mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-01 20:01:35 +00:00
Resolve the allowlist-derived appsEnabled value when creating app-level connections in ConnectionsRepository so a tenant/role/user override that toggles apps is honored instead of the boot YAML default. Gate ui:// resources embedded in tool results on the same per-request setting so a disabled scope renders them as plain resource text rather than a sandboxed app, resolving appsEnabled lazily only when a result actually carries a renderable UI resource. Fail closed in canonicalizeUri when a URI does not stabilize within the decode cap so traversal encoded more deeply than the cap cannot satisfy a template guard a fully-decoding server resolves as a parent-directory path. |
||
|---|---|---|
| .. | ||
| src | ||
| types | ||
| .gitignore | ||
| babel.config.cjs | ||
| jest.config.mjs | ||
| jest.setup.cjs | ||
| package.json | ||
| tsconfig-paths-bootstrap.mjs | ||
| tsconfig.build.json | ||
| tsconfig.json | ||
| tsconfig.spec.json | ||
| tsdown.config.mjs | ||