mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-03 04:42:11 +00:00
* Remote Agent Auth middleware * consider migration and update user * fix eslint errors * add scope validation * fix codex review errors * add filter for use: sig * add jwks-rsa deps * Fix remote agent OIDC auth review findings * Polish remote agent OIDC timeout coverage * Reject remote OIDC tokens without subject * Use tenant context for remote agent auth config * Harden remote agent OIDC scope handling * Polish remote agent OIDC cache and scope tests * Resolve remote agent auth review comments * Reuse OpenID email claim resolver for remote auth * Skip empty OpenID email fallback claims * Use pre-auth tenant context for remote auth config * Downgrade expected OIDC fallback logging * Require secure remote OIDC endpoints * Polish remote agent auth edge cases * Enforce unique balance records * Bind remote OpenID users to issuer * Fix issuer-scoped OpenID indexes * Avoid unique balance index requirement * Fix remote OpenID issuer normalization boundaries * Require issuer-bound OpenID lookups * Enforce tenant API key policy after auth * Fix remote auth tenant policy types * Normalize remote OIDC discovery issuer * Allow normalized remote OIDC issuer validation * Enforce resolved tenant OIDC policy * Polish OpenID issuer and scope validation --------- Co-authored-by: Danny Avila <danny@librechat.ai>
125 lines
3.4 KiB
JavaScript
125 lines
3.4 KiB
JavaScript
/**
|
|
* Open Responses API routes for LibreChat agents.
|
|
*
|
|
* Implements the Open Responses specification for a forward-looking,
|
|
* agentic API that uses items as the fundamental unit and semantic
|
|
* streaming events.
|
|
*
|
|
* Usage:
|
|
* POST /v1/responses - Create a response
|
|
* GET /v1/models - List available agents
|
|
*
|
|
* Request format:
|
|
* {
|
|
* "model": "agent_id_here",
|
|
* "input": "Hello!" or [{ type: "message", role: "user", content: "Hello!" }],
|
|
* "stream": true,
|
|
* "previous_response_id": "optional_conversation_id"
|
|
* }
|
|
*
|
|
* @see https://openresponses.org/specification
|
|
*/
|
|
const express = require('express');
|
|
const {
|
|
createResponse,
|
|
getResponse,
|
|
listModels,
|
|
} = require('~/server/controllers/agents/responses');
|
|
const { configMiddleware } = require('~/server/middleware');
|
|
const {
|
|
checkAgentPermission,
|
|
preAuthTenantMiddleware,
|
|
requireRemoteAgentAuth,
|
|
checkRemoteAgentsFeature,
|
|
} = require('./middleware');
|
|
|
|
const router = express.Router();
|
|
|
|
router.use(preAuthTenantMiddleware);
|
|
router.use(requireRemoteAgentAuth);
|
|
router.use(configMiddleware);
|
|
router.use(checkRemoteAgentsFeature);
|
|
|
|
/**
|
|
* @route POST /v1/responses
|
|
* @desc Create a model response following Open Responses specification
|
|
* @access Private (API key auth required)
|
|
*
|
|
* Request body:
|
|
* {
|
|
* "model": "agent_id", // Required: The agent ID to use
|
|
* "input": "..." | [...], // Required: String or array of input items
|
|
* "stream": true, // Optional: Whether to stream (default: false)
|
|
* "previous_response_id": "...", // Optional: Previous response for continuation
|
|
* "instructions": "...", // Optional: Additional instructions
|
|
* "tools": [...], // Optional: Additional tools
|
|
* "tool_choice": "auto", // Optional: Tool choice mode
|
|
* "max_output_tokens": 4096, // Optional: Max tokens
|
|
* "temperature": 0.7 // Optional: Temperature
|
|
* }
|
|
*
|
|
* Response (streaming):
|
|
* - SSE stream with semantic events:
|
|
* - response.in_progress
|
|
* - response.output_item.added
|
|
* - response.content_part.added
|
|
* - response.output_text.delta
|
|
* - response.output_text.done
|
|
* - response.function_call_arguments.delta
|
|
* - response.output_item.done
|
|
* - response.completed
|
|
* - [DONE]
|
|
*
|
|
* Response (non-streaming):
|
|
* {
|
|
* "id": "resp_xxx",
|
|
* "object": "response",
|
|
* "created_at": 1234567890,
|
|
* "status": "completed",
|
|
* "model": "agent_id",
|
|
* "output": [...], // Array of output items
|
|
* "usage": { ... }
|
|
* }
|
|
*/
|
|
router.post('/', checkAgentPermission, createResponse);
|
|
|
|
/**
|
|
* @route GET /v1/responses/models
|
|
* @desc List available agents as models
|
|
* @access Private (API key auth required)
|
|
*
|
|
* Response:
|
|
* {
|
|
* "object": "list",
|
|
* "data": [
|
|
* {
|
|
* "id": "agent_id",
|
|
* "object": "model",
|
|
* "name": "Agent Name",
|
|
* "provider": "openai",
|
|
* ...
|
|
* }
|
|
* ]
|
|
* }
|
|
*/
|
|
router.get('/models', listModels);
|
|
|
|
/**
|
|
* @route GET /v1/responses/:id
|
|
* @desc Retrieve a stored response by ID
|
|
* @access Private (API key auth required)
|
|
*
|
|
* Response:
|
|
* {
|
|
* "id": "resp_xxx",
|
|
* "object": "response",
|
|
* "created_at": 1234567890,
|
|
* "status": "completed",
|
|
* "model": "agent_id",
|
|
* "output": [...],
|
|
* "usage": { ... }
|
|
* }
|
|
*/
|
|
router.get('/:id', getResponse);
|
|
|
|
module.exports = router;
|