = endpointOption.modelOptions.model;
+      }
+      delete latestUserMessage.image_urls;
+    }
+
+    if (!abortController.signal.aborted) {
+      const finalResponseMessage = { ...response };
+
+      sendMessage(res, {
+        final: true,
+        conversation,
+        title: conversation.title,
+        requestMessage: latestUserMessage,
+        responseMessage: finalResponseMessage,
+      });
+      res.end();
+
+      if (client?.savedMessageIds && !client.savedMessageIds.has(response.messageId)) {
+        await saveMessage(
+          req,
+          { ...finalResponseMessage, user: userId },
+          { context: 'api/server/controllers/AskController.js - response end' },
+        );
+      }
+    }
+
+    if (!client?.skipSaveUserMessage && latestUserMessage) {
+      await saveMessage(req, latestUserMessage, {
+        context: "api/server/controllers/AskController.js - don't skip saving user message",
+      });
+    }
+
+    if (typeof addTitle === 'function' && parentMessageId === Constants.NO_PARENT && newConvo) {
+      addTitle(req, {
+        text,
+        response: { ...response },
+        client,
+      })
+        .then(() => {
+          logger.debug('[AskController] Title generation started');
+        })
+        .catch((err) => {
+          logger.error('[AskController] Error in title generation', err);
+        })
+        .finally(() => {
+          logger.debug('[AskController] Title generation completed');
+          performCleanup();
+        });
+    } else {
+      performCleanup();
+    }
+  } catch (error) {
+    logger.error('[AskController] Error handling request', error);
+    let partialText = '';
+    try {
+      const currentClient = clientRef?.deref();
+      partialText =
+        currentClient?.getStreamText != null ? currentClient.getStreamText() : getPartialText();
+    } catch (getTextError) {
+      logger.error('[AskController] Error calling getText() during error handling', getTextError);
+    }
+
+    handleAbortError(res, req, error, {
+      sender,
+      partialText,
+      conversationId: reqDataContext.conversationId,
+      messageId: reqDataContext.responseMessageId,
+      parentMessageId: overrideParentMessageId ?? reqDataContext.userMessageId ?? parentMessageId,
+      userMessageId: reqDataContext.userMessageId,
+    })
+      .catch((err) => {
+        logger.error('[AskController] Error in `handleAbortError` during catch block', err);
+      })
+      .finally(() => {
+        performCleanup();
+      });
+  }
+};
+
+module.exports = AskController;

api/server/controllers/Balance.js

@@ -1,4 +1,6 @@
-const { Balance } = require('~/db/models');
+const mongoose = require('mongoose');
+
+const Balance = require('~/db/models').Balance;
 
 async function balanceController(req, res) {
   const balanceData = await Balance.findOne(

api/server/controllers/EditController.js

@@ -84,7 +84,7 @@ const EditController = async (req, res, next, initializeClient) => {
     }
 
     if (abortKey) {
-      logger.debug('[EditController] Cleaning up abort controller');
+      logger.debug('[AskController] Cleaning up abort controller');
       cleanupAbortController(abortKey);
       abortKey = null;
     }

api/server/controllers/PermissionsController.js

@@ -1,437 +0,0 @@
-/**
- * @import { TUpdateResourcePermissionsRequest, TUpdateResourcePermissionsResponse } from 'librechat-data-provider'
- */
-
-const mongoose = require('mongoose');
-const { logger } = require('@librechat/data-schemas');
-const {
-  getAvailableRoles,
-  ensurePrincipalExists,
-  getEffectivePermissions,
-  ensureGroupPrincipalExists,
-  bulkUpdateResourcePermissions,
-} = require('~/server/services/PermissionService');
-const { AclEntry } = require('~/db/models');
-const {
-  searchPrincipals: searchLocalPrincipals,
-  sortPrincipalsByRelevance,
-  calculateRelevanceScore,
-} = require('~/models');
-const {
-  searchEntraIdPrincipals,
-  entraIdPrincipalFeatureEnabled,
-} = require('~/server/services/GraphApiService');
-
-/**
- * Generic controller for resource permission endpoints
- * Delegates validation and logic to PermissionService
- */
-
-/**
- * Bulk update permissions for a resource (grant, update, remove)
- * @route PUT /api/{resourceType}/{resourceId}/permissions
- * @param {Object} req - Express request object
- * @param {Object} req.params - Route parameters
- * @param {string} req.params.resourceType - Resource type (e.g., 'agent')
- * @param {string} req.params.resourceId - Resource ID
- * @param {TUpdateResourcePermissionsRequest} req.body - Request body
- * @param {Object} res - Express response object
- * @returns {Promise<TUpdateResourcePermissionsResponse>} Updated permissions response
- */
-const updateResourcePermissions = async (req, res) => {
-  try {
-    const { resourceType, resourceId } = req.params;
-    /** @type {TUpdateResourcePermissionsRequest} */
-    const { updated, removed, public: isPublic, publicAccessRoleId } = req.body;
-    const { id: userId } = req.user;
-
-    // Prepare principals for the service call
-    const updatedPrincipals = [];
-    const revokedPrincipals = [];
-
-    // Add updated principals
-    if (updated && Array.isArray(updated)) {
-      updatedPrincipals.push(...updated);
-    }
-
-    // Add public permission if enabled
-    if (isPublic && publicAccessRoleId) {
-      updatedPrincipals.push({
-        type: 'public',
-        id: null,
-        accessRoleId: publicAccessRoleId,
-      });
-    }
-
-    // Prepare authentication context for enhanced group member fetching
-    const useEntraId = entraIdPrincipalFeatureEnabled(req.user);
-    const authHeader = req.headers.authorization;
-    const accessToken =
-      authHeader && authHeader.startsWith('Bearer ') ? authHeader.substring(7) : null;
-    const authContext =
-      useEntraId && accessToken
-        ? {
-            accessToken,
-            sub: req.user.openidId,
-          }
-        : null;
-
-    // Ensure updated principals exist in the database before processing permissions
-    const validatedPrincipals = [];
-    for (const principal of updatedPrincipals) {
-      try {
-        let principalId;
-
-        if (principal.type === 'public') {
-          principalId = null; // Public principals don't need database records
-        } else if (principal.type === 'user') {
-          principalId = await ensurePrincipalExists(principal);
-        } else if (principal.type === 'group') {
-          // Pass authContext to enable member fetching for Entra ID groups when available
-          principalId = await ensureGroupPrincipalExists(principal, authContext);
-        } else {
-          logger.error(`Unsupported principal type: ${principal.type}`);
-          continue; // Skip invalid principal types
-        }
-
-        // Update the principal with the validated ID for ACL operations
-        validatedPrincipals.push({
-          ...principal,
-          id: principalId,
-        });
-      } catch (error) {
-        logger.error('Error ensuring principal exists:', {
-          principal: {
-            type: principal.type,
-            id: principal.id,
-            name: principal.name,
-            source: principal.source,
-          },
-          error: error.message,
-        });
-        // Continue with other principals instead of failing the entire operation
-        continue;
-      }
-    }
-
-    // Add removed principals
-    if (removed && Array.isArray(removed)) {
-      revokedPrincipals.push(...removed);
-    }
-
-    // If public is disabled, add public to revoked list
-    if (!isPublic) {
-      revokedPrincipals.push({
-        type: 'public',
-        id: null,
-      });
-    }
-
-    const results = await bulkUpdateResourcePermissions({
-      resourceType,
-      resourceId,
-      updatedPrincipals: validatedPrincipals,
-      revokedPrincipals,
-      grantedBy: userId,
-    });
-
-    /** @type {TUpdateResourcePermissionsResponse} */
-    const response = {
-      message: 'Permissions updated successfully',
-      results: {
-        principals: results.granted,
-        public: isPublic || false,
-        publicAccessRoleId: isPublic ? publicAccessRoleId : undefined,
-      },
-    };
-
-    res.status(200).json(response);
-  } catch (error) {
-    logger.error('Error updating resource permissions:', error);
-    res.status(400).json({
-      error: 'Failed to update permissions',
-      details: error.message,
-    });
-  }
-};
-
-/**
- * Get principals with their permission roles for a resource (UI-friendly format)
- * Uses efficient aggregation pipeline to join User/Group data in single query
- * @route GET /api/permissions/{resourceType}/{resourceId}
- */
-const getResourcePermissions = async (req, res) => {
-  try {
-    const { resourceType, resourceId } = req.params;
-
-    // Use aggregation pipeline for efficient single-query data retrieval
-    const results = await AclEntry.aggregate([
-      // Match ACL entries for this resource
-      {
-        $match: {
-          resourceType,
-          resourceId: mongoose.Types.ObjectId.isValid(resourceId)
-            ? mongoose.Types.ObjectId.createFromHexString(resourceId)
-            : resourceId,
-        },
-      },
-      // Lookup AccessRole information
-      {
-        $lookup: {
-          from: 'accessroles',
-          localField: 'roleId',
-          foreignField: '_id',
-          as: 'role',
-        },
-      },
-      // Lookup User information (for user principals)
-      {
-        $lookup: {
-          from: 'users',
-          localField: 'principalId',
-          foreignField: '_id',
-          as: 'userInfo',
-        },
-      },
-      // Lookup Group information (for group principals)
-      {
-        $lookup: {
-          from: 'groups',
-          localField: 'principalId',
-          foreignField: '_id',
-          as: 'groupInfo',
-        },
-      },
-      // Project final structure
-      {
-        $project: {
-          principalType: 1,
-          principalId: 1,
-          accessRoleId: { $arrayElemAt: ['$role.accessRoleId', 0] },
-          userInfo: { $arrayElemAt: ['$userInfo', 0] },
-          groupInfo: { $arrayElemAt: ['$groupInfo', 0] },
-        },
-      },
-    ]);
-
-    const principals = [];
-    let publicPermission = null;
-
-    // Process aggregation results
-    for (const result of results) {
-      if (result.principalType === 'public') {
-        publicPermission = {
-          public: true,
-          publicAccessRoleId: result.accessRoleId,
-        };
-      } else if (result.principalType === 'user' && result.userInfo) {
-        principals.push({
-          type: 'user',
-          id: result.userInfo._id.toString(),
-          name: result.userInfo.name || result.userInfo.username,
-          email: result.userInfo.email,
-          avatar: result.userInfo.avatar,
-          source: !result.userInfo._id ? 'entra' : 'local',
-          idOnTheSource: result.userInfo.idOnTheSource || result.userInfo._id.toString(),
-          accessRoleId: result.accessRoleId,
-        });
-      } else if (result.principalType === 'group' && result.groupInfo) {
-        principals.push({
-          type: 'group',
-          id: result.groupInfo._id.toString(),
-          name: result.groupInfo.name,
-          email: result.groupInfo.email,
-          description: result.groupInfo.description,
-          avatar: result.groupInfo.avatar,
-          source: result.groupInfo.source || 'local',
-          idOnTheSource: result.groupInfo.idOnTheSource || result.groupInfo._id.toString(),
-          accessRoleId: result.accessRoleId,
-        });
-      }
-    }
-
-    // Return response in format expected by frontend
-    const response = {
-      resourceType,
-      resourceId,
-      principals,
-      public: publicPermission?.public || false,
-      ...(publicPermission?.publicAccessRoleId && {
-        publicAccessRoleId: publicPermission.publicAccessRoleId,
-      }),
-    };
-
-    res.status(200).json(response);
-  } catch (error) {
-    logger.error('Error getting resource permissions principals:', error);
-    res.status(500).json({
-      error: 'Failed to get permissions principals',
-      details: error.message,
-    });
-  }
-};
-
-/**
- * Get available roles for a resource type
- * @route GET /api/{resourceType}/roles
- */
-const getResourceRoles = async (req, res) => {
-  try {
-    const { resourceType } = req.params;
-
-    const roles = await getAvailableRoles({ resourceType });
-
-    res.status(200).json(
-      roles.map((role) => ({
-        accessRoleId: role.accessRoleId,
-        name: role.name,
-        description: role.description,
-        permBits: role.permBits,
-      })),
-    );
-  } catch (error) {
-    logger.error('Error getting resource roles:', error);
-    res.status(500).json({
-      error: 'Failed to get roles',
-      details: error.message,
-    });
-  }
-};
-
-/**
- * Get user's effective permission bitmask for a resource
- * @route GET /api/{resourceType}/{resourceId}/effective
- */
-const getUserEffectivePermissions = async (req, res) => {
-  try {
-    const { resourceType, resourceId } = req.params;
-    const { id: userId } = req.user;
-
-    const permissionBits = await getEffectivePermissions({
-      userId,
-      resourceType,
-      resourceId,
-    });
-
-    res.status(200).json({
-      permissionBits,
-    });
-  } catch (error) {
-    logger.error('Error getting user effective permissions:', error);
-    res.status(500).json({
-      error: 'Failed to get effective permissions',
-      details: error.message,
-    });
-  }
-};
-
-/**
- * Search for users and groups to grant permissions
- * Supports hybrid local database + Entra ID search when configured
- * @route GET /api/permissions/search-principals
- */
-const searchPrincipals = async (req, res) => {
-  try {
-    const { q: query, limit = 20, type } = req.query;
-
-    if (!query || query.trim().length === 0) {
-      return res.status(400).json({
-        error: 'Query parameter "q" is required and must not be empty',
-      });
-    }
-
-    if (query.trim().length < 2) {
-      return res.status(400).json({
-        error: 'Query must be at least 2 characters long',
-      });
-    }
-
-    const searchLimit = Math.min(Math.max(1, parseInt(limit) || 10), 50);
-    const typeFilter = ['user', 'group'].includes(type) ? type : null;
-
-    const localResults = await searchLocalPrincipals(query.trim(), searchLimit, typeFilter);
-    let allPrincipals = [...localResults];
-
-    const useEntraId = entraIdPrincipalFeatureEnabled(req.user);
-
-    if (useEntraId && localResults.length < searchLimit) {
-      try {
-        const graphTypeMap = {
-          user: 'users',
-          group: 'groups',
-          null: 'all',
-        };
-
-        const authHeader = req.headers.authorization;
-        const accessToken =
-          authHeader && authHeader.startsWith('Bearer ') ? authHeader.substring(7) : null;
-
-        if (accessToken) {
-          const graphResults = await searchEntraIdPrincipals(
-            accessToken,
-            req.user.openidId,
-            query.trim(),
-            graphTypeMap[typeFilter],
-            searchLimit - localResults.length,
-          );
-
-          const localEmails = new Set(
-            localResults.map((p) => p.email?.toLowerCase()).filter(Boolean),
-          );
-          const localGroupSourceIds = new Set(
-            localResults.map((p) => p.idOnTheSource).filter(Boolean),
-          );
-
-          for (const principal of graphResults) {
-            const isDuplicateByEmail =
-              principal.email && localEmails.has(principal.email.toLowerCase());
-            const isDuplicateBySourceId =
-              principal.idOnTheSource && localGroupSourceIds.has(principal.idOnTheSource);
-
-            if (!isDuplicateByEmail && !isDuplicateBySourceId) {
-              allPrincipals.push(principal);
-            }
-          }
-        }
-      } catch (graphError) {
-        logger.warn('Graph API search failed, falling back to local results:', graphError.message);
-      }
-    }
-    const scoredResults = allPrincipals.map((item) => ({
-      ...item,
-      _searchScore: calculateRelevanceScore(item, query.trim()),
-    }));
-
-    allPrincipals = sortPrincipalsByRelevance(scoredResults)
-      .slice(0, searchLimit)
-      .map((result) => {
-        const { _searchScore, ...resultWithoutScore } = result;
-        return resultWithoutScore;
-      });
-    res.status(200).json({
-      query: query.trim(),
-      limit: searchLimit,
-      type: typeFilter,
-      results: allPrincipals,
-      count: allPrincipals.length,
-      sources: {
-        local: allPrincipals.filter((r) => r.source === 'local').length,
-        entra: allPrincipals.filter((r) => r.source === 'entra').length,
-      },
-    });
-  } catch (error) {
-    logger.error('Error searching principals:', error);
-    res.status(500).json({
-      error: 'Failed to search principals',
-      details: error.message,
-    });
-  }
-};
-
-module.exports = {
-  updateResourcePermissions,
-  getResourcePermissions,
-  getResourceRoles,
-  getUserEffectivePermissions,
-  searchPrincipals,
-};

api/server/controllers/PluginController.js

@@ -1,11 +1,9 @@
-const { logger } = require('@librechat/data-schemas');
 const { CacheKeys, AuthType } = require('librechat-data-provider');
-const { getCustomConfig, getCachedTools } = require('~/server/services/Config');
 const { getToolkitKey } = require('~/server/services/ToolService');
-const { getMCPManager, getFlowStateManager } = require('~/config');
+const { getCustomConfig } = require('~/server/services/Config');
 const { availableTools } = require('~/app/clients/tools');
+const { getMCPManager } = require('~/config');
 const { getLogStores } = require('~/cache');
-const { Constants } = require('librechat-data-provider');
 
 /**
  * Filters out duplicate plugins from the list of plugins.
@@ -86,45 +84,6 @@ const getAvailablePluginsController = async (req, res) => {
   }
 };
 
-function createServerToolsCallback() {
-  /**
-   * @param {string} serverName
-   * @param {TPlugin[] | null} serverTools
-   */
-  return async function (serverName, serverTools) {
-    try {
-      const mcpToolsCache = getLogStores(CacheKeys.MCP_TOOLS);
-      if (!serverName || !mcpToolsCache) {
-        return;
-      }
-      await mcpToolsCache.set(serverName, serverTools);
-      logger.debug(`MCP tools for ${serverName} added to cache.`);
-    } catch (error) {
-      logger.error('Error retrieving MCP tools from cache:', error);
-    }
-  };
-}
-
-function createGetServerTools() {
-  /**
-   * Retrieves cached server tools
-   * @param {string} serverName
-   * @returns {Promise<TPlugin[] | null>}
-   */
-  return async function (serverName) {
-    try {
-      const mcpToolsCache = getLogStores(CacheKeys.MCP_TOOLS);
-      if (!mcpToolsCache) {
-        return null;
-      }
-      return await mcpToolsCache.get(serverName);
-    } catch (error) {
-      logger.error('Error retrieving MCP tools from cache:', error);
-      return null;
-    }
-  };
-}
-
 /**
  * Retrieves and returns a list of available tools, either from a cache or by reading a plugin manifest file.
  *
@@ -150,16 +109,7 @@ const getAvailableTools = async (req, res) => {
     const customConfig = await getCustomConfig();
     if (customConfig?.mcpServers != null) {
       const mcpManager = getMCPManager();
-      const flowsCache = getLogStores(CacheKeys.FLOWS);
-      const flowManager = flowsCache ? getFlowStateManager(flowsCache) : null;
-      const serverToolsCallback = createServerToolsCallback();
-      const getServerTools = createGetServerTools();
-      const mcpTools = await mcpManager.loadManifestTools({
-        flowManager,
-        serverToolsCallback,
-        getServerTools,
-      });
-      pluginManifest = [...mcpTools, ...pluginManifest];
+      pluginManifest = await mcpManager.loadManifestTools(pluginManifest);
     }
 
     /** @type {TPlugin[]} */
@@ -173,57 +123,17 @@ const getAvailableTools = async (req, res) => {
       }
     });
 
-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+    const toolDefinitions = req.app.locals.availableTools;
+    const tools = authenticatedPlugins.filter(
+      (plugin) =>
+        toolDefinitions[plugin.pluginKey] !== undefined ||
+        (plugin.toolkit === true &&
+          Object.keys(toolDefinitions).some((key) => getToolkitKey(key) === plugin.pluginKey)),
+    );
 
-    const toolsOutput = [];
-    for (const plugin of authenticatedPlugins) {
-      const isToolDefined = toolDefinitions[plugin.pluginKey] !== undefined;
-      const isToolkit =
-        plugin.toolkit === true &&
-        Object.keys(toolDefinitions).some((key) => getToolkitKey(key) === plugin.pluginKey);
-
-      if (!isToolDefined && !isToolkit) {
-        continue;
-      }
-
-      const toolToAdd = { ...plugin };
-
-      if (!plugin.pluginKey.includes(Constants.mcp_delimiter)) {
-        toolsOutput.push(toolToAdd);
-        continue;
-      }
-
-      const parts = plugin.pluginKey.split(Constants.mcp_delimiter);
-      const serverName = parts[parts.length - 1];
-      const serverConfig = customConfig?.mcpServers?.[serverName];
-
-      if (!serverConfig?.customUserVars) {
-        toolsOutput.push(toolToAdd);
-        continue;
-      }
-
-      const customVarKeys = Object.keys(serverConfig.customUserVars);
-
-      if (customVarKeys.length === 0) {
-        toolToAdd.authConfig = [];
-        toolToAdd.authenticated = true;
-      } else {
-        toolToAdd.authConfig = Object.entries(serverConfig.customUserVars).map(([key, value]) => ({
-          authField: key,
-          label: value.title || key,
-          description: value.description || '',
-        }));
-        toolToAdd.authenticated = false;
-      }
-
-      toolsOutput.push(toolToAdd);
-    }
-
-    const finalTools = filterUniquePlugins(toolsOutput);
-    await cache.set(CacheKeys.TOOLS, finalTools);
-    res.status(200).json(finalTools);
+    await cache.set(CacheKeys.TOOLS, tools);
+    res.status(200).json(tools);
   } catch (error) {
-    logger.error('[getAvailableTools]', error);
     res.status(500).json({ message: error.message });
   }
 };

api/server/controllers/TwoFactorController.js

@@ -1,4 +1,3 @@
-const { encryptV3 } = require('@librechat/api');
 const { logger } = require('@librechat/data-schemas');
 const {
   verifyTOTP,
@@ -8,6 +7,7 @@ const {
   generateBackupCodes,
 } = require('~/server/services/twoFactorService');
 const { getUserById, updateUser } = require('~/models');
+const { encryptV3 } = require('~/server/utils/crypto');
 
 const safeAppTitle = (process.env.APP_TITLE || 'LibreChat').replace(/\s+/g, '');
 

api/server/controllers/UserController.js

@@ -1,6 +1,5 @@
 const {
   Tools,
-  Constants,
   FileSources,
   webSearchKeys,
   extractWebSearchEnvVars,
@@ -21,10 +20,12 @@ const { updateUserPluginsService, deleteUserKey } = require('~/server/services/U
 const { verifyEmail, resendVerificationEmail } = require('~/server/services/AuthService');
 const { needsRefresh, getNewS3URL } = require('~/server/services/Files/S3/crud');
 const { processDeleteRequest } = require('~/server/services/Files/process');
-const { Transaction, Balance, User } = require('~/db/models');
+const { deleteAllSharedLinks } = require('~/models/Share');
 const { deleteToolCalls } = require('~/models/ToolCall');
-const { deleteAllSharedLinks } = require('~/models');
-const { getMCPManager } = require('~/config');
+
+const Transaction = require('~/db/models').Transaction;
+const Balance = require('~/db/models').Balance;
+const User = require('~/db/models').User;
 
 const getUserController = async (req, res) => {
   /** @type {MongoUser} */
@@ -104,22 +105,10 @@ const updateUserPluginsController = async (req, res) => {
     }
 
     let keys = Object.keys(auth);
-    const values = Object.values(auth); // Used in 'install' block
-
-    const isMCPTool = pluginKey.startsWith('mcp_') || pluginKey.includes(Constants.mcp_delimiter);
-
-    // Early exit condition:
-    // If keys are empty (meaning auth: {} was likely sent for uninstall, or auth was empty for install)
-    // AND it's not web_search (which has special key handling to populate `keys` for uninstall)
-    // AND it's NOT (an uninstall action FOR an MCP tool - we need to proceed for this case to clear all its auth)
-    // THEN return.
-    if (
-      keys.length === 0 &&
-      pluginKey !== Tools.web_search &&
-      !(action === 'uninstall' && isMCPTool)
-    ) {
+    if (keys.length === 0 && pluginKey !== Tools.web_search) {
       return res.status(200).send();
     }
+    const values = Object.values(auth);
 
     /** @type {number} */
     let status = 200;
@@ -146,53 +135,16 @@ const updateUserPluginsController = async (req, res) => {
         }
       }
     } else if (action === 'uninstall') {
-      // const isMCPTool was defined earlier
-      if (isMCPTool && keys.length === 0) {
-        // This handles the case where auth: {} is sent for an MCP tool uninstall.
-        // It means "delete all credentials associated with this MCP pluginKey".
-        authService = await deleteUserPluginAuth(user.id, null, true, pluginKey);
+      for (let i = 0; i < keys.length; i++) {
+        authService = await deleteUserPluginAuth(user.id, keys[i]);
         if (authService instanceof Error) {
-          logger.error(
-            `[authService] Error deleting all auth for MCP tool ${pluginKey}:`,
-            authService,
-          );
+          logger.error('[authService]', authService);
           ({ status, message } = authService);
         }
-      } else {
-        // This handles:
-        // 1. Web_search uninstall (keys will be populated with all webSearchKeys if auth was {}).
-        // 2. Other tools uninstall (if keys were provided).
-        // 3. MCP tool uninstall if specific keys were provided in `auth` (not current frontend behavior).
-        // If keys is empty for non-MCP tools (and not web_search), this loop won't run, and nothing is deleted.
-        for (let i = 0; i < keys.length; i++) {
-          authService = await deleteUserPluginAuth(user.id, keys[i]); // Deletes by authField name
-          if (authService instanceof Error) {
-            logger.error('[authService] Error deleting specific auth key:', authService);
-            ({ status, message } = authService);
-          }
-        }
       }
     }
 
     if (status === 200) {
-      // If auth was updated successfully, disconnect MCP sessions as they might use these credentials
-      if (pluginKey.startsWith(Constants.mcp_prefix)) {
-        try {
-          const mcpManager = getMCPManager(user.id);
-          if (mcpManager) {
-            logger.info(
-              `[updateUserPluginsController] Disconnecting MCP connections for user ${user.id} after plugin auth update for ${pluginKey}.`,
-            );
-            await mcpManager.disconnectUserConnections(user.id);
-          }
-        } catch (disconnectError) {
-          logger.error(
-            `[updateUserPluginsController] Error disconnecting MCP connections for user ${user.id} after plugin auth update:`,
-            disconnectError,
-          );
-          // Do not fail the request for this, but log it.
-        }
-      }
       return res.status(status).send();
     }
 
@@ -214,11 +166,7 @@ const deleteUserController = async (req, res) => {
     await Balance.deleteMany({ user: user._id }); // delete user balances
     await deletePresets(user.id); // delete user presets
     /* TODO: Delete Assistant Threads */
-    try {
-      await deleteConvos(user.id); // delete user convos
-    } catch (error) {
-      logger.error('[deleteUserController] Error deleting user convos, likely no convos', error);
-    }
+    await deleteConvos(user.id); // delete user convos
     await deleteUserPluginAuth(user.id, null, true); // delete user plugin auth
     await deleteUserById(user.id); // delete user
     await deleteAllSharedLinks(user.id); // delete user shared links

api/server/controllers/agents/callbacks.js

@@ -1,6 +1,4 @@
 const { nanoid } = require('nanoid');
-const { sendEvent } = require('@librechat/api');
-const { logger } = require('@librechat/data-schemas');
 const { Tools, StepTypes, FileContext } = require('librechat-data-provider');
 const {
   EnvVar,
@@ -14,6 +12,7 @@ const {
 const { processCodeOutput } = require('~/server/services/Files/Code/process');
 const { loadAuthValues } = require('~/server/services/Tools/credentials');
 const { saveBase64Image } = require('~/server/services/Files/process');
+const { logger, sendEvent } = require('~/config');
 
 class ModelEndHandler {
   /**
@@ -241,7 +240,9 @@ function createToolEndCallback({ req, res, artifactPromises }) {
     if (output.artifact[Tools.web_search]) {
       artifactPromises.push(
         (async () => {
+          const name = `${output.name}_${output.tool_call_id}_${nanoid()}`;
           const attachment = {
+            name,
             type: Tools.web_search,
             messageId: metadata.run_id,
             toolCallId: output.tool_call_id,

api/server/controllers/agents/client.js

@@ -1,12 +1,13 @@
+// const { HttpsProxyAgent } = require('https-proxy-agent');
+// const {
+// Constants,
+// ImageDetail,
+// EModelEndpoint,
+// resolveHeaders,
+// validateVisionModel,
+// mapModelToAzureConfig,
+// } = require('librechat-data-provider');
 require('events').EventEmitter.defaultMaxListeners = 100;
-const { logger } = require('@librechat/data-schemas');
-const {
-  sendEvent,
-  createRun,
-  Tokenizer,
-  memoryInstructions,
-  createMemoryProcessor,
-} = require('@librechat/api');
 const {
   Callback,
   GraphEvents,
@@ -18,34 +19,25 @@ const {
 } = require('@librechat/agents');
 const {
   Constants,
-  Permissions,
   VisionModes,
   ContentTypes,
   EModelEndpoint,
   KnownEndpoints,
-  PermissionTypes,
   isAgentsEndpoint,
   AgentCapabilities,
   bedrockInputSchema,
   removeNullishValues,
 } = require('librechat-data-provider');
-const { DynamicStructuredTool } = require('@langchain/core/tools');
-const { getBufferString, HumanMessage } = require('@langchain/core/messages');
-const {
-  getCustomEndpointConfig,
-  createGetMCPAuthMap,
-  checkCapability,
-} = require('~/server/services/Config');
+const { getCustomEndpointConfig, checkCapability } = require('~/server/services/Config');
 const { addCacheControl, createContextHandlers } = require('~/app/clients/prompts');
-const { initializeAgent } = require('~/server/services/Endpoints/agents/agent');
 const { spendTokens, spendStructuredTokens } = require('~/models/spendTokens');
-const { getFormattedMemories, deleteMemory, setMemory } = require('~/models');
+const { getBufferString, HumanMessage } = require('@langchain/core/messages');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
 const initOpenAI = require('~/server/services/Endpoints/openAI/initialize');
-const { checkAccess } = require('~/server/middleware/roles/access');
+const Tokenizer = require('~/server/services/Tokenizer');
 const BaseClient = require('~/app/clients/BaseClient');
-const { loadAgent } = require('~/models/Agent');
-const { getMCPManager } = require('~/config');
+const { logger, sendEvent } = require('~/config');
+const { createRun } = require('./run');
 
 /**
  * @param {ServerRequest} req
@@ -65,8 +57,12 @@ const legacyContentEndpoints = new Set([KnownEndpoints.groq, KnownEndpoints.deep
 
 const noSystemModelRegex = [/\b(o1-preview|o1-mini|amazon\.titan-text)\b/gi];
 
+// const { processMemory, memoryInstructions } = require('~/server/services/Endpoints/agents/memory');
+// const { getFormattedMemories } = require('~/models/Memory');
+// const { getCurrentDateTime } = require('~/utils');
+
 function createTokenCounter(encoding) {
-  return function (message) {
+  return (message) => {
     const countTokens = (text) => Tokenizer.getTokenCount(text, encoding);
     return getTokenCountForMessage(message, countTokens);
   };
@@ -127,8 +123,6 @@ class AgentClient extends BaseClient {
     this.usage;
     /** @type {Record<string, number>} */
     this.indexTokenCountMap = {};
-    /** @type {(messages: BaseMessage[]) => Promise<void>} */
-    this.processMemory;
   }
 
   /**
@@ -143,10 +137,55 @@ class AgentClient extends BaseClient {
   }
 
   /**
-   * `AgentClient` is not opinionated about vision requests, so we don't do anything here
+   *
+   * Checks if the model is a vision model based on request attachments and sets the appropriate options:
+   * - Sets `this.modelOptions.model` to `gpt-4-vision-preview` if the request is a vision request.
+   * - Sets `this.isVisionModel` to `true` if vision request.
+   * - Deletes `this.modelOptions.stop` if vision request.
    * @param {MongoFile[]} attachments
    */
-  checkVisionRequest() {}
+  checkVisionRequest(attachments) {
+    // if (!attachments) {
+    //   return;
+    // }
+    // const availableModels = this.options.modelsConfig?.[this.options.endpoint];
+    // if (!availableModels) {
+    //   return;
+    // }
+    // let visionRequestDetected = false;
+    // for (const file of attachments) {
+    //   if (file?.type?.includes('image')) {
+    //     visionRequestDetected = true;
+    //     break;
+    //   }
+    // }
+    // if (!visionRequestDetected) {
+    //   return;
+    // }
+    // this.isVisionModel = validateVisionModel({ model: this.modelOptions.model, availableModels });
+    // if (this.isVisionModel) {
+    //   delete this.modelOptions.stop;
+    //   return;
+    // }
+    // for (const model of availableModels) {
+    //   if (!validateVisionModel({ model, availableModels })) {
+    //     continue;
+    //   }
+    //   this.modelOptions.model = model;
+    //   this.isVisionModel = true;
+    //   delete this.modelOptions.stop;
+    //   return;
+    // }
+    // if (!availableModels.includes(this.defaultVisionModel)) {
+    //   return;
+    // }
+    // if (!validateVisionModel({ model: this.defaultVisionModel, availableModels })) {
+    //   return;
+    // }
+    // this.modelOptions.model = this.defaultVisionModel;
+    // this.isVisionModel = true;
+    // delete this.modelOptions.stop;
+  }
 
   getSaveOptions() {
     // TODO:
@@ -230,6 +269,24 @@ class AgentClient extends BaseClient {
       .filter(Boolean)
       .join('\n')
       .trim();
+    // this.systemMessage = getCurrentDateTime();
+    // const { withKeys, withoutKeys } = await getFormattedMemories({
+    //   userId: this.options.req.user.id,
+    // });
+    // processMemory({
+    //   userId: this.options.req.user.id,
+    //   message: this.options.req.body.text,
+    //   parentMessageId,
+    //   memory: withKeys,
+    //   thread_id: this.conversationId,
+    // }).catch((error) => {
+    //   logger.error('Memory Agent failed to process memory', error);
+    // });
+
+    // this.systemMessage += '\n\n' + memoryInstructions;
+    // if (withoutKeys) {
+    //   this.systemMessage += `\n\n# Existing memory about the user:\n${withoutKeys}`;
+    // }
 
     if (this.options.attachments) {
       const attachments = await this.options.attachments;
@@ -313,37 +370,6 @@ class AgentClient extends BaseClient {
       systemContent = this.augmentedPrompt + systemContent;
     }
 
-    // Inject MCP server instructions if available
-    const ephemeralAgent = this.options.req.body.ephemeralAgent;
-    let mcpServers = [];
-
-    // Check for ephemeral agent MCP servers
-    if (ephemeralAgent && ephemeralAgent.mcp && ephemeralAgent.mcp.length > 0) {
-      mcpServers = ephemeralAgent.mcp;
-    }
-    // Check for regular agent MCP tools
-    else if (this.options.agent && this.options.agent.tools) {
-      mcpServers = this.options.agent.tools
-        .filter(
-          (tool) =>
-            tool instanceof DynamicStructuredTool && tool.name.includes(Constants.mcp_delimiter),
-        )
-        .map((tool) => tool.name.split(Constants.mcp_delimiter).pop())
-        .filter(Boolean);
-    }
-
-    if (mcpServers.length > 0) {
-      try {
-        const mcpInstructions = getMCPManager().formatInstructionsForContext(mcpServers);
-        if (mcpInstructions) {
-          systemContent = [systemContent, mcpInstructions].filter(Boolean).join('\n\n');
-          logger.debug('[AgentClient] Injected MCP instructions for servers:', mcpServers);
-        }
-      } catch (error) {
-        logger.error('[AgentClient] Failed to inject MCP instructions:', error);
-      }
-    }
-
     if (systemContent) {
       this.options.agent.instructions = systemContent;
     }
@@ -373,150 +399,9 @@ class AgentClient extends BaseClient {
       opts.getReqData({ promptTokens });
     }
 
-    const withoutKeys = await this.useMemory();
-    if (withoutKeys) {
-      systemContent += `${memoryInstructions}\n\n# Existing memory about the user:\n${withoutKeys}`;
-    }
-
-    if (systemContent) {
-      this.options.agent.instructions = systemContent;
-    }
-
     return result;
   }
 
-  /**
-   * @returns {Promise<string | undefined>}
-   */
-  async useMemory() {
-    const user = this.options.req.user;
-    if (user.personalization?.memories === false) {
-      return;
-    }
-    const hasAccess = await checkAccess(user, PermissionTypes.MEMORIES, [Permissions.USE]);
-
-    if (!hasAccess) {
-      logger.debug(
-        `[api/server/controllers/agents/client.js #useMemory] User ${user.id} does not have USE permission for memories`,
-      );
-      return;
-    }
-    /** @type {TCustomConfig['memory']} */
-    const memoryConfig = this.options.req?.app?.locals?.memory;
-    if (!memoryConfig || memoryConfig.disabled === true) {
-      return;
-    }
-
-    /** @type {Agent} */
-    let prelimAgent;
-    const allowedProviders = new Set(
-      this.options.req?.app?.locals?.[EModelEndpoint.agents]?.allowedProviders,
-    );
-    try {
-      if (memoryConfig.agent?.id != null && memoryConfig.agent.id !== this.options.agent.id) {
-        prelimAgent = await loadAgent({
-          req: this.options.req,
-          agent_id: memoryConfig.agent.id,
-          endpoint: EModelEndpoint.agents,
-        });
-      } else if (
-        memoryConfig.agent?.id == null &&
-        memoryConfig.agent?.model != null &&
-        memoryConfig.agent?.provider != null
-      ) {
-        prelimAgent = { id: Constants.EPHEMERAL_AGENT_ID, ...memoryConfig.agent };
-      }
-    } catch (error) {
-      logger.error(
-        '[api/server/controllers/agents/client.js #useMemory] Error loading agent for memory',
-        error,
-      );
-    }
-
-    const agent = await initializeAgent({
-      req: this.options.req,
-      res: this.options.res,
-      agent: prelimAgent,
-      allowedProviders,
-    });
-
-    if (!agent) {
-      logger.warn(
-        '[api/server/controllers/agents/client.js #useMemory] No agent found for memory',
-        memoryConfig,
-      );
-      return;
-    }
-
-    const llmConfig = Object.assign(
-      {
-        provider: agent.provider,
-        model: agent.model,
-      },
-      agent.model_parameters,
-    );
-
-    /** @type {import('@librechat/api').MemoryConfig} */
-    const config = {
-      validKeys: memoryConfig.validKeys,
-      instructions: agent.instructions,
-      llmConfig,
-      tokenLimit: memoryConfig.tokenLimit,
-    };
-
-    const userId = this.options.req.user.id + '';
-    const messageId = this.responseMessageId + '';
-    const conversationId = this.conversationId + '';
-    const [withoutKeys, processMemory] = await createMemoryProcessor({
-      userId,
-      config,
-      messageId,
-      conversationId,
-      memoryMethods: {
-        setMemory,
-        deleteMemory,
-        getFormattedMemories,
-      },
-      res: this.options.res,
-    });
-
-    this.processMemory = processMemory;
-    return withoutKeys;
-  }
-
-  /**
-   * @param {BaseMessage[]} messages
-   * @returns {Promise<void | (TAttachment | null)[]>}
-   */
-  async runMemory(messages) {
-    try {
-      if (this.processMemory == null) {
-        return;
-      }
-      /** @type {TCustomConfig['memory']} */
-      const memoryConfig = this.options.req?.app?.locals?.memory;
-      const messageWindowSize = memoryConfig?.messageWindowSize ?? 5;
-
-      let messagesToProcess = [...messages];
-      if (messages.length > messageWindowSize) {
-        for (let i = messages.length - messageWindowSize; i >= 0; i--) {
-          const potentialWindow = messages.slice(i, i + messageWindowSize);
-          if (potentialWindow[0]?.role === 'user') {
-            messagesToProcess = [...potentialWindow];
-            break;
-          }
-        }
-
-        if (messagesToProcess.length === messages.length) {
-          messagesToProcess = [...messages.slice(-messageWindowSize)];
-        }
-      }
-      return await this.processMemory(messagesToProcess);
-    } catch (error) {
-      logger.error('Memory Agent failed to process memory', error);
-    }
-  }
-
   /** @type {sendCompletion} */
   async sendCompletion(payload, opts = {}) {
     await this.chatCompletion({
@@ -659,13 +544,100 @@ class AgentClient extends BaseClient {
     let config;
     /** @type {ReturnType<createRun>} */
     let run;
-    /** @type {Promise<(TAttachment | null)[] | undefined>} */
-    let memoryPromise;
     try {
       if (!abortController) {
         abortController = new AbortController();
       }
 
+      // if (this.options.headers) {
+      //   opts.defaultHeaders = { ...opts.defaultHeaders, ...this.options.headers };
+      // }
+
+      // if (this.options.proxy) {
+      //   opts.httpAgent = new HttpsProxyAgent(this.options.proxy);
+      // }
+
+      // if (this.isVisionModel) {
+      //   modelOptions.max_tokens = 4000;
+      // }
+
+      // /** @type {TAzureConfig | undefined} */
+      // const azureConfig = this.options?.req?.app?.locals?.[EModelEndpoint.azureOpenAI];
+
+      // if (
+      //   (this.azure && this.isVisionModel && azureConfig) ||
+      //   (azureConfig && this.isVisionModel && this.options.endpoint === EModelEndpoint.azureOpenAI)
+      // ) {
+      //   const { modelGroupMap, groupMap } = azureConfig;
+      //   const {
+      //     azureOptions,
+      //     baseURL,
+      //     headers = {},
+      //     serverless,
+      //   } = mapModelToAzureConfig({
+      //     modelName: modelOptions.model,
+      //     modelGroupMap,
+      //     groupMap,
+      //   });
+      //   opts.defaultHeaders = resolveHeaders(headers);
+      //   this.langchainProxy = extractBaseURL(baseURL);
+      //   this.apiKey = azureOptions.azureOpenAIApiKey;
+
+      //   const groupName = modelGroupMap[modelOptions.model].group;
+      //   this.options.addParams = azureConfig.groupMap[groupName].addParams;
+      //   this.options.dropParams = azureConfig.groupMap[groupName].dropParams;
+      //   // Note: `forcePrompt` not re-assigned as only chat models are vision models
+
+      //   this.azure = !serverless && azureOptions;
+      //   this.azureEndpoint =
+      //     !serverless && genAzureChatCompletion(this.azure, modelOptions.model, this);
+      // }
+
+      // if (this.azure || this.options.azure) {
+      //   /* Azure Bug, extremely short default `max_tokens` response */
+      //   if (!modelOptions.max_tokens && modelOptions.model === 'gpt-4-vision-preview') {
+      //     modelOptions.max_tokens = 4000;
+      //   }
+
+      //   /* Azure does not accept `model` in the body, so we need to remove it. */
+      //   delete modelOptions.model;
+
+      //   opts.baseURL = this.langchainProxy
+      //     ? constructAzureURL({
+      //       baseURL: this.langchainProxy,
+      //       azureOptions: this.azure,
+      //     })
+      //     : this.azureEndpoint.split(/(?<!\/)\/(chat|completion)\//)[0];
+
+      //   opts.defaultQuery = { 'api-version': this.azure.azureOpenAIApiVersion };
+      //   opts.defaultHeaders = { ...opts.defaultHeaders, 'api-key': this.apiKey };
+      // }
+
+      // if (process.env.OPENAI_ORGANIZATION) {
+      //   opts.organization = process.env.OPENAI_ORGANIZATION;
+      // }
+
+      // if (this.options.addParams && typeof this.options.addParams === 'object') {
+      //   modelOptions = {
+      //     ...modelOptions,
+      //     ...this.options.addParams,
+      //   };
+      //   logger.debug('[api/server/controllers/agents/client.js #chatCompletion] added params', {
+      //     addParams: this.options.addParams,
+      //     modelOptions,
+      //   });
+      // }
+
+      // if (this.options.dropParams && Array.isArray(this.options.dropParams)) {
+      //   this.options.dropParams.forEach((param) => {
+      //     delete modelOptions[param];
+      //   });
+      //   logger.debug('[api/server/controllers/agents/client.js #chatCompletion] dropped params', {
+      //     dropParams: this.options.dropParams,
+      //     modelOptions,
+      //   });
+      // }
+
       /** @type {TCustomConfig['endpoints']['agents']} */
       const agentsEConfig = this.options.req.app.locals[EModelEndpoint.agents];
 
@@ -675,7 +647,6 @@ class AgentClient extends BaseClient {
           last_agent_index: this.agentConfigs?.size ?? 0,
           user_id: this.user ?? this.options.req.user?.id,
           hide_sequential_outputs: this.options.agent.hide_sequential_outputs,
-          user: this.options.req.user,
         },
         recursionLimit: agentsEConfig?.recursionLimit,
         signal: abortController.signal,
@@ -683,8 +654,6 @@ class AgentClient extends BaseClient {
         version: 'v2',
       };
 
-      const getUserMCPAuthMap = await createGetMCPAuthMap();
-
       const toolSet = new Set((this.options.agent.tools ?? []).map((tool) => tool && tool.name));
       let { messages: initialMessages, indexTokenCountMap } = formatAgentMessages(
         payload,
@@ -765,10 +734,6 @@ class AgentClient extends BaseClient {
           messages = addCacheControl(messages);
         }
 
-        if (i === 0) {
-          memoryPromise = this.runMemory(messages);
-        }
-
         run = await createRun({
           agent,
           req: this.options.req,
@@ -804,23 +769,10 @@ class AgentClient extends BaseClient {
           run.Graph.contentData = contentData;
         }
 
-        try {
-          if (getUserMCPAuthMap) {
-            config.configurable.userMCPAuthMap = await getUserMCPAuthMap({
-              tools: agent.tools,
-              userId: this.options.req.user.id,
-            });
-          }
-        } catch (err) {
-          logger.error(
-            `[api/server/controllers/agents/client.js #chatCompletion] Error getting custom user vars for agent ${agent.id}`,
-            err,
-          );
-        }
-
+        const encoding = this.getEncoding();
         await run.processStream({ messages }, config, {
           keepContent: i !== 0,
-          tokenCounter: createTokenCounter(this.getEncoding()),
+          tokenCounter: createTokenCounter(encoding),
           indexTokenCountMap: currentIndexCountMap,
           maxContextTokens: agent.maxContextTokens,
           callbacks: {
@@ -935,12 +887,6 @@ class AgentClient extends BaseClient {
       });
 
       try {
-        if (memoryPromise) {
-          const attachments = await memoryPromise;
-          if (attachments && attachments.length > 0) {
-            this.artifactPromises.push(...attachments);
-          }
-        }
         await this.recordCollectedUsage({ context: 'message' });
       } catch (err) {
         logger.error(
@@ -949,12 +895,6 @@ class AgentClient extends BaseClient {
         );
       }
     } catch (err) {
-      if (memoryPromise) {
-        const attachments = await memoryPromise;
-        if (attachments && attachments.length > 0) {
-          this.artifactPromises.push(...attachments);
-        }
-      }
       logger.error(
         '[api/server/controllers/agents/client.js #sendCompletion] Operation aborted',
         err,

api/server/controllers/agents/request.js

@@ -228,7 +228,7 @@ const AgentController = async (req, res, next, initializeClient, addTitle) => {
     // Save user message if needed
     if (!client.skipSaveUserMessage) {
       await saveMessage(req, userMessage, {
-        context: "api/server/controllers/agents/request.js - don't skip saving user message",
+        context: 'api/server/controllers/agents/request.js - don\'t skip saving user message',
       });
     }
 

api/server/controllers/agents/run.js

@@ -0,0 +1,94 @@
+const { Run, Providers } = require('@librechat/agents');
+const { providerEndpointMap, KnownEndpoints } = require('librechat-data-provider');
+
+/**
+ * @typedef {import('@librechat/agents').t} t
+ * @typedef {import('@librechat/agents').StandardGraphConfig} StandardGraphConfig
+ * @typedef {import('@librechat/agents').StreamEventData} StreamEventData
+ * @typedef {import('@librechat/agents').EventHandler} EventHandler
+ * @typedef {import('@librechat/agents').GraphEvents} GraphEvents
+ * @typedef {import('@librechat/agents').LLMConfig} LLMConfig
+ * @typedef {import('@librechat/agents').IState} IState
+ */
+
+const customProviders = new Set([
+  Providers.XAI,
+  Providers.OLLAMA,
+  Providers.DEEPSEEK,
+  Providers.OPENROUTER,
+]);
+
+/**
+ * Creates a new Run instance with custom handlers and configuration.
+ *
+ * @param {Object} options - The options for creating the Run instance.
+ * @param {ServerRequest} [options.req] - The server request.
+ * @param {string | undefined} [options.runId] - Optional run ID; otherwise, a new run ID will be generated.
+ * @param {Agent} options.agent - The agent for this run.
+ * @param {AbortSignal} options.signal - The signal for this run.
+ * @param {Record<GraphEvents, EventHandler> | undefined} [options.customHandlers] - Custom event handlers.
+ * @param {boolean} [options.streaming=true] - Whether to use streaming.
+ * @param {boolean} [options.streamUsage=true] - Whether to stream usage information.
+ * @returns {Promise<Run<IState>>} A promise that resolves to a new Run instance.
+ */
+async function createRun({
+  runId,
+  agent,
+  signal,
+  customHandlers,
+  streaming = true,
+  streamUsage = true,
+}) {
+  const provider = providerEndpointMap[agent.provider] ?? agent.provider;
+  /** @type {LLMConfig} */
+  const llmConfig = Object.assign(
+    {
+      provider,
+      streaming,
+      streamUsage,
+    },
+    agent.model_parameters,
+  );
+
+  /** Resolves issues with new OpenAI usage field */
+  if (
+    customProviders.has(agent.provider) ||
+    (agent.provider === Providers.OPENAI && agent.endpoint !== agent.provider)
+  ) {
+    llmConfig.streamUsage = false;
+    llmConfig.usage = true;
+  }
+
+  /** @type {'reasoning_content' | 'reasoning'} */
+  let reasoningKey;
+  if (
+    llmConfig.configuration?.baseURL?.includes(KnownEndpoints.openrouter) ||
+    (agent.endpoint && agent.endpoint.toLowerCase().includes(KnownEndpoints.openrouter))
+  ) {
+    reasoningKey = 'reasoning';
+  }
+
+  /** @type {StandardGraphConfig} */
+  const graphConfig = {
+    signal,
+    llmConfig,
+    reasoningKey,
+    tools: agent.tools,
+    instructions: agent.instructions,
+    additional_instructions: agent.additional_instructions,
+    // toolEnd: agent.end_after_tools,
+  };
+
+  // TEMPORARY FOR TESTING
+  if (agent.provider === Providers.ANTHROPIC || agent.provider === Providers.BEDROCK) {
+    graphConfig.streamBuffer = 2000;
+  }
+
+  return Run.create({
+    runId,
+    graphConfig,
+    customHandlers,
+  });
+}
+
+module.exports = { createRun };

api/server/controllers/agents/v1.js

@@ -1,10 +1,11 @@
 const fs = require('fs').promises;
 const { nanoid } = require('nanoid');
-const { logger, PermissionBits } = require('@librechat/data-schemas');
 const {
   Tools,
-  SystemRoles,
+  Constants,
+  FileContext,
   FileSources,
+  SystemRoles,
   EToolResources,
   actionDelimiter,
 } = require('librechat-data-provider');
@@ -13,26 +14,17 @@ const {
   createAgent,
   updateAgent,
   deleteAgent,
-  getListAgentsByAccess,
-  countPromotedAgents,
-  updateAgentProjects,
-  revertAgentVersion,
+  getListAgents,
 } = require('~/models/Agent');
-const {
-  grantPermission,
-  findAccessibleResources,
-  findPubliclyAccessibleResources,
-  hasPublicPermission,
-} = require('~/server/services/PermissionService');
+const { uploadImageBuffer, filterFile } = require('~/server/services/Files/process');
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
-const { resizeAvatar } = require('~/server/services/Files/images/avatar');
 const { refreshS3Url } = require('~/server/services/Files/S3/crud');
-const { filterFile } = require('~/server/services/Files/process');
 const { updateAction, getActions } = require('~/models/Action');
-const { getCachedTools } = require('~/server/services/Config');
-const { revertAgentVersion } = require('~/models/Agent');
+const { updateAgentProjects } = require('~/models/Agent');
+const { getProjectByName } = require('~/models/Project');
 const { deleteFileByFilter } = require('~/models/File');
-const { getCategoriesWithCounts } = require('~/models');
+const { revertAgentVersion } = require('~/models/Agent');
+const { logger } = require('~/config');
 
 const systemTools = {
   [Tools.execute_code]: true,
@@ -54,9 +46,8 @@ const createAgentHandler = async (req, res) => {
 
     agentData.tools = [];
 
-    const availableTools = await getCachedTools({ includeGlobal: true });
     for (const tool of tools) {
-      if (availableTools[tool]) {
+      if (req.app.locals.availableTools[tool]) {
         agentData.tools.push(tool);
       }
 
@@ -76,27 +67,6 @@ const createAgentHandler = async (req, res) => {
 
     agentData.id = `agent_${nanoid()}`;
     const agent = await createAgent(agentData);
-
-    // Automatically grant owner permissions to the creator
-    try {
-      await grantPermission({
-        principalType: 'user',
-        principalId: userId,
-        resourceType: 'agent',
-        resourceId: agent._id,
-        accessRoleId: 'agent_owner',
-        grantedBy: userId,
-      });
-      logger.debug(
-        `[createAgent] Granted owner permissions to user ${userId} for agent ${agent.id}`,
-      );
-    } catch (permissionError) {
-      logger.error(
-        `[createAgent] Failed to grant owner permissions for agent ${agent.id}:`,
-        permissionError,
-      );
-    }
-
     res.status(201).json(agent);
   } catch (error) {
     logger.error('[/Agents] Error creating agent', error);
@@ -115,14 +85,21 @@ const createAgentHandler = async (req, res) => {
  * @returns {Promise<Agent>} 200 - success response - application/json
  * @returns {Error} 404 - Agent not found
  */
-const getAgentHandler = async (req, res, expandProperties = false) => {
+const getAgentHandler = async (req, res) => {
   try {
     const id = req.params.id;
     const author = req.user.id;
 
-    // Permissions are validated by middleware before calling this function
-    // Simply load the agent by ID
-    const agent = await getAgent({ id });
+    let query = { id, author };
+
+    const globalProject = await getProjectByName(Constants.GLOBAL_PROJECT_NAME, ['agentIds']);
+    if (globalProject && (globalProject.agentIds?.length ?? 0) > 0) {
+      query = {
+        $or: [{ id, $in: globalProject.agentIds }, query],
+      };
+    }
+
+    const agent = await getAgent(query);
 
     if (!agent) {
       return res.status(404).json({ error: 'Agent not found' });
@@ -139,45 +116,23 @@ const getAgentHandler = async (req, res, expandProperties = false) => {
     }
 
     agent.author = agent.author.toString();
-
-    // @deprecated - isCollaborative replaced by ACL permissions
     agent.isCollaborative = !!agent.isCollaborative;
 
-    // Check if agent is public
-    const isPublic = await hasPublicPermission({
-      resourceType: 'agent',
-      resourceId: agent._id,
-      requiredPermissions: PermissionBits.VIEW,
-    });
-    agent.isPublic = isPublic;
-
     if (agent.author !== author) {
       delete agent.author;
     }
 
-    if (!expandProperties) {
-      // VIEW permission: Basic agent info only
+    if (!agent.isCollaborative && agent.author !== author && req.user.role !== SystemRoles.ADMIN) {
       return res.status(200).json({
-        _id: agent._id,
         id: agent.id,
         name: agent.name,
-        description: agent.description,
         avatar: agent.avatar,
         author: agent.author,
-        provider: agent.provider,
-        model: agent.model,
         projectIds: agent.projectIds,
-        // @deprecated - isCollaborative replaced by ACL permissions
         isCollaborative: agent.isCollaborative,
-        isPublic: agent.isPublic,
         version: agent.version,
-        // Safe metadata
-        createdAt: agent.createdAt,
-        updatedAt: agent.updatedAt,
       });
     }
-
-    // EDIT permission: Full agent details including sensitive configuration
     return res.status(200).json(agent);
   } catch (error) {
     logger.error('[/Agents/:id] Error retrieving agent', error);
@@ -197,20 +152,36 @@ const getAgentHandler = async (req, res, expandProperties = false) => {
 const updateAgentHandler = async (req, res) => {
   try {
     const id = req.params.id;
-    const { _id, ...updateData } = req.body;
+    const { projectIds, removeProjectIds, ...updateData } = req.body;
+    const isAdmin = req.user.role === SystemRoles.ADMIN;
     const existingAgent = await getAgent({ id });
+    const isAuthor = existingAgent.author.toString() === req.user.id;
 
     if (!existingAgent) {
       return res.status(404).json({ error: 'Agent not found' });
     }
+    const hasEditPermission = existingAgent.isCollaborative || isAdmin || isAuthor;
+
+    if (!hasEditPermission) {
+      return res.status(403).json({
+        error: 'You do not have permission to modify this non-collaborative agent',
+      });
+    }
 
     let updatedAgent =
       Object.keys(updateData).length > 0
-        ? await updateAgent({ id }, updateData, {
-            updatingUserId: req.user.id,
-          })
+        ? await updateAgent({ id }, updateData, { updatingUserId: req.user.id })
         : existingAgent;
 
+    if (projectIds || removeProjectIds) {
+      updatedAgent = await updateAgentProjects({
+        user: req.user,
+        agentId: id,
+        projectIds,
+        removeProjectIds,
+      });
+    }
+
     if (updatedAgent.author) {
       updatedAgent.author = updatedAgent.author.toString();
     }
@@ -328,26 +299,6 @@ const duplicateAgentHandler = async (req, res) => {
     newAgentData.actions = agentActions;
     const newAgent = await createAgent(newAgentData);
 
-    // Automatically grant owner permissions to the duplicator
-    try {
-      await grantPermission({
-        principalType: 'user',
-        principalId: userId,
-        resourceType: 'agent',
-        resourceId: newAgent._id,
-        accessRoleId: 'agent_owner',
-        grantedBy: userId,
-      });
-      logger.debug(
-        `[duplicateAgent] Granted owner permissions to user ${userId} for duplicated agent ${newAgent.id}`,
-      );
-    } catch (permissionError) {
-      logger.error(
-        `[duplicateAgent] Failed to grant owner permissions for duplicated agent ${newAgent.id}:`,
-        permissionError,
-      );
-    }
-
     return res.status(201).json({
       agent: newAgent,
       actions: newActionsList,
@@ -374,7 +325,7 @@ const deleteAgentHandler = async (req, res) => {
     if (!agent) {
       return res.status(404).json({ error: 'Agent not found' });
     }
-    await deleteAgent({ id });
+    await deleteAgent({ id, author: req.user.id });
     return res.json({ message: 'Agent deleted' });
   } catch (error) {
     logger.error('[/Agents/:id] Error deleting Agent', error);
@@ -383,7 +334,7 @@ const deleteAgentHandler = async (req, res) => {
 };
 
 /**
- * Lists agents using ACL-aware permissions (ownership + explicit shares).
+ *
  * @route GET /Agents
  * @param {object} req - Express Request
  * @param {object} req.query - Request query
@@ -392,64 +343,9 @@ const deleteAgentHandler = async (req, res) => {
  */
 const getListAgentsHandler = async (req, res) => {
   try {
-    const userId = req.user.id;
-    const { category, search, limit, cursor, promoted } = req.query;
-    let requiredPermission = req.query.requiredPermission;
-    if (typeof requiredPermission === 'string') {
-      requiredPermission = parseInt(requiredPermission, 10);
-      if (isNaN(requiredPermission)) {
-        requiredPermission = PermissionBits.VIEW;
-      }
-    } else if (typeof requiredPermission !== 'number') {
-      requiredPermission = PermissionBits.VIEW;
-    }
-    // Base filter
-    const filter = {};
-
-    // Handle category filter - only apply if category is defined
-    if (category !== undefined && category.trim() !== '') {
-      filter.category = category;
-    }
-
-    // Handle promoted filter - only from query param
-    if (promoted === '1') {
-      filter.is_promoted = true;
-    } else if (promoted === '0') {
-      filter.is_promoted = { $ne: true };
-    }
-
-    // Handle search filter
-    if (search && search.trim() !== '') {
-      filter.$or = [
-        { name: { $regex: search.trim(), $options: 'i' } },
-        { description: { $regex: search.trim(), $options: 'i' } },
-      ];
-    }
-    // Get agent IDs the user has VIEW access to via ACL
-    const accessibleIds = await findAccessibleResources({
-      userId,
-      resourceType: 'agent',
-      requiredPermissions: requiredPermission,
+    const data = await getListAgents({
+      author: req.user.id,
     });
-    const publiclyAccessibleIds = await findPubliclyAccessibleResources({
-      resourceType: 'agent',
-      requiredPermissions: PermissionBits.VIEW,
-    });
-    // Use the new ACL-aware function
-    const data = await getListAgentsByAccess({
-      accessibleIds,
-      otherParams: filter,
-      limit,
-      after: cursor,
-    });
-    if (data?.data?.length) {
-      data.data = data.data.map((agent) => {
-        if (publiclyAccessibleIds.some((id) => id.equals(agent._id))) {
-          agent.isPublic = true;
-        }
-        return agent;
-      });
-    }
     return res.json(data);
   } catch (error) {
     logger.error('[/Agents] Error listing Agents', error);
@@ -477,27 +373,12 @@ const uploadAgentAvatarHandler = async (req, res) => {
     }
 
     const buffer = await fs.readFile(req.file.path);
-
-    const fileStrategy = req.app.locals.fileStrategy;
-
-    const resizedBuffer = await resizeAvatar({
-      userId: req.user.id,
-      input: buffer,
+    const image = await uploadImageBuffer({
+      req,
+      context: FileContext.avatar,
+      metadata: { buffer },
     });
 
-    const { processAvatar } = getStrategyFunctions(fileStrategy);
-    const avatarUrl = await processAvatar({
-      buffer: resizedBuffer,
-      userId: req.user.id,
-      manual: 'false',
-      agentId: agent_id,
-    });
-
-    const image = {
-      filepath: avatarUrl,
-      source: fileStrategy,
-    };
-
     let _avatar;
     try {
       const agent = await getAgent({ id: agent_id });
@@ -522,12 +403,12 @@ const uploadAgentAvatarHandler = async (req, res) => {
     const data = {
       avatar: {
         filepath: image.filepath,
-        source: image.source,
+        source: req.app.locals.fileStrategy,
       },
     };
 
     promises.push(
-      await updateAgent({ id: agent_id }, data, {
+      await updateAgent({ id: agent_id, author: req.user.id }, data, {
         updatingUserId: req.user.id,
       }),
     );
@@ -542,7 +423,7 @@ const uploadAgentAvatarHandler = async (req, res) => {
     try {
       await fs.unlink(req.file.path);
       logger.debug('[/:agent_id/avatar] Temp. image upload file deleted');
-    } catch {
+    } catch (error) {
       logger.debug('[/:agent_id/avatar] Temp. image upload file already deleted');
     }
   }
@@ -607,48 +488,7 @@ const revertAgentVersionHandler = async (req, res) => {
     res.status(500).json({ error: error.message });
   }
 };
-/**
- * Get all agent categories with counts
- *
- * @param {Object} _req - Express request object (unused)
- * @param {Object} res - Express response object
- */
-const getAgentCategories = async (_req, res) => {
-  try {
-    const categories = await getCategoriesWithCounts();
-    const promotedCount = await countPromotedAgents();
-    const formattedCategories = categories.map((category) => ({
-      value: category.value,
-      label: category.label,
-      count: category.agentCount,
-      description: category.description,
-    }));
 
-    if (promotedCount > 0) {
-      formattedCategories.unshift({
-        value: 'promoted',
-        label: 'Promoted',
-        count: promotedCount,
-        description: 'Our recommended agents',
-      });
-    }
-
-    formattedCategories.push({
-      value: 'all',
-      label: 'All',
-      description: 'All available agents',
-    });
-
-    res.status(200).json(formattedCategories);
-  } catch (error) {
-    logger.error('[/Agents/Marketplace] Error fetching agent categories:', error);
-    res.status(500).json({
-      error: 'Failed to fetch agent categories',
-      userMessage: 'Unable to load categories. Please refresh the page.',
-      suggestion: 'Try refreshing the page or check your network connection',
-    });
-  }
-};
 module.exports = {
   createAgent: createAgentHandler,
   getAgent: getAgentHandler,
@@ -658,5 +498,4 @@ module.exports = {
   getListAgents: getListAgentsHandler,
   uploadAgentAvatar: uploadAgentAvatarHandler,
   revertAgentVersion: revertAgentVersionHandler,
-  getAgentCategories,
 };

api/server/controllers/assistants/v1.js

@@ -1,5 +1,4 @@
 const fs = require('fs').promises;
-const { logger } = require('@librechat/data-schemas');
 const { FileContext } = require('librechat-data-provider');
 const { uploadImageBuffer, filterFile } = require('~/server/services/Files/process');
 const validateAuthor = require('~/server/middleware/assistants/validateAuthor');
@@ -7,9 +6,9 @@ const { getStrategyFunctions } = require('~/server/services/Files/strategies');
 const { deleteAssistantActions } = require('~/server/services/ActionService');
 const { updateAssistantDoc, getAssistants } = require('~/models/Assistant');
 const { getOpenAIClient, fetchAssistants } = require('./helpers');
-const { getCachedTools } = require('~/server/services/Config');
 const { manifestToolMap } = require('~/app/clients/tools');
 const { deleteFileByFilter } = require('~/models/File');
+const { logger } = require('~/config');
 
 /**
  * Create an assistant.
@@ -31,20 +30,21 @@ const createAssistant = async (req, res) => {
     delete assistantData.conversation_starters;
     delete assistantData.append_current_datetime;
 
-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
-
     assistantData.tools = tools
       .map((tool) => {
         if (typeof tool !== 'string') {
           return tool;
         }
 
+        const toolDefinitions = req.app.locals.availableTools;
         const toolDef = toolDefinitions[tool];
         if (!toolDef && manifestToolMap[tool] && manifestToolMap[tool].toolkit === true) {
-          return Object.entries(toolDefinitions)
-            .filter(([key]) => key.startsWith(`${tool}_`))
-
-            .map(([_, val]) => val);
+          return (
+            Object.entries(toolDefinitions)
+              .filter(([key]) => key.startsWith(`${tool}_`))
+              // eslint-disable-next-line no-unused-vars
+              .map(([_, val]) => val)
+          );
         }
 
         return toolDef;
@@ -135,21 +135,21 @@ const patchAssistant = async (req, res) => {
       append_current_datetime,
       ...updateData
     } = req.body;
-
-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
-
     updateData.tools = (updateData.tools ?? [])
       .map((tool) => {
         if (typeof tool !== 'string') {
           return tool;
         }
 
+        const toolDefinitions = req.app.locals.availableTools;
         const toolDef = toolDefinitions[tool];
         if (!toolDef && manifestToolMap[tool] && manifestToolMap[tool].toolkit === true) {
-          return Object.entries(toolDefinitions)
-            .filter(([key]) => key.startsWith(`${tool}_`))
-
-            .map(([_, val]) => val);
+          return (
+            Object.entries(toolDefinitions)
+              .filter(([key]) => key.startsWith(`${tool}_`))
+              // eslint-disable-next-line no-unused-vars
+              .map(([_, val]) => val)
+          );
         }
 
         return toolDef;

api/server/controllers/assistants/v2.js

@@ -1,11 +1,10 @@
-const { logger } = require('@librechat/data-schemas');
 const { ToolCallTypes } = require('librechat-data-provider');
 const validateAuthor = require('~/server/middleware/assistants/validateAuthor');
 const { validateAndUpdateTool } = require('~/server/services/ActionService');
-const { getCachedTools } = require('~/server/services/Config');
 const { updateAssistantDoc } = require('~/models/Assistant');
 const { manifestToolMap } = require('~/app/clients/tools');
 const { getOpenAIClient } = require('./helpers');
+const { logger } = require('~/config');
 
 /**
  * Create an assistant.
@@ -28,20 +27,21 @@ const createAssistant = async (req, res) => {
     delete assistantData.conversation_starters;
     delete assistantData.append_current_datetime;
 
-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
-
     assistantData.tools = tools
       .map((tool) => {
         if (typeof tool !== 'string') {
           return tool;
         }
 
+        const toolDefinitions = req.app.locals.availableTools;
         const toolDef = toolDefinitions[tool];
         if (!toolDef && manifestToolMap[tool] && manifestToolMap[tool].toolkit === true) {
-          return Object.entries(toolDefinitions)
-            .filter(([key]) => key.startsWith(`${tool}_`))
-
-            .map(([_, val]) => val);
+          return (
+            Object.entries(toolDefinitions)
+              .filter(([key]) => key.startsWith(`${tool}_`))
+              // eslint-disable-next-line no-unused-vars
+              .map(([_, val]) => val)
+          );
         }
 
         return toolDef;
@@ -125,13 +125,13 @@ const updateAssistant = async ({ req, openai, assistant_id, updateData }) => {
 
   let hasFileSearch = false;
   for (const tool of updateData.tools ?? []) {
-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+    const toolDefinitions = req.app.locals.availableTools;
     let actualTool = typeof tool === 'string' ? toolDefinitions[tool] : tool;
 
     if (!actualTool && manifestToolMap[tool] && manifestToolMap[tool].toolkit === true) {
       actualTool = Object.entries(toolDefinitions)
         .filter(([key]) => key.startsWith(`${tool}_`))
-
+        // eslint-disable-next-line no-unused-vars
         .map(([_, val]) => val);
     } else if (!actualTool) {
       continue;

api/server/index.js

@@ -1,22 +1,22 @@
 require('dotenv').config();
-const fs = require('fs');
 const path = require('path');
 require('module-alias')({ base: path.resolve(__dirname, '..') });
 const cors = require('cors');
 const axios = require('axios');
 const express = require('express');
-const passport = require('passport');
 const compression = require('compression');
-const cookieParser = require('cookie-parser');
-const { isEnabled } = require('@librechat/api');
-const { logger } = require('@librechat/data-schemas');
+const passport = require('passport');
 const mongoSanitize = require('express-mongo-sanitize');
+const fs = require('fs');
+const cookieParser = require('cookie-parser');
 const { connectDb, indexSync } = require('~/db');
 
+const { jwtLogin, passportLogin } = require('~/strategies');
+const { isEnabled } = require('~/server/utils');
+const { ldapLogin } = require('~/strategies');
+const { logger } = require('~/config');
 const validateImageRequest = require('./middleware/validateImageRequest');
-const { jwtLogin, ldapLogin, passportLogin } = require('~/strategies');
 const errorController = require('./controllers/ErrorController');
-const initializeMCP = require('./services/initializeMCP');
 const configureSocialLogins = require('./socialLogins');
 const AppService = require('./services/AppService');
 const staticCache = require('./utils/staticCache');
@@ -39,9 +39,7 @@ const startServer = async () => {
   await connectDb();
 
   logger.info('Connected to MongoDB');
-  indexSync().catch((err) => {
-    logger.error('[indexSync] Background sync failed:', err);
-  });
+  await indexSync();
 
   app.disable('x-powered-by');
   app.set('trust proxy', trusted_proxy);
@@ -97,6 +95,7 @@ const startServer = async () => {
   app.use('/api/actions', routes.actions);
   app.use('/api/keys', routes.keys);
   app.use('/api/user', routes.user);
+  app.use('/api/ask', routes.ask);
   app.use('/api/search', routes.search);
   app.use('/api/edit', routes.edit);
   app.use('/api/messages', routes.messages);
@@ -117,11 +116,9 @@ const startServer = async () => {
   app.use('/api/roles', routes.roles);
   app.use('/api/agents', routes.agents);
   app.use('/api/banner', routes.banner);
-  app.use('/api/memories', routes.memories);
-  app.use('/api/permissions', routes.accessPermissions);
+  app.use('/api/bedrock', routes.bedrock);
 
   app.use('/api/tags', routes.tags);
-  app.use('/api/mcp', routes.mcp);
 
   app.use((req, res) => {
     res.set({
@@ -145,8 +142,6 @@ const startServer = async () => {
     } else {
       logger.info(`Server listening at http://${host == '0.0.0.0' ? 'localhost' : host}:${port}`);
     }
-
-    initializeMCP(app);
   });
 };
 
@@ -189,5 +184,5 @@ process.on('uncaughtException', (err) => {
   process.exit(1);
 });
 
-/** Export app for easier testing purposes */
+// export app for easier testing purposes
 module.exports = app;

api/server/middleware/abortMiddleware.js

@@ -327,7 +327,7 @@ const handleAbortError = async (res, req, error, data) => {
     errorText = `{"type":"${ErrorTypes.INVALID_REQUEST}"}`;
   }
 
-  if (error?.message?.includes("does not support 'system'")) {
+  if (error?.message?.includes('does not support \'system\'')) {
     errorText = `{"type":"${ErrorTypes.NO_SYSTEM_MESSAGES}"}`;
   }
 

api/server/middleware/accessResources/canAccessAgentFromBody.js

@@ -1,97 +0,0 @@
-const { logger } = require('@librechat/data-schemas');
-const { Constants, isAgentsEndpoint } = require('librechat-data-provider');
-const { canAccessResource } = require('./canAccessResource');
-const { getAgent } = require('~/models/Agent');
-
-/**
- * Agent ID resolver function for agent_id from request body
- * Resolves custom agent ID (e.g., "agent_abc123") to MongoDB ObjectId
- * This is used specifically for chat routes where agent_id comes from request body
- *
- * @param {string} agentCustomId - Custom agent ID from request body
- * @returns {Promise<Object|null>} Agent document with _id field, or null if not found
- */
-const resolveAgentIdFromBody = async (agentCustomId) => {
-  // Handle ephemeral agents - they don't need permission checks
-  if (agentCustomId === Constants.EPHEMERAL_AGENT_ID) {
-    return null; // No permission check needed for ephemeral agents
-  }
-
-  return await getAgent({ id: agentCustomId });
-};
-
-/**
- * Middleware factory that creates middleware to check agent access permissions from request body.
- * This middleware is specifically designed for chat routes where the agent_id comes from req.body
- * instead of route parameters.
- *
- * @param {Object} options - Configuration options
- * @param {number} options.requiredPermission - The permission bit required (1=view, 2=edit, 4=delete, 8=share)
- * @returns {Function} Express middleware function
- *
- * @example
- * // Basic usage for agent chat (requires VIEW permission)
- * router.post('/chat',
- *   canAccessAgentFromBody({ requiredPermission: PermissionBits.VIEW }),
- *   buildEndpointOption,
- *   chatController
- * );
- */
-const canAccessAgentFromBody = (options) => {
-  const { requiredPermission } = options;
-
-  // Validate required options
-  if (!requiredPermission || typeof requiredPermission !== 'number') {
-    throw new Error('canAccessAgentFromBody: requiredPermission is required and must be a number');
-  }
-
-  return async (req, res, next) => {
-    try {
-      const { endpoint, agent_id } = req.body;
-      let agentId = agent_id;
-
-      if (!isAgentsEndpoint(endpoint)) {
-        agentId = Constants.EPHEMERAL_AGENT_ID;
-      }
-
-      if (!agentId) {
-        return res.status(400).json({
-          error: 'Bad Request',
-          message: 'agent_id is required in request body',
-        });
-      }
-
-      // Skip permission checks for ephemeral agents
-      if (agentId === Constants.EPHEMERAL_AGENT_ID) {
-        return next();
-      }
-
-      const agentAccessMiddleware = canAccessResource({
-        resourceType: 'agent',
-        requiredPermission,
-        resourceIdParam: 'agent_id', // This will be ignored since we use custom resolver
-        idResolver: () => resolveAgentIdFromBody(agentId),
-      });
-
-      const tempReq = {
-        ...req,
-        params: {
-          ...req.params,
-          agent_id: agentId,
-        },
-      };
-
-      return agentAccessMiddleware(tempReq, res, next);
-    } catch (error) {
-      logger.error('Failed to validate agent access permissions', error);
-      return res.status(500).json({
-        error: 'Internal Server Error',
-        message: 'Failed to validate agent access permissions',
-      });
-    }
-  };
-};
-
-module.exports = {
-  canAccessAgentFromBody,
-};

api/server/middleware/accessResources/canAccessAgentResource.js

@@ -1,58 +0,0 @@
-const { getAgent } = require('~/models/Agent');
-const { canAccessResource } = require('./canAccessResource');
-
-/**
- * Agent ID resolver function
- * Resolves custom agent ID (e.g., "agent_abc123") to MongoDB ObjectId
- *
- * @param {string} agentCustomId - Custom agent ID from route parameter
- * @returns {Promise<Object|null>} Agent document with _id field, or null if not found
- */
-const resolveAgentId = async (agentCustomId) => {
-  return await getAgent({ id: agentCustomId });
-};
-
-/**
- * Agent-specific middleware factory that creates middleware to check agent access permissions.
- * This middleware extends the generic canAccessResource to handle agent custom ID resolution.
- *
- * @param {Object} options - Configuration options
- * @param {number} options.requiredPermission - The permission bit required (1=view, 2=edit, 4=delete, 8=share)
- * @param {string} [options.resourceIdParam='id'] - The name of the route parameter containing the agent custom ID
- * @returns {Function} Express middleware function
- *
- * @example
- * // Basic usage for viewing agents
- * router.get('/agents/:id',
- *   canAccessAgentResource({ requiredPermission: 1 }),
- *   getAgent
- * );
- *
- * @example
- * // Custom resource ID parameter and edit permission
- * router.patch('/agents/:agent_id',
- *   canAccessAgentResource({
- *     requiredPermission: 2,
- *     resourceIdParam: 'agent_id'
- *   }),
- *   updateAgent
- * );
- */
-const canAccessAgentResource = (options) => {
-  const { requiredPermission, resourceIdParam = 'id' } = options;
-
-  if (!requiredPermission || typeof requiredPermission !== 'number') {
-    throw new Error('canAccessAgentResource: requiredPermission is required and must be a number');
-  }
-
-  return canAccessResource({
-    resourceType: 'agent',
-    requiredPermission,
-    resourceIdParam,
-    idResolver: resolveAgentId,
-  });
-};
-
-module.exports = {
-  canAccessAgentResource,
-};

api/server/middleware/accessResources/canAccessAgentResource.spec.js

@@ -1,384 +0,0 @@
-const mongoose = require('mongoose');
-const { MongoMemoryServer } = require('mongodb-memory-server');
-const { canAccessAgentResource } = require('./canAccessAgentResource');
-const { User, Role, AclEntry } = require('~/db/models');
-const { createAgent } = require('~/models/Agent');
-
-describe('canAccessAgentResource middleware', () => {
-  let mongoServer;
-  let req, res, next;
-  let testUser;
-
-  beforeAll(async () => {
-    mongoServer = await MongoMemoryServer.create();
-    const mongoUri = mongoServer.getUri();
-    await mongoose.connect(mongoUri);
-  });
-
-  afterAll(async () => {
-    await mongoose.disconnect();
-    await mongoServer.stop();
-  });
-
-  beforeEach(async () => {
-    await mongoose.connection.dropDatabase();
-    await Role.create({
-      name: 'test-role',
-      permissions: {
-        AGENTS: {
-          USE: true,
-          CREATE: true,
-          SHARED_GLOBAL: false,
-        },
-      },
-    });
-
-    // Create a test user
-    testUser = await User.create({
-      email: 'test@example.com',
-      name: 'Test User',
-      username: 'testuser',
-      role: 'test-role',
-    });
-
-    req = {
-      user: { id: testUser._id.toString(), role: 'test-role' },
-      params: {},
-    };
-    res = {
-      status: jest.fn().mockReturnThis(),
-      json: jest.fn(),
-    };
-    next = jest.fn();
-
-    jest.clearAllMocks();
-  });
-
-  describe('middleware factory', () => {
-    test('should throw error if requiredPermission is not provided', () => {
-      expect(() => canAccessAgentResource({})).toThrow(
-        'canAccessAgentResource: requiredPermission is required and must be a number',
-      );
-    });
-
-    test('should throw error if requiredPermission is not a number', () => {
-      expect(() => canAccessAgentResource({ requiredPermission: '1' })).toThrow(
-        'canAccessAgentResource: requiredPermission is required and must be a number',
-      );
-    });
-
-    test('should create middleware with default resourceIdParam', () => {
-      const middleware = canAccessAgentResource({ requiredPermission: 1 });
-      expect(typeof middleware).toBe('function');
-      expect(middleware.length).toBe(3); // Express middleware signature
-    });
-
-    test('should create middleware with custom resourceIdParam', () => {
-      const middleware = canAccessAgentResource({
-        requiredPermission: 2,
-        resourceIdParam: 'agent_id',
-      });
-      expect(typeof middleware).toBe('function');
-      expect(middleware.length).toBe(3);
-    });
-  });
-
-  describe('permission checking with real agents', () => {
-    test('should allow access when user is the agent author', async () => {
-      // Create an agent owned by the test user
-      const agent = await createAgent({
-        id: `agent_${Date.now()}`,
-        name: 'Test Agent',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: testUser._id,
-      });
-
-      // Create ACL entry for the author (owner permissions)
-      await AclEntry.create({
-        principalType: 'user',
-        principalId: testUser._id,
-        principalModel: 'User',
-        resourceType: 'agent',
-        resourceId: agent._id,
-        permBits: 15, // All permissions (1+2+4+8)
-        grantedBy: testUser._id,
-      });
-
-      req.params.id = agent.id;
-
-      const middleware = canAccessAgentResource({ requiredPermission: 1 }); // VIEW permission
-      await middleware(req, res, next);
-
-      expect(next).toHaveBeenCalled();
-      expect(res.status).not.toHaveBeenCalled();
-    });
-
-    test('should deny access when user is not the author and has no ACL entry', async () => {
-      // Create an agent owned by a different user
-      const otherUser = await User.create({
-        email: 'other@example.com',
-        name: 'Other User',
-        username: 'otheruser',
-        role: 'test-role',
-      });
-
-      const agent = await createAgent({
-        id: `agent_${Date.now()}`,
-        name: 'Other User Agent',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: otherUser._id,
-      });
-
-      // Create ACL entry for the other user (owner)
-      await AclEntry.create({
-        principalType: 'user',
-        principalId: otherUser._id,
-        principalModel: 'User',
-        resourceType: 'agent',
-        resourceId: agent._id,
-        permBits: 15, // All permissions
-        grantedBy: otherUser._id,
-      });
-
-      req.params.id = agent.id;
-
-      const middleware = canAccessAgentResource({ requiredPermission: 1 }); // VIEW permission
-      await middleware(req, res, next);
-
-      expect(next).not.toHaveBeenCalled();
-      expect(res.status).toHaveBeenCalledWith(403);
-      expect(res.json).toHaveBeenCalledWith({
-        error: 'Forbidden',
-        message: 'Insufficient permissions to access this agent',
-      });
-    });
-
-    test('should allow access when user has ACL entry with sufficient permissions', async () => {
-      // Create an agent owned by a different user
-      const otherUser = await User.create({
-        email: 'other2@example.com',
-        name: 'Other User 2',
-        username: 'otheruser2',
-        role: 'test-role',
-      });
-
-      const agent = await createAgent({
-        id: `agent_${Date.now()}`,
-        name: 'Shared Agent',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: otherUser._id,
-      });
-
-      // Create ACL entry granting view permission to test user
-      await AclEntry.create({
-        principalType: 'user',
-        principalId: testUser._id,
-        principalModel: 'User',
-        resourceType: 'agent',
-        resourceId: agent._id,
-        permBits: 1, // VIEW permission
-        grantedBy: otherUser._id,
-      });
-
-      req.params.id = agent.id;
-
-      const middleware = canAccessAgentResource({ requiredPermission: 1 }); // VIEW permission
-      await middleware(req, res, next);
-
-      expect(next).toHaveBeenCalled();
-      expect(res.status).not.toHaveBeenCalled();
-    });
-
-    test('should deny access when ACL permissions are insufficient', async () => {
-      // Create an agent owned by a different user
-      const otherUser = await User.create({
-        email: 'other3@example.com',
-        name: 'Other User 3',
-        username: 'otheruser3',
-        role: 'test-role',
-      });
-
-      const agent = await createAgent({
-        id: `agent_${Date.now()}`,
-        name: 'Limited Access Agent',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: otherUser._id,
-      });
-
-      // Create ACL entry granting only view permission
-      await AclEntry.create({
-        principalType: 'user',
-        principalId: testUser._id,
-        principalModel: 'User',
-        resourceType: 'agent',
-        resourceId: agent._id,
-        permBits: 1, // VIEW permission only
-        grantedBy: otherUser._id,
-      });
-
-      req.params.id = agent.id;
-
-      const middleware = canAccessAgentResource({ requiredPermission: 2 }); // EDIT permission required
-      await middleware(req, res, next);
-
-      expect(next).not.toHaveBeenCalled();
-      expect(res.status).toHaveBeenCalledWith(403);
-      expect(res.json).toHaveBeenCalledWith({
-        error: 'Forbidden',
-        message: 'Insufficient permissions to access this agent',
-      });
-    });
-
-    test('should handle non-existent agent', async () => {
-      req.params.id = 'agent_nonexistent';
-
-      const middleware = canAccessAgentResource({ requiredPermission: 1 });
-      await middleware(req, res, next);
-
-      expect(next).not.toHaveBeenCalled();
-      expect(res.status).toHaveBeenCalledWith(404);
-      expect(res.json).toHaveBeenCalledWith({
-        error: 'Not Found',
-        message: 'agent not found',
-      });
-    });
-
-    test('should use custom resourceIdParam', async () => {
-      const agent = await createAgent({
-        id: `agent_${Date.now()}`,
-        name: 'Custom Param Agent',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: testUser._id,
-      });
-
-      // Create ACL entry for the author
-      await AclEntry.create({
-        principalType: 'user',
-        principalId: testUser._id,
-        principalModel: 'User',
-        resourceType: 'agent',
-        resourceId: agent._id,
-        permBits: 15, // All permissions
-        grantedBy: testUser._id,
-      });
-
-      req.params.agent_id = agent.id; // Using custom param name
-
-      const middleware = canAccessAgentResource({
-        requiredPermission: 1,
-        resourceIdParam: 'agent_id',
-      });
-      await middleware(req, res, next);
-
-      expect(next).toHaveBeenCalled();
-      expect(res.status).not.toHaveBeenCalled();
-    });
-  });
-
-  describe('permission levels', () => {
-    let agent;
-
-    beforeEach(async () => {
-      agent = await createAgent({
-        id: `agent_${Date.now()}`,
-        name: 'Permission Test Agent',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: testUser._id,
-      });
-
-      // Create ACL entry with all permissions for the owner
-      await AclEntry.create({
-        principalType: 'user',
-        principalId: testUser._id,
-        principalModel: 'User',
-        resourceType: 'agent',
-        resourceId: agent._id,
-        permBits: 15, // All permissions (1+2+4+8)
-        grantedBy: testUser._id,
-      });
-
-      req.params.id = agent.id;
-    });
-
-    test('should support view permission (1)', async () => {
-      const middleware = canAccessAgentResource({ requiredPermission: 1 });
-      await middleware(req, res, next);
-      expect(next).toHaveBeenCalled();
-    });
-
-    test('should support edit permission (2)', async () => {
-      const middleware = canAccessAgentResource({ requiredPermission: 2 });
-      await middleware(req, res, next);
-      expect(next).toHaveBeenCalled();
-    });
-
-    test('should support delete permission (4)', async () => {
-      const middleware = canAccessAgentResource({ requiredPermission: 4 });
-      await middleware(req, res, next);
-      expect(next).toHaveBeenCalled();
-    });
-
-    test('should support share permission (8)', async () => {
-      const middleware = canAccessAgentResource({ requiredPermission: 8 });
-      await middleware(req, res, next);
-      expect(next).toHaveBeenCalled();
-    });
-
-    test('should support combined permissions', async () => {
-      const viewAndEdit = 1 | 2; // 3
-      const middleware = canAccessAgentResource({ requiredPermission: viewAndEdit });
-      await middleware(req, res, next);
-      expect(next).toHaveBeenCalled();
-    });
-  });
-
-  describe('integration with agent operations', () => {
-    test('should work with agent CRUD operations', async () => {
-      const agentId = `agent_${Date.now()}`;
-
-      // Create agent
-      const agent = await createAgent({
-        id: agentId,
-        name: 'Integration Test Agent',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: testUser._id,
-        description: 'Testing integration',
-      });
-
-      // Create ACL entry for the author
-      await AclEntry.create({
-        principalType: 'user',
-        principalId: testUser._id,
-        principalModel: 'User',
-        resourceType: 'agent',
-        resourceId: agent._id,
-        permBits: 15, // All permissions
-        grantedBy: testUser._id,
-      });
-
-      req.params.id = agentId;
-
-      // Test view access
-      const viewMiddleware = canAccessAgentResource({ requiredPermission: 1 });
-      await viewMiddleware(req, res, next);
-      expect(next).toHaveBeenCalled();
-      jest.clearAllMocks();
-
-      // Update the agent
-      const { updateAgent } = require('~/models/Agent');
-      await updateAgent({ id: agentId }, { description: 'Updated description' });
-
-      // Test edit access
-      const editMiddleware = canAccessAgentResource({ requiredPermission: 2 });
-      await editMiddleware(req, res, next);
-      expect(next).toHaveBeenCalled();
-    });
-  });
-});

api/server/middleware/accessResources/canAccessResource.js

@@ -1,157 +0,0 @@
-const { logger } = require('@librechat/data-schemas');
-const { SystemRoles } = require('librechat-data-provider');
-const { checkPermission } = require('~/server/services/PermissionService');
-
-/**
- * Generic base middleware factory that creates middleware to check resource access permissions.
- * This middleware expects MongoDB ObjectIds as resource identifiers for ACL permission checks.
- *
- * @param {Object} options - Configuration options
- * @param {string} options.resourceType - The type of resource (e.g., 'agent', 'file', 'project')
- * @param {number} options.requiredPermission - The permission bit required (1=view, 2=edit, 4=delete, 8=share)
- * @param {string} [options.resourceIdParam='resourceId'] - The name of the route parameter containing the resource ID
- * @param {Function} [options.idResolver] - Optional function to resolve custom IDs to ObjectIds
- * @returns {Function} Express middleware function
- *
- * @example
- * // Direct usage with ObjectId (for resources that use MongoDB ObjectId in routes)
- * router.get('/prompts/:promptId',
- *   canAccessResource({ resourceType: 'prompt', requiredPermission: 1 }),
- *   getPrompt
- * );
- *
- * @example
- * // Usage with custom ID resolver (for resources that use custom string IDs)
- * router.get('/agents/:id',
- *   canAccessResource({
- *     resourceType: 'agent',
- *     requiredPermission: 1,
- *     resourceIdParam: 'id',
- *     idResolver: (customId) => resolveAgentId(customId)
- *   }),
- *   getAgent
- * );
- */
-const canAccessResource = (options) => {
-  const {
-    resourceType,
-    requiredPermission,
-    resourceIdParam = 'resourceId',
-    idResolver = null,
-  } = options;
-
-  if (!resourceType || typeof resourceType !== 'string') {
-    throw new Error('canAccessResource: resourceType is required and must be a string');
-  }
-
-  if (!requiredPermission || typeof requiredPermission !== 'number') {
-    throw new Error('canAccessResource: requiredPermission is required and must be a number');
-  }
-
-  return async (req, res, next) => {
-    try {
-      // Extract resource ID from route parameters
-      const rawResourceId = req.params[resourceIdParam];
-
-      if (!rawResourceId) {
-        logger.warn(`[canAccessResource] Missing ${resourceIdParam} in route parameters`);
-        return res.status(400).json({
-          error: 'Bad Request',
-          message: `${resourceIdParam} is required`,
-        });
-      }
-
-      // Check if user is authenticated
-      if (!req.user || !req.user.id) {
-        logger.warn(
-          `[canAccessResource] Unauthenticated request for ${resourceType} ${rawResourceId}`,
-        );
-        return res.status(401).json({
-          error: 'Unauthorized',
-          message: 'Authentication required',
-        });
-      }
-      // if system admin let through
-      if (req.user.role === SystemRoles.ADMIN) {
-        return next();
-      }
-      const userId = req.user.id;
-      let resourceId = rawResourceId;
-      let resourceInfo = null;
-
-      // Resolve custom ID to ObjectId if resolver is provided
-      if (idResolver) {
-        logger.debug(
-          `[canAccessResource] Resolving ${resourceType} custom ID ${rawResourceId} to ObjectId`,
-        );
-
-        const resolutionResult = await idResolver(rawResourceId);
-
-        if (!resolutionResult) {
-          logger.warn(`[canAccessResource] ${resourceType} not found: ${rawResourceId}`);
-          return res.status(404).json({
-            error: 'Not Found',
-            message: `${resourceType} not found`,
-          });
-        }
-
-        // Handle different resolver return formats
-        if (typeof resolutionResult === 'string' || resolutionResult._id) {
-          resourceId = resolutionResult._id || resolutionResult;
-          resourceInfo = typeof resolutionResult === 'object' ? resolutionResult : null;
-        } else {
-          resourceId = resolutionResult;
-        }
-
-        logger.debug(
-          `[canAccessResource] Resolved ${resourceType} ${rawResourceId} to ObjectId ${resourceId}`,
-        );
-      }
-
-      // Check permissions using PermissionService with ObjectId
-      const hasPermission = await checkPermission({
-        userId,
-        resourceType,
-        resourceId,
-        requiredPermission,
-      });
-
-      if (hasPermission) {
-        logger.debug(
-          `[canAccessResource] User ${userId} has permission ${requiredPermission} on ${resourceType} ${rawResourceId} (${resourceId})`,
-        );
-
-        req.resourceAccess = {
-          resourceType,
-          resourceId, // MongoDB ObjectId for ACL operations
-          customResourceId: rawResourceId, // Original ID from route params
-          permission: requiredPermission,
-          userId,
-          ...(resourceInfo && { resourceInfo }),
-        };
-
-        return next();
-      }
-
-      logger.warn(
-        `[canAccessResource] User ${userId} denied access to ${resourceType} ${rawResourceId} ` +
-          `(required permission: ${requiredPermission})`,
-      );
-
-      return res.status(403).json({
-        error: 'Forbidden',
-        message: `Insufficient permissions to access this ${resourceType}`,
-      });
-    } catch (error) {
-      logger.error(`[canAccessResource] Error checking access for ${resourceType}:`, error);
-      return res.status(500).json({
-        error: 'Internal Server Error',
-        message: 'Failed to check resource access permissions',
-      });
-    }
-  };
-};
-
-module.exports = {
-  canAccessResource,
-};

api/server/middleware/accessResources/index.js

@@ -1,9 +0,0 @@
-const { canAccessResource } = require('./canAccessResource');
-const { canAccessAgentResource } = require('./canAccessAgentResource');
-const { canAccessAgentFromBody } = require('./canAccessAgentFromBody');
-
-module.exports = {
-  canAccessResource,
-  canAccessAgentResource,
-  canAccessAgentFromBody,
-};

api/server/middleware/buildEndpointOption.js

@@ -1,11 +1,11 @@
-const { logger } = require('@librechat/data-schemas');
 const {
-  EndpointURLs,
+  parseCompactConvo,
   EModelEndpoint,
   isAgentsEndpoint,
-  parseCompactConvo,
+  EndpointURLs,
 } = require('librechat-data-provider');
 const azureAssistants = require('~/server/services/Endpoints/azureAssistants');
+const { getModelsConfig } = require('~/server/controllers/ModelController');
 const assistants = require('~/server/services/Endpoints/assistants');
 const gptPlugins = require('~/server/services/Endpoints/gptPlugins');
 const { processFiles } = require('~/server/services/Files/process');
@@ -36,9 +36,6 @@ async function buildEndpointOption(req, res, next) {
   try {
     parsedBody = parseCompactConvo({ endpoint, endpointType, conversation: req.body });
   } catch (error) {
-    logger.warn(
-      `Error parsing conversation for endpoint ${endpoint}${error?.message ? `: ${error.message}` : ''}`,
-    );
     return handleError(res, { text: 'Error parsing conversation' });
   }
 
@@ -80,7 +77,6 @@ async function buildEndpointOption(req, res, next) {
         conversation: currentModelSpec.preset,
       });
     } catch (error) {
-      logger.error(`Error parsing model spec for endpoint ${endpoint}`, error);
       return handleError(res, { text: 'Error parsing model spec' });
     }
   }
@@ -88,23 +84,20 @@ async function buildEndpointOption(req, res, next) {
   try {
     const isAgents =
       isAgentsEndpoint(endpoint) || req.baseUrl.startsWith(EndpointURLs[EModelEndpoint.agents]);
-    const builder = isAgents
-      ? (...args) => buildFunction[EModelEndpoint.agents](req, ...args)
-      : buildFunction[endpointType ?? endpoint];
+    const endpointFn = buildFunction[isAgents ? EModelEndpoint.agents : (endpointType ?? endpoint)];
+    const builder = isAgents ? (...args) => endpointFn(req, ...args) : endpointFn;
 
     // TODO: use object params
     req.body.endpointOption = await builder(endpoint, parsedBody, endpointType);
 
+    // TODO: use `getModelsConfig` only when necessary
+    const modelsConfig = await getModelsConfig(req);
+    req.body.endpointOption.modelsConfig = modelsConfig;
     if (req.body.files && !isAgents) {
       req.body.endpointOption.attachments = processFiles(req.body.files);
     }
-
     next();
   } catch (error) {
-    logger.error(
-      `Error building endpoint option for endpoint ${endpoint} with type ${endpointType}`,
-      error,
-    );
     return handleError(res, { text: 'Error building endpoint option' });
   }
 }

api/server/middleware/index.js

@@ -8,7 +8,6 @@ const concurrentLimiter = require('./concurrentLimiter');
 const validateEndpoint = require('./validateEndpoint');
 const requireLocalAuth = require('./requireLocalAuth');
 const canDeleteAccount = require('./canDeleteAccount');
-const accessResources = require('./accessResources');
 const setBalanceConfig = require('./setBalanceConfig');
 const requireLdapAuth = require('./requireLdapAuth');
 const abortMiddleware = require('./abortMiddleware');
@@ -30,7 +29,6 @@ module.exports = {
   ...validate,
   ...limiters,
   ...roles,
-  ...accessResources,
   noIndex,
   checkBan,
   uaParser,

api/server/middleware/roles/access.spec.js

@@ -1,251 +0,0 @@
-const mongoose = require('mongoose');
-const { MongoMemoryServer } = require('mongodb-memory-server');
-const { checkAccess, generateCheckAccess } = require('./access');
-const { PermissionTypes, Permissions } = require('librechat-data-provider');
-const { Role } = require('~/db/models');
-
-// Mock only the logger
-jest.mock('~/config', () => ({
-  logger: {
-    warn: jest.fn(),
-    error: jest.fn(),
-  },
-}));
-
-describe('Access Middleware', () => {
-  let mongoServer;
-  let req, res, next;
-
-  beforeAll(async () => {
-    mongoServer = await MongoMemoryServer.create();
-    const mongoUri = mongoServer.getUri();
-    await mongoose.connect(mongoUri);
-  });
-
-  afterAll(async () => {
-    await mongoose.disconnect();
-    await mongoServer.stop();
-  });
-
-  beforeEach(async () => {
-    await mongoose.connection.dropDatabase();
-
-    // Create test roles
-    await Role.create({
-      name: 'user',
-      permissions: {
-        [PermissionTypes.AGENTS]: {
-          [Permissions.USE]: true,
-          [Permissions.CREATE]: false,
-          [Permissions.SHARED_GLOBAL]: false,
-        },
-      },
-    });
-
-    await Role.create({
-      name: 'admin',
-      permissions: {
-        [PermissionTypes.AGENTS]: {
-          [Permissions.USE]: true,
-          [Permissions.CREATE]: true,
-          [Permissions.SHARED_GLOBAL]: true,
-        },
-      },
-    });
-
-    req = {
-      user: { id: 'user123', role: 'user' },
-      body: {},
-    };
-    res = {
-      status: jest.fn().mockReturnThis(),
-      json: jest.fn(),
-    };
-    next = jest.fn();
-    jest.clearAllMocks();
-  });
-
-  describe('checkAccess', () => {
-    test('should return false if user is not provided', async () => {
-      const result = await checkAccess(null, PermissionTypes.AGENTS, [Permissions.USE]);
-      expect(result).toBe(false);
-    });
-
-    test('should return true if user has required permission', async () => {
-      const result = await checkAccess(req.user, PermissionTypes.AGENTS, [Permissions.USE]);
-      expect(result).toBe(true);
-    });
-
-    test('should return false if user lacks required permission', async () => {
-      const result = await checkAccess(req.user, PermissionTypes.AGENTS, [Permissions.CREATE]);
-      expect(result).toBe(false);
-    });
-
-    test('should return true if user has any of multiple permissions', async () => {
-      const result = await checkAccess(req.user, PermissionTypes.AGENTS, [
-        Permissions.USE,
-        Permissions.CREATE,
-      ]);
-      expect(result).toBe(true);
-    });
-
-    test('should check body properties when permission is not directly granted', async () => {
-      // User role doesn't have CREATE permission, but bodyProps allows it
-      const bodyProps = {
-        [Permissions.CREATE]: ['agentId', 'name'],
-      };
-
-      const checkObject = { agentId: 'agent123' };
-
-      const result = await checkAccess(
-        req.user,
-        PermissionTypes.AGENTS,
-        [Permissions.CREATE],
-        bodyProps,
-        checkObject,
-      );
-      expect(result).toBe(true);
-    });
-
-    test('should return false if role is not found', async () => {
-      req.user.role = 'nonexistent';
-      const result = await checkAccess(req.user, PermissionTypes.AGENTS, [Permissions.USE]);
-      expect(result).toBe(false);
-    });
-
-    test('should return false if role has no permissions for the requested type', async () => {
-      await Role.create({
-        name: 'limited',
-        permissions: {
-          // Explicitly set AGENTS permissions to false
-          [PermissionTypes.AGENTS]: {
-            [Permissions.USE]: false,
-            [Permissions.CREATE]: false,
-            [Permissions.SHARED_GLOBAL]: false,
-          },
-          // Has permissions for other types
-          [PermissionTypes.PROMPTS]: {
-            [Permissions.USE]: true,
-          },
-        },
-      });
-      req.user.role = 'limited';
-
-      const result = await checkAccess(req.user, PermissionTypes.AGENTS, [Permissions.USE]);
-      expect(result).toBe(false);
-    });
-
-    test('should handle admin role with all permissions', async () => {
-      req.user.role = 'admin';
-
-      const createResult = await checkAccess(req.user, PermissionTypes.AGENTS, [
-        Permissions.CREATE,
-      ]);
-      expect(createResult).toBe(true);
-
-      const shareResult = await checkAccess(req.user, PermissionTypes.AGENTS, [
-        Permissions.SHARED_GLOBAL,
-      ]);
-      expect(shareResult).toBe(true);
-    });
-  });
-
-  describe('generateCheckAccess', () => {
-    test('should call next() when user has required permission', async () => {
-      const middleware = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.USE]);
-      await middleware(req, res, next);
-
-      expect(next).toHaveBeenCalled();
-      expect(res.status).not.toHaveBeenCalled();
-    });
-
-    test('should return 403 when user lacks permission', async () => {
-      const middleware = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.CREATE]);
-      await middleware(req, res, next);
-
-      expect(next).not.toHaveBeenCalled();
-      expect(res.status).toHaveBeenCalledWith(403);
-      expect(res.json).toHaveBeenCalledWith({ message: 'Forbidden: Insufficient permissions' });
-    });
-
-    test('should check body properties when configured', async () => {
-      req.body = { agentId: 'agent123', description: 'test' };
-
-      const bodyProps = {
-        [Permissions.CREATE]: ['agentId'],
-      };
-
-      const middleware = generateCheckAccess(
-        PermissionTypes.AGENTS,
-        [Permissions.CREATE],
-        bodyProps,
-      );
-      await middleware(req, res, next);
-
-      expect(next).toHaveBeenCalled();
-      expect(res.status).not.toHaveBeenCalled();
-    });
-
-    test('should handle database errors gracefully', async () => {
-      // Create a user with an invalid role that will cause getRoleByName to fail
-      req.user.role = { invalid: 'object' }; // This will cause an error when querying
-
-      const middleware = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.USE]);
-      await middleware(req, res, next);
-
-      expect(next).not.toHaveBeenCalled();
-      expect(res.status).toHaveBeenCalledWith(500);
-      expect(res.json).toHaveBeenCalledWith({
-        message: expect.stringContaining('Server error:'),
-      });
-    });
-
-    test('should work with multiple permission types', async () => {
-      req.user.role = 'admin';
-
-      const middleware = generateCheckAccess(PermissionTypes.AGENTS, [
-        Permissions.USE,
-        Permissions.CREATE,
-        Permissions.SHARED_GLOBAL,
-      ]);
-      await middleware(req, res, next);
-
-      expect(next).toHaveBeenCalled();
-    });
-
-    test('should handle missing user gracefully', async () => {
-      req.user = null;
-
-      const middleware = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.USE]);
-      await middleware(req, res, next);
-
-      expect(next).not.toHaveBeenCalled();
-      expect(res.status).toHaveBeenCalledWith(500);
-      expect(res.json).toHaveBeenCalledWith({
-        message: expect.stringContaining('Server error:'),
-      });
-    });
-
-    test('should handle role with no AGENTS permissions', async () => {
-      await Role.create({
-        name: 'noaccess',
-        permissions: {
-          // Explicitly set AGENTS with all permissions false
-          [PermissionTypes.AGENTS]: {
-            [Permissions.USE]: false,
-            [Permissions.CREATE]: false,
-            [Permissions.SHARED_GLOBAL]: false,
-          },
-        },
-      });
-      req.user.role = 'noaccess';
-
-      const middleware = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.USE]);
-      await middleware(req, res, next);
-
-      expect(next).not.toHaveBeenCalled();
-      expect(res.status).toHaveBeenCalledWith(403);
-      expect(res.json).toHaveBeenCalledWith({ message: 'Forbidden: Insufficient permissions' });
-    });
-  });
-});

api/server/middleware/roles/index.js

@@ -1,5 +1,5 @@
-const checkAdmin = require('./admin');
-const { checkAccess, generateCheckAccess } = require('./access');
+const checkAdmin = require('./checkAdmin');
+const { checkAccess, generateCheckAccess } = require('./generateCheckAccess');
 
 module.exports = {
   checkAdmin,

api/server/middleware/setBalanceConfig.js

@@ -1,6 +1,8 @@
+const mongoose = require('mongoose');
 const { logger } = require('@librechat/data-schemas');
 const { getBalanceConfig } = require('~/server/services/Config');
-const { Balance } = require('~/db/models');
+
+const Balance = require('~/db/models').Balance;
 
 /**
  * Middleware to synchronize user balance settings with current balance configuration.

api/server/middleware/validate/convoAccess.js

@@ -1,8 +1,8 @@
-const { isEnabled } = require('@librechat/api');
 const { Constants, ViolationTypes, Time } = require('librechat-data-provider');
 const { searchConversation } = require('~/models/Conversation');
 const denyRequest = require('~/server/middleware/denyRequest');
 const { logViolation, getLogStores } = require('~/cache');
+const { isEnabled } = require('~/server/utils');
 
 const { USE_REDIS, CONVO_ACCESS_VIOLATION_SCORE: score = 0 } = process.env ?? {};
 

api/server/routes/accessPermissions.js

@@ -1,62 +0,0 @@
-const express = require('express');
-const { PermissionBits } = require('@librechat/data-schemas');
-const {
-  getUserEffectivePermissions,
-  updateResourcePermissions,
-  getResourcePermissions,
-  getResourceRoles,
-  searchPrincipals,
-} = require('~/server/controllers/PermissionsController');
-const { requireJwtAuth, checkBan, uaParser, canAccessResource } = require('~/server/middleware');
-
-const router = express.Router();
-
-// Apply common middleware
-router.use(requireJwtAuth);
-router.use(checkBan);
-router.use(uaParser);
-
-/**
- * Generic routes for resource permissions
- * Pattern: /api/permissions/{resourceType}/{resourceId}
- */
-
-/**
- * GET /api/permissions/search-principals
- * Search for users and groups to grant permissions
- */
-router.get('/search-principals', searchPrincipals);
-
-/**
- * GET /api/permissions/{resourceType}/roles
- * Get available roles for a resource type
- */
-router.get('/:resourceType/roles', getResourceRoles);
-
-/**
- * GET /api/permissions/{resourceType}/{resourceId}
- * Get all permissions for a specific resource
- */
-router.get('/:resourceType/:resourceId', getResourcePermissions);
-
-/**
- * PUT /api/permissions/{resourceType}/{resourceId}
- * Bulk update permissions for a specific resource
- */
-router.put(
-  '/:resourceType/:resourceId',
-  canAccessResource({
-    resourceType: 'agent',
-    requiredPermission: PermissionBits.SHARE,
-    resourceIdParam: 'resourceId',
-  }),
-  updateResourcePermissions,
-);
-
-/**
- * GET /api/permissions/{resourceType}/{resourceId}/effective
- * Get user's effective permissions for a specific resource
- */
-router.get('/:resourceType/:resourceId/effective', getUserEffectivePermissions);
-
-module.exports = router;

api/server/routes/actions.js

@@ -1,10 +1,8 @@
 const express = require('express');
 const jwt = require('jsonwebtoken');
-const { getAccessToken } = require('@librechat/api');
-const { logger } = require('@librechat/data-schemas');
 const { CacheKeys } = require('librechat-data-provider');
-const { findToken, updateToken, createToken } = require('~/models');
-const { getFlowStateManager } = require('~/config');
+const { getAccessToken } = require('~/server/services/TokenService');
+const { logger, getFlowStateManager } = require('~/config');
 const { getLogStores } = require('~/cache');
 
 const router = express.Router();
@@ -30,19 +28,18 @@ router.get('/:action_id/oauth/callback', async (req, res) => {
     try {
       decodedState = jwt.verify(state, JWT_SECRET);
     } catch (err) {
-      logger.error('Error verifying state parameter:', err);
       await flowManager.failFlow(identifier, 'oauth', 'Invalid or expired state parameter');
-      return res.redirect('/oauth/error?error=invalid_state');
+      return res.status(400).send('Invalid or expired state parameter');
     }
 
     if (decodedState.action_id !== action_id) {
       await flowManager.failFlow(identifier, 'oauth', 'Mismatched action ID in state parameter');
-      return res.redirect('/oauth/error?error=invalid_state');
+      return res.status(400).send('Mismatched action ID in state parameter');
     }
 
     if (!decodedState.user) {
       await flowManager.failFlow(identifier, 'oauth', 'Invalid user ID in state parameter');
-      return res.redirect('/oauth/error?error=invalid_state');
+      return res.status(400).send('Invalid user ID in state parameter');
     }
     identifier = `${decodedState.user}:${action_id}`;
     const flowState = await flowManager.getFlowState(identifier, 'oauth');
@@ -50,34 +47,90 @@ router.get('/:action_id/oauth/callback', async (req, res) => {
       throw new Error('OAuth flow not found');
     }
 
-    const tokenData = await getAccessToken(
-      {
-        code,
-        userId: decodedState.user,
-        identifier,
-        client_url: flowState.metadata.client_url,
-        redirect_uri: flowState.metadata.redirect_uri,
-        token_exchange_method: flowState.metadata.token_exchange_method,
-        /** Encrypted values */
-        encrypted_oauth_client_id: flowState.metadata.encrypted_oauth_client_id,
-        encrypted_oauth_client_secret: flowState.metadata.encrypted_oauth_client_secret,
-      },
-      {
-        findToken,
-        updateToken,
-        createToken,
-      },
-    );
+    const tokenData = await getAccessToken({
+      code,
+      userId: decodedState.user,
+      identifier,
+      client_url: flowState.metadata.client_url,
+      redirect_uri: flowState.metadata.redirect_uri,
+      /** Encrypted values */
+      encrypted_oauth_client_id: flowState.metadata.encrypted_oauth_client_id,
+      encrypted_oauth_client_secret: flowState.metadata.encrypted_oauth_client_secret,
+    });
     await flowManager.completeFlow(identifier, 'oauth', tokenData);
-
-    /** Redirect to React success page */
-    const serverName = flowState.metadata?.action_name || `Action ${action_id}`;
-    const redirectUrl = `/oauth/success?serverName=${encodeURIComponent(serverName)}`;
-    res.redirect(redirectUrl);
+    res.send(`
+      <!DOCTYPE html>
+      <html>
+        <head>
+          <title>Authentication Successful</title>
+          <meta name="viewport" content="width=device-width, initial-scale=1.0">
+          <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+          <style>
+            body {
+              font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont;
+              background-color: rgb(249, 250, 251);
+              margin: 0;
+              padding: 2rem;
+              display: flex;
+              justify-content: center;
+              align-items: center;
+              min-height: 100vh;
+            }
+            .card {
+              background-color: white;
+              border-radius: 0.5rem;
+              padding: 2rem;
+              max-width: 28rem;
+              width: 100%;
+              box-shadow: 0 4px 6px -1px rgb(0 0 0 / 0.1), 0 2px 4px -2px rgb(0 0 0 / 0.1);
+              text-align: center;
+            }
+            .heading {
+              color: rgb(17, 24, 39);
+              font-size: 1.875rem;
+              font-weight: 700;
+              margin: 0 0 1rem;
+            }
+            .description {
+              color: rgb(75, 85, 99);
+              font-size: 0.875rem;
+              margin: 0.5rem 0;
+            }
+            .countdown {
+              color: rgb(99, 102, 241);
+              font-weight: 500;
+            }
+          </style>
+        </head>
+        <body>
+          <div class="card">
+            <h1 class="heading">Authentication Successful</h1>
+            <p class="description">
+              Your authentication was successful. This window will close in 
+              <span class="countdown" id="countdown">3</span> seconds.
+            </p>
+          </div>
+          <script>
+            let secondsLeft = 3;
+            const countdownElement = document.getElementById('countdown');
+            
+            const countdown = setInterval(() => {
+              secondsLeft--;
+              countdownElement.textContent = secondsLeft;
+              
+              if (secondsLeft <= 0) {
+                clearInterval(countdown);
+                window.close();
+              }
+            }, 1000);
+          </script>
+        </body>
+      </html>
+    `);
   } catch (error) {
     logger.error('Error in OAuth callback:', error);
     await flowManager.failFlow(identifier, 'oauth', error);
-    res.redirect('/oauth/error?error=callback_failed');
+    res.status(500).send('Authentication failed. Please try again.');
   }
 });
 

api/server/routes/agents/actions.js

@@ -1,15 +1,20 @@
 const express = require('express');
 const { nanoid } = require('nanoid');
-const { logger, PermissionBits } = require('@librechat/data-schemas');
-const { actionDelimiter, removeNullishValues } = require('librechat-data-provider');
+const { actionDelimiter, SystemRoles, removeNullishValues } = require('librechat-data-provider');
 const { encryptMetadata, domainParser } = require('~/server/services/ActionService');
 const { updateAction, getActions, deleteAction } = require('~/models/Action');
 const { isActionDomainAllowed } = require('~/server/services/domains');
-const { canAccessAgentResource } = require('~/server/middleware');
 const { getAgent, updateAgent } = require('~/models/Agent');
+const { logger } = require('~/config');
 
 const router = express.Router();
 
+// If the user has ADMIN role
+// then action edition is possible even if not owner of the assistant
+const isAdmin = (req) => {
+  return req.user.role === SystemRoles.ADMIN;
+};
+
 /**
  * Retrieves all user's actions
  * @route GET /actions/
@@ -18,8 +23,9 @@ const router = express.Router();
  */
 router.get('/', async (req, res) => {
   try {
-    // Get all actions for the user (admin permissions handled by middleware if needed)
-    const searchParams = { user: req.user.id };
+    const admin = isAdmin(req);
+    // If admin, get all actions, otherwise only user's actions
+    const searchParams = admin ? {} : { user: req.user.id };
     res.json(await getActions(searchParams));
   } catch (error) {
     res.status(500).json({ error: error.message });
@@ -35,110 +41,106 @@ router.get('/', async (req, res) => {
  * @param {ActionMetadata} req.body.metadata - Metadata for the action.
  * @returns {Object} 200 - success response - application/json
  */
-router.post(
-  '/:agent_id',
-  canAccessAgentResource({
-    requiredPermission: PermissionBits.EDIT,
-    resourceIdParam: 'agent_id',
-  }),
-  async (req, res) => {
-    try {
-      const { agent_id } = req.params;
+router.post('/:agent_id', async (req, res) => {
+  try {
+    const { agent_id } = req.params;
 
-      /** @type {{ functions: FunctionTool[], action_id: string, metadata: ActionMetadata }} */
-      const { functions, action_id: _action_id, metadata: _metadata } = req.body;
-      if (!functions.length) {
-        return res.status(400).json({ message: 'No functions provided' });
-      }
-
-      let metadata = await encryptMetadata(removeNullishValues(_metadata, true));
-      const isDomainAllowed = await isActionDomainAllowed(metadata.domain);
-      if (!isDomainAllowed) {
-        return res.status(400).json({ message: 'Domain not allowed' });
-      }
-
-      let { domain } = metadata;
-      domain = await domainParser(domain, true);
-
-      if (!domain) {
-        return res.status(400).json({ message: 'No domain provided' });
-      }
-
-      const action_id = _action_id ?? nanoid();
-      const initialPromises = [];
-
-      // Permissions already validated by middleware - load agent directly
-      initialPromises.push(getAgent({ id: agent_id }));
-      if (_action_id) {
-        initialPromises.push(getActions({ action_id }, true));
-      }
-
-      /** @type {[Agent, [Action|undefined]]} */
-      const [agent, actions_result] = await Promise.all(initialPromises);
-      if (!agent) {
-        return res.status(404).json({ message: 'Agent not found for adding action' });
-      }
-
-      if (actions_result && actions_result.length) {
-        const action = actions_result[0];
-        metadata = { ...action.metadata, ...metadata };
-      }
-
-      const { actions: _actions = [], author: agent_author } = agent ?? {};
-      const actions = [];
-      for (const action of _actions) {
-        const [_action_domain, current_action_id] = action.split(actionDelimiter);
-        if (current_action_id === action_id) {
-          continue;
-        }
-
-        actions.push(action);
-      }
-
-      actions.push(`${domain}${actionDelimiter}${action_id}`);
-
-      /** @type {string[]}} */
-      const { tools: _tools = [] } = agent;
-
-      const tools = _tools
-        .filter((tool) => !(tool && (tool.includes(domain) || tool.includes(action_id))))
-        .concat(functions.map((tool) => `${tool.function.name}${actionDelimiter}${domain}`));
-
-      // Force version update since actions are changing
-      const updatedAgent = await updateAgent(
-        { id: agent_id },
-        { tools, actions },
-        {
-          updatingUserId: req.user.id,
-          forceVersion: true,
-        },
-      );
-
-      // Only update user field for new actions
-      const actionUpdateData = { metadata, agent_id };
-      if (!actions_result || !actions_result.length) {
-        // For new actions, use the agent owner's user ID
-        actionUpdateData.user = agent_author || req.user.id;
-      }
-
-      /** @type {[Action]} */
-      const updatedAction = await updateAction({ action_id }, actionUpdateData);
-
-      const sensitiveFields = ['api_key', 'oauth_client_id', 'oauth_client_secret'];
-      for (let field of sensitiveFields) {
-        if (updatedAction.metadata[field]) {
-          delete updatedAction.metadata[field];
-        }
-      }
-
-      res.json([updatedAgent, updatedAction]);
-    } catch (error) {
-      const message = 'Trouble updating the Agent Action';
-      logger.error(message, error);
-      res.status(500).json({ message });
+    /** @type {{ functions: FunctionTool[], action_id: string, metadata: ActionMetadata }} */
+    const { functions, action_id: _action_id, metadata: _metadata } = req.body;
+    if (!functions.length) {
+      return res.status(400).json({ message: 'No functions provided' });
     }
-  },
-);
+
+    let metadata = await encryptMetadata(removeNullishValues(_metadata, true));
+    const isDomainAllowed = await isActionDomainAllowed(metadata.domain);
+    if (!isDomainAllowed) {
+      return res.status(400).json({ message: 'Domain not allowed' });
+    }
+
+    let { domain } = metadata;
+    domain = await domainParser(domain, true);
+
+    if (!domain) {
+      return res.status(400).json({ message: 'No domain provided' });
+    }
+
+    const action_id = _action_id ?? nanoid();
+    const initialPromises = [];
+    const admin = isAdmin(req);
+
+    // If admin, can edit any agent, otherwise only user's agents
+    const agentQuery = admin ? { id: agent_id } : { id: agent_id, author: req.user.id };
+    // TODO: share agents
+    initialPromises.push(getAgent(agentQuery));
+    if (_action_id) {
+      initialPromises.push(getActions({ action_id }, true));
+    }
+
+    /** @type {[Agent, [Action|undefined]]} */
+    const [agent, actions_result] = await Promise.all(initialPromises);
+    if (!agent) {
+      return res.status(404).json({ message: 'Agent not found for adding action' });
+    }
+
+    if (actions_result && actions_result.length) {
+      const action = actions_result[0];
+      metadata = { ...action.metadata, ...metadata };
+    }
+
+    const { actions: _actions = [], author: agent_author } = agent ?? {};
+    const actions = [];
+    for (const action of _actions) {
+      const [_action_domain, current_action_id] = action.split(actionDelimiter);
+      if (current_action_id === action_id) {
+        continue;
+      }
+
+      actions.push(action);
+    }
+
+    actions.push(`${domain}${actionDelimiter}${action_id}`);
+
+    /** @type {string[]}} */
+    const { tools: _tools = [] } = agent;
+
+    const tools = _tools
+      .filter((tool) => !(tool && (tool.includes(domain) || tool.includes(action_id))))
+      .concat(functions.map((tool) => `${tool.function.name}${actionDelimiter}${domain}`));
+
+    // Force version update since actions are changing
+    const updatedAgent = await updateAgent(
+      agentQuery,
+      { tools, actions },
+      {
+        updatingUserId: req.user.id,
+        forceVersion: true,
+      },
+    );
+
+    // Only update user field for new actions
+    const actionUpdateData = { metadata, agent_id };
+    if (!actions_result || !actions_result.length) {
+      // For new actions, use the agent owner's user ID
+      actionUpdateData.user = agent_author || req.user.id;
+    }
+
+    /** @type {[Action]} */
+    const updatedAction = await updateAction({ action_id }, actionUpdateData);
+
+    const sensitiveFields = ['api_key', 'oauth_client_id', 'oauth_client_secret'];
+    for (let field of sensitiveFields) {
+      if (updatedAction.metadata[field]) {
+        delete updatedAction.metadata[field];
+      }
+    }
+
+    res.json([updatedAgent, updatedAction]);
+  } catch (error) {
+    const message = 'Trouble updating the Agent Action';
+    logger.error(message, error);
+    res.status(500).json({ message });
+  }
+});
 
 /**
  * Deletes an action for a specific agent.
@@ -147,55 +149,52 @@ router.post(
  * @param {string} req.params.action_id - The ID of the action to delete.
  * @returns {Object} 200 - success response - application/json
  */
-router.delete(
-  '/:agent_id/:action_id',
-  canAccessAgentResource({
-    requiredPermission: PermissionBits.EDIT,
-    resourceIdParam: 'agent_id',
-  }),
-  async (req, res) => {
-    try {
-      const { agent_id, action_id } = req.params;
+router.delete('/:agent_id/:action_id', async (req, res) => {
+  try {
+    const { agent_id, action_id } = req.params;
+    const admin = isAdmin(req);
 
-      // Permissions already validated by middleware - load agent directly
-      const agent = await getAgent({ id: agent_id });
-      if (!agent) {
-        return res.status(404).json({ message: 'Agent not found for deleting action' });
-      }
-
-      const { tools = [], actions = [] } = agent;
-
-      let domain = '';
-      const updatedActions = actions.filter((action) => {
-        if (action.includes(action_id)) {
-          [domain] = action.split(actionDelimiter);
-          return false;
-        }
-        return true;
-      });
-
-      domain = await domainParser(domain, true);
-
-      if (!domain) {
-        return res.status(400).json({ message: 'No domain provided' });
-      }
-
-      const updatedTools = tools.filter((tool) => !(tool && tool.includes(domain)));
-
-      // Force version update since actions are being removed
-      await updateAgent(
-        { id: agent_id },
-        { tools: updatedTools, actions: updatedActions },
-        { updatingUserId: req.user.id, forceVersion: true },
-      );
-      await deleteAction({ action_id });
-      res.status(200).json({ message: 'Action deleted successfully' });
-    } catch (error) {
-      const message = 'Trouble deleting the Agent Action';
-      logger.error(message, error);
-      res.status(500).json({ message });
+    // If admin, can delete any agent, otherwise only user's agents
+    const agentQuery = admin ? { id: agent_id } : { id: agent_id, author: req.user.id };
+    const agent = await getAgent(agentQuery);
+    if (!agent) {
+      return res.status(404).json({ message: 'Agent not found for deleting action' });
     }
-  },
-);
+
+    const { tools = [], actions = [] } = agent;
+
+    let domain = '';
+    const updatedActions = actions.filter((action) => {
+      if (action.includes(action_id)) {
+        [domain] = action.split(actionDelimiter);
+        return false;
+      }
+      return true;
+    });
+
+    domain = await domainParser(domain, true);
+
+    if (!domain) {
+      return res.status(400).json({ message: 'No domain provided' });
+    }
+
+    const updatedTools = tools.filter((tool) => !(tool && tool.includes(domain)));
+
+    // Force version update since actions are being removed
+    await updateAgent(
+      agentQuery,
+      { tools: updatedTools, actions: updatedActions },
+      { updatingUserId: req.user.id, forceVersion: true },
+    );
+    // If admin, can delete any action, otherwise only user's actions
+    const actionQuery = admin ? { action_id } : { action_id, user: req.user.id };
+    await deleteAction(actionQuery);
+    res.status(200).json({ message: 'Action deleted successfully' });
+  } catch (error) {
+    const message = 'Trouble deleting the Agent Action';
+    logger.error(message, error);
+    res.status(500).json({ message });
+  }
+});
 
 module.exports = router;

api/server/routes/agents/chat.js

@@ -1,5 +1,4 @@
 const express = require('express');
-const { PermissionBits } = require('@librechat/data-schemas');
 const { PermissionTypes, Permissions } = require('librechat-data-provider');
 const {
   setHeaders,
@@ -8,7 +7,6 @@ const {
   generateCheckAccess,
   validateConvoAccess,
   buildEndpointOption,
-  canAccessAgentFromBody,
 } = require('~/server/middleware');
 const { initializeClient } = require('~/server/services/Endpoints/agents');
 const AgentController = require('~/server/controllers/agents/request');
@@ -19,12 +17,8 @@ const router = express.Router();
 router.use(moderateText);
 
 const checkAgentAccess = generateCheckAccess(PermissionTypes.AGENTS, [Permissions.USE]);
-const checkAgentResourceAccess = canAccessAgentFromBody({
-  requiredPermission: PermissionBits.VIEW,
-});
 
 router.use(checkAgentAccess);
-router.use(checkAgentResourceAccess);
 router.use(validateConvoAccess);
 router.use(buildEndpointOption);
 router.use(setHeaders);

api/server/routes/agents/index.js

@@ -37,6 +37,4 @@ if (isEnabled(LIMIT_MESSAGE_USER)) {
 chatRouter.use('/', chat);
 router.use('/chat', chatRouter);
 
-// Add marketplace routes
-
 module.exports = router;

api/server/routes/agents/v1.js

@@ -1,11 +1,6 @@
 const express = require('express');
-const { PermissionBits } = require('@librechat/data-schemas');
 const { PermissionTypes, Permissions } = require('librechat-data-provider');
-const {
-  requireJwtAuth,
-  generateCheckAccess,
-  canAccessAgentResource,
-} = require('~/server/middleware');
+const { requireJwtAuth, generateCheckAccess } = require('~/server/middleware');
 const v1 = require('~/server/controllers/agents/v1');
 const actions = require('./actions');
 const tools = require('./tools');
@@ -42,11 +37,6 @@ router.use('/actions', actions);
  */
 router.use('/tools', tools);
 
-/**
- * Get all agent categories with counts
- * @route GET /agents/marketplace/categories
- */
-router.get('/categories', v1.getAgentCategories);
 /**
  * Creates an agent.
  * @route POST /agents
@@ -56,38 +46,13 @@ router.get('/categories', v1.getAgentCategories);
 router.post('/', checkAgentCreate, v1.createAgent);
 
 /**
- * Retrieves basic agent information (VIEW permission required).
- * Returns safe, non-sensitive agent data for viewing purposes.
+ * Retrieves an agent.
  * @route GET /agents/:id
  * @param {string} req.params.id - Agent identifier.
- * @returns {Agent} 200 - Basic agent info - application/json
+ * @returns {Agent} 200 - Success response - application/json
  */
-router.get(
-  '/:id',
-  checkAgentAccess,
-  canAccessAgentResource({
-    requiredPermission: PermissionBits.VIEW,
-    resourceIdParam: 'id',
-  }),
-  v1.getAgent,
-);
+router.get('/:id', checkAgentAccess, v1.getAgent);
 
-/**
- * Retrieves full agent details including sensitive configuration (EDIT permission required).
- * Returns complete agent data for editing/configuration purposes.
- * @route GET /agents/:id/expanded
- * @param {string} req.params.id - Agent identifier.
- * @returns {Agent} 200 - Full agent details - application/json
- */
-router.get(
-  '/:id/expanded',
-  checkAgentAccess,
-  canAccessAgentResource({
-    requiredPermission: PermissionBits.EDIT,
-    resourceIdParam: 'id',
-  }),
-  (req, res) => v1.getAgent(req, res, true), // Expanded version
-);
 /**
  * Updates an agent.
  * @route PATCH /agents/:id
@@ -95,15 +60,7 @@ router.get(
  * @param {AgentUpdateParams} req.body - The agent update parameters.
  * @returns {Agent} 200 - Success response - application/json
  */
-router.patch(
-  '/:id',
-  checkGlobalAgentShare,
-  canAccessAgentResource({
-    requiredPermission: PermissionBits.EDIT,
-    resourceIdParam: 'id',
-  }),
-  v1.updateAgent,
-);
+router.patch('/:id', checkGlobalAgentShare, v1.updateAgent);
 
 /**
  * Duplicates an agent.
@@ -111,15 +68,7 @@ router.patch(
  * @param {string} req.params.id - Agent identifier.
  * @returns {Agent} 201 - Success response - application/json
  */
-router.post(
-  '/:id/duplicate',
-  checkAgentCreate,
-  canAccessAgentResource({
-    requiredPermission: PermissionBits.VIEW,
-    resourceIdParam: 'id',
-  }),
-  v1.duplicateAgent,
-);
+router.post('/:id/duplicate', checkAgentCreate, v1.duplicateAgent);
 
 /**
  * Deletes an agent.
@@ -127,15 +76,7 @@ router.post(
  * @param {string} req.params.id - Agent identifier.
  * @returns {Agent} 200 - success response - application/json
  */
-router.delete(
-  '/:id',
-  checkAgentCreate,
-  canAccessAgentResource({
-    requiredPermission: PermissionBits.DELETE,
-    resourceIdParam: 'id',
-  }),
-  v1.deleteAgent,
-);
+router.delete('/:id', checkAgentCreate, v1.deleteAgent);
 
 /**
  * Reverts an agent to a previous version.
@@ -162,14 +103,6 @@ router.get('/', checkAgentAccess, v1.getListAgents);
  * @param {string} [req.body.metadata] - Optional metadata for the agent's avatar.
  * @returns {Object} 200 - success response - application/json
  */
-avatar.post(
-  '/:agent_id/avatar/',
-  checkAgentAccess,
-  canAccessAgentResource({
-    requiredPermission: PermissionBits.EDIT,
-    resourceIdParam: 'agent_id',
-  }),
-  v1.uploadAgentAvatar,
-);
+avatar.post('/:agent_id/avatar/', checkAgentAccess, v1.uploadAgentAvatar);
 
 module.exports = { v1: router, avatar };

api/server/routes/ask/addToCache.js

@@ -0,0 +1,63 @@
+const { Keyv } = require('keyv');
+const { KeyvFile } = require('keyv-file');
+const { logger } = require('~/config');
+
+const addToCache = async ({ endpoint, endpointOption, userMessage, responseMessage }) => {
+  try {
+    const conversationsCache = new Keyv({
+      store: new KeyvFile({ filename: './data/cache.json' }),
+      namespace: 'chatgpt', // should be 'bing' for bing/sydney
+    });
+
+    const {
+      conversationId,
+      messageId: userMessageId,
+      parentMessageId: userParentMessageId,
+      text: userText,
+    } = userMessage;
+    const {
+      messageId: responseMessageId,
+      parentMessageId: responseParentMessageId,
+      text: responseText,
+    } = responseMessage;
+
+    let conversation = await conversationsCache.get(conversationId);
+    // used to generate a title for the conversation if none exists
+    // let isNewConversation = false;
+    if (!conversation) {
+      conversation = {
+        messages: [],
+        createdAt: Date.now(),
+      };
+      // isNewConversation = true;
+    }
+
+    const roles = (options) => {
+      if (endpoint === 'openAI') {
+        return options?.chatGptLabel || 'ChatGPT';
+      }
+    };
+
+    let _userMessage = {
+      id: userMessageId,
+      parentMessageId: userParentMessageId,
+      role: 'User',
+      message: userText,
+    };
+
+    let _responseMessage = {
+      id: responseMessageId,
+      parentMessageId: responseParentMessageId,
+      role: roles(endpointOption),
+      message: responseText,
+    };
+
+    conversation.messages.push(_userMessage, _responseMessage);
+
+    await conversationsCache.set(conversationId, conversation);
+  } catch (error) {
+    logger.error('[addToCache] Error adding conversation to cache', error);
+  }
+};
+
+module.exports = addToCache;

api/server/routes/ask/anthropic.js

@@ -0,0 +1,25 @@
+const express = require('express');
+const AskController = require('~/server/controllers/AskController');
+const { addTitle, initializeClient } = require('~/server/services/Endpoints/anthropic');
+const {
+  setHeaders,
+  handleAbort,
+  validateModel,
+  validateEndpoint,
+  buildEndpointOption,
+} = require('~/server/middleware');
+
+const router = express.Router();
+
+router.post(
+  '/',
+  validateEndpoint,
+  validateModel,
+  buildEndpointOption,
+  setHeaders,
+  async (req, res, next) => {
+    await AskController(req, res, next, initializeClient, addTitle);
+  },
+);
+
+module.exports = router;