LibreChat/packages
Danny Avila c8abd826e1 🛡️ fix: Address Codex round 4 — paused-job edge cases across the stack
Five P2 findings on 4324a4e776, all valid:

- I1 message validation: validateMessageReq's active-job read bypass now
  accepts a live requires_action job, so a new-conversation run that pauses
  before its final save can recover the prompt instead of 404ing.
- I2 expire targets the observed record: resolve()'s expired path passes
  `expectedActionId ?? job.pendingAction.actionId`, so a concurrent
  resume+re-pause can't let expire abort a different action.
- I3 stale/malformed prompts: new isPendingActionStale (missing OR expired)
  drives active-listing exclusion + cleanup expiry in both stores, and the
  status route + middleware require a live pendingAction — a requires_action
  job whose pendingAction was dropped on deserialize no longer reads active.
- I4 in-memory parity: InMemory updateJob mirrors pendingActionId on pause and
  clears it + refreshes lastActiveAt on resume (matching RedisJobStore), so a
  pause via the generic path is still resolvable by actionId.
- I5 long approval windows: paused-job live TTL (job/chunks/run-steps) now
  covers pendingAction.expiresAt + grace (pauseTtlSeconds), on both the
  transitionStatus and updateJob pause paths, so Redis can't evict a paused
  job before its decision window closes.

tsc + lint clean; policy + type-contract specs pass.
2026-06-16 14:51:49 -04:00
..
api 🛡️ fix: Address Codex round 4 — paused-job edge cases across the stack 2026-06-16 14:51:49 -04:00
client v0.8.7-rc1 (#13592) 2026-06-15 13:10:30 -04:00
data-provider 🛡️ fix: Address Codex review on the HITL approval lifecycle 2026-06-16 13:49:53 -04:00
data-schemas 🧾 refactor: Disable Context Cost By Default (#13768) 2026-06-15 15:13:30 -04:00