feat: Implement infinite scroll for agent grids and enhance performance

- Added `useInfiniteScroll` hook to manage infinite scrolling behavior in agent grids.
- Integrated infinite scroll functionality into `AgentGrid` and `VirtualizedAgentGrid` components.
- Updated `AgentMarketplace` to pass the scroll container to the agent grid components.
- Refactored loading indicators to show a spinner instead of a "Load More" button.
- Created `VirtualizedAgentGrid` component for optimized rendering of agent cards using virtualization.
- Added performance tests for `VirtualizedAgentGrid` to ensure efficient handling of large datasets.
- Updated translations to include new messages for end-of-results scenarios.

.env.example

@@ -456,8 +456,6 @@ OPENID_REQUIRED_ROLE_PARAMETER_PATH=
 OPENID_USERNAME_CLAIM=
 # Set to determine which user info property returned from OpenID Provider to store as the User's name
 OPENID_NAME_CLAIM=
-# Optional audience parameter for OpenID authorization requests
-OPENID_AUDIENCE=
 
 OPENID_BUTTON_LABEL=
 OPENID_IMAGE_URL=
@@ -742,16 +740,3 @@ OPENWEATHER_API_KEY=
 # JINA_API_KEY=your_jina_api_key
 # or
 # COHERE_API_KEY=your_cohere_api_key
-
-#======================#
-# MCP Configuration    #
-#======================#
-
-# Treat 401/403 responses as OAuth requirement when no oauth metadata found
-# MCP_OAUTH_ON_AUTH_ERROR=true
-
-# Timeout for OAuth detection requests in milliseconds
-# MCP_OAUTH_DETECTION_TIMEOUT=5000
-
-# Cache connection status checks for this many milliseconds to avoid expensive verification
-# MCP_CONNECTION_CHECK_TTL=60000

.github/CONTRIBUTING.md

@@ -147,7 +147,7 @@ Apply the following naming conventions to branches, labels, and other Git-relate
 ## 8. Module Import Conventions
 
 - `npm` packages first, 
-     - from longest line (top) to shortest (bottom)
+     - from shortest line (top) to longest (bottom)
 
 - Followed by typescript types (pertains to data-provider and client workspaces)
      - longest line (top) to shortest (bottom)
@@ -157,8 +157,6 @@ Apply the following naming conventions to branches, labels, and other Git-relate
      - longest line (top) to shortest (bottom)
      - imports with alias `~` treated the same as relative import with respect to line length
 
-**Note:** ESLint will automatically enforce these import conventions when you run `npm run lint --fix` or through pre-commit hooks.
-
 ---
 
 Please ensure that you adapt this summary to fit the specific context and nuances of your project.

.github/workflows/data-provider.yml

@@ -1,4 +1,4 @@
-name: Publish `librechat-data-provider` to NPM
+name: Node.js Package
 
 on:
   push:
@@ -6,12 +6,6 @@ on:
       - main
     paths:
       - 'packages/data-provider/package.json'
-  workflow_dispatch:
-    inputs:
-      reason:
-        description: 'Reason for manual trigger'
-        required: false
-        default: 'Manual publish requested'
 
 jobs:
   build:
@@ -20,7 +14,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: 16
       - run: cd packages/data-provider && npm ci
       - run: cd packages/data-provider && npm run build
 
@@ -31,7 +25,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: 16
           registry-url: 'https://registry.npmjs.org'
       - run: cd packages/data-provider && npm ci
       - run: cd packages/data-provider && npm run build

.github/workflows/helmcharts.yml

@@ -4,13 +4,12 @@ name: Build Helm Charts on Tag
 on:
   push:
     tags:
-      - "chart-*"
+      - "*"
 
 jobs:
   release:
     permissions:
       contents: write
-      packages: write
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -27,49 +26,15 @@ jobs:
         uses: azure/setup-helm@v4
         env:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-      
       - name: Build Subchart Deps
         run: |
-          cd helm/librechat
-          helm dependency build  
-          cd ../librechat-rag-api
-          helm dependency build      
+          cd helm/librechat-rag-api
+          helm dependency build 
 
-      - name: Get Chart Version
-        id: chart-version
-        run: |
-          CHART_VERSION=$(echo "${{ github.ref_name }}" | cut -d'-' -f2)
-          echo "CHART_VERSION=${CHART_VERSION}" >> "$GITHUB_OUTPUT"
-
-      # Log in to GitHub Container Registry
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@v3
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.6.0
         with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Run Helm OCI Charts Releaser
-      # This is for the librechat chart
-      - name: Release Helm OCI Charts for librechat
-        uses: appany/helm-oci-chart-releaser@v0.4.2
-        with:
-          name: librechat
-          repository: ${{ github.actor }}/librechat-chart
-          tag: ${{ steps.chart-version.outputs.CHART_VERSION }}
-          path: helm/librechat
-          registry: ghcr.io
-          registry_username: ${{ github.actor }}
-          registry_password: ${{ secrets.GITHUB_TOKEN }}
-      
-      # this is for the librechat-rag-api chart
-      - name: Release Helm OCI Charts for librechat-rag-api
-        uses: appany/helm-oci-chart-releaser@v0.4.2
-        with:
-          name: librechat-rag-api
-          repository: ${{ github.actor }}/librechat-chart
-          tag: ${{ steps.chart-version.outputs.CHART_VERSION }}
-          path: helm/librechat-rag-api
-          registry: ghcr.io
-          registry_username: ${{ github.actor }}
-          registry_password: ${{ secrets.GITHUB_TOKEN }}
+          charts_dir: helm
+          skip_existing: true
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/i18n-unused-keys.yml

@@ -1,10 +1,5 @@
 name: Detect Unused i18next Strings
 
-# This workflow checks for unused i18n keys in translation files.
-# It has special handling for:
-# - com_ui_special_var_* keys that are dynamically constructed
-# - com_agents_category_* keys that are stored in the database and used dynamically
-
 on:
   pull_request:
     paths:
@@ -12,7 +7,6 @@ on:
       - "api/**"
       - "packages/data-provider/src/**"
       - "packages/client/**"
-      - "packages/data-schemas/src/**"
 
 jobs:
   detect-unused-i18n-keys:
@@ -30,7 +24,7 @@ jobs:
 
           # Define paths
           I18N_FILE="client/src/locales/en/translation.json"
-          SOURCE_DIRS=("client/src" "api" "packages/data-provider/src" "packages/client" "packages/data-schemas/src")
+          SOURCE_DIRS=("client/src" "api" "packages/data-provider/src" "packages/client")
 
           # Check if translation file exists
           if [[ ! -f "$I18N_FILE" ]]; then
@@ -58,31 +52,6 @@ jobs:
                 fi
               done
               
-              # Also check if the key is directly used somewhere
-              if [[ "$FOUND" == false ]]; then
-                for DIR in "${SOURCE_DIRS[@]}"; do
-                  if grep -r --include=\*.{js,jsx,ts,tsx} -q "$KEY" "$DIR"; then
-                    FOUND=true
-                    break
-                  fi
-                done
-              fi
-            # Special case for agent category keys that are dynamically used from database
-            elif [[ "$KEY" == com_agents_category_* ]]; then
-              # Check if agent category localization is being used
-              for DIR in "${SOURCE_DIRS[@]}"; do
-                # Check for dynamic category label/description usage
-                if grep -r --include=\*.{js,jsx,ts,tsx} -E "category\.(label|description).*startsWith.*['\"]com_" "$DIR" > /dev/null 2>&1 || \
-                   # Check for the method that defines these keys
-                   grep -r --include=\*.{js,jsx,ts,tsx} "ensureDefaultCategories" "$DIR" > /dev/null 2>&1 || \
-                   # Check for direct usage in agentCategory.ts
-                   grep -r --include=\*.ts -E "label:.*['\"]$KEY['\"]" "$DIR" > /dev/null 2>&1 || \
-                   grep -r --include=\*.ts -E "description:.*['\"]$KEY['\"]" "$DIR" > /dev/null 2>&1; then
-                  FOUND=true
-                  break
-                fi
-              done
-              
               # Also check if the key is directly used somewhere
               if [[ "$FOUND" == false ]]; then
                 for DIR in "${SOURCE_DIRS[@]}"; do

.gitignore

@@ -13,9 +13,6 @@ pids
 *.seed
 .git
 
-# CI/CD data
-test-image*
-
 # Directory for instrumented libs generated by jscoverage/JSCover
 lib-cov
 
@@ -137,4 +134,3 @@ helm/**/.values.yaml
 /.openai/
 /.tabnine/
 /.codeium
-*.local.md

Dockerfile

@@ -1,4 +1,4 @@
-# v0.8.0-rc3
+# v0.7.9
 
 # Base node image
 FROM node:20-alpine AS node
@@ -19,12 +19,7 @@ WORKDIR /app
 
 USER node
 
-COPY --chown=node:node package.json package-lock.json ./
-COPY --chown=node:node api/package.json ./api/package.json
-COPY --chown=node:node client/package.json ./client/package.json
-COPY --chown=node:node packages/data-provider/package.json ./packages/data-provider/package.json
-COPY --chown=node:node packages/data-schemas/package.json ./packages/data-schemas/package.json
-COPY --chown=node:node packages/api/package.json ./packages/api/package.json
+COPY --chown=node:node . .
 
 RUN \
     # Allow mounting of these files, which have no default
@@ -34,11 +29,7 @@ RUN \
     npm config set fetch-retry-maxtimeout 600000 ; \
     npm config set fetch-retries 5 ; \
     npm config set fetch-retry-mintimeout 15000 ; \
-    npm ci --no-audit
-
-COPY --chown=node:node . .
-
-RUN \
+    npm install --no-audit; \
     # React client build
     NODE_OPTIONS="--max-old-space-size=2048" npm run frontend; \
     npm prune --production; \
@@ -56,4 +47,4 @@ CMD ["npm", "run", "backend"]
 # WORKDIR /usr/share/nginx/html
 # COPY --from=node /app/client/dist /usr/share/nginx/html
 # COPY client/nginx.conf /etc/nginx/conf.d/default.conf
-# ENTRYPOINT ["nginx", "-g", "daemon off;"]
+# ENTRYPOINT ["nginx", "-g", "daemon off;"]

Dockerfile.multi

@@ -1,5 +1,5 @@
 # Dockerfile.multi
-# v0.8.0-rc3
+# v0.7.9
 
 # Base for all builds
 FROM node:20-alpine AS base-min

README.md

@@ -65,10 +65,8 @@
 
 - 🔦 **Agents & Tools Integration**:  
   - **[LibreChat Agents](https://www.librechat.ai/docs/features/agents)**:
-    - No-Code Custom Assistants: Build specialized, AI-driven helpers
-    - Agent Marketplace: Discover and deploy community-built agents
-    - Collaborative Sharing: Share agents with specific users and groups
-    - Flexible & Extensible: Use MCP Servers, tools, file search, code execution, and more
+    - No-Code Custom Assistants: Build specialized, AI-driven helpers without coding  
+    - Flexible & Extensible: Use MCP Servers, tools, file search, code execution, and more  
     - Compatible with Custom Endpoints, OpenAI, Azure, Anthropic, AWS Bedrock, Google, Vertex AI, Responses API, and more
     - [Model Context Protocol (MCP) Support](https://modelcontextprotocol.io/clients#librechat) for Tools
 
@@ -89,18 +87,15 @@
   - Create, Save, & Share Custom Presets  
   - Switch between AI Endpoints and Presets mid-chat
   - Edit, Resubmit, and Continue Messages with Conversation branching  
-  - Create and share prompts with specific users and groups
   - [Fork Messages & Conversations](https://www.librechat.ai/docs/features/fork) for Advanced Context control
 
 - 💬 **Multimodal & File Interactions**:  
   - Upload and analyze images with Claude 3, GPT-4.5, GPT-4o, o1, Llama-Vision, and Gemini 📸  
   - Chat with Files using Custom Endpoints, OpenAI, Azure, Anthropic, AWS Bedrock, & Google 🗃️
 
-- 🌎 **Multilingual UI**:
-  - English, 中文 (简体), 中文 (繁體), العربية, Deutsch, Español, Français, Italiano
-  - Polski, Português (PT), Português (BR), Русский, 日本語, Svenska, 한국어, Tiếng Việt
-  - Türkçe, Nederlands, עברית, Català, Čeština, Dansk, Eesti, فارسی
-  - Suomi, Magyar, Հայերեն, Bahasa Indonesia, ქართული, Latviešu, ไทย, ئۇيغۇرچە
+- 🌎 **Multilingual UI**:  
+  - English, 中文, Deutsch, Español, Français, Italiano, Polski, Português Brasileiro
+  - Русский, 日本語, Svenska, 한국어, Tiếng Việt, 繁體中文, العربية, Türkçe, Nederlands, עברית
 
 - 🧠 **Reasoning UI**:  
   - Dynamic Reasoning UI for Chain-of-Thought/Reasoning AI models like DeepSeek-R1

api/app/clients/BaseClient.js

@@ -37,8 +37,6 @@ class BaseClient {
     this.conversationId;
     /** @type {string} */
     this.responseMessageId;
-    /** @type {string} */
-    this.parentMessageId;
     /** @type {TAttachment[]} */
     this.attachments;
     /** The key for the usage object's input tokens
@@ -187,8 +185,7 @@ class BaseClient {
     this.user = user;
     const saveOptions = this.getSaveOptions();
     this.abortController = opts.abortController ?? new AbortController();
-    const requestConvoId = overrideConvoId ?? opts.conversationId;
-    const conversationId = requestConvoId ?? crypto.randomUUID();
+    const conversationId = overrideConvoId ?? opts.conversationId ?? crypto.randomUUID();
     const parentMessageId = opts.parentMessageId ?? Constants.NO_PARENT;
     const userMessageId =
       overrideUserMessageId ?? opts.overrideParentMessageId ?? crypto.randomUUID();
@@ -213,12 +210,11 @@ class BaseClient {
       ...opts,
       user,
       head,
-      saveOptions,
-      userMessageId,
-      requestConvoId,
       conversationId,
       parentMessageId,
+      userMessageId,
       responseMessageId,
+      saveOptions,
     };
   }
 
@@ -237,12 +233,11 @@ class BaseClient {
     const {
       user,
       head,
-      saveOptions,
-      userMessageId,
-      requestConvoId,
       conversationId,
       parentMessageId,
+      userMessageId,
       responseMessageId,
+      saveOptions,
     } = await this.setMessageOptions(opts);
 
     const userMessage = opts.isEdited
@@ -264,8 +259,7 @@ class BaseClient {
     }
 
     if (typeof opts?.onStart === 'function') {
-      const isNewConvo = !requestConvoId && parentMessageId === Constants.NO_PARENT;
-      opts.onStart(userMessage, responseMessageId, isNewConvo);
+      opts.onStart(userMessage, responseMessageId);
     }
 
     return {
@@ -620,19 +614,15 @@ class BaseClient {
       this.currentMessages.push(userMessage);
     }
 
-    /**
-     * When the userMessage is pushed to currentMessages, the parentMessage is the userMessageId.
-     * this only matters when buildMessages is utilizing the parentMessageId, and may vary on implementation
-     */
-    const parentMessageId = isEdited ? head : userMessage.messageId;
-    this.parentMessageId = parentMessageId;
     let {
       prompt: payload,
       tokenCountMap,
       promptTokens,
     } = await this.buildMessages(
       this.currentMessages,
-      parentMessageId,
+      // When the userMessage is pushed to currentMessages, the parentMessage is the userMessageId.
+      // this only matters when buildMessages is utilizing the parentMessageId, and may vary on implementation
+      isEdited ? head : userMessage.messageId,
       this.getBuildMessagesOptions(opts),
       opts,
     );

api/app/clients/OpenAIClient.js

@@ -653,10 +653,8 @@ class OpenAIClient extends BaseClient {
     if (headers && typeof headers === 'object' && !Array.isArray(headers)) {
       configOptions.baseOptions = {
         headers: resolveHeaders({
-          headers: {
-            ...headers,
-            ...configOptions?.baseOptions?.headers,
-          },
+          ...headers,
+          ...configOptions?.baseOptions?.headers,
         }),
       };
     }
@@ -751,7 +749,7 @@ class OpenAIClient extends BaseClient {
         groupMap,
       });
 
-      this.options.headers = resolveHeaders({ headers });
+      this.options.headers = resolveHeaders(headers);
       this.options.reverseProxyUrl = baseURL ?? null;
       this.langchainProxy = extractBaseURL(this.options.reverseProxyUrl);
       this.apiKey = azureOptions.azureOpenAIApiKey;
@@ -1183,7 +1181,7 @@ ${convo}
           modelGroupMap,
           groupMap,
         });
-        opts.defaultHeaders = resolveHeaders({ headers });
+        opts.defaultHeaders = resolveHeaders(headers);
         this.langchainProxy = extractBaseURL(baseURL);
         this.apiKey = azureOptions.azureOpenAIApiKey;
 
@@ -1224,9 +1222,7 @@ ${convo}
       }
 
       if (this.isOmni === true && modelOptions.max_tokens != null) {
-        const paramName =
-          modelOptions.useResponsesApi === true ? 'max_output_tokens' : 'max_completion_tokens';
-        modelOptions[paramName] = modelOptions.max_tokens;
+        modelOptions.max_completion_tokens = modelOptions.max_tokens;
         delete modelOptions.max_tokens;
       }
       if (this.isOmni === true && modelOptions.temperature != null) {

api/app/clients/specs/AnthropicClient.test.js

@@ -245,7 +245,7 @@ describe('AnthropicClient', () => {
     });
 
     describe('Claude 4 model headers', () => {
-      it('should add "prompt-caching" and "context-1m" beta headers for claude-sonnet-4 model', () => {
+      it('should add "prompt-caching" beta header for claude-sonnet-4 model', () => {
         const client = new AnthropicClient('test-api-key');
         const modelOptions = {
           model: 'claude-sonnet-4-20250514',
@@ -255,30 +255,10 @@ describe('AnthropicClient', () => {
         expect(anthropicClient._options.defaultHeaders).toBeDefined();
         expect(anthropicClient._options.defaultHeaders).toHaveProperty('anthropic-beta');
         expect(anthropicClient._options.defaultHeaders['anthropic-beta']).toBe(
-          'prompt-caching-2024-07-31,context-1m-2025-08-07',
+          'prompt-caching-2024-07-31',
         );
       });
 
-      it('should add "prompt-caching" and "context-1m" beta headers for claude-sonnet-4 model formats', () => {
-        const client = new AnthropicClient('test-api-key');
-        const modelVariations = [
-          'claude-sonnet-4-20250514',
-          'claude-sonnet-4-latest',
-          'anthropic/claude-sonnet-4-20250514',
-        ];
-
-        modelVariations.forEach((model) => {
-          const modelOptions = { model };
-          client.setOptions({ modelOptions, promptCache: true });
-          const anthropicClient = client.getClient(modelOptions);
-          expect(anthropicClient._options.defaultHeaders).toBeDefined();
-          expect(anthropicClient._options.defaultHeaders).toHaveProperty('anthropic-beta');
-          expect(anthropicClient._options.defaultHeaders['anthropic-beta']).toBe(
-            'prompt-caching-2024-07-31,context-1m-2025-08-07',
-          );
-        });
-      });
-
       it('should add "prompt-caching" beta header for claude-opus-4 model', () => {
         const client = new AnthropicClient('test-api-key');
         const modelOptions = {
@@ -293,6 +273,20 @@ describe('AnthropicClient', () => {
         );
       });
 
+      it('should add "prompt-caching" beta header for claude-4-sonnet model', () => {
+        const client = new AnthropicClient('test-api-key');
+        const modelOptions = {
+          model: 'claude-4-sonnet-20250514',
+        };
+        client.setOptions({ modelOptions, promptCache: true });
+        const anthropicClient = client.getClient(modelOptions);
+        expect(anthropicClient._options.defaultHeaders).toBeDefined();
+        expect(anthropicClient._options.defaultHeaders).toHaveProperty('anthropic-beta');
+        expect(anthropicClient._options.defaultHeaders['anthropic-beta']).toBe(
+          'prompt-caching-2024-07-31',
+        );
+      });
+
       it('should add "prompt-caching" beta header for claude-4-opus model', () => {
         const client = new AnthropicClient('test-api-key');
         const modelOptions = {

api/app/clients/specs/BaseClient.test.js

@@ -579,8 +579,6 @@ describe('BaseClient', () => {
       expect(onStart).toHaveBeenCalledWith(
         expect.objectContaining({ text: 'Hello, world!' }),
         expect.any(String),
-        /** `isNewConvo` */
-        true,
       );
     });
 

api/app/clients/tools/util/handleTools.js

@@ -3,7 +3,7 @@ const { SerpAPI } = require('@langchain/community/tools/serpapi');
 const { Calculator } = require('@langchain/community/tools/calculator');
 const { mcpToolPattern, loadWebSearchAuth } = require('@librechat/api');
 const { EnvVar, createCodeExecutionTool, createSearchTool } = require('@librechat/agents');
-const { Tools, Constants, EToolResources, replaceSpecialVars } = require('librechat-data-provider');
+const { Tools, EToolResources, replaceSpecialVars } = require('librechat-data-provider');
 const {
   availableTools,
   manifestToolMap,
@@ -24,9 +24,9 @@ const {
 const { primeFiles: primeCodeFiles } = require('~/server/services/Files/Code/process');
 const { createFileSearchTool, primeFiles: primeSearchFiles } = require('./fileSearch');
 const { getUserPluginAuthValue } = require('~/server/services/PluginService');
-const { createMCPTool, createMCPTools } = require('~/server/services/MCP');
 const { loadAuthValues } = require('~/server/services/Tools/credentials');
 const { getCachedTools } = require('~/server/services/Config');
+const { createMCPTool } = require('~/server/services/MCP');
 
 /**
  * Validates the availability and authentication of tools for a user based on environment variables or user-specific plugin authentication values.
@@ -123,8 +123,6 @@ const getAuthFields = (toolKey) => {
  *
  * @param {object} object
  * @param {string} object.user
- * @param {Record<string, Record<string, string>>} [object.userMCPAuthMap]
- * @param {AbortSignal} [object.signal]
  * @param {Pick<Agent, 'id' | 'provider' | 'model'>} [object.agent]
  * @param {string} [object.model]
  * @param {EModelEndpoint} [object.endpoint]
@@ -139,9 +137,7 @@ const loadTools = async ({
   user,
   agent,
   model,
-  signal,
   endpoint,
-  userMCPAuthMap,
   tools = [],
   options = {},
   functions = true,
@@ -235,7 +231,6 @@ const loadTools = async ({
   /** @type {Record<string, string>} */
   const toolContextMap = {};
   const cachedTools = (await getCachedTools({ userId: user, includeGlobal: true })) ?? {};
-  const requestedMCPTools = {};
 
   for (const tool of tools) {
     if (tool === Tools.execute_code) {
@@ -304,35 +299,14 @@ Current Date & Time: ${replaceSpecialVars({ text: '{{iso_datetime}}' })}
       };
       continue;
     } else if (tool && cachedTools && mcpToolPattern.test(tool)) {
-      const [toolName, serverName] = tool.split(Constants.mcp_delimiter);
-      if (toolName === Constants.mcp_all) {
-        const currentMCPGenerator = async (index) =>
-          createMCPTools({
-            req: options.req,
-            res: options.res,
-            index,
-            serverName,
-            userMCPAuthMap,
-            model: agent?.model ?? model,
-            provider: agent?.provider ?? endpoint,
-            signal,
-          });
-        requestedMCPTools[serverName] = [currentMCPGenerator];
-        continue;
-      }
-      const currentMCPGenerator = async (index) =>
+      requestedTools[tool] = async () =>
         createMCPTool({
-          index,
           req: options.req,
           res: options.res,
           toolKey: tool,
-          userMCPAuthMap,
           model: agent?.model ?? model,
           provider: agent?.provider ?? endpoint,
-          signal,
         });
-      requestedMCPTools[serverName] = requestedMCPTools[serverName] || [];
-      requestedMCPTools[serverName].push(currentMCPGenerator);
       continue;
     }
 
@@ -372,34 +346,6 @@ Current Date & Time: ${replaceSpecialVars({ text: '{{iso_datetime}}' })}
   }
 
   const loadedTools = (await Promise.all(toolPromises)).flatMap((plugin) => plugin || []);
-  const mcpToolPromises = [];
-  /** MCP server tools are initialized sequentially by server */
-  let index = -1;
-  for (const [serverName, generators] of Object.entries(requestedMCPTools)) {
-    index++;
-    for (const generator of generators) {
-      try {
-        if (generator && generators.length === 1) {
-          mcpToolPromises.push(
-            generator(index).catch((error) => {
-              logger.error(`Error loading ${serverName} tools:`, error);
-              return null;
-            }),
-          );
-          continue;
-        }
-        const mcpTool = await generator(index);
-        if (Array.isArray(mcpTool)) {
-          loadedTools.push(...mcpTool);
-        } else if (mcpTool) {
-          loadedTools.push(mcpTool);
-        }
-      } catch (error) {
-        logger.error(`Error loading MCP tool for server ${serverName}:`, error);
-      }
-    }
-  }
-  loadedTools.push(...(await Promise.all(mcpToolPromises)).flatMap((plugin) => plugin || []));
   return { loadedTools, toolContextMap };
 };
 

api/cache/cacheConfig.js

@@ -52,8 +52,7 @@ const cacheConfig = {
   REDIS_CONNECT_TIMEOUT: math(process.env.REDIS_CONNECT_TIMEOUT, 10000),
   /** Queue commands when disconnected */
   REDIS_ENABLE_OFFLINE_QUEUE: isEnabled(process.env.REDIS_ENABLE_OFFLINE_QUEUE ?? 'true'),
-  /** Enable redis cluster without the need of multiple URIs */
-  USE_REDIS_CLUSTER: isEnabled(process.env.USE_REDIS_CLUSTER ?? 'false'),
+
   CI: isEnabled(process.env.CI),
   DEBUG_MEMORY_CACHE: isEnabled(process.env.DEBUG_MEMORY_CACHE),
 

api/cache/cacheConfig.spec.js

@@ -14,7 +14,6 @@ describe('cacheConfig', () => {
     delete process.env.REDIS_KEY_PREFIX_VAR;
     delete process.env.REDIS_KEY_PREFIX;
     delete process.env.USE_REDIS;
-    delete process.env.USE_REDIS_CLUSTER;
     delete process.env.REDIS_PING_INTERVAL;
     delete process.env.FORCED_IN_MEMORY_CACHE_NAMESPACES;
 
@@ -102,38 +101,6 @@ describe('cacheConfig', () => {
     });
   });
 
-  describe('USE_REDIS_CLUSTER configuration', () => {
-    test('should default to false when USE_REDIS_CLUSTER is not set', () => {
-      const { cacheConfig } = require('./cacheConfig');
-      expect(cacheConfig.USE_REDIS_CLUSTER).toBe(false);
-    });
-
-    test('should be false when USE_REDIS_CLUSTER is set to false', () => {
-      process.env.USE_REDIS_CLUSTER = 'false';
-
-      const { cacheConfig } = require('./cacheConfig');
-      expect(cacheConfig.USE_REDIS_CLUSTER).toBe(false);
-    });
-
-    test('should be true when USE_REDIS_CLUSTER is set to true', () => {
-      process.env.USE_REDIS_CLUSTER = 'true';
-
-      const { cacheConfig } = require('./cacheConfig');
-      expect(cacheConfig.USE_REDIS_CLUSTER).toBe(true);
-    });
-
-    test('should work with USE_REDIS enabled and REDIS_URI set', () => {
-      process.env.USE_REDIS_CLUSTER = 'true';
-      process.env.USE_REDIS = 'true';
-      process.env.REDIS_URI = 'redis://localhost:6379';
-
-      const { cacheConfig } = require('./cacheConfig');
-      expect(cacheConfig.USE_REDIS_CLUSTER).toBe(true);
-      expect(cacheConfig.USE_REDIS).toBe(true);
-      expect(cacheConfig.REDIS_URI).toBe('redis://localhost:6379');
-    });
-  });
-
   describe('REDIS_CA file reading', () => {
     test('should be null when REDIS_CA is not set', () => {
       const { cacheConfig } = require('./cacheConfig');

api/cache/getLogStores.js

@@ -31,6 +31,7 @@ const namespaces = {
   [CacheKeys.SAML_SESSION]: sessionCache(CacheKeys.SAML_SESSION),
 
   [CacheKeys.ROLES]: standardCache(CacheKeys.ROLES),
+  [CacheKeys.MCP_TOOLS]: standardCache(CacheKeys.MCP_TOOLS),
   [CacheKeys.CONFIG_STORE]: standardCache(CacheKeys.CONFIG_STORE),
   [CacheKeys.STATIC_CONFIG]: standardCache(CacheKeys.STATIC_CONFIG),
   [CacheKeys.PENDING_REQ]: standardCache(CacheKeys.PENDING_REQ),

api/cache/redisClients.js

@@ -38,7 +38,7 @@ if (cacheConfig.USE_REDIS) {
       const targetError = 'READONLY';
       if (err.message.includes(targetError)) {
         logger.warn('ioredis reconnecting due to READONLY error');
-        return 2; // Return retry delay instead of boolean
+        return true;
       }
       return false;
     },
@@ -48,29 +48,26 @@ if (cacheConfig.USE_REDIS) {
   };
 
   ioredisClient =
-    urls.length === 1 && !cacheConfig.USE_REDIS_CLUSTER
+    urls.length === 1
       ? new IoRedis(cacheConfig.REDIS_URI, redisOptions)
-      : new IoRedis.Cluster(
-          urls.map((url) => ({ host: url.hostname, port: parseInt(url.port, 10) || 6379 })),
-          {
-            redisOptions,
-            clusterRetryStrategy: (times) => {
-              if (
-                cacheConfig.REDIS_RETRY_MAX_ATTEMPTS > 0 &&
-                times > cacheConfig.REDIS_RETRY_MAX_ATTEMPTS
-              ) {
-                logger.error(
-                  `ioredis cluster giving up after ${cacheConfig.REDIS_RETRY_MAX_ATTEMPTS} reconnection attempts`,
-                );
-                return null;
-              }
-              const delay = Math.min(times * 100, cacheConfig.REDIS_RETRY_MAX_DELAY);
-              logger.info(`ioredis cluster reconnecting... attempt ${times}, delay ${delay}ms`);
-              return delay;
-            },
-            enableOfflineQueue: cacheConfig.REDIS_ENABLE_OFFLINE_QUEUE,
+      : new IoRedis.Cluster(cacheConfig.REDIS_URI, {
+          redisOptions,
+          clusterRetryStrategy: (times) => {
+            if (
+              cacheConfig.REDIS_RETRY_MAX_ATTEMPTS > 0 &&
+              times > cacheConfig.REDIS_RETRY_MAX_ATTEMPTS
+            ) {
+              logger.error(
+                `ioredis cluster giving up after ${cacheConfig.REDIS_RETRY_MAX_ATTEMPTS} reconnection attempts`,
+              );
+              return null;
+            }
+            const delay = Math.min(times * 100, cacheConfig.REDIS_RETRY_MAX_DELAY);
+            logger.info(`ioredis cluster reconnecting... attempt ${times}, delay ${delay}ms`);
+            return delay;
           },
-        );
+          enableOfflineQueue: cacheConfig.REDIS_ENABLE_OFFLINE_QUEUE,
+        });
 
   ioredisClient.on('error', (err) => {
     logger.error('ioredis client error:', err);
@@ -148,10 +145,10 @@ if (cacheConfig.USE_REDIS) {
   };
 
   keyvRedisClient =
-    urls.length === 1 && !cacheConfig.USE_REDIS_CLUSTER
+    urls.length === 1
       ? createClient({ url: cacheConfig.REDIS_URI, ...redisOptions })
       : createCluster({
-          rootNodes: urls.map((url) => ({ url: url.href })),
+          rootNodes: cacheConfig.REDIS_URI.split(',').map((url) => ({ url })),
           defaults: redisOptions,
         });
 

api/config/index.js

@@ -1,13 +1,27 @@
-const { MCPManager, FlowStateManager } = require('@librechat/api');
 const { EventSource } = require('eventsource');
 const { Time } = require('librechat-data-provider');
+const { MCPManager, FlowStateManager } = require('@librechat/api');
 const logger = require('./winston');
 
 global.EventSource = EventSource;
 
 /** @type {MCPManager} */
+let mcpManager = null;
 let flowManager = null;
 
+/**
+ * @param {string} [userId] - Optional user ID, to avoid disconnecting the current user.
+ * @returns {MCPManager}
+ */
+function getMCPManager(userId) {
+  if (!mcpManager) {
+    mcpManager = MCPManager.getInstance();
+  } else {
+    mcpManager.checkIdleConnections(userId);
+  }
+  return mcpManager;
+}
+
 /**
  * @param {Keyv} flowsCache
  * @returns {FlowStateManager}
@@ -23,7 +37,6 @@ function getFlowStateManager(flowsCache) {
 
 module.exports = {
   logger,
-  createMCPManager: MCPManager.createInstance,
-  getMCPManager: MCPManager.getInstance,
+  getMCPManager,
   getFlowStateManager,
 };

api/models/Agent.js

@@ -2,7 +2,7 @@ const mongoose = require('mongoose');
 const crypto = require('node:crypto');
 const { logger } = require('@librechat/data-schemas');
 const { ResourceType, SystemRoles, Tools, actionDelimiter } = require('librechat-data-provider');
-const { GLOBAL_PROJECT_NAME, EPHEMERAL_AGENT_ID, mcp_all, mcp_delimiter } =
+const { GLOBAL_PROJECT_NAME, EPHEMERAL_AGENT_ID, mcp_delimiter } =
   require('librechat-data-provider').Constants;
 const {
   removeAgentFromAllProjects,
@@ -78,7 +78,6 @@ const loadEphemeralAgent = async ({ req, agent_id, endpoint, model_parameters: _
     tools.push(Tools.web_search);
   }
 
-  const addedServers = new Set();
   if (mcpServers.size > 0) {
     for (const toolName of Object.keys(availableTools)) {
       if (!toolName.includes(mcp_delimiter)) {
@@ -86,17 +85,9 @@ const loadEphemeralAgent = async ({ req, agent_id, endpoint, model_parameters: _
       }
       const mcpServer = toolName.split(mcp_delimiter)?.[1];
       if (mcpServer && mcpServers.has(mcpServer)) {
-        addedServers.add(mcpServer);
         tools.push(toolName);
       }
     }
-
-    for (const mcpServer of mcpServers) {
-      if (addedServers.has(mcpServer)) {
-        continue;
-      }
-      tools.push(`${mcp_all}${mcp_delimiter}${mcpServer}`);
-    }
   }
 
   const instructions = req.body.promptPrefix;
@@ -373,10 +364,17 @@ const updateAgent = async (searchParameter, updateData, options = {}) => {
     if (shouldCreateVersion) {
       const duplicateVersion = isDuplicateVersion(updateData, versionData, versions, actionsHash);
       if (duplicateVersion && !forceVersion) {
-        // No changes detected, return the current agent without creating a new version
-        const agentObj = currentAgent.toObject();
-        agentObj.version = versions.length;
-        return agentObj;
+        const error = new Error(
+          'Duplicate version: This would create a version identical to an existing one',
+        );
+        error.statusCode = 409;
+        error.details = {
+          duplicateVersion,
+          versionIndex: versions.findIndex(
+            (v) => JSON.stringify(duplicateVersion) === JSON.stringify(v),
+          ),
+        };
+        throw error;
       }
     }
 
@@ -542,7 +540,11 @@ const getListAgentsByAccess = async ({
   const normalizedLimit = isPaginated ? Math.min(Math.max(1, parseInt(limit) || 20), 100) : null;
 
   // Build base query combining ACL accessible agents with other filters
-  const baseQuery = { ...otherParams, _id: { $in: accessibleIds } };
+  const baseQuery = { ...otherParams };
+
+  if (accessibleIds.length > 0) {
+    baseQuery._id = { $in: accessibleIds };
+  }
 
   // Add cursor condition
   if (after) {

api/models/Agent.spec.js

@@ -22,7 +22,6 @@ const {
   updateAgent,
   deleteAgent,
   getListAgents,
-  getListAgentsByAccess,
   revertAgentVersion,
   updateAgentProjects,
   addAgentResourceFile,
@@ -942,31 +941,45 @@ describe('models/Agent', () => {
       expect(emptyParamsAgent.model_parameters).toEqual({});
     });
 
-    test('should not create new version for duplicate updates', async () => {
-      const authorId = new mongoose.Types.ObjectId();
-      const testCases = generateVersionTestCases();
+    test('should detect duplicate versions and reject updates', async () => {
+      const originalConsoleError = console.error;
+      console.error = jest.fn();
 
-      for (const testCase of testCases) {
-        const testAgentId = `agent_${uuidv4()}`;
+      try {
+        const authorId = new mongoose.Types.ObjectId();
+        const testCases = generateVersionTestCases();
 
-        await createAgent({
-          id: testAgentId,
-          provider: 'test',
-          model: 'test-model',
-          author: authorId,
-          ...testCase.initial,
-        });
+        for (const testCase of testCases) {
+          const testAgentId = `agent_${uuidv4()}`;
 
-        const updatedAgent = await updateAgent({ id: testAgentId }, testCase.update);
-        expect(updatedAgent.versions).toHaveLength(2); // No new version created
+          await createAgent({
+            id: testAgentId,
+            provider: 'test',
+            model: 'test-model',
+            author: authorId,
+            ...testCase.initial,
+          });
 
-        // Update with duplicate data should succeed but not create a new version
-        const duplicateUpdate = await updateAgent({ id: testAgentId }, testCase.duplicate);
+          await updateAgent({ id: testAgentId }, testCase.update);
 
-        expect(duplicateUpdate.versions).toHaveLength(2); // No new version created
+          let error;
+          try {
+            await updateAgent({ id: testAgentId }, testCase.duplicate);
+          } catch (e) {
+            error = e;
+          }
 
-        const agent = await getAgent({ id: testAgentId });
-        expect(agent.versions).toHaveLength(2);
+          expect(error).toBeDefined();
+          expect(error.message).toContain('Duplicate version');
+          expect(error.statusCode).toBe(409);
+          expect(error.details).toBeDefined();
+          expect(error.details.duplicateVersion).toBeDefined();
+
+          const agent = await getAgent({ id: testAgentId });
+          expect(agent.versions).toHaveLength(2);
+        }
+      } finally {
+        console.error = originalConsoleError;
       }
     });
 
@@ -1142,13 +1155,20 @@ describe('models/Agent', () => {
       expect(secondUpdate.versions).toHaveLength(3);
 
       // Update without forceVersion and no changes should not create a version
-      const duplicateUpdate = await updateAgent(
-        { id: agentId },
-        { tools: ['listEvents_action_test.com', 'createEvent_action_test.com'] },
-        { updatingUserId: authorId.toString(), forceVersion: false },
-      );
+      let error;
+      try {
+        await updateAgent(
+          { id: agentId },
+          { tools: ['listEvents_action_test.com', 'createEvent_action_test.com'] },
+          { updatingUserId: authorId.toString(), forceVersion: false },
+        );
+      } catch (e) {
+        error = e;
+      }
 
-      expect(duplicateUpdate.versions).toHaveLength(3); // No new version created
+      expect(error).toBeDefined();
+      expect(error.message).toContain('Duplicate version');
+      expect(error.statusCode).toBe(409);
     });
 
     test('should handle isDuplicateVersion with arrays containing null/undefined values', async () => {
@@ -1346,21 +1366,18 @@ describe('models/Agent', () => {
       expect(secondUpdate.versions).toHaveLength(3);
       expect(secondUpdate.support_contact.email).toBe('updated@support.com');
 
-      // Try to update with same support_contact - should be detected as duplicate but return successfully
-      const duplicateUpdate = await updateAgent(
-        { id: agentId },
-        {
-          support_contact: {
-            name: 'Updated Support',
-            email: 'updated@support.com',
+      // Try to update with same support_contact - should be detected as duplicate
+      await expect(
+        updateAgent(
+          { id: agentId },
+          {
+            support_contact: {
+              name: 'Updated Support',
+              email: 'updated@support.com',
+            },
           },
-        },
-      );
-
-      // Should not create a new version
-      expect(duplicateUpdate.versions).toHaveLength(3);
-      expect(duplicateUpdate.version).toBe(3);
-      expect(duplicateUpdate.support_contact.email).toBe('updated@support.com');
+        ),
+      ).rejects.toThrow('Duplicate version');
     });
 
     test('should handle support_contact from empty to populated', async () => {
@@ -1544,22 +1561,18 @@ describe('models/Agent', () => {
       expect(updated.support_contact.name).toBe('New Name');
       expect(updated.support_contact.email).toBe('');
 
-      // Verify isDuplicateVersion works with partial changes - should return successfully without creating new version
-      const duplicateUpdate = await updateAgent(
-        { id: agentId },
-        {
-          support_contact: {
-            name: 'New Name',
-            email: '',
+      // Verify isDuplicateVersion works with partial changes
+      await expect(
+        updateAgent(
+          { id: agentId },
+          {
+            support_contact: {
+              name: 'New Name',
+              email: '',
+            },
           },
-        },
-      );
-
-      // Should not create a new version since content is the same
-      expect(duplicateUpdate.versions).toHaveLength(2);
-      expect(duplicateUpdate.version).toBe(2);
-      expect(duplicateUpdate.support_contact.name).toBe('New Name');
-      expect(duplicateUpdate.support_contact.email).toBe('');
+        ),
+      ).rejects.toThrow('Duplicate version');
     });
 
     // Edge Cases
@@ -2779,18 +2792,11 @@ describe('models/Agent', () => {
         agent_ids: ['agent1', 'agent2'],
       });
 
-      const updatedAgent = await updateAgent(
-        { id: agentId },
-        { agent_ids: ['agent1', 'agent2', 'agent3'] },
-      );
-      expect(updatedAgent.versions).toHaveLength(2);
+      await updateAgent({ id: agentId }, { agent_ids: ['agent1', 'agent2', 'agent3'] });
 
-      // Update with same agent_ids should succeed but not create a new version
-      const duplicateUpdate = await updateAgent(
-        { id: agentId },
-        { agent_ids: ['agent1', 'agent2', 'agent3'] },
-      );
-      expect(duplicateUpdate.versions).toHaveLength(2); // No new version created
+      await expect(
+        updateAgent({ id: agentId }, { agent_ids: ['agent1', 'agent2', 'agent3'] }),
+      ).rejects.toThrow('Duplicate version');
     });
 
     test('should handle agent_ids field alongside other fields', async () => {
@@ -2929,10 +2935,9 @@ describe('models/Agent', () => {
       expect(updated.versions).toHaveLength(2);
       expect(updated.agent_ids).toEqual([]);
 
-      // Update with same empty agent_ids should succeed but not create a new version
-      const duplicateUpdate = await updateAgent({ id: agentId }, { agent_ids: [] });
-      expect(duplicateUpdate.versions).toHaveLength(2); // No new version created
-      expect(duplicateUpdate.agent_ids).toEqual([]);
+      await expect(updateAgent({ id: agentId }, { agent_ids: [] })).rejects.toThrow(
+        'Duplicate version',
+      );
     });
 
     test('should handle agent without agent_ids field', async () => {
@@ -3042,212 +3047,6 @@ describe('Support Contact Field', () => {
     // Verify support_contact is undefined when not provided
     expect(agent.support_contact).toBeUndefined();
   });
-
-  describe('getListAgentsByAccess - Security Tests', () => {
-    let userA, userB;
-    let agentA1, agentA2, agentA3;
-
-    beforeEach(async () => {
-      Agent = mongoose.models.Agent || mongoose.model('Agent', agentSchema);
-      await Agent.deleteMany({});
-      await AclEntry.deleteMany({});
-
-      // Create two users
-      userA = new mongoose.Types.ObjectId();
-      userB = new mongoose.Types.ObjectId();
-
-      // Create agents for user A
-      agentA1 = await createAgent({
-        id: `agent_${uuidv4().slice(0, 12)}`,
-        name: 'Agent A1',
-        description: 'User A agent 1',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: userA,
-      });
-
-      agentA2 = await createAgent({
-        id: `agent_${uuidv4().slice(0, 12)}`,
-        name: 'Agent A2',
-        description: 'User A agent 2',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: userA,
-      });
-
-      agentA3 = await createAgent({
-        id: `agent_${uuidv4().slice(0, 12)}`,
-        name: 'Agent A3',
-        description: 'User A agent 3',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: userA,
-      });
-    });
-
-    test('should return empty list when user has no accessible agents (empty accessibleIds)', async () => {
-      // User B has no agents and no shared agents
-      const result = await getListAgentsByAccess({
-        accessibleIds: [],
-        otherParams: {},
-      });
-
-      expect(result.data).toHaveLength(0);
-      expect(result.has_more).toBe(false);
-      expect(result.first_id).toBeNull();
-      expect(result.last_id).toBeNull();
-    });
-
-    test('should not return other users agents when accessibleIds is empty', async () => {
-      // User B trying to list agents with empty accessibleIds should not see User A's agents
-      const result = await getListAgentsByAccess({
-        accessibleIds: [],
-        otherParams: { author: userB },
-      });
-
-      expect(result.data).toHaveLength(0);
-      expect(result.has_more).toBe(false);
-    });
-
-    test('should only return agents in accessibleIds list', async () => {
-      // Give User B access to only one of User A's agents
-      const accessibleIds = [agentA1._id];
-
-      const result = await getListAgentsByAccess({
-        accessibleIds,
-        otherParams: {},
-      });
-
-      expect(result.data).toHaveLength(1);
-      expect(result.data[0].id).toBe(agentA1.id);
-      expect(result.data[0].name).toBe('Agent A1');
-    });
-
-    test('should return multiple accessible agents when provided', async () => {
-      // Give User B access to two of User A's agents
-      const accessibleIds = [agentA1._id, agentA3._id];
-
-      const result = await getListAgentsByAccess({
-        accessibleIds,
-        otherParams: {},
-      });
-
-      expect(result.data).toHaveLength(2);
-      const returnedIds = result.data.map((agent) => agent.id);
-      expect(returnedIds).toContain(agentA1.id);
-      expect(returnedIds).toContain(agentA3.id);
-      expect(returnedIds).not.toContain(agentA2.id);
-    });
-
-    test('should respect other query parameters while enforcing accessibleIds', async () => {
-      // Give access to all agents but filter by name
-      const accessibleIds = [agentA1._id, agentA2._id, agentA3._id];
-
-      const result = await getListAgentsByAccess({
-        accessibleIds,
-        otherParams: { name: 'Agent A2' },
-      });
-
-      expect(result.data).toHaveLength(1);
-      expect(result.data[0].id).toBe(agentA2.id);
-    });
-
-    test('should handle pagination correctly with accessibleIds filter', async () => {
-      // Create more agents
-      const moreAgents = [];
-      for (let i = 4; i <= 10; i++) {
-        const agent = await createAgent({
-          id: `agent_${uuidv4().slice(0, 12)}`,
-          name: `Agent A${i}`,
-          description: `User A agent ${i}`,
-          provider: 'openai',
-          model: 'gpt-4',
-          author: userA,
-        });
-        moreAgents.push(agent);
-      }
-
-      // Give access to all agents
-      const allAgentIds = [agentA1, agentA2, agentA3, ...moreAgents].map((a) => a._id);
-
-      // First page
-      const page1 = await getListAgentsByAccess({
-        accessibleIds: allAgentIds,
-        otherParams: {},
-        limit: 5,
-      });
-
-      expect(page1.data).toHaveLength(5);
-      expect(page1.has_more).toBe(true);
-      expect(page1.after).toBeTruthy();
-
-      // Second page
-      const page2 = await getListAgentsByAccess({
-        accessibleIds: allAgentIds,
-        otherParams: {},
-        limit: 5,
-        after: page1.after,
-      });
-
-      expect(page2.data).toHaveLength(5);
-      expect(page2.has_more).toBe(false);
-
-      // Verify no overlap between pages
-      const page1Ids = page1.data.map((a) => a.id);
-      const page2Ids = page2.data.map((a) => a.id);
-      const intersection = page1Ids.filter((id) => page2Ids.includes(id));
-      expect(intersection).toHaveLength(0);
-    });
-
-    test('should return empty list when accessibleIds contains non-existent IDs', async () => {
-      // Try with non-existent agent IDs
-      const fakeIds = [new mongoose.Types.ObjectId(), new mongoose.Types.ObjectId()];
-
-      const result = await getListAgentsByAccess({
-        accessibleIds: fakeIds,
-        otherParams: {},
-      });
-
-      expect(result.data).toHaveLength(0);
-      expect(result.has_more).toBe(false);
-    });
-
-    test('should handle undefined accessibleIds as empty array', async () => {
-      // When accessibleIds is undefined, it should be treated as empty array
-      const result = await getListAgentsByAccess({
-        accessibleIds: undefined,
-        otherParams: {},
-      });
-
-      expect(result.data).toHaveLength(0);
-      expect(result.has_more).toBe(false);
-    });
-
-    test('should combine accessibleIds with author filter correctly', async () => {
-      // Create an agent for User B
-      const agentB1 = await createAgent({
-        id: `agent_${uuidv4().slice(0, 12)}`,
-        name: 'Agent B1',
-        description: 'User B agent 1',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: userB,
-      });
-
-      // Give User B access to one of User A's agents
-      const accessibleIds = [agentA1._id, agentB1._id];
-
-      // Filter by author should further restrict the results
-      const result = await getListAgentsByAccess({
-        accessibleIds,
-        otherParams: { author: userB },
-      });
-
-      expect(result.data).toHaveLength(1);
-      expect(result.data[0].id).toBe(agentB1.id);
-      expect(result.data[0].author).toBe(userB.toString());
-    });
-  });
 });
 
 function createBasicAgent(overrides = {}) {

api/models/Prompt.js

@@ -247,130 +247,10 @@ const deletePromptGroup = async ({ _id, author, role }) => {
   return { message: 'Prompt group deleted successfully' };
 };
 
-/**
- * Get prompt groups by accessible IDs with optional cursor-based pagination.
- * @param {Object} params - The parameters for getting accessible prompt groups.
- * @param {Array} [params.accessibleIds] - Array of prompt group ObjectIds the user has ACL access to.
- * @param {Object} [params.otherParams] - Additional query parameters (including author filter).
- * @param {number} [params.limit] - Number of prompt groups to return (max 100). If not provided, returns all prompt groups.
- * @param {string} [params.after] - Cursor for pagination - get prompt groups after this cursor. // base64 encoded JSON string with updatedAt and _id.
- * @returns {Promise<Object>} A promise that resolves to an object containing the prompt groups data and pagination info.
- */
-async function getListPromptGroupsByAccess({
-  accessibleIds = [],
-  otherParams = {},
-  limit = null,
-  after = null,
-}) {
-  const isPaginated = limit !== null && limit !== undefined;
-  const normalizedLimit = isPaginated ? Math.min(Math.max(1, parseInt(limit) || 20), 100) : null;
-
-  // Build base query combining ACL accessible prompt groups with other filters
-  const baseQuery = { ...otherParams, _id: { $in: accessibleIds } };
-
-  // Add cursor condition
-  if (after) {
-    try {
-      const cursor = JSON.parse(Buffer.from(after, 'base64').toString('utf8'));
-      const { updatedAt, _id } = cursor;
-
-      const cursorCondition = {
-        $or: [
-          { updatedAt: { $lt: new Date(updatedAt) } },
-          { updatedAt: new Date(updatedAt), _id: { $gt: new ObjectId(_id) } },
-        ],
-      };
-
-      // Merge cursor condition with base query
-      if (Object.keys(baseQuery).length > 0) {
-        baseQuery.$and = [{ ...baseQuery }, cursorCondition];
-        // Remove the original conditions from baseQuery to avoid duplication
-        Object.keys(baseQuery).forEach((key) => {
-          if (key !== '$and') delete baseQuery[key];
-        });
-      } else {
-        Object.assign(baseQuery, cursorCondition);
-      }
-    } catch (error) {
-      logger.warn('Invalid cursor:', error.message);
-    }
-  }
-
-  // Build aggregation pipeline
-  const pipeline = [{ $match: baseQuery }, { $sort: { updatedAt: -1, _id: 1 } }];
-
-  // Only apply limit if pagination is requested
-  if (isPaginated) {
-    pipeline.push({ $limit: normalizedLimit + 1 });
-  }
-
-  // Add lookup for production prompt
-  pipeline.push(
-    {
-      $lookup: {
-        from: 'prompts',
-        localField: 'productionId',
-        foreignField: '_id',
-        as: 'productionPrompt',
-      },
-    },
-    { $unwind: { path: '$productionPrompt', preserveNullAndEmptyArrays: true } },
-    {
-      $project: {
-        name: 1,
-        numberOfGenerations: 1,
-        oneliner: 1,
-        category: 1,
-        projectIds: 1,
-        productionId: 1,
-        author: 1,
-        authorName: 1,
-        createdAt: 1,
-        updatedAt: 1,
-        'productionPrompt.prompt': 1,
-      },
-    },
-  );
-
-  const promptGroups = await PromptGroup.aggregate(pipeline).exec();
-
-  const hasMore = isPaginated ? promptGroups.length > normalizedLimit : false;
-  const data = (isPaginated ? promptGroups.slice(0, normalizedLimit) : promptGroups).map(
-    (group) => {
-      if (group.author) {
-        group.author = group.author.toString();
-      }
-      return group;
-    },
-  );
-
-  // Generate next cursor only if paginated
-  let nextCursor = null;
-  if (isPaginated && hasMore && data.length > 0) {
-    const lastGroup = promptGroups[normalizedLimit - 1];
-    nextCursor = Buffer.from(
-      JSON.stringify({
-        updatedAt: lastGroup.updatedAt.toISOString(),
-        _id: lastGroup._id.toString(),
-      }),
-    ).toString('base64');
-  }
-
-  return {
-    object: 'list',
-    data,
-    first_id: data.length > 0 ? data[0]._id.toString() : null,
-    last_id: data.length > 0 ? data[data.length - 1]._id.toString() : null,
-    has_more: hasMore,
-    after: nextCursor,
-  };
-}
-
 module.exports = {
   getPromptGroups,
   deletePromptGroup,
   getAllPromptGroups,
-  getListPromptGroupsByAccess,
   /**
    * Create a prompt and its respective group
    * @param {TCreatePromptRecord} saveData

api/models/Role.js

@@ -16,7 +16,7 @@ const { Role } = require('~/db/models');
  *
  * @param {string} roleName - The name of the role to find or create.
  * @param {string|string[]} [fieldsToSelect] - The fields to include or exclude in the returned document.
- * @returns {Promise<IRole>} Role document.
+ * @returns {Promise<Object>} A plain object representing the role document.
  */
 const getRoleByName = async function (roleName, fieldsToSelect = null) {
   const cache = getLogStores(CacheKeys.ROLES);
@@ -72,9 +72,8 @@ const updateRoleByName = async function (roleName, updates) {
  * Updates access permissions for a specific role and multiple permission types.
  * @param {string} roleName - The role to update.
  * @param {Object.<PermissionTypes, Object.<Permissions, boolean>>} permissionsUpdate - Permissions to update and their values.
- * @param {IRole} [roleData] - Optional role data to use instead of fetching from the database.
  */
-async function updateAccessPermissions(roleName, permissionsUpdate, roleData) {
+async function updateAccessPermissions(roleName, permissionsUpdate) {
   // Filter and clean the permission updates based on our schema definition.
   const updates = {};
   for (const [permissionType, permissions] of Object.entries(permissionsUpdate)) {
@@ -87,7 +86,7 @@ async function updateAccessPermissions(roleName, permissionsUpdate, roleData) {
   }
 
   try {
-    const role = roleData ?? (await getRoleByName(roleName));
+    const role = await getRoleByName(roleName);
     if (!role) {
       return;
     }
@@ -114,6 +113,7 @@ async function updateAccessPermissions(roleName, permissionsUpdate, roleData) {
       }
     }
 
+    // Process the current updates
     for (const [permissionType, permissions] of Object.entries(updates)) {
       const currentTypePermissions = currentPermissions[permissionType] || {};
       updatedPermissions[permissionType] = { ...currentTypePermissions };

api/models/tx.js

@@ -1,4 +1,4 @@
-const { matchModelName } = require('../utils/tokens');
+const { matchModelName } = require('../utils');
 const defaultRate = 6;
 
 /**
@@ -87,9 +87,6 @@ const tokenValues = Object.assign(
     'gpt-4.1': { prompt: 2, completion: 8 },
     'gpt-4.5': { prompt: 75, completion: 150 },
     'gpt-4o-mini': { prompt: 0.15, completion: 0.6 },
-    'gpt-5': { prompt: 1.25, completion: 10 },
-    'gpt-5-mini': { prompt: 0.25, completion: 2 },
-    'gpt-5-nano': { prompt: 0.05, completion: 0.4 },
     'gpt-4o': { prompt: 2.5, completion: 10 },
     'gpt-4o-2024-05-13': { prompt: 5, completion: 15 },
     'gpt-4-1106': { prompt: 10, completion: 30 },
@@ -150,9 +147,6 @@ const tokenValues = Object.assign(
     codestral: { prompt: 0.3, completion: 0.9 },
     'ministral-8b': { prompt: 0.1, completion: 0.1 },
     'ministral-3b': { prompt: 0.04, completion: 0.04 },
-    // GPT-OSS models
-    'gpt-oss-20b': { prompt: 0.05, completion: 0.2 },
-    'gpt-oss-120b': { prompt: 0.15, completion: 0.6 },
   },
   bedrockValues,
 );
@@ -220,12 +214,6 @@ const getValueKey = (model, endpoint) => {
     return 'gpt-4.1';
   } else if (modelName.includes('gpt-4o-2024-05-13')) {
     return 'gpt-4o-2024-05-13';
-  } else if (modelName.includes('gpt-5-nano')) {
-    return 'gpt-5-nano';
-  } else if (modelName.includes('gpt-5-mini')) {
-    return 'gpt-5-mini';
-  } else if (modelName.includes('gpt-5')) {
-    return 'gpt-5';
   } else if (modelName.includes('gpt-4o-mini')) {
     return 'gpt-4o-mini';
   } else if (modelName.includes('gpt-4o')) {

api/models/tx.spec.js

@@ -25,14 +25,8 @@ describe('getValueKey', () => {
     expect(getValueKey('gpt-4-some-other-info')).toBe('8k');
   });
 
-  it('should return "gpt-5" for model name containing "gpt-5"', () => {
-    expect(getValueKey('gpt-5-some-other-info')).toBe('gpt-5');
-    expect(getValueKey('gpt-5-2025-01-30')).toBe('gpt-5');
-    expect(getValueKey('gpt-5-2025-01-30-0130')).toBe('gpt-5');
-    expect(getValueKey('openai/gpt-5')).toBe('gpt-5');
-    expect(getValueKey('openai/gpt-5-2025-01-30')).toBe('gpt-5');
-    expect(getValueKey('gpt-5-turbo')).toBe('gpt-5');
-    expect(getValueKey('gpt-5-0130')).toBe('gpt-5');
+  it('should return undefined for model names that do not match any known patterns', () => {
+    expect(getValueKey('gpt-5-some-other-info')).toBeUndefined();
   });
 
   it('should return "gpt-3.5-turbo-1106" for model name containing "gpt-3.5-turbo-1106"', () => {
@@ -90,29 +84,6 @@ describe('getValueKey', () => {
     expect(getValueKey('gpt-4.1-nano-0125')).toBe('gpt-4.1-nano');
   });
 
-  it('should return "gpt-5" for model type of "gpt-5"', () => {
-    expect(getValueKey('gpt-5-2025-01-30')).toBe('gpt-5');
-    expect(getValueKey('gpt-5-2025-01-30-0130')).toBe('gpt-5');
-    expect(getValueKey('openai/gpt-5')).toBe('gpt-5');
-    expect(getValueKey('openai/gpt-5-2025-01-30')).toBe('gpt-5');
-    expect(getValueKey('gpt-5-turbo')).toBe('gpt-5');
-    expect(getValueKey('gpt-5-0130')).toBe('gpt-5');
-  });
-
-  it('should return "gpt-5-mini" for model type of "gpt-5-mini"', () => {
-    expect(getValueKey('gpt-5-mini-2025-01-30')).toBe('gpt-5-mini');
-    expect(getValueKey('openai/gpt-5-mini')).toBe('gpt-5-mini');
-    expect(getValueKey('gpt-5-mini-0130')).toBe('gpt-5-mini');
-    expect(getValueKey('gpt-5-mini-2025-01-30-0130')).toBe('gpt-5-mini');
-  });
-
-  it('should return "gpt-5-nano" for model type of "gpt-5-nano"', () => {
-    expect(getValueKey('gpt-5-nano-2025-01-30')).toBe('gpt-5-nano');
-    expect(getValueKey('openai/gpt-5-nano')).toBe('gpt-5-nano');
-    expect(getValueKey('gpt-5-nano-0130')).toBe('gpt-5-nano');
-    expect(getValueKey('gpt-5-nano-2025-01-30-0130')).toBe('gpt-5-nano');
-  });
-
   it('should return "gpt-4o" for model type of "gpt-4o"', () => {
     expect(getValueKey('gpt-4o-2024-08-06')).toBe('gpt-4o');
     expect(getValueKey('gpt-4o-2024-08-06-0718')).toBe('gpt-4o');
@@ -236,48 +207,6 @@ describe('getMultiplier', () => {
     );
   });
 
-  it('should return the correct multiplier for gpt-5', () => {
-    const valueKey = getValueKey('gpt-5-2025-01-30');
-    expect(getMultiplier({ valueKey, tokenType: 'prompt' })).toBe(tokenValues['gpt-5'].prompt);
-    expect(getMultiplier({ valueKey, tokenType: 'completion' })).toBe(
-      tokenValues['gpt-5'].completion,
-    );
-    expect(getMultiplier({ model: 'gpt-5-preview', tokenType: 'prompt' })).toBe(
-      tokenValues['gpt-5'].prompt,
-    );
-    expect(getMultiplier({ model: 'openai/gpt-5', tokenType: 'completion' })).toBe(
-      tokenValues['gpt-5'].completion,
-    );
-  });
-
-  it('should return the correct multiplier for gpt-5-mini', () => {
-    const valueKey = getValueKey('gpt-5-mini-2025-01-30');
-    expect(getMultiplier({ valueKey, tokenType: 'prompt' })).toBe(tokenValues['gpt-5-mini'].prompt);
-    expect(getMultiplier({ valueKey, tokenType: 'completion' })).toBe(
-      tokenValues['gpt-5-mini'].completion,
-    );
-    expect(getMultiplier({ model: 'gpt-5-mini-preview', tokenType: 'prompt' })).toBe(
-      tokenValues['gpt-5-mini'].prompt,
-    );
-    expect(getMultiplier({ model: 'openai/gpt-5-mini', tokenType: 'completion' })).toBe(
-      tokenValues['gpt-5-mini'].completion,
-    );
-  });
-
-  it('should return the correct multiplier for gpt-5-nano', () => {
-    const valueKey = getValueKey('gpt-5-nano-2025-01-30');
-    expect(getMultiplier({ valueKey, tokenType: 'prompt' })).toBe(tokenValues['gpt-5-nano'].prompt);
-    expect(getMultiplier({ valueKey, tokenType: 'completion' })).toBe(
-      tokenValues['gpt-5-nano'].completion,
-    );
-    expect(getMultiplier({ model: 'gpt-5-nano-preview', tokenType: 'prompt' })).toBe(
-      tokenValues['gpt-5-nano'].prompt,
-    );
-    expect(getMultiplier({ model: 'openai/gpt-5-nano', tokenType: 'completion' })).toBe(
-      tokenValues['gpt-5-nano'].completion,
-    );
-  });
-
   it('should return the correct multiplier for gpt-4o', () => {
     const valueKey = getValueKey('gpt-4o-2024-08-06');
     expect(getMultiplier({ valueKey, tokenType: 'prompt' })).toBe(tokenValues['gpt-4o'].prompt);
@@ -378,22 +307,10 @@ describe('getMultiplier', () => {
   });
 
   it('should return defaultRate if derived valueKey does not match any known patterns', () => {
-    expect(getMultiplier({ tokenType: 'prompt', model: 'gpt-10-some-other-info' })).toBe(
+    expect(getMultiplier({ tokenType: 'prompt', model: 'gpt-5-some-other-info' })).toBe(
       defaultRate,
     );
   });
-
-  it('should return correct multipliers for GPT-OSS models', () => {
-    const models = ['gpt-oss-20b', 'gpt-oss-120b'];
-    models.forEach((key) => {
-      const expectedPrompt = tokenValues[key].prompt;
-      const expectedCompletion = tokenValues[key].completion;
-      expect(getMultiplier({ valueKey: key, tokenType: 'prompt' })).toBe(expectedPrompt);
-      expect(getMultiplier({ valueKey: key, tokenType: 'completion' })).toBe(expectedCompletion);
-      expect(getMultiplier({ model: key, tokenType: 'prompt' })).toBe(expectedPrompt);
-      expect(getMultiplier({ model: key, tokenType: 'completion' })).toBe(expectedCompletion);
-    });
-  });
 });
 
 describe('AWS Bedrock Model Tests', () => {

api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@librechat/backend",
-  "version": "v0.8.0-rc3",
+  "version": "v0.7.9",
   "description": "",
   "scripts": {
     "start": "echo 'please run this from the root directory'",
@@ -49,12 +49,12 @@
     "@langchain/google-vertexai": "^0.2.13",
     "@langchain/openai": "^0.5.18",
     "@langchain/textsplitters": "^0.1.0",
-    "@librechat/agents": "^2.4.76",
+    "@librechat/agents": "^2.4.69",
     "@librechat/api": "*",
     "@librechat/data-schemas": "*",
-    "@microsoft/microsoft-graph-client": "^3.0.7",
     "@modelcontextprotocol/sdk": "^1.17.1",
     "@node-saml/passport-saml": "^5.1.0",
+    "@microsoft/microsoft-graph-client": "^3.0.7",
     "@waylaidwanderer/fetch-event-source": "^3.0.1",
     "axios": "^1.8.2",
     "bcryptjs": "^2.4.3",

api/server/cleanup.js

@@ -1,6 +1,6 @@
-const { logger } = require('@librechat/data-schemas');
+const { logger } = require('~/config');
 
-/** WeakMap to hold temporary data associated with requests */
+// WeakMap to hold temporary data associated with requests
 const requestDataMap = new WeakMap();
 
 const FinalizationRegistry = global.FinalizationRegistry || null;
@@ -23,7 +23,7 @@ const clientRegistry = FinalizationRegistry
         } else {
           logger.debug('[FinalizationRegistry] Cleaning up client');
         }
-      } catch {
+      } catch (e) {
         // Ignore errors
       }
     })
@@ -55,9 +55,6 @@ function disposeClient(client) {
     if (client.responseMessageId) {
       client.responseMessageId = null;
     }
-    if (client.parentMessageId) {
-      client.parentMessageId = null;
-    }
     if (client.message_file_map) {
       client.message_file_map = null;
     }
@@ -337,7 +334,7 @@ function disposeClient(client) {
       }
     }
     client.options = null;
-  } catch {
+  } catch (e) {
     // Ignore errors during disposal
   }
 }

api/server/controllers/AuthController.js

@@ -84,7 +84,7 @@ const refreshController = async (req, res) => {
   }
   try {
     const payload = jwt.verify(refreshToken, process.env.JWT_REFRESH_SECRET);
-    const user = await getUserById(payload.id, '-password -__v -totpSecret -backupCodes');
+    const user = await getUserById(payload.id, '-password -__v -totpSecret');
     if (!user) {
       return res.status(401).redirect('/login');
     }

api/server/controllers/ErrorController.js

@@ -0,0 +1,46 @@
+const { logger } = require('~/config');
+
+//handle duplicates
+const handleDuplicateKeyError = (err, res) => {
+  logger.error('Duplicate key error:', err.keyValue);
+  const field = `${JSON.stringify(Object.keys(err.keyValue))}`;
+  const code = 409;
+  res
+    .status(code)
+    .send({ messages: `An document with that ${field} already exists.`, fields: field });
+};
+
+//handle validation errors
+const handleValidationError = (err, res) => {
+  logger.error('Validation error:', err.errors);
+  let errors = Object.values(err.errors).map((el) => el.message);
+  let fields = `${JSON.stringify(Object.values(err.errors).map((el) => el.path))}`;
+  let code = 400;
+  if (errors.length > 1) {
+    errors = errors.join(' ');
+    res.status(code).send({ messages: `${JSON.stringify(errors)}`, fields: fields });
+  } else {
+    res.status(code).send({ messages: `${JSON.stringify(errors)}`, fields: fields });
+  }
+};
+
+module.exports = (err, _req, res, _next) => {
+  try {
+    if (err.name === 'ValidationError') {
+      return handleValidationError(err, res);
+    }
+    if (err.code && err.code == 11000) {
+      return handleDuplicateKeyError(err, res);
+    }
+    // Special handling for errors like SyntaxError
+    if (err.statusCode && err.body) {
+      return res.status(err.statusCode).send(err.body);
+    }
+
+    logger.error('ErrorController => error', err);
+    return res.status(500).send('An unknown error occurred.');
+  } catch (err) {
+    logger.error('ErrorController => processing error', err);
+    return res.status(500).send('Processing error in ErrorController.');
+  }
+};

api/server/controllers/ErrorController.spec.js

@@ -1,45 +1,36 @@
-import { logger } from '@librechat/data-schemas';
-import { ErrorController } from './error';
-import type { Request, Response } from 'express';
-import type { ValidationError, MongoServerError, CustomError } from '~/types';
+const errorController = require('./ErrorController');
+const { logger } = require('~/config');
 
 // Mock the logger
-jest.mock('@librechat/data-schemas', () => ({
-  ...jest.requireActual('@librechat/data-schemas'),
+jest.mock('~/config', () => ({
   logger: {
     error: jest.fn(),
-    warn: jest.fn(),
   },
 }));
 
 describe('ErrorController', () => {
-  let mockReq: Request;
-  let mockRes: Response;
-  let mockNext: jest.Mock;
+  let mockReq, mockRes, mockNext;
 
   beforeEach(() => {
-    mockReq = {
-      originalUrl: '',
-    } as Request;
+    mockReq = {};
     mockRes = {
       status: jest.fn().mockReturnThis(),
       send: jest.fn(),
-    } as unknown as Response;
-    (logger.error as jest.Mock).mockClear();
+    };
     mockNext = jest.fn();
+    logger.error.mockClear();
   });
 
   describe('ValidationError handling', () => {
     it('should handle ValidationError with single error', () => {
       const validationError = {
         name: 'ValidationError',
-        message: 'Validation error',
         errors: {
           email: { message: 'Email is required', path: 'email' },
         },
-      } as ValidationError;
+      };
 
-      ErrorController(validationError, mockReq, mockRes, mockNext);
+      errorController(validationError, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(400);
       expect(mockRes.send).toHaveBeenCalledWith({
@@ -52,14 +43,13 @@ describe('ErrorController', () => {
     it('should handle ValidationError with multiple errors', () => {
       const validationError = {
         name: 'ValidationError',
-        message: 'Validation error',
         errors: {
           email: { message: 'Email is required', path: 'email' },
           password: { message: 'Password is required', path: 'password' },
         },
-      } as ValidationError;
+      };
 
-      ErrorController(validationError, mockReq, mockRes, mockNext);
+      errorController(validationError, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(400);
       expect(mockRes.send).toHaveBeenCalledWith({
@@ -73,9 +63,9 @@ describe('ErrorController', () => {
       const validationError = {
         name: 'ValidationError',
         errors: {},
-      } as ValidationError;
+      };
 
-      ErrorController(validationError, mockReq, mockRes, mockNext);
+      errorController(validationError, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(400);
       expect(mockRes.send).toHaveBeenCalledWith({
@@ -88,59 +78,43 @@ describe('ErrorController', () => {
   describe('Duplicate key error handling', () => {
     it('should handle duplicate key error (code 11000)', () => {
       const duplicateKeyError = {
-        name: 'MongoServerError',
-        message: 'Duplicate key error',
         code: 11000,
         keyValue: { email: 'test@example.com' },
-        errmsg:
-          'E11000 duplicate key error collection: test.users index: email_1 dup key: { email: "test@example.com" }',
-      } as MongoServerError;
+      };
 
-      ErrorController(duplicateKeyError, mockReq, mockRes, mockNext);
+      errorController(duplicateKeyError, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(409);
       expect(mockRes.send).toHaveBeenCalledWith({
         messages: 'An document with that ["email"] already exists.',
         fields: '["email"]',
       });
-      expect(logger.warn).toHaveBeenCalledWith(
-        'Duplicate key error: E11000 duplicate key error collection: test.users index: email_1 dup key: { email: "test@example.com" }',
-      );
+      expect(logger.error).toHaveBeenCalledWith('Duplicate key error:', duplicateKeyError.keyValue);
     });
 
     it('should handle duplicate key error with multiple fields', () => {
       const duplicateKeyError = {
-        name: 'MongoServerError',
-        message: 'Duplicate key error',
         code: 11000,
         keyValue: { email: 'test@example.com', username: 'testuser' },
-        errmsg:
-          'E11000 duplicate key error collection: test.users index: email_1 dup key: { email: "test@example.com" }',
-      } as MongoServerError;
+      };
 
-      ErrorController(duplicateKeyError, mockReq, mockRes, mockNext);
+      errorController(duplicateKeyError, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(409);
       expect(mockRes.send).toHaveBeenCalledWith({
         messages: 'An document with that ["email","username"] already exists.',
         fields: '["email","username"]',
       });
-      expect(logger.warn).toHaveBeenCalledWith(
-        'Duplicate key error: E11000 duplicate key error collection: test.users index: email_1 dup key: { email: "test@example.com" }',
-      );
+      expect(logger.error).toHaveBeenCalledWith('Duplicate key error:', duplicateKeyError.keyValue);
     });
 
     it('should handle error with code 11000 as string', () => {
       const duplicateKeyError = {
-        name: 'MongoServerError',
-        message: 'Duplicate key error',
-        code: 11000,
+        code: '11000',
         keyValue: { email: 'test@example.com' },
-        errmsg:
-          'E11000 duplicate key error collection: test.users index: email_1 dup key: { email: "test@example.com" }',
-      } as MongoServerError;
+      };
 
-      ErrorController(duplicateKeyError, mockReq, mockRes, mockNext);
+      errorController(duplicateKeyError, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(409);
       expect(mockRes.send).toHaveBeenCalledWith({
@@ -155,9 +129,9 @@ describe('ErrorController', () => {
       const syntaxError = {
         statusCode: 400,
         body: 'Invalid JSON syntax',
-      } as CustomError;
+      };
 
-      ErrorController(syntaxError, mockReq, mockRes, mockNext);
+      errorController(syntaxError, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(400);
       expect(mockRes.send).toHaveBeenCalledWith('Invalid JSON syntax');
@@ -167,9 +141,9 @@ describe('ErrorController', () => {
       const customError = {
         statusCode: 422,
         body: { error: 'Unprocessable entity' },
-      } as CustomError;
+      };
 
-      ErrorController(customError, mockReq, mockRes, mockNext);
+      errorController(customError, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(422);
       expect(mockRes.send).toHaveBeenCalledWith({ error: 'Unprocessable entity' });
@@ -178,9 +152,9 @@ describe('ErrorController', () => {
     it('should handle error with statusCode but no body', () => {
       const partialError = {
         statusCode: 400,
-      } as CustomError;
+      };
 
-      ErrorController(partialError, mockReq, mockRes, mockNext);
+      errorController(partialError, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(500);
       expect(mockRes.send).toHaveBeenCalledWith('An unknown error occurred.');
@@ -189,9 +163,9 @@ describe('ErrorController', () => {
     it('should handle error with body but no statusCode', () => {
       const partialError = {
         body: 'Some error message',
-      } as CustomError;
+      };
 
-      ErrorController(partialError, mockReq, mockRes, mockNext);
+      errorController(partialError, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(500);
       expect(mockRes.send).toHaveBeenCalledWith('An unknown error occurred.');
@@ -202,7 +176,7 @@ describe('ErrorController', () => {
     it('should handle unknown errors', () => {
       const unknownError = new Error('Some unknown error');
 
-      ErrorController(unknownError, mockReq, mockRes, mockNext);
+      errorController(unknownError, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(500);
       expect(mockRes.send).toHaveBeenCalledWith('An unknown error occurred.');
@@ -213,31 +187,32 @@ describe('ErrorController', () => {
       const mongoError = {
         code: 11100,
         message: 'Some MongoDB error',
-      } as MongoServerError;
+      };
 
-      ErrorController(mongoError, mockReq, mockRes, mockNext);
+      errorController(mongoError, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(500);
       expect(mockRes.send).toHaveBeenCalledWith('An unknown error occurred.');
       expect(logger.error).toHaveBeenCalledWith('ErrorController => error', mongoError);
     });
 
-    it('should handle generic errors', () => {
-      const genericError = new Error('Test error');
-
-      ErrorController(genericError, mockReq, mockRes, mockNext);
+    it('should handle null/undefined errors', () => {
+      errorController(null, mockReq, mockRes, mockNext);
 
       expect(mockRes.status).toHaveBeenCalledWith(500);
-      expect(mockRes.send).toHaveBeenCalledWith('An unknown error occurred.');
-      expect(logger.error).toHaveBeenCalledWith('ErrorController => error', genericError);
+      expect(mockRes.send).toHaveBeenCalledWith('Processing error in ErrorController.');
+      expect(logger.error).toHaveBeenCalledWith(
+        'ErrorController => processing error',
+        expect.any(Error),
+      );
     });
   });
 
   describe('Catch block handling', () => {
     beforeEach(() => {
       // Restore logger mock to normal behavior for these tests
-      (logger.error as jest.Mock).mockRestore();
-      (logger.error as jest.Mock) = jest.fn();
+      logger.error.mockRestore();
+      logger.error = jest.fn();
     });
 
     it('should handle errors when logger.error throws', () => {
@@ -245,10 +220,10 @@ describe('ErrorController', () => {
       const freshMockRes = {
         status: jest.fn().mockReturnThis(),
         send: jest.fn(),
-      } as unknown as Response;
+      };
 
       // Mock logger to throw on the first call, succeed on the second
-      (logger.error as jest.Mock)
+      logger.error
         .mockImplementationOnce(() => {
           throw new Error('Logger error');
         })
@@ -256,7 +231,7 @@ describe('ErrorController', () => {
 
       const testError = new Error('Test error');
 
-      ErrorController(testError, mockReq, freshMockRes, mockNext);
+      errorController(testError, mockReq, freshMockRes, mockNext);
 
       expect(freshMockRes.status).toHaveBeenCalledWith(500);
       expect(freshMockRes.send).toHaveBeenCalledWith('Processing error in ErrorController.');

api/server/controllers/ModelController.js

@@ -5,7 +5,6 @@ const { logger } = require('~/config');
 
 /**
  * @param {ServerRequest} req
- * @returns {Promise<TModelsConfig>} The models config.
  */
 const getModelsConfig = async (req) => {
   const cache = getLogStores(CacheKeys.CONFIG_STORE);

api/server/controllers/PermissionsController.js

@@ -364,7 +364,7 @@ const getUserEffectivePermissions = async (req, res) => {
  */
 const searchPrincipals = async (req, res) => {
   try {
-    const { q: query, limit = 20, types } = req.query;
+    const { q: query, limit = 20, type } = req.query;
 
     if (!query || query.trim().length === 0) {
       return res.status(400).json({
@@ -379,34 +379,22 @@ const searchPrincipals = async (req, res) => {
     }
 
     const searchLimit = Math.min(Math.max(1, parseInt(limit) || 10), 50);
+    const typeFilter = [PrincipalType.USER, PrincipalType.GROUP, PrincipalType.ROLE].includes(type)
+      ? type
+      : null;
 
-    let typeFilters = null;
-    if (types) {
-      const typesArray = Array.isArray(types) ? types : types.split(',');
-      const validTypes = typesArray.filter((t) =>
-        [PrincipalType.USER, PrincipalType.GROUP, PrincipalType.ROLE].includes(t),
-      );
-      typeFilters = validTypes.length > 0 ? validTypes : null;
-    }
-
-    const localResults = await searchLocalPrincipals(query.trim(), searchLimit, typeFilters);
+    const localResults = await searchLocalPrincipals(query.trim(), searchLimit, typeFilter);
     let allPrincipals = [...localResults];
 
     const useEntraId = entraIdPrincipalFeatureEnabled(req.user);
 
     if (useEntraId && localResults.length < searchLimit) {
       try {
-        let graphType = 'all';
-        if (typeFilters && typeFilters.length === 1) {
-          const graphTypeMap = {
-            [PrincipalType.USER]: 'users',
-            [PrincipalType.GROUP]: 'groups',
-          };
-          const mappedType = graphTypeMap[typeFilters[0]];
-          if (mappedType) {
-            graphType = mappedType;
-          }
-        }
+        const graphTypeMap = {
+          user: 'users',
+          group: 'groups',
+          null: 'all',
+        };
 
         const authHeader = req.headers.authorization;
         const accessToken =
@@ -417,7 +405,7 @@ const searchPrincipals = async (req, res) => {
             accessToken,
             req.user.openidId,
             query.trim(),
-            graphType,
+            graphTypeMap[typeFilter],
             searchLimit - localResults.length,
           );
 
@@ -448,22 +436,21 @@ const searchPrincipals = async (req, res) => {
       _searchScore: calculateRelevanceScore(item, query.trim()),
     }));
 
-    const finalResults = sortPrincipalsByRelevance(scoredResults)
+    allPrincipals = sortPrincipalsByRelevance(scoredResults)
       .slice(0, searchLimit)
       .map((result) => {
         const { _searchScore, ...resultWithoutScore } = result;
         return resultWithoutScore;
       });
-
     res.status(200).json({
       query: query.trim(),
       limit: searchLimit,
-      types: typeFilters,
-      results: finalResults,
-      count: finalResults.length,
+      type: typeFilter,
+      results: allPrincipals,
+      count: allPrincipals.length,
       sources: {
-        local: finalResults.filter((r) => r.source === 'local').length,
-        entra: finalResults.filter((r) => r.source === 'entra').length,
+        local: allPrincipals.filter((r) => r.source === 'local').length,
+        entra: allPrincipals.filter((r) => r.source === 'entra').length,
       },
     });
   } catch (error) {

api/server/controllers/PluginController.js

@@ -1,23 +1,54 @@
 const { logger } = require('@librechat/data-schemas');
-const { CacheKeys, Constants } = require('librechat-data-provider');
-const {
-  getToolkitKey,
-  checkPluginAuth,
-  filterUniquePlugins,
-  convertMCPToolToPlugin,
-  convertMCPToolsToPlugins,
-} = require('@librechat/api');
-const {
-  getCachedTools,
-  setCachedTools,
-  mergeUserTools,
-  getCustomConfig,
-} = require('~/server/services/Config');
-const { loadAndFormatTools } = require('~/server/services/ToolService');
-const { availableTools, toolkits } = require('~/app/clients/tools');
-const { getMCPManager } = require('~/config');
+const { CacheKeys, AuthType, Constants } = require('librechat-data-provider');
+const { getCustomConfig, getCachedTools } = require('~/server/services/Config');
+const { getToolkitKey } = require('~/server/services/ToolService');
+const { getMCPManager, getFlowStateManager } = require('~/config');
+const { availableTools } = require('~/app/clients/tools');
 const { getLogStores } = require('~/cache');
 
+/**
+ * Filters out duplicate plugins from the list of plugins.
+ *
+ * @param {TPlugin[]} plugins The list of plugins to filter.
+ * @returns {TPlugin[]} The list of plugins with duplicates removed.
+ */
+const filterUniquePlugins = (plugins) => {
+  const seen = new Set();
+  return plugins.filter((plugin) => {
+    const duplicate = seen.has(plugin.pluginKey);
+    seen.add(plugin.pluginKey);
+    return !duplicate;
+  });
+};
+
+/**
+ * Determines if a plugin is authenticated by checking if all required authentication fields have non-empty values.
+ * Supports alternate authentication fields, allowing validation against multiple possible environment variables.
+ *
+ * @param {TPlugin} plugin The plugin object containing the authentication configuration.
+ * @returns {boolean} True if the plugin is authenticated for all required fields, false otherwise.
+ */
+const checkPluginAuth = (plugin) => {
+  if (!plugin.authConfig || plugin.authConfig.length === 0) {
+    return false;
+  }
+
+  return plugin.authConfig.every((authFieldObj) => {
+    const authFieldOptions = authFieldObj.authField.split('||');
+    let isFieldAuthenticated = false;
+
+    for (const fieldOption of authFieldOptions) {
+      const envValue = process.env[fieldOption];
+      if (envValue && envValue.trim() !== '' && envValue !== AuthType.USER_PROVIDED) {
+        isFieldAuthenticated = true;
+        break;
+      }
+    }
+
+    return isFieldAuthenticated;
+  });
+};
+
 const getAvailablePluginsController = async (req, res) => {
   try {
     const cache = getLogStores(CacheKeys.CONFIG_STORE);
@@ -29,7 +60,6 @@ const getAvailablePluginsController = async (req, res) => {
 
     /** @type {{ filteredTools: string[], includedTools: string[] }} */
     const { filteredTools = [], includedTools = [] } = req.app.locals;
-    /** @type {import('@librechat/api').LCManifestTool[]} */
     const pluginManifest = availableTools;
 
     const uniquePlugins = filterUniquePlugins(pluginManifest);
@@ -55,6 +85,45 @@ const getAvailablePluginsController = async (req, res) => {
   }
 };
 
+function createServerToolsCallback() {
+  /**
+   * @param {string} serverName
+   * @param {TPlugin[] | null} serverTools
+   */
+  return async function (serverName, serverTools) {
+    try {
+      const mcpToolsCache = getLogStores(CacheKeys.MCP_TOOLS);
+      if (!serverName || !mcpToolsCache) {
+        return;
+      }
+      await mcpToolsCache.set(serverName, serverTools);
+      logger.debug(`MCP tools for ${serverName} added to cache.`);
+    } catch (error) {
+      logger.error('Error retrieving MCP tools from cache:', error);
+    }
+  };
+}
+
+function createGetServerTools() {
+  /**
+   * Retrieves cached server tools
+   * @param {string} serverName
+   * @returns {Promise<TPlugin[] | null>}
+   */
+  return async function (serverName) {
+    try {
+      const mcpToolsCache = getLogStores(CacheKeys.MCP_TOOLS);
+      if (!mcpToolsCache) {
+        return null;
+      }
+      return await mcpToolsCache.get(serverName);
+    } catch (error) {
+      logger.error('Error retrieving MCP tools from cache:', error);
+      return null;
+    }
+  };
+}
+
 /**
  * Retrieves and returns a list of available tools, either from a cache or by reading a plugin manifest file.
  *
@@ -70,70 +139,37 @@ const getAvailablePluginsController = async (req, res) => {
 const getAvailableTools = async (req, res) => {
   try {
     const userId = req.user?.id;
-    if (!userId) {
-      logger.warn('[getAvailableTools] User ID not found in request');
-      return res.status(401).json({ message: 'Unauthorized' });
-    }
     const customConfig = await getCustomConfig();
     const cache = getLogStores(CacheKeys.CONFIG_STORE);
     const cachedToolsArray = await cache.get(CacheKeys.TOOLS);
     const cachedUserTools = await getCachedTools({ userId });
-    const userPlugins =
-      cachedUserTools != null
-        ? convertMCPToolsToPlugins({ functionTools: cachedUserTools, customConfig })
-        : undefined;
+    const userPlugins = convertMCPToolsToPlugins(cachedUserTools, customConfig);
 
-    if (cachedToolsArray != null && userPlugins != null) {
+    if (cachedToolsArray && userPlugins) {
       const dedupedTools = filterUniquePlugins([...userPlugins, ...cachedToolsArray]);
       res.status(200).json(dedupedTools);
       return;
     }
 
-    /** @type {Record<string, FunctionTool> | null} Get tool definitions to filter which tools are actually available */
-    let toolDefinitions = await getCachedTools({ includeGlobal: true });
-    let prelimCachedTools;
-
-    // TODO: this is a temp fix until app config is refactored
-    if (!toolDefinitions) {
-      toolDefinitions = loadAndFormatTools({
-        adminFilter: req.app.locals?.filteredTools,
-        adminIncluded: req.app.locals?.includedTools,
-        directory: req.app.locals?.paths.structuredTools,
-      });
-      prelimCachedTools = toolDefinitions;
-    }
-
-    /** @type {import('@librechat/api').LCManifestTool[]} */
+    // If not in cache, build from manifest
     let pluginManifest = availableTools;
     if (customConfig?.mcpServers != null) {
-      try {
-        const mcpManager = getMCPManager();
-        const mcpTools = await mcpManager.getAllToolFunctions(userId);
-        prelimCachedTools = prelimCachedTools ?? {};
-        for (const [toolKey, toolData] of Object.entries(mcpTools)) {
-          const plugin = convertMCPToolToPlugin({
-            toolKey,
-            toolData,
-            customConfig,
-          });
-          if (plugin) {
-            pluginManifest.push(plugin);
-          }
-          prelimCachedTools[toolKey] = toolData;
-        }
-        await mergeUserTools({ userId, cachedUserTools, userTools: prelimCachedTools });
-      } catch (error) {
-        logger.error(
-          '[getAvailableTools] Error loading MCP Tools, servers may still be initializing:',
-          error,
-        );
-      }
-    } else if (prelimCachedTools != null) {
-      await setCachedTools(prelimCachedTools, { isGlobal: true });
+      const mcpManager = getMCPManager();
+      const flowsCache = getLogStores(CacheKeys.FLOWS);
+      const flowManager = flowsCache ? getFlowStateManager(flowsCache) : null;
+      const serverToolsCallback = createServerToolsCallback();
+      const getServerTools = createGetServerTools();
+      const mcpTools = await mcpManager.loadManifestTools({
+        flowManager,
+        serverToolsCallback,
+        getServerTools,
+      });
+      pluginManifest = [...mcpTools, ...pluginManifest];
     }
 
-    /** @type {TPlugin[]} Deduplicate and authenticate plugins */
+    /** @type {TPlugin[]} */
     const uniquePlugins = filterUniquePlugins(pluginManifest);
+
     const authenticatedPlugins = uniquePlugins.map((plugin) => {
       if (checkPluginAuth(plugin)) {
         return { ...plugin, authenticated: true };
@@ -142,15 +178,14 @@ const getAvailableTools = async (req, res) => {
       }
     });
 
-    /** Filter plugins based on availability and add MCP-specific auth config */
+    const toolDefinitions = (await getCachedTools({ includeGlobal: true })) || {};
+
     const toolsOutput = [];
     for (const plugin of authenticatedPlugins) {
       const isToolDefined = toolDefinitions[plugin.pluginKey] !== undefined;
       const isToolkit =
         plugin.toolkit === true &&
-        Object.keys(toolDefinitions).some(
-          (key) => getToolkitKey({ toolkits, toolName: key }) === plugin.pluginKey,
-        );
+        Object.keys(toolDefinitions).some((key) => getToolkitKey(key) === plugin.pluginKey);
 
       if (!isToolDefined && !isToolkit) {
         continue;
@@ -158,36 +193,41 @@ const getAvailableTools = async (req, res) => {
 
       const toolToAdd = { ...plugin };
 
-      if (plugin.pluginKey.includes(Constants.mcp_delimiter)) {
-        const parts = plugin.pluginKey.split(Constants.mcp_delimiter);
-        const serverName = parts[parts.length - 1];
-        const serverConfig = customConfig?.mcpServers?.[serverName];
+      if (!plugin.pluginKey.includes(Constants.mcp_delimiter)) {
+        toolsOutput.push(toolToAdd);
+        continue;
+      }
 
-        if (serverConfig?.customUserVars) {
-          const customVarKeys = Object.keys(serverConfig.customUserVars);
-          if (customVarKeys.length === 0) {
-            toolToAdd.authConfig = [];
-            toolToAdd.authenticated = true;
-          } else {
-            toolToAdd.authConfig = Object.entries(serverConfig.customUserVars).map(
-              ([key, value]) => ({
-                authField: key,
-                label: value.title || key,
-                description: value.description || '',
-              }),
-            );
-            toolToAdd.authenticated = false;
-          }
-        }
+      const parts = plugin.pluginKey.split(Constants.mcp_delimiter);
+      const serverName = parts[parts.length - 1];
+      const serverConfig = customConfig?.mcpServers?.[serverName];
+
+      if (!serverConfig?.customUserVars) {
+        toolsOutput.push(toolToAdd);
+        continue;
+      }
+
+      const customVarKeys = Object.keys(serverConfig.customUserVars);
+
+      if (customVarKeys.length === 0) {
+        toolToAdd.authConfig = [];
+        toolToAdd.authenticated = true;
+      } else {
+        toolToAdd.authConfig = Object.entries(serverConfig.customUserVars).map(([key, value]) => ({
+          authField: key,
+          label: value.title || key,
+          description: value.description || '',
+        }));
+        toolToAdd.authenticated = false;
       }
 
       toolsOutput.push(toolToAdd);
     }
-
     const finalTools = filterUniquePlugins(toolsOutput);
     await cache.set(CacheKeys.TOOLS, finalTools);
 
-    const dedupedTools = filterUniquePlugins([...(userPlugins ?? []), ...finalTools]);
+    const dedupedTools = filterUniquePlugins([...userPlugins, ...finalTools]);
+
     res.status(200).json(dedupedTools);
   } catch (error) {
     logger.error('[getAvailableTools]', error);
@@ -195,6 +235,58 @@ const getAvailableTools = async (req, res) => {
   }
 };
 
+/**
+ * Converts MCP function format tools to plugin format
+ * @param {Object} functionTools - Object with function format tools
+ * @param {Object} customConfig - Custom configuration for MCP servers
+ * @returns {Array} Array of plugin objects
+ */
+function convertMCPToolsToPlugins(functionTools, customConfig) {
+  const plugins = [];
+
+  for (const [toolKey, toolData] of Object.entries(functionTools)) {
+    if (!toolData.function || !toolKey.includes(Constants.mcp_delimiter)) {
+      continue;
+    }
+
+    const functionData = toolData.function;
+    const parts = toolKey.split(Constants.mcp_delimiter);
+    const serverName = parts[parts.length - 1];
+
+    const serverConfig = customConfig?.mcpServers?.[serverName];
+
+    const plugin = {
+      name: parts[0], // Use the tool name without server suffix
+      pluginKey: toolKey,
+      description: functionData.description || '',
+      authenticated: true,
+      icon: serverConfig?.iconPath,
+    };
+
+    // Build authConfig for MCP tools
+    if (!serverConfig?.customUserVars) {
+      plugin.authConfig = [];
+      plugins.push(plugin);
+      continue;
+    }
+
+    const customVarKeys = Object.keys(serverConfig.customUserVars);
+    if (customVarKeys.length === 0) {
+      plugin.authConfig = [];
+    } else {
+      plugin.authConfig = Object.entries(serverConfig.customUserVars).map(([key, value]) => ({
+        authField: key,
+        label: value.title || key,
+        description: value.description || '',
+      }));
+    }
+
+    plugins.push(plugin);
+  }
+
+  return plugins;
+}
+
 module.exports = {
   getAvailableTools,
   getAvailablePluginsController,

api/server/controllers/PluginController.spec.js

@@ -13,311 +13,61 @@ jest.mock('@librechat/data-schemas', () => ({
 jest.mock('~/server/services/Config', () => ({
   getCustomConfig: jest.fn(),
   getCachedTools: jest.fn(),
-  setCachedTools: jest.fn(),
-  mergeUserTools: jest.fn(),
 }));
 
 jest.mock('~/server/services/ToolService', () => ({
   getToolkitKey: jest.fn(),
-  loadAndFormatTools: jest.fn(),
 }));
 
 jest.mock('~/config', () => ({
   getMCPManager: jest.fn(() => ({
-    loadAllManifestTools: jest.fn().mockResolvedValue([]),
+    loadManifestTools: jest.fn().mockResolvedValue([]),
   })),
   getFlowStateManager: jest.fn(),
 }));
 
 jest.mock('~/app/clients/tools', () => ({
   availableTools: [],
-  toolkits: [],
 }));
 
 jest.mock('~/cache', () => ({
   getLogStores: jest.fn(),
 }));
 
-const { getAvailableTools, getAvailablePluginsController } = require('./PluginController');
-const { loadAndFormatTools } = require('~/server/services/ToolService');
+// Import the actual module with the function we want to test
+const { getAvailableTools } = require('./PluginController');
 
 describe('PluginController', () => {
-  let mockReq, mockRes, mockCache;
-
-  beforeEach(() => {
-    jest.clearAllMocks();
-    mockReq = {
-      user: { id: 'test-user-id' },
-      app: {
-        locals: {
-          paths: { structuredTools: '/mock/path' },
-          filteredTools: null,
-          includedTools: null,
-        },
-      },
-    };
-    mockRes = { status: jest.fn().mockReturnThis(), json: jest.fn() };
-    mockCache = { get: jest.fn(), set: jest.fn() };
-    getLogStores.mockReturnValue(mockCache);
-
-    // Clear availableTools and toolkits arrays before each test
-    require('~/app/clients/tools').availableTools.length = 0;
-    require('~/app/clients/tools').toolkits.length = 0;
-  });
-
-  describe('getAvailablePluginsController', () => {
-    beforeEach(() => {
-      mockReq.app = { locals: { filteredTools: [], includedTools: [] } };
-    });
-
-    it('should use filterUniquePlugins to remove duplicate plugins', async () => {
-      // Add plugins with duplicates to availableTools
-      const mockPlugins = [
-        { name: 'Plugin1', pluginKey: 'key1', description: 'First' },
-        { name: 'Plugin1', pluginKey: 'key1', description: 'First duplicate' },
-        { name: 'Plugin2', pluginKey: 'key2', description: 'Second' },
-      ];
-
-      require('~/app/clients/tools').availableTools.push(...mockPlugins);
-
-      mockCache.get.mockResolvedValue(null);
-
-      await getAvailablePluginsController(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      const responseData = mockRes.json.mock.calls[0][0];
-      expect(responseData).toHaveLength(2);
-      expect(responseData[0].pluginKey).toBe('key1');
-      expect(responseData[1].pluginKey).toBe('key2');
-    });
-
-    it('should use checkPluginAuth to verify plugin authentication', async () => {
-      // checkPluginAuth returns false for plugins without authConfig
-      // so authenticated property won't be added
-      const mockPlugin = { name: 'Plugin1', pluginKey: 'key1', description: 'First' };
-
-      require('~/app/clients/tools').availableTools.push(mockPlugin);
-      mockCache.get.mockResolvedValue(null);
-
-      await getAvailablePluginsController(mockReq, mockRes);
-
-      const responseData = mockRes.json.mock.calls[0][0];
-      // checkPluginAuth returns false, so authenticated property is not added
-      expect(responseData[0].authenticated).toBeUndefined();
-    });
-
-    it('should return cached plugins when available', async () => {
-      const cachedPlugins = [
-        { name: 'CachedPlugin', pluginKey: 'cached', description: 'Cached plugin' },
-      ];
-
-      mockCache.get.mockResolvedValue(cachedPlugins);
-
-      await getAvailablePluginsController(mockReq, mockRes);
-
-      // When cache is hit, we return immediately without processing
-      expect(mockRes.json).toHaveBeenCalledWith(cachedPlugins);
-    });
-
-    it('should filter plugins based on includedTools', async () => {
-      const mockPlugins = [
-        { name: 'Plugin1', pluginKey: 'key1', description: 'First' },
-        { name: 'Plugin2', pluginKey: 'key2', description: 'Second' },
-      ];
-
-      require('~/app/clients/tools').availableTools.push(...mockPlugins);
-      mockReq.app.locals.includedTools = ['key1'];
-      mockCache.get.mockResolvedValue(null);
-
-      await getAvailablePluginsController(mockReq, mockRes);
-
-      const responseData = mockRes.json.mock.calls[0][0];
-      expect(responseData).toHaveLength(1);
-      expect(responseData[0].pluginKey).toBe('key1');
-    });
-  });
-
-  describe('getAvailableTools', () => {
-    it('should use convertMCPToolsToPlugins for user-specific MCP tools', async () => {
-      const mockUserTools = {
-        [`tool1${Constants.mcp_delimiter}server1`]: {
-          type: 'function',
-          function: {
-            name: `tool1${Constants.mcp_delimiter}server1`,
-            description: 'Tool 1',
-            parameters: { type: 'object', properties: {} },
-          },
-        },
-      };
-
-      mockCache.get.mockResolvedValue(null);
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-      getCustomConfig.mockResolvedValue(null);
-
-      // Mock second call to return tool definitions
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      const responseData = mockRes.json.mock.calls[0][0];
-      // convertMCPToolsToPlugins should have converted the tool
-      expect(responseData.length).toBeGreaterThan(0);
-      const convertedTool = responseData.find(
-        (tool) => tool.pluginKey === `tool1${Constants.mcp_delimiter}server1`,
-      );
-      expect(convertedTool).toBeDefined();
-      expect(convertedTool.name).toBe('tool1');
-    });
-
-    it('should use filterUniquePlugins to deduplicate combined tools', async () => {
-      const mockUserTools = {
-        'user-tool': {
-          type: 'function',
-          function: {
-            name: 'user-tool',
-            description: 'User tool',
-            parameters: { type: 'object', properties: {} },
-          },
-        },
-      };
-
-      const mockCachedPlugins = [
-        { name: 'user-tool', pluginKey: 'user-tool', description: 'Duplicate user tool' },
-        { name: 'ManifestTool', pluginKey: 'manifest-tool', description: 'Manifest tool' },
-      ];
-
-      mockCache.get.mockResolvedValue(mockCachedPlugins);
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-      getCustomConfig.mockResolvedValue(null);
-
-      // Mock second call to return tool definitions
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      const responseData = mockRes.json.mock.calls[0][0];
-      // Should have deduplicated tools with same pluginKey
-      const userToolCount = responseData.filter((tool) => tool.pluginKey === 'user-tool').length;
-      expect(userToolCount).toBe(1);
-    });
-
-    it('should use checkPluginAuth to verify authentication status', async () => {
-      // Add a plugin to availableTools that will be checked
-      const mockPlugin = {
-        name: 'Tool1',
-        pluginKey: 'tool1',
-        description: 'Tool 1',
-        // No authConfig means checkPluginAuth returns false
-      };
-
-      require('~/app/clients/tools').availableTools.push(mockPlugin);
-
-      mockCache.get.mockResolvedValue(null);
-      getCachedTools.mockResolvedValue(null);
-      getCustomConfig.mockResolvedValue(null);
-
-      // Mock loadAndFormatTools to return tool definitions including our tool
-      loadAndFormatTools.mockReturnValue({
-        tool1: {
-          type: 'function',
-          function: {
-            name: 'tool1',
-            description: 'Tool 1',
-            parameters: {},
-          },
-        },
-      });
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      const responseData = mockRes.json.mock.calls[0][0];
-      expect(Array.isArray(responseData)).toBe(true);
-      const tool = responseData.find((t) => t.pluginKey === 'tool1');
-      expect(tool).toBeDefined();
-      // checkPluginAuth returns false, so authenticated property is not added
-      expect(tool.authenticated).toBeUndefined();
-    });
-
-    it('should use getToolkitKey for toolkit validation', async () => {
-      const mockToolkit = {
-        name: 'Toolkit1',
-        pluginKey: 'toolkit1',
-        description: 'Toolkit 1',
-        toolkit: true,
-      };
-
-      require('~/app/clients/tools').availableTools.push(mockToolkit);
-
-      // Mock toolkits to have a mapping
-      require('~/app/clients/tools').toolkits.push({
-        name: 'Toolkit1',
-        pluginKey: 'toolkit1',
-        tools: ['toolkit1_function'],
-      });
-
-      mockCache.get.mockResolvedValue(null);
-      getCachedTools.mockResolvedValue(null);
-      getCustomConfig.mockResolvedValue(null);
-
-      // Mock loadAndFormatTools to return tool definitions
-      loadAndFormatTools.mockReturnValue({
-        toolkit1_function: {
-          type: 'function',
-          function: {
-            name: 'toolkit1_function',
-            description: 'Toolkit function',
-            parameters: {},
-          },
-        },
-      });
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      const responseData = mockRes.json.mock.calls[0][0];
-      expect(Array.isArray(responseData)).toBe(true);
-      const toolkit = responseData.find((t) => t.pluginKey === 'toolkit1');
-      expect(toolkit).toBeDefined();
-    });
-  });
-
   describe('plugin.icon behavior', () => {
+    let mockReq, mockRes, mockCache;
+
     const callGetAvailableToolsWithMCPServer = async (mcpServers) => {
       mockCache.get.mockResolvedValue(null);
       getCustomConfig.mockResolvedValue({ mcpServers });
 
       const functionTools = {
         [`test-tool${Constants.mcp_delimiter}test-server`]: {
-          type: 'function',
-          function: {
-            name: `test-tool${Constants.mcp_delimiter}test-server`,
-            description: 'A test tool',
-            parameters: { type: 'object', properties: {} },
-          },
+          function: { name: 'test-tool', description: 'A test tool' },
         },
       };
-
-      // Mock the MCP manager to return tools
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue(functionTools),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
-      getCachedTools.mockResolvedValueOnce({});
-
-      // Mock loadAndFormatTools to return empty object since these are MCP tools
-      loadAndFormatTools.mockReturnValue({});
-
       getCachedTools.mockResolvedValueOnce(functionTools);
+      getCachedTools.mockResolvedValueOnce({
+        [`test-tool${Constants.mcp_delimiter}test-server`]: true,
+      });
 
       await getAvailableTools(mockReq, mockRes);
       const responseData = mockRes.json.mock.calls[0][0];
-      return responseData.find(
-        (tool) => tool.pluginKey === `test-tool${Constants.mcp_delimiter}test-server`,
-      );
+      return responseData.find((tool) => tool.name === 'test-tool');
     };
 
+    beforeEach(() => {
+      jest.clearAllMocks();
+      mockReq = { user: { id: 'test-user-id' } };
+      mockRes = { status: jest.fn().mockReturnThis(), json: jest.fn() };
+      mockCache = { get: jest.fn(), set: jest.fn() };
+      getLogStores.mockReturnValue(mockCache);
+    });
+
     it('should set plugin.icon when iconPath is defined', async () => {
       const mcpServers = {
         'test-server': {
@@ -336,228 +86,4 @@ describe('PluginController', () => {
       expect(testTool.icon).toBeUndefined();
     });
   });
-
-  describe('helper function integration', () => {
-    it('should properly handle MCP tools with custom user variables', async () => {
-      const customConfig = {
-        mcpServers: {
-          'test-server': {
-            customUserVars: {
-              API_KEY: { title: 'API Key', description: 'Your API key' },
-            },
-          },
-        },
-      };
-
-      // Mock MCP tools returned by getAllToolFunctions
-      const mcpToolFunctions = {
-        [`tool1${Constants.mcp_delimiter}test-server`]: {
-          type: 'function',
-          function: {
-            name: `tool1${Constants.mcp_delimiter}test-server`,
-            description: 'Tool 1',
-            parameters: {},
-          },
-        },
-      };
-
-      // Mock the MCP manager to return tools
-      const mockMCPManager = {
-        getAllToolFunctions: jest.fn().mockResolvedValue(mcpToolFunctions),
-      };
-      require('~/config').getMCPManager.mockReturnValue(mockMCPManager);
-
-      mockCache.get.mockResolvedValue(null);
-      getCustomConfig.mockResolvedValue(customConfig);
-
-      // First call returns user tools (empty in this case)
-      getCachedTools.mockResolvedValueOnce({});
-
-      // Mock loadAndFormatTools to return empty object for MCP tools
-      loadAndFormatTools.mockReturnValue({});
-
-      // Second call returns tool definitions including our MCP tool
-      getCachedTools.mockResolvedValueOnce(mcpToolFunctions);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      const responseData = mockRes.json.mock.calls[0][0];
-
-      // Find the MCP tool in the response
-      const mcpTool = responseData.find(
-        (tool) => tool.pluginKey === `tool1${Constants.mcp_delimiter}test-server`,
-      );
-
-      // The actual implementation adds authConfig and sets authenticated to false when customUserVars exist
-      expect(mcpTool).toBeDefined();
-      expect(mcpTool.authConfig).toEqual([
-        { authField: 'API_KEY', label: 'API Key', description: 'Your API key' },
-      ]);
-      expect(mcpTool.authenticated).toBe(false);
-    });
-
-    it('should handle error cases gracefully', async () => {
-      mockCache.get.mockRejectedValue(new Error('Cache error'));
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(500);
-      expect(mockRes.json).toHaveBeenCalledWith({ message: 'Cache error' });
-    });
-  });
-
-  describe('edge cases with undefined/null values', () => {
-    it('should handle undefined cache gracefully', async () => {
-      getLogStores.mockReturnValue(undefined);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(500);
-    });
-
-    it('should handle null cachedTools and cachedUserTools', async () => {
-      mockCache.get.mockResolvedValue(null);
-      getCachedTools.mockResolvedValue(null);
-      getCustomConfig.mockResolvedValue(null);
-
-      // Mock loadAndFormatTools to return empty object when getCachedTools returns null
-      loadAndFormatTools.mockReturnValue({});
-
-      await getAvailableTools(mockReq, mockRes);
-
-      // Should handle null values gracefully
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-    });
-
-    it('should handle when getCachedTools returns undefined', async () => {
-      mockCache.get.mockResolvedValue(null);
-      getCustomConfig.mockResolvedValue(null);
-
-      // Mock loadAndFormatTools to return empty object when getCachedTools returns undefined
-      loadAndFormatTools.mockReturnValue({});
-
-      // Mock getCachedTools to return undefined for both calls
-      getCachedTools.mockReset();
-      getCachedTools.mockResolvedValueOnce(undefined).mockResolvedValueOnce(undefined);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      // Should handle undefined values gracefully
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-    });
-
-    it('should handle cachedToolsArray and userPlugins both being defined', async () => {
-      const cachedTools = [{ name: 'CachedTool', pluginKey: 'cached-tool', description: 'Cached' }];
-      // Use MCP delimiter for the user tool so convertMCPToolsToPlugins works
-      const userTools = {
-        [`user-tool${Constants.mcp_delimiter}server1`]: {
-          type: 'function',
-          function: {
-            name: `user-tool${Constants.mcp_delimiter}server1`,
-            description: 'User tool',
-            parameters: {},
-          },
-        },
-      };
-
-      mockCache.get.mockResolvedValue(cachedTools);
-      getCachedTools.mockResolvedValue(userTools);
-      getCustomConfig.mockResolvedValue(null);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      const responseData = mockRes.json.mock.calls[0][0];
-      // Should have both cached and user tools
-      expect(responseData.length).toBeGreaterThanOrEqual(2);
-    });
-
-    it('should handle empty toolDefinitions object', async () => {
-      mockCache.get.mockResolvedValue(null);
-      getCachedTools.mockResolvedValueOnce({}).mockResolvedValueOnce({});
-      getCustomConfig.mockResolvedValue(null);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      // With empty tool definitions, no tools should be in the final output
-      expect(mockRes.json).toHaveBeenCalledWith([]);
-    });
-
-    it('should handle MCP tools without customUserVars', async () => {
-      const customConfig = {
-        mcpServers: {
-          'test-server': {
-            // No customUserVars defined
-          },
-        },
-      };
-
-      const mockUserTools = {
-        [`tool1${Constants.mcp_delimiter}test-server`]: {
-          function: { name: 'tool1', description: 'Tool 1' },
-        },
-      };
-
-      mockCache.get.mockResolvedValue(null);
-      getCustomConfig.mockResolvedValue(customConfig);
-      getCachedTools.mockResolvedValueOnce(mockUserTools);
-
-      getCachedTools.mockResolvedValueOnce({
-        [`tool1${Constants.mcp_delimiter}test-server`]: true,
-      });
-
-      await getAvailableTools(mockReq, mockRes);
-
-      const responseData = mockRes.json.mock.calls[0][0];
-      expect(responseData[0].authenticated).toBe(true);
-      // The actual implementation doesn't set authConfig on tools without customUserVars
-      expect(responseData[0].authConfig).toEqual([]);
-    });
-
-    it('should handle req.app.locals with undefined filteredTools and includedTools', async () => {
-      mockReq.app = { locals: {} };
-      mockCache.get.mockResolvedValue(null);
-
-      await getAvailablePluginsController(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-      expect(mockRes.json).toHaveBeenCalledWith([]);
-    });
-
-    it('should handle toolkit with undefined toolDefinitions keys', async () => {
-      const mockToolkit = {
-        name: 'Toolkit1',
-        pluginKey: 'toolkit1',
-        description: 'Toolkit 1',
-        toolkit: true,
-      };
-
-      // Ensure req.app.locals is properly mocked
-      mockReq.app = {
-        locals: {
-          filteredTools: [],
-          includedTools: [],
-          paths: { structuredTools: '/mock/path' },
-        },
-      };
-
-      // Add the toolkit to availableTools
-      require('~/app/clients/tools').availableTools.push(mockToolkit);
-
-      mockCache.get.mockResolvedValue(null);
-      getCachedTools.mockResolvedValue({});
-      getCustomConfig.mockResolvedValue(null);
-
-      // Mock loadAndFormatTools to return an empty object when toolDefinitions is null
-      loadAndFormatTools.mockReturnValue({});
-
-      // Mock getCachedTools second call to return null
-      getCachedTools.mockResolvedValueOnce({}).mockResolvedValueOnce(null);
-
-      await getAvailableTools(mockReq, mockRes);
-
-      // Should handle null toolDefinitions gracefully
-      expect(mockRes.status).toHaveBeenCalledWith(200);
-    });
-  });
 });

api/server/controllers/TwoFactorController.js

@@ -47,7 +47,7 @@ const verify2FA = async (req, res) => {
   try {
     const userId = req.user.id;
     const { token, backupCode } = req.body;
-    const user = await getUserById(userId, '_id totpSecret backupCodes');
+    const user = await getUserById(userId);
 
     if (!user || !user.totpSecret) {
       return res.status(400).json({ message: '2FA not initiated' });
@@ -79,7 +79,7 @@ const confirm2FA = async (req, res) => {
   try {
     const userId = req.user.id;
     const { token } = req.body;
-    const user = await getUserById(userId, '_id totpSecret');
+    const user = await getUserById(userId);
 
     if (!user || !user.totpSecret) {
       return res.status(400).json({ message: '2FA not initiated' });
@@ -99,36 +99,10 @@ const confirm2FA = async (req, res) => {
 
 /**
  * Disable 2FA by clearing the stored secret and backup codes.
- * Requires verification with either TOTP token or backup code if 2FA is fully enabled.
  */
 const disable2FA = async (req, res) => {
   try {
     const userId = req.user.id;
-    const { token, backupCode } = req.body;
-    const user = await getUserById(userId, '_id totpSecret backupCodes');
-
-    if (!user || !user.totpSecret) {
-      return res.status(400).json({ message: '2FA is not setup for this user' });
-    }
-
-    if (user.twoFactorEnabled) {
-      const secret = await getTOTPSecret(user.totpSecret);
-      let isVerified = false;
-
-      if (token) {
-        isVerified = await verifyTOTP(secret, token);
-      } else if (backupCode) {
-        isVerified = await verifyBackupCode({ user, backupCode });
-      } else {
-        return res
-          .status(400)
-          .json({ message: 'Either token or backup code is required to disable 2FA' });
-      }
-
-      if (!isVerified) {
-        return res.status(401).json({ message: 'Invalid token or backup code' });
-      }
-    }
     await updateUser(userId, { totpSecret: null, backupCodes: [], twoFactorEnabled: false });
     return res.status(200).json();
   } catch (err) {

api/server/controllers/UserController.js

@@ -1,5 +1,5 @@
 const { logger } = require('@librechat/data-schemas');
-const { webSearchKeys, extractWebSearchEnvVars, normalizeHttpError } = require('@librechat/api');
+const { webSearchKeys, extractWebSearchEnvVars } = require('@librechat/api');
 const {
   getFiles,
   updateUser,
@@ -24,13 +24,7 @@ const { getMCPManager } = require('~/config');
 const getUserController = async (req, res) => {
   /** @type {MongoUser} */
   const userData = req.user.toObject != null ? req.user.toObject() : { ...req.user };
-  /**
-   * These fields should not exist due to secure field selection, but deletion
-   * is done in case of alternate database incompatibility with Mongo API
-   * */
-  delete userData.password;
   delete userData.totpSecret;
-  delete userData.backupCodes;
   if (req.app.locals.fileStrategy === FileSources.s3 && userData.avatar) {
     const avatarNeedsRefresh = needsRefresh(userData.avatar, 3600);
     if (!avatarNeedsRefresh) {
@@ -95,8 +89,8 @@ const updateUserPluginsController = async (req, res) => {
 
       if (userPluginsService instanceof Error) {
         logger.error('[userPluginsService]', userPluginsService);
-        const { status, message } = normalizeHttpError(userPluginsService);
-        return res.status(status).send({ message });
+        const { status, message } = userPluginsService;
+        res.status(status).send({ message });
       }
     }
 
@@ -143,7 +137,7 @@ const updateUserPluginsController = async (req, res) => {
         authService = await updateUserPluginAuth(user.id, keys[i], pluginKey, values[i]);
         if (authService instanceof Error) {
           logger.error('[authService]', authService);
-          ({ status, message } = normalizeHttpError(authService));
+          ({ status, message } = authService);
         }
       }
     } else if (action === 'uninstall') {
@@ -157,7 +151,7 @@ const updateUserPluginsController = async (req, res) => {
             `[authService] Error deleting all auth for MCP tool ${pluginKey}:`,
             authService,
           );
-          ({ status, message } = normalizeHttpError(authService));
+          ({ status, message } = authService);
         }
       } else {
         // This handles:
@@ -169,7 +163,7 @@ const updateUserPluginsController = async (req, res) => {
           authService = await deleteUserPluginAuth(user.id, keys[i]); // Deletes by authField name
           if (authService instanceof Error) {
             logger.error('[authService] Error deleting specific auth key:', authService);
-            ({ status, message } = normalizeHttpError(authService));
+            ({ status, message } = authService);
           }
         }
       }
@@ -199,8 +193,7 @@ const updateUserPluginsController = async (req, res) => {
       return res.status(status).send();
     }
 
-    const normalized = normalizeHttpError({ status, message });
-    return res.status(normalized.status).send({ message: normalized.message });
+    res.status(status).send({ message });
   } catch (err) {
     logger.error('[updateUserPluginsController]', err);
     return res.status(500).json({ message: 'Something went wrong.' });

api/server/controllers/agents/client.js

@@ -33,13 +33,18 @@ const {
   bedrockInputSchema,
   removeNullishValues,
 } = require('librechat-data-provider');
+const {
+  findPluginAuthsByKeys,
+  getFormattedMemories,
+  deleteMemory,
+  setMemory,
+} = require('~/models');
+const { getMCPAuthMap, checkCapability, hasCustomUserVars } = require('~/server/services/Config');
 const { addCacheControl, createContextHandlers } = require('~/app/clients/prompts');
 const { initializeAgent } = require('~/server/services/Endpoints/agents/agent');
 const { spendTokens, spendStructuredTokens } = require('~/models/spendTokens');
-const { getFormattedMemories, deleteMemory, setMemory } = require('~/models');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
 const { getProviderConfig } = require('~/server/services/Endpoints');
-const { checkCapability } = require('~/server/services/Config');
 const BaseClient = require('~/app/clients/BaseClient');
 const { getRoleByName } = require('~/models/Role');
 const { loadAgent } = require('~/models/Agent');
@@ -397,34 +402,6 @@ class AgentClient extends BaseClient {
     return result;
   }
 
-  /**
-   * Creates a promise that resolves with the memory promise result or undefined after a timeout
-   * @param {Promise<(TAttachment | null)[] | undefined>} memoryPromise - The memory promise to await
-   * @param {number} timeoutMs - Timeout in milliseconds (default: 3000)
-   * @returns {Promise<(TAttachment | null)[] | undefined>}
-   */
-  async awaitMemoryWithTimeout(memoryPromise, timeoutMs = 3000) {
-    if (!memoryPromise) {
-      return;
-    }
-
-    try {
-      const timeoutPromise = new Promise((_, reject) =>
-        setTimeout(() => reject(new Error('Memory processing timeout')), timeoutMs),
-      );
-
-      const attachments = await Promise.race([memoryPromise, timeoutPromise]);
-      return attachments;
-    } catch (error) {
-      if (error.message === 'Memory processing timeout') {
-        logger.warn('[AgentClient] Memory processing timed out after 3 seconds');
-      } else {
-        logger.error('[AgentClient] Error processing memory:', error);
-      }
-      return;
-    }
-  }
-
   /**
    * @returns {Promise<string | undefined>}
    */
@@ -610,7 +587,6 @@ class AgentClient extends BaseClient {
     await this.chatCompletion({
       payload,
       onProgress: opts.onProgress,
-      userMCPAuthMap: opts.userMCPAuthMap,
       abortController: opts.abortController,
     });
     return this.contentParts;
@@ -743,13 +719,7 @@ class AgentClient extends BaseClient {
     return currentMessageTokens > 0 ? currentMessageTokens : originalEstimate;
   }
 
-  /**
-   * @param {object} params
-   * @param {string | ChatCompletionMessageParam[]} params.payload
-   * @param {Record<string, Record<string, string>>} [params.userMCPAuthMap]
-   * @param {AbortController} [params.abortController]
-   */
-  async chatCompletion({ payload, userMCPAuthMap, abortController = null }) {
+  async chatCompletion({ payload, abortController = null }) {
     /** @type {Partial<GraphRunnableConfig>} */
     let config;
     /** @type {ReturnType<createRun>} */
@@ -770,11 +740,6 @@ class AgentClient extends BaseClient {
           last_agent_index: this.agentConfigs?.size ?? 0,
           user_id: this.user ?? this.options.req.user?.id,
           hide_sequential_outputs: this.options.agent.hide_sequential_outputs,
-          requestBody: {
-            messageId: this.responseMessageId,
-            conversationId: this.conversationId,
-            parentMessageId: this.parentMessageId,
-          },
           user: this.options.req.user,
         },
         recursionLimit: agentsEConfig?.recursionLimit ?? 25,
@@ -905,9 +870,21 @@ class AgentClient extends BaseClient {
           run.Graph.contentData = contentData;
         }
 
-        if (userMCPAuthMap != null) {
-          config.configurable.userMCPAuthMap = userMCPAuthMap;
+        try {
+          if (await hasCustomUserVars()) {
+            config.configurable.userMCPAuthMap = await getMCPAuthMap({
+              tools: agent.tools,
+              userId: this.options.req.user.id,
+              findPluginAuthsByKeys,
+            });
+          }
+        } catch (err) {
+          logger.error(
+            `[api/server/controllers/agents/client.js #chatCompletion] Error getting custom user vars for agent ${agent.id}`,
+            err,
+          );
         }
+
         await run.processStream({ messages }, config, {
           keepContent: i !== 0,
           tokenCounter: createTokenCounter(this.getEncoding()),
@@ -1025,9 +1002,11 @@ class AgentClient extends BaseClient {
       });
 
       try {
-        const attachments = await this.awaitMemoryWithTimeout(memoryPromise);
-        if (attachments && attachments.length > 0) {
-          this.artifactPromises.push(...attachments);
+        if (memoryPromise) {
+          const attachments = await memoryPromise;
+          if (attachments && attachments.length > 0) {
+            this.artifactPromises.push(...attachments);
+          }
         }
 
         await this.recordCollectedUsage({ context: 'message' });
@@ -1038,9 +1017,11 @@ class AgentClient extends BaseClient {
         );
       }
     } catch (err) {
-      const attachments = await this.awaitMemoryWithTimeout(memoryPromise);
-      if (attachments && attachments.length > 0) {
-        this.artifactPromises.push(...attachments);
+      if (memoryPromise) {
+        const attachments = await memoryPromise;
+        if (attachments && attachments.length > 0) {
+          this.artifactPromises.push(...attachments);
+        }
       }
       logger.error(
         '[api/server/controllers/agents/client.js #sendCompletion] Operation aborted',
@@ -1075,6 +1056,7 @@ class AgentClient extends BaseClient {
 
     /** @type {import('@librechat/agents').ClientOptions} */
     let clientOptions = {
+      maxTokens: 75,
       model: agent.model || agent.model_parameters.model,
     };
 
@@ -1141,15 +1123,12 @@ class AgentClient extends BaseClient {
       clientOptions.configuration = options.configOptions;
     }
 
-    if (clientOptions.maxTokens != null) {
+    // Ensure maxTokens is set for non-o1 models
+    if (!/\b(o\d)\b/i.test(clientOptions.model) && !clientOptions.maxTokens) {
+      clientOptions.maxTokens = 75;
+    } else if (/\b(o\d)\b/i.test(clientOptions.model) && clientOptions.maxTokens != null) {
       delete clientOptions.maxTokens;
     }
-    if (clientOptions?.modelKwargs?.max_completion_tokens != null) {
-      delete clientOptions.modelKwargs.max_completion_tokens;
-    }
-    if (clientOptions?.modelKwargs?.max_output_tokens != null) {
-      delete clientOptions.modelKwargs.max_output_tokens;
-    }
 
     clientOptions = Object.assign(
       Object.fromEntries(

api/server/controllers/agents/client.test.js

@@ -728,239 +728,6 @@ describe('AgentClient - titleConvo', () => {
     });
   });
 
-  describe('getOptions method - GPT-5+ model handling', () => {
-    let mockReq;
-    let mockRes;
-    let mockAgent;
-    let mockOptions;
-
-    beforeEach(() => {
-      jest.clearAllMocks();
-
-      mockAgent = {
-        id: 'agent-123',
-        endpoint: EModelEndpoint.openAI,
-        provider: EModelEndpoint.openAI,
-        model_parameters: {
-          model: 'gpt-5',
-        },
-      };
-
-      mockReq = {
-        app: {
-          locals: {},
-        },
-        user: {
-          id: 'user-123',
-        },
-      };
-
-      mockRes = {};
-
-      mockOptions = {
-        req: mockReq,
-        res: mockRes,
-        agent: mockAgent,
-      };
-
-      client = new AgentClient(mockOptions);
-    });
-
-    it('should move maxTokens to modelKwargs.max_completion_tokens for GPT-5 models', () => {
-      const clientOptions = {
-        model: 'gpt-5',
-        maxTokens: 2048,
-        temperature: 0.7,
-      };
-
-      // Simulate the getOptions logic that handles GPT-5+ models
-      if (/\bgpt-[5-9]\b/i.test(clientOptions.model) && clientOptions.maxTokens != null) {
-        clientOptions.modelKwargs = clientOptions.modelKwargs ?? {};
-        clientOptions.modelKwargs.max_completion_tokens = clientOptions.maxTokens;
-        delete clientOptions.maxTokens;
-      }
-
-      expect(clientOptions.maxTokens).toBeUndefined();
-      expect(clientOptions.modelKwargs).toBeDefined();
-      expect(clientOptions.modelKwargs.max_completion_tokens).toBe(2048);
-      expect(clientOptions.temperature).toBe(0.7); // Other options should remain
-    });
-
-    it('should move maxTokens to modelKwargs.max_output_tokens for GPT-5 models with useResponsesApi', () => {
-      const clientOptions = {
-        model: 'gpt-5',
-        maxTokens: 2048,
-        temperature: 0.7,
-        useResponsesApi: true,
-      };
-
-      if (/\bgpt-[5-9]\b/i.test(clientOptions.model) && clientOptions.maxTokens != null) {
-        clientOptions.modelKwargs = clientOptions.modelKwargs ?? {};
-        const paramName =
-          clientOptions.useResponsesApi === true ? 'max_output_tokens' : 'max_completion_tokens';
-        clientOptions.modelKwargs[paramName] = clientOptions.maxTokens;
-        delete clientOptions.maxTokens;
-      }
-
-      expect(clientOptions.maxTokens).toBeUndefined();
-      expect(clientOptions.modelKwargs).toBeDefined();
-      expect(clientOptions.modelKwargs.max_output_tokens).toBe(2048);
-      expect(clientOptions.temperature).toBe(0.7); // Other options should remain
-    });
-
-    it('should handle GPT-5+ models with existing modelKwargs', () => {
-      const clientOptions = {
-        model: 'gpt-6',
-        maxTokens: 1500,
-        temperature: 0.8,
-        modelKwargs: {
-          customParam: 'value',
-        },
-      };
-
-      // Simulate the getOptions logic
-      if (/\bgpt-[5-9]\b/i.test(clientOptions.model) && clientOptions.maxTokens != null) {
-        clientOptions.modelKwargs = clientOptions.modelKwargs ?? {};
-        clientOptions.modelKwargs.max_completion_tokens = clientOptions.maxTokens;
-        delete clientOptions.maxTokens;
-      }
-
-      expect(clientOptions.maxTokens).toBeUndefined();
-      expect(clientOptions.modelKwargs).toEqual({
-        customParam: 'value',
-        max_completion_tokens: 1500,
-      });
-    });
-
-    it('should not modify maxTokens for non-GPT-5+ models', () => {
-      const clientOptions = {
-        model: 'gpt-4',
-        maxTokens: 2048,
-        temperature: 0.7,
-      };
-
-      // Simulate the getOptions logic
-      if (/\bgpt-[5-9]\b/i.test(clientOptions.model) && clientOptions.maxTokens != null) {
-        clientOptions.modelKwargs = clientOptions.modelKwargs ?? {};
-        clientOptions.modelKwargs.max_completion_tokens = clientOptions.maxTokens;
-        delete clientOptions.maxTokens;
-      }
-
-      // Should not be modified since it's GPT-4
-      expect(clientOptions.maxTokens).toBe(2048);
-      expect(clientOptions.modelKwargs).toBeUndefined();
-    });
-
-    it('should handle various GPT-5+ model formats', () => {
-      const testCases = [
-        { model: 'gpt-5', shouldTransform: true },
-        { model: 'gpt-5-turbo', shouldTransform: true },
-        { model: 'gpt-6', shouldTransform: true },
-        { model: 'gpt-7-preview', shouldTransform: true },
-        { model: 'gpt-8', shouldTransform: true },
-        { model: 'gpt-9-mini', shouldTransform: true },
-        { model: 'gpt-4', shouldTransform: false },
-        { model: 'gpt-4o', shouldTransform: false },
-        { model: 'gpt-3.5-turbo', shouldTransform: false },
-        { model: 'claude-3', shouldTransform: false },
-      ];
-
-      testCases.forEach(({ model, shouldTransform }) => {
-        const clientOptions = {
-          model,
-          maxTokens: 1000,
-        };
-
-        // Simulate the getOptions logic
-        if (/\bgpt-[5-9]\b/i.test(clientOptions.model) && clientOptions.maxTokens != null) {
-          clientOptions.modelKwargs = clientOptions.modelKwargs ?? {};
-          clientOptions.modelKwargs.max_completion_tokens = clientOptions.maxTokens;
-          delete clientOptions.maxTokens;
-        }
-
-        if (shouldTransform) {
-          expect(clientOptions.maxTokens).toBeUndefined();
-          expect(clientOptions.modelKwargs?.max_completion_tokens).toBe(1000);
-        } else {
-          expect(clientOptions.maxTokens).toBe(1000);
-          expect(clientOptions.modelKwargs).toBeUndefined();
-        }
-      });
-    });
-
-    it('should not swap max token param for older models when using useResponsesApi', () => {
-      const testCases = [
-        { model: 'gpt-5', shouldTransform: true },
-        { model: 'gpt-5-turbo', shouldTransform: true },
-        { model: 'gpt-6', shouldTransform: true },
-        { model: 'gpt-7-preview', shouldTransform: true },
-        { model: 'gpt-8', shouldTransform: true },
-        { model: 'gpt-9-mini', shouldTransform: true },
-        { model: 'gpt-4', shouldTransform: false },
-        { model: 'gpt-4o', shouldTransform: false },
-        { model: 'gpt-3.5-turbo', shouldTransform: false },
-        { model: 'claude-3', shouldTransform: false },
-      ];
-
-      testCases.forEach(({ model, shouldTransform }) => {
-        const clientOptions = {
-          model,
-          maxTokens: 1000,
-          useResponsesApi: true,
-        };
-
-        if (/\bgpt-[5-9]\b/i.test(clientOptions.model) && clientOptions.maxTokens != null) {
-          clientOptions.modelKwargs = clientOptions.modelKwargs ?? {};
-          const paramName =
-            clientOptions.useResponsesApi === true ? 'max_output_tokens' : 'max_completion_tokens';
-          clientOptions.modelKwargs[paramName] = clientOptions.maxTokens;
-          delete clientOptions.maxTokens;
-        }
-
-        if (shouldTransform) {
-          expect(clientOptions.maxTokens).toBeUndefined();
-          expect(clientOptions.modelKwargs?.max_output_tokens).toBe(1000);
-        } else {
-          expect(clientOptions.maxTokens).toBe(1000);
-          expect(clientOptions.modelKwargs).toBeUndefined();
-        }
-      });
-    });
-
-    it('should not transform if maxTokens is null or undefined', () => {
-      const testCases = [
-        { model: 'gpt-5', maxTokens: null },
-        { model: 'gpt-5', maxTokens: undefined },
-        { model: 'gpt-6', maxTokens: 0 }, // Should transform even if 0
-      ];
-
-      testCases.forEach(({ model, maxTokens }, index) => {
-        const clientOptions = {
-          model,
-          maxTokens,
-          temperature: 0.7,
-        };
-
-        // Simulate the getOptions logic
-        if (/\bgpt-[5-9]\b/i.test(clientOptions.model) && clientOptions.maxTokens != null) {
-          clientOptions.modelKwargs = clientOptions.modelKwargs ?? {};
-          clientOptions.modelKwargs.max_completion_tokens = clientOptions.maxTokens;
-          delete clientOptions.maxTokens;
-        }
-
-        if (index < 2) {
-          // null or undefined cases
-          expect(clientOptions.maxTokens).toBe(maxTokens);
-          expect(clientOptions.modelKwargs).toBeUndefined();
-        } else {
-          // 0 case - should transform
-          expect(clientOptions.maxTokens).toBeUndefined();
-          expect(clientOptions.modelKwargs?.max_completion_tokens).toBe(0);
-        }
-      });
-    });
-  });
-
   describe('runMemory method', () => {
     let client;
     let mockReq;

api/server/controllers/agents/request.js

@@ -9,24 +9,6 @@ const {
 const { disposeClient, clientRegistry, requestDataMap } = require('~/server/cleanup');
 const { saveMessage } = require('~/models');
 
-function createCloseHandler(abortController) {
-  return function (manual) {
-    if (!manual) {
-      logger.debug('[AgentController] Request closed');
-    }
-    if (!abortController) {
-      return;
-    } else if (abortController.signal.aborted) {
-      return;
-    } else if (abortController.requestCompleted) {
-      return;
-    }
-
-    abortController.abort();
-    logger.debug('[AgentController] Request aborted on close');
-  };
-}
-
 const AgentController = async (req, res, next, initializeClient, addTitle) => {
   let {
     text,
@@ -49,6 +31,7 @@ const AgentController = async (req, res, next, initializeClient, addTitle) => {
   let userMessagePromise;
   let getAbortData;
   let client = null;
+  // Initialize as an array
   let cleanupHandlers = [];
 
   const newConvo = !conversationId;
@@ -79,7 +62,9 @@ const AgentController = async (req, res, next, initializeClient, addTitle) => {
   // Create a function to handle final cleanup
   const performCleanup = () => {
     logger.debug('[AgentController] Performing cleanup');
+    // Make sure cleanupHandlers is an array before iterating
     if (Array.isArray(cleanupHandlers)) {
+      // Execute all cleanup handlers
       for (const handler of cleanupHandlers) {
         try {
           if (typeof handler === 'function') {
@@ -120,33 +105,8 @@ const AgentController = async (req, res, next, initializeClient, addTitle) => {
   };
 
   try {
-    let prelimAbortController = new AbortController();
-    const prelimCloseHandler = createCloseHandler(prelimAbortController);
-    res.on('close', prelimCloseHandler);
-    const removePrelimHandler = (manual) => {
-      try {
-        prelimCloseHandler(manual);
-        res.removeListener('close', prelimCloseHandler);
-      } catch (e) {
-        logger.error('[AgentController] Error removing close listener', e);
-      }
-    };
-    cleanupHandlers.push(removePrelimHandler);
-    /** @type {{ client: TAgentClient; userMCPAuthMap?: Record<string, Record<string, string>> }} */
-    const result = await initializeClient({
-      req,
-      res,
-      endpointOption,
-      signal: prelimAbortController.signal,
-    });
-    if (prelimAbortController.signal?.aborted) {
-      prelimAbortController = null;
-      throw new Error('Request was aborted before initialization could complete');
-    } else {
-      prelimAbortController = null;
-      removePrelimHandler(true);
-      cleanupHandlers.pop();
-    }
+    /** @type {{ client: TAgentClient }} */
+    const result = await initializeClient({ req, res, endpointOption });
     client = result.client;
 
     // Register client with finalization registry if available
@@ -178,7 +138,22 @@ const AgentController = async (req, res, next, initializeClient, addTitle) => {
     };
 
     const { abortController, onStart } = createAbortController(req, res, getAbortData, getReqData);
-    const closeHandler = createCloseHandler(abortController);
+
+    // Simple handler to avoid capturing scope
+    const closeHandler = () => {
+      logger.debug('[AgentController] Request closed');
+      if (!abortController) {
+        return;
+      } else if (abortController.signal.aborted) {
+        return;
+      } else if (abortController.requestCompleted) {
+        return;
+      }
+
+      abortController.abort();
+      logger.debug('[AgentController] Request aborted on close');
+    };
+
     res.on('close', closeHandler);
     cleanupHandlers.push(() => {
       try {
@@ -200,7 +175,6 @@ const AgentController = async (req, res, next, initializeClient, addTitle) => {
       abortController,
       overrideParentMessageId,
       isEdited: !!editedContent,
-      userMCPAuthMap: result.userMCPAuthMap,
       responseMessageId: editedResponseMessageId,
       progressOptions: {
         res,
@@ -259,26 +233,6 @@ const AgentController = async (req, res, next, initializeClient, addTitle) => {
         );
       }
     }
-    // Edge case: sendMessage completed but abort happened during sendCompletion
-    // We need to ensure a final event is sent
-    else if (!res.headersSent && !res.finished) {
-      logger.debug(
-        '[AgentController] Handling edge case: `sendMessage` completed but aborted during `sendCompletion`',
-      );
-
-      const finalResponse = { ...response };
-      finalResponse.error = true;
-
-      sendEvent(res, {
-        final: true,
-        conversation,
-        title: conversation.title,
-        requestMessage: userMessage,
-        responseMessage: finalResponse,
-        error: { message: 'Request was aborted during completion' },
-      });
-      res.end();
-    }
 
     // Save user message if needed
     if (!client.skipSaveUserMessage) {

api/server/controllers/agents/v1.js

@@ -217,9 +217,6 @@ const updateAgentHandler = async (req, res) => {
           })
         : existingAgent;
 
-    // Add version count to the response
-    updatedAgent.version = updatedAgent.versions ? updatedAgent.versions.length : 0;
-
     if (updatedAgent.author) {
       updatedAgent.author = updatedAgent.author.toString();
     }

api/server/controllers/agents/v1.spec.js

@@ -1,6 +1,5 @@
 const mongoose = require('mongoose');
 const { v4: uuidv4 } = require('uuid');
-const { nanoid } = require('nanoid');
 const { MongoMemoryServer } = require('mongodb-memory-server');
 const { agentSchema } = require('@librechat/data-schemas');
 
@@ -42,27 +41,7 @@ jest.mock('~/models/File', () => ({
   deleteFileByFilter: jest.fn(),
 }));
 
-jest.mock('~/server/services/PermissionService', () => ({
-  findAccessibleResources: jest.fn().mockResolvedValue([]),
-  findPubliclyAccessibleResources: jest.fn().mockResolvedValue([]),
-  grantPermission: jest.fn(),
-  hasPublicPermission: jest.fn().mockResolvedValue(false),
-}));
-
-jest.mock('~/models', () => ({
-  getCategoriesWithCounts: jest.fn(),
-}));
-
-const {
-  createAgent: createAgentHandler,
-  updateAgent: updateAgentHandler,
-  getListAgents: getListAgentsHandler,
-} = require('./v1');
-
-const {
-  findAccessibleResources,
-  findPubliclyAccessibleResources,
-} = require('~/server/services/PermissionService');
+const { createAgent: createAgentHandler, updateAgent: updateAgentHandler } = require('./v1');
 
 /**
  * @type {import('mongoose').Model<import('@librechat/data-schemas').IAgent>}
@@ -100,7 +79,6 @@ describe('Agent Controllers - Mass Assignment Protection', () => {
       },
       body: {},
       params: {},
-      query: {},
       app: {
         locals: {
           fileStrategy: 'local',
@@ -549,28 +527,6 @@ describe('Agent Controllers - Mass Assignment Protection', () => {
       expect(mockRes.json).toHaveBeenCalledWith({ error: 'Agent not found' });
     });
 
-    test('should include version field in update response', async () => {
-      mockReq.user.id = existingAgentAuthorId.toString();
-      mockReq.params.id = existingAgentId;
-      mockReq.body = {
-        name: 'Updated with Version Check',
-      };
-
-      await updateAgentHandler(mockReq, mockRes);
-
-      expect(mockRes.json).toHaveBeenCalled();
-      const updatedAgent = mockRes.json.mock.calls[0][0];
-
-      // Verify version field is included and is a number
-      expect(updatedAgent).toHaveProperty('version');
-      expect(typeof updatedAgent.version).toBe('number');
-      expect(updatedAgent.version).toBeGreaterThanOrEqual(1);
-
-      // Verify in database
-      const agentInDb = await Agent.findOne({ id: existingAgentId });
-      expect(updatedAgent.version).toBe(agentInDb.versions.length);
-    });
-
     test('should handle validation errors properly', async () => {
       mockReq.user.id = existingAgentAuthorId.toString();
       mockReq.params.id = existingAgentId;
@@ -690,373 +646,4 @@ describe('Agent Controllers - Mass Assignment Protection', () => {
       expect(agentInDb.futureFeature).toBeUndefined();
     });
   });
-
-  describe('getListAgentsHandler - Security Tests', () => {
-    let userA, userB;
-    let agentA1, agentA2, agentA3, agentB1;
-
-    beforeEach(async () => {
-      await Agent.deleteMany({});
-      jest.clearAllMocks();
-
-      // Create two test users
-      userA = new mongoose.Types.ObjectId();
-      userB = new mongoose.Types.ObjectId();
-
-      // Create agents for User A
-      agentA1 = await Agent.create({
-        id: `agent_${nanoid(12)}`,
-        name: 'Agent A1',
-        description: 'User A agent 1',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: userA,
-        versions: [
-          {
-            name: 'Agent A1',
-            description: 'User A agent 1',
-            provider: 'openai',
-            model: 'gpt-4',
-            createdAt: new Date(),
-            updatedAt: new Date(),
-          },
-        ],
-      });
-
-      agentA2 = await Agent.create({
-        id: `agent_${nanoid(12)}`,
-        name: 'Agent A2',
-        description: 'User A agent 2',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: userA,
-        versions: [
-          {
-            name: 'Agent A2',
-            description: 'User A agent 2',
-            provider: 'openai',
-            model: 'gpt-4',
-            createdAt: new Date(),
-            updatedAt: new Date(),
-          },
-        ],
-      });
-
-      agentA3 = await Agent.create({
-        id: `agent_${nanoid(12)}`,
-        name: 'Agent A3',
-        description: 'User A agent 3',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: userA,
-        category: 'productivity',
-        versions: [
-          {
-            name: 'Agent A3',
-            description: 'User A agent 3',
-            provider: 'openai',
-            model: 'gpt-4',
-            category: 'productivity',
-            createdAt: new Date(),
-            updatedAt: new Date(),
-          },
-        ],
-      });
-
-      // Create an agent for User B
-      agentB1 = await Agent.create({
-        id: `agent_${nanoid(12)}`,
-        name: 'Agent B1',
-        description: 'User B agent 1',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: userB,
-        versions: [
-          {
-            name: 'Agent B1',
-            description: 'User B agent 1',
-            provider: 'openai',
-            model: 'gpt-4',
-            createdAt: new Date(),
-            updatedAt: new Date(),
-          },
-        ],
-      });
-    });
-
-    test('should return empty list when user has no accessible agents', async () => {
-      // User B has no permissions and no owned agents
-      mockReq.user.id = userB.toString();
-      findAccessibleResources.mockResolvedValue([]);
-      findPubliclyAccessibleResources.mockResolvedValue([]);
-
-      await getListAgentsHandler(mockReq, mockRes);
-
-      expect(findAccessibleResources).toHaveBeenCalledWith({
-        userId: userB.toString(),
-        role: 'USER',
-        resourceType: 'agent',
-        requiredPermissions: 1, // VIEW permission
-      });
-
-      expect(mockRes.json).toHaveBeenCalledWith({
-        object: 'list',
-        data: [],
-        first_id: null,
-        last_id: null,
-        has_more: false,
-        after: null,
-      });
-    });
-
-    test('should not return other users agents when accessibleIds is empty', async () => {
-      // User B trying to see agents with no permissions
-      mockReq.user.id = userB.toString();
-      findAccessibleResources.mockResolvedValue([]);
-      findPubliclyAccessibleResources.mockResolvedValue([]);
-
-      await getListAgentsHandler(mockReq, mockRes);
-
-      const response = mockRes.json.mock.calls[0][0];
-      expect(response.data).toHaveLength(0);
-
-      // Verify User A's agents are not included
-      const agentIds = response.data.map((a) => a.id);
-      expect(agentIds).not.toContain(agentA1.id);
-      expect(agentIds).not.toContain(agentA2.id);
-      expect(agentIds).not.toContain(agentA3.id);
-    });
-
-    test('should only return agents user has access to', async () => {
-      // User B has access to one of User A's agents
-      mockReq.user.id = userB.toString();
-      findAccessibleResources.mockResolvedValue([agentA1._id]);
-      findPubliclyAccessibleResources.mockResolvedValue([]);
-
-      await getListAgentsHandler(mockReq, mockRes);
-
-      const response = mockRes.json.mock.calls[0][0];
-      expect(response.data).toHaveLength(1);
-      expect(response.data[0].id).toBe(agentA1.id);
-      expect(response.data[0].name).toBe('Agent A1');
-    });
-
-    test('should return multiple accessible agents', async () => {
-      // User B has access to multiple agents
-      mockReq.user.id = userB.toString();
-      findAccessibleResources.mockResolvedValue([agentA1._id, agentA3._id, agentB1._id]);
-      findPubliclyAccessibleResources.mockResolvedValue([]);
-
-      await getListAgentsHandler(mockReq, mockRes);
-
-      const response = mockRes.json.mock.calls[0][0];
-      expect(response.data).toHaveLength(3);
-
-      const agentIds = response.data.map((a) => a.id);
-      expect(agentIds).toContain(agentA1.id);
-      expect(agentIds).toContain(agentA3.id);
-      expect(agentIds).toContain(agentB1.id);
-      expect(agentIds).not.toContain(agentA2.id);
-    });
-
-    test('should apply category filter correctly with ACL', async () => {
-      // User has access to all agents but filters by category
-      mockReq.user.id = userB.toString();
-      mockReq.query.category = 'productivity';
-      findAccessibleResources.mockResolvedValue([agentA1._id, agentA2._id, agentA3._id]);
-      findPubliclyAccessibleResources.mockResolvedValue([]);
-
-      await getListAgentsHandler(mockReq, mockRes);
-
-      const response = mockRes.json.mock.calls[0][0];
-      expect(response.data).toHaveLength(1);
-      expect(response.data[0].id).toBe(agentA3.id);
-      expect(response.data[0].category).toBe('productivity');
-    });
-
-    test('should apply search filter correctly with ACL', async () => {
-      // User has access to multiple agents but searches for specific one
-      mockReq.user.id = userB.toString();
-      mockReq.query.search = 'A2';
-      findAccessibleResources.mockResolvedValue([agentA1._id, agentA2._id, agentA3._id]);
-      findPubliclyAccessibleResources.mockResolvedValue([]);
-
-      await getListAgentsHandler(mockReq, mockRes);
-
-      const response = mockRes.json.mock.calls[0][0];
-      expect(response.data).toHaveLength(1);
-      expect(response.data[0].id).toBe(agentA2.id);
-    });
-
-    test('should handle pagination with ACL filtering', async () => {
-      // Create more agents for pagination testing
-      const moreAgents = [];
-      for (let i = 4; i <= 10; i++) {
-        const agent = await Agent.create({
-          id: `agent_${nanoid(12)}`,
-          name: `Agent A${i}`,
-          description: `User A agent ${i}`,
-          provider: 'openai',
-          model: 'gpt-4',
-          author: userA,
-          versions: [
-            {
-              name: `Agent A${i}`,
-              description: `User A agent ${i}`,
-              provider: 'openai',
-              model: 'gpt-4',
-              createdAt: new Date(),
-              updatedAt: new Date(),
-            },
-          ],
-        });
-        moreAgents.push(agent);
-      }
-
-      // User has access to all agents
-      const allAgentIds = [agentA1, agentA2, agentA3, ...moreAgents].map((a) => a._id);
-      mockReq.user.id = userB.toString();
-      mockReq.query.limit = '5';
-      findAccessibleResources.mockResolvedValue(allAgentIds);
-      findPubliclyAccessibleResources.mockResolvedValue([]);
-
-      await getListAgentsHandler(mockReq, mockRes);
-
-      const response = mockRes.json.mock.calls[0][0];
-      expect(response.data).toHaveLength(5);
-      expect(response.has_more).toBe(true);
-      expect(response.after).toBeTruthy();
-    });
-
-    test('should mark publicly accessible agents', async () => {
-      // User has access to agents, some are public
-      mockReq.user.id = userB.toString();
-      findAccessibleResources.mockResolvedValue([agentA1._id, agentA2._id]);
-      findPubliclyAccessibleResources.mockResolvedValue([agentA2._id]);
-
-      await getListAgentsHandler(mockReq, mockRes);
-
-      const response = mockRes.json.mock.calls[0][0];
-      expect(response.data).toHaveLength(2);
-
-      const publicAgent = response.data.find((a) => a.id === agentA2.id);
-      const privateAgent = response.data.find((a) => a.id === agentA1.id);
-
-      expect(publicAgent.isPublic).toBe(true);
-      expect(privateAgent.isPublic).toBeUndefined();
-    });
-
-    test('should handle requiredPermission parameter', async () => {
-      // Test with different permission levels
-      mockReq.user.id = userB.toString();
-      mockReq.query.requiredPermission = '15'; // FULL_ACCESS
-      findAccessibleResources.mockResolvedValue([agentA1._id]);
-      findPubliclyAccessibleResources.mockResolvedValue([]);
-
-      await getListAgentsHandler(mockReq, mockRes);
-
-      expect(findAccessibleResources).toHaveBeenCalledWith({
-        userId: userB.toString(),
-        role: 'USER',
-        resourceType: 'agent',
-        requiredPermissions: 15,
-      });
-
-      const response = mockRes.json.mock.calls[0][0];
-      expect(response.data).toHaveLength(1);
-    });
-
-    test('should handle promoted filter with ACL', async () => {
-      // Create a promoted agent
-      const promotedAgent = await Agent.create({
-        id: `agent_${nanoid(12)}`,
-        name: 'Promoted Agent',
-        description: 'A promoted agent',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: userA,
-        is_promoted: true,
-        versions: [
-          {
-            name: 'Promoted Agent',
-            description: 'A promoted agent',
-            provider: 'openai',
-            model: 'gpt-4',
-            is_promoted: true,
-            createdAt: new Date(),
-            updatedAt: new Date(),
-          },
-        ],
-      });
-
-      mockReq.user.id = userB.toString();
-      mockReq.query.promoted = '1';
-      findAccessibleResources.mockResolvedValue([agentA1._id, agentA2._id, promotedAgent._id]);
-      findPubliclyAccessibleResources.mockResolvedValue([]);
-
-      await getListAgentsHandler(mockReq, mockRes);
-
-      const response = mockRes.json.mock.calls[0][0];
-      expect(response.data).toHaveLength(1);
-      expect(response.data[0].id).toBe(promotedAgent.id);
-      expect(response.data[0].is_promoted).toBe(true);
-    });
-
-    test('should handle errors gracefully', async () => {
-      mockReq.user.id = userB.toString();
-      findAccessibleResources.mockRejectedValue(new Error('Permission service error'));
-
-      await getListAgentsHandler(mockReq, mockRes);
-
-      expect(mockRes.status).toHaveBeenCalledWith(500);
-      expect(mockRes.json).toHaveBeenCalledWith({
-        error: 'Permission service error',
-      });
-    });
-
-    test('should respect combined filters with ACL', async () => {
-      // Create agents with specific attributes
-      const productivityPromoted = await Agent.create({
-        id: `agent_${nanoid(12)}`,
-        name: 'Productivity Pro',
-        description: 'A promoted productivity agent',
-        provider: 'openai',
-        model: 'gpt-4',
-        author: userA,
-        category: 'productivity',
-        is_promoted: true,
-        versions: [
-          {
-            name: 'Productivity Pro',
-            description: 'A promoted productivity agent',
-            provider: 'openai',
-            model: 'gpt-4',
-            category: 'productivity',
-            is_promoted: true,
-            createdAt: new Date(),
-            updatedAt: new Date(),
-          },
-        ],
-      });
-
-      mockReq.user.id = userB.toString();
-      mockReq.query.category = 'productivity';
-      mockReq.query.promoted = '1';
-      findAccessibleResources.mockResolvedValue([
-        agentA1._id,
-        agentA2._id,
-        agentA3._id,
-        productivityPromoted._id,
-      ]);
-      findPubliclyAccessibleResources.mockResolvedValue([]);
-
-      await getListAgentsHandler(mockReq, mockRes);
-
-      const response = mockRes.json.mock.calls[0][0];
-      expect(response.data).toHaveLength(1);
-      expect(response.data[0].id).toBe(productivityPromoted.id);
-      expect(response.data[0].category).toBe('productivity');
-      expect(response.data[0].is_promoted).toBe(true);
-    });
-  });
 });

api/server/controllers/auth/TwoFactorAuthController.js

@@ -22,11 +22,10 @@ const verify2FAWithTempToken = async (req, res) => {
     try {
       payload = jwt.verify(tempToken, process.env.JWT_SECRET);
     } catch (err) {
-      logger.error('Failed to verify temporary token:', err);
       return res.status(401).json({ message: 'Invalid or expired temporary token' });
     }
 
-    const user = await getUserById(payload.userId, '+totpSecret +backupCodes');
+    const user = await getUserById(payload.userId);
     if (!user || !user.twoFactorEnabled) {
       return res.status(400).json({ message: '2FA is not enabled for this user' });
     }
@@ -43,11 +42,11 @@ const verify2FAWithTempToken = async (req, res) => {
       return res.status(401).json({ message: 'Invalid 2FA code or backup code' });
     }
 
+    // Prepare user data to return (omit sensitive fields).
     const userData = user.toObject ? user.toObject() : { ...user };
-    delete userData.__v;
     delete userData.password;
+    delete userData.__v;
     delete userData.totpSecret;
-    delete userData.backupCodes;
     userData.id = user._id.toString();
 
     const authToken = await setAuthTokens(user._id, res);

api/server/index.js

@@ -8,13 +8,14 @@ const express = require('express');
 const passport = require('passport');
 const compression = require('compression');
 const cookieParser = require('cookie-parser');
+const { isEnabled } = require('@librechat/api');
 const { logger } = require('@librechat/data-schemas');
 const mongoSanitize = require('express-mongo-sanitize');
-const { isEnabled, ErrorController } = require('@librechat/api');
 const { connectDb, indexSync } = require('~/db');
+
 const validateImageRequest = require('./middleware/validateImageRequest');
 const { jwtLogin, ldapLogin, passportLogin } = require('~/strategies');
-const { checkMigrations } = require('./services/start/migration');
+const errorController = require('./controllers/ErrorController');
 const initializeMCPs = require('./services/initializeMCPs');
 const configureSocialLogins = require('./socialLogins');
 const AppService = require('./services/AppService');
@@ -121,7 +122,8 @@ const startServer = async () => {
   app.use('/api/tags', routes.tags);
   app.use('/api/mcp', routes.mcp);
 
-  app.use(ErrorController);
+  // Add the error controller one more time after all routes
+  app.use(errorController);
 
   app.use((req, res) => {
     res.set({
@@ -146,7 +148,7 @@ const startServer = async () => {
       logger.info(`Server listening at http://${host == '0.0.0.0' ? 'localhost' : host}:${port}`);
     }
 
-    initializeMCPs(app).then(() => checkMigrations());
+    initializeMCPs(app);
   });
 };
 

api/server/index.spec.js

@@ -92,7 +92,7 @@ async function healthCheckPoll(app, retries = 0) {
     if (response.status === 200) {
       return; // App is healthy
     }
-  } catch {
+  } catch (error) {
     // Ignore connection errors during polling
   }
 

api/server/middleware/abortMiddleware.js

@@ -1,6 +1,6 @@
 const { logger } = require('@librechat/data-schemas');
 const { countTokens, isEnabled, sendEvent } = require('@librechat/api');
-const { isAssistantsEndpoint, ErrorTypes, Constants } = require('librechat-data-provider');
+const { isAssistantsEndpoint, ErrorTypes } = require('librechat-data-provider');
 const { truncateText, smartTruncateText } = require('~/app/clients/prompts');
 const clearPendingReq = require('~/cache/clearPendingReq');
 const { sendError } = require('~/server/middleware/error');
@@ -11,10 +11,6 @@ const { abortRun } = require('./abortRun');
 
 const abortDataMap = new WeakMap();
 
-/**
- * @param {string} abortKey
- * @returns {boolean}
- */
 function cleanupAbortController(abortKey) {
   if (!abortControllers.has(abortKey)) {
     return false;
@@ -75,20 +71,6 @@ function cleanupAbortController(abortKey) {
   return true;
 }
 
-/**
- * @param {string} abortKey
- * @returns {function(): void}
- */
-function createCleanUpHandler(abortKey) {
-  return function () {
-    try {
-      cleanupAbortController(abortKey);
-    } catch {
-      // Ignore cleanup errors
-    }
-  };
-}
-
 async function abortMessage(req, res) {
   let { abortKey, endpoint } = req.body;
 
@@ -190,15 +172,11 @@ const createAbortController = (req, res, getAbortData, getReqData) => {
   /**
    * @param {TMessage} userMessage
    * @param {string} responseMessageId
-   * @param {boolean} [isNewConvo]
    */
-  const onStart = (userMessage, responseMessageId, isNewConvo) => {
+  const onStart = (userMessage, responseMessageId) => {
     sendEvent(res, { message: userMessage, created: true });
 
-    const prelimAbortKey = userMessage?.conversationId ?? req.user.id;
-    const abortKey = isNewConvo
-      ? `${prelimAbortKey}${Constants.COMMON_DIVIDER}${Constants.NEW_CONVO}`
-      : prelimAbortKey;
+    const abortKey = userMessage?.conversationId ?? req.user.id;
     getReqData({ abortKey });
     const prevRequest = abortControllers.get(abortKey);
     const { overrideUserMessageId } = req?.body ?? {};
@@ -216,7 +194,16 @@ const createAbortController = (req, res, getAbortData, getReqData) => {
       };
 
       abortControllers.set(addedAbortKey, { abortController, ...minimalOptions });
-      const cleanupHandler = createCleanUpHandler(addedAbortKey);
+
+      // Use a simple function for cleanup to avoid capturing context
+      const cleanupHandler = () => {
+        try {
+          cleanupAbortController(addedAbortKey);
+        } catch (e) {
+          // Ignore cleanup errors
+        }
+      };
+
       res.on('finish', cleanupHandler);
       return;
     }
@@ -229,7 +216,16 @@ const createAbortController = (req, res, getAbortData, getReqData) => {
     };
 
     abortControllers.set(abortKey, { abortController, ...minimalOptions });
-    const cleanupHandler = createCleanUpHandler(abortKey);
+
+    // Use a simple function for cleanup to avoid capturing context
+    const cleanupHandler = () => {
+      try {
+        cleanupAbortController(abortKey);
+      } catch (e) {
+        // Ignore cleanup errors
+      }
+    };
+
     res.on('finish', cleanupHandler);
   };
 
@@ -368,7 +364,15 @@ const handleAbortError = async (res, req, error, data) => {
       };
     }
 
-    const callback = createCleanUpHandler(conversationId);
+    // Create a simple callback without capturing parent scope
+    const callback = async () => {
+      try {
+        cleanupAbortController(conversationId);
+      } catch (e) {
+        // Ignore cleanup errors
+      }
+    };
+
     await sendError(req, res, options, callback);
   };
 

api/server/middleware/checkPeoplePickerAccess.js

@@ -7,8 +7,7 @@ const { logger } = require('~/config');
  * Checks specific permission based on the 'type' query parameter:
  * - type=user: requires VIEW_USERS permission
  * - type=group: requires VIEW_GROUPS permission
- * - type=role: requires VIEW_ROLES permission
- * - no type (mixed search): requires either VIEW_USERS OR VIEW_GROUPS OR VIEW_ROLES
+ * - no type (mixed search): requires either VIEW_USERS OR VIEW_GROUPS
  */
 const checkPeoplePickerAccess = async (req, res, next) => {
   try {
@@ -32,38 +31,29 @@ const checkPeoplePickerAccess = async (req, res, next) => {
     const peoplePickerPerms = role.permissions[PermissionTypes.PEOPLE_PICKER] || {};
     const canViewUsers = peoplePickerPerms[Permissions.VIEW_USERS] === true;
     const canViewGroups = peoplePickerPerms[Permissions.VIEW_GROUPS] === true;
-    const canViewRoles = peoplePickerPerms[Permissions.VIEW_ROLES] === true;
 
-    const permissionChecks = {
-      [PrincipalType.USER]: {
-        hasPermission: canViewUsers,
-        message: 'Insufficient permissions to search for users',
-      },
-      [PrincipalType.GROUP]: {
-        hasPermission: canViewGroups,
-        message: 'Insufficient permissions to search for groups',
-      },
-      [PrincipalType.ROLE]: {
-        hasPermission: canViewRoles,
-        message: 'Insufficient permissions to search for roles',
-      },
-    };
-
-    const check = permissionChecks[type];
-    if (check && !check.hasPermission) {
-      return res.status(403).json({
-        error: 'Forbidden',
-        message: check.message,
-      });
+    if (type === PrincipalType.USER) {
+      if (!canViewUsers) {
+        return res.status(403).json({
+          error: 'Forbidden',
+          message: 'Insufficient permissions to search for users',
+        });
+      }
+    } else if (type === PrincipalType.GROUP) {
+      if (!canViewGroups) {
+        return res.status(403).json({
+          error: 'Forbidden',
+          message: 'Insufficient permissions to search for groups',
+        });
+      }
+    } else {
+      if (!canViewUsers || !canViewGroups) {
+        return res.status(403).json({
+          error: 'Forbidden',
+          message: 'Insufficient permissions to search for both users and groups',
+        });
+      }
     }
-
-    if (!type && !canViewUsers && !canViewGroups && !canViewRoles) {
-      return res.status(403).json({
-        error: 'Forbidden',
-        message: 'Insufficient permissions to search for users, groups, or roles',
-      });
-    }
-
     next();
   } catch (error) {
     logger.error(

api/server/middleware/checkPeoplePickerAccess.spec.js

@@ -1,250 +0,0 @@
-const { PrincipalType, PermissionTypes, Permissions } = require('librechat-data-provider');
-const { checkPeoplePickerAccess } = require('./checkPeoplePickerAccess');
-const { getRoleByName } = require('~/models/Role');
-const { logger } = require('~/config');
-
-jest.mock('~/models/Role');
-jest.mock('~/config', () => ({
-  logger: {
-    error: jest.fn(),
-  },
-}));
-
-describe('checkPeoplePickerAccess', () => {
-  let req, res, next;
-
-  beforeEach(() => {
-    req = {
-      user: { id: 'user123', role: 'USER' },
-      query: {},
-    };
-    res = {
-      status: jest.fn().mockReturnThis(),
-      json: jest.fn(),
-    };
-    next = jest.fn();
-    jest.clearAllMocks();
-  });
-
-  it('should return 401 if user is not authenticated', async () => {
-    req.user = null;
-
-    await checkPeoplePickerAccess(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(401);
-    expect(res.json).toHaveBeenCalledWith({
-      error: 'Unauthorized',
-      message: 'Authentication required',
-    });
-    expect(next).not.toHaveBeenCalled();
-  });
-
-  it('should return 403 if role has no permissions', async () => {
-    getRoleByName.mockResolvedValue(null);
-
-    await checkPeoplePickerAccess(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(403);
-    expect(res.json).toHaveBeenCalledWith({
-      error: 'Forbidden',
-      message: 'No permissions configured for user role',
-    });
-    expect(next).not.toHaveBeenCalled();
-  });
-
-  it('should allow access when searching for users with VIEW_USERS permission', async () => {
-    req.query.type = PrincipalType.USER;
-    getRoleByName.mockResolvedValue({
-      permissions: {
-        [PermissionTypes.PEOPLE_PICKER]: {
-          [Permissions.VIEW_USERS]: true,
-          [Permissions.VIEW_GROUPS]: false,
-          [Permissions.VIEW_ROLES]: false,
-        },
-      },
-    });
-
-    await checkPeoplePickerAccess(req, res, next);
-
-    expect(next).toHaveBeenCalled();
-    expect(res.status).not.toHaveBeenCalled();
-  });
-
-  it('should deny access when searching for users without VIEW_USERS permission', async () => {
-    req.query.type = PrincipalType.USER;
-    getRoleByName.mockResolvedValue({
-      permissions: {
-        [PermissionTypes.PEOPLE_PICKER]: {
-          [Permissions.VIEW_USERS]: false,
-          [Permissions.VIEW_GROUPS]: true,
-          [Permissions.VIEW_ROLES]: true,
-        },
-      },
-    });
-
-    await checkPeoplePickerAccess(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(403);
-    expect(res.json).toHaveBeenCalledWith({
-      error: 'Forbidden',
-      message: 'Insufficient permissions to search for users',
-    });
-    expect(next).not.toHaveBeenCalled();
-  });
-
-  it('should allow access when searching for groups with VIEW_GROUPS permission', async () => {
-    req.query.type = PrincipalType.GROUP;
-    getRoleByName.mockResolvedValue({
-      permissions: {
-        [PermissionTypes.PEOPLE_PICKER]: {
-          [Permissions.VIEW_USERS]: false,
-          [Permissions.VIEW_GROUPS]: true,
-          [Permissions.VIEW_ROLES]: false,
-        },
-      },
-    });
-
-    await checkPeoplePickerAccess(req, res, next);
-
-    expect(next).toHaveBeenCalled();
-    expect(res.status).not.toHaveBeenCalled();
-  });
-
-  it('should deny access when searching for groups without VIEW_GROUPS permission', async () => {
-    req.query.type = PrincipalType.GROUP;
-    getRoleByName.mockResolvedValue({
-      permissions: {
-        [PermissionTypes.PEOPLE_PICKER]: {
-          [Permissions.VIEW_USERS]: true,
-          [Permissions.VIEW_GROUPS]: false,
-          [Permissions.VIEW_ROLES]: true,
-        },
-      },
-    });
-
-    await checkPeoplePickerAccess(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(403);
-    expect(res.json).toHaveBeenCalledWith({
-      error: 'Forbidden',
-      message: 'Insufficient permissions to search for groups',
-    });
-    expect(next).not.toHaveBeenCalled();
-  });
-
-  it('should allow access when searching for roles with VIEW_ROLES permission', async () => {
-    req.query.type = PrincipalType.ROLE;
-    getRoleByName.mockResolvedValue({
-      permissions: {
-        [PermissionTypes.PEOPLE_PICKER]: {
-          [Permissions.VIEW_USERS]: false,
-          [Permissions.VIEW_GROUPS]: false,
-          [Permissions.VIEW_ROLES]: true,
-        },
-      },
-    });
-
-    await checkPeoplePickerAccess(req, res, next);
-
-    expect(next).toHaveBeenCalled();
-    expect(res.status).not.toHaveBeenCalled();
-  });
-
-  it('should deny access when searching for roles without VIEW_ROLES permission', async () => {
-    req.query.type = PrincipalType.ROLE;
-    getRoleByName.mockResolvedValue({
-      permissions: {
-        [PermissionTypes.PEOPLE_PICKER]: {
-          [Permissions.VIEW_USERS]: true,
-          [Permissions.VIEW_GROUPS]: true,
-          [Permissions.VIEW_ROLES]: false,
-        },
-      },
-    });
-
-    await checkPeoplePickerAccess(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(403);
-    expect(res.json).toHaveBeenCalledWith({
-      error: 'Forbidden',
-      message: 'Insufficient permissions to search for roles',
-    });
-    expect(next).not.toHaveBeenCalled();
-  });
-
-  it('should allow mixed search when user has at least one permission', async () => {
-    // No type specified = mixed search
-    req.query.type = undefined;
-    getRoleByName.mockResolvedValue({
-      permissions: {
-        [PermissionTypes.PEOPLE_PICKER]: {
-          [Permissions.VIEW_USERS]: false,
-          [Permissions.VIEW_GROUPS]: false,
-          [Permissions.VIEW_ROLES]: true,
-        },
-      },
-    });
-
-    await checkPeoplePickerAccess(req, res, next);
-
-    expect(next).toHaveBeenCalled();
-    expect(res.status).not.toHaveBeenCalled();
-  });
-
-  it('should deny mixed search when user has no permissions', async () => {
-    // No type specified = mixed search
-    req.query.type = undefined;
-    getRoleByName.mockResolvedValue({
-      permissions: {
-        [PermissionTypes.PEOPLE_PICKER]: {
-          [Permissions.VIEW_USERS]: false,
-          [Permissions.VIEW_GROUPS]: false,
-          [Permissions.VIEW_ROLES]: false,
-        },
-      },
-    });
-
-    await checkPeoplePickerAccess(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(403);
-    expect(res.json).toHaveBeenCalledWith({
-      error: 'Forbidden',
-      message: 'Insufficient permissions to search for users, groups, or roles',
-    });
-    expect(next).not.toHaveBeenCalled();
-  });
-
-  it('should handle errors gracefully', async () => {
-    const error = new Error('Database error');
-    getRoleByName.mockRejectedValue(error);
-
-    await checkPeoplePickerAccess(req, res, next);
-
-    expect(logger.error).toHaveBeenCalledWith(
-      '[checkPeoplePickerAccess][user123] checkPeoplePickerAccess error for req.query.type = undefined',
-      error,
-    );
-    expect(res.status).toHaveBeenCalledWith(500);
-    expect(res.json).toHaveBeenCalledWith({
-      error: 'Internal Server Error',
-      message: 'Failed to check permissions',
-    });
-    expect(next).not.toHaveBeenCalled();
-  });
-
-  it('should handle missing permissions object gracefully', async () => {
-    req.query.type = PrincipalType.USER;
-    getRoleByName.mockResolvedValue({
-      permissions: {}, // No PEOPLE_PICKER permissions
-    });
-
-    await checkPeoplePickerAccess(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(403);
-    expect(res.json).toHaveBeenCalledWith({
-      error: 'Forbidden',
-      message: 'Insufficient permissions to search for users',
-    });
-    expect(next).not.toHaveBeenCalled();
-  });
-});

api/server/middleware/index.js

@@ -9,6 +9,7 @@ const validateEndpoint = require('./validateEndpoint');
 const requireLocalAuth = require('./requireLocalAuth');
 const canDeleteAccount = require('./canDeleteAccount');
 const accessResources = require('./accessResources');
+const setBalanceConfig = require('./setBalanceConfig');
 const requireLdapAuth = require('./requireLdapAuth');
 const abortMiddleware = require('./abortMiddleware');
 const checkInviteUser = require('./checkInviteUser');
@@ -43,6 +44,7 @@ module.exports = {
   requireLocalAuth,
   canDeleteAccount,
   validateEndpoint,
+  setBalanceConfig,
   concurrentLimiter,
   checkDomainAllowed,
   validateMessageReq,

api/server/middleware/setBalanceConfig.js

@@ -0,0 +1,91 @@
+const { logger } = require('@librechat/data-schemas');
+const { getBalanceConfig } = require('~/server/services/Config');
+const { Balance } = require('~/db/models');
+
+/**
+ * Middleware to synchronize user balance settings with current balance configuration.
+ * @function
+ * @param {Object} req - Express request object containing user information.
+ * @param {Object} res - Express response object.
+ * @param {import('express').NextFunction} next - Next middleware function.
+ */
+const setBalanceConfig = async (req, res, next) => {
+  try {
+    const balanceConfig = await getBalanceConfig();
+    if (!balanceConfig?.enabled) {
+      return next();
+    }
+    if (balanceConfig.startBalance == null) {
+      return next();
+    }
+
+    const userId = req.user._id;
+    const userBalanceRecord = await Balance.findOne({ user: userId }).lean();
+    const updateFields = buildUpdateFields(balanceConfig, userBalanceRecord);
+
+    if (Object.keys(updateFields).length === 0) {
+      return next();
+    }
+
+    await Balance.findOneAndUpdate(
+      { user: userId },
+      { $set: updateFields },
+      { upsert: true, new: true },
+    );
+
+    next();
+  } catch (error) {
+    logger.error('Error setting user balance:', error);
+    next(error);
+  }
+};
+
+/**
+ * Build an object containing fields that need updating
+ * @param {Object} config - The balance configuration
+ * @param {Object|null} userRecord - The user's current balance record, if any
+ * @returns {Object} Fields that need updating
+ */
+function buildUpdateFields(config, userRecord) {
+  const updateFields = {};
+
+  // Ensure user record has the required fields
+  if (!userRecord) {
+    updateFields.user = userRecord?.user;
+    updateFields.tokenCredits = config.startBalance;
+  }
+
+  if (userRecord?.tokenCredits == null && config.startBalance != null) {
+    updateFields.tokenCredits = config.startBalance;
+  }
+
+  const isAutoRefillConfigValid =
+    config.autoRefillEnabled &&
+    config.refillIntervalValue != null &&
+    config.refillIntervalUnit != null &&
+    config.refillAmount != null;
+
+  if (!isAutoRefillConfigValid) {
+    return updateFields;
+  }
+
+  if (userRecord?.autoRefillEnabled !== config.autoRefillEnabled) {
+    updateFields.autoRefillEnabled = config.autoRefillEnabled;
+  }
+
+  if (userRecord?.refillIntervalValue !== config.refillIntervalValue) {
+    updateFields.refillIntervalValue = config.refillIntervalValue;
+  }
+
+  if (userRecord?.refillIntervalUnit !== config.refillIntervalUnit) {
+    updateFields.refillIntervalUnit = config.refillIntervalUnit;
+  }
+
+  if (userRecord?.refillAmount !== config.refillAmount) {
+    updateFields.refillAmount = config.refillAmount;
+  }
+
+  return updateFields;
+}
+
+module.exports = setBalanceConfig;

api/server/middleware/validateModel.js

@@ -33,7 +33,7 @@ const validateModel = async (req, res, next) => {
     return next();
   }
 
-  const { ILLEGAL_MODEL_REQ_SCORE: score = 1 } = process.env ?? {};
+  const { ILLEGAL_MODEL_REQ_SCORE: score = 5 } = process.env ?? {};
 
   const type = ViolationTypes.ILLEGAL_MODEL_REQUEST;
   const errorMessage = {

api/server/routes/__tests__/mcp.spec.js

@@ -4,14 +4,12 @@ const mongoose = require('mongoose');
 const { MongoMemoryServer } = require('mongodb-memory-server');
 
 jest.mock('@librechat/api', () => ({
-  ...jest.requireActual('@librechat/api'),
   MCPOAuthHandler: {
     initiateOAuthFlow: jest.fn(),
     getFlowState: jest.fn(),
     completeOAuthFlow: jest.fn(),
     generateFlowId: jest.fn(),
   },
-  getUserMCPAuthMap: jest.fn(),
 }));
 
 jest.mock('@librechat/data-schemas', () => ({
@@ -38,7 +36,6 @@ jest.mock('~/models', () => ({
   updateToken: jest.fn(),
   createToken: jest.fn(),
   deleteTokens: jest.fn(),
-  findPluginAuthsByKeys: jest.fn(),
 }));
 
 jest.mock('~/server/services/Config', () => ({
@@ -47,10 +44,6 @@ jest.mock('~/server/services/Config', () => ({
   loadCustomConfig: jest.fn(),
 }));
 
-jest.mock('~/server/services/Config/mcpToolsCache', () => ({
-  updateMCPUserTools: jest.fn(),
-}));
-
 jest.mock('~/server/services/MCP', () => ({
   getMCPSetupData: jest.fn(),
   getServerConnectionStatus: jest.fn(),
@@ -73,10 +66,6 @@ jest.mock('~/server/middleware', () => ({
   requireJwtAuth: (req, res, next) => next(),
 }));
 
-jest.mock('~/server/services/Tools/mcp', () => ({
-  reinitMCPServer: jest.fn(),
-}));
-
 describe('MCP Routes', () => {
   let app;
   let mongoServer;
@@ -505,9 +494,12 @@ describe('MCP Routes', () => {
     });
 
     it('should return 500 when token retrieval throws an unexpected error', async () => {
-      getLogStores.mockImplementation(() => {
-        throw new Error('Database connection failed');
-      });
+      const mockFlowManager = {
+        getFlowState: jest.fn().mockRejectedValue(new Error('Database connection failed')),
+      };
+
+      getLogStores.mockReturnValue({});
+      require('~/config').getFlowStateManager.mockReturnValue(mockFlowManager);
 
       const response = await request(app).get('/api/mcp/oauth/tokens/test-user-id:error-flow');
 
@@ -571,8 +563,8 @@ describe('MCP Routes', () => {
   });
 
   describe('POST /oauth/cancel/:serverName', () => {
-    const { MCPOAuthHandler } = require('@librechat/api');
     const { getLogStores } = require('~/cache');
+    const { MCPOAuthHandler } = require('@librechat/api');
 
     it('should cancel OAuth flow successfully', async () => {
       const mockFlowManager = {
@@ -652,15 +644,15 @@ describe('MCP Routes', () => {
   });
 
   describe('POST /:serverName/reinitialize', () => {
-    it('should return 404 when server is not found in configuration', async () => {
-      const mockMcpManager = {
-        getRawConfig: jest.fn().mockReturnValue(null),
-        disconnectUserConnection: jest.fn().mockResolvedValue(),
-      };
+    const { loadCustomConfig } = require('~/server/services/Config');
+    const { getUserPluginAuthValue } = require('~/server/services/PluginService');
 
-      require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
-      require('~/config').getFlowStateManager.mockReturnValue({});
-      require('~/cache').getLogStores.mockReturnValue({});
+    it('should return 404 when server is not found in configuration', async () => {
+      loadCustomConfig.mockResolvedValue({
+        mcpServers: {
+          'other-server': {},
+        },
+      });
 
       const response = await request(app).post('/api/mcp/non-existent-server/reinitialize');
 
@@ -671,11 +663,16 @@ describe('MCP Routes', () => {
     });
 
     it('should handle OAuth requirement during reinitialize', async () => {
+      loadCustomConfig.mockResolvedValue({
+        mcpServers: {
+          'oauth-server': {
+            customUserVars: {},
+          },
+        },
+      });
+
       const mockMcpManager = {
-        getRawConfig: jest.fn().mockReturnValue({
-          customUserVars: {},
-        }),
-        disconnectUserConnection: jest.fn().mockResolvedValue(),
+        disconnectServer: jest.fn().mockResolvedValue(),
         mcpConfigs: {},
         getUserConnection: jest.fn().mockImplementation(async ({ oauthStart }) => {
           if (oauthStart) {
@@ -688,19 +685,12 @@ describe('MCP Routes', () => {
       require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
       require('~/config').getFlowStateManager.mockReturnValue({});
       require('~/cache').getLogStores.mockReturnValue({});
-      require('~/server/services/Tools/mcp').reinitMCPServer.mockResolvedValue({
-        success: true,
-        message: "MCP server 'oauth-server' ready for OAuth authentication",
-        serverName: 'oauth-server',
-        oauthRequired: true,
-        oauthUrl: 'https://oauth.example.com/auth',
-      });
 
       const response = await request(app).post('/api/mcp/oauth-server/reinitialize');
 
       expect(response.status).toBe(200);
       expect(response.body).toEqual({
-        success: true,
+        success: 'https://oauth.example.com/auth',
         message: "MCP server 'oauth-server' ready for OAuth authentication",
         serverName: 'oauth-server',
         oauthRequired: true,
@@ -709,9 +699,14 @@ describe('MCP Routes', () => {
     });
 
     it('should return 500 when reinitialize fails with non-OAuth error', async () => {
+      loadCustomConfig.mockResolvedValue({
+        mcpServers: {
+          'error-server': {},
+        },
+      });
+
       const mockMcpManager = {
-        getRawConfig: jest.fn().mockReturnValue({}),
-        disconnectUserConnection: jest.fn().mockResolvedValue(),
+        disconnectServer: jest.fn().mockResolvedValue(),
         mcpConfigs: {},
         getUserConnection: jest.fn().mockRejectedValue(new Error('Connection failed')),
       };
@@ -719,7 +714,6 @@ describe('MCP Routes', () => {
       require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
       require('~/config').getFlowStateManager.mockReturnValue({});
       require('~/cache').getLogStores.mockReturnValue({});
-      require('~/server/services/Tools/mcp').reinitMCPServer.mockResolvedValue(null);
 
       const response = await request(app).post('/api/mcp/error-server/reinitialize');
 
@@ -730,13 +724,7 @@ describe('MCP Routes', () => {
     });
 
     it('should return 500 when unexpected error occurs', async () => {
-      const mockMcpManager = {
-        getRawConfig: jest.fn().mockImplementation(() => {
-          throw new Error('Config loading failed');
-        }),
-      };
-
-      require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
+      loadCustomConfig.mockRejectedValue(new Error('Config loading failed'));
 
       const response = await request(app).post('/api/mcp/test-server/reinitialize');
 
@@ -759,105 +747,75 @@ describe('MCP Routes', () => {
       expect(response.body).toEqual({ error: 'User not authenticated' });
     });
 
-    it('should successfully reinitialize server and cache tools', async () => {
-      const mockUserConnection = {
-        fetchTools: jest.fn().mockResolvedValue([
-          { name: 'tool1', description: 'Test tool 1', inputSchema: { type: 'object' } },
-          { name: 'tool2', description: 'Test tool 2', inputSchema: { type: 'object' } },
-        ]),
-      };
-
-      const mockMcpManager = {
-        getRawConfig: jest.fn().mockReturnValue({ endpoint: 'http://test-server.com' }),
-        disconnectUserConnection: jest.fn().mockResolvedValue(),
-        getUserConnection: jest.fn().mockResolvedValue(mockUserConnection),
-      };
-
-      require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
-      require('~/config').getFlowStateManager.mockReturnValue({});
-      require('~/cache').getLogStores.mockReturnValue({});
-
-      const { getCachedTools, setCachedTools } = require('~/server/services/Config');
-      const { updateMCPUserTools } = require('~/server/services/Config/mcpToolsCache');
-      getCachedTools.mockResolvedValue({});
-      setCachedTools.mockResolvedValue();
-      updateMCPUserTools.mockResolvedValue();
-
-      require('~/server/services/Tools/mcp').reinitMCPServer.mockResolvedValue({
-        success: true,
-        message: "MCP server 'test-server' reinitialized successfully",
-        serverName: 'test-server',
-        oauthRequired: false,
-        oauthUrl: null,
+    it('should handle errors when fetching custom user variables', async () => {
+      loadCustomConfig.mockResolvedValue({
+        mcpServers: {
+          'test-server': {
+            customUserVars: {
+              API_KEY: 'test-key-var',
+              SECRET_TOKEN: 'test-secret-var',
+            },
+          },
+        },
       });
 
-      const response = await request(app).post('/api/mcp/test-server/reinitialize');
+      getUserPluginAuthValue
+        .mockResolvedValueOnce('test-api-key-value')
+        .mockRejectedValueOnce(new Error('Database error'));
 
-      expect(response.status).toBe(200);
-      expect(response.body).toEqual({
-        success: true,
-        message: "MCP server 'test-server' reinitialized successfully",
-        serverName: 'test-server',
-        oauthRequired: false,
-        oauthUrl: null,
-      });
-      expect(mockMcpManager.disconnectUserConnection).toHaveBeenCalledWith(
-        'test-user-id',
-        'test-server',
-      );
-    });
-
-    it('should handle server with custom user variables', async () => {
       const mockUserConnection = {
         fetchTools: jest.fn().mockResolvedValue([]),
       };
 
       const mockMcpManager = {
-        getRawConfig: jest.fn().mockReturnValue({
-          endpoint: 'http://test-server.com',
-          customUserVars: {
-            API_KEY: 'some-env-var',
-          },
-        }),
-        disconnectUserConnection: jest.fn().mockResolvedValue(),
+        disconnectServer: jest.fn().mockResolvedValue(),
+        mcpConfigs: {},
         getUserConnection: jest.fn().mockResolvedValue(mockUserConnection),
       };
 
       require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
       require('~/config').getFlowStateManager.mockReturnValue({});
       require('~/cache').getLogStores.mockReturnValue({});
-      require('@librechat/api').getUserMCPAuthMap.mockResolvedValue({
-        'mcp:test-server': {
-          API_KEY: 'api-key-value',
-        },
-      });
-      require('~/models').findPluginAuthsByKeys.mockResolvedValue([
-        { key: 'API_KEY', value: 'api-key-value' },
-      ]);
 
       const { getCachedTools, setCachedTools } = require('~/server/services/Config');
-      const { updateMCPUserTools } = require('~/server/services/Config/mcpToolsCache');
       getCachedTools.mockResolvedValue({});
       setCachedTools.mockResolvedValue();
-      updateMCPUserTools.mockResolvedValue();
-
-      require('~/server/services/Tools/mcp').reinitMCPServer.mockResolvedValue({
-        success: true,
-        message: "MCP server 'test-server' reinitialized successfully",
-        serverName: 'test-server',
-        oauthRequired: false,
-        oauthUrl: null,
-      });
 
       const response = await request(app).post('/api/mcp/test-server/reinitialize');
 
       expect(response.status).toBe(200);
       expect(response.body.success).toBe(true);
-      expect(require('@librechat/api').getUserMCPAuthMap).toHaveBeenCalledWith({
-        userId: 'test-user-id',
-        servers: ['test-server'],
-        findPluginAuthsByKeys: require('~/models').findPluginAuthsByKeys,
+    });
+
+    it('should return failure message when reinitialize completely fails', async () => {
+      loadCustomConfig.mockResolvedValue({
+        mcpServers: {
+          'test-server': {},
+        },
       });
+
+      const mockMcpManager = {
+        disconnectServer: jest.fn().mockResolvedValue(),
+        mcpConfigs: {},
+        getUserConnection: jest.fn().mockResolvedValue(null),
+      };
+
+      require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
+      require('~/config').getFlowStateManager.mockReturnValue({});
+      require('~/cache').getLogStores.mockReturnValue({});
+
+      const { getCachedTools, setCachedTools } = require('~/server/services/Config');
+      const { Constants } = require('librechat-data-provider');
+      getCachedTools.mockResolvedValue({
+        [`existing-tool${Constants.mcp_delimiter}test-server`]: { type: 'function' },
+      });
+      setCachedTools.mockResolvedValue();
+
+      const response = await request(app).post('/api/mcp/test-server/reinitialize');
+
+      expect(response.status).toBe(200);
+      expect(response.body.success).toBe(false);
+      expect(response.body.message).toBe("Failed to reinitialize MCP server 'test-server'");
     });
   });
 
@@ -1026,19 +984,21 @@ describe('MCP Routes', () => {
   });
 
   describe('GET /:serverName/auth-values', () => {
+    const { loadCustomConfig } = require('~/server/services/Config');
     const { getUserPluginAuthValue } = require('~/server/services/PluginService');
 
     it('should return auth value flags for server', async () => {
-      const mockMcpManager = {
-        getRawConfig: jest.fn().mockReturnValue({
-          customUserVars: {
-            API_KEY: 'some-env-var',
-            SECRET_TOKEN: 'another-env-var',
+      loadCustomConfig.mockResolvedValue({
+        mcpServers: {
+          'test-server': {
+            customUserVars: {
+              API_KEY: 'some-env-var',
+              SECRET_TOKEN: 'another-env-var',
+            },
           },
-        }),
-      };
+        },
+      });
 
-      require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
       getUserPluginAuthValue.mockResolvedValueOnce('some-api-key-value').mockResolvedValueOnce('');
 
       const response = await request(app).get('/api/mcp/test-server/auth-values');
@@ -1057,11 +1017,11 @@ describe('MCP Routes', () => {
     });
 
     it('should return 404 when server is not found in configuration', async () => {
-      const mockMcpManager = {
-        getRawConfig: jest.fn().mockReturnValue(null),
-      };
-
-      require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
+      loadCustomConfig.mockResolvedValue({
+        mcpServers: {
+          'other-server': {},
+        },
+      });
 
       const response = await request(app).get('/api/mcp/non-existent-server/auth-values');
 
@@ -1072,15 +1032,16 @@ describe('MCP Routes', () => {
     });
 
     it('should handle errors when checking auth values', async () => {
-      const mockMcpManager = {
-        getRawConfig: jest.fn().mockReturnValue({
-          customUserVars: {
-            API_KEY: 'some-env-var',
+      loadCustomConfig.mockResolvedValue({
+        mcpServers: {
+          'test-server': {
+            customUserVars: {
+              API_KEY: 'some-env-var',
+            },
           },
-        }),
-      };
+        },
+      });
 
-      require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
       getUserPluginAuthValue.mockRejectedValue(new Error('Database error'));
 
       const response = await request(app).get('/api/mcp/test-server/auth-values');
@@ -1096,13 +1057,7 @@ describe('MCP Routes', () => {
     });
 
     it('should return 500 when auth values check throws unexpected error', async () => {
-      const mockMcpManager = {
-        getRawConfig: jest.fn().mockImplementation(() => {
-          throw new Error('Config loading failed');
-        }),
-      };
-
-      require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
+      loadCustomConfig.mockRejectedValue(new Error('Config loading failed'));
 
       const response = await request(app).get('/api/mcp/test-server/auth-values');
 
@@ -1111,13 +1066,14 @@ describe('MCP Routes', () => {
     });
 
     it('should handle customUserVars that is not an object', async () => {
-      const mockMcpManager = {
-        getRawConfig: jest.fn().mockReturnValue({
-          customUserVars: 'not-an-object',
-        }),
-      };
-
-      require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
+      const { loadCustomConfig } = require('~/server/services/Config');
+      loadCustomConfig.mockResolvedValue({
+        mcpServers: {
+          'test-server': {
+            customUserVars: 'not-an-object',
+          },
+        },
+      });
 
       const response = await request(app).get('/api/mcp/test-server/auth-values');
 
@@ -1141,6 +1097,98 @@ describe('MCP Routes', () => {
     });
   });
 
+  describe('POST /:serverName/reinitialize - Tool Deletion Coverage', () => {
+    it('should handle null cached tools during reinitialize (triggers || {} fallback)', async () => {
+      const { loadCustomConfig, getCachedTools } = require('~/server/services/Config');
+
+      const mockUserConnection = {
+        fetchTools: jest.fn().mockResolvedValue([{ name: 'new-tool', description: 'A new tool' }]),
+      };
+
+      const mockMcpManager = {
+        getUserConnection: jest.fn().mockResolvedValue(mockUserConnection),
+        disconnectServer: jest.fn(),
+        initializeServer: jest.fn(),
+        mcpConfigs: {},
+      };
+      require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
+
+      loadCustomConfig.mockResolvedValue({
+        mcpServers: {
+          'test-server': { env: { API_KEY: 'test-key' } },
+        },
+      });
+
+      getCachedTools.mockResolvedValue(null);
+
+      const response = await request(app).post('/api/mcp/test-server/reinitialize').expect(200);
+
+      expect(response.body).toEqual({
+        message: "MCP server 'test-server' reinitialized successfully",
+        success: true,
+        oauthRequired: false,
+        oauthUrl: null,
+        serverName: 'test-server',
+      });
+    });
+
+    it('should delete existing cached tools during successful reinitialize', async () => {
+      const {
+        loadCustomConfig,
+        getCachedTools,
+        setCachedTools,
+      } = require('~/server/services/Config');
+
+      const mockUserConnection = {
+        fetchTools: jest.fn().mockResolvedValue([{ name: 'new-tool', description: 'A new tool' }]),
+      };
+
+      const mockMcpManager = {
+        getUserConnection: jest.fn().mockResolvedValue(mockUserConnection),
+        disconnectServer: jest.fn(),
+        initializeServer: jest.fn(),
+        mcpConfigs: {},
+      };
+      require('~/config').getMCPManager.mockReturnValue(mockMcpManager);
+
+      loadCustomConfig.mockResolvedValue({
+        mcpServers: {
+          'test-server': { env: { API_KEY: 'test-key' } },
+        },
+      });
+
+      const existingTools = {
+        'old-tool_mcp_test-server': { type: 'function' },
+        'other-tool_mcp_other-server': { type: 'function' },
+      };
+      getCachedTools.mockResolvedValue(existingTools);
+
+      const response = await request(app).post('/api/mcp/test-server/reinitialize').expect(200);
+
+      expect(response.body).toEqual({
+        message: "MCP server 'test-server' reinitialized successfully",
+        success: true,
+        oauthRequired: false,
+        oauthUrl: null,
+        serverName: 'test-server',
+      });
+
+      expect(setCachedTools).toHaveBeenCalledWith(
+        expect.objectContaining({
+          'new-tool_mcp_test-server': expect.any(Object),
+          'other-tool_mcp_other-server': { type: 'function' },
+        }),
+        { userId: 'test-user-id' },
+      );
+      expect(setCachedTools).toHaveBeenCalledWith(
+        expect.not.objectContaining({
+          'old-tool_mcp_test-server': expect.anything(),
+        }),
+        { userId: 'test-user-id' },
+      );
+    });
+  });
+
   describe('GET /:serverName/oauth/callback - Edge Cases', () => {
     it('should handle OAuth callback without toolFlowId (falsy toolFlowId)', async () => {
       const { MCPOAuthHandler } = require('@librechat/api');

api/server/routes/agents/v1.js

@@ -46,7 +46,7 @@ router.use('/tools', tools);
 
 /**
  * Get all agent categories with counts
- * @route GET /agents/categories
+ * @route GET /agents/marketplace/categories
  */
 router.get('/categories', v1.getAgentCategories);
 /**

api/server/routes/auth.js

@@ -1,75 +1,75 @@
 const express = require('express');
-const { createSetBalanceConfig } = require('@librechat/api');
 const {
-  resetPasswordRequestController,
-  resetPasswordController,
-  registrationController,
-  graphTokenController,
   refreshController,
+  registrationController,
+  resetPasswordController,
+  resetPasswordRequestController,
+  graphTokenController,
 } = require('~/server/controllers/AuthController');
+const { loginController } = require('~/server/controllers/auth/LoginController');
+const { logoutController } = require('~/server/controllers/auth/LogoutController');
+const { verify2FAWithTempToken } = require('~/server/controllers/auth/TwoFactorAuthController');
 const {
-  regenerateBackupCodes,
-  disable2FA,
-  confirm2FA,
   enable2FA,
   verify2FA,
+  disable2FA,
+  regenerateBackupCodes,
+  confirm2FA,
 } = require('~/server/controllers/TwoFactorController');
-const { verify2FAWithTempToken } = require('~/server/controllers/auth/TwoFactorAuthController');
-const { logoutController } = require('~/server/controllers/auth/LogoutController');
-const { loginController } = require('~/server/controllers/auth/LoginController');
-const { getBalanceConfig } = require('~/server/services/Config');
-const middleware = require('~/server/middleware');
-const { Balance } = require('~/db/models');
-
-const setBalanceConfig = createSetBalanceConfig({
-  getBalanceConfig,
-  Balance,
-});
+const {
+  checkBan,
+  logHeaders,
+  loginLimiter,
+  requireJwtAuth,
+  checkInviteUser,
+  registerLimiter,
+  requireLdapAuth,
+  setBalanceConfig,
+  requireLocalAuth,
+  resetPasswordLimiter,
+  validateRegistration,
+  validatePasswordReset,
+} = require('~/server/middleware');
 
 const router = express.Router();
 
 const ldapAuth = !!process.env.LDAP_URL && !!process.env.LDAP_USER_SEARCH_BASE;
 //Local
-router.post('/logout', middleware.requireJwtAuth, logoutController);
+router.post('/logout', requireJwtAuth, logoutController);
 router.post(
   '/login',
-  middleware.logHeaders,
-  middleware.loginLimiter,
-  middleware.checkBan,
-  ldapAuth ? middleware.requireLdapAuth : middleware.requireLocalAuth,
+  logHeaders,
+  loginLimiter,
+  checkBan,
+  ldapAuth ? requireLdapAuth : requireLocalAuth,
   setBalanceConfig,
   loginController,
 );
 router.post('/refresh', refreshController);
 router.post(
   '/register',
-  middleware.registerLimiter,
-  middleware.checkBan,
-  middleware.checkInviteUser,
-  middleware.validateRegistration,
+  registerLimiter,
+  checkBan,
+  checkInviteUser,
+  validateRegistration,
   registrationController,
 );
 router.post(
   '/requestPasswordReset',
-  middleware.resetPasswordLimiter,
-  middleware.checkBan,
-  middleware.validatePasswordReset,
+  resetPasswordLimiter,
+  checkBan,
+  validatePasswordReset,
   resetPasswordRequestController,
 );
-router.post(
-  '/resetPassword',
-  middleware.checkBan,
-  middleware.validatePasswordReset,
-  resetPasswordController,
-);
+router.post('/resetPassword', checkBan, validatePasswordReset, resetPasswordController);
 
-router.get('/2fa/enable', middleware.requireJwtAuth, enable2FA);
-router.post('/2fa/verify', middleware.requireJwtAuth, verify2FA);
-router.post('/2fa/verify-temp', middleware.checkBan, verify2FAWithTempToken);
-router.post('/2fa/confirm', middleware.requireJwtAuth, confirm2FA);
-router.post('/2fa/disable', middleware.requireJwtAuth, disable2FA);
-router.post('/2fa/backup/regenerate', middleware.requireJwtAuth, regenerateBackupCodes);
+router.get('/2fa/enable', requireJwtAuth, enable2FA);
+router.post('/2fa/verify', requireJwtAuth, verify2FA);
+router.post('/2fa/verify-temp', checkBan, verify2FAWithTempToken);
+router.post('/2fa/confirm', requireJwtAuth, confirm2FA);
+router.post('/2fa/disable', requireJwtAuth, disable2FA);
+router.post('/2fa/backup/regenerate', requireJwtAuth, regenerateBackupCodes);
 
-router.get('/graph-token', middleware.requireJwtAuth, graphTokenController);
+router.get('/graph-token', requireJwtAuth, graphTokenController);
 
 module.exports = router;

api/server/routes/config.js

@@ -111,20 +111,17 @@ router.get('/', async function (req, res) {
     payload.mcpServers = {};
     const config = await getCustomConfig();
     if (config?.mcpServers != null) {
-      try {
-        const mcpManager = getMCPManager();
-        const oauthServers = mcpManager.getOAuthServers();
-        for (const serverName in config.mcpServers) {
-          const serverConfig = config.mcpServers[serverName];
-          payload.mcpServers[serverName] = {
-            startup: serverConfig?.startup,
-            chatMenu: serverConfig?.chatMenu,
-            isOAuth: oauthServers?.has(serverName),
-            customUserVars: serverConfig?.customUserVars || {},
-          };
-        }
-      } catch (err) {
-        logger.error('Error loading MCP servers', err);
+      const mcpManager = getMCPManager();
+      const oauthServers = mcpManager.getOAuthServers();
+
+      for (const serverName in config.mcpServers) {
+        const serverConfig = config.mcpServers[serverName];
+        payload.mcpServers[serverName] = {
+          customUserVars: serverConfig?.customUserVars || {},
+          chatMenu: serverConfig?.chatMenu,
+          isOAuth: oauthServers.has(serverName),
+          startup: serverConfig?.startup,
+        };
       }
     }
 

api/server/routes/files/files.js

@@ -397,15 +397,13 @@ router.post('/', async (req, res) => {
       logger.error('[/files] Error deleting file:', error);
     }
     res.status(500).json({ message });
-  } finally {
-    if (cleanup) {
-      try {
-        await fs.unlink(req.file.path);
-      } catch (error) {
-        logger.error('[/files] Error deleting file after file processing:', error);
-      }
-    } else {
-      logger.debug('[/files] File processing completed without cleanup');
+  }
+
+  if (cleanup) {
+    try {
+      await fs.unlink(req.file.path);
+    } catch (error) {
+      logger.error('[/files] Error deleting file after file processing:', error);
     }
   }
 });

api/server/routes/mcp.js

@@ -1,15 +1,13 @@
 const { Router } = require('express');
 const { logger } = require('@librechat/data-schemas');
-const { MCPOAuthHandler, getUserMCPAuthMap } = require('@librechat/api');
-const { getMCPSetupData, getServerConnectionStatus } = require('~/server/services/MCP');
-const { findToken, updateToken, createToken, deleteTokens } = require('~/models');
-const { updateMCPUserTools } = require('~/server/services/Config/mcpToolsCache');
-const { getUserPluginAuthValue } = require('~/server/services/PluginService');
+const { MCPOAuthHandler } = require('@librechat/api');
 const { CacheKeys, Constants } = require('librechat-data-provider');
+const { findToken, updateToken, createToken, deleteTokens } = require('~/models');
+const { setCachedTools, getCachedTools, loadCustomConfig } = require('~/server/services/Config');
+const { getMCPSetupData, getServerConnectionStatus } = require('~/server/services/MCP');
+const { getUserPluginAuthValue } = require('~/server/services/PluginService');
 const { getMCPManager, getFlowStateManager } = require('~/config');
-const { reinitMCPServer } = require('~/server/services/Tools/mcp');
 const { requireJwtAuth } = require('~/server/middleware');
-const { findPluginAuthsByKeys } = require('~/models');
 const { getLogStores } = require('~/cache');
 
 const router = Router();
@@ -144,12 +142,33 @@ router.get('/:serverName/oauth/callback', async (req, res) => {
           `[MCP OAuth] Successfully reconnected ${serverName} for user ${flowState.userId}`,
         );
 
+        const userTools = (await getCachedTools({ userId: flowState.userId })) || {};
+
+        const mcpDelimiter = Constants.mcp_delimiter;
+        for (const key of Object.keys(userTools)) {
+          if (key.endsWith(`${mcpDelimiter}${serverName}`)) {
+            delete userTools[key];
+          }
+        }
+
         const tools = await userConnection.fetchTools();
-        await updateMCPUserTools({
-          userId: flowState.userId,
-          serverName,
-          tools,
-        });
+        for (const tool of tools) {
+          const name = `${tool.name}${Constants.mcp_delimiter}${serverName}`;
+          userTools[name] = {
+            type: 'function',
+            ['function']: {
+              name,
+              description: tool.description,
+              parameters: tool.inputSchema,
+            },
+          };
+        }
+
+        await setCachedTools(userTools, { userId: flowState.userId });
+
+        logger.debug(
+          `[MCP OAuth] Cached ${tools.length} tools for ${serverName} user ${flowState.userId}`,
+        );
       } else {
         logger.debug(`[MCP OAuth] System-level OAuth completed for ${serverName}`);
       }
@@ -296,47 +315,133 @@ router.post('/:serverName/reinitialize', requireJwtAuth, async (req, res) => {
 
     logger.info(`[MCP Reinitialize] Reinitializing server: ${serverName}`);
 
-    const mcpManager = getMCPManager();
-    const serverConfig = mcpManager.getRawConfig(serverName);
-    if (!serverConfig) {
+    const printConfig = false;
+    const config = await loadCustomConfig(printConfig);
+    if (!config || !config.mcpServers || !config.mcpServers[serverName]) {
       return res.status(404).json({
         error: `MCP server '${serverName}' not found in configuration`,
       });
     }
 
-    await mcpManager.disconnectUserConnection(user.id, serverName);
-    logger.info(
-      `[MCP Reinitialize] Disconnected existing user connection for server: ${serverName}`,
+    const flowsCache = getLogStores(CacheKeys.FLOWS);
+    const flowManager = getFlowStateManager(flowsCache);
+    const mcpManager = getMCPManager();
+
+    await mcpManager.disconnectServer(serverName);
+    logger.info(`[MCP Reinitialize] Disconnected existing server: ${serverName}`);
+
+    const serverConfig = config.mcpServers[serverName];
+    mcpManager.mcpConfigs[serverName] = serverConfig;
+    let customUserVars = {};
+    if (serverConfig.customUserVars && typeof serverConfig.customUserVars === 'object') {
+      for (const varName of Object.keys(serverConfig.customUserVars)) {
+        try {
+          const value = await getUserPluginAuthValue(user.id, varName, false);
+          customUserVars[varName] = value;
+        } catch (err) {
+          logger.error(`[MCP Reinitialize] Error fetching ${varName} for user ${user.id}:`, err);
+        }
+      }
+    }
+
+    let userConnection = null;
+    let oauthRequired = false;
+    let oauthUrl = null;
+
+    try {
+      userConnection = await mcpManager.getUserConnection({
+        user,
+        serverName,
+        flowManager,
+        customUserVars,
+        tokenMethods: {
+          findToken,
+          updateToken,
+          createToken,
+          deleteTokens,
+        },
+        returnOnOAuth: true,
+        oauthStart: async (authURL) => {
+          logger.info(`[MCP Reinitialize] OAuth URL received: ${authURL}`);
+          oauthUrl = authURL;
+          oauthRequired = true;
+        },
+      });
+
+      logger.info(`[MCP Reinitialize] Successfully established connection for ${serverName}`);
+    } catch (err) {
+      logger.info(`[MCP Reinitialize] getUserConnection threw error: ${err.message}`);
+      logger.info(
+        `[MCP Reinitialize] OAuth state - oauthRequired: ${oauthRequired}, oauthUrl: ${oauthUrl ? 'present' : 'null'}`,
+      );
+
+      const isOAuthError =
+        err.message?.includes('OAuth') ||
+        err.message?.includes('authentication') ||
+        err.message?.includes('401');
+
+      const isOAuthFlowInitiated = err.message === 'OAuth flow initiated - return early';
+
+      if (isOAuthError || oauthRequired || isOAuthFlowInitiated) {
+        logger.info(
+          `[MCP Reinitialize] OAuth required for ${serverName} (isOAuthError: ${isOAuthError}, oauthRequired: ${oauthRequired}, isOAuthFlowInitiated: ${isOAuthFlowInitiated})`,
+        );
+        oauthRequired = true;
+      } else {
+        logger.error(
+          `[MCP Reinitialize] Error initializing MCP server ${serverName} for user:`,
+          err,
+        );
+        return res.status(500).json({ error: 'Failed to reinitialize MCP server for user' });
+      }
+    }
+
+    if (userConnection && !oauthRequired) {
+      const userTools = (await getCachedTools({ userId: user.id })) || {};
+
+      const mcpDelimiter = Constants.mcp_delimiter;
+      for (const key of Object.keys(userTools)) {
+        if (key.endsWith(`${mcpDelimiter}${serverName}`)) {
+          delete userTools[key];
+        }
+      }
+
+      const tools = await userConnection.fetchTools();
+      for (const tool of tools) {
+        const name = `${tool.name}${Constants.mcp_delimiter}${serverName}`;
+        userTools[name] = {
+          type: 'function',
+          ['function']: {
+            name,
+            description: tool.description,
+            parameters: tool.inputSchema,
+          },
+        };
+      }
+
+      await setCachedTools(userTools, { userId: user.id });
+    }
+
+    logger.debug(
+      `[MCP Reinitialize] Sending response for ${serverName} - oauthRequired: ${oauthRequired}, oauthUrl: ${oauthUrl ? 'present' : 'null'}`,
     );
 
-    /** @type {Record<string, Record<string, string>> | undefined} */
-    let userMCPAuthMap;
-    if (serverConfig.customUserVars && typeof serverConfig.customUserVars === 'object') {
-      userMCPAuthMap = await getUserMCPAuthMap({
-        userId: user.id,
-        servers: [serverName],
-        findPluginAuthsByKeys,
-      });
-    }
-
-    const result = await reinitMCPServer({
-      req,
-      serverName,
-      userMCPAuthMap,
-    });
-
-    if (!result) {
-      return res.status(500).json({ error: 'Failed to reinitialize MCP server for user' });
-    }
-
-    const { success, message, oauthRequired, oauthUrl } = result;
+    const getResponseMessage = () => {
+      if (oauthRequired) {
+        return `MCP server '${serverName}' ready for OAuth authentication`;
+      }
+      if (userConnection) {
+        return `MCP server '${serverName}' reinitialized successfully`;
+      }
+      return `Failed to reinitialize MCP server '${serverName}'`;
+    };
 
     res.json({
-      success,
-      message,
-      oauthUrl,
+      success: (userConnection && !oauthRequired) || (oauthRequired && oauthUrl),
+      message: getResponseMessage(),
       serverName,
       oauthRequired,
+      oauthUrl,
     });
   } catch (error) {
     logger.error('[MCP Reinitialize] Unexpected error', error);
@@ -446,14 +551,15 @@ router.get('/:serverName/auth-values', requireJwtAuth, async (req, res) => {
       return res.status(401).json({ error: 'User not authenticated' });
     }
 
-    const mcpManager = getMCPManager();
-    const serverConfig = mcpManager.getRawConfig(serverName);
-    if (!serverConfig) {
+    const printConfig = false;
+    const config = await loadCustomConfig(printConfig);
+    if (!config || !config.mcpServers || !config.mcpServers[serverName]) {
       return res.status(404).json({
         error: `MCP server '${serverName}' not found in configuration`,
       });
     }
 
+    const serverConfig = config.mcpServers[serverName];
     const pluginKey = `${Constants.mcp_prefix}${serverName}`;
     const authValueFlags = {};
 

api/server/routes/memories.js

@@ -13,8 +13,6 @@ const { getRoleByName } = require('~/models/Role');
 
 const router = express.Router();
 
-const memoryPayloadLimit = express.json({ limit: '100kb' });
-
 const checkMemoryRead = generateCheckAccess({
   permissionType: PermissionTypes.MEMORIES,
   permissions: [Permissions.USE, Permissions.READ],
@@ -62,7 +60,6 @@ router.get('/', checkMemoryRead, async (req, res) => {
 
     const memoryConfig = req.app.locals?.memory;
     const tokenLimit = memoryConfig?.tokenLimit;
-    const charLimit = memoryConfig?.charLimit || 10000;
 
     let usagePercentage = null;
     if (tokenLimit && tokenLimit > 0) {
@@ -73,7 +70,6 @@ router.get('/', checkMemoryRead, async (req, res) => {
       memories: sortedMemories,
       totalTokens,
       tokenLimit: tokenLimit || null,
-      charLimit,
       usagePercentage,
     });
   } catch (error) {
@@ -87,7 +83,7 @@ router.get('/', checkMemoryRead, async (req, res) => {
  * Body: { key: string, value: string }
  * Returns 201 and { created: true, memory: <createdDoc> } when successful.
  */
-router.post('/', memoryPayloadLimit, checkMemoryCreate, async (req, res) => {
+router.post('/', checkMemoryCreate, async (req, res) => {
   const { key, value } = req.body;
 
   if (typeof key !== 'string' || key.trim() === '') {
@@ -98,25 +94,13 @@ router.post('/', memoryPayloadLimit, checkMemoryCreate, async (req, res) => {
     return res.status(400).json({ error: 'Value is required and must be a non-empty string.' });
   }
 
-  const memoryConfig = req.app.locals?.memory;
-  const charLimit = memoryConfig?.charLimit || 10000;
-
-  if (key.length > 1000) {
-    return res.status(400).json({
-      error: `Key exceeds maximum length of 1000 characters. Current length: ${key.length} characters.`,
-    });
-  }
-
-  if (value.length > charLimit) {
-    return res.status(400).json({
-      error: `Value exceeds maximum length of ${charLimit} characters. Current length: ${value.length} characters.`,
-    });
-  }
-
   try {
     const tokenCount = Tokenizer.getTokenCount(value, 'o200k_base');
 
     const memories = await getAllUserMemories(req.user.id);
+
+    // Check token limit
+    const memoryConfig = req.app.locals?.memory;
     const tokenLimit = memoryConfig?.tokenLimit;
 
     if (tokenLimit) {
@@ -191,7 +175,7 @@ router.patch('/preferences', checkMemoryOptOut, async (req, res) => {
  * Body: { key?: string, value: string }
  * Returns 200 and { updated: true, memory: <updatedDoc> } when successful.
  */
-router.patch('/:key', memoryPayloadLimit, checkMemoryUpdate, async (req, res) => {
+router.patch('/:key', checkMemoryUpdate, async (req, res) => {
   const { key: urlKey } = req.params;
   const { key: bodyKey, value } = req.body || {};
 
@@ -199,23 +183,9 @@ router.patch('/:key', memoryPayloadLimit, checkMemoryUpdate, async (req, res) =>
     return res.status(400).json({ error: 'Value is required and must be a non-empty string.' });
   }
 
+  // Use the key from the body if provided, otherwise use the key from the URL
   const newKey = bodyKey || urlKey;
 
-  const memoryConfig = req.app.locals?.memory;
-  const charLimit = memoryConfig?.charLimit || 10000;
-
-  if (newKey.length > 1000) {
-    return res.status(400).json({
-      error: `Key exceeds maximum length of 1000 characters. Current length: ${newKey.length} characters.`,
-    });
-  }
-
-  if (value.length > charLimit) {
-    return res.status(400).json({
-      error: `Value exceeds maximum length of ${charLimit} characters. Current length: ${value.length} characters.`,
-    });
-  }
-
   try {
     const tokenCount = Tokenizer.getTokenCount(value, 'o200k_base');
 
@@ -226,6 +196,7 @@ router.patch('/:key', memoryPayloadLimit, checkMemoryUpdate, async (req, res) =>
       return res.status(404).json({ error: 'Memory not found.' });
     }
 
+    // If the key is changing, we need to handle it specially
     if (newKey !== urlKey) {
       const keyExists = memories.find((m) => m.key === newKey);
       if (keyExists) {
@@ -248,6 +219,7 @@ router.patch('/:key', memoryPayloadLimit, checkMemoryUpdate, async (req, res) =>
         return res.status(500).json({ error: 'Failed to delete old memory.' });
       }
     } else {
+      // Key is not changing, just update the value
       const result = await setMemory({
         userId: req.user.id,
         key: newKey,

api/server/routes/oauth.js

@@ -2,19 +2,17 @@
 const express = require('express');
 const passport = require('passport');
 const { randomState } = require('openid-client');
-const { logger } = require('@librechat/data-schemas');
-const { ErrorTypes } = require('librechat-data-provider');
-const { isEnabled, createSetBalanceConfig } = require('@librechat/api');
-const { checkDomainAllowed, loginLimiter, logHeaders, checkBan } = require('~/server/middleware');
+const {
+  checkBan,
+  logHeaders,
+  loginLimiter,
+  setBalanceConfig,
+  checkDomainAllowed,
+} = require('~/server/middleware');
 const { syncUserEntraGroupMemberships } = require('~/server/services/PermissionService');
 const { setAuthTokens, setOpenIDAuthTokens } = require('~/server/services/AuthService');
-const { getBalanceConfig } = require('~/server/services/Config');
-const { Balance } = require('~/db/models');
-
-const setBalanceConfig = createSetBalanceConfig({
-  getBalanceConfig,
-  Balance,
-});
+const { isEnabled } = require('~/server/utils');
+const { logger } = require('~/config');
 
 const router = express.Router();
 
@@ -50,13 +48,13 @@ const oauthHandler = async (req, res) => {
 };
 
 router.get('/error', (req, res) => {
-  /** A single error message is pushed by passport when authentication fails. */
-  const errorMessage = req.session?.messages?.pop() || 'Unknown error';
+  // A single error message is pushed by passport when authentication fails.
   logger.error('Error in OAuth authentication:', {
-    message: errorMessage,
+    message: req.session?.messages?.pop() || 'Unknown error',
   });
 
-  res.redirect(`${domains.client}/login?redirect=false&error=${ErrorTypes.AUTH_FAILED}`);
+  // Redirect to login page with auth_failed parameter to prevent infinite redirect loops
+  res.redirect(`${domains.client}/login?redirect=false`);
 });
 
 /**

api/server/routes/prompts.js

@@ -1,13 +1,6 @@
 const express = require('express');
 const { logger } = require('@librechat/data-schemas');
-const {
-  generateCheckAccess,
-  markPublicPromptGroups,
-  buildPromptGroupFilter,
-  formatPromptGroupsResponse,
-  createEmptyPromptGroupsResponse,
-  filterAccessibleIdsBySharedLogic,
-} = require('@librechat/api');
+const { generateCheckAccess } = require('@librechat/api');
 const {
   Permissions,
   SystemRoles,
@@ -18,11 +11,12 @@ const {
   PermissionTypes,
 } = require('librechat-data-provider');
 const {
-  getListPromptGroupsByAccess,
   makePromptProduction,
+  getAllPromptGroups,
   updatePromptGroup,
   deletePromptGroup,
   createPromptGroup,
+  getPromptGroups,
   getPromptGroup,
   deletePrompt,
   getPrompts,
@@ -101,48 +95,23 @@ router.get(
 router.get('/all', async (req, res) => {
   try {
     const userId = req.user.id;
-    const { name, category, ...otherFilters } = req.query;
-    const { filter, searchShared, searchSharedOnly } = buildPromptGroupFilter({
-      name,
-      category,
-      ...otherFilters,
-    });
 
-    let accessibleIds = await findAccessibleResources({
+    // Get promptGroup IDs the user has VIEW access to via ACL
+    const accessibleIds = await findAccessibleResources({
       userId,
       role: req.user.role,
       resourceType: ResourceType.PROMPTGROUP,
       requiredPermissions: PermissionBits.VIEW,
     });
 
-    const publiclyAccessibleIds = await findPubliclyAccessibleResources({
-      resourceType: ResourceType.PROMPTGROUP,
-      requiredPermissions: PermissionBits.VIEW,
-    });
+    const groups = await getAllPromptGroups(req, {});
 
-    const filteredAccessibleIds = await filterAccessibleIdsBySharedLogic({
-      accessibleIds,
-      searchShared,
-      searchSharedOnly,
-      publicPromptGroupIds: publiclyAccessibleIds,
-    });
+    // Filter the results to only include accessible groups
+    const accessibleGroups = groups.filter((group) =>
+      accessibleIds.some((id) => id.toString() === group._id.toString()),
+    );
 
-    const result = await getListPromptGroupsByAccess({
-      accessibleIds: filteredAccessibleIds,
-      otherParams: filter,
-    });
-
-    if (!result) {
-      return res.status(200).send([]);
-    }
-
-    const { data: promptGroups = [] } = result;
-    if (!promptGroups.length) {
-      return res.status(200).send([]);
-    }
-
-    const groupsWithPublicFlag = markPublicPromptGroups(promptGroups, publiclyAccessibleIds);
-    res.status(200).send(groupsWithPublicFlag);
+    res.status(200).send(accessibleGroups);
   } catch (error) {
     logger.error(error);
     res.status(500).send({ error: 'Error getting prompt groups' });
@@ -156,66 +125,40 @@ router.get('/all', async (req, res) => {
 router.get('/groups', async (req, res) => {
   try {
     const userId = req.user.id;
-    const { pageSize, pageNumber, limit, cursor, name, category, ...otherFilters } = req.query;
+    const filter = { ...req.query };
+    delete filter.author; // Remove author filter as we'll use ACL
 
-    const { filter, searchShared, searchSharedOnly } = buildPromptGroupFilter({
-      name,
-      category,
-      ...otherFilters,
-    });
-
-    let actualLimit = limit;
-    let actualCursor = cursor;
-
-    if (pageSize && !limit) {
-      actualLimit = parseInt(pageSize, 10);
-    }
-
-    let accessibleIds = await findAccessibleResources({
+    // Get promptGroup IDs the user has VIEW access to via ACL
+    const accessibleIds = await findAccessibleResources({
       userId,
       role: req.user.role,
       resourceType: ResourceType.PROMPTGROUP,
       requiredPermissions: PermissionBits.VIEW,
     });
 
+    // Get publicly accessible promptGroups
     const publiclyAccessibleIds = await findPubliclyAccessibleResources({
       resourceType: ResourceType.PROMPTGROUP,
       requiredPermissions: PermissionBits.VIEW,
     });
 
-    const filteredAccessibleIds = await filterAccessibleIdsBySharedLogic({
-      accessibleIds,
-      searchShared,
-      searchSharedOnly,
-      publicPromptGroupIds: publiclyAccessibleIds,
-    });
+    const groups = await getPromptGroups(req, filter);
 
-    const result = await getListPromptGroupsByAccess({
-      accessibleIds: filteredAccessibleIds,
-      otherParams: filter,
-      limit: actualLimit,
-      after: actualCursor,
-    });
+    if (groups.promptGroups && groups.promptGroups.length > 0) {
+      groups.promptGroups = groups.promptGroups.filter((group) =>
+        accessibleIds.some((id) => id.toString() === group._id.toString()),
+      );
 
-    if (!result) {
-      const emptyResponse = createEmptyPromptGroupsResponse({ pageNumber, pageSize, actualLimit });
-      return res.status(200).send(emptyResponse);
+      // Mark public groups
+      groups.promptGroups = groups.promptGroups.map((group) => {
+        if (publiclyAccessibleIds.some((id) => id.equals(group._id))) {
+          group.isPublic = true;
+        }
+        return group;
+      });
     }
 
-    const { data: promptGroups = [], has_more = false, after = null } = result;
-
-    const groupsWithPublicFlag = markPublicPromptGroups(promptGroups, publiclyAccessibleIds);
-
-    const response = formatPromptGroupsResponse({
-      promptGroups: groupsWithPublicFlag,
-      pageNumber,
-      pageSize,
-      actualLimit,
-      hasMore: has_more,
-      after,
-    });
-
-    res.status(200).send(response);
+    res.status(200).send(groups);
   } catch (error) {
     logger.error(error);
     res.status(500).send({ error: 'Error getting prompt groups' });
@@ -245,6 +188,7 @@ const createNewPromptGroup = async (req, res) => {
 
     const result = await createPromptGroup(saveData);
 
+    // Grant owner permissions to the creator on the new promptGroup
     if (result.prompt && result.prompt._id && result.prompt.groupId) {
       try {
         await grantPermission({

api/server/routes/roles.js

@@ -1,13 +1,11 @@
 const express = require('express');
 const {
-  SystemRoles,
-  roleDefaults,
-  PermissionTypes,
-  agentPermissionsSchema,
   promptPermissionsSchema,
   memoryPermissionsSchema,
-  marketplacePermissionsSchema,
-  peoplePickerPermissionsSchema,
+  agentPermissionsSchema,
+  PermissionTypes,
+  roleDefaults,
+  SystemRoles,
 } = require('librechat-data-provider');
 const { checkAdmin, requireJwtAuth } = require('~/server/middleware');
 const { updateRoleByName, getRoleByName } = require('~/models/Role');
@@ -15,81 +13,6 @@ const { updateRoleByName, getRoleByName } = require('~/models/Role');
 const router = express.Router();
 router.use(requireJwtAuth);
 
-/**
- * Permission configuration mapping
- * Maps route paths to their corresponding schemas and permission types
- */
-const permissionConfigs = {
-  prompts: {
-    schema: promptPermissionsSchema,
-    permissionType: PermissionTypes.PROMPTS,
-    errorMessage: 'Invalid prompt permissions.',
-  },
-  agents: {
-    schema: agentPermissionsSchema,
-    permissionType: PermissionTypes.AGENTS,
-    errorMessage: 'Invalid agent permissions.',
-  },
-  memories: {
-    schema: memoryPermissionsSchema,
-    permissionType: PermissionTypes.MEMORIES,
-    errorMessage: 'Invalid memory permissions.',
-  },
-  'people-picker': {
-    schema: peoplePickerPermissionsSchema,
-    permissionType: PermissionTypes.PEOPLE_PICKER,
-    errorMessage: 'Invalid people picker permissions.',
-  },
-  marketplace: {
-    schema: marketplacePermissionsSchema,
-    permissionType: PermissionTypes.MARKETPLACE,
-    errorMessage: 'Invalid marketplace permissions.',
-  },
-};
-
-/**
- * Generic handler for updating permissions
- * @param {string} permissionKey - The key from permissionConfigs
- * @returns {Function} Express route handler
- */
-const createPermissionUpdateHandler = (permissionKey) => {
-  const config = permissionConfigs[permissionKey];
-
-  return async (req, res) => {
-    const { roleName: _r } = req.params;
-    // TODO: TEMP, use a better parsing for roleName
-    const roleName = _r.toUpperCase();
-    const updates = req.body;
-
-    try {
-      const parsedUpdates = config.schema.partial().parse(updates);
-
-      const role = await getRoleByName(roleName);
-      if (!role) {
-        return res.status(404).send({ message: 'Role not found' });
-      }
-
-      const currentPermissions =
-        role.permissions?.[config.permissionType] || role[config.permissionType] || {};
-
-      const mergedUpdates = {
-        permissions: {
-          ...role.permissions,
-          [config.permissionType]: {
-            ...currentPermissions,
-            ...parsedUpdates,
-          },
-        },
-      };
-
-      const updatedRole = await updateRoleByName(roleName, mergedUpdates);
-      res.status(200).send(updatedRole);
-    } catch (error) {
-      return res.status(400).send({ message: config.errorMessage, error: error.errors });
-    }
-  };
-};
-
 /**
  * GET /api/roles/:roleName
  * Get a specific role by name
@@ -122,30 +45,117 @@ router.get('/:roleName', async (req, res) => {
  * PUT /api/roles/:roleName/prompts
  * Update prompt permissions for a specific role
  */
-router.put('/:roleName/prompts', checkAdmin, createPermissionUpdateHandler('prompts'));
+router.put('/:roleName/prompts', checkAdmin, async (req, res) => {
+  const { roleName: _r } = req.params;
+  // TODO: TEMP, use a better parsing for roleName
+  const roleName = _r.toUpperCase();
+  /** @type {TRole['permissions']['PROMPTS']} */
+  const updates = req.body;
+
+  try {
+    const parsedUpdates = promptPermissionsSchema.partial().parse(updates);
+
+    const role = await getRoleByName(roleName);
+    if (!role) {
+      return res.status(404).send({ message: 'Role not found' });
+    }
+
+    const currentPermissions =
+      role.permissions?.[PermissionTypes.PROMPTS] || role[PermissionTypes.PROMPTS] || {};
+
+    const mergedUpdates = {
+      permissions: {
+        ...role.permissions,
+        [PermissionTypes.PROMPTS]: {
+          ...currentPermissions,
+          ...parsedUpdates,
+        },
+      },
+    };
+
+    const updatedRole = await updateRoleByName(roleName, mergedUpdates);
+    res.status(200).send(updatedRole);
+  } catch (error) {
+    return res.status(400).send({ message: 'Invalid prompt permissions.', error: error.errors });
+  }
+});
 
 /**
  * PUT /api/roles/:roleName/agents
  * Update agent permissions for a specific role
  */
-router.put('/:roleName/agents', checkAdmin, createPermissionUpdateHandler('agents'));
+router.put('/:roleName/agents', checkAdmin, async (req, res) => {
+  const { roleName: _r } = req.params;
+  // TODO: TEMP, use a better parsing for roleName
+  const roleName = _r.toUpperCase();
+  /** @type {TRole['permissions']['AGENTS']} */
+  const updates = req.body;
+
+  try {
+    const parsedUpdates = agentPermissionsSchema.partial().parse(updates);
+
+    const role = await getRoleByName(roleName);
+    if (!role) {
+      return res.status(404).send({ message: 'Role not found' });
+    }
+
+    const currentPermissions =
+      role.permissions?.[PermissionTypes.AGENTS] || role[PermissionTypes.AGENTS] || {};
+
+    const mergedUpdates = {
+      permissions: {
+        ...role.permissions,
+        [PermissionTypes.AGENTS]: {
+          ...currentPermissions,
+          ...parsedUpdates,
+        },
+      },
+    };
+
+    const updatedRole = await updateRoleByName(roleName, mergedUpdates);
+    res.status(200).send(updatedRole);
+  } catch (error) {
+    return res.status(400).send({ message: 'Invalid agent permissions.', error: error.errors });
+  }
+});
 
 /**
  * PUT /api/roles/:roleName/memories
  * Update memory permissions for a specific role
  */
-router.put('/:roleName/memories', checkAdmin, createPermissionUpdateHandler('memories'));
+router.put('/:roleName/memories', checkAdmin, async (req, res) => {
+  const { roleName: _r } = req.params;
+  // TODO: TEMP, use a better parsing for roleName
+  const roleName = _r.toUpperCase();
+  /** @type {TRole['permissions']['MEMORIES']} */
+  const updates = req.body;
 
-/**
- * PUT /api/roles/:roleName/people-picker
- * Update people picker permissions for a specific role
- */
-router.put('/:roleName/people-picker', checkAdmin, createPermissionUpdateHandler('people-picker'));
+  try {
+    const parsedUpdates = memoryPermissionsSchema.partial().parse(updates);
 
-/**
- * PUT /api/roles/:roleName/marketplace
- * Update marketplace permissions for a specific role
- */
-router.put('/:roleName/marketplace', checkAdmin, createPermissionUpdateHandler('marketplace'));
+    const role = await getRoleByName(roleName);
+    if (!role) {
+      return res.status(404).send({ message: 'Role not found' });
+    }
+
+    const currentPermissions =
+      role.permissions?.[PermissionTypes.MEMORIES] || role[PermissionTypes.MEMORIES] || {};
+
+    const mergedUpdates = {
+      permissions: {
+        ...role.permissions,
+        [PermissionTypes.MEMORIES]: {
+          ...currentPermissions,
+          ...parsedUpdates,
+        },
+      },
+    };
+
+    const updatedRole = await updateRoleByName(roleName, mergedUpdates);
+    res.status(200).send(updatedRole);
+  } catch (error) {
+    return res.status(400).send({ message: 'Invalid memory permissions.', error: error.errors });
+  }
+});
 
 module.exports = router;

api/server/services/AppService.interface.spec.js

@@ -5,7 +5,7 @@ jest.mock('~/models', () => ({
 }));
 jest.mock('~/models/Role', () => ({
   updateAccessPermissions: jest.fn(),
-  getRoleByName: jest.fn().mockResolvedValue(null),
+  getRoleByName: jest.fn(),
   updateRoleByName: jest.fn(),
 }));
 
@@ -89,76 +89,4 @@ describe('AppService interface configuration', () => {
     expect(app.locals.interfaceConfig.bookmarks).toBe(false);
     expect(loadDefaultInterface).toHaveBeenCalled();
   });
-
-  it('should correctly configure peoplePicker permissions including roles', async () => {
-    mockLoadCustomConfig.mockResolvedValue({
-      interface: {
-        peoplePicker: {
-          users: true,
-          groups: true,
-          roles: true,
-        },
-      },
-    });
-    loadDefaultInterface.mockResolvedValue({
-      peoplePicker: {
-        users: true,
-        groups: true,
-        roles: true,
-      },
-    });
-
-    await AppService(app);
-
-    expect(app.locals.interfaceConfig.peoplePicker).toBeDefined();
-    expect(app.locals.interfaceConfig.peoplePicker).toMatchObject({
-      users: true,
-      groups: true,
-      roles: true,
-    });
-    expect(loadDefaultInterface).toHaveBeenCalled();
-  });
-
-  it('should handle mixed peoplePicker permissions', async () => {
-    mockLoadCustomConfig.mockResolvedValue({
-      interface: {
-        peoplePicker: {
-          users: true,
-          groups: false,
-          roles: true,
-        },
-      },
-    });
-    loadDefaultInterface.mockResolvedValue({
-      peoplePicker: {
-        users: true,
-        groups: false,
-        roles: true,
-      },
-    });
-
-    await AppService(app);
-
-    expect(app.locals.interfaceConfig.peoplePicker.users).toBe(true);
-    expect(app.locals.interfaceConfig.peoplePicker.groups).toBe(false);
-    expect(app.locals.interfaceConfig.peoplePicker.roles).toBe(true);
-  });
-
-  it('should set default peoplePicker permissions when not provided', async () => {
-    mockLoadCustomConfig.mockResolvedValue({});
-    loadDefaultInterface.mockResolvedValue({
-      peoplePicker: {
-        users: true,
-        groups: true,
-        roles: true,
-      },
-    });
-
-    await AppService(app);
-
-    expect(app.locals.interfaceConfig.peoplePicker).toBeDefined();
-    expect(app.locals.interfaceConfig.peoplePicker.users).toBe(true);
-    expect(app.locals.interfaceConfig.peoplePicker.groups).toBe(true);
-    expect(app.locals.interfaceConfig.peoplePicker.roles).toBe(true);
-  });
 });

api/server/services/AppService.js

@@ -1,26 +1,22 @@
-const {
-  isEnabled,
-  loadMemoryConfig,
-  agentsConfigSetup,
-  loadWebSearchConfig,
-} = require('@librechat/api');
+const { agentsConfigSetup, loadWebSearchConfig } = require('@librechat/api');
 const {
   FileSources,
   loadOCRConfig,
   EModelEndpoint,
+  loadMemoryConfig,
   getConfigDefaults,
 } = require('librechat-data-provider');
 const {
-  checkWebSearchConfig,
-  checkAzureVariables,
-  checkVariables,
   checkHealth,
   checkConfig,
+  checkVariables,
+  checkAzureVariables,
+  checkWebSearchConfig,
 } = require('./start/checks');
-const { ensureDefaultCategories, seedDefaultRoles, initializeRoles } = require('~/models');
 const { azureAssistantsDefaults, assistantsConfigSetup } = require('./start/assistants');
 const { initializeAzureBlobService } = require('./Files/Azure/initialize');
 const { initializeFirebase } = require('./Files/Firebase/initialize');
+const { seedDefaultRoles, initializeRoles, ensureDefaultCategories } = require('~/models');
 const loadCustomConfig = require('./Config/loadCustomConfig');
 const handleRateLimits = require('./Config/handleRateLimits');
 const { loadDefaultInterface } = require('./start/interface');
@@ -29,6 +25,7 @@ const { azureConfigSetup } = require('./start/azureOpenAI');
 const { processModelSpecs } = require('./start/modelSpecs');
 const { initializeS3 } = require('./Files/S3/initialize');
 const { loadAndFormatTools } = require('./ToolService');
+const { isEnabled } = require('~/server/utils');
 const { setCachedTools } = require('./Config');
 const paths = require('~/config/paths');
 

api/server/services/AppService.spec.js

@@ -33,7 +33,6 @@ jest.mock('~/models', () => ({
 }));
 jest.mock('~/models/Role', () => ({
   updateAccessPermissions: jest.fn(),
-  getRoleByName: jest.fn().mockResolvedValue(null),
 }));
 jest.mock('./Config', () => ({
   setCachedTools: jest.fn(),
@@ -970,29 +969,4 @@ describe('AppService updating app.locals and issuing warnings', () => {
     expect(app.locals.ocr.strategy).toEqual('mistral_ocr');
     expect(app.locals.ocr.mistralModel).toEqual('mistral-medium');
   });
-
-  it('should correctly configure peoplePicker permissions when specified', async () => {
-    const mockConfig = {
-      interface: {
-        peoplePicker: {
-          users: true,
-          groups: true,
-          roles: true,
-        },
-      },
-    };
-
-    require('./Config/loadCustomConfig').mockImplementationOnce(() => Promise.resolve(mockConfig));
-
-    const app = { locals: {} };
-    await AppService(app);
-
-    // Check that interface config includes the permissions
-    expect(app.locals.interfaceConfig.peoplePicker).toBeDefined();
-    expect(app.locals.interfaceConfig.peoplePicker).toMatchObject({
-      users: true,
-      groups: true,
-      roles: true,
-    });
-  });
 });

api/server/services/Artifacts/update.js

@@ -60,14 +60,7 @@ const replaceArtifactContent = (originalText, artifact, original, updated) => {
 
   // Find boundaries between ARTIFACT_START and ARTIFACT_END
   const contentStart = artifactContent.indexOf('\n', artifactContent.indexOf(ARTIFACT_START)) + 1;
-  let contentEnd = artifactContent.lastIndexOf(ARTIFACT_END);
-
-  // Special case: if contentEnd is 0, it means the only ::: found is at the start of :::artifact
-  // This indicates an incomplete artifact (no closing :::)
-  // We need to check that it's exactly at position 0 (the beginning of artifactContent)
-  if (contentEnd === 0 && artifactContent.indexOf(ARTIFACT_START) === 0) {
-    contentEnd = artifactContent.length;
-  }
+  const contentEnd = artifactContent.lastIndexOf(ARTIFACT_END);
 
   if (contentStart === -1 || contentEnd === -1) {
     return null;
@@ -79,20 +72,12 @@ const replaceArtifactContent = (originalText, artifact, original, updated) => {
 
   // Determine where to look for the original content
   let searchStart, searchEnd;
-  if (codeBlockStart !== -1) {
-    // Code block starts
+  if (codeBlockStart !== -1 && codeBlockEnd !== -1) {
+    // If code blocks exist, search between them
     searchStart = codeBlockStart + 4; // after ```\n
-
-    if (codeBlockEnd !== -1 && codeBlockEnd > codeBlockStart) {
-      // Code block has proper ending
-      searchEnd = codeBlockEnd;
-    } else {
-      // No closing backticks found or they're before the opening (shouldn't happen)
-      // This might be an incomplete artifact - search to contentEnd
-      searchEnd = contentEnd;
-    }
+    searchEnd = codeBlockEnd;
   } else {
-    // No code blocks at all
+    // Otherwise search in the whole artifact content
     searchStart = contentStart;
     searchEnd = contentEnd;
   }

api/server/services/Artifacts/update.spec.js

@@ -89,9 +89,9 @@ describe('replaceArtifactContent', () => {
   };
 
   test('should replace content within artifact boundaries', () => {
-    const original = "console.log('hello')";
+    const original = 'console.log(\'hello\')';
     const artifact = createTestArtifact(original);
-    const updated = "console.log('updated')";
+    const updated = 'console.log(\'updated\')';
 
     const result = replaceArtifactContent(artifact.text, artifact, original, updated);
     expect(result).toContain(updated);
@@ -317,182 +317,4 @@ console.log(greeting);`;
     expect(result).not.toContain('\n\n```');
     expect(result).not.toContain('```\n\n');
   });
-
-  describe('incomplete artifacts', () => {
-    test('should handle incomplete artifacts (missing closing ::: and ```)', () => {
-      const original = `<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="utf-8" />
-<meta name="viewport" content="width=device-width, initial-scale=1" />
-<title>Pomodoro</title>
-<meta name="description" content="A single-file Pomodoro timer with logs, charts, sounds, and dark mode." />
-<style>
-  :root{`;
-
-      const prefix = `Awesome idea! I'll deliver a complete single-file HTML app called "Pomodoro" with:
-- Custom session/break durations
-
-You can save this as pomodoro.html and open it directly in your browser.
-
-`;
-
-      // This simulates the real incomplete artifact case - no closing ``` or :::
-      const incompleteArtifact = `${ARTIFACT_START}{identifier="pomodoro-single-file-app" type="text/html" title="Pomodoro — Single File App"}
-\`\`\`
-${original}`;
-
-      const fullText = prefix + incompleteArtifact;
-      const message = { text: fullText };
-      const artifacts = findAllArtifacts(message);
-
-      expect(artifacts).toHaveLength(1);
-      expect(artifacts[0].end).toBe(fullText.length);
-
-      const updated = original.replace('Pomodoro</title>', 'Pomodoro</title>UPDATED');
-      const result = replaceArtifactContent(fullText, artifacts[0], original, updated);
-
-      expect(result).not.toBeNull();
-      expect(result).toContain('UPDATED');
-      expect(result).toContain(prefix);
-      // Should not have added closing markers
-      expect(result).not.toMatch(/:::\s*$/);
-    });
-
-    test('should handle incomplete artifacts with only opening code block', () => {
-      const original = 'function hello() { console.log("world"); }';
-      const incompleteArtifact = `${ARTIFACT_START}{id="test"}\n\`\`\`\n${original}`;
-
-      const message = { text: incompleteArtifact };
-      const artifacts = findAllArtifacts(message);
-
-      expect(artifacts).toHaveLength(1);
-
-      const updated = 'function hello() { console.log("UPDATED"); }';
-      const result = replaceArtifactContent(incompleteArtifact, artifacts[0], original, updated);
-
-      expect(result).not.toBeNull();
-      expect(result).toContain('UPDATED');
-    });
-
-    test('should handle incomplete artifacts without code blocks', () => {
-      const original = 'Some plain text content';
-      const incompleteArtifact = `${ARTIFACT_START}{id="test"}\n${original}`;
-
-      const message = { text: incompleteArtifact };
-      const artifacts = findAllArtifacts(message);
-
-      expect(artifacts).toHaveLength(1);
-
-      const updated = 'Some UPDATED text content';
-      const result = replaceArtifactContent(incompleteArtifact, artifacts[0], original, updated);
-
-      expect(result).not.toBeNull();
-      expect(result).toContain('UPDATED');
-    });
-  });
-
-  describe('regression tests for edge cases', () => {
-    test('should still handle complete artifacts correctly', () => {
-      // Ensure we didn't break normal artifact handling
-      const original = 'console.log("test");';
-      const artifact = createArtifactText({ content: original });
-
-      const message = { text: artifact };
-      const artifacts = findAllArtifacts(message);
-
-      expect(artifacts).toHaveLength(1);
-
-      const updated = 'console.log("updated");';
-      const result = replaceArtifactContent(artifact, artifacts[0], original, updated);
-
-      expect(result).not.toBeNull();
-      expect(result).toContain(updated);
-      expect(result).toContain(ARTIFACT_END);
-      expect(result).toMatch(/```\nconsole\.log\("updated"\);\n```/);
-    });
-
-    test('should handle multiple complete artifacts', () => {
-      // Ensure multiple artifacts still work
-      const content1 = 'First artifact';
-      const content2 = 'Second artifact';
-      const text = `${createArtifactText({ content: content1 })}\n\n${createArtifactText({ content: content2 })}`;
-
-      const message = { text };
-      const artifacts = findAllArtifacts(message);
-
-      expect(artifacts).toHaveLength(2);
-
-      // Update first artifact
-      const result1 = replaceArtifactContent(text, artifacts[0], content1, 'First UPDATED');
-      expect(result1).not.toBeNull();
-      expect(result1).toContain('First UPDATED');
-      expect(result1).toContain(content2);
-
-      // Update second artifact
-      const result2 = replaceArtifactContent(text, artifacts[1], content2, 'Second UPDATED');
-      expect(result2).not.toBeNull();
-      expect(result2).toContain(content1);
-      expect(result2).toContain('Second UPDATED');
-    });
-
-    test('should not mistake ::: at position 0 for artifact end in complete artifacts', () => {
-      // This tests the specific fix - ensuring contentEnd=0 doesn't break complete artifacts
-      const original = 'test content';
-      // Create an artifact that will have ::: at position 0 when substring'd
-      const artifact = `${ARTIFACT_START}\n\`\`\`\n${original}\n\`\`\`\n${ARTIFACT_END}`;
-
-      const message = { text: artifact };
-      const artifacts = findAllArtifacts(message);
-
-      expect(artifacts).toHaveLength(1);
-
-      const updated = 'updated content';
-      const result = replaceArtifactContent(artifact, artifacts[0], original, updated);
-
-      expect(result).not.toBeNull();
-      expect(result).toContain(updated);
-      expect(result).toContain(ARTIFACT_END);
-    });
-
-    test('should handle empty artifacts', () => {
-      // Edge case: empty artifact
-      const artifact = `${ARTIFACT_START}\n${ARTIFACT_END}`;
-
-      const message = { text: artifact };
-      const artifacts = findAllArtifacts(message);
-
-      expect(artifacts).toHaveLength(1);
-
-      // Trying to replace non-existent content should return null
-      const result = replaceArtifactContent(artifact, artifacts[0], 'something', 'updated');
-      expect(result).toBeNull();
-    });
-
-    test('should preserve whitespace and formatting in complete artifacts', () => {
-      const original = `  function test() {
-    return {
-      value: 42
-    };
-  }`;
-      const artifact = createArtifactText({ content: original });
-
-      const message = { text: artifact };
-      const artifacts = findAllArtifacts(message);
-
-      const updated = `  function test() {
-    return {
-      value: 100
-    };
-  }`;
-      const result = replaceArtifactContent(artifact, artifacts[0], original, updated);
-
-      expect(result).not.toBeNull();
-      expect(result).toContain('value: 100');
-      // Should preserve exact formatting
-      expect(result).toMatch(
-        /```\n {2}function test\(\) \{\n {4}return \{\n {6}value: 100\n {4}\};\n {2}\}\n```/,
-      );
-    });
-  });
 });

api/server/services/Config/getCachedTools.js

@@ -26,7 +26,7 @@ const ToolCacheKeys = {
  * @param {string[]} [options.roleIds] - Role IDs for role-based tools
  * @param {string[]} [options.groupIds] - Group IDs for group-based tools
  * @param {boolean} [options.includeGlobal=true] - Whether to include global tools
- * @returns {Promise<LCAvailableTools|null>} The available tools object or null if not cached
+ * @returns {Promise<Object|null>} The available tools object or null if not cached
  */
 async function getCachedTools(options = {}) {
   const cache = getLogStores(CacheKeys.CONFIG_STORE);
@@ -41,13 +41,13 @@ async function getCachedTools(options = {}) {
   // Future implementation will merge tools from multiple sources
   // based on user permissions, roles, and groups
   if (userId) {
-    /** @type {LCAvailableTools | null} Check if we have pre-computed effective tools for this user */
+    // Check if we have pre-computed effective tools for this user
     const effectiveTools = await cache.get(ToolCacheKeys.EFFECTIVE(userId));
     if (effectiveTools) {
       return effectiveTools;
     }
 
-    /** @type {LCAvailableTools | null} Otherwise, compute from individual sources */
+    // Otherwise, compute from individual sources
     const toolSources = [];
 
     if (includeGlobal) {

api/server/services/Config/getCustomConfig.js

@@ -1,4 +1,5 @@
-const { isEnabled } = require('@librechat/api');
+const { logger } = require('@librechat/data-schemas');
+const { isEnabled, getUserMCPAuthMap } = require('@librechat/api');
 const { CacheKeys, EModelEndpoint } = require('librechat-data-provider');
 const { normalizeEndpointName } = require('~/server/utils');
 const loadCustomConfig = require('./loadCustomConfig');
@@ -52,6 +53,31 @@ const getCustomEndpointConfig = async (endpoint) => {
   );
 };
 
+/**
+ * @param {Object} params
+ * @param {string} params.userId
+ * @param {GenericTool[]} [params.tools]
+ * @param {import('@librechat/data-schemas').PluginAuthMethods['findPluginAuthsByKeys']} params.findPluginAuthsByKeys
+ * @returns {Promise<Record<string, Record<string, string>> | undefined>}
+ */
+async function getMCPAuthMap({ userId, tools, findPluginAuthsByKeys }) {
+  try {
+    if (!tools || tools.length === 0) {
+      return;
+    }
+    return await getUserMCPAuthMap({
+      tools,
+      userId,
+      findPluginAuthsByKeys,
+    });
+  } catch (err) {
+    logger.error(
+      `[api/server/controllers/agents/client.js #chatCompletion] Error getting custom user vars for agent`,
+      err,
+    );
+  }
+}
+
 /**
  * @returns {Promise<boolean>}
  */
@@ -62,6 +88,7 @@ async function hasCustomUserVars() {
 }
 
 module.exports = {
+  getMCPAuthMap,
   getCustomConfig,
   getBalanceConfig,
   hasCustomUserVars,

api/server/services/Config/index.js

@@ -1,7 +1,6 @@
 const { config } = require('./EndpointService');
 const getCachedTools = require('./getCachedTools');
 const getCustomConfig = require('./getCustomConfig');
-const mcpToolsCache = require('./mcpToolsCache');
 const loadCustomConfig = require('./loadCustomConfig');
 const loadConfigModels = require('./loadConfigModels');
 const loadDefaultModels = require('./loadDefaultModels');
@@ -18,6 +17,5 @@ module.exports = {
   loadAsyncEndpoints,
   ...getCachedTools,
   ...getCustomConfig,
-  ...mcpToolsCache,
   ...getEndpointsConfig,
 };

api/server/services/Config/loadConfigModels.js

@@ -76,11 +76,10 @@ async function loadConfigModels(req) {
       fetchPromisesMap[uniqueKey] =
         fetchPromisesMap[uniqueKey] ||
         fetchModels({
-          name,
-          apiKey: API_KEY,
-          baseURL: BASE_URL,
           user: req.user.id,
-          direct: endpoint.directEndpoint,
+          baseURL: BASE_URL,
+          apiKey: API_KEY,
+          name,
           userIdQuery: models.userIdQuery,
         });
       uniqueKeyToEndpointsMap[uniqueKey] = uniqueKeyToEndpointsMap[uniqueKey] || [];

api/server/services/Config/loadDefaultModels.js

@@ -1,11 +1,12 @@
-const { logger } = require('@librechat/data-schemas');
 const { EModelEndpoint } = require('librechat-data-provider');
+const { useAzurePlugins } = require('~/server/services/Config/EndpointService').config;
 const {
-  getAnthropicModels,
-  getBedrockModels,
   getOpenAIModels,
   getGoogleModels,
+  getBedrockModels,
+  getAnthropicModels,
 } = require('~/server/services/ModelService');
+const { logger } = require('~/config');
 
 /**
  * Loads the default models for the application.
@@ -15,42 +16,58 @@ const {
  */
 async function loadDefaultModels(req) {
   try {
-    const [openAI, anthropic, azureOpenAI, assistants, azureAssistants, google, bedrock] =
-      await Promise.all([
-        getOpenAIModels({ user: req.user.id }).catch((error) => {
-          logger.error('Error fetching OpenAI models:', error);
+    const [
+      openAI,
+      anthropic,
+      azureOpenAI,
+      gptPlugins,
+      assistants,
+      azureAssistants,
+      google,
+      bedrock,
+    ] = await Promise.all([
+      getOpenAIModels({ user: req.user.id }).catch((error) => {
+        logger.error('Error fetching OpenAI models:', error);
+        return [];
+      }),
+      getAnthropicModels({ user: req.user.id }).catch((error) => {
+        logger.error('Error fetching Anthropic models:', error);
+        return [];
+      }),
+      getOpenAIModels({ user: req.user.id, azure: true }).catch((error) => {
+        logger.error('Error fetching Azure OpenAI models:', error);
+        return [];
+      }),
+      getOpenAIModels({ user: req.user.id, azure: useAzurePlugins, plugins: true }).catch(
+        (error) => {
+          logger.error('Error fetching Plugin models:', error);
           return [];
-        }),
-        getAnthropicModels({ user: req.user.id }).catch((error) => {
-          logger.error('Error fetching Anthropic models:', error);
-          return [];
-        }),
-        getOpenAIModels({ user: req.user.id, azure: true }).catch((error) => {
-          logger.error('Error fetching Azure OpenAI models:', error);
-          return [];
-        }),
-        getOpenAIModels({ assistants: true }).catch((error) => {
-          logger.error('Error fetching OpenAI Assistants API models:', error);
-          return [];
-        }),
-        getOpenAIModels({ azureAssistants: true }).catch((error) => {
-          logger.error('Error fetching Azure OpenAI Assistants API models:', error);
-          return [];
-        }),
-        Promise.resolve(getGoogleModels()).catch((error) => {
-          logger.error('Error getting Google models:', error);
-          return [];
-        }),
-        Promise.resolve(getBedrockModels()).catch((error) => {
-          logger.error('Error getting Bedrock models:', error);
-          return [];
-        }),
-      ]);
+        },
+      ),
+      getOpenAIModels({ assistants: true }).catch((error) => {
+        logger.error('Error fetching OpenAI Assistants API models:', error);
+        return [];
+      }),
+      getOpenAIModels({ azureAssistants: true }).catch((error) => {
+        logger.error('Error fetching Azure OpenAI Assistants API models:', error);
+        return [];
+      }),
+      Promise.resolve(getGoogleModels()).catch((error) => {
+        logger.error('Error getting Google models:', error);
+        return [];
+      }),
+      Promise.resolve(getBedrockModels()).catch((error) => {
+        logger.error('Error getting Bedrock models:', error);
+        return [];
+      }),
+    ]);
 
     return {
       [EModelEndpoint.openAI]: openAI,
+      [EModelEndpoint.agents]: openAI,
       [EModelEndpoint.google]: google,
       [EModelEndpoint.anthropic]: anthropic,
+      [EModelEndpoint.gptPlugins]: gptPlugins,
       [EModelEndpoint.azureOpenAI]: azureOpenAI,
       [EModelEndpoint.assistants]: assistants,
       [EModelEndpoint.azureAssistants]: azureAssistants,

api/server/services/Config/mcpToolsCache.js

@@ -1,143 +0,0 @@
-const { logger } = require('@librechat/data-schemas');
-const { CacheKeys, Constants } = require('librechat-data-provider');
-const { getCachedTools, setCachedTools } = require('./getCachedTools');
-const { getLogStores } = require('~/cache');
-
-/**
- * Updates MCP tools in the cache for a specific server and user
- * @param {Object} params - Parameters for updating MCP tools
- * @param {string} params.userId - User ID
- * @param {string} params.serverName - MCP server name
- * @param {Array} params.tools - Array of tool objects from MCP server
- * @returns {Promise<LCAvailableTools>}
- */
-async function updateMCPUserTools({ userId, serverName, tools }) {
-  try {
-    const userTools = await getCachedTools({ userId });
-
-    const mcpDelimiter = Constants.mcp_delimiter;
-    for (const key of Object.keys(userTools)) {
-      if (key.endsWith(`${mcpDelimiter}${serverName}`)) {
-        delete userTools[key];
-      }
-    }
-
-    for (const tool of tools) {
-      const name = `${tool.name}${Constants.mcp_delimiter}${serverName}`;
-      userTools[name] = {
-        type: 'function',
-        ['function']: {
-          name,
-          description: tool.description,
-          parameters: tool.inputSchema,
-        },
-      };
-    }
-
-    await setCachedTools(userTools, { userId });
-
-    const cache = getLogStores(CacheKeys.CONFIG_STORE);
-    await cache.delete(CacheKeys.TOOLS);
-    logger.debug(`[MCP Cache] Updated ${tools.length} tools for ${serverName} user ${userId}`);
-    return userTools;
-  } catch (error) {
-    logger.error(`[MCP Cache] Failed to update tools for ${serverName}:`, error);
-    throw error;
-  }
-}
-
-/**
- * Merges app-level tools with global tools
- * @param {import('@librechat/api').LCAvailableTools} appTools
- * @returns {Promise<void>}
- */
-async function mergeAppTools(appTools) {
-  try {
-    const count = Object.keys(appTools).length;
-    if (!count) {
-      return;
-    }
-    const cachedTools = await getCachedTools({ includeGlobal: true });
-    const mergedTools = { ...cachedTools, ...appTools };
-    await setCachedTools(mergedTools, { isGlobal: true });
-    const cache = getLogStores(CacheKeys.CONFIG_STORE);
-    await cache.delete(CacheKeys.TOOLS);
-    logger.debug(`Merged ${count} app-level tools`);
-  } catch (error) {
-    logger.error('Failed to merge app-level tools:', error);
-    throw error;
-  }
-}
-
-/**
- * Merges user-level tools with global tools
- * @param {object} params
- * @param {string} params.userId
- * @param {Record<string, FunctionTool>} params.cachedUserTools
- * @param {import('@librechat/api').LCAvailableTools} params.userTools
- * @returns {Promise<void>}
- */
-async function mergeUserTools({ userId, cachedUserTools, userTools }) {
-  try {
-    if (!userId) {
-      return;
-    }
-    const count = Object.keys(userTools).length;
-    if (!count) {
-      return;
-    }
-    const cachedTools = cachedUserTools ?? (await getCachedTools({ userId }));
-    const mergedTools = { ...cachedTools, ...userTools };
-    await setCachedTools(mergedTools, { userId });
-    const cache = getLogStores(CacheKeys.CONFIG_STORE);
-    await cache.delete(CacheKeys.TOOLS);
-    logger.debug(`Merged ${count} user-level tools`);
-  } catch (error) {
-    logger.error('Failed to merge user-level tools:', error);
-    throw error;
-  }
-}
-
-/**
- * Clears all MCP tools for a specific server
- * @param {Object} params - Parameters for clearing MCP tools
- * @param {string} [params.userId] - User ID (if clearing user-specific tools)
- * @param {string} params.serverName - MCP server name
- * @returns {Promise<void>}
- */
-async function clearMCPServerTools({ userId, serverName }) {
-  try {
-    const tools = await getCachedTools({ userId, includeGlobal: !userId });
-
-    // Remove all tools for this server
-    const mcpDelimiter = Constants.mcp_delimiter;
-    let removedCount = 0;
-    for (const key of Object.keys(tools)) {
-      if (key.endsWith(`${mcpDelimiter}${serverName}`)) {
-        delete tools[key];
-        removedCount++;
-      }
-    }
-
-    if (removedCount > 0) {
-      await setCachedTools(tools, userId ? { userId } : { isGlobal: true });
-
-      const cache = getLogStores(CacheKeys.CONFIG_STORE);
-      await cache.delete(CacheKeys.TOOLS);
-
-      logger.debug(
-        `[MCP Cache] Removed ${removedCount} tools for ${serverName}${userId ? ` user ${userId}` : ' (global)'}`,
-      );
-    }
-  } catch (error) {
-    logger.error(`[MCP Cache] Failed to clear tools for ${serverName}:`, error);
-    throw error;
-  }
-}
-
-module.exports = {
-  mergeAppTools,
-  mergeUserTools,
-  updateMCPUserTools,
-  clearMCPServerTools,
-};

api/server/services/Endpoints/agents/agent.js

@@ -30,13 +30,7 @@ const { getModelMaxTokens } = require('~/utils');
  * @param {TEndpointOption} [params.endpointOption]
  * @param {Set<string>} [params.allowedProviders]
  * @param {boolean} [params.isInitialAgent]
- * @returns {Promise<Agent & {
- * tools: StructuredTool[],
- * attachments: Array<MongoFile>,
- * toolContextMap: Record<string, unknown>,
- * maxContextTokens: number,
- * userMCPAuthMap?: Record<string, Record<string, string>>
- * }>}
+ * @returns {Promise<Agent & { tools: StructuredTool[], attachments: Array<MongoFile>, toolContextMap: Record<string, unknown>, maxContextTokens: number }>}
  */
 const initializeAgent = async ({
   req,
@@ -97,19 +91,16 @@ const initializeAgent = async ({
   });
 
   const provider = agent.provider;
-  const {
-    tools: structuredTools,
-    toolContextMap,
-    userMCPAuthMap,
-  } = (await loadTools?.({
-    req,
-    res,
-    provider,
-    agentId: agent.id,
-    tools: agent.tools,
-    model: agent.model,
-    tool_resources,
-  })) ?? {};
+  const { tools: structuredTools, toolContextMap } =
+    (await loadTools?.({
+      req,
+      res,
+      provider,
+      agentId: agent.id,
+      tools: agent.tools,
+      model: agent.model,
+      tool_resources,
+    })) ?? {};
 
   agent.endpoint = provider;
   const { getOptions, overrideProvider } = await getProviderConfig(provider);
@@ -198,7 +189,6 @@ const initializeAgent = async ({
     tools,
     attachments,
     resendFiles,
-    userMCPAuthMap,
     toolContextMap,
     useLegacyContent: !!options.useLegacyContent,
     maxContextTokens: Math.round((agentMaxContextTokens - maxTokens) * 0.9),

api/server/services/Endpoints/agents/build.js

@@ -1,6 +1,6 @@
-const { logger } = require('@librechat/data-schemas');
 const { isAgentsEndpoint, removeNullishValues, Constants } = require('librechat-data-provider');
 const { loadAgent } = require('~/models/Agent');
+const { logger } = require('~/config');
 
 const buildOptions = (req, endpoint, parsedBody, endpointType) => {
   const { spec, iconURL, agent_id, instructions, ...model_parameters } = parsedBody;

api/server/services/Endpoints/agents/initialize.js

@@ -1,5 +1,4 @@
 const { logger } = require('@librechat/data-schemas');
-const { validateAgentModel } = require('@librechat/api');
 const { createContentAggregator } = require('@librechat/agents');
 const {
   Constants,
@@ -12,17 +11,12 @@ const {
   getDefaultHandlers,
 } = require('~/server/controllers/agents/callbacks');
 const { initializeAgent } = require('~/server/services/Endpoints/agents/agent');
-const { getModelsConfig } = require('~/server/controllers/ModelController');
 const { getCustomEndpointConfig } = require('~/server/services/Config');
 const { loadAgentTools } = require('~/server/services/ToolService');
 const AgentClient = require('~/server/controllers/agents/client');
 const { getAgent } = require('~/models/Agent');
-const { logViolation } = require('~/cache');
 
-/**
- * @param {AbortSignal} signal
- */
-function createToolLoader(signal) {
+function createToolLoader() {
   /**
    * @param {object} params
    * @param {ServerRequest} params.req
@@ -32,11 +26,7 @@ function createToolLoader(signal) {
    * @param {string} params.provider
    * @param {string} params.model
    * @param {AgentToolResources} params.tool_resources
-   * @returns {Promise<{
-   * tools: StructuredTool[],
-   * toolContextMap: Record<string, unknown>,
-   * userMCPAuthMap?: Record<string, Record<string, string>>
-   * } | undefined>}
+   * @returns {Promise<{ tools: StructuredTool[], toolContextMap: Record<string, unknown> } | undefined>}
    */
   return async function loadTools({ req, res, agentId, tools, provider, model, tool_resources }) {
     const agent = { id: agentId, tools, provider, model };
@@ -45,7 +35,6 @@ function createToolLoader(signal) {
         req,
         res,
         agent,
-        signal,
         tool_resources,
       });
     } catch (error) {
@@ -54,7 +43,7 @@ function createToolLoader(signal) {
   };
 }
 
-const initializeClient = async ({ req, res, signal, endpointOption }) => {
+const initializeClient = async ({ req, res, endpointOption }) => {
   if (!endpointOption) {
     throw new Error('Endpoint option not provided');
   }
@@ -83,24 +72,11 @@ const initializeClient = async ({ req, res, signal, endpointOption }) => {
     throw new Error('Agent not found');
   }
 
-  const modelsConfig = await getModelsConfig(req);
-  const validationResult = await validateAgentModel({
-    req,
-    res,
-    modelsConfig,
-    logViolation,
-    agent: primaryAgent,
-  });
-
-  if (!validationResult.isValid) {
-    throw new Error(validationResult.error?.message);
-  }
-
   const agentConfigs = new Map();
   /** @type {Set<string>} */
   const allowedProviders = new Set(req?.app?.locals?.[EModelEndpoint.agents]?.allowedProviders);
 
-  const loadTools = createToolLoader(signal);
+  const loadTools = createToolLoader();
   /** @type {Array<MongoFile>} */
   const requestFiles = req.body.files ?? [];
   /** @type {string} */
@@ -119,26 +95,12 @@ const initializeClient = async ({ req, res, signal, endpointOption }) => {
   });
 
   const agent_ids = primaryConfig.agent_ids;
-  let userMCPAuthMap = primaryConfig.userMCPAuthMap;
   if (agent_ids?.length) {
     for (const agentId of agent_ids) {
       const agent = await getAgent({ id: agentId });
       if (!agent) {
         throw new Error(`Agent ${agentId} not found`);
       }
-
-      const validationResult = await validateAgentModel({
-        req,
-        res,
-        agent,
-        modelsConfig,
-        logViolation,
-      });
-
-      if (!validationResult.isValid) {
-        throw new Error(validationResult.error?.message);
-      }
-
       const config = await initializeAgent({
         req,
         res,
@@ -149,11 +111,6 @@ const initializeClient = async ({ req, res, signal, endpointOption }) => {
         endpointOption,
         allowedProviders,
       });
-      if (userMCPAuthMap != null) {
-        Object.assign(userMCPAuthMap, config.userMCPAuthMap ?? {});
-      } else {
-        userMCPAuthMap = config.userMCPAuthMap;
-      }
       agentConfigs.set(agentId, config);
     }
   }
@@ -202,7 +159,7 @@ const initializeClient = async ({ req, res, signal, endpointOption }) => {
         : EModelEndpoint.agents,
   });
 
-  return { client, userMCPAuthMap };
+  return { client };
 };
 
 module.exports = { initializeClient };

api/server/services/Endpoints/agents/title.js

@@ -1,8 +1,8 @@
-const { isEnabled } = require('@librechat/api');
-const { logger } = require('@librechat/data-schemas');
 const { CacheKeys } = require('librechat-data-provider');
 const getLogStores = require('~/cache/getLogStores');
+const { isEnabled } = require('~/server/utils');
 const { saveConvo } = require('~/models');
+const { logger } = require('~/config');
 
 /**
  * Add title to conversation in a way that avoids memory retention

api/server/services/Endpoints/anthropic/helpers.js

@@ -45,10 +45,6 @@ function getClaudeHeaders(model, supportsCacheControl) {
       'anthropic-beta':
         'token-efficient-tools-2025-02-19,output-128k-2025-02-19,prompt-caching-2024-07-31',
     };
-  } else if (/claude-sonnet-4/.test(model)) {
-    return {
-      'anthropic-beta': 'prompt-caching-2024-07-31,context-1m-2025-08-07',
-    };
   } else if (
     /claude-(?:sonnet|opus|haiku)-[4-9]/.test(model) ||
     /claude-[4-9]-(?:sonnet|opus|haiku)?/.test(model) ||

api/server/services/Endpoints/anthropic/initialize.js

@@ -39,9 +39,8 @@ const initializeClient = async ({ req, res, endpointOption, overrideModel, optio
   if (optionsOnly) {
     clientOptions = Object.assign(
       {
-        proxy: PROXY ?? null,
-        userId: req.user.id,
         reverseProxyUrl: ANTHROPIC_REVERSE_PROXY ?? null,
+        proxy: PROXY ?? null,
         modelOptions: endpointOption?.model_parameters ?? {},
       },
       clientOptions,

api/server/services/Endpoints/anthropic/llm.js

@@ -15,7 +15,6 @@ const { checkPromptCacheSupport, getClaudeHeaders, configureReasoning } = requir
  * @param {number} [options.modelOptions.topK] - Controls the number of top tokens to consider.
  * @param {string[]} [options.modelOptions.stop] - Sequences where the API will stop generating further tokens.
  * @param {boolean} [options.modelOptions.stream] - Whether to stream the response.
- * @param {string} options.userId - The user ID for tracking and personalization.
  * @param {string} [options.proxy] - Proxy server URL.
  * @param {string} [options.reverseProxyUrl] - URL for a reverse proxy, if used.
  *
@@ -48,11 +47,6 @@ function getLLMConfig(apiKey, options = {}) {
     maxTokens:
       mergedOptions.maxOutputTokens || anthropicSettings.maxOutputTokens.reset(mergedOptions.model),
     clientOptions: {},
-    invocationKwargs: {
-      metadata: {
-        user_id: options.userId,
-      },
-    },
   };
 
   requestOptions = configureReasoning(requestOptions, systemOptions);

api/server/services/Endpoints/anthropic/llm.spec.js

@@ -1,19 +1,50 @@
+const { anthropicSettings, removeNullishValues } = require('librechat-data-provider');
 const { getLLMConfig } = require('~/server/services/Endpoints/anthropic/llm');
+const { checkPromptCacheSupport, getClaudeHeaders, configureReasoning } = require('./helpers');
 
 jest.mock('https-proxy-agent', () => ({
   HttpsProxyAgent: jest.fn().mockImplementation((proxy) => ({ proxy })),
 }));
 
+jest.mock('./helpers', () => ({
+  checkPromptCacheSupport: jest.fn(),
+  getClaudeHeaders: jest.fn(),
+  configureReasoning: jest.fn((requestOptions) => requestOptions),
+}));
+
+jest.mock('librechat-data-provider', () => ({
+  anthropicSettings: {
+    model: { default: 'claude-3-opus-20240229' },
+    maxOutputTokens: { default: 4096, reset: jest.fn(() => 4096) },
+    thinking: { default: false },
+    promptCache: { default: false },
+    thinkingBudget: { default: null },
+  },
+  removeNullishValues: jest.fn((obj) => {
+    const result = {};
+    for (const key in obj) {
+      if (obj[key] !== null && obj[key] !== undefined) {
+        result[key] = obj[key];
+      }
+    }
+    return result;
+  }),
+}));
+
 describe('getLLMConfig', () => {
   beforeEach(() => {
     jest.clearAllMocks();
+    checkPromptCacheSupport.mockReturnValue(false);
+    getClaudeHeaders.mockReturnValue(undefined);
+    configureReasoning.mockImplementation((requestOptions) => requestOptions);
+    anthropicSettings.maxOutputTokens.reset.mockReturnValue(4096);
   });
 
   it('should create a basic configuration with default values', () => {
     const result = getLLMConfig('test-api-key', { modelOptions: {} });
 
     expect(result.llmConfig).toHaveProperty('apiKey', 'test-api-key');
-    expect(result.llmConfig).toHaveProperty('model', 'claude-3-5-sonnet-latest');
+    expect(result.llmConfig).toHaveProperty('model', anthropicSettings.model.default);
     expect(result.llmConfig).toHaveProperty('stream', true);
     expect(result.llmConfig).toHaveProperty('maxTokens');
   });
@@ -68,73 +99,40 @@ describe('getLLMConfig', () => {
     expect(result.llmConfig).toHaveProperty('topP', 0.9);
   });
 
-  it('should NOT include topK and topP for Claude-3-7 models with thinking enabled (hyphen notation)', () => {
+  it('should NOT include topK and topP for Claude-3-7 models (hyphen notation)', () => {
+    configureReasoning.mockImplementation((requestOptions) => {
+      requestOptions.thinking = { type: 'enabled' };
+      return requestOptions;
+    });
+
     const result = getLLMConfig('test-api-key', {
       modelOptions: {
         model: 'claude-3-7-sonnet',
         topK: 10,
         topP: 0.9,
-        thinking: true,
       },
     });
 
     expect(result.llmConfig).not.toHaveProperty('topK');
     expect(result.llmConfig).not.toHaveProperty('topP');
-    expect(result.llmConfig).toHaveProperty('thinking');
-    expect(result.llmConfig.thinking).toHaveProperty('type', 'enabled');
-    // When thinking is enabled, it uses the default thinkingBudget of 2000
-    expect(result.llmConfig.thinking).toHaveProperty('budget_tokens', 2000);
   });
 
-  it('should add "prompt-caching" and "context-1m" beta headers for claude-sonnet-4 model', () => {
-    const modelOptions = {
-      model: 'claude-sonnet-4-20250514',
-      promptCache: true,
-    };
-    const result = getLLMConfig('test-key', { modelOptions });
-    const clientOptions = result.llmConfig.clientOptions;
-    expect(clientOptions.defaultHeaders).toBeDefined();
-    expect(clientOptions.defaultHeaders).toHaveProperty('anthropic-beta');
-    expect(clientOptions.defaultHeaders['anthropic-beta']).toBe(
-      'prompt-caching-2024-07-31,context-1m-2025-08-07',
-    );
-  });
-
-  it('should add "prompt-caching" and "context-1m" beta headers for claude-sonnet-4 model formats', () => {
-    const modelVariations = [
-      'claude-sonnet-4-20250514',
-      'claude-sonnet-4-latest',
-      'anthropic/claude-sonnet-4-20250514',
-    ];
-
-    modelVariations.forEach((model) => {
-      const modelOptions = { model, promptCache: true };
-      const result = getLLMConfig('test-key', { modelOptions });
-      const clientOptions = result.llmConfig.clientOptions;
-      expect(clientOptions.defaultHeaders).toBeDefined();
-      expect(clientOptions.defaultHeaders).toHaveProperty('anthropic-beta');
-      expect(clientOptions.defaultHeaders['anthropic-beta']).toBe(
-        'prompt-caching-2024-07-31,context-1m-2025-08-07',
-      );
+  it('should NOT include topK and topP for Claude-3.7 models (decimal notation)', () => {
+    configureReasoning.mockImplementation((requestOptions) => {
+      requestOptions.thinking = { type: 'enabled' };
+      return requestOptions;
     });
-  });
 
-  it('should NOT include topK and topP for Claude-3.7 models with thinking enabled (decimal notation)', () => {
     const result = getLLMConfig('test-api-key', {
       modelOptions: {
         model: 'claude-3.7-sonnet',
         topK: 10,
         topP: 0.9,
-        thinking: true,
       },
     });
 
     expect(result.llmConfig).not.toHaveProperty('topK');
     expect(result.llmConfig).not.toHaveProperty('topP');
-    expect(result.llmConfig).toHaveProperty('thinking');
-    expect(result.llmConfig.thinking).toHaveProperty('type', 'enabled');
-    // When thinking is enabled, it uses the default thinkingBudget of 2000
-    expect(result.llmConfig.thinking).toHaveProperty('budget_tokens', 2000);
   });
 
   it('should handle custom maxOutputTokens', () => {
@@ -235,6 +233,7 @@ describe('getLLMConfig', () => {
     });
 
     it('should handle maxOutputTokens when explicitly set to falsy value', () => {
+      anthropicSettings.maxOutputTokens.reset.mockReturnValue(8192);
       const result = getLLMConfig('test-api-key', {
         modelOptions: {
           model: 'claude-3-opus',
@@ -242,8 +241,8 @@ describe('getLLMConfig', () => {
         },
       });
 
-      // The actual anthropicSettings.maxOutputTokens.reset('claude-3-opus') returns 4096
-      expect(result.llmConfig).toHaveProperty('maxTokens', 4096);
+      expect(anthropicSettings.maxOutputTokens.reset).toHaveBeenCalledWith('claude-3-opus');
+      expect(result.llmConfig).toHaveProperty('maxTokens', 8192);
     });
 
     it('should handle both proxy and reverseProxyUrl', () => {
@@ -264,6 +263,9 @@ describe('getLLMConfig', () => {
     });
 
     it('should handle prompt cache with supported model', () => {
+      checkPromptCacheSupport.mockReturnValue(true);
+      getClaudeHeaders.mockReturnValue({ 'anthropic-beta': 'prompt-caching-2024-07-31' });
+
       const result = getLLMConfig('test-api-key', {
         modelOptions: {
           model: 'claude-3-5-sonnet',
@@ -271,38 +273,43 @@ describe('getLLMConfig', () => {
         },
       });
 
-      // claude-3-5-sonnet supports prompt caching and should get the appropriate headers
+      expect(checkPromptCacheSupport).toHaveBeenCalledWith('claude-3-5-sonnet');
+      expect(getClaudeHeaders).toHaveBeenCalledWith('claude-3-5-sonnet', true);
       expect(result.llmConfig.clientOptions.defaultHeaders).toEqual({
-        'anthropic-beta': 'max-tokens-3-5-sonnet-2024-07-15,prompt-caching-2024-07-31',
+        'anthropic-beta': 'prompt-caching-2024-07-31',
       });
     });
 
     it('should handle thinking and thinkingBudget options', () => {
-      const result = getLLMConfig('test-api-key', {
+      configureReasoning.mockImplementation((requestOptions, systemOptions) => {
+        if (systemOptions.thinking) {
+          requestOptions.thinking = { type: 'enabled' };
+        }
+        if (systemOptions.thinkingBudget) {
+          requestOptions.thinking = {
+            ...requestOptions.thinking,
+            budget_tokens: systemOptions.thinkingBudget,
+          };
+        }
+        return requestOptions;
+      });
+
+      getLLMConfig('test-api-key', {
         modelOptions: {
           model: 'claude-3-7-sonnet',
           thinking: true,
-          thinkingBudget: 10000, // This exceeds the default max_tokens of 8192
+          thinkingBudget: 5000,
         },
       });
 
-      // The function should add thinking configuration for claude-3-7 models
-      expect(result.llmConfig).toHaveProperty('thinking');
-      expect(result.llmConfig.thinking).toHaveProperty('type', 'enabled');
-      // With claude-3-7-sonnet, the max_tokens default is 8192
-      // Budget tokens gets adjusted to 90% of max_tokens (8192 * 0.9 = 7372) when it exceeds max_tokens
-      expect(result.llmConfig.thinking).toHaveProperty('budget_tokens', 7372);
-
-      // Test with budget_tokens within max_tokens limit
-      const result2 = getLLMConfig('test-api-key', {
-        modelOptions: {
-          model: 'claude-3-7-sonnet',
+      expect(configureReasoning).toHaveBeenCalledWith(
+        expect.any(Object),
+        expect.objectContaining({
           thinking: true,
-          thinkingBudget: 2000,
-        },
-      });
-
-      expect(result2.llmConfig.thinking).toHaveProperty('budget_tokens', 2000);
+          promptCache: false,
+          thinkingBudget: 5000,
+        }),
+      );
     });
 
     it('should remove system options from modelOptions', () => {
@@ -323,6 +330,16 @@ describe('getLLMConfig', () => {
     });
 
     it('should handle all nullish values removal', () => {
+      removeNullishValues.mockImplementation((obj) => {
+        const cleaned = {};
+        Object.entries(obj).forEach(([key, value]) => {
+          if (value !== null && value !== undefined) {
+            cleaned[key] = value;
+          }
+        });
+        return cleaned;
+      });
+
       const result = getLLMConfig('test-api-key', {
         modelOptions: {
           temperature: null,

api/server/services/Endpoints/azureAssistants/initialize.js

@@ -109,14 +109,14 @@ const initializeClient = async ({ req, res, version, endpointOption, initAppClie
 
     apiKey = azureOptions.azureOpenAIApiKey;
     opts.defaultQuery = { 'api-version': azureOptions.azureOpenAIApiVersion };
-    opts.defaultHeaders = resolveHeaders({
-      headers: {
+    opts.defaultHeaders = resolveHeaders(
+      {
         ...headers,
         'api-key': apiKey,
         'OpenAI-Beta': `assistants=${version}`,
       },
-      user: req.user,
-    });
+      req.user,
+    );
     opts.model = azureOptions.azureOpenAIApiDeploymentName;
 
     if (initAppClient) {

api/server/services/Endpoints/custom/initialize.js

@@ -28,11 +28,7 @@ const initializeClient = async ({ req, res, endpointOption, optionsOnly, overrid
   const CUSTOM_API_KEY = extractEnvVariable(endpointConfig.apiKey);
   const CUSTOM_BASE_URL = extractEnvVariable(endpointConfig.baseURL);
 
-  let resolvedHeaders = resolveHeaders({
-    headers: endpointConfig.headers,
-    user: req.user,
-    body: req.body,
-  });
+  let resolvedHeaders = resolveHeaders(endpointConfig.headers, req.user);
 
   if (CUSTOM_API_KEY.match(envVarRegex)) {
     throw new Error(`Missing API Key for ${endpoint}.`);

api/server/services/Endpoints/custom/initialize.spec.js

@@ -64,14 +64,13 @@ describe('custom/initializeClient', () => {
     jest.clearAllMocks();
   });
 
-  it('calls resolveHeaders with headers, user, and body for body placeholder support', async () => {
+  it('calls resolveHeaders with headers and user', async () => {
     const { resolveHeaders } = require('@librechat/api');
     await initializeClient({ req: mockRequest, res: mockResponse, optionsOnly: true });
-    expect(resolveHeaders).toHaveBeenCalledWith({
-      headers: { 'x-user': '{{LIBRECHAT_USER_ID}}', 'x-email': '{{LIBRECHAT_USER_EMAIL}}' },
-      user: { id: 'user-123', email: 'test@example.com' },
-      body: { endpoint: 'test-endpoint' }, // body - supports {{LIBRECHAT_BODY_*}} placeholders
-    });
+    expect(resolveHeaders).toHaveBeenCalledWith(
+      { 'x-user': '{{LIBRECHAT_USER_ID}}', 'x-email': '{{LIBRECHAT_USER_EMAIL}}' },
+      { id: 'user-123', email: 'test@example.com' },
+    );
   });
 
   it('throws if endpoint config is missing', async () => {

api/server/services/Endpoints/openAI/initialize.js

@@ -81,10 +81,10 @@ const initializeClient = async ({
     serverless = _serverless;
 
     clientOptions.reverseProxyUrl = baseURL ?? clientOptions.reverseProxyUrl;
-    clientOptions.headers = resolveHeaders({
-      headers: { ...headers, ...(clientOptions.headers ?? {}) },
-      user: req.user,
-    });
+    clientOptions.headers = resolveHeaders(
+      { ...headers, ...(clientOptions.headers ?? {}) },
+      req.user,
+    );
 
     clientOptions.titleConvo = azureConfig.titleConvo;
     clientOptions.titleModel = azureConfig.titleModel;

api/server/services/Files/Firebase/crud.js

@@ -2,10 +2,10 @@ const fs = require('fs');
 const path = require('path');
 const axios = require('axios');
 const fetch = require('node-fetch');
-const { logger } = require('@librechat/data-schemas');
 const { ref, uploadBytes, getDownloadURL, deleteObject } = require('firebase/storage');
 const { getBufferMetadata } = require('~/server/utils');
 const { getFirebaseStorage } = require('./initialize');
+const { logger } = require('~/config');
 
 /**
  * Deletes a file from Firebase Storage.
@@ -145,10 +145,7 @@ function extractFirebaseFilePath(urlString) {
     }
 
     return '';
-  } catch {
-    logger.debug(
-      '[extractFirebaseFilePath] Failed to extract Firebase file path from URL, returning empty string',
-    );
+  } catch (error) {
     // If URL parsing fails, return an empty string
     return '';
   }
@@ -214,24 +211,14 @@ async function uploadFileToFirebase({ req, file, file_id }) {
   const inputBuffer = await fs.promises.readFile(inputFilePath);
   const bytes = Buffer.byteLength(inputBuffer);
   const userId = req.user.id;
+
   const fileName = `${file_id}__${path.basename(inputFilePath)}`;
-  try {
-    const downloadURL = await saveBufferToFirebase({ userId, buffer: inputBuffer, fileName });
-    return { filepath: downloadURL, bytes };
-  } catch (err) {
-    logger.error('[uploadFileToFirebase] Error saving file buffer to Firebase:', err);
-    try {
-      if (file && file.path) {
-        await fs.promises.unlink(file.path);
-      }
-    } catch (unlinkError) {
-      logger.error(
-        '[uploadFileToFirebase] Error deleting temporary file, likely already deleted:',
-        unlinkError.message,
-      );
-    }
-    throw err;
-  }
+
+  const downloadURL = await saveBufferToFirebase({ userId, buffer: inputBuffer, fileName });
+
+  await fs.promises.unlink(inputFilePath);
+
+  return { filepath: downloadURL, bytes };
 }
 
 /**

api/server/services/MCP.js

@@ -1,29 +1,18 @@
 const { z } = require('zod');
 const { tool } = require('@langchain/core/tools');
 const { logger } = require('@librechat/data-schemas');
-const {
-  Providers,
-  StepTypes,
-  GraphEvents,
-  Constants: AgentConstants,
-} = require('@librechat/agents');
+const { Time, CacheKeys, StepTypes } = require('librechat-data-provider');
+const { Constants: AgentConstants, Providers, GraphEvents } = require('@librechat/agents');
+const { Constants, ContentTypes, isAssistantsEndpoint } = require('librechat-data-provider');
 const {
   sendEvent,
   MCPOAuthHandler,
   normalizeServerName,
   convertWithResolvedRefs,
 } = require('@librechat/api');
-const {
-  Time,
-  CacheKeys,
-  Constants,
-  ContentTypes,
-  isAssistantsEndpoint,
-} = require('librechat-data-provider');
-const { getCachedTools, loadCustomConfig } = require('./Config');
 const { findToken, createToken, updateToken } = require('~/models');
 const { getMCPManager, getFlowStateManager } = require('~/config');
-const { reinitMCPServer } = require('./Tools/mcp');
+const { getCachedTools, loadCustomConfig } = require('./Config');
 const { getLogStores } = require('~/cache');
 
 /**
@@ -31,13 +20,16 @@ const { getLogStores } = require('~/cache');
  * @param {ServerResponse} params.res - The Express response object for sending events.
  * @param {string} params.stepId - The ID of the step in the flow.
  * @param {ToolCallChunk} params.toolCall - The tool call object containing tool information.
+ * @param {string} params.loginFlowId - The ID of the login flow.
+ * @param {FlowStateManager<any>} params.flowManager - The flow manager instance.
  */
-function createRunStepDeltaEmitter({ res, stepId, toolCall }) {
+function createOAuthStart({ res, stepId, toolCall, loginFlowId, flowManager, signal }) {
   /**
+   * Creates a function to handle OAuth login requests.
    * @param {string} authURL - The URL to redirect the user for OAuth authentication.
-   * @returns {void}
+   * @returns {Promise<boolean>} Returns true to indicate the event was sent successfully.
    */
-  return function (authURL) {
+  return async function (authURL) {
     /** @type {{ id: string; delta: AgentToolCallDelta }} */
     const data = {
       id: stepId,
@@ -48,54 +40,17 @@ function createRunStepDeltaEmitter({ res, stepId, toolCall }) {
         expires_at: Date.now() + Time.TWO_MINUTES,
       },
     };
-    sendEvent(res, { event: GraphEvents.ON_RUN_STEP_DELTA, data });
-  };
-}
-
-/**
- * @param {object} params
- * @param {ServerResponse} params.res - The Express response object for sending events.
- * @param {string} params.runId - The Run ID, i.e. message ID
- * @param {string} params.stepId - The ID of the step in the flow.
- * @param {ToolCallChunk} params.toolCall - The tool call object containing tool information.
- * @param {number} [params.index]
- */
-function createRunStepEmitter({ res, runId, stepId, toolCall, index }) {
-  return function () {
-    /** @type {import('@librechat/agents').RunStep} */
-    const data = {
-      runId: runId ?? Constants.USE_PRELIM_RESPONSE_MESSAGE_ID,
-      id: stepId,
-      type: StepTypes.TOOL_CALLS,
-      index: index ?? 0,
-      stepDetails: {
-        type: StepTypes.TOOL_CALLS,
-        tool_calls: [toolCall],
+    /** Used to ensure the handler (use of `sendEvent`) is only invoked once */
+    await flowManager.createFlowWithHandler(
+      loginFlowId,
+      'oauth_login',
+      async () => {
+        sendEvent(res, { event: GraphEvents.ON_RUN_STEP_DELTA, data });
+        logger.debug('Sent OAuth login request to client');
+        return true;
       },
-    };
-    sendEvent(res, { event: GraphEvents.ON_RUN_STEP, data });
-  };
-}
-
-/**
- * Creates a function used to ensure the flow handler is only invoked once
- * @param {object} params
- * @param {string} params.flowId - The ID of the login flow.
- * @param {FlowStateManager<any>} params.flowManager - The flow manager instance.
- * @param {(authURL: string) => void} [params.callback]
- */
-function createOAuthStart({ flowId, flowManager, callback }) {
-  /**
-   * Creates a function to handle OAuth login requests.
-   * @param {string} authURL - The URL to redirect the user for OAuth authentication.
-   * @returns {Promise<boolean>} Returns true to indicate the event was sent successfully.
-   */
-  return async function (authURL) {
-    await flowManager.createFlowWithHandler(flowId, 'oauth_login', async () => {
-      callback?.(authURL);
-      logger.debug('Sent OAuth login request to client');
-      return true;
-    });
+      signal,
+    );
   };
 }
 
@@ -138,166 +93,23 @@ function createAbortHandler({ userId, serverName, toolName, flowManager }) {
 }
 
 /**
- * @param {Object} params
- * @param {() => void} params.runStepEmitter
- * @param {(authURL: string) => void} params.runStepDeltaEmitter
- * @returns {(authURL: string) => void}
- */
-function createOAuthCallback({ runStepEmitter, runStepDeltaEmitter }) {
-  return function (authURL) {
-    runStepEmitter();
-    runStepDeltaEmitter(authURL);
-  };
-}
-
-/**
- * @param {Object} params
- * @param {ServerRequest} params.req - The Express request object, containing user/request info.
- * @param {ServerResponse} params.res - The Express response object for sending events.
- * @param {string} params.serverName
- * @param {AbortSignal} params.signal
- * @param {string} params.model
- * @param {number} [params.index]
- * @param {Record<string, Record<string, string>>} [params.userMCPAuthMap]
- * @returns { Promise<Array<typeof tool | { _call: (toolInput: Object | string) => unknown}>> } An object with `_call` method to execute the tool input.
- */
-async function reconnectServer({ req, res, index, signal, serverName, userMCPAuthMap }) {
-  const runId = Constants.USE_PRELIM_RESPONSE_MESSAGE_ID;
-  const flowId = `${req.user?.id}:${serverName}:${Date.now()}`;
-  const flowManager = getFlowStateManager(getLogStores(CacheKeys.FLOWS));
-  const stepId = 'step_oauth_login_' + serverName;
-  const toolCall = {
-    id: flowId,
-    name: serverName,
-    type: 'tool_call_chunk',
-  };
-
-  const runStepEmitter = createRunStepEmitter({
-    res,
-    index,
-    runId,
-    stepId,
-    toolCall,
-  });
-  const runStepDeltaEmitter = createRunStepDeltaEmitter({
-    res,
-    stepId,
-    toolCall,
-  });
-  const callback = createOAuthCallback({ runStepEmitter, runStepDeltaEmitter });
-  const oauthStart = createOAuthStart({
-    res,
-    flowId,
-    callback,
-    flowManager,
-  });
-  return await reinitMCPServer({
-    req,
-    signal,
-    serverName,
-    oauthStart,
-    flowManager,
-    userMCPAuthMap,
-    forceNew: true,
-    returnOnOAuth: false,
-    connectionTimeout: Time.TWO_MINUTES,
-  });
-}
-
-/**
- * Creates all tools from the specified MCP Server via `toolKey`.
+ * Creates a general tool for an entire action set.
  *
- * This function assumes tools could not be aggregated from the cache of tool definitions,
- * i.e. `availableTools`, and will reinitialize the MCP server to ensure all tools are generated.
- *
- * @param {Object} params
- * @param {ServerRequest} params.req - The Express request object, containing user/request info.
- * @param {ServerResponse} params.res - The Express response object for sending events.
- * @param {string} params.serverName
- * @param {string} params.model
- * @param {Providers | EModelEndpoint} params.provider - The provider for the tool.
- * @param {number} [params.index]
- * @param {AbortSignal} [params.signal]
- * @param {Record<string, Record<string, string>>} [params.userMCPAuthMap]
- * @returns { Promise<Array<typeof tool | { _call: (toolInput: Object | string) => unknown}>> } An object with `_call` method to execute the tool input.
- */
-async function createMCPTools({ req, res, index, signal, serverName, provider, userMCPAuthMap }) {
-  const result = await reconnectServer({ req, res, index, signal, serverName, userMCPAuthMap });
-  if (!result || !result.tools) {
-    logger.warn(`[MCP][${serverName}] Failed to reinitialize MCP server.`);
-    return;
-  }
-
-  const serverTools = [];
-  for (const tool of result.tools) {
-    const toolInstance = await createMCPTool({
-      req,
-      res,
-      provider,
-      userMCPAuthMap,
-      availableTools: result.availableTools,
-      toolKey: `${tool.name}${Constants.mcp_delimiter}${serverName}`,
-    });
-    if (toolInstance) {
-      serverTools.push(toolInstance);
-    }
-  }
-
-  return serverTools;
-}
-
-/**
- * Creates a single tool from the specified MCP Server via `toolKey`.
- * @param {Object} params
+ * @param {Object} params - The parameters for loading action sets.
  * @param {ServerRequest} params.req - The Express request object, containing user/request info.
  * @param {ServerResponse} params.res - The Express response object for sending events.
  * @param {string} params.toolKey - The toolKey for the tool.
+ * @param {import('@librechat/agents').Providers | EModelEndpoint} params.provider - The provider for the tool.
  * @param {string} params.model - The model for the tool.
- * @param {number} [params.index]
- * @param {AbortSignal} [params.signal]
- * @param {Providers | EModelEndpoint} params.provider - The provider for the tool.
- * @param {LCAvailableTools} [params.availableTools]
- * @param {Record<string, Record<string, string>>} [params.userMCPAuthMap]
  * @returns { Promise<typeof tool | { _call: (toolInput: Object | string) => unknown}> } An object with `_call` method to execute the tool input.
  */
-async function createMCPTool({
-  req,
-  res,
-  index,
-  signal,
-  toolKey,
-  provider,
-  userMCPAuthMap,
-  availableTools: tools,
-}) {
-  const [toolName, serverName] = toolKey.split(Constants.mcp_delimiter);
-  const availableTools =
-    tools ?? (await getCachedTools({ userId: req.user?.id, includeGlobal: true }));
-  /** @type {LCTool | undefined} */
-  let toolDefinition = availableTools?.[toolKey]?.function;
+async function createMCPTool({ req, res, toolKey, provider: _provider }) {
+  const availableTools = await getCachedTools({ userId: req.user?.id, includeGlobal: true });
+  const toolDefinition = availableTools?.[toolKey]?.function;
   if (!toolDefinition) {
-    logger.warn(
-      `[MCP][${serverName}][${toolName}] Requested tool not found in available tools, re-initializing MCP server.`,
-    );
-    const result = await reconnectServer({ req, res, index, signal, serverName, userMCPAuthMap });
-    toolDefinition = result?.availableTools?.[toolKey]?.function;
+    logger.error(`Tool ${toolKey} not found in available tools`);
+    return null;
   }
-
-  if (!toolDefinition) {
-    logger.warn(`[MCP][${serverName}][${toolName}] Tool definition not found, cannot create tool.`);
-    return;
-  }
-
-  return createToolInstance({
-    res,
-    provider,
-    toolName,
-    serverName,
-    toolDefinition,
-  });
-}
-
-function createToolInstance({ res, toolName, serverName, toolDefinition, provider: _provider }) {
   /** @type {LCTool} */
   const { description, parameters } = toolDefinition;
   const isGoogle = _provider === Providers.VERTEXAI || _provider === Providers.GOOGLE;
@@ -310,8 +122,16 @@ function createToolInstance({ res, toolName, serverName, toolDefinition, provide
     schema = z.object({ input: z.string().optional() });
   }
 
+  const [toolName, serverName] = toolKey.split(Constants.mcp_delimiter);
   const normalizedToolKey = `${toolName}${Constants.mcp_delimiter}${normalizeServerName(serverName)}`;
 
+  if (!req.user?.id) {
+    logger.error(
+      `[MCP][${serverName}][${toolName}] User ID not found on request. Cannot create tool.`,
+    );
+    throw new Error(`User ID not found on request. Cannot create tool for ${toolKey}.`);
+  }
+
   /** @type {(toolArguments: Object | string, config?: GraphRunnableConfig) => Promise<unknown>} */
   const _call = async (toolArguments, config) => {
     const userId = config?.configurable?.user?.id || config?.configurable?.user_id;
@@ -328,16 +148,14 @@ function createToolInstance({ res, toolName, serverName, toolDefinition, provide
       const provider = (config?.metadata?.provider || _provider)?.toLowerCase();
 
       const { args: _args, stepId, ...toolCall } = config.toolCall ?? {};
-      const flowId = `${serverName}:oauth_login:${config.metadata.thread_id}:${config.metadata.run_id}`;
-      const runStepDeltaEmitter = createRunStepDeltaEmitter({
+      const loginFlowId = `${serverName}:oauth_login:${config.metadata.thread_id}:${config.metadata.run_id}`;
+      const oauthStart = createOAuthStart({
         res,
         stepId,
         toolCall,
-      });
-      const oauthStart = createOAuthStart({
-        flowId,
+        loginFlowId,
         flowManager,
-        callback: runStepDeltaEmitter,
+        signal: derivedSignal,
       });
       const oauthEnd = createOAuthEnd({
         res,
@@ -362,7 +180,6 @@ function createToolInstance({ res, toolName, serverName, toolDefinition, provide
           signal: derivedSignal,
         },
         user: config?.configurable?.user,
-        requestBody: config?.configurable?.requestBody,
         customUserVars,
         flowManager,
         tokenMethods: {
@@ -383,7 +200,7 @@ function createToolInstance({ res, toolName, serverName, toolDefinition, provide
       return result;
     } catch (error) {
       logger.error(
-        `[MCP][${serverName}][${toolName}][User: ${userId}] Error calling MCP tool:`,
+        `[MCP][User: ${userId}][${serverName}] Error calling "${toolName}" MCP tool:`,
         error,
       );
 
@@ -396,12 +213,12 @@ function createToolInstance({ res, toolName, serverName, toolDefinition, provide
 
       if (isOAuthError) {
         throw new Error(
-          `[MCP][${serverName}][${toolName}] OAuth authentication required. Please check the server logs for the authentication URL.`,
+          `OAuth authentication required for ${serverName}. Please check the server logs for the authentication URL.`,
         );
       }
 
       throw new Error(
-        `[MCP][${serverName}][${toolName}] tool call failed${error?.message ? `: ${error?.message}` : '.'}`,
+        `"${toolKey}" tool call failed${error?.message ? `: ${error?.message}` : '.'}`,
       );
     } finally {
       // Clean up abort handler to prevent memory leaks
@@ -437,21 +254,15 @@ async function getMCPSetupData(userId) {
   }
 
   const mcpManager = getMCPManager(userId);
-  /** @type {ReturnType<MCPManager['getAllConnections']>} */
-  let appConnections = new Map();
-  try {
-    appConnections = (await mcpManager.getAllConnections()) || new Map();
-  } catch (error) {
-    logger.error(`[MCP][User: ${userId}] Error getting app connections:`, error);
-  }
+  const appConnections = mcpManager.getAllConnections() || new Map();
   const userConnections = mcpManager.getUserConnections(userId) || new Map();
   const oauthServers = mcpManager.getOAuthServers() || new Set();
 
   return {
     mcpConfig,
-    oauthServers,
     appConnections,
     userConnections,
+    oauthServers,
   };
 }
 
@@ -556,7 +367,6 @@ async function getServerConnectionStatus(
 
 module.exports = {
   createMCPTool,
-  createMCPTools,
   getMCPSetupData,
   checkOAuthFlowStatus,
   getServerConnectionStatus,

api/server/services/ModelService.js

@@ -34,7 +34,6 @@ const { openAIApiKey, userProvidedOpenAI } = require('./Config/EndpointService')
  * @param {string} params.apiKey - The API key for authentication with the API.
  * @param {string} params.baseURL - The base path URL for the API.
  * @param {string} [params.name='OpenAI'] - The name of the API; defaults to 'OpenAI'.
- * @param {boolean} [params.direct=false] - Whether `directEndpoint` was configured
  * @param {boolean} [params.azure=false] - Whether to fetch models from Azure.
  * @param {boolean} [params.userIdQuery=false] - Whether to send the user ID as a query parameter.
  * @param {boolean} [params.createTokenConfig=true] - Whether to create a token configuration from the API response.
@@ -45,16 +44,14 @@ const { openAIApiKey, userProvidedOpenAI } = require('./Config/EndpointService')
 const fetchModels = async ({
   user,
   apiKey,
-  baseURL: _baseURL,
+  baseURL,
   name = EModelEndpoint.openAI,
-  direct,
   azure = false,
   userIdQuery = false,
   createTokenConfig = true,
   tokenKey,
 }) => {
   let models = [];
-  const baseURL = direct ? extractBaseURL(_baseURL) : _baseURL;
 
   if (!baseURL && !azure) {
     return models;

api/server/services/Runs/handle.js

@@ -33,7 +33,7 @@ async function withTimeout(promise, timeoutMs, timeoutMessage) {
  * @param {string} [params.body.model] - Optional. The ID of the model to be used for this run.
  * @param {string} [params.body.instructions] - Optional. Override the default system message of the assistant.
  * @param {string} [params.body.additional_instructions] - Optional. Appends additional instructions
- * at the end of the instructions for the run. This is useful for modifying
+ * at theend of the instructions for the run. This is useful for modifying
  * the behavior on a per-run basis without overriding other instructions.
  * @param {Object[]} [params.body.tools] - Optional. Override the tools the assistant can use for this run.
  * @param {string[]} [params.body.file_ids] - Optional.

api/server/services/ToolService.js

@@ -3,7 +3,6 @@ const path = require('path');
 const { sleep } = require('@librechat/agents');
 const { logger } = require('@librechat/data-schemas');
 const { zodToJsonSchema } = require('zod-to-json-schema');
-const { getToolkitKey, getUserMCPAuthMap } = require('@librechat/api');
 const { Calculator } = require('@langchain/community/tools/calculator');
 const { tool: toolFn, Tool, DynamicStructuredTool } = require('@langchain/core/tools');
 const {
@@ -12,6 +11,7 @@ const {
   ErrorTypes,
   ContentTypes,
   imageGenTools,
+  EToolResources,
   EModelEndpoint,
   actionDelimiter,
   ImageVisionTool,
@@ -33,17 +33,36 @@ const {
   toolkits,
 } = require('~/app/clients/tools');
 const { processFileURL, uploadImageBuffer } = require('~/server/services/Files/process');
-const {
-  getEndpointsConfig,
-  hasCustomUserVars,
-  getCachedTools,
-} = require('~/server/services/Config');
+const { getEndpointsConfig, getCachedTools } = require('~/server/services/Config');
 const { createOnSearchResults } = require('~/server/services/Tools/search');
 const { isActionDomainAllowed } = require('~/server/services/domains');
 const { recordUsage } = require('~/server/services/Threads');
 const { loadTools } = require('~/app/clients/tools/util');
 const { redactMessage } = require('~/config/parsers');
-const { findPluginAuthsByKeys } = require('~/models');
+
+/**
+ * @param {string} toolName
+ * @returns {string | undefined} toolKey
+ */
+function getToolkitKey(toolName) {
+  /** @type {string|undefined} */
+  let toolkitKey;
+  for (const toolkit of toolkits) {
+    if (toolName.startsWith(EToolResources.image_edit)) {
+      const splitMatches = toolkit.pluginKey.split('_');
+      const suffix = splitMatches[splitMatches.length - 1];
+      if (toolName.endsWith(suffix)) {
+        toolkitKey = toolkit.pluginKey;
+        break;
+      }
+    }
+    if (toolName.startsWith(toolkit.pluginKey)) {
+      toolkitKey = toolkit.pluginKey;
+      break;
+    }
+  }
+  return toolkitKey;
+}
 
 /**
  * Loads and formats tools from the specified tool directory.
@@ -126,7 +145,7 @@ function loadAndFormatTools({ directory, adminFilter = [], adminIncluded = [] })
   for (const toolInstance of basicToolInstances) {
     const formattedTool = formatToOpenAIAssistantTool(toolInstance);
     let toolName = formattedTool[Tools.function].name;
-    toolName = getToolkitKey({ toolkits, toolName }) ?? toolName;
+    toolName = getToolkitKey(toolName) ?? toolName;
     if (filter.has(toolName) && included.size === 0) {
       continue;
     }
@@ -474,12 +493,11 @@ async function processRequiredActions(client, requiredActions) {
  * @param {Object} params - Run params containing user and request information.
  * @param {ServerRequest} params.req - The request object.
  * @param {ServerResponse} params.res - The request object.
- * @param {AbortSignal} params.signal
  * @param {Pick<Agent, 'id' | 'provider' | 'model' | 'tools'} params.agent - The agent to load tools for.
  * @param {string | undefined} [params.openAIApiKey] - The OpenAI API key.
- * @returns {Promise<{ tools?: StructuredTool[]; userMCPAuthMap?: Record<string, Record<string, string>> }>} The agent tools.
+ * @returns {Promise<{ tools?: StructuredTool[] }>} The agent tools.
  */
-async function loadAgentTools({ req, res, agent, signal, tool_resources, openAIApiKey }) {
+async function loadAgentTools({ req, res, agent, tool_resources, openAIApiKey }) {
   if (!agent.tools || agent.tools.length === 0) {
     return {};
   } else if (agent.tools && agent.tools.length === 1 && agent.tools[0] === AgentCapabilities.ocr) {
@@ -529,20 +547,8 @@ async function loadAgentTools({ req, res, agent, signal, tool_resources, openAIA
     webSearchCallbacks = createOnSearchResults(res);
   }
 
-  /** @type {Record<string, Record<string, string>>} */
-  let userMCPAuthMap;
-  if (await hasCustomUserVars()) {
-    userMCPAuthMap = await getUserMCPAuthMap({
-      tools: agent.tools,
-      userId: req.user.id,
-      findPluginAuthsByKeys,
-    });
-  }
-
   const { loadedTools, toolContextMap } = await loadTools({
     agent,
-    signal,
-    userMCPAuthMap,
     functions: true,
     user: req.user.id,
     tools: _agentTools,
@@ -606,7 +612,6 @@ async function loadAgentTools({ req, res, agent, signal, tool_resources, openAIA
   if (!checkCapability(AgentCapabilities.actions)) {
     return {
       tools: agentTools,
-      userMCPAuthMap,
       toolContextMap,
     };
   }
@@ -618,7 +623,6 @@ async function loadAgentTools({ req, res, agent, signal, tool_resources, openAIA
     }
     return {
       tools: agentTools,
-      userMCPAuthMap,
       toolContextMap,
     };
   }
@@ -727,7 +731,6 @@ async function loadAgentTools({ req, res, agent, signal, tool_resources, openAIA
   return {
     tools: agentTools,
     toolContextMap,
-    userMCPAuthMap,
   };
 }
 

api/server/services/Tools/mcp.js

@@ -1,142 +0,0 @@
-const { logger } = require('@librechat/data-schemas');
-const { CacheKeys, Constants } = require('librechat-data-provider');
-const { findToken, createToken, updateToken, deleteTokens } = require('~/models');
-const { getMCPManager, getFlowStateManager } = require('~/config');
-const { updateMCPUserTools } = require('~/server/services/Config');
-const { getLogStores } = require('~/cache');
-
-/**
- * @param {Object} params
- * @param {ServerRequest} params.req
- * @param {string} params.serverName - The name of the MCP server
- * @param {boolean} params.returnOnOAuth - Whether to initiate OAuth and return, or wait for OAuth flow to finish
- * @param {AbortSignal} [params.signal] - The abort signal to handle cancellation.
- * @param {boolean} [params.forceNew]
- * @param {number} [params.connectionTimeout]
- * @param {FlowStateManager<any>} [params.flowManager]
- * @param {(authURL: string) => Promise<boolean>} [params.oauthStart]
- * @param {Record<string, Record<string, string>>} [params.userMCPAuthMap]
- */
-async function reinitMCPServer({
-  req,
-  signal,
-  forceNew,
-  serverName,
-  userMCPAuthMap,
-  connectionTimeout,
-  returnOnOAuth = true,
-  oauthStart: _oauthStart,
-  flowManager: _flowManager,
-}) {
-  /** @type {MCPConnection | null} */
-  let userConnection = null;
-  /** @type {LCAvailableTools | null} */
-  let availableTools = null;
-  /** @type {ReturnType<MCPConnection['fetchTools']> | null} */
-  let tools = null;
-  let oauthRequired = false;
-  let oauthUrl = null;
-  try {
-    const customUserVars = userMCPAuthMap?.[`${Constants.mcp_prefix}${serverName}`];
-    const flowManager = _flowManager ?? getFlowStateManager(getLogStores(CacheKeys.FLOWS));
-    const mcpManager = getMCPManager();
-
-    const oauthStart =
-      _oauthStart ??
-      (async (authURL) => {
-        logger.info(`[MCP Reinitialize] OAuth URL received: ${authURL}`);
-        oauthUrl = authURL;
-        oauthRequired = true;
-      });
-
-    try {
-      userConnection = await mcpManager.getUserConnection({
-        user: req.user,
-        signal,
-        forceNew,
-        oauthStart,
-        serverName,
-        flowManager,
-        returnOnOAuth,
-        customUserVars,
-        connectionTimeout,
-        tokenMethods: {
-          findToken,
-          updateToken,
-          createToken,
-          deleteTokens,
-        },
-      });
-
-      logger.info(`[MCP Reinitialize] Successfully established connection for ${serverName}`);
-    } catch (err) {
-      logger.info(`[MCP Reinitialize] getUserConnection threw error: ${err.message}`);
-      logger.info(
-        `[MCP Reinitialize] OAuth state - oauthRequired: ${oauthRequired}, oauthUrl: ${oauthUrl ? 'present' : 'null'}`,
-      );
-
-      const isOAuthError =
-        err.message?.includes('OAuth') ||
-        err.message?.includes('authentication') ||
-        err.message?.includes('401');
-
-      const isOAuthFlowInitiated = err.message === 'OAuth flow initiated - return early';
-
-      if (isOAuthError || oauthRequired || isOAuthFlowInitiated) {
-        logger.info(
-          `[MCP Reinitialize] OAuth required for ${serverName} (isOAuthError: ${isOAuthError}, oauthRequired: ${oauthRequired}, isOAuthFlowInitiated: ${isOAuthFlowInitiated})`,
-        );
-        oauthRequired = true;
-      } else {
-        logger.error(
-          `[MCP Reinitialize] Error initializing MCP server ${serverName} for user:`,
-          err,
-        );
-      }
-    }
-
-    if (userConnection && !oauthRequired) {
-      tools = await userConnection.fetchTools();
-      availableTools = await updateMCPUserTools({
-        userId: req.user.id,
-        serverName,
-        tools,
-      });
-    }
-
-    logger.debug(
-      `[MCP Reinitialize] Sending response for ${serverName} - oauthRequired: ${oauthRequired}, oauthUrl: ${oauthUrl ? 'present' : 'null'}`,
-    );
-
-    const getResponseMessage = () => {
-      if (oauthRequired) {
-        return `MCP server '${serverName}' ready for OAuth authentication`;
-      }
-      if (userConnection) {
-        return `MCP server '${serverName}' reinitialized successfully`;
-      }
-      return `Failed to reinitialize MCP server '${serverName}'`;
-    };
-
-    const result = {
-      availableTools,
-      success: Boolean((userConnection && !oauthRequired) || (oauthRequired && oauthUrl)),
-      message: getResponseMessage(),
-      oauthRequired,
-      serverName,
-      oauthUrl,
-      tools,
-    };
-    logger.debug(`[MCP Reinitialize] Response for ${serverName}:`, result);
-    return result;
-  } catch (error) {
-    logger.error(
-      '[MCP Reinitialize] Error loading MCP Tools, servers may still be initializing:',
-      error,
-    );
-  }
-}
-
-module.exports = {
-  reinitMCPServer,
-};

api/server/services/initializeMCPs.js

@@ -1,6 +1,9 @@
 const { logger } = require('@librechat/data-schemas');
-const { createMCPManager } = require('~/config');
-const { mergeAppTools } = require('./Config');
+const { CacheKeys } = require('librechat-data-provider');
+const { findToken, updateToken, createToken, deleteTokens } = require('~/models');
+const { getMCPManager, getFlowStateManager } = require('~/config');
+const { getCachedTools, setCachedTools } = require('./Config');
+const { getLogStores } = require('~/cache');
 
 /**
  * Initialize MCP servers
@@ -12,16 +15,55 @@ async function initializeMCPs(app) {
     return;
   }
 
-  const mcpManager = await createMCPManager(mcpServers);
+  // Filter out servers with startup: false
+  const filteredServers = {};
+  for (const [name, config] of Object.entries(mcpServers)) {
+    if (config.startup === false) {
+      logger.info(`Skipping MCP server '${name}' due to startup: false`);
+      continue;
+    }
+    filteredServers[name] = config;
+  }
+
+  if (Object.keys(filteredServers).length === 0) {
+    logger.info('[MCP] No MCP servers to initialize (all skipped or none configured)');
+    return;
+  }
+
+  logger.info('Initializing MCP servers...');
+  const mcpManager = getMCPManager();
+  const flowsCache = getLogStores(CacheKeys.FLOWS);
+  const flowManager = flowsCache ? getFlowStateManager(flowsCache) : null;
 
   try {
-    delete app.locals.mcpConfig;
-    const mcpTools = mcpManager.getAppToolFunctions() || {};
-    await mergeAppTools(mcpTools);
+    await mcpManager.initializeMCPs({
+      mcpServers: filteredServers,
+      flowManager,
+      tokenMethods: {
+        findToken,
+        updateToken,
+        createToken,
+        deleteTokens,
+      },
+    });
 
-    logger.info(
-      `MCP servers initialized successfully. Added ${Object.keys(mcpTools).length} MCP tools.`,
-    );
+    delete app.locals.mcpConfig;
+    const availableTools = await getCachedTools();
+
+    if (!availableTools) {
+      logger.warn('No available tools found in cache during MCP initialization');
+      return;
+    }
+
+    const toolsCopy = { ...availableTools };
+    await mcpManager.mapAvailableTools(toolsCopy, flowManager);
+    await setCachedTools(toolsCopy, { isGlobal: true });
+
+    const cache = getLogStores(CacheKeys.CONFIG_STORE);
+    await cache.delete(CacheKeys.TOOLS);
+    logger.debug('Cleared tools array cache after MCP initialization');
+
+    logger.info('MCP servers initialized successfully');
   } catch (error) {
     logger.error('Failed to initialize MCP servers:', error);
   }

api/server/services/start/interface.js

@@ -1,55 +1,21 @@
 const {
   SystemRoles,
   Permissions,
-  roleDefaults,
   PermissionTypes,
+  isMemoryEnabled,
   removeNullishValues,
 } = require('librechat-data-provider');
-const { logger } = require('@librechat/data-schemas');
-const { isMemoryEnabled } = require('@librechat/api');
-const { updateAccessPermissions, getRoleByName } = require('~/models/Role');
-
-/**
- * Checks if a permission type has explicit configuration
- */
-function hasExplicitConfig(interfaceConfig, permissionType) {
-  switch (permissionType) {
-    case PermissionTypes.PROMPTS:
-      return interfaceConfig.prompts !== undefined;
-    case PermissionTypes.BOOKMARKS:
-      return interfaceConfig.bookmarks !== undefined;
-    case PermissionTypes.MEMORIES:
-      return interfaceConfig.memories !== undefined;
-    case PermissionTypes.MULTI_CONVO:
-      return interfaceConfig.multiConvo !== undefined;
-    case PermissionTypes.AGENTS:
-      return interfaceConfig.agents !== undefined;
-    case PermissionTypes.TEMPORARY_CHAT:
-      return interfaceConfig.temporaryChat !== undefined;
-    case PermissionTypes.RUN_CODE:
-      return interfaceConfig.runCode !== undefined;
-    case PermissionTypes.WEB_SEARCH:
-      return interfaceConfig.webSearch !== undefined;
-    case PermissionTypes.PEOPLE_PICKER:
-      return interfaceConfig.peoplePicker !== undefined;
-    case PermissionTypes.MARKETPLACE:
-      return interfaceConfig.marketplace !== undefined;
-    case PermissionTypes.FILE_SEARCH:
-      return interfaceConfig.fileSearch !== undefined;
-    case PermissionTypes.FILE_CITATIONS:
-      return interfaceConfig.fileCitations !== undefined;
-    default:
-      return false;
-  }
-}
+const { updateAccessPermissions } = require('~/models/Role');
+const { logger } = require('~/config');
 
 /**
  * Loads the default interface object.
  * @param {TCustomConfig | undefined} config - The loaded custom configuration.
  * @param {TConfigDefaults} configDefaults - The custom configuration default values.
+ * @param {SystemRoles} [roleName] - The role to load the default interface for, defaults to `'USER'`.
  * @returns {Promise<TCustomConfig['interface']>} The default interface object.
  */
-async function loadDefaultInterface(config, configDefaults) {
+async function loadDefaultInterface(config, configDefaults, roleName = SystemRoles.USER) {
   const { interface: interfaceConfig } = config ?? {};
   const { interface: defaults } = configDefaults;
   const hasModelSpecs = config?.modelSpecs?.list?.length > 0;
@@ -65,7 +31,6 @@ async function loadDefaultInterface(config, configDefaults) {
 
   /** @type {TCustomConfig['interface']} */
   const loadedInterface = removeNullishValues({
-    // UI elements - use schema defaults
     endpointsMenu:
       interfaceConfig?.endpointsMenu ?? (hasModelSpecs ? false : defaults.endpointsMenu),
     modelSelect:
@@ -77,168 +42,81 @@ async function loadDefaultInterface(config, configDefaults) {
     privacyPolicy: interfaceConfig?.privacyPolicy ?? defaults.privacyPolicy,
     termsOfService: interfaceConfig?.termsOfService ?? defaults.termsOfService,
     mcpServers: interfaceConfig?.mcpServers ?? defaults.mcpServers,
+    bookmarks: interfaceConfig?.bookmarks ?? defaults.bookmarks,
+    memories: shouldDisableMemories ? false : (interfaceConfig?.memories ?? defaults.memories),
+    prompts: interfaceConfig?.prompts ?? defaults.prompts,
+    multiConvo: interfaceConfig?.multiConvo ?? defaults.multiConvo,
+    agents: interfaceConfig?.agents ?? defaults.agents,
+    temporaryChat: interfaceConfig?.temporaryChat ?? defaults.temporaryChat,
+    runCode: interfaceConfig?.runCode ?? defaults.runCode,
+    webSearch: interfaceConfig?.webSearch ?? defaults.webSearch,
+    fileSearch: interfaceConfig?.fileSearch ?? defaults.fileSearch,
+    fileCitations: interfaceConfig?.fileCitations ?? defaults.fileCitations,
     customWelcome: interfaceConfig?.customWelcome ?? defaults.customWelcome,
-
-    // Permissions - only include if explicitly configured
-    bookmarks: interfaceConfig?.bookmarks,
-    memories: shouldDisableMemories ? false : interfaceConfig?.memories,
-    prompts: interfaceConfig?.prompts,
-    multiConvo: interfaceConfig?.multiConvo,
-    agents: interfaceConfig?.agents,
-    temporaryChat: interfaceConfig?.temporaryChat,
-    runCode: interfaceConfig?.runCode,
-    webSearch: interfaceConfig?.webSearch,
-    fileSearch: interfaceConfig?.fileSearch,
-    fileCitations: interfaceConfig?.fileCitations,
-    peoplePicker: interfaceConfig?.peoplePicker,
-    marketplace: interfaceConfig?.marketplace,
+    peoplePicker: {
+      admin: {
+        users: interfaceConfig?.peoplePicker?.admin?.users ?? defaults.peoplePicker?.admin.users,
+        groups: interfaceConfig?.peoplePicker?.admin?.groups ?? defaults.peoplePicker?.admin.groups,
+      },
+      user: {
+        users: interfaceConfig?.peoplePicker?.user?.users ?? defaults.peoplePicker?.user.users,
+        groups: interfaceConfig?.peoplePicker?.user?.groups ?? defaults.peoplePicker?.user.groups,
+      },
+    },
+    marketplace: {
+      admin: {
+        use: interfaceConfig?.marketplace?.admin?.use ?? defaults.marketplace?.admin.use,
+      },
+      user: {
+        use: interfaceConfig?.marketplace?.user?.use ?? defaults.marketplace?.user.use,
+      },
+    },
   });
 
-  // Helper to get permission value with proper precedence
-  const getPermissionValue = (configValue, roleDefault, schemaDefault) => {
-    if (configValue !== undefined) return configValue;
-    if (roleDefault !== undefined) return roleDefault;
-    return schemaDefault;
-  };
-
-  // Permission precedence order:
-  // 1. Explicit user configuration (from librechat.yaml)
-  // 2. Role-specific defaults (from roleDefaults)
-  // 3. Interface schema defaults (from interfaceSchema.default())
-  for (const roleName of [SystemRoles.USER, SystemRoles.ADMIN]) {
-    const defaultPerms = roleDefaults[roleName].permissions;
-    const existingRole = await getRoleByName(roleName);
-    const existingPermissions = existingRole?.permissions || {};
-    const permissionsToUpdate = {};
-
-    // Helper to add permission if it should be updated
-    const addPermissionIfNeeded = (permType, permissions) => {
-      const permTypeExists = existingPermissions[permType];
-      const isExplicitlyConfigured =
-        interfaceConfig && hasExplicitConfig(interfaceConfig, permType);
-
-      // Only update if: doesn't exist OR explicitly configured
-      if (!permTypeExists || isExplicitlyConfigured) {
-        permissionsToUpdate[permType] = permissions;
-        if (!permTypeExists) {
-          logger.debug(`Role '${roleName}': Setting up default permissions for '${permType}'`);
-        } else if (isExplicitlyConfigured) {
-          logger.debug(`Role '${roleName}': Applying explicit config for '${permType}'`);
-        }
-      } else {
-        logger.debug(`Role '${roleName}': Preserving existing permissions for '${permType}'`);
-      }
-    };
-
-    // Build permissions for each type
-    const allPermissions = {
-      [PermissionTypes.PROMPTS]: {
-        [Permissions.USE]: getPermissionValue(
-          loadedInterface.prompts,
-          defaultPerms[PermissionTypes.PROMPTS]?.[Permissions.USE],
-          defaults.prompts,
-        ),
-      },
-      [PermissionTypes.BOOKMARKS]: {
-        [Permissions.USE]: getPermissionValue(
-          loadedInterface.bookmarks,
-          defaultPerms[PermissionTypes.BOOKMARKS]?.[Permissions.USE],
-          defaults.bookmarks,
-        ),
-      },
-      [PermissionTypes.MEMORIES]: {
-        [Permissions.USE]: getPermissionValue(
-          loadedInterface.memories,
-          defaultPerms[PermissionTypes.MEMORIES]?.[Permissions.USE],
-          defaults.memories,
-        ),
-        [Permissions.OPT_OUT]: isPersonalizationEnabled,
-      },
-      [PermissionTypes.MULTI_CONVO]: {
-        [Permissions.USE]: getPermissionValue(
-          loadedInterface.multiConvo,
-          defaultPerms[PermissionTypes.MULTI_CONVO]?.[Permissions.USE],
-          defaults.multiConvo,
-        ),
-      },
-      [PermissionTypes.AGENTS]: {
-        [Permissions.USE]: getPermissionValue(
-          loadedInterface.agents,
-          defaultPerms[PermissionTypes.AGENTS]?.[Permissions.USE],
-          defaults.agents,
-        ),
-      },
-      [PermissionTypes.TEMPORARY_CHAT]: {
-        [Permissions.USE]: getPermissionValue(
-          loadedInterface.temporaryChat,
-          defaultPerms[PermissionTypes.TEMPORARY_CHAT]?.[Permissions.USE],
-          defaults.temporaryChat,
-        ),
-      },
-      [PermissionTypes.RUN_CODE]: {
-        [Permissions.USE]: getPermissionValue(
-          loadedInterface.runCode,
-          defaultPerms[PermissionTypes.RUN_CODE]?.[Permissions.USE],
-          defaults.runCode,
-        ),
-      },
-      [PermissionTypes.WEB_SEARCH]: {
-        [Permissions.USE]: getPermissionValue(
-          loadedInterface.webSearch,
-          defaultPerms[PermissionTypes.WEB_SEARCH]?.[Permissions.USE],
-          defaults.webSearch,
-        ),
-      },
-      [PermissionTypes.PEOPLE_PICKER]: {
-        [Permissions.VIEW_USERS]: getPermissionValue(
-          loadedInterface.peoplePicker?.users,
-          defaultPerms[PermissionTypes.PEOPLE_PICKER]?.[Permissions.VIEW_USERS],
-          defaults.peoplePicker?.users,
-        ),
-        [Permissions.VIEW_GROUPS]: getPermissionValue(
-          loadedInterface.peoplePicker?.groups,
-          defaultPerms[PermissionTypes.PEOPLE_PICKER]?.[Permissions.VIEW_GROUPS],
-          defaults.peoplePicker?.groups,
-        ),
-        [Permissions.VIEW_ROLES]: getPermissionValue(
-          loadedInterface.peoplePicker?.roles,
-          defaultPerms[PermissionTypes.PEOPLE_PICKER]?.[Permissions.VIEW_ROLES],
-          defaults.peoplePicker?.roles,
-        ),
-      },
-      [PermissionTypes.MARKETPLACE]: {
-        [Permissions.USE]: getPermissionValue(
-          loadedInterface.marketplace?.use,
-          defaultPerms[PermissionTypes.MARKETPLACE]?.[Permissions.USE],
-          defaults.marketplace?.use,
-        ),
-      },
-      [PermissionTypes.FILE_SEARCH]: {
-        [Permissions.USE]: getPermissionValue(
-          loadedInterface.fileSearch,
-          defaultPerms[PermissionTypes.FILE_SEARCH]?.[Permissions.USE],
-          defaults.fileSearch,
-        ),
-      },
-      [PermissionTypes.FILE_CITATIONS]: {
-        [Permissions.USE]: getPermissionValue(
-          loadedInterface.fileCitations,
-          defaultPerms[PermissionTypes.FILE_CITATIONS]?.[Permissions.USE],
-          defaults.fileCitations,
-        ),
-      },
-    };
-
-    // Check and add each permission type if needed
-    for (const [permType, permissions] of Object.entries(allPermissions)) {
-      addPermissionIfNeeded(permType, permissions);
-    }
-
-    // Update permissions if any need updating
-    if (Object.keys(permissionsToUpdate).length > 0) {
-      await updateAccessPermissions(roleName, permissionsToUpdate, existingRole);
-    }
-  }
+  await updateAccessPermissions(roleName, {
+    [PermissionTypes.PROMPTS]: { [Permissions.USE]: loadedInterface.prompts },
+    [PermissionTypes.BOOKMARKS]: { [Permissions.USE]: loadedInterface.bookmarks },
+    [PermissionTypes.MEMORIES]: {
+      [Permissions.USE]: loadedInterface.memories,
+      [Permissions.OPT_OUT]: isPersonalizationEnabled,
+    },
+    [PermissionTypes.MULTI_CONVO]: { [Permissions.USE]: loadedInterface.multiConvo },
+    [PermissionTypes.AGENTS]: { [Permissions.USE]: loadedInterface.agents },
+    [PermissionTypes.TEMPORARY_CHAT]: { [Permissions.USE]: loadedInterface.temporaryChat },
+    [PermissionTypes.RUN_CODE]: { [Permissions.USE]: loadedInterface.runCode },
+    [PermissionTypes.WEB_SEARCH]: { [Permissions.USE]: loadedInterface.webSearch },
+    [PermissionTypes.PEOPLE_PICKER]: {
+      [Permissions.VIEW_USERS]: loadedInterface.peoplePicker.user?.users,
+      [Permissions.VIEW_GROUPS]: loadedInterface.peoplePicker.user?.groups,
+    },
+    [PermissionTypes.MARKETPLACE]: {
+      [Permissions.USE]: loadedInterface.marketplace.user?.use,
+    },
+    [PermissionTypes.FILE_SEARCH]: { [Permissions.USE]: loadedInterface.fileSearch },
+    [PermissionTypes.FILE_CITATIONS]: { [Permissions.USE]: loadedInterface.fileCitations },
+  });
+  await updateAccessPermissions(SystemRoles.ADMIN, {
+    [PermissionTypes.PROMPTS]: { [Permissions.USE]: loadedInterface.prompts },
+    [PermissionTypes.BOOKMARKS]: { [Permissions.USE]: loadedInterface.bookmarks },
+    [PermissionTypes.MEMORIES]: {
+      [Permissions.USE]: loadedInterface.memories,
+      [Permissions.OPT_OUT]: isPersonalizationEnabled,
+    },
+    [PermissionTypes.MULTI_CONVO]: { [Permissions.USE]: loadedInterface.multiConvo },
+    [PermissionTypes.AGENTS]: { [Permissions.USE]: loadedInterface.agents },
+    [PermissionTypes.TEMPORARY_CHAT]: { [Permissions.USE]: loadedInterface.temporaryChat },
+    [PermissionTypes.RUN_CODE]: { [Permissions.USE]: loadedInterface.runCode },
+    [PermissionTypes.WEB_SEARCH]: { [Permissions.USE]: loadedInterface.webSearch },
+    [PermissionTypes.PEOPLE_PICKER]: {
+      [Permissions.VIEW_USERS]: loadedInterface.peoplePicker.admin?.users,
+      [Permissions.VIEW_GROUPS]: loadedInterface.peoplePicker.admin?.groups,
+    },
+    [PermissionTypes.MARKETPLACE]: {
+      [Permissions.USE]: loadedInterface.marketplace.admin?.use,
+    },
+    [PermissionTypes.FILE_SEARCH]: { [Permissions.USE]: loadedInterface.fileSearch },
+    [PermissionTypes.FILE_CITATIONS]: { [Permissions.USE]: loadedInterface.fileCitations },
+  });
 
   let i = 0;
   const logSettings = () => {

api/server/services/start/migration.js

@@ -1,48 +0,0 @@
-const mongoose = require('mongoose');
-const { logger } = require('@librechat/data-schemas');
-const {
-  logAgentMigrationWarning,
-  logPromptMigrationWarning,
-  checkAgentPermissionsMigration,
-  checkPromptPermissionsMigration,
-} = require('@librechat/api');
-const { getProjectByName } = require('~/models/Project');
-const { Agent, PromptGroup } = require('~/db/models');
-const { findRoleByIdentifier } = require('~/models');
-
-/**
- * Check if permissions migrations are needed for shared resources
- * This runs at the end to ensure all systems are initialized
- */
-async function checkMigrations() {
-  try {
-    const agentMigrationResult = await checkAgentPermissionsMigration({
-      mongoose,
-      methods: {
-        findRoleByIdentifier,
-        getProjectByName,
-      },
-      AgentModel: Agent,
-    });
-    logAgentMigrationWarning(agentMigrationResult);
-  } catch (error) {
-    logger.error('Failed to check agent permissions migration:', error);
-  }
-  try {
-    const promptMigrationResult = await checkPromptPermissionsMigration({
-      mongoose,
-      methods: {
-        findRoleByIdentifier,
-        getProjectByName,
-      },
-      PromptGroupModel: PromptGroup,
-    });
-    logPromptMigrationWarning(promptMigrationResult);
-  } catch (error) {
-    logger.error('Failed to check prompt permissions migration:', error);
-  }
-}
-
-module.exports = {
-  checkMigrations,
-};

api/server/socialLogins.js

@@ -1,48 +1,19 @@
 const passport = require('passport');
 const session = require('express-session');
-const { isEnabled } = require('@librechat/api');
-const { logger } = require('@librechat/data-schemas');
-const { CacheKeys } = require('librechat-data-provider');
 const {
-  openIdJwtLogin,
-  facebookLogin,
-  discordLogin,
   setupOpenId,
   googleLogin,
   githubLogin,
+  discordLogin,
+  facebookLogin,
   appleLogin,
   setupSaml,
+  openIdJwtLogin,
 } = require('~/strategies');
+const { isEnabled } = require('~/server/utils');
+const { logger } = require('~/config');
 const { getLogStores } = require('~/cache');
-
-/**
- * Configures OpenID Connect for the application.
- * @param {Express.Application} app - The Express application instance.
- * @returns {Promise<void>}
- */
-async function configureOpenId(app) {
-  logger.info('Configuring OpenID Connect...');
-  const sessionOptions = {
-    secret: process.env.OPENID_SESSION_SECRET,
-    resave: false,
-    saveUninitialized: false,
-    store: getLogStores(CacheKeys.OPENID_SESSION),
-  };
-  app.use(session(sessionOptions));
-  app.use(passport.session());
-
-  const config = await setupOpenId();
-  if (!config) {
-    logger.error('OpenID Connect configuration failed - strategy not registered.');
-    return;
-  }
-
-  if (isEnabled(process.env.OPENID_REUSE_TOKENS)) {
-    logger.info('OpenID token reuse is enabled.');
-    passport.use('openidJwt', openIdJwtLogin(config));
-  }
-  logger.info('OpenID Connect configured successfully.');
-}
+const { CacheKeys } = require('librechat-data-provider');
 
 /**
  *
@@ -73,7 +44,21 @@ const configureSocialLogins = async (app) => {
     process.env.OPENID_SCOPE &&
     process.env.OPENID_SESSION_SECRET
   ) {
-    await configureOpenId(app);
+    logger.info('Configuring OpenID Connect...');
+    const sessionOptions = {
+      secret: process.env.OPENID_SESSION_SECRET,
+      resave: false,
+      saveUninitialized: false,
+      store: getLogStores(CacheKeys.OPENID_SESSION),
+    };
+    app.use(session(sessionOptions));
+    app.use(passport.session());
+    const config = await setupOpenId();
+    if (isEnabled(process.env.OPENID_REUSE_TOKENS)) {
+      logger.info('OpenID token reuse is enabled.');
+      passport.use('openidJwt', openIdJwtLogin(config));
+    }
+    logger.info('OpenID Connect configured.');
   }
   if (
     process.env.SAML_ENTRY_POINT &&

api/strategies/jwtStrategy.js

@@ -12,7 +12,7 @@ const jwtLogin = () =>
     },
     async (payload, done) => {
       try {
-        const user = await getUserById(payload?.id, '-password -__v -totpSecret -backupCodes');
+        const user = await getUserById(payload?.id, '-password -__v -totpSecret');
         if (user) {
           user.id = user._id.toString();
           if (!user.role) {

api/strategies/ldapStrategy.js

@@ -1,10 +1,10 @@
 const fs = require('fs');
-const { isEnabled } = require('@librechat/api');
 const LdapStrategy = require('passport-ldapauth');
+const { SystemRoles } = require('librechat-data-provider');
 const { logger } = require('@librechat/data-schemas');
-const { SystemRoles, ErrorTypes } = require('librechat-data-provider');
 const { createUser, findUser, updateUser, countUsers } = require('~/models');
 const { getBalanceConfig } = require('~/server/services/Config');
+const { isEnabled } = require('~/server/utils');
 
 const {
   LDAP_URL,
@@ -90,14 +90,6 @@ const ldapLogin = new LdapStrategy(ldapOptions, async (userinfo, done) => {
       (LDAP_ID && userinfo[LDAP_ID]) || userinfo.uid || userinfo.sAMAccountName || userinfo.mail;
 
     let user = await findUser({ ldapId });
-    if (user && user.provider !== 'ldap') {
-      logger.info(
-        `[ldapStrategy] User ${user.email} already exists with provider ${user.provider}`,
-      );
-      return done(null, false, {
-        message: ErrorTypes.AUTH_FAILED,
-      });
-    }
 
     const fullNameAttributes = LDAP_FULL_NAME && LDAP_FULL_NAME.split(',');
     const fullName =

api/strategies/localStrategy.js

@@ -22,7 +22,7 @@ async function passportLogin(req, email, password, done) {
       return done(null, false, { message: validationError });
     }
 
-    const user = await findUser({ email: email.trim() }, '+password');
+    const user = await findUser({ email: email.trim() });
     if (!user) {
       logError('Passport Local Strategy - User Not Found', { email });
       logger.error(`[Login] [Login failed] [Username: ${email}] [Request-IP: ${req.ip}]`);

api/strategies/openidStrategy.js

@@ -3,9 +3,9 @@ const fetch = require('node-fetch');
 const passport = require('passport');
 const client = require('openid-client');
 const jwtDecode = require('jsonwebtoken/decode');
+const { CacheKeys } = require('librechat-data-provider');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const { hashToken, logger } = require('@librechat/data-schemas');
-const { CacheKeys, ErrorTypes } = require('librechat-data-provider');
 const { Strategy: OpenIDStrategy } = require('openid-client/passport');
 const { isEnabled, safeStringify, logHeaders } = require('@librechat/api');
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
@@ -99,29 +99,11 @@ class CustomOpenIDStrategy extends OpenIDStrategy {
     const hostAndProtocol = process.env.DOMAIN_SERVER;
     return new URL(`${hostAndProtocol}${req.originalUrl ?? req.url}`);
   }
-
   authorizationRequestParams(req, options) {
     const params = super.authorizationRequestParams(req, options);
     if (options?.state && !params.has('state')) {
       params.set('state', options.state);
     }
-
-    if (process.env.OPENID_AUDIENCE) {
-      params.set('audience', process.env.OPENID_AUDIENCE);
-      logger.debug(
-        `[openidStrategy] Adding audience to authorization request: ${process.env.OPENID_AUDIENCE}`,
-      );
-    }
-
-    /** Generate nonce for federated providers that require it */
-    const shouldGenerateNonce = isEnabled(process.env.OPENID_GENERATE_NONCE);
-    if (shouldGenerateNonce && !params.has('nonce') && this._sessionKey) {
-      const crypto = require('crypto');
-      const nonce = crypto.randomBytes(16).toString('hex');
-      params.set('nonce', nonce);
-      logger.debug('[openidStrategy] Generated nonce for federated provider:', nonce);
-    }
-
     return params;
   }
 }
@@ -286,20 +268,12 @@ function convertToUsername(input, defaultValue = '') {
  */
 async function setupOpenId() {
   try {
-    const shouldGenerateNonce = isEnabled(process.env.OPENID_GENERATE_NONCE);
-
     /** @type {ClientMetadata} */
     const clientMetadata = {
       client_id: process.env.OPENID_CLIENT_ID,
       client_secret: process.env.OPENID_CLIENT_SECRET,
     };
 
-    if (shouldGenerateNonce) {
-      clientMetadata.response_types = ['code'];
-      clientMetadata.grant_types = ['authorization_code'];
-      clientMetadata.token_endpoint_auth_method = 'client_secret_post';
-    }
-
     /** @type {Configuration} */
     openidConfig = await client.discovery(
       new URL(process.env.OPENID_ISSUER),
@@ -315,19 +289,11 @@ async function setupOpenId() {
     const requiredRoleParameterPath = process.env.OPENID_REQUIRED_ROLE_PARAMETER_PATH;
     const requiredRoleTokenKind = process.env.OPENID_REQUIRED_ROLE_TOKEN_KIND;
     const usePKCE = isEnabled(process.env.OPENID_USE_PKCE);
-    logger.info(`[openidStrategy] OpenID authentication configuration`, {
-      generateNonce: shouldGenerateNonce,
-      reason: shouldGenerateNonce
-        ? 'OPENID_GENERATE_NONCE=true - Will generate nonce and use explicit metadata for federated providers'
-        : 'OPENID_GENERATE_NONCE=false - Standard flow without explicit nonce or metadata',
-    });
-
     const openidLogin = new CustomOpenIDStrategy(
       {
         config: openidConfig,
         scope: process.env.OPENID_SCOPE,
         callbackURL: process.env.DOMAIN_SERVER + process.env.OPENID_CALLBACK_URL,
-        clockTolerance: process.env.OPENID_CLOCK_TOLERANCE || 300,
         usePKCE,
       },
       async (tokenset, done) => {
@@ -346,14 +312,6 @@ async function setupOpenId() {
               } for openidId: ${claims.sub}`,
             );
           }
-          if (user != null && user.provider !== 'openid') {
-            logger.info(
-              `[openidStrategy] Attempted OpenID login by user ${user.email}, was registered with "${user.provider}" provider`,
-            );
-            return done(null, false, {
-              message: ErrorTypes.AUTH_FAILED,
-            });
-          }
           const userinfo = {
             ...claims,
             ...(await getUserInfo(openidConfig, tokenset.access_token, claims.sub)),

api/strategies/openidStrategy.spec.js

@@ -1,8 +1,7 @@
 const fetch = require('node-fetch');
 const jwtDecode = require('jsonwebtoken/decode');
-const { ErrorTypes } = require('librechat-data-provider');
-const { findUser, createUser, updateUser } = require('~/models');
 const { setupOpenId } = require('./openidStrategy');
+const { findUser, createUser, updateUser } = require('~/models');
 
 // --- Mocks ---
 jest.mock('node-fetch');
@@ -51,7 +50,7 @@ jest.mock('openid-client', () => {
       issuer: 'https://fake-issuer.com',
       // Add any other properties needed by the implementation
     }),
-    fetchUserInfo: jest.fn().mockImplementation(() => {
+    fetchUserInfo: jest.fn().mockImplementation((config, accessToken, sub) => {
       // Only return additional properties, but don't override any claims
       return Promise.resolve({});
     }),
@@ -262,20 +261,17 @@ describe('setupOpenId', () => {
   });
 
   it('should update an existing user on login', async () => {
-    // Arrange – simulate that a user already exists with openid provider
+    // Arrange – simulate that a user already exists
     const existingUser = {
       _id: 'existingUserId',
-      provider: 'openid',
+      provider: 'local',
       email: tokenset.claims().email,
       openidId: '',
       username: '',
       name: '',
     };
     findUser.mockImplementation(async (query) => {
-      if (
-        query.openidId === tokenset.claims().sub ||
-        (query.email === tokenset.claims().email && query.provider === 'openid')
-      ) {
+      if (query.openidId === tokenset.claims().sub || query.email === tokenset.claims().email) {
         return existingUser;
       }
       return null;
@@ -298,38 +294,12 @@ describe('setupOpenId', () => {
     );
   });
 
-  it('should block login when email exists with different provider', async () => {
-    // Arrange – simulate that a user exists with same email but different provider
-    const existingUser = {
-      _id: 'existingUserId',
-      provider: 'google',
-      email: tokenset.claims().email,
-      googleId: 'some-google-id',
-      username: 'existinguser',
-      name: 'Existing User',
-    };
-    findUser.mockImplementation(async (query) => {
-      if (query.email === tokenset.claims().email && !query.provider) {
-        return existingUser;
-      }
-      return null;
-    });
-
-    // Act
-    const result = await validate(tokenset);
-
-    // Assert – verify that the strategy rejects login
-    expect(result.user).toBe(false);
-    expect(result.details.message).toBe(ErrorTypes.AUTH_FAILED);
-    expect(createUser).not.toHaveBeenCalled();
-    expect(updateUser).not.toHaveBeenCalled();
-  });
-
   it('should enforce the required role and reject login if missing', async () => {
     // Arrange – simulate a token without the required role.
     jwtDecode.mockReturnValue({
       roles: ['SomeOtherRole'],
     });
+    const userinfo = tokenset.claims();
 
     // Act
     const { user, details } = await validate(tokenset);
@@ -340,6 +310,9 @@ describe('setupOpenId', () => {
   });
 
   it('should attempt to download and save the avatar if picture is provided', async () => {
+    // Arrange – ensure userinfo contains a picture URL
+    const userinfo = tokenset.claims();
+
     // Act
     const { user } = await validate(tokenset);
 

api/strategies/process.js

@@ -22,12 +22,9 @@ const handleExistingUser = async (oldUser, avatarUrl) => {
   const isLocal = fileStrategy === FileSources.local;
 
   let updatedAvatar = false;
-  const hasManualFlag =
-    typeof oldUser?.avatar === 'string' && oldUser.avatar.includes('?manual=true');
-
-  if (isLocal && (!oldUser?.avatar || !hasManualFlag)) {
+  if (isLocal && (oldUser.avatar === null || !oldUser.avatar.includes('?manual=true'))) {
     updatedAvatar = avatarUrl;
-  } else if (!isLocal && (!oldUser?.avatar || !hasManualFlag)) {
+  } else if (!isLocal && (oldUser.avatar === null || !oldUser.avatar.includes('?manual=true'))) {
     const userId = oldUser._id;
     const resizedBuffer = await resizeAvatar({
       userId,