LibreChat/client/src/components
Marco Beretta 730878bc5a
🔐 feat: Use SecretInput for Sensitive Fields (#12955)
* feat: use SecretInput for sensitive fields

* fix: align auth SecretInput styles

* chore: remove unused password i18n keys

* fix: align SecretInput controls

* fix: use SecretInput for dynamic credentials

* fix: reveal SecretInput controls on hover

* fix: align SecretInput eye icon and modernize controls

The wrapper was a flex container, so passing 'mb-2' on the input made it
contribute its margin to the wrapper's cross-axis size — the controls overlay
spanned the inflated height and centered the toggle 4px below the input's
true center. Switching the wrapper to a plain relative block collapses height
back to the input.

Also tightens the toggle/copy buttons (size-7 rounded-md with hover:bg-surface-hover)
and adds a focus ring on the input. Auth pages still override className/buttonClassName
so login/register styling is unchanged.

* fix: remove focus ring from SecretInput

* fix: keep green focus border on auth secret inputs

SecretInput's modernized default uses focus-visible:border-border-heavy and
hover:border-border-medium, which Tailwind emits after the auth pages' focus:
rules and overrides them. Auth pages now also declare focus-visible:border-green-500
and hover:border-border-light so cn()/twMerge resolves them as the winners
when classes are concatenated.

* feat: add optional sensitive flag to MCP customUserVars

Dynamic MCP credential fields all rendered as masked SecretInputs, which
also hid non-secret setup values like usernames, project keys, and URLs.

Add an optional `sensitive` flag to customUserVars and the plugin auth
config. It defaults to masked when omitted, so existing configs keep the
safe-by-default behavior; set `sensitive: false` to render a field as
plain text. The flag is display-only — values remain encrypted at rest.
2026-06-01 18:14:12 -04:00
..
Agents 🧪 ci: Stabilize Virtualized Agent Grid Tests (#13214) 2026-05-20 14:41:36 -04:00
Artifacts 🪡 fix: Artifact Edit Saves (#13358) 2026-05-27 22:03:42 -07:00
Audio
Auth 🔐 feat: Use SecretInput for Sensitive Fields (#12955) 2026-06-01 18:14:12 -04:00
Banners 📄 fix: Harden Configured Rich Text Rendering (#13423) 2026-05-30 19:37:05 -04:00
Bookmarks
Chat 🔐 feat: Use SecretInput for Sensitive Fields (#12955) 2026-06-01 18:14:12 -04:00
Conversations ⏱️ refactor: Optimistically Show New Chats In Sidebar (#13298) 2026-05-24 20:03:46 -04:00
Endpoints 🖼️ fix: Preserve Model Spec Icon URLs (#13370) 2026-05-30 09:50:27 -04:00
Files
Input 🔐 feat: Use SecretInput for Sensitive Fields (#12955) 2026-06-01 18:14:12 -04:00
MCP 🔐 feat: Use SecretInput for Sensitive Fields (#12955) 2026-06-01 18:14:12 -04:00
MCPUIResource 🪝 fix: Safe Hook Fallbacks for Tool-Call Components in Search Route (#12423) 2026-03-26 16:40:37 -04:00
Messages 🧯 fix: Harden Data Retention Semantics (#13049) 2026-05-19 21:58:42 -04:00
Nav 🔐 feat: Use SecretInput for Sensitive Fields (#12955) 2026-06-01 18:14:12 -04:00
OAuth
Plugins/Store 🔐 feat: Use SecretInput for Sensitive Fields (#12955) 2026-06-01 18:14:12 -04:00
Prompts 📜 feat: Skills UI + Initial E2E CRUD / Sharing (#12580) 2026-04-25 04:02:00 -04:00
Share 🔒 fix: Strip post-login fields from unauthenticated /api/config response (#13102) 2026-05-30 09:51:21 -07:00
SharePoint
Sharing 📜 feat: Skills UI + Initial E2E CRUD / Sharing (#12580) 2026-04-25 04:02:00 -04:00
SidePanel 🔐 feat: Use SecretInput for Sensitive Fields (#12955) 2026-06-01 18:14:12 -04:00
Skills chore: Upgrade Vite For Node 24 (#13450) 2026-06-01 15:47:58 -04:00
System
Tools
ui 🔨 fix: Custom Role Permissions (#12528) 2026-04-03 13:24:11 -04:00
UnifiedSidebar 🗂️ feat: Sidebar Icon Toggle & New Chat History Switch (#12642) 2026-04-13 09:46:38 -04:00
Web 🧭 fix: Navigate Signed CDN Downloads (#12998) 2026-05-07 13:36:57 -04:00
index.ts