@librechat/agents 3.1.80-dev.2 → 3.1.80

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@librechat/agents",
-  "version": "3.1.80-dev.2",
+  "version": "3.1.80",
   "main": "./dist/cjs/main.cjs",
   "module": "./dist/esm/main.mjs",
   "types": "./dist/types/index.d.ts",
@@ -184,6 +184,11 @@
     "@browserbasehq/stagehand": {
       "openai": "$openai"
     },
+    "@langchain/google-common": "$@langchain/google-common",
+    "@langchain/google-gauth": "$@langchain/google-gauth",
+    "@langchain/google-genai": "$@langchain/google-genai",
+    "@langchain/google-vertexai": "$@langchain/google-vertexai",
+    "uuid": "$uuid",
     "fast-xml-parser": "5.7.2",
     "ajv": "6.14.0",
     "minimatch": "3.1.4"
@@ -195,10 +200,10 @@
     "@langchain/aws": "^1.3.5",
     "@langchain/core": "1.1.44",
     "@langchain/deepseek": "^1.0.25",
-    "@langchain/google-common": "2.1.30",
-    "@langchain/google-gauth": "2.1.30",
-    "@langchain/google-genai": "2.1.30",
-    "@langchain/google-vertexai": "2.1.30",
+    "@langchain/google-common": "2.1.28",
+    "@langchain/google-gauth": "2.1.28",
+    "@langchain/google-genai": "2.1.28",
+    "@langchain/google-vertexai": "2.1.28",
     "@langchain/langgraph": "^1.2.9",
     "@langchain/mistralai": "^1.0.8",
     "@langchain/openai": "1.4.5",

package/src/llm/anthropic/utils/message_inputs.ts

@@ -3,6 +3,7 @@
 /**
  * This util file contains functions for converting LangChain messages to Anthropic messages.
  */
+import { createHash } from 'node:crypto';
 import {
   type BaseMessage,
   type SystemMessage,
@@ -92,6 +93,49 @@ function _formatImage(imageUrl: string) {
   );
 }
 
+const ANTHROPIC_TOOL_USE_ID_PATTERN = /^[a-zA-Z0-9_-]+$/;
+const ANTHROPIC_TOOL_USE_ID_MAX_LENGTH = 64;
+const ANTHROPIC_TOOL_USE_ID_HASH_LENGTH = 10;
+
+/**
+ * Normalize a tool-call ID to satisfy Anthropic's `^[a-zA-Z0-9_-]+$` and 64-char
+ * constraints. Pure and deterministic — same input always yields the same output,
+ * so paired `tool_use.id` and `tool_result.tool_use_id` stay matched without
+ * needing a session map. IDs that already comply pass through unchanged.
+ *
+ * For non-compliant inputs we sanitize then append a short SHA-256 prefix of
+ * the original ID to preserve uniqueness when truncation would otherwise
+ * collapse distinct IDs to the same value (e.g. two long Responses-style IDs
+ * sharing a 64-char prefix). The hash is computed against the raw input so
+ * inputs that differ only after the truncation cutoff still produce distinct
+ * outputs.
+ */
+export function normalizeAnthropicToolCallId(id: string): string;
+export function normalizeAnthropicToolCallId(
+  id: string | undefined
+): string | undefined;
+export function normalizeAnthropicToolCallId(
+  id: string | undefined
+): string | undefined {
+  if (id == null) {
+    return id;
+  }
+  if (
+    id.length <= ANTHROPIC_TOOL_USE_ID_MAX_LENGTH &&
+    ANTHROPIC_TOOL_USE_ID_PATTERN.test(id)
+  ) {
+    return id;
+  }
+  const sanitized = id.replace(/[^a-zA-Z0-9_-]/g, '_');
+  const hash = createHash('sha256')
+    .update(id)
+    .digest('hex')
+    .slice(0, ANTHROPIC_TOOL_USE_ID_HASH_LENGTH);
+  const prefixMaxLength =
+    ANTHROPIC_TOOL_USE_ID_MAX_LENGTH - ANTHROPIC_TOOL_USE_ID_HASH_LENGTH - 1;
+  return `${sanitized.slice(0, prefixMaxLength)}_${hash}`;
+}
+
 function _ensureMessageContents(
   messages: BaseMessage[]
 ): (SystemMessage | HumanMessage | AIMessage)[] {
@@ -111,7 +155,9 @@ function _ensureMessageContents(
           (previousMessage.content as MessageContentComplex[]).push({
             type: 'tool_result',
             content: message.content,
-            tool_use_id: (message as ToolMessage).tool_call_id,
+            tool_use_id: normalizeAnthropicToolCallId(
+              (message as ToolMessage).tool_call_id
+            ),
           });
         } else {
           // If not, we create a new human message with the tool result.
@@ -121,7 +167,9 @@ function _ensureMessageContents(
                 {
                   type: 'tool_result',
                   content: message.content,
-                  tool_use_id: (message as ToolMessage).tool_call_id,
+                  tool_use_id: normalizeAnthropicToolCallId(
+                    (message as ToolMessage).tool_call_id
+                  ),
                 },
               ],
             })
@@ -139,7 +187,9 @@ function _ensureMessageContents(
                 ...(toolMessageContent != null
                   ? { content: _formatContent(message) }
                   : {}),
-                tool_use_id: (message as ToolMessage).tool_call_id,
+                tool_use_id: normalizeAnthropicToolCallId(
+                  (message as ToolMessage).tool_call_id
+                ),
               },
             ],
           })
@@ -158,11 +208,12 @@ export function _convertLangChainToolCallToAnthropic(
   if (toolCall.id === undefined) {
     throw new Error('Anthropic requires all tool calls to have an "id".');
   }
+  const isServerTool = toolCall.id.startsWith(
+    Constants.ANTHROPIC_SERVER_TOOL_PREFIX
+  );
   return {
-    type: toolCall.id.startsWith(Constants.ANTHROPIC_SERVER_TOOL_PREFIX)
-      ? 'server_tool_use'
-      : 'tool_use',
-    id: toolCall.id,
+    type: isServerTool ? 'server_tool_use' : 'tool_use',
+    id: isServerTool ? toolCall.id : normalizeAnthropicToolCallId(toolCall.id),
     name: toolCall.name,
     input: toolCall.args,
   };

package/src/llm/anthropic/utils/tool-id-normalization.test.ts

@@ -0,0 +1,178 @@
+import { AIMessage, HumanMessage, ToolMessage } from '@langchain/core/messages';
+import {
+  _convertLangChainToolCallToAnthropic,
+  _convertMessagesToAnthropicPayload,
+  normalizeAnthropicToolCallId,
+} from './message_inputs';
+
+describe('normalizeAnthropicToolCallId', () => {
+  it('returns valid IDs unchanged', () => {
+    expect(normalizeAnthropicToolCallId('toolu_01ABcdEFgh')).toBe(
+      'toolu_01ABcdEFgh'
+    );
+    expect(normalizeAnthropicToolCallId('call_abc123XYZ')).toBe(
+      'call_abc123XYZ'
+    );
+    expect(normalizeAnthropicToolCallId('a-b_c-d')).toBe('a-b_c-d');
+  });
+
+  it('sanitizes invalid characters and appends a hash suffix', () => {
+    const out = normalizeAnthropicToolCallId(
+      'fc_67abc1234def567|call_abc123def456ghi789jkl0mnopqrs'
+    );
+    expect(/^[a-zA-Z0-9_-]+$/.test(out)).toBe(true);
+    expect(out.length).toBeLessThanOrEqual(64);
+    expect(
+      out.startsWith('fc_67abc1234def567_call_abc123def456ghi789jkl0mn')
+    ).toBe(true);
+    // Suffix is `_<10-hex-char hash>`
+    expect(out).toMatch(/_[0-9a-f]{10}$/);
+  });
+
+  it('produces compliant output for IDs of any length', () => {
+    const long = 'fc_' + 'a'.repeat(80);
+    const out = normalizeAnthropicToolCallId(long);
+    expect(out).toHaveLength(64);
+    expect(/^[a-zA-Z0-9_-]+$/.test(out)).toBe(true);
+  });
+
+  it('produces uniquely distinguishable outputs for IDs that share a 64-char prefix', () => {
+    const sharedPrefix = 'fc_' + 'a'.repeat(80);
+    const idA = sharedPrefix + '|call_unique_A';
+    const idB = sharedPrefix + '|call_unique_B';
+
+    const outA = normalizeAnthropicToolCallId(idA);
+    const outB = normalizeAnthropicToolCallId(idB);
+
+    expect(outA).not.toBe(outB);
+    expect(outA).toHaveLength(64);
+    expect(outB).toHaveLength(64);
+    expect(/^[a-zA-Z0-9_-]+$/.test(outA)).toBe(true);
+    expect(/^[a-zA-Z0-9_-]+$/.test(outB)).toBe(true);
+  });
+
+  it('disambiguates short IDs that sanitize to the same value', () => {
+    expect(normalizeAnthropicToolCallId('a|b')).not.toBe(
+      normalizeAnthropicToolCallId('a.b')
+    );
+  });
+
+  it('handles combined length and character violations', () => {
+    const id = 'fc_' + 'x|'.repeat(100);
+    const out = normalizeAnthropicToolCallId(id);
+    expect(out).toHaveLength(64);
+    expect(/^[a-zA-Z0-9_-]+$/.test(out)).toBe(true);
+  });
+
+  it('is deterministic — same input always yields same output', () => {
+    const id = 'fc_a|b|c';
+    expect(normalizeAnthropicToolCallId(id)).toBe(
+      normalizeAnthropicToolCallId(id)
+    );
+  });
+
+  it('passes through undefined for the optional overload', () => {
+    expect(normalizeAnthropicToolCallId(undefined)).toBeUndefined();
+  });
+
+  it('handles empty string by producing a deterministic compliant output', () => {
+    const out = normalizeAnthropicToolCallId('');
+    expect(/^[a-zA-Z0-9_-]+$/.test(out)).toBe(true);
+    expect(out.length).toBeLessThanOrEqual(64);
+    expect(out).toBe(normalizeAnthropicToolCallId(''));
+  });
+});
+
+describe('_convertMessagesToAnthropicPayload — cross-provider ID normalization', () => {
+  it('normalizes Responses-style IDs on tool_use AND matching tool_result', () => {
+    const responsesId = 'fc_67abc1234def567|call_abc123def456ghi789jkl0mnopqrs';
+
+    const payload = _convertMessagesToAnthropicPayload([
+      new HumanMessage('weather?'),
+      new AIMessage({
+        content: '',
+        tool_calls: [
+          {
+            id: responsesId,
+            name: 'get_weather',
+            args: { location: 'Tokyo' },
+            type: 'tool_call',
+          },
+        ],
+      }),
+      new ToolMessage({
+        tool_call_id: responsesId,
+        content: '{"temp": 21}',
+      }),
+    ]);
+
+    const assistantMsg = payload.messages.find((m) => m.role === 'assistant')!;
+    const userToolResultMsg = payload.messages.find(
+      (m) =>
+        m.role === 'user' &&
+        Array.isArray(m.content) &&
+        (m.content as Array<{ type: string }>)[0]?.type === 'tool_result'
+    )!;
+
+    const toolUseBlock = (
+      assistantMsg.content as Array<{ type: string; id?: string }>
+    ).find((b) => b.type === 'tool_use')!;
+    const toolResultBlock = (
+      userToolResultMsg.content as Array<{
+        type: string;
+        tool_use_id?: string;
+      }>
+    ).find((b) => b.type === 'tool_result')!;
+
+    const expected = normalizeAnthropicToolCallId(responsesId);
+    expect(toolUseBlock.id).toBe(expected);
+    expect(toolResultBlock.tool_use_id).toBe(expected);
+    expect(toolUseBlock.id).toBe(toolResultBlock.tool_use_id);
+    expect(/^[a-zA-Z0-9_-]+$/.test(toolUseBlock.id!)).toBe(true);
+    expect(toolUseBlock.id!.length).toBeLessThanOrEqual(64);
+  });
+
+  it('passes through Anthropic-native IDs unchanged', () => {
+    const nativeId = 'toolu_01ABcdEFgh23ijKL';
+
+    const payload = _convertMessagesToAnthropicPayload([
+      new HumanMessage('hi'),
+      new AIMessage({
+        content: '',
+        tool_calls: [
+          {
+            id: nativeId,
+            name: 'noop',
+            args: {},
+            type: 'tool_call',
+          },
+        ],
+      }),
+      new ToolMessage({
+        tool_call_id: nativeId,
+        content: 'ok',
+      }),
+    ]);
+
+    const assistantMsg = payload.messages.find((m) => m.role === 'assistant')!;
+    const toolUseBlock = (
+      assistantMsg.content as Array<{ type: string; id?: string }>
+    ).find((b) => b.type === 'tool_use')!;
+
+    expect(toolUseBlock.id).toBe(nativeId);
+  });
+
+  it('does not normalize server tool IDs (srvtoolu_ prefix)', () => {
+    const serverId = 'srvtoolu_01abcXYZ';
+
+    const block = _convertLangChainToolCallToAnthropic({
+      id: serverId,
+      name: 'web_search',
+      args: { query: 'x' },
+      type: 'tool_call',
+    });
+
+    expect(block.type).toBe('server_tool_use');
+    expect(block.id).toBe(serverId);
+  });
+});

package/src/llm/vertexai/index.ts

@@ -6,10 +6,48 @@ import type {
   GoogleAIModelRequestParams,
   GoogleAbstractedClient,
 } from '@langchain/google-common';
-import type { BaseMessage } from '@langchain/core/messages';
-import { isAIMessage } from '@langchain/core/messages';
+import type { CallbackManagerForLLMRun } from '@langchain/core/callbacks/manager';
+import type { BaseMessage, UsageMetadata } from '@langchain/core/messages';
+import { AIMessageChunk, isAIMessage } from '@langchain/core/messages';
+import type { ChatGenerationChunk } from '@langchain/core/outputs';
 import type { GoogleThinkingConfig, VertexAIClientOptions } from '@/types';
 
+/**
+ * `@langchain/google-common`'s `_streamResponseChunks` emits usage on TWO
+ * different paths within the same stream:
+ *
+ *   - Streaming chunks set `chunk.generationInfo.usage_metadata` via
+ *     `responseToUsageMetadata`, which correctly sums
+ *     `candidatesTokenCount + thoughtsTokenCount` and includes
+ *     `output_token_details.reasoning`.
+ *   - The trailing fallback chunk (emitted after the API stream exhausts)
+ *     attaches its own `chunk.message.usage_metadata` built inline as
+ *     `output_tokens = candidatesTokenCount` only — dropping
+ *     `thoughtsTokenCount` and `output_token_details` entirely.
+ *
+ * After `AIMessageChunk.concat`, only `message.usage_metadata` survives —
+ * which is the buggy fallback value. This breaks the documented
+ * `total_tokens === input_tokens + output_tokens` invariant and silently
+ * undercharges thinking models for reasoning tokens.
+ *
+ * The repair: track the last `generationInfo.usage_metadata` we see, and
+ * when the fallback chunk arrives with its buggy `message.usage_metadata`,
+ * replace it with the tracked good value. `CustomChatGoogleGenerativeAI`
+ * solves the same problem for the Google API path differently — by
+ * overriding `_convertToUsageMetadata`.
+ */
+export function repairStreamUsageMetadata(
+  current: UsageMetadata | undefined,
+  generationInfoUsage: UsageMetadata | undefined
+): UsageMetadata | undefined {
+  if (!current) return current;
+  if (!generationInfoUsage) return current;
+  if (generationInfoUsage.total_tokens !== current.total_tokens) return current;
+  if (generationInfoUsage.output_tokens <= current.output_tokens)
+    return current;
+  return generationInfoUsage;
+}
+
 type AdditionalKwargs =
   | undefined
   | (BaseMessage['additional_kwargs'] & {
@@ -446,6 +484,35 @@ export class ChatVertexAI extends ChatGoogle {
     }
     return params;
   }
+  async *_streamResponseChunks(
+    messages: BaseMessage[],
+    options: this['ParsedCallOptions'],
+    runManager?: CallbackManagerForLLMRun
+  ): AsyncGenerator<ChatGenerationChunk> {
+    let lastGoodUsage: UsageMetadata | undefined;
+    for await (const chunk of super._streamResponseChunks(
+      messages,
+      options,
+      runManager
+    )) {
+      const genUsage = (
+        chunk.generationInfo as { usage_metadata?: UsageMetadata } | undefined
+      )?.usage_metadata;
+      if (genUsage) {
+        lastGoodUsage = genUsage;
+      }
+      if (chunk.message instanceof AIMessageChunk) {
+        const repaired = repairStreamUsageMetadata(
+          chunk.message.usage_metadata,
+          lastGoodUsage
+        );
+        if (repaired !== chunk.message.usage_metadata) {
+          chunk.message.usage_metadata = repaired;
+        }
+      }
+      yield chunk;
+    }
+  }
   buildConnection(
     fields: VertexAIClientOptions | undefined,
     client: GoogleAbstractedClient

package/src/llm/vertexai/llm.spec.ts

@@ -76,6 +76,24 @@ describe.each(gemini3Models)(
         (reasoningTokens as Record<string, number>)?.reasoning
       ).toBeGreaterThan(0);
     });
+
+    test('stream: usage_metadata includes reasoning in output_tokens (issue LibreChat#13006)', async () => {
+      let finalChunk: AIMessageChunk | undefined;
+      for await (const chunk of await model.stream(
+        'What is 2+2? Think step by step.'
+      )) {
+        finalChunk = finalChunk ? finalChunk.concat(chunk) : chunk;
+      }
+      const usage = finalChunk?.usage_metadata;
+      expect(usage).toBeDefined();
+      const reasoning = (
+        usage as { output_token_details?: { reasoning?: number } }
+      )?.output_token_details?.reasoning;
+      expect(reasoning).toBeGreaterThan(0);
+      expect(usage!.total_tokens).toBe(
+        usage!.input_tokens + usage!.output_tokens
+      );
+    });
   }
 );
 

package/src/llm/vertexai/repairUsageMetadata.test.ts

@@ -0,0 +1,54 @@
+import { expect, test, describe } from '@jest/globals';
+import type { UsageMetadata } from '@langchain/core/messages';
+import { repairStreamUsageMetadata } from './index';
+
+const goodUsage: UsageMetadata = {
+  input_tokens: 80657,
+  output_tokens: 2608,
+  total_tokens: 83265,
+  output_token_details: { reasoning: 1842 },
+};
+
+const buggyFallbackUsage: UsageMetadata = {
+  input_tokens: 80657,
+  output_tokens: 766,
+  total_tokens: 83265,
+};
+
+describe('repairStreamUsageMetadata', () => {
+  test('replaces buggy fallback usage with tracked good usage from generationInfo', () => {
+    const result = repairStreamUsageMetadata(buggyFallbackUsage, goodUsage);
+    expect(result).toBe(goodUsage);
+  });
+
+  test('returns current unchanged when no generationInfo usage was tracked', () => {
+    const result = repairStreamUsageMetadata(buggyFallbackUsage, undefined);
+    expect(result).toBe(buggyFallbackUsage);
+  });
+
+  test('returns undefined unchanged', () => {
+    const result = repairStreamUsageMetadata(undefined, goodUsage);
+    expect(result).toBeUndefined();
+  });
+
+  test('does not replace when total_tokens differ (different request)', () => {
+    const stale: UsageMetadata = { ...goodUsage, total_tokens: 100 };
+    const result = repairStreamUsageMetadata(buggyFallbackUsage, stale);
+    expect(result).toBe(buggyFallbackUsage);
+  });
+
+  test('does not replace when generationInfo output_tokens is not larger (already correct)', () => {
+    const equivalent: UsageMetadata = {
+      ...buggyFallbackUsage,
+      output_tokens: buggyFallbackUsage.output_tokens,
+    };
+    const result = repairStreamUsageMetadata(buggyFallbackUsage, equivalent);
+    expect(result).toBe(buggyFallbackUsage);
+  });
+
+  test('does not replace when generationInfo output_tokens is smaller', () => {
+    const smaller: UsageMetadata = { ...goodUsage, output_tokens: 100 };
+    const result = repairStreamUsageMetadata(buggyFallbackUsage, smaller);
+    expect(result).toBe(buggyFallbackUsage);
+  });
+});

package/src/tools/BashExecutor.ts

@@ -3,24 +3,11 @@ import fetch, { RequestInit } from 'node-fetch';
 import { HttpsProxyAgent } from 'https-proxy-agent';
 import { tool, DynamicStructuredTool } from '@langchain/core/tools';
 import type * as t from '@/types';
-import { getCodeBaseURL, renderFileSection } from './CodeExecutor';
+import { emptyOutputMessage, getCodeBaseURL } from './CodeExecutor';
 import { Constants } from '@/common';
 
 config();
 
-const otherMessage = 'File is already downloaded by the user';
-const inheritedFileMessage =
-  'Available as an input — already known to the user';
-const accessMessage =
-  'Note: Files from previous executions are automatically available and can be modified.';
-const emptyOutputMessage =
-  'stdout: Empty. Ensure you\'re writing output explicitly.\n';
-const inheritedFilesHeader =
-  'Available files (inputs, not generated by this execution):';
-const generatedFilesHeader = 'Generated files:';
-const inheritedNote =
-  'Note: Files in "Available files" are inputs the user (or a skill) already provided to the sandbox. They were not produced by this execution and you should not present them as new outputs in your response.';
-
 const baseEndpoint = getCodeBaseURL();
 const EXEC_ENDPOINT = `${baseEndpoint}/exec`;
 
@@ -133,54 +120,20 @@ function createBashExecutionTool(
         ...params,
       };
 
+      /* See `CodeExecutor.ts` for the rationale — `/files/<session_id>`
+       * HTTP fallback was removed because codeapi's sessionAuth requires
+       * kind/id query params unavailable at this point. */
       if (_injected_files && _injected_files.length > 0) {
         postData.files = _injected_files;
-      } else if (session_id != null && session_id.length > 0) {
-        try {
-          const filesEndpoint = `${baseEndpoint}/files/${session_id}?detail=full`;
-          const fetchOptions: RequestInit = {
-            method: 'GET',
-            headers: {
-              'User-Agent': 'LibreChat/1.0',
-            },
-          };
-
-          if (process.env.PROXY != null && process.env.PROXY !== '') {
-            fetchOptions.agent = new HttpsProxyAgent(process.env.PROXY);
-          }
-
-          const response = await fetch(filesEndpoint, fetchOptions);
-          if (!response.ok) {
-            throw new Error(
-              `Failed to fetch files for session: ${response.status}`
-            );
-          }
-
-          const files = await response.json();
-          if (Array.isArray(files) && files.length > 0) {
-            const fileReferences: t.CodeEnvFile[] = files.map((file) => {
-              const nameParts = file.name.split('/');
-              const id = nameParts.length > 1 ? nameParts[1].split('.')[0] : '';
-
-              return {
-                storage_session_id: session_id,
-                /* `/files` fallback returns code-output files belonging
-                 * to the user; tag them user-private. */
-                kind: 'user' as const,
-                id,
-                /* `resource_id` informational for `kind: 'user'` —
-                 * codeapi derives sessionKey from auth context. */
-                resource_id: id,
-                name: file.metadata['original-filename'],
-              };
-            });
-
-            postData.files = fileReferences;
-          }
-        } catch {
-          // eslint-disable-next-line no-console
-          console.warn(`Failed to fetch files for session: ${session_id}`);
-        }
+      } else if (
+        session_id != null &&
+        session_id.length > 0 &&
+        !Array.isArray(postData.files)
+      ) {
+        // eslint-disable-next-line no-console
+        console.debug(
+          `[BashExecutor] No injected files for session_id=${session_id} — exec will run without input files`
+        );
       }
 
       try {
@@ -202,6 +155,11 @@ function createBashExecutionTool(
         }
 
         const result: t.ExecuteResult = await response.json();
+        /* See `CodeExecutor.ts` — file listings were removed from the
+         * LLM-facing tool result. Bash especially benefits: models
+         * naturally `ls /mnt/data/` to discover what's available
+         * rather than relying on a prescriptive summary that
+         * misleads as often as it helps. */
         let formattedOutput = '';
         if (result.stdout) {
           formattedOutput += `stdout:\n${result.stdout}\n`;
@@ -209,53 +167,15 @@ function createBashExecutionTool(
           formattedOutput += emptyOutputMessage;
         }
         if (result.stderr) formattedOutput += `stderr:\n${result.stderr}\n`;
-        if (result.files && result.files.length > 0) {
-          /* Split inherited (read-only / unchanged-input passthroughs from
-           * codeapi) from genuine generated outputs. The LLM was previously
-           * shown skill files under "Generated files:" with the message
-           * "File is already downloaded by the user", which led it to
-           * (a) believe it had just produced files it merely referenced
-           * and (b) sometimes invent paths like /mnt/user-data/uploads/
-           * trying to find the "originals". Labeling them as inputs makes
-           * the mental model accurate. */
-          const inheritedFiles = result.files.filter(
-            (f) => f.inherited === true
-          );
-          const generatedFiles = result.files.filter(
-            (f) => f.inherited !== true
-          );
-
-          formattedOutput += renderFileSection(
-            generatedFilesHeader,
-            generatedFiles,
-            otherMessage
-          );
-          formattedOutput += renderFileSection(
-            inheritedFilesHeader,
-            inheritedFiles,
-            inheritedFileMessage
-          );
-
-          if (generatedFiles.length > 0) {
-            formattedOutput += `\n\n${accessMessage}`;
-          }
-          if (inheritedFiles.length > 0) {
-            formattedOutput += `\n\n${inheritedNote}`;
-          }
-          return [
-            formattedOutput.trim(),
-            {
-              session_id: result.session_id,
-              files: result.files,
-            } satisfies t.CodeExecutionArtifact,
-          ];
-        }
 
+        const hasFiles = result.files != null && result.files.length > 0;
         return [
           formattedOutput.trim(),
-          {
-            session_id: result.session_id,
-          } satisfies t.CodeExecutionArtifact,
+          (hasFiles
+            ? { session_id: result.session_id, files: result.files }
+            : {
+              session_id: result.session_id,
+            }) satisfies t.CodeExecutionArtifact,
         ];
       } catch (error) {
         throw new Error(

package/src/tools/BashProgrammaticToolCalling.ts

@@ -5,7 +5,6 @@ import type * as t from '@/types';
 import {
   makeRequest,
   executeTools,
-  fetchSessionFiles,
   formatCompletedResponse,
 } from './ProgrammaticToolCalling';
 import { getCodeBaseURL } from './CodeExecutor';
@@ -290,11 +289,17 @@ export function createBashProgrammaticToolCallingTool(
           );
         }
 
+        /* `/files/<session_id>` HTTP fallback removed — codeapi's
+         * sessionAuth requires kind/id query params unavailable at
+         * this point. See `CodeExecutor.ts` for full rationale. */
         let files: t.CodeEnvFile[] | undefined;
         if (_injected_files && _injected_files.length > 0) {
           files = _injected_files;
         } else if (session_id != null && session_id.length > 0) {
-          files = await fetchSessionFiles(baseUrl, session_id, proxy);
+          // eslint-disable-next-line no-console
+          console.debug(
+            `[BashProgrammaticToolCalling] No injected files for session_id=${session_id} — exec will run without input files`
+          );
         }
 
         let response = await makeRequest(