feat: Add configurable thinking indicator text

- Add thinkingIndicatorText field to interface configuration schema - Update ContentParts component to use configurable text instead of hardcoded translation - Update example config with new option - Maintain backward compatibility by falling back to default translation
🌍 i18n: Update translation.json with latest translations (#9932 )
2025-10-04 15:15:18 +05:30 · 2025-10-01 23:31:23 -04:00 · 2025-10-01 23:30:47 -04:00 · 2025-10-01 18:00:56 -04:00 · 2025-10-01 10:06:35 -04:00 · 2025-10-01 09:32:19 -04:00
422 changed files with 21148 additions and 5455 deletions
--- a/.env.example
+++ b/.env.example
@@ -163,10 +163,10 @@ GOOGLE_KEY=user_provided
 # GOOGLE_AUTH_HEADER=true

 # Gemini API (AI Studio)
-# GOOGLE_MODELS=gemini-2.5-pro,gemini-2.5-flash,gemini-2.5-flash-lite-preview-06-17,gemini-2.0-flash,gemini-2.0-flash-lite
+# GOOGLE_MODELS=gemini-2.5-pro,gemini-2.5-flash,gemini-2.5-flash-lite,gemini-2.0-flash,gemini-2.0-flash-lite

 # Vertex AI
-# GOOGLE_MODELS=gemini-2.5-pro,gemini-2.5-flash,gemini-2.5-flash-lite-preview-06-17,gemini-2.0-flash-001,gemini-2.0-flash-lite-001
+# GOOGLE_MODELS=gemini-2.5-pro,gemini-2.5-flash,gemini-2.5-flash-lite,gemini-2.0-flash-001,gemini-2.0-flash-lite-001

 # GOOGLE_TITLE_MODEL=gemini-2.0-flash-lite-001

@@ -690,8 +690,8 @@ HELP_AND_FAQ_URL=https://librechat.ai
 # REDIS_PING_INTERVAL=300

 # Force specific cache namespaces to use in-memory storage even when Redis is enabled
-# Comma-separated list of CacheKeys (e.g., STATIC_CONFIG,ROLES,MESSAGES)
-# FORCED_IN_MEMORY_CACHE_NAMESPACES=STATIC_CONFIG,ROLES
+# Comma-separated list of CacheKeys (e.g., ROLES,MESSAGES)
+# FORCED_IN_MEMORY_CACHE_NAMESPACES=ROLES,MESSAGES

 #==================================================#
 #                      Others                      #
--- a/6
+++ b/6
@@ -1,4 +1,4 @@
-# v0.8.0-rc3
+# v0.8.0

 # Base node image
 FROM node:20-alpine AS node
@@ -30,7 +30,7 @@ RUN \
    # Allow mounting of these files, which have no default
    touch .env ; \
    # Create directories for the volumes to inherit the correct permissions
-    mkdir -p /app/client/public/images /app/api/logs ; \
+    mkdir -p /app/client/public/images /app/api/logs /app/uploads ; \
    npm config set fetch-retry-maxtimeout 600000 ; \
    npm config set fetch-retries 5 ; \
    npm config set fetch-retry-mintimeout 15000 ; \
@@ -44,8 +44,6 @@ RUN \
    npm prune --production; \
    npm cache clean --force

-RUN mkdir -p /app/client/public/images /app/api/logs
-
 # Node API setup
 EXPOSE 3080
 ENV HOST=0.0.0.0
--- a/Dockerfile.multi
+++ b/Dockerfile.multi
@@ -1,5 +1,5 @@
 # Dockerfile.multi
-# v0.8.0-rc3
+# v0.8.0

 # Base for all builds
 FROM node:20-alpine AS base-min
--- a/README.md
+++ b/README.md
@@ -75,6 +75,7 @@
 - 🔍 **Web Search**:  
  - Search the internet and retrieve relevant information to enhance your AI context
  - Combines search providers, content scrapers, and result rerankers for optimal results
+  - **Customizable Jina Reranking**: Configure custom Jina API URLs for reranking services
  - **[Learn More →](https://www.librechat.ai/docs/features/web_search)**

 - 🪄 **Generative UI with Code Artifacts**:  
--- a/api/app/clients/AnthropicClient.js
+++ b/api/app/clients/AnthropicClient.js
@@ -1,4 +1,5 @@
 const Anthropic = require('@anthropic-ai/sdk');
+const { logger } = require('@librechat/data-schemas');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const {
  Constants,
@@ -9,7 +10,7 @@ const {
  getResponseSender,
  validateVisionModel,
 } = require('librechat-data-provider');
-const { SplitStreamHandler: _Handler } = require('@librechat/agents');
+const { sleep, SplitStreamHandler: _Handler } = require('@librechat/agents');
 const {
  Tokenizer,
  createFetch,
@@ -31,9 +32,7 @@ const {
 } = require('./prompts');
 const { spendTokens, spendStructuredTokens } = require('~/models/spendTokens');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
-const { sleep } = require('~/server/utils');
 const BaseClient = require('./BaseClient');
-const { logger } = require('~/config');

 const HUMAN_PROMPT = '\n\nHuman:';
 const AI_PROMPT = '\n\nAssistant:';
--- a/api/app/clients/GoogleClient.js
+++ b/api/app/clients/GoogleClient.js
@@ -1,4 +1,6 @@
 const { google } = require('googleapis');
+const { sleep } = require('@librechat/agents');
+const { logger } = require('@librechat/data-schemas');
 const { getModelMaxTokens } = require('@librechat/api');
 const { concat } = require('@langchain/core/utils/stream');
 const { ChatVertexAI } = require('@langchain/google-vertexai');
@@ -22,8 +24,6 @@ const {
 } = require('librechat-data-provider');
 const { encodeAndFormat } = require('~/server/services/Files/images');
 const { spendTokens } = require('~/models/spendTokens');
-const { sleep } = require('~/server/utils');
-const { logger } = require('~/config');
 const {
  formatMessage,
  createContextHandlers,
--- a/api/app/clients/OpenAIClient.js
+++ b/api/app/clients/OpenAIClient.js
@@ -1,6 +1,6 @@
-const { OllamaClient } = require('./OllamaClient');
+const { logger } = require('@librechat/data-schemas');
 const { HttpsProxyAgent } = require('https-proxy-agent');
-const { SplitStreamHandler, CustomOpenAIClient: OpenAI } = require('@librechat/agents');
+const { sleep, SplitStreamHandler, CustomOpenAIClient: OpenAI } = require('@librechat/agents');
 const {
  isEnabled,
  Tokenizer,
@@ -34,16 +34,16 @@ const {
  createContextHandlers,
 } = require('./prompts');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
-const { addSpaceIfNeeded, sleep } = require('~/server/utils');
 const { spendTokens } = require('~/models/spendTokens');
+const { addSpaceIfNeeded } = require('~/server/utils');
 const { handleOpenAIErrors } = require('./tools/util');
+const { OllamaClient } = require('./OllamaClient');
 const { summaryBuffer } = require('./memory');
 const { runTitleChain } = require('./chains');
 const { extractBaseURL } = require('~/utils');
 const { tokenSplit } = require('./document');
 const BaseClient = require('./BaseClient');
 const { createLLM } = require('./llm');
-const { logger } = require('~/config');

 class OpenAIClient extends BaseClient {
  constructor(apiKey, options = {}) {
--- a/api/app/clients/TextStream.js
+++ b/api/app/clients/TextStream.js
@@ -1,5 +1,5 @@
 const { Readable } = require('stream');
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');

 class TextStream extends Readable {
  constructor(text, options = {}) {
--- a/api/app/clients/agents/CustomAgent/outputParser.js
+++ b/api/app/clients/agents/CustomAgent/outputParser.js
@@ -1,5 +1,5 @@
+const { logger } = require('@librechat/data-schemas');
 const { ZeroShotAgentOutputParser } = require('langchain/agents');
-const { logger } = require('~/config');

 class CustomOutputParser extends ZeroShotAgentOutputParser {
  constructor(fields) {
--- a/api/app/clients/chains/runTitleChain.js
+++ b/api/app/clients/chains/runTitleChain.js
@@ -1,7 +1,7 @@
 const { z } = require('zod');
+const { logger } = require('@librechat/data-schemas');
 const { langPrompt, createTitlePrompt, escapeBraces, getSnippet } = require('../prompts');
 const { createStructuredOutputChainFromZod } = require('langchain/chains/openai_functions');
-const { logger } = require('~/config');

 const langSchema = z.object({
  language: z.string().describe('The language of the input text (full noun, no abbreviations).'),
--- a/api/app/clients/memory/summaryBuffer.js
+++ b/api/app/clients/memory/summaryBuffer.js
@@ -1,7 +1,7 @@
+const { logger } = require('@librechat/data-schemas');
 const { ConversationSummaryBufferMemory, ChatMessageHistory } = require('langchain/memory');
 const { formatLangChainMessages, SUMMARY_PROMPT } = require('../prompts');
 const { predictNewSummary } = require('../chains');
-const { logger } = require('~/config');

 const createSummaryBufferMemory = ({ llm, prompt, messages, ...rest }) => {
  const chatHistory = new ChatMessageHistory(messages);
--- a/api/app/clients/output_parsers/addImages.js
+++ b/api/app/clients/output_parsers/addImages.js
@@ -1,4 +1,4 @@
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');

 /**
 * The `addImages` function corrects any erroneous image URLs in the `responseMessage.text`
--- a/api/app/clients/tools/structured/AzureAISearch.js
+++ b/api/app/clients/tools/structured/AzureAISearch.js
@@ -1,7 +1,7 @@
 const { z } = require('zod');
 const { Tool } = require('@langchain/core/tools');
+const { logger } = require('@librechat/data-schemas');
 const { SearchClient, AzureKeyCredential } = require('@azure/search-documents');
-const { logger } = require('~/config');

 class AzureAISearch extends Tool {
  // Constants for default values
@@ -18,7 +18,7 @@ class AzureAISearch extends Tool {
    super();
    this.name = 'azure-ai-search';
    this.description =
-      'Use the \'azure-ai-search\' tool to retrieve search results relevant to your input';
+      "Use the 'azure-ai-search' tool to retrieve search results relevant to your input";
    /* Used to initialize the Tool without necessary variables. */
    this.override = fields.override ?? false;

--- a/api/app/clients/tools/structured/FluxAPI.js
+++ b/api/app/clients/tools/structured/FluxAPI.js
@@ -3,12 +3,12 @@ const axios = require('axios');
 const fetch = require('node-fetch');
 const { v4: uuidv4 } = require('uuid');
 const { Tool } = require('@langchain/core/tools');
+const { logger } = require('@librechat/data-schemas');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const { FileContext, ContentTypes } = require('librechat-data-provider');
-const { logger } = require('~/config');

 const displayMessage =
-  'Flux displayed an image. All generated images are already plainly visible, so don\'t repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.';
+  "Flux displayed an image. All generated images are already plainly visible, so don't repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.";

 /**
 * FluxAPI - A tool for generating high-quality images from text prompts using the Flux API.
--- a/api/app/clients/tools/structured/StableDiffusion.js
+++ b/api/app/clients/tools/structured/StableDiffusion.js
@@ -6,9 +6,9 @@ const axios = require('axios');
 const sharp = require('sharp');
 const { v4: uuidv4 } = require('uuid');
 const { Tool } = require('@langchain/core/tools');
+const { logger } = require('@librechat/data-schemas');
 const { FileContext, ContentTypes } = require('librechat-data-provider');
 const paths = require('~/config/paths');
-const { logger } = require('~/config');

 const displayMessage =
  "Stable Diffusion displayed an image. All generated images are already plainly visible, so don't repeat the descriptions in detail. Do not list download links as they are available in the UI already. The user may download the images by clicking on them, but do not mention anything about downloading to the user.";
--- a/api/app/clients/tools/structured/TraversaalSearch.js
+++ b/api/app/clients/tools/structured/TraversaalSearch.js
@@ -1,7 +1,7 @@
 const { z } = require('zod');
 const { Tool } = require('@langchain/core/tools');
+const { logger } = require('@librechat/data-schemas');
 const { getEnvironmentVariable } = require('@langchain/core/utils/env');
-const { logger } = require('~/config');

 /**
 * Tool for the Traversaal AI search API, Ares.
@@ -21,7 +21,7 @@ class TraversaalSearch extends Tool {
      query: z
        .string()
        .describe(
-          'A properly written sentence to be interpreted by an AI to search the web according to the user\'s request.',
+          "A properly written sentence to be interpreted by an AI to search the web according to the user's request.",
        ),
    });

@@ -38,7 +38,6 @@ class TraversaalSearch extends Tool {
    return apiKey;
  }

-  // eslint-disable-next-line no-unused-vars
  async _call({ query }, _runManager) {
    const body = {
      query: [query],
--- a/api/app/clients/tools/structured/Wolfram.js
+++ b/api/app/clients/tools/structured/Wolfram.js
@@ -1,8 +1,8 @@
 /* eslint-disable no-useless-escape */
-const axios = require('axios');
 const { z } = require('zod');
+const axios = require('axios');
 const { Tool } = require('@langchain/core/tools');
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');

 class WolframAlphaAPI extends Tool {
  constructor(fields) {
--- a/api/app/clients/tools/util/fileSearch.js
+++ b/api/app/clients/tools/util/fileSearch.js
@@ -68,19 +68,19 @@ const primeFiles = async (options) => {
 /**
 *
 * @param {Object} options
- * @param {ServerRequest} options.req
+ * @param {string} options.userId
 * @param {Array<{ file_id: string; filename: string }>} options.files
 * @param {string} [options.entity_id]
 * @param {boolean} [options.fileCitations=false] - Whether to include citation instructions
 * @returns
 */
-const createFileSearchTool = async ({ req, files, entity_id, fileCitations = false }) => {
+const createFileSearchTool = async ({ userId, files, entity_id, fileCitations = false }) => {
  return tool(
    async ({ query }) => {
      if (files.length === 0) {
        return 'No files to search. Instruct the user to add files for the search.';
      }
-      const jwtToken = generateShortLivedToken(req.user.id);
+      const jwtToken = generateShortLivedToken(userId);
      if (!jwtToken) {
        return 'There was an error authenticating the file search request.';
      }
--- a/api/app/clients/tools/util/handleOpenAIErrors.js
+++ b/api/app/clients/tools/util/handleOpenAIErrors.js
@@ -1,5 +1,5 @@
 const OpenAI = require('openai');
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');

 /**
 * Handles errors that may occur when making requests to OpenAI's API.
--- a/api/app/clients/tools/util/handleTools.js
+++ b/api/app/clients/tools/util/handleTools.js
@@ -1,8 +1,13 @@
 const { logger } = require('@librechat/data-schemas');
 const { SerpAPI } = require('@langchain/community/tools/serpapi');
 const { Calculator } = require('@langchain/community/tools/calculator');
-const { mcpToolPattern, loadWebSearchAuth, checkAccess } = require('@librechat/api');
 const { EnvVar, createCodeExecutionTool, createSearchTool } = require('@librechat/agents');
+const {
+  checkAccess,
+  createSafeUser,
+  mcpToolPattern,
+  loadWebSearchAuth,
+} = require('@librechat/api');
 const {
  Tools,
  Constants,
@@ -33,7 +38,7 @@ const { createFileSearchTool, primeFiles: primeSearchFiles } = require('./fileSe
 const { getUserPluginAuthValue } = require('~/server/services/PluginService');
 const { createMCPTool, createMCPTools } = require('~/server/services/MCP');
 const { loadAuthValues } = require('~/server/services/Tools/credentials');
-const { getCachedTools } = require('~/server/services/Config');
+const { getMCPServerTools } = require('~/server/services/Config');
 const { getRoleByName } = require('~/models/Role');

 /**
@@ -250,7 +255,6 @@ const loadTools = async ({

  /** @type {Record<string, string>} */
  const toolContextMap = {};
-  const cachedTools = (await getCachedTools({ userId: user, includeGlobal: true })) ?? {};
  const requestedMCPTools = {};

  for (const tool of tools) {
@@ -307,7 +311,7 @@ const loadTools = async ({
        }

        return createFileSearchTool({
-          req: options.req,
+          userId: user,
          files,
          entity_id: agent?.id,
          fileCitations,
@@ -340,7 +344,7 @@ Current Date & Time: ${replaceSpecialVars({ text: '{{iso_datetime}}' })}
        });
      };
      continue;
-    } else if (tool && cachedTools && mcpToolPattern.test(tool)) {
+    } else if (tool && mcpToolPattern.test(tool)) {
      const [toolName, serverName] = tool.split(Constants.mcp_delimiter);
      if (toolName === Constants.mcp_server) {
        /** Placeholder used for UI purposes */
@@ -353,33 +357,21 @@ Current Date & Time: ${replaceSpecialVars({ text: '{{iso_datetime}}' })}
        continue;
      }
      if (toolName === Constants.mcp_all) {
-        const currentMCPGenerator = async (index) =>
-          createMCPTools({
-            req: options.req,
-            res: options.res,
-            index,
+        requestedMCPTools[serverName] = [
+          {
+            type: 'all',
            serverName,
-            userMCPAuthMap,
-            model: agent?.model ?? model,
-            provider: agent?.provider ?? endpoint,
-            signal,
-          });
-        requestedMCPTools[serverName] = [currentMCPGenerator];
+          },
+        ];
        continue;
      }
-      const currentMCPGenerator = async (index) =>
-        createMCPTool({
-          index,
-          req: options.req,
-          res: options.res,
-          toolKey: tool,
-          userMCPAuthMap,
-          model: agent?.model ?? model,
-          provider: agent?.provider ?? endpoint,
-          signal,
-        });
+
      requestedMCPTools[serverName] = requestedMCPTools[serverName] || [];
-      requestedMCPTools[serverName].push(currentMCPGenerator);
+      requestedMCPTools[serverName].push({
+        type: 'single',
+        toolKey: tool,
+        serverName,
+      });
      continue;
    }

@@ -422,24 +414,65 @@ Current Date & Time: ${replaceSpecialVars({ text: '{{iso_datetime}}' })}
  const mcpToolPromises = [];
  /** MCP server tools are initialized sequentially by server */
  let index = -1;
-  for (const [serverName, generators] of Object.entries(requestedMCPTools)) {
+  const failedMCPServers = new Set();
+  const safeUser = createSafeUser(options.req?.user);
+  for (const [serverName, toolConfigs] of Object.entries(requestedMCPTools)) {
    index++;
-    for (const generator of generators) {
+    /** @type {LCAvailableTools} */
+    let availableTools;
+    for (const config of toolConfigs) {
      try {
-        if (generator && generators.length === 1) {
+        if (failedMCPServers.has(serverName)) {
+          continue;
+        }
+        const mcpParams = {
+          index,
+          signal,
+          user: safeUser,
+          userMCPAuthMap,
+          res: options.res,
+          model: agent?.model ?? model,
+          serverName: config.serverName,
+          provider: agent?.provider ?? endpoint,
+        };
+
+        if (config.type === 'all' && toolConfigs.length === 1) {
+          /** Handle async loading for single 'all' tool config */
          mcpToolPromises.push(
-            generator(index).catch((error) => {
+            createMCPTools(mcpParams).catch((error) => {
              logger.error(`Error loading ${serverName} tools:`, error);
              return null;
            }),
          );
          continue;
        }
-        const mcpTool = await generator(index);
+        if (!availableTools) {
+          try {
+            availableTools = await getMCPServerTools(serverName);
+          } catch (error) {
+            logger.error(`Error fetching available tools for MCP server ${serverName}:`, error);
+          }
+        }
+
+        /** Handle synchronous loading */
+        const mcpTool =
+          config.type === 'all'
+            ? await createMCPTools(mcpParams)
+            : await createMCPTool({
+                ...mcpParams,
+                availableTools,
+                toolKey: config.toolKey,
+              });
+
        if (Array.isArray(mcpTool)) {
          loadedTools.push(...mcpTool);
        } else if (mcpTool) {
          loadedTools.push(mcpTool);
+        } else {
+          failedMCPServers.add(serverName);
+          logger.warn(
+            `MCP tool creation failed for "${config.toolKey}", server may be unavailable or unauthenticated.`,
+          );
        }
      } catch (error) {
        logger.error(`Error loading MCP tool for server ${serverName}:`, error);
--- a/api/cache/cacheConfig.js
+++ b/api/cache/cacheConfig.js
@@ -1,4 +1,5 @@
 const fs = require('fs');
+const { logger } = require('@librechat/data-schemas');
 const { math, isEnabled } = require('@librechat/api');
 const { CacheKeys } = require('librechat-data-provider');

@@ -34,13 +35,35 @@ if (FORCED_IN_MEMORY_CACHE_NAMESPACES.length > 0) {
  }
 }

+/** Helper function to safely read Redis CA certificate from file
+ * @returns {string|null} The contents of the CA certificate file, or null if not set or on error
+ */
+const getRedisCA = () => {
+  const caPath = process.env.REDIS_CA;
+  if (!caPath) {
+    return null;
+  }
+
+  try {
+    if (fs.existsSync(caPath)) {
+      return fs.readFileSync(caPath, 'utf8');
+    } else {
+      logger.warn(`Redis CA certificate file not found: ${caPath}`);
+      return null;
+    }
+  } catch (error) {
+    logger.error(`Failed to read Redis CA certificate file '${caPath}':`, error);
+    return null;
+  }
+};
+
 const cacheConfig = {
  FORCED_IN_MEMORY_CACHE_NAMESPACES,
  USE_REDIS,
  REDIS_URI: process.env.REDIS_URI,
  REDIS_USERNAME: process.env.REDIS_USERNAME,
  REDIS_PASSWORD: process.env.REDIS_PASSWORD,
-  REDIS_CA: process.env.REDIS_CA ? fs.readFileSync(process.env.REDIS_CA, 'utf8') : null,
+  REDIS_CA: getRedisCA(),
  REDIS_KEY_PREFIX: process.env[REDIS_KEY_PREFIX_VAR] || REDIS_KEY_PREFIX || '',
  REDIS_MAX_LISTENERS: math(process.env.REDIS_MAX_LISTENERS, 40),
  REDIS_PING_INTERVAL: math(process.env.REDIS_PING_INTERVAL, 0),
--- a/api/cache/cacheConfig.spec.js
+++ b/api/cache/cacheConfig.spec.js
@@ -157,12 +157,11 @@ describe('cacheConfig', () => {

  describe('FORCED_IN_MEMORY_CACHE_NAMESPACES validation', () => {
    test('should parse comma-separated cache keys correctly', () => {
-      process.env.FORCED_IN_MEMORY_CACHE_NAMESPACES = ' ROLES, STATIC_CONFIG ,MESSAGES ';
+      process.env.FORCED_IN_MEMORY_CACHE_NAMESPACES = ' ROLES, MESSAGES ';

      const { cacheConfig } = require('./cacheConfig');
      expect(cacheConfig.FORCED_IN_MEMORY_CACHE_NAMESPACES).toEqual([
        'ROLES',
-        'STATIC_CONFIG',
        'MESSAGES',
      ]);
    });
--- a/api/cache/clearPendingReq.js
+++ b/api/cache/clearPendingReq.js
@@ -1,5 +1,5 @@
+const { isEnabled } = require('@librechat/api');
 const { Time, CacheKeys } = require('librechat-data-provider');
-const { isEnabled } = require('~/server/utils');
 const getLogStores = require('./getLogStores');

 const { USE_REDIS, LIMIT_CONCURRENT_MESSAGES } = process.env ?? {};
--- a/api/cache/getLogStores.js
+++ b/api/cache/getLogStores.js
@@ -31,8 +31,8 @@ const namespaces = {
  [CacheKeys.SAML_SESSION]: sessionCache(CacheKeys.SAML_SESSION),

  [CacheKeys.ROLES]: standardCache(CacheKeys.ROLES),
+  [CacheKeys.APP_CONFIG]: standardCache(CacheKeys.APP_CONFIG),
  [CacheKeys.CONFIG_STORE]: standardCache(CacheKeys.CONFIG_STORE),
-  [CacheKeys.STATIC_CONFIG]: standardCache(CacheKeys.STATIC_CONFIG),
  [CacheKeys.PENDING_REQ]: standardCache(CacheKeys.PENDING_REQ),
  [CacheKeys.ENCODED_DOMAINS]: new Keyv({ store: keyvMongo, namespace: CacheKeys.ENCODED_DOMAINS }),
  [CacheKeys.ABORT_KEYS]: standardCache(CacheKeys.ABORT_KEYS, Time.TEN_MINUTES),
--- a/api/cache/keyvMongo.js
+++ b/api/cache/keyvMongo.js
@@ -2,7 +2,7 @@
 const mongoose = require('mongoose');
 const EventEmitter = require('events');
 const { GridFSBucket } = require('mongodb');
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');

 const storeMap = new Map();

--- a/api/cache/logViolation.js
+++ b/api/cache/logViolation.js
@@ -1,4 +1,4 @@
-const { isEnabled } = require('~/server/utils');
+const { isEnabled } = require('@librechat/api');
 const { ViolationTypes } = require('librechat-data-provider');
 const getLogStores = require('./getLogStores');
 const banViolation = require('./banViolation');
--- a/api/config/index.js
+++ b/api/config/index.js
@@ -1,6 +1,6 @@
-const { MCPManager, FlowStateManager } = require('@librechat/api');
 const { EventSource } = require('eventsource');
 const { Time } = require('librechat-data-provider');
+const { MCPManager, FlowStateManager, OAuthReconnectionManager } = require('@librechat/api');
 const logger = require('./winston');

 global.EventSource = EventSource;
@@ -26,4 +26,6 @@ module.exports = {
  createMCPManager: MCPManager.createInstance,
  getMCPManager: MCPManager.getInstance,
  getFlowStateManager,
+  createOAuthReconnectionManager: OAuthReconnectionManager.createInstance,
+  getOAuthReconnectionManager: OAuthReconnectionManager.getInstance,
 };
--- a/api/db/indexSync.js
+++ b/api/db/indexSync.js
@@ -1,10 +1,8 @@
 const mongoose = require('mongoose');
 const { MeiliSearch } = require('meilisearch');
 const { logger } = require('@librechat/data-schemas');
-const { FlowStateManager } = require('@librechat/api');
 const { CacheKeys } = require('librechat-data-provider');
-
-const { isEnabled } = require('~/server/utils');
+const { isEnabled, FlowStateManager } = require('@librechat/api');
 const { getLogStores } = require('~/cache');

 const Conversation = mongoose.models.Conversation;
@@ -31,6 +29,81 @@ class MeiliSearchClient {
  }
 }

+/**
+ * Ensures indexes have proper filterable attributes configured and checks if documents have user field
+ * @param {MeiliSearch} client - MeiliSearch client instance
+ * @returns {Promise<boolean>} - true if configuration was updated or re-sync is needed
+ */
+async function ensureFilterableAttributes(client) {
+  try {
+    // Check and update messages index
+    try {
+      const messagesIndex = client.index('messages');
+      const settings = await messagesIndex.getSettings();
+
+      if (!settings.filterableAttributes || !settings.filterableAttributes.includes('user')) {
+        logger.info('[indexSync] Configuring messages index to filter by user...');
+        await messagesIndex.updateSettings({
+          filterableAttributes: ['user'],
+        });
+        logger.info('[indexSync] Messages index configured for user filtering');
+        logger.info('[indexSync] Index configuration updated. Full re-sync will be triggered.');
+        return true;
+      }
+
+      // Check if existing documents have user field indexed
+      try {
+        const searchResult = await messagesIndex.search('', { limit: 1 });
+        if (searchResult.hits.length > 0 && !searchResult.hits[0].user) {
+          logger.info('[indexSync] Existing messages missing user field, re-sync needed');
+          return true;
+        }
+      } catch (searchError) {
+        logger.debug('[indexSync] Could not check message documents:', searchError.message);
+      }
+    } catch (error) {
+      if (error.code !== 'index_not_found') {
+        logger.warn('[indexSync] Could not check/update messages index settings:', error.message);
+      }
+    }
+
+    // Check and update conversations index
+    try {
+      const convosIndex = client.index('convos');
+      const settings = await convosIndex.getSettings();
+
+      if (!settings.filterableAttributes || !settings.filterableAttributes.includes('user')) {
+        logger.info('[indexSync] Configuring convos index to filter by user...');
+        await convosIndex.updateSettings({
+          filterableAttributes: ['user'],
+        });
+        logger.info('[indexSync] Convos index configured for user filtering');
+        logger.info('[indexSync] Index configuration updated. Full re-sync will be triggered.');
+        return true;
+      }
+
+      // Check if existing documents have user field indexed
+      try {
+        const searchResult = await convosIndex.search('', { limit: 1 });
+        if (searchResult.hits.length > 0 && !searchResult.hits[0].user) {
+          logger.info('[indexSync] Existing conversations missing user field, re-sync needed');
+          return true;
+        }
+      } catch (searchError) {
+        logger.debug('[indexSync] Could not check conversation documents:', searchError.message);
+      }
+    } catch (error) {
+      if (error.code !== 'index_not_found') {
+        logger.warn('[indexSync] Could not check/update convos index settings:', error.message);
+      }
+    }
+  } catch (error) {
+    logger.error('[indexSync] Error ensuring filterable attributes:', error);
+  }
+
+  return false;
+}
+
 /**
 * Performs the actual sync operations for messages and conversations
 */
@@ -47,12 +120,27 @@ async function performSync() {
    return { messagesSync: false, convosSync: false };
  }

+  /** Ensures indexes have proper filterable attributes configured */
+  const configUpdated = await ensureFilterableAttributes(client);
+
  let messagesSync = false;
  let convosSync = false;

+  // If configuration was just updated or documents are missing user field, force a full re-sync
+  if (configUpdated) {
+    logger.info('[indexSync] Forcing full re-sync to ensure user field is properly indexed...');
+
+    // Reset sync flags to force full re-sync
+    await Message.collection.updateMany({ _meiliIndex: true }, { $set: { _meiliIndex: false } });
+    await Conversation.collection.updateMany(
+      { _meiliIndex: true },
+      { $set: { _meiliIndex: false } },
+    );
+  }
+
  // Check if we need to sync messages
  const messageProgress = await Message.getSyncProgress();
-  if (!messageProgress.isComplete) {
+  if (!messageProgress.isComplete || configUpdated) {
    logger.info(
      `[indexSync] Messages need syncing: ${messageProgress.totalProcessed}/${messageProgress.totalDocuments} indexed`,
    );
@@ -79,7 +167,7 @@ async function performSync() {

  // Check if we need to sync conversations
  const convoProgress = await Conversation.getSyncProgress();
-  if (!convoProgress.isComplete) {
+  if (!convoProgress.isComplete || configUpdated) {
    logger.info(
      `[indexSync] Conversations need syncing: ${convoProgress.totalProcessed}/${convoProgress.totalDocuments} indexed`,
    );
--- a/api/models/Agent.js
+++ b/api/models/Agent.js
@@ -11,7 +11,7 @@ const {
  getProjectByName,
 } = require('./Project');
 const { removeAllPermissions } = require('~/server/services/PermissionService');
-const { getCachedTools } = require('~/server/services/Config');
+const { getMCPServerTools } = require('~/server/services/Config');
 const { getActions } = require('./Action');
 const { Agent } = require('~/db/models');

@@ -49,6 +49,14 @@ const createAgent = async (agentData) => {
 */
 const getAgent = async (searchParameter) => await Agent.findOne(searchParameter).lean();

+/**
+ * Get multiple agent documents based on the provided search parameters.
+ *
+ * @param {Object} searchParameter - The search parameters to find agents.
+ * @returns {Promise<Agent[]>} Array of agent documents as plain objects.
+ */
+const getAgents = async (searchParameter) => await Agent.find(searchParameter).lean();
+
 /**
 * Load an agent based on the provided ID
 *
@@ -61,8 +69,6 @@ const getAgent = async (searchParameter) => await Agent.findOne(searchParameter)
 */
 const loadEphemeralAgent = async ({ req, agent_id, endpoint, model_parameters: _m }) => {
  const { model, ...model_parameters } = _m;
-  /** @type {Record<string, FunctionTool>} */
-  const availableTools = await getCachedTools({ userId: req.user.id, includeGlobal: true });
  /** @type {TEphemeralAgent | null} */
  const ephemeralAgent = req.body.ephemeralAgent;
  const mcpServers = new Set(ephemeralAgent?.mcp);
@@ -80,22 +86,18 @@ const loadEphemeralAgent = async ({ req, agent_id, endpoint, model_parameters: _

  const addedServers = new Set();
  if (mcpServers.size > 0) {
-    for (const toolName of Object.keys(availableTools)) {
-      if (!toolName.includes(mcp_delimiter)) {
-        continue;
-      }
-      const mcpServer = toolName.split(mcp_delimiter)?.[1];
-      if (mcpServer && mcpServers.has(mcpServer)) {
-        addedServers.add(mcpServer);
-        tools.push(toolName);
-      }
-    }
-
    for (const mcpServer of mcpServers) {
      if (addedServers.has(mcpServer)) {
        continue;
      }
-      tools.push(`${mcp_all}${mcp_delimiter}${mcpServer}`);
+      const serverTools = await getMCPServerTools(mcpServer);
+      if (!serverTools) {
+        tools.push(`${mcp_all}${mcp_delimiter}${mcpServer}`);
+        addedServers.add(mcpServer);
+        continue;
+      }
+      tools.push(...Object.keys(serverTools));
+      addedServers.add(mcpServer);
    }
  }

@@ -835,6 +837,7 @@ const countPromotedAgents = async () => {

 module.exports = {
  getAgent,
+  getAgents,
  loadAgent,
  createAgent,
  updateAgent,
--- a/api/models/Agent.spec.js
+++ b/api/models/Agent.spec.js
@@ -8,6 +8,7 @@ process.env.CREDS_IV = '0123456789abcdef';

 jest.mock('~/server/services/Config', () => ({
  getCachedTools: jest.fn(),
+  getMCPServerTools: jest.fn(),
 }));

 const mongoose = require('mongoose');
@@ -30,7 +31,7 @@ const {
  generateActionMetadataHash,
 } = require('./Agent');
 const permissionService = require('~/server/services/PermissionService');
-const { getCachedTools } = require('~/server/services/Config');
+const { getCachedTools, getMCPServerTools } = require('~/server/services/Config');
 const { AclEntry } = require('~/db/models');

 /**
@@ -1929,6 +1930,16 @@ describe('models/Agent', () => {
        another_tool: {},
      });

+      // Mock getMCPServerTools to return tools for each server
+      getMCPServerTools.mockImplementation(async (server) => {
+        if (server === 'server1') {
+          return { tool1_mcp_server1: {} };
+        } else if (server === 'server2') {
+          return { tool2_mcp_server2: {} };
+        }
+        return null;
+      });
+
      const mockReq = {
        user: { id: 'user123' },
        body: {
@@ -2113,6 +2124,14 @@ describe('models/Agent', () => {

        getCachedTools.mockResolvedValue(availableTools);

+        // Mock getMCPServerTools to return all tools for server1
+        getMCPServerTools.mockImplementation(async (server) => {
+          if (server === 'server1') {
+            return availableTools; // All 100 tools belong to server1
+          }
+          return null;
+        });
+
        const mockReq = {
          user: { id: 'user123' },
          body: {
@@ -2654,6 +2673,17 @@ describe('models/Agent', () => {
        tool_mcp_server2: {}, // Different server
      });

+      // Mock getMCPServerTools to return only tools matching the server
+      getMCPServerTools.mockImplementation(async (server) => {
+        if (server === 'server1') {
+          // Only return tool that correctly matches server1 format
+          return { tool_mcp_server1: {} };
+        } else if (server === 'server2') {
+          return { tool_mcp_server2: {} };
+        }
+        return null;
+      });
+
      const mockReq = {
        user: { id: 'user123' },
        body: {
--- a/api/models/Categories.js
+++ b/api/models/Categories.js
@@ -1,4 +1,4 @@
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');

 const options = [
  {
--- a/api/models/Conversation.js
+++ b/api/models/Conversation.js
@@ -174,7 +174,7 @@ module.exports = {

    if (search) {
      try {
-        const meiliResults = await Conversation.meiliSearch(search);
+        const meiliResults = await Conversation.meiliSearch(search, { filter: `user = "${user}"` });
        const matchingIds = Array.isArray(meiliResults.hits)
          ? meiliResults.hits.map((result) => result.conversationId)
          : [];
--- a/api/models/ConversationTag.js
+++ b/api/models/ConversationTag.js
@@ -239,10 +239,46 @@ const updateTagsForConversation = async (user, conversationId, tags) => {
  }
 };

+/**
+ * Increments tag counts for existing tags only.
+ * @param {string} user - The user ID.
+ * @param {string[]} tags - Array of tag names to increment
+ * @returns {Promise<void>}
+ */
+const bulkIncrementTagCounts = async (user, tags) => {
+  if (!tags || tags.length === 0) {
+    return;
+  }
+
+  try {
+    const uniqueTags = [...new Set(tags.filter(Boolean))];
+    if (uniqueTags.length === 0) {
+      return;
+    }
+
+    const bulkOps = uniqueTags.map((tag) => ({
+      updateOne: {
+        filter: { user, tag },
+        update: { $inc: { count: 1 } },
+      },
+    }));
+
+    const result = await ConversationTag.bulkWrite(bulkOps);
+    if (result && result.modifiedCount > 0) {
+      logger.debug(
+        `user: ${user} | Incremented tag counts - modified ${result.modifiedCount} tags`,
+      );
+    }
+  } catch (error) {
+    logger.error('[bulkIncrementTagCounts] Error incrementing tag counts', error);
+  }
+};
+
 module.exports = {
  getConversationTags,
  createConversationTag,
  updateConversationTag,
  deleteConversationTag,
+  bulkIncrementTagCounts,
  updateTagsForConversation,
 };
--- a/api/models/File.js
+++ b/api/models/File.js
@@ -42,7 +42,7 @@ const getToolFilesByIds = async (fileIds, toolResourceSet) => {
      $or: [],
    };

-    if (toolResourceSet.has(EToolResources.ocr)) {
+    if (toolResourceSet.has(EToolResources.context)) {
      filter.$or.push({ text: { $exists: true, $ne: null }, context: FileContext.agents });
    }
    if (toolResourceSet.has(EToolResources.file_search)) {
--- a/api/models/spendTokens.js
+++ b/api/models/spendTokens.js
@@ -1,4 +1,4 @@
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');
 const { createTransaction, createStructuredTransaction } = require('./Transaction');
 /**
 * Creates up to two transactions to record the spending of tokens.
--- a/api/models/tx.js
+++ b/api/models/tx.js
@@ -111,8 +111,8 @@ const tokenValues = Object.assign(
    'claude-': { prompt: 0.8, completion: 2.4 },
    'command-r-plus': { prompt: 3, completion: 15 },
    'command-r': { prompt: 0.5, completion: 1.5 },
-    'deepseek-reasoner': { prompt: 0.55, completion: 2.19 },
-    deepseek: { prompt: 0.14, completion: 0.28 },
+    'deepseek-reasoner': { prompt: 0.28, completion: 0.42 },
+    deepseek: { prompt: 0.28, completion: 0.42 },
    /* cohere doesn't have rates for the older command models,
  so this was from https://artificialanalysis.ai/models/command-light/providers */
    command: { prompt: 0.38, completion: 0.38 },
@@ -124,7 +124,8 @@ const tokenValues = Object.assign(
    'gemini-2.0-flash': { prompt: 0.1, completion: 0.4 },
    'gemini-2.0': { prompt: 0, completion: 0 }, // https://ai.google.dev/pricing
    'gemini-2.5-pro': { prompt: 1.25, completion: 10 },
-    'gemini-2.5-flash': { prompt: 0.15, completion: 3.5 },
+    'gemini-2.5-flash': { prompt: 0.3, completion: 2.5 },
+    'gemini-2.5-flash-lite': { prompt: 0.075, completion: 0.4 },
    'gemini-2.5': { prompt: 0, completion: 0 }, // Free for a period of time
    'gemini-1.5-flash-8b': { prompt: 0.075, completion: 0.3 },
    'gemini-1.5-flash': { prompt: 0.15, completion: 0.6 },
--- a/api/models/tx.spec.js
+++ b/api/models/tx.spec.js
@@ -571,6 +571,9 @@ describe('getCacheMultiplier', () => {

 describe('Google Model Tests', () => {
  const googleModels = [
+    'gemini-2.5-pro',
+    'gemini-2.5-flash',
+    'gemini-2.5-flash-lite',
    'gemini-2.5-pro-preview-05-06',
    'gemini-2.5-flash-preview-04-17',
    'gemini-2.5-exp',
@@ -611,6 +614,9 @@ describe('Google Model Tests', () => {

  it('should map to the correct model keys', () => {
    const expected = {
+      'gemini-2.5-pro': 'gemini-2.5-pro',
+      'gemini-2.5-flash': 'gemini-2.5-flash',
+      'gemini-2.5-flash-lite': 'gemini-2.5-flash-lite',
      'gemini-2.5-pro-preview-05-06': 'gemini-2.5-pro',
      'gemini-2.5-flash-preview-04-17': 'gemini-2.5-flash',
      'gemini-2.5-exp': 'gemini-2.5',
--- a/api/package.json
+++ b/api/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@librechat/backend",
-  "version": "v0.8.0-rc3",
+  "version": "v0.8.0",
  "description": "",
  "scripts": {
    "start": "echo 'please run this from the root directory'",
@@ -49,14 +49,14 @@
    "@langchain/google-vertexai": "^0.2.13",
    "@langchain/openai": "^0.5.18",
    "@langchain/textsplitters": "^0.1.0",
-    "@librechat/agents": "^2.4.76",
+    "@librechat/agents": "^2.4.82",
    "@librechat/api": "*",
    "@librechat/data-schemas": "*",
    "@microsoft/microsoft-graph-client": "^3.0.7",
    "@modelcontextprotocol/sdk": "^1.17.1",
    "@node-saml/passport-saml": "^5.1.0",
    "@waylaidwanderer/fetch-event-source": "^3.0.1",
-    "axios": "^1.8.2",
+    "axios": "^1.12.1",
    "bcryptjs": "^2.4.3",
    "compression": "^1.8.1",
    "connect-redis": "^8.1.0",
--- a/api/server/controllers/AuthController.js
+++ b/api/server/controllers/AuthController.js
@@ -1,8 +1,8 @@
 const cookies = require('cookie');
 const jwt = require('jsonwebtoken');
 const openIdClient = require('openid-client');
-const { isEnabled } = require('@librechat/api');
 const { logger } = require('@librechat/data-schemas');
+const { isEnabled, findOpenIDUser } = require('@librechat/api');
 const {
  requestPasswordReset,
  setOpenIDAuthTokens,
@@ -11,8 +11,9 @@ const {
  registerUser,
 } = require('~/server/services/AuthService');
 const { findUser, getUserById, deleteAllUserSessions, findSession } = require('~/models');
-const { getOpenIdConfig } = require('~/strategies');
 const { getGraphApiToken } = require('~/server/services/GraphTokenService');
+const { getOAuthReconnectionManager } = require('~/config');
+const { getOpenIdConfig } = require('~/strategies');

 const registrationController = async (req, res) => {
  try {
@@ -71,8 +72,14 @@ const refreshController = async (req, res) => {
      const openIdConfig = getOpenIdConfig();
      const tokenset = await openIdClient.refreshTokenGrant(openIdConfig, refreshToken);
      const claims = tokenset.claims();
-      const user = await findUser({ email: claims.email });
-      if (!user) {
+      const { user, error } = await findOpenIDUser({
+        findUser,
+        email: claims.email,
+        openidId: claims.sub,
+        idOnTheSource: claims.oid,
+        strategyName: 'refreshController',
+      });
+      if (error || !user) {
        return res.status(401).redirect('/login');
      }
      const token = setOpenIDAuthTokens(tokenset, res, user._id.toString());
@@ -96,14 +103,25 @@ const refreshController = async (req, res) => {
      return res.status(200).send({ token, user });
    }

-    // Find the session with the hashed refresh token
-    const session = await findSession({
-      userId: userId,
-      refreshToken: refreshToken,
-    });
+    /** Session with the hashed refresh token */
+    const session = await findSession(
+      {
+        userId: userId,
+        refreshToken: refreshToken,
+      },
+      { lean: false },
+    );

    if (session && session.expiration > new Date()) {
-      const token = await setAuthTokens(userId, res, session._id);
+      const token = await setAuthTokens(userId, res, session);
+
+      // trigger OAuth MCP server reconnection asynchronously (best effort)
+      void getOAuthReconnectionManager()
+        .reconnectServers(userId)
+        .catch((err) => {
+          logger.error('Error reconnecting OAuth MCP servers:', err);
+        });
+
      res.status(200).send({ token, user });
    } else if (req?.query?.retry) {
      // Retrying from a refresh token request that failed (401)
@@ -114,7 +132,7 @@ const refreshController = async (req, res) => {
      res.status(401).send('Refresh token expired or not found for this user');
    }
  } catch (err) {
-    logger.error(`[refreshController] Refresh token: ${refreshToken}`, err);
+    logger.error(`[refreshController] Invalid refresh token:`, err);
    res.status(403).send('Invalid refresh token');
  }
 };
--- a/api/server/controllers/ModelController.js
+++ b/api/server/controllers/ModelController.js
@@ -1,7 +1,7 @@
+const { logger } = require('@librechat/data-schemas');
 const { CacheKeys } = require('librechat-data-provider');
 const { loadDefaultModels, loadConfigModels } = require('~/server/services/Config');
 const { getLogStores } = require('~/cache');
-const { logger } = require('~/config');

 /**
 * @param {ServerRequest} req
--- a/api/server/controllers/PluginController.js
+++ b/api/server/controllers/PluginController.js
@@ -1,16 +1,9 @@
 const { logger } = require('@librechat/data-schemas');
-const { CacheKeys, Constants } = require('librechat-data-provider');
-const {
-  getToolkitKey,
-  checkPluginAuth,
-  filterUniquePlugins,
-  convertMCPToolToPlugin,
-  convertMCPToolsToPlugins,
-} = require('@librechat/api');
-const { getCachedTools, setCachedTools, mergeUserTools } = require('~/server/services/Config');
+const { CacheKeys } = require('librechat-data-provider');
+const { getToolkitKey, checkPluginAuth, filterUniquePlugins } = require('@librechat/api');
+const { getCachedTools, setCachedTools } = require('~/server/services/Config');
 const { availableTools, toolkits } = require('~/app/clients/tools');
 const { getAppConfig } = require('~/server/services/Config');
-const { getMCPManager } = require('~/config');
 const { getLogStores } = require('~/cache');

 const getAvailablePluginsController = async (req, res) => {
@@ -72,63 +65,27 @@ const getAvailableTools = async (req, res) => {
    }
    const cache = getLogStores(CacheKeys.CONFIG_STORE);
    const cachedToolsArray = await cache.get(CacheKeys.TOOLS);
-    const cachedUserTools = await getCachedTools({ userId });

    const appConfig = req.config ?? (await getAppConfig({ role: req.user?.role }));

-    /** @type {TPlugin[]} */
-    let mcpPlugins;
-    if (appConfig?.mcpConfig) {
-      const mcpManager = getMCPManager();
-      mcpPlugins =
-        cachedUserTools != null
-          ? convertMCPToolsToPlugins({ functionTools: cachedUserTools, mcpManager })
-          : undefined;
-    }
-
-    if (
-      cachedToolsArray != null &&
-      (appConfig?.mcpConfig != null ? mcpPlugins != null && mcpPlugins.length > 0 : true)
-    ) {
-      const dedupedTools = filterUniquePlugins([...(mcpPlugins ?? []), ...cachedToolsArray]);
-      res.status(200).json(dedupedTools);
+    // Return early if we have cached tools
+    if (cachedToolsArray != null) {
+      res.status(200).json(cachedToolsArray);
      return;
    }

    /** @type {Record<string, FunctionTool> | null} Get tool definitions to filter which tools are actually available */
-    let toolDefinitions = await getCachedTools({ includeGlobal: true });
-    let prelimCachedTools;
+    let toolDefinitions = await getCachedTools();
+
+    if (toolDefinitions == null && appConfig?.availableTools != null) {
+      logger.warn('[getAvailableTools] Tool cache was empty, re-initializing from app config');
+      await setCachedTools(appConfig.availableTools);
+      toolDefinitions = appConfig.availableTools;
+    }

    /** @type {import('@librechat/api').LCManifestTool[]} */
    let pluginManifest = availableTools;

-    if (appConfig?.mcpConfig != null) {
-      try {
-        const mcpManager = getMCPManager();
-        const mcpTools = await mcpManager.getAllToolFunctions(userId);
-        prelimCachedTools = prelimCachedTools ?? {};
-        for (const [toolKey, toolData] of Object.entries(mcpTools)) {
-          const plugin = convertMCPToolToPlugin({
-            toolKey,
-            toolData,
-            mcpManager,
-          });
-          if (plugin) {
-            pluginManifest.push(plugin);
-          }
-          prelimCachedTools[toolKey] = toolData;
-        }
-        await mergeUserTools({ userId, cachedUserTools, userTools: prelimCachedTools });
-      } catch (error) {
-        logger.error(
-          '[getAvailableTools] Error loading MCP Tools, servers may still be initializing:',
-          error,
-        );
-      }
-    } else if (prelimCachedTools != null) {
-      await setCachedTools(prelimCachedTools, { isGlobal: true });
-    }
-
    /** @type {TPlugin[]} Deduplicate and authenticate plugins */
    const uniquePlugins = filterUniquePlugins(pluginManifest);
    const authenticatedPlugins = uniquePlugins.map((plugin) => {
@@ -139,13 +96,13 @@ const getAvailableTools = async (req, res) => {
      }
    });

-    /** Filter plugins based on availability and add MCP-specific auth config */
+    /** Filter plugins based on availability */
    const toolsOutput = [];
    for (const plugin of authenticatedPlugins) {
-      const isToolDefined = toolDefinitions[plugin.pluginKey] !== undefined;
+      const isToolDefined = toolDefinitions?.[plugin.pluginKey] !== undefined;
      const isToolkit =
        plugin.toolkit === true &&
-        Object.keys(toolDefinitions).some(
+        Object.keys(toolDefinitions ?? {}).some(
          (key) => getToolkitKey({ toolkits, toolName: key }) === plugin.pluginKey,
        );

@@ -153,39 +110,13 @@ const getAvailableTools = async (req, res) => {
        continue;
      }

-      const toolToAdd = { ...plugin };
-
-      if (plugin.pluginKey.includes(Constants.mcp_delimiter)) {
-        const parts = plugin.pluginKey.split(Constants.mcp_delimiter);
-        const serverName = parts[parts.length - 1];
-        const serverConfig = appConfig?.mcpConfig?.[serverName];
-
-        if (serverConfig?.customUserVars) {
-          const customVarKeys = Object.keys(serverConfig.customUserVars);
-          if (customVarKeys.length === 0) {
-            toolToAdd.authConfig = [];
-            toolToAdd.authenticated = true;
-          } else {
-            toolToAdd.authConfig = Object.entries(serverConfig.customUserVars).map(
-              ([key, value]) => ({
-                authField: key,
-                label: value.title || key,
-                description: value.description || '',
-              }),
-            );
-            toolToAdd.authenticated = false;
-          }
-        }
-      }
-
-      toolsOutput.push(toolToAdd);
+      toolsOutput.push(plugin);
    }

    const finalTools = filterUniquePlugins(toolsOutput);
    await cache.set(CacheKeys.TOOLS, finalTools);

-    const dedupedTools = filterUniquePlugins([...(mcpPlugins ?? []), ...finalTools]);
-    res.status(200).json(dedupedTools);
+    res.status(200).json(finalTools);
  } catch (error) {
    logger.error('[getAvailableTools]', error);
    res.status(500).json({ message: error.message });
--- a/api/server/controllers/PluginController.spec.js
+++ b/api/server/controllers/PluginController.spec.js
@@ -1,4 +1,3 @@
-const { Constants } = require('librechat-data-provider');
 const { getCachedTools, getAppConfig } = require('~/server/services/Config');
 const { getLogStores } = require('~/cache');

@@ -17,18 +16,10 @@ jest.mock('~/server/services/Config', () => ({
    includedTools: [],
  }),
  setCachedTools: jest.fn(),
-  mergeUserTools: jest.fn(),
 }));

 // loadAndFormatTools mock removed - no longer used in PluginController
-
-jest.mock('~/config', () => ({
-  getMCPManager: jest.fn(() => ({
-    getAllToolFunctions: jest.fn().mockResolvedValue({}),
-    getRawConfig: jest.fn().mockReturnValue({}),
-  })),
-  getFlowStateManager: jest.fn(),
-}));
+// getMCPManager mock removed - no longer used in PluginController

 jest.mock('~/app/clients/tools', () => ({
  availableTools: [],
@@ -159,52 +150,6 @@ describe('PluginController', () => {
  });

  describe('getAvailableTools', () => {
-    it('should use convertMCPToolsToPlugins for user-specific MCP tools', async () => {
-      const mockUserTools = {
-        [`tool1${Constants.mcp_delimiter}server1`]: {
-          type: 'function',
-          function: {
-            name: `tool1${Constants.mcp_delimiter}server1`,
-            description: 'Tool 1',
-            parameters: { type: 'object', properties: {} },
-          },
-        },
-      };
-
-      mockCache.get.mockResolvedValue(null);
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-      mockReq.config = {
-        mcpConfig: {
-          server1: {},
-        },
-        paths: { structuredTools: '/mock/path' },
-      };
-
-      // Mock MCP manager to return empty tools initially (since getAllToolFunctions is called)
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue({}),
-        getRawConfig: jest.fn().mockReturnValue({}),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
-      // Mock second call to return tool definitions (includeGlobal: true)
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      const responseData = mockRes.json.mock.calls[0][0];
-      expect(responseData).toBeDefined();
-      expect(Array.isArray(responseData)).toBe(true);
-      expect(responseData.length).toBeGreaterThan(0);
-      const convertedTool = responseData.find(
-        (tool) => tool.pluginKey === `tool1${Constants.mcp_delimiter}server1`,
-      );
-      expect(convertedTool).toBeDefined();
-      // The real convertMCPToolsToPlugins extracts the name from the delimiter
-      expect(convertedTool.name).toBe('tool1');
-    });
-
    it('should use filterUniquePlugins to deduplicate combined tools', async () => {
      const mockUserTools = {
        'user-tool': {
@@ -229,9 +174,6 @@ describe('PluginController', () => {
        paths: { structuredTools: '/mock/path' },
      };

-      // Mock second call to return tool definitions
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-
      await getAvailableTools(mockReq, mockRes);

      expect(mockRes.status).toHaveBeenCalledWith(200);
@@ -254,14 +196,7 @@ describe('PluginController', () => {
      require('~/app/clients/tools').availableTools.push(mockPlugin);

      mockCache.get.mockResolvedValue(null);
-      // First call returns null for user tools
-      getCachedTools.mockResolvedValueOnce(null);
-      mockReq.config = {
-        mcpConfig: null,
-        paths: { structuredTools: '/mock/path' },
-      };
-
-      // Second call (with includeGlobal: true) returns the tool definitions
+      // getCachedTools returns the tool definitions
      getCachedTools.mockResolvedValueOnce({
        tool1: {
          type: 'function',
@@ -272,6 +207,10 @@ describe('PluginController', () => {
          },
        },
      });
+      mockReq.config = {
+        mcpConfig: null,
+        paths: { structuredTools: '/mock/path' },
+      };

      await getAvailableTools(mockReq, mockRes);

@@ -302,14 +241,7 @@ describe('PluginController', () => {
      });

      mockCache.get.mockResolvedValue(null);
-      // First call returns null for user tools
-      getCachedTools.mockResolvedValueOnce(null);
-      mockReq.config = {
-        mcpConfig: null,
-        paths: { structuredTools: '/mock/path' },
-      };
-
-      // Second call (with includeGlobal: true) returns the tool definitions
+      // getCachedTools returns the tool definitions
      getCachedTools.mockResolvedValueOnce({
        toolkit1_function: {
          type: 'function',
@@ -320,6 +252,10 @@ describe('PluginController', () => {
          },
        },
      });
+      mockReq.config = {
+        mcpConfig: null,
+        paths: { structuredTools: '/mock/path' },
+      };

      await getAvailableTools(mockReq, mockRes);

@@ -331,126 +267,7 @@ describe('PluginController', () => {
    });
  });

-  describe('plugin.icon behavior', () => {
-    const callGetAvailableToolsWithMCPServer = async (serverConfig) => {
-      mockCache.get.mockResolvedValue(null);
-
-      const functionTools = {
-        [`test-tool${Constants.mcp_delimiter}test-server`]: {
-          type: 'function',
-          function: {
-            name: `test-tool${Constants.mcp_delimiter}test-server`,
-            description: 'A test tool',
-            parameters: { type: 'object', properties: {} },
-          },
-        },
-      };
-
-      // Mock the MCP manager to return tools and server config
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue(functionTools),
-        getRawConfig: jest.fn().mockReturnValue(serverConfig),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
-      // First call returns empty user tools
-      getCachedTools.mockResolvedValueOnce({});
-
-      // Mock getAppConfig to return the mcpConfig
-      mockReq.config = {
-        mcpConfig: {
-          'test-server': serverConfig,
-        },
-      };
-
-      // Second call (with includeGlobal: true) returns the tool definitions
-      getCachedTools.mockResolvedValueOnce(functionTools);
-
-      await getAvailableTools(mockReq, mockRes);
-      const responseData = mockRes.json.mock.calls[0][0];
-      return responseData.find(
-        (tool) => tool.pluginKey === `test-tool${Constants.mcp_delimiter}test-server`,
-      );
-    };
-
-    it('should set plugin.icon when iconPath is defined', async () => {
-      const serverConfig = {
-        iconPath: '/path/to/icon.png',
-      };
-      const testTool = await callGetAvailableToolsWithMCPServer(serverConfig);
-      expect(testTool.icon).toBe('/path/to/icon.png');
-    });
-
-    it('should set plugin.icon to undefined when iconPath is not defined', async () => {
-      const serverConfig = {};
-      const testTool = await callGetAvailableToolsWithMCPServer(serverConfig);
-      expect(testTool.icon).toBeUndefined();
-    });
-  });
-
  describe('helper function integration', () => {
-    it('should properly handle MCP tools with custom user variables', async () => {
-      const appConfig = {
-        mcpConfig: {
-          'test-server': {
-            customUserVars: {
-              API_KEY: { title: 'API Key', description: 'Your API key' },
-            },
-          },
-        },
-      };
-
-      // Mock MCP tools returned by getAllToolFunctions
-      const mcpToolFunctions = {
-        [`tool1${Constants.mcp_delimiter}test-server`]: {
-          type: 'function',
-          function: {
-            name: `tool1${Constants.mcp_delimiter}test-server`,
-            description: 'Tool 1',
-            parameters: {},
-          },
-        },
-      };
-
-      // Mock the MCP manager to return tools
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue(mcpToolFunctions),
-        getRawConfig: jest.fn().mockReturnValue({
-          customUserVars: {
-            API_KEY: { title: 'API Key', description: 'Your API key' },
-          },
-        }),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
-      mockCache.get.mockResolvedValue(null);
-      mockReq.config = appConfig;
-
-      // First call returns user tools (empty in this case)
-      getCachedTools.mockResolvedValueOnce({});
-
-      // Second call (with includeGlobal: true) returns tool definitions including our MCP tool
-      getCachedTools.mockResolvedValueOnce(mcpToolFunctions);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      const responseData = mockRes.json.mock.calls[0][0];
-      expect(Array.isArray(responseData)).toBe(true);
-
-      // Find the MCP tool in the response
-      const mcpTool = responseData.find(
-        (tool) => tool.pluginKey === `tool1${Constants.mcp_delimiter}test-server`,
-      );
-
-      // The actual implementation adds authConfig and sets authenticated to false when customUserVars exist
-      expect(mcpTool).toBeDefined();
-      expect(mcpTool.authConfig).toEqual([
-        { authField: 'API_KEY', label: 'API Key', description: 'Your API key' },
-      ]);
-      expect(mcpTool.authenticated).toBe(false);
-    });
-
    it('should handle error cases gracefully', async () => {
      mockCache.get.mockRejectedValue(new Error('Cache error'));

@@ -472,23 +289,13 @@ describe('PluginController', () => {

    it('should handle null cachedTools and cachedUserTools', async () => {
      mockCache.get.mockResolvedValue(null);
-      // First call returns null for user tools
-      getCachedTools.mockResolvedValueOnce(null);
+      // getCachedTools returns empty object instead of null
+      getCachedTools.mockResolvedValueOnce({});
      mockReq.config = {
        mcpConfig: null,
        paths: { structuredTools: '/mock/path' },
      };

-      // Mock MCP manager to return no tools
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue({}),
-        getRawConfig: jest.fn().mockReturnValue({}),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
-      // Second call (with includeGlobal: true) returns empty object instead of null
-      getCachedTools.mockResolvedValueOnce({});
-
      await getAvailableTools(mockReq, mockRes);

      // Should handle null values gracefully
@@ -503,9 +310,9 @@ describe('PluginController', () => {
        paths: { structuredTools: '/mock/path' },
      };

-      // Mock getCachedTools to return undefined for both calls
+      // Mock getCachedTools to return undefined
      getCachedTools.mockReset();
-      getCachedTools.mockResolvedValueOnce(undefined).mockResolvedValueOnce(undefined);
+      getCachedTools.mockResolvedValueOnce(undefined);

      await getAvailableTools(mockReq, mockRes);

@@ -514,51 +321,6 @@ describe('PluginController', () => {
      expect(mockRes.json).toHaveBeenCalledWith([]);
    });

-    it('should handle `cachedToolsArray` and `mcpPlugins` both being defined', async () => {
-      const cachedTools = [{ name: 'CachedTool', pluginKey: 'cached-tool', description: 'Cached' }];
-      // Use MCP delimiter for the user tool so convertMCPToolsToPlugins works
-      const userTools = {
-        [`user-tool${Constants.mcp_delimiter}server1`]: {
-          type: 'function',
-          function: {
-            name: `user-tool${Constants.mcp_delimiter}server1`,
-            description: 'User tool',
-            parameters: {},
-          },
-        },
-      };
-
-      mockCache.get.mockResolvedValue(cachedTools);
-      getCachedTools.mockResolvedValueOnce(userTools);
-      mockReq.config = {
-        mcpConfig: {
-          server1: {},
-        },
-        paths: { structuredTools: '/mock/path' },
-      };
-
-      // Mock MCP manager to return empty tools initially
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue({}),
-        getRawConfig: jest.fn().mockReturnValue({}),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
-      // The controller expects a second call to getCachedTools
-      getCachedTools.mockResolvedValueOnce({
-        'cached-tool': { type: 'function', function: { name: 'cached-tool' } },
-        [`user-tool${Constants.mcp_delimiter}server1`]:
-          userTools[`user-tool${Constants.mcp_delimiter}server1`],
-      });
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      const responseData = mockRes.json.mock.calls[0][0];
-      // Should have both cached and user tools
-      expect(responseData.length).toBeGreaterThanOrEqual(2);
-    });
-
    it('should handle empty toolDefinitions object', async () => {
      mockCache.get.mockResolvedValue(null);
      // Reset getCachedTools to ensure clean state
@@ -569,76 +331,12 @@ describe('PluginController', () => {
      // Ensure no plugins are available
      require('~/app/clients/tools').availableTools.length = 0;

-      // Reset MCP manager to default state
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue({}),
-        getRawConfig: jest.fn().mockReturnValue({}),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
      await getAvailableTools(mockReq, mockRes);

      // With empty tool definitions, no tools should be in the final output
      expect(mockRes.json).toHaveBeenCalledWith([]);
    });

-    it('should handle MCP tools without customUserVars', async () => {
-      const appConfig = {
-        mcpConfig: {
-          'test-server': {
-            // No customUserVars defined
-          },
-        },
-      };
-
-      const mockUserTools = {
-        [`tool1${Constants.mcp_delimiter}test-server`]: {
-          type: 'function',
-          function: {
-            name: `tool1${Constants.mcp_delimiter}test-server`,
-            description: 'Tool 1',
-            parameters: { type: 'object', properties: {} },
-          },
-        },
-      };
-
-      // Mock the MCP manager to return the tools
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue(mockUserTools),
-        getRawConfig: jest.fn().mockReturnValue({
-          // No customUserVars defined
-        }),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
-      mockCache.get.mockResolvedValue(null);
-      mockReq.config = appConfig;
-      // First call returns empty user tools
-      getCachedTools.mockResolvedValueOnce({});
-
-      // Second call (with includeGlobal: true) returns the tool definitions
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-
-      // Ensure no plugins in availableTools for clean test
-      require('~/app/clients/tools').availableTools.length = 0;
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      const responseData = mockRes.json.mock.calls[0][0];
-      expect(Array.isArray(responseData)).toBe(true);
-      expect(responseData.length).toBeGreaterThan(0);
-
-      const mcpTool = responseData.find(
-        (tool) => tool.pluginKey === `tool1${Constants.mcp_delimiter}test-server`,
-      );
-
-      expect(mcpTool).toBeDefined();
-      expect(mcpTool.authenticated).toBe(true);
-      // The actual implementation sets authConfig to empty array when no customUserVars
-      expect(mcpTool.authConfig).toEqual([]);
-    });
-
    it('should handle undefined filteredTools and includedTools', async () => {
      mockReq.config = {};
      mockCache.get.mockResolvedValue(null);
@@ -667,20 +365,129 @@ describe('PluginController', () => {
      require('~/app/clients/tools').availableTools.push(mockToolkit);

      mockCache.get.mockResolvedValue(null);
-      // First call returns empty object
+      // getCachedTools returns empty object to avoid null reference error
      getCachedTools.mockResolvedValueOnce({});
      mockReq.config = {
        mcpConfig: null,
        paths: { structuredTools: '/mock/path' },
      };

-      // Second call (with includeGlobal: true) returns empty object to avoid null reference error
-      getCachedTools.mockResolvedValueOnce({});
-
      await getAvailableTools(mockReq, mockRes);

      // Should handle null toolDefinitions gracefully
      expect(mockRes.status).toHaveBeenCalledWith(200);
    });
+
+    it('should handle undefined toolDefinitions when checking isToolDefined (traversaal_search bug)', async () => {
+      // This test reproduces the bug where toolDefinitions is undefined
+      // and accessing toolDefinitions[plugin.pluginKey] causes a TypeError
+      const mockPlugin = {
+        name: 'Traversaal Search',
+        pluginKey: 'traversaal_search',
+        description: 'Search plugin',
+      };
+
+      // Add the plugin to availableTools
+      require('~/app/clients/tools').availableTools.push(mockPlugin);
+
+      mockCache.get.mockResolvedValue(null);
+
+      mockReq.config = {
+        mcpConfig: null,
+        paths: { structuredTools: '/mock/path' },
+      };
+
+      // CRITICAL: getCachedTools returns undefined
+      // This is what causes the bug when trying to access toolDefinitions[plugin.pluginKey]
+      getCachedTools.mockResolvedValueOnce(undefined);
+
+      // This should not throw an error with the optional chaining fix
+      await getAvailableTools(mockReq, mockRes);
+
+      // Should handle undefined toolDefinitions gracefully and return empty array
+      expect(mockRes.status).toHaveBeenCalledWith(200);
+      expect(mockRes.json).toHaveBeenCalledWith([]);
+    });
+
+    it('should re-initialize tools from appConfig when cache returns null', async () => {
+      // Setup: Initial state with tools in appConfig
+      const mockAppTools = {
+        tool1: {
+          type: 'function',
+          function: {
+            name: 'tool1',
+            description: 'Tool 1',
+            parameters: {},
+          },
+        },
+        tool2: {
+          type: 'function',
+          function: {
+            name: 'tool2',
+            description: 'Tool 2',
+            parameters: {},
+          },
+        },
+      };
+
+      // Add matching plugins to availableTools
+      require('~/app/clients/tools').availableTools.push(
+        { name: 'Tool 1', pluginKey: 'tool1', description: 'Tool 1' },
+        { name: 'Tool 2', pluginKey: 'tool2', description: 'Tool 2' },
+      );
+
+      // Simulate cache cleared state (returns null)
+      mockCache.get.mockResolvedValue(null);
+      getCachedTools.mockResolvedValueOnce(null); // Global tools (cache cleared)
+
+      mockReq.config = {
+        filteredTools: [],
+        includedTools: [],
+        availableTools: mockAppTools,
+      };
+
+      // Mock setCachedTools to verify it's called to re-initialize
+      const { setCachedTools } = require('~/server/services/Config');
+
+      await getAvailableTools(mockReq, mockRes);
+
+      // Should have re-initialized the cache with tools from appConfig
+      expect(setCachedTools).toHaveBeenCalledWith(mockAppTools);
+
+      // Should still return tools successfully
+      expect(mockRes.status).toHaveBeenCalledWith(200);
+      const responseData = mockRes.json.mock.calls[0][0];
+      expect(responseData).toHaveLength(2);
+      expect(responseData.find((t) => t.pluginKey === 'tool1')).toBeDefined();
+      expect(responseData.find((t) => t.pluginKey === 'tool2')).toBeDefined();
+    });
+
+    it('should handle cache clear without appConfig.availableTools gracefully', async () => {
+      // Setup: appConfig without availableTools
+      getAppConfig.mockResolvedValue({
+        filteredTools: [],
+        includedTools: [],
+        // No availableTools property
+      });
+
+      // Clear availableTools array
+      require('~/app/clients/tools').availableTools.length = 0;
+
+      // Cache returns null (cleared state)
+      mockCache.get.mockResolvedValue(null);
+      getCachedTools.mockResolvedValueOnce(null); // Global tools (cache cleared)
+
+      mockReq.config = {
+        filteredTools: [],
+        includedTools: [],
+        // No availableTools
+      };
+
+      await getAvailableTools(mockReq, mockRes);
+
+      // Should handle gracefully without crashing
+      expect(mockRes.status).toHaveBeenCalledWith(200);
+      expect(mockRes.json).toHaveBeenCalledWith([]);
+    });
  });
 });
--- a/api/server/controllers/UserController.js
+++ b/api/server/controllers/UserController.js
@@ -1,26 +1,34 @@
 const { logger } = require('@librechat/data-schemas');
-const { webSearchKeys, extractWebSearchEnvVars, normalizeHttpError } = require('@librechat/api');
+const { Tools, CacheKeys, Constants, FileSources } = require('librechat-data-provider');
+const {
+  webSearchKeys,
+  MCPOAuthHandler,
+  MCPTokenStorage,
+  normalizeHttpError,
+  extractWebSearchEnvVars,
+} = require('@librechat/api');
 const {
  getFiles,
+  findToken,
  updateUser,
  deleteFiles,
  deleteConvos,
  deletePresets,
  deleteMessages,
  deleteUserById,
+  deleteAllSharedLinks,
  deleteAllUserSessions,
 } = require('~/models');
 const { updateUserPluginAuth, deleteUserPluginAuth } = require('~/server/services/PluginService');
 const { updateUserPluginsService, deleteUserKey } = require('~/server/services/UserService');
 const { verifyEmail, resendVerificationEmail } = require('~/server/services/AuthService');
 const { needsRefresh, getNewS3URL } = require('~/server/services/Files/S3/crud');
-const { Tools, Constants, FileSources } = require('librechat-data-provider');
 const { processDeleteRequest } = require('~/server/services/Files/process');
-const { Transaction, Balance, User } = require('~/db/models');
+const { Transaction, Balance, User, Token } = require('~/db/models');
+const { getMCPManager, getFlowStateManager } = require('~/config');
 const { getAppConfig } = require('~/server/services/Config');
 const { deleteToolCalls } = require('~/models/ToolCall');
-const { deleteAllSharedLinks } = require('~/models');
-const { getMCPManager } = require('~/config');
+const { getLogStores } = require('~/cache');

 const getUserController = async (req, res) => {
  const appConfig = await getAppConfig({ role: req.user?.role });
@@ -162,6 +170,15 @@ const updateUserPluginsController = async (req, res) => {
          );
          ({ status, message } = normalizeHttpError(authService));
        }
+        try {
+          // if the MCP server uses OAuth, perform a full cleanup and token revocation
+          await maybeUninstallOAuthMCP(user.id, pluginKey, appConfig);
+        } catch (error) {
+          logger.error(
+            `[updateUserPluginsController] Error uninstalling OAuth MCP for ${pluginKey}:`,
+            error,
+          );
+        }
      } else {
        // This handles:
        // 1. Web_search uninstall (keys will be populated with all webSearchKeys if auth was {}).
@@ -269,6 +286,94 @@ const resendVerificationController = async (req, res) => {
  }
 };

+/**
+ * OAuth MCP specific uninstall logic
+ */
+const maybeUninstallOAuthMCP = async (userId, pluginKey, appConfig) => {
+  if (!pluginKey.startsWith(Constants.mcp_prefix)) {
+    // this is not an MCP server, so nothing to do here
+    return;
+  }
+
+  const serverName = pluginKey.replace(Constants.mcp_prefix, '');
+  const mcpManager = getMCPManager(userId);
+  const serverConfig = mcpManager.getRawConfig(serverName) ?? appConfig?.mcpServers?.[serverName];
+
+  if (!mcpManager.getOAuthServers().has(serverName)) {
+    // this server does not use OAuth, so nothing to do here as well
+    return;
+  }
+
+  // 1. get client info used for revocation (client id, secret)
+  const clientTokenData = await MCPTokenStorage.getClientInfoAndMetadata({
+    userId,
+    serverName,
+    findToken,
+  });
+  if (clientTokenData == null) {
+    return;
+  }
+  const { clientInfo, clientMetadata } = clientTokenData;
+
+  // 2. get decrypted tokens before deletion
+  const tokens = await MCPTokenStorage.getTokens({
+    userId,
+    serverName,
+    findToken,
+  });
+
+  // 3. revoke OAuth tokens at the provider
+  const revocationEndpoint =
+    serverConfig.oauth?.revocation_endpoint ?? clientMetadata.revocation_endpoint;
+  const revocationEndpointAuthMethodsSupported =
+    serverConfig.oauth?.revocation_endpoint_auth_methods_supported ??
+    clientMetadata.revocation_endpoint_auth_methods_supported;
+
+  if (tokens?.access_token) {
+    try {
+      await MCPOAuthHandler.revokeOAuthToken(serverName, tokens.access_token, 'access', {
+        serverUrl: serverConfig.url,
+        clientId: clientInfo.client_id,
+        clientSecret: clientInfo.client_secret ?? '',
+        revocationEndpoint,
+        revocationEndpointAuthMethodsSupported,
+      });
+    } catch (error) {
+      logger.error(`Error revoking OAuth access token for ${serverName}:`, error);
+    }
+  }
+
+  if (tokens?.refresh_token) {
+    try {
+      await MCPOAuthHandler.revokeOAuthToken(serverName, tokens.refresh_token, 'refresh', {
+        serverUrl: serverConfig.url,
+        clientId: clientInfo.client_id,
+        clientSecret: clientInfo.client_secret ?? '',
+        revocationEndpoint,
+        revocationEndpointAuthMethodsSupported,
+      });
+    } catch (error) {
+      logger.error(`Error revoking OAuth refresh token for ${serverName}:`, error);
+    }
+  }
+
+  // 4. delete tokens from the DB after revocation attempts
+  await MCPTokenStorage.deleteUserTokens({
+    userId,
+    serverName,
+    deleteToken: async (filter) => {
+      await Token.deleteOne(filter);
+    },
+  });
+
+  // 5. clear the flow state for the OAuth tokens
+  const flowsCache = getLogStores(CacheKeys.FLOWS);
+  const flowManager = getFlowStateManager(flowsCache);
+  const flowId = MCPOAuthHandler.generateFlowId(userId, serverName);
+  await flowManager.deleteFlow(flowId, 'mcp_get_tokens');
+  await flowManager.deleteFlow(flowId, 'mcp_oauth');
+};
+
 module.exports = {
  getUserController,
  getTermsStatusController,
--- a/api/server/controllers/agents/tests/callbacks.spec.js
+++ b/api/server/controllers/agents/tests/callbacks.spec.js
@@ -0,0 +1,342 @@
+const { Tools } = require('librechat-data-provider');
+
+// Mock all dependencies before requiring the module
+jest.mock('nanoid', () => ({
+  nanoid: jest.fn(() => 'mock-id'),
+}));
+
+jest.mock('@librechat/api', () => ({
+  sendEvent: jest.fn(),
+}));
+
+jest.mock('@librechat/data-schemas', () => ({
+  logger: {
+    error: jest.fn(),
+  },
+}));
+
+jest.mock('@librechat/agents', () => ({
+  EnvVar: { CODE_API_KEY: 'CODE_API_KEY' },
+  Providers: { GOOGLE: 'google' },
+  GraphEvents: {},
+  getMessageId: jest.fn(),
+  ToolEndHandler: jest.fn(),
+  handleToolCalls: jest.fn(),
+  ChatModelStreamHandler: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/Citations', () => ({
+  processFileCitations: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/Code/process', () => ({
+  processCodeOutput: jest.fn(),
+}));
+
+jest.mock('~/server/services/Tools/credentials', () => ({
+  loadAuthValues: jest.fn(),
+}));
+
+jest.mock('~/server/services/Files/process', () => ({
+  saveBase64Image: jest.fn(),
+}));
+
+describe('createToolEndCallback', () => {
+  let req, res, artifactPromises, createToolEndCallback;
+  let logger;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    // Get the mocked logger
+    logger = require('@librechat/data-schemas').logger;
+
+    // Now require the module after all mocks are set up
+    const callbacks = require('../callbacks');
+    createToolEndCallback = callbacks.createToolEndCallback;
+
+    req = {
+      user: { id: 'user123' },
+    };
+    res = {
+      headersSent: false,
+      write: jest.fn(),
+    };
+    artifactPromises = [];
+  });
+
+  describe('ui_resources artifact handling', () => {
+    it('should process ui_resources artifact and return attachment when headers not sent', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const output = {
+        tool_call_id: 'tool123',
+        artifact: {
+          [Tools.ui_resources]: {
+            data: {
+              0: { type: 'button', label: 'Click me' },
+              1: { type: 'input', placeholder: 'Enter text' },
+            },
+          },
+        },
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+
+      // Wait for all promises to resolve
+      const results = await Promise.all(artifactPromises);
+
+      // When headers are not sent, it returns attachment without writing
+      expect(res.write).not.toHaveBeenCalled();
+
+      const attachment = results[0];
+      expect(attachment).toEqual({
+        type: Tools.ui_resources,
+        messageId: 'run456',
+        toolCallId: 'tool123',
+        conversationId: 'thread789',
+        [Tools.ui_resources]: {
+          0: { type: 'button', label: 'Click me' },
+          1: { type: 'input', placeholder: 'Enter text' },
+        },
+      });
+    });
+
+    it('should write to response when headers are already sent', async () => {
+      res.headersSent = true;
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const output = {
+        tool_call_id: 'tool123',
+        artifact: {
+          [Tools.ui_resources]: {
+            data: {
+              0: { type: 'carousel', items: [] },
+            },
+          },
+        },
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+      const results = await Promise.all(artifactPromises);
+
+      expect(res.write).toHaveBeenCalled();
+      expect(results[0]).toEqual({
+        type: Tools.ui_resources,
+        messageId: 'run456',
+        toolCallId: 'tool123',
+        conversationId: 'thread789',
+        [Tools.ui_resources]: {
+          0: { type: 'carousel', items: [] },
+        },
+      });
+    });
+
+    it('should handle errors when processing ui_resources', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      // Mock res.write to throw an error
+      res.headersSent = true;
+      res.write.mockImplementation(() => {
+        throw new Error('Write failed');
+      });
+
+      const output = {
+        tool_call_id: 'tool123',
+        artifact: {
+          [Tools.ui_resources]: {
+            data: {
+              0: { type: 'test' },
+            },
+          },
+        },
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+      const results = await Promise.all(artifactPromises);
+
+      expect(logger.error).toHaveBeenCalledWith(
+        'Error processing artifact content:',
+        expect.any(Error),
+      );
+      expect(results[0]).toBeNull();
+    });
+
+    it('should handle multiple artifacts including ui_resources', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const output = {
+        tool_call_id: 'tool123',
+        artifact: {
+          [Tools.ui_resources]: {
+            data: {
+              0: { type: 'chart', data: [] },
+            },
+          },
+          [Tools.web_search]: {
+            results: ['result1', 'result2'],
+          },
+        },
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+      const results = await Promise.all(artifactPromises);
+
+      // Both ui_resources and web_search should be processed
+      expect(artifactPromises).toHaveLength(2);
+      expect(results).toHaveLength(2);
+
+      // Check ui_resources attachment
+      const uiResourceAttachment = results.find((r) => r?.type === Tools.ui_resources);
+      expect(uiResourceAttachment).toBeTruthy();
+      expect(uiResourceAttachment[Tools.ui_resources]).toEqual({
+        0: { type: 'chart', data: [] },
+      });
+
+      // Check web_search attachment
+      const webSearchAttachment = results.find((r) => r?.type === Tools.web_search);
+      expect(webSearchAttachment).toBeTruthy();
+      expect(webSearchAttachment[Tools.web_search]).toEqual({
+        results: ['result1', 'result2'],
+      });
+    });
+
+    it('should not process artifacts when output has no artifacts', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const output = {
+        tool_call_id: 'tool123',
+        content: 'Some regular content',
+        // No artifact property
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+
+      expect(artifactPromises).toHaveLength(0);
+      expect(res.write).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('edge cases', () => {
+    it('should handle empty ui_resources data object', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const output = {
+        tool_call_id: 'tool123',
+        artifact: {
+          [Tools.ui_resources]: {
+            data: {},
+          },
+        },
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+      const results = await Promise.all(artifactPromises);
+
+      expect(results[0]).toEqual({
+        type: Tools.ui_resources,
+        messageId: 'run456',
+        toolCallId: 'tool123',
+        conversationId: 'thread789',
+        [Tools.ui_resources]: {},
+      });
+    });
+
+    it('should handle ui_resources with complex nested data', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const complexData = {
+        0: {
+          type: 'form',
+          fields: [
+            { name: 'field1', type: 'text', required: true },
+            { name: 'field2', type: 'select', options: ['a', 'b', 'c'] },
+          ],
+          nested: {
+            deep: {
+              value: 123,
+              array: [1, 2, 3],
+            },
+          },
+        },
+      };
+
+      const output = {
+        tool_call_id: 'tool123',
+        artifact: {
+          [Tools.ui_resources]: {
+            data: complexData,
+          },
+        },
+      };
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output }, metadata);
+      const results = await Promise.all(artifactPromises);
+
+      expect(results[0][Tools.ui_resources]).toEqual(complexData);
+    });
+
+    it('should handle when output is undefined', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback({ output: undefined }, metadata);
+
+      expect(artifactPromises).toHaveLength(0);
+      expect(res.write).not.toHaveBeenCalled();
+    });
+
+    it('should handle when data parameter is undefined', async () => {
+      const toolEndCallback = createToolEndCallback({ req, res, artifactPromises });
+
+      const metadata = {
+        run_id: 'run456',
+        thread_id: 'thread789',
+      };
+
+      await toolEndCallback(undefined, metadata);
+
+      expect(artifactPromises).toHaveLength(0);
+      expect(res.write).not.toHaveBeenCalled();
+    });
+  });
+});
--- a/api/server/controllers/agents/tests/v1.spec.js
+++ b/api/server/controllers/agents/tests/v1.spec.js
@@ -158,7 +158,7 @@ describe('duplicateAgent', () => {
    });
  });

-  it('should handle tool_resources.ocr correctly', async () => {
+  it('should convert `tool_resources.ocr` to `tool_resources.context`', async () => {
    const mockAgent = {
      id: 'agent_123',
      name: 'Test Agent',
@@ -178,7 +178,7 @@ describe('duplicateAgent', () => {
    expect(createAgent).toHaveBeenCalledWith(
      expect.objectContaining({
        tool_resources: {
-          ocr: { enabled: true, config: 'test' },
+          context: { enabled: true, config: 'test' },
        },
      }),
    );
--- a/api/server/controllers/agents/callbacks.js
+++ b/api/server/controllers/agents/callbacks.js
@@ -265,6 +265,30 @@ function createToolEndCallback({ req, res, artifactPromises }) {
      );
    }

+    // TODO: a lot of duplicated code in createToolEndCallback
+    // we should refactor this to use a helper function in a follow-up PR
+    if (output.artifact[Tools.ui_resources]) {
+      artifactPromises.push(
+        (async () => {
+          const attachment = {
+            type: Tools.ui_resources,
+            messageId: metadata.run_id,
+            toolCallId: output.tool_call_id,
+            conversationId: metadata.thread_id,
+            [Tools.ui_resources]: output.artifact[Tools.ui_resources].data,
+          };
+          if (!res.headersSent) {
+            return attachment;
+          }
+          res.write(`event: attachment\ndata: ${JSON.stringify(attachment)}\n\n`);
+          return attachment;
+        })().catch((error) => {
+          logger.error('Error processing artifact content:', error);
+          return null;
+        }),
+      );
+    }
+
    if (output.artifact[Tools.web_search]) {
      artifactPromises.push(
        (async () => {
--- a/api/server/controllers/agents/client.js
+++ b/api/server/controllers/agents/client.js
@@ -872,11 +872,10 @@ class AgentClient extends BaseClient {
        if (agent.useLegacyContent === true) {
          messages = formatContentStrings(messages);
        }
-        if (
-          agent.model_parameters?.clientOptions?.defaultHeaders?.['anthropic-beta']?.includes(
-            'prompt-caching',
-          )
-        ) {
+        const defaultHeaders =
+          agent.model_parameters?.clientOptions?.defaultHeaders ??
+          agent.model_parameters?.configuration?.defaultHeaders;
+        if (defaultHeaders?.['anthropic-beta']?.includes('prompt-caching')) {
          messages = addCacheControl(messages);
        }

@@ -1122,6 +1121,13 @@ class AgentClient extends BaseClient {
      );
    }

+    if (endpointConfig?.titleConvo === false) {
+      logger.debug(
+        `[api/server/controllers/agents/client.js #titleConvo] Title generation disabled for endpoint "${endpoint}"`,
+      );
+      return;
+    }
+
    if (endpointConfig?.titleEndpoint && endpointConfig.titleEndpoint !== endpoint) {
      try {
        titleProviderConfig = getProviderConfig({
@@ -1131,7 +1137,7 @@ class AgentClient extends BaseClient {
        endpoint = endpointConfig.titleEndpoint;
      } catch (error) {
        logger.warn(
-          `[api/server/controllers/agents/client.js #titleConvo] Error getting title endpoint config for ${endpointConfig.titleEndpoint}, falling back to default`,
+          `[api/server/controllers/agents/client.js #titleConvo] Error getting title endpoint config for "${endpointConfig.titleEndpoint}", falling back to default`,
          error,
        );
        // Fall back to original provider config
--- a/api/server/controllers/agents/client.test.js
+++ b/api/server/controllers/agents/client.test.js
@@ -263,6 +263,125 @@ describe('AgentClient - titleConvo', () => {
      expect(result).toBeUndefined();
    });

+    it('should skip title generation when titleConvo is set to false', async () => {
+      // Set titleConvo to false in endpoint config
+      mockReq.config = {
+        endpoints: {
+          [EModelEndpoint.openAI]: {
+            titleConvo: false,
+            titleModel: 'gpt-3.5-turbo',
+            titlePrompt: 'Custom title prompt',
+            titleMethod: 'structured',
+            titlePromptTemplate: 'Template: {{content}}',
+          },
+        },
+      };
+
+      const text = 'Test conversation text';
+      const abortController = new AbortController();
+
+      const result = await client.titleConvo({ text, abortController });
+
+      // Should return undefined without generating title
+      expect(result).toBeUndefined();
+
+      // generateTitle should NOT have been called
+      expect(mockRun.generateTitle).not.toHaveBeenCalled();
+
+      // recordCollectedUsage should NOT have been called
+      expect(client.recordCollectedUsage).not.toHaveBeenCalled();
+    });
+
+    it('should skip title generation when titleConvo is false in all config', async () => {
+      // Set titleConvo to false in "all" config
+      mockReq.config = {
+        endpoints: {
+          all: {
+            titleConvo: false,
+            titleModel: 'gpt-4o-mini',
+            titlePrompt: 'All config title prompt',
+            titleMethod: 'completion',
+            titlePromptTemplate: 'All config template',
+          },
+        },
+      };
+
+      const text = 'Test conversation text';
+      const abortController = new AbortController();
+
+      const result = await client.titleConvo({ text, abortController });
+
+      // Should return undefined without generating title
+      expect(result).toBeUndefined();
+
+      // generateTitle should NOT have been called
+      expect(mockRun.generateTitle).not.toHaveBeenCalled();
+
+      // recordCollectedUsage should NOT have been called
+      expect(client.recordCollectedUsage).not.toHaveBeenCalled();
+    });
+
+    it('should skip title generation when titleConvo is false for custom endpoint scenario', async () => {
+      // This test validates the behavior when customEndpointConfig (retrieved via
+      // getProviderConfig for custom endpoints) has titleConvo: false.
+      //
+      // The code path is:
+      // 1. endpoints?.all is checked (undefined in this test)
+      // 2. endpoints?.[endpoint] is checked (our test config)
+      // 3. Would fall back to titleProviderConfig.customEndpointConfig (for real custom endpoints)
+      //
+      // We simulate a custom endpoint scenario using a dynamically named endpoint config
+
+      // Create a unique endpoint name that represents a custom endpoint
+      const customEndpointName = 'customEndpoint';
+
+      // Configure the endpoint to have titleConvo: false
+      // This simulates what would be in customEndpointConfig for a real custom endpoint
+      mockReq.config = {
+        endpoints: {
+          // No 'all' config - so it will check endpoints[endpoint]
+          // This config represents what customEndpointConfig would contain
+          [customEndpointName]: {
+            titleConvo: false,
+            titleModel: 'custom-model-v1',
+            titlePrompt: 'Custom endpoint title prompt',
+            titleMethod: 'completion',
+            titlePromptTemplate: 'Custom template: {{content}}',
+            baseURL: 'https://api.custom-llm.com/v1',
+            apiKey: 'test-custom-key',
+            // Additional custom endpoint properties
+            models: {
+              default: ['custom-model-v1', 'custom-model-v2'],
+            },
+          },
+        },
+      };
+
+      // Set up agent to use our custom endpoint
+      // Use openAI as base but override with custom endpoint name for this test
+      mockAgent.endpoint = EModelEndpoint.openAI;
+      mockAgent.provider = EModelEndpoint.openAI;
+
+      // Override the endpoint in the config to point to our custom config
+      mockReq.config.endpoints[EModelEndpoint.openAI] =
+        mockReq.config.endpoints[customEndpointName];
+      delete mockReq.config.endpoints[customEndpointName];
+
+      const text = 'Test custom endpoint conversation';
+      const abortController = new AbortController();
+
+      const result = await client.titleConvo({ text, abortController });
+
+      // Should return undefined without generating title because titleConvo is false
+      expect(result).toBeUndefined();
+
+      // generateTitle should NOT have been called
+      expect(mockRun.generateTitle).not.toHaveBeenCalled();
+
+      // recordCollectedUsage should NOT have been called
+      expect(client.recordCollectedUsage).not.toHaveBeenCalled();
+    });
+
    it('should pass titleEndpoint configuration to generateTitle', async () => {
      // Mock the API key just for this test
      const originalApiKey = process.env.ANTHROPIC_API_KEY;
--- a/api/server/controllers/agents/v1.js
+++ b/api/server/controllers/agents/v1.js
@@ -2,7 +2,12 @@ const { z } = require('zod');
 const fs = require('fs').promises;
 const { nanoid } = require('nanoid');
 const { logger } = require('@librechat/data-schemas');
-const { agentCreateSchema, agentUpdateSchema } = require('@librechat/api');
+const {
+  agentCreateSchema,
+  agentUpdateSchema,
+  mergeAgentOcrConversion,
+  convertOcrToContextInPlace,
+} = require('@librechat/api');
 const {
  Tools,
  Constants,
@@ -66,7 +71,7 @@ const createAgentHandler = async (req, res) => {
    agentData.author = userId;
    agentData.tools = [];

-    const availableTools = await getCachedTools({ includeGlobal: true });
+    const availableTools = await getCachedTools();
    for (const tool of tools) {
      if (availableTools[tool]) {
        agentData.tools.push(tool);
@@ -198,19 +203,32 @@ const getAgentHandler = async (req, res, expandProperties = false) => {
 * @param {object} req.params - Request params
 * @param {string} req.params.id - Agent identifier.
 * @param {AgentUpdateParams} req.body - The Agent update parameters.
- * @returns {Agent} 200 - success response - application/json
+ * @returns {Promise<Agent>} 200 - success response - application/json
 */
 const updateAgentHandler = async (req, res) => {
  try {
    const id = req.params.id;
    const validatedData = agentUpdateSchema.parse(req.body);
    const { _id, ...updateData } = removeNullishValues(validatedData);
+
+    // Convert OCR to context in incoming updateData
+    convertOcrToContextInPlace(updateData);
+
    const existingAgent = await getAgent({ id });

    if (!existingAgent) {
      return res.status(404).json({ error: 'Agent not found' });
    }

+    // Convert legacy OCR tool resource to context format in existing agent
+    const ocrConversion = mergeAgentOcrConversion(existingAgent, updateData);
+    if (ocrConversion.tool_resources) {
+      updateData.tool_resources = ocrConversion.tool_resources;
+    }
+    if (ocrConversion.tools) {
+      updateData.tools = ocrConversion.tools;
+    }
+
    let updatedAgent =
      Object.keys(updateData).length > 0
        ? await updateAgent({ id }, updateData, {
@@ -255,7 +273,7 @@ const updateAgentHandler = async (req, res) => {
 * @param {object} req - Express Request
 * @param {object} req.params - Request params
 * @param {string} req.params.id - Agent identifier.
- * @returns {Agent} 201 - success response - application/json
+ * @returns {Promise<Agent>} 201 - success response - application/json
 */
 const duplicateAgentHandler = async (req, res) => {
  const { id } = req.params;
@@ -288,9 +306,19 @@ const duplicateAgentHandler = async (req, res) => {
      hour12: false,
    })})`;

+    if (_tool_resources?.[EToolResources.context]) {
+      cloneData.tool_resources = {
+        [EToolResources.context]: _tool_resources[EToolResources.context],
+      };
+    }
+
    if (_tool_resources?.[EToolResources.ocr]) {
      cloneData.tool_resources = {
-        [EToolResources.ocr]: _tool_resources[EToolResources.ocr],
+        /** Legacy conversion from `ocr` to `context` */
+        [EToolResources.context]: {
+          ...(_tool_resources[EToolResources.context] ?? {}),
+          ..._tool_resources[EToolResources.ocr],
+        },
      };
    }

@@ -382,7 +410,7 @@ const duplicateAgentHandler = async (req, res) => {
 * @param {object} req - Express Request
 * @param {object} req.params - Request params
 * @param {string} req.params.id - Agent identifier.
- * @returns {Agent} 200 - success response - application/json
+ * @returns {Promise<Agent>} 200 - success response - application/json
 */
 const deleteAgentHandler = async (req, res) => {
  try {
@@ -484,7 +512,7 @@ const getListAgentsHandler = async (req, res) => {
 * @param {Express.Multer.File} req.file - The avatar image file.
 * @param {object} req.body - Request body
 * @param {string} [req.body.avatar] - Optional avatar for the agent's avatar.
- * @returns {Object} 200 - success response - application/json
+ * @returns {Promise<void>} 200 - success response - application/json
 */
 const uploadAgentAvatarHandler = async (req, res) => {
  try {
--- a/api/server/controllers/agents/v1.spec.js
+++ b/api/server/controllers/agents/v1.spec.js
@@ -512,6 +512,7 @@ describe('Agent Controllers - Mass Assignment Protection', () => {
      mockReq.params.id = existingAgentId;
      mockReq.body = {
        tool_resources: {
+          /** Legacy conversion from `ocr` to `context` */
          ocr: {
            file_ids: ['ocr1', 'ocr2'],
          },
@@ -531,7 +532,8 @@ describe('Agent Controllers - Mass Assignment Protection', () => {

      const updatedAgent = mockRes.json.mock.calls[0][0];
      expect(updatedAgent.tool_resources).toBeDefined();
-      expect(updatedAgent.tool_resources.ocr).toBeDefined();
+      expect(updatedAgent.tool_resources.ocr).toBeUndefined();
+      expect(updatedAgent.tool_resources.context).toBeDefined();
      expect(updatedAgent.tool_resources.execute_code).toBeDefined();
      expect(updatedAgent.tool_resources.invalid_tool).toBeUndefined();
    });
--- a/api/server/controllers/assistants/v1.js
+++ b/api/server/controllers/assistants/v1.js
@@ -31,7 +31,7 @@ const createAssistant = async (req, res) => {
    delete assistantData.conversation_starters;
    delete assistantData.append_current_datetime;

-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+    const toolDefinitions = await getCachedTools();

    assistantData.tools = tools
      .map((tool) => {
@@ -136,7 +136,7 @@ const patchAssistant = async (req, res) => {
      ...updateData
    } = req.body;

-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+    const toolDefinitions = await getCachedTools();

    updateData.tools = (updateData.tools ?? [])
      .map((tool) => {
--- a/api/server/controllers/assistants/v2.js
+++ b/api/server/controllers/assistants/v2.js
@@ -28,7 +28,7 @@ const createAssistant = async (req, res) => {
    delete assistantData.conversation_starters;
    delete assistantData.append_current_datetime;

-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+    const toolDefinitions = await getCachedTools();

    assistantData.tools = tools
      .map((tool) => {
@@ -125,7 +125,7 @@ const updateAssistant = async ({ req, openai, assistant_id, updateData }) => {

  let hasFileSearch = false;
  for (const tool of updateData.tools ?? []) {
-    const toolDefinitions = await getCachedTools({ includeGlobal: true });
+    const toolDefinitions = await getCachedTools();
    let actualTool = typeof tool === 'string' ? toolDefinitions[tool] : tool;

    if (!actualTool && manifestToolMap[tool] && manifestToolMap[tool].toolkit === true) {
--- a/api/server/controllers/auth/LoginController.js
+++ b/api/server/controllers/auth/LoginController.js
@@ -1,6 +1,6 @@
+const { logger } = require('@librechat/data-schemas');
 const { generate2FATempToken } = require('~/server/services/twoFactorService');
 const { setAuthTokens } = require('~/server/services/AuthService');
-const { logger } = require('~/config');

 const loginController = async (req, res) => {
  try {
--- a/api/server/controllers/auth/LogoutController.js
+++ b/api/server/controllers/auth/LogoutController.js
@@ -1,8 +1,8 @@
 const cookies = require('cookie');
-const { getOpenIdConfig } = require('~/strategies');
+const { isEnabled } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { logoutUser } = require('~/server/services/AuthService');
-const { isEnabled } = require('~/server/utils');
-const { logger } = require('~/config');
+const { getOpenIdConfig } = require('~/strategies');

 const logoutController = async (req, res) => {
  const refreshToken = req.headers.cookie ? cookies.parse(req.headers.cookie).refreshToken : null;
--- a/api/server/controllers/mcp.js
+++ b/api/server/controllers/mcp.js
@@ -0,0 +1,126 @@
+/**
+ * MCP Tools Controller
+ * Handles MCP-specific tool endpoints, decoupled from regular LibreChat tools
+ */
+const { logger } = require('@librechat/data-schemas');
+const { Constants } = require('librechat-data-provider');
+const {
+  cacheMCPServerTools,
+  getMCPServerTools,
+  getAppConfig,
+} = require('~/server/services/Config');
+const { getMCPManager } = require('~/config');
+
+/**
+ * Get all MCP tools available to the user
+ */
+const getMCPTools = async (req, res) => {
+  try {
+    const userId = req.user?.id;
+    if (!userId) {
+      logger.warn('[getMCPTools] User ID not found in request');
+      return res.status(401).json({ message: 'Unauthorized' });
+    }
+
+    const appConfig = req.config ?? (await getAppConfig({ role: req.user?.role }));
+    if (!appConfig?.mcpConfig) {
+      return res.status(200).json({ servers: {} });
+    }
+
+    const mcpManager = getMCPManager();
+    const configuredServers = Object.keys(appConfig.mcpConfig);
+    const mcpServers = {};
+
+    const cachePromises = configuredServers.map((serverName) =>
+      getMCPServerTools(serverName).then((tools) => ({ serverName, tools })),
+    );
+    const cacheResults = await Promise.all(cachePromises);
+
+    const serverToolsMap = new Map();
+    for (const { serverName, tools } of cacheResults) {
+      if (tools) {
+        serverToolsMap.set(serverName, tools);
+        continue;
+      }
+
+      const serverTools = await mcpManager.getServerToolFunctions(userId, serverName);
+      if (!serverTools) {
+        logger.debug(`[getMCPTools] No tools found for server ${serverName}`);
+        continue;
+      }
+      serverToolsMap.set(serverName, serverTools);
+
+      if (Object.keys(serverTools).length > 0) {
+        // Cache asynchronously without blocking
+        cacheMCPServerTools({ serverName, serverTools }).catch((err) =>
+          logger.error(`[getMCPTools] Failed to cache tools for ${serverName}:`, err),
+        );
+      }
+    }
+
+    // Process each configured server
+    for (const serverName of configuredServers) {
+      try {
+        const serverTools = serverToolsMap.get(serverName);
+
+        // Get server config once
+        const serverConfig = appConfig.mcpConfig[serverName];
+        const rawServerConfig = mcpManager.getRawConfig(serverName);
+
+        // Initialize server object with all server-level data
+        const server = {
+          name: serverName,
+          icon: rawServerConfig?.iconPath || '',
+          authenticated: true,
+          authConfig: [],
+          tools: [],
+        };
+
+        // Set authentication config once for the server
+        if (serverConfig?.customUserVars) {
+          const customVarKeys = Object.keys(serverConfig.customUserVars);
+          if (customVarKeys.length > 0) {
+            server.authConfig = Object.entries(serverConfig.customUserVars).map(([key, value]) => ({
+              authField: key,
+              label: value.title || key,
+              description: value.description || '',
+            }));
+            server.authenticated = false;
+          }
+        }
+
+        // Process tools efficiently - no need for convertMCPToolToPlugin
+        if (serverTools) {
+          for (const [toolKey, toolData] of Object.entries(serverTools)) {
+            if (!toolData.function || !toolKey.includes(Constants.mcp_delimiter)) {
+              continue;
+            }
+
+            const toolName = toolKey.split(Constants.mcp_delimiter)[0];
+            server.tools.push({
+              name: toolName,
+              pluginKey: toolKey,
+              description: toolData.function.description || '',
+            });
+          }
+        }
+
+        // Only add server if it has tools or is configured
+        if (server.tools.length > 0 || serverConfig) {
+          mcpServers[serverName] = server;
+        }
+      } catch (error) {
+        logger.error(`[getMCPTools] Error loading tools for server ${serverName}:`, error);
+      }
+    }
+
+    res.status(200).json({ servers: mcpServers });
+  } catch (error) {
+    logger.error('[getMCPTools]', error);
+    res.status(500).json({ message: error.message });
+  }
+};
+
+module.exports = {
+  getMCPTools,
+};
--- a/api/server/index.js
+++ b/api/server/index.js
@@ -12,6 +12,7 @@ const { logger } = require('@librechat/data-schemas');
 const mongoSanitize = require('express-mongo-sanitize');
 const { isEnabled, ErrorController } = require('@librechat/api');
 const { connectDb, indexSync } = require('~/db');
+const initializeOAuthReconnectManager = require('./services/initializeOAuthReconnectManager');
 const createValidateImageRequest = require('./middleware/validateImageRequest');
 const { jwtLogin, ldapLogin, passportLogin } = require('~/strategies');
 const { updateInterfacePermissions } = require('~/models/interface');
@@ -154,7 +155,7 @@ const startServer = async () => {
    res.send(updatedIndexHtml);
  });

-  app.listen(port, host, () => {
+  app.listen(port, host, async () => {
    if (host === '0.0.0.0') {
      logger.info(
        `Server listening on all interfaces at port ${port}. Use http://localhost:${port} to access it`,
@@ -163,7 +164,9 @@ const startServer = async () => {
      logger.info(`Server listening at http://${host == '0.0.0.0' ? 'localhost' : host}:${port}`);
    }

-    initializeMCPs().then(() => checkMigrations());
+    await initializeMCPs();
+    await initializeOAuthReconnectManager();
+    await checkMigrations();
  });
 };

--- a/api/server/middleware/accessResources/fileAccess.js
+++ b/api/server/middleware/accessResources/fileAccess.js
@@ -1,7 +1,7 @@
 const { logger } = require('@librechat/data-schemas');
 const { PermissionBits, hasPermissions, ResourceType } = require('librechat-data-provider');
 const { getEffectivePermissions } = require('~/server/services/PermissionService');
-const { getAgent } = require('~/models/Agent');
+const { getAgents } = require('~/models/Agent');
 const { getFiles } = require('~/models/File');

 /**
@@ -10,11 +10,12 @@ const { getFiles } = require('~/models/File');
 */
 const checkAgentBasedFileAccess = async ({ userId, role, fileId }) => {
  try {
-    // Find agents that have this file in their tool_resources
-    const agentsWithFile = await getAgent({
+    /** Agents that have this file in their tool_resources */
+    const agentsWithFile = await getAgents({
      $or: [
-        { 'tool_resources.file_search.file_ids': fileId },
        { 'tool_resources.execute_code.file_ids': fileId },
+        { 'tool_resources.file_search.file_ids': fileId },
+        { 'tool_resources.context.file_ids': fileId },
        { 'tool_resources.ocr.file_ids': fileId },
      ],
    });
@@ -24,7 +25,7 @@ const checkAgentBasedFileAccess = async ({ userId, role, fileId }) => {
    }

    // Check if user has access to any of these agents
-    for (const agent of Array.isArray(agentsWithFile) ? agentsWithFile : [agentsWithFile]) {
+    for (const agent of agentsWithFile) {
      // Check if user is the agent author
      if (agent.author && agent.author.toString() === userId) {
        logger.debug(`[fileAccess] User is author of agent ${agent.id}`);
@@ -83,7 +84,6 @@ const fileAccess = async (req, res, next) => {
      });
    }

-    // Get the file
    const [file] = await getFiles({ file_id: fileId });
    if (!file) {
      return res.status(404).json({
@@ -92,20 +92,18 @@ const fileAccess = async (req, res, next) => {
      });
    }

-    // Check if user owns the file
    if (file.user && file.user.toString() === userId) {
      req.fileAccess = { file };
      return next();
    }

-    // Check agent-based access (file inherits agent permissions)
+    /** Agent-based access (file inherits agent permissions) */
    const hasAgentAccess = await checkAgentBasedFileAccess({ userId, role: userRole, fileId });
    if (hasAgentAccess) {
      req.fileAccess = { file };
      return next();
    }

-    // No access
    logger.warn(`[fileAccess] User ${userId} denied access to file ${fileId}`);
    return res.status(403).json({
      error: 'Forbidden',
--- a/api/server/middleware/accessResources/fileAccess.spec.js
+++ b/api/server/middleware/accessResources/fileAccess.spec.js
@@ -0,0 +1,483 @@
+const mongoose = require('mongoose');
+const { ResourceType, PrincipalType, PrincipalModel } = require('librechat-data-provider');
+const { MongoMemoryServer } = require('mongodb-memory-server');
+const { fileAccess } = require('./fileAccess');
+const { User, Role, AclEntry } = require('~/db/models');
+const { createAgent } = require('~/models/Agent');
+const { createFile } = require('~/models/File');
+
+describe('fileAccess middleware', () => {
+  let mongoServer;
+  let req, res, next;
+  let testUser, otherUser, thirdUser;
+
+  beforeAll(async () => {
+    mongoServer = await MongoMemoryServer.create();
+    const mongoUri = mongoServer.getUri();
+    await mongoose.connect(mongoUri);
+  });
+
+  afterAll(async () => {
+    await mongoose.disconnect();
+    await mongoServer.stop();
+  });
+
+  beforeEach(async () => {
+    await mongoose.connection.dropDatabase();
+
+    // Create test role
+    await Role.create({
+      name: 'test-role',
+      permissions: {
+        AGENTS: {
+          USE: true,
+          CREATE: true,
+          SHARED_GLOBAL: false,
+        },
+      },
+    });
+
+    // Create test users
+    testUser = await User.create({
+      email: 'test@example.com',
+      name: 'Test User',
+      username: 'testuser',
+      role: 'test-role',
+    });
+
+    otherUser = await User.create({
+      email: 'other@example.com',
+      name: 'Other User',
+      username: 'otheruser',
+      role: 'test-role',
+    });
+
+    thirdUser = await User.create({
+      email: 'third@example.com',
+      name: 'Third User',
+      username: 'thirduser',
+      role: 'test-role',
+    });
+
+    // Setup request/response objects
+    req = {
+      user: { id: testUser._id.toString(), role: testUser.role },
+      params: {},
+    };
+    res = {
+      status: jest.fn().mockReturnThis(),
+      json: jest.fn(),
+    };
+    next = jest.fn();
+
+    jest.clearAllMocks();
+  });
+
+  describe('basic file access', () => {
+    test('should allow access when user owns the file', async () => {
+      // Create a file owned by testUser
+      await createFile({
+        user: testUser._id.toString(),
+        file_id: 'file_owned_by_user',
+        filepath: '/test/file.txt',
+        filename: 'file.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+
+      req.params.file_id = 'file_owned_by_user';
+      await fileAccess(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+      expect(req.fileAccess).toBeDefined();
+      expect(req.fileAccess.file).toBeDefined();
+      expect(res.status).not.toHaveBeenCalled();
+    });
+
+    test('should deny access when user does not own the file and no agent access', async () => {
+      // Create a file owned by otherUser
+      await createFile({
+        user: otherUser._id.toString(),
+        file_id: 'file_owned_by_other',
+        filepath: '/test/file.txt',
+        filename: 'file.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+
+      req.params.file_id = 'file_owned_by_other';
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Forbidden',
+        message: 'Insufficient permissions to access this file',
+      });
+    });
+
+    test('should return 404 when file does not exist', async () => {
+      req.params.file_id = 'non_existent_file';
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(404);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Not Found',
+        message: 'File not found',
+      });
+    });
+
+    test('should return 400 when file_id is missing', async () => {
+      // Don't set file_id in params
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(400);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Bad Request',
+        message: 'file_id is required',
+      });
+    });
+
+    test('should return 401 when user is not authenticated', async () => {
+      req.user = null;
+      req.params.file_id = 'some_file';
+
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(401);
+      expect(res.json).toHaveBeenCalledWith({
+        error: 'Unauthorized',
+        message: 'Authentication required',
+      });
+    });
+  });
+
+  describe('agent-based file access', () => {
+    beforeEach(async () => {
+      // Create a file owned by otherUser (not testUser)
+      await createFile({
+        user: otherUser._id.toString(),
+        file_id: 'shared_file_via_agent',
+        filepath: '/test/shared.txt',
+        filename: 'shared.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+    });
+
+    test('should allow access when user is author of agent with file', async () => {
+      // Create agent owned by testUser with the file
+      await createAgent({
+        id: `agent_${Date.now()}`,
+        name: 'Test Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: testUser._id,
+        tool_resources: {
+          file_search: {
+            file_ids: ['shared_file_via_agent'],
+          },
+        },
+      });
+
+      req.params.file_id = 'shared_file_via_agent';
+      await fileAccess(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+      expect(req.fileAccess).toBeDefined();
+      expect(req.fileAccess.file).toBeDefined();
+    });
+
+    test('should allow access when user has VIEW permission on agent with file', async () => {
+      // Create agent owned by otherUser
+      const agent = await createAgent({
+        id: `agent_${Date.now()}`,
+        name: 'Shared Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: otherUser._id,
+        tool_resources: {
+          execute_code: {
+            file_ids: ['shared_file_via_agent'],
+          },
+        },
+      });
+
+      // Grant VIEW permission to testUser
+      await AclEntry.create({
+        principalType: PrincipalType.USER,
+        principalId: testUser._id,
+        principalModel: PrincipalModel.USER,
+        resourceType: ResourceType.AGENT,
+        resourceId: agent._id,
+        permBits: 1, // VIEW permission
+        grantedBy: otherUser._id,
+      });
+
+      req.params.file_id = 'shared_file_via_agent';
+      await fileAccess(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+      expect(req.fileAccess).toBeDefined();
+    });
+
+    test('should check file in ocr tool_resources', async () => {
+      await createAgent({
+        id: `agent_ocr_${Date.now()}`,
+        name: 'OCR Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: testUser._id,
+        tool_resources: {
+          ocr: {
+            file_ids: ['shared_file_via_agent'],
+          },
+        },
+      });
+
+      req.params.file_id = 'shared_file_via_agent';
+      await fileAccess(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+      expect(req.fileAccess).toBeDefined();
+    });
+
+    test('should deny access when user has no permission on agent with file', async () => {
+      // Create agent owned by otherUser without granting permission to testUser
+      const agent = await createAgent({
+        id: `agent_${Date.now()}`,
+        name: 'Private Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: otherUser._id,
+        tool_resources: {
+          file_search: {
+            file_ids: ['shared_file_via_agent'],
+          },
+        },
+      });
+
+      // Create ACL entry for otherUser only (owner)
+      await AclEntry.create({
+        principalType: PrincipalType.USER,
+        principalId: otherUser._id,
+        principalModel: PrincipalModel.USER,
+        resourceType: ResourceType.AGENT,
+        resourceId: agent._id,
+        permBits: 15, // All permissions
+        grantedBy: otherUser._id,
+      });
+
+      req.params.file_id = 'shared_file_via_agent';
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(403);
+    });
+  });
+
+  describe('multiple agents with same file', () => {
+    /**
+     * This test suite verifies that when multiple agents have the same file,
+     * all agents are checked for permissions, not just the first one found.
+     * This ensures users can access files through any agent they have permission for.
+     */
+
+    test('should check ALL agents with file, not just first one', async () => {
+      // Create a file owned by someone else
+      await createFile({
+        user: otherUser._id.toString(),
+        file_id: 'multi_agent_file',
+        filepath: '/test/multi.txt',
+        filename: 'multi.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+
+      // Create first agent (owned by otherUser, no access for testUser)
+      const agent1 = await createAgent({
+        id: 'agent_no_access',
+        name: 'No Access Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: otherUser._id,
+        tool_resources: {
+          file_search: {
+            file_ids: ['multi_agent_file'],
+          },
+        },
+      });
+
+      // Create ACL for agent1 - only otherUser has access
+      await AclEntry.create({
+        principalType: PrincipalType.USER,
+        principalId: otherUser._id,
+        principalModel: PrincipalModel.USER,
+        resourceType: ResourceType.AGENT,
+        resourceId: agent1._id,
+        permBits: 15,
+        grantedBy: otherUser._id,
+      });
+
+      // Create second agent (owned by thirdUser, but testUser has VIEW access)
+      const agent2 = await createAgent({
+        id: 'agent_with_access',
+        name: 'Accessible Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: thirdUser._id,
+        tool_resources: {
+          file_search: {
+            file_ids: ['multi_agent_file'],
+          },
+        },
+      });
+
+      // Grant testUser VIEW access to agent2
+      await AclEntry.create({
+        principalType: PrincipalType.USER,
+        principalId: testUser._id,
+        principalModel: PrincipalModel.USER,
+        resourceType: ResourceType.AGENT,
+        resourceId: agent2._id,
+        permBits: 1, // VIEW permission
+        grantedBy: thirdUser._id,
+      });
+
+      req.params.file_id = 'multi_agent_file';
+      await fileAccess(req, res, next);
+
+      /**
+       * Should succeed because testUser has access to agent2,
+       * even though they don't have access to agent1.
+       * The fix ensures all agents are checked, not just the first one.
+       */
+      expect(next).toHaveBeenCalled();
+      expect(req.fileAccess).toBeDefined();
+      expect(res.status).not.toHaveBeenCalled();
+    });
+
+    test('should find file in any agent tool_resources type', async () => {
+      // Create a file
+      await createFile({
+        user: otherUser._id.toString(),
+        file_id: 'multi_tool_file',
+        filepath: '/test/tool.txt',
+        filename: 'tool.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+
+      // Agent 1: file in file_search (no access for testUser)
+      await createAgent({
+        id: 'agent_file_search',
+        name: 'File Search Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: otherUser._id,
+        tool_resources: {
+          file_search: {
+            file_ids: ['multi_tool_file'],
+          },
+        },
+      });
+
+      // Agent 2: same file in execute_code (testUser has access)
+      await createAgent({
+        id: 'agent_execute_code',
+        name: 'Execute Code Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: thirdUser._id,
+        tool_resources: {
+          execute_code: {
+            file_ids: ['multi_tool_file'],
+          },
+        },
+      });
+
+      // Agent 3: same file in ocr (testUser also has access)
+      await createAgent({
+        id: 'agent_ocr',
+        name: 'OCR Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: testUser._id, // testUser owns this one
+        tool_resources: {
+          ocr: {
+            file_ids: ['multi_tool_file'],
+          },
+        },
+      });
+
+      req.params.file_id = 'multi_tool_file';
+      await fileAccess(req, res, next);
+
+      /**
+       * Should succeed because testUser owns agent3,
+       * even if other agents with the file are found first.
+       */
+      expect(next).toHaveBeenCalled();
+      expect(req.fileAccess).toBeDefined();
+    });
+  });
+
+  describe('edge cases', () => {
+    test('should handle agent with empty tool_resources', async () => {
+      await createFile({
+        user: otherUser._id.toString(),
+        file_id: 'orphan_file',
+        filepath: '/test/orphan.txt',
+        filename: 'orphan.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+
+      // Create agent with no files in tool_resources
+      await createAgent({
+        id: `agent_empty_${Date.now()}`,
+        name: 'Empty Resources Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: testUser._id,
+        tool_resources: {},
+      });
+
+      req.params.file_id = 'orphan_file';
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(403);
+    });
+
+    test('should handle agent with null tool_resources', async () => {
+      await createFile({
+        user: otherUser._id.toString(),
+        file_id: 'another_orphan_file',
+        filepath: '/test/orphan2.txt',
+        filename: 'orphan2.txt',
+        type: 'text/plain',
+        size: 100,
+      });
+
+      // Create agent with null tool_resources
+      await createAgent({
+        id: `agent_null_${Date.now()}`,
+        name: 'Null Resources Agent',
+        provider: 'openai',
+        model: 'gpt-4',
+        author: testUser._id,
+        tool_resources: null,
+      });
+
+      req.params.file_id = 'another_orphan_file';
+      await fileAccess(req, res, next);
+
+      expect(next).not.toHaveBeenCalled();
+      expect(res.status).toHaveBeenCalledWith(403);
+    });
+  });
+});
--- a/api/server/middleware/canDeleteAccount.js
+++ b/api/server/middleware/canDeleteAccount.js
@@ -1,6 +1,6 @@
+const { isEnabled } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { SystemRoles } = require('librechat-data-provider');
-const { isEnabled } = require('~/server/utils');
-const { logger } = require('~/config');

 /**
 * Checks if the user can delete their account
--- a/api/server/middleware/checkBan.js
+++ b/api/server/middleware/checkBan.js
@@ -1,8 +1,9 @@
 const { Keyv } = require('keyv');
 const uap = require('ua-parser-js');
+const { isEnabled } = require('@librechat/api');
 const { logger } = require('@librechat/data-schemas');
 const { ViolationTypes } = require('librechat-data-provider');
-const { isEnabled, removePorts } = require('~/server/utils');
+const { removePorts } = require('~/server/utils');
 const keyvMongo = require('~/cache/keyvMongo');
 const denyRequest = require('./denyRequest');
 const { getLogStores } = require('~/cache');
--- a/api/server/middleware/checkDomainAllowed.js
+++ b/api/server/middleware/checkDomainAllowed.js
@@ -1,5 +1,5 @@
 const { logger } = require('@librechat/data-schemas');
-const { isEmailDomainAllowed } = require('~/server/services/domains');
+const { isEmailDomainAllowed } = require('@librechat/api');
 const { getAppConfig } = require('~/server/services/Config');

 /**
@@ -11,18 +11,25 @@ const { getAppConfig } = require('~/server/services/Config');
 * @param {Object} res - Express response object.
 * @param {Function} next - Next middleware function.
 *
- * @returns {Promise<function|Object>} - Returns a Promise which when resolved calls next middleware if the domain's email is allowed
+ * @returns {Promise<void>} - Calls next middleware if the domain's email is allowed, otherwise redirects to login
 */
-const checkDomainAllowed = async (req, res, next = () => {}) => {
-  const email = req?.user?.email;
-  const appConfig = await getAppConfig({
-    role: req?.user?.role,
-  });
-  if (email && !isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
-    logger.error(`[Social Login] [Social Login not allowed] [Email: ${email}]`);
-    return res.redirect('/login');
-  } else {
-    return next();
+const checkDomainAllowed = async (req, res, next) => {
+  try {
+    const email = req?.user?.email;
+    const appConfig = await getAppConfig({
+      role: req?.user?.role,
+    });
+
+    if (email && !isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
+      logger.error(`[Social Login] [Social Login not allowed] [Email: ${email}]`);
+      res.redirect('/login');
+      return;
+    }
+
+    next();
+  } catch (error) {
+    logger.error('[checkDomainAllowed] Error checking domain:', error);
+    res.redirect('/login');
  }
 };

--- a/api/server/middleware/checkPeoplePickerAccess.js
+++ b/api/server/middleware/checkPeoplePickerAccess.js
@@ -1,6 +1,6 @@
+const { logger } = require('@librechat/data-schemas');
 const { PrincipalType, PermissionTypes, Permissions } = require('librechat-data-provider');
 const { getRoleByName } = require('~/models/Role');
-const { logger } = require('~/config');

 /**
 * Middleware to check if user has permission to access people picker functionality
--- a/api/server/middleware/checkPeoplePickerAccess.spec.js
+++ b/api/server/middleware/checkPeoplePickerAccess.spec.js
@@ -1,10 +1,11 @@
+const { logger } = require('@librechat/data-schemas');
 const { PrincipalType, PermissionTypes, Permissions } = require('librechat-data-provider');
 const { checkPeoplePickerAccess } = require('./checkPeoplePickerAccess');
 const { getRoleByName } = require('~/models/Role');
-const { logger } = require('~/config');

 jest.mock('~/models/Role');
-jest.mock('~/config', () => ({
+jest.mock('@librechat/data-schemas', () => ({
+  ...jest.requireActual('@librechat/data-schemas'),
  logger: {
    error: jest.fn(),
  },
--- a/api/server/middleware/concurrentLimiter.js
+++ b/api/server/middleware/concurrentLimiter.js
@@ -1,7 +1,7 @@
+const { isEnabled } = require('@librechat/api');
 const { Time, CacheKeys, ViolationTypes } = require('librechat-data-provider');
 const clearPendingReq = require('~/cache/clearPendingReq');
 const { logViolation, getLogStores } = require('~/cache');
-const { isEnabled } = require('~/server/utils');
 const denyRequest = require('./denyRequest');

 const {
--- a/api/server/middleware/logHeaders.js
+++ b/api/server/middleware/logHeaders.js
@@ -1,4 +1,4 @@
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');

 /**
 * Middleware to log Forwarded Headers
--- a/api/server/middleware/moderateText.js
+++ b/api/server/middleware/moderateText.js
@@ -1,8 +1,8 @@
 const axios = require('axios');
+const { isEnabled } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
 const { ErrorTypes } = require('librechat-data-provider');
-const { isEnabled } = require('~/server/utils');
 const denyRequest = require('./denyRequest');
-const { logger } = require('~/config');

 async function moderateText(req, res, next) {
  if (!isEnabled(process.env.OPENAI_MODERATION)) {
--- a/api/server/middleware/optionalJwtAuth.js
+++ b/api/server/middleware/optionalJwtAuth.js
@@ -1,6 +1,6 @@
 const cookies = require('cookie');
-const { isEnabled } = require('~/server/utils');
 const passport = require('passport');
+const { isEnabled } = require('@librechat/api');

 // This middleware does not require authentication,
 // but if the user is authenticated, it will set the user object.
--- a/api/server/middleware/requireJwtAuth.js
+++ b/api/server/middleware/requireJwtAuth.js
@@ -1,6 +1,6 @@
-const passport = require('passport');
 const cookies = require('cookie');
-const { isEnabled } = require('~/server/utils');
+const passport = require('passport');
+const { isEnabled } = require('@librechat/api');

 /**
 * Custom Middleware to handle JWT authentication, with support for OpenID token reuse
--- a/api/server/middleware/requireLocalAuth.js
+++ b/api/server/middleware/requireLocalAuth.js
@@ -1,5 +1,5 @@
 const passport = require('passport');
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');

 const requireLocalAuth = (req, res, next) => {
  passport.authenticate('local', (err, user, info) => {
--- a/api/server/middleware/validatePasswordReset.js
+++ b/api/server/middleware/validatePasswordReset.js
@@ -1,5 +1,5 @@
-const { isEnabled } = require('~/server/utils');
-const { logger } = require('~/config');
+const { isEnabled } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');

 function validatePasswordReset(req, res, next) {
  if (isEnabled(process.env.ALLOW_PASSWORD_RESET)) {
--- a/api/server/middleware/validateRegistration.js
+++ b/api/server/middleware/validateRegistration.js
@@ -1,4 +1,4 @@
-const { isEnabled } = require('~/server/utils');
+const { isEnabled } = require('@librechat/api');

 function validateRegistration(req, res, next) {
  if (req.invite) {
--- a/api/server/routes/tests/ldap.spec.js
+++ b/api/server/routes/tests/ldap.spec.js
@@ -1,10 +1,13 @@
-const request = require('supertest');
 const express = require('express');
+const request = require('supertest');
+const { isEnabled } = require('@librechat/api');
 const { getLdapConfig } = require('~/server/services/Config/ldap');
-const { isEnabled } = require('~/server/utils');

 jest.mock('~/server/services/Config/ldap');
-jest.mock('~/server/utils');
+jest.mock('@librechat/api', () => ({
+  ...jest.requireActual('@librechat/api'),
+  isEnabled: jest.fn(),
+}));

 const app = express();

--- a/api/server/routes/tests/mcp.spec.js
+++ b/api/server/routes/tests/mcp.spec.js
@@ -11,6 +11,9 @@ jest.mock('@librechat/api', () => ({
    completeOAuthFlow: jest.fn(),
    generateFlowId: jest.fn(),
  },
+  MCPTokenStorage: {
+    storeTokens: jest.fn(),
+  },
  getUserMCPAuthMap: jest.fn(),
 }));

@@ -47,8 +50,8 @@ jest.mock('~/server/services/Config', () => ({
  loadCustomConfig: jest.fn(),
 }));

-jest.mock('~/server/services/Config/mcpToolsCache', () => ({
-  updateMCPUserTools: jest.fn(),
+jest.mock('~/server/services/Config/mcp', () => ({
+  updateMCPServerTools: jest.fn(),
 }));

 jest.mock('~/server/services/MCP', () => ({
@@ -234,7 +237,7 @@ describe('MCP Routes', () => {
  });

  describe('GET /:serverName/oauth/callback', () => {
-    const { MCPOAuthHandler } = require('@librechat/api');
+    const { MCPOAuthHandler, MCPTokenStorage } = require('@librechat/api');
    const { getLogStores } = require('~/cache');

    it('should redirect to error page when OAuth error is received', async () => {
@@ -280,6 +283,7 @@ describe('MCP Routes', () => {
    it('should handle OAuth callback successfully', async () => {
      const mockFlowManager = {
        completeFlow: jest.fn().mockResolvedValue(),
+        deleteFlow: jest.fn().mockResolvedValue(true),
      };
      const mockFlowState = {
        serverName: 'test-server',
@@ -295,6 +299,7 @@ describe('MCP Routes', () => {

      MCPOAuthHandler.getFlowState.mockResolvedValue(mockFlowState);
      MCPOAuthHandler.completeOAuthFlow.mockResolvedValue(mockTokens);
+      MCPTokenStorage.storeTokens.mockResolvedValue();
      getLogStores.mockReturnValue({});
      require('~/config').getFlowStateManager.mockReturnValue(mockFlowManager);

@@ -332,11 +337,24 @@ describe('MCP Routes', () => {
        'test-auth-code',
        mockFlowManager,
      );
+      expect(MCPTokenStorage.storeTokens).toHaveBeenCalledWith(
+        expect.objectContaining({
+          userId: 'test-user-id',
+          serverName: 'test-server',
+          tokens: mockTokens,
+          clientInfo: mockFlowState.clientInfo,
+          metadata: mockFlowState.metadata,
+        }),
+      );
+      const storeInvocation = MCPTokenStorage.storeTokens.mock.invocationCallOrder[0];
+      const connectInvocation = mockMcpManager.getUserConnection.mock.invocationCallOrder[0];
+      expect(storeInvocation).toBeLessThan(connectInvocation);
      expect(mockFlowManager.completeFlow).toHaveBeenCalledWith(
        'tool-flow-123',
        'mcp_oauth',
        mockTokens,
      );
+      expect(mockFlowManager.deleteFlow).toHaveBeenCalledWith('test-flow-id', 'mcp_get_tokens');
    });

    it('should redirect to error page when callback processing fails', async () => {
@@ -354,6 +372,7 @@ describe('MCP Routes', () => {
    it('should handle system-level OAuth completion', async () => {
      const mockFlowManager = {
        completeFlow: jest.fn().mockResolvedValue(),
+        deleteFlow: jest.fn().mockResolvedValue(true),
      };
      const mockFlowState = {
        serverName: 'test-server',
@@ -369,6 +388,7 @@ describe('MCP Routes', () => {

      MCPOAuthHandler.getFlowState.mockResolvedValue(mockFlowState);
      MCPOAuthHandler.completeOAuthFlow.mockResolvedValue(mockTokens);
+      MCPTokenStorage.storeTokens.mockResolvedValue();
      getLogStores.mockReturnValue({});
      require('~/config').getFlowStateManager.mockReturnValue(mockFlowManager);

@@ -379,11 +399,13 @@ describe('MCP Routes', () => {

      expect(response.status).toBe(302);
      expect(response.headers.location).toBe('/oauth/success?serverName=test-server');
+      expect(mockFlowManager.deleteFlow).toHaveBeenCalledWith('test-flow-id', 'mcp_get_tokens');
    });

    it('should handle reconnection failure after OAuth', async () => {
      const mockFlowManager = {
        completeFlow: jest.fn().mockResolvedValue(),
+        deleteFlow: jest.fn().mockResolvedValue(true),
      };
      const mockFlowState = {
        serverName: 'test-server',
@@ -399,6 +421,7 @@ describe('MCP Routes', () => {

      MCPOAuthHandler.getFlowState.mockResolvedValue(mockFlowState);
      MCPOAuthHandler.completeOAuthFlow.mockResolvedValue(mockTokens);
+      MCPTokenStorage.storeTokens.mockResolvedValue();
      getLogStores.mockReturnValue({});
      require('~/config').getFlowStateManager.mockReturnValue(mockFlowManager);

@@ -418,6 +441,46 @@ describe('MCP Routes', () => {

      expect(response.status).toBe(302);
      expect(response.headers.location).toBe('/oauth/success?serverName=test-server');
+      expect(MCPTokenStorage.storeTokens).toHaveBeenCalled();
+      expect(mockFlowManager.deleteFlow).toHaveBeenCalledWith('test-flow-id', 'mcp_get_tokens');
+    });
+
+    it('should redirect to error page if token storage fails', async () => {
+      const mockFlowManager = {
+        completeFlow: jest.fn().mockResolvedValue(),
+        deleteFlow: jest.fn().mockResolvedValue(true),
+      };
+      const mockFlowState = {
+        serverName: 'test-server',
+        userId: 'test-user-id',
+        metadata: { toolFlowId: 'tool-flow-123' },
+        clientInfo: {},
+        codeVerifier: 'test-verifier',
+      };
+      const mockTokens = {
+        access_token: 'test-access-token',
+        refresh_token: 'test-refresh-token',
+      };
+
+      MCPOAuthHandler.getFlowState.mockResolvedValue(mockFlowState);
+      MCPOAuthHandler.completeOAuthFlow.mockResolvedValue(mockTokens);
+      MCPTokenStorage.storeTokens.mockRejectedValue(new Error('store failed'));
+      getLogStores.mockReturnValue({});
+      require('~/config').getFlowStateManager.mockReturnValue(mockFlowManager);
+
+      const mockMcpManager = {
+        getUserConnection: jest.fn(),
+      };
+      require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
+
+      const response = await request(app).get('/api/mcp/test-server/oauth/callback').query({
+        code: 'test-auth-code',
+        state: 'test-flow-id',
+      });
+
+      expect(response.status).toBe(302);
+      expect(response.headers.location).toBe('/oauth/error?error=callback_failed');
+      expect(mockMcpManager.getUserConnection).not.toHaveBeenCalled();
    });
  });

@@ -778,10 +841,10 @@ describe('MCP Routes', () => {
      require('~/cache').getLogStores.mockReturnValue({});

      const { getCachedTools, setCachedTools } = require('~/server/services/Config');
-      const { updateMCPUserTools } = require('~/server/services/Config/mcpToolsCache');
+      const { updateMCPServerTools } = require('~/server/services/Config/mcp');
      getCachedTools.mockResolvedValue({});
      setCachedTools.mockResolvedValue();
-      updateMCPUserTools.mockResolvedValue();
+      updateMCPServerTools.mockResolvedValue();

      require('~/server/services/Tools/mcp').reinitMCPServer.mockResolvedValue({
        success: true,
@@ -836,10 +899,10 @@ describe('MCP Routes', () => {
      ]);

      const { getCachedTools, setCachedTools } = require('~/server/services/Config');
-      const { updateMCPUserTools } = require('~/server/services/Config/mcpToolsCache');
+      const { updateMCPServerTools } = require('~/server/services/Config/mcp');
      getCachedTools.mockResolvedValue({});
      setCachedTools.mockResolvedValue();
-      updateMCPUserTools.mockResolvedValue();
+      updateMCPServerTools.mockResolvedValue();

      require('~/server/services/Tools/mcp').reinitMCPServer.mockResolvedValue({
        success: true,
@@ -1143,7 +1206,11 @@ describe('MCP Routes', () => {

  describe('GET /:serverName/oauth/callback - Edge Cases', () => {
    it('should handle OAuth callback without toolFlowId (falsy toolFlowId)', async () => {
-      const { MCPOAuthHandler } = require('@librechat/api');
+      const { MCPOAuthHandler, MCPTokenStorage } = require('@librechat/api');
+      const mockTokens = {
+        access_token: 'edge-access-token',
+        refresh_token: 'edge-refresh-token',
+      };
      MCPOAuthHandler.getFlowState = jest.fn().mockResolvedValue({
        id: 'test-flow-id',
        userId: 'test-user-id',
@@ -1155,6 +1222,8 @@ describe('MCP Routes', () => {
        clientInfo: {},
        codeVerifier: 'test-verifier',
      });
+      MCPOAuthHandler.completeOAuthFlow = jest.fn().mockResolvedValue(mockTokens);
+      MCPTokenStorage.storeTokens.mockResolvedValue();

      const mockFlowManager = {
        completeFlow: jest.fn(),
@@ -1179,6 +1248,11 @@ describe('MCP Routes', () => {
    it('should handle null cached tools in OAuth callback (triggers || {} fallback)', async () => {
      const { getCachedTools } = require('~/server/services/Config');
      getCachedTools.mockResolvedValue(null);
+      const { MCPOAuthHandler, MCPTokenStorage } = require('@librechat/api');
+      const mockTokens = {
+        access_token: 'edge-access-token',
+        refresh_token: 'edge-refresh-token',
+      };

      const mockFlowManager = {
        getFlowState: jest.fn().mockResolvedValue({
@@ -1191,6 +1265,15 @@ describe('MCP Routes', () => {
        completeFlow: jest.fn(),
      };
      require('~/config').getFlowStateManager.mockReturnValue(mockFlowManager);
+      MCPOAuthHandler.getFlowState.mockResolvedValue({
+        serverName: 'test-server',
+        userId: 'test-user-id',
+        metadata: { serverUrl: 'https://example.com', oauth: {} },
+        clientInfo: {},
+        codeVerifier: 'test-verifier',
+      });
+      MCPOAuthHandler.completeOAuthFlow.mockResolvedValue(mockTokens);
+      MCPTokenStorage.storeTokens.mockResolvedValue();

      const mockMcpManager = {
        getUserConnection: jest.fn().mockResolvedValue({
--- a/api/server/routes/agents/actions.js
+++ b/api/server/routes/agents/actions.js
@@ -1,20 +1,19 @@
 const express = require('express');
 const { nanoid } = require('nanoid');
 const { logger } = require('@librechat/data-schemas');
-const { generateCheckAccess } = require('@librechat/api');
+const { generateCheckAccess, isActionDomainAllowed } = require('@librechat/api');
 const {
  Permissions,
  ResourceType,
+  PermissionBits,
  PermissionTypes,
  actionDelimiter,
-  PermissionBits,
  removeNullishValues,
 } = require('librechat-data-provider');
 const { encryptMetadata, domainParser } = require('~/server/services/ActionService');
 const { findAccessibleResources } = require('~/server/services/PermissionService');
 const { getAgent, updateAgent, getListAgentsByAccess } = require('~/models/Agent');
 const { updateAction, getActions, deleteAction } = require('~/models/Action');
-const { isActionDomainAllowed } = require('~/server/services/domains');
 const { canAccessAgentResource } = require('~/server/middleware');
 const { getRoleByName } = require('~/models/Role');

--- a/api/server/routes/agents/index.js
+++ b/api/server/routes/agents/index.js
@@ -1,4 +1,5 @@
 const express = require('express');
+const { isEnabled } = require('@librechat/api');
 const {
  uaParser,
  checkBan,
@@ -8,7 +9,6 @@ const {
  concurrentLimiter,
  messageUserLimiter,
 } = require('~/server/middleware');
-const { isEnabled } = require('~/server/utils');
 const { v1 } = require('./v1');
 const chat = require('./chat');

--- a/api/server/routes/assistants/actions.js
+++ b/api/server/routes/assistants/actions.js
@@ -1,12 +1,12 @@
 const express = require('express');
 const { nanoid } = require('nanoid');
 const { logger } = require('@librechat/data-schemas');
+const { isActionDomainAllowed } = require('@librechat/api');
 const { actionDelimiter, EModelEndpoint, removeNullishValues } = require('librechat-data-provider');
 const { encryptMetadata, domainParser } = require('~/server/services/ActionService');
 const { getOpenAIClient } = require('~/server/controllers/assistants/helpers');
 const { updateAction, getActions, deleteAction } = require('~/models/Action');
 const { updateAssistantDoc, getAssistant } = require('~/models/Assistant');
-const { isActionDomainAllowed } = require('~/server/services/domains');

 const router = express.Router();

--- a/api/server/routes/edit/index.js
+++ b/api/server/routes/edit/index.js
@@ -1,19 +1,19 @@
+const { isEnabled } = require('@librechat/api');
+const { EModelEndpoint } = require('librechat-data-provider');
+const {
+  validateConvoAccess,
+  messageUserLimiter,
+  concurrentLimiter,
+  messageIpLimiter,
+  requireJwtAuth,
+  checkBan,
+  uaParser,
+} = require('~/server/middleware');
+const anthropic = require('./anthropic');
 const express = require('express');
 const openAI = require('./openAI');
 const custom = require('./custom');
 const google = require('./google');
-const anthropic = require('./anthropic');
-const { isEnabled } = require('~/server/utils');
-const { EModelEndpoint } = require('librechat-data-provider');
-const {
-  checkBan,
-  uaParser,
-  requireJwtAuth,
-  messageIpLimiter,
-  concurrentLimiter,
-  messageUserLimiter,
-  validateConvoAccess,
-} = require('~/server/middleware');

 const { LIMIT_CONCURRENT_MESSAGES, LIMIT_MESSAGE_IP, LIMIT_MESSAGE_USER } = process.env ?? {};

--- a/api/server/routes/files/files.js
+++ b/api/server/routes/files/files.js
@@ -1,6 +1,7 @@
 const fs = require('fs').promises;
 const express = require('express');
 const { EnvVar } = require('@librechat/agents');
+const { logger } = require('@librechat/data-schemas');
 const {
  Time,
  isUUID,
@@ -30,7 +31,6 @@ const { cleanFileName } = require('~/server/utils/files');
 const { getAssistant } = require('~/models/Assistant');
 const { getAgent } = require('~/models/Agent');
 const { getLogStores } = require('~/cache');
-const { logger } = require('~/config');
 const { Readable } = require('stream');

 const router = express.Router();
--- a/api/server/routes/files/speech/tts.js
+++ b/api/server/routes/files/speech/tts.js
@@ -1,9 +1,9 @@
 const multer = require('multer');
 const express = require('express');
+const { logger } = require('@librechat/data-schemas');
 const { CacheKeys } = require('librechat-data-provider');
 const { getVoices, streamAudio, textToSpeech } = require('~/server/services/Files/Audio');
 const { getLogStores } = require('~/cache');
-const { logger } = require('~/config');

 const router = express.Router();
 const upload = multer();
--- a/api/server/routes/mcp.js
+++ b/api/server/routes/mcp.js
@@ -1,19 +1,33 @@
 const { Router } = require('express');
 const { logger } = require('@librechat/data-schemas');
-const { MCPOAuthHandler, getUserMCPAuthMap } = require('@librechat/api');
+const { CacheKeys, Constants } = require('librechat-data-provider');
+const {
+  createSafeUser,
+  MCPOAuthHandler,
+  MCPTokenStorage,
+  getUserMCPAuthMap,
+} = require('@librechat/api');
+const { getMCPManager, getFlowStateManager, getOAuthReconnectionManager } = require('~/config');
 const { getMCPSetupData, getServerConnectionStatus } = require('~/server/services/MCP');
 const { findToken, updateToken, createToken, deleteTokens } = require('~/models');
-const { updateMCPUserTools } = require('~/server/services/Config/mcpToolsCache');
 const { getUserPluginAuthValue } = require('~/server/services/PluginService');
-const { CacheKeys, Constants } = require('librechat-data-provider');
-const { getMCPManager, getFlowStateManager } = require('~/config');
+const { updateMCPServerTools } = require('~/server/services/Config/mcp');
 const { reinitMCPServer } = require('~/server/services/Tools/mcp');
+const { getMCPTools } = require('~/server/controllers/mcp');
 const { requireJwtAuth } = require('~/server/middleware');
 const { findPluginAuthsByKeys } = require('~/models');
 const { getLogStores } = require('~/cache');

 const router = Router();

+/**
+ * Get all MCP tools available to the user
+ * Returns only MCP tools, completely decoupled from regular LibreChat tools
+ */
+router.get('/tools', requireJwtAuth, async (req, res) => {
+  return getMCPTools(req, res);
+});
+
 /**
 * Initiate OAuth flow
 * This endpoint is called when the user clicks the auth link in the UI
@@ -121,6 +135,41 @@ router.get('/:serverName/oauth/callback', async (req, res) => {
    const tokens = await MCPOAuthHandler.completeOAuthFlow(flowId, code, flowManager);
    logger.info('[MCP OAuth] OAuth flow completed, tokens received in callback route');

+    /** Persist tokens immediately so reconnection uses fresh credentials */
+    if (flowState?.userId && tokens) {
+      try {
+        await MCPTokenStorage.storeTokens({
+          userId: flowState.userId,
+          serverName,
+          tokens,
+          createToken,
+          updateToken,
+          findToken,
+          clientInfo: flowState.clientInfo,
+          metadata: flowState.metadata,
+        });
+        logger.debug('[MCP OAuth] Stored OAuth tokens prior to reconnection', {
+          serverName,
+          userId: flowState.userId,
+        });
+      } catch (error) {
+        logger.error('[MCP OAuth] Failed to store OAuth tokens after callback', error);
+        throw error;
+      }
+
+      /**
+       * Clear any cached `mcp_get_tokens` flow result so subsequent lookups
+       * re-fetch the freshly stored credentials instead of returning stale nulls.
+       */
+      if (typeof flowManager?.deleteFlow === 'function') {
+        try {
+          await flowManager.deleteFlow(flowId, 'mcp_get_tokens');
+        } catch (error) {
+          logger.warn('[MCP OAuth] Failed to clear cached token flow state', error);
+        }
+      }
+    }
+
    try {
      const mcpManager = getMCPManager(flowState.userId);
      logger.debug(`[MCP OAuth] Attempting to reconnect ${serverName} with new OAuth tokens`);
@@ -144,9 +193,12 @@ router.get('/:serverName/oauth/callback', async (req, res) => {
          `[MCP OAuth] Successfully reconnected ${serverName} for user ${flowState.userId}`,
        );

+        // clear any reconnection attempts
+        const oauthReconnectionManager = getOAuthReconnectionManager();
+        oauthReconnectionManager.clearReconnection(flowState.userId, serverName);
+
        const tools = await userConnection.fetchTools();
-        await updateMCPUserTools({
-          userId: flowState.userId,
+        await updateMCPServerTools({
          serverName,
          tools,
        });
@@ -288,9 +340,9 @@ router.post('/oauth/cancel/:serverName', requireJwtAuth, async (req, res) => {
 router.post('/:serverName/reinitialize', requireJwtAuth, async (req, res) => {
  try {
    const { serverName } = req.params;
-    const user = req.user;
+    const user = createSafeUser(req.user);

-    if (!user?.id) {
+    if (!user.id) {
      return res.status(401).json({ error: 'User not authenticated' });
    }

@@ -320,7 +372,7 @@ router.post('/:serverName/reinitialize', requireJwtAuth, async (req, res) => {
    }

    const result = await reinitMCPServer({
-      req,
+      user,
      serverName,
      userMCPAuthMap,
    });
--- a/api/server/routes/messages.js
+++ b/api/server/routes/messages.js
@@ -3,8 +3,8 @@ const { logger } = require('@librechat/data-schemas');
 const { ContentTypes } = require('librechat-data-provider');
 const {
  saveConvo,
-  saveMessage,
  getMessage,
+  saveMessage,
  getMessages,
  updateMessage,
  deleteMessages,
@@ -58,34 +58,51 @@ router.get('/', async (req, res) => {
      const nextCursor = messages.length > pageSize ? messages.pop()[sortField] : null;
      response = { messages, nextCursor };
    } else if (search) {
-      const searchResults = await Message.meiliSearch(search, undefined, true);
+      const searchResults = await Message.meiliSearch(search, { filter: `user = "${user}"` }, true);

      const messages = searchResults.hits || [];

      const result = await getConvosQueried(req.user.id, messages, cursor);

-      const activeMessages = [];
+      const messageIds = [];
+      const cleanedMessages = [];
      for (let i = 0; i < messages.length; i++) {
        let message = messages[i];
        if (message.conversationId.includes('--')) {
          message.conversationId = cleanUpPrimaryKeyValue(message.conversationId);
        }
        if (result.convoMap[message.conversationId]) {
-          const convo = result.convoMap[message.conversationId];
-
-          const dbMessage = await getMessage({ user, messageId: message.messageId });
-          activeMessages.push({
-            ...message,
-            title: convo.title,
-            conversationId: message.conversationId,
-            model: convo.model,
-            isCreatedByUser: dbMessage?.isCreatedByUser,
-            endpoint: dbMessage?.endpoint,
-            iconURL: dbMessage?.iconURL,
-          });
+          messageIds.push(message.messageId);
+          cleanedMessages.push(message);
        }
      }

+      const dbMessages = await getMessages({
+        user,
+        messageId: { $in: messageIds },
+      });
+
+      const dbMessageMap = {};
+      for (const dbMessage of dbMessages) {
+        dbMessageMap[dbMessage.messageId] = dbMessage;
+      }
+
+      const activeMessages = [];
+      for (const message of cleanedMessages) {
+        const convo = result.convoMap[message.conversationId];
+        const dbMessage = dbMessageMap[message.messageId];
+
+        activeMessages.push({
+          ...message,
+          title: convo.title,
+          conversationId: message.conversationId,
+          model: convo.model,
+          isCreatedByUser: dbMessage?.isCreatedByUser,
+          endpoint: dbMessage?.endpoint,
+          iconURL: dbMessage?.iconURL,
+        });
+      }
+
      response = { messages: activeMessages, nextCursor: null };
    } else {
      response = { messages: [], nextCursor: null };
--- a/api/server/routes/oauth.js
+++ b/api/server/routes/oauth.js
@@ -26,9 +26,12 @@ const domains = {
 router.use(logHeaders);
 router.use(loginLimiter);

-const oauthHandler = async (req, res) => {
+const oauthHandler = async (req, res, next) => {
  try {
-    await checkDomainAllowed(req, res);
+    if (res.headersSent) {
+      return;
+    }
+
    await checkBan(req, res);
    if (req.banned) {
      return;
@@ -46,6 +49,7 @@ const oauthHandler = async (req, res) => {
    res.redirect(domains.client);
  } catch (err) {
    logger.error('Error in setting authentication tokens:', err);
+    next(err);
  }
 };

@@ -79,6 +83,7 @@ router.get(
    scope: ['openid', 'profile', 'email'],
  }),
  setBalanceConfig,
+  checkDomainAllowed,
  oauthHandler,
 );

@@ -104,6 +109,7 @@ router.get(
    profileFields: ['id', 'email', 'name'],
  }),
  setBalanceConfig,
+  checkDomainAllowed,
  oauthHandler,
 );

@@ -125,6 +131,7 @@ router.get(
    session: false,
  }),
  setBalanceConfig,
+  checkDomainAllowed,
  oauthHandler,
 );

@@ -148,6 +155,7 @@ router.get(
    scope: ['user:email', 'read:user'],
  }),
  setBalanceConfig,
+  checkDomainAllowed,
  oauthHandler,
 );

@@ -171,6 +179,7 @@ router.get(
    scope: ['identify', 'email'],
  }),
  setBalanceConfig,
+  checkDomainAllowed,
  oauthHandler,
 );

@@ -192,6 +201,7 @@ router.post(
    session: false,
  }),
  setBalanceConfig,
+  checkDomainAllowed,
  oauthHandler,
 );

--- a/api/server/routes/presets.js
+++ b/api/server/routes/presets.js
@@ -1,8 +1,8 @@
-const express = require('express');
 const crypto = require('crypto');
+const express = require('express');
+const { logger } = require('@librechat/data-schemas');
 const { getPresets, savePreset, deletePresets } = require('~/models');
 const requireJwtAuth = require('~/server/middleware/requireJwtAuth');
-const { logger } = require('~/config');

 const router = express.Router();
 router.use(requireJwtAuth);
--- a/api/server/routes/search.js
+++ b/api/server/routes/search.js
@@ -1,7 +1,7 @@
 const express = require('express');
 const { MeiliSearch } = require('meilisearch');
+const { isEnabled } = require('@librechat/api');
 const requireJwtAuth = require('~/server/middleware/requireJwtAuth');
-const { isEnabled } = require('~/server/utils');

 const router = express.Router();

--- a/api/server/routes/static.js
+++ b/api/server/routes/static.js
@@ -1,7 +1,7 @@
 const express = require('express');
+const { isEnabled } = require('@librechat/api');
 const staticCache = require('../utils/staticCache');
 const paths = require('~/config/paths');
-const { isEnabled } = require('~/server/utils');

 const skipGzipScan = !isEnabled(process.env.ENABLE_IMAGE_OUTPUT_GZIP_SCAN);

--- a/api/server/routes/tokenizer.js
+++ b/api/server/routes/tokenizer.js
@@ -1,8 +1,9 @@
 const express = require('express');
-const router = express.Router();
+const { logger } = require('@librechat/data-schemas');
 const requireJwtAuth = require('~/server/middleware/requireJwtAuth');
 const { countTokens } = require('~/server/utils');
-const { logger } = require('~/config');
+
+const router = express.Router();

 router.post('/', requireJwtAuth, async (req, res) => {
  try {
--- a/api/server/services/AppService.js
+++ b/api/server/services/AppService.js
@@ -1,16 +1,12 @@
+const { FileSources, EModelEndpoint, getConfigDefaults } = require('librechat-data-provider');
 const {
  isEnabled,
+  loadOCRConfig,
  loadMemoryConfig,
  agentsConfigSetup,
  loadWebSearchConfig,
  loadDefaultInterface,
 } = require('@librechat/api');
-const {
-  FileSources,
-  loadOCRConfig,
-  EModelEndpoint,
-  getConfigDefaults,
-} = require('librechat-data-provider');
 const {
  checkWebSearchConfig,
  checkVariables,
--- a/api/server/services/AppService.spec.js
+++ b/api/server/services/AppService.spec.js
@@ -142,7 +142,6 @@ describe('AppService', () => {
        turnstileConfig: mockedTurnstileConfig,
        modelSpecs: undefined,
        paths: expect.anything(),
-        ocr: expect.anything(),
        imageOutputType: expect.any(String),
        fileConfig: undefined,
        secureImageLinks: undefined,
@@ -152,6 +151,7 @@ describe('AppService', () => {
        webSearch: expect.objectContaining({
          safeSearch: 1,
          jinaApiKey: '${JINA_API_KEY}',
+          jinaApiUrl: '${JINA_API_URL}',
          cohereApiKey: '${COHERE_API_KEY}',
          serperApiKey: '${SERPER_API_KEY}',
          searxngApiKey: '${SEARXNG_API_KEY}',
--- a/api/server/services/AuthService.js
+++ b/api/server/services/AuthService.js
@@ -2,13 +2,13 @@ const bcrypt = require('bcryptjs');
 const jwt = require('jsonwebtoken');
 const { webcrypto } = require('node:crypto');
 const { logger } = require('@librechat/data-schemas');
-const { isEnabled, checkEmailConfig } = require('@librechat/api');
-const { SystemRoles, errorsToString } = require('librechat-data-provider');
+const { isEnabled, checkEmailConfig, isEmailDomainAllowed } = require('@librechat/api');
+const { ErrorTypes, SystemRoles, errorsToString } = require('librechat-data-provider');
 const {
  findUser,
+  findToken,
  createUser,
  updateUser,
-  findToken,
  countUsers,
  getUserById,
  findSession,
@@ -20,7 +20,6 @@ const {
  deleteUserById,
  generateRefreshToken,
 } = require('~/models');
-const { isEmailDomainAllowed } = require('~/server/services/domains');
 const { registerSchema } = require('~/strategies/validators');
 const { getAppConfig } = require('~/server/services/Config');
 const { sendEmail } = require('~/server/utils');
@@ -130,7 +129,7 @@ const verifyEmail = async (req) => {
    return { message: 'Email already verified', status: 'success' };
  }

-  let emailVerificationData = await findToken({ email: decodedEmail });
+  let emailVerificationData = await findToken({ email: decodedEmail }, { sort: { createdAt: -1 } });

  if (!emailVerificationData) {
    logger.warn(`[verifyEmail] [No email verification data found] [Email: ${decodedEmail}]`);
@@ -181,6 +180,14 @@ const registerUser = async (user, additionalData = {}) => {

  let newUserId;
  try {
+    const appConfig = await getAppConfig();
+    if (!isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
+      const errorMessage =
+        'The email address provided cannot be used. Please use a different email address.';
+      logger.error(`[registerUser] [Registration not allowed] [Email: ${user.email}]`);
+      return { status: 403, message: errorMessage };
+    }
+
    const existingUser = await findUser({ email }, 'email _id');

    if (existingUser) {
@@ -195,14 +202,6 @@ const registerUser = async (user, additionalData = {}) => {
      return { status: 200, message: genericVerificationMessage };
    }

-    const appConfig = await getAppConfig({ role: user.role });
-    if (!isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
-      const errorMessage =
-        'The email address provided cannot be used. Please use a different email address.';
-      logger.error(`[registerUser] [Registration not allowed] [Email: ${user.email}]`);
-      return { status: 403, message: errorMessage };
-    }
-
    //determine if this is the first registered user (not counting anonymous_user)
    const isFirstRegisteredUser = (await countUsers()) === 0;

@@ -252,6 +251,13 @@ const registerUser = async (user, additionalData = {}) => {
 */
 const requestPasswordReset = async (req) => {
  const { email } = req.body;
+  const appConfig = await getAppConfig();
+  if (!isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
+    const error = new Error(ErrorTypes.AUTH_FAILED);
+    error.code = ErrorTypes.AUTH_FAILED;
+    error.message = 'Email domain not allowed';
+    return error;
+  }
  const user = await findUser({ email }, 'email _id');
  const emailEnabled = checkEmailConfig();

@@ -313,9 +319,12 @@ const requestPasswordReset = async (req) => {
 * @returns
 */
 const resetPassword = async (userId, token, password) => {
-  let passwordResetToken = await findToken({
-    userId,
-  });
+  let passwordResetToken = await findToken(
+    {
+      userId,
+    },
+    { sort: { createdAt: -1 } },
+  );

  if (!passwordResetToken) {
    return new Error('Invalid or expired password reset token');
@@ -350,23 +359,18 @@ const resetPassword = async (userId, token, password) => {

 /**
 * Set Auth Tokens
- *
 * @param {String | ObjectId} userId
- * @param {Object} res
- * @param {String} sessionId
+ * @param {ServerResponse} res
+ * @param {ISession | null} [session=null]
 * @returns
 */
-const setAuthTokens = async (userId, res, sessionId = null) => {
+const setAuthTokens = async (userId, res, _session = null) => {
  try {
-    const user = await getUserById(userId);
-    const token = await generateToken(user);
-
-    let session;
+    let session = _session;
    let refreshToken;
    let refreshTokenExpires;

-    if (sessionId) {
-      session = await findSession({ sessionId: sessionId }, { lean: false });
+    if (session && session._id && session.expiration != null) {
      refreshTokenExpires = session.expiration.getTime();
      refreshToken = await generateRefreshToken(session);
    } else {
@@ -376,6 +380,9 @@ const setAuthTokens = async (userId, res, sessionId = null) => {
      refreshTokenExpires = session.expiration.getTime();
    }

+    const user = await getUserById(userId);
+    const token = await generateToken(user);
+
    res.cookie('refreshToken', refreshToken, {
      expires: new Date(refreshTokenExpires),
      httpOnly: true,
--- a/api/server/services/Config/app.js
+++ b/api/server/services/Config/app.js
@@ -4,6 +4,8 @@ const AppService = require('~/server/services/AppService');
 const { setCachedTools } = require('./getCachedTools');
 const getLogStores = require('~/cache/getLogStores');

+const BASE_CONFIG_KEY = '_BASE_';
+
 /**
 * Get the app configuration based on user context
 * @param {Object} [options]
@@ -14,8 +16,8 @@ const getLogStores = require('~/cache/getLogStores');
 async function getAppConfig(options = {}) {
  const { role, refresh } = options;

-  const cache = getLogStores(CacheKeys.CONFIG_STORE);
-  const cacheKey = role ? `${CacheKeys.APP_CONFIG}:${role}` : CacheKeys.APP_CONFIG;
+  const cache = getLogStores(CacheKeys.APP_CONFIG);
+  const cacheKey = role ? role : BASE_CONFIG_KEY;

  if (!refresh) {
    const cached = await cache.get(cacheKey);
@@ -24,7 +26,7 @@ async function getAppConfig(options = {}) {
    }
  }

-  let baseConfig = await cache.get(CacheKeys.APP_CONFIG);
+  let baseConfig = await cache.get(BASE_CONFIG_KEY);
  if (!baseConfig) {
    logger.info('[getAppConfig] App configuration not initialized. Initializing AppService...');
    baseConfig = await AppService();
@@ -34,10 +36,10 @@ async function getAppConfig(options = {}) {
    }

    if (baseConfig.availableTools) {
-      await setCachedTools(baseConfig.availableTools, { isGlobal: true });
+      await setCachedTools(baseConfig.availableTools);
    }

-    await cache.set(CacheKeys.APP_CONFIG, baseConfig);
+    await cache.set(BASE_CONFIG_KEY, baseConfig);
  }

  // For now, return the base config
--- a/api/server/services/Config/getCachedTools.js
+++ b/api/server/services/Config/getCachedTools.js
@@ -3,89 +3,32 @@ const getLogStores = require('~/cache/getLogStores');

 /**
 * Cache key generators for different tool access patterns
- * These will support future permission-based caching
 */
 const ToolCacheKeys = {
  /** Global tools available to all users */
  GLOBAL: 'tools:global',
-  /** Tools available to a specific user */
-  USER: (userId) => `tools:user:${userId}`,
-  /** Tools available to a specific role */
-  ROLE: (roleId) => `tools:role:${roleId}`,
-  /** Tools available to a specific group */
-  GROUP: (groupId) => `tools:group:${groupId}`,
-  /** Combined effective tools for a user (computed from all sources) */
-  EFFECTIVE: (userId) => `tools:effective:${userId}`,
+  /** MCP tools cached by server name */
+  MCP_SERVER: (serverName) => `tools:mcp:${serverName}`,
 };

 /**
 * Retrieves available tools from cache
 * @function getCachedTools
 * @param {Object} options - Options for retrieving tools
- * @param {string} [options.userId] - User ID for user-specific tools
- * @param {string[]} [options.roleIds] - Role IDs for role-based tools
- * @param {string[]} [options.groupIds] - Group IDs for group-based tools
- * @param {boolean} [options.includeGlobal=true] - Whether to include global tools
+ * @param {string} [options.serverName] - MCP server name to get cached tools for
 * @returns {Promise<LCAvailableTools|null>} The available tools object or null if not cached
 */
 async function getCachedTools(options = {}) {
  const cache = getLogStores(CacheKeys.CONFIG_STORE);
-  const { userId, roleIds = [], groupIds = [], includeGlobal = true } = options;
+  const { serverName } = options;

-  // For now, return global tools (current behavior)
-  // This will be expanded to merge tools from different sources
-  if (!userId && includeGlobal) {
-    return await cache.get(ToolCacheKeys.GLOBAL);
+  // Return MCP server-specific tools if requested
+  if (serverName) {
+    return await cache.get(ToolCacheKeys.MCP_SERVER(serverName));
  }

-  // Future implementation will merge tools from multiple sources
-  // based on user permissions, roles, and groups
-  if (userId) {
-    /** @type {LCAvailableTools | null} Check if we have pre-computed effective tools for this user */
-    const effectiveTools = await cache.get(ToolCacheKeys.EFFECTIVE(userId));
-    if (effectiveTools) {
-      return effectiveTools;
-    }
-
-    /** @type {LCAvailableTools | null} Otherwise, compute from individual sources */
-    const toolSources = [];
-
-    if (includeGlobal) {
-      const globalTools = await cache.get(ToolCacheKeys.GLOBAL);
-      if (globalTools) {
-        toolSources.push(globalTools);
-      }
-    }
-
-    // User-specific tools
-    const userTools = await cache.get(ToolCacheKeys.USER(userId));
-    if (userTools) {
-      toolSources.push(userTools);
-    }
-
-    // Role-based tools
-    for (const roleId of roleIds) {
-      const roleTools = await cache.get(ToolCacheKeys.ROLE(roleId));
-      if (roleTools) {
-        toolSources.push(roleTools);
-      }
-    }
-
-    // Group-based tools
-    for (const groupId of groupIds) {
-      const groupTools = await cache.get(ToolCacheKeys.GROUP(groupId));
-      if (groupTools) {
-        toolSources.push(groupTools);
-      }
-    }
-
-    // Merge all tool sources (for now, simple merge - future will handle conflicts)
-    if (toolSources.length > 0) {
-      return mergeToolSources(toolSources);
-    }
-  }
-
-  return null;
+  // Default to global tools
+  return await cache.get(ToolCacheKeys.GLOBAL);
 }

 /**
@@ -93,49 +36,34 @@ async function getCachedTools(options = {}) {
 * @function setCachedTools
 * @param {Object} tools - The tools object to cache
 * @param {Object} options - Options for caching tools
- * @param {string} [options.userId] - User ID for user-specific tools
- * @param {string} [options.roleId] - Role ID for role-based tools
- * @param {string} [options.groupId] - Group ID for group-based tools
- * @param {boolean} [options.isGlobal=false] - Whether these are global tools
+ * @param {string} [options.serverName] - MCP server name for server-specific tools
 * @param {number} [options.ttl] - Time to live in milliseconds
 * @returns {Promise<boolean>} Whether the operation was successful
 */
 async function setCachedTools(tools, options = {}) {
  const cache = getLogStores(CacheKeys.CONFIG_STORE);
-  const { userId, roleId, groupId, isGlobal = false, ttl } = options;
+  const { serverName, ttl } = options;

-  let cacheKey;
-  if (isGlobal || (!userId && !roleId && !groupId)) {
-    cacheKey = ToolCacheKeys.GLOBAL;
-  } else if (userId) {
-    cacheKey = ToolCacheKeys.USER(userId);
-  } else if (roleId) {
-    cacheKey = ToolCacheKeys.ROLE(roleId);
-  } else if (groupId) {
-    cacheKey = ToolCacheKeys.GROUP(groupId);
+  // Cache by MCP server if specified
+  if (serverName) {
+    return await cache.set(ToolCacheKeys.MCP_SERVER(serverName), tools, ttl);
  }

-  if (!cacheKey) {
-    throw new Error('Invalid cache key options provided');
-  }
-
-  return await cache.set(cacheKey, tools, ttl);
+  // Default to global cache
+  return await cache.set(ToolCacheKeys.GLOBAL, tools, ttl);
 }

 /**
 * Invalidates cached tools
 * @function invalidateCachedTools
 * @param {Object} options - Options for invalidating tools
- * @param {string} [options.userId] - User ID to invalidate
- * @param {string} [options.roleId] - Role ID to invalidate
- * @param {string} [options.groupId] - Group ID to invalidate
+ * @param {string} [options.serverName] - MCP server name to invalidate
 * @param {boolean} [options.invalidateGlobal=false] - Whether to invalidate global tools
- * @param {boolean} [options.invalidateEffective=true] - Whether to invalidate effective tools
 * @returns {Promise<void>}
 */
 async function invalidateCachedTools(options = {}) {
  const cache = getLogStores(CacheKeys.CONFIG_STORE);
-  const { userId, roleId, groupId, invalidateGlobal = false, invalidateEffective = true } = options;
+  const { serverName, invalidateGlobal = false } = options;

  const keysToDelete = [];

@@ -143,116 +71,34 @@ async function invalidateCachedTools(options = {}) {
    keysToDelete.push(ToolCacheKeys.GLOBAL);
  }

-  if (userId) {
-    keysToDelete.push(ToolCacheKeys.USER(userId));
-    if (invalidateEffective) {
-      keysToDelete.push(ToolCacheKeys.EFFECTIVE(userId));
-    }
-  }
-
-  if (roleId) {
-    keysToDelete.push(ToolCacheKeys.ROLE(roleId));
-    // TODO: In future, invalidate all users with this role
-  }
-
-  if (groupId) {
-    keysToDelete.push(ToolCacheKeys.GROUP(groupId));
-    // TODO: In future, invalidate all users in this group
+  if (serverName) {
+    keysToDelete.push(ToolCacheKeys.MCP_SERVER(serverName));
  }

  await Promise.all(keysToDelete.map((key) => cache.delete(key)));
 }

 /**
- * Computes and caches effective tools for a user
- * @function computeEffectiveTools
- * @param {string} userId - The user ID
- * @param {Object} context - Context containing user's roles and groups
- * @param {string[]} [context.roleIds=[]] - User's role IDs
- * @param {string[]} [context.groupIds=[]] - User's group IDs
- * @param {number} [ttl] - Time to live for the computed result
- * @returns {Promise<Object>} The computed effective tools
+ * Gets MCP tools for a specific server from cache or merges with global tools
+ * @function getMCPServerTools
+ * @param {string} serverName - The MCP server name
+ * @returns {Promise<LCAvailableTools|null>} The available tools for the server
 */
-async function computeEffectiveTools(userId, context = {}, ttl) {
-  const { roleIds = [], groupIds = [] } = context;
+async function getMCPServerTools(serverName) {
+  const cache = getLogStores(CacheKeys.CONFIG_STORE);
+  const serverTools = await cache.get(ToolCacheKeys.MCP_SERVER(serverName));

-  // Get all tool sources
-  const tools = await getCachedTools({
-    userId,
-    roleIds,
-    groupIds,
-    includeGlobal: true,
-  });
-
-  if (tools) {
-    // Cache the computed result
-    const cache = getLogStores(CacheKeys.CONFIG_STORE);
-    await cache.set(ToolCacheKeys.EFFECTIVE(userId), tools, ttl);
+  if (serverTools) {
+    return serverTools;
  }

-  return tools;
-}
-
-/**
- * Merges multiple tool sources into a single tools object
- * @function mergeToolSources
- * @param {Object[]} sources - Array of tool objects to merge
- * @returns {Object} Merged tools object
- */
-function mergeToolSources(sources) {
-  // For now, simple merge that combines all tools
-  // Future implementation will handle:
-  // - Permission precedence (deny > allow)
-  // - Tool property conflicts
-  // - Metadata merging
-  const merged = {};
-
-  for (const source of sources) {
-    if (!source || typeof source !== 'object') {
-      continue;
-    }
-
-    for (const [toolId, toolConfig] of Object.entries(source)) {
-      // Simple last-write-wins for now
-      // Future: merge based on permission levels
-      merged[toolId] = toolConfig;
-    }
-  }
-
-  return merged;
-}
-
-/**
- * Middleware-friendly function to get tools for a request
- * @function getToolsForRequest
- * @param {Object} req - Express request object
- * @returns {Promise<Object|null>} Available tools for the request
- */
-async function getToolsForRequest(req) {
-  const userId = req.user?.id;
-
-  // For now, return global tools if no user
-  if (!userId) {
-    return getCachedTools({ includeGlobal: true });
-  }
-
-  // Future: Extract roles and groups from req.user
-  const roleIds = req.user?.roles || [];
-  const groupIds = req.user?.groups || [];
-
-  return getCachedTools({
-    userId,
-    roleIds,
-    groupIds,
-    includeGlobal: true,
-  });
+  return null;
 }

 module.exports = {
  ToolCacheKeys,
  getCachedTools,
  setCachedTools,
-  getToolsForRequest,
+  getMCPServerTools,
  invalidateCachedTools,
-  computeEffectiveTools,
 };
--- a/api/server/services/Config/index.js
+++ b/api/server/services/Config/index.js
@@ -1,7 +1,7 @@
 const appConfig = require('./app');
+const mcpToolsCache = require('./mcp');
 const { config } = require('./EndpointService');
 const getCachedTools = require('./getCachedTools');
-const mcpToolsCache = require('./mcpToolsCache');
 const loadCustomConfig = require('./loadCustomConfig');
 const loadConfigModels = require('./loadConfigModels');
 const loadDefaultModels = require('./loadDefaultModels');
--- a/api/server/services/Config/ldap.js
+++ b/api/server/services/Config/ldap.js
@@ -1,4 +1,4 @@
-const { isEnabled } = require('~/server/utils');
+const { isEnabled } = require('@librechat/api');

 /** @returns {TStartupConfig['ldap'] | undefined} */
 const getLdapConfig = () => {
--- a/api/server/services/Config/loadCustomConfig.js
+++ b/api/server/services/Config/loadCustomConfig.js
@@ -119,10 +119,6 @@ https://www.librechat.ai/docs/configuration/stt_tts`);
    .filter((endpoint) => endpoint.customParams)
    .forEach((endpoint) => parseCustomParams(endpoint.name, endpoint.customParams));

-  if (customConfig.cache) {
-    const cache = getLogStores(CacheKeys.STATIC_CONFIG);
-    await cache.set(CacheKeys.LIBRECHAT_YAML_CONFIG, customConfig);
-  }

  if (result.data.modelSpecs) {
    customConfig.modelSpecs = result.data.modelSpecs;
--- a/api/server/services/Config/loadCustomConfig.spec.js
+++ b/api/server/services/Config/loadCustomConfig.spec.js
@@ -48,16 +48,11 @@ const axios = require('axios');
 const { loadYaml } = require('@librechat/api');
 const { logger } = require('@librechat/data-schemas');
 const loadCustomConfig = require('./loadCustomConfig');
-const getLogStores = require('~/cache/getLogStores');

 describe('loadCustomConfig', () => {
-  const mockSet = jest.fn();
-  const mockCache = { set: mockSet };
-
  beforeEach(() => {
    jest.resetAllMocks();
    delete process.env.CONFIG_PATH;
-    getLogStores.mockReturnValue(mockCache);
  });

  it('should return null and log error if remote config fetch fails', async () => {
@@ -94,7 +89,6 @@ describe('loadCustomConfig', () => {
    const result = await loadCustomConfig();

    expect(result).toEqual(mockConfig);
-    expect(mockSet).toHaveBeenCalledWith(expect.anything(), mockConfig);
  });

  it('should return null and log if config schema validation fails', async () => {
@@ -134,7 +128,6 @@ describe('loadCustomConfig', () => {
    axios.get.mockResolvedValue({ data: mockConfig });
    const result = await loadCustomConfig();
    expect(result).toEqual(mockConfig);
-    expect(mockSet).toHaveBeenCalledWith(expect.anything(), mockConfig);
  });

  it('should return null if the remote config file is not found', async () => {
@@ -168,7 +161,6 @@ describe('loadCustomConfig', () => {
    process.env.CONFIG_PATH = 'validConfig.yaml';
    loadYaml.mockReturnValueOnce(mockConfig);
    await loadCustomConfig();
-    expect(mockSet).not.toHaveBeenCalled();
  });

  it('should log the loaded custom config', async () => {
--- a/api/server/services/Config/mcp.js
+++ b/api/server/services/Config/mcp.js
@@ -0,0 +1,91 @@
+const { logger } = require('@librechat/data-schemas');
+const { CacheKeys, Constants } = require('librechat-data-provider');
+const { getCachedTools, setCachedTools } = require('./getCachedTools');
+const { getLogStores } = require('~/cache');
+
+/**
+ * Updates MCP tools in the cache for a specific server
+ * @param {Object} params - Parameters for updating MCP tools
+ * @param {string} params.serverName - MCP server name
+ * @param {Array} params.tools - Array of tool objects from MCP server
+ * @returns {Promise<LCAvailableTools>}
+ */
+async function updateMCPServerTools({ serverName, tools }) {
+  try {
+    const serverTools = {};
+    const mcpDelimiter = Constants.mcp_delimiter;
+
+    for (const tool of tools) {
+      const name = `${tool.name}${mcpDelimiter}${serverName}`;
+      serverTools[name] = {
+        type: 'function',
+        ['function']: {
+          name,
+          description: tool.description,
+          parameters: tool.inputSchema,
+        },
+      };
+    }
+
+    await setCachedTools(serverTools, { serverName });
+
+    const cache = getLogStores(CacheKeys.CONFIG_STORE);
+    await cache.delete(CacheKeys.TOOLS);
+    logger.debug(`[MCP Cache] Updated ${tools.length} tools for server ${serverName}`);
+    return serverTools;
+  } catch (error) {
+    logger.error(`[MCP Cache] Failed to update tools for ${serverName}:`, error);
+    throw error;
+  }
+}
+
+/**
+ * Merges app-level tools with global tools
+ * @param {import('@librechat/api').LCAvailableTools} appTools
+ * @returns {Promise<void>}
+ */
+async function mergeAppTools(appTools) {
+  try {
+    const count = Object.keys(appTools).length;
+    if (!count) {
+      return;
+    }
+    const cachedTools = await getCachedTools();
+    const mergedTools = { ...cachedTools, ...appTools };
+    await setCachedTools(mergedTools);
+    const cache = getLogStores(CacheKeys.CONFIG_STORE);
+    await cache.delete(CacheKeys.TOOLS);
+    logger.debug(`Merged ${count} app-level tools`);
+  } catch (error) {
+    logger.error('Failed to merge app-level tools:', error);
+    throw error;
+  }
+}
+
+/**
+ * Caches MCP server tools (no longer merges with global)
+ * @param {object} params
+ * @param {string} params.serverName
+ * @param {import('@librechat/api').LCAvailableTools} params.serverTools
+ * @returns {Promise<void>}
+ */
+async function cacheMCPServerTools({ serverName, serverTools }) {
+  try {
+    const count = Object.keys(serverTools).length;
+    if (!count) {
+      return;
+    }
+    // Only cache server-specific tools, no merging with global
+    await setCachedTools(serverTools, { serverName });
+    logger.debug(`Cached ${count} MCP server tools for ${serverName}`);
+  } catch (error) {
+    logger.error(`Failed to cache MCP server tools for ${serverName}:`, error);
+    throw error;
+  }
+}
+
+module.exports = {
+  mergeAppTools,
+  cacheMCPServerTools,
+  updateMCPServerTools,
+};
--- a/api/server/services/Config/mcpToolsCache.js
+++ b/api/server/services/Config/mcpToolsCache.js
@@ -1,143 +0,0 @@
-const { logger } = require('@librechat/data-schemas');
-const { CacheKeys, Constants } = require('librechat-data-provider');
-const { getCachedTools, setCachedTools } = require('./getCachedTools');
-const { getLogStores } = require('~/cache');
-
-/**
- * Updates MCP tools in the cache for a specific server and user
- * @param {Object} params - Parameters for updating MCP tools
- * @param {string} params.userId - User ID
- * @param {string} params.serverName - MCP server name
- * @param {Array} params.tools - Array of tool objects from MCP server
- * @returns {Promise<LCAvailableTools>}
- */
-async function updateMCPUserTools({ userId, serverName, tools }) {
-  try {
-    const userTools = await getCachedTools({ userId });
-
-    const mcpDelimiter = Constants.mcp_delimiter;
-    for (const key of Object.keys(userTools)) {
-      if (key.endsWith(`${mcpDelimiter}${serverName}`)) {
-        delete userTools[key];
-      }
-    }
-
-    for (const tool of tools) {
-      const name = `${tool.name}${Constants.mcp_delimiter}${serverName}`;
-      userTools[name] = {
-        type: 'function',
-        ['function']: {
-          name,
-          description: tool.description,
-          parameters: tool.inputSchema,
-        },
-      };
-    }
-
-    await setCachedTools(userTools, { userId });
-
-    const cache = getLogStores(CacheKeys.CONFIG_STORE);
-    await cache.delete(CacheKeys.TOOLS);
-    logger.debug(`[MCP Cache] Updated ${tools.length} tools for ${serverName} user ${userId}`);
-    return userTools;
-  } catch (error) {
-    logger.error(`[MCP Cache] Failed to update tools for ${serverName}:`, error);
-    throw error;
-  }
-}
-
-/**
- * Merges app-level tools with global tools
- * @param {import('@librechat/api').LCAvailableTools} appTools
- * @returns {Promise<void>}
- */
-async function mergeAppTools(appTools) {
-  try {
-    const count = Object.keys(appTools).length;
-    if (!count) {
-      return;
-    }
-    const cachedTools = await getCachedTools({ includeGlobal: true });
-    const mergedTools = { ...cachedTools, ...appTools };
-    await setCachedTools(mergedTools, { isGlobal: true });
-    const cache = getLogStores(CacheKeys.CONFIG_STORE);
-    await cache.delete(CacheKeys.TOOLS);
-    logger.debug(`Merged ${count} app-level tools`);
-  } catch (error) {
-    logger.error('Failed to merge app-level tools:', error);
-    throw error;
-  }
-}
-
-/**
- * Merges user-level tools with global tools
- * @param {object} params
- * @param {string} params.userId
- * @param {Record<string, FunctionTool>} params.cachedUserTools
- * @param {import('@librechat/api').LCAvailableTools} params.userTools
- * @returns {Promise<void>}
- */
-async function mergeUserTools({ userId, cachedUserTools, userTools }) {
-  try {
-    if (!userId) {
-      return;
-    }
-    const count = Object.keys(userTools).length;
-    if (!count) {
-      return;
-    }
-    const cachedTools = cachedUserTools ?? (await getCachedTools({ userId }));
-    const mergedTools = { ...cachedTools, ...userTools };
-    await setCachedTools(mergedTools, { userId });
-    const cache = getLogStores(CacheKeys.CONFIG_STORE);
-    await cache.delete(CacheKeys.TOOLS);
-    logger.debug(`Merged ${count} user-level tools`);
-  } catch (error) {
-    logger.error('Failed to merge user-level tools:', error);
-    throw error;
-  }
-}
-
-/**
- * Clears all MCP tools for a specific server
- * @param {Object} params - Parameters for clearing MCP tools
- * @param {string} [params.userId] - User ID (if clearing user-specific tools)
- * @param {string} params.serverName - MCP server name
- * @returns {Promise<void>}
- */
-async function clearMCPServerTools({ userId, serverName }) {
-  try {
-    const tools = await getCachedTools({ userId, includeGlobal: !userId });
-
-    // Remove all tools for this server
-    const mcpDelimiter = Constants.mcp_delimiter;
-    let removedCount = 0;
-    for (const key of Object.keys(tools)) {
-      if (key.endsWith(`${mcpDelimiter}${serverName}`)) {
-        delete tools[key];
-        removedCount++;
-      }
-    }
-
-    if (removedCount > 0) {
-      await setCachedTools(tools, userId ? { userId } : { isGlobal: true });
-
-      const cache = getLogStores(CacheKeys.CONFIG_STORE);
-      await cache.delete(CacheKeys.TOOLS);
-
-      logger.debug(
-        `[MCP Cache] Removed ${removedCount} tools for ${serverName}${userId ? ` user ${userId}` : ' (global)'}`,
-      );
-    }
-  } catch (error) {
-    logger.error(`[MCP Cache] Failed to clear tools for ${serverName}:`, error);
-    throw error;
-  }
-}
-
-module.exports = {
-  mergeAppTools,
-  mergeUserTools,
-  updateMCPUserTools,
-  clearMCPServerTools,
-};
--- a/api/server/services/Endpoints/agents/title.js
+++ b/api/server/services/Endpoints/agents/title.js
@@ -54,6 +54,11 @@ const addTitle = async (req, { text, response, client }) => {
      clearTimeout(timeoutId);
    }

+    if (!title) {
+      logger.debug(`[${key}] No title generated`);
+      return;
+    }
+
    await titleCache.set(key, title, 120000);
    await saveConvo(
      req,
--- a/api/server/services/Endpoints/anthropic/initialize.js
+++ b/api/server/services/Endpoints/anthropic/initialize.js
@@ -40,7 +40,6 @@ const initializeClient = async ({ req, res, endpointOption, overrideModel, optio
    clientOptions = Object.assign(
      {
        proxy: PROXY ?? null,
-        userId: req.user.id,
        reverseProxyUrl: ANTHROPIC_REVERSE_PROXY ?? null,
        modelOptions: endpointOption?.model_parameters ?? {},
      },
@@ -49,6 +48,7 @@ const initializeClient = async ({ req, res, endpointOption, overrideModel, optio
    if (overrideModel) {
      clientOptions.modelOptions.model = overrideModel;
    }
+    clientOptions.modelOptions.user = req.user.id;
    return getLLMConfig(anthropicApiKey, clientOptions);
  }

--- a/api/server/services/Endpoints/anthropic/title.js
+++ b/api/server/services/Endpoints/anthropic/title.js
@@ -1,6 +1,6 @@
+const { isEnabled } = require('@librechat/api');
 const { CacheKeys } = require('librechat-data-provider');
 const getLogStores = require('~/cache/getLogStores');
-const { isEnabled } = require('~/server/utils');
 const { saveConvo } = require('~/models');

 const addTitle = async (req, { text, response, client }) => {
--- a/Show More
+++ b/Show More