mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-05-13 07:46:47 +00:00
9efd61d57d
* 🔐 fix: Forward per-file `entity_id` through code-env priming Skill files and persisted code-env files now carry their `entity_id` on the in-memory file refs that seed `Graph.sessions`. Without this, an execute call that mixes a skill file (uploaded with `entity_id=skillId`) and a user attachment (uploaded with no `entity_id`) collapses onto a single request-level entity at the codeapi authorization step and one side 403s. With per-file `entity_id`, codeapi resolves sessionKey per file and both authorize. - `primeSkillFiles` / `primeInvokedSkills`: thread `entity_id` through fresh-upload, cache-hit, and per-skill-batch paths in `packages/api/src/agents/skillFiles.ts`. - `primeFiles` (Code/process.js): parse `entity_id` from the persisted `codeEnvIdentifier` query string once per iteration; forward through `pushFile`, including the reupload path which re-parses the fresh identifier returned by codeapi. - Tests: extend `skillFiles.spec.ts` with two cases — fresh-upload propagation and cached-hot-path parsing. Companion PRs in flight on `@librechat/agents` (forward `entity_id` through `_injected_files`) and codeapi (per-file authorization). All three are wire-back-compat: an absent `entity_id` falls back to the existing request-level resolution. * 🔧 chore: Update dependencies in package-lock.json and package.json - Bump `@librechat/agents` to version `3.1.78-dev.0` across multiple package files. - Upgrade `@langchain/langgraph-checkpoint` to version `1.0.2` and update its peer dependency for `@langchain/core` to `^1.1.44`. - Update `axios` to version `1.16.0` and `follow-redirects` to version `1.16.0`. - Add `@types/diff` as a new dependency at version `7.0.2` and include `diff` at version `9.0.0` in the `@librechat/agents` module. - Introduce optional peer dependency `@anthropic-ai/sandbox-runtime` for `@librechat/agents` with metadata indicating it is optional. * 🐛 fix: Make skill code-env cache persistence observable Two changes to surface the skill-bundle re-upload issue without behavioral changes to tenant scoping (root cause to be confirmed via the new warn log): 1. `primeSkillFiles` now awaits `updateSkillFileCodeEnvIds` instead of firing-and-forgetting it. The prior shape could race with the next prime (read-before-write) even when the bulkWrite itself succeeds, producing a silent cache miss. Latency cost: ~10–50ms on first prime; in exchange every subsequent prime can rely on the identifier being persisted by the time it reads. 2. `updateSkillFileCodeEnvIds` now returns `{matchedCount, modifiedCount}` from the underlying bulkWrite. `primeSkillFiles` warn-logs when `modifiedCount < updates.length`, making any silent drop visible — whether the cause is tenant filtering, a `relativePath` mismatch, schema-plugin scoping, or something else. Prior shape returned `Promise<void>` so any zero-modification result was invisible. Tests: - `skill.spec.ts`: real-MongoDB happy path (counts match), no-match case (modifiedCount=0), and empty-input contract. - `skillFiles.spec.ts`: deferred-promise harness proving the call site awaits the persist (prime stays pending until the persist resolves) and forwards partial-write counts. Deliberately narrower than the original draft of this commit, which also bypassed `tenantSafeBulkWrite` for the codeEnvIdentifier write on the speculative diagnosis that tenant filtering was the cause. That change was a behavior shift on tenant scoping without confirmation; reverted pending real-world signal from the new warn log. * 🐛 fix: Justify await for skill code-env persistence under concurrency The await on `updateSkillFileCodeEnvIds` isn't a defensive nicety — it's load-bearing for cache effectiveness under concurrent priming. Verified with an out-of-tree harness (`config/test-skill-cache.ts`, not committed) that wires `primeSkillFiles` against a real codeapi stack: - With fire-and-forget (prior shape after this branch's revert): back-to-back primes for the same skill miss the cache. Call N+1 reads SkillFile docs before Call N's write commits, sees no `codeEnvIdentifier`, re-uploads, fires its own forget that Call N+2 also races. Steady-state stays in cache miss for the full burst. - With await: the prime that does the upload commits its persist before resolving, so the next concurrent prime observes the cache pointer instead of racing the read. Latency cost ~10–50ms on the upload prime; subsequent concurrent primes save an entire batch upload. In production with primes seconds apart this race is rare; at scale with many users hitting the same skill in the same second it's the difference between M and N×M uploads. Updates the regression test to assert the await contract (deferred persist promise → prime stays pending until persist resolves). Comment in `skillFiles.ts` rewritten to document the concurrency rationale rather than the weaker "race-with-next-prime" framing the prior commit used.
128 lines
3.8 KiB
JSON
128 lines
3.8 KiB
JSON
{
|
|
"name": "@librechat/backend",
|
|
"version": "v0.8.5",
|
|
"description": "",
|
|
"scripts": {
|
|
"start": "echo 'please run this from the root directory'",
|
|
"server-dev": "echo 'please run this from the root directory'",
|
|
"test": "cross-env NODE_ENV=test jest",
|
|
"b:test": "NODE_ENV=test bun jest",
|
|
"test:ci": "jest --ci --logHeapUsage",
|
|
"add-balance": "node ./add-balance.js",
|
|
"list-balances": "node ./list-balances.js",
|
|
"user-stats": "node ./user-stats.js",
|
|
"create-user": "node ./create-user.js",
|
|
"invite-user": "node ./invite-user.js",
|
|
"ban-user": "node ./ban-user.js",
|
|
"delete-user": "node ./delete-user.js"
|
|
},
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "git+https://github.com/danny-avila/LibreChat.git"
|
|
},
|
|
"keywords": [],
|
|
"author": "",
|
|
"license": "ISC",
|
|
"_moduleAliases": {
|
|
"~": "."
|
|
},
|
|
"imports": {
|
|
"~/*": "./*"
|
|
},
|
|
"bugs": {
|
|
"url": "https://github.com/danny-avila/LibreChat/issues"
|
|
},
|
|
"homepage": "https://librechat.ai",
|
|
"dependencies": {
|
|
"@anthropic-ai/vertex-sdk": "^0.14.3",
|
|
"@aws-sdk/client-bedrock-runtime": "^3.1013.0",
|
|
"@aws-sdk/client-cloudfront": "^3.1042.0",
|
|
"@aws-sdk/client-s3": "^3.980.0",
|
|
"@aws-sdk/cloudfront-signer": "^3.1036.0",
|
|
"@aws-sdk/s3-request-presigner": "^3.758.0",
|
|
"@azure/identity": "^4.13.1",
|
|
"@azure/search-documents": "^12.0.0",
|
|
"@azure/storage-blob": "^12.30.0",
|
|
"@google/genai": "^1.19.0",
|
|
"@keyv/redis": "^4.3.3",
|
|
"@librechat/agents": "^3.1.78-dev.0",
|
|
"@librechat/api": "*",
|
|
"@librechat/data-schemas": "*",
|
|
"@microsoft/microsoft-graph-client": "^3.0.7",
|
|
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
"@node-saml/passport-saml": "^5.1.0",
|
|
"@smithy/node-http-handler": "^4.4.5",
|
|
"ai-tokenizer": "^1.0.6",
|
|
"axios": "^1.15.0",
|
|
"bcryptjs": "^2.4.3",
|
|
"compression": "^1.8.1",
|
|
"connect-redis": "^8.1.0",
|
|
"cookie": "^0.7.2",
|
|
"cookie-parser": "^1.4.7",
|
|
"cors": "^2.8.5",
|
|
"dedent": "^1.5.3",
|
|
"dotenv": "^16.0.3",
|
|
"eventsource": "^3.0.2",
|
|
"express": "^5.2.1",
|
|
"express-mongo-sanitize": "^2.2.0",
|
|
"express-rate-limit": "^8.3.0",
|
|
"express-session": "^1.18.2",
|
|
"express-static-gzip": "^2.2.0",
|
|
"file-type": "^21.3.2",
|
|
"firebase": "^11.0.2",
|
|
"form-data": "^4.0.4",
|
|
"handlebars": "^4.7.9",
|
|
"https-proxy-agent": "^7.0.6",
|
|
"ioredis": "^5.3.2",
|
|
"js-yaml": "^4.1.1",
|
|
"jsonwebtoken": "^9.0.0",
|
|
"jwks-rsa": "^3.2.0",
|
|
"keyv": "^5.3.2",
|
|
"keyv-file": "^5.1.2",
|
|
"klona": "^2.0.6",
|
|
"librechat-data-provider": "*",
|
|
"lodash": "^4.17.23",
|
|
"mammoth": "^1.11.0",
|
|
"mathjs": "^15.2.0",
|
|
"meilisearch": "^0.38.0",
|
|
"memorystore": "^1.6.7",
|
|
"mime": "^3.0.0",
|
|
"module-alias": "^2.2.3",
|
|
"mongoose": "^8.12.1",
|
|
"multer": "^2.1.1",
|
|
"nanoid": "^3.3.7",
|
|
"node-fetch": "^2.7.0",
|
|
"nodemailer": "^8.0.5",
|
|
"ollama": "^0.5.0",
|
|
"openai": "5.8.2",
|
|
"openid-client": "^6.5.0",
|
|
"passport": "^0.6.0",
|
|
"passport-apple": "^2.0.2",
|
|
"passport-discord": "^0.1.4",
|
|
"passport-facebook": "^3.0.0",
|
|
"passport-github2": "^0.1.12",
|
|
"passport-google-oauth20": "^2.0.0",
|
|
"passport-jwt": "^4.0.1",
|
|
"passport-ldapauth": "^3.0.1",
|
|
"passport-local": "^1.0.0",
|
|
"pdfjs-dist": "^5.4.624",
|
|
"rate-limit-redis": "^4.2.0",
|
|
"sanitize-html": "^2.13.0",
|
|
"sharp": "^0.33.5",
|
|
"traverse": "^0.6.7",
|
|
"ua-parser-js": "^1.0.36",
|
|
"undici": "^7.24.1",
|
|
"winston": "^3.11.0",
|
|
"winston-daily-rotate-file": "^5.0.0",
|
|
"xlsx": "https://cdn.sheetjs.com/xlsx-0.20.3/xlsx-0.20.3.tgz",
|
|
"yauzl": "^3.2.1",
|
|
"zod": "^3.22.4"
|
|
},
|
|
"devDependencies": {
|
|
"@types/sanitize-html": "^2.13.0",
|
|
"jest": "^30.2.0",
|
|
"mongodb-memory-server": "^11.0.1",
|
|
"nodemon": "^3.0.3",
|
|
"supertest": "^7.1.0"
|
|
}
|
|
}
|