mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-01 11:53:55 +00:00
Fixes 13 correctness issues flagged in the second Codex review pass on the
feat/mcp-apps-support branch.
Core server-side changes: resource URI and model-only-tool caches are now
scoped per user/server key so OAuth and user-sourced servers with differing
tool lists cannot cross-contaminate each other. The model-only visibility check
in appToolCall now blocks iframe-initiated calls to tools declared as
visibility: ['model']. appToolCall also runs processMCPEnv to resolve runtime
env/user vars and set request headers before forwarding to tools/call, and
throws for servers that require per-call OBO token minting (unsupported in this
path). parsers.ts now includes structuredContent in the synthetic resourceId
hash to guarantee uniqueness across repeated same-app calls with different
results, skips the early-return guard when a synthetic app resource is present,
appends the ui{} marker to the synthetic text block, and forwards the raw
content array alongside structuredContent so text/image-only app results are
not silently dropped.
Client-side changes: fetchMCPResourceHtml now returns the full _meta.ui from
the resources/read content item so CSP and permissions come from the canonical
location in the spec rather than the tool descriptor. useAppBridge falls back
to the resource-level values when the read result carries no overrides.
The sandbox retry interval clears when sandbox-resource-ready arrives, fixing
the race where the ready notification arrived before the transport was
connected. The size-change handler in MCPUIResource and UIResourceCarousel now
applies the reported height to the wrapper element, and MCPUIResource's iframe
style uses height: 100% so inline apps are not clipped. The carousel loading
placeholder now uses the localized key. Dockerfile.multi copies the sandbox
from client/dist (the Vite output) rather than the source tree, which is the
only path present in the multi-stage runtime image. baseUriDomains from the
CSP config are now honoured in buildCspPolicy instead of always emitting
base-uri 'self'. serverResources was removed from the AppBridge capabilities
advertisement because no resource handlers are registered on the bridge.
130 lines
4.4 KiB
Text
130 lines
4.4 KiB
Text
# Dockerfile.multi
|
|
# v0.8.7-rc1
|
|
|
|
# Set configurable max-old-space-size with default
|
|
ARG NODE_MAX_OLD_SPACE_SIZE=6144
|
|
|
|
# Optional build metadata surfaced in Settings -> About for support triage.
|
|
ARG BUILD_COMMIT=
|
|
ARG BUILD_BRANCH=
|
|
ARG BUILD_DATE=
|
|
|
|
# Base for all builds
|
|
FROM node:24.16.0-alpine AS base-min
|
|
ARG NPM_CI_TIMEOUT_SECONDS=1500
|
|
ARG NPM_CI_ATTEMPTS=2
|
|
RUN apk upgrade --no-cache
|
|
RUN apk add --no-cache jemalloc
|
|
# Set environment variable to use jemalloc
|
|
ENV LD_PRELOAD=/usr/lib/libjemalloc.so.2
|
|
|
|
WORKDIR /app
|
|
RUN apk --no-cache add curl
|
|
RUN npm config set fetch-retry-maxtimeout 600000 && \
|
|
npm config set fetch-retries 5 && \
|
|
npm config set fetch-retry-mintimeout 15000
|
|
COPY package*.json ./
|
|
COPY packages/data-provider/package*.json ./packages/data-provider/
|
|
COPY packages/api/package*.json ./packages/api/
|
|
COPY packages/data-schemas/package*.json ./packages/data-schemas/
|
|
COPY packages/client/package*.json ./packages/client/
|
|
COPY client/package*.json ./client/
|
|
COPY api/package*.json ./api/
|
|
|
|
# Install all dependencies for every build
|
|
FROM base-min AS base
|
|
ARG NPM_CI_TIMEOUT_SECONDS=1500
|
|
ARG NPM_CI_ATTEMPTS=2
|
|
WORKDIR /app
|
|
RUN attempt=1; \
|
|
until timeout "$NPM_CI_TIMEOUT_SECONDS" npm ci; do \
|
|
status=$?; \
|
|
if [ "$attempt" -ge "$NPM_CI_ATTEMPTS" ]; then \
|
|
exit "$status"; \
|
|
fi; \
|
|
echo "npm ci failed with exit code $status; retrying attempt $((attempt + 1))/$NPM_CI_ATTEMPTS"; \
|
|
attempt=$((attempt + 1)); \
|
|
npm cache clean --force || true; \
|
|
sleep 10; \
|
|
done
|
|
|
|
# Build `data-provider` package
|
|
FROM base AS data-provider-build
|
|
WORKDIR /app/packages/data-provider
|
|
COPY packages/data-provider ./
|
|
RUN npm run build
|
|
|
|
# Build `data-schemas` package
|
|
FROM base AS data-schemas-build
|
|
WORKDIR /app/packages/data-schemas
|
|
COPY packages/data-schemas ./
|
|
COPY --from=data-provider-build /app/packages/data-provider/dist /app/packages/data-provider/dist
|
|
RUN npm run build
|
|
|
|
# Build `api` package
|
|
FROM base AS api-package-build
|
|
WORKDIR /app/packages/api
|
|
COPY packages/api ./
|
|
COPY --from=data-provider-build /app/packages/data-provider/dist /app/packages/data-provider/dist
|
|
COPY --from=data-schemas-build /app/packages/data-schemas/dist /app/packages/data-schemas/dist
|
|
RUN npm run build
|
|
|
|
# Build `client` package
|
|
FROM base AS client-package-build
|
|
WORKDIR /app/packages/client
|
|
COPY packages/client ./
|
|
COPY --from=data-provider-build /app/packages/data-provider/dist /app/packages/data-provider/dist
|
|
RUN npm run build
|
|
|
|
# Client build
|
|
FROM base AS client-build
|
|
WORKDIR /app/client
|
|
COPY client ./
|
|
COPY --from=data-provider-build /app/packages/data-provider/dist /app/packages/data-provider/dist
|
|
COPY --from=client-package-build /app/packages/client/dist /app/packages/client/dist
|
|
COPY --from=client-package-build /app/packages/client/src /app/packages/client/src
|
|
ARG NODE_MAX_OLD_SPACE_SIZE
|
|
ENV NODE_OPTIONS="--max-old-space-size=${NODE_MAX_OLD_SPACE_SIZE}"
|
|
RUN npm run build
|
|
|
|
# API setup (including client dist)
|
|
FROM base-min AS api-build
|
|
ARG NPM_CI_TIMEOUT_SECONDS=1500
|
|
ARG NPM_CI_ATTEMPTS=2
|
|
# Add `uv` for extended MCP support
|
|
COPY --from=ghcr.io/astral-sh/uv:0.6.13 /uv /uvx /bin/
|
|
RUN uv --version
|
|
WORKDIR /app
|
|
# Install only production deps
|
|
RUN attempt=1; \
|
|
until timeout "$NPM_CI_TIMEOUT_SECONDS" npm ci --omit=dev; do \
|
|
status=$?; \
|
|
if [ "$attempt" -ge "$NPM_CI_ATTEMPTS" ]; then \
|
|
exit "$status"; \
|
|
fi; \
|
|
echo "npm ci --omit=dev failed with exit code $status; retrying attempt $((attempt + 1))/$NPM_CI_ATTEMPTS"; \
|
|
attempt=$((attempt + 1)); \
|
|
npm cache clean --force || true; \
|
|
sleep 10; \
|
|
done
|
|
COPY api ./api
|
|
COPY config ./config
|
|
COPY skill ./skill
|
|
COPY --from=data-provider-build /app/packages/data-provider/dist ./packages/data-provider/dist
|
|
COPY --from=data-schemas-build /app/packages/data-schemas/dist ./packages/data-schemas/dist
|
|
COPY --from=api-package-build /app/packages/api/dist ./packages/api/dist
|
|
COPY --from=client-build /app/client/dist ./client/dist
|
|
COPY --from=client-build /app/client/dist/mcp-sandbox.html ./client/public/mcp-sandbox.html
|
|
# Propagate build metadata into runtime env so /api/config can expose it.
|
|
# Declared here (after the heavy install/copy steps) so that commit/date
|
|
# changing on every CI run does not bust the cache for those layers.
|
|
ARG BUILD_COMMIT
|
|
ARG BUILD_BRANCH
|
|
ARG BUILD_DATE
|
|
ENV BUILD_COMMIT=${BUILD_COMMIT}
|
|
ENV BUILD_BRANCH=${BUILD_BRANCH}
|
|
ENV BUILD_DATE=${BUILD_DATE}
|
|
WORKDIR /app/api
|
|
EXPOSE 3080
|
|
ENV HOST=0.0.0.0
|
|
CMD ["node", "server/index.js"]
|