@librechat/agents 3.1.80-dev.1 → 3.1.80-dev.3

package/dist/types/tools/CodeExecutor.d.ts

@@ -1,14 +1,8 @@
 import { DynamicStructuredTool } from '@langchain/core/tools';
 import type * as t from '@/types';
 import { Constants } from '@/common';
-export declare const imageExtRegex: RegExp;
 export declare const getCodeBaseURL: () => string;
-/**
- * Renders one section of the post-execution file listing. Used by the
- * code/bash tool formatters to keep generated outputs and inherited
- * inputs visually separated. See BashExecutor for full docs.
- */
-export declare function renderFileSection(header: string, files: t.FileRefs, defaultMessage: string): string;
+export declare const emptyOutputMessage = "stdout: Empty. Ensure you're writing output explicitly.\n";
 export declare const CodeExecutionToolSchema: {
     readonly type: "object";
     readonly properties: {

package/dist/types/tools/ProgrammaticToolCalling.d.ts

@@ -107,6 +107,11 @@ export declare function unwrapToolResponse(result: unknown, isMCPTool: boolean):
 export declare function executeTools(toolCalls: t.PTCToolCall[], toolMap: t.ToolMap): Promise<t.PTCToolResult[]>;
 /**
  * Formats the completed response for the agent.
+ *
+ * Output is stdout/stderr only — see `CodeExecutor.ts`. The
+ * artifact still carries every file so the host's session map
+ * stays in sync; the LLM doesn't see them in the tool result text.
+ *
  * @param response - The completed API response
  * @returns Tuple of [formatted string, artifact]
  */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@librechat/agents",
-  "version": "3.1.80-dev.1",
+  "version": "3.1.80-dev.3",
   "main": "./dist/cjs/main.cjs",
   "module": "./dist/esm/main.mjs",
   "types": "./dist/types/index.d.ts",

package/src/tools/BashExecutor.ts

@@ -3,24 +3,11 @@ import fetch, { RequestInit } from 'node-fetch';
 import { HttpsProxyAgent } from 'https-proxy-agent';
 import { tool, DynamicStructuredTool } from '@langchain/core/tools';
 import type * as t from '@/types';
-import { getCodeBaseURL, renderFileSection } from './CodeExecutor';
+import { emptyOutputMessage, getCodeBaseURL } from './CodeExecutor';
 import { Constants } from '@/common';
 
 config();
 
-const otherMessage = 'File is already downloaded by the user';
-const inheritedFileMessage =
-  'Available as an input — already known to the user';
-const accessMessage =
-  'Note: Files from previous executions are automatically available and can be modified.';
-const emptyOutputMessage =
-  'stdout: Empty. Ensure you\'re writing output explicitly.\n';
-const inheritedFilesHeader =
-  'Available files (inputs, not generated by this execution):';
-const generatedFilesHeader = 'Generated files:';
-const inheritedNote =
-  'Note: Files in "Available files" are inputs the user (or a skill) already provided to the sandbox. They were not produced by this execution and you should not present them as new outputs in your response.';
-
 const baseEndpoint = getCodeBaseURL();
 const EXEC_ENDPOINT = `${baseEndpoint}/exec`;
 
@@ -133,54 +120,20 @@ function createBashExecutionTool(
         ...params,
       };
 
+      /* See `CodeExecutor.ts` for the rationale — `/files/<session_id>`
+       * HTTP fallback was removed because codeapi's sessionAuth requires
+       * kind/id query params unavailable at this point. */
       if (_injected_files && _injected_files.length > 0) {
         postData.files = _injected_files;
-      } else if (session_id != null && session_id.length > 0) {
-        try {
-          const filesEndpoint = `${baseEndpoint}/files/${session_id}?detail=full`;
-          const fetchOptions: RequestInit = {
-            method: 'GET',
-            headers: {
-              'User-Agent': 'LibreChat/1.0',
-            },
-          };
-
-          if (process.env.PROXY != null && process.env.PROXY !== '') {
-            fetchOptions.agent = new HttpsProxyAgent(process.env.PROXY);
-          }
-
-          const response = await fetch(filesEndpoint, fetchOptions);
-          if (!response.ok) {
-            throw new Error(
-              `Failed to fetch files for session: ${response.status}`
-            );
-          }
-
-          const files = await response.json();
-          if (Array.isArray(files) && files.length > 0) {
-            const fileReferences: t.CodeEnvFile[] = files.map((file) => {
-              const nameParts = file.name.split('/');
-              const id = nameParts.length > 1 ? nameParts[1].split('.')[0] : '';
-
-              return {
-                storage_session_id: session_id,
-                /* `/files` fallback returns code-output files belonging
-                 * to the user; tag them user-private. */
-                kind: 'user' as const,
-                id,
-                /* `resource_id` informational for `kind: 'user'` —
-                 * codeapi derives sessionKey from auth context. */
-                resource_id: id,
-                name: file.metadata['original-filename'],
-              };
-            });
-
-            postData.files = fileReferences;
-          }
-        } catch {
-          // eslint-disable-next-line no-console
-          console.warn(`Failed to fetch files for session: ${session_id}`);
-        }
+      } else if (
+        session_id != null &&
+        session_id.length > 0 &&
+        !Array.isArray(postData.files)
+      ) {
+        // eslint-disable-next-line no-console
+        console.debug(
+          `[BashExecutor] No injected files for session_id=${session_id} — exec will run without input files`
+        );
       }
 
       try {
@@ -202,6 +155,11 @@ function createBashExecutionTool(
         }
 
         const result: t.ExecuteResult = await response.json();
+        /* See `CodeExecutor.ts` — file listings were removed from the
+         * LLM-facing tool result. Bash especially benefits: models
+         * naturally `ls /mnt/data/` to discover what's available
+         * rather than relying on a prescriptive summary that
+         * misleads as often as it helps. */
         let formattedOutput = '';
         if (result.stdout) {
           formattedOutput += `stdout:\n${result.stdout}\n`;
@@ -209,53 +167,15 @@ function createBashExecutionTool(
           formattedOutput += emptyOutputMessage;
         }
         if (result.stderr) formattedOutput += `stderr:\n${result.stderr}\n`;
-        if (result.files && result.files.length > 0) {
-          /* Split inherited (read-only / unchanged-input passthroughs from
-           * codeapi) from genuine generated outputs. The LLM was previously
-           * shown skill files under "Generated files:" with the message
-           * "File is already downloaded by the user", which led it to
-           * (a) believe it had just produced files it merely referenced
-           * and (b) sometimes invent paths like /mnt/user-data/uploads/
-           * trying to find the "originals". Labeling them as inputs makes
-           * the mental model accurate. */
-          const inheritedFiles = result.files.filter(
-            (f) => f.inherited === true
-          );
-          const generatedFiles = result.files.filter(
-            (f) => f.inherited !== true
-          );
-
-          formattedOutput += renderFileSection(
-            generatedFilesHeader,
-            generatedFiles,
-            otherMessage
-          );
-          formattedOutput += renderFileSection(
-            inheritedFilesHeader,
-            inheritedFiles,
-            inheritedFileMessage
-          );
-
-          if (generatedFiles.length > 0) {
-            formattedOutput += `\n\n${accessMessage}`;
-          }
-          if (inheritedFiles.length > 0) {
-            formattedOutput += `\n\n${inheritedNote}`;
-          }
-          return [
-            formattedOutput.trim(),
-            {
-              session_id: result.session_id,
-              files: result.files,
-            } satisfies t.CodeExecutionArtifact,
-          ];
-        }
 
+        const hasFiles = result.files != null && result.files.length > 0;
         return [
           formattedOutput.trim(),
-          {
-            session_id: result.session_id,
-          } satisfies t.CodeExecutionArtifact,
+          (hasFiles
+            ? { session_id: result.session_id, files: result.files }
+            : {
+              session_id: result.session_id,
+            }) satisfies t.CodeExecutionArtifact,
         ];
       } catch (error) {
         throw new Error(

package/src/tools/BashProgrammaticToolCalling.ts

@@ -5,7 +5,6 @@ import type * as t from '@/types';
 import {
   makeRequest,
   executeTools,
-  fetchSessionFiles,
   formatCompletedResponse,
 } from './ProgrammaticToolCalling';
 import { getCodeBaseURL } from './CodeExecutor';
@@ -290,11 +289,17 @@ export function createBashProgrammaticToolCallingTool(
           );
         }
 
+        /* `/files/<session_id>` HTTP fallback removed — codeapi's
+         * sessionAuth requires kind/id query params unavailable at
+         * this point. See `CodeExecutor.ts` for full rationale. */
         let files: t.CodeEnvFile[] | undefined;
         if (_injected_files && _injected_files.length > 0) {
           files = _injected_files;
         } else if (session_id != null && session_id.length > 0) {
-          files = await fetchSessionFiles(baseUrl, session_id, proxy);
+          // eslint-disable-next-line no-console
+          console.debug(
+            `[BashProgrammaticToolCalling] No injected files for session_id=${session_id} — exec will run without input files`
+          );
         }
 
         let response = await makeRequest(

package/src/tools/CodeExecutor.ts

@@ -8,48 +8,12 @@ import { EnvVar, Constants } from '@/common';
 
 config();
 
-export const imageExtRegex = /\.(jpg|jpeg|png|gif|webp)$/i;
 export const getCodeBaseURL = (): string =>
   getEnvironmentVariable(EnvVar.CODE_BASEURL) ??
   Constants.OFFICIAL_CODE_BASEURL;
 
-const imageMessage = 'Image is already displayed to the user';
-const otherMessage = 'File is already downloaded by the user';
-const inheritedFileMessage =
-  'Available as an input — already known to the user';
-const accessMessage =
-  'Note: Files from previous executions are automatically available and can be modified.';
-const emptyOutputMessage =
+export const emptyOutputMessage =
   'stdout: Empty. Ensure you\'re writing output explicitly.\n';
-const inheritedFilesHeader =
-  'Available files (inputs, not generated by this execution):';
-const generatedFilesHeader = 'Generated files:';
-const inheritedNote =
-  'Note: Files in "Available files" are inputs the user (or a skill) already provided to the sandbox. They were not produced by this execution and you should not present them as new outputs in your response.';
-
-/**
- * Renders one section of the post-execution file listing. Used by the
- * code/bash tool formatters to keep generated outputs and inherited
- * inputs visually separated. See BashExecutor for full docs.
- */
-export function renderFileSection(
-  header: string,
-  files: t.FileRefs,
-  defaultMessage: string
-): string {
-  if (files.length === 0) return '';
-  let out = `${header}\n`;
-  for (let i = 0; i < files.length; i++) {
-    const file = files[i];
-    const isImage = imageExtRegex.test(file.name);
-    out += `- /mnt/data/${file.name} | ${isImage ? imageMessage : defaultMessage}`;
-    if (i < files.length - 1) {
-      out += files.length <= 3 ? ', ' : ',\n';
-    }
-  }
-  out += '\n';
-  return out;
-}
 
 const SUPPORTED_LANGUAGES = [
   'py',
@@ -150,65 +114,24 @@ function createCodeExecutionTool(
         ...params,
       };
 
-      /**
-       * File injection priority:
-       * 1. Use _injected_files from ToolNode (avoids /files endpoint race condition)
-       * 2. Fall back to fetching from /files endpoint if session_id
-       *    provided but no injected files. The /files lookup still uses the
-       *    same id value — codeapi stores output files under the exec id as
-       *    their storage prefix, so the two values coincide here.
-       */
+      /* File injection: `_injected_files` from ToolNode (set when host
+       * primes a CodeSessionContext) or `params.files` from tool
+       * factory (set by hosts that pre-resolve at construction time).
+       * The legacy `/files/<session_id>` HTTP fallback was removed —
+       * codeapi's `sessionAuth` middleware now requires kind/id query
+       * params the tool can't supply at this point, so the fetch 400'd
+       * silently and the catch swallowed the failure. */
       if (_injected_files && _injected_files.length > 0) {
         postData.files = _injected_files;
-      } else if (session_id != null && session_id.length > 0) {
-        /** Fallback: fetch from /files endpoint (may have race condition issues) */
-        try {
-          const filesEndpoint = `${baseEndpoint}/files/${session_id}?detail=full`;
-          const fetchOptions: RequestInit = {
-            method: 'GET',
-            headers: {
-              'User-Agent': 'LibreChat/1.0',
-            },
-          };
-
-          if (process.env.PROXY != null && process.env.PROXY !== '') {
-            fetchOptions.agent = new HttpsProxyAgent(process.env.PROXY);
-          }
-
-          const response = await fetch(filesEndpoint, fetchOptions);
-          if (!response.ok) {
-            throw new Error(
-              `Failed to fetch files for session: ${response.status}`
-            );
-          }
-
-          const files = await response.json();
-          if (Array.isArray(files) && files.length > 0) {
-            const fileReferences: t.CodeEnvFile[] = files.map((file) => {
-              const nameParts = file.name.split('/');
-              const id = nameParts.length > 1 ? nameParts[1].split('.')[0] : '';
-
-              return {
-                storage_session_id: session_id,
-                /* `/files` fallback returns code-output files belonging
-                 * to the user; tag them user-private. */
-                kind: 'user' as const,
-                id,
-                /* `resource_id` is informational for `kind: 'user'`
-                 * (codeapi derives sessionKey from auth context); use
-                 * the same value as `id` since the `/files` fallback
-                 * doesn't carry separate provenance. */
-                resource_id: id,
-                name: file.metadata['original-filename'],
-              };
-            });
-
-            postData.files = fileReferences;
-          }
-        } catch {
-          // eslint-disable-next-line no-console
-          console.warn(`Failed to fetch files for session: ${session_id}`);
-        }
+      } else if (
+        session_id != null &&
+        session_id.length > 0 &&
+        !Array.isArray(postData.files)
+      ) {
+        // eslint-disable-next-line no-console
+        console.debug(
+          `[CodeExecutor] No injected files for session_id=${session_id} — exec will run without input files`
+        );
       }
 
       try {
@@ -230,6 +153,13 @@ function createCodeExecutionTool(
         }
 
         const result: t.ExecuteResult = await response.json();
+        /* Output is stdout/stderr only — file listings were removed
+         * because the LLM-facing summary (split inherited/generated
+         * with prescriptive notes) caused more confusion than help,
+         * especially for bash where models naturally explore
+         * `/mnt/data/` themselves. The artifact still carries every
+         * file so the host's session map stays in sync; the LLM
+         * doesn't see them in the tool result text. */
         let formattedOutput = '';
         if (result.stdout) {
           formattedOutput += `stdout:\n${result.stdout}\n`;
@@ -237,48 +167,15 @@ function createCodeExecutionTool(
           formattedOutput += emptyOutputMessage;
         }
         if (result.stderr) formattedOutput += `stderr:\n${result.stderr}\n`;
-        if (result.files && result.files.length > 0) {
-          /* See BashExecutor for the rationale: split inherited (read-only
-           * passthrough) inputs from real generated outputs so the LLM
-           * doesn't conflate skill files with newly-produced artifacts. */
-          const inheritedFiles = result.files.filter(
-            (f) => f.inherited === true
-          );
-          const generatedFiles = result.files.filter(
-            (f) => f.inherited !== true
-          );
-
-          formattedOutput += renderFileSection(
-            generatedFilesHeader,
-            generatedFiles,
-            otherMessage
-          );
-          formattedOutput += renderFileSection(
-            inheritedFilesHeader,
-            inheritedFiles,
-            inheritedFileMessage
-          );
-
-          if (generatedFiles.length > 0) {
-            formattedOutput += `\n\n${accessMessage}`;
-          }
-          if (inheritedFiles.length > 0) {
-            formattedOutput += `\n\n${inheritedNote}`;
-          }
-          return [
-            formattedOutput.trim(),
-            {
-              session_id: result.session_id,
-              files: result.files,
-            } satisfies t.CodeExecutionArtifact,
-          ];
-        }
 
+        const hasFiles = result.files != null && result.files.length > 0;
         return [
           formattedOutput.trim(),
-          {
-            session_id: result.session_id,
-          } satisfies t.CodeExecutionArtifact,
+          (hasFiles
+            ? { session_id: result.session_id, files: result.files }
+            : {
+              session_id: result.session_id,
+            }) satisfies t.CodeExecutionArtifact,
         ];
       } catch (error) {
         throw new Error(

package/src/tools/ProgrammaticToolCalling.ts

@@ -5,28 +5,11 @@ import { HttpsProxyAgent } from 'https-proxy-agent';
 import { tool, DynamicStructuredTool } from '@langchain/core/tools';
 import type { ToolCall } from '@langchain/core/messages/tool';
 import type * as t from '@/types';
-import { getCodeBaseURL, renderFileSection } from './CodeExecutor';
+import { emptyOutputMessage, getCodeBaseURL } from './CodeExecutor';
 import { Constants } from '@/common';
 
 config();
 
-// ============================================================================
-// Constants
-// ============================================================================
-
-const otherMessage = 'File is already downloaded by the user';
-const inheritedFileMessage =
-  'Available as an input — already known to the user';
-const inheritedFilesHeader =
-  'Available files (inputs, not generated by this execution):';
-const generatedFilesHeader = 'Generated files:';
-const inheritedNote =
-  'Note: Files in "Available files" are inputs the user (or a skill) already provided to the sandbox. They were not produced by this execution and you should not present them as new outputs in your response.';
-const accessMessage =
-  'Note: Files from previous executions are automatically available and can be modified.';
-const emptyOutputMessage =
-  'stdout: Empty. Ensure you\'re writing output explicitly.\n';
-
 /** Default max round-trips to prevent infinite loops */
 const DEFAULT_MAX_ROUND_TRIPS = 20;
 
@@ -545,6 +528,11 @@ export async function executeTools(
 
 /**
  * Formats the completed response for the agent.
+ *
+ * Output is stdout/stderr only — see `CodeExecutor.ts`. The
+ * artifact still carries every file so the host's session map
+ * stays in sync; the LLM doesn't see them in the tool result text.
+ *
  * @param response - The completed API response
  * @returns Tuple of [formatted string, artifact]
  */
@@ -563,32 +551,6 @@ export function formatCompletedResponse(
     formatted += `stderr:\n${response.stderr}\n`;
   }
 
-  if (response.files && response.files.length > 0) {
-    /* See BashExecutor for the rationale: split inherited (read-only
-     * passthrough) inputs from real generated outputs so the LLM doesn't
-     * conflate skill files with newly-produced artifacts. */
-    const inheritedFiles = response.files.filter((f) => f.inherited === true);
-    const generatedFiles = response.files.filter((f) => f.inherited !== true);
-
-    formatted += renderFileSection(
-      generatedFilesHeader,
-      generatedFiles,
-      otherMessage
-    );
-    formatted += renderFileSection(
-      inheritedFilesHeader,
-      inheritedFiles,
-      inheritedFileMessage
-    );
-
-    if (generatedFiles.length > 0) {
-      formatted += `\n\n${accessMessage}`;
-    }
-    if (inheritedFiles.length > 0) {
-      formatted += `\n\n${inheritedNote}`;
-    }
-  }
-
   return [
     formatted.trim(),
     {
@@ -675,16 +637,19 @@ export function createProgrammaticToolCallingTool(
         }
 
         /**
-         * File injection priority:
-         * 1. Use _injected_files from ToolNode (avoids /files endpoint race condition)
-         * 2. Fall back to fetching from /files endpoint if session_id
-         *    provided but no injected files.
+         * File injection: `_injected_files` from ToolNode session
+         * context. The legacy `/files/<session_id>` HTTP fallback was
+         * removed (see `CodeExecutor.ts`) — codeapi's sessionAuth now
+         * requires kind/id query params unavailable at this point.
          */
         let files: t.CodeEnvFile[] | undefined;
         if (_injected_files && _injected_files.length > 0) {
           files = _injected_files;
         } else if (session_id != null && session_id.length > 0) {
-          files = await fetchSessionFiles(baseUrl, session_id, proxy);
+          // eslint-disable-next-line no-console
+          console.debug(
+            `[ProgrammaticToolCalling] No injected files for session_id=${session_id} — exec will run without input files`
+          );
         }
 
         let response = await makeRequest(

package/src/tools/ToolNode.ts

@@ -313,6 +313,15 @@ function toInjectedFileRef(
   return { ...base, kind: 'user' };
 }
 
+/* Stable file identity = `(storage_session_id, id)`. Same name in
+ * different storage sessions are distinct files. */
+function fileIdentityKey(file: {
+  storage_session_id?: string;
+  id: string;
+}): string {
+  return `${file.storage_session_id ?? ''}\0${file.id}`;
+}
+
 function updateCodeSession(
   sessions: t.ToolSessionMap,
   execSessionId: string,
@@ -324,27 +333,50 @@ function updateCodeSession(
     | undefined;
   const existingFiles = existingSession?.files ?? [];
 
-  if (newFiles.length > 0) {
-    const filesWithSession: t.FileRefs = newFiles.map((file) => ({
-      ...file,
-      storage_session_id: file.storage_session_id ?? execSessionId,
-    }));
-    const newFileNames = new Set(filesWithSession.map((f) => f.name));
-    const filteredExisting = existingFiles.filter(
-      (f) => !newFileNames.has(f.name)
-    );
-    sessions.set(Constants.EXECUTE_CODE, {
-      session_id: execSessionId,
-      files: [...filteredExisting, ...filesWithSession],
-      lastUpdated: Date.now(),
-    });
-  } else {
+  if (newFiles.length === 0) {
     sessions.set(Constants.EXECUTE_CODE, {
       session_id: execSessionId,
       files: existingFiles,
       lastUpdated: Date.now(),
     });
+    return;
+  }
+
+  /* Worker echoes lack ownership identity (kind/resource_id/version) —
+   * sandbox doesn't re-attest; that's signed at upload. Merge by
+   * (storage_session_id, id) so prior identity survives the echo. */
+  const filesWithSession: t.FileRefs = [];
+  const newFileNames = new Set<string>();
+  const incomingByIdentity = new Map<string, number>();
+  for (const file of newFiles) {
+    const withSession = {
+      ...file,
+      storage_session_id: file.storage_session_id ?? execSessionId,
+    };
+    incomingByIdentity.set(
+      fileIdentityKey(withSession),
+      filesWithSession.length
+    );
+    newFileNames.add(withSession.name);
+    filesWithSession.push(withSession);
   }
+
+  const filteredExisting: t.FileRefs = [];
+  for (const e of existingFiles) {
+    const idx = incomingByIdentity.get(fileIdentityKey(e));
+    if (idx !== undefined) {
+      filesWithSession[idx] = { ...e, ...filesWithSession[idx] };
+    }
+    if (!newFileNames.has(e.name)) {
+      filteredExisting.push(e);
+    }
+  }
+
+  sessions.set(Constants.EXECUTE_CODE, {
+    session_id: execSessionId,
+    files: [...filteredExisting, ...filesWithSession],
+    lastUpdated: Date.now(),
+  });
 }
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any