LibreChat/api/app
Danny Avila 74e6744150 🔒 fix: Address Codex re-review on memory capability (round 5)
- Gate inline memory registration (memoryAvailable) on the memory WRITE permissions (USE+CREATE+UPDATE), so a read-only-memory role no longer has set_memory/delete_memory shown to the model only for the runtime loader to refuse them (api/server/services/Endpoints/agents/initialize.js).
- Enforce the per-agent memory opt-in at execution: handleTools now refuses to construct set_memory/delete_memory unless the agent actually declared them (toolDefinitions/tools), blocking hallucinated/undeclared memory tool calls from mutating memory.
- Fail closed when getFormattedMemories errors with a configured tokenLimit, instead of writing as if storage were empty and bypassing the cap (api/app/clients/tools/util/handleTools.js).
2026-06-20 23:36:14 -04:00
..
clients 🔒 fix: Address Codex re-review on memory capability (round 5) 2026-06-20 23:36:14 -04:00
index.js 🛠️ fix: Optionally add OpenID Sig. Algo. from Server Discovery (#5398) 2025-01-21 21:49:27 -05:00