@librechat/data-schemas 0.0.14 → 0.0.16

package/dist/index.cjs

@@ -1,29 +1,34 @@
 'use strict';
 
+var librechatDataProvider = require('librechat-data-provider');
 var jwt = require('jsonwebtoken');
 var node_crypto = require('node:crypto');
 var mongoose = require('mongoose');
-var librechatDataProvider = require('librechat-data-provider');
-var _ = require('lodash');
-var meilisearch = require('meilisearch');
 var winston = require('winston');
 require('winston-daily-rotate-file');
-var path = require('path');
 var klona = require('klona');
-var traverseLib = require('traverse');
+var path = require('path');
+var _ = require('lodash');
+var meilisearch = require('meilisearch');
 var nanoid = require('nanoid');
 
-function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
-
-var jwt__default = /*#__PURE__*/_interopDefault(jwt);
-var mongoose__default = /*#__PURE__*/_interopDefault(mongoose);
-var ___default = /*#__PURE__*/_interopDefault(_);
-var winston__default = /*#__PURE__*/_interopDefault(winston);
-var path__default = /*#__PURE__*/_interopDefault(path);
-var traverseLib__default = /*#__PURE__*/_interopDefault(traverseLib);
+/**
+ * Common role combinations
+ */
+exports.RoleBits = void 0;
+(function (RoleBits) {
+    /** 0001 = 1 */
+    RoleBits[RoleBits["VIEWER"] = librechatDataProvider.PermissionBits.VIEW] = "VIEWER";
+    /** 0011 = 3 */
+    RoleBits[RoleBits["EDITOR"] = librechatDataProvider.PermissionBits.VIEW | librechatDataProvider.PermissionBits.EDIT] = "EDITOR";
+    /** 0111 = 7 */
+    RoleBits[RoleBits["MANAGER"] = librechatDataProvider.PermissionBits.VIEW | librechatDataProvider.PermissionBits.EDIT | librechatDataProvider.PermissionBits.DELETE] = "MANAGER";
+    /** 1111 = 15 */
+    RoleBits[RoleBits["OWNER"] = librechatDataProvider.PermissionBits.VIEW | librechatDataProvider.PermissionBits.EDIT | librechatDataProvider.PermissionBits.DELETE | librechatDataProvider.PermissionBits.SHARE] = "OWNER";
+})(exports.RoleBits || (exports.RoleBits = {}));
 
 async function signPayload({ payload, secret, expirationTime, }) {
-    return jwt__default.default.sign(payload, secret, { expiresIn: expirationTime });
+    return jwt.sign(payload, secret, { expiresIn: expirationTime });
 }
 async function hashToken(str) {
     const data = new TextEncoder().encode(str);
@@ -44,7 +49,7 @@ const AuthSchema = new mongoose.Schema({
 }, { _id: false });
 const Action = new mongoose.Schema({
     user: {
-        type: mongoose__default.default.Schema.Types.ObjectId,
+        type: mongoose.Schema.Types.ObjectId,
         ref: 'User',
         index: true,
         required: true,
@@ -165,9 +170,59 @@ const agentSchema = new mongoose.Schema({
         type: [mongoose.Schema.Types.Mixed],
         default: [],
     },
+    category: {
+        type: String,
+        trim: true,
+        index: true,
+        default: 'general',
+    },
+    support_contact: {
+        type: mongoose.Schema.Types.Mixed,
+        default: undefined,
+    },
+    is_promoted: {
+        type: Boolean,
+        default: false,
+        index: true,
+    },
+}, {
+    timestamps: true,
+});
+agentSchema.index({ updatedAt: -1, _id: 1 });
+
+const agentCategorySchema = new mongoose.Schema({
+    value: {
+        type: String,
+        required: true,
+        unique: true,
+        trim: true,
+        lowercase: true,
+        index: true,
+    },
+    label: {
+        type: String,
+        required: true,
+        trim: true,
+    },
+    description: {
+        type: String,
+        trim: true,
+        default: '',
+    },
+    order: {
+        type: Number,
+        default: 0,
+        index: true,
+    },
+    isActive: {
+        type: Boolean,
+        default: true,
+        index: true,
+    },
 }, {
     timestamps: true,
 });
+agentCategorySchema.index({ isActive: 1, order: 1 });
 
 const assistantSchema = new mongoose.Schema({
     user: {
@@ -453,6 +508,10 @@ const conversationPreset = {
     reasoning_summary: {
         type: String,
     },
+    /** Verbosity control */
+    verbosity: {
+        type: String,
+    },
 };
 
 const convoSchema = new mongoose.Schema({
@@ -498,7 +557,7 @@ convoSchema.index({ conversationId: 1, user: 1 }, { unique: true });
 
 const file = new mongoose.Schema({
     user: {
-        type: mongoose__default.default.Schema.Types.ObjectId,
+        type: mongoose.Schema.Types.ObjectId,
         ref: 'User',
         index: true,
         required: true,
@@ -574,7 +633,7 @@ file.index({ createdAt: 1, updatedAt: 1 });
 
 const keySchema = new mongoose.Schema({
     userId: {
-        type: mongoose__default.default.Schema.Types.ObjectId,
+        type: mongoose.Schema.Types.ObjectId,
         ref: 'User',
         required: true,
     },
@@ -672,7 +731,7 @@ const messageSchema = new mongoose.Schema({
                 required: true,
             },
             tag: {
-                type: mongoose__default.default.Schema.Types.Mixed,
+                type: mongoose.Schema.Types.Mixed,
                 required: false,
             },
             text: {
@@ -689,7 +748,7 @@ const messageSchema = new mongoose.Schema({
         select: false,
         default: false,
     },
-    files: { type: [{ type: mongoose__default.default.Schema.Types.Mixed }], default: undefined },
+    files: { type: [{ type: mongoose.Schema.Types.Mixed }], default: undefined },
     plugin: {
         type: {
             latest: {
@@ -697,7 +756,7 @@ const messageSchema = new mongoose.Schema({
                 required: false,
             },
             inputs: {
-                type: [mongoose__default.default.Schema.Types.Mixed],
+                type: [mongoose.Schema.Types.Mixed],
                 required: false,
                 default: undefined,
             },
@@ -708,9 +767,9 @@ const messageSchema = new mongoose.Schema({
         },
         default: undefined,
     },
-    plugins: { type: [{ type: mongoose__default.default.Schema.Types.Mixed }], default: undefined },
+    plugins: { type: [{ type: mongoose.Schema.Types.Mixed }], default: undefined },
     content: {
-        type: [{ type: mongoose__default.default.Schema.Types.Mixed }],
+        type: [{ type: mongoose.Schema.Types.Mixed }],
         default: undefined,
         meiliIndex: true,
     },
@@ -721,7 +780,7 @@ const messageSchema = new mongoose.Schema({
     iconURL: {
         type: String,
     },
-    attachments: { type: [{ type: mongoose__default.default.Schema.Types.Mixed }], default: undefined },
+    attachments: { type: [{ type: mongoose.Schema.Types.Mixed }], default: undefined },
     /*
     attachments: {
       type: [
@@ -794,7 +853,7 @@ const presetSchema = new mongoose.Schema({
     },
     ...conversationPreset,
     agentOptions: {
-        type: mongoose__default.default.Schema.Types.Mixed,
+        type: mongoose.Schema.Types.Mixed,
         default: null,
     },
 }, { timestamps: true });
@@ -910,69 +969,56 @@ promptGroupSchema.index({ createdAt: 1, updatedAt: 1 });
  */
 const rolePermissionsSchema = new mongoose.Schema({
     [librechatDataProvider.PermissionTypes.BOOKMARKS]: {
-        [librechatDataProvider.Permissions.USE]: { type: Boolean, default: true },
+        [librechatDataProvider.Permissions.USE]: { type: Boolean },
     },
     [librechatDataProvider.PermissionTypes.PROMPTS]: {
-        [librechatDataProvider.Permissions.SHARED_GLOBAL]: { type: Boolean, default: false },
-        [librechatDataProvider.Permissions.USE]: { type: Boolean, default: true },
-        [librechatDataProvider.Permissions.CREATE]: { type: Boolean, default: true },
+        [librechatDataProvider.Permissions.SHARED_GLOBAL]: { type: Boolean },
+        [librechatDataProvider.Permissions.USE]: { type: Boolean },
+        [librechatDataProvider.Permissions.CREATE]: { type: Boolean },
     },
     [librechatDataProvider.PermissionTypes.MEMORIES]: {
-        [librechatDataProvider.Permissions.USE]: { type: Boolean, default: true },
-        [librechatDataProvider.Permissions.CREATE]: { type: Boolean, default: true },
-        [librechatDataProvider.Permissions.UPDATE]: { type: Boolean, default: true },
-        [librechatDataProvider.Permissions.READ]: { type: Boolean, default: true },
-        [librechatDataProvider.Permissions.OPT_OUT]: { type: Boolean, default: true },
+        [librechatDataProvider.Permissions.USE]: { type: Boolean },
+        [librechatDataProvider.Permissions.CREATE]: { type: Boolean },
+        [librechatDataProvider.Permissions.UPDATE]: { type: Boolean },
+        [librechatDataProvider.Permissions.READ]: { type: Boolean },
+        [librechatDataProvider.Permissions.OPT_OUT]: { type: Boolean },
     },
     [librechatDataProvider.PermissionTypes.AGENTS]: {
-        [librechatDataProvider.Permissions.SHARED_GLOBAL]: { type: Boolean, default: false },
-        [librechatDataProvider.Permissions.USE]: { type: Boolean, default: true },
-        [librechatDataProvider.Permissions.CREATE]: { type: Boolean, default: true },
+        [librechatDataProvider.Permissions.SHARED_GLOBAL]: { type: Boolean },
+        [librechatDataProvider.Permissions.USE]: { type: Boolean },
+        [librechatDataProvider.Permissions.CREATE]: { type: Boolean },
     },
     [librechatDataProvider.PermissionTypes.MULTI_CONVO]: {
-        [librechatDataProvider.Permissions.USE]: { type: Boolean, default: true },
+        [librechatDataProvider.Permissions.USE]: { type: Boolean },
     },
     [librechatDataProvider.PermissionTypes.TEMPORARY_CHAT]: {
-        [librechatDataProvider.Permissions.USE]: { type: Boolean, default: true },
+        [librechatDataProvider.Permissions.USE]: { type: Boolean },
     },
     [librechatDataProvider.PermissionTypes.RUN_CODE]: {
-        [librechatDataProvider.Permissions.USE]: { type: Boolean, default: true },
+        [librechatDataProvider.Permissions.USE]: { type: Boolean },
     },
     [librechatDataProvider.PermissionTypes.WEB_SEARCH]: {
-        [librechatDataProvider.Permissions.USE]: { type: Boolean, default: true },
+        [librechatDataProvider.Permissions.USE]: { type: Boolean },
+    },
+    [librechatDataProvider.PermissionTypes.PEOPLE_PICKER]: {
+        [librechatDataProvider.Permissions.VIEW_USERS]: { type: Boolean },
+        [librechatDataProvider.Permissions.VIEW_GROUPS]: { type: Boolean },
+        [librechatDataProvider.Permissions.VIEW_ROLES]: { type: Boolean },
+    },
+    [librechatDataProvider.PermissionTypes.MARKETPLACE]: {
+        [librechatDataProvider.Permissions.USE]: { type: Boolean },
     },
     [librechatDataProvider.PermissionTypes.FILE_SEARCH]: {
-        [librechatDataProvider.Permissions.USE]: { type: Boolean, default: true },
+        [librechatDataProvider.Permissions.USE]: { type: Boolean },
+    },
+    [librechatDataProvider.PermissionTypes.FILE_CITATIONS]: {
+        [librechatDataProvider.Permissions.USE]: { type: Boolean },
     },
 }, { _id: false });
 const roleSchema = new mongoose.Schema({
     name: { type: String, required: true, unique: true, index: true },
     permissions: {
         type: rolePermissionsSchema,
-        default: () => ({
-            [librechatDataProvider.PermissionTypes.BOOKMARKS]: { [librechatDataProvider.Permissions.USE]: true },
-            [librechatDataProvider.PermissionTypes.PROMPTS]: {
-                [librechatDataProvider.Permissions.SHARED_GLOBAL]: false,
-                [librechatDataProvider.Permissions.USE]: true,
-                [librechatDataProvider.Permissions.CREATE]: true,
-            },
-            [librechatDataProvider.PermissionTypes.MEMORIES]: {
-                [librechatDataProvider.Permissions.USE]: true,
-                [librechatDataProvider.Permissions.CREATE]: true,
-                [librechatDataProvider.Permissions.UPDATE]: true,
-                [librechatDataProvider.Permissions.READ]: true,
-            },
-            [librechatDataProvider.PermissionTypes.AGENTS]: {
-                [librechatDataProvider.Permissions.SHARED_GLOBAL]: false,
-                [librechatDataProvider.Permissions.USE]: true,
-                [librechatDataProvider.Permissions.CREATE]: true,
-            },
-            [librechatDataProvider.PermissionTypes.MULTI_CONVO]: { [librechatDataProvider.Permissions.USE]: true },
-            [librechatDataProvider.PermissionTypes.TEMPORARY_CHAT]: { [librechatDataProvider.Permissions.USE]: true },
-            [librechatDataProvider.PermissionTypes.RUN_CODE]: { [librechatDataProvider.Permissions.USE]: true },
-            [librechatDataProvider.PermissionTypes.WEB_SEARCH]: { [librechatDataProvider.Permissions.USE]: true },
-            [librechatDataProvider.PermissionTypes.FILE_SEARCH]: { [librechatDataProvider.Permissions.USE]: true },
-        }),
     },
 });
 
@@ -987,7 +1033,7 @@ const sessionSchema = new mongoose.Schema({
         expires: 0,
     },
     user: {
-        type: mongoose__default.default.Schema.Types.ObjectId,
+        type: mongoose.Schema.Types.ObjectId,
         ref: 'User',
         required: true,
     },
@@ -1006,7 +1052,7 @@ const shareSchema = new mongoose.Schema({
         type: String,
         index: true,
     },
-    messages: [{ type: mongoose__default.default.Schema.Types.ObjectId, ref: 'Message' }],
+    messages: [{ type: mongoose.Schema.Types.ObjectId, ref: 'Message' }],
     shareId: {
         type: String,
         index: true,
@@ -1066,15 +1112,15 @@ const toolCallSchema = new mongoose.Schema({
         required: true,
     },
     user: {
-        type: mongoose__default.default.Schema.Types.ObjectId,
+        type: mongoose.Schema.Types.ObjectId,
         ref: 'User',
         required: true,
     },
     result: {
-        type: mongoose__default.default.Schema.Types.Mixed,
+        type: mongoose.Schema.Types.Mixed,
     },
     attachments: {
-        type: mongoose__default.default.Schema.Types.Mixed,
+        type: mongoose.Schema.Types.Mixed,
     },
     blockIndex: {
         type: Number,
@@ -1088,7 +1134,7 @@ toolCallSchema.index({ conversationId: 1, user: 1 });
 
 const transactionSchema = new mongoose.Schema({
     user: {
-        type: mongoose__default.default.Schema.Types.ObjectId,
+        type: mongoose.Schema.Types.ObjectId,
         ref: 'User',
         index: true,
         required: true,
@@ -1162,6 +1208,7 @@ const userSchema = new mongoose.Schema({
         trim: true,
         minlength: 8,
         maxlength: 128,
+        select: false,
     },
     avatar: {
         type: String,
@@ -1225,6 +1272,7 @@ const userSchema = new mongoose.Schema({
     },
     totpSecret: {
         type: String,
+        select: false,
     },
     backupCodes: {
         type: [BackupCodeSchema],
@@ -1249,6 +1297,11 @@ const userSchema = new mongoose.Schema({
         },
         default: {},
     },
+    /** Field for external source identification (for consistency with TPrincipal schema) */
+    idOnTheSource: {
+        type: String,
+        sparse: true,
+    },
 }, { timestamps: true });
 
 const MemoryEntrySchema = new mongoose.Schema({
@@ -1280,80 +1333,464 @@ const MemoryEntrySchema = new mongoose.Schema({
     },
 });
 
+const groupSchema = new mongoose.Schema({
+    name: {
+        type: String,
+        required: true,
+        index: true,
+    },
+    description: {
+        type: String,
+        required: false,
+    },
+    email: {
+        type: String,
+        required: false,
+        index: true,
+    },
+    avatar: {
+        type: String,
+        required: false,
+    },
+    memberIds: [
+        {
+            type: String,
+        },
+    ],
+    source: {
+        type: String,
+        enum: ['local', 'entra'],
+        default: 'local',
+    },
+    /** External ID (e.g., Entra ID) */
+    idOnTheSource: {
+        type: String,
+        sparse: true,
+        index: true,
+        required: function () {
+            return this.source !== 'local';
+        },
+    },
+}, { timestamps: true });
+groupSchema.index({ idOnTheSource: 1, source: 1 }, {
+    unique: true,
+    partialFilterExpression: { idOnTheSource: { $exists: true } },
+});
+groupSchema.index({ memberIds: 1 });
+
 /**
- * Creates or returns the User model using the provided mongoose instance and schema
+ * ESM-native object traversal utility
+ * Simplified implementation focused on the forEach use case
  */
-function createUserModel(mongoose) {
-    return mongoose.models.User || mongoose.model('User', userSchema);
+function isObject(value) {
+    if (value === null || typeof value !== 'object') {
+        return false;
+    }
+    // Treat these built-in types as leaf nodes, not objects to traverse
+    if (value instanceof Date)
+        return false;
+    if (value instanceof RegExp)
+        return false;
+    if (value instanceof Error)
+        return false;
+    if (value instanceof URL)
+        return false;
+    // Check for Buffer (Node.js)
+    if (typeof Buffer !== 'undefined' && Buffer.isBuffer(value))
+        return false;
+    // Check for TypedArrays and ArrayBuffer
+    if (ArrayBuffer.isView(value))
+        return false;
+    if (value instanceof ArrayBuffer)
+        return false;
+    if (value instanceof SharedArrayBuffer)
+        return false;
+    // Check for other built-in types that shouldn't be traversed
+    if (value instanceof Promise)
+        return false;
+    if (value instanceof WeakMap)
+        return false;
+    if (value instanceof WeakSet)
+        return false;
+    if (value instanceof Map)
+        return false;
+    if (value instanceof Set)
+        return false;
+    // Check if it's a primitive wrapper object
+    const stringTag = Object.prototype.toString.call(value);
+    if (stringTag === '[object Boolean]' ||
+        stringTag === '[object Number]' ||
+        stringTag === '[object String]') {
+        return false;
+    }
+    return true;
+}
+// Helper to safely set a property on an object or array
+function setProperty(obj, key, value) {
+    if (Array.isArray(obj) && typeof key === 'number') {
+        obj[key] = value;
+    }
+    else if (!Array.isArray(obj) && typeof key === 'string') {
+        obj[key] = value;
+    }
+    else if (!Array.isArray(obj) && typeof key === 'number') {
+        // Handle numeric keys on objects
+        obj[key] = value;
+    }
+}
+// Helper to safely delete a property from an object
+function deleteProperty(obj, key) {
+    if (Array.isArray(obj) && typeof key === 'number') {
+        // For arrays, we should use splice, but this is handled in remove()
+        // This function is only called for non-array deletion
+        return;
+    }
+    if (!Array.isArray(obj)) {
+        delete obj[key];
+    }
+}
+function forEach(obj, callback) {
+    const visited = new WeakSet();
+    function walk(node, path = [], parent) {
+        // Check for circular references
+        let circular = null;
+        if (isObject(node)) {
+            if (visited.has(node)) {
+                // Find the circular reference in the parent chain
+                let p = parent;
+                while (p) {
+                    if (p.node === node) {
+                        circular = p;
+                        break;
+                    }
+                    p = p.parent;
+                }
+                return; // Skip circular references
+            }
+            visited.add(node);
+        }
+        const key = path.length > 0 ? path[path.length - 1] : undefined;
+        const isRoot = path.length === 0;
+        const level = path.length;
+        // Determine if this is a leaf node
+        const isLeaf = !isObject(node) ||
+            (Array.isArray(node) && node.length === 0) ||
+            Object.keys(node).length === 0;
+        // Create context
+        const context = {
+            node,
+            path: [...path],
+            parent,
+            key,
+            isLeaf,
+            notLeaf: !isLeaf,
+            isRoot,
+            notRoot: !isRoot,
+            level,
+            circular,
+            update(value) {
+                if (!isRoot && parent && key !== undefined && isObject(parent.node)) {
+                    setProperty(parent.node, key, value);
+                }
+                this.node = value;
+            },
+            remove() {
+                if (!isRoot && parent && key !== undefined && isObject(parent.node)) {
+                    if (Array.isArray(parent.node) && typeof key === 'number') {
+                        parent.node.splice(key, 1);
+                    }
+                    else {
+                        deleteProperty(parent.node, key);
+                    }
+                }
+            },
+        };
+        // Call the callback with the context
+        callback.call(context, node);
+        // Traverse children if not circular and is an object
+        if (!circular && isObject(node) && !isLeaf) {
+            if (Array.isArray(node)) {
+                for (let i = 0; i < node.length; i++) {
+                    walk(node[i], [...path, i], context);
+                }
+            }
+            else {
+                for (const [childKey, childValue] of Object.entries(node)) {
+                    walk(childValue, [...path, childKey], context);
+                }
+            }
+        }
+    }
+    walk(obj);
+}
+// Main traverse function that returns an object with forEach method
+function traverse(obj) {
+    return {
+        forEach(callback) {
+            forEach(obj, callback);
+        },
+    };
 }
 
+const SPLAT_SYMBOL = Symbol.for('splat');
+const MESSAGE_SYMBOL = Symbol.for('message');
+const CONSOLE_JSON_STRING_LENGTH = parseInt(process.env.CONSOLE_JSON_STRING_LENGTH || '', 10) || 255;
+const sensitiveKeys = [
+    /^(sk-)[^\s]+/, // OpenAI API key pattern
+    /(Bearer )[^\s]+/, // Header: Bearer token pattern
+    /(api-key:? )[^\s]+/, // Header: API key pattern
+    /(key=)[^\s]+/, // URL query param: sensitive key pattern (Google)
+];
 /**
- * Creates or returns the Token model using the provided mongoose instance and schema
+ * Determines if a given value string is sensitive and returns matching regex patterns.
+ *
+ * @param valueStr - The value string to check.
+ * @returns An array of regex patterns that match the value string.
  */
-function createTokenModel(mongoose) {
-    return mongoose.models.Token || mongoose.model('Token', tokenSchema);
+function getMatchingSensitivePatterns(valueStr) {
+    if (valueStr) {
+        // Filter and return all regex patterns that match the value string
+        return sensitiveKeys.filter((regex) => regex.test(valueStr));
+    }
+    return [];
 }
-
 /**
- * Creates or returns the Session model using the provided mongoose instance and schema
+ * Redacts sensitive information from a console message and trims it to a specified length if provided.
+ * @param str - The console message to be redacted.
+ * @param trimLength - The optional length at which to trim the redacted message.
+ * @returns The redacted and optionally trimmed console message.
  */
-function createSessionModel(mongoose) {
-    return mongoose.models.Session || mongoose.model('Session', sessionSchema);
+function redactMessage(str, trimLength) {
+    if (!str) {
+        return '';
+    }
+    const patterns = getMatchingSensitivePatterns(str);
+    patterns.forEach((pattern) => {
+        str = str.replace(pattern, '$1[REDACTED]');
+    });
+    return str;
 }
-
 /**
- * Creates or returns the Balance model using the provided mongoose instance and schema
+ * Redacts sensitive information from log messages if the log level is 'error'.
+ * Note: Intentionally mutates the object.
+ * @param info - The log information object.
+ * @returns The modified log information object.
  */
-function createBalanceModel(mongoose) {
-    return mongoose.models.Balance || mongoose.model('Balance', balanceSchema);
-}
-
+const redactFormat = winston.format((info) => {
+    if (info.level === 'error') {
+        // Type guard to ensure message is a string
+        if (typeof info.message === 'string') {
+            info.message = redactMessage(info.message);
+        }
+        // Handle MESSAGE_SYMBOL with type safety
+        const symbolValue = info[MESSAGE_SYMBOL];
+        if (typeof symbolValue === 'string') {
+            info[MESSAGE_SYMBOL] = redactMessage(symbolValue);
+        }
+    }
+    return info;
+});
 /**
- * Determine the log directory in a cross-compatible way.
- * Priority:
- * 1. LIBRECHAT_LOG_DIR environment variable
- * 2. If running within LibreChat monorepo (when cwd ends with /api), use api/logs
- * 3. If api/logs exists relative to cwd, use that (for running from project root)
- * 4. Otherwise, use logs directory relative to process.cwd()
+ * Truncates long strings, especially base64 image data, within log messages.
  *
- * This avoids using __dirname which is not available in ESM modules
+ * @param value - The value to be inspected and potentially truncated.
+ * @param length - The length at which to truncate the value. Default: 100.
+ * @returns The truncated or original value.
  */
-const getLogDirectory = () => {
-    if (process.env.LIBRECHAT_LOG_DIR) {
-        return process.env.LIBRECHAT_LOG_DIR;
+const truncateLongStrings = (value, length = 100) => {
+    if (typeof value === 'string') {
+        return value.length > length ? value.substring(0, length) + '... [truncated]' : value;
     }
-    const cwd = process.cwd();
-    // Check if we're running from within the api directory
-    if (cwd.endsWith('/api') || cwd.endsWith('\\api')) {
-        return path__default.default.join(cwd, 'logs');
+    return value;
+};
+/**
+ * An array mapping function that truncates long strings (objects converted to JSON strings).
+ * @param item - The item to be condensed.
+ * @returns The condensed item.
+ */
+const condenseArray = (item) => {
+    if (typeof item === 'string') {
+        return truncateLongStrings(JSON.stringify(item));
     }
-    // Check if api/logs exists relative to current directory (running from project root)
-    // We'll just use the path and let the file system create it if needed
-    const apiLogsPath = path__default.default.join(cwd, 'api', 'logs');
-    // For LibreChat project structure, use api/logs
-    // For external consumers, they should set LIBRECHAT_LOG_DIR
-    if (cwd.includes('LibreChat')) {
-        return apiLogsPath;
+    else if (typeof item === 'object') {
+        return truncateLongStrings(JSON.stringify(item));
     }
-    // Default to logs directory relative to current working directory
-    return path__default.default.join(cwd, 'logs');
+    return item;
 };
-
-const logDir$1 = getLogDirectory();
-const { NODE_ENV: NODE_ENV$1, DEBUG_LOGGING: DEBUG_LOGGING$1 = 'false' } = process.env;
-const useDebugLogging$1 = (typeof DEBUG_LOGGING$1 === 'string' && DEBUG_LOGGING$1.toLowerCase() === 'true') ||
-    DEBUG_LOGGING$1 === 'true';
-const levels$1 = {
-    error: 0,
-    warn: 1,
-    info: 2,
-    http: 3,
+/**
+ * Formats log messages for debugging purposes.
+ * - Truncates long strings within log messages.
+ * - Condenses arrays by truncating long strings and objects as strings within array items.
+ * - Redacts sensitive information from log messages if the log level is 'error'.
+ * - Converts log information object to a formatted string.
+ *
+ * @param options - The options for formatting log messages.
+ * @returns The formatted log message.
+ */
+const debugTraverse = winston.format.printf(({ level, message, timestamp, ...metadata }) => {
+    if (!message) {
+        return `${timestamp} ${level}`;
+    }
+    // Type-safe version of the CJS logic: !message?.trim || typeof message !== 'string'
+    if (typeof message !== 'string' || !message.trim) {
+        return `${timestamp} ${level}: ${JSON.stringify(message)}`;
+    }
+    const msgParts = [
+        `${timestamp} ${level}: ${truncateLongStrings(message.trim(), 150)}`,
+    ];
+    try {
+        if (level !== 'debug') {
+            return msgParts[0];
+        }
+        if (!metadata) {
+            return msgParts[0];
+        }
+        // Type-safe access to SPLAT_SYMBOL using bracket notation
+        const metadataRecord = metadata;
+        const splatArray = metadataRecord[SPLAT_SYMBOL];
+        const debugValue = Array.isArray(splatArray) ? splatArray[0] : undefined;
+        if (!debugValue) {
+            return msgParts[0];
+        }
+        if (debugValue && Array.isArray(debugValue)) {
+            msgParts.push(`\n${JSON.stringify(debugValue.map(condenseArray))}`);
+            return msgParts.join('');
+        }
+        if (typeof debugValue !== 'object') {
+            msgParts.push(` ${debugValue}`);
+            return msgParts.join('');
+        }
+        msgParts.push('\n{');
+        const copy = klona.klona(metadata);
+        try {
+            const traversal = traverse(copy);
+            traversal.forEach(function (value) {
+                var _a;
+                if (typeof (this === null || this === void 0 ? void 0 : this.key) === 'symbol') {
+                    return;
+                }
+                let _parentKey = '';
+                const parent = this.parent;
+                if (typeof (parent === null || parent === void 0 ? void 0 : parent.key) !== 'symbol' && (parent === null || parent === void 0 ? void 0 : parent.key) !== undefined) {
+                    _parentKey = String(parent.key);
+                }
+                const parentKey = `${parent && parent.notRoot ? _parentKey + '.' : ''}`;
+                const tabs = `${parent && parent.notRoot ? '    ' : '  '}`;
+                const currentKey = (_a = this === null || this === void 0 ? void 0 : this.key) !== null && _a !== void 0 ? _a : 'unknown';
+                if (this.isLeaf && typeof value === 'string') {
+                    const truncatedText = truncateLongStrings(value);
+                    msgParts.push(`\n${tabs}${parentKey}${currentKey}: ${JSON.stringify(truncatedText)},`);
+                }
+                else if (this.notLeaf && Array.isArray(value) && value.length > 0) {
+                    const currentMessage = `\n${tabs}// ${value.length} ${String(currentKey).replace(/s$/, '')}(s)`;
+                    this.update(currentMessage);
+                    msgParts.push(currentMessage);
+                    const stringifiedArray = value.map(condenseArray);
+                    msgParts.push(`\n${tabs}${parentKey}${currentKey}: [${stringifiedArray}],`);
+                }
+                else if (this.isLeaf && typeof value === 'function') {
+                    msgParts.push(`\n${tabs}${parentKey}${currentKey}: function,`);
+                }
+                else if (this.isLeaf) {
+                    msgParts.push(`\n${tabs}${parentKey}${currentKey}: ${value},`);
+                }
+            });
+        }
+        catch (e) {
+            const errorMessage = e instanceof Error ? e.message : 'Unknown error';
+            msgParts.push(`\n[LOGGER TRAVERSAL ERROR] ${errorMessage}`);
+        }
+        msgParts.push('\n}');
+        return msgParts.join('');
+    }
+    catch (e) {
+        const errorMessage = e instanceof Error ? e.message : 'Unknown error';
+        msgParts.push(`\n[LOGGER PARSING ERROR] ${errorMessage}`);
+        return msgParts.join('');
+    }
+});
+/**
+ * Truncates long string values in JSON log objects.
+ * Prevents outputting extremely long values (e.g., base64, blobs).
+ */
+const jsonTruncateFormat = winston.format((info) => {
+    const truncateLongStrings = (str, maxLength) => str.length > maxLength ? str.substring(0, maxLength) + '...' : str;
+    const seen = new WeakSet();
+    const truncateObject = (obj) => {
+        if (typeof obj !== 'object' || obj === null) {
+            return obj;
+        }
+        // Handle circular references - now with proper object type
+        if (seen.has(obj)) {
+            return '[Circular]';
+        }
+        seen.add(obj);
+        if (Array.isArray(obj)) {
+            return obj.map((item) => truncateObject(item));
+        }
+        // We know this is an object at this point
+        const objectRecord = obj;
+        const newObj = {};
+        Object.entries(objectRecord).forEach(([key, value]) => {
+            if (typeof value === 'string') {
+                newObj[key] = truncateLongStrings(value, CONSOLE_JSON_STRING_LENGTH);
+            }
+            else {
+                newObj[key] = truncateObject(value);
+            }
+        });
+        return newObj;
+    };
+    return truncateObject(info);
+});
+
+/**
+ * Determine the log directory in a cross-compatible way.
+ * Priority:
+ * 1. LIBRECHAT_LOG_DIR environment variable
+ * 2. If running within LibreChat monorepo (when cwd ends with /api), use api/logs
+ * 3. If api/logs exists relative to cwd, use that (for running from project root)
+ * 4. Otherwise, use logs directory relative to process.cwd()
+ *
+ * This avoids using __dirname which is not available in ESM modules
+ */
+const getLogDirectory = () => {
+    if (process.env.LIBRECHAT_LOG_DIR) {
+        return process.env.LIBRECHAT_LOG_DIR;
+    }
+    const cwd = process.cwd();
+    // Check if we're running from within the api directory
+    if (cwd.endsWith('/api') || cwd.endsWith('\\api')) {
+        return path.join(cwd, 'logs');
+    }
+    // Check if api/logs exists relative to current directory (running from project root)
+    // We'll just use the path and let the file system create it if needed
+    const apiLogsPath = path.join(cwd, 'api', 'logs');
+    // For LibreChat project structure, use api/logs
+    // For external consumers, they should set LIBRECHAT_LOG_DIR
+    if (cwd.includes('LibreChat')) {
+        return apiLogsPath;
+    }
+    // Default to logs directory relative to current working directory
+    return path.join(cwd, 'logs');
+};
+
+const logDir$1 = getLogDirectory();
+const { NODE_ENV: NODE_ENV$1, DEBUG_LOGGING: DEBUG_LOGGING$1, CONSOLE_JSON, DEBUG_CONSOLE } = process.env;
+const useConsoleJson = typeof CONSOLE_JSON === 'string' && CONSOLE_JSON.toLowerCase() === 'true';
+const useDebugConsole = typeof DEBUG_CONSOLE === 'string' && DEBUG_CONSOLE.toLowerCase() === 'true';
+const useDebugLogging$1 = typeof DEBUG_LOGGING$1 === 'string' && DEBUG_LOGGING$1.toLowerCase() === 'true';
+const levels$1 = {
+    error: 0,
+    warn: 1,
+    info: 2,
+    http: 3,
     verbose: 4,
     debug: 5,
     activity: 6,
     silly: 7,
 };
-winston__default.default.addColors({
+winston.addColors({
     info: 'green',
     warn: 'italic yellow',
     error: 'red',
@@ -1361,15 +1798,13 @@ winston__default.default.addColors({
 });
 const level$1 = () => {
     const env = NODE_ENV$1 || 'development';
-    const isDevelopment = env === 'development';
-    return isDevelopment ? 'debug' : 'warn';
+    return env === 'development' ? 'debug' : 'warn';
 };
-const fileFormat$1 = winston__default.default.format.combine(winston__default.default.format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), winston__default.default.format.errors({ stack: true }), winston__default.default.format.splat());
-const logLevel = useDebugLogging$1 ? 'debug' : 'error';
+const fileFormat$1 = winston.format.combine(redactFormat(), winston.format.timestamp({ format: () => new Date().toISOString() }), winston.format.errors({ stack: true }), winston.format.splat());
 const transports$1 = [
-    new winston__default.default.transports.DailyRotateFile({
-        level: logLevel,
-        filename: `${logDir$1}/meiliSync-%DATE%.log`,
+    new winston.transports.DailyRotateFile({
+        level: 'error',
+        filename: `${logDir$1}/error-%DATE%.log`,
         datePattern: 'YYYY-MM-DD',
         zippedArchive: true,
         maxSize: '20m',
@@ -1377,17 +1812,174 @@ const transports$1 = [
         format: fileFormat$1,
     }),
 ];
-const consoleFormat$1 = winston__default.default.format.combine(winston__default.default.format.colorize({ all: true }), winston__default.default.format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), winston__default.default.format.printf((info) => `${info.timestamp} ${info.level}: ${info.message}`));
-transports$1.push(new winston__default.default.transports.Console({
-    level: 'info',
-    format: consoleFormat$1,
+if (useDebugLogging$1) {
+    transports$1.push(new winston.transports.DailyRotateFile({
+        level: 'debug',
+        filename: `${logDir$1}/debug-%DATE%.log`,
+        datePattern: 'YYYY-MM-DD',
+        zippedArchive: true,
+        maxSize: '20m',
+        maxFiles: '14d',
+        format: winston.format.combine(fileFormat$1, debugTraverse),
+    }));
+}
+const consoleFormat$1 = winston.format.combine(redactFormat(), winston.format.colorize({ all: true }), winston.format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), winston.format.printf((info) => {
+    const message = `${info.timestamp} ${info.level}: ${info.message}`;
+    return info.level.includes('error') ? redactMessage(message) : message;
 }));
-const logger$1 = winston__default.default.createLogger({
+let consoleLogLevel = 'info';
+if (useDebugConsole) {
+    consoleLogLevel = 'debug';
+}
+// Add console transport
+if (useDebugConsole) {
+    transports$1.push(new winston.transports.Console({
+        level: consoleLogLevel,
+        format: useConsoleJson
+            ? winston.format.combine(fileFormat$1, jsonTruncateFormat(), winston.format.json())
+            : winston.format.combine(fileFormat$1, debugTraverse),
+    }));
+}
+else if (useConsoleJson) {
+    transports$1.push(new winston.transports.Console({
+        level: consoleLogLevel,
+        format: winston.format.combine(fileFormat$1, jsonTruncateFormat(), winston.format.json()),
+    }));
+}
+else {
+    transports$1.push(new winston.transports.Console({
+        level: consoleLogLevel,
+        format: consoleFormat$1,
+    }));
+}
+// Create logger
+const logger$1 = winston.createLogger({
     level: level$1(),
     levels: levels$1,
     transports: transports$1,
 });
 
+/**
+ * Checks if the connected MongoDB deployment supports transactions
+ * This requires a MongoDB replica set configuration
+ *
+ * @returns True if transactions are supported, false otherwise
+ */
+const supportsTransactions = async (mongoose) => {
+    var _a;
+    try {
+        const session = await mongoose.startSession();
+        try {
+            session.startTransaction();
+            await ((_a = mongoose.connection.db) === null || _a === void 0 ? void 0 : _a.collection('__transaction_test__').findOne({}, { session }));
+            await session.abortTransaction();
+            logger$1.debug('MongoDB transactions are supported');
+            return true;
+        }
+        catch (transactionError) {
+            logger$1.debug('MongoDB transactions not supported (transaction error):', (transactionError === null || transactionError === void 0 ? void 0 : transactionError.message) || 'Unknown error');
+            return false;
+        }
+        finally {
+            await session.endSession();
+        }
+    }
+    catch (error) {
+        logger$1.debug('MongoDB transactions not supported (session error):', (error === null || error === void 0 ? void 0 : error.message) || 'Unknown error');
+        return false;
+    }
+};
+/**
+ * Gets whether the current MongoDB deployment supports transactions
+ * Caches the result for performance
+ *
+ * @returns True if transactions are supported, false otherwise
+ */
+const getTransactionSupport = async (mongoose, transactionSupportCache) => {
+    let transactionsSupported = false;
+    if (transactionSupportCache === null) {
+        transactionsSupported = await supportsTransactions(mongoose);
+    }
+    return transactionsSupported;
+};
+
+/**
+ * Creates or returns the User model using the provided mongoose instance and schema
+ */
+function createUserModel(mongoose) {
+    return mongoose.models.User || mongoose.model('User', userSchema);
+}
+
+/**
+ * Creates or returns the Token model using the provided mongoose instance and schema
+ */
+function createTokenModel(mongoose) {
+    return mongoose.models.Token || mongoose.model('Token', tokenSchema);
+}
+
+/**
+ * Creates or returns the Session model using the provided mongoose instance and schema
+ */
+function createSessionModel(mongoose) {
+    return mongoose.models.Session || mongoose.model('Session', sessionSchema);
+}
+
+/**
+ * Creates or returns the Balance model using the provided mongoose instance and schema
+ */
+function createBalanceModel(mongoose) {
+    return mongoose.models.Balance || mongoose.model('Balance', balanceSchema);
+}
+
+const logDir = getLogDirectory();
+const { NODE_ENV, DEBUG_LOGGING = 'false' } = process.env;
+const useDebugLogging = (typeof DEBUG_LOGGING === 'string' && DEBUG_LOGGING.toLowerCase() === 'true') ||
+    DEBUG_LOGGING === 'true';
+const levels = {
+    error: 0,
+    warn: 1,
+    info: 2,
+    http: 3,
+    verbose: 4,
+    debug: 5,
+    activity: 6,
+    silly: 7,
+};
+winston.addColors({
+    info: 'green',
+    warn: 'italic yellow',
+    error: 'red',
+    debug: 'blue',
+});
+const level = () => {
+    const env = NODE_ENV || 'development';
+    const isDevelopment = env === 'development';
+    return isDevelopment ? 'debug' : 'warn';
+};
+const fileFormat = winston.format.combine(winston.format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), winston.format.errors({ stack: true }), winston.format.splat());
+const logLevel = useDebugLogging ? 'debug' : 'error';
+const transports = [
+    new winston.transports.DailyRotateFile({
+        level: logLevel,
+        filename: `${logDir}/meiliSync-%DATE%.log`,
+        datePattern: 'YYYY-MM-DD',
+        zippedArchive: true,
+        maxSize: '20m',
+        maxFiles: '14d',
+        format: fileFormat,
+    }),
+];
+const consoleFormat = winston.format.combine(winston.format.colorize({ all: true }), winston.format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), winston.format.printf((info) => `${info.timestamp} ${info.level}: ${info.message}`));
+transports.push(new winston.transports.Console({
+    level: 'info',
+    format: consoleFormat,
+}));
+const logger = winston.createLogger({
+    level: level(),
+    levels,
+    transports,
+});
+
 // Environment flags
 /**
  * Flag to indicate if search is enabled based on environment variables.
@@ -1483,7 +2075,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
             try {
                 const startTime = Date.now();
                 const { batchSize, delayMs } = syncConfig;
-                logger$1.info(`[syncWithMeili] Starting sync for ${primaryKey === 'messageId' ? 'messages' : 'conversations'} with batch size ${batchSize}`);
+                logger.info(`[syncWithMeili] Starting sync for ${primaryKey === 'messageId' ? 'messages' : 'conversations'} with batch size ${batchSize}`);
                 // Build query with resume capability
                 const query = {};
                 if (options === null || options === void 0 ? void 0 : options.resumeFromId) {
@@ -1500,7 +2092,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
                     .sort({ _id: 1 })
                     .batchSize(batchSize)
                     .cursor();
-                const format = (doc) => ___default.default.omitBy(___default.default.pick(doc, attributesToIndex), (v, k) => k.startsWith('$'));
+                const format = (doc) => _.omitBy(_.pick(doc, attributesToIndex), (v, k) => k.startsWith('$'));
                 let documentBatch = [];
                 let updateOps = [];
                 // Process documents in streaming fashion
@@ -1525,7 +2117,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
                         updateOps = [];
                         // Log progress
                         const progress = Math.round((processedCount / totalCount) * 100);
-                        logger$1.info(`[syncWithMeili] Progress: ${progress}% (${processedCount}/${totalCount})`);
+                        logger.info(`[syncWithMeili] Progress: ${progress}% (${processedCount}/${totalCount})`);
                         // Add delay to prevent overwhelming resources
                         if (delayMs > 0) {
                             await new Promise((resolve) => setTimeout(resolve, delayMs));
@@ -1537,10 +2129,10 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
                     await this.processSyncBatch(index, documentBatch, updateOps);
                 }
                 const duration = Date.now() - startTime;
-                logger$1.info(`[syncWithMeili] Completed sync for ${primaryKey === 'messageId' ? 'messages' : 'conversations'} in ${duration}ms`);
+                logger.info(`[syncWithMeili] Completed sync for ${primaryKey === 'messageId' ? 'messages' : 'conversations'} in ${duration}ms`);
             }
             catch (error) {
-                logger$1.error('[syncWithMeili] Error during sync:', error);
+                logger.error('[syncWithMeili] Error during sync:', error);
                 throw error;
             }
         }
@@ -1560,7 +2152,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
                 }
             }
             catch (error) {
-                logger$1.error('[processSyncBatch] Error processing batch:', error);
+                logger.error('[processSyncBatch] Error processing batch:', error);
                 // Don't throw - allow sync to continue with other documents
             }
         }
@@ -1587,7 +2179,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
                     const toDelete = meiliIds.filter((id) => !existingIds.has(id));
                     if (toDelete.length > 0) {
                         await Promise.all(toDelete.map((id) => index.deleteDocument(id)));
-                        logger$1.debug(`[cleanupMeiliIndex] Deleted ${toDelete.length} orphaned documents`);
+                        logger.debug(`[cleanupMeiliIndex] Deleted ${toDelete.length} orphaned documents`);
                     }
                     offset += batchSize;
                     // Add delay between batches
@@ -1597,7 +2189,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
                 }
             }
             catch (error) {
-                logger$1.error('[cleanupMeiliIndex] Error during cleanup:', error);
+                logger.error('[cleanupMeiliIndex] Error during cleanup:', error);
             }
         }
         /**
@@ -1613,7 +2205,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
             const data = await index.search(q, params);
             if (populate) {
                 const query = {};
-                query[primaryKey] = ___default.default.map(data.hits, (hit) => cleanUpPrimaryKeyValue(hit[primaryKey]));
+                query[primaryKey] = _.map(data.hits, (hit) => cleanUpPrimaryKeyValue(hit[primaryKey]));
                 const projection = Object.keys(this.schema.obj).reduce((results, key) => {
                     if (!key.startsWith('$')) {
                         results[key] = 1;
@@ -1623,7 +2215,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
                 const hitsFromMongoose = await this.find(query, projection).lean();
                 const populatedHits = data.hits.map((hit) => {
                     hit[primaryKey];
-                    const originalHit = ___default.default.find(hitsFromMongoose, (item) => {
+                    const originalHit = _.find(hitsFromMongoose, (item) => {
                         const typedItem = item;
                         return typedItem[primaryKey] === hit[primaryKey];
                     });
@@ -1640,7 +2232,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
          * Preprocesses the current document for indexing
          */
         preprocessObjectForIndex() {
-            const object = ___default.default.omitBy(___default.default.pick(this.toJSON(), attributesToIndex), (v, k) => k.startsWith('$'));
+            const object = _.omitBy(_.pick(this.toJSON(), attributesToIndex), (v, k) => k.startsWith('$'));
             if (object.conversationId &&
                 typeof object.conversationId === 'string' &&
                 object.conversationId.includes('|')) {
@@ -1667,7 +2259,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
                 catch (error) {
                     retryCount++;
                     if (retryCount >= maxRetries) {
-                        logger$1.error('[addObjectToMeili] Error adding document to Meili after retries:', error);
+                        logger.error('[addObjectToMeili] Error adding document to Meili after retries:', error);
                         return next();
                     }
                     // Exponential backoff
@@ -1678,7 +2270,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
                 await this.collection.updateMany({ _id: this._id }, { $set: { _meiliIndex: true } });
             }
             catch (error) {
-                logger$1.error('[addObjectToMeili] Error updating _meiliIndex field:', error);
+                logger.error('[addObjectToMeili] Error updating _meiliIndex field:', error);
                 return next();
             }
             next();
@@ -1688,12 +2280,12 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
          */
         async updateObjectToMeili(next) {
             try {
-                const object = ___default.default.omitBy(___default.default.pick(this.toJSON(), attributesToIndex), (v, k) => k.startsWith('$'));
+                const object = _.omitBy(_.pick(this.toJSON(), attributesToIndex), (v, k) => k.startsWith('$'));
                 await index.updateDocuments([object]);
                 next();
             }
             catch (error) {
-                logger$1.error('[updateObjectToMeili] Error updating document in Meili:', error);
+                logger.error('[updateObjectToMeili] Error updating document in Meili:', error);
                 return next();
             }
         }
@@ -1708,7 +2300,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
                 next();
             }
             catch (error) {
-                logger$1.error('[deleteObjectFromMeili] Error deleting document from Meili:', error);
+                logger.error('[deleteObjectFromMeili] Error deleting document from Meili:', error);
                 return next();
             }
         }
@@ -1800,23 +2392,23 @@ function mongoMeili(schema, options) {
     (async () => {
         try {
             await index.getRawInfo();
-            logger$1.debug(`[mongoMeili] Index ${indexName} already exists`);
+            logger.debug(`[mongoMeili] Index ${indexName} already exists`);
         }
         catch (error) {
             const errorCode = error === null || error === void 0 ? void 0 : error.code;
             if (errorCode === 'index_not_found') {
                 try {
-                    logger$1.info(`[mongoMeili] Creating new index: ${indexName}`);
+                    logger.info(`[mongoMeili] Creating new index: ${indexName}`);
                     await client.createIndex(indexName, { primaryKey });
-                    logger$1.info(`[mongoMeili] Successfully created index: ${indexName}`);
+                    logger.info(`[mongoMeili] Successfully created index: ${indexName}`);
                 }
                 catch (createError) {
                     // Index might have been created by another instance
-                    logger$1.debug(`[mongoMeili] Index ${indexName} may already exist:`, createError);
+                    logger.debug(`[mongoMeili] Index ${indexName} may already exist:`, createError);
                 }
             }
             else {
-                logger$1.error(`[mongoMeili] Error checking index ${indexName}:`, error);
+                logger.error(`[mongoMeili] Error checking index ${indexName}:`, error);
             }
         }
     })();
@@ -1879,7 +2471,7 @@ function mongoMeili(schema, options) {
         }
         catch (error) {
             if (meiliEnabled) {
-                logger$1.error('[MeiliMongooseModel.deleteMany] There was an issue deleting conversation indexes upon deletion. Next startup may trigger syncing.', error);
+                logger.error('[MeiliMongooseModel.deleteMany] There was an issue deleting conversation indexes upon deletion. Next startup may trigger syncing.', error);
             }
             return next();
         }
@@ -1899,7 +2491,7 @@ function mongoMeili(schema, options) {
                 meiliDoc = await client.index('convos').getDocument(doc.conversationId);
             }
             catch (error) {
-                logger$1.debug('[MeiliMongooseModel.findOneAndUpdate] Convo not found in MeiliSearch and will index ' +
+                logger.debug('[MeiliMongooseModel.findOneAndUpdate] Convo not found in MeiliSearch and will index ' +
                     doc.conversationId, error);
             }
         }
@@ -1950,6 +2542,13 @@ function createAgentModel(mongoose) {
     return mongoose.models.Agent || mongoose.model('Agent', agentSchema);
 }
 
+/**
+ * Creates or returns the AgentCategory model using the provided mongoose instance and schema
+ */
+function createAgentCategoryModel(mongoose) {
+    return mongoose.models.AgentCategory || mongoose.model('AgentCategory', agentCategorySchema);
+}
+
 /**
  * Creates or returns the Role model using the provided mongoose instance and schema
  */
@@ -2061,6 +2660,108 @@ function createMemoryModel(mongoose) {
     return mongoose.models.MemoryEntry || mongoose.model('MemoryEntry', MemoryEntrySchema);
 }
 
+const accessRoleSchema = new mongoose.Schema({
+    accessRoleId: {
+        type: String,
+        required: true,
+        index: true,
+        unique: true,
+    },
+    name: {
+        type: String,
+        required: true,
+    },
+    description: String,
+    resourceType: {
+        type: String,
+        enum: ['agent', 'project', 'file', 'promptGroup'],
+        required: true,
+        default: 'agent',
+    },
+    permBits: {
+        type: Number,
+        required: true,
+    },
+}, { timestamps: true });
+
+/**
+ * Creates or returns the AccessRole model using the provided mongoose instance and schema
+ */
+function createAccessRoleModel(mongoose) {
+    return (mongoose.models.AccessRole || mongoose.model('AccessRole', accessRoleSchema));
+}
+
+const aclEntrySchema = new mongoose.Schema({
+    principalType: {
+        type: String,
+        enum: Object.values(librechatDataProvider.PrincipalType),
+        required: true,
+    },
+    principalId: {
+        type: mongoose.Schema.Types.Mixed, // Can be ObjectId for users/groups or String for roles
+        refPath: 'principalModel',
+        required: function () {
+            return this.principalType !== librechatDataProvider.PrincipalType.PUBLIC;
+        },
+        index: true,
+    },
+    principalModel: {
+        type: String,
+        enum: Object.values(librechatDataProvider.PrincipalModel),
+        required: function () {
+            return this.principalType !== librechatDataProvider.PrincipalType.PUBLIC;
+        },
+    },
+    resourceType: {
+        type: String,
+        enum: Object.values(librechatDataProvider.ResourceType),
+        required: true,
+    },
+    resourceId: {
+        type: mongoose.Schema.Types.ObjectId,
+        required: true,
+        index: true,
+    },
+    permBits: {
+        type: Number,
+        default: 1,
+    },
+    roleId: {
+        type: mongoose.Schema.Types.ObjectId,
+        ref: 'AccessRole',
+    },
+    inheritedFrom: {
+        type: mongoose.Schema.Types.ObjectId,
+        sparse: true,
+        index: true,
+    },
+    grantedBy: {
+        type: mongoose.Schema.Types.ObjectId,
+        ref: 'User',
+    },
+    grantedAt: {
+        type: Date,
+        default: Date.now,
+    },
+}, { timestamps: true });
+aclEntrySchema.index({ principalId: 1, principalType: 1, resourceType: 1, resourceId: 1 });
+aclEntrySchema.index({ resourceId: 1, principalType: 1, principalId: 1 });
+aclEntrySchema.index({ principalId: 1, permBits: 1, resourceType: 1 });
+
+/**
+ * Creates or returns the AclEntry model using the provided mongoose instance and schema
+ */
+function createAclEntryModel(mongoose) {
+    return mongoose.models.AclEntry || mongoose.model('AclEntry', aclEntrySchema);
+}
+
+/**
+ * Creates or returns the Group model using the provided mongoose instance and schema
+ */
+function createGroupModel(mongoose) {
+    return mongoose.models.Group || mongoose.model('Group', groupSchema);
+}
+
 /**
  * Creates all database models for all collections
  */
@@ -2073,6 +2774,7 @@ function createModels(mongoose) {
         Conversation: createConversationModel(mongoose),
         Message: createMessageModel(mongoose),
         Agent: createAgentModel(mongoose),
+        AgentCategory: createAgentCategoryModel(mongoose),
         Role: createRoleModel(mongoose),
         Action: createActionModel(mongoose),
         Assistant: createAssistantModel(mongoose),
@@ -2089,935 +2791,1951 @@ function createModels(mongoose) {
         SharedLink: createSharedLinkModel(mongoose),
         ToolCall: createToolCallModel(mongoose),
         MemoryEntry: createMemoryModel(mongoose),
+        AccessRole: createAccessRoleModel(mongoose),
+        AclEntry: createAclEntryModel(mongoose),
+        Group: createGroupModel(mongoose),
     };
 }
 
-/** Factory function that takes mongoose instance and returns the methods */
-function createUserMethods(mongoose) {
-    /**
-     * Search for a single user based on partial data and return matching user document as plain object.
-     */
-    async function findUser(searchCriteria, fieldsToSelect) {
-        const User = mongoose.models.User;
-        const query = User.findOne(searchCriteria);
-        if (fieldsToSelect) {
-            query.select(fieldsToSelect);
-        }
-        return (await query.lean());
+var _a;
+class SessionError extends Error {
+    constructor(message, code = 'SESSION_ERROR') {
+        super(message);
+        this.name = 'SessionError';
+        this.code = code;
     }
+}
+const { REFRESH_TOKEN_EXPIRY } = (_a = process.env) !== null && _a !== void 0 ? _a : {};
+const expires = REFRESH_TOKEN_EXPIRY ? eval(REFRESH_TOKEN_EXPIRY) : 1000 * 60 * 60 * 24 * 7; // 7 days default
+// Factory function that takes mongoose instance and returns the methods
+function createSessionMethods(mongoose) {
     /**
-     * Count the number of user documents in the collection based on the provided filter.
+     * Creates a new session for a user
      */
-    async function countUsers(filter = {}) {
-        const User = mongoose.models.User;
-        return await User.countDocuments(filter);
+    async function createSession(userId, options = {}) {
+        if (!userId) {
+            throw new SessionError('User ID is required', 'INVALID_USER_ID');
+        }
+        try {
+            const Session = mongoose.models.Session;
+            const currentSession = new Session({
+                user: userId,
+                expiration: options.expiration || new Date(Date.now() + expires),
+            });
+            const refreshToken = await generateRefreshToken(currentSession);
+            return { session: currentSession, refreshToken };
+        }
+        catch (error) {
+            logger$1.error('[createSession] Error creating session:', error);
+            throw new SessionError('Failed to create session', 'CREATE_SESSION_FAILED');
+        }
     }
     /**
-     * Creates a new user, optionally with a TTL of 1 week.
+     * Finds a session by various parameters
      */
-    async function createUser(data, balanceConfig, disableTTL = true, returnUser = false) {
-        const User = mongoose.models.User;
-        const Balance = mongoose.models.Balance;
-        const userData = {
-            ...data,
-            expiresAt: disableTTL ? undefined : new Date(Date.now() + 604800 * 1000), // 1 week in milliseconds
-        };
-        if (disableTTL) {
-            delete userData.expiresAt;
-        }
-        const user = await User.create(userData);
-        // If balance is enabled, create or update a balance record for the user
-        if ((balanceConfig === null || balanceConfig === void 0 ? void 0 : balanceConfig.enabled) && (balanceConfig === null || balanceConfig === void 0 ? void 0 : balanceConfig.startBalance)) {
-            const update = {
-                $inc: { tokenCredits: balanceConfig.startBalance },
-            };
-            if (balanceConfig.autoRefillEnabled &&
-                balanceConfig.refillIntervalValue != null &&
-                balanceConfig.refillIntervalUnit != null &&
-                balanceConfig.refillAmount != null) {
-                update.$set = {
-                    autoRefillEnabled: true,
-                    refillIntervalValue: balanceConfig.refillIntervalValue,
-                    refillIntervalUnit: balanceConfig.refillIntervalUnit,
-                    refillAmount: balanceConfig.refillAmount,
-                };
+    async function findSession(params, options = { lean: true }) {
+        try {
+            const Session = mongoose.models.Session;
+            const query = {};
+            if (!params.refreshToken && !params.userId && !params.sessionId) {
+                throw new SessionError('At least one search parameter is required', 'INVALID_SEARCH_PARAMS');
             }
-            await Balance.findOneAndUpdate({ user: user._id }, update, {
-                upsert: true,
-                new: true,
-            }).lean();
+            if (params.refreshToken) {
+                const tokenHash = await hashToken(params.refreshToken);
+                query.refreshTokenHash = tokenHash;
+            }
+            if (params.userId) {
+                query.user = params.userId;
+            }
+            if (params.sessionId) {
+                const sessionId = typeof params.sessionId === 'object' &&
+                    params.sessionId !== null &&
+                    'sessionId' in params.sessionId
+                    ? params.sessionId.sessionId
+                    : params.sessionId;
+                if (!mongoose.Types.ObjectId.isValid(sessionId)) {
+                    throw new SessionError('Invalid session ID format', 'INVALID_SESSION_ID');
+                }
+                query._id = sessionId;
+            }
+            // Add expiration check to only return valid sessions
+            query.expiration = { $gt: new Date() };
+            const sessionQuery = Session.findOne(query);
+            if (options.lean) {
+                return (await sessionQuery.lean());
+            }
+            return await sessionQuery.exec();
         }
-        if (returnUser) {
-            return user.toObject();
+        catch (error) {
+            logger$1.error('[findSession] Error finding session:', error);
+            throw new SessionError('Failed to find session', 'FIND_SESSION_FAILED');
         }
-        return user._id;
     }
     /**
-     * Update a user with new data without overwriting existing properties.
+     * Updates session expiration
      */
-    async function updateUser(userId, updateData) {
-        const User = mongoose.models.User;
-        const updateOperation = {
-            $set: updateData,
-            $unset: { expiresAt: '' }, // Remove the expiresAt field to prevent TTL
-        };
-        return (await User.findByIdAndUpdate(userId, updateOperation, {
-            new: true,
-            runValidators: true,
-        }).lean());
+    async function updateExpiration(session, newExpiration) {
+        try {
+            const Session = mongoose.models.Session;
+            const sessionDoc = typeof session === 'string' ? await Session.findById(session) : session;
+            if (!sessionDoc) {
+                throw new SessionError('Session not found', 'SESSION_NOT_FOUND');
+            }
+            sessionDoc.expiration = newExpiration || new Date(Date.now() + expires);
+            return await sessionDoc.save();
+        }
+        catch (error) {
+            logger$1.error('[updateExpiration] Error updating session:', error);
+            throw new SessionError('Failed to update session expiration', 'UPDATE_EXPIRATION_FAILED');
+        }
     }
     /**
-     * Retrieve a user by ID and convert the found user document to a plain object.
+     * Deletes a session by refresh token or session ID
      */
-    async function getUserById(userId, fieldsToSelect) {
-        const User = mongoose.models.User;
-        const query = User.findById(userId);
-        if (fieldsToSelect) {
-            query.select(fieldsToSelect);
+    async function deleteSession(params) {
+        try {
+            const Session = mongoose.models.Session;
+            if (!params.refreshToken && !params.sessionId) {
+                throw new SessionError('Either refreshToken or sessionId is required', 'INVALID_DELETE_PARAMS');
+            }
+            const query = {};
+            if (params.refreshToken) {
+                query.refreshTokenHash = await hashToken(params.refreshToken);
+            }
+            if (params.sessionId) {
+                query._id = params.sessionId;
+            }
+            const result = await Session.deleteOne(query);
+            if (result.deletedCount === 0) {
+                logger$1.warn('[deleteSession] No session found to delete');
+            }
+            return result;
+        }
+        catch (error) {
+            logger$1.error('[deleteSession] Error deleting session:', error);
+            throw new SessionError('Failed to delete session', 'DELETE_SESSION_FAILED');
         }
-        return (await query.lean());
     }
     /**
-     * Delete a user by their unique ID.
+     * Deletes all sessions for a user
      */
-    async function deleteUserById(userId) {
+    async function deleteAllUserSessions(userId, options = {}) {
         try {
-            const User = mongoose.models.User;
-            const result = await User.deleteOne({ _id: userId });
-            if (result.deletedCount === 0) {
-                return { deletedCount: 0, message: 'No user found with that ID.' };
+            const Session = mongoose.models.Session;
+            if (!userId) {
+                throw new SessionError('User ID is required', 'INVALID_USER_ID');
             }
-            return { deletedCount: result.deletedCount, message: 'User was deleted successfully.' };
+            const userIdString = typeof userId === 'object' && userId !== null ? userId.userId : userId;
+            if (!mongoose.Types.ObjectId.isValid(userIdString)) {
+                throw new SessionError('Invalid user ID format', 'INVALID_USER_ID_FORMAT');
+            }
+            const query = { user: userIdString };
+            if (options.excludeCurrentSession && options.currentSessionId) {
+                query._id = { $ne: options.currentSessionId };
+            }
+            const result = await Session.deleteMany(query);
+            if (result.deletedCount && result.deletedCount > 0) {
+                logger$1.debug(`[deleteAllUserSessions] Deleted ${result.deletedCount} sessions for user ${userIdString}.`);
+            }
+            return result;
         }
         catch (error) {
-            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
-            throw new Error('Error deleting user: ' + errorMessage);
+            logger$1.error('[deleteAllUserSessions] Error deleting user sessions:', error);
+            throw new SessionError('Failed to delete user sessions', 'DELETE_ALL_SESSIONS_FAILED');
         }
     }
     /**
-     * Generates a JWT token for a given user.
+     * Generates a refresh token for a session
      */
-    async function generateToken(user) {
-        if (!user) {
-            throw new Error('No user provided');
+    async function generateRefreshToken(session) {
+        if (!session || !session.user) {
+            throw new SessionError('Invalid session object', 'INVALID_SESSION');
         }
-        let expires = 1000 * 60 * 15;
-        if (process.env.SESSION_EXPIRY !== undefined && process.env.SESSION_EXPIRY !== '') {
-            try {
-                const evaluated = eval(process.env.SESSION_EXPIRY);
-                if (evaluated) {
-                    expires = evaluated;
-                }
-            }
-            catch (error) {
-                console.warn('Invalid SESSION_EXPIRY expression, using default:', error);
+        try {
+            const expiresIn = session.expiration ? session.expiration.getTime() : Date.now() + expires;
+            if (!session.expiration) {
+                session.expiration = new Date(expiresIn);
             }
+            const refreshToken = await signPayload({
+                payload: {
+                    id: session.user,
+                    sessionId: session._id,
+                },
+                secret: process.env.JWT_REFRESH_SECRET,
+                expirationTime: Math.floor((expiresIn - Date.now()) / 1000),
+            });
+            session.refreshTokenHash = await hashToken(refreshToken);
+            await session.save();
+            return refreshToken;
+        }
+        catch (error) {
+            logger$1.error('[generateRefreshToken] Error generating refresh token:', error);
+            throw new SessionError('Failed to generate refresh token', 'GENERATE_TOKEN_FAILED');
         }
-        return await signPayload({
-            payload: {
-                id: user._id,
-                username: user.username,
-                provider: user.provider,
-                email: user.email,
-            },
-            secret: process.env.JWT_SECRET,
-            expirationTime: expires / 1000,
-        });
     }
     /**
-     * Update a user's personalization memories setting.
-     * Handles the edge case where the personalization object doesn't exist.
+     * Counts active sessions for a user
      */
-    async function toggleUserMemories(userId, memoriesEnabled) {
-        const User = mongoose.models.User;
-        // First, ensure the personalization object exists
-        const user = await User.findById(userId);
-        if (!user) {
-            return null;
+    async function countActiveSessions(userId) {
+        try {
+            const Session = mongoose.models.Session;
+            if (!userId) {
+                throw new SessionError('User ID is required', 'INVALID_USER_ID');
+            }
+            return await Session.countDocuments({
+                user: userId,
+                expiration: { $gt: new Date() },
+            });
+        }
+        catch (error) {
+            logger$1.error('[countActiveSessions] Error counting active sessions:', error);
+            throw new SessionError('Failed to count active sessions', 'COUNT_SESSIONS_FAILED');
         }
-        // Use $set to update the nested field, which will create the personalization object if it doesn't exist
-        const updateOperation = {
-            $set: {
-                'personalization.memories': memoriesEnabled,
-            },
-        };
-        return (await User.findByIdAndUpdate(userId, updateOperation, {
-            new: true,
-            runValidators: true,
-        }).lean());
     }
-    // Return all methods
     return {
-        findUser,
-        countUsers,
-        createUser,
-        updateUser,
-        getUserById,
-        deleteUserById,
-        generateToken,
-        toggleUserMemories,
+        findSession,
+        SessionError,
+        deleteSession,
+        createSession,
+        updateExpiration,
+        countActiveSessions,
+        generateRefreshToken,
+        deleteAllUserSessions,
     };
 }
 
-/**
- * Wrapper for the traverse module to handle CommonJS imports in ESM context
- */
-// @ts-ignore - traverse doesn't have proper ESM exports
-// Handle both default export and named exports
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-const traverse = (traverseLib__default.default.default || traverseLib__default.default);
-
-const SPLAT_SYMBOL = Symbol.for('splat');
-const MESSAGE_SYMBOL = Symbol.for('message');
-const CONSOLE_JSON_STRING_LENGTH = parseInt(process.env.CONSOLE_JSON_STRING_LENGTH || '', 10) || 255;
-const sensitiveKeys = [
-    /^(sk-)[^\s]+/, // OpenAI API key pattern
-    /(Bearer )[^\s]+/, // Header: Bearer token pattern
-    /(api-key:? )[^\s]+/, // Header: API key pattern
-    /(key=)[^\s]+/, // URL query param: sensitive key pattern (Google)
-];
-/**
- * Determines if a given value string is sensitive and returns matching regex patterns.
- *
- * @param valueStr - The value string to check.
- * @returns An array of regex patterns that match the value string.
- */
-function getMatchingSensitivePatterns(valueStr) {
-    if (valueStr) {
-        // Filter and return all regex patterns that match the value string
-        return sensitiveKeys.filter((regex) => regex.test(valueStr));
-    }
-    return [];
-}
-/**
- * Redacts sensitive information from a console message and trims it to a specified length if provided.
- * @param str - The console message to be redacted.
- * @param trimLength - The optional length at which to trim the redacted message.
- * @returns The redacted and optionally trimmed console message.
- */
-function redactMessage(str, trimLength) {
-    if (!str) {
-        return '';
-    }
-    const patterns = getMatchingSensitivePatterns(str);
-    patterns.forEach((pattern) => {
-        str = str.replace(pattern, '$1[REDACTED]');
-    });
-    return str;
-}
-/**
- * Redacts sensitive information from log messages if the log level is 'error'.
- * Note: Intentionally mutates the object.
- * @param info - The log information object.
- * @returns The modified log information object.
- */
-const redactFormat = winston__default.default.format((info) => {
-    if (info.level === 'error') {
-        // Type guard to ensure message is a string
-        if (typeof info.message === 'string') {
-            info.message = redactMessage(info.message);
+// Factory function that takes mongoose instance and returns the methods
+function createTokenMethods(mongoose) {
+    /**
+     * Creates a new Token instance.
+     */
+    async function createToken(tokenData) {
+        try {
+            const Token = mongoose.models.Token;
+            const currentTime = new Date();
+            const expiresAt = new Date(currentTime.getTime() + tokenData.expiresIn * 1000);
+            const newTokenData = {
+                ...tokenData,
+                createdAt: currentTime,
+                expiresAt,
+            };
+            return await Token.create(newTokenData);
         }
-        // Handle MESSAGE_SYMBOL with type safety
-        const symbolValue = info[MESSAGE_SYMBOL];
-        if (typeof symbolValue === 'string') {
-            info[MESSAGE_SYMBOL] = redactMessage(symbolValue);
+        catch (error) {
+            logger$1.debug('An error occurred while creating token:', error);
+            throw error;
         }
     }
-    return info;
-});
-/**
- * Truncates long strings, especially base64 image data, within log messages.
- *
- * @param value - The value to be inspected and potentially truncated.
- * @param length - The length at which to truncate the value. Default: 100.
- * @returns The truncated or original value.
- */
-const truncateLongStrings = (value, length = 100) => {
-    if (typeof value === 'string') {
-        return value.length > length ? value.substring(0, length) + '... [truncated]' : value;
-    }
-    return value;
-};
-/**
- * An array mapping function that truncates long strings (objects converted to JSON strings).
- * @param item - The item to be condensed.
- * @returns The condensed item.
- */
-const condenseArray = (item) => {
-    if (typeof item === 'string') {
-        return truncateLongStrings(JSON.stringify(item));
-    }
-    else if (typeof item === 'object') {
-        return truncateLongStrings(JSON.stringify(item));
-    }
-    return item;
-};
-/**
- * Formats log messages for debugging purposes.
- * - Truncates long strings within log messages.
- * - Condenses arrays by truncating long strings and objects as strings within array items.
- * - Redacts sensitive information from log messages if the log level is 'error'.
- * - Converts log information object to a formatted string.
- *
- * @param options - The options for formatting log messages.
- * @returns The formatted log message.
- */
-const debugTraverse = winston__default.default.format.printf(({ level, message, timestamp, ...metadata }) => {
-    if (!message) {
-        return `${timestamp} ${level}`;
-    }
-    // Type-safe version of the CJS logic: !message?.trim || typeof message !== 'string'
-    if (typeof message !== 'string' || !message.trim) {
-        return `${timestamp} ${level}: ${JSON.stringify(message)}`;
-    }
-    let msg = `${timestamp} ${level}: ${truncateLongStrings(message.trim(), 150)}`;
-    try {
-        if (level !== 'debug') {
-            return msg;
-        }
-        if (!metadata) {
-            return msg;
+    /**
+     * Updates a Token document that matches the provided query.
+     */
+    async function updateToken(query, updateData) {
+        try {
+            const Token = mongoose.models.Token;
+            return await Token.findOneAndUpdate(query, updateData, { new: true });
         }
-        // Type-safe access to SPLAT_SYMBOL using bracket notation
-        const metadataRecord = metadata;
-        const splatArray = metadataRecord[SPLAT_SYMBOL];
-        const debugValue = Array.isArray(splatArray) ? splatArray[0] : undefined;
-        if (!debugValue) {
-            return msg;
+        catch (error) {
+            logger$1.debug('An error occurred while updating token:', error);
+            throw error;
         }
-        if (debugValue && Array.isArray(debugValue)) {
-            msg += `\n${JSON.stringify(debugValue.map(condenseArray))}`;
-            return msg;
+    }
+    /**
+     * Deletes all Token documents that match the provided token, user ID, or email.
+     */
+    async function deleteTokens(query) {
+        try {
+            const Token = mongoose.models.Token;
+            return await Token.deleteMany({
+                $or: [
+                    { userId: query.userId },
+                    { token: query.token },
+                    { email: query.email },
+                    { identifier: query.identifier },
+                ],
+            });
         }
-        if (typeof debugValue !== 'object') {
-            return (msg += ` ${debugValue}`);
+        catch (error) {
+            logger$1.debug('An error occurred while deleting tokens:', error);
+            throw error;
         }
-        msg += '\n{';
-        const copy = klona.klona(metadata);
-        traverse(copy).forEach(function (value) {
-            var _a;
-            if (typeof (this === null || this === void 0 ? void 0 : this.key) === 'symbol') {
-                return;
-            }
-            let _parentKey = '';
-            const parent = this.parent;
-            if (typeof (parent === null || parent === void 0 ? void 0 : parent.key) !== 'symbol' && (parent === null || parent === void 0 ? void 0 : parent.key)) {
-                _parentKey = parent.key;
-            }
-            const parentKey = `${parent && parent.notRoot ? _parentKey + '.' : ''}`;
-            const tabs = `${parent && parent.notRoot ? '    ' : '  '}`;
-            const currentKey = (_a = this === null || this === void 0 ? void 0 : this.key) !== null && _a !== void 0 ? _a : 'unknown';
-            if (this.isLeaf && typeof value === 'string') {
-                const truncatedText = truncateLongStrings(value);
-                msg += `\n${tabs}${parentKey}${currentKey}: ${JSON.stringify(truncatedText)},`;
+    }
+    /**
+     * Finds a Token document that matches the provided query.
+     */
+    async function findToken(query) {
+        try {
+            const Token = mongoose.models.Token;
+            const conditions = [];
+            if (query.userId) {
+                conditions.push({ userId: query.userId });
             }
-            else if (this.notLeaf && Array.isArray(value) && value.length > 0) {
-                const currentMessage = `\n${tabs}// ${value.length} ${currentKey.replace(/s$/, '')}(s)`;
-                this.update(currentMessage, true);
-                msg += currentMessage;
-                const stringifiedArray = value.map(condenseArray);
-                msg += `\n${tabs}${parentKey}${currentKey}: [${stringifiedArray}],`;
+            if (query.token) {
+                conditions.push({ token: query.token });
             }
-            else if (this.isLeaf && typeof value === 'function') {
-                msg += `\n${tabs}${parentKey}${currentKey}: function,`;
+            if (query.email) {
+                conditions.push({ email: query.email });
             }
-            else if (this.isLeaf) {
-                msg += `\n${tabs}${parentKey}${currentKey}: ${value},`;
+            if (query.identifier) {
+                conditions.push({ identifier: query.identifier });
             }
-        });
-        msg += '\n}';
-        return msg;
-    }
-    catch (e) {
-        const errorMessage = e instanceof Error ? e.message : 'Unknown error';
-        return (msg += `\n[LOGGER PARSING ERROR] ${errorMessage}`);
-    }
-});
+            const token = await Token.findOne({
+                $and: conditions,
+            }).lean();
+            return token;
+        }
+        catch (error) {
+            logger$1.debug('An error occurred while finding token:', error);
+            throw error;
+        }
+    }
+    // Return all methods
+    return {
+        findToken,
+        createToken,
+        updateToken,
+        deleteTokens,
+    };
+}
+
+// Factory function that takes mongoose instance and returns the methods
+function createRoleMethods(mongoose) {
+    /**
+     * Initialize default roles in the system.
+     * Creates the default roles (ADMIN, USER) if they don't exist in the database.
+     * Updates existing roles with new permission types if they're missing.
+     */
+    async function initializeRoles() {
+        var _a, _b;
+        const Role = mongoose.models.Role;
+        for (const roleName of [librechatDataProvider.SystemRoles.ADMIN, librechatDataProvider.SystemRoles.USER]) {
+            let role = await Role.findOne({ name: roleName });
+            const defaultPerms = librechatDataProvider.roleDefaults[roleName].permissions;
+            if (!role) {
+                role = new Role(librechatDataProvider.roleDefaults[roleName]);
+            }
+            else {
+                const permissions = (_b = (_a = role.toObject()) === null || _a === void 0 ? void 0 : _a.permissions) !== null && _b !== void 0 ? _b : {};
+                role.permissions = role.permissions || {};
+                for (const permType of Object.keys(defaultPerms)) {
+                    if (permissions[permType] == null || Object.keys(permissions[permType]).length === 0) {
+                        role.permissions[permType] = defaultPerms[permType];
+                    }
+                }
+            }
+            await role.save();
+        }
+    }
+    /**
+     * List all roles in the system (for testing purposes)
+     * Returns an array of all roles with their names and permissions
+     */
+    async function listRoles() {
+        const Role = mongoose.models.Role;
+        return await Role.find({}).select('name permissions').lean();
+    }
+    // Return all methods you want to expose
+    return {
+        listRoles,
+        initializeRoles,
+    };
+}
+
+/** Factory function that takes mongoose instance and returns the methods */
+function createUserMethods(mongoose) {
+    /**
+     * Search for a single user based on partial data and return matching user document as plain object.
+     */
+    async function findUser(searchCriteria, fieldsToSelect) {
+        const User = mongoose.models.User;
+        const query = User.findOne(searchCriteria);
+        if (fieldsToSelect) {
+            query.select(fieldsToSelect);
+        }
+        return (await query.lean());
+    }
+    /**
+     * Count the number of user documents in the collection based on the provided filter.
+     */
+    async function countUsers(filter = {}) {
+        const User = mongoose.models.User;
+        return await User.countDocuments(filter);
+    }
+    /**
+     * Creates a new user, optionally with a TTL of 1 week.
+     */
+    async function createUser(data, balanceConfig, disableTTL = true, returnUser = false) {
+        const User = mongoose.models.User;
+        const Balance = mongoose.models.Balance;
+        const userData = {
+            ...data,
+            expiresAt: disableTTL ? undefined : new Date(Date.now() + 604800 * 1000), // 1 week in milliseconds
+        };
+        if (disableTTL) {
+            delete userData.expiresAt;
+        }
+        const user = await User.create(userData);
+        // If balance is enabled, create or update a balance record for the user
+        if ((balanceConfig === null || balanceConfig === void 0 ? void 0 : balanceConfig.enabled) && (balanceConfig === null || balanceConfig === void 0 ? void 0 : balanceConfig.startBalance)) {
+            const update = {
+                $inc: { tokenCredits: balanceConfig.startBalance },
+            };
+            if (balanceConfig.autoRefillEnabled &&
+                balanceConfig.refillIntervalValue != null &&
+                balanceConfig.refillIntervalUnit != null &&
+                balanceConfig.refillAmount != null) {
+                update.$set = {
+                    autoRefillEnabled: true,
+                    refillIntervalValue: balanceConfig.refillIntervalValue,
+                    refillIntervalUnit: balanceConfig.refillIntervalUnit,
+                    refillAmount: balanceConfig.refillAmount,
+                };
+            }
+            await Balance.findOneAndUpdate({ user: user._id }, update, {
+                upsert: true,
+                new: true,
+            }).lean();
+        }
+        if (returnUser) {
+            return user.toObject();
+        }
+        return user._id;
+    }
+    /**
+     * Update a user with new data without overwriting existing properties.
+     */
+    async function updateUser(userId, updateData) {
+        const User = mongoose.models.User;
+        const updateOperation = {
+            $set: updateData,
+            $unset: { expiresAt: '' }, // Remove the expiresAt field to prevent TTL
+        };
+        return (await User.findByIdAndUpdate(userId, updateOperation, {
+            new: true,
+            runValidators: true,
+        }).lean());
+    }
+    /**
+     * Retrieve a user by ID and convert the found user document to a plain object.
+     */
+    async function getUserById(userId, fieldsToSelect) {
+        const User = mongoose.models.User;
+        const query = User.findById(userId);
+        if (fieldsToSelect) {
+            query.select(fieldsToSelect);
+        }
+        return (await query.lean());
+    }
+    /**
+     * Delete a user by their unique ID.
+     */
+    async function deleteUserById(userId) {
+        try {
+            const User = mongoose.models.User;
+            const result = await User.deleteOne({ _id: userId });
+            if (result.deletedCount === 0) {
+                return { deletedCount: 0, message: 'No user found with that ID.' };
+            }
+            return { deletedCount: result.deletedCount, message: 'User was deleted successfully.' };
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            throw new Error('Error deleting user: ' + errorMessage);
+        }
+    }
+    /**
+     * Generates a JWT token for a given user.
+     */
+    async function generateToken(user) {
+        if (!user) {
+            throw new Error('No user provided');
+        }
+        let expires = 1000 * 60 * 15;
+        if (process.env.SESSION_EXPIRY !== undefined && process.env.SESSION_EXPIRY !== '') {
+            try {
+                const evaluated = eval(process.env.SESSION_EXPIRY);
+                if (evaluated) {
+                    expires = evaluated;
+                }
+            }
+            catch (error) {
+                console.warn('Invalid SESSION_EXPIRY expression, using default:', error);
+            }
+        }
+        return await signPayload({
+            payload: {
+                id: user._id,
+                username: user.username,
+                provider: user.provider,
+                email: user.email,
+            },
+            secret: process.env.JWT_SECRET,
+            expirationTime: expires / 1000,
+        });
+    }
+    /**
+     * Update a user's personalization memories setting.
+     * Handles the edge case where the personalization object doesn't exist.
+     */
+    async function toggleUserMemories(userId, memoriesEnabled) {
+        const User = mongoose.models.User;
+        // First, ensure the personalization object exists
+        const user = await User.findById(userId);
+        if (!user) {
+            return null;
+        }
+        // Use $set to update the nested field, which will create the personalization object if it doesn't exist
+        const updateOperation = {
+            $set: {
+                'personalization.memories': memoriesEnabled,
+            },
+        };
+        return (await User.findByIdAndUpdate(userId, updateOperation, {
+            new: true,
+            runValidators: true,
+        }).lean());
+    }
+    /**
+     * Search for users by pattern matching on name, email, or username (case-insensitive)
+     * @param searchPattern - The pattern to search for
+     * @param limit - Maximum number of results to return
+     * @param fieldsToSelect - The fields to include or exclude in the returned documents
+     * @returns Array of matching user documents
+     */
+    const searchUsers = async function ({ searchPattern, limit = 20, fieldsToSelect = null, }) {
+        if (!searchPattern || searchPattern.trim().length === 0) {
+            return [];
+        }
+        const regex = new RegExp(searchPattern.trim(), 'i');
+        const User = mongoose.models.User;
+        const query = User.find({
+            $or: [{ email: regex }, { name: regex }, { username: regex }],
+        }).limit(limit * 2); // Get more results to allow for relevance sorting
+        if (fieldsToSelect) {
+            query.select(fieldsToSelect);
+        }
+        const users = await query.lean();
+        // Score results by relevance
+        const exactRegex = new RegExp(`^${searchPattern.trim()}$`, 'i');
+        const startsWithPattern = searchPattern.trim().toLowerCase();
+        const scoredUsers = users.map((user) => {
+            const searchableFields = [user.name, user.email, user.username].filter(Boolean);
+            let maxScore = 0;
+            for (const field of searchableFields) {
+                const fieldLower = field.toLowerCase();
+                let score = 0;
+                // Exact match gets highest score
+                if (exactRegex.test(field)) {
+                    score = 100;
+                }
+                // Starts with query gets high score
+                else if (fieldLower.startsWith(startsWithPattern)) {
+                    score = 80;
+                }
+                // Contains query gets medium score
+                else if (fieldLower.includes(startsWithPattern)) {
+                    score = 50;
+                }
+                // Default score for regex match
+                else {
+                    score = 10;
+                }
+                maxScore = Math.max(maxScore, score);
+            }
+            return { ...user, _searchScore: maxScore };
+        });
+        /** Top results sorted by relevance */
+        return scoredUsers
+            .sort((a, b) => b._searchScore - a._searchScore)
+            .slice(0, limit)
+            .map((user) => {
+            // Remove the search score from final results
+            // eslint-disable-next-line @typescript-eslint/no-unused-vars
+            const { _searchScore, ...userWithoutScore } = user;
+            return userWithoutScore;
+        });
+    };
+    return {
+        findUser,
+        countUsers,
+        createUser,
+        updateUser,
+        searchUsers,
+        getUserById,
+        generateToken,
+        deleteUserById,
+        toggleUserMemories,
+    };
+}
+
 /**
- * Truncates long string values in JSON log objects.
- * Prevents outputting extremely long values (e.g., base64, blobs).
+ * Formats a date in YYYY-MM-DD format
  */
-const jsonTruncateFormat = winston__default.default.format((info) => {
-    const truncateLongStrings = (str, maxLength) => str.length > maxLength ? str.substring(0, maxLength) + '...' : str;
-    const seen = new WeakSet();
-    const truncateObject = (obj) => {
-        if (typeof obj !== 'object' || obj === null) {
-            return obj;
+const formatDate = (date) => {
+    return date.toISOString().split('T')[0];
+};
+// Factory function that takes mongoose instance and returns the methods
+function createMemoryMethods(mongoose) {
+    /**
+     * Creates a new memory entry for a user
+     * Throws an error if a memory with the same key already exists
+     */
+    async function createMemory({ userId, key, value, tokenCount = 0, }) {
+        try {
+            if ((key === null || key === void 0 ? void 0 : key.toLowerCase()) === 'nothing') {
+                return { ok: false };
+            }
+            const MemoryEntry = mongoose.models.MemoryEntry;
+            const existingMemory = await MemoryEntry.findOne({ userId, key });
+            if (existingMemory) {
+                throw new Error('Memory with this key already exists');
+            }
+            await MemoryEntry.create({
+                userId,
+                key,
+                value,
+                tokenCount,
+                updated_at: new Date(),
+            });
+            return { ok: true };
+        }
+        catch (error) {
+            throw new Error(`Failed to create memory: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Sets or updates a memory entry for a user
+     */
+    async function setMemory({ userId, key, value, tokenCount = 0, }) {
+        try {
+            if ((key === null || key === void 0 ? void 0 : key.toLowerCase()) === 'nothing') {
+                return { ok: false };
+            }
+            const MemoryEntry = mongoose.models.MemoryEntry;
+            await MemoryEntry.findOneAndUpdate({ userId, key }, {
+                value,
+                tokenCount,
+                updated_at: new Date(),
+            }, {
+                upsert: true,
+                new: true,
+            });
+            return { ok: true };
+        }
+        catch (error) {
+            throw new Error(`Failed to set memory: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Deletes a specific memory entry for a user
+     */
+    async function deleteMemory({ userId, key }) {
+        try {
+            const MemoryEntry = mongoose.models.MemoryEntry;
+            const result = await MemoryEntry.findOneAndDelete({ userId, key });
+            return { ok: !!result };
+        }
+        catch (error) {
+            throw new Error(`Failed to delete memory: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Gets all memory entries for a user
+     */
+    async function getAllUserMemories(userId) {
+        try {
+            const MemoryEntry = mongoose.models.MemoryEntry;
+            return (await MemoryEntry.find({ userId }).lean());
+        }
+        catch (error) {
+            throw new Error(`Failed to get all memories: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Gets and formats all memories for a user in two different formats
+     */
+    async function getFormattedMemories({ userId, }) {
+        try {
+            const memories = await getAllUserMemories(userId);
+            if (!memories || memories.length === 0) {
+                return { withKeys: '', withoutKeys: '', totalTokens: 0 };
+            }
+            const sortedMemories = memories.sort((a, b) => new Date(a.updated_at).getTime() - new Date(b.updated_at).getTime());
+            const totalTokens = sortedMemories.reduce((sum, memory) => {
+                return sum + (memory.tokenCount || 0);
+            }, 0);
+            const withKeys = sortedMemories
+                .map((memory, index) => {
+                const date = formatDate(new Date(memory.updated_at));
+                const tokenInfo = memory.tokenCount ? ` [${memory.tokenCount} tokens]` : '';
+                return `${index + 1}. [${date}]. ["key": "${memory.key}"]${tokenInfo}. ["value": "${memory.value}"]`;
+            })
+                .join('\n\n');
+            const withoutKeys = sortedMemories
+                .map((memory, index) => {
+                const date = formatDate(new Date(memory.updated_at));
+                return `${index + 1}. [${date}]. ${memory.value}`;
+            })
+                .join('\n\n');
+            return { withKeys, withoutKeys, totalTokens };
+        }
+        catch (error) {
+            logger$1.error('Failed to get formatted memories:', error);
+            return { withKeys: '', withoutKeys: '', totalTokens: 0 };
+        }
+    }
+    return {
+        setMemory,
+        createMemory,
+        deleteMemory,
+        getAllUserMemories,
+        getFormattedMemories,
+    };
+}
+
+function createAgentCategoryMethods(mongoose) {
+    /**
+     * Get all active categories sorted by order
+     * @returns Array of active categories
+     */
+    async function getActiveCategories() {
+        const AgentCategory = mongoose.models.AgentCategory;
+        return await AgentCategory.find({ isActive: true }).sort({ order: 1, label: 1 }).lean();
+    }
+    /**
+     * Get categories with agent counts
+     * @returns Categories with agent counts
+     */
+    async function getCategoriesWithCounts() {
+        const Agent = mongoose.models.Agent;
+        const categoryCounts = await Agent.aggregate([
+            { $match: { category: { $exists: true, $ne: null } } },
+            { $group: { _id: '$category', count: { $sum: 1 } } },
+        ]);
+        const countMap = new Map(categoryCounts.map((c) => [c._id, c.count]));
+        const categories = await getActiveCategories();
+        return categories.map((category) => ({
+            ...category,
+            agentCount: countMap.get(category.value) || 0,
+        }));
+    }
+    /**
+     * Get valid category values for Agent model validation
+     * @returns Array of valid category values
+     */
+    async function getValidCategoryValues() {
+        const AgentCategory = mongoose.models.AgentCategory;
+        return await AgentCategory.find({ isActive: true }).distinct('value').lean();
+    }
+    /**
+     * Seed initial categories from existing constants
+     * @param categories - Array of category data to seed
+     * @returns Bulk write result
+     */
+    async function seedCategories(categories) {
+        const AgentCategory = mongoose.models.AgentCategory;
+        const operations = categories.map((category, index) => ({
+            updateOne: {
+                filter: { value: category.value },
+                update: {
+                    $setOnInsert: {
+                        value: category.value,
+                        label: category.label || category.value,
+                        description: category.description || '',
+                        order: category.order || index,
+                        isActive: true,
+                    },
+                },
+                upsert: true,
+            },
+        }));
+        return await AgentCategory.bulkWrite(operations);
+    }
+    /**
+     * Find a category by value
+     * @param value - The category value to search for
+     * @returns The category document or null
+     */
+    async function findCategoryByValue(value) {
+        const AgentCategory = mongoose.models.AgentCategory;
+        return await AgentCategory.findOne({ value }).lean();
+    }
+    /**
+     * Create a new category
+     * @param categoryData - The category data to create
+     * @returns The created category
+     */
+    async function createCategory(categoryData) {
+        const AgentCategory = mongoose.models.AgentCategory;
+        const category = await AgentCategory.create(categoryData);
+        return category.toObject();
+    }
+    /**
+     * Update a category by value
+     * @param value - The category value to update
+     * @param updateData - The data to update
+     * @returns The updated category or null
+     */
+    async function updateCategory(value, updateData) {
+        const AgentCategory = mongoose.models.AgentCategory;
+        return await AgentCategory.findOneAndUpdate({ value }, { $set: updateData }, { new: true, runValidators: true }).lean();
+    }
+    /**
+     * Delete a category by value
+     * @param value - The category value to delete
+     * @returns Whether the deletion was successful
+     */
+    async function deleteCategory(value) {
+        const AgentCategory = mongoose.models.AgentCategory;
+        const result = await AgentCategory.deleteOne({ value });
+        return result.deletedCount > 0;
+    }
+    /**
+     * Find a category by ID
+     * @param id - The category ID to search for
+     * @returns The category document or null
+     */
+    async function findCategoryById(id) {
+        const AgentCategory = mongoose.models.AgentCategory;
+        return await AgentCategory.findById(id).lean();
+    }
+    /**
+     * Get all categories (active and inactive)
+     * @returns Array of all categories
+     */
+    async function getAllCategories() {
+        const AgentCategory = mongoose.models.AgentCategory;
+        return await AgentCategory.find({}).sort({ order: 1, label: 1 }).lean();
+    }
+    /**
+     * Ensure default categories exist, seed them if none are present
+     * @returns Promise<boolean> - true if categories were seeded, false if they already existed
+     */
+    async function ensureDefaultCategories() {
+        const existingCategories = await getAllCategories();
+        if (existingCategories.length > 0) {
+            return false; // Categories already exist
+        }
+        const defaultCategories = [
+            {
+                value: 'general',
+                label: 'General',
+                description: 'General purpose agents for common tasks and inquiries',
+                order: 0,
+            },
+            {
+                value: 'hr',
+                label: 'Human Resources',
+                description: 'Agents specialized in HR processes, policies, and employee support',
+                order: 1,
+            },
+            {
+                value: 'rd',
+                label: 'Research & Development',
+                description: 'Agents focused on R&D processes, innovation, and technical research',
+                order: 2,
+            },
+            {
+                value: 'finance',
+                label: 'Finance',
+                description: 'Agents specialized in financial analysis, budgeting, and accounting',
+                order: 3,
+            },
+            {
+                value: 'it',
+                label: 'IT',
+                description: 'Agents for IT support, technical troubleshooting, and system administration',
+                order: 4,
+            },
+            {
+                value: 'sales',
+                label: 'Sales',
+                description: 'Agents focused on sales processes, customer relations.',
+                order: 5,
+            },
+            {
+                value: 'aftersales',
+                label: 'After Sales',
+                description: 'Agents specialized in post-sale support, maintenance, and customer service',
+                order: 6,
+            },
+        ];
+        await seedCategories(defaultCategories);
+        return true; // Categories were seeded
+    }
+    return {
+        getActiveCategories,
+        getCategoriesWithCounts,
+        getValidCategoryValues,
+        seedCategories,
+        findCategoryByValue,
+        createCategory,
+        updateCategory,
+        deleteCategory,
+        findCategoryById,
+        getAllCategories,
+        ensureDefaultCategories,
+    };
+}
+
+// Factory function that takes mongoose instance and returns the methods
+function createPluginAuthMethods(mongoose) {
+    /**
+     * Finds a single plugin auth entry by userId and authField (and optionally pluginKey)
+     */
+    async function findOnePluginAuth({ userId, authField, pluginKey, }) {
+        try {
+            const PluginAuth = mongoose.models.PluginAuth;
+            return await PluginAuth.findOne({
+                userId,
+                authField,
+                ...(pluginKey && { pluginKey }),
+            }).lean();
         }
-        // Handle circular references - now with proper object type
-        if (seen.has(obj)) {
-            return '[Circular]';
+        catch (error) {
+            throw new Error(`Failed to find plugin auth: ${error instanceof Error ? error.message : 'Unknown error'}`);
         }
-        seen.add(obj);
-        if (Array.isArray(obj)) {
-            return obj.map((item) => truncateObject(item));
+    }
+    /**
+     * Finds multiple plugin auth entries by userId and pluginKeys
+     */
+    async function findPluginAuthsByKeys({ userId, pluginKeys, }) {
+        try {
+            if (!pluginKeys || pluginKeys.length === 0) {
+                return [];
+            }
+            const PluginAuth = mongoose.models.PluginAuth;
+            return await PluginAuth.find({
+                userId,
+                pluginKey: { $in: pluginKeys },
+            }).lean();
         }
-        // We know this is an object at this point
-        const objectRecord = obj;
-        const newObj = {};
-        Object.entries(objectRecord).forEach(([key, value]) => {
-            if (typeof value === 'string') {
-                newObj[key] = truncateLongStrings(value, CONSOLE_JSON_STRING_LENGTH);
+        catch (error) {
+            throw new Error(`Failed to find plugin auths: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Updates or creates a plugin auth entry
+     */
+    async function updatePluginAuth({ userId, authField, pluginKey, value, }) {
+        try {
+            const PluginAuth = mongoose.models.PluginAuth;
+            const existingAuth = await PluginAuth.findOne({ userId, pluginKey, authField }).lean();
+            if (existingAuth) {
+                return await PluginAuth.findOneAndUpdate({ userId, pluginKey, authField }, { $set: { value } }, { new: true, upsert: true }).lean();
             }
             else {
-                newObj[key] = truncateObject(value);
+                const newPluginAuth = await new PluginAuth({
+                    userId,
+                    authField,
+                    value,
+                    pluginKey,
+                });
+                await newPluginAuth.save();
+                return newPluginAuth.toObject();
             }
-        });
-        return newObj;
+        }
+        catch (error) {
+            throw new Error(`Failed to update plugin auth: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Deletes plugin auth entries based on provided parameters
+     */
+    async function deletePluginAuth({ userId, authField, pluginKey, all = false, }) {
+        try {
+            const PluginAuth = mongoose.models.PluginAuth;
+            if (all) {
+                const filter = { userId };
+                if (pluginKey) {
+                    filter.pluginKey = pluginKey;
+                }
+                return await PluginAuth.deleteMany(filter);
+            }
+            if (!authField) {
+                throw new Error('authField is required when all is false');
+            }
+            return await PluginAuth.deleteOne({ userId, authField });
+        }
+        catch (error) {
+            throw new Error(`Failed to delete plugin auth: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Deletes all plugin auth entries for a user
+     */
+    async function deleteAllUserPluginAuths(userId) {
+        try {
+            const PluginAuth = mongoose.models.PluginAuth;
+            return await PluginAuth.deleteMany({ userId });
+        }
+        catch (error) {
+            throw new Error(`Failed to delete all user plugin auths: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    return {
+        findOnePluginAuth,
+        findPluginAuthsByKeys,
+        updatePluginAuth,
+        deletePluginAuth,
+        deleteAllUserPluginAuths,
     };
-    return truncateObject(info);
-});
-
-const logDir = getLogDirectory();
-const { NODE_ENV, DEBUG_LOGGING, CONSOLE_JSON, DEBUG_CONSOLE } = process.env;
-const useConsoleJson = typeof CONSOLE_JSON === 'string' && CONSOLE_JSON.toLowerCase() === 'true';
-const useDebugConsole = typeof DEBUG_CONSOLE === 'string' && DEBUG_CONSOLE.toLowerCase() === 'true';
-const useDebugLogging = typeof DEBUG_LOGGING === 'string' && DEBUG_LOGGING.toLowerCase() === 'true';
-const levels = {
-    error: 0,
-    warn: 1,
-    info: 2,
-    http: 3,
-    verbose: 4,
-    debug: 5,
-    activity: 6,
-    silly: 7,
-};
-winston__default.default.addColors({
-    info: 'green',
-    warn: 'italic yellow',
-    error: 'red',
-    debug: 'blue',
-});
-const level = () => {
-    const env = NODE_ENV || 'development';
-    return env === 'development' ? 'debug' : 'warn';
-};
-const fileFormat = winston__default.default.format.combine(redactFormat(), winston__default.default.format.timestamp({ format: () => new Date().toISOString() }), winston__default.default.format.errors({ stack: true }), winston__default.default.format.splat());
-const transports = [
-    new winston__default.default.transports.DailyRotateFile({
-        level: 'error',
-        filename: `${logDir}/error-%DATE%.log`,
-        datePattern: 'YYYY-MM-DD',
-        zippedArchive: true,
-        maxSize: '20m',
-        maxFiles: '14d',
-        format: fileFormat,
-    }),
-];
-if (useDebugLogging) {
-    transports.push(new winston__default.default.transports.DailyRotateFile({
-        level: 'debug',
-        filename: `${logDir}/debug-%DATE%.log`,
-        datePattern: 'YYYY-MM-DD',
-        zippedArchive: true,
-        maxSize: '20m',
-        maxFiles: '14d',
-        format: winston__default.default.format.combine(fileFormat, debugTraverse),
-    }));
-}
-const consoleFormat = winston__default.default.format.combine(redactFormat(), winston__default.default.format.colorize({ all: true }), winston__default.default.format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), winston__default.default.format.printf((info) => {
-    const message = `${info.timestamp} ${info.level}: ${info.message}`;
-    return info.level.includes('error') ? redactMessage(message) : message;
-}));
-let consoleLogLevel = 'info';
-if (useDebugConsole) {
-    consoleLogLevel = 'debug';
-}
-// Add console transport
-if (useDebugConsole) {
-    transports.push(new winston__default.default.transports.Console({
-        level: consoleLogLevel,
-        format: useConsoleJson
-            ? winston__default.default.format.combine(fileFormat, jsonTruncateFormat(), winston__default.default.format.json())
-            : winston__default.default.format.combine(fileFormat, debugTraverse),
-    }));
-}
-else if (useConsoleJson) {
-    transports.push(new winston__default.default.transports.Console({
-        level: consoleLogLevel,
-        format: winston__default.default.format.combine(fileFormat, jsonTruncateFormat(), winston__default.default.format.json()),
-    }));
-}
-else {
-    transports.push(new winston__default.default.transports.Console({
-        level: consoleLogLevel,
-        format: consoleFormat,
-    }));
 }
-// Create logger
-const logger = winston__default.default.createLogger({
-    level: level(),
-    levels,
-    transports,
-});
 
-var _a;
-class SessionError extends Error {
-    constructor(message, code = 'SESSION_ERROR') {
-        super(message);
-        this.name = 'SessionError';
-        this.code = code;
+function createAccessRoleMethods(mongoose) {
+    /**
+     * Find an access role by its ID
+     * @param roleId - The role ID
+     * @returns The role document or null if not found
+     */
+    async function findRoleById(roleId) {
+        const AccessRole = mongoose.models.AccessRole;
+        return await AccessRole.findById(roleId).lean();
+    }
+    /**
+     * Find an access role by its unique identifier
+     * @param accessRoleId - The unique identifier (e.g., "agent_viewer")
+     * @returns The role document or null if not found
+     */
+    async function findRoleByIdentifier(accessRoleId) {
+        const AccessRole = mongoose.models.AccessRole;
+        return await AccessRole.findOne({ accessRoleId }).lean();
+    }
+    /**
+     * Find all access roles for a specific resource type
+     * @param resourceType - The type of resource ('agent', 'project', 'file')
+     * @returns Array of role documents
+     */
+    async function findRolesByResourceType(resourceType) {
+        const AccessRole = mongoose.models.AccessRole;
+        return await AccessRole.find({ resourceType }).lean();
+    }
+    /**
+     * Find an access role by resource type and permission bits
+     * @param resourceType - The type of resource
+     * @param permBits - The permission bits (use PermissionBits or RoleBits enum)
+     * @returns The role document or null if not found
+     */
+    async function findRoleByPermissions(resourceType, permBits) {
+        const AccessRole = mongoose.models.AccessRole;
+        return await AccessRole.findOne({ resourceType, permBits }).lean();
+    }
+    /**
+     * Create a new access role
+     * @param roleData - Role data (accessRoleId, name, description, resourceType, permBits)
+     * @returns The created role document
+     */
+    async function createRole(roleData) {
+        const AccessRole = mongoose.models.AccessRole;
+        return await AccessRole.create(roleData);
+    }
+    /**
+     * Update an existing access role
+     * @param accessRoleId - The unique identifier of the role to update
+     * @param updateData - Data to update
+     * @returns The updated role document or null if not found
+     */
+    async function updateRole(accessRoleId, updateData) {
+        const AccessRole = mongoose.models.AccessRole;
+        return await AccessRole.findOneAndUpdate({ accessRoleId }, { $set: updateData }, { new: true }).lean();
+    }
+    /**
+     * Delete an access role
+     * @param accessRoleId - The unique identifier of the role to delete
+     * @returns The result of the delete operation
+     */
+    async function deleteRole(accessRoleId) {
+        const AccessRole = mongoose.models.AccessRole;
+        return await AccessRole.deleteOne({ accessRoleId });
+    }
+    /**
+     * Get all predefined roles
+     * @returns Array of all role documents
+     */
+    async function getAllRoles() {
+        const AccessRole = mongoose.models.AccessRole;
+        return await AccessRole.find().lean();
+    }
+    /**
+     * Seed default roles if they don't exist
+     * @returns Object containing created roles
+     */
+    async function seedDefaultRoles() {
+        const AccessRole = mongoose.models.AccessRole;
+        const defaultRoles = [
+            {
+                accessRoleId: librechatDataProvider.AccessRoleIds.AGENT_VIEWER,
+                name: 'com_ui_role_viewer',
+                description: 'com_ui_role_viewer_desc',
+                resourceType: librechatDataProvider.ResourceType.AGENT,
+                permBits: exports.RoleBits.VIEWER,
+            },
+            {
+                accessRoleId: librechatDataProvider.AccessRoleIds.AGENT_EDITOR,
+                name: 'com_ui_role_editor',
+                description: 'com_ui_role_editor_desc',
+                resourceType: librechatDataProvider.ResourceType.AGENT,
+                permBits: exports.RoleBits.EDITOR,
+            },
+            {
+                accessRoleId: librechatDataProvider.AccessRoleIds.AGENT_OWNER,
+                name: 'com_ui_role_owner',
+                description: 'com_ui_role_owner_desc',
+                resourceType: librechatDataProvider.ResourceType.AGENT,
+                permBits: exports.RoleBits.OWNER,
+            },
+            {
+                accessRoleId: librechatDataProvider.AccessRoleIds.PROMPTGROUP_VIEWER,
+                name: 'com_ui_role_viewer',
+                description: 'com_ui_role_viewer_desc',
+                resourceType: librechatDataProvider.ResourceType.PROMPTGROUP,
+                permBits: exports.RoleBits.VIEWER,
+            },
+            {
+                accessRoleId: librechatDataProvider.AccessRoleIds.PROMPTGROUP_EDITOR,
+                name: 'com_ui_role_editor',
+                description: 'com_ui_role_editor_desc',
+                resourceType: librechatDataProvider.ResourceType.PROMPTGROUP,
+                permBits: exports.RoleBits.EDITOR,
+            },
+            {
+                accessRoleId: librechatDataProvider.AccessRoleIds.PROMPTGROUP_OWNER,
+                name: 'com_ui_role_owner',
+                description: 'com_ui_role_owner_desc',
+                resourceType: librechatDataProvider.ResourceType.PROMPTGROUP,
+                permBits: exports.RoleBits.OWNER,
+            },
+        ];
+        const result = {};
+        for (const role of defaultRoles) {
+            const upsertedRole = await AccessRole.findOneAndUpdate({ accessRoleId: role.accessRoleId }, { $setOnInsert: role }, { upsert: true, new: true }).lean();
+            result[role.accessRoleId] = upsertedRole;
+        }
+        return result;
+    }
+    /**
+     * Helper to get the appropriate role for a set of permissions
+     * @param resourceType - The type of resource
+     * @param permBits - The permission bits
+     * @returns The matching role or null if none found
+     */
+    async function getRoleForPermissions(resourceType, permBits) {
+        const AccessRole = mongoose.models.AccessRole;
+        const exactMatch = await AccessRole.findOne({ resourceType, permBits }).lean();
+        if (exactMatch) {
+            return exactMatch;
+        }
+        /** If no exact match, the closest role without exceeding permissions */
+        const roles = await AccessRole.find({ resourceType }).sort({ permBits: -1 }).lean();
+        return roles.find((role) => (role.permBits & permBits) === role.permBits) || null;
     }
+    return {
+        createRole,
+        updateRole,
+        deleteRole,
+        getAllRoles,
+        findRoleById,
+        seedDefaultRoles,
+        findRoleByIdentifier,
+        getRoleForPermissions,
+        findRoleByPermissions,
+        findRolesByResourceType,
+    };
 }
-const { REFRESH_TOKEN_EXPIRY } = (_a = process.env) !== null && _a !== void 0 ? _a : {};
-const expires = REFRESH_TOKEN_EXPIRY ? eval(REFRESH_TOKEN_EXPIRY) : 1000 * 60 * 60 * 24 * 7; // 7 days default
-// Factory function that takes mongoose instance and returns the methods
-function createSessionMethods(mongoose) {
+
+function createUserGroupMethods(mongoose$1) {
+    /**
+     * Find a group by its ID
+     * @param groupId - The group ID
+     * @param projection - Optional projection of fields to return
+     * @param session - Optional MongoDB session for transactions
+     * @returns The group document or null if not found
+     */
+    async function findGroupById(groupId, projection = {}, session) {
+        const Group = mongoose$1.models.Group;
+        const query = Group.findOne({ _id: groupId }, projection);
+        if (session) {
+            query.session(session);
+        }
+        return await query.lean();
+    }
+    /**
+     * Find a group by its external ID (e.g., Entra ID)
+     * @param idOnTheSource - The external ID
+     * @param source - The source ('entra' or 'local')
+     * @param projection - Optional projection of fields to return
+     * @param session - Optional MongoDB session for transactions
+     * @returns The group document or null if not found
+     */
+    async function findGroupByExternalId(idOnTheSource, source = 'entra', projection = {}, session) {
+        const Group = mongoose$1.models.Group;
+        const query = Group.findOne({ idOnTheSource, source }, projection);
+        if (session) {
+            query.session(session);
+        }
+        return await query.lean();
+    }
+    /**
+     * Find groups by name pattern (case-insensitive partial match)
+     * @param namePattern - The name pattern to search for
+     * @param source - Optional source filter ('entra', 'local', or null for all)
+     * @param limit - Maximum number of results to return
+     * @param session - Optional MongoDB session for transactions
+     * @returns Array of matching groups
+     */
+    async function findGroupsByNamePattern(namePattern, source = null, limit = 20, session) {
+        const Group = mongoose$1.models.Group;
+        const regex = new RegExp(namePattern, 'i');
+        const query = {
+            $or: [{ name: regex }, { email: regex }, { description: regex }],
+        };
+        if (source) {
+            query.source = source;
+        }
+        const dbQuery = Group.find(query).limit(limit);
+        if (session) {
+            dbQuery.session(session);
+        }
+        return await dbQuery.lean();
+    }
+    /**
+     * Find all groups a user is a member of by their ID or idOnTheSource
+     * @param userId - The user ID
+     * @param session - Optional MongoDB session for transactions
+     * @returns Array of groups the user is a member of
+     */
+    async function findGroupsByMemberId(userId, session) {
+        const User = mongoose$1.models.User;
+        const Group = mongoose$1.models.Group;
+        const userQuery = User.findById(userId, 'idOnTheSource');
+        if (session) {
+            userQuery.session(session);
+        }
+        const user = (await userQuery.lean());
+        if (!user) {
+            return [];
+        }
+        const userIdOnTheSource = user.idOnTheSource || userId.toString();
+        const query = Group.find({ memberIds: userIdOnTheSource });
+        if (session) {
+            query.session(session);
+        }
+        return await query.lean();
+    }
+    /**
+     * Create a new group
+     * @param groupData - Group data including name, source, and optional idOnTheSource
+     * @param session - Optional MongoDB session for transactions
+     * @returns The created group
+     */
+    async function createGroup(groupData, session) {
+        const Group = mongoose$1.models.Group;
+        const options = session ? { session } : {};
+        return await Group.create([groupData], options).then((groups) => groups[0]);
+    }
+    /**
+     * Update or create a group by external ID
+     * @param idOnTheSource - The external ID
+     * @param source - The source ('entra' or 'local')
+     * @param updateData - Data to update or set if creating
+     * @param session - Optional MongoDB session for transactions
+     * @returns The updated or created group
+     */
+    async function upsertGroupByExternalId(idOnTheSource, source, updateData, session) {
+        const Group = mongoose$1.models.Group;
+        const options = {
+            new: true,
+            upsert: true,
+            ...(session ? { session } : {}),
+        };
+        return await Group.findOneAndUpdate({ idOnTheSource, source }, { $set: updateData }, options);
+    }
+    /**
+     * Add a user to a group
+     * Only updates Group.memberIds (one-way relationship)
+     * Note: memberIds stores idOnTheSource values, not ObjectIds
+     *
+     * @param userId - The user ID
+     * @param groupId - The group ID to add
+     * @param session - Optional MongoDB session for transactions
+     * @returns The user and updated group documents
+     */
+    async function addUserToGroup(userId, groupId, session) {
+        const User = mongoose$1.models.User;
+        const Group = mongoose$1.models.Group;
+        const options = { new: true, ...(session ? { session } : {}) };
+        const user = (await User.findById(userId, 'idOnTheSource', options).lean());
+        if (!user) {
+            throw new Error(`User not found: ${userId}`);
+        }
+        const userIdOnTheSource = user.idOnTheSource || userId.toString();
+        const updatedGroup = await Group.findByIdAndUpdate(groupId, { $addToSet: { memberIds: userIdOnTheSource } }, options).lean();
+        return { user: user, group: updatedGroup };
+    }
+    /**
+     * Remove a user from a group
+     * Only updates Group.memberIds (one-way relationship)
+     * Note: memberIds stores idOnTheSource values, not ObjectIds
+     *
+     * @param userId - The user ID
+     * @param groupId - The group ID to remove
+     * @param session - Optional MongoDB session for transactions
+     * @returns The user and updated group documents
+     */
+    async function removeUserFromGroup(userId, groupId, session) {
+        const User = mongoose$1.models.User;
+        const Group = mongoose$1.models.Group;
+        const options = { new: true, ...(session ? { session } : {}) };
+        const user = (await User.findById(userId, 'idOnTheSource', options).lean());
+        if (!user) {
+            throw new Error(`User not found: ${userId}`);
+        }
+        const userIdOnTheSource = user.idOnTheSource || userId.toString();
+        const updatedGroup = await Group.findByIdAndUpdate(groupId, { $pull: { memberIds: userIdOnTheSource } }, options).lean();
+        return { user: user, group: updatedGroup };
+    }
     /**
-     * Creates a new session for a user
+     * Get all groups a user is a member of
+     * @param userId - The user ID
+     * @param session - Optional MongoDB session for transactions
+     * @returns Array of group documents
      */
-    async function createSession(userId, options = {}) {
-        if (!userId) {
-            throw new SessionError('User ID is required', 'INVALID_USER_ID');
+    async function getUserGroups(userId, session) {
+        return await findGroupsByMemberId(userId, session);
+    }
+    /**
+     * Get a list of all principal identifiers for a user (user ID + group IDs + public)
+     * For use in permission checks
+     * @param params - Parameters object
+     * @param params.userId - The user ID
+     * @param params.role - Optional user role (if not provided, will query from DB)
+     * @param session - Optional MongoDB session for transactions
+     * @returns Array of principal objects with type and id
+     */
+    async function getUserPrincipals(params, session) {
+        const { userId, role } = params;
+        /** `userId` must be an `ObjectId` for USER principal since ACL entries store `ObjectId`s */
+        const userObjectId = typeof userId === 'string' ? new mongoose.Types.ObjectId(userId) : userId;
+        const principals = [
+            { principalType: librechatDataProvider.PrincipalType.USER, principalId: userObjectId },
+        ];
+        // If role is not provided, query user to get it
+        let userRole = role;
+        if (userRole === undefined) {
+            const User = mongoose$1.models.User;
+            const query = User.findById(userId).select('role');
+            if (session) {
+                query.session(session);
+            }
+            const user = await query.lean();
+            userRole = user === null || user === void 0 ? void 0 : user.role;
         }
-        try {
-            const Session = mongoose.models.Session;
-            const currentSession = new Session({
-                user: userId,
-                expiration: options.expiration || new Date(Date.now() + expires),
-            });
-            const refreshToken = await generateRefreshToken(currentSession);
-            return { session: currentSession, refreshToken };
+        // Add role as a principal if user has one
+        if (userRole && userRole.trim()) {
+            principals.push({ principalType: librechatDataProvider.PrincipalType.ROLE, principalId: userRole });
         }
-        catch (error) {
-            logger.error('[createSession] Error creating session:', error);
-            throw new SessionError('Failed to create session', 'CREATE_SESSION_FAILED');
+        const userGroups = await getUserGroups(userId, session);
+        if (userGroups && userGroups.length > 0) {
+            userGroups.forEach((group) => {
+                principals.push({ principalType: librechatDataProvider.PrincipalType.GROUP, principalId: group._id });
+            });
         }
+        principals.push({ principalType: librechatDataProvider.PrincipalType.PUBLIC });
+        return principals;
     }
     /**
-     * Finds a session by various parameters
+     * Sync a user's Entra ID group memberships
+     * @param userId - The user ID
+     * @param entraGroups - Array of Entra groups with id and name
+     * @param session - Optional MongoDB session for transactions
+     * @returns The updated user with new group memberships
      */
-    async function findSession(params, options = { lean: true }) {
-        try {
-            const Session = mongoose.models.Session;
-            const query = {};
-            if (!params.refreshToken && !params.userId && !params.sessionId) {
-                throw new SessionError('At least one search parameter is required', 'INVALID_SEARCH_PARAMS');
-            }
-            if (params.refreshToken) {
-                const tokenHash = await hashToken(params.refreshToken);
-                query.refreshTokenHash = tokenHash;
-            }
-            if (params.userId) {
-                query.user = params.userId;
+    async function syncUserEntraGroups(userId, entraGroups, session) {
+        var _a;
+        const User = mongoose$1.models.User;
+        const Group = mongoose$1.models.Group;
+        const query = User.findById(userId, { idOnTheSource: 1 });
+        if (session) {
+            query.session(session);
+        }
+        const user = (await query.lean());
+        if (!user) {
+            throw new Error(`User not found: ${userId}`);
+        }
+        /** Get user's idOnTheSource for storing in group.memberIds */
+        const userIdOnTheSource = user.idOnTheSource || userId.toString();
+        const entraIdMap = new Map();
+        const addedGroups = [];
+        const removedGroups = [];
+        for (const entraGroup of entraGroups) {
+            entraIdMap.set(entraGroup.id, true);
+            let group = await findGroupByExternalId(entraGroup.id, 'entra', {}, session);
+            if (!group) {
+                group = await createGroup({
+                    name: entraGroup.name,
+                    description: entraGroup.description,
+                    email: entraGroup.email,
+                    idOnTheSource: entraGroup.id,
+                    source: 'entra',
+                    memberIds: [userIdOnTheSource],
+                }, session);
+                addedGroups.push(group);
             }
-            if (params.sessionId) {
-                const sessionId = typeof params.sessionId === 'object' &&
-                    params.sessionId !== null &&
-                    'sessionId' in params.sessionId
-                    ? params.sessionId.sessionId
-                    : params.sessionId;
-                if (!mongoose.Types.ObjectId.isValid(sessionId)) {
-                    throw new SessionError('Invalid session ID format', 'INVALID_SESSION_ID');
+            else if (!((_a = group.memberIds) === null || _a === void 0 ? void 0 : _a.includes(userIdOnTheSource))) {
+                const { group: updatedGroup } = await addUserToGroup(userId, group._id, session);
+                if (updatedGroup) {
+                    addedGroups.push(updatedGroup);
                 }
-                query._id = sessionId;
-            }
-            // Add expiration check to only return valid sessions
-            query.expiration = { $gt: new Date() };
-            const sessionQuery = Session.findOne(query);
-            if (options.lean) {
-                return (await sessionQuery.lean());
             }
-            return await sessionQuery.exec();
         }
-        catch (error) {
-            logger.error('[findSession] Error finding session:', error);
-            throw new SessionError('Failed to find session', 'FIND_SESSION_FAILED');
+        const groupsQuery = Group.find({ source: 'entra', memberIds: userIdOnTheSource }, { _id: 1, idOnTheSource: 1 });
+        if (session) {
+            groupsQuery.session(session);
         }
-    }
-    /**
-     * Updates session expiration
-     */
-    async function updateExpiration(session, newExpiration) {
-        try {
-            const Session = mongoose.models.Session;
-            const sessionDoc = typeof session === 'string' ? await Session.findById(session) : session;
-            if (!sessionDoc) {
-                throw new SessionError('Session not found', 'SESSION_NOT_FOUND');
+        const existingGroups = (await groupsQuery.lean());
+        for (const group of existingGroups) {
+            if (group.idOnTheSource && !entraIdMap.has(group.idOnTheSource)) {
+                const { group: removedGroup } = await removeUserFromGroup(userId, group._id, session);
+                if (removedGroup) {
+                    removedGroups.push(removedGroup);
+                }
             }
-            sessionDoc.expiration = newExpiration || new Date(Date.now() + expires);
-            return await sessionDoc.save();
         }
-        catch (error) {
-            logger.error('[updateExpiration] Error updating session:', error);
-            throw new SessionError('Failed to update session expiration', 'UPDATE_EXPIRATION_FAILED');
+        const userQuery = User.findById(userId);
+        if (session) {
+            userQuery.session(session);
         }
+        const updatedUser = await userQuery.lean();
+        if (!updatedUser) {
+            throw new Error(`User not found after update: ${userId}`);
+        }
+        return {
+            user: updatedUser,
+            addedGroups,
+            removedGroups,
+        };
     }
     /**
-     * Deletes a session by refresh token or session ID
+     * Calculate relevance score for a search result
+     * @param item - The search result item
+     * @param searchPattern - The search pattern
+     * @returns Relevance score (0-100)
      */
-    async function deleteSession(params) {
-        try {
-            const Session = mongoose.models.Session;
-            if (!params.refreshToken && !params.sessionId) {
-                throw new SessionError('Either refreshToken or sessionId is required', 'INVALID_DELETE_PARAMS');
+    function calculateRelevanceScore(item, searchPattern) {
+        const exactRegex = new RegExp(`^${searchPattern}$`, 'i');
+        const startsWithPattern = searchPattern.toLowerCase();
+        /** Get searchable text based on type */
+        const searchableFields = item.type === librechatDataProvider.PrincipalType.USER
+            ? [item.name, item.email, item.username].filter(Boolean)
+            : [item.name, item.email, item.description].filter(Boolean);
+        let maxScore = 0;
+        for (const field of searchableFields) {
+            if (!field)
+                continue;
+            const fieldLower = field.toLowerCase();
+            let score = 0;
+            /** Exact match gets highest score */
+            if (exactRegex.test(field)) {
+                score = 100;
             }
-            const query = {};
-            if (params.refreshToken) {
-                query.refreshTokenHash = await hashToken(params.refreshToken);
+            else if (fieldLower.startsWith(startsWithPattern)) {
+                /** Starts with query gets high score */
+                score = 80;
             }
-            if (params.sessionId) {
-                query._id = params.sessionId;
+            else if (fieldLower.includes(startsWithPattern)) {
+                /** Contains query gets medium score */
+                score = 50;
             }
-            const result = await Session.deleteOne(query);
-            if (result.deletedCount === 0) {
-                logger.warn('[deleteSession] No session found to delete');
+            else {
+                /** Default score for regex match */
+                score = 10;
             }
-            return result;
-        }
-        catch (error) {
-            logger.error('[deleteSession] Error deleting session:', error);
-            throw new SessionError('Failed to delete session', 'DELETE_SESSION_FAILED');
+            maxScore = Math.max(maxScore, score);
         }
+        return maxScore;
     }
     /**
-     * Deletes all sessions for a user
+     * Sort principals by relevance score and type priority
+     * @param results - Array of results with _searchScore property
+     * @returns Sorted array
      */
-    async function deleteAllUserSessions(userId, options = {}) {
-        try {
-            const Session = mongoose.models.Session;
-            if (!userId) {
-                throw new SessionError('User ID is required', 'INVALID_USER_ID');
-            }
-            const userIdString = typeof userId === 'object' && userId !== null ? userId.userId : userId;
-            if (!mongoose.Types.ObjectId.isValid(userIdString)) {
-                throw new SessionError('Invalid user ID format', 'INVALID_USER_ID_FORMAT');
-            }
-            const query = { user: userIdString };
-            if (options.excludeCurrentSession && options.currentSessionId) {
-                query._id = { $ne: options.currentSessionId };
+    function sortPrincipalsByRelevance(results) {
+        return results.sort((a, b) => {
+            if (b._searchScore !== a._searchScore) {
+                return (b._searchScore || 0) - (a._searchScore || 0);
             }
-            const result = await Session.deleteMany(query);
-            if (result.deletedCount && result.deletedCount > 0) {
-                logger.debug(`[deleteAllUserSessions] Deleted ${result.deletedCount} sessions for user ${userIdString}.`);
+            if (a.type !== b.type) {
+                return a.type === librechatDataProvider.PrincipalType.USER ? -1 : 1;
             }
-            return result;
-        }
-        catch (error) {
-            logger.error('[deleteAllUserSessions] Error deleting user sessions:', error);
-            throw new SessionError('Failed to delete user sessions', 'DELETE_ALL_SESSIONS_FAILED');
-        }
+            const aName = a.name || a.email || '';
+            const bName = b.name || b.email || '';
+            return aName.localeCompare(bName);
+        });
     }
     /**
-     * Generates a refresh token for a session
+     * Transform user object to TPrincipalSearchResult format
+     * @param user - User object from database
+     * @returns Transformed user result
      */
-    async function generateRefreshToken(session) {
-        if (!session || !session.user) {
-            throw new SessionError('Invalid session object', 'INVALID_SESSION');
+    function transformUserToTPrincipalSearchResult(user) {
+        return {
+            id: user.id,
+            type: librechatDataProvider.PrincipalType.USER,
+            name: user.name || user.email,
+            email: user.email,
+            username: user.username,
+            avatar: user.avatar,
+            provider: user.provider,
+            source: 'local',
+            idOnTheSource: user.idOnTheSource || user.id,
+        };
+    }
+    /**
+     * Transform group object to TPrincipalSearchResult format
+     * @param group - Group object from database
+     * @returns Transformed group result
+     */
+    function transformGroupToTPrincipalSearchResult(group) {
+        var _a, _b;
+        return {
+            id: (_a = group._id) === null || _a === void 0 ? void 0 : _a.toString(),
+            type: librechatDataProvider.PrincipalType.GROUP,
+            name: group.name,
+            email: group.email,
+            avatar: group.avatar,
+            description: group.description,
+            source: group.source || 'local',
+            memberCount: group.memberIds ? group.memberIds.length : 0,
+            idOnTheSource: group.idOnTheSource || ((_b = group._id) === null || _b === void 0 ? void 0 : _b.toString()),
+        };
+    }
+    /**
+     * Search for principals (users and groups) by pattern matching on name/email
+     * Returns combined results in TPrincipalSearchResult format without sorting
+     * @param searchPattern - The pattern to search for
+     * @param limitPerType - Maximum number of results to return
+     * @param typeFilter - Optional array of types to filter by, or null for all types
+     * @param session - Optional MongoDB session for transactions
+     * @returns Array of principals in TPrincipalSearchResult format
+     */
+    async function searchPrincipals(searchPattern, limitPerType = 10, typeFilter = null, session) {
+        if (!searchPattern || searchPattern.trim().length === 0) {
+            return [];
         }
-        try {
-            const expiresIn = session.expiration ? session.expiration.getTime() : Date.now() + expires;
-            if (!session.expiration) {
-                session.expiration = new Date(expiresIn);
+        const trimmedPattern = searchPattern.trim();
+        const promises = [];
+        if (!typeFilter || typeFilter.includes(librechatDataProvider.PrincipalType.USER)) {
+            /** Note: searchUsers is imported from ~/models and needs to be passed in or implemented */
+            const userFields = 'name email username avatar provider idOnTheSource';
+            /** For now, we'll use a direct query instead of searchUsers */
+            const User = mongoose$1.models.User;
+            const regex = new RegExp(trimmedPattern, 'i');
+            const userQuery = User.find({
+                $or: [{ name: regex }, { email: regex }, { username: regex }],
+            })
+                .select(userFields)
+                .limit(limitPerType);
+            if (session) {
+                userQuery.session(session);
             }
-            const refreshToken = await signPayload({
-                payload: {
-                    id: session.user,
-                    sessionId: session._id,
-                },
-                secret: process.env.JWT_REFRESH_SECRET,
-                expirationTime: Math.floor((expiresIn - Date.now()) / 1000),
-            });
-            session.refreshTokenHash = await hashToken(refreshToken);
-            await session.save();
-            return refreshToken;
+            promises.push(userQuery.lean().then((users) => users.map((user) => {
+                var _a;
+                const userWithId = user;
+                return transformUserToTPrincipalSearchResult({
+                    id: ((_a = userWithId._id) === null || _a === void 0 ? void 0 : _a.toString()) || '',
+                    name: userWithId.name,
+                    email: userWithId.email,
+                    username: userWithId.username,
+                    avatar: userWithId.avatar,
+                    provider: userWithId.provider,
+                });
+            })));
         }
-        catch (error) {
-            logger.error('[generateRefreshToken] Error generating refresh token:', error);
-            throw new SessionError('Failed to generate refresh token', 'GENERATE_TOKEN_FAILED');
+        else {
+            promises.push(Promise.resolve([]));
         }
-    }
-    /**
-     * Counts active sessions for a user
-     */
-    async function countActiveSessions(userId) {
-        try {
-            const Session = mongoose.models.Session;
-            if (!userId) {
-                throw new SessionError('User ID is required', 'INVALID_USER_ID');
+        if (!typeFilter || typeFilter.includes(librechatDataProvider.PrincipalType.GROUP)) {
+            promises.push(findGroupsByNamePattern(trimmedPattern, null, limitPerType, session).then((groups) => groups.map(transformGroupToTPrincipalSearchResult)));
+        }
+        else {
+            promises.push(Promise.resolve([]));
+        }
+        if (!typeFilter || typeFilter.includes(librechatDataProvider.PrincipalType.ROLE)) {
+            const Role = mongoose$1.models.Role;
+            if (Role) {
+                const regex = new RegExp(trimmedPattern, 'i');
+                const roleQuery = Role.find({ name: regex }).select('name').limit(limitPerType);
+                if (session) {
+                    roleQuery.session(session);
+                }
+                promises.push(roleQuery.lean().then((roles) => roles.map((role) => ({
+                    /** Role name as ID */
+                    id: role.name,
+                    type: librechatDataProvider.PrincipalType.ROLE,
+                    name: role.name,
+                    source: 'local',
+                    idOnTheSource: role.name,
+                }))));
             }
-            return await Session.countDocuments({
-                user: userId,
-                expiration: { $gt: new Date() },
-            });
         }
-        catch (error) {
-            logger.error('[countActiveSessions] Error counting active sessions:', error);
-            throw new SessionError('Failed to count active sessions', 'COUNT_SESSIONS_FAILED');
+        else {
+            promises.push(Promise.resolve([]));
         }
+        const results = await Promise.all(promises);
+        const combined = results.flat();
+        return combined;
     }
     return {
-        findSession,
-        SessionError,
-        deleteSession,
-        createSession,
-        updateExpiration,
-        countActiveSessions,
-        generateRefreshToken,
-        deleteAllUserSessions,
+        findGroupById,
+        findGroupByExternalId,
+        findGroupsByNamePattern,
+        findGroupsByMemberId,
+        createGroup,
+        upsertGroupByExternalId,
+        addUserToGroup,
+        removeUserFromGroup,
+        getUserGroups,
+        getUserPrincipals,
+        syncUserEntraGroups,
+        searchPrincipals,
+        calculateRelevanceScore,
+        sortPrincipalsByRelevance,
     };
 }
 
-// Factory function that takes mongoose instance and returns the methods
-function createTokenMethods(mongoose) {
+function createAclEntryMethods(mongoose$1) {
     /**
-     * Creates a new Token instance.
+     * Find ACL entries for a specific principal (user or group)
+     * @param principalType - The type of principal ('user', 'group')
+     * @param principalId - The ID of the principal
+     * @param resourceType - Optional filter by resource type
+     * @returns Array of ACL entries
      */
-    async function createToken(tokenData) {
-        try {
-            const Token = mongoose.models.Token;
-            const currentTime = new Date();
-            const expiresAt = new Date(currentTime.getTime() + tokenData.expiresIn * 1000);
-            const newTokenData = {
-                ...tokenData,
-                createdAt: currentTime,
-                expiresAt,
-            };
-            return await Token.create(newTokenData);
-        }
-        catch (error) {
-            logger.debug('An error occurred while creating token:', error);
-            throw error;
+    async function findEntriesByPrincipal(principalType, principalId, resourceType) {
+        const AclEntry = mongoose$1.models.AclEntry;
+        const query = { principalType, principalId };
+        if (resourceType) {
+            query.resourceType = resourceType;
         }
+        return await AclEntry.find(query).lean();
     }
     /**
-     * Updates a Token document that matches the provided query.
+     * Find ACL entries for a specific resource
+     * @param resourceType - The type of resource ('agent', 'project', 'file')
+     * @param resourceId - The ID of the resource
+     * @returns Array of ACL entries
      */
-    async function updateToken(query, updateData) {
-        try {
-            const Token = mongoose.models.Token;
-            return await Token.findOneAndUpdate(query, updateData, { new: true });
-        }
-        catch (error) {
-            logger.debug('An error occurred while updating token:', error);
-            throw error;
-        }
+    async function findEntriesByResource(resourceType, resourceId) {
+        const AclEntry = mongoose$1.models.AclEntry;
+        return await AclEntry.find({ resourceType, resourceId }).lean();
     }
     /**
-     * Deletes all Token documents that match the provided token, user ID, or email.
+     * Find all ACL entries for a set of principals (including public)
+     * @param principalsList - List of principals, each containing { principalType, principalId }
+     * @param resourceType - The type of resource
+     * @param resourceId - The ID of the resource
+     * @returns Array of matching ACL entries
      */
-    async function deleteTokens(query) {
-        try {
-            const Token = mongoose.models.Token;
-            return await Token.deleteMany({
-                $or: [
-                    { userId: query.userId },
-                    { token: query.token },
-                    { email: query.email },
-                    { identifier: query.identifier },
-                ],
-            });
-        }
-        catch (error) {
-            logger.debug('An error occurred while deleting tokens:', error);
-            throw error;
+    async function findEntriesByPrincipalsAndResource(principalsList, resourceType, resourceId) {
+        const AclEntry = mongoose$1.models.AclEntry;
+        const principalsQuery = principalsList.map((p) => ({
+            principalType: p.principalType,
+            ...(p.principalType !== librechatDataProvider.PrincipalType.PUBLIC && { principalId: p.principalId }),
+        }));
+        return await AclEntry.find({
+            $or: principalsQuery,
+            resourceType,
+            resourceId,
+        }).lean();
+    }
+    /**
+     * Check if a set of principals has a specific permission on a resource
+     * @param principalsList - List of principals, each containing { principalType, principalId }
+     * @param resourceType - The type of resource
+     * @param resourceId - The ID of the resource
+     * @param permissionBit - The permission bit to check (use PermissionBits enum)
+     * @returns Whether any of the principals has the permission
+     */
+    async function hasPermission(principalsList, resourceType, resourceId, permissionBit) {
+        const AclEntry = mongoose$1.models.AclEntry;
+        const principalsQuery = principalsList.map((p) => ({
+            principalType: p.principalType,
+            ...(p.principalType !== librechatDataProvider.PrincipalType.PUBLIC && { principalId: p.principalId }),
+        }));
+        const entry = await AclEntry.findOne({
+            $or: principalsQuery,
+            resourceType,
+            resourceId,
+            permBits: { $bitsAllSet: permissionBit },
+        }).lean();
+        return !!entry;
+    }
+    /**
+     * Get the combined effective permissions for a set of principals on a resource
+     * @param principalsList - List of principals, each containing { principalType, principalId }
+     * @param resourceType - The type of resource
+     * @param resourceId - The ID of the resource
+     * @returns {Promise<number>} Effective permission bitmask
+     */
+    async function getEffectivePermissions(principalsList, resourceType, resourceId) {
+        const aclEntries = await findEntriesByPrincipalsAndResource(principalsList, resourceType, resourceId);
+        let effectiveBits = 0;
+        for (const entry of aclEntries) {
+            effectiveBits |= entry.permBits;
         }
+        return effectiveBits;
     }
     /**
-     * Finds a Token document that matches the provided query.
+     * Grant permission to a principal for a resource
+     * @param principalType - The type of principal ('user', 'group', 'public')
+     * @param principalId - The ID of the principal (null for 'public')
+     * @param resourceType - The type of resource
+     * @param resourceId - The ID of the resource
+     * @param permBits - The permission bits to grant
+     * @param grantedBy - The ID of the user granting the permission
+     * @param session - Optional MongoDB session for transactions
+     * @param roleId - Optional role ID to associate with this permission
+     * @returns The created or updated ACL entry
      */
-    async function findToken(query) {
-        try {
-            const Token = mongoose.models.Token;
-            const conditions = [];
-            if (query.userId) {
-                conditions.push({ userId: query.userId });
-            }
-            if (query.token) {
-                conditions.push({ token: query.token });
+    async function grantPermission(principalType, principalId, resourceType, resourceId, permBits, grantedBy, session, roleId) {
+        const AclEntry = mongoose$1.models.AclEntry;
+        const query = {
+            principalType,
+            resourceType,
+            resourceId,
+        };
+        if (principalType !== librechatDataProvider.PrincipalType.PUBLIC) {
+            query.principalId =
+                typeof principalId === 'string' && principalType !== librechatDataProvider.PrincipalType.ROLE
+                    ? new mongoose.Types.ObjectId(principalId)
+                    : principalId;
+            if (principalType === librechatDataProvider.PrincipalType.USER) {
+                query.principalModel = librechatDataProvider.PrincipalModel.USER;
             }
-            if (query.email) {
-                conditions.push({ email: query.email });
+            else if (principalType === librechatDataProvider.PrincipalType.GROUP) {
+                query.principalModel = librechatDataProvider.PrincipalModel.GROUP;
             }
-            if (query.identifier) {
-                conditions.push({ identifier: query.identifier });
+            else if (principalType === librechatDataProvider.PrincipalType.ROLE) {
+                query.principalModel = librechatDataProvider.PrincipalModel.ROLE;
             }
-            const token = await Token.findOne({
-                $and: conditions,
-            }).lean();
-            return token;
         }
-        catch (error) {
-            logger.debug('An error occurred while finding token:', error);
-            throw error;
+        const update = {
+            $set: {
+                permBits,
+                grantedBy,
+                grantedAt: new Date(),
+                ...(roleId && { roleId }),
+            },
+        };
+        const options = {
+            upsert: true,
+            new: true,
+            ...(session ? { session } : {}),
+        };
+        return await AclEntry.findOneAndUpdate(query, update, options);
+    }
+    /**
+     * Revoke permissions from a principal for a resource
+     * @param principalType - The type of principal ('user', 'group', 'public')
+     * @param principalId - The ID of the principal (null for 'public')
+     * @param resourceType - The type of resource
+     * @param resourceId - The ID of the resource
+     * @param session - Optional MongoDB session for transactions
+     * @returns The result of the delete operation
+     */
+    async function revokePermission(principalType, principalId, resourceType, resourceId, session) {
+        const AclEntry = mongoose$1.models.AclEntry;
+        const query = {
+            principalType,
+            resourceType,
+            resourceId,
+        };
+        if (principalType !== librechatDataProvider.PrincipalType.PUBLIC) {
+            query.principalId =
+                typeof principalId === 'string' && principalType !== librechatDataProvider.PrincipalType.ROLE
+                    ? new mongoose.Types.ObjectId(principalId)
+                    : principalId;
+        }
+        const options = session ? { session } : {};
+        return await AclEntry.deleteOne(query, options);
+    }
+    /**
+     * Modify existing permission bits for a principal on a resource
+     * @param principalType - The type of principal ('user', 'group', 'public')
+     * @param principalId - The ID of the principal (null for 'public')
+     * @param resourceType - The type of resource
+     * @param resourceId - The ID of the resource
+     * @param addBits - Permission bits to add
+     * @param removeBits - Permission bits to remove
+     * @param session - Optional MongoDB session for transactions
+     * @returns The updated ACL entry
+     */
+    async function modifyPermissionBits(principalType, principalId, resourceType, resourceId, addBits, removeBits, session) {
+        const AclEntry = mongoose$1.models.AclEntry;
+        const query = {
+            principalType,
+            resourceType,
+            resourceId,
+        };
+        if (principalType !== librechatDataProvider.PrincipalType.PUBLIC) {
+            query.principalId =
+                typeof principalId === 'string' && principalType !== librechatDataProvider.PrincipalType.ROLE
+                    ? new mongoose.Types.ObjectId(principalId)
+                    : principalId;
+        }
+        const update = {};
+        if (addBits) {
+            update.$bit = { permBits: { or: addBits } };
         }
+        if (removeBits) {
+            if (!update.$bit)
+                update.$bit = {};
+            const bitUpdate = update.$bit;
+            bitUpdate.permBits = { ...bitUpdate.permBits, and: ~removeBits };
+        }
+        const options = {
+            new: true,
+            ...(session ? { session } : {}),
+        };
+        return await AclEntry.findOneAndUpdate(query, update, options);
+    }
+    /**
+     * Find all resources of a specific type that a set of principals has access to
+     * @param principalsList - List of principals, each containing { principalType, principalId }
+     * @param resourceType - The type of resource
+     * @param requiredPermBit - Required permission bit (use PermissionBits enum)
+     * @returns Array of resource IDs
+     */
+    async function findAccessibleResources(principalsList, resourceType, requiredPermBit) {
+        const AclEntry = mongoose$1.models.AclEntry;
+        const principalsQuery = principalsList.map((p) => ({
+            principalType: p.principalType,
+            ...(p.principalType !== librechatDataProvider.PrincipalType.PUBLIC && { principalId: p.principalId }),
+        }));
+        const entries = await AclEntry.find({
+            $or: principalsQuery,
+            resourceType,
+            permBits: { $bitsAllSet: requiredPermBit },
+        }).distinct('resourceId');
+        return entries;
     }
-    // Return all methods
     return {
-        findToken,
-        createToken,
-        updateToken,
-        deleteTokens,
+        findEntriesByPrincipal,
+        findEntriesByResource,
+        findEntriesByPrincipalsAndResource,
+        hasPermission,
+        getEffectivePermissions,
+        grantPermission,
+        revokePermission,
+        modifyPermissionBits,
+        findAccessibleResources,
     };
 }
 
-// Factory function that takes mongoose instance and returns the methods
-function createRoleMethods(mongoose) {
+function createGroupMethods(mongoose) {
     /**
-     * Initialize default roles in the system.
-     * Creates the default roles (ADMIN, USER) if they don't exist in the database.
-     * Updates existing roles with new permission types if they're missing.
+     * Find a group by its ID
+     * @param groupId - The group ID
+     * @returns The group document or null if not found
      */
-    async function initializeRoles() {
-        const Role = mongoose.models.Role;
-        for (const roleName of [librechatDataProvider.SystemRoles.ADMIN, librechatDataProvider.SystemRoles.USER]) {
-            let role = await Role.findOne({ name: roleName });
-            const defaultPerms = librechatDataProvider.roleDefaults[roleName].permissions;
-            if (!role) {
-                // Create new role if it doesn't exist.
-                role = new Role(librechatDataProvider.roleDefaults[roleName]);
-            }
-            else {
-                // Ensure role.permissions is defined.
-                role.permissions = role.permissions || {};
-                // For each permission type in defaults, add it if missing.
-                for (const permType of Object.keys(defaultPerms)) {
-                    if (role.permissions[permType] == null) {
-                        role.permissions[permType] = defaultPerms[permType];
-                    }
-                }
-            }
-            await role.save();
-        }
+    async function findGroupById(groupId) {
+        const Group = mongoose.models.Group;
+        return await Group.findById(groupId).lean();
     }
     /**
-     * List all roles in the system (for testing purposes)
-     * Returns an array of all roles with their names and permissions
+     * Create a new group
+     * @param groupData - Group data including name, source, and optional fields
+     * @returns The created group
      */
-    async function listRoles() {
-        const Role = mongoose.models.Role;
-        return await Role.find({}).select('name permissions').lean();
+    async function createGroup(groupData) {
+        const Group = mongoose.models.Group;
+        return await Group.create(groupData);
     }
-    // Return all methods you want to expose
-    return {
-        listRoles,
-        initializeRoles,
-    };
-}
-
-/**
- * Formats a date in YYYY-MM-DD format
- */
-const formatDate = (date) => {
-    return date.toISOString().split('T')[0];
-};
-// Factory function that takes mongoose instance and returns the methods
-function createMemoryMethods(mongoose) {
     /**
-     * Creates a new memory entry for a user
-     * Throws an error if a memory with the same key already exists
+     * Update an existing group
+     * @param groupId - The ID of the group to update
+     * @param updateData - Data to update
+     * @returns The updated group document or null if not found
      */
-    async function createMemory({ userId, key, value, tokenCount = 0, }) {
-        try {
-            if ((key === null || key === void 0 ? void 0 : key.toLowerCase()) === 'nothing') {
-                return { ok: false };
-            }
-            const MemoryEntry = mongoose.models.MemoryEntry;
-            const existingMemory = await MemoryEntry.findOne({ userId, key });
-            if (existingMemory) {
-                throw new Error('Memory with this key already exists');
-            }
-            await MemoryEntry.create({
-                userId,
-                key,
-                value,
-                tokenCount,
-                updated_at: new Date(),
-            });
-            return { ok: true };
-        }
-        catch (error) {
-            throw new Error(`Failed to create memory: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+    async function updateGroup(groupId, updateData) {
+        const Group = mongoose.models.Group;
+        return await Group.findByIdAndUpdate(groupId, { $set: updateData }, { new: true }).lean();
     }
     /**
-     * Sets or updates a memory entry for a user
+     * Delete a group
+     * @param groupId - The ID of the group to delete
+     * @returns The result of the delete operation
      */
-    async function setMemory({ userId, key, value, tokenCount = 0, }) {
-        try {
-            if ((key === null || key === void 0 ? void 0 : key.toLowerCase()) === 'nothing') {
-                return { ok: false };
-            }
-            const MemoryEntry = mongoose.models.MemoryEntry;
-            await MemoryEntry.findOneAndUpdate({ userId, key }, {
-                value,
-                tokenCount,
-                updated_at: new Date(),
-            }, {
-                upsert: true,
-                new: true,
-            });
-            return { ok: true };
-        }
-        catch (error) {
-            throw new Error(`Failed to set memory: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+    async function deleteGroup(groupId) {
+        const Group = mongoose.models.Group;
+        return await Group.deleteOne({ _id: groupId });
     }
     /**
-     * Deletes a specific memory entry for a user
+     * Find all groups
+     * @returns Array of all group documents
      */
-    async function deleteMemory({ userId, key }) {
-        try {
-            const MemoryEntry = mongoose.models.MemoryEntry;
-            const result = await MemoryEntry.findOneAndDelete({ userId, key });
-            return { ok: !!result };
-        }
-        catch (error) {
-            throw new Error(`Failed to delete memory: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+    async function getAllGroups() {
+        const Group = mongoose.models.Group;
+        return await Group.find().lean();
     }
     /**
-     * Gets all memory entries for a user
+     * Find groups by source
+     * @param source - The source ('local' or 'entra')
+     * @returns Array of group documents
      */
-    async function getAllUserMemories(userId) {
-        try {
-            const MemoryEntry = mongoose.models.MemoryEntry;
-            return (await MemoryEntry.find({ userId }).lean());
-        }
-        catch (error) {
-            throw new Error(`Failed to get all memories: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
+    async function findGroupsBySource(source) {
+        const Group = mongoose.models.Group;
+        return await Group.find({ source }).lean();
     }
     /**
-     * Gets and formats all memories for a user in two different formats
+     * Find a group by its external ID
+     * @param idOnTheSource - The external ID
+     * @param source - The source ('entra' or 'local')
+     * @returns The group document or null if not found
      */
-    async function getFormattedMemories({ userId, }) {
-        try {
-            const memories = await getAllUserMemories(userId);
-            if (!memories || memories.length === 0) {
-                return { withKeys: '', withoutKeys: '', totalTokens: 0 };
-            }
-            const sortedMemories = memories.sort((a, b) => new Date(a.updated_at).getTime() - new Date(b.updated_at).getTime());
-            const totalTokens = sortedMemories.reduce((sum, memory) => {
-                return sum + (memory.tokenCount || 0);
-            }, 0);
-            const withKeys = sortedMemories
-                .map((memory, index) => {
-                const date = formatDate(new Date(memory.updated_at));
-                const tokenInfo = memory.tokenCount ? ` [${memory.tokenCount} tokens]` : '';
-                return `${index + 1}. [${date}]. ["key": "${memory.key}"]${tokenInfo}. ["value": "${memory.value}"]`;
-            })
-                .join('\n\n');
-            const withoutKeys = sortedMemories
-                .map((memory, index) => {
-                const date = formatDate(new Date(memory.updated_at));
-                return `${index + 1}. [${date}]. ${memory.value}`;
-            })
-                .join('\n\n');
-            return { withKeys, withoutKeys, totalTokens };
-        }
-        catch (error) {
-            logger.error('Failed to get formatted memories:', error);
-            return { withKeys: '', withoutKeys: '', totalTokens: 0 };
-        }
+    async function findGroupByExternalId(idOnTheSource, source = 'entra') {
+        const Group = mongoose.models.Group;
+        return await Group.findOne({ idOnTheSource, source }).lean();
+    }
+    /**
+     * Add a member to a group
+     * @param groupId - The group ID
+     * @param memberId - The member ID to add (idOnTheSource value)
+     * @returns The updated group or null if not found
+     */
+    async function addMemberToGroup(groupId, memberId) {
+        const Group = mongoose.models.Group;
+        return await Group.findByIdAndUpdate(groupId, { $addToSet: { memberIds: memberId } }, { new: true }).lean();
+    }
+    /**
+     * Remove a member from a group
+     * @param groupId - The group ID
+     * @param memberId - The member ID to remove (idOnTheSource value)
+     * @returns The updated group or null if not found
+     */
+    async function removeMemberFromGroup(groupId, memberId) {
+        const Group = mongoose.models.Group;
+        return await Group.findByIdAndUpdate(groupId, { $pull: { memberIds: memberId } }, { new: true }).lean();
+    }
+    /**
+     * Find all groups that contain a specific member
+     * @param memberId - The member ID (idOnTheSource value)
+     * @returns Array of groups containing the member
+     */
+    async function findGroupsByMemberId(memberId) {
+        const Group = mongoose.models.Group;
+        return await Group.find({ memberIds: memberId }).lean();
     }
     return {
-        setMemory,
-        createMemory,
-        deleteMemory,
-        getAllUserMemories,
-        getFormattedMemories,
+        createGroup,
+        updateGroup,
+        deleteGroup,
+        getAllGroups,
+        findGroupById,
+        addMemberToGroup,
+        findGroupsBySource,
+        removeMemberFromGroup,
+        findGroupsByMemberId,
+        findGroupByExternalId,
     };
 }
 
@@ -3110,7 +4828,7 @@ function createShareMethods(mongoose) {
             return result;
         }
         catch (error) {
-            logger.error('[getSharedMessages] Error getting share link', {
+            logger$1.error('[getSharedMessages] Error getting share link', {
                 error: error instanceof Error ? error.message : 'Unknown error',
                 shareId,
             });
@@ -3148,7 +4866,7 @@ function createShareMethods(mongoose) {
                     query['conversationId'] = { $in: conversationIds };
                 }
                 catch (searchError) {
-                    logger.error('[getSharedLinks] Meilisearch error', {
+                    logger$1.error('[getSharedLinks] Meilisearch error', {
                         error: searchError instanceof Error ? searchError.message : 'Unknown error',
                         user,
                     });
@@ -3184,7 +4902,7 @@ function createShareMethods(mongoose) {
             };
         }
         catch (error) {
-            logger.error('[getSharedLinks] Error getting shares', {
+            logger$1.error('[getSharedLinks] Error getting shares', {
                 error: error instanceof Error ? error.message : 'Unknown error',
                 user,
             });
@@ -3204,7 +4922,7 @@ function createShareMethods(mongoose) {
             };
         }
         catch (error) {
-            logger.error('[deleteAllSharedLinks] Error deleting shared links', {
+            logger$1.error('[deleteAllSharedLinks] Error deleting shared links', {
                 error: error instanceof Error ? error.message : 'Unknown error',
                 user,
             });
@@ -3229,7 +4947,7 @@ function createShareMethods(mongoose) {
                 Message.find({ conversationId, user }).sort({ createdAt: 1 }).lean(),
             ]);
             if (existingShare && existingShare.isPublic) {
-                logger.error('[createSharedLink] Share already exists', {
+                logger$1.error('[createSharedLink] Share already exists', {
                     user,
                     conversationId,
                 });
@@ -3262,7 +4980,7 @@ function createShareMethods(mongoose) {
             if (error instanceof ShareServiceError) {
                 throw error;
             }
-            logger.error('[createSharedLink] Error creating shared link', {
+            logger$1.error('[createSharedLink] Error creating shared link', {
                 error: error instanceof Error ? error.message : 'Unknown error',
                 user,
                 conversationId,
@@ -3288,7 +5006,7 @@ function createShareMethods(mongoose) {
             return { shareId: share.shareId || null, success: true };
         }
         catch (error) {
-            logger.error('[getSharedLink] Error getting shared link', {
+            logger$1.error('[getSharedLink] Error getting shared link', {
                 error: error instanceof Error ? error.message : 'Unknown error',
                 user,
                 conversationId,
@@ -3333,7 +5051,7 @@ function createShareMethods(mongoose) {
             return { shareId: newShareId, conversationId: updatedShare.conversationId };
         }
         catch (error) {
-            logger.error('[updateSharedLink] Error updating shared link', {
+            logger$1.error('[updateSharedLink] Error updating shared link', {
                 error: error instanceof Error ? error.message : 'Unknown error',
                 user,
                 shareId,
@@ -3361,7 +5079,7 @@ function createShareMethods(mongoose) {
             };
         }
         catch (error) {
-            logger.error('[deleteSharedLink] Error deleting shared link', {
+            logger$1.error('[deleteSharedLink] Error deleting shared link', {
                 error: error instanceof Error ? error.message : 'Unknown error',
                 user,
                 shareId,
@@ -3381,106 +5099,6 @@ function createShareMethods(mongoose) {
     };
 }
 
-// Factory function that takes mongoose instance and returns the methods
-function createPluginAuthMethods(mongoose) {
-    /**
-     * Finds a single plugin auth entry by userId and authField
-     */
-    async function findOnePluginAuth({ userId, authField, }) {
-        try {
-            const PluginAuth = mongoose.models.PluginAuth;
-            return await PluginAuth.findOne({ userId, authField }).lean();
-        }
-        catch (error) {
-            throw new Error(`Failed to find plugin auth: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
-    }
-    /**
-     * Finds multiple plugin auth entries by userId and pluginKeys
-     */
-    async function findPluginAuthsByKeys({ userId, pluginKeys, }) {
-        try {
-            if (!pluginKeys || pluginKeys.length === 0) {
-                return [];
-            }
-            const PluginAuth = mongoose.models.PluginAuth;
-            return await PluginAuth.find({
-                userId,
-                pluginKey: { $in: pluginKeys },
-            }).lean();
-        }
-        catch (error) {
-            throw new Error(`Failed to find plugin auths: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
-    }
-    /**
-     * Updates or creates a plugin auth entry
-     */
-    async function updatePluginAuth({ userId, authField, pluginKey, value, }) {
-        try {
-            const PluginAuth = mongoose.models.PluginAuth;
-            const existingAuth = await PluginAuth.findOne({ userId, pluginKey, authField }).lean();
-            if (existingAuth) {
-                return await PluginAuth.findOneAndUpdate({ userId, pluginKey, authField }, { $set: { value } }, { new: true, upsert: true }).lean();
-            }
-            else {
-                const newPluginAuth = await new PluginAuth({
-                    userId,
-                    authField,
-                    value,
-                    pluginKey,
-                });
-                await newPluginAuth.save();
-                return newPluginAuth.toObject();
-            }
-        }
-        catch (error) {
-            throw new Error(`Failed to update plugin auth: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
-    }
-    /**
-     * Deletes plugin auth entries based on provided parameters
-     */
-    async function deletePluginAuth({ userId, authField, pluginKey, all = false, }) {
-        try {
-            const PluginAuth = mongoose.models.PluginAuth;
-            if (all) {
-                const filter = { userId };
-                if (pluginKey) {
-                    filter.pluginKey = pluginKey;
-                }
-                return await PluginAuth.deleteMany(filter);
-            }
-            if (!authField) {
-                throw new Error('authField is required when all is false');
-            }
-            return await PluginAuth.deleteOne({ userId, authField });
-        }
-        catch (error) {
-            throw new Error(`Failed to delete plugin auth: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
-    }
-    /**
-     * Deletes all plugin auth entries for a user
-     */
-    async function deleteAllUserPluginAuths(userId) {
-        try {
-            const PluginAuth = mongoose.models.PluginAuth;
-            return await PluginAuth.deleteMany({ userId });
-        }
-        catch (error) {
-            throw new Error(`Failed to delete all user plugin auths: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
-    }
-    return {
-        findOnePluginAuth,
-        findPluginAuthsByKeys,
-        updatePluginAuth,
-        deletePluginAuth,
-        deleteAllUserPluginAuths,
-    };
-}
-
 /**
  * Creates all database methods for all collections
  */
@@ -3491,12 +5109,18 @@ function createMethods(mongoose) {
         ...createTokenMethods(mongoose),
         ...createRoleMethods(mongoose),
         ...createMemoryMethods(mongoose),
+        ...createAgentCategoryMethods(mongoose),
+        ...createAccessRoleMethods(mongoose),
+        ...createUserGroupMethods(mongoose),
+        ...createAclEntryMethods(mongoose),
+        ...createGroupMethods(mongoose),
         ...createShareMethods(mongoose),
         ...createPluginAuthMethods(mongoose),
     };
 }
 
 exports.actionSchema = Action;
+exports.agentCategorySchema = agentCategorySchema;
 exports.agentSchema = agentSchema;
 exports.assistantSchema = assistantSchema;
 exports.balanceSchema = balanceSchema;
@@ -3507,10 +5131,12 @@ exports.convoSchema = convoSchema;
 exports.createMethods = createMethods;
 exports.createModels = createModels;
 exports.fileSchema = file;
+exports.getTransactionSupport = getTransactionSupport;
+exports.groupSchema = groupSchema;
 exports.hashToken = hashToken;
 exports.keySchema = keySchema;
-exports.logger = logger;
-exports.meiliLogger = logger$1;
+exports.logger = logger$1;
+exports.meiliLogger = logger;
 exports.memorySchema = MemoryEntrySchema;
 exports.messageSchema = messageSchema;
 exports.pluginAuthSchema = pluginAuthSchema;
@@ -3522,6 +5148,7 @@ exports.roleSchema = roleSchema;
 exports.sessionSchema = sessionSchema;
 exports.shareSchema = shareSchema;
 exports.signPayload = signPayload;
+exports.supportsTransactions = supportsTransactions;
 exports.tokenSchema = tokenSchema;
 exports.toolCallSchema = toolCallSchema;
 exports.transactionSchema = transactionSchema;