Add comprehensive documentation for special variables feature

- Add detailed JSDoc comments to replaceSpecialVars function
- Create SPECIAL_VARIABLES.md with complete usage guide
- Document all available special variables including new local timezone ones
- Provide examples and technical implementation details
- Include migration guide for existing users

Co-authored-by: berry-13 <81851188+berry-13@users.noreply.github.com>

.env.example

@@ -163,10 +163,10 @@ GOOGLE_KEY=user_provided
 # GOOGLE_AUTH_HEADER=true
 
 # Gemini API (AI Studio)
-# GOOGLE_MODELS=gemini-2.5-pro,gemini-2.5-flash,gemini-2.5-flash-lite-preview-06-17,gemini-2.0-flash,gemini-2.0-flash-lite
+# GOOGLE_MODELS=gemini-2.5-pro,gemini-2.5-flash,gemini-2.5-flash-lite,gemini-2.0-flash,gemini-2.0-flash-lite
 
 # Vertex AI
-# GOOGLE_MODELS=gemini-2.5-pro,gemini-2.5-flash,gemini-2.5-flash-lite-preview-06-17,gemini-2.0-flash-001,gemini-2.0-flash-lite-001
+# GOOGLE_MODELS=gemini-2.5-pro,gemini-2.5-flash,gemini-2.5-flash-lite,gemini-2.0-flash-001,gemini-2.0-flash-lite-001
 
 # GOOGLE_TITLE_MODEL=gemini-2.0-flash-lite-001
 
@@ -196,7 +196,7 @@ GOOGLE_KEY=user_provided
 #============#
 
 OPENAI_API_KEY=user_provided
-# OPENAI_MODELS=o1,o1-mini,o1-preview,gpt-4o,gpt-4.5-preview,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
+# OPENAI_MODELS=gpt-5,gpt-5-codex,gpt-5-mini,gpt-5-nano,o3-pro,o3,o4-mini,gpt-4.1,gpt-4.1-mini,gpt-4.1-nano,o3-mini,o1-pro,o1,gpt-4o,gpt-4o-mini
 
 DEBUG_OPENAI=false
 
@@ -459,6 +459,9 @@ OPENID_CALLBACK_URL=/oauth/openid/callback
 OPENID_REQUIRED_ROLE=
 OPENID_REQUIRED_ROLE_TOKEN_KIND=
 OPENID_REQUIRED_ROLE_PARAMETER_PATH=
+OPENID_ADMIN_ROLE=
+OPENID_ADMIN_ROLE_PARAMETER_PATH=
+OPENID_ADMIN_ROLE_TOKEN_KIND=
 # Set to determine which user info property returned from OpenID Provider to store as the User's username
 OPENID_USERNAME_CLAIM=
 # Set to determine which user info property returned from OpenID Provider to store as the User's name
@@ -650,6 +653,12 @@ HELP_AND_FAQ_URL=https://librechat.ai
 # Google tag manager id
 #ANALYTICS_GTM_ID=user provided google tag manager id
 
+# limit conversation file imports to a certain number of bytes in size to avoid the container
+# maxing out memory limitations by unremarking this line and supplying a file size in bytes
+# such as the below example of 250 mib
+# CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES=262144000
+
+
 #===============#
 # REDIS Options #
 #===============#
@@ -690,8 +699,8 @@ HELP_AND_FAQ_URL=https://librechat.ai
 # REDIS_PING_INTERVAL=300
 
 # Force specific cache namespaces to use in-memory storage even when Redis is enabled
-# Comma-separated list of CacheKeys (e.g., STATIC_CONFIG,ROLES,MESSAGES)
-# FORCED_IN_MEMORY_CACHE_NAMESPACES=STATIC_CONFIG,ROLES
+# Comma-separated list of CacheKeys (e.g., ROLES,MESSAGES)
+# FORCED_IN_MEMORY_CACHE_NAMESPACES=ROLES,MESSAGES
 
 #==================================================#
 #                      Others                      #

.github/workflows/cache-integration-tests.yml

@@ -0,0 +1,78 @@
+name: Cache Integration Tests
+
+on:
+  pull_request:
+    branches:
+      - main
+      - dev
+      - release/*
+    paths:
+      - 'packages/api/src/cache/**'
+      - 'redis-config/**'
+      - '.github/workflows/cache-integration-tests.yml'
+
+jobs:
+  cache_integration_tests:
+    name: Run Cache Integration Tests
+    timeout-minutes: 30
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Use Node.js 20.x
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+
+      - name: Install Redis tools
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y redis-server redis-tools
+
+      - name: Start Single Redis Instance
+        run: |
+          redis-server --daemonize yes --port 6379
+          sleep 2
+          # Verify single Redis is running
+          redis-cli -p 6379 ping || exit 1
+
+      - name: Start Redis Cluster
+        working-directory: redis-config
+        run: |
+          chmod +x start-cluster.sh stop-cluster.sh
+          ./start-cluster.sh
+          sleep 10
+          # Verify cluster is running
+          redis-cli -p 7001 cluster info || exit 1
+          redis-cli -p 7002 cluster info || exit 1
+          redis-cli -p 7003 cluster info || exit 1
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build packages
+        run: |
+          npm run build:data-provider
+          npm run build:data-schemas
+          npm run build:api
+
+      - name: Run cache integration tests
+        working-directory: packages/api
+        env:
+          NODE_ENV: test
+          USE_REDIS: true
+          REDIS_URI: redis://127.0.0.1:6379
+          REDIS_CLUSTER_URI: redis://127.0.0.1:7001,redis://127.0.0.1:7002,redis://127.0.0.1:7003
+        run: npm run test:cache:integration
+
+      - name: Stop Redis Cluster
+        if: always()
+        working-directory: redis-config
+        run: ./stop-cluster.sh || true
+
+      - name: Stop Single Redis Instance
+        if: always()
+        run: redis-cli -p 6379 shutdown || true

.husky/pre-commit

@@ -1,5 +1,2 @@
-#!/usr/bin/env sh 
-set -e
-. "$(dirname -- "$0")/_/husky.sh"
 [ -n "$CI" ] && exit 0
 npx lint-staged --config ./.husky/lint-staged.config.js

Dockerfile

@@ -1,4 +1,4 @@
-# v0.8.0-rc3
+# v0.8.0
 
 # Base node image
 FROM node:20-alpine AS node
@@ -30,7 +30,7 @@ RUN \
     # Allow mounting of these files, which have no default
     touch .env ; \
     # Create directories for the volumes to inherit the correct permissions
-    mkdir -p /app/client/public/images /app/api/logs ; \
+    mkdir -p /app/client/public/images /app/api/logs /app/uploads ; \
     npm config set fetch-retry-maxtimeout 600000 ; \
     npm config set fetch-retries 5 ; \
     npm config set fetch-retry-mintimeout 15000 ; \
@@ -44,8 +44,6 @@ RUN \
     npm prune --production; \
     npm cache clean --force
 
-RUN mkdir -p /app/client/public/images /app/api/logs
-
 # Node API setup
 EXPOSE 3080
 ENV HOST=0.0.0.0

Dockerfile.multi

@@ -1,5 +1,5 @@
 # Dockerfile.multi
-# v0.8.0-rc3
+# v0.8.0
 
 # Base for all builds
 FROM node:20-alpine AS base-min

README.md

@@ -75,6 +75,7 @@
 - 🔍 **Web Search**:  
   - Search the internet and retrieve relevant information to enhance your AI context
   - Combines search providers, content scrapers, and result rerankers for optimal results
+  - **Customizable Jina Reranking**: Configure custom Jina API URLs for reranking services
   - **[Learn More →](https://www.librechat.ai/docs/features/web_search)**
 
 - 🪄 **Generative UI with Code Artifacts**:  

api/app/clients/AnthropicClient.js

@@ -1,4 +1,5 @@
 const Anthropic = require('@anthropic-ai/sdk');
+const { logger } = require('@librechat/data-schemas');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const {
   Constants,
@@ -9,8 +10,18 @@ const {
   getResponseSender,
   validateVisionModel,
 } = require('librechat-data-provider');
-const { SplitStreamHandler: _Handler } = require('@librechat/agents');
-const { Tokenizer, createFetch, createStreamEventHandlers } = require('@librechat/api');
+const { sleep, SplitStreamHandler: _Handler } = require('@librechat/agents');
+const {
+  Tokenizer,
+  createFetch,
+  matchModelName,
+  getClaudeHeaders,
+  getModelMaxTokens,
+  configureReasoning,
+  checkPromptCacheSupport,
+  getModelMaxOutputTokens,
+  createStreamEventHandlers,
+} = require('@librechat/api');
 const {
   truncateText,
   formatMessage,
@@ -19,17 +30,9 @@ const {
   parseParamFromPrompt,
   createContextHandlers,
 } = require('./prompts');
-const {
-  getClaudeHeaders,
-  configureReasoning,
-  checkPromptCacheSupport,
-} = require('~/server/services/Endpoints/anthropic/helpers');
-const { getModelMaxTokens, getModelMaxOutputTokens, matchModelName } = require('~/utils');
 const { spendTokens, spendStructuredTokens } = require('~/models/spendTokens');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
-const { sleep } = require('~/server/utils');
 const BaseClient = require('./BaseClient');
-const { logger } = require('~/config');
 
 const HUMAN_PROMPT = '\n\nHuman:';
 const AI_PROMPT = '\n\nAssistant:';

api/app/clients/BaseClient.js

@@ -1,20 +1,29 @@
 const crypto = require('crypto');
 const fetch = require('node-fetch');
 const { logger } = require('@librechat/data-schemas');
-const { getBalanceConfig } = require('@librechat/api');
 const {
-  supportsBalanceCheck,
-  isAgentsEndpoint,
-  isParamEndpoint,
-  EModelEndpoint,
+  getBalanceConfig,
+  extractFileContext,
+  encodeAndFormatAudios,
+  encodeAndFormatVideos,
+  encodeAndFormatDocuments,
+} = require('@librechat/api');
+const {
+  Constants,
+  ErrorTypes,
+  FileSources,
   ContentTypes,
   excludedKeys,
-  ErrorTypes,
-  Constants,
+  EModelEndpoint,
+  isParamEndpoint,
+  isAgentsEndpoint,
+  supportsBalanceCheck,
 } = require('librechat-data-provider');
 const { getMessages, saveMessage, updateMessage, saveConvo, getConvo } = require('~/models');
+const { getStrategyFunctions } = require('~/server/services/Files/strategies');
 const { checkBalance } = require('~/models/balanceMethods');
 const { truncateToolCallOutputs } = require('./prompts');
+const countTokens = require('~/server/utils/countTokens');
 const { getFiles } = require('~/models/File');
 const TextStream = require('./TextStream');
 
@@ -1198,8 +1207,135 @@ class BaseClient {
     return await this.sendCompletion(payload, opts);
   }
 
+  async addDocuments(message, attachments) {
+    const documentResult = await encodeAndFormatDocuments(
+      this.options.req,
+      attachments,
+      {
+        provider: this.options.agent?.provider,
+        useResponsesApi: this.options.agent?.model_parameters?.useResponsesApi,
+      },
+      getStrategyFunctions,
+    );
+    message.documents =
+      documentResult.documents && documentResult.documents.length
+        ? documentResult.documents
+        : undefined;
+    return documentResult.files;
+  }
+
+  async addVideos(message, attachments) {
+    const videoResult = await encodeAndFormatVideos(
+      this.options.req,
+      attachments,
+      this.options.agent.provider,
+      getStrategyFunctions,
+    );
+    message.videos =
+      videoResult.videos && videoResult.videos.length ? videoResult.videos : undefined;
+    return videoResult.files;
+  }
+
+  async addAudios(message, attachments) {
+    const audioResult = await encodeAndFormatAudios(
+      this.options.req,
+      attachments,
+      this.options.agent.provider,
+      getStrategyFunctions,
+    );
+    message.audios =
+      audioResult.audios && audioResult.audios.length ? audioResult.audios : undefined;
+    return audioResult.files;
+  }
+
+  /**
+   * Extracts text context from attachments and sets it on the message.
+   * This handles text that was already extracted from files (OCR, transcriptions, document text, etc.)
+   * @param {TMessage} message - The message to add context to
+   * @param {MongoFile[]} attachments - Array of file attachments
+   * @returns {Promise<void>}
+   */
+  async addFileContextToMessage(message, attachments) {
+    const fileContext = await extractFileContext({
+      attachments,
+      req: this.options?.req,
+      tokenCountFn: (text) => countTokens(text),
+    });
+
+    if (fileContext) {
+      message.fileContext = fileContext;
+    }
+  }
+
+  async processAttachments(message, attachments) {
+    const categorizedAttachments = {
+      images: [],
+      videos: [],
+      audios: [],
+      documents: [],
+    };
+
+    const allFiles = [];
+
+    for (const file of attachments) {
+      /** @type {FileSources} */
+      const source = file.source ?? FileSources.local;
+      if (source === FileSources.text) {
+        allFiles.push(file);
+        continue;
+      }
+      if (file.embedded === true || file.metadata?.fileIdentifier != null) {
+        allFiles.push(file);
+        continue;
+      }
+
+      if (file.type.startsWith('image/')) {
+        categorizedAttachments.images.push(file);
+      } else if (file.type === 'application/pdf') {
+        categorizedAttachments.documents.push(file);
+        allFiles.push(file);
+      } else if (file.type.startsWith('video/')) {
+        categorizedAttachments.videos.push(file);
+        allFiles.push(file);
+      } else if (file.type.startsWith('audio/')) {
+        categorizedAttachments.audios.push(file);
+        allFiles.push(file);
+      }
+    }
+
+    const [imageFiles] = await Promise.all([
+      categorizedAttachments.images.length > 0
+        ? this.addImageURLs(message, categorizedAttachments.images)
+        : Promise.resolve([]),
+      categorizedAttachments.documents.length > 0
+        ? this.addDocuments(message, categorizedAttachments.documents)
+        : Promise.resolve([]),
+      categorizedAttachments.videos.length > 0
+        ? this.addVideos(message, categorizedAttachments.videos)
+        : Promise.resolve([]),
+      categorizedAttachments.audios.length > 0
+        ? this.addAudios(message, categorizedAttachments.audios)
+        : Promise.resolve([]),
+    ]);
+
+    allFiles.push(...imageFiles);
+
+    const seenFileIds = new Set();
+    const uniqueFiles = [];
+
+    for (const file of allFiles) {
+      if (file.file_id && !seenFileIds.has(file.file_id)) {
+        seenFileIds.add(file.file_id);
+        uniqueFiles.push(file);
+      } else if (!file.file_id) {
+        uniqueFiles.push(file);
+      }
+    }
+
+    return uniqueFiles;
+  }
+
   /**
-   *
    * @param {TMessage[]} _messages
    * @returns {Promise<TMessage[]>}
    */
@@ -1248,7 +1384,8 @@ class BaseClient {
         {},
       );
 
-      await this.addImageURLs(message, files, this.visionMode);
+      await this.addFileContextToMessage(message, files);
+      await this.processAttachments(message, files);
 
       this.message_file_map[message.messageId] = files;
       return message;

api/app/clients/GoogleClient.js

@@ -1,4 +1,7 @@
 const { google } = require('googleapis');
+const { sleep } = require('@librechat/agents');
+const { logger } = require('@librechat/data-schemas');
+const { getModelMaxTokens } = require('@librechat/api');
 const { concat } = require('@langchain/core/utils/stream');
 const { ChatVertexAI } = require('@langchain/google-vertexai');
 const { Tokenizer, getSafetySettings } = require('@librechat/api');
@@ -21,9 +24,6 @@ const {
 } = require('librechat-data-provider');
 const { encodeAndFormat } = require('~/server/services/Files/images');
 const { spendTokens } = require('~/models/spendTokens');
-const { getModelMaxTokens } = require('~/utils');
-const { sleep } = require('~/server/utils');
-const { logger } = require('~/config');
 const {
   formatMessage,
   createContextHandlers,

api/app/clients/OpenAIClient.js

@@ -1,13 +1,15 @@
-const { OllamaClient } = require('./OllamaClient');
+const { logger } = require('@librechat/data-schemas');
 const { HttpsProxyAgent } = require('https-proxy-agent');
-const { SplitStreamHandler, CustomOpenAIClient: OpenAI } = require('@librechat/agents');
+const { sleep, SplitStreamHandler, CustomOpenAIClient: OpenAI } = require('@librechat/agents');
 const {
   isEnabled,
   Tokenizer,
   createFetch,
   resolveHeaders,
   constructAzureURL,
+  getModelMaxTokens,
   genAzureChatCompletion,
+  getModelMaxOutputTokens,
   createStreamEventHandlers,
 } = require('@librechat/api');
 const {
@@ -31,17 +33,16 @@ const {
   titleInstruction,
   createContextHandlers,
 } = require('./prompts');
-const { extractBaseURL, getModelMaxTokens, getModelMaxOutputTokens } = require('~/utils');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
-const { addSpaceIfNeeded, sleep } = require('~/server/utils');
 const { spendTokens } = require('~/models/spendTokens');
+const { addSpaceIfNeeded } = require('~/server/utils');
 const { handleOpenAIErrors } = require('./tools/util');
+const { OllamaClient } = require('./OllamaClient');
 const { summaryBuffer } = require('./memory');
 const { runTitleChain } = require('./chains');
+const { extractBaseURL } = require('~/utils');
 const { tokenSplit } = require('./document');
 const BaseClient = require('./BaseClient');
-const { createLLM } = require('./llm');
-const { logger } = require('~/config');
 
 class OpenAIClient extends BaseClient {
   constructor(apiKey, options = {}) {
@@ -612,65 +613,8 @@ class OpenAIClient extends BaseClient {
     return (reply ?? '').trim();
   }
 
-  initializeLLM({
-    model = openAISettings.model.default,
-    modelName,
-    temperature = 0.2,
-    max_tokens,
-    streaming,
-  }) {
-    const modelOptions = {
-      modelName: modelName ?? model,
-      temperature,
-      user: this.user,
-    };
-
-    if (max_tokens) {
-      modelOptions.max_tokens = max_tokens;
-    }
-
-    const configOptions = {};
-
-    if (this.langchainProxy) {
-      configOptions.basePath = this.langchainProxy;
-    }
-
-    if (this.useOpenRouter) {
-      configOptions.basePath = 'https://openrouter.ai/api/v1';
-      configOptions.baseOptions = {
-        headers: {
-          'HTTP-Referer': 'https://librechat.ai',
-          'X-Title': 'LibreChat',
-        },
-      };
-    }
-
-    const { headers } = this.options;
-    if (headers && typeof headers === 'object' && !Array.isArray(headers)) {
-      configOptions.baseOptions = {
-        headers: resolveHeaders({
-          headers: {
-            ...headers,
-            ...configOptions?.baseOptions?.headers,
-          },
-        }),
-      };
-    }
-
-    if (this.options.proxy) {
-      configOptions.httpAgent = new HttpsProxyAgent(this.options.proxy);
-      configOptions.httpsAgent = new HttpsProxyAgent(this.options.proxy);
-    }
-
-    const llm = createLLM({
-      modelOptions,
-      configOptions,
-      openAIApiKey: this.apiKey,
-      azure: this.azure,
-      streaming,
-    });
-
-    return llm;
+  initializeLLM() {
+    throw new Error('Deprecated');
   }
 
   /**

api/app/clients/TextStream.js

@@ -1,5 +1,5 @@
 const { Readable } = require('stream');
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');
 
 class TextStream extends Readable {
   constructor(text, options = {}) {

api/app/clients/agents/CustomAgent/outputParser.js

@@ -1,5 +1,5 @@
+const { logger } = require('@librechat/data-schemas');
 const { ZeroShotAgentOutputParser } = require('langchain/agents');
-const { logger } = require('~/config');
 
 class CustomOutputParser extends ZeroShotAgentOutputParser {
   constructor(fields) {

api/app/clients/chains/runTitleChain.js

@@ -1,7 +1,7 @@
 const { z } = require('zod');
+const { logger } = require('@librechat/data-schemas');
 const { langPrompt, createTitlePrompt, escapeBraces, getSnippet } = require('../prompts');
 const { createStructuredOutputChainFromZod } = require('langchain/chains/openai_functions');
-const { logger } = require('~/config');
 
 const langSchema = z.object({
   language: z.string().describe('The language of the input text (full noun, no abbreviations).'),

api/app/clients/llm/createLLM.js

@@ -1,81 +0,0 @@
-const { ChatOpenAI } = require('@langchain/openai');
-const { isEnabled, sanitizeModelName, constructAzureURL } = require('@librechat/api');
-
-/**
- * Creates a new instance of a language model (LLM) for chat interactions.
- *
- * @param {Object} options - The options for creating the LLM.
- * @param {ModelOptions} options.modelOptions - The options specific to the model, including modelName, temperature, presence_penalty, frequency_penalty, and other model-related settings.
- * @param {ConfigOptions} options.configOptions - Configuration options for the API requests, including proxy settings and custom headers.
- * @param {Callbacks} [options.callbacks] - Callback functions for managing the lifecycle of the LLM, including token buffers, context, and initial message count.
- * @param {boolean} [options.streaming=false] - Determines if the LLM should operate in streaming mode.
- * @param {string} options.openAIApiKey - The API key for OpenAI, used for authentication.
- * @param {AzureOptions} [options.azure={}] - Optional Azure-specific configurations. If provided, Azure configurations take precedence over OpenAI configurations.
- *
- * @returns {ChatOpenAI} An instance of the ChatOpenAI class, configured with the provided options.
- *
- * @example
- * const llm = createLLM({
- *   modelOptions: { modelName: 'gpt-4o-mini', temperature: 0.2 },
- *   configOptions: { basePath: 'https://example.api/path' },
- *   callbacks: { onMessage: handleMessage },
- *   openAIApiKey: 'your-api-key'
- * });
- */
-function createLLM({
-  modelOptions,
-  configOptions,
-  callbacks,
-  streaming = false,
-  openAIApiKey,
-  azure = {},
-}) {
-  let credentials = { openAIApiKey };
-  let configuration = {
-    apiKey: openAIApiKey,
-    ...(configOptions.basePath && { baseURL: configOptions.basePath }),
-  };
-
-  /**  @type {AzureOptions} */
-  let azureOptions = {};
-  if (azure) {
-    const useModelName = isEnabled(process.env.AZURE_USE_MODEL_AS_DEPLOYMENT_NAME);
-
-    credentials = {};
-    configuration = {};
-    azureOptions = azure;
-
-    azureOptions.azureOpenAIApiDeploymentName = useModelName
-      ? sanitizeModelName(modelOptions.modelName)
-      : azureOptions.azureOpenAIApiDeploymentName;
-  }
-
-  if (azure && process.env.AZURE_OPENAI_DEFAULT_MODEL) {
-    modelOptions.modelName = process.env.AZURE_OPENAI_DEFAULT_MODEL;
-  }
-
-  if (azure && configOptions.basePath) {
-    const azureURL = constructAzureURL({
-      baseURL: configOptions.basePath,
-      azureOptions,
-    });
-    azureOptions.azureOpenAIBasePath = azureURL.split(
-      `/${azureOptions.azureOpenAIApiDeploymentName}`,
-    )[0];
-  }
-
-  return new ChatOpenAI(
-    {
-      streaming,
-      credentials,
-      configuration,
-      ...azureOptions,
-      ...modelOptions,
-      ...credentials,
-      callbacks,
-    },
-    configOptions,
-  );
-}
-
-module.exports = createLLM;

api/app/clients/llm/index.js

@@ -1,7 +1,5 @@
-const createLLM = require('./createLLM');
 const createCoherePayload = require('./createCoherePayload');
 
 module.exports = {
-  createLLM,
   createCoherePayload,
 };

api/app/clients/memory/summaryBuffer.demo.js

@@ -1,31 +0,0 @@
-require('dotenv').config();
-const { ChatOpenAI } = require('@langchain/openai');
-const { getBufferString, ConversationSummaryBufferMemory } = require('langchain/memory');
-
-const chatPromptMemory = new ConversationSummaryBufferMemory({
-  llm: new ChatOpenAI({ modelName: 'gpt-4o-mini', temperature: 0 }),
-  maxTokenLimit: 10,
-  returnMessages: true,
-});
-
-(async () => {
-  await chatPromptMemory.saveContext({ input: 'hi my name\'s Danny' }, { output: 'whats up' });
-  await chatPromptMemory.saveContext({ input: 'not much you' }, { output: 'not much' });
-  await chatPromptMemory.saveContext(
-    { input: 'are you excited for the olympics?' },
-    { output: 'not really' },
-  );
-
-  // We can also utilize the predict_new_summary method directly.
-  const messages = await chatPromptMemory.chatHistory.getMessages();
-  console.log('MESSAGES\n\n');
-  console.log(JSON.stringify(messages));
-  const previous_summary = '';
-  const predictSummary = await chatPromptMemory.predictNewSummary(messages, previous_summary);
-  console.log('SUMMARY\n\n');
-  console.log(JSON.stringify(getBufferString([{ role: 'system', content: predictSummary }])));
-
-  // const { history } = await chatPromptMemory.loadMemoryVariables({});
-  // console.log('HISTORY\n\n');
-  // console.log(JSON.stringify(history));
-})();

api/app/clients/memory/summaryBuffer.js

@@ -1,7 +1,7 @@
+const { logger } = require('@librechat/data-schemas');
 const { ConversationSummaryBufferMemory, ChatMessageHistory } = require('langchain/memory');
 const { formatLangChainMessages, SUMMARY_PROMPT } = require('../prompts');
 const { predictNewSummary } = require('../chains');
-const { logger } = require('~/config');
 
 const createSummaryBufferMemory = ({ llm, prompt, messages, ...rest }) => {
   const chatHistory = new ChatMessageHistory(messages);

api/app/clients/output_parsers/addImages.js

@@ -1,4 +1,4 @@
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');
 
 /**
  * The `addImages` function corrects any erroneous image URLs in the `responseMessage.text`

api/app/clients/prompts/artifacts.js

@@ -3,6 +3,7 @@ const { EModelEndpoint, ArtifactModes } = require('librechat-data-provider');
 const { generateShadcnPrompt } = require('~/app/clients/prompts/shadcn-docs/generate');
 const { components } = require('~/app/clients/prompts/shadcn-docs/components');
 
+/** @deprecated */
 // eslint-disable-next-line no-unused-vars
 const artifactsPromptV1 = dedent`The assistant can create and reference artifacts during conversations.
   
@@ -115,6 +116,7 @@ Here are some examples of correct usage of artifacts:
     </assistant_response>
   </example>
 </examples>`;
+
 const artifactsPrompt = dedent`The assistant can create and reference artifacts during conversations.
   
 Artifacts are for substantial, self-contained content that users might modify or reuse, displayed in a separate UI window for clarity.
@@ -165,6 +167,10 @@ Artifacts are for substantial, self-contained content that users might modify or
     - SVG: "image/svg+xml"
       - The user interface will render the Scalable Vector Graphics (SVG) image within the artifact tags.
       - The assistant should specify the viewbox of the SVG rather than defining a width/height
+    - Markdown: "text/markdown" or "text/md"
+      - The user interface will render Markdown content placed within the artifact tags.
+      - Supports standard Markdown syntax including headers, lists, links, images, code blocks, tables, and more.
+      - Both "text/markdown" and "text/md" are accepted as valid MIME types for Markdown content.
     - Mermaid Diagrams: "application/vnd.mermaid"
       - The user interface will render Mermaid diagrams placed within the artifact tags.
     - React Components: "application/vnd.react"
@@ -366,6 +372,10 @@ Artifacts are for substantial, self-contained content that users might modify or
     - SVG: "image/svg+xml"
       - The user interface will render the Scalable Vector Graphics (SVG) image within the artifact tags.
       - The assistant should specify the viewbox of the SVG rather than defining a width/height
+    - Markdown: "text/markdown" or "text/md"
+      - The user interface will render Markdown content placed within the artifact tags.
+      - Supports standard Markdown syntax including headers, lists, links, images, code blocks, tables, and more.
+      - Both "text/markdown" and "text/md" are accepted as valid MIME types for Markdown content.
     - Mermaid Diagrams: "application/vnd.mermaid"
       - The user interface will render Mermaid diagrams placed within the artifact tags.
     - React Components: "application/vnd.react"

api/app/clients/specs/FakeClient.js

@@ -1,5 +1,5 @@
+const { getModelMaxTokens } = require('@librechat/api');
 const BaseClient = require('../BaseClient');
-const { getModelMaxTokens } = require('../../../utils');
 
 class FakeClient extends BaseClient {
   constructor(apiKey, options = {}) {

api/app/clients/tools/structured/AzureAISearch.js

@@ -1,7 +1,7 @@
 const { z } = require('zod');
 const { Tool } = require('@langchain/core/tools');
+const { logger } = require('@librechat/data-schemas');
 const { SearchClient, AzureKeyCredential } = require('@azure/search-documents');
-const { logger } = require('~/config');
 
 class AzureAISearch extends Tool {
   // Constants for default values
@@ -18,7 +18,7 @@ class AzureAISearch extends Tool {
     super();
     this.name = 'azure-ai-search';
     this.description =
-      'Use the \'azure-ai-search\' tool to retrieve search results relevant to your input';
+      "Use the 'azure-ai-search' tool to retrieve search results relevant to your input";
     /* Used to initialize the Tool without necessary variables. */
     this.override = fields.override ?? false;
 

api/app/clients/tools/structured/DALLE3.js

@@ -1,9 +1,8 @@
 const { z } = require('zod');
 const path = require('path');
 const OpenAI = require('openai');
-const fetch = require('node-fetch');
 const { v4: uuidv4 } = require('uuid');
-const { ProxyAgent } = require('undici');
+const { ProxyAgent, fetch } = require('undici');
 const { Tool } = require('@langchain/core/tools');
 const { logger } = require('@librechat/data-schemas');
 const { getImageBasename } = require('@librechat/api');

api/app/clients/tools/structured/FluxAPI.js

@@ -3,12 +3,12 @@ const axios = require('axios');
 const fetch = require('node-fetch');
 const { v4: uuidv4 } = require('uuid');
 const { Tool } = require('@langchain/core/tools');
+const { logger } = require('@librechat/data-schemas');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const { FileContext, ContentTypes } = require('librechat-data-provider');
-const { logger } = require('~/config');
 
 const displayMessage =
-  'Flux displayed an image. All generated images are already plainly visible, so don\'t repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.';
+  "Flux displayed an image. All generated images are already plainly visible, so don't repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.";
 
 /**
  * FluxAPI - A tool for generating high-quality images from text prompts using the Flux API.

api/app/clients/tools/structured/StableDiffusion.js

@@ -6,9 +6,9 @@ const axios = require('axios');
 const sharp = require('sharp');
 const { v4: uuidv4 } = require('uuid');
 const { Tool } = require('@langchain/core/tools');
+const { logger } = require('@librechat/data-schemas');
 const { FileContext, ContentTypes } = require('librechat-data-provider');
 const paths = require('~/config/paths');
-const { logger } = require('~/config');
 
 const displayMessage =
   "Stable Diffusion displayed an image. All generated images are already plainly visible, so don't repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.";

api/app/clients/tools/structured/TraversaalSearch.js

@@ -1,7 +1,7 @@
 const { z } = require('zod');
 const { Tool } = require('@langchain/core/tools');
+const { logger } = require('@librechat/data-schemas');
 const { getEnvironmentVariable } = require('@langchain/core/utils/env');
-const { logger } = require('~/config');
 
 /**
  * Tool for the Traversaal AI search API, Ares.
@@ -21,7 +21,7 @@ class TraversaalSearch extends Tool {
       query: z
         .string()
         .describe(
-          'A properly written sentence to be interpreted by an AI to search the web according to the user\'s request.',
+          "A properly written sentence to be interpreted by an AI to search the web according to the user's request.",
         ),
     });
 
@@ -38,7 +38,6 @@ class TraversaalSearch extends Tool {
     return apiKey;
   }
 
-  // eslint-disable-next-line no-unused-vars
   async _call({ query }, _runManager) {
     const body = {
       query: [query],

api/app/clients/tools/structured/Wolfram.js

@@ -1,8 +1,8 @@
 /* eslint-disable no-useless-escape */
-const axios = require('axios');
 const { z } = require('zod');
+const axios = require('axios');
 const { Tool } = require('@langchain/core/tools');
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');
 
 class WolframAlphaAPI extends Tool {
   constructor(fields) {

api/app/clients/tools/util/fileSearch.js

@@ -68,18 +68,19 @@ const primeFiles = async (options) => {
 /**
  *
  * @param {Object} options
- * @param {ServerRequest} options.req
+ * @param {string} options.userId
  * @param {Array<{ file_id: string; filename: string }>} options.files
  * @param {string} [options.entity_id]
+ * @param {boolean} [options.fileCitations=false] - Whether to include citation instructions
  * @returns
  */
-const createFileSearchTool = async ({ req, files, entity_id }) => {
+const createFileSearchTool = async ({ userId, files, entity_id, fileCitations = false }) => {
   return tool(
     async ({ query }) => {
       if (files.length === 0) {
         return 'No files to search. Instruct the user to add files for the search.';
       }
-      const jwtToken = generateShortLivedToken(req.user.id);
+      const jwtToken = generateShortLivedToken(userId);
       if (!jwtToken) {
         return 'There was an error authenticating the file search request.';
       }
@@ -142,9 +143,9 @@ const createFileSearchTool = async ({ req, files, entity_id }) => {
       const formattedString = formattedResults
         .map(
           (result, index) =>
-            `File: ${result.filename}\nAnchor: \\ue202turn0file${index} (${result.filename})\nRelevance: ${(1.0 - result.distance).toFixed(4)}\nContent: ${
-              result.content
-            }\n`,
+            `File: ${result.filename}${
+              fileCitations ? `\nAnchor: \\ue202turn0file${index} (${result.filename})` : ''
+            }\nRelevance: ${(1.0 - result.distance).toFixed(4)}\nContent: ${result.content}\n`,
         )
         .join('\n---\n');
 
@@ -158,12 +159,14 @@ const createFileSearchTool = async ({ req, files, entity_id }) => {
         pageRelevance: result.page ? { [result.page]: 1.0 - result.distance } : {},
       }));
 
-      return [formattedString, { [Tools.file_search]: { sources } }];
+      return [formattedString, { [Tools.file_search]: { sources, fileCitations } }];
     },
     {
       name: Tools.file_search,
       responseFormat: 'content_and_artifact',
-      description: `Performs semantic search across attached "${Tools.file_search}" documents using natural language queries. This tool analyzes the content of uploaded files to find relevant information, quotes, and passages that best match your query. Use this to extract specific information or find relevant sections within the available documents.
+      description: `Performs semantic search across attached "${Tools.file_search}" documents using natural language queries. This tool analyzes the content of uploaded files to find relevant information, quotes, and passages that best match your query. Use this to extract specific information or find relevant sections within the available documents.${
+        fileCitations
+          ? `
 
 **CITE FILE SEARCH RESULTS:**
 Use anchor markers immediately after statements derived from file content. Reference the filename in your text:
@@ -171,7 +174,9 @@ Use anchor markers immediately after statements derived from file content. Refer
 - Page reference: "According to report.docx... \\ue202turn0file1"
 - Multi-file: "Multiple sources confirm... \\ue200\\ue202turn0file0\\ue202turn0file1\\ue201"
 
-**ALWAYS mention the filename in your text before the citation marker. NEVER use markdown links or footnotes.**`,
+**ALWAYS mention the filename in your text before the citation marker. NEVER use markdown links or footnotes.**`
+          : ''
+      }`,
       schema: z.object({
         query: z
           .string()

api/app/clients/tools/util/handleOpenAIErrors.js

@@ -1,5 +1,5 @@
 const OpenAI = require('openai');
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');
 
 /**
  * Handles errors that may occur when making requests to OpenAI's API.

api/app/clients/tools/util/handleTools.js

@@ -1,9 +1,21 @@
 const { logger } = require('@librechat/data-schemas');
 const { SerpAPI } = require('@langchain/community/tools/serpapi');
 const { Calculator } = require('@langchain/community/tools/calculator');
-const { mcpToolPattern, loadWebSearchAuth } = require('@librechat/api');
 const { EnvVar, createCodeExecutionTool, createSearchTool } = require('@librechat/agents');
-const { Tools, Constants, EToolResources, replaceSpecialVars } = require('librechat-data-provider');
+const {
+  checkAccess,
+  createSafeUser,
+  mcpToolPattern,
+  loadWebSearchAuth,
+} = require('@librechat/api');
+const {
+  Tools,
+  Constants,
+  Permissions,
+  EToolResources,
+  PermissionTypes,
+  replaceSpecialVars,
+} = require('librechat-data-provider');
 const {
   availableTools,
   manifestToolMap,
@@ -26,7 +38,8 @@ const { createFileSearchTool, primeFiles: primeSearchFiles } = require('./fileSe
 const { getUserPluginAuthValue } = require('~/server/services/PluginService');
 const { createMCPTool, createMCPTools } = require('~/server/services/MCP');
 const { loadAuthValues } = require('~/server/services/Tools/credentials');
-const { getCachedTools } = require('~/server/services/Config');
+const { getMCPServerTools } = require('~/server/services/Config');
+const { getRoleByName } = require('~/models/Role');
 
 /**
  * Validates the availability and authentication of tools for a user based on environment variables or user-specific plugin authentication values.
@@ -242,7 +255,6 @@ const loadTools = async ({
 
   /** @type {Record<string, string>} */
   const toolContextMap = {};
-  const cachedTools = (await getCachedTools({ userId: user, includeGlobal: true })) ?? {};
   const requestedMCPTools = {};
 
   for (const tool of tools) {
@@ -281,7 +293,29 @@ const loadTools = async ({
         if (toolContext) {
           toolContextMap[tool] = toolContext;
         }
-        return createFileSearchTool({ req: options.req, files, entity_id: agent?.id });
+
+        /** @type {boolean | undefined} Check if user has FILE_CITATIONS permission */
+        let fileCitations;
+        if (fileCitations == null && options.req?.user != null) {
+          try {
+            fileCitations = await checkAccess({
+              user: options.req.user,
+              permissionType: PermissionTypes.FILE_CITATIONS,
+              permissions: [Permissions.USE],
+              getRoleByName,
+            });
+          } catch (error) {
+            logger.error('[handleTools] FILE_CITATIONS permission check failed:', error);
+            fileCitations = false;
+          }
+        }
+
+        return createFileSearchTool({
+          userId: user,
+          files,
+          entity_id: agent?.id,
+          fileCitations,
+        });
       };
       continue;
     } else if (tool === Tools.web_search) {
@@ -293,7 +327,7 @@ const loadTools = async ({
       const { onSearchResults, onGetHighlights } = options?.[Tools.web_search] ?? {};
       requestedTools[tool] = async () => {
         toolContextMap[tool] = `# \`${tool}\`:
-Current Date & Time: ${replaceSpecialVars({ text: '{{iso_datetime}}' })}
+Current Date & Time: ${replaceSpecialVars({ text: '{{iso_datetime}}' })}${options.req?.body?.timezone ? `\nLocal Date & Time: ${replaceSpecialVars({ text: '{{local_datetime}}', timezone: options.req.body.timezone })}` : ''}
 1. **Execute immediately without preface** when using \`${tool}\`.
 2. **After the search, begin with a brief summary** that directly addresses the query without headers or explaining your process.
 3. **Structure your response clearly** using Markdown formatting (Level 2 headers for sections, lists for multiple points, tables for comparisons).
@@ -310,36 +344,34 @@ Current Date & Time: ${replaceSpecialVars({ text: '{{iso_datetime}}' })}
         });
       };
       continue;
-    } else if (tool && cachedTools && mcpToolPattern.test(tool)) {
+    } else if (tool && mcpToolPattern.test(tool)) {
       const [toolName, serverName] = tool.split(Constants.mcp_delimiter);
-      if (toolName === Constants.mcp_all) {
-        const currentMCPGenerator = async (index) =>
-          createMCPTools({
-            req: options.req,
-            res: options.res,
-            index,
-            serverName,
-            userMCPAuthMap,
-            model: agent?.model ?? model,
-            provider: agent?.provider ?? endpoint,
-            signal,
-          });
-        requestedMCPTools[serverName] = [currentMCPGenerator];
+      if (toolName === Constants.mcp_server) {
+        /** Placeholder used for UI purposes */
         continue;
       }
-      const currentMCPGenerator = async (index) =>
-        createMCPTool({
-          index,
-          req: options.req,
-          res: options.res,
-          toolKey: tool,
-          userMCPAuthMap,
-          model: agent?.model ?? model,
-          provider: agent?.provider ?? endpoint,
-          signal,
-        });
+      if (serverName && options.req?.config?.mcpConfig?.[serverName] == null) {
+        logger.warn(
+          `MCP server "${serverName}" for "${toolName}" tool is not configured${agent?.id != null && agent.id ? ` but attached to "${agent.id}"` : ''}`,
+        );
+        continue;
+      }
+      if (toolName === Constants.mcp_all) {
+        requestedMCPTools[serverName] = [
+          {
+            type: 'all',
+            serverName,
+          },
+        ];
+        continue;
+      }
+
       requestedMCPTools[serverName] = requestedMCPTools[serverName] || [];
-      requestedMCPTools[serverName].push(currentMCPGenerator);
+      requestedMCPTools[serverName].push({
+        type: 'single',
+        toolKey: tool,
+        serverName,
+      });
       continue;
     }
 
@@ -382,24 +414,65 @@ Current Date & Time: ${replaceSpecialVars({ text: '{{iso_datetime}}' })}
   const mcpToolPromises = [];
   /** MCP server tools are initialized sequentially by server */
   let index = -1;
-  for (const [serverName, generators] of Object.entries(requestedMCPTools)) {
+  const failedMCPServers = new Set();
+  const safeUser = createSafeUser(options.req?.user);
+  for (const [serverName, toolConfigs] of Object.entries(requestedMCPTools)) {
     index++;
-    for (const generator of generators) {
+    /** @type {LCAvailableTools} */
+    let availableTools;
+    for (const config of toolConfigs) {
       try {
-        if (generator && generators.length === 1) {
+        if (failedMCPServers.has(serverName)) {
+          continue;
+        }
+        const mcpParams = {
+          index,
+          signal,
+          user: safeUser,
+          userMCPAuthMap,
+          res: options.res,
+          model: agent?.model ?? model,
+          serverName: config.serverName,
+          provider: agent?.provider ?? endpoint,
+        };
+
+        if (config.type === 'all' && toolConfigs.length === 1) {
+          /** Handle async loading for single 'all' tool config */
           mcpToolPromises.push(
-            generator(index).catch((error) => {
+            createMCPTools(mcpParams).catch((error) => {
               logger.error(`Error loading ${serverName} tools:`, error);
               return null;
             }),
           );
           continue;
         }
-        const mcpTool = await generator(index);
+        if (!availableTools) {
+          try {
+            availableTools = await getMCPServerTools(serverName);
+          } catch (error) {
+            logger.error(`Error fetching available tools for MCP server ${serverName}:`, error);
+          }
+        }
+
+        /** Handle synchronous loading */
+        const mcpTool =
+          config.type === 'all'
+            ? await createMCPTools(mcpParams)
+            : await createMCPTool({
+                ...mcpParams,
+                availableTools,
+                toolKey: config.toolKey,
+              });
+
         if (Array.isArray(mcpTool)) {
           loadedTools.push(...mcpTool);
         } else if (mcpTool) {
           loadedTools.push(mcpTool);
+        } else {
+          failedMCPServers.add(serverName);
+          logger.warn(
+            `MCP tool creation failed for "${config.toolKey}", server may be unavailable or unauthenticated.`,
+          );
         }
       } catch (error) {
         logger.error(`Error loading MCP tool for server ${serverName}:`, error);

api/app/clients/tools/util/handleTools.test.js

@@ -30,7 +30,6 @@ jest.mock('~/server/services/Config', () => ({
   }),
 }));
 
-const { BaseLLM } = require('@langchain/openai');
 const { Calculator } = require('@langchain/community/tools/calculator');
 
 const { User } = require('~/db/models');
@@ -172,7 +171,6 @@ describe('Tool Handlers', () => {
     beforeAll(async () => {
       const toolMap = await loadTools({
         user: fakeUser._id,
-        model: BaseLLM,
         tools: sampleTools,
         returnMap: true,
         useSpecs: true,
@@ -266,7 +264,6 @@ describe('Tool Handlers', () => {
     it('returns an empty object when no tools are requested', async () => {
       toolFunctions = await loadTools({
         user: fakeUser._id,
-        model: BaseLLM,
         returnMap: true,
         useSpecs: true,
       });
@@ -276,7 +273,6 @@ describe('Tool Handlers', () => {
       process.env.SD_WEBUI_URL = mockCredential;
       toolFunctions = await loadTools({
         user: fakeUser._id,
-        model: BaseLLM,
         tools: ['stable-diffusion'],
         functions: true,
         returnMap: true,

api/cache/cacheFactory.js

@@ -1,108 +0,0 @@
-const KeyvRedis = require('@keyv/redis').default;
-const { Keyv } = require('keyv');
-const { RedisStore } = require('rate-limit-redis');
-const { Time } = require('librechat-data-provider');
-const { logger } = require('@librechat/data-schemas');
-const { RedisStore: ConnectRedis } = require('connect-redis');
-const MemoryStore = require('memorystore')(require('express-session'));
-const { keyvRedisClient, ioredisClient, GLOBAL_PREFIX_SEPARATOR } = require('./redisClients');
-const { cacheConfig } = require('./cacheConfig');
-const { violationFile } = require('./keyvFiles');
-
-/**
- * Creates a cache instance using Redis or a fallback store. Suitable for general caching needs.
- * @param {string} namespace - The cache namespace.
- * @param {number} [ttl] - Time to live for cache entries.
- * @param {object} [fallbackStore] - Optional fallback store if Redis is not used.
- * @returns {Keyv} Cache instance.
- */
-const standardCache = (namespace, ttl = undefined, fallbackStore = undefined) => {
-  if (
-    cacheConfig.USE_REDIS &&
-    !cacheConfig.FORCED_IN_MEMORY_CACHE_NAMESPACES?.includes(namespace)
-  ) {
-    try {
-      const keyvRedis = new KeyvRedis(keyvRedisClient);
-      const cache = new Keyv(keyvRedis, { namespace, ttl });
-      keyvRedis.namespace = cacheConfig.REDIS_KEY_PREFIX;
-      keyvRedis.keyPrefixSeparator = GLOBAL_PREFIX_SEPARATOR;
-
-      cache.on('error', (err) => {
-        logger.error(`Cache error in namespace ${namespace}:`, err);
-      });
-
-      return cache;
-    } catch (err) {
-      logger.error(`Failed to create Redis cache for namespace ${namespace}:`, err);
-      throw err;
-    }
-  }
-  if (fallbackStore) return new Keyv({ store: fallbackStore, namespace, ttl });
-  return new Keyv({ namespace, ttl });
-};
-
-/**
- * Creates a cache instance for storing violation data.
- * Uses a file-based fallback store if Redis is not enabled.
- * @param {string} namespace - The cache namespace for violations.
- * @param {number} [ttl] - Time to live for cache entries.
- * @returns {Keyv} Cache instance for violations.
- */
-const violationCache = (namespace, ttl = undefined) => {
-  return standardCache(`violations:${namespace}`, ttl, violationFile);
-};
-
-/**
- * Creates a session cache instance using Redis or in-memory store.
- * @param {string} namespace - The session namespace.
- * @param {number} [ttl] - Time to live for session entries.
- * @returns {MemoryStore | ConnectRedis} Session store instance.
- */
-const sessionCache = (namespace, ttl = undefined) => {
-  namespace = namespace.endsWith(':') ? namespace : `${namespace}:`;
-  if (!cacheConfig.USE_REDIS) return new MemoryStore({ ttl, checkPeriod: Time.ONE_DAY });
-  const store = new ConnectRedis({ client: ioredisClient, ttl, prefix: namespace });
-  if (ioredisClient) {
-    ioredisClient.on('error', (err) => {
-      logger.error(`Session store Redis error for namespace ${namespace}:`, err);
-    });
-  }
-  return store;
-};
-
-/**
- * Creates a rate limiter cache using Redis.
- * @param {string} prefix - The key prefix for rate limiting.
- * @returns {RedisStore|undefined} RedisStore instance or undefined if Redis is not used.
- */
-const limiterCache = (prefix) => {
-  if (!prefix) throw new Error('prefix is required');
-  if (!cacheConfig.USE_REDIS) return undefined;
-  prefix = prefix.endsWith(':') ? prefix : `${prefix}:`;
-
-  try {
-    if (!ioredisClient) {
-      logger.warn(`Redis client not available for rate limiter with prefix ${prefix}`);
-      return undefined;
-    }
-
-    return new RedisStore({ sendCommand, prefix });
-  } catch (err) {
-    logger.error(`Failed to create Redis rate limiter for prefix ${prefix}:`, err);
-    return undefined;
-  }
-};
-
-const sendCommand = (...args) => {
-  if (!ioredisClient) {
-    logger.warn('Redis client not available for command execution');
-    return Promise.reject(new Error('Redis client not available'));
-  }
-
-  return ioredisClient.call(...args).catch((err) => {
-    logger.error('Redis command execution failed:', err);
-    throw err;
-  });
-};
-
-module.exports = { standardCache, sessionCache, violationCache, limiterCache };

api/cache/cacheFactory.spec.js

@@ -1,432 +0,0 @@
-const { Time } = require('librechat-data-provider');
-
-// Mock dependencies first
-const mockKeyvRedis = {
-  namespace: '',
-  keyPrefixSeparator: '',
-};
-
-const mockKeyv = jest.fn().mockReturnValue({
-  mock: 'keyv',
-  on: jest.fn(),
-});
-const mockConnectRedis = jest.fn().mockReturnValue({ mock: 'connectRedis' });
-const mockMemoryStore = jest.fn().mockReturnValue({ mock: 'memoryStore' });
-const mockRedisStore = jest.fn().mockReturnValue({ mock: 'redisStore' });
-
-const mockIoredisClient = {
-  call: jest.fn(),
-  on: jest.fn(),
-};
-
-const mockKeyvRedisClient = {};
-const mockViolationFile = {};
-
-// Mock modules before requiring the main module
-jest.mock('@keyv/redis', () => ({
-  default: jest.fn().mockImplementation(() => mockKeyvRedis),
-}));
-
-jest.mock('keyv', () => ({
-  Keyv: mockKeyv,
-}));
-
-jest.mock('./cacheConfig', () => ({
-  cacheConfig: {
-    USE_REDIS: false,
-    REDIS_KEY_PREFIX: 'test',
-    FORCED_IN_MEMORY_CACHE_NAMESPACES: [],
-  },
-}));
-
-jest.mock('./redisClients', () => ({
-  keyvRedisClient: mockKeyvRedisClient,
-  ioredisClient: mockIoredisClient,
-  GLOBAL_PREFIX_SEPARATOR: '::',
-}));
-
-jest.mock('./keyvFiles', () => ({
-  violationFile: mockViolationFile,
-}));
-
-jest.mock('connect-redis', () => ({ RedisStore: mockConnectRedis }));
-
-jest.mock('memorystore', () => jest.fn(() => mockMemoryStore));
-
-jest.mock('rate-limit-redis', () => ({
-  RedisStore: mockRedisStore,
-}));
-
-jest.mock('@librechat/data-schemas', () => ({
-  logger: {
-    error: jest.fn(),
-    warn: jest.fn(),
-    info: jest.fn(),
-  },
-}));
-
-// Import after mocking
-const { standardCache, sessionCache, violationCache, limiterCache } = require('./cacheFactory');
-const { cacheConfig } = require('./cacheConfig');
-
-describe('cacheFactory', () => {
-  beforeEach(() => {
-    jest.clearAllMocks();
-
-    // Reset cache config mock
-    cacheConfig.USE_REDIS = false;
-    cacheConfig.REDIS_KEY_PREFIX = 'test';
-    cacheConfig.FORCED_IN_MEMORY_CACHE_NAMESPACES = [];
-  });
-
-  describe('redisCache', () => {
-    it('should create Redis cache when USE_REDIS is true', () => {
-      cacheConfig.USE_REDIS = true;
-      const namespace = 'test-namespace';
-      const ttl = 3600;
-
-      standardCache(namespace, ttl);
-
-      expect(require('@keyv/redis').default).toHaveBeenCalledWith(mockKeyvRedisClient);
-      expect(mockKeyv).toHaveBeenCalledWith(mockKeyvRedis, { namespace, ttl });
-      expect(mockKeyvRedis.namespace).toBe(cacheConfig.REDIS_KEY_PREFIX);
-      expect(mockKeyvRedis.keyPrefixSeparator).toBe('::');
-    });
-
-    it('should create Redis cache with undefined ttl when not provided', () => {
-      cacheConfig.USE_REDIS = true;
-      const namespace = 'test-namespace';
-
-      standardCache(namespace);
-
-      expect(mockKeyv).toHaveBeenCalledWith(mockKeyvRedis, { namespace, ttl: undefined });
-    });
-
-    it('should use fallback store when USE_REDIS is false and fallbackStore is provided', () => {
-      cacheConfig.USE_REDIS = false;
-      const namespace = 'test-namespace';
-      const ttl = 3600;
-      const fallbackStore = { some: 'store' };
-
-      standardCache(namespace, ttl, fallbackStore);
-
-      expect(mockKeyv).toHaveBeenCalledWith({ store: fallbackStore, namespace, ttl });
-    });
-
-    it('should create default Keyv instance when USE_REDIS is false and no fallbackStore', () => {
-      cacheConfig.USE_REDIS = false;
-      const namespace = 'test-namespace';
-      const ttl = 3600;
-
-      standardCache(namespace, ttl);
-
-      expect(mockKeyv).toHaveBeenCalledWith({ namespace, ttl });
-    });
-
-    it('should handle namespace and ttl as undefined', () => {
-      cacheConfig.USE_REDIS = false;
-
-      standardCache();
-
-      expect(mockKeyv).toHaveBeenCalledWith({ namespace: undefined, ttl: undefined });
-    });
-
-    it('should use fallback when namespace is in FORCED_IN_MEMORY_CACHE_NAMESPACES', () => {
-      cacheConfig.USE_REDIS = true;
-      cacheConfig.FORCED_IN_MEMORY_CACHE_NAMESPACES = ['forced-memory'];
-      const namespace = 'forced-memory';
-      const ttl = 3600;
-
-      standardCache(namespace, ttl);
-
-      expect(require('@keyv/redis').default).not.toHaveBeenCalled();
-      expect(mockKeyv).toHaveBeenCalledWith({ namespace, ttl });
-    });
-
-    it('should use Redis when namespace is not in FORCED_IN_MEMORY_CACHE_NAMESPACES', () => {
-      cacheConfig.USE_REDIS = true;
-      cacheConfig.FORCED_IN_MEMORY_CACHE_NAMESPACES = ['other-namespace'];
-      const namespace = 'test-namespace';
-      const ttl = 3600;
-
-      standardCache(namespace, ttl);
-
-      expect(require('@keyv/redis').default).toHaveBeenCalledWith(mockKeyvRedisClient);
-      expect(mockKeyv).toHaveBeenCalledWith(mockKeyvRedis, { namespace, ttl });
-    });
-
-    it('should throw error when Redis cache creation fails', () => {
-      cacheConfig.USE_REDIS = true;
-      const namespace = 'test-namespace';
-      const ttl = 3600;
-      const testError = new Error('Redis connection failed');
-
-      const KeyvRedis = require('@keyv/redis').default;
-      KeyvRedis.mockImplementationOnce(() => {
-        throw testError;
-      });
-
-      expect(() => standardCache(namespace, ttl)).toThrow('Redis connection failed');
-
-      const { logger } = require('@librechat/data-schemas');
-      expect(logger.error).toHaveBeenCalledWith(
-        `Failed to create Redis cache for namespace ${namespace}:`,
-        testError,
-      );
-
-      expect(mockKeyv).not.toHaveBeenCalled();
-    });
-  });
-
-  describe('violationCache', () => {
-    it('should create violation cache with prefixed namespace', () => {
-      const namespace = 'test-violations';
-      const ttl = 7200;
-
-      // We can't easily mock the internal redisCache call since it's in the same module
-      // But we can test that the function executes without throwing
-      expect(() => violationCache(namespace, ttl)).not.toThrow();
-    });
-
-    it('should create violation cache with undefined ttl', () => {
-      const namespace = 'test-violations';
-
-      violationCache(namespace);
-
-      // The function should call redisCache with violations: prefixed namespace
-      // Since we can't easily mock the internal redisCache call, we test the behavior
-      expect(() => violationCache(namespace)).not.toThrow();
-    });
-
-    it('should handle undefined namespace', () => {
-      expect(() => violationCache(undefined)).not.toThrow();
-    });
-  });
-
-  describe('sessionCache', () => {
-    it('should return MemoryStore when USE_REDIS is false', () => {
-      cacheConfig.USE_REDIS = false;
-      const namespace = 'sessions';
-      const ttl = 86400;
-
-      const result = sessionCache(namespace, ttl);
-
-      expect(mockMemoryStore).toHaveBeenCalledWith({ ttl, checkPeriod: Time.ONE_DAY });
-      expect(result).toBe(mockMemoryStore());
-    });
-
-    it('should return ConnectRedis when USE_REDIS is true', () => {
-      cacheConfig.USE_REDIS = true;
-      const namespace = 'sessions';
-      const ttl = 86400;
-
-      const result = sessionCache(namespace, ttl);
-
-      expect(mockConnectRedis).toHaveBeenCalledWith({
-        client: mockIoredisClient,
-        ttl,
-        prefix: `${namespace}:`,
-      });
-      expect(result).toBe(mockConnectRedis());
-    });
-
-    it('should add colon to namespace if not present', () => {
-      cacheConfig.USE_REDIS = true;
-      const namespace = 'sessions';
-
-      sessionCache(namespace);
-
-      expect(mockConnectRedis).toHaveBeenCalledWith({
-        client: mockIoredisClient,
-        ttl: undefined,
-        prefix: 'sessions:',
-      });
-    });
-
-    it('should not add colon to namespace if already present', () => {
-      cacheConfig.USE_REDIS = true;
-      const namespace = 'sessions:';
-
-      sessionCache(namespace);
-
-      expect(mockConnectRedis).toHaveBeenCalledWith({
-        client: mockIoredisClient,
-        ttl: undefined,
-        prefix: 'sessions:',
-      });
-    });
-
-    it('should handle undefined ttl', () => {
-      cacheConfig.USE_REDIS = false;
-      const namespace = 'sessions';
-
-      sessionCache(namespace);
-
-      expect(mockMemoryStore).toHaveBeenCalledWith({
-        ttl: undefined,
-        checkPeriod: Time.ONE_DAY,
-      });
-    });
-
-    it('should throw error when ConnectRedis constructor fails', () => {
-      cacheConfig.USE_REDIS = true;
-      const namespace = 'sessions';
-      const ttl = 86400;
-
-      // Mock ConnectRedis to throw an error during construction
-      const redisError = new Error('Redis connection failed');
-      mockConnectRedis.mockImplementationOnce(() => {
-        throw redisError;
-      });
-
-      // The error should propagate up, not be caught
-      expect(() => sessionCache(namespace, ttl)).toThrow('Redis connection failed');
-
-      // Verify that MemoryStore was NOT used as fallback
-      expect(mockMemoryStore).not.toHaveBeenCalled();
-    });
-
-    it('should register error handler but let errors propagate to Express', () => {
-      cacheConfig.USE_REDIS = true;
-      const namespace = 'sessions';
-
-      // Create a mock session store with middleware methods
-      const mockSessionStore = {
-        get: jest.fn(),
-        set: jest.fn(),
-        destroy: jest.fn(),
-      };
-      mockConnectRedis.mockReturnValue(mockSessionStore);
-
-      const store = sessionCache(namespace);
-
-      // Verify error handler was registered
-      expect(mockIoredisClient.on).toHaveBeenCalledWith('error', expect.any(Function));
-
-      // Get the error handler
-      const errorHandler = mockIoredisClient.on.mock.calls.find((call) => call[0] === 'error')[1];
-
-      // Simulate an error from Redis during a session operation
-      const redisError = new Error('Socket closed unexpectedly');
-
-      // The error handler should log but not swallow the error
-      const { logger } = require('@librechat/data-schemas');
-      errorHandler(redisError);
-
-      expect(logger.error).toHaveBeenCalledWith(
-        `Session store Redis error for namespace ${namespace}::`,
-        redisError,
-      );
-
-      // Now simulate what happens when session middleware tries to use the store
-      const callback = jest.fn();
-      mockSessionStore.get.mockImplementation((sid, cb) => {
-        cb(new Error('Redis connection lost'));
-      });
-
-      // Call the store's get method (as Express session would)
-      store.get('test-session-id', callback);
-
-      // The error should be passed to the callback, not swallowed
-      expect(callback).toHaveBeenCalledWith(new Error('Redis connection lost'));
-    });
-
-    it('should handle null ioredisClient gracefully', () => {
-      cacheConfig.USE_REDIS = true;
-      const namespace = 'sessions';
-
-      // Temporarily set ioredisClient to null (simulating connection not established)
-      const originalClient = require('./redisClients').ioredisClient;
-      require('./redisClients').ioredisClient = null;
-
-      // ConnectRedis might accept null client but would fail on first use
-      // The important thing is it doesn't throw uncaught exceptions during construction
-      const store = sessionCache(namespace);
-      expect(store).toBeDefined();
-
-      // Restore original client
-      require('./redisClients').ioredisClient = originalClient;
-    });
-  });
-
-  describe('limiterCache', () => {
-    it('should return undefined when USE_REDIS is false', () => {
-      cacheConfig.USE_REDIS = false;
-      const result = limiterCache('prefix');
-
-      expect(result).toBeUndefined();
-    });
-
-    it('should return RedisStore when USE_REDIS is true', () => {
-      cacheConfig.USE_REDIS = true;
-      const result = limiterCache('rate-limit');
-
-      expect(mockRedisStore).toHaveBeenCalledWith({
-        sendCommand: expect.any(Function),
-        prefix: `rate-limit:`,
-      });
-      expect(result).toBe(mockRedisStore());
-    });
-
-    it('should add colon to prefix if not present', () => {
-      cacheConfig.USE_REDIS = true;
-      limiterCache('rate-limit');
-
-      expect(mockRedisStore).toHaveBeenCalledWith({
-        sendCommand: expect.any(Function),
-        prefix: 'rate-limit:',
-      });
-    });
-
-    it('should not add colon to prefix if already present', () => {
-      cacheConfig.USE_REDIS = true;
-      limiterCache('rate-limit:');
-
-      expect(mockRedisStore).toHaveBeenCalledWith({
-        sendCommand: expect.any(Function),
-        prefix: 'rate-limit:',
-      });
-    });
-
-    it('should pass sendCommand function that calls ioredisClient.call', async () => {
-      cacheConfig.USE_REDIS = true;
-      mockIoredisClient.call.mockResolvedValue('test-value');
-
-      limiterCache('rate-limit');
-
-      const sendCommandCall = mockRedisStore.mock.calls[0][0];
-      const sendCommand = sendCommandCall.sendCommand;
-
-      // Test that sendCommand properly delegates to ioredisClient.call
-      const args = ['GET', 'test-key'];
-      const result = await sendCommand(...args);
-
-      expect(mockIoredisClient.call).toHaveBeenCalledWith(...args);
-      expect(result).toBe('test-value');
-    });
-
-    it('should handle sendCommand errors properly', async () => {
-      cacheConfig.USE_REDIS = true;
-
-      // Mock the call method to reject with an error
-      const testError = new Error('Redis error');
-      mockIoredisClient.call.mockRejectedValue(testError);
-
-      limiterCache('rate-limit');
-
-      const sendCommandCall = mockRedisStore.mock.calls[0][0];
-      const sendCommand = sendCommandCall.sendCommand;
-
-      // Test that sendCommand properly handles errors
-      const args = ['GET', 'test-key'];
-
-      await expect(sendCommand(...args)).rejects.toThrow('Redis error');
-      expect(mockIoredisClient.call).toHaveBeenCalledWith(...args);
-    });
-
-    it('should handle undefined prefix', () => {
-      cacheConfig.USE_REDIS = true;
-      expect(() => limiterCache()).toThrow('prefix is required');
-    });
-  });
-});

api/cache/clearPendingReq.js

@@ -1,5 +1,5 @@
+const { isEnabled } = require('@librechat/api');
 const { Time, CacheKeys } = require('librechat-data-provider');
-const { isEnabled } = require('~/server/utils');
 const getLogStores = require('./getLogStores');
 
 const { USE_REDIS, LIMIT_CONCURRENT_MESSAGES } = process.env ?? {};

api/cache/getLogStores.js

@@ -1,9 +1,13 @@
-const { cacheConfig } = require('./cacheConfig');
 const { Keyv } = require('keyv');
-const { CacheKeys, ViolationTypes, Time } = require('librechat-data-provider');
-const { logFile } = require('./keyvFiles');
-const keyvMongo = require('./keyvMongo');
-const { standardCache, sessionCache, violationCache } = require('./cacheFactory');
+const { Time, CacheKeys, ViolationTypes } = require('librechat-data-provider');
+const {
+  logFile,
+  keyvMongo,
+  cacheConfig,
+  sessionCache,
+  standardCache,
+  violationCache,
+} = require('@librechat/api');
 
 const namespaces = {
   [ViolationTypes.GENERAL]: new Keyv({ store: logFile, namespace: 'violations' }),
@@ -31,8 +35,8 @@ const namespaces = {
   [CacheKeys.SAML_SESSION]: sessionCache(CacheKeys.SAML_SESSION),
 
   [CacheKeys.ROLES]: standardCache(CacheKeys.ROLES),
+  [CacheKeys.APP_CONFIG]: standardCache(CacheKeys.APP_CONFIG),
   [CacheKeys.CONFIG_STORE]: standardCache(CacheKeys.CONFIG_STORE),
-  [CacheKeys.STATIC_CONFIG]: standardCache(CacheKeys.STATIC_CONFIG),
   [CacheKeys.PENDING_REQ]: standardCache(CacheKeys.PENDING_REQ),
   [CacheKeys.ENCODED_DOMAINS]: new Keyv({ store: keyvMongo, namespace: CacheKeys.ENCODED_DOMAINS }),
   [CacheKeys.ABORT_KEYS]: standardCache(CacheKeys.ABORT_KEYS, Time.TEN_MINUTES),

api/cache/index.js

@@ -1,5 +1,4 @@
-const keyvFiles = require('./keyvFiles');
 const getLogStores = require('./getLogStores');
 const logViolation = require('./logViolation');
 
-module.exports = { ...keyvFiles, getLogStores, logViolation };
+module.exports = { getLogStores, logViolation };

api/cache/keyvFiles.js

@@ -1,9 +0,0 @@
-const { KeyvFile } = require('keyv-file');
-
-const logFile = new KeyvFile({ filename: './data/logs.json' }).setMaxListeners(20);
-const violationFile = new KeyvFile({ filename: './data/violations.json' }).setMaxListeners(20);
-
-module.exports = {
-  logFile,
-  violationFile,
-};

api/cache/logViolation.js

@@ -1,4 +1,4 @@
-const { isEnabled } = require('~/server/utils');
+const { isEnabled } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
 const getLogStores = require('./getLogStores');
 const banViolation = require('./banViolation');

api/config/index.js

@@ -1,6 +1,6 @@
-const { MCPManager, FlowStateManager } = require('@librechat/api');
 const { EventSource } = require('eventsource');
 const { Time } = require('librechat-data-provider');
+const { MCPManager, FlowStateManager, OAuthReconnectionManager } = require('@librechat/api');
 const logger = require('./winston');
 
 global.EventSource = EventSource;
@@ -26,4 +26,6 @@ module.exports = {
   createMCPManager: MCPManager.createInstance,
   getMCPManager: MCPManager.getInstance,
   getFlowStateManager,
+  createOAuthReconnectionManager: OAuthReconnectionManager.createInstance,
+  getOAuthReconnectionManager: OAuthReconnectionManager.getInstance,
 };

api/db/indexSync.js

@@ -1,10 +1,8 @@
 const mongoose = require('mongoose');
 const { MeiliSearch } = require('meilisearch');
 const { logger } = require('@librechat/data-schemas');
-const { FlowStateManager } = require('@librechat/api');
 const { CacheKeys } = require('librechat-data-provider');
-
-const { isEnabled } = require('~/server/utils');
+const { isEnabled, FlowStateManager } = require('@librechat/api');
 const { getLogStores } = require('~/cache');
 
 const Conversation = mongoose.models.Conversation;
@@ -32,78 +30,264 @@ class MeiliSearchClient {
 }
 
 /**
- * Performs the actual sync operations for messages and conversations
+ * Deletes documents from MeiliSearch index that are missing the user field
+ * @param {import('meilisearch').Index} index - MeiliSearch index instance
+ * @param {string} indexName - Name of the index for logging
+ * @returns {Promise<number>} - Number of documents deleted
  */
-async function performSync() {
-  const client = MeiliSearchClient.getInstance();
+async function deleteDocumentsWithoutUserField(index, indexName) {
+  let deletedCount = 0;
+  let offset = 0;
+  const batchSize = 1000;
 
-  const { status } = await client.health();
-  if (status !== 'available') {
-    throw new Error('Meilisearch not available');
-  }
+  try {
+    while (true) {
+      const searchResult = await index.search('', {
+        limit: batchSize,
+        offset: offset,
+      });
 
-  if (indexingDisabled === true) {
-    logger.info('[indexSync] Indexing is disabled, skipping...');
-    return { messagesSync: false, convosSync: false };
-  }
+      if (searchResult.hits.length === 0) {
+        break;
+      }
 
-  let messagesSync = false;
-  let convosSync = false;
+      const idsToDelete = searchResult.hits.filter((hit) => !hit.user).map((hit) => hit.id);
 
-  // Check if we need to sync messages
-  const messageProgress = await Message.getSyncProgress();
-  if (!messageProgress.isComplete) {
-    logger.info(
-      `[indexSync] Messages need syncing: ${messageProgress.totalProcessed}/${messageProgress.totalDocuments} indexed`,
-    );
+      if (idsToDelete.length > 0) {
+        logger.info(
+          `[indexSync] Deleting ${idsToDelete.length} documents without user field from ${indexName} index`,
+        );
+        await index.deleteDocuments(idsToDelete);
+        deletedCount += idsToDelete.length;
+      }
 
-    // Check if we should do a full sync or incremental
-    const messageCount = await Message.countDocuments();
-    const messagesIndexed = messageProgress.totalProcessed;
-    const syncThreshold = parseInt(process.env.MEILI_SYNC_THRESHOLD || '1000', 10);
+      if (searchResult.hits.length < batchSize) {
+        break;
+      }
 
-    if (messageCount - messagesIndexed > syncThreshold) {
-      logger.info('[indexSync] Starting full message sync due to large difference');
-      await Message.syncWithMeili();
-      messagesSync = true;
-    } else if (messageCount !== messagesIndexed) {
-      logger.warn('[indexSync] Messages out of sync, performing incremental sync');
-      await Message.syncWithMeili();
-      messagesSync = true;
+      offset += batchSize;
     }
-  } else {
-    logger.info(
-      `[indexSync] Messages are fully synced: ${messageProgress.totalProcessed}/${messageProgress.totalDocuments}`,
-    );
-  }
 
-  // Check if we need to sync conversations
-  const convoProgress = await Conversation.getSyncProgress();
-  if (!convoProgress.isComplete) {
-    logger.info(
-      `[indexSync] Conversations need syncing: ${convoProgress.totalProcessed}/${convoProgress.totalDocuments} indexed`,
-    );
-
-    const convoCount = await Conversation.countDocuments();
-    const convosIndexed = convoProgress.totalProcessed;
-    const syncThreshold = parseInt(process.env.MEILI_SYNC_THRESHOLD || '1000', 10);
-
-    if (convoCount - convosIndexed > syncThreshold) {
-      logger.info('[indexSync] Starting full conversation sync due to large difference');
-      await Conversation.syncWithMeili();
-      convosSync = true;
-    } else if (convoCount !== convosIndexed) {
-      logger.warn('[indexSync] Convos out of sync, performing incremental sync');
-      await Conversation.syncWithMeili();
-      convosSync = true;
+    if (deletedCount > 0) {
+      logger.info(`[indexSync] Deleted ${deletedCount} orphaned documents from ${indexName} index`);
     }
-  } else {
-    logger.info(
-      `[indexSync] Conversations are fully synced: ${convoProgress.totalProcessed}/${convoProgress.totalDocuments}`,
-    );
+  } catch (error) {
+    logger.error(`[indexSync] Error deleting documents from ${indexName}:`, error);
   }
 
-  return { messagesSync, convosSync };
+  return deletedCount;
+}
+
+/**
+ * Ensures indexes have proper filterable attributes configured and checks if documents have user field
+ * @param {MeiliSearch} client - MeiliSearch client instance
+ * @returns {Promise<{settingsUpdated: boolean, orphanedDocsFound: boolean}>} - Status of what was done
+ */
+async function ensureFilterableAttributes(client) {
+  let settingsUpdated = false;
+  let hasOrphanedDocs = false;
+
+  try {
+    // Check and update messages index
+    try {
+      const messagesIndex = client.index('messages');
+      const settings = await messagesIndex.getSettings();
+
+      if (!settings.filterableAttributes || !settings.filterableAttributes.includes('user')) {
+        logger.info('[indexSync] Configuring messages index to filter by user...');
+        await messagesIndex.updateSettings({
+          filterableAttributes: ['user'],
+        });
+        logger.info('[indexSync] Messages index configured for user filtering');
+        settingsUpdated = true;
+      }
+
+      // Check if existing documents have user field indexed
+      try {
+        const searchResult = await messagesIndex.search('', { limit: 1 });
+        if (searchResult.hits.length > 0 && !searchResult.hits[0].user) {
+          logger.info(
+            '[indexSync] Existing messages missing user field, will clean up orphaned documents...',
+          );
+          hasOrphanedDocs = true;
+        }
+      } catch (searchError) {
+        logger.debug('[indexSync] Could not check message documents:', searchError.message);
+      }
+    } catch (error) {
+      if (error.code !== 'index_not_found') {
+        logger.warn('[indexSync] Could not check/update messages index settings:', error.message);
+      }
+    }
+
+    // Check and update conversations index
+    try {
+      const convosIndex = client.index('convos');
+      const settings = await convosIndex.getSettings();
+
+      if (!settings.filterableAttributes || !settings.filterableAttributes.includes('user')) {
+        logger.info('[indexSync] Configuring convos index to filter by user...');
+        await convosIndex.updateSettings({
+          filterableAttributes: ['user'],
+        });
+        logger.info('[indexSync] Convos index configured for user filtering');
+        settingsUpdated = true;
+      }
+
+      // Check if existing documents have user field indexed
+      try {
+        const searchResult = await convosIndex.search('', { limit: 1 });
+        if (searchResult.hits.length > 0 && !searchResult.hits[0].user) {
+          logger.info(
+            '[indexSync] Existing conversations missing user field, will clean up orphaned documents...',
+          );
+          hasOrphanedDocs = true;
+        }
+      } catch (searchError) {
+        logger.debug('[indexSync] Could not check conversation documents:', searchError.message);
+      }
+    } catch (error) {
+      if (error.code !== 'index_not_found') {
+        logger.warn('[indexSync] Could not check/update convos index settings:', error.message);
+      }
+    }
+
+    // If either index has orphaned documents, clean them up (but don't force resync)
+    if (hasOrphanedDocs) {
+      try {
+        const messagesIndex = client.index('messages');
+        await deleteDocumentsWithoutUserField(messagesIndex, 'messages');
+      } catch (error) {
+        logger.debug('[indexSync] Could not clean up messages:', error.message);
+      }
+
+      try {
+        const convosIndex = client.index('convos');
+        await deleteDocumentsWithoutUserField(convosIndex, 'convos');
+      } catch (error) {
+        logger.debug('[indexSync] Could not clean up convos:', error.message);
+      }
+
+      logger.info('[indexSync] Orphaned documents cleaned up without forcing resync.');
+    }
+
+    if (settingsUpdated) {
+      logger.info('[indexSync] Index settings updated. Full re-sync will be triggered.');
+    }
+  } catch (error) {
+    logger.error('[indexSync] Error ensuring filterable attributes:', error);
+  }
+
+  return { settingsUpdated, orphanedDocsFound: hasOrphanedDocs };
+}
+
+/**
+ * Performs the actual sync operations for messages and conversations
+ * @param {FlowStateManager} flowManager - Flow state manager instance
+ * @param {string} flowId - Flow identifier
+ * @param {string} flowType - Flow type
+ */
+async function performSync(flowManager, flowId, flowType) {
+  try {
+    const client = MeiliSearchClient.getInstance();
+
+    const { status } = await client.health();
+    if (status !== 'available') {
+      throw new Error('Meilisearch not available');
+    }
+
+    if (indexingDisabled === true) {
+      logger.info('[indexSync] Indexing is disabled, skipping...');
+      return { messagesSync: false, convosSync: false };
+    }
+
+    /** Ensures indexes have proper filterable attributes configured */
+    const { settingsUpdated, orphanedDocsFound: _orphanedDocsFound } =
+      await ensureFilterableAttributes(client);
+
+    let messagesSync = false;
+    let convosSync = false;
+
+    // Only reset flags if settings were actually updated (not just for orphaned doc cleanup)
+    if (settingsUpdated) {
+      logger.info(
+        '[indexSync] Settings updated. Forcing full re-sync to reindex with new configuration...',
+      );
+
+      // Reset sync flags to force full re-sync
+      await Message.collection.updateMany({ _meiliIndex: true }, { $set: { _meiliIndex: false } });
+      await Conversation.collection.updateMany(
+        { _meiliIndex: true },
+        { $set: { _meiliIndex: false } },
+      );
+    }
+
+    // Check if we need to sync messages
+    const messageProgress = await Message.getSyncProgress();
+    if (!messageProgress.isComplete || settingsUpdated) {
+      logger.info(
+        `[indexSync] Messages need syncing: ${messageProgress.totalProcessed}/${messageProgress.totalDocuments} indexed`,
+      );
+
+      // Check if we should do a full sync or incremental
+      const messageCount = await Message.countDocuments();
+      const messagesIndexed = messageProgress.totalProcessed;
+      const syncThreshold = parseInt(process.env.MEILI_SYNC_THRESHOLD || '1000', 10);
+
+      if (messageCount - messagesIndexed > syncThreshold) {
+        logger.info('[indexSync] Starting full message sync due to large difference');
+        await Message.syncWithMeili();
+        messagesSync = true;
+      } else if (messageCount !== messagesIndexed) {
+        logger.warn('[indexSync] Messages out of sync, performing incremental sync');
+        await Message.syncWithMeili();
+        messagesSync = true;
+      }
+    } else {
+      logger.info(
+        `[indexSync] Messages are fully synced: ${messageProgress.totalProcessed}/${messageProgress.totalDocuments}`,
+      );
+    }
+
+    // Check if we need to sync conversations
+    const convoProgress = await Conversation.getSyncProgress();
+    if (!convoProgress.isComplete || settingsUpdated) {
+      logger.info(
+        `[indexSync] Conversations need syncing: ${convoProgress.totalProcessed}/${convoProgress.totalDocuments} indexed`,
+      );
+
+      const convoCount = await Conversation.countDocuments();
+      const convosIndexed = convoProgress.totalProcessed;
+      const syncThreshold = parseInt(process.env.MEILI_SYNC_THRESHOLD || '1000', 10);
+
+      if (convoCount - convosIndexed > syncThreshold) {
+        logger.info('[indexSync] Starting full conversation sync due to large difference');
+        await Conversation.syncWithMeili();
+        convosSync = true;
+      } else if (convoCount !== convosIndexed) {
+        logger.warn('[indexSync] Convos out of sync, performing incremental sync');
+        await Conversation.syncWithMeili();
+        convosSync = true;
+      }
+    } else {
+      logger.info(
+        `[indexSync] Conversations are fully synced: ${convoProgress.totalProcessed}/${convoProgress.totalDocuments}`,
+      );
+    }
+
+    return { messagesSync, convosSync };
+  } finally {
+    if (indexingDisabled === true) {
+      logger.info('[indexSync] Indexing is disabled, skipping cleanup...');
+    } else if (flowManager && flowId && flowType) {
+      try {
+        await flowManager.deleteFlow(flowId, flowType);
+        logger.debug('[indexSync] Flow state cleaned up');
+      } catch (cleanupErr) {
+        logger.debug('[indexSync] Could not clean up flow state:', cleanupErr.message);
+      }
+    }
+  }
 }
 
 /**
@@ -116,24 +300,26 @@ async function indexSync() {
 
   logger.info('[indexSync] Starting index synchronization check...');
 
+  // Get or create FlowStateManager instance
+  const flowsCache = getLogStores(CacheKeys.FLOWS);
+  if (!flowsCache) {
+    logger.warn('[indexSync] Flows cache not available, falling back to direct sync');
+    return await performSync(null, null, null);
+  }
+
+  const flowManager = new FlowStateManager(flowsCache, {
+    ttl: 60000 * 10, // 10 minutes TTL for sync operations
+  });
+
+  // Use a unique flow ID for the sync operation
+  const flowId = 'meili-index-sync';
+  const flowType = 'MEILI_SYNC';
+
   try {
-    // Get or create FlowStateManager instance
-    const flowsCache = getLogStores(CacheKeys.FLOWS);
-    if (!flowsCache) {
-      logger.warn('[indexSync] Flows cache not available, falling back to direct sync');
-      return await performSync();
-    }
-
-    const flowManager = new FlowStateManager(flowsCache, {
-      ttl: 60000 * 10, // 10 minutes TTL for sync operations
-    });
-
-    // Use a unique flow ID for the sync operation
-    const flowId = 'meili-index-sync';
-    const flowType = 'MEILI_SYNC';
-
     // This will only execute the handler if no other instance is running the sync
-    const result = await flowManager.createFlowWithHandler(flowId, flowType, performSync);
+    const result = await flowManager.createFlowWithHandler(flowId, flowType, () =>
+      performSync(flowManager, flowId, flowType),
+    );
 
     if (result.messagesSync || result.convosSync) {
       logger.info('[indexSync] Sync completed successfully');

api/models/Agent.js

@@ -11,7 +11,7 @@ const {
   getProjectByName,
 } = require('./Project');
 const { removeAllPermissions } = require('~/server/services/PermissionService');
-const { getCachedTools } = require('~/server/services/Config');
+const { getMCPServerTools } = require('~/server/services/Config');
 const { getActions } = require('./Action');
 const { Agent } = require('~/db/models');
 
@@ -49,6 +49,14 @@ const createAgent = async (agentData) => {
  */
 const getAgent = async (searchParameter) => await Agent.findOne(searchParameter).lean();
 
+/**
+ * Get multiple agent documents based on the provided search parameters.
+ *
+ * @param {Object} searchParameter - The search parameters to find agents.
+ * @returns {Promise<Agent[]>} Array of agent documents as plain objects.
+ */
+const getAgents = async (searchParameter) => await Agent.find(searchParameter).lean();
+
 /**
  * Load an agent based on the provided ID
  *
@@ -61,8 +69,6 @@ const getAgent = async (searchParameter) => await Agent.findOne(searchParameter)
  */
 const loadEphemeralAgent = async ({ req, agent_id, endpoint, model_parameters: _m }) => {
   const { model, ...model_parameters } = _m;
-  /** @type {Record<string, FunctionTool>} */
-  const availableTools = await getCachedTools({ userId: req.user.id, includeGlobal: true });
   /** @type {TEphemeralAgent | null} */
   const ephemeralAgent = req.body.ephemeralAgent;
   const mcpServers = new Set(ephemeralAgent?.mcp);
@@ -80,22 +86,18 @@ const loadEphemeralAgent = async ({ req, agent_id, endpoint, model_parameters: _
 
   const addedServers = new Set();
   if (mcpServers.size > 0) {
-    for (const toolName of Object.keys(availableTools)) {
-      if (!toolName.includes(mcp_delimiter)) {
-        continue;
-      }
-      const mcpServer = toolName.split(mcp_delimiter)?.[1];
-      if (mcpServer && mcpServers.has(mcpServer)) {
-        addedServers.add(mcpServer);
-        tools.push(toolName);
-      }
-    }
-
     for (const mcpServer of mcpServers) {
       if (addedServers.has(mcpServer)) {
         continue;
       }
-      tools.push(`${mcp_all}${mcp_delimiter}${mcpServer}`);
+      const serverTools = await getMCPServerTools(mcpServer);
+      if (!serverTools) {
+        tools.push(`${mcp_all}${mcp_delimiter}${mcpServer}`);
+        addedServers.add(mcpServer);
+        continue;
+      }
+      tools.push(...Object.keys(serverTools));
+      addedServers.add(mcpServer);
     }
   }
 
@@ -835,6 +837,7 @@ const countPromotedAgents = async () => {
 
 module.exports = {
   getAgent,
+  getAgents,
   loadAgent,
   createAgent,
   updateAgent,

api/models/Agent.spec.js

@@ -8,6 +8,7 @@ process.env.CREDS_IV = '0123456789abcdef';
 
 jest.mock('~/server/services/Config', () => ({
   getCachedTools: jest.fn(),
+  getMCPServerTools: jest.fn(),
 }));
 
 const mongoose = require('mongoose');
@@ -30,7 +31,7 @@ const {
   generateActionMetadataHash,
 } = require('./Agent');
 const permissionService = require('~/server/services/PermissionService');
-const { getCachedTools } = require('~/server/services/Config');
+const { getCachedTools, getMCPServerTools } = require('~/server/services/Config');
 const { AclEntry } = require('~/db/models');
 
 /**
@@ -1929,6 +1930,16 @@ describe('models/Agent', () => {
         another_tool: {},
       });
 
+      // Mock getMCPServerTools to return tools for each server
+      getMCPServerTools.mockImplementation(async (server) => {
+        if (server === 'server1') {
+          return { tool1_mcp_server1: {} };
+        } else if (server === 'server2') {
+          return { tool2_mcp_server2: {} };
+        }
+        return null;
+      });
+
       const mockReq = {
         user: { id: 'user123' },
         body: {
@@ -2113,6 +2124,14 @@ describe('models/Agent', () => {
 
         getCachedTools.mockResolvedValue(availableTools);
 
+        // Mock getMCPServerTools to return all tools for server1
+        getMCPServerTools.mockImplementation(async (server) => {
+          if (server === 'server1') {
+            return availableTools; // All 100 tools belong to server1
+          }
+          return null;
+        });
+
         const mockReq = {
           user: { id: 'user123' },
           body: {
@@ -2654,6 +2673,17 @@ describe('models/Agent', () => {
         tool_mcp_server2: {}, // Different server
       });
 
+      // Mock getMCPServerTools to return only tools matching the server
+      getMCPServerTools.mockImplementation(async (server) => {
+        if (server === 'server1') {
+          // Only return tool that correctly matches server1 format
+          return { tool_mcp_server1: {} };
+        } else if (server === 'server2') {
+          return { tool_mcp_server2: {} };
+        }
+        return null;
+      });
+
       const mockReq = {
         user: { id: 'user123' },
         body: {

api/models/Categories.js

@@ -1,4 +1,4 @@
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');
 
 const options = [
   {

api/models/Conversation.js

@@ -174,7 +174,7 @@ module.exports = {
 
     if (search) {
       try {
-        const meiliResults = await Conversation.meiliSearch(search);
+        const meiliResults = await Conversation.meiliSearch(search, { filter: `user = "${user}"` });
         const matchingIds = Array.isArray(meiliResults.hits)
           ? meiliResults.hits.map((result) => result.conversationId)
           : [];

api/models/ConversationTag.js

@@ -239,10 +239,46 @@ const updateTagsForConversation = async (user, conversationId, tags) => {
   }
 };
 
+/**
+ * Increments tag counts for existing tags only.
+ * @param {string} user - The user ID.
+ * @param {string[]} tags - Array of tag names to increment
+ * @returns {Promise<void>}
+ */
+const bulkIncrementTagCounts = async (user, tags) => {
+  if (!tags || tags.length === 0) {
+    return;
+  }
+
+  try {
+    const uniqueTags = [...new Set(tags.filter(Boolean))];
+    if (uniqueTags.length === 0) {
+      return;
+    }
+
+    const bulkOps = uniqueTags.map((tag) => ({
+      updateOne: {
+        filter: { user, tag },
+        update: { $inc: { count: 1 } },
+      },
+    }));
+
+    const result = await ConversationTag.bulkWrite(bulkOps);
+    if (result && result.modifiedCount > 0) {
+      logger.debug(
+        `user: ${user} | Incremented tag counts - modified ${result.modifiedCount} tags`,
+      );
+    }
+  } catch (error) {
+    logger.error('[bulkIncrementTagCounts] Error incrementing tag counts', error);
+  }
+};
+
 module.exports = {
   getConversationTags,
   createConversationTag,
   updateConversationTag,
   deleteConversationTag,
+  bulkIncrementTagCounts,
   updateTagsForConversation,
 };

api/models/File.js

@@ -42,7 +42,7 @@ const getToolFilesByIds = async (fileIds, toolResourceSet) => {
       $or: [],
     };
 
-    if (toolResourceSet.has(EToolResources.ocr)) {
+    if (toolResourceSet.has(EToolResources.context)) {
       filter.$or.push({ text: { $exists: true, $ne: null }, context: FileContext.agents });
     }
     if (toolResourceSet.has(EToolResources.file_search)) {

api/models/Prompt.js

@@ -269,7 +269,7 @@ async function getListPromptGroupsByAccess({
   const baseQuery = { ...otherParams, _id: { $in: accessibleIds } };
 
   // Add cursor condition
-  if (after) {
+  if (after && typeof after === 'string' && after !== 'undefined' && after !== 'null') {
     try {
       const cursor = JSON.parse(Buffer.from(after, 'base64').toString('utf8'));
       const { updatedAt, _id } = cursor;

api/models/Transaction.js

@@ -189,11 +189,15 @@ async function createAutoRefillTransaction(txData) {
  * @param {txData} _txData - Transaction data.
  */
 async function createTransaction(_txData) {
-  const { balance, ...txData } = _txData;
+  const { balance, transactions, ...txData } = _txData;
   if (txData.rawAmount != null && isNaN(txData.rawAmount)) {
     return;
   }
 
+  if (transactions?.enabled === false) {
+    return;
+  }
+
   const transaction = new Transaction(txData);
   transaction.endpointTokenConfig = txData.endpointTokenConfig;
   calculateTokenValue(transaction);
@@ -222,7 +226,11 @@ async function createTransaction(_txData) {
  * @param {txData} _txData - Transaction data.
  */
 async function createStructuredTransaction(_txData) {
-  const { balance, ...txData } = _txData;
+  const { balance, transactions, ...txData } = _txData;
+  if (transactions?.enabled === false) {
+    return;
+  }
+
   const transaction = new Transaction({
     ...txData,
     endpointTokenConfig: txData.endpointTokenConfig,

api/models/Transaction.spec.js

@@ -1,10 +1,9 @@
 const mongoose = require('mongoose');
 const { MongoMemoryServer } = require('mongodb-memory-server');
 const { spendTokens, spendStructuredTokens } = require('./spendTokens');
-
 const { getMultiplier, getCacheMultiplier } = require('./tx');
-const { createTransaction } = require('./Transaction');
-const { Balance } = require('~/db/models');
+const { createTransaction, createStructuredTransaction } = require('./Transaction');
+const { Balance, Transaction } = require('~/db/models');
 
 let mongoServer;
 beforeAll(async () => {
@@ -380,3 +379,188 @@ describe('NaN Handling Tests', () => {
     expect(balance.tokenCredits).toBe(initialBalance);
   });
 });
+
+describe('Transactions Config Tests', () => {
+  test('createTransaction should not save when transactions.enabled is false', async () => {
+    // Arrange
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 10000000;
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'gpt-3.5-turbo';
+    const txData = {
+      user: userId,
+      conversationId: 'test-conversation-id',
+      model,
+      context: 'test',
+      endpointTokenConfig: null,
+      rawAmount: -100,
+      tokenType: 'prompt',
+      transactions: { enabled: false },
+    };
+
+    // Act
+    const result = await createTransaction(txData);
+
+    // Assert: No transaction should be created
+    expect(result).toBeUndefined();
+    const transactions = await Transaction.find({ user: userId });
+    expect(transactions).toHaveLength(0);
+    const balance = await Balance.findOne({ user: userId });
+    expect(balance.tokenCredits).toBe(initialBalance);
+  });
+
+  test('createTransaction should save when transactions.enabled is true', async () => {
+    // Arrange
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 10000000;
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'gpt-3.5-turbo';
+    const txData = {
+      user: userId,
+      conversationId: 'test-conversation-id',
+      model,
+      context: 'test',
+      endpointTokenConfig: null,
+      rawAmount: -100,
+      tokenType: 'prompt',
+      transactions: { enabled: true },
+      balance: { enabled: true },
+    };
+
+    // Act
+    const result = await createTransaction(txData);
+
+    // Assert: Transaction should be created
+    expect(result).toBeDefined();
+    expect(result.balance).toBeLessThan(initialBalance);
+    const transactions = await Transaction.find({ user: userId });
+    expect(transactions).toHaveLength(1);
+    expect(transactions[0].rawAmount).toBe(-100);
+  });
+
+  test('createTransaction should save when balance.enabled is true even if transactions config is missing', async () => {
+    // Arrange
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 10000000;
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'gpt-3.5-turbo';
+    const txData = {
+      user: userId,
+      conversationId: 'test-conversation-id',
+      model,
+      context: 'test',
+      endpointTokenConfig: null,
+      rawAmount: -100,
+      tokenType: 'prompt',
+      balance: { enabled: true },
+      // No transactions config provided
+    };
+
+    // Act
+    const result = await createTransaction(txData);
+
+    // Assert: Transaction should be created (backward compatibility)
+    expect(result).toBeDefined();
+    expect(result.balance).toBeLessThan(initialBalance);
+    const transactions = await Transaction.find({ user: userId });
+    expect(transactions).toHaveLength(1);
+  });
+
+  test('createTransaction should save transaction but not update balance when balance is disabled but transactions enabled', async () => {
+    // Arrange
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 10000000;
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'gpt-3.5-turbo';
+    const txData = {
+      user: userId,
+      conversationId: 'test-conversation-id',
+      model,
+      context: 'test',
+      endpointTokenConfig: null,
+      rawAmount: -100,
+      tokenType: 'prompt',
+      transactions: { enabled: true },
+      balance: { enabled: false },
+    };
+
+    // Act
+    const result = await createTransaction(txData);
+
+    // Assert: Transaction should be created but balance unchanged
+    expect(result).toBeUndefined();
+    const transactions = await Transaction.find({ user: userId });
+    expect(transactions).toHaveLength(1);
+    expect(transactions[0].rawAmount).toBe(-100);
+    const balance = await Balance.findOne({ user: userId });
+    expect(balance.tokenCredits).toBe(initialBalance);
+  });
+
+  test('createStructuredTransaction should not save when transactions.enabled is false', async () => {
+    // Arrange
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 10000000;
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'claude-3-5-sonnet';
+    const txData = {
+      user: userId,
+      conversationId: 'test-conversation-id',
+      model,
+      context: 'message',
+      tokenType: 'prompt',
+      inputTokens: -10,
+      writeTokens: -100,
+      readTokens: -5,
+      transactions: { enabled: false },
+    };
+
+    // Act
+    const result = await createStructuredTransaction(txData);
+
+    // Assert: No transaction should be created
+    expect(result).toBeUndefined();
+    const transactions = await Transaction.find({ user: userId });
+    expect(transactions).toHaveLength(0);
+    const balance = await Balance.findOne({ user: userId });
+    expect(balance.tokenCredits).toBe(initialBalance);
+  });
+
+  test('createStructuredTransaction should save transaction but not update balance when balance is disabled but transactions enabled', async () => {
+    // Arrange
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 10000000;
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'claude-3-5-sonnet';
+    const txData = {
+      user: userId,
+      conversationId: 'test-conversation-id',
+      model,
+      context: 'message',
+      tokenType: 'prompt',
+      inputTokens: -10,
+      writeTokens: -100,
+      readTokens: -5,
+      transactions: { enabled: true },
+      balance: { enabled: false },
+    };
+
+    // Act
+    const result = await createStructuredTransaction(txData);
+
+    // Assert: Transaction should be created but balance unchanged
+    expect(result).toBeUndefined();
+    const transactions = await Transaction.find({ user: userId });
+    expect(transactions).toHaveLength(1);
+    expect(transactions[0].inputTokens).toBe(-10);
+    expect(transactions[0].writeTokens).toBe(-100);
+    expect(transactions[0].readTokens).toBe(-5);
+    const balance = await Balance.findOne({ user: userId });
+    expect(balance.tokenCredits).toBe(initialBalance);
+  });
+});

api/models/spendTokens.js

@@ -1,4 +1,4 @@
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');
 const { createTransaction, createStructuredTransaction } = require('./Transaction');
 /**
  * Creates up to two transactions to record the spending of tokens.

api/models/tx.js

@@ -1,4 +1,4 @@
-const { matchModelName } = require('../utils/tokens');
+const { matchModelName, findMatchingPattern } = require('@librechat/api');
 const defaultRate = 6;
 
 /**
@@ -6,44 +6,58 @@ const defaultRate = 6;
  * source: https://aws.amazon.com/bedrock/pricing/
  * */
 const bedrockValues = {
-  // Basic llama2 patterns
+  // Basic llama2 patterns (base defaults to smallest variant)
+  llama2: { prompt: 0.75, completion: 1.0 },
+  'llama-2': { prompt: 0.75, completion: 1.0 },
   'llama2-13b': { prompt: 0.75, completion: 1.0 },
-  'llama2:13b': { prompt: 0.75, completion: 1.0 },
   'llama2:70b': { prompt: 1.95, completion: 2.56 },
   'llama2-70b': { prompt: 1.95, completion: 2.56 },
 
-  // Basic llama3 patterns
+  // Basic llama3 patterns (base defaults to smallest variant)
+  llama3: { prompt: 0.3, completion: 0.6 },
+  'llama-3': { prompt: 0.3, completion: 0.6 },
   'llama3-8b': { prompt: 0.3, completion: 0.6 },
   'llama3:8b': { prompt: 0.3, completion: 0.6 },
   'llama3-70b': { prompt: 2.65, completion: 3.5 },
   'llama3:70b': { prompt: 2.65, completion: 3.5 },
 
-  // llama3-x-Nb pattern
+  // llama3-x-Nb pattern (base defaults to smallest variant)
+  'llama3-1': { prompt: 0.22, completion: 0.22 },
   'llama3-1-8b': { prompt: 0.22, completion: 0.22 },
   'llama3-1-70b': { prompt: 0.72, completion: 0.72 },
   'llama3-1-405b': { prompt: 2.4, completion: 2.4 },
+  'llama3-2': { prompt: 0.1, completion: 0.1 },
   'llama3-2-1b': { prompt: 0.1, completion: 0.1 },
   'llama3-2-3b': { prompt: 0.15, completion: 0.15 },
   'llama3-2-11b': { prompt: 0.16, completion: 0.16 },
   'llama3-2-90b': { prompt: 0.72, completion: 0.72 },
+  'llama3-3': { prompt: 2.65, completion: 3.5 },
+  'llama3-3-70b': { prompt: 2.65, completion: 3.5 },
 
-  // llama3.x:Nb pattern
+  // llama3.x:Nb pattern (base defaults to smallest variant)
+  'llama3.1': { prompt: 0.22, completion: 0.22 },
   'llama3.1:8b': { prompt: 0.22, completion: 0.22 },
   'llama3.1:70b': { prompt: 0.72, completion: 0.72 },
   'llama3.1:405b': { prompt: 2.4, completion: 2.4 },
+  'llama3.2': { prompt: 0.1, completion: 0.1 },
   'llama3.2:1b': { prompt: 0.1, completion: 0.1 },
   'llama3.2:3b': { prompt: 0.15, completion: 0.15 },
   'llama3.2:11b': { prompt: 0.16, completion: 0.16 },
   'llama3.2:90b': { prompt: 0.72, completion: 0.72 },
+  'llama3.3': { prompt: 2.65, completion: 3.5 },
+  'llama3.3:70b': { prompt: 2.65, completion: 3.5 },
 
-  // llama-3.x-Nb pattern
+  // llama-3.x-Nb pattern (base defaults to smallest variant)
+  'llama-3.1': { prompt: 0.22, completion: 0.22 },
   'llama-3.1-8b': { prompt: 0.22, completion: 0.22 },
   'llama-3.1-70b': { prompt: 0.72, completion: 0.72 },
   'llama-3.1-405b': { prompt: 2.4, completion: 2.4 },
+  'llama-3.2': { prompt: 0.1, completion: 0.1 },
   'llama-3.2-1b': { prompt: 0.1, completion: 0.1 },
   'llama-3.2-3b': { prompt: 0.15, completion: 0.15 },
   'llama-3.2-11b': { prompt: 0.16, completion: 0.16 },
   'llama-3.2-90b': { prompt: 0.72, completion: 0.72 },
+  'llama-3.3': { prompt: 2.65, completion: 3.5 },
   'llama-3.3-70b': { prompt: 2.65, completion: 3.5 },
   'mistral-7b': { prompt: 0.15, completion: 0.2 },
   'mistral-small': { prompt: 0.15, completion: 0.2 },
@@ -52,15 +66,19 @@ const bedrockValues = {
   'mistral-large-2407': { prompt: 3.0, completion: 9.0 },
   'command-text': { prompt: 1.5, completion: 2.0 },
   'command-light': { prompt: 0.3, completion: 0.6 },
-  'ai21.j2-mid-v1': { prompt: 12.5, completion: 12.5 },
-  'ai21.j2-ultra-v1': { prompt: 18.8, completion: 18.8 },
-  'ai21.jamba-instruct-v1:0': { prompt: 0.5, completion: 0.7 },
-  'amazon.titan-text-lite-v1': { prompt: 0.15, completion: 0.2 },
-  'amazon.titan-text-express-v1': { prompt: 0.2, completion: 0.6 },
-  'amazon.titan-text-premier-v1:0': { prompt: 0.5, completion: 1.5 },
-  'amazon.nova-micro-v1:0': { prompt: 0.035, completion: 0.14 },
-  'amazon.nova-lite-v1:0': { prompt: 0.06, completion: 0.24 },
-  'amazon.nova-pro-v1:0': { prompt: 0.8, completion: 3.2 },
+  // AI21 models
+  'j2-mid': { prompt: 12.5, completion: 12.5 },
+  'j2-ultra': { prompt: 18.8, completion: 18.8 },
+  'jamba-instruct': { prompt: 0.5, completion: 0.7 },
+  // Amazon Titan models
+  'titan-text-lite': { prompt: 0.15, completion: 0.2 },
+  'titan-text-express': { prompt: 0.2, completion: 0.6 },
+  'titan-text-premier': { prompt: 0.5, completion: 1.5 },
+  // Amazon Nova models
+  'nova-micro': { prompt: 0.035, completion: 0.14 },
+  'nova-lite': { prompt: 0.06, completion: 0.24 },
+  'nova-pro': { prompt: 0.8, completion: 3.2 },
+  'nova-premier': { prompt: 2.5, completion: 12.5 },
   'deepseek.r1': { prompt: 1.35, completion: 5.4 },
 };
 
@@ -71,88 +89,136 @@ const bedrockValues = {
  */
 const tokenValues = Object.assign(
   {
+    // Legacy token size mappings (generic patterns - check LAST)
     '8k': { prompt: 30, completion: 60 },
     '32k': { prompt: 60, completion: 120 },
     '4k': { prompt: 1.5, completion: 2 },
     '16k': { prompt: 3, completion: 4 },
+    // Generic fallback patterns (check LAST)
+    'claude-': { prompt: 0.8, completion: 2.4 },
+    deepseek: { prompt: 0.28, completion: 0.42 },
+    command: { prompt: 0.38, completion: 0.38 },
+    gemma: { prompt: 0.02, completion: 0.04 }, // Base pattern (using gemma-3n-e4b pricing)
+    gemini: { prompt: 0.5, completion: 1.5 },
+    'gpt-oss': { prompt: 0.05, completion: 0.2 },
+    // Specific model variants (check FIRST - more specific patterns at end)
     'gpt-3.5-turbo-1106': { prompt: 1, completion: 2 },
-    'o4-mini': { prompt: 1.1, completion: 4.4 },
-    'o3-mini': { prompt: 1.1, completion: 4.4 },
-    o3: { prompt: 2, completion: 8 },
-    'o1-mini': { prompt: 1.1, completion: 4.4 },
-    'o1-preview': { prompt: 15, completion: 60 },
-    o1: { prompt: 15, completion: 60 },
+    'gpt-3.5-turbo-0125': { prompt: 0.5, completion: 1.5 },
+    'gpt-4-1106': { prompt: 10, completion: 30 },
+    'gpt-4.1': { prompt: 2, completion: 8 },
     'gpt-4.1-nano': { prompt: 0.1, completion: 0.4 },
     'gpt-4.1-mini': { prompt: 0.4, completion: 1.6 },
-    'gpt-4.1': { prompt: 2, completion: 8 },
     'gpt-4.5': { prompt: 75, completion: 150 },
-    'gpt-4o-mini': { prompt: 0.15, completion: 0.6 },
-    'gpt-5': { prompt: 1.25, completion: 10 },
-    'gpt-5-mini': { prompt: 0.25, completion: 2 },
-    'gpt-5-nano': { prompt: 0.05, completion: 0.4 },
     'gpt-4o': { prompt: 2.5, completion: 10 },
     'gpt-4o-2024-05-13': { prompt: 5, completion: 15 },
-    'gpt-4-1106': { prompt: 10, completion: 30 },
-    'gpt-3.5-turbo-0125': { prompt: 0.5, completion: 1.5 },
-    'claude-3-opus': { prompt: 15, completion: 75 },
+    'gpt-4o-mini': { prompt: 0.15, completion: 0.6 },
+    'gpt-5': { prompt: 1.25, completion: 10 },
+    'gpt-5-nano': { prompt: 0.05, completion: 0.4 },
+    'gpt-5-mini': { prompt: 0.25, completion: 2 },
+    'gpt-5-pro': { prompt: 15, completion: 120 },
+    o1: { prompt: 15, completion: 60 },
+    'o1-mini': { prompt: 1.1, completion: 4.4 },
+    'o1-preview': { prompt: 15, completion: 60 },
+    o3: { prompt: 2, completion: 8 },
+    'o3-mini': { prompt: 1.1, completion: 4.4 },
+    'o4-mini': { prompt: 1.1, completion: 4.4 },
+    'claude-instant': { prompt: 0.8, completion: 2.4 },
+    'claude-2': { prompt: 8, completion: 24 },
+    'claude-2.1': { prompt: 8, completion: 24 },
+    'claude-3-haiku': { prompt: 0.25, completion: 1.25 },
     'claude-3-sonnet': { prompt: 3, completion: 15 },
+    'claude-3-opus': { prompt: 15, completion: 75 },
+    'claude-3-5-haiku': { prompt: 0.8, completion: 4 },
+    'claude-3.5-haiku': { prompt: 0.8, completion: 4 },
     'claude-3-5-sonnet': { prompt: 3, completion: 15 },
     'claude-3.5-sonnet': { prompt: 3, completion: 15 },
     'claude-3-7-sonnet': { prompt: 3, completion: 15 },
     'claude-3.7-sonnet': { prompt: 3, completion: 15 },
-    'claude-3-5-haiku': { prompt: 0.8, completion: 4 },
-    'claude-3.5-haiku': { prompt: 0.8, completion: 4 },
-    'claude-3-haiku': { prompt: 0.25, completion: 1.25 },
-    'claude-sonnet-4': { prompt: 3, completion: 15 },
+    'claude-haiku-4-5': { prompt: 1, completion: 5 },
     'claude-opus-4': { prompt: 15, completion: 75 },
-    'claude-2.1': { prompt: 8, completion: 24 },
-    'claude-2': { prompt: 8, completion: 24 },
-    'claude-instant': { prompt: 0.8, completion: 2.4 },
-    'claude-': { prompt: 0.8, completion: 2.4 },
-    'command-r-plus': { prompt: 3, completion: 15 },
+    'claude-sonnet-4': { prompt: 3, completion: 15 },
     'command-r': { prompt: 0.5, completion: 1.5 },
-    'deepseek-reasoner': { prompt: 0.55, completion: 2.19 },
-    deepseek: { prompt: 0.14, completion: 0.28 },
-    /* cohere doesn't have rates for the older command models,
-  so this was from https://artificialanalysis.ai/models/command-light/providers */
-    command: { prompt: 0.38, completion: 0.38 },
-    gemma: { prompt: 0, completion: 0 }, // https://ai.google.dev/pricing
-    'gemma-2': { prompt: 0, completion: 0 }, // https://ai.google.dev/pricing
-    'gemma-3': { prompt: 0, completion: 0 }, // https://ai.google.dev/pricing
-    'gemma-3-27b': { prompt: 0, completion: 0 }, // https://ai.google.dev/pricing
-    'gemini-2.0-flash-lite': { prompt: 0.075, completion: 0.3 },
-    'gemini-2.0-flash': { prompt: 0.1, completion: 0.4 },
-    'gemini-2.0': { prompt: 0, completion: 0 }, // https://ai.google.dev/pricing
-    'gemini-2.5-pro': { prompt: 1.25, completion: 10 },
-    'gemini-2.5-flash': { prompt: 0.15, completion: 3.5 },
-    'gemini-2.5': { prompt: 0, completion: 0 }, // Free for a period of time
-    'gemini-1.5-flash-8b': { prompt: 0.075, completion: 0.3 },
-    'gemini-1.5-flash': { prompt: 0.15, completion: 0.6 },
+    'command-r-plus': { prompt: 3, completion: 15 },
+    'command-text': { prompt: 1.5, completion: 2.0 },
+    'deepseek-reasoner': { prompt: 0.28, completion: 0.42 },
+    'deepseek-r1': { prompt: 0.4, completion: 2.0 },
+    'deepseek-v3': { prompt: 0.2, completion: 0.8 },
+    'gemma-2': { prompt: 0.01, completion: 0.03 }, // Base pattern (using gemma-2-9b pricing)
+    'gemma-3': { prompt: 0.02, completion: 0.04 }, // Base pattern (using gemma-3n-e4b pricing)
+    'gemma-3-27b': { prompt: 0.09, completion: 0.16 },
     'gemini-1.5': { prompt: 2.5, completion: 10 },
+    'gemini-1.5-flash': { prompt: 0.15, completion: 0.6 },
+    'gemini-1.5-flash-8b': { prompt: 0.075, completion: 0.3 },
+    'gemini-2.0': { prompt: 0.1, completion: 0.4 }, // Base pattern (using 2.0-flash pricing)
+    'gemini-2.0-flash': { prompt: 0.1, completion: 0.4 },
+    'gemini-2.0-flash-lite': { prompt: 0.075, completion: 0.3 },
+    'gemini-2.5': { prompt: 0.3, completion: 2.5 }, // Base pattern (using 2.5-flash pricing)
+    'gemini-2.5-flash': { prompt: 0.3, completion: 2.5 },
+    'gemini-2.5-flash-lite': { prompt: 0.1, completion: 0.4 },
+    'gemini-2.5-pro': { prompt: 1.25, completion: 10 },
     'gemini-pro-vision': { prompt: 0.5, completion: 1.5 },
-    gemini: { prompt: 0.5, completion: 1.5 },
-    'grok-2-vision-1212': { prompt: 2.0, completion: 10.0 },
-    'grok-2-vision-latest': { prompt: 2.0, completion: 10.0 },
-    'grok-2-vision': { prompt: 2.0, completion: 10.0 },
+    grok: { prompt: 2.0, completion: 10.0 }, // Base pattern defaults to grok-2
+    'grok-beta': { prompt: 5.0, completion: 15.0 },
     'grok-vision-beta': { prompt: 5.0, completion: 15.0 },
+    'grok-2': { prompt: 2.0, completion: 10.0 },
     'grok-2-1212': { prompt: 2.0, completion: 10.0 },
     'grok-2-latest': { prompt: 2.0, completion: 10.0 },
-    'grok-2': { prompt: 2.0, completion: 10.0 },
-    'grok-3-mini-fast': { prompt: 0.6, completion: 4 },
-    'grok-3-mini': { prompt: 0.3, completion: 0.5 },
-    'grok-3-fast': { prompt: 5.0, completion: 25.0 },
+    'grok-2-vision': { prompt: 2.0, completion: 10.0 },
+    'grok-2-vision-1212': { prompt: 2.0, completion: 10.0 },
+    'grok-2-vision-latest': { prompt: 2.0, completion: 10.0 },
     'grok-3': { prompt: 3.0, completion: 15.0 },
+    'grok-3-fast': { prompt: 5.0, completion: 25.0 },
+    'grok-3-mini': { prompt: 0.3, completion: 0.5 },
+    'grok-3-mini-fast': { prompt: 0.6, completion: 4 },
     'grok-4': { prompt: 3.0, completion: 15.0 },
-    'grok-beta': { prompt: 5.0, completion: 15.0 },
-    'mistral-large': { prompt: 2.0, completion: 6.0 },
-    'pixtral-large': { prompt: 2.0, completion: 6.0 },
-    'mistral-saba': { prompt: 0.2, completion: 0.6 },
     codestral: { prompt: 0.3, completion: 0.9 },
-    'ministral-8b': { prompt: 0.1, completion: 0.1 },
     'ministral-3b': { prompt: 0.04, completion: 0.04 },
-    // GPT-OSS models
+    'ministral-8b': { prompt: 0.1, completion: 0.1 },
+    'mistral-nemo': { prompt: 0.15, completion: 0.15 },
+    'mistral-saba': { prompt: 0.2, completion: 0.6 },
+    'pixtral-large': { prompt: 2.0, completion: 6.0 },
+    'mistral-large': { prompt: 2.0, completion: 6.0 },
+    'mixtral-8x22b': { prompt: 0.65, completion: 0.65 },
+    kimi: { prompt: 0.14, completion: 2.49 }, // Base pattern (using kimi-k2 pricing)
+    // GPT-OSS models (specific sizes)
+    'gpt-oss:20b': { prompt: 0.05, completion: 0.2 },
     'gpt-oss-20b': { prompt: 0.05, completion: 0.2 },
+    'gpt-oss:120b': { prompt: 0.15, completion: 0.6 },
     'gpt-oss-120b': { prompt: 0.15, completion: 0.6 },
+    // GLM models (Zhipu AI) - general to specific
+    glm4: { prompt: 0.1, completion: 0.1 },
+    'glm-4': { prompt: 0.1, completion: 0.1 },
+    'glm-4-32b': { prompt: 0.1, completion: 0.1 },
+    'glm-4.5': { prompt: 0.35, completion: 1.55 },
+    'glm-4.5-air': { prompt: 0.14, completion: 0.86 },
+    'glm-4.5v': { prompt: 0.6, completion: 1.8 },
+    'glm-4.6': { prompt: 0.5, completion: 1.75 },
+    // Qwen models
+    qwen: { prompt: 0.08, completion: 0.33 }, // Qwen base pattern (using qwen2.5-72b pricing)
+    'qwen2.5': { prompt: 0.08, completion: 0.33 }, // Qwen 2.5 base pattern
+    'qwen-turbo': { prompt: 0.05, completion: 0.2 },
+    'qwen-plus': { prompt: 0.4, completion: 1.2 },
+    'qwen-max': { prompt: 1.6, completion: 6.4 },
+    'qwq-32b': { prompt: 0.15, completion: 0.4 },
+    // Qwen3 models
+    qwen3: { prompt: 0.035, completion: 0.138 }, // Qwen3 base pattern (using qwen3-4b pricing)
+    'qwen3-8b': { prompt: 0.035, completion: 0.138 },
+    'qwen3-14b': { prompt: 0.05, completion: 0.22 },
+    'qwen3-30b-a3b': { prompt: 0.06, completion: 0.22 },
+    'qwen3-32b': { prompt: 0.05, completion: 0.2 },
+    'qwen3-235b-a22b': { prompt: 0.08, completion: 0.55 },
+    // Qwen3 VL (Vision-Language) models
+    'qwen3-vl-8b-thinking': { prompt: 0.18, completion: 2.1 },
+    'qwen3-vl-8b-instruct': { prompt: 0.18, completion: 0.69 },
+    'qwen3-vl-30b-a3b': { prompt: 0.29, completion: 1.0 },
+    'qwen3-vl-235b-a22b': { prompt: 0.3, completion: 1.2 },
+    // Qwen3 specialized models
+    'qwen3-max': { prompt: 1.2, completion: 6 },
+    'qwen3-coder': { prompt: 0.22, completion: 0.95 },
+    'qwen3-coder-30b-a3b': { prompt: 0.06, completion: 0.25 },
+    'qwen3-coder-plus': { prompt: 1, completion: 5 },
+    'qwen3-coder-flash': { prompt: 0.3, completion: 1.5 },
+    'qwen3-next-80b-a3b': { prompt: 0.1, completion: 0.8 },
   },
   bedrockValues,
 );
@@ -183,67 +249,39 @@ const cacheTokenValues = {
  * @returns {string|undefined} The key corresponding to the model name, or undefined if no match is found.
  */
 const getValueKey = (model, endpoint) => {
+  if (!model || typeof model !== 'string') {
+    return undefined;
+  }
+
+  // Use findMatchingPattern directly against tokenValues for efficient lookup
+  if (!endpoint || (typeof endpoint === 'string' && !tokenValues[endpoint])) {
+    const matchedKey = findMatchingPattern(model, tokenValues);
+    if (matchedKey) {
+      return matchedKey;
+    }
+  }
+
+  // Fallback: use matchModelName for edge cases and legacy handling
   const modelName = matchModelName(model, endpoint);
   if (!modelName) {
     return undefined;
   }
 
+  // Legacy token size mappings and aliases for older models
   if (modelName.includes('gpt-3.5-turbo-16k')) {
     return '16k';
-  } else if (modelName.includes('gpt-3.5-turbo-0125')) {
-    return 'gpt-3.5-turbo-0125';
-  } else if (modelName.includes('gpt-3.5-turbo-1106')) {
-    return 'gpt-3.5-turbo-1106';
   } else if (modelName.includes('gpt-3.5')) {
     return '4k';
-  } else if (modelName.includes('o4-mini')) {
-    return 'o4-mini';
-  } else if (modelName.includes('o4')) {
-    return 'o4';
-  } else if (modelName.includes('o3-mini')) {
-    return 'o3-mini';
-  } else if (modelName.includes('o3')) {
-    return 'o3';
-  } else if (modelName.includes('o1-preview')) {
-    return 'o1-preview';
-  } else if (modelName.includes('o1-mini')) {
-    return 'o1-mini';
-  } else if (modelName.includes('o1')) {
-    return 'o1';
-  } else if (modelName.includes('gpt-4.5')) {
-    return 'gpt-4.5';
-  } else if (modelName.includes('gpt-4.1-nano')) {
-    return 'gpt-4.1-nano';
-  } else if (modelName.includes('gpt-4.1-mini')) {
-    return 'gpt-4.1-mini';
-  } else if (modelName.includes('gpt-4.1')) {
-    return 'gpt-4.1';
-  } else if (modelName.includes('gpt-4o-2024-05-13')) {
-    return 'gpt-4o-2024-05-13';
-  } else if (modelName.includes('gpt-5-nano')) {
-    return 'gpt-5-nano';
-  } else if (modelName.includes('gpt-5-mini')) {
-    return 'gpt-5-mini';
-  } else if (modelName.includes('gpt-5')) {
-    return 'gpt-5';
-  } else if (modelName.includes('gpt-4o-mini')) {
-    return 'gpt-4o-mini';
-  } else if (modelName.includes('gpt-4o')) {
-    return 'gpt-4o';
   } else if (modelName.includes('gpt-4-vision')) {
-    return 'gpt-4-1106';
-  } else if (modelName.includes('gpt-4-1106')) {
-    return 'gpt-4-1106';
+    return 'gpt-4-1106'; // Alias for gpt-4-vision
   } else if (modelName.includes('gpt-4-0125')) {
-    return 'gpt-4-1106';
+    return 'gpt-4-1106'; // Alias for gpt-4-0125
   } else if (modelName.includes('gpt-4-turbo')) {
-    return 'gpt-4-1106';
+    return 'gpt-4-1106'; // Alias for gpt-4-turbo
   } else if (modelName.includes('gpt-4-32k')) {
     return '32k';
   } else if (modelName.includes('gpt-4')) {
     return '8k';
-  } else if (tokenValues[modelName]) {
-    return modelName;
   }
 
   return undefined;

api/models/tx.spec.js

@@ -1,3 +1,4 @@
+const { maxTokensMap } = require('@librechat/api');
 const { EModelEndpoint } = require('librechat-data-provider');
 const {
   defaultRate,
@@ -113,6 +114,14 @@ describe('getValueKey', () => {
     expect(getValueKey('gpt-5-nano-2025-01-30-0130')).toBe('gpt-5-nano');
   });
 
+  it('should return "gpt-5-pro" for model type of "gpt-5-pro"', () => {
+    expect(getValueKey('gpt-5-pro-2025-01-30')).toBe('gpt-5-pro');
+    expect(getValueKey('openai/gpt-5-pro')).toBe('gpt-5-pro');
+    expect(getValueKey('gpt-5-pro-0130')).toBe('gpt-5-pro');
+    expect(getValueKey('gpt-5-pro-2025-01-30-0130')).toBe('gpt-5-pro');
+    expect(getValueKey('gpt-5-pro-preview')).toBe('gpt-5-pro');
+  });
+
   it('should return "gpt-4o" for model type of "gpt-4o"', () => {
     expect(getValueKey('gpt-4o-2024-08-06')).toBe('gpt-4o');
     expect(getValueKey('gpt-4o-2024-08-06-0718')).toBe('gpt-4o');
@@ -184,6 +193,16 @@ describe('getValueKey', () => {
     expect(getValueKey('claude-3.5-haiku-turbo')).toBe('claude-3.5-haiku');
     expect(getValueKey('claude-3.5-haiku-0125')).toBe('claude-3.5-haiku');
   });
+
+  it('should return expected value keys for "gpt-oss" models', () => {
+    expect(getValueKey('openai/gpt-oss-120b')).toBe('gpt-oss-120b');
+    expect(getValueKey('openai/gpt-oss:120b')).toBe('gpt-oss:120b');
+    expect(getValueKey('openai/gpt-oss-570b')).toBe('gpt-oss');
+    expect(getValueKey('gpt-oss-570b')).toBe('gpt-oss');
+    expect(getValueKey('groq/gpt-oss-1080b')).toBe('gpt-oss');
+    expect(getValueKey('gpt-oss-20b')).toBe('gpt-oss-20b');
+    expect(getValueKey('oai/gpt-oss:20b')).toBe('gpt-oss:20b');
+  });
 });
 
 describe('getMultiplier', () => {
@@ -278,6 +297,20 @@ describe('getMultiplier', () => {
     );
   });
 
+  it('should return the correct multiplier for gpt-5-pro', () => {
+    const valueKey = getValueKey('gpt-5-pro-2025-01-30');
+    expect(getMultiplier({ valueKey, tokenType: 'prompt' })).toBe(tokenValues['gpt-5-pro'].prompt);
+    expect(getMultiplier({ valueKey, tokenType: 'completion' })).toBe(
+      tokenValues['gpt-5-pro'].completion,
+    );
+    expect(getMultiplier({ model: 'gpt-5-pro-preview', tokenType: 'prompt' })).toBe(
+      tokenValues['gpt-5-pro'].prompt,
+    );
+    expect(getMultiplier({ model: 'openai/gpt-5-pro', tokenType: 'completion' })).toBe(
+      tokenValues['gpt-5-pro'].completion,
+    );
+  });
+
   it('should return the correct multiplier for gpt-4o', () => {
     const valueKey = getValueKey('gpt-4o-2024-08-06');
     expect(getMultiplier({ valueKey, tokenType: 'prompt' })).toBe(tokenValues['gpt-4o'].prompt);
@@ -394,6 +427,18 @@ describe('getMultiplier', () => {
       expect(getMultiplier({ model: key, tokenType: 'completion' })).toBe(expectedCompletion);
     });
   });
+
+  it('should return correct multipliers for GLM models', () => {
+    const models = ['glm-4.6', 'glm-4.5v', 'glm-4.5-air', 'glm-4.5', 'glm-4-32b', 'glm-4', 'glm4'];
+    models.forEach((key) => {
+      const expectedPrompt = tokenValues[key].prompt;
+      const expectedCompletion = tokenValues[key].completion;
+      expect(getMultiplier({ valueKey: key, tokenType: 'prompt' })).toBe(expectedPrompt);
+      expect(getMultiplier({ valueKey: key, tokenType: 'completion' })).toBe(expectedCompletion);
+      expect(getMultiplier({ model: key, tokenType: 'prompt' })).toBe(expectedPrompt);
+      expect(getMultiplier({ model: key, tokenType: 'completion' })).toBe(expectedCompletion);
+    });
+  });
 });
 
 describe('AWS Bedrock Model Tests', () => {
@@ -449,6 +494,249 @@ describe('AWS Bedrock Model Tests', () => {
   });
 });
 
+describe('Amazon Model Tests', () => {
+  describe('Amazon Nova Models', () => {
+    it('should return correct pricing for nova-premier', () => {
+      expect(getMultiplier({ model: 'nova-premier', tokenType: 'prompt' })).toBe(
+        tokenValues['nova-premier'].prompt,
+      );
+      expect(getMultiplier({ model: 'nova-premier', tokenType: 'completion' })).toBe(
+        tokenValues['nova-premier'].completion,
+      );
+      expect(getMultiplier({ model: 'amazon.nova-premier-v1:0', tokenType: 'prompt' })).toBe(
+        tokenValues['nova-premier'].prompt,
+      );
+      expect(getMultiplier({ model: 'amazon.nova-premier-v1:0', tokenType: 'completion' })).toBe(
+        tokenValues['nova-premier'].completion,
+      );
+    });
+
+    it('should return correct pricing for nova-pro', () => {
+      expect(getMultiplier({ model: 'nova-pro', tokenType: 'prompt' })).toBe(
+        tokenValues['nova-pro'].prompt,
+      );
+      expect(getMultiplier({ model: 'nova-pro', tokenType: 'completion' })).toBe(
+        tokenValues['nova-pro'].completion,
+      );
+      expect(getMultiplier({ model: 'amazon.nova-pro-v1:0', tokenType: 'prompt' })).toBe(
+        tokenValues['nova-pro'].prompt,
+      );
+      expect(getMultiplier({ model: 'amazon.nova-pro-v1:0', tokenType: 'completion' })).toBe(
+        tokenValues['nova-pro'].completion,
+      );
+    });
+
+    it('should return correct pricing for nova-lite', () => {
+      expect(getMultiplier({ model: 'nova-lite', tokenType: 'prompt' })).toBe(
+        tokenValues['nova-lite'].prompt,
+      );
+      expect(getMultiplier({ model: 'nova-lite', tokenType: 'completion' })).toBe(
+        tokenValues['nova-lite'].completion,
+      );
+      expect(getMultiplier({ model: 'amazon.nova-lite-v1:0', tokenType: 'prompt' })).toBe(
+        tokenValues['nova-lite'].prompt,
+      );
+      expect(getMultiplier({ model: 'amazon.nova-lite-v1:0', tokenType: 'completion' })).toBe(
+        tokenValues['nova-lite'].completion,
+      );
+    });
+
+    it('should return correct pricing for nova-micro', () => {
+      expect(getMultiplier({ model: 'nova-micro', tokenType: 'prompt' })).toBe(
+        tokenValues['nova-micro'].prompt,
+      );
+      expect(getMultiplier({ model: 'nova-micro', tokenType: 'completion' })).toBe(
+        tokenValues['nova-micro'].completion,
+      );
+      expect(getMultiplier({ model: 'amazon.nova-micro-v1:0', tokenType: 'prompt' })).toBe(
+        tokenValues['nova-micro'].prompt,
+      );
+      expect(getMultiplier({ model: 'amazon.nova-micro-v1:0', tokenType: 'completion' })).toBe(
+        tokenValues['nova-micro'].completion,
+      );
+    });
+
+    it('should match both short and full model names to the same pricing', () => {
+      const models = ['nova-micro', 'nova-lite', 'nova-pro', 'nova-premier'];
+      const fullModels = [
+        'amazon.nova-micro-v1:0',
+        'amazon.nova-lite-v1:0',
+        'amazon.nova-pro-v1:0',
+        'amazon.nova-premier-v1:0',
+      ];
+
+      models.forEach((shortModel, i) => {
+        const fullModel = fullModels[i];
+        const shortPrompt = getMultiplier({ model: shortModel, tokenType: 'prompt' });
+        const fullPrompt = getMultiplier({ model: fullModel, tokenType: 'prompt' });
+        const shortCompletion = getMultiplier({ model: shortModel, tokenType: 'completion' });
+        const fullCompletion = getMultiplier({ model: fullModel, tokenType: 'completion' });
+
+        expect(shortPrompt).toBe(fullPrompt);
+        expect(shortCompletion).toBe(fullCompletion);
+        expect(shortPrompt).toBe(tokenValues[shortModel].prompt);
+        expect(shortCompletion).toBe(tokenValues[shortModel].completion);
+      });
+    });
+  });
+
+  describe('Amazon Titan Models', () => {
+    it('should return correct pricing for titan-text-premier', () => {
+      expect(getMultiplier({ model: 'titan-text-premier', tokenType: 'prompt' })).toBe(
+        tokenValues['titan-text-premier'].prompt,
+      );
+      expect(getMultiplier({ model: 'titan-text-premier', tokenType: 'completion' })).toBe(
+        tokenValues['titan-text-premier'].completion,
+      );
+      expect(getMultiplier({ model: 'amazon.titan-text-premier-v1:0', tokenType: 'prompt' })).toBe(
+        tokenValues['titan-text-premier'].prompt,
+      );
+      expect(
+        getMultiplier({ model: 'amazon.titan-text-premier-v1:0', tokenType: 'completion' }),
+      ).toBe(tokenValues['titan-text-premier'].completion);
+    });
+
+    it('should return correct pricing for titan-text-express', () => {
+      expect(getMultiplier({ model: 'titan-text-express', tokenType: 'prompt' })).toBe(
+        tokenValues['titan-text-express'].prompt,
+      );
+      expect(getMultiplier({ model: 'titan-text-express', tokenType: 'completion' })).toBe(
+        tokenValues['titan-text-express'].completion,
+      );
+      expect(getMultiplier({ model: 'amazon.titan-text-express-v1', tokenType: 'prompt' })).toBe(
+        tokenValues['titan-text-express'].prompt,
+      );
+      expect(
+        getMultiplier({ model: 'amazon.titan-text-express-v1', tokenType: 'completion' }),
+      ).toBe(tokenValues['titan-text-express'].completion);
+    });
+
+    it('should return correct pricing for titan-text-lite', () => {
+      expect(getMultiplier({ model: 'titan-text-lite', tokenType: 'prompt' })).toBe(
+        tokenValues['titan-text-lite'].prompt,
+      );
+      expect(getMultiplier({ model: 'titan-text-lite', tokenType: 'completion' })).toBe(
+        tokenValues['titan-text-lite'].completion,
+      );
+      expect(getMultiplier({ model: 'amazon.titan-text-lite-v1', tokenType: 'prompt' })).toBe(
+        tokenValues['titan-text-lite'].prompt,
+      );
+      expect(getMultiplier({ model: 'amazon.titan-text-lite-v1', tokenType: 'completion' })).toBe(
+        tokenValues['titan-text-lite'].completion,
+      );
+    });
+
+    it('should match both short and full model names to the same pricing', () => {
+      const models = ['titan-text-lite', 'titan-text-express', 'titan-text-premier'];
+      const fullModels = [
+        'amazon.titan-text-lite-v1',
+        'amazon.titan-text-express-v1',
+        'amazon.titan-text-premier-v1:0',
+      ];
+
+      models.forEach((shortModel, i) => {
+        const fullModel = fullModels[i];
+        const shortPrompt = getMultiplier({ model: shortModel, tokenType: 'prompt' });
+        const fullPrompt = getMultiplier({ model: fullModel, tokenType: 'prompt' });
+        const shortCompletion = getMultiplier({ model: shortModel, tokenType: 'completion' });
+        const fullCompletion = getMultiplier({ model: fullModel, tokenType: 'completion' });
+
+        expect(shortPrompt).toBe(fullPrompt);
+        expect(shortCompletion).toBe(fullCompletion);
+        expect(shortPrompt).toBe(tokenValues[shortModel].prompt);
+        expect(shortCompletion).toBe(tokenValues[shortModel].completion);
+      });
+    });
+  });
+});
+
+describe('AI21 Model Tests', () => {
+  describe('AI21 J2 Models', () => {
+    it('should return correct pricing for j2-mid', () => {
+      expect(getMultiplier({ model: 'j2-mid', tokenType: 'prompt' })).toBe(
+        tokenValues['j2-mid'].prompt,
+      );
+      expect(getMultiplier({ model: 'j2-mid', tokenType: 'completion' })).toBe(
+        tokenValues['j2-mid'].completion,
+      );
+      expect(getMultiplier({ model: 'ai21.j2-mid-v1', tokenType: 'prompt' })).toBe(
+        tokenValues['j2-mid'].prompt,
+      );
+      expect(getMultiplier({ model: 'ai21.j2-mid-v1', tokenType: 'completion' })).toBe(
+        tokenValues['j2-mid'].completion,
+      );
+    });
+
+    it('should return correct pricing for j2-ultra', () => {
+      expect(getMultiplier({ model: 'j2-ultra', tokenType: 'prompt' })).toBe(
+        tokenValues['j2-ultra'].prompt,
+      );
+      expect(getMultiplier({ model: 'j2-ultra', tokenType: 'completion' })).toBe(
+        tokenValues['j2-ultra'].completion,
+      );
+      expect(getMultiplier({ model: 'ai21.j2-ultra-v1', tokenType: 'prompt' })).toBe(
+        tokenValues['j2-ultra'].prompt,
+      );
+      expect(getMultiplier({ model: 'ai21.j2-ultra-v1', tokenType: 'completion' })).toBe(
+        tokenValues['j2-ultra'].completion,
+      );
+    });
+
+    it('should match both short and full model names to the same pricing', () => {
+      const models = ['j2-mid', 'j2-ultra'];
+      const fullModels = ['ai21.j2-mid-v1', 'ai21.j2-ultra-v1'];
+
+      models.forEach((shortModel, i) => {
+        const fullModel = fullModels[i];
+        const shortPrompt = getMultiplier({ model: shortModel, tokenType: 'prompt' });
+        const fullPrompt = getMultiplier({ model: fullModel, tokenType: 'prompt' });
+        const shortCompletion = getMultiplier({ model: shortModel, tokenType: 'completion' });
+        const fullCompletion = getMultiplier({ model: fullModel, tokenType: 'completion' });
+
+        expect(shortPrompt).toBe(fullPrompt);
+        expect(shortCompletion).toBe(fullCompletion);
+        expect(shortPrompt).toBe(tokenValues[shortModel].prompt);
+        expect(shortCompletion).toBe(tokenValues[shortModel].completion);
+      });
+    });
+  });
+
+  describe('AI21 Jamba Models', () => {
+    it('should return correct pricing for jamba-instruct', () => {
+      expect(getMultiplier({ model: 'jamba-instruct', tokenType: 'prompt' })).toBe(
+        tokenValues['jamba-instruct'].prompt,
+      );
+      expect(getMultiplier({ model: 'jamba-instruct', tokenType: 'completion' })).toBe(
+        tokenValues['jamba-instruct'].completion,
+      );
+      expect(getMultiplier({ model: 'ai21.jamba-instruct-v1:0', tokenType: 'prompt' })).toBe(
+        tokenValues['jamba-instruct'].prompt,
+      );
+      expect(getMultiplier({ model: 'ai21.jamba-instruct-v1:0', tokenType: 'completion' })).toBe(
+        tokenValues['jamba-instruct'].completion,
+      );
+    });
+
+    it('should match both short and full model names to the same pricing', () => {
+      const shortPrompt = getMultiplier({ model: 'jamba-instruct', tokenType: 'prompt' });
+      const fullPrompt = getMultiplier({
+        model: 'ai21.jamba-instruct-v1:0',
+        tokenType: 'prompt',
+      });
+      const shortCompletion = getMultiplier({ model: 'jamba-instruct', tokenType: 'completion' });
+      const fullCompletion = getMultiplier({
+        model: 'ai21.jamba-instruct-v1:0',
+        tokenType: 'completion',
+      });
+
+      expect(shortPrompt).toBe(fullPrompt);
+      expect(shortCompletion).toBe(fullCompletion);
+      expect(shortPrompt).toBe(tokenValues['jamba-instruct'].prompt);
+      expect(shortCompletion).toBe(tokenValues['jamba-instruct'].completion);
+    });
+  });
+});
+
 describe('Deepseek Model Tests', () => {
   const deepseekModels = ['deepseek-chat', 'deepseek-coder', 'deepseek-reasoner', 'deepseek.r1'];
 
@@ -480,6 +768,187 @@ describe('Deepseek Model Tests', () => {
   });
 });
 
+describe('Qwen3 Model Tests', () => {
+  describe('Qwen3 Base Models', () => {
+    it('should return correct pricing for qwen3 base pattern', () => {
+      expect(getMultiplier({ model: 'qwen3', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3'].completion,
+      );
+    });
+
+    it('should return correct pricing for qwen3-4b (falls back to qwen3)', () => {
+      expect(getMultiplier({ model: 'qwen3-4b', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-4b', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3'].completion,
+      );
+    });
+
+    it('should return correct pricing for qwen3-8b', () => {
+      expect(getMultiplier({ model: 'qwen3-8b', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3-8b'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-8b', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3-8b'].completion,
+      );
+    });
+
+    it('should return correct pricing for qwen3-14b', () => {
+      expect(getMultiplier({ model: 'qwen3-14b', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3-14b'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-14b', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3-14b'].completion,
+      );
+    });
+
+    it('should return correct pricing for qwen3-235b-a22b', () => {
+      expect(getMultiplier({ model: 'qwen3-235b-a22b', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3-235b-a22b'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-235b-a22b', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3-235b-a22b'].completion,
+      );
+    });
+
+    it('should handle model name variations with provider prefixes', () => {
+      const models = [
+        { input: 'qwen3', expected: 'qwen3' },
+        { input: 'qwen3-4b', expected: 'qwen3' },
+        { input: 'qwen3-8b', expected: 'qwen3-8b' },
+        { input: 'qwen3-32b', expected: 'qwen3-32b' },
+      ];
+      models.forEach(({ input, expected }) => {
+        const withPrefix = `alibaba/${input}`;
+        expect(getMultiplier({ model: withPrefix, tokenType: 'prompt' })).toBe(
+          tokenValues[expected].prompt,
+        );
+        expect(getMultiplier({ model: withPrefix, tokenType: 'completion' })).toBe(
+          tokenValues[expected].completion,
+        );
+      });
+    });
+  });
+
+  describe('Qwen3 VL (Vision-Language) Models', () => {
+    it('should return correct pricing for qwen3-vl-8b-thinking', () => {
+      expect(getMultiplier({ model: 'qwen3-vl-8b-thinking', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3-vl-8b-thinking'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-vl-8b-thinking', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3-vl-8b-thinking'].completion,
+      );
+    });
+
+    it('should return correct pricing for qwen3-vl-8b-instruct', () => {
+      expect(getMultiplier({ model: 'qwen3-vl-8b-instruct', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3-vl-8b-instruct'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-vl-8b-instruct', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3-vl-8b-instruct'].completion,
+      );
+    });
+
+    it('should return correct pricing for qwen3-vl-30b-a3b', () => {
+      expect(getMultiplier({ model: 'qwen3-vl-30b-a3b', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3-vl-30b-a3b'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-vl-30b-a3b', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3-vl-30b-a3b'].completion,
+      );
+    });
+
+    it('should return correct pricing for qwen3-vl-235b-a22b', () => {
+      expect(getMultiplier({ model: 'qwen3-vl-235b-a22b', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3-vl-235b-a22b'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-vl-235b-a22b', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3-vl-235b-a22b'].completion,
+      );
+    });
+  });
+
+  describe('Qwen3 Specialized Models', () => {
+    it('should return correct pricing for qwen3-max', () => {
+      expect(getMultiplier({ model: 'qwen3-max', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3-max'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-max', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3-max'].completion,
+      );
+    });
+
+    it('should return correct pricing for qwen3-coder', () => {
+      expect(getMultiplier({ model: 'qwen3-coder', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3-coder'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-coder', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3-coder'].completion,
+      );
+    });
+
+    it('should return correct pricing for qwen3-coder-plus', () => {
+      expect(getMultiplier({ model: 'qwen3-coder-plus', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3-coder-plus'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-coder-plus', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3-coder-plus'].completion,
+      );
+    });
+
+    it('should return correct pricing for qwen3-coder-flash', () => {
+      expect(getMultiplier({ model: 'qwen3-coder-flash', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3-coder-flash'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-coder-flash', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3-coder-flash'].completion,
+      );
+    });
+
+    it('should return correct pricing for qwen3-next-80b-a3b', () => {
+      expect(getMultiplier({ model: 'qwen3-next-80b-a3b', tokenType: 'prompt' })).toBe(
+        tokenValues['qwen3-next-80b-a3b'].prompt,
+      );
+      expect(getMultiplier({ model: 'qwen3-next-80b-a3b', tokenType: 'completion' })).toBe(
+        tokenValues['qwen3-next-80b-a3b'].completion,
+      );
+    });
+  });
+
+  describe('Qwen3 Model Variations', () => {
+    it('should handle all qwen3 models with provider prefixes', () => {
+      const models = ['qwen3', 'qwen3-8b', 'qwen3-max', 'qwen3-coder', 'qwen3-vl-8b-instruct'];
+      const prefixes = ['alibaba', 'qwen', 'openrouter'];
+
+      models.forEach((model) => {
+        prefixes.forEach((prefix) => {
+          const fullModel = `${prefix}/${model}`;
+          expect(getMultiplier({ model: fullModel, tokenType: 'prompt' })).toBe(
+            tokenValues[model].prompt,
+          );
+          expect(getMultiplier({ model: fullModel, tokenType: 'completion' })).toBe(
+            tokenValues[model].completion,
+          );
+        });
+      });
+    });
+
+    it('should handle qwen3-4b falling back to qwen3 base pattern', () => {
+      const testCases = ['qwen3-4b', 'alibaba/qwen3-4b', 'qwen/qwen3-4b-preview'];
+      testCases.forEach((model) => {
+        expect(getMultiplier({ model, tokenType: 'prompt' })).toBe(tokenValues['qwen3'].prompt);
+        expect(getMultiplier({ model, tokenType: 'completion' })).toBe(
+          tokenValues['qwen3'].completion,
+        );
+      });
+    });
+  });
+});
+
 describe('getCacheMultiplier', () => {
   it('should return the correct cache multiplier for a given valueKey and cacheType', () => {
     expect(getCacheMultiplier({ valueKey: 'claude-3-5-sonnet', cacheType: 'write' })).toBe(
@@ -571,6 +1040,9 @@ describe('getCacheMultiplier', () => {
 
 describe('Google Model Tests', () => {
   const googleModels = [
+    'gemini-2.5-pro',
+    'gemini-2.5-flash',
+    'gemini-2.5-flash-lite',
     'gemini-2.5-pro-preview-05-06',
     'gemini-2.5-flash-preview-04-17',
     'gemini-2.5-exp',
@@ -611,6 +1083,9 @@ describe('Google Model Tests', () => {
 
   it('should map to the correct model keys', () => {
     const expected = {
+      'gemini-2.5-pro': 'gemini-2.5-pro',
+      'gemini-2.5-flash': 'gemini-2.5-flash',
+      'gemini-2.5-flash-lite': 'gemini-2.5-flash-lite',
       'gemini-2.5-pro-preview-05-06': 'gemini-2.5-pro',
       'gemini-2.5-flash-preview-04-17': 'gemini-2.5-flash',
       'gemini-2.5-exp': 'gemini-2.5',
@@ -766,6 +1241,110 @@ describe('Grok Model Tests - Pricing', () => {
   });
 });
 
+describe('GLM Model Tests', () => {
+  it('should return expected value keys for GLM models', () => {
+    expect(getValueKey('glm-4.6')).toBe('glm-4.6');
+    expect(getValueKey('glm-4.5')).toBe('glm-4.5');
+    expect(getValueKey('glm-4.5v')).toBe('glm-4.5v');
+    expect(getValueKey('glm-4.5-air')).toBe('glm-4.5-air');
+    expect(getValueKey('glm-4-32b')).toBe('glm-4-32b');
+    expect(getValueKey('glm-4')).toBe('glm-4');
+    expect(getValueKey('glm4')).toBe('glm4');
+  });
+
+  it('should match GLM model variations with provider prefixes', () => {
+    expect(getValueKey('z-ai/glm-4.6')).toBe('glm-4.6');
+    expect(getValueKey('z-ai/glm-4.5')).toBe('glm-4.5');
+    expect(getValueKey('z-ai/glm-4.5-air')).toBe('glm-4.5-air');
+    expect(getValueKey('z-ai/glm-4.5v')).toBe('glm-4.5v');
+    expect(getValueKey('z-ai/glm-4-32b')).toBe('glm-4-32b');
+
+    expect(getValueKey('zai/glm-4.6')).toBe('glm-4.6');
+    expect(getValueKey('zai/glm-4.5')).toBe('glm-4.5');
+    expect(getValueKey('zai/glm-4.5-air')).toBe('glm-4.5-air');
+    expect(getValueKey('zai/glm-4.5v')).toBe('glm-4.5v');
+
+    expect(getValueKey('zai-org/GLM-4.6')).toBe('glm-4.6');
+    expect(getValueKey('zai-org/GLM-4.5')).toBe('glm-4.5');
+    expect(getValueKey('zai-org/GLM-4.5-Air')).toBe('glm-4.5-air');
+    expect(getValueKey('zai-org/GLM-4.5V')).toBe('glm-4.5v');
+    expect(getValueKey('zai-org/GLM-4-32B-0414')).toBe('glm-4-32b');
+  });
+
+  it('should match GLM model variations with suffixes', () => {
+    expect(getValueKey('glm-4.6-fp8')).toBe('glm-4.6');
+    expect(getValueKey('zai-org/GLM-4.6-FP8')).toBe('glm-4.6');
+    expect(getValueKey('zai-org/GLM-4.5-Air-FP8')).toBe('glm-4.5-air');
+  });
+
+  it('should prioritize more specific GLM model patterns', () => {
+    expect(getValueKey('glm-4.5-air-something')).toBe('glm-4.5-air');
+    expect(getValueKey('glm-4.5-something')).toBe('glm-4.5');
+    expect(getValueKey('glm-4.5v-something')).toBe('glm-4.5v');
+  });
+
+  it('should return correct multipliers for all GLM models', () => {
+    expect(getMultiplier({ model: 'glm-4.6', tokenType: 'prompt' })).toBe(
+      tokenValues['glm-4.6'].prompt,
+    );
+    expect(getMultiplier({ model: 'glm-4.6', tokenType: 'completion' })).toBe(
+      tokenValues['glm-4.6'].completion,
+    );
+
+    expect(getMultiplier({ model: 'glm-4.5v', tokenType: 'prompt' })).toBe(
+      tokenValues['glm-4.5v'].prompt,
+    );
+    expect(getMultiplier({ model: 'glm-4.5v', tokenType: 'completion' })).toBe(
+      tokenValues['glm-4.5v'].completion,
+    );
+
+    expect(getMultiplier({ model: 'glm-4.5-air', tokenType: 'prompt' })).toBe(
+      tokenValues['glm-4.5-air'].prompt,
+    );
+    expect(getMultiplier({ model: 'glm-4.5-air', tokenType: 'completion' })).toBe(
+      tokenValues['glm-4.5-air'].completion,
+    );
+
+    expect(getMultiplier({ model: 'glm-4.5', tokenType: 'prompt' })).toBe(
+      tokenValues['glm-4.5'].prompt,
+    );
+    expect(getMultiplier({ model: 'glm-4.5', tokenType: 'completion' })).toBe(
+      tokenValues['glm-4.5'].completion,
+    );
+
+    expect(getMultiplier({ model: 'glm-4-32b', tokenType: 'prompt' })).toBe(
+      tokenValues['glm-4-32b'].prompt,
+    );
+    expect(getMultiplier({ model: 'glm-4-32b', tokenType: 'completion' })).toBe(
+      tokenValues['glm-4-32b'].completion,
+    );
+
+    expect(getMultiplier({ model: 'glm-4', tokenType: 'prompt' })).toBe(
+      tokenValues['glm-4'].prompt,
+    );
+    expect(getMultiplier({ model: 'glm-4', tokenType: 'completion' })).toBe(
+      tokenValues['glm-4'].completion,
+    );
+
+    expect(getMultiplier({ model: 'glm4', tokenType: 'prompt' })).toBe(tokenValues['glm4'].prompt);
+    expect(getMultiplier({ model: 'glm4', tokenType: 'completion' })).toBe(
+      tokenValues['glm4'].completion,
+    );
+  });
+
+  it('should return correct multipliers for GLM models with provider prefixes', () => {
+    expect(getMultiplier({ model: 'z-ai/glm-4.6', tokenType: 'prompt' })).toBe(
+      tokenValues['glm-4.6'].prompt,
+    );
+    expect(getMultiplier({ model: 'zai/glm-4.5-air', tokenType: 'completion' })).toBe(
+      tokenValues['glm-4.5-air'].completion,
+    );
+    expect(getMultiplier({ model: 'zai-org/GLM-4.5V', tokenType: 'prompt' })).toBe(
+      tokenValues['glm-4.5v'].prompt,
+    );
+  });
+});
+
 describe('Claude Model Tests', () => {
   it('should return correct prompt and completion rates for Claude 4 models', () => {
     expect(getMultiplier({ model: 'claude-sonnet-4', tokenType: 'prompt' })).toBe(
@@ -782,6 +1361,37 @@ describe('Claude Model Tests', () => {
     );
   });
 
+  it('should return correct prompt and completion rates for Claude Haiku 4.5', () => {
+    expect(getMultiplier({ model: 'claude-haiku-4-5', tokenType: 'prompt' })).toBe(
+      tokenValues['claude-haiku-4-5'].prompt,
+    );
+    expect(getMultiplier({ model: 'claude-haiku-4-5', tokenType: 'completion' })).toBe(
+      tokenValues['claude-haiku-4-5'].completion,
+    );
+  });
+
+  it('should handle Claude Haiku 4.5 model name variations', () => {
+    const modelVariations = [
+      'claude-haiku-4-5',
+      'claude-haiku-4-5-20250420',
+      'claude-haiku-4-5-latest',
+      'anthropic/claude-haiku-4-5',
+      'claude-haiku-4-5/anthropic',
+      'claude-haiku-4-5-preview',
+    ];
+
+    modelVariations.forEach((model) => {
+      const valueKey = getValueKey(model);
+      expect(valueKey).toBe('claude-haiku-4-5');
+      expect(getMultiplier({ model, tokenType: 'prompt' })).toBe(
+        tokenValues['claude-haiku-4-5'].prompt,
+      );
+      expect(getMultiplier({ model, tokenType: 'completion' })).toBe(
+        tokenValues['claude-haiku-4-5'].completion,
+      );
+    });
+  });
+
   it('should handle Claude 4 model name variations with different prefixes and suffixes', () => {
     const modelVariations = [
       'claude-sonnet-4',
@@ -859,3 +1469,119 @@ describe('Claude Model Tests', () => {
     });
   });
 });
+
+describe('tokens.ts and tx.js sync validation', () => {
+  it('should resolve all models in maxTokensMap to pricing via getValueKey', () => {
+    const tokensKeys = Object.keys(maxTokensMap[EModelEndpoint.openAI]);
+    const txKeys = Object.keys(tokenValues);
+
+    const unresolved = [];
+
+    tokensKeys.forEach((key) => {
+      // Skip legacy token size mappings (e.g., '4k', '8k', '16k', '32k')
+      if (/^\d+k$/.test(key)) return;
+
+      // Skip generic pattern keys (end with '-' or ':')
+      if (key.endsWith('-') || key.endsWith(':')) return;
+
+      // Try to resolve via getValueKey
+      const resolvedKey = getValueKey(key);
+
+      // If it resolves and the resolved key has pricing, success
+      if (resolvedKey && txKeys.includes(resolvedKey)) return;
+
+      // If it resolves to a legacy key (4k, 8k, etc), also OK
+      if (resolvedKey && /^\d+k$/.test(resolvedKey)) return;
+
+      // If we get here, this model can't get pricing - flag it
+      unresolved.push({
+        key,
+        resolvedKey: resolvedKey || 'undefined',
+        context: maxTokensMap[EModelEndpoint.openAI][key],
+      });
+    });
+
+    if (unresolved.length > 0) {
+      console.log('\nModels that cannot resolve to pricing via getValueKey:');
+      unresolved.forEach(({ key, resolvedKey, context }) => {
+        console.log(`  - '${key}' → '${resolvedKey}' (context: ${context})`);
+      });
+    }
+
+    expect(unresolved).toEqual([]);
+  });
+
+  it('should not have redundant dated variants with same pricing and context as base model', () => {
+    const txKeys = Object.keys(tokenValues);
+    const redundant = [];
+
+    txKeys.forEach((key) => {
+      // Check if this is a dated variant (ends with -YYYY-MM-DD)
+      if (key.match(/.*-\d{4}-\d{2}-\d{2}$/)) {
+        const baseKey = key.replace(/-\d{4}-\d{2}-\d{2}$/, '');
+
+        if (txKeys.includes(baseKey)) {
+          const variantPricing = tokenValues[key];
+          const basePricing = tokenValues[baseKey];
+          const variantContext = maxTokensMap[EModelEndpoint.openAI][key];
+          const baseContext = maxTokensMap[EModelEndpoint.openAI][baseKey];
+
+          const samePricing =
+            variantPricing.prompt === basePricing.prompt &&
+            variantPricing.completion === basePricing.completion;
+          const sameContext = variantContext === baseContext;
+
+          if (samePricing && sameContext) {
+            redundant.push({
+              key,
+              baseKey,
+              pricing: `${variantPricing.prompt}/${variantPricing.completion}`,
+              context: variantContext,
+            });
+          }
+        }
+      }
+    });
+
+    if (redundant.length > 0) {
+      console.log('\nRedundant dated variants found (same pricing and context as base):');
+      redundant.forEach(({ key, baseKey, pricing, context }) => {
+        console.log(`  - '${key}' → '${baseKey}' (pricing: ${pricing}, context: ${context})`);
+        console.log(`    Can be removed - pattern matching will handle it`);
+      });
+    }
+
+    expect(redundant).toEqual([]);
+  });
+
+  it('should have context windows in tokens.ts for all models with pricing in tx.js (openAI catch-all)', () => {
+    const txKeys = Object.keys(tokenValues);
+    const missingContext = [];
+
+    txKeys.forEach((key) => {
+      // Skip legacy token size mappings (4k, 8k, 16k, 32k)
+      if (/^\d+k$/.test(key)) return;
+
+      // Check if this model has a context window defined
+      const context = maxTokensMap[EModelEndpoint.openAI][key];
+
+      if (!context) {
+        const pricing = tokenValues[key];
+        missingContext.push({
+          key,
+          pricing: `${pricing.prompt}/${pricing.completion}`,
+        });
+      }
+    });
+
+    if (missingContext.length > 0) {
+      console.log('\nModels with pricing but missing context in tokens.ts:');
+      missingContext.forEach(({ key, pricing }) => {
+        console.log(`  - '${key}' (pricing: ${pricing})`);
+        console.log(`    Add to tokens.ts openAIModels/bedrockModels/etc.`);
+      });
+    }
+
+    expect(missingContext).toEqual([]);
+  });
+});

api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@librechat/backend",
-  "version": "v0.8.0-rc3",
+  "version": "v0.8.0",
   "description": "",
   "scripts": {
     "start": "echo 'please run this from the root directory'",
@@ -47,16 +47,15 @@
     "@langchain/core": "^0.3.62",
     "@langchain/google-genai": "^0.2.13",
     "@langchain/google-vertexai": "^0.2.13",
-    "@langchain/openai": "^0.5.18",
     "@langchain/textsplitters": "^0.1.0",
-    "@librechat/agents": "^2.4.76",
+    "@librechat/agents": "^2.4.85",
     "@librechat/api": "*",
     "@librechat/data-schemas": "*",
     "@microsoft/microsoft-graph-client": "^3.0.7",
     "@modelcontextprotocol/sdk": "^1.17.1",
     "@node-saml/passport-saml": "^5.1.0",
     "@waylaidwanderer/fetch-event-source": "^3.0.1",
-    "axios": "^1.8.2",
+    "axios": "^1.12.1",
     "bcryptjs": "^2.4.3",
     "compression": "^1.8.1",
     "connect-redis": "^8.1.0",
@@ -94,7 +93,7 @@
     "multer": "^2.0.2",
     "nanoid": "^3.3.7",
     "node-fetch": "^2.7.0",
-    "nodemailer": "^6.9.15",
+    "nodemailer": "^7.0.9",
     "ollama": "^0.5.0",
     "openai": "^5.10.1",
     "openid-client": "^6.5.0",

api/server/controllers/AuthController.js

@@ -1,8 +1,8 @@
 const cookies = require('cookie');
 const jwt = require('jsonwebtoken');
 const openIdClient = require('openid-client');
-const { isEnabled } = require('@librechat/api');
 const { logger } = require('@librechat/data-schemas');
+const { isEnabled, findOpenIDUser } = require('@librechat/api');
 const {
   requestPasswordReset,
   setOpenIDAuthTokens,
@@ -11,8 +11,9 @@ const {
   registerUser,
 } = require('~/server/services/AuthService');
 const { findUser, getUserById, deleteAllUserSessions, findSession } = require('~/models');
-const { getOpenIdConfig } = require('~/strategies');
 const { getGraphApiToken } = require('~/server/services/GraphTokenService');
+const { getOAuthReconnectionManager } = require('~/config');
+const { getOpenIdConfig } = require('~/strategies');
 
 const registrationController = async (req, res) => {
   try {
@@ -71,11 +72,17 @@ const refreshController = async (req, res) => {
       const openIdConfig = getOpenIdConfig();
       const tokenset = await openIdClient.refreshTokenGrant(openIdConfig, refreshToken);
       const claims = tokenset.claims();
-      const user = await findUser({ email: claims.email });
-      if (!user) {
+      const { user, error } = await findOpenIDUser({
+        findUser,
+        email: claims.email,
+        openidId: claims.sub,
+        idOnTheSource: claims.oid,
+        strategyName: 'refreshController',
+      });
+      if (error || !user) {
         return res.status(401).redirect('/login');
       }
-      const token = setOpenIDAuthTokens(tokenset, res);
+      const token = setOpenIDAuthTokens(tokenset, res, user._id.toString());
       return res.status(200).send({ token, user });
     } catch (error) {
       logger.error('[refreshController] OpenID token refresh error', error);
@@ -96,14 +103,29 @@ const refreshController = async (req, res) => {
       return res.status(200).send({ token, user });
     }
 
-    // Find the session with the hashed refresh token
-    const session = await findSession({
-      userId: userId,
-      refreshToken: refreshToken,
-    });
+    /** Session with the hashed refresh token */
+    const session = await findSession(
+      {
+        userId: userId,
+        refreshToken: refreshToken,
+      },
+      { lean: false },
+    );
 
     if (session && session.expiration > new Date()) {
-      const token = await setAuthTokens(userId, res, session._id);
+      const token = await setAuthTokens(userId, res, session);
+
+      // trigger OAuth MCP server reconnection asynchronously (best effort)
+      try {
+        void getOAuthReconnectionManager()
+          .reconnectServers(userId)
+          .catch((err) => {
+            logger.error('[refreshController] Error reconnecting OAuth MCP servers:', err);
+          });
+      } catch (err) {
+        logger.warn(`[refreshController] Cannot attempt OAuth MCP servers reconnection:`, err);
+      }
+
       res.status(200).send({ token, user });
     } else if (req?.query?.retry) {
       // Retrying from a refresh token request that failed (401)
@@ -114,7 +136,7 @@ const refreshController = async (req, res) => {
       res.status(401).send('Refresh token expired or not found for this user');
     }
   } catch (err) {
-    logger.error(`[refreshController] Refresh token: ${refreshToken}`, err);
+    logger.error(`[refreshController] Invalid refresh token:`, err);
     res.status(403).send('Invalid refresh token');
   }
 };

api/server/controllers/ModelController.js

@@ -1,7 +1,7 @@
+const { logger } = require('@librechat/data-schemas');
 const { CacheKeys } = require('librechat-data-provider');
 const { loadDefaultModels, loadConfigModels } = require('~/server/services/Config');
 const { getLogStores } = require('~/cache');
-const { logger } = require('~/config');
 
 /**
  * @param {ServerRequest} req

api/server/controllers/PluginController.js

@@ -1,16 +1,9 @@
 const { logger } = require('@librechat/data-schemas');
-const { CacheKeys, Constants } = require('librechat-data-provider');
-const {
-  getToolkitKey,
-  checkPluginAuth,
-  filterUniquePlugins,
-  convertMCPToolToPlugin,
-  convertMCPToolsToPlugins,
-} = require('@librechat/api');
-const { getCachedTools, setCachedTools, mergeUserTools } = require('~/server/services/Config');
+const { CacheKeys } = require('librechat-data-provider');
+const { getToolkitKey, checkPluginAuth, filterUniquePlugins } = require('@librechat/api');
+const { getCachedTools, setCachedTools } = require('~/server/services/Config');
 const { availableTools, toolkits } = require('~/app/clients/tools');
 const { getAppConfig } = require('~/server/services/Config');
-const { getMCPManager } = require('~/config');
 const { getLogStores } = require('~/cache');
 
 const getAvailablePluginsController = async (req, res) => {
@@ -72,54 +65,27 @@ const getAvailableTools = async (req, res) => {
     }
     const cache = getLogStores(CacheKeys.CONFIG_STORE);
     const cachedToolsArray = await cache.get(CacheKeys.TOOLS);
-    const cachedUserTools = await getCachedTools({ userId });
 
-    const mcpManager = getMCPManager();
-    const userPlugins =
-      cachedUserTools != null
-        ? convertMCPToolsToPlugins({ functionTools: cachedUserTools, mcpManager })
-        : undefined;
+    const appConfig = req.config ?? (await getAppConfig({ role: req.user?.role }));
 
-    if (cachedToolsArray != null && userPlugins != null) {
-      const dedupedTools = filterUniquePlugins([...userPlugins, ...cachedToolsArray]);
-      res.status(200).json(dedupedTools);
+    // Return early if we have cached tools
+    if (cachedToolsArray != null) {
+      res.status(200).json(cachedToolsArray);
       return;
     }
 
     /** @type {Record<string, FunctionTool> | null} Get tool definitions to filter which tools are actually available */
-    let toolDefinitions = await getCachedTools({ includeGlobal: true });
-    let prelimCachedTools;
+    let toolDefinitions = await getCachedTools();
+
+    if (toolDefinitions == null && appConfig?.availableTools != null) {
+      logger.warn('[getAvailableTools] Tool cache was empty, re-initializing from app config');
+      await setCachedTools(appConfig.availableTools);
+      toolDefinitions = appConfig.availableTools;
+    }
 
     /** @type {import('@librechat/api').LCManifestTool[]} */
     let pluginManifest = availableTools;
 
-    const appConfig = req.config ?? (await getAppConfig({ role: req.user?.role }));
-    if (appConfig?.mcpConfig != null) {
-      try {
-        const mcpTools = await mcpManager.getAllToolFunctions(userId);
-        prelimCachedTools = prelimCachedTools ?? {};
-        for (const [toolKey, toolData] of Object.entries(mcpTools)) {
-          const plugin = convertMCPToolToPlugin({
-            toolKey,
-            toolData,
-            mcpManager,
-          });
-          if (plugin) {
-            pluginManifest.push(plugin);
-          }
-          prelimCachedTools[toolKey] = toolData;
-        }
-        await mergeUserTools({ userId, cachedUserTools, userTools: prelimCachedTools });
-      } catch (error) {
-        logger.error(
-          '[getAvailableTools] Error loading MCP Tools, servers may still be initializing:',
-          error,
-        );
-      }
-    } else if (prelimCachedTools != null) {
-      await setCachedTools(prelimCachedTools, { isGlobal: true });
-    }
-
     /** @type {TPlugin[]} Deduplicate and authenticate plugins */
     const uniquePlugins = filterUniquePlugins(pluginManifest);
     const authenticatedPlugins = uniquePlugins.map((plugin) => {
@@ -130,13 +96,13 @@ const getAvailableTools = async (req, res) => {
       }
     });
 
-    /** Filter plugins based on availability and add MCP-specific auth config */
+    /** Filter plugins based on availability */
     const toolsOutput = [];
     for (const plugin of authenticatedPlugins) {
-      const isToolDefined = toolDefinitions[plugin.pluginKey] !== undefined;
+      const isToolDefined = toolDefinitions?.[plugin.pluginKey] !== undefined;
       const isToolkit =
         plugin.toolkit === true &&
-        Object.keys(toolDefinitions).some(
+        Object.keys(toolDefinitions ?? {}).some(
           (key) => getToolkitKey({ toolkits, toolName: key }) === plugin.pluginKey,
         );
 
@@ -144,39 +110,13 @@ const getAvailableTools = async (req, res) => {
         continue;
       }
 
-      const toolToAdd = { ...plugin };
-
-      if (plugin.pluginKey.includes(Constants.mcp_delimiter)) {
-        const parts = plugin.pluginKey.split(Constants.mcp_delimiter);
-        const serverName = parts[parts.length - 1];
-        const serverConfig = appConfig?.mcpConfig?.[serverName];
-
-        if (serverConfig?.customUserVars) {
-          const customVarKeys = Object.keys(serverConfig.customUserVars);
-          if (customVarKeys.length === 0) {
-            toolToAdd.authConfig = [];
-            toolToAdd.authenticated = true;
-          } else {
-            toolToAdd.authConfig = Object.entries(serverConfig.customUserVars).map(
-              ([key, value]) => ({
-                authField: key,
-                label: value.title || key,
-                description: value.description || '',
-              }),
-            );
-            toolToAdd.authenticated = false;
-          }
-        }
-      }
-
-      toolsOutput.push(toolToAdd);
+      toolsOutput.push(plugin);
     }
 
     const finalTools = filterUniquePlugins(toolsOutput);
     await cache.set(CacheKeys.TOOLS, finalTools);
 
-    const dedupedTools = filterUniquePlugins([...(userPlugins ?? []), ...finalTools]);
-    res.status(200).json(dedupedTools);
+    res.status(200).json(finalTools);
   } catch (error) {
     logger.error('[getAvailableTools]', error);
     res.status(500).json({ message: error.message });

api/server/controllers/PluginController.spec.js

@@ -1,4 +1,3 @@
-const { Constants } = require('librechat-data-provider');
 const { getCachedTools, getAppConfig } = require('~/server/services/Config');
 const { getLogStores } = require('~/cache');
 
@@ -17,18 +16,10 @@ jest.mock('~/server/services/Config', () => ({
     includedTools: [],
   }),
   setCachedTools: jest.fn(),
-  mergeUserTools: jest.fn(),
 }));
 
 // loadAndFormatTools mock removed - no longer used in PluginController
-
-jest.mock('~/config', () => ({
-  getMCPManager: jest.fn(() => ({
-    getAllToolFunctions: jest.fn().mockResolvedValue({}),
-    getRawConfig: jest.fn().mockReturnValue({}),
-  })),
-  getFlowStateManager: jest.fn(),
-}));
+// getMCPManager mock removed - no longer used in PluginController
 
 jest.mock('~/app/clients/tools', () => ({
   availableTools: [],
@@ -159,43 +150,6 @@ describe('PluginController', () => {
   });
 
   describe('getAvailableTools', () => {
-    it('should use convertMCPToolsToPlugins for user-specific MCP tools', async () => {
-      const mockUserTools = {
-        [`tool1${Constants.mcp_delimiter}server1`]: {
-          type: 'function',
-          function: {
-            name: `tool1${Constants.mcp_delimiter}server1`,
-            description: 'Tool 1',
-            parameters: { type: 'object', properties: {} },
-          },
-        },
-      };
-
-      mockCache.get.mockResolvedValue(null);
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-      mockReq.config = {
-        mcpConfig: null,
-        paths: { structuredTools: '/mock/path' },
-      };
-
-      // Mock second call to return tool definitions (includeGlobal: true)
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      const responseData = mockRes.json.mock.calls[0][0];
-      expect(responseData).toBeDefined();
-      expect(Array.isArray(responseData)).toBe(true);
-      expect(responseData.length).toBeGreaterThan(0);
-      const convertedTool = responseData.find(
-        (tool) => tool.pluginKey === `tool1${Constants.mcp_delimiter}server1`,
-      );
-      expect(convertedTool).toBeDefined();
-      // The real convertMCPToolsToPlugins extracts the name from the delimiter
-      expect(convertedTool.name).toBe('tool1');
-    });
-
     it('should use filterUniquePlugins to deduplicate combined tools', async () => {
       const mockUserTools = {
         'user-tool': {
@@ -220,9 +174,6 @@ describe('PluginController', () => {
         paths: { structuredTools: '/mock/path' },
       };
 
-      // Mock second call to return tool definitions
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-
       await getAvailableTools(mockReq, mockRes);
 
       expect(mockRes.status).toHaveBeenCalledWith(200);
@@ -245,14 +196,7 @@ describe('PluginController', () => {
       require('~/app/clients/tools').availableTools.push(mockPlugin);
 
       mockCache.get.mockResolvedValue(null);
-      // First call returns null for user tools
-      getCachedTools.mockResolvedValueOnce(null);
-      mockReq.config = {
-        mcpConfig: null,
-        paths: { structuredTools: '/mock/path' },
-      };
-
-      // Second call (with includeGlobal: true) returns the tool definitions
+      // getCachedTools returns the tool definitions
       getCachedTools.mockResolvedValueOnce({
         tool1: {
           type: 'function',
@@ -263,6 +207,10 @@ describe('PluginController', () => {
           },
         },
       });
+      mockReq.config = {
+        mcpConfig: null,
+        paths: { structuredTools: '/mock/path' },
+      };
 
       await getAvailableTools(mockReq, mockRes);
 
@@ -293,14 +241,7 @@ describe('PluginController', () => {
       });
 
       mockCache.get.mockResolvedValue(null);
-      // First call returns null for user tools
-      getCachedTools.mockResolvedValueOnce(null);
-      mockReq.config = {
-        mcpConfig: null,
-        paths: { structuredTools: '/mock/path' },
-      };
-
-      // Second call (with includeGlobal: true) returns the tool definitions
+      // getCachedTools returns the tool definitions
       getCachedTools.mockResolvedValueOnce({
         toolkit1_function: {
           type: 'function',
@@ -311,6 +252,10 @@ describe('PluginController', () => {
           },
         },
       });
+      mockReq.config = {
+        mcpConfig: null,
+        paths: { structuredTools: '/mock/path' },
+      };
 
       await getAvailableTools(mockReq, mockRes);
 
@@ -322,126 +267,7 @@ describe('PluginController', () => {
     });
   });
 
-  describe('plugin.icon behavior', () => {
-    const callGetAvailableToolsWithMCPServer = async (serverConfig) => {
-      mockCache.get.mockResolvedValue(null);
-
-      const functionTools = {
-        [`test-tool${Constants.mcp_delimiter}test-server`]: {
-          type: 'function',
-          function: {
-            name: `test-tool${Constants.mcp_delimiter}test-server`,
-            description: 'A test tool',
-            parameters: { type: 'object', properties: {} },
-          },
-        },
-      };
-
-      // Mock the MCP manager to return tools and server config
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue(functionTools),
-        getRawConfig: jest.fn().mockReturnValue(serverConfig),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
-      // First call returns empty user tools
-      getCachedTools.mockResolvedValueOnce({});
-
-      // Mock getAppConfig to return the mcpConfig
-      mockReq.config = {
-        mcpConfig: {
-          'test-server': serverConfig,
-        },
-      };
-
-      // Second call (with includeGlobal: true) returns the tool definitions
-      getCachedTools.mockResolvedValueOnce(functionTools);
-
-      await getAvailableTools(mockReq, mockRes);
-      const responseData = mockRes.json.mock.calls[0][0];
-      return responseData.find(
-        (tool) => tool.pluginKey === `test-tool${Constants.mcp_delimiter}test-server`,
-      );
-    };
-
-    it('should set plugin.icon when iconPath is defined', async () => {
-      const serverConfig = {
-        iconPath: '/path/to/icon.png',
-      };
-      const testTool = await callGetAvailableToolsWithMCPServer(serverConfig);
-      expect(testTool.icon).toBe('/path/to/icon.png');
-    });
-
-    it('should set plugin.icon to undefined when iconPath is not defined', async () => {
-      const serverConfig = {};
-      const testTool = await callGetAvailableToolsWithMCPServer(serverConfig);
-      expect(testTool.icon).toBeUndefined();
-    });
-  });
-
   describe('helper function integration', () => {
-    it('should properly handle MCP tools with custom user variables', async () => {
-      const appConfig = {
-        mcpConfig: {
-          'test-server': {
-            customUserVars: {
-              API_KEY: { title: 'API Key', description: 'Your API key' },
-            },
-          },
-        },
-      };
-
-      // Mock MCP tools returned by getAllToolFunctions
-      const mcpToolFunctions = {
-        [`tool1${Constants.mcp_delimiter}test-server`]: {
-          type: 'function',
-          function: {
-            name: `tool1${Constants.mcp_delimiter}test-server`,
-            description: 'Tool 1',
-            parameters: {},
-          },
-        },
-      };
-
-      // Mock the MCP manager to return tools
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue(mcpToolFunctions),
-        getRawConfig: jest.fn().mockReturnValue({
-          customUserVars: {
-            API_KEY: { title: 'API Key', description: 'Your API key' },
-          },
-        }),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
-      mockCache.get.mockResolvedValue(null);
-      mockReq.config = appConfig;
-
-      // First call returns user tools (empty in this case)
-      getCachedTools.mockResolvedValueOnce({});
-
-      // Second call (with includeGlobal: true) returns tool definitions including our MCP tool
-      getCachedTools.mockResolvedValueOnce(mcpToolFunctions);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      const responseData = mockRes.json.mock.calls[0][0];
-      expect(Array.isArray(responseData)).toBe(true);
-
-      // Find the MCP tool in the response
-      const mcpTool = responseData.find(
-        (tool) => tool.pluginKey === `tool1${Constants.mcp_delimiter}test-server`,
-      );
-
-      // The actual implementation adds authConfig and sets authenticated to false when customUserVars exist
-      expect(mcpTool).toBeDefined();
-      expect(mcpTool.authConfig).toEqual([
-        { authField: 'API_KEY', label: 'API Key', description: 'Your API key' },
-      ]);
-      expect(mcpTool.authenticated).toBe(false);
-    });
-
     it('should handle error cases gracefully', async () => {
       mockCache.get.mockRejectedValue(new Error('Cache error'));
 
@@ -463,23 +289,13 @@ describe('PluginController', () => {
 
     it('should handle null cachedTools and cachedUserTools', async () => {
       mockCache.get.mockResolvedValue(null);
-      // First call returns null for user tools
-      getCachedTools.mockResolvedValueOnce(null);
+      // getCachedTools returns empty object instead of null
+      getCachedTools.mockResolvedValueOnce({});
       mockReq.config = {
         mcpConfig: null,
         paths: { structuredTools: '/mock/path' },
       };
 
-      // Mock MCP manager to return no tools
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue({}),
-        getRawConfig: jest.fn().mockReturnValue({}),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
-      // Second call (with includeGlobal: true) returns empty object instead of null
-      getCachedTools.mockResolvedValueOnce({});
-
       await getAvailableTools(mockReq, mockRes);
 
       // Should handle null values gracefully
@@ -494,9 +310,9 @@ describe('PluginController', () => {
         paths: { structuredTools: '/mock/path' },
       };
 
-      // Mock getCachedTools to return undefined for both calls
+      // Mock getCachedTools to return undefined
       getCachedTools.mockReset();
-      getCachedTools.mockResolvedValueOnce(undefined).mockResolvedValueOnce(undefined);
+      getCachedTools.mockResolvedValueOnce(undefined);
 
       await getAvailableTools(mockReq, mockRes);
 
@@ -505,42 +321,6 @@ describe('PluginController', () => {
       expect(mockRes.json).toHaveBeenCalledWith([]);
     });
 
-    it('should handle cachedToolsArray and userPlugins both being defined', async () => {
-      const cachedTools = [{ name: 'CachedTool', pluginKey: 'cached-tool', description: 'Cached' }];
-      // Use MCP delimiter for the user tool so convertMCPToolsToPlugins works
-      const userTools = {
-        [`user-tool${Constants.mcp_delimiter}server1`]: {
-          type: 'function',
-          function: {
-            name: `user-tool${Constants.mcp_delimiter}server1`,
-            description: 'User tool',
-            parameters: {},
-          },
-        },
-      };
-
-      mockCache.get.mockResolvedValue(cachedTools);
-      getCachedTools.mockResolvedValueOnce(userTools);
-      mockReq.config = {
-        mcpConfig: null,
-        paths: { structuredTools: '/mock/path' },
-      };
-
-      // The controller expects a second call to getCachedTools
-      getCachedTools.mockResolvedValueOnce({
-        'cached-tool': { type: 'function', function: { name: 'cached-tool' } },
-        [`user-tool${Constants.mcp_delimiter}server1`]:
-          userTools[`user-tool${Constants.mcp_delimiter}server1`],
-      });
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      const responseData = mockRes.json.mock.calls[0][0];
-      // Should have both cached and user tools
-      expect(responseData.length).toBeGreaterThanOrEqual(2);
-    });
-
     it('should handle empty toolDefinitions object', async () => {
       mockCache.get.mockResolvedValue(null);
       // Reset getCachedTools to ensure clean state
@@ -551,76 +331,12 @@ describe('PluginController', () => {
       // Ensure no plugins are available
       require('~/app/clients/tools').availableTools.length = 0;
 
-      // Reset MCP manager to default state
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue({}),
-        getRawConfig: jest.fn().mockReturnValue({}),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
       await getAvailableTools(mockReq, mockRes);
 
       // With empty tool definitions, no tools should be in the final output
       expect(mockRes.json).toHaveBeenCalledWith([]);
     });
 
-    it('should handle MCP tools without customUserVars', async () => {
-      const appConfig = {
-        mcpConfig: {
-          'test-server': {
-            // No customUserVars defined
-          },
-        },
-      };
-
-      const mockUserTools = {
-        [`tool1${Constants.mcp_delimiter}test-server`]: {
-          type: 'function',
-          function: {
-            name: `tool1${Constants.mcp_delimiter}test-server`,
-            description: 'Tool 1',
-            parameters: { type: 'object', properties: {} },
-          },
-        },
-      };
-
-      // Mock the MCP manager to return the tools
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue(mockUserTools),
-        getRawConfig: jest.fn().mockReturnValue({
-          // No customUserVars defined
-        }),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
-      mockCache.get.mockResolvedValue(null);
-      mockReq.config = appConfig;
-      // First call returns empty user tools
-      getCachedTools.mockResolvedValueOnce({});
-
-      // Second call (with includeGlobal: true) returns the tool definitions
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-
-      // Ensure no plugins in availableTools for clean test
-      require('~/app/clients/tools').availableTools.length = 0;
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      const responseData = mockRes.json.mock.calls[0][0];
-      expect(Array.isArray(responseData)).toBe(true);
-      expect(responseData.length).toBeGreaterThan(0);
-
-      const mcpTool = responseData.find(
-        (tool) => tool.pluginKey === `tool1${Constants.mcp_delimiter}test-server`,
-      );
-
-      expect(mcpTool).toBeDefined();
-      expect(mcpTool.authenticated).toBe(true);
-      // The actual implementation sets authConfig to empty array when no customUserVars
-      expect(mcpTool.authConfig).toEqual([]);
-    });
-
     it('should handle undefined filteredTools and includedTools', async () => {
       mockReq.config = {};
       mockCache.get.mockResolvedValue(null);
@@ -649,20 +365,129 @@ describe('PluginController', () => {
       require('~/app/clients/tools').availableTools.push(mockToolkit);
 
       mockCache.get.mockResolvedValue(null);
-      // First call returns empty object
+      // getCachedTools returns empty object to avoid null reference error
       getCachedTools.mockResolvedValueOnce({});
       mockReq.config = {
         mcpConfig: null,
         paths: { structuredTools: '/mock/path' },
       };
 
-      // Second call (with includeGlobal: true) returns empty object to avoid null reference error
-      getCachedTools.mockResolvedValueOnce({});
-
       await getAvailableTools(mockReq, mockRes);
 
       // Should handle null toolDefinitions gracefully
       expect(mockRes.status).toHaveBeenCalledWith(200);
     });
+
+    it('should handle undefined toolDefinitions when checking isToolDefined (traversaal_search bug)', async () => {
+      // This test reproduces the bug where toolDefinitions is undefined
+      // and accessing toolDefinitions[plugin.pluginKey] causes a TypeError
+      const mockPlugin = {
+        name: 'Traversaal Search',
+        pluginKey: 'traversaal_search',
+        description: 'Search plugin',
+      };
+
+      // Add the plugin to availableTools
+      require('~/app/clients/tools').availableTools.push(mockPlugin);
+
+      mockCache.get.mockResolvedValue(null);
+
+      mockReq.config = {
+        mcpConfig: null,
+        paths: { structuredTools: '/mock/path' },
+      };
+
+      // CRITICAL: getCachedTools returns undefined
+      // This is what causes the bug when trying to access toolDefinitions[plugin.pluginKey]
+      getCachedTools.mockResolvedValueOnce(undefined);
+
+      // This should not throw an error with the optional chaining fix
+      await getAvailableTools(mockReq, mockRes);
+
+      // Should handle undefined toolDefinitions gracefully and return empty array
+      expect(mockRes.status).toHaveBeenCalledWith(200);
+      expect(mockRes.json).toHaveBeenCalledWith([]);
+    });
+
+    it('should re-initialize tools from appConfig when cache returns null', async () => {
+      // Setup: Initial state with tools in appConfig
+      const mockAppTools = {
+        tool1: {
+          type: 'function',
+          function: {
+            name: 'tool1',
+            description: 'Tool 1',
+            parameters: {},
+          },
+        },
+        tool2: {
+          type: 'function',
+          function: {
+            name: 'tool2',
+            description: 'Tool 2',
+            parameters: {},
+          },
+        },
+      };
+
+      // Add matching plugins to availableTools
+      require('~/app/clients/tools').availableTools.push(
+        { name: 'Tool 1', pluginKey: 'tool1', description: 'Tool 1' },
+        { name: 'Tool 2', pluginKey: 'tool2', description: 'Tool 2' },
+      );
+
+      // Simulate cache cleared state (returns null)
+      mockCache.get.mockResolvedValue(null);
+      getCachedTools.mockResolvedValueOnce(null); // Global tools (cache cleared)
+
+      mockReq.config = {
+        filteredTools: [],
+        includedTools: [],
+        availableTools: mockAppTools,
+      };
+
+      // Mock setCachedTools to verify it's called to re-initialize
+      const { setCachedTools } = require('~/server/services/Config');
+
+      await getAvailableTools(mockReq, mockRes);
+
+      // Should have re-initialized the cache with tools from appConfig
+      expect(setCachedTools).toHaveBeenCalledWith(mockAppTools);
+
+      // Should still return tools successfully
+      expect(mockRes.status).toHaveBeenCalledWith(200);
+      const responseData = mockRes.json.mock.calls[0][0];
+      expect(responseData).toHaveLength(2);
+      expect(responseData.find((t) => t.pluginKey === 'tool1')).toBeDefined();
+      expect(responseData.find((t) => t.pluginKey === 'tool2')).toBeDefined();
+    });
+
+    it('should handle cache clear without appConfig.availableTools gracefully', async () => {
+      // Setup: appConfig without availableTools
+      getAppConfig.mockResolvedValue({
+        filteredTools: [],
+        includedTools: [],
+        // No availableTools property
+      });
+
+      // Clear availableTools array
+      require('~/app/clients/tools').availableTools.length = 0;
+
+      // Cache returns null (cleared state)
+      mockCache.get.mockResolvedValue(null);
+      getCachedTools.mockResolvedValueOnce(null); // Global tools (cache cleared)
+
+      mockReq.config = {
+        filteredTools: [],
+        includedTools: [],
+        // No availableTools
+      };
+
+      await getAvailableTools(mockReq, mockRes);
+
+      // Should handle gracefully without crashing
+      expect(mockRes.status).toHaveBeenCalledWith(200);
+      expect(mockRes.json).toHaveBeenCalledWith([]);
+    });
   });
 });

api/server/controllers/UserController.js

@@ -1,26 +1,33 @@
-const { logger } = require('@librechat/data-schemas');
-const { webSearchKeys, extractWebSearchEnvVars, normalizeHttpError } = require('@librechat/api');
+const { logger, webSearchKeys } = require('@librechat/data-schemas');
+const { Tools, CacheKeys, Constants, FileSources } = require('librechat-data-provider');
+const {
+  MCPOAuthHandler,
+  MCPTokenStorage,
+  normalizeHttpError,
+  extractWebSearchEnvVars,
+} = require('@librechat/api');
 const {
   getFiles,
+  findToken,
   updateUser,
   deleteFiles,
   deleteConvos,
   deletePresets,
   deleteMessages,
   deleteUserById,
+  deleteAllSharedLinks,
   deleteAllUserSessions,
 } = require('~/models');
 const { updateUserPluginAuth, deleteUserPluginAuth } = require('~/server/services/PluginService');
 const { updateUserPluginsService, deleteUserKey } = require('~/server/services/UserService');
 const { verifyEmail, resendVerificationEmail } = require('~/server/services/AuthService');
 const { needsRefresh, getNewS3URL } = require('~/server/services/Files/S3/crud');
-const { Tools, Constants, FileSources } = require('librechat-data-provider');
 const { processDeleteRequest } = require('~/server/services/Files/process');
-const { Transaction, Balance, User } = require('~/db/models');
+const { Transaction, Balance, User, Token } = require('~/db/models');
+const { getMCPManager, getFlowStateManager } = require('~/config');
 const { getAppConfig } = require('~/server/services/Config');
 const { deleteToolCalls } = require('~/models/ToolCall');
-const { deleteAllSharedLinks } = require('~/models');
-const { getMCPManager } = require('~/config');
+const { getLogStores } = require('~/cache');
 
 const getUserController = async (req, res) => {
   const appConfig = await getAppConfig({ role: req.user?.role });
@@ -162,6 +169,15 @@ const updateUserPluginsController = async (req, res) => {
           );
           ({ status, message } = normalizeHttpError(authService));
         }
+        try {
+          // if the MCP server uses OAuth, perform a full cleanup and token revocation
+          await maybeUninstallOAuthMCP(user.id, pluginKey, appConfig);
+        } catch (error) {
+          logger.error(
+            `[updateUserPluginsController] Error uninstalling OAuth MCP for ${pluginKey}:`,
+            error,
+          );
+        }
       } else {
         // This handles:
         // 1. Web_search uninstall (keys will be populated with all webSearchKeys if auth was {}).
@@ -187,7 +203,7 @@ const updateUserPluginsController = async (req, res) => {
             // Extract server name from pluginKey (format: "mcp_<serverName>")
             const serverName = pluginKey.replace(Constants.mcp_prefix, '');
             logger.info(
-              `[updateUserPluginsController] Disconnecting MCP server ${serverName} for user ${user.id} after plugin auth update for ${pluginKey}.`,
+              `[updateUserPluginsController] Attempting disconnect of MCP server "${serverName}" for user ${user.id} after plugin auth update.`,
             );
             await mcpManager.disconnectUserConnection(user.id, serverName);
           }
@@ -269,6 +285,107 @@ const resendVerificationController = async (req, res) => {
   }
 };
 
+/**
+ * OAuth MCP specific uninstall logic
+ */
+const maybeUninstallOAuthMCP = async (userId, pluginKey, appConfig) => {
+  if (!pluginKey.startsWith(Constants.mcp_prefix)) {
+    // this is not an MCP server, so nothing to do here
+    return;
+  }
+
+  const serverName = pluginKey.replace(Constants.mcp_prefix, '');
+  const mcpManager = getMCPManager(userId);
+  const serverConfig = mcpManager.getRawConfig(serverName) ?? appConfig?.mcpServers?.[serverName];
+
+  if (!mcpManager.getOAuthServers().has(serverName)) {
+    // this server does not use OAuth, so nothing to do here as well
+    return;
+  }
+
+  // 1. get client info used for revocation (client id, secret)
+  const clientTokenData = await MCPTokenStorage.getClientInfoAndMetadata({
+    userId,
+    serverName,
+    findToken,
+  });
+  if (clientTokenData == null) {
+    return;
+  }
+  const { clientInfo, clientMetadata } = clientTokenData;
+
+  // 2. get decrypted tokens before deletion
+  const tokens = await MCPTokenStorage.getTokens({
+    userId,
+    serverName,
+    findToken,
+  });
+
+  // 3. revoke OAuth tokens at the provider
+  const revocationEndpoint =
+    serverConfig.oauth?.revocation_endpoint ?? clientMetadata.revocation_endpoint;
+  const revocationEndpointAuthMethodsSupported =
+    serverConfig.oauth?.revocation_endpoint_auth_methods_supported ??
+    clientMetadata.revocation_endpoint_auth_methods_supported;
+  const oauthHeaders = serverConfig.oauth_headers ?? {};
+
+  if (tokens?.access_token) {
+    try {
+      await MCPOAuthHandler.revokeOAuthToken(
+        serverName,
+        tokens.access_token,
+        'access',
+        {
+          serverUrl: serverConfig.url,
+          clientId: clientInfo.client_id,
+          clientSecret: clientInfo.client_secret ?? '',
+          revocationEndpoint,
+          revocationEndpointAuthMethodsSupported,
+        },
+        oauthHeaders,
+      );
+    } catch (error) {
+      logger.error(`Error revoking OAuth access token for ${serverName}:`, error);
+    }
+  }
+
+  if (tokens?.refresh_token) {
+    try {
+      await MCPOAuthHandler.revokeOAuthToken(
+        serverName,
+        tokens.refresh_token,
+        'refresh',
+        {
+          serverUrl: serverConfig.url,
+          clientId: clientInfo.client_id,
+          clientSecret: clientInfo.client_secret ?? '',
+          revocationEndpoint,
+          revocationEndpointAuthMethodsSupported,
+        },
+        oauthHeaders,
+      );
+    } catch (error) {
+      logger.error(`Error revoking OAuth refresh token for ${serverName}:`, error);
+    }
+  }
+
+  // 4. delete tokens from the DB after revocation attempts
+  await MCPTokenStorage.deleteUserTokens({
+    userId,
+    serverName,
+    deleteToken: async (filter) => {
+      await Token.deleteOne(filter);
+    },
+  });
+
+  // 5. clear the flow state for the OAuth tokens
+  const flowsCache = getLogStores(CacheKeys.FLOWS);
+  const flowManager = getFlowStateManager(flowsCache);
+  const flowId = MCPOAuthHandler.generateFlowId(userId, serverName);
+  await flowManager.deleteFlow(flowId, 'mcp_get_tokens');
+  await flowManager.deleteFlow(flowId, 'mcp_oauth');
+};
+
 module.exports = {
   getUserController,
   getTermsStatusController,

api/server/controllers/agents/__tests__/callbacks.spec.js

@@ -0,0 +1,342 @@
+const { Tools } = require('librechat-data-provider');
+
+// Mock all dependencies before requiring the module
+jest.mock('nanoid', () => ({
+  nanoid: jest.fn(() => 'mock-id'),
+}));
+
+jest.mock('@librechat/api', () => ({
+  sendEvent: jest.fn(),
+}));
+
+jest.mock('@librechat/data-schemas', () => ({
+  logger: {
+    error: jest.fn(),
+  },
+}));
+
+jest.mock('@librechat/agents', () => ({
+  EnvVar: { CODE_API_KEY: 'CODE_API_KEY' },
+  Providers: { GOOGLE: 'google' },
+  GraphEvents: {},
+  getMessageId: jest.fn(),
+  ToolEndHandler: jest.fn(),
+  handleToolCalls: jest.fn(),
+  ChatModelStreamHandler: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/Citations', () => ({
+  processFileCitations: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/Code/process', () => ({
+  processCodeOutput: jest.fn(),
+}));
+
+jest.mock('~/server/services/Tools/credentials', () => ({
+  loadAuthValues: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/process', () => ({
+  saveBase64Image: jest.fn(),
+}));
+
+describe('createToolEndCallback', () => {
+  let req, res, artifactPromises, createToolEndCallback;
+  let logger;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    // Get the mocked logger
+    logger = require('@librechat/data-schemas').logger;
+
+    // Now require the module after all mocks are set up
+    const callbacks = require('../callbacks');
+    createToolEndCallback = callbacks.createToolEndCallback;
+
+    req = {
+      user: { id: 'user123' },
+    };
+    res = {
+      headersSent: false,
+      write: jest.fn(),
+    };
+    artifactPromises = [];
+  });
+
+  describe('ui_resources artifact handling', () => {
+    it('should process ui_resources artifact and return attachment when headers not sent', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const output = {
+        tool_call_id: 'tool123',
+        artifact: {
+          [Tools.ui_resources]: {
+            data: {
+              0: { type: 'button', label: 'Click me' },
+              1: { type: 'input', placeholder: 'Enter text' },
+            },
+          },
+        },
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+
+      // Wait for all promises to resolve
+      const results = await Promise.all(artifactPromises);
+
+      // When headers are not sent, it returns attachment without writing
+      expect(res.write).not.toHaveBeenCalled();
+
+      const attachment = results[0];
+      expect(attachment).toEqual({
+        type: Tools.ui_resources,
+        messageId: 'run456',
+        toolCallId: 'tool123',
+        conversationId: 'thread789',
+        [Tools.ui_resources]: {
+          0: { type: 'button', label: 'Click me' },
+          1: { type: 'input', placeholder: 'Enter text' },
+        },
+      });
+    });
+
+    it('should write to response when headers are already sent', async () => {
+      res.headersSent = true;
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const output = {
+        tool_call_id: 'tool123',
+        artifact: {
+          [Tools.ui_resources]: {
+            data: {
+              0: { type: 'carousel', items: [] },
+            },
+          },
+        },
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+      const results = await Promise.all(artifactPromises);
+
+      expect(res.write).toHaveBeenCalled();
+      expect(results[0]).toEqual({
+        type: Tools.ui_resources,
+        messageId: 'run456',
+        toolCallId: 'tool123',
+        conversationId: 'thread789',
+        [Tools.ui_resources]: {
+          0: { type: 'carousel', items: [] },
+        },
+      });
+    });
+
+    it('should handle errors when processing ui_resources', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      // Mock res.write to throw an error
+      res.headersSent = true;
+      res.write.mockImplementation(() => {
+        throw new Error('Write failed');
+      });
+
+      const output = {
+        tool_call_id: 'tool123',
+        artifact: {
+          [Tools.ui_resources]: {
+            data: {
+              0: { type: 'test' },
+            },
+          },
+        },
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+      const results = await Promise.all(artifactPromises);
+
+      expect(logger.error).toHaveBeenCalledWith(
+        'Error processing artifact content:',
+        expect.any(Error),
+      );
+      expect(results[0]).toBeNull();
+    });
+
+    it('should handle multiple artifacts including ui_resources', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const output = {
+        tool_call_id: 'tool123',
+        artifact: {
+          [Tools.ui_resources]: {
+            data: {
+              0: { type: 'chart', data: [] },
+            },
+          },
+          [Tools.web_search]: {
+            results: ['result1', 'result2'],
+          },
+        },
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+      const results = await Promise.all(artifactPromises);
+
+      // Both ui_resources and web_search should be processed
+      expect(artifactPromises).toHaveLength(2);
+      expect(results).toHaveLength(2);
+
+      // Check ui_resources attachment
+      const uiResourceAttachment = results.find((r) => r?.type === Tools.ui_resources);
+      expect(uiResourceAttachment).toBeTruthy();
+      expect(uiResourceAttachment[Tools.ui_resources]).toEqual({
+        0: { type: 'chart', data: [] },
+      });
+
+      // Check web_search attachment
+      const webSearchAttachment = results.find((r) => r?.type === Tools.web_search);
+      expect(webSearchAttachment).toBeTruthy();
+      expect(webSearchAttachment[Tools.web_search]).toEqual({
+        results: ['result1', 'result2'],
+      });
+    });
+
+    it('should not process artifacts when output has no artifacts', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const output = {
+        tool_call_id: 'tool123',
+        content: 'Some regular content',
+        // No artifact property
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+
+      expect(artifactPromises).toHaveLength(0);
+      expect(res.write).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('edge cases', () => {
+    it('should handle empty ui_resources data object', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const output = {
+        tool_call_id: 'tool123',
+        artifact: {
+          [Tools.ui_resources]: {
+            data: {},
+          },
+        },
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+      const results = await Promise.all(artifactPromises);
+
+      expect(results[0]).toEqual({
+        type: Tools.ui_resources,
+        messageId: 'run456',
+        toolCallId: 'tool123',
+        conversationId: 'thread789',
+        [Tools.ui_resources]: {},
+      });
+    });
+
+    it('should handle ui_resources with complex nested data', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const complexData = {
+        0: {
+          type: 'form',
+          fields: [
+            { name: 'field1', type: 'text', required: true },
+            { name: 'field2', type: 'select', options: ['a', 'b', 'c'] },
+          ],
+          nested: {
+            deep: {
+              value: 123,
+              array: [1, 2, 3],
+            },
+          },
+        },
+      };
+
+      const output = {
+        tool_call_id: 'tool123',
+        artifact: {
+          [Tools.ui_resources]: {
+            data: complexData,
+          },
+        },
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+      const results = await Promise.all(artifactPromises);
+
+      expect(results[0][Tools.ui_resources]).toEqual(complexData);
+    });
+
+    it('should handle when output is undefined', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output: undefined }, metadata);
+
+      expect(artifactPromises).toHaveLength(0);
+      expect(res.write).not.toHaveBeenCalled();
+    });
+
+    it('should handle when data parameter is undefined', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback(undefined, metadata);
+
+      expect(artifactPromises).toHaveLength(0);
+      expect(res.write).not.toHaveBeenCalled();
+    });
+  });
+});

api/server/controllers/agents/__tests__/v1.spec.js

@@ -158,7 +158,7 @@ describe('duplicateAgent', () => {
     });
   });
 
-  it('should handle tool_resources.ocr correctly', async () => {
+  it('should convert `tool_resources.ocr` to `tool_resources.context`', async () => {
     const mockAgent = {
       id: 'agent_123',
       name: 'Test Agent',
@@ -178,7 +178,7 @@ describe('duplicateAgent', () => {
     expect(createAgent).toHaveBeenCalledWith(
       expect.objectContaining({
         tool_resources: {
-          ocr: { enabled: true, config: 'test' },
+          context: { enabled: true, config: 'test' },
         },
       }),
     );

api/server/controllers/agents/callbacks.js

@@ -265,6 +265,30 @@ function createToolEndCallback({ req, res, artifactPromises }) {
       );
     }
 
+    // TODO: a lot of duplicated code in createToolEndCallback
+    // we should refactor this to use a helper function in a follow-up PR
+    if (output.artifact[Tools.ui_resources]) {
+      artifactPromises.push(
+        (async () => {
+          const attachment = {
+            type: Tools.ui_resources,
+            messageId: metadata.run_id,
+            toolCallId: output.tool_call_id,
+            conversationId: metadata.thread_id,
+            [Tools.ui_resources]: output.artifact[Tools.ui_resources].data,
+          };
+          if (!res.headersSent) {
+            return attachment;
+          }
+          res.write(`event: attachment\ndata: ${JSON.stringify(attachment)}\n\n`);
+          return attachment;
+        })().catch((error) => {
+          logger.error('Error processing artifact content:', error);
+          return null;
+        }),
+      );
+    }
+
     if (output.artifact[Tools.web_search]) {
       artifactPromises.push(
         (async () => {

api/server/controllers/agents/client.js

@@ -7,10 +7,12 @@ const {
   createRun,
   Tokenizer,
   checkAccess,
+  logAxiosError,
   resolveHeaders,
   getBalanceConfig,
   memoryInstructions,
   formatContentStrings,
+  getTransactionsConfig,
   createMemoryProcessor,
 } = require('@librechat/api');
 const {
@@ -87,11 +89,10 @@ function createTokenCounter(encoding) {
 }
 
 function logToolError(graph, error, toolId) {
-  logger.error(
-    '[api/server/controllers/agents/client.js #chatCompletion] Tool Error',
+  logAxiosError({
     error,
-    toolId,
-  );
+    message: `[api/server/controllers/agents/client.js #chatCompletion] Tool Error "${toolId}"`,
+  });
 }
 
 class AgentClient extends BaseClient {
@@ -210,16 +211,13 @@ class AgentClient extends BaseClient {
    * @returns {Promise<Array<Partial<MongoFile>>>}
    */
   async addImageURLs(message, attachments) {
-    const { files, text, image_urls } = await encodeAndFormat(
+    const { files, image_urls } = await encodeAndFormat(
       this.options.req,
       attachments,
       this.options.agent.provider,
       VisionModes.agents,
     );
     message.image_urls = image_urls.length ? image_urls : undefined;
-    if (text && text.length) {
-      message.ocr = text;
-    }
     return files;
   }
 
@@ -247,19 +245,18 @@ class AgentClient extends BaseClient {
 
     if (this.options.attachments) {
       const attachments = await this.options.attachments;
+      const latestMessage = orderedMessages[orderedMessages.length - 1];
 
       if (this.message_file_map) {
-        this.message_file_map[orderedMessages[orderedMessages.length - 1].messageId] = attachments;
+        this.message_file_map[latestMessage.messageId] = attachments;
       } else {
         this.message_file_map = {
-          [orderedMessages[orderedMessages.length - 1].messageId]: attachments,
+          [latestMessage.messageId]: attachments,
         };
       }
 
-      const files = await this.addImageURLs(
-        orderedMessages[orderedMessages.length - 1],
-        attachments,
-      );
+      await this.addFileContextToMessage(latestMessage, attachments);
+      const files = await this.processAttachments(latestMessage, attachments);
 
       this.options.attachments = files;
     }
@@ -279,21 +276,21 @@ class AgentClient extends BaseClient {
         assistantName: this.options?.modelLabel,
       });
 
-      if (message.ocr && i !== orderedMessages.length - 1) {
+      if (message.fileContext && i !== orderedMessages.length - 1) {
         if (typeof formattedMessage.content === 'string') {
-          formattedMessage.content = message.ocr + '\n' + formattedMessage.content;
+          formattedMessage.content = message.fileContext + '\n' + formattedMessage.content;
         } else {
           const textPart = formattedMessage.content.find((part) => part.type === 'text');
           textPart
-            ? (textPart.text = message.ocr + '\n' + textPart.text)
-            : formattedMessage.content.unshift({ type: 'text', text: message.ocr });
+            ? (textPart.text = message.fileContext + '\n' + textPart.text)
+            : formattedMessage.content.unshift({ type: 'text', text: message.fileContext });
         }
-      } else if (message.ocr && i === orderedMessages.length - 1) {
-        systemContent = [systemContent, message.ocr].join('\n');
+      } else if (message.fileContext && i === orderedMessages.length - 1) {
+        systemContent = [systemContent, message.fileContext].join('\n');
       }
 
       const needsTokenCount =
-        (this.contextStrategy && !orderedMessages[i].tokenCount) || message.ocr;
+        (this.contextStrategy && !orderedMessages[i].tokenCount) || message.fileContext;
 
       /* If tokens were never counted, or, is a Vision request and the message has files, count again */
       if (needsTokenCount || (this.isVisionModel && (message.image_urls || message.files))) {
@@ -623,11 +620,13 @@ class AgentClient extends BaseClient {
    * @param {string} [params.model]
    * @param {string} [params.context='message']
    * @param {AppConfig['balance']} [params.balance]
+   * @param {AppConfig['transactions']} [params.transactions]
    * @param {UsageMetadata[]} [params.collectedUsage=this.collectedUsage]
    */
   async recordCollectedUsage({
     model,
     balance,
+    transactions,
     context = 'message',
     collectedUsage = this.collectedUsage,
   }) {
@@ -653,6 +652,7 @@ class AgentClient extends BaseClient {
       const txMetadata = {
         context,
         balance,
+        transactions,
         conversationId: this.conversationId,
         user: this.user ?? this.options.req.user?.id,
         endpointTokenConfig: this.options.endpointTokenConfig,
@@ -868,11 +868,10 @@ class AgentClient extends BaseClient {
         if (agent.useLegacyContent === true) {
           messages = formatContentStrings(messages);
         }
-        if (
-          agent.model_parameters?.clientOptions?.defaultHeaders?.['anthropic-beta']?.includes(
-            'prompt-caching',
-          )
-        ) {
+        const defaultHeaders =
+          agent.model_parameters?.clientOptions?.defaultHeaders ??
+          agent.model_parameters?.configuration?.defaultHeaders;
+        if (defaultHeaders?.['anthropic-beta']?.includes('prompt-caching')) {
           messages = addCacheControl(messages);
         }
 
@@ -1051,7 +1050,12 @@ class AgentClient extends BaseClient {
         }
 
         const balanceConfig = getBalanceConfig(appConfig);
-        await this.recordCollectedUsage({ context: 'message', balance: balanceConfig });
+        const transactionsConfig = getTransactionsConfig(appConfig);
+        await this.recordCollectedUsage({
+          context: 'message',
+          balance: balanceConfig,
+          transactions: transactionsConfig,
+        });
       } catch (err) {
         logger.error(
           '[api/server/controllers/agents/client.js #chatCompletion] Error recording collected usage',
@@ -1108,11 +1112,18 @@ class AgentClient extends BaseClient {
       appConfig.endpoints?.[endpoint] ??
       titleProviderConfig.customEndpointConfig;
     if (!endpointConfig) {
-      logger.warn(
-        '[api/server/controllers/agents/client.js #titleConvo] Error getting endpoint config',
+      logger.debug(
+        `[api/server/controllers/agents/client.js #titleConvo] No endpoint config for "${endpoint}"`,
       );
     }
 
+    if (endpointConfig?.titleConvo === false) {
+      logger.debug(
+        `[api/server/controllers/agents/client.js #titleConvo] Title generation disabled for endpoint "${endpoint}"`,
+      );
+      return;
+    }
+
     if (endpointConfig?.titleEndpoint && endpointConfig.titleEndpoint !== endpoint) {
       try {
         titleProviderConfig = getProviderConfig({
@@ -1122,7 +1133,7 @@ class AgentClient extends BaseClient {
         endpoint = endpointConfig.titleEndpoint;
       } catch (error) {
         logger.warn(
-          `[api/server/controllers/agents/client.js #titleConvo] Error getting title endpoint config for ${endpointConfig.titleEndpoint}, falling back to default`,
+          `[api/server/controllers/agents/client.js #titleConvo] Error getting title endpoint config for "${endpointConfig.titleEndpoint}", falling back to default`,
           error,
         );
         // Fall back to original provider config
@@ -1245,11 +1256,13 @@ class AgentClient extends BaseClient {
       });
 
       const balanceConfig = getBalanceConfig(appConfig);
+      const transactionsConfig = getTransactionsConfig(appConfig);
       await this.recordCollectedUsage({
         collectedUsage,
         context: 'title',
         model: clientOptions.model,
         balance: balanceConfig,
+        transactions: transactionsConfig,
       }).catch((err) => {
         logger.error(
           '[api/server/controllers/agents/client.js #titleConvo] Error recording collected usage',

api/server/controllers/agents/client.test.js

@@ -237,6 +237,9 @@ describe('AgentClient - titleConvo', () => {
         balance: {
           enabled: false,
         },
+        transactions: {
+          enabled: true,
+        },
       });
     });
 
@@ -260,6 +263,125 @@ describe('AgentClient - titleConvo', () => {
       expect(result).toBeUndefined();
     });
 
+    it('should skip title generation when titleConvo is set to false', async () => {
+      // Set titleConvo to false in endpoint config
+      mockReq.config = {
+        endpoints: {
+          [EModelEndpoint.openAI]: {
+            titleConvo: false,
+            titleModel: 'gpt-3.5-turbo',
+            titlePrompt: 'Custom title prompt',
+            titleMethod: 'structured',
+            titlePromptTemplate: 'Template: {{content}}',
+          },
+        },
+      };
+
+      const text = 'Test conversation text';
+      const abortController = new AbortController();
+
+      const result = await client.titleConvo({ text, abortController });
+
+      // Should return undefined without generating title
+      expect(result).toBeUndefined();
+
+      // generateTitle should NOT have been called
+      expect(mockRun.generateTitle).not.toHaveBeenCalled();
+
+      // recordCollectedUsage should NOT have been called
+      expect(client.recordCollectedUsage).not.toHaveBeenCalled();
+    });
+
+    it('should skip title generation when titleConvo is false in all config', async () => {
+      // Set titleConvo to false in "all" config
+      mockReq.config = {
+        endpoints: {
+          all: {
+            titleConvo: false,
+            titleModel: 'gpt-4o-mini',
+            titlePrompt: 'All config title prompt',
+            titleMethod: 'completion',
+            titlePromptTemplate: 'All config template',
+          },
+        },
+      };
+
+      const text = 'Test conversation text';
+      const abortController = new AbortController();
+
+      const result = await client.titleConvo({ text, abortController });
+
+      // Should return undefined without generating title
+      expect(result).toBeUndefined();
+
+      // generateTitle should NOT have been called
+      expect(mockRun.generateTitle).not.toHaveBeenCalled();
+
+      // recordCollectedUsage should NOT have been called
+      expect(client.recordCollectedUsage).not.toHaveBeenCalled();
+    });
+
+    it('should skip title generation when titleConvo is false for custom endpoint scenario', async () => {
+      // This test validates the behavior when customEndpointConfig (retrieved via
+      // getProviderConfig for custom endpoints) has titleConvo: false.
+      //
+      // The code path is:
+      // 1. endpoints?.all is checked (undefined in this test)
+      // 2. endpoints?.[endpoint] is checked (our test config)
+      // 3. Would fall back to titleProviderConfig.customEndpointConfig (for real custom endpoints)
+      //
+      // We simulate a custom endpoint scenario using a dynamically named endpoint config
+
+      // Create a unique endpoint name that represents a custom endpoint
+      const customEndpointName = 'customEndpoint';
+
+      // Configure the endpoint to have titleConvo: false
+      // This simulates what would be in customEndpointConfig for a real custom endpoint
+      mockReq.config = {
+        endpoints: {
+          // No 'all' config - so it will check endpoints[endpoint]
+          // This config represents what customEndpointConfig would contain
+          [customEndpointName]: {
+            titleConvo: false,
+            titleModel: 'custom-model-v1',
+            titlePrompt: 'Custom endpoint title prompt',
+            titleMethod: 'completion',
+            titlePromptTemplate: 'Custom template: {{content}}',
+            baseURL: 'https://api.custom-llm.com/v1',
+            apiKey: 'test-custom-key',
+            // Additional custom endpoint properties
+            models: {
+              default: ['custom-model-v1', 'custom-model-v2'],
+            },
+          },
+        },
+      };
+
+      // Set up agent to use our custom endpoint
+      // Use openAI as base but override with custom endpoint name for this test
+      mockAgent.endpoint = EModelEndpoint.openAI;
+      mockAgent.provider = EModelEndpoint.openAI;
+
+      // Override the endpoint in the config to point to our custom config
+      mockReq.config.endpoints[EModelEndpoint.openAI] =
+        mockReq.config.endpoints[customEndpointName];
+      delete mockReq.config.endpoints[customEndpointName];
+
+      const text = 'Test custom endpoint conversation';
+      const abortController = new AbortController();
+
+      const result = await client.titleConvo({ text, abortController });
+
+      // Should return undefined without generating title because titleConvo is false
+      expect(result).toBeUndefined();
+
+      // generateTitle should NOT have been called
+      expect(mockRun.generateTitle).not.toHaveBeenCalled();
+
+      // recordCollectedUsage should NOT have been called
+      expect(client.recordCollectedUsage).not.toHaveBeenCalled();
+    });
+
     it('should pass titleEndpoint configuration to generateTitle', async () => {
       // Mock the API key just for this test
       const originalApiKey = process.env.ANTHROPIC_API_KEY;

api/server/controllers/agents/v1.js

@@ -2,9 +2,15 @@ const { z } = require('zod');
 const fs = require('fs').promises;
 const { nanoid } = require('nanoid');
 const { logger } = require('@librechat/data-schemas');
-const { agentCreateSchema, agentUpdateSchema } = require('@librechat/api');
+const {
+  agentCreateSchema,
+  agentUpdateSchema,
+  mergeAgentOcrConversion,
+  convertOcrToContextInPlace,
+} = require('@librechat/api');
 const {
   Tools,
+  Constants,
   SystemRoles,
   FileSources,
   ResourceType,
@@ -65,13 +71,13 @@ const createAgentHandler = async (req, res) => {
     agentData.author = userId;
     agentData.tools = [];
 
-    const availableTools = await getCachedTools({ includeGlobal: true });
+    const availableTools = await getCachedTools();
     for (const tool of tools) {
       if (availableTools[tool]) {
         agentData.tools.push(tool);
-      }
-
-      if (systemTools[tool]) {
+      } else if (systemTools[tool]) {
+        agentData.tools.push(tool);
+      } else if (tool.includes(Constants.mcp_delimiter)) {
         agentData.tools.push(tool);
       }
     }
@@ -197,19 +203,32 @@ const getAgentHandler = async (req, res, expandProperties = false) => {
  * @param {object} req.params - Request params
  * @param {string} req.params.id - Agent identifier.
  * @param {AgentUpdateParams} req.body - The Agent update parameters.
- * @returns {Agent} 200 - success response - application/json
+ * @returns {Promise<Agent>} 200 - success response - application/json
  */
 const updateAgentHandler = async (req, res) => {
   try {
     const id = req.params.id;
     const validatedData = agentUpdateSchema.parse(req.body);
     const { _id, ...updateData } = removeNullishValues(validatedData);
+
+    // Convert OCR to context in incoming updateData
+    convertOcrToContextInPlace(updateData);
+
     const existingAgent = await getAgent({ id });
 
     if (!existingAgent) {
       return res.status(404).json({ error: 'Agent not found' });
     }
 
+    // Convert legacy OCR tool resource to context format in existing agent
+    const ocrConversion = mergeAgentOcrConversion(existingAgent, updateData);
+    if (ocrConversion.tool_resources) {
+      updateData.tool_resources = ocrConversion.tool_resources;
+    }
+    if (ocrConversion.tools) {
+      updateData.tools = ocrConversion.tools;
+    }
+
     let updatedAgent =
       Object.keys(updateData).length > 0
         ? await updateAgent({ id }, updateData, {
@@ -254,7 +273,7 @@ const updateAgentHandler = async (req, res) => {
  * @param {object} req - Express Request
  * @param {object} req.params - Request params
  * @param {string} req.params.id - Agent identifier.
- * @returns {Agent} 201 - success response - application/json
+ * @returns {Promise<Agent>} 201 - success response - application/json
  */
 const duplicateAgentHandler = async (req, res) => {
   const { id } = req.params;
@@ -287,9 +306,19 @@ const duplicateAgentHandler = async (req, res) => {
       hour12: false,
     })})`;
 
+    if (_tool_resources?.[EToolResources.context]) {
+      cloneData.tool_resources = {
+        [EToolResources.context]: _tool_resources[EToolResources.context],
+      };
+    }
+
     if (_tool_resources?.[EToolResources.ocr]) {
       cloneData.tool_resources = {
-        [EToolResources.ocr]: _tool_resources[EToolResources.ocr],
+        /** Legacy conversion from `ocr` to `context` */
+        [EToolResources.context]: {
+          ...(_tool_resources[EToolResources.context] ?? {}),
+          ..._tool_resources[EToolResources.ocr],
+        },
       };
     }
 
@@ -381,7 +410,7 @@ const duplicateAgentHandler = async (req, res) => {
  * @param {object} req - Express Request
  * @param {object} req.params - Request params
  * @param {string} req.params.id - Agent identifier.
- * @returns {Agent} 200 - success response - application/json
+ * @returns {Promise<Agent>} 200 - success response - application/json
  */
 const deleteAgentHandler = async (req, res) => {
   try {
@@ -483,7 +512,7 @@ const getListAgentsHandler = async (req, res) => {
  * @param {Express.Multer.File} req.file - The avatar image file.
  * @param {object} req.body - Request body
  * @param {string} [req.body.avatar] - Optional avatar for the agent's avatar.
- * @returns {Object} 200 - success response - application/json
+ * @returns {Promise<void>} 200 - success response - application/json
  */
 const uploadAgentAvatarHandler = async (req, res) => {
   try {

api/server/controllers/agents/v1.spec.js

@@ -512,6 +512,7 @@ describe('Agent Controllers - Mass Assignment Protection', () => {
       mockReq.params.id = existingAgentId;
       mockReq.body = {
         tool_resources: {
+          /** Legacy conversion from `ocr` to `context` */
           ocr: {
             file_ids: ['ocr1', 'ocr2'],
           },
@@ -531,7 +532,8 @@ describe('Agent Controllers - Mass Assignment Protection', () => {
 
       const updatedAgent = mockRes.json.mock.calls[0][0];
       expect(updatedAgent.tool_resources).toBeDefined();
-      expect(updatedAgent.tool_resources.ocr).toBeDefined();
+      expect(updatedAgent.tool_resources.ocr).toBeUndefined();
+      expect(updatedAgent.tool_resources.context).toBeDefined();
       expect(updatedAgent.tool_resources.execute_code).toBeDefined();
       expect(updatedAgent.tool_resources.invalid_tool).toBeUndefined();
     });

api/server/controllers/assistants/chatV1.js

@@ -1,7 +1,7 @@
 const { v4 } = require('uuid');
 const { sleep } = require('@librechat/agents');
 const { logger } = require('@librechat/data-schemas');
-const { sendEvent, getBalanceConfig } = require('@librechat/api');
+const { sendEvent, getBalanceConfig, getModelMaxTokens } = require('@librechat/api');
 const {
   Time,
   Constants,
@@ -34,7 +34,6 @@ const { checkBalance } = require('~/models/balanceMethods');
 const { getConvo } = require('~/models/Conversation');
 const getLogStores = require('~/cache/getLogStores');
 const { countTokens } = require('~/server/utils');
-const { getModelMaxTokens } = require('~/utils');
 const { getOpenAIClient } = require('./helpers');
 
 /**

api/server/controllers/assistants/chatV2.js

@@ -1,7 +1,7 @@
 const { v4 } = require('uuid');
 const { sleep } = require('@librechat/agents');
 const { logger } = require('@librechat/data-schemas');
-const { sendEvent, getBalanceConfig } = require('@librechat/api');
+const { sendEvent, getBalanceConfig, getModelMaxTokens } = require('@librechat/api');
 const {
   Time,
   Constants,
@@ -31,7 +31,6 @@ const { checkBalance } = require('~/models/balanceMethods');
 const { getConvo } = require('~/models/Conversation');
 const getLogStores = require('~/cache/getLogStores');
 const { countTokens } = require('~/server/utils');
-const { getModelMaxTokens } = require('~/utils');
 const { getOpenAIClient } = require('./helpers');
 
 /**

api/server/controllers/assistants/v1.js

@@ -31,7 +31,7 @@ const createAssistant = async (req, res) => {
     delete assistantData.conversation_starters;
     delete assistantData.append_current_datetime;
 
-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+    const toolDefinitions = await getCachedTools();
 
     assistantData.tools = tools
       .map((tool) => {
@@ -136,7 +136,7 @@ const patchAssistant = async (req, res) => {
       ...updateData
     } = req.body;
 
-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+    const toolDefinitions = await getCachedTools();
 
     updateData.tools = (updateData.tools ?? [])
       .map((tool) => {

api/server/controllers/assistants/v2.js

@@ -28,7 +28,7 @@ const createAssistant = async (req, res) => {
     delete assistantData.conversation_starters;
     delete assistantData.append_current_datetime;
 
-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+    const toolDefinitions = await getCachedTools();
 
     assistantData.tools = tools
       .map((tool) => {
@@ -125,7 +125,7 @@ const updateAssistant = async ({ req, openai, assistant_id, updateData }) => {
 
   let hasFileSearch = false;
   for (const tool of updateData.tools ?? []) {
-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+    const toolDefinitions = await getCachedTools();
     let actualTool = typeof tool === 'string' ? toolDefinitions[tool] : tool;
 
     if (!actualTool && manifestToolMap[tool] && manifestToolMap[tool].toolkit === true) {

api/server/controllers/auth/LoginController.js

@@ -1,6 +1,6 @@
+const { logger } = require('@librechat/data-schemas');
 const { generate2FATempToken } = require('~/server/services/twoFactorService');
 const { setAuthTokens } = require('~/server/services/AuthService');
-const { logger } = require('~/config');
 
 const loginController = async (req, res) => {
   try {

api/server/controllers/auth/LogoutController.js

@@ -1,8 +1,8 @@
 const cookies = require('cookie');
-const { getOpenIdConfig } = require('~/strategies');
+const { isEnabled } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { logoutUser } = require('~/server/services/AuthService');
-const { isEnabled } = require('~/server/utils');
-const { logger } = require('~/config');
+const { getOpenIdConfig } = require('~/strategies');
 
 const logoutController = async (req, res) => {
   const refreshToken = req.headers.cookie ? cookies.parse(req.headers.cookie).refreshToken : null;

api/server/controllers/mcp.js

@@ -0,0 +1,126 @@
+/**
+ * MCP Tools Controller
+ * Handles MCP-specific tool endpoints, decoupled from regular LibreChat tools
+ */
+const { logger } = require('@librechat/data-schemas');
+const { Constants } = require('librechat-data-provider');
+const {
+  cacheMCPServerTools,
+  getMCPServerTools,
+  getAppConfig,
+} = require('~/server/services/Config');
+const { getMCPManager } = require('~/config');
+
+/**
+ * Get all MCP tools available to the user
+ */
+const getMCPTools = async (req, res) => {
+  try {
+    const userId = req.user?.id;
+    if (!userId) {
+      logger.warn('[getMCPTools] User ID not found in request');
+      return res.status(401).json({ message: 'Unauthorized' });
+    }
+
+    const appConfig = req.config ?? (await getAppConfig({ role: req.user?.role }));
+    if (!appConfig?.mcpConfig) {
+      return res.status(200).json({ servers: {} });
+    }
+
+    const mcpManager = getMCPManager();
+    const configuredServers = Object.keys(appConfig.mcpConfig);
+    const mcpServers = {};
+
+    const cachePromises = configuredServers.map((serverName) =>
+      getMCPServerTools(serverName).then((tools) => ({ serverName, tools })),
+    );
+    const cacheResults = await Promise.all(cachePromises);
+
+    const serverToolsMap = new Map();
+    for (const { serverName, tools } of cacheResults) {
+      if (tools) {
+        serverToolsMap.set(serverName, tools);
+        continue;
+      }
+
+      const serverTools = await mcpManager.getServerToolFunctions(userId, serverName);
+      if (!serverTools) {
+        logger.debug(`[getMCPTools] No tools found for server ${serverName}`);
+        continue;
+      }
+      serverToolsMap.set(serverName, serverTools);
+
+      if (Object.keys(serverTools).length > 0) {
+        // Cache asynchronously without blocking
+        cacheMCPServerTools({ serverName, serverTools }).catch((err) =>
+          logger.error(`[getMCPTools] Failed to cache tools for ${serverName}:`, err),
+        );
+      }
+    }
+
+    // Process each configured server
+    for (const serverName of configuredServers) {
+      try {
+        const serverTools = serverToolsMap.get(serverName);
+
+        // Get server config once
+        const serverConfig = appConfig.mcpConfig[serverName];
+        const rawServerConfig = mcpManager.getRawConfig(serverName);
+
+        // Initialize server object with all server-level data
+        const server = {
+          name: serverName,
+          icon: rawServerConfig?.iconPath || '',
+          authenticated: true,
+          authConfig: [],
+          tools: [],
+        };
+
+        // Set authentication config once for the server
+        if (serverConfig?.customUserVars) {
+          const customVarKeys = Object.keys(serverConfig.customUserVars);
+          if (customVarKeys.length > 0) {
+            server.authConfig = Object.entries(serverConfig.customUserVars).map(([key, value]) => ({
+              authField: key,
+              label: value.title || key,
+              description: value.description || '',
+            }));
+            server.authenticated = false;
+          }
+        }
+
+        // Process tools efficiently - no need for convertMCPToolToPlugin
+        if (serverTools) {
+          for (const [toolKey, toolData] of Object.entries(serverTools)) {
+            if (!toolData.function || !toolKey.includes(Constants.mcp_delimiter)) {
+              continue;
+            }
+
+            const toolName = toolKey.split(Constants.mcp_delimiter)[0];
+            server.tools.push({
+              name: toolName,
+              pluginKey: toolKey,
+              description: toolData.function.description || '',
+            });
+          }
+        }
+
+        // Only add server if it has tools or is configured
+        if (server.tools.length > 0 || serverConfig) {
+          mcpServers[serverName] = server;
+        }
+      } catch (error) {
+        logger.error(`[getMCPTools] Error loading tools for server ${serverName}:`, error);
+      }
+    }
+
+    res.status(200).json({ servers: mcpServers });
+  } catch (error) {
+    logger.error('[getMCPTools]', error);
+    res.status(500).json({ message: error.message });
+  }
+};
+
+module.exports = {
+  getMCPTools,
+};

api/server/index.js

@@ -10,9 +10,15 @@ const compression = require('compression');
 const cookieParser = require('cookie-parser');
 const { logger } = require('@librechat/data-schemas');
 const mongoSanitize = require('express-mongo-sanitize');
-const { isEnabled, ErrorController } = require('@librechat/api');
+const {
+  isEnabled,
+  ErrorController,
+  performStartupChecks,
+  initializeFileStorage,
+} = require('@librechat/api');
 const { connectDb, indexSync } = require('~/db');
-const validateImageRequest = require('./middleware/validateImageRequest');
+const initializeOAuthReconnectManager = require('./services/initializeOAuthReconnectManager');
+const createValidateImageRequest = require('./middleware/validateImageRequest');
 const { jwtLogin, ldapLogin, passportLogin } = require('~/strategies');
 const { updateInterfacePermissions } = require('~/models/interface');
 const { checkMigrations } = require('./services/start/migration');
@@ -48,9 +54,11 @@ const startServer = async () => {
   app.set('trust proxy', trusted_proxy);
 
   await seedDatabase();
-
   const appConfig = await getAppConfig();
+  initializeFileStorage(appConfig);
+  await performStartupChecks(appConfig);
   await updateInterfacePermissions(appConfig);
+
   const indexPath = path.join(appConfig.paths.dist, 'index.html');
   let indexHTML = fs.readFileSync(indexPath, 'utf8');
 
@@ -126,7 +134,7 @@ const startServer = async () => {
   app.use('/api/config', routes.config);
   app.use('/api/assistants', routes.assistants);
   app.use('/api/files', await routes.files.initialize());
-  app.use('/images/', validateImageRequest, routes.staticRoute);
+  app.use('/images/', createValidateImageRequest(appConfig.secureImageLinks), routes.staticRoute);
   app.use('/api/share', routes.share);
   app.use('/api/roles', routes.roles);
   app.use('/api/agents', routes.agents);
@@ -154,7 +162,7 @@ const startServer = async () => {
     res.send(updatedIndexHtml);
   });
 
-  app.listen(port, host, () => {
+  app.listen(port, host, async () => {
     if (host === '0.0.0.0') {
       logger.info(
         `Server listening on all interfaces at port ${port}. Use http://localhost:${port} to access it`,
@@ -163,7 +171,9 @@ const startServer = async () => {
       logger.info(`Server listening at http://${host == '0.0.0.0' ? 'localhost' : host}:${port}`);
     }
 
-    initializeMCPs().then(() => checkMigrations());
+    await initializeMCPs();
+    await initializeOAuthReconnectManager();
+    await checkMigrations();
   });
 };
 

api/server/middleware/accessResources/fileAccess.js

@@ -1,7 +1,7 @@
 const { logger } = require('@librechat/data-schemas');
 const { PermissionBits, hasPermissions, ResourceType } = require('librechat-data-provider');
 const { getEffectivePermissions } = require('~/server/services/PermissionService');
-const { getAgent } = require('~/models/Agent');
+const { getAgents } = require('~/models/Agent');
 const { getFiles } = require('~/models/File');
 
 /**
@@ -10,11 +10,12 @@ const { getFiles } = require('~/models/File');
  */
 const checkAgentBasedFileAccess = async ({ userId, role, fileId }) => {
   try {
-    // Find agents that have this file in their tool_resources
-    const agentsWithFile = await getAgent({
+    /** Agents that have this file in their tool_resources */
+    const agentsWithFile = await getAgents({
       $or: [
-        { 'tool_resources.file_search.file_ids': fileId },
         { 'tool_resources.execute_code.file_ids': fileId },
+        { 'tool_resources.file_search.file_ids': fileId },
+        { 'tool_resources.context.file_ids': fileId },
         { 'tool_resources.ocr.file_ids': fileId },
       ],
     });
@@ -24,7 +25,7 @@ const checkAgentBasedFileAccess = async ({ userId, role, fileId }) => {
     }
 
     // Check if user has access to any of these agents
-    for (const agent of Array.isArray(agentsWithFile) ? agentsWithFile : [agentsWithFile]) {
+    for (const agent of agentsWithFile) {
       // Check if user is the agent author
       if (agent.author && agent.author.toString() === userId) {
         logger.debug(`[fileAccess] User is author of agent ${agent.id}`);
@@ -83,7 +84,6 @@ const fileAccess = async (req, res, next) => {
       });
     }
 
-    // Get the file
     const [file] = await getFiles({ file_id: fileId });
     if (!file) {
       return res.status(404).json({
@@ -92,20 +92,18 @@ const fileAccess = async (req, res, next) => {
       });
     }
 
-    // Check if user owns the file
     if (file.user && file.user.toString() === userId) {
       req.fileAccess = { file };
       return next();
     }
 
-    // Check agent-based access (file inherits agent permissions)
+    /** Agent-based access (file inherits agent permissions) */
     const hasAgentAccess = await checkAgentBasedFileAccess({ userId, role: userRole, fileId });
     if (hasAgentAccess) {
       req.fileAccess = { file };
       return next();
     }
 
-    // No access
     logger.warn(`[fileAccess] User ${userId} denied access to file ${fileId}`);
     return res.status(403).json({
       error: 'Forbidden',

api/server/middleware/accessResources/fileAccess.spec.js

@@ -0,0 +1,483 @@
+const mongoose = require('mongoose');
+const { ResourceType, PrincipalType, PrincipalModel } = require('librechat-data-provider');
+const { MongoMemoryServer } = require('mongodb-memory-server');
+const { fileAccess } = require('./fileAccess');
+const { User, Role, AclEntry } = require('~/db/models');
+const { createAgent } = require('~/models/Agent');
+const { createFile } = require('~/models/File');
+
+describe('fileAccess middleware', () => {
+  let mongoServer;
+  let req, res, next;
+  let testUser, otherUser, thirdUser;
+
+  beforeAll(async () => {
+    mongoServer = await MongoMemoryServer.create();
+    const mongoUri = mongoServer.getUri();
+    await mongoose.connect(mongoUri);
+  });
+
+  afterAll(async () => {
+    await mongoose.disconnect();
+    await mongoServer.stop();
+  });
+
+  beforeEach(async () => {
+    await mongoose.connection.dropDatabase();
+
+    // Create test role
+    await Role.create({
+      name: 'test-role',
+      permissions: {
+        AGENTS: {
+          USE: true,
+          CREATE: true,
+          SHARED_GLOBAL: false,
+        },
+      },
+    });
+
+    // Create test users
+    testUser = await User.create({
+      email: 'test@example.com',
+      name: 'Test User',
+      username: 'testuser',
+      role: 'test-role',
+    });
+
+    otherUser = await User.create({
+      email: 'other@example.com',
+      name: 'Other User',
+      username: 'otheruser',
+      role: 'test-role',
+    });
+
+    thirdUser = await User.create({
+      email: 'third@example.com',
+      name: 'Third User',
+      username: 'thirduser',
+      role: 'test-role',
+    });
+
+    // Setup request/response objects
+    req = {
+      user: { id: testUser._id.toString(), role: testUser.role },
+      params: {},
+    };
+    res = {
+      status: jest.fn().mockReturnThis(),
+      json: jest.fn(),
+    };
+    next = jest.fn();
+
+    jest.clearAllMocks();
+  });
+
+  describe('basic file access', () => {
+    test('should allow access when user owns the file', async () => {
+      // Create a file owned by testUser
+      await createFile({
+        user: testUser._id.toString(),
+        file_id: 'file_owned_by_user',
+        filepath: '/test/file.txt',
+        filename: 'file.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+
+      req.params.file_id = 'file_owned_by_user';
+      await fileAccess(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+      expect(req.fileAccess).toBeDefined();
+      expect(req.fileAccess.file).toBeDefined();
+      expect(res.status).not.toHaveBeenCalled();
+    });
+
+    test('should deny access when user does not own the file and no agent access', async () => {
+      // Create a file owned by otherUser
+      await createFile({
+        user: otherUser._id.toString(),
+        file_id: 'file_owned_by_other',
+        filepath: '/test/file.txt',
+        filename: 'file.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+
+      req.params.file_id = 'file_owned_by_other';
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Forbidden',
+        message: 'Insufficient permissions to access this file',
+      });
+    });
+
+    test('should return 404 when file does not exist', async () => {
+      req.params.file_id = 'non_existent_file';
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(404);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Not Found',
+        message: 'File not found',
+      });
+    });
+
+    test('should return 400 when file_id is missing', async () => {
+      // Don't set file_id in params
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(400);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Bad Request',
+        message: 'file_id is required',
+      });
+    });
+
+    test('should return 401 when user is not authenticated', async () => {
+      req.user = null;
+      req.params.file_id = 'some_file';
+
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(401);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Unauthorized',
+        message: 'Authentication required',
+      });
+    });
+  });
+
+  describe('agent-based file access', () => {
+    beforeEach(async () => {
+      // Create a file owned by otherUser (not testUser)
+      await createFile({
+        user: otherUser._id.toString(),
+        file_id: 'shared_file_via_agent',
+        filepath: '/test/shared.txt',
+        filename: 'shared.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+    });
+
+    test('should allow access when user is author of agent with file', async () => {
+      // Create agent owned by testUser with the file
+      await createAgent({
+        id: `agent_${Date.now()}`,
+        name: 'Test Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: testUser._id,
+        tool_resources: {
+          file_search: {
+            file_ids: ['shared_file_via_agent'],
+          },
+        },
+      });
+
+      req.params.file_id = 'shared_file_via_agent';
+      await fileAccess(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+      expect(req.fileAccess).toBeDefined();
+      expect(req.fileAccess.file).toBeDefined();
+    });
+
+    test('should allow access when user has VIEW permission on agent with file', async () => {
+      // Create agent owned by otherUser
+      const agent = await createAgent({
+        id: `agent_${Date.now()}`,
+        name: 'Shared Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: otherUser._id,
+        tool_resources: {
+          execute_code: {
+            file_ids: ['shared_file_via_agent'],
+          },
+        },
+      });
+
+      // Grant VIEW permission to testUser
+      await AclEntry.create({
+        principalType: PrincipalType.USER,
+        principalId: testUser._id,
+        principalModel: PrincipalModel.USER,
+        resourceType: ResourceType.AGENT,
+        resourceId: agent._id,
+        permBits: 1, // VIEW permission
+        grantedBy: otherUser._id,
+      });
+
+      req.params.file_id = 'shared_file_via_agent';
+      await fileAccess(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+      expect(req.fileAccess).toBeDefined();
+    });
+
+    test('should check file in ocr tool_resources', async () => {
+      await createAgent({
+        id: `agent_ocr_${Date.now()}`,
+        name: 'OCR Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: testUser._id,
+        tool_resources: {
+          ocr: {
+            file_ids: ['shared_file_via_agent'],
+          },
+        },
+      });
+
+      req.params.file_id = 'shared_file_via_agent';
+      await fileAccess(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+      expect(req.fileAccess).toBeDefined();
+    });
+
+    test('should deny access when user has no permission on agent with file', async () => {
+      // Create agent owned by otherUser without granting permission to testUser
+      const agent = await createAgent({
+        id: `agent_${Date.now()}`,
+        name: 'Private Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: otherUser._id,
+        tool_resources: {
+          file_search: {
+            file_ids: ['shared_file_via_agent'],
+          },
+        },
+      });
+
+      // Create ACL entry for otherUser only (owner)
+      await AclEntry.create({
+        principalType: PrincipalType.USER,
+        principalId: otherUser._id,
+        principalModel: PrincipalModel.USER,
+        resourceType: ResourceType.AGENT,
+        resourceId: agent._id,
+        permBits: 15, // All permissions
+        grantedBy: otherUser._id,
+      });
+
+      req.params.file_id = 'shared_file_via_agent';
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(403);
+    });
+  });
+
+  describe('multiple agents with same file', () => {
+    /**
+     * This test suite verifies that when multiple agents have the same file,
+     * all agents are checked for permissions, not just the first one found.
+     * This ensures users can access files through any agent they have permission for.
+     */
+
+    test('should check ALL agents with file, not just first one', async () => {
+      // Create a file owned by someone else
+      await createFile({
+        user: otherUser._id.toString(),
+        file_id: 'multi_agent_file',
+        filepath: '/test/multi.txt',
+        filename: 'multi.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+
+      // Create first agent (owned by otherUser, no access for testUser)
+      const agent1 = await createAgent({
+        id: 'agent_no_access',
+        name: 'No Access Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: otherUser._id,
+        tool_resources: {
+          file_search: {
+            file_ids: ['multi_agent_file'],
+          },
+        },
+      });
+
+      // Create ACL for agent1 - only otherUser has access
+      await AclEntry.create({
+        principalType: PrincipalType.USER,
+        principalId: otherUser._id,
+        principalModel: PrincipalModel.USER,
+        resourceType: ResourceType.AGENT,
+        resourceId: agent1._id,
+        permBits: 15,
+        grantedBy: otherUser._id,
+      });
+
+      // Create second agent (owned by thirdUser, but testUser has VIEW access)
+      const agent2 = await createAgent({
+        id: 'agent_with_access',
+        name: 'Accessible Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: thirdUser._id,
+        tool_resources: {
+          file_search: {
+            file_ids: ['multi_agent_file'],
+          },
+        },
+      });
+
+      // Grant testUser VIEW access to agent2
+      await AclEntry.create({
+        principalType: PrincipalType.USER,
+        principalId: testUser._id,
+        principalModel: PrincipalModel.USER,
+        resourceType: ResourceType.AGENT,
+        resourceId: agent2._id,
+        permBits: 1, // VIEW permission
+        grantedBy: thirdUser._id,
+      });
+
+      req.params.file_id = 'multi_agent_file';
+      await fileAccess(req, res, next);
+
+      /**
+       * Should succeed because testUser has access to agent2,
+       * even though they don't have access to agent1.
+       * The fix ensures all agents are checked, not just the first one.
+       */
+      expect(next).toHaveBeenCalled();
+      expect(req.fileAccess).toBeDefined();
+      expect(res.status).not.toHaveBeenCalled();
+    });
+
+    test('should find file in any agent tool_resources type', async () => {
+      // Create a file
+      await createFile({
+        user: otherUser._id.toString(),
+        file_id: 'multi_tool_file',
+        filepath: '/test/tool.txt',
+        filename: 'tool.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+
+      // Agent 1: file in file_search (no access for testUser)
+      await createAgent({
+        id: 'agent_file_search',
+        name: 'File Search Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: otherUser._id,
+        tool_resources: {
+          file_search: {
+            file_ids: ['multi_tool_file'],
+          },
+        },
+      });
+
+      // Agent 2: same file in execute_code (testUser has access)
+      await createAgent({
+        id: 'agent_execute_code',
+        name: 'Execute Code Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: thirdUser._id,
+        tool_resources: {
+          execute_code: {
+            file_ids: ['multi_tool_file'],
+          },
+        },
+      });
+
+      // Agent 3: same file in ocr (testUser also has access)
+      await createAgent({
+        id: 'agent_ocr',
+        name: 'OCR Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: testUser._id, // testUser owns this one
+        tool_resources: {
+          ocr: {
+            file_ids: ['multi_tool_file'],
+          },
+        },
+      });
+
+      req.params.file_id = 'multi_tool_file';
+      await fileAccess(req, res, next);
+
+      /**
+       * Should succeed because testUser owns agent3,
+       * even if other agents with the file are found first.
+       */
+      expect(next).toHaveBeenCalled();
+      expect(req.fileAccess).toBeDefined();
+    });
+  });
+
+  describe('edge cases', () => {
+    test('should handle agent with empty tool_resources', async () => {
+      await createFile({
+        user: otherUser._id.toString(),
+        file_id: 'orphan_file',
+        filepath: '/test/orphan.txt',
+        filename: 'orphan.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+
+      // Create agent with no files in tool_resources
+      await createAgent({
+        id: `agent_empty_${Date.now()}`,
+        name: 'Empty Resources Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: testUser._id,
+        tool_resources: {},
+      });
+
+      req.params.file_id = 'orphan_file';
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(403);
+    });
+
+    test('should handle agent with null tool_resources', async () => {
+      await createFile({
+        user: otherUser._id.toString(),
+        file_id: 'another_orphan_file',
+        filepath: '/test/orphan2.txt',
+        filename: 'orphan2.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+
+      // Create agent with null tool_resources
+      await createAgent({
+        id: `agent_null_${Date.now()}`,
+        name: 'Null Resources Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: testUser._id,
+        tool_resources: null,
+      });
+
+      req.params.file_id = 'another_orphan_file';
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(403);
+    });
+  });
+});

api/server/middleware/canDeleteAccount.js

@@ -1,6 +1,6 @@
+const { isEnabled } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { SystemRoles } = require('librechat-data-provider');
-const { isEnabled } = require('~/server/utils');
-const { logger } = require('~/config');
 
 /**
  * Checks if the user can delete their account

api/server/middleware/checkBan.js

@@ -1,9 +1,9 @@
 const { Keyv } = require('keyv');
 const uap = require('ua-parser-js');
 const { logger } = require('@librechat/data-schemas');
+const { isEnabled, keyvMongo } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
-const { isEnabled, removePorts } = require('~/server/utils');
-const keyvMongo = require('~/cache/keyvMongo');
+const { removePorts } = require('~/server/utils');
 const denyRequest = require('./denyRequest');
 const { getLogStores } = require('~/cache');
 const { findUser } = require('~/models');

api/server/middleware/checkDomainAllowed.js

@@ -1,5 +1,5 @@
 const { logger } = require('@librechat/data-schemas');
-const { isEmailDomainAllowed } = require('~/server/services/domains');
+const { isEmailDomainAllowed } = require('@librechat/api');
 const { getAppConfig } = require('~/server/services/Config');
 
 /**
@@ -11,18 +11,25 @@ const { getAppConfig } = require('~/server/services/Config');
  * @param {Object} res - Express response object.
  * @param {Function} next - Next middleware function.
  *
- * @returns {Promise<function|Object>} - Returns a Promise which when resolved calls next middleware if the domain's email is allowed
+ * @returns {Promise<void>} - Calls next middleware if the domain's email is allowed, otherwise redirects to login
  */
-const checkDomainAllowed = async (req, res, next = () => {}) => {
-  const email = req?.user?.email;
-  const appConfig = await getAppConfig({
-    role: req?.user?.role,
-  });
-  if (email && !isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
-    logger.error(`[Social Login] [Social Login not allowed] [Email: ${email}]`);
-    return res.redirect('/login');
-  } else {
-    return next();
+const checkDomainAllowed = async (req, res, next) => {
+  try {
+    const email = req?.user?.email;
+    const appConfig = await getAppConfig({
+      role: req?.user?.role,
+    });
+
+    if (email && !isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
+      logger.error(`[Social Login] [Social Login not allowed] [Email: ${email}]`);
+      res.redirect('/login');
+      return;
+    }
+
+    next();
+  } catch (error) {
+    logger.error('[checkDomainAllowed] Error checking domain:', error);
+    res.redirect('/login');
   }
 };
 

api/server/middleware/checkPeoplePickerAccess.js

@@ -1,6 +1,6 @@
+const { logger } = require('@librechat/data-schemas');
 const { PrincipalType, PermissionTypes, Permissions } = require('librechat-data-provider');
 const { getRoleByName } = require('~/models/Role');
-const { logger } = require('~/config');
 
 /**
  * Middleware to check if user has permission to access people picker functionality

api/server/middleware/checkPeoplePickerAccess.spec.js

@@ -1,10 +1,11 @@
+const { logger } = require('@librechat/data-schemas');
 const { PrincipalType, PermissionTypes, Permissions } = require('librechat-data-provider');
 const { checkPeoplePickerAccess } = require('./checkPeoplePickerAccess');
 const { getRoleByName } = require('~/models/Role');
-const { logger } = require('~/config');
 
 jest.mock('~/models/Role');
-jest.mock('~/config', () => ({
+jest.mock('@librechat/data-schemas', () => ({
+  ...jest.requireActual('@librechat/data-schemas'),
   logger: {
     error: jest.fn(),
   },

api/server/middleware/concurrentLimiter.js

@@ -1,7 +1,7 @@
+const { isEnabled } = require('@librechat/api');
 const { Time, CacheKeys, ViolationTypes } = require('librechat-data-provider');
 const clearPendingReq = require('~/cache/clearPendingReq');
 const { logViolation, getLogStores } = require('~/cache');
-const { isEnabled } = require('~/server/utils');
 const denyRequest = require('./denyRequest');
 
 const {

api/server/middleware/index.js

@@ -1,6 +1,5 @@
 const validatePasswordReset = require('./validatePasswordReset');
 const validateRegistration = require('./validateRegistration');
-const validateImageRequest = require('./validateImageRequest');
 const buildEndpointOption = require('./buildEndpointOption');
 const validateMessageReq = require('./validateMessageReq');
 const checkDomainAllowed = require('./checkDomainAllowed');
@@ -50,6 +49,5 @@ module.exports = {
   validateMessageReq,
   buildEndpointOption,
   validateRegistration,
-  validateImageRequest,
   validatePasswordReset,
 };

api/server/middleware/limiters/forkLimiters.js

@@ -1,6 +1,6 @@
 const rateLimit = require('express-rate-limit');
+const { limiterCache } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
-const { limiterCache } = require('~/cache/cacheFactory');
 const logViolation = require('~/cache/logViolation');
 
 const getEnvironmentVariables = () => {

api/server/middleware/limiters/importLimiters.js

@@ -1,6 +1,6 @@
 const rateLimit = require('express-rate-limit');
+const { limiterCache } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
-const { limiterCache } = require('~/cache/cacheFactory');
 const logViolation = require('~/cache/logViolation');
 
 const getEnvironmentVariables = () => {

api/server/middleware/limiters/loginLimiter.js

@@ -1,7 +1,7 @@
 const rateLimit = require('express-rate-limit');
+const { limiterCache } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
 const { removePorts } = require('~/server/utils');
-const { limiterCache } = require('~/cache/cacheFactory');
 const { logViolation } = require('~/cache');
 
 const { LOGIN_WINDOW = 5, LOGIN_MAX = 7, LOGIN_VIOLATION_SCORE: score } = process.env;

api/server/middleware/limiters/messageLimiters.js

@@ -1,7 +1,7 @@
 const rateLimit = require('express-rate-limit');
+const { limiterCache } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
 const denyRequest = require('~/server/middleware/denyRequest');
-const { limiterCache } = require('~/cache/cacheFactory');
 const { logViolation } = require('~/cache');
 
 const {

api/server/middleware/limiters/registerLimiter.js

@@ -1,7 +1,7 @@
 const rateLimit = require('express-rate-limit');
+const { limiterCache } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
 const { removePorts } = require('~/server/utils');
-const { limiterCache } = require('~/cache/cacheFactory');
 const { logViolation } = require('~/cache');
 
 const { REGISTER_WINDOW = 60, REGISTER_MAX = 5, REGISTRATION_VIOLATION_SCORE: score } = process.env;

api/server/middleware/limiters/resetPasswordLimiter.js

@@ -1,7 +1,7 @@
 const rateLimit = require('express-rate-limit');
+const { limiterCache } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
 const { removePorts } = require('~/server/utils');
-const { limiterCache } = require('~/cache/cacheFactory');
 const { logViolation } = require('~/cache');
 
 const {

api/server/middleware/limiters/sttLimiters.js

@@ -1,6 +1,6 @@
 const rateLimit = require('express-rate-limit');
+const { limiterCache } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
-const { limiterCache } = require('~/cache/cacheFactory');
 const logViolation = require('~/cache/logViolation');
 
 const getEnvironmentVariables = () => {

api/server/middleware/limiters/toolCallLimiter.js

@@ -1,6 +1,6 @@
 const rateLimit = require('express-rate-limit');
+const { limiterCache } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
-const { limiterCache } = require('~/cache/cacheFactory');
 const logViolation = require('~/cache/logViolation');
 
 const { TOOL_CALL_VIOLATION_SCORE: score } = process.env;

api/server/middleware/limiters/ttsLimiters.js

@@ -1,7 +1,7 @@
 const rateLimit = require('express-rate-limit');
+const { limiterCache } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
 const logViolation = require('~/cache/logViolation');
-const { limiterCache } = require('~/cache/cacheFactory');
 
 const getEnvironmentVariables = () => {
   const TTS_IP_MAX = parseInt(process.env.TTS_IP_MAX) || 100;

api/server/middleware/limiters/uploadLimiters.js

@@ -1,6 +1,6 @@
 const rateLimit = require('express-rate-limit');
+const { limiterCache } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
-const { limiterCache } = require('~/cache/cacheFactory');
 const logViolation = require('~/cache/logViolation');
 
 const getEnvironmentVariables = () => {

api/server/middleware/limiters/verifyEmailLimiter.js

@@ -1,7 +1,7 @@
 const rateLimit = require('express-rate-limit');
+const { limiterCache } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
 const { removePorts } = require('~/server/utils');
-const { limiterCache } = require('~/cache/cacheFactory');
 const { logViolation } = require('~/cache');
 
 const {

api/server/middleware/logHeaders.js

@@ -1,4 +1,4 @@
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');
 
 /**
  * Middleware to log Forwarded Headers

api/server/middleware/moderateText.js

@@ -1,8 +1,8 @@
 const axios = require('axios');
+const { isEnabled } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { ErrorTypes } = require('librechat-data-provider');
-const { isEnabled } = require('~/server/utils');
 const denyRequest = require('./denyRequest');
-const { logger } = require('~/config');
 
 async function moderateText(req, res, next) {
   if (!isEnabled(process.env.OPENAI_MODERATION)) {

api/server/middleware/optionalJwtAuth.js

@@ -1,6 +1,6 @@
 const cookies = require('cookie');
-const { isEnabled } = require('~/server/utils');
 const passport = require('passport');
+const { isEnabled } = require('@librechat/api');
 
 // This middleware does not require authentication,
 // but if the user is authenticated, it will set the user object.

api/server/middleware/requireJwtAuth.js

@@ -1,6 +1,6 @@
-const passport = require('passport');
 const cookies = require('cookie');
-const { isEnabled } = require('~/server/utils');
+const passport = require('passport');
+const { isEnabled } = require('@librechat/api');
 
 /**
  * Custom Middleware to handle JWT authentication, with support for OpenID token reuse

api/server/middleware/requireLocalAuth.js

@@ -1,5 +1,5 @@
 const passport = require('passport');
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');
 
 const requireLocalAuth = (req, res, next) => {
   passport.authenticate('local', (err, user, info) => {

api/server/middleware/spec/validateImages.spec.js

@@ -1,14 +1,14 @@
 const jwt = require('jsonwebtoken');
-const validateImageRequest = require('~/server/middleware/validateImageRequest');
+const { isEnabled } = require('@librechat/api');
+const createValidateImageRequest = require('~/server/middleware/validateImageRequest');
 
-jest.mock('~/server/services/Config/app', () => ({
-  getAppConfig: jest.fn(),
+jest.mock('@librechat/api', () => ({
+  isEnabled: jest.fn(),
 }));
 
 describe('validateImageRequest middleware', () => {
-  let req, res, next;
+  let req, res, next, validateImageRequest;
   const validObjectId = '65cfb246f7ecadb8b1e8036b';
-  const { getAppConfig } = require('~/server/services/Config/app');
 
   beforeEach(() => {
     jest.clearAllMocks();
@@ -22,116 +22,278 @@ describe('validateImageRequest middleware', () => {
     };
     next = jest.fn();
     process.env.JWT_REFRESH_SECRET = 'test-secret';
+    process.env.OPENID_REUSE_TOKENS = 'false';
 
-    // Mock getAppConfig to return secureImageLinks: true by default
-    getAppConfig.mockResolvedValue({
-      secureImageLinks: true,
-    });
+    // Default: OpenID token reuse disabled
+    isEnabled.mockReturnValue(false);
   });
 
   afterEach(() => {
     jest.clearAllMocks();
   });
 
-  test('should call next() if secureImageLinks is false', async () => {
-    getAppConfig.mockResolvedValue({
-      secureImageLinks: false,
+  describe('Factory function', () => {
+    test('should return a pass-through middleware if secureImageLinks is false', async () => {
+      const middleware = createValidateImageRequest(false);
+      await middleware(req, res, next);
+      expect(next).toHaveBeenCalled();
+      expect(res.status).not.toHaveBeenCalled();
+    });
+
+    test('should return validation middleware if secureImageLinks is true', async () => {
+      validateImageRequest = createValidateImageRequest(true);
+      await validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(401);
+      expect(res.send).toHaveBeenCalledWith('Unauthorized');
     });
-    await validateImageRequest(req, res, next);
-    expect(next).toHaveBeenCalled();
   });
 
-  test('should return 401 if refresh token is not provided', async () => {
-    await validateImageRequest(req, res, next);
-    expect(res.status).toHaveBeenCalledWith(401);
-    expect(res.send).toHaveBeenCalledWith('Unauthorized');
-  });
+  describe('Standard LibreChat token flow', () => {
+    beforeEach(() => {
+      validateImageRequest = createValidateImageRequest(true);
+    });
 
-  test('should return 403 if refresh token is invalid', async () => {
-    req.headers.cookie = 'refreshToken=invalid-token';
-    await validateImageRequest(req, res, next);
-    expect(res.status).toHaveBeenCalledWith(403);
-    expect(res.send).toHaveBeenCalledWith('Access Denied');
-  });
+    test('should return 401 if refresh token is not provided', async () => {
+      await validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(401);
+      expect(res.send).toHaveBeenCalledWith('Unauthorized');
+    });
 
-  test('should return 403 if refresh token is expired', async () => {
-    const expiredToken = jwt.sign(
-      { id: validObjectId, exp: Math.floor(Date.now() / 1000) - 3600 },
-      process.env.JWT_REFRESH_SECRET,
-    );
-    req.headers.cookie = `refreshToken=${expiredToken}`;
-    await validateImageRequest(req, res, next);
-    expect(res.status).toHaveBeenCalledWith(403);
-    expect(res.send).toHaveBeenCalledWith('Access Denied');
-  });
-
-  test('should call next() for valid image path', async () => {
-    const validToken = jwt.sign(
-      { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
-      process.env.JWT_REFRESH_SECRET,
-    );
-    req.headers.cookie = `refreshToken=${validToken}`;
-    req.originalUrl = `/images/${validObjectId}/example.jpg`;
-    await validateImageRequest(req, res, next);
-    expect(next).toHaveBeenCalled();
-  });
-
-  test('should return 403 for invalid image path', async () => {
-    const validToken = jwt.sign(
-      { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
-      process.env.JWT_REFRESH_SECRET,
-    );
-    req.headers.cookie = `refreshToken=${validToken}`;
-    req.originalUrl = '/images/65cfb246f7ecadb8b1e8036c/example.jpg'; // Different ObjectId
-    await validateImageRequest(req, res, next);
-    expect(res.status).toHaveBeenCalledWith(403);
-    expect(res.send).toHaveBeenCalledWith('Access Denied');
-  });
-
-  test('should return 403 for invalid ObjectId format', async () => {
-    const validToken = jwt.sign(
-      { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
-      process.env.JWT_REFRESH_SECRET,
-    );
-    req.headers.cookie = `refreshToken=${validToken}`;
-    req.originalUrl = '/images/123/example.jpg'; // Invalid ObjectId
-    await validateImageRequest(req, res, next);
-    expect(res.status).toHaveBeenCalledWith(403);
-    expect(res.send).toHaveBeenCalledWith('Access Denied');
-  });
-
-  // File traversal tests
-  test('should prevent file traversal attempts', async () => {
-    const validToken = jwt.sign(
-      { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
-      process.env.JWT_REFRESH_SECRET,
-    );
-    req.headers.cookie = `refreshToken=${validToken}`;
-
-    const traversalAttempts = [
-      `/images/${validObjectId}/../../../etc/passwd`,
-      `/images/${validObjectId}/..%2F..%2F..%2Fetc%2Fpasswd`,
-      `/images/${validObjectId}/image.jpg/../../../etc/passwd`,
-      `/images/${validObjectId}/%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd`,
-    ];
-
-    for (const attempt of traversalAttempts) {
-      req.originalUrl = attempt;
+    test('should return 403 if refresh token is invalid', async () => {
+      req.headers.cookie = 'refreshToken=invalid-token';
       await validateImageRequest(req, res, next);
       expect(res.status).toHaveBeenCalledWith(403);
       expect(res.send).toHaveBeenCalledWith('Access Denied');
-      jest.clearAllMocks();
-    }
+    });
+
+    test('should return 403 if refresh token is expired', async () => {
+      const expiredToken = jwt.sign(
+        { id: validObjectId, exp: Math.floor(Date.now() / 1000) - 3600 },
+        process.env.JWT_REFRESH_SECRET,
+      );
+      req.headers.cookie = `refreshToken=${expiredToken}`;
+      await validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.send).toHaveBeenCalledWith('Access Denied');
+    });
+
+    test('should call next() for valid image path', async () => {
+      const validToken = jwt.sign(
+        { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
+        process.env.JWT_REFRESH_SECRET,
+      );
+      req.headers.cookie = `refreshToken=${validToken}`;
+      req.originalUrl = `/images/${validObjectId}/example.jpg`;
+      await validateImageRequest(req, res, next);
+      expect(next).toHaveBeenCalled();
+    });
+
+    test('should return 403 for invalid image path', async () => {
+      const validToken = jwt.sign(
+        { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
+        process.env.JWT_REFRESH_SECRET,
+      );
+      req.headers.cookie = `refreshToken=${validToken}`;
+      req.originalUrl = '/images/65cfb246f7ecadb8b1e8036c/example.jpg'; // Different ObjectId
+      await validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.send).toHaveBeenCalledWith('Access Denied');
+    });
+
+    test('should allow agent avatar pattern for any valid ObjectId', async () => {
+      const validToken = jwt.sign(
+        { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
+        process.env.JWT_REFRESH_SECRET,
+      );
+      req.headers.cookie = `refreshToken=${validToken}`;
+      req.originalUrl = '/images/65cfb246f7ecadb8b1e8036c/agent-avatar-12345.png';
+      await validateImageRequest(req, res, next);
+      expect(next).toHaveBeenCalled();
+    });
+
+    test('should prevent file traversal attempts', async () => {
+      const validToken = jwt.sign(
+        { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
+        process.env.JWT_REFRESH_SECRET,
+      );
+      req.headers.cookie = `refreshToken=${validToken}`;
+
+      const traversalAttempts = [
+        `/images/${validObjectId}/../../../etc/passwd`,
+        `/images/${validObjectId}/..%2F..%2F..%2Fetc%2Fpasswd`,
+        `/images/${validObjectId}/image.jpg/../../../etc/passwd`,
+        `/images/${validObjectId}/%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd`,
+      ];
+
+      for (const attempt of traversalAttempts) {
+        req.originalUrl = attempt;
+        await validateImageRequest(req, res, next);
+        expect(res.status).toHaveBeenCalledWith(403);
+        expect(res.send).toHaveBeenCalledWith('Access Denied');
+        jest.clearAllMocks();
+        // Reset mocks for next iteration
+        res.status = jest.fn().mockReturnThis();
+        res.send = jest.fn();
+      }
+    });
+
+    test('should handle URL encoded characters in valid paths', async () => {
+      const validToken = jwt.sign(
+        { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
+        process.env.JWT_REFRESH_SECRET,
+      );
+      req.headers.cookie = `refreshToken=${validToken}`;
+      req.originalUrl = `/images/${validObjectId}/image%20with%20spaces.jpg`;
+      await validateImageRequest(req, res, next);
+      expect(next).toHaveBeenCalled();
+    });
   });
 
-  test('should handle URL encoded characters in valid paths', async () => {
-    const validToken = jwt.sign(
-      { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
-      process.env.JWT_REFRESH_SECRET,
-    );
-    req.headers.cookie = `refreshToken=${validToken}`;
-    req.originalUrl = `/images/${validObjectId}/image%20with%20spaces.jpg`;
-    await validateImageRequest(req, res, next);
-    expect(next).toHaveBeenCalled();
+  describe('OpenID token flow', () => {
+    beforeEach(() => {
+      validateImageRequest = createValidateImageRequest(true);
+      // Enable OpenID token reuse
+      isEnabled.mockReturnValue(true);
+      process.env.OPENID_REUSE_TOKENS = 'true';
+    });
+
+    test('should return 403 if no OpenID user ID cookie when token_provider is openid', async () => {
+      req.headers.cookie = 'refreshToken=dummy-token; token_provider=openid';
+      await validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.send).toHaveBeenCalledWith('Access Denied');
+    });
+
+    test('should validate JWT-signed user ID for OpenID flow', async () => {
+      const signedUserId = jwt.sign(
+        { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
+        process.env.JWT_REFRESH_SECRET,
+      );
+      req.headers.cookie = `refreshToken=dummy-token; token_provider=openid; openid_user_id=${signedUserId}`;
+      req.originalUrl = `/images/${validObjectId}/example.jpg`;
+      await validateImageRequest(req, res, next);
+      expect(next).toHaveBeenCalled();
+    });
+
+    test('should return 403 for invalid JWT-signed user ID', async () => {
+      req.headers.cookie =
+        'refreshToken=dummy-token; token_provider=openid; openid_user_id=invalid-jwt';
+      await validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.send).toHaveBeenCalledWith('Access Denied');
+    });
+
+    test('should return 403 for expired JWT-signed user ID', async () => {
+      const expiredSignedUserId = jwt.sign(
+        { id: validObjectId, exp: Math.floor(Date.now() / 1000) - 3600 },
+        process.env.JWT_REFRESH_SECRET,
+      );
+      req.headers.cookie = `refreshToken=dummy-token; token_provider=openid; openid_user_id=${expiredSignedUserId}`;
+      await validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.send).toHaveBeenCalledWith('Access Denied');
+    });
+
+    test('should validate image path against JWT-signed user ID', async () => {
+      const signedUserId = jwt.sign(
+        { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
+        process.env.JWT_REFRESH_SECRET,
+      );
+      const differentObjectId = '65cfb246f7ecadb8b1e8036c';
+      req.headers.cookie = `refreshToken=dummy-token; token_provider=openid; openid_user_id=${signedUserId}`;
+      req.originalUrl = `/images/${differentObjectId}/example.jpg`;
+      await validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.send).toHaveBeenCalledWith('Access Denied');
+    });
+
+    test('should allow agent avatars in OpenID flow', async () => {
+      const signedUserId = jwt.sign(
+        { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
+        process.env.JWT_REFRESH_SECRET,
+      );
+      req.headers.cookie = `refreshToken=dummy-token; token_provider=openid; openid_user_id=${signedUserId}`;
+      req.originalUrl = '/images/65cfb246f7ecadb8b1e8036c/agent-avatar-12345.png';
+      await validateImageRequest(req, res, next);
+      expect(next).toHaveBeenCalled();
+    });
+  });
+
+  describe('Security edge cases', () => {
+    let validToken;
+
+    beforeEach(() => {
+      validateImageRequest = createValidateImageRequest(true);
+      validToken = jwt.sign(
+        { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
+        process.env.JWT_REFRESH_SECRET,
+      );
+    });
+
+    test('should handle very long image filenames', async () => {
+      const longFilename = 'a'.repeat(1000) + '.jpg';
+      req.headers.cookie = `refreshToken=${validToken}`;
+      req.originalUrl = `/images/${validObjectId}/${longFilename}`;
+      await validateImageRequest(req, res, next);
+      expect(next).toHaveBeenCalled();
+    });
+
+    test('should handle URLs with maximum practical length', async () => {
+      // Most browsers support URLs up to ~2000 characters
+      const longFilename = 'x'.repeat(1900) + '.jpg';
+      req.headers.cookie = `refreshToken=${validToken}`;
+      req.originalUrl = `/images/${validObjectId}/${longFilename}`;
+      await validateImageRequest(req, res, next);
+      expect(next).toHaveBeenCalled();
+    });
+
+    test('should accept URLs just under the 2048 limit', async () => {
+      // Create a URL exactly 2047 characters long
+      const baseLength = `/images/${validObjectId}/`.length + '.jpg'.length;
+      const filenameLength = 2047 - baseLength;
+      const filename = 'a'.repeat(filenameLength) + '.jpg';
+      req.headers.cookie = `refreshToken=${validToken}`;
+      req.originalUrl = `/images/${validObjectId}/${filename}`;
+      await validateImageRequest(req, res, next);
+      expect(next).toHaveBeenCalled();
+    });
+
+    test('should handle malformed URL encoding gracefully', async () => {
+      req.headers.cookie = `refreshToken=${validToken}`;
+      req.originalUrl = `/images/${validObjectId}/test%ZZinvalid.jpg`;
+      await validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.send).toHaveBeenCalledWith('Access Denied');
+    });
+
+    test('should reject URLs with null bytes', async () => {
+      req.headers.cookie = `refreshToken=${validToken}`;
+      req.originalUrl = `/images/${validObjectId}/test\x00.jpg`;
+      await validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.send).toHaveBeenCalledWith('Access Denied');
+    });
+
+    test('should handle URLs with repeated slashes', async () => {
+      req.headers.cookie = `refreshToken=${validToken}`;
+      req.originalUrl = `/images/${validObjectId}//test.jpg`;
+      await validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.send).toHaveBeenCalledWith('Access Denied');
+    });
+
+    test('should reject extremely long URLs as potential DoS', async () => {
+      // Create a URL longer than 2048 characters
+      const baseLength = `/images/${validObjectId}/`.length + '.jpg'.length;
+      const filenameLength = 2049 - baseLength; // Ensure total length exceeds 2048
+      const extremelyLongFilename = 'x'.repeat(filenameLength) + '.jpg';
+      req.headers.cookie = `refreshToken=${validToken}`;
+      req.originalUrl = `/images/${validObjectId}/${extremelyLongFilename}`;
+      // Verify our test URL is actually too long
+      expect(req.originalUrl.length).toBeGreaterThan(2048);
+      await validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.send).toHaveBeenCalledWith('Access Denied');
+    });
   });
 });

api/server/middleware/validateImageRequest.js

@@ -1,7 +1,7 @@
 const cookies = require('cookie');
 const jwt = require('jsonwebtoken');
+const { isEnabled } = require('@librechat/api');
 const { logger } = require('@librechat/data-schemas');
-const { getAppConfig } = require('~/server/services/Config/app');
 
 const OBJECT_ID_LENGTH = 24;
 const OBJECT_ID_PATTERN = /^[0-9a-f]{24}$/i;
@@ -22,50 +22,129 @@ function isValidObjectId(id) {
 }
 
 /**
- * Middleware to validate image request.
- * Must be set by `secureImageLinks` via custom config file.
+ * Validates a LibreChat refresh token
+ * @param {string} refreshToken - The refresh token to validate
+ * @returns {{valid: boolean, userId?: string, error?: string}} - Validation result
  */
-async function validateImageRequest(req, res, next) {
-  const appConfig = await getAppConfig({ role: req.user?.role });
-  if (!appConfig.secureImageLinks) {
-    return next();
-  }
-
-  const refreshToken = req.headers.cookie ? cookies.parse(req.headers.cookie).refreshToken : null;
-  if (!refreshToken) {
-    logger.warn('[validateImageRequest] Refresh token not provided');
-    return res.status(401).send('Unauthorized');
-  }
-
-  let payload;
+function validateToken(refreshToken) {
   try {
-    payload = jwt.verify(refreshToken, process.env.JWT_REFRESH_SECRET);
+    const payload = jwt.verify(refreshToken, process.env.JWT_REFRESH_SECRET);
+
+    if (!isValidObjectId(payload.id)) {
+      return { valid: false, error: 'Invalid User ID' };
+    }
+
+    const currentTimeInSeconds = Math.floor(Date.now() / 1000);
+    if (payload.exp < currentTimeInSeconds) {
+      return { valid: false, error: 'Refresh token expired' };
+    }
+
+    return { valid: true, userId: payload.id };
   } catch (err) {
-    logger.warn('[validateImageRequest]', err);
-    return res.status(403).send('Access Denied');
-  }
-
-  if (!isValidObjectId(payload.id)) {
-    logger.warn('[validateImageRequest] Invalid User ID');
-    return res.status(403).send('Access Denied');
-  }
-
-  const currentTimeInSeconds = Math.floor(Date.now() / 1000);
-  if (payload.exp < currentTimeInSeconds) {
-    logger.warn('[validateImageRequest] Refresh token expired');
-    return res.status(403).send('Access Denied');
-  }
-
-  const fullPath = decodeURIComponent(req.originalUrl);
-  const pathPattern = new RegExp(`^/images/${payload.id}/[^/]+$`);
-
-  if (pathPattern.test(fullPath)) {
-    logger.debug('[validateImageRequest] Image request validated');
-    next();
-  } else {
-    logger.warn('[validateImageRequest] Invalid image path');
-    res.status(403).send('Access Denied');
+    logger.warn('[validateToken]', err);
+    return { valid: false, error: 'Invalid token' };
   }
 }
 
-module.exports = validateImageRequest;
+/**
+ * Factory to create the `validateImageRequest` middleware with configured secureImageLinks
+ * @param {boolean} [secureImageLinks] - Whether secure image links are enabled
+ */
+function createValidateImageRequest(secureImageLinks) {
+  if (!secureImageLinks) {
+    return (_req, _res, next) => next();
+  }
+  /**
+   * Middleware to validate image request.
+   * Supports both LibreChat refresh tokens and OpenID JWT tokens.
+   * Must be set by `secureImageLinks` via custom config file.
+   */
+  return async function validateImageRequest(req, res, next) {
+    try {
+      const cookieHeader = req.headers.cookie;
+      if (!cookieHeader) {
+        logger.warn('[validateImageRequest] No cookies provided');
+        return res.status(401).send('Unauthorized');
+      }
+
+      const parsedCookies = cookies.parse(cookieHeader);
+      const refreshToken = parsedCookies.refreshToken;
+
+      if (!refreshToken) {
+        logger.warn('[validateImageRequest] Token not provided');
+        return res.status(401).send('Unauthorized');
+      }
+
+      const tokenProvider = parsedCookies.token_provider;
+      let userIdForPath;
+
+      if (tokenProvider === 'openid' && isEnabled(process.env.OPENID_REUSE_TOKENS)) {
+        const openidUserId = parsedCookies.openid_user_id;
+        if (!openidUserId) {
+          logger.warn('[validateImageRequest] No OpenID user ID cookie found');
+          return res.status(403).send('Access Denied');
+        }
+
+        const validationResult = validateToken(openidUserId);
+        if (!validationResult.valid) {
+          logger.warn(`[validateImageRequest] ${validationResult.error}`);
+          return res.status(403).send('Access Denied');
+        }
+        userIdForPath = validationResult.userId;
+      } else {
+        const validationResult = validateToken(refreshToken);
+        if (!validationResult.valid) {
+          logger.warn(`[validateImageRequest] ${validationResult.error}`);
+          return res.status(403).send('Access Denied');
+        }
+        userIdForPath = validationResult.userId;
+      }
+
+      if (!userIdForPath) {
+        logger.warn('[validateImageRequest] No user ID available for path validation');
+        return res.status(403).send('Access Denied');
+      }
+
+      const MAX_URL_LENGTH = 2048;
+      if (req.originalUrl.length > MAX_URL_LENGTH) {
+        logger.warn('[validateImageRequest] URL too long');
+        return res.status(403).send('Access Denied');
+      }
+
+      if (req.originalUrl.includes('\x00')) {
+        logger.warn('[validateImageRequest] URL contains null byte');
+        return res.status(403).send('Access Denied');
+      }
+
+      let fullPath;
+      try {
+        fullPath = decodeURIComponent(req.originalUrl);
+      } catch {
+        logger.warn('[validateImageRequest] Invalid URL encoding');
+        return res.status(403).send('Access Denied');
+      }
+
+      const agentAvatarPattern = /^\/images\/[a-f0-9]{24}\/agent-[^/]*$/;
+      if (agentAvatarPattern.test(fullPath)) {
+        logger.debug('[validateImageRequest] Image request validated');
+        return next();
+      }
+
+      const escapedUserId = userIdForPath.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+      const pathPattern = new RegExp(`^/images/${escapedUserId}/[^/]+$`);
+
+      if (pathPattern.test(fullPath)) {
+        logger.debug('[validateImageRequest] Image request validated');
+        next();
+      } else {
+        logger.warn('[validateImageRequest] Invalid image path');
+        res.status(403).send('Access Denied');
+      }
+    } catch (error) {
+      logger.error('[validateImageRequest] Error:', error);
+      res.status(500).send('Internal Server Error');
+    }
+  };
+}
+
+module.exports = createValidateImageRequest;

api/server/middleware/validatePasswordReset.js

@@ -1,5 +1,5 @@
-const { isEnabled } = require('~/server/utils');
-const { logger } = require('~/config');
+const { isEnabled } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 
 function validatePasswordReset(req, res, next) {
   if (isEnabled(process.env.ALLOW_PASSWORD_RESET)) {