mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-10 16:23:44 +00:00
|
Some checks are pending
Docker Dev Branch Images Build / build (Dockerfile, lc-dev, node) (push) Waiting to run
Docker Dev Branch Images Build / build (Dockerfile.multi, lc-dev-api, api-build) (push) Waiting to run
GitNexus Index / index (push) Waiting to run
GitNexus Index / post-index (push) Blocked by required conditions
* 🗃️ perf: Cache Group Memberships for ACL Principal Resolution Continues #14069: caches resolved group-membership ids per member key in a new USER_PRINCIPALS namespace so repeated permission checks skip the group query, with exact invalidation on every membership mutation, same-process build dedup, and optional Redis cross-container build locks. Co-authored-by: Peter Rothlaender <peter.rothlaender@ginkgo.com> Co-authored-by: Joachim Keltsch <joachim.keltsch@daimlertruck.com> * 🧵 fix: Defer Transactional Invalidation and Gate No-Op Bulk Clears Codex round-2 findings on the principals cache: membership writes inside a transaction now defer cache invalidation until the session ends so concurrent readers cannot re-cache pre-commit state with no later correction, and bulkUpdateGroups skips invalidation entirely when MongoDB reports no modified or upserted documents. userGroup.spec.ts now runs on a single-node replica set so the deferral is covered by a real transaction. * 🌐 fix: Evict Cross-Process Stale Rewrites and Scope Entra Sync to Tenant Codex round-3 findings: a delayed second invalidation pass (lock wait plus a short grace) now evicts membership entries that a build in another container re-cached after the first delete, and syncUserEntraGroupMemberships establishes the user's tenant ALS context when the OAuth callback runs it pre-middleware, so tenant-scoped principal keys are invalidated (and sync queries and created groups are scoped) exactly like authenticated reads. Deferred transactional invalidations snapshot the caller's ALS so they keep tenant scoping. --------- Co-authored-by: Peter Rothlaender <peter.rothlaender@ginkgo.com> Co-authored-by: Joachim Keltsch <joachim.keltsch@daimlertruck.com> |
||
|---|---|---|
| .. | ||
| __tests__ | ||
| Agents | ||
| Artifacts | ||
| Config | ||
| Endpoints | ||
| Files | ||
| Runs | ||
| Skills | ||
| start | ||
| Threads | ||
| Tools | ||
| ActionService.js | ||
| ActionService.spec.js | ||
| AssistantService.js | ||
| AuthService.js | ||
| AuthService.spec.js | ||
| cleanup.js | ||
| createRunBody.js | ||
| GraphApiService.js | ||
| GraphApiService.spec.js | ||
| GraphTokenService.js | ||
| initializeMCPs.js | ||
| initializeMCPs.spec.js | ||
| initializeOAuthReconnectManager.js | ||
| MCP.js | ||
| MCP.spec.js | ||
| MCPRequestContext.js | ||
| OboPolicyService.js | ||
| OboTokenService.js | ||
| OboTokenService.spec.js | ||
| PermissionService.js | ||
| PermissionService.spec.js | ||
| PluginService.js | ||
| systemGrant.spec.js | ||
| ToolService.js | ||
| twoFactorService.js | ||