@librechat/agents 3.1.78-dev.0 → 3.1.79

package/src/specs/summarization.test.ts

@@ -428,7 +428,7 @@ const hasAnthropic = process.env.ANTHROPIC_API_KEY != null;
 
     // Turn 7: absolute minimum context if still nothing
     if (spies.onSummarizeStartSpy.mock.calls.length === 0) {
-      ({ run, contentParts } = await createRun(3100));
+      ({ run, contentParts } = await createRun(2200));
       await runTurn({ run, conversationHistory }, 'What is 1+1?', streamConfig);
       logTurn('T7', conversationHistory);
     }
@@ -722,7 +722,7 @@ const hasAnthropic = process.env.ANTHROPIC_API_KEY != null;
     }
 
     if (spies.onSummarizeStartSpy.mock.calls.length === 0) {
-      run = await createRun(2800);
+      run = await createRun(1000);
       await runTurn(
         { run, conversationHistory },
         'What is 9 * 9? Calculator.',
@@ -876,7 +876,7 @@ const hasAnthropic = process.env.ANTHROPIC_API_KEY != null;
 
     // Turn 6: squeeze harder if needed
     if (spies.onSummarizeStartSpy.mock.calls.length === 0) {
-      ({ run, contentParts } = await createRun(2000));
+      ({ run, contentParts } = await createRun(1000));
       await runTurn(
         { run, conversationHistory },
         'What is 42 * 42? Use the calculator.',

package/src/tools/__tests__/LocalExecutionRoots.test.ts

@@ -0,0 +1,8 @@
+import { getReadRoots, getWriteRoots } from '../local/LocalExecutionEngine';
+
+describe('local execution workspace roots', () => {
+  it('uses the current working directory boundary when config is omitted', () => {
+    expect(getWriteRoots()).toEqual([process.cwd()]);
+    expect(getReadRoots()).toEqual([process.cwd()]);
+  });
+});

package/src/tools/__tests__/SubagentExecutor.test.ts

@@ -546,6 +546,154 @@ describe('SubagentExecutor', () => {
     expect(observedChildInputs!.maxSubagentDepth).toBeUndefined();
   });
 
+  describe('parentConfigurable inheritance', () => {
+    /**
+     * Build a stub factory that captures the second argument to
+     * `workflow.invoke()` (the runnable config) so tests can assert on
+     * the `configurable` we forwarded to the child graph.
+     */
+    function makeCapturingGraphFactory(): {
+      factory: () => StandardGraph;
+      getInvokeConfig: () => Record<string, unknown> | undefined;
+    } {
+      let capturedConfig: Record<string, unknown> | undefined;
+      const factory = (): StandardGraph =>
+        ({
+          createWorkflow: (): { invoke: jest.Mock } => ({
+            invoke: jest
+              .fn()
+              .mockImplementation(
+                async (
+                  _input: unknown,
+                  config: Record<string, unknown>
+                ): Promise<{ messages: BaseMessage[] }> => {
+                  capturedConfig = config;
+                  return { messages: [new AIMessage('done')] };
+                }
+              ),
+          }),
+          clearHeavyState: jest.fn(),
+        }) as unknown as StandardGraph;
+      return { factory, getInvokeConfig: () => capturedConfig };
+    }
+
+    it('forwards parentConfigurable into the child workflow.invoke configurable', async () => {
+      const { factory, getInvokeConfig } = makeCapturingGraphFactory();
+      const executor = createExecutor({ createChildGraph: factory });
+
+      await executor.execute({
+        description: 'task',
+        subagentType: 'researcher',
+        parentConfigurable: {
+          requestBody: { messageId: 'msg-123', conversationId: 'conv-456' },
+          user: { id: 'user_abc' },
+          user_id: 'user_abc',
+          userMCPAuthMap: { 'mcp-github': { token: 'abc' } },
+        },
+      });
+
+      const invokeConfig = getInvokeConfig();
+      expect(invokeConfig).toBeDefined();
+      const configurable = invokeConfig!.configurable as Record<string, unknown>;
+      expect(configurable.requestBody).toEqual({
+        messageId: 'msg-123',
+        conversationId: 'conv-456',
+      });
+      expect(configurable.user).toEqual({ id: 'user_abc' });
+      expect(configurable.user_id).toBe('user_abc');
+      expect(configurable.userMCPAuthMap).toEqual({
+        'mcp-github': { token: 'abc' },
+      });
+    });
+
+    it('inherits parent thread_id when supplied (subagent is part of same conversation)', async () => {
+      const { factory, getInvokeConfig } = makeCapturingGraphFactory();
+      const executor = createExecutor({
+        createChildGraph: factory,
+        parentRunId: 'parent-run-xyz',
+      });
+
+      await executor.execute({
+        description: 'task',
+        subagentType: 'researcher',
+        parentConfigurable: { thread_id: 'parent-thread-conv-abc' },
+      });
+
+      const configurable = getInvokeConfig()!.configurable as Record<
+        string,
+        unknown
+      >;
+      expect(configurable.thread_id).toBe('parent-thread-conv-abc');
+    });
+
+    it('falls back to childRunId for thread_id when parent did not supply one', async () => {
+      const { factory, getInvokeConfig } = makeCapturingGraphFactory();
+      const executor = createExecutor({
+        createChildGraph: factory,
+        parentRunId: 'parent-run-xyz',
+      });
+
+      await executor.execute({
+        description: 'task',
+        subagentType: 'researcher',
+        parentConfigurable: { user_id: 'user_abc' },
+      });
+
+      const configurable = getInvokeConfig()!.configurable as Record<
+        string,
+        unknown
+      >;
+      expect(configurable.thread_id as string).toMatch(/^parent-run-xyz_sub_/);
+      expect(configurable.user_id).toBe('user_abc');
+    });
+
+    it('forwards run-identity fields verbatim into the child invoke configurable', async () => {
+      const { factory, getInvokeConfig } = makeCapturingGraphFactory();
+      const executor = createExecutor({ createChildGraph: factory });
+
+      await executor.execute({
+        description: 'task',
+        subagentType: 'researcher',
+        parentConfigurable: {
+          run_id: 'parent-run-id',
+          parent_run_id: 'grandparent-run-id',
+          requestBody: { messageId: 'msg-1' },
+        },
+      });
+
+      const configurable = getInvokeConfig()!.configurable as Record<
+        string,
+        unknown
+      >;
+      // The SDK forwards these fields as part of its inheritance contract.
+      // NOTE: the LangGraph runtime overwrites `configurable.run_id` at
+      // actual child-invoke time (verified empirically); this unit test
+      // only asserts what the SDK forwards into `workflow.invoke` — not
+      // what tools downstream observe. `parent_run_id` and other
+      // host-set keys do survive the runtime pass-through.
+      expect(configurable.run_id).toBe('parent-run-id');
+      expect(configurable.parent_run_id).toBe('grandparent-run-id');
+      expect(configurable.requestBody).toEqual({ messageId: 'msg-1' });
+    });
+
+    it('does not require parentConfigurable (back-compat with hosts that omit it)', async () => {
+      const { factory, getInvokeConfig } = makeCapturingGraphFactory();
+      const executor = createExecutor({ createChildGraph: factory });
+
+      await executor.execute({
+        description: 'task',
+        subagentType: 'researcher',
+      });
+
+      const configurable = getInvokeConfig()!.configurable as Record<
+        string,
+        unknown
+      >;
+      // Only thread_id (childRunId fallback) is set when no parent context is supplied.
+      expect(Object.keys(configurable)).toEqual(['thread_id']);
+    });
+  });
+
   describe('hooks', () => {
     let capturedStart: unknown;
     let capturedStop: unknown;

package/src/tools/local/LocalExecutionEngine.ts

@@ -5,7 +5,6 @@ import { mkdir, realpath, rm, writeFile } from 'fs/promises';
 import { createWriteStream } from 'fs';
 import { spawn } from 'child_process';
 import type { ChildProcess } from 'child_process';
-import type { SandboxRuntimeConfig } from '@anthropic-ai/sandbox-runtime';
 import { runBashAstChecks, bashAstFindingsToErrors } from './bashAst';
 import { nodeWorkspaceFS } from './workspaceFS';
 import type { WorkspaceFS } from './workspaceFS';
@@ -188,8 +187,17 @@ type RuntimeCommand = {
   source?: string;
 };
 
-type SandboxRuntimeModule = typeof import('@anthropic-ai/sandbox-runtime');
-type SandboxManagerType = SandboxRuntimeModule['SandboxManager'];
+type SandboxManagerType = {
+  checkDependencies(): { errors: string[] };
+  initialize(config: BuiltSandboxRuntimeConfig): Promise<void>;
+  reset(): Promise<void>;
+  wrapWithSandbox(command: string): Promise<string>;
+};
+
+type SandboxRuntimeModule = {
+  getDefaultWritePaths(): string[];
+  SandboxManager: SandboxManagerType;
+};
 
 let sandboxConfigKey: string | undefined;
 let sandboxInitialized = false;
@@ -229,9 +237,7 @@ export function getLocalCwd(config?: t.LocalExecutionConfig): string {
  * Returns plain absolute paths — callers symlink-resolve when they
  * need realpath equality (see `resolveWorkspacePathSafe`).
  */
-export function getWorkspaceRoots(
-  config?: t.LocalExecutionConfig
-): string[] {
+export function getWorkspaceRoots(config?: t.LocalExecutionConfig): string[] {
   const root = getLocalCwd(config);
   const extras = config?.workspace?.additionalRoots ?? [];
   if (extras.length === 0) return [root];
@@ -258,9 +264,7 @@ export function getWorkspaceRoots(
  * back to the legacy top-level `local.spawn`, then to Node's
  * `child_process.spawn`. Centralised so engine swapping is one knob.
  */
-export function getSpawn(
-  config?: t.LocalExecutionConfig
-): t.LocalSpawn {
+export function getSpawn(config?: t.LocalExecutionConfig): t.LocalSpawn {
   return (config?.exec?.spawn ?? config?.spawn ?? spawn) as t.LocalSpawn;
 }
 
@@ -269,9 +273,7 @@ export function getSpawn(
  * to the Node-host implementation. A future remote engine supplies
  * its own implementation here and inherits every file-touching tool.
  */
-export function getWorkspaceFS(
-  config?: t.LocalExecutionConfig
-): WorkspaceFS {
+export function getWorkspaceFS(config?: t.LocalExecutionConfig): WorkspaceFS {
   return config?.exec?.fs ?? nodeWorkspaceFS;
 }
 
@@ -282,17 +284,17 @@ export function getWorkspaceFS(
  * helpers interpret as "skip the write clamp".
  */
 export function getWriteRoots(
-  config?: t.LocalExecutionConfig
+  config: t.LocalExecutionConfig = {}
 ): string[] | null {
   // Granular flag wins over the legacy one when explicitly set
   // (true OR false) — otherwise a host tightening access during
   // migration (`allowOutsideWorkspace: true, workspace.
   // allowWriteOutside: false`) would still get the loose behavior
   // because the legacy flag short-circuited the OR. Codex P1 #36.
-  const granular = config?.workspace?.allowWriteOutside;
+  const granular = config.workspace?.allowWriteOutside;
   if (granular === true) return null;
   if (granular === false) return getWorkspaceRoots(config);
-  if (config?.allowOutsideWorkspace === true) return null;
+  if (config.allowOutsideWorkspace === true) return null;
   return getWorkspaceRoots(config);
 }
 
@@ -302,14 +304,14 @@ export function getWriteRoots(
  * `allowOutsideWorkspace`) by returning `null`.
  */
 export function getReadRoots(
-  config?: t.LocalExecutionConfig
+  config: t.LocalExecutionConfig = {}
 ): string[] | null {
   // Same precedence as getWriteRoots: granular flag is authoritative
   // when set, legacy flag is the fallback. Codex P1 #36.
-  const granular = config?.workspace?.allowReadOutside;
+  const granular = config.workspace?.allowReadOutside;
   if (granular === true) return null;
   if (granular === false) return getWorkspaceRoots(config);
-  if (config?.allowOutsideWorkspace === true) return null;
+  if (config.allowOutsideWorkspace === true) return null;
   return getWorkspaceRoots(config);
 }
 
@@ -323,10 +325,13 @@ const missingSandboxRuntimeMessage = [
   'Local sandbox is enabled, but @anthropic-ai/sandbox-runtime is not installed.',
   'Install it with `npm install @anthropic-ai/sandbox-runtime`, or disable local sandboxing with `local.sandbox.enabled: false`.',
 ].join(' ');
+const sandboxRuntimePackage = '@anthropic-ai/sandbox-runtime';
 
 /** Lazy-loads the ESM-only sandbox runtime only when sandboxing is enabled. */
 function loadSandboxRuntime(): Promise<SandboxRuntimeModule> {
-  sandboxRuntimePromise ??= import('@anthropic-ai/sandbox-runtime');
+  sandboxRuntimePromise ??= import(
+    sandboxRuntimePackage
+  ) as Promise<SandboxRuntimeModule>;
   return sandboxRuntimePromise;
 }
 
@@ -487,7 +492,9 @@ export async function validateBashCommand(
   }
 
   if (config.readOnly === true && mutatingCommandPattern.test(normalized)) {
-    errors.push('Command appears to mutate files or repository state in read-only local mode.');
+    errors.push(
+      'Command appears to mutate files or repository state in read-only local mode.'
+    );
   }
 
   // Use the same shell the actual execution path will use. Hard-coding
@@ -504,12 +511,14 @@ export async function validateBashCommand(
       sandbox: { enabled: false },
     },
     { internal: true }
-  ).catch((error: Error): SpawnResult => ({
-    stdout: '',
-    stderr: error.message,
-    exitCode: 1,
-    timedOut: false,
-  }));
+  ).catch(
+    (error: Error): SpawnResult => ({
+      stdout: '',
+      stderr: error.message,
+      exitCode: 1,
+      timedOut: false,
+    })
+  );
 
   if (syntax.exitCode !== 0) {
     errors.push(
@@ -567,14 +576,7 @@ async function ensureSandbox(
     await runtime.SandboxManager.reset();
   }
 
-  // Cast at the runtime boundary — our public `BuiltSandboxRuntimeConfig`
-  // is intentionally structural to keep the optional peer dep out of
-  // generated `.d.ts` (Codex P1 #22). It's a structural subset of the
-  // peer's `SandboxRuntimeConfig`, so the assignment is sound at the
-  // one site where the peer is actually loaded.
-  await runtime.SandboxManager.initialize(
-    runtimeConfig as unknown as SandboxRuntimeConfig
-  );
+  await runtime.SandboxManager.initialize(runtimeConfig);
   sandboxInitialized = true;
   sandboxConfigKey = nextKey;
   return runtime.SandboxManager;
@@ -715,8 +717,7 @@ export async function spawnLocalProcess(
   // so a process producing unbounded output gets stopped instead of
   // letting the host OOM.
   const inMemoryCapBytes = maxOutputChars * 2;
-  const hardKillBytes =
-    config.maxSpawnedBytes ?? DEFAULT_MAX_SPAWNED_BYTES;
+  const hardKillBytes = config.maxSpawnedBytes ?? DEFAULT_MAX_SPAWNED_BYTES;
   const sandboxManager = await ensureSandbox(config, cwd);
   // Internal probes (validateBashCommand syntax preflight,
   // isRipgrepAvailable, syntax-check probe cache priming) pass
@@ -775,10 +776,7 @@ export async function spawnLocalProcess(
       spillStream.write('\n===== overflow stream begins here =====\n');
     };
 
-    const handleChunk = (
-      buf: Buffer,
-      kind: 'stdout' | 'stderr'
-    ): void => {
+    const handleChunk = (buf: Buffer, kind: 'stdout' | 'stderr'): void => {
       totalSpawnedBytes += buf.length;
       // hardKillBytes <= 0 means "no cap" per the public config contract
       // (see LocalExecutionConfig.maxSpawnedBytes). Skip the kill check
@@ -857,11 +855,11 @@ export async function spawnLocalProcess(
       }, timeoutMs);
     }
 
-    child.stdout?.on('data', (chunk: Buffer) => {
+    child.stdout.on('data', (chunk: Buffer) => {
       handleChunk(chunk, 'stdout');
     });
 
-    child.stderr?.on('data', (chunk: Buffer) => {
+    child.stderr.on('data', (chunk: Buffer) => {
       handleChunk(chunk, 'stderr');
     });
 
@@ -928,8 +926,7 @@ export async function executeLocalBash(
  * Codex P1 [45], extended for dot-glob in Codex P1 [47] (mirrors the
  * `DESTRUCTIVE_TARGET` suffix matrix exactly).
  */
-const PROTECTED_TARGET_ARG_RE =
-  /^(?:\/|~|\$\{?HOME\}?|\.)(?:\/?\.?\*|\/)?$/;
+const PROTECTED_TARGET_ARG_RE = /^(?:\/|~|\$\{?HOME\}?|\.)(?:\/?\.?\*|\/)?$/;
 
 /**
  * Mutating-op recognizer for the args check. Conservative: only the
@@ -971,11 +968,7 @@ export async function executeLocalBashWithArgs(
     }
   }
   const shell = config.shell ?? DEFAULT_SHELL;
-  return spawnLocalProcess(
-    shell,
-    ['-lc', command, '--', ...args],
-    config
-  );
+  return spawnLocalProcess(shell, ['-lc', command, '--', ...args], config);
 }
 
 export async function executeLocalCode(
@@ -1009,7 +1002,11 @@ export async function executeLocalCode(
       config.shell
     );
     if (runtime.source != null) {
-      await writeFile(resolve(tempDir, runtime.fileName), runtime.source, 'utf8');
+      await writeFile(
+        resolve(tempDir, runtime.fileName),
+        runtime.source,
+        'utf8'
+      );
     }
     return await spawnLocalProcess(runtime.command, runtime.args, config);
   } finally {
@@ -1205,7 +1202,7 @@ function killProcessTree(child: ChildProcess): void {
   // window. Use unref() so the timer doesn't keep the Node process
   // alive past the parent's natural exit.
   const escalation = setTimeout(() => sigkill(child), SIGKILL_ESCALATION_MS);
-  escalation.unref?.();
+  escalation.unref();
   child.once('close', () => clearTimeout(escalation));
 }
 
@@ -1225,9 +1222,12 @@ export function resolveWorkspacePath(
   intent: 'read' | 'write' = 'write'
 ): string {
   const cwd = getLocalCwd(config);
-  const absolutePath = isAbsolute(filePath) ? resolve(filePath) : resolve(cwd, filePath);
+  const absolutePath = isAbsolute(filePath)
+    ? resolve(filePath)
+    : resolve(cwd, filePath);
 
-  const roots = intent === 'write' ? getWriteRoots(config) : getReadRoots(config);
+  const roots =
+    intent === 'write' ? getWriteRoots(config) : getReadRoots(config);
   if (roots == null) return absolutePath; // explicit allow-outside
 
   if (absolutePath === cwd || isInsideAnyRoot(absolutePath, roots)) {
@@ -1306,7 +1306,8 @@ export async function resolveWorkspacePathSafe(
   intent: 'read' | 'write' = 'write'
 ): Promise<string> {
   const lexical = resolveWorkspacePath(filePath, config, intent);
-  const roots = intent === 'write' ? getWriteRoots(config) : getReadRoots(config);
+  const roots =
+    intent === 'write' ? getWriteRoots(config) : getReadRoots(config);
   if (roots == null) {
     return lexical;
   }

package/src/tools/subagent/SubagentExecutor.ts

@@ -40,6 +40,35 @@ export type SubagentExecuteParams = {
    * without relying on event ordering heuristics.
    */
   parentToolCallId?: string;
+  /**
+   * Snapshot of the parent invocation's `config.configurable` at the
+   * spawn-tool call site. Inherited verbatim into the child workflow's
+   * `configurable` so host-set fields (`requestBody`, `user`,
+   * `userMCPAuthMap`, etc.) propagate — fixing MCP body-placeholder
+   * substitution and per-user lookups for subagent tool calls.
+   *
+   * Inheritance details (verified empirically against LangGraph):
+   *   - host-set keys propagate as-is into the child's tool dispatches;
+   *   - `thread_id` propagates (with `childRunId` as a fallback when
+   *     parent did not supply one) — matches the "subagent is part of
+   *     the same conversation" mental model and aligns with the
+   *     `sessionId: this.parentRunId` convention this executor already
+   *     uses for `SubagentStart` / `SubagentStop` hooks;
+   *   - `parent_run_id` propagates when the host put it on parent's
+   *     configurable;
+   *   - `run_id` is *overwritten by the LangGraph runtime* at child
+   *     invoke time regardless of what we forward — child's tool
+   *     dispatches see the child graph's runtime runId in
+   *     `configurable.run_id`, not the parent's. Hosts that need
+   *     parent-scoped run identity for downstream consumers should
+   *     plumb it via a host-defined key (e.g. `requestBody.messageId`),
+   *     not `run_id`.
+   *
+   * A future revision will likely make this inheritance configurable
+   * per spawn type — background / async subagents may want isolation
+   * rather than sharing parent's host context.
+   */
+  parentConfigurable?: Record<string, unknown>;
 };
 
 export type SubagentExecuteResult = {
@@ -246,6 +275,36 @@ export class SubagentExecutor {
        * nested trace pollution).
        */
       const callbacks: Callbacks = forwarder ? [forwarder] : [];
+      /**
+       * Inherit the parent's `configurable` verbatim — host-set fields
+       * (`requestBody`, `user`, `userMCPAuthMap`, etc.) AND the run-
+       * identity fields (`run_id`, `parent_run_id`, `thread_id`) all
+       * propagate.
+       *
+       * Run-identity propagation is intentional and matches the
+       * convention this executor itself already uses for `SubagentStart`
+       * / `SubagentStop` hooks (`sessionId: this.parentRunId`): the
+       * subagent runs under the parent's session scope, not its own.
+       * Forwarding `run_id` / `parent_run_id` / `thread_id` makes
+       * `ToolNode`'s hook lookups (`hasHookFor(eventName, runId)`),
+       * `ToolOutputReferenceRegistry` keying, and trace lineage all
+       * resolve to the parent's session for tools dispatched from the
+       * subagent — so `PreToolUse` / `PostToolUse` hooks the host
+       * registered against the parent's run fire for subagent tool
+       * calls too. "Same run" matches the user-perceptual mental model.
+       *
+       * `thread_id` falls back to `childRunId` only when the parent
+       * didn't supply one (legacy behavior preserved for hosts that
+       * never set thread_id).
+       *
+       * NOTE: a future revision will likely make this configurable per
+       * spawn type — e.g. a background / async subagent that runs after
+       * the parent's run completes wants isolation, not inheritance.
+       * For now the inheritance path matches LibreChat's primary use
+       * case (synchronous subagents within a single user turn).
+       */
+      const inheritedConfigurable: Record<string, unknown> =
+        params.parentConfigurable ?? {};
       result = await workflow.invoke(
         { messages: [new HumanMessage(description)] },
         {
@@ -255,6 +314,7 @@ export class SubagentExecutor {
           runName: `subagent:${subagentType}`,
           configurable: {
             thread_id: childRunId,
+            ...inheritedConfigurable,
           },
         }
       );

package/src/types/diff.d.ts

@@ -0,0 +1,15 @@
+declare module 'diff' {
+  export type PatchOptions = {
+    context?: number;
+  };
+
+  export function createTwoFilesPatch(
+    oldFileName: string,
+    newFileName: string,
+    oldStr: string,
+    newStr: string,
+    oldHeader?: string,
+    newHeader?: string,
+    options?: PatchOptions
+  ): string;
+}