@librechat/data-schemas 0.0.31 → 0.0.33

package/dist/index.cjs

@@ -5,8 +5,9 @@ var winston = require('winston');
 require('winston-daily-rotate-file');
 var klona = require('klona');
 var path = require('path');
+require('dotenv/config');
 var jwt = require('jsonwebtoken');
-var node_crypto = require('node:crypto');
+var crypto = require('node:crypto');
 var mongoose = require('mongoose');
 var _ = require('lodash');
 var meilisearch = require('meilisearch');
@@ -856,6 +857,153 @@ function azureConfigSetup(config) {
     };
 }
 
+/**
+ * Default Vertex AI models available through Google Cloud
+ * These are the standard Anthropic model names as served by Vertex AI
+ */
+const defaultVertexModels = [
+    'claude-sonnet-4-20250514',
+    'claude-3-7-sonnet-20250219',
+    'claude-3-5-sonnet-v2@20241022',
+    'claude-3-5-sonnet@20240620',
+    'claude-3-5-haiku@20241022',
+    'claude-3-opus@20240229',
+    'claude-3-haiku@20240307',
+];
+/**
+ * Processes models configuration and creates deployment name mapping
+ * Similar to Azure's model mapping logic
+ * @param models - The models configuration (can be array or object)
+ * @param defaultDeploymentName - Optional default deployment name
+ * @returns Object containing modelNames array and modelDeploymentMap
+ */
+function processVertexModels(models, defaultDeploymentName) {
+    const modelNames = [];
+    const modelDeploymentMap = {};
+    if (!models) {
+        // No models specified, use defaults
+        for (const model of defaultVertexModels) {
+            modelNames.push(model);
+            modelDeploymentMap[model] = model; // Default: model name = deployment name
+        }
+        return { modelNames, modelDeploymentMap };
+    }
+    if (Array.isArray(models)) {
+        // Legacy format: simple array of model names
+        for (const modelName of models) {
+            modelNames.push(modelName);
+            // If a default deployment name is provided, use it for all models
+            // Otherwise, model name is the deployment name
+            modelDeploymentMap[modelName] = defaultDeploymentName || modelName;
+        }
+    }
+    else {
+        // New format: object with model names as keys and config as values
+        for (const [modelName, modelConfig] of Object.entries(models)) {
+            modelNames.push(modelName);
+            if (typeof modelConfig === 'boolean') {
+                // Model is set to true/false - use default deployment name or model name
+                modelDeploymentMap[modelName] = defaultDeploymentName || modelName;
+            }
+            else if (modelConfig === null || modelConfig === void 0 ? void 0 : modelConfig.deploymentName) {
+                // Model has its own deployment name specified
+                modelDeploymentMap[modelName] = modelConfig.deploymentName;
+            }
+            else {
+                // Model is an object but no deployment name - use default or model name
+                modelDeploymentMap[modelName] = defaultDeploymentName || modelName;
+            }
+        }
+    }
+    return { modelNames, modelDeploymentMap };
+}
+/**
+ * Validates and processes Vertex AI configuration
+ * @param vertexConfig - The Vertex AI configuration object
+ * @returns Validated configuration with errors if any
+ */
+function validateVertexConfig(vertexConfig) {
+    if (!vertexConfig) {
+        return null;
+    }
+    const errors = [];
+    // Extract and validate environment variables
+    // projectId is optional - will be auto-detected from service key if not provided
+    const projectId = vertexConfig.projectId ? librechatDataProvider.extractEnvVariable(vertexConfig.projectId) : undefined;
+    const region = librechatDataProvider.extractEnvVariable(vertexConfig.region || 'us-east5');
+    const serviceKeyFile = vertexConfig.serviceKeyFile
+        ? librechatDataProvider.extractEnvVariable(vertexConfig.serviceKeyFile)
+        : undefined;
+    const defaultDeploymentName = vertexConfig.deploymentName
+        ? librechatDataProvider.extractEnvVariable(vertexConfig.deploymentName)
+        : undefined;
+    // Check for unresolved environment variables
+    if (projectId && librechatDataProvider.envVarRegex.test(projectId)) {
+        errors.push(`Vertex AI projectId environment variable "${vertexConfig.projectId}" was not found.`);
+    }
+    if (librechatDataProvider.envVarRegex.test(region)) {
+        errors.push(`Vertex AI region environment variable "${vertexConfig.region}" was not found.`);
+    }
+    if (serviceKeyFile && librechatDataProvider.envVarRegex.test(serviceKeyFile)) {
+        errors.push(`Vertex AI serviceKeyFile environment variable "${vertexConfig.serviceKeyFile}" was not found.`);
+    }
+    if (defaultDeploymentName && librechatDataProvider.envVarRegex.test(defaultDeploymentName)) {
+        errors.push(`Vertex AI deploymentName environment variable "${vertexConfig.deploymentName}" was not found.`);
+    }
+    // Process models and create deployment mapping
+    const { modelNames, modelDeploymentMap } = processVertexModels(vertexConfig.models, defaultDeploymentName);
+    // Note: projectId is optional - if not provided, it will be auto-detected from the service key file
+    const isValid = errors.length === 0;
+    return {
+        enabled: vertexConfig.enabled !== false,
+        projectId,
+        region,
+        serviceKeyFile,
+        deploymentName: defaultDeploymentName,
+        models: vertexConfig.models,
+        modelNames,
+        modelDeploymentMap,
+        isValid,
+        errors,
+    };
+}
+/**
+ * Sets up the Vertex AI configuration from the config (`librechat.yaml`) file.
+ * Similar to azureConfigSetup, this processes and validates the Vertex AI configuration.
+ * @param config - The loaded custom configuration.
+ * @returns The validated Vertex AI configuration or null if not configured.
+ */
+function vertexConfigSetup(config) {
+    var _a, _b;
+    const anthropicConfig = (_a = config.endpoints) === null || _a === void 0 ? void 0 : _a[librechatDataProvider.EModelEndpoint.anthropic];
+    if (!(anthropicConfig === null || anthropicConfig === void 0 ? void 0 : anthropicConfig.vertex)) {
+        return null;
+    }
+    const vertexConfig = anthropicConfig.vertex;
+    // Skip if explicitly disabled (enabled: false)
+    // When vertex config exists, it's enabled by default unless explicitly set to false
+    if (vertexConfig.enabled === false) {
+        return null;
+    }
+    const validatedConfig = validateVertexConfig(vertexConfig);
+    if (!validatedConfig) {
+        return null;
+    }
+    if (!validatedConfig.isValid) {
+        const errorString = validatedConfig.errors.join('\n');
+        const errorMessage = 'Invalid Vertex AI configuration:\n' + errorString;
+        logger$1.error(errorMessage);
+        throw new Error(errorMessage);
+    }
+    logger$1.info('Vertex AI configuration loaded successfully', {
+        projectId: validatedConfig.projectId,
+        region: validatedConfig.region,
+        modelCount: ((_b = validatedConfig.modelNames) === null || _b === void 0 ? void 0 : _b.length) || 0,
+        models: validatedConfig.modelNames,
+    });
+    return validatedConfig;
+}
+
 /**
  * Loads custom config endpoints
  * @param [config]
@@ -878,12 +1026,24 @@ const loadEndpoints = (config, agentsDefaults) => {
         loadedEndpoints[librechatDataProvider.EModelEndpoint.assistants] = assistantsConfigSetup(config, librechatDataProvider.EModelEndpoint.assistants, loadedEndpoints[librechatDataProvider.EModelEndpoint.assistants]);
     }
     loadedEndpoints[librechatDataProvider.EModelEndpoint.agents] = agentsConfigSetup(config, agentsDefaults);
+    // Handle Anthropic endpoint with Vertex AI configuration
+    if (endpoints === null || endpoints === void 0 ? void 0 : endpoints[librechatDataProvider.EModelEndpoint.anthropic]) {
+        const anthropicConfig = endpoints[librechatDataProvider.EModelEndpoint.anthropic];
+        const vertexConfig = vertexConfigSetup(config);
+        loadedEndpoints[librechatDataProvider.EModelEndpoint.anthropic] = {
+            ...anthropicConfig,
+            // If Vertex AI is enabled, use the visible model names from vertex config
+            // Otherwise, use the models array from anthropic config
+            ...((vertexConfig === null || vertexConfig === void 0 ? void 0 : vertexConfig.modelNames) && { models: vertexConfig.modelNames }),
+            // Attach validated Vertex AI config if present
+            ...(vertexConfig && { vertexConfig }),
+        };
+    }
     const endpointKeys = [
         librechatDataProvider.EModelEndpoint.openAI,
         librechatDataProvider.EModelEndpoint.google,
         librechatDataProvider.EModelEndpoint.custom,
         librechatDataProvider.EModelEndpoint.bedrock,
-        librechatDataProvider.EModelEndpoint.anthropic,
     ];
     endpointKeys.forEach((key) => {
         const currentKey = key;
@@ -938,7 +1098,9 @@ const AppService = async (params) => {
     const imageOutputType = (_e = config === null || config === void 0 ? void 0 : config.imageOutputType) !== null && _e !== void 0 ? _e : configDefaults.imageOutputType;
     process.env.CDN_PROVIDER = fileStrategy;
     const availableTools = systemTools;
-    const mcpConfig = config.mcpServers || null;
+    const mcpServersConfig = config.mcpServers || null;
+    const mcpSettings = config.mcpSettings || null;
+    const actions = config.actions;
     const registration = (_f = config.registration) !== null && _f !== void 0 ? _f : configDefaults.registration;
     const interfaceConfig = await loadDefaultInterface({ config, configDefaults });
     const turnstileConfig = loadTurnstileConfig(config, configDefaults);
@@ -950,8 +1112,10 @@ const AppService = async (params) => {
         memory,
         speech,
         balance,
+        actions,
         transactions,
-        mcpConfig,
+        mcpConfig: mcpServersConfig,
+        mcpSettings,
         webSearch,
         fileStrategy,
         registration,
@@ -999,14 +1163,144 @@ exports.RoleBits = void 0;
     RoleBits[RoleBits["OWNER"] = librechatDataProvider.PermissionBits.VIEW | librechatDataProvider.PermissionBits.EDIT | librechatDataProvider.PermissionBits.DELETE | librechatDataProvider.PermissionBits.SHARE] = "OWNER";
 })(exports.RoleBits || (exports.RoleBits = {}));
 
+var _a, _b;
+const { webcrypto } = crypto;
+/** Use hex decoding for both key and IV for legacy methods */
+const key = Buffer.from((_a = process.env.CREDS_KEY) !== null && _a !== void 0 ? _a : '', 'hex');
+const iv = Buffer.from((_b = process.env.CREDS_IV) !== null && _b !== void 0 ? _b : '', 'hex');
+const algorithm = 'AES-CBC';
 async function signPayload({ payload, secret, expirationTime, }) {
     return jwt.sign(payload, secret, { expiresIn: expirationTime });
 }
 async function hashToken(str) {
     const data = new TextEncoder().encode(str);
-    const hashBuffer = await node_crypto.webcrypto.subtle.digest('SHA-256', data);
+    const hashBuffer = await webcrypto.subtle.digest('SHA-256', data);
     return Buffer.from(hashBuffer).toString('hex');
 }
+/** --- Legacy v1/v2 Setup: AES-CBC with fixed key and IV --- */
+/**
+ * Encrypts a value using AES-CBC
+ * @param value - The plaintext to encrypt
+ * @returns The encrypted string in hex format
+ */
+async function encrypt(value) {
+    const cryptoKey = await webcrypto.subtle.importKey('raw', key, { name: algorithm }, false, [
+        'encrypt',
+    ]);
+    const encoder = new TextEncoder();
+    const data = encoder.encode(value);
+    const encryptedBuffer = await webcrypto.subtle.encrypt({ name: algorithm, iv: iv }, cryptoKey, data);
+    return Buffer.from(encryptedBuffer).toString('hex');
+}
+/**
+ * Decrypts an encrypted value using AES-CBC
+ * @param encryptedValue - The encrypted string in hex format
+ * @returns The decrypted plaintext
+ */
+async function decrypt(encryptedValue) {
+    const cryptoKey = await webcrypto.subtle.importKey('raw', key, { name: algorithm }, false, [
+        'decrypt',
+    ]);
+    const encryptedBuffer = Buffer.from(encryptedValue, 'hex');
+    const decryptedBuffer = await webcrypto.subtle.decrypt({ name: algorithm, iv: iv }, cryptoKey, encryptedBuffer);
+    const decoder = new TextDecoder();
+    return decoder.decode(decryptedBuffer);
+}
+/** --- v2: AES-CBC with a random IV per encryption --- */
+/**
+ * Encrypts a value using AES-CBC with a random IV per encryption
+ * @param value - The plaintext to encrypt
+ * @returns The encrypted string with IV prepended (iv:ciphertext format)
+ */
+async function encryptV2(value) {
+    const gen_iv = webcrypto.getRandomValues(new Uint8Array(16));
+    const cryptoKey = await webcrypto.subtle.importKey('raw', key, { name: algorithm }, false, [
+        'encrypt',
+    ]);
+    const encoder = new TextEncoder();
+    const data = encoder.encode(value);
+    const encryptedBuffer = await webcrypto.subtle.encrypt({ name: algorithm, iv: gen_iv }, cryptoKey, data);
+    return Buffer.from(gen_iv).toString('hex') + ':' + Buffer.from(encryptedBuffer).toString('hex');
+}
+/**
+ * Decrypts an encrypted value using AES-CBC with random IV
+ * @param encryptedValue - The encrypted string in iv:ciphertext format
+ * @returns The decrypted plaintext
+ */
+async function decryptV2(encryptedValue) {
+    var _a;
+    const parts = encryptedValue.split(':');
+    if (parts.length === 1) {
+        return parts[0];
+    }
+    const gen_iv = Buffer.from((_a = parts.shift()) !== null && _a !== void 0 ? _a : '', 'hex');
+    const encrypted = parts.join(':');
+    const cryptoKey = await webcrypto.subtle.importKey('raw', key, { name: algorithm }, false, [
+        'decrypt',
+    ]);
+    const encryptedBuffer = Buffer.from(encrypted, 'hex');
+    const decryptedBuffer = await webcrypto.subtle.decrypt({ name: algorithm, iv: gen_iv }, cryptoKey, encryptedBuffer);
+    const decoder = new TextDecoder();
+    return decoder.decode(decryptedBuffer);
+}
+/** --- v3: AES-256-CTR using Node's crypto functions --- */
+const algorithm_v3 = 'aes-256-ctr';
+/**
+ * Encrypts a value using AES-256-CTR.
+ * Note: AES-256 requires a 32-byte key. Ensure that process.env.CREDS_KEY is a 64-character hex string.
+ * @param value - The plaintext to encrypt.
+ * @returns The encrypted string with a "v3:" prefix.
+ */
+function encryptV3(value) {
+    if (key.length !== 32) {
+        throw new Error(`Invalid key length: expected 32 bytes, got ${key.length} bytes`);
+    }
+    const iv_v3 = crypto.randomBytes(16);
+    const cipher = crypto.createCipheriv(algorithm_v3, key, iv_v3);
+    const encrypted = Buffer.concat([cipher.update(value, 'utf8'), cipher.final()]);
+    return `v3:${iv_v3.toString('hex')}:${encrypted.toString('hex')}`;
+}
+/**
+ * Decrypts an encrypted value using AES-256-CTR.
+ * @param encryptedValue - The encrypted string with "v3:" prefix.
+ * @returns The decrypted plaintext.
+ */
+function decryptV3(encryptedValue) {
+    const parts = encryptedValue.split(':');
+    if (parts[0] !== 'v3') {
+        throw new Error('Not a v3 encrypted value');
+    }
+    const iv_v3 = Buffer.from(parts[1], 'hex');
+    const encryptedText = Buffer.from(parts.slice(2).join(':'), 'hex');
+    const decipher = crypto.createDecipheriv(algorithm_v3, key, iv_v3);
+    const decrypted = Buffer.concat([decipher.update(encryptedText), decipher.final()]);
+    return decrypted.toString('utf8');
+}
+/**
+ * Generates random values as a hex string
+ * @param length - The number of random bytes to generate
+ * @returns The random values as a hex string
+ */
+async function getRandomValues(length) {
+    if (!Number.isInteger(length) || length <= 0) {
+        throw new Error('Length must be a positive integer');
+    }
+    const randomValues = new Uint8Array(length);
+    webcrypto.getRandomValues(randomValues);
+    return Buffer.from(randomValues).toString('hex');
+}
+/**
+ * Computes SHA-256 hash for the given input.
+ * @param input - The input to hash.
+ * @returns The SHA-256 hash of the input.
+ */
+async function hashBackupCode(input) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(input);
+    const hashBuffer = await webcrypto.subtle.digest('SHA-256', data);
+    const hashArray = Array.from(new Uint8Array(hashBuffer));
+    return hashArray.map((b) => b.toString(16).padStart(2, '0')).join('');
+}
 
 // Define the Auth sub-schema with type-safety.
 const AuthSchema = new mongoose.Schema({
@@ -1162,10 +1456,17 @@ const agentSchema = new mongoose.Schema({
         default: false,
         index: true,
     },
+    /** MCP server names extracted from tools for efficient querying */
+    mcpServerNames: {
+        type: [String],
+        default: [],
+        index: true,
+    },
 }, {
     timestamps: true,
 });
 agentSchema.index({ updatedAt: -1, _id: 1 });
+agentSchema.index({ 'edges.to': 1 });
 
 const agentCategorySchema = new mongoose.Schema({
     value: {
@@ -1301,6 +1602,10 @@ const bannerSchema = new mongoose.Schema({
         type: Boolean,
         default: false,
     },
+    persistable: {
+        type: Boolean,
+        default: false,
+    },
 }, { timestamps: true });
 
 const categoriesSchema = new mongoose.Schema({
@@ -1344,7 +1649,6 @@ conversationTag.index({ tag: 1, user: 1 }, { unique: true });
 
 // @ts-ignore
 const conversationPreset = {
-    // endpoint: [azureOpenAI, openAI, anthropic, chatGPTBrowser]
     endpoint: {
         type: String,
         default: null,
@@ -1353,7 +1657,7 @@ const conversationPreset = {
     endpointType: {
         type: String,
     },
-    // for azureOpenAI, openAI, chatGPTBrowser only
+    // for azureOpenAI, openAI only
     model: {
         type: String,
         required: false,
@@ -1518,9 +1822,6 @@ const convoSchema = new mongoose.Schema({
         meiliIndex: true,
     },
     messages: [{ type: mongoose.Schema.Types.ObjectId, ref: 'Message' }],
-    agentOptions: {
-        type: mongoose.Schema.Types.Mixed,
-    },
     ...conversationPreset,
     agent_id: {
         type: String,
@@ -1540,6 +1841,8 @@ const convoSchema = new mongoose.Schema({
 convoSchema.index({ expiredAt: 1 }, { expireAfterSeconds: 0 });
 convoSchema.index({ createdAt: 1, updatedAt: 1 });
 convoSchema.index({ conversationId: 1, user: 1 }, { unique: true });
+// index for MeiliSearch sync operations
+convoSchema.index({ _meiliIndex: 1, expiredAt: 1 });
 
 const file = new mongoose.Schema({
     user: {
@@ -1736,25 +2039,6 @@ const messageSchema = new mongoose.Schema({
         default: false,
     },
     files: { type: [{ type: mongoose.Schema.Types.Mixed }], default: undefined },
-    plugin: {
-        type: {
-            latest: {
-                type: String,
-                required: false,
-            },
-            inputs: {
-                type: [mongoose.Schema.Types.Mixed],
-                required: false,
-                default: undefined,
-            },
-            outputs: {
-                type: String,
-                required: false,
-            },
-        },
-        default: undefined,
-    },
-    plugins: { type: [{ type: mongoose.Schema.Types.Mixed }], default: undefined },
     content: {
         type: [{ type: mongoose.Schema.Types.Mixed }],
         default: undefined,
@@ -1794,10 +2078,16 @@ const messageSchema = new mongoose.Schema({
     expiredAt: {
         type: Date,
     },
+    addedConvo: {
+        type: Boolean,
+        default: undefined,
+    },
 }, { timestamps: true });
 messageSchema.index({ expiredAt: 1 }, { expireAfterSeconds: 0 });
 messageSchema.index({ createdAt: 1 });
 messageSchema.index({ messageId: 1, user: 1 }, { unique: true });
+// index for MeiliSearch sync operations
+messageSchema.index({ _meiliIndex: 1, expiredAt: 1 });
 
 const pluginAuthSchema = new mongoose.Schema({
     authField: {
@@ -1840,10 +2130,6 @@ const presetSchema = new mongoose.Schema({
         type: Number,
     },
     ...conversationPreset,
-    agentOptions: {
-        type: mongoose.Schema.Types.Mixed,
-        default: null,
-    },
 }, { timestamps: true });
 
 const projectSchema = new mongoose.Schema({
@@ -2002,6 +2288,11 @@ const rolePermissionsSchema = new mongoose.Schema({
     [librechatDataProvider.PermissionTypes.FILE_CITATIONS]: {
         [librechatDataProvider.Permissions.USE]: { type: Boolean },
     },
+    [librechatDataProvider.PermissionTypes.MCP_SERVERS]: {
+        [librechatDataProvider.Permissions.USE]: { type: Boolean },
+        [librechatDataProvider.Permissions.CREATE]: { type: Boolean },
+        [librechatDataProvider.Permissions.SHARE]: { type: Boolean },
+    },
 }, { _id: false });
 const roleSchema = new mongoose.Schema({
     name: { type: String, required: true, unique: true, index: true },
@@ -2145,6 +2436,7 @@ const transactionSchema = new mongoose.Schema({
     },
     model: {
         type: String,
+        index: true,
     },
     context: {
         type: String,
@@ -2292,6 +2584,17 @@ const userSchema = new mongoose.Schema({
         },
         default: {},
     },
+    favorites: {
+        type: [
+            {
+                _id: false,
+                agentId: String, // for agent
+                model: String, // for model
+                endpoint: String, // for model
+            },
+        ],
+        default: [],
+    },
     /** Field for external source identification (for consistency with TPrincipal schema) */
     idOnTheSource: {
         type: String,
@@ -2511,26 +2814,6 @@ const getSyncConfig = () => ({
     batchSize: parseInt(process.env.MEILI_SYNC_BATCH_SIZE || '100', 10),
     delayMs: parseInt(process.env.MEILI_SYNC_DELAY_MS || '100', 10),
 });
-/**
- * Local implementation of parseTextParts to avoid dependency on librechat-data-provider
- * Extracts text content from an array of content items
- */
-const parseTextParts = (content) => {
-    if (!Array.isArray(content)) {
-        return '';
-    }
-    return content
-        .filter((item) => item.type === 'text' && typeof item.text === 'string')
-        .map((item) => item.text)
-        .join(' ')
-        .trim();
-};
-/**
- * Local implementation to handle Bing convoId conversion
- */
-const cleanUpPrimaryKeyValue = (value) => {
-    return value.replace(/--/g, '|');
-};
 /**
  * Validates the required options for configuring the mongoMeili plugin.
  */
@@ -2592,7 +2875,8 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
                 const { batchSize, delayMs } = syncConfig;
                 logger.info(`[syncWithMeili] Starting sync for ${primaryKey === 'messageId' ? 'messages' : 'conversations'} with batch size ${batchSize}`);
                 // Build query with resume capability
-                const query = {};
+                // Do not sync TTL documents
+                const query = { expiredAt: null };
                 if (options === null || options === void 0 ? void 0 : options.resumeFromId) {
                     query._id = { $gt: options.resumeFromId };
                 }
@@ -2720,7 +3004,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
             const data = await index.search(q, params);
             if (populate) {
                 const query = {};
-                query[primaryKey] = _.map(data.hits, (hit) => cleanUpPrimaryKeyValue(hit[primaryKey]));
+                query[primaryKey] = _.map(data.hits, (hit) => hit[primaryKey]);
                 const projection = Object.keys(this.schema.obj).reduce((results, key) => {
                     if (!key.startsWith('$')) {
                         results[key] = 1;
@@ -2754,7 +3038,7 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
                 object.conversationId = object.conversationId.replace(/\|/g, '--');
             }
             if (object.content && Array.isArray(object.content)) {
-                object.text = parseTextParts(object.content);
+                object.text = librechatDataProvider.parseTextParts(object.content);
                 delete object.content;
             }
             return object;
@@ -2763,6 +3047,10 @@ const createMeiliMongooseModel = ({ index, attributesToIndex, syncOptions, }) =>
          * Adds the current document to the MeiliSearch index with retry logic
          */
         async addObjectToMeili(next) {
+            // If this conversation or message has a TTL, don't index it
+            if (!_.isNil(this.expiredAt)) {
+                return next();
+            }
             const object = this.preprocessObjectForIndex();
             const maxRetries = 3;
             let retryCount = 0;
@@ -3077,7 +3365,38 @@ function createAgentModel(mongoose) {
  * Creates or returns the AgentCategory model using the provided mongoose instance and schema
  */
 function createAgentCategoryModel(mongoose) {
-    return mongoose.models.AgentCategory || mongoose.model('AgentCategory', agentCategorySchema);
+    return (mongoose.models.AgentCategory ||
+        mongoose.model('AgentCategory', agentCategorySchema));
+}
+
+const mcpServerSchema = new mongoose.Schema({
+    serverName: {
+        type: String,
+        index: true,
+        unique: true,
+        required: true,
+    },
+    config: {
+        type: mongoose.Schema.Types.Mixed,
+        required: true,
+        // Config contains: title, description, url, oauth, etc.
+    },
+    author: {
+        type: mongoose.Schema.Types.ObjectId,
+        ref: 'User',
+        required: true,
+        index: true,
+    },
+}, {
+    timestamps: true,
+});
+mcpServerSchema.index({ updatedAt: -1, _id: 1 });
+
+/**
+ * Creates or returns the MCPServer model using the provided mongoose instance and schema
+ */
+function createMCPServerModel(mongoose) {
+    return (mongoose.models.MCPServer || mongoose.model('MCPServer', mcpServerSchema));
 }
 
 /**
@@ -3205,7 +3524,7 @@ const accessRoleSchema = new mongoose.Schema({
     description: String,
     resourceType: {
         type: String,
-        enum: ['agent', 'project', 'file', 'promptGroup'],
+        enum: ['agent', 'project', 'file', 'promptGroup', 'mcpServer'],
         required: true,
         default: 'agent',
     },
@@ -3306,6 +3625,7 @@ function createModels(mongoose) {
         Message: createMessageModel(mongoose),
         Agent: createAgentModel(mongoose),
         AgentCategory: createAgentCategoryModel(mongoose),
+        MCPServer: createMCPServerModel(mongoose),
         Role: createRoleModel(mongoose),
         Action: createActionModel(mongoose),
         Assistant: createAssistantModel(mongoose),
@@ -3328,7 +3648,6 @@ function createModels(mongoose) {
     };
 }
 
-var _a;
 class SessionError extends Error {
     constructor(message, code = 'SESSION_ERROR') {
         super(message);
@@ -3336,22 +3655,24 @@ class SessionError extends Error {
         this.code = code;
     }
 }
-const { REFRESH_TOKEN_EXPIRY } = (_a = process.env) !== null && _a !== void 0 ? _a : {};
-const expires = REFRESH_TOKEN_EXPIRY ? eval(REFRESH_TOKEN_EXPIRY) : 1000 * 60 * 60 * 24 * 7; // 7 days default
+/** Default refresh token expiry: 7 days in milliseconds */
+const DEFAULT_REFRESH_TOKEN_EXPIRY = 1000 * 60 * 60 * 24 * 7;
 // Factory function that takes mongoose instance and returns the methods
 function createSessionMethods(mongoose) {
     /**
      * Creates a new session for a user
      */
     async function createSession(userId, options = {}) {
+        var _a;
         if (!userId) {
             throw new SessionError('User ID is required', 'INVALID_USER_ID');
         }
+        const expiresIn = (_a = options.expiresIn) !== null && _a !== void 0 ? _a : DEFAULT_REFRESH_TOKEN_EXPIRY;
         try {
             const Session = mongoose.models.Session;
             const currentSession = new Session({
                 user: userId,
-                expiration: options.expiration || new Date(Date.now() + expires),
+                expiration: options.expiration || new Date(Date.now() + expiresIn),
             });
             const refreshToken = await generateRefreshToken(currentSession);
             return { session: currentSession, refreshToken };
@@ -3405,14 +3726,16 @@ function createSessionMethods(mongoose) {
     /**
      * Updates session expiration
      */
-    async function updateExpiration(session, newExpiration) {
+    async function updateExpiration(session, newExpiration, options = {}) {
+        var _a;
+        const expiresIn = (_a = options.expiresIn) !== null && _a !== void 0 ? _a : DEFAULT_REFRESH_TOKEN_EXPIRY;
         try {
             const Session = mongoose.models.Session;
             const sessionDoc = typeof session === 'string' ? await Session.findById(session) : session;
             if (!sessionDoc) {
                 throw new SessionError('Session not found', 'SESSION_NOT_FOUND');
             }
-            sessionDoc.expiration = newExpiration || new Date(Date.now() + expires);
+            sessionDoc.expiration = newExpiration || new Date(Date.now() + expiresIn);
             return await sessionDoc.save();
         }
         catch (error) {
@@ -3483,7 +3806,9 @@ function createSessionMethods(mongoose) {
             throw new SessionError('Invalid session object', 'INVALID_SESSION');
         }
         try {
-            const expiresIn = session.expiration ? session.expiration.getTime() : Date.now() + expires;
+            const expiresIn = session.expiration
+                ? session.expiration.getTime()
+                : Date.now() + DEFAULT_REFRESH_TOKEN_EXPIRY;
             if (!session.expiration) {
                 session.expiration = new Date(expiresIn);
             }
@@ -3689,6 +4014,8 @@ function createRoleMethods(mongoose) {
     };
 }
 
+/** Default JWT session expiry: 15 minutes in milliseconds */
+const DEFAULT_SESSION_EXPIRY = 1000 * 60 * 15;
 /** Factory function that takes mongoose instance and returns the methods */
 function createUserMethods(mongoose) {
     /**
@@ -3814,23 +4141,14 @@ function createUserMethods(mongoose) {
     }
     /**
      * Generates a JWT token for a given user.
+     * @param user - The user object
+     * @param expiresIn - Optional expiry time in milliseconds. Default: 15 minutes
      */
-    async function generateToken(user) {
+    async function generateToken(user, expiresIn) {
         if (!user) {
             throw new Error('No user provided');
         }
-        let expires = 1000 * 60 * 15;
-        if (process.env.SESSION_EXPIRY !== undefined && process.env.SESSION_EXPIRY !== '') {
-            try {
-                const evaluated = eval(process.env.SESSION_EXPIRY);
-                if (evaluated) {
-                    expires = evaluated;
-                }
-            }
-            catch (error) {
-                console.warn('Invalid SESSION_EXPIRY expression, using default:', error);
-            }
-        }
+        const expires = expiresIn !== null && expiresIn !== void 0 ? expiresIn : DEFAULT_SESSION_EXPIRY;
         return await signPayload({
             payload: {
                 id: user._id,
@@ -3924,6 +4242,26 @@ function createUserMethods(mongoose) {
             return userWithoutScore;
         });
     };
+    /**
+     * Updates the plugins for a user based on the action specified (install/uninstall).
+     * @param userId - The user ID whose plugins are to be updated
+     * @param plugins - The current plugins array
+     * @param pluginKey - The key of the plugin to install or uninstall
+     * @param action - The action to perform, 'install' or 'uninstall'
+     * @returns The result of the update operation or null if action is invalid
+     */
+    async function updateUserPlugins(userId, plugins, pluginKey, action) {
+        const userPlugins = plugins !== null && plugins !== void 0 ? plugins : [];
+        if (action === 'install') {
+            return updateUser(userId, { plugins: [...userPlugins, pluginKey] });
+        }
+        if (action === 'uninstall') {
+            return updateUser(userId, {
+                plugins: userPlugins.filter((plugin) => plugin !== pluginKey),
+            });
+        }
+        return null;
+    }
     return {
         findUser,
         countUsers,
@@ -3933,10 +4271,356 @@ function createUserMethods(mongoose) {
         getUserById,
         generateToken,
         deleteUserById,
+        updateUserPlugins,
         toggleUserMemories,
     };
 }
 
+/** Factory function that takes mongoose instance and returns the key methods */
+function createKeyMethods(mongoose) {
+    /**
+     * Retrieves and decrypts the key value for a given user identified by userId and identifier name.
+     * @param params - The parameters object
+     * @param params.userId - The unique identifier for the user
+     * @param params.name - The name associated with the key
+     * @returns The decrypted key value
+     * @throws Error if the key is not found or if there is a problem during key retrieval
+     * @description This function searches for a user's key in the database using their userId and name.
+     *              If found, it decrypts the value of the key and returns it. If no key is found, it throws
+     *              an error indicating that there is no user key available.
+     */
+    async function getUserKey(params) {
+        const { userId, name } = params;
+        const Key = mongoose.models.Key;
+        const keyValue = (await Key.findOne({ userId, name }).lean());
+        if (!keyValue) {
+            throw new Error(JSON.stringify({
+                type: librechatDataProvider.ErrorTypes.NO_USER_KEY,
+            }));
+        }
+        return await decrypt(keyValue.value);
+    }
+    /**
+     * Retrieves, decrypts, and parses the key values for a given user identified by userId and name.
+     * @param params - The parameters object
+     * @param params.userId - The unique identifier for the user
+     * @param params.name - The name associated with the key
+     * @returns The decrypted and parsed key values
+     * @throws Error if the key is invalid or if there is a problem during key value parsing
+     * @description This function retrieves a user's encrypted key using their userId and name, decrypts it,
+     *              and then attempts to parse the decrypted string into a JSON object. If the parsing fails,
+     *              it throws an error indicating that the user key is invalid.
+     */
+    async function getUserKeyValues(params) {
+        const { userId, name } = params;
+        const userValues = await getUserKey({ userId, name });
+        try {
+            return JSON.parse(userValues);
+        }
+        catch (e) {
+            logger$1.error('[getUserKeyValues]', e);
+            throw new Error(JSON.stringify({
+                type: librechatDataProvider.ErrorTypes.INVALID_USER_KEY,
+            }));
+        }
+    }
+    /**
+     * Retrieves the expiry information of a user's key identified by userId and name.
+     * @param params - The parameters object
+     * @param params.userId - The unique identifier for the user
+     * @param params.name - The name associated with the key
+     * @returns The expiry date of the key or null if the key doesn't exist
+     * @description This function fetches a user's key from the database using their userId and name and
+     *              returns its expiry date. If the key is not found, it returns null for the expiry date.
+     */
+    async function getUserKeyExpiry(params) {
+        const { userId, name } = params;
+        const Key = mongoose.models.Key;
+        const keyValue = (await Key.findOne({ userId, name }).lean());
+        if (!keyValue) {
+            return { expiresAt: null };
+        }
+        return { expiresAt: keyValue.expiresAt || 'never' };
+    }
+    /**
+     * Updates or inserts a new key for a given user identified by userId and name, with a specified value and expiry date.
+     * @param params - The parameters object
+     * @param params.userId - The unique identifier for the user
+     * @param params.name - The name associated with the key
+     * @param params.value - The value to be encrypted and stored as the key's value
+     * @param params.expiresAt - The expiry date for the key [optional]
+     * @returns The updated or newly inserted key document
+     * @description This function either updates an existing user key or inserts a new one into the database,
+     *              after encrypting the provided value. It sets the provided expiry date for the key (or unsets for no expiry).
+     */
+    async function updateUserKey(params) {
+        const { userId, name, value, expiresAt = null } = params;
+        const Key = mongoose.models.Key;
+        const encryptedValue = await encrypt(value);
+        const updateObject = {
+            userId,
+            name,
+            value: encryptedValue,
+        };
+        const updateQuery = {
+            $set: updateObject,
+        };
+        if (expiresAt) {
+            updateObject.expiresAt = new Date(expiresAt);
+        }
+        else {
+            updateQuery.$unset = { expiresAt: '' };
+        }
+        return await Key.findOneAndUpdate({ userId, name }, updateQuery, {
+            upsert: true,
+            new: true,
+        }).lean();
+    }
+    /**
+     * Deletes a key or all keys for a given user identified by userId, optionally based on a specified name.
+     * @param params - The parameters object
+     * @param params.userId - The unique identifier for the user
+     * @param params.name - The name associated with the key to delete. If not provided and all is true, deletes all keys
+     * @param params.all - Whether to delete all keys for the user
+     * @returns The result of the deletion operation
+     * @description This function deletes a specific key or all keys for a user from the database.
+     *              If a name is provided and all is false, it deletes only the key with that name.
+     *              If all is true, it ignores the name and deletes all keys for the user.
+     */
+    async function deleteUserKey(params) {
+        const { userId, name, all = false } = params;
+        const Key = mongoose.models.Key;
+        if (all) {
+            return await Key.deleteMany({ userId });
+        }
+        return await Key.findOneAndDelete({ userId, name }).lean();
+    }
+    return {
+        getUserKey,
+        updateUserKey,
+        deleteUserKey,
+        getUserKeyValues,
+        getUserKeyExpiry,
+    };
+}
+
+/** Factory function that takes mongoose instance and returns the file methods */
+function createFileMethods(mongoose) {
+    /**
+     * Finds a file by its file_id with additional query options.
+     * @param file_id - The unique identifier of the file
+     * @param options - Query options for filtering, projection, etc.
+     * @returns A promise that resolves to the file document or null
+     */
+    async function findFileById(file_id, options = {}) {
+        const File = mongoose.models.File;
+        return File.findOne({ file_id, ...options }).lean();
+    }
+    /**
+     * Retrieves files matching a given filter, sorted by the most recently updated.
+     * @param filter - The filter criteria to apply
+     * @param _sortOptions - Optional sort parameters
+     * @param selectFields - Fields to include/exclude in the query results. Default excludes the 'text' field
+     * @param options - Additional query options (userId, agentId for ACL)
+     * @returns A promise that resolves to an array of file documents
+     */
+    async function getFiles(filter, _sortOptions, selectFields) {
+        const File = mongoose.models.File;
+        const sortOptions = { updatedAt: -1, ..._sortOptions };
+        const query = File.find(filter);
+        if (selectFields != null) {
+            query.select(selectFields);
+        }
+        else {
+            query.select({ text: 0 });
+        }
+        return await query.sort(sortOptions).lean();
+    }
+    /**
+     * Retrieves tool files (files that are embedded or have a fileIdentifier) from an array of file IDs
+     * @param fileIds - Array of file_id strings to search for
+     * @param toolResourceSet - Optional filter for tool resources
+     * @returns Files that match the criteria
+     */
+    async function getToolFilesByIds(fileIds, toolResourceSet) {
+        var _a, _b, _c;
+        if (!fileIds || !fileIds.length || !(toolResourceSet === null || toolResourceSet === void 0 ? void 0 : toolResourceSet.size)) {
+            return [];
+        }
+        try {
+            const filter = {
+                file_id: { $in: fileIds },
+                $or: [],
+            };
+            if (toolResourceSet.has(librechatDataProvider.EToolResources.context)) {
+                (_a = filter.$or) === null || _a === void 0 ? void 0 : _a.push({ text: { $exists: true, $ne: null }, context: librechatDataProvider.FileContext.agents });
+            }
+            if (toolResourceSet.has(librechatDataProvider.EToolResources.file_search)) {
+                (_b = filter.$or) === null || _b === void 0 ? void 0 : _b.push({ embedded: true });
+            }
+            if (toolResourceSet.has(librechatDataProvider.EToolResources.execute_code)) {
+                (_c = filter.$or) === null || _c === void 0 ? void 0 : _c.push({ 'metadata.fileIdentifier': { $exists: true } });
+            }
+            const selectFields = { text: 0 };
+            const sortOptions = { updatedAt: -1 };
+            const results = await getFiles(filter, sortOptions, selectFields);
+            return results !== null && results !== void 0 ? results : [];
+        }
+        catch (error) {
+            logger$1.error('[getToolFilesByIds] Error retrieving tool files:', error);
+            throw new Error('Error retrieving tool files');
+        }
+    }
+    /**
+     * Creates a new file with a TTL of 1 hour.
+     * @param data - The file data to be created, must contain file_id
+     * @param disableTTL - Whether to disable the TTL
+     * @returns A promise that resolves to the created file document
+     */
+    async function createFile(data, disableTTL) {
+        const File = mongoose.models.File;
+        const fileData = {
+            ...data,
+            expiresAt: new Date(Date.now() + 3600 * 1000),
+        };
+        if (disableTTL) {
+            delete fileData.expiresAt;
+        }
+        return File.findOneAndUpdate({ file_id: data.file_id }, fileData, {
+            new: true,
+            upsert: true,
+        }).lean();
+    }
+    /**
+     * Updates a file identified by file_id with new data and removes the TTL.
+     * @param data - The data to update, must contain file_id
+     * @returns A promise that resolves to the updated file document
+     */
+    async function updateFile(data) {
+        const File = mongoose.models.File;
+        const { file_id, ...update } = data;
+        const updateOperation = {
+            $set: update,
+            $unset: { expiresAt: '' },
+        };
+        return File.findOneAndUpdate({ file_id }, updateOperation, {
+            new: true,
+        }).lean();
+    }
+    /**
+     * Increments the usage of a file identified by file_id.
+     * @param data - The data to update, must contain file_id and the increment value for usage
+     * @returns A promise that resolves to the updated file document
+     */
+    async function updateFileUsage(data) {
+        const File = mongoose.models.File;
+        const { file_id, inc = 1 } = data;
+        const updateOperation = {
+            $inc: { usage: inc },
+            $unset: { expiresAt: '', temp_file_id: '' },
+        };
+        return File.findOneAndUpdate({ file_id }, updateOperation, {
+            new: true,
+        }).lean();
+    }
+    /**
+     * Deletes a file identified by file_id.
+     * @param file_id - The unique identifier of the file to delete
+     * @returns A promise that resolves to the deleted file document or null
+     */
+    async function deleteFile(file_id) {
+        const File = mongoose.models.File;
+        return File.findOneAndDelete({ file_id }).lean();
+    }
+    /**
+     * Deletes a file identified by a filter.
+     * @param filter - The filter criteria to apply
+     * @returns A promise that resolves to the deleted file document or null
+     */
+    async function deleteFileByFilter(filter) {
+        const File = mongoose.models.File;
+        return File.findOneAndDelete(filter).lean();
+    }
+    /**
+     * Deletes multiple files identified by an array of file_ids.
+     * @param file_ids - The unique identifiers of the files to delete
+     * @param user - Optional user ID to filter by
+     * @returns A promise that resolves to the result of the deletion operation
+     */
+    async function deleteFiles(file_ids, user) {
+        const File = mongoose.models.File;
+        let deleteQuery = { file_id: { $in: file_ids } };
+        if (user) {
+            deleteQuery = { user: user };
+        }
+        return File.deleteMany(deleteQuery);
+    }
+    /**
+     * Batch updates files with new signed URLs in MongoDB
+     * @param updates - Array of updates in the format { file_id, filepath }
+     */
+    async function batchUpdateFiles(updates) {
+        if (!updates || updates.length === 0) {
+            return;
+        }
+        const File = mongoose.models.File;
+        const bulkOperations = updates.map((update) => ({
+            updateOne: {
+                filter: { file_id: update.file_id },
+                update: { $set: { filepath: update.filepath } },
+            },
+        }));
+        const result = await File.bulkWrite(bulkOperations);
+        logger$1.info(`Updated ${result.modifiedCount} files with new S3 URLs`);
+    }
+    /**
+     * Updates usage tracking for multiple files.
+     * Processes files and optional fileIds, updating their usage count in the database.
+     *
+     * @param files - Array of file objects to process
+     * @param fileIds - Optional array of file IDs to process
+     * @returns Array of updated file documents (with null results filtered out)
+     */
+    async function updateFilesUsage(files, fileIds) {
+        const promises = [];
+        const seen = new Set();
+        for (const file of files) {
+            const { file_id } = file;
+            if (seen.has(file_id)) {
+                continue;
+            }
+            seen.add(file_id);
+            promises.push(updateFileUsage({ file_id }));
+        }
+        if (!fileIds) {
+            const results = await Promise.all(promises);
+            return results.filter((result) => result != null);
+        }
+        for (const file_id of fileIds) {
+            if (seen.has(file_id)) {
+                continue;
+            }
+            seen.add(file_id);
+            promises.push(updateFileUsage({ file_id }));
+        }
+        const results = await Promise.all(promises);
+        return results.filter((result) => result != null);
+    }
+    return {
+        findFileById,
+        getFiles,
+        getToolFilesByIds,
+        createFile,
+        updateFile,
+        updateFileUsage,
+        deleteFile,
+        deleteFiles,
+        deleteFileByFilter,
+        batchUpdateFiles,
+        updateFilesUsage,
+    };
+}
+
 /**
  * Formats a date in YYYY-MM-DD format
  */
@@ -4284,6 +4968,258 @@ function createAgentCategoryMethods(mongoose) {
     };
 }
 
+const NORMALIZED_LIMIT_DEFAULT = 20;
+const MAX_CREATE_RETRIES = 5;
+const RETRY_BASE_DELAY_MS = 25;
+/**
+ * Helper to check if an error is a MongoDB duplicate key error.
+ * Since serverName is the only unique index on MCPServer, any E11000 error
+ * during creation is necessarily a serverName collision.
+ */
+function isDuplicateKeyError(error) {
+    if (error && typeof error === 'object' && 'code' in error) {
+        const mongoError = error;
+        return mongoError.code === 11000;
+    }
+    return false;
+}
+/**
+ * Escapes special regex characters in a string so they are treated literally.
+ */
+function escapeRegex(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+/**
+ * Generates a URL-friendly server name from a title.
+ * Converts to lowercase, replaces spaces with hyphens, removes special characters.
+ */
+function generateServerNameFromTitle(title) {
+    const slug = title
+        .toLowerCase()
+        .trim()
+        .replace(/[^a-z0-9\s-]/g, '') // Remove special chars except spaces and hyphens
+        .replace(/\s+/g, '-') // Replace spaces with hyphens
+        .replace(/-+/g, '-') // Remove consecutive hyphens
+        .replace(/^-|-$/g, ''); // Trim leading/trailing hyphens
+    return slug || 'mcp-server'; // Fallback if empty
+}
+function createMCPServerMethods(mongoose) {
+    /**
+     * Finds the next available server name by checking for duplicates.
+     * If baseName exists, returns baseName-2, baseName-3, etc.
+     */
+    async function findNextAvailableServerName(baseName) {
+        const MCPServer = mongoose.models.MCPServer;
+        // Find all servers with matching base name pattern (baseName or baseName-N)
+        const escapedBaseName = escapeRegex(baseName);
+        const existing = await MCPServer.find({
+            serverName: { $regex: `^${escapedBaseName}(-\\d+)?$` },
+        })
+            .select('serverName')
+            .lean();
+        if (existing.length === 0) {
+            return baseName;
+        }
+        // Extract numbers from existing names
+        const numbers = existing.map((s) => {
+            const match = s.serverName.match(/-(\d+)$/);
+            return match ? parseInt(match[1], 10) : 1;
+        });
+        const maxNumber = Math.max(...numbers);
+        return `${baseName}-${maxNumber + 1}`;
+    }
+    /**
+     * Create a new MCP server with retry logic for handling race conditions.
+     * When multiple requests try to create servers with the same title simultaneously,
+     * they may get the same serverName from findNextAvailableServerName() before any
+     * creates the record (TOCTOU race condition). This is handled by retrying with
+     * exponential backoff when a duplicate key error occurs.
+     * @param data - Object containing config (with title, description, url, etc.) and author
+     * @returns The created MCP server document
+     */
+    async function createMCPServer(data) {
+        const MCPServer = mongoose.models.MCPServer;
+        let lastError;
+        for (let attempt = 0; attempt < MAX_CREATE_RETRIES; attempt++) {
+            try {
+                // Generate serverName from title, with fallback to nanoid if no title
+                // Important: regenerate on each attempt to get fresh available name
+                let serverName;
+                if (data.config.title) {
+                    const baseSlug = generateServerNameFromTitle(data.config.title);
+                    serverName = await findNextAvailableServerName(baseSlug);
+                }
+                else {
+                    serverName = `mcp-${nanoid.nanoid(16)}`;
+                }
+                const newServer = await MCPServer.create({
+                    serverName,
+                    config: data.config,
+                    author: data.author,
+                });
+                return newServer.toObject();
+            }
+            catch (error) {
+                lastError = error;
+                // Only retry on duplicate key errors (serverName collision)
+                if (isDuplicateKeyError(error) && attempt < MAX_CREATE_RETRIES - 1) {
+                    // Exponential backoff: 10ms, 20ms, 40ms
+                    const delay = RETRY_BASE_DELAY_MS * Math.pow(2, attempt);
+                    logger$1.debug(`[createMCPServer] Duplicate serverName detected, retrying (attempt ${attempt + 2}/${MAX_CREATE_RETRIES}) after ${delay}ms`);
+                    await new Promise((resolve) => setTimeout(resolve, delay));
+                    continue;
+                }
+                // Not a duplicate key error or out of retries - throw immediately
+                throw error;
+            }
+        }
+        // Should not reach here, but TypeScript requires a return
+        throw lastError;
+    }
+    /**
+     * Find an MCP server by serverName
+     * @param serverName - The MCP server ID
+     * @returns The MCP server document or null
+     */
+    async function findMCPServerById(serverName) {
+        const MCPServer = mongoose.models.MCPServer;
+        return await MCPServer.findOne({ serverName }).lean();
+    }
+    /**
+     * Find an MCP server by MongoDB ObjectId
+     * @param _id - The MongoDB ObjectId
+     * @returns The MCP server document or null
+     */
+    async function findMCPServerByObjectId(_id) {
+        const MCPServer = mongoose.models.MCPServer;
+        return await MCPServer.findById(_id).lean();
+    }
+    /**
+     * Find MCP servers by author
+     * @param authorId - The author's ObjectId or string
+     * @returns Array of MCP server documents
+     */
+    async function findMCPServersByAuthor(authorId) {
+        const MCPServer = mongoose.models.MCPServer;
+        return await MCPServer.find({ author: authorId }).sort({ updatedAt: -1 }).lean();
+    }
+    /**
+     * Get a paginated list of MCP servers by IDs with filtering and search
+     * @param ids - Array of ObjectIds to include
+     * @param otherParams - Additional filter parameters (e.g., search)
+     * @param limit - Page size limit (null for no pagination)
+     * @param after - Cursor for pagination
+     * @returns Paginated list of MCP servers
+     */
+    async function getListMCPServersByIds({ ids = [], otherParams = {}, limit = null, after = null, }) {
+        const MCPServer = mongoose.models.MCPServer;
+        const isPaginated = limit !== null && limit !== undefined;
+        const normalizedLimit = isPaginated
+            ? Math.min(Math.max(1, parseInt(String(limit)) || NORMALIZED_LIMIT_DEFAULT), 100)
+            : null;
+        // Build base query combining accessible servers with other filters
+        const baseQuery = { ...otherParams, _id: { $in: ids } };
+        // Add cursor condition
+        if (after) {
+            try {
+                const cursor = JSON.parse(Buffer.from(after, 'base64').toString('utf8'));
+                const { updatedAt, _id } = cursor;
+                const cursorCondition = {
+                    $or: [
+                        { updatedAt: { $lt: new Date(updatedAt) } },
+                        { updatedAt: new Date(updatedAt), _id: { $gt: new mongoose.Types.ObjectId(_id) } },
+                    ],
+                };
+                // Merge cursor condition with base query
+                if (Object.keys(baseQuery).length > 0) {
+                    baseQuery.$and = [{ ...baseQuery }, cursorCondition];
+                    // Remove the original conditions from baseQuery to avoid duplication
+                    Object.keys(baseQuery).forEach((key) => {
+                        if (key !== '$and') {
+                            delete baseQuery[key];
+                        }
+                    });
+                }
+            }
+            catch (error) {
+                // Invalid cursor, ignore
+                logger$1.warn('[getListMCPServersByIds] Invalid cursor provided', error);
+            }
+        }
+        if (normalizedLimit === null) {
+            // No pagination - return all matching servers
+            const servers = await MCPServer.find(baseQuery).sort({ updatedAt: -1, _id: 1 }).lean();
+            return {
+                data: servers,
+                has_more: false,
+                after: null,
+            };
+        }
+        // Paginated query - assign to const to help TypeScript
+        const servers = await MCPServer.find(baseQuery)
+            .sort({ updatedAt: -1, _id: 1 })
+            .limit(normalizedLimit + 1)
+            .lean();
+        const hasMore = servers.length > normalizedLimit;
+        const data = hasMore ? servers.slice(0, normalizedLimit) : servers;
+        let nextCursor = null;
+        if (hasMore && data.length > 0) {
+            const lastItem = data[data.length - 1];
+            nextCursor = Buffer.from(JSON.stringify({
+                updatedAt: lastItem.updatedAt,
+                _id: lastItem._id,
+            })).toString('base64');
+        }
+        return {
+            data,
+            has_more: hasMore,
+            after: nextCursor,
+        };
+    }
+    /**
+     * Update an MCP server
+     * @param serverName - The MCP server ID
+     * @param updateData - Object containing config to update
+     * @returns The updated MCP server document or null
+     */
+    async function updateMCPServer(serverName, updateData) {
+        const MCPServer = mongoose.models.MCPServer;
+        return await MCPServer.findOneAndUpdate({ serverName }, { $set: updateData }, { new: true, runValidators: true }).lean();
+    }
+    /**
+     * Delete an MCP server
+     * @param serverName - The MCP server ID
+     * @returns The deleted MCP server document or null
+     */
+    async function deleteMCPServer(serverName) {
+        const MCPServer = mongoose.models.MCPServer;
+        return await MCPServer.findOneAndDelete({ serverName }).lean();
+    }
+    /**
+     * Get MCP servers by their serverName strings
+     * @param names - Array of serverName strings to fetch
+     * @returns Object containing array of MCP server documents
+     */
+    async function getListMCPServersByNames({ names = [] }) {
+        if (names.length === 0) {
+            return { data: [] };
+        }
+        const MCPServer = mongoose.models.MCPServer;
+        const servers = await MCPServer.find({ serverName: { $in: names } }).lean();
+        return { data: servers };
+    }
+    return {
+        createMCPServer,
+        findMCPServerById,
+        findMCPServerByObjectId,
+        findMCPServersByAuthor,
+        getListMCPServersByIds,
+        getListMCPServersByNames,
+        updateMCPServer,
+        deleteMCPServer,
+    };
+}
+
 // Factory function that takes mongoose instance and returns the methods
 function createPluginAuthMethods(mongoose) {
     /**
@@ -4511,6 +5447,27 @@ function createAccessRoleMethods(mongoose) {
                 resourceType: librechatDataProvider.ResourceType.PROMPTGROUP,
                 permBits: exports.RoleBits.OWNER,
             },
+            {
+                accessRoleId: librechatDataProvider.AccessRoleIds.MCPSERVER_VIEWER,
+                name: 'com_ui_mcp_server_role_viewer',
+                description: 'com_ui_mcp_server_role_viewer_desc',
+                resourceType: librechatDataProvider.ResourceType.MCPSERVER,
+                permBits: exports.RoleBits.VIEWER,
+            },
+            {
+                accessRoleId: librechatDataProvider.AccessRoleIds.MCPSERVER_EDITOR,
+                name: 'com_ui_mcp_server_role_editor',
+                description: 'com_ui_mcp_server_role_editor_desc',
+                resourceType: librechatDataProvider.ResourceType.MCPSERVER,
+                permBits: exports.RoleBits.EDITOR,
+            },
+            {
+                accessRoleId: librechatDataProvider.AccessRoleIds.MCPSERVER_OWNER,
+                name: 'com_ui_mcp_server_role_owner',
+                description: 'com_ui_mcp_server_role_owner_desc',
+                resourceType: librechatDataProvider.ResourceType.MCPSERVER,
+                permBits: exports.RoleBits.OWNER,
+            },
         ];
         const result = {};
         for (const role of defaultRoles) {
@@ -5091,6 +6048,49 @@ function createAclEntryMethods(mongoose$1) {
         }
         return effectiveBits;
     }
+    /**
+     * Get effective permissions for multiple resources in a single query (BATCH)
+     * Returns a map of resourceId → effectivePermissionBits
+     *
+     * @param principalsList - List of principals (user + groups + public)
+     * @param resourceType - The type of resource ('MCPSERVER', 'AGENT', etc.)
+     * @param resourceIds - Array of resource IDs to check
+     * @returns {Promise<Map<string, number>>} Map of resourceId → permission bits
+     *
+     * @example
+     * const principals = await getUserPrincipals({ userId, role });
+     * const serverIds = [id1, id2, id3];
+     * const permMap = await getEffectivePermissionsForResources(
+     *   principals,
+     *   ResourceType.MCPSERVER,
+     *   serverIds
+     * );
+     * // permMap.get(id1.toString()) → 7 (VIEW|EDIT|DELETE)
+     */
+    async function getEffectivePermissionsForResources(principalsList, resourceType, resourceIds) {
+        if (!Array.isArray(resourceIds) || resourceIds.length === 0) {
+            return new Map();
+        }
+        const AclEntry = mongoose$1.models.AclEntry;
+        const principalsQuery = principalsList.map((p) => ({
+            principalType: p.principalType,
+            ...(p.principalType !== librechatDataProvider.PrincipalType.PUBLIC && { principalId: p.principalId }),
+        }));
+        // Batch query for all resources at once
+        const aclEntries = await AclEntry.find({
+            $or: principalsQuery,
+            resourceType,
+            resourceId: { $in: resourceIds },
+        }).lean();
+        // Compute effective permissions per resource
+        const permissionsMap = new Map();
+        for (const entry of aclEntries) {
+            const rid = entry.resourceId.toString();
+            const currentBits = permissionsMap.get(rid) || 0;
+            permissionsMap.set(rid, currentBits | entry.permBits);
+        }
+        return permissionsMap;
+    }
     /**
      * Grant permission to a principal for a resource
      * @param principalType - The type of principal ('user', 'group', 'public')
@@ -5231,6 +6231,7 @@ function createAclEntryMethods(mongoose$1) {
         findEntriesByPrincipalsAndResource,
         hasPermission,
         getEffectivePermissions,
+        getEffectivePermissionsForResources,
         grantPermission,
         revokePermission,
         modifyPermissionBits,
@@ -5706,6 +6707,7 @@ function createShareMethods(mongoose) {
 
 /**
  * Creates all database methods for all collections
+ * @param mongoose - Mongoose instance
  */
 function createMethods(mongoose) {
     return {
@@ -5713,8 +6715,11 @@ function createMethods(mongoose) {
         ...createSessionMethods(mongoose),
         ...createTokenMethods(mongoose),
         ...createRoleMethods(mongoose),
+        ...createKeyMethods(mongoose),
+        ...createFileMethods(mongoose),
         ...createMemoryMethods(mongoose),
         ...createAgentCategoryMethods(mongoose),
+        ...createMCPServerMethods(mongoose),
         ...createAccessRoleMethods(mongoose),
         ...createUserGroupMethods(mongoose),
         ...createAclEntryMethods(mongoose),
@@ -5724,6 +6729,8 @@ function createMethods(mongoose) {
 }
 
 exports.AppService = AppService;
+exports.DEFAULT_REFRESH_TOKEN_EXPIRY = DEFAULT_REFRESH_TOKEN_EXPIRY;
+exports.DEFAULT_SESSION_EXPIRY = DEFAULT_SESSION_EXPIRY;
 exports.actionSchema = Action;
 exports.agentCategorySchema = agentCategorySchema;
 exports.agentSchema = agentSchema;
@@ -5736,10 +6743,19 @@ exports.conversationTagSchema = conversationTag;
 exports.convoSchema = convoSchema;
 exports.createMethods = createMethods;
 exports.createModels = createModels;
+exports.decrypt = decrypt;
+exports.decryptV2 = decryptV2;
+exports.decryptV3 = decryptV3;
+exports.defaultVertexModels = defaultVertexModels;
+exports.encrypt = encrypt;
+exports.encryptV2 = encryptV2;
+exports.encryptV3 = encryptV3;
 exports.fileSchema = file;
+exports.getRandomValues = getRandomValues;
 exports.getTransactionSupport = getTransactionSupport;
 exports.getWebSearchKeys = getWebSearchKeys;
 exports.groupSchema = groupSchema;
+exports.hashBackupCode = hashBackupCode;
 exports.hashToken = hashToken;
 exports.keySchema = keySchema;
 exports.loadDefaultInterface = loadDefaultInterface;
@@ -5764,6 +6780,8 @@ exports.tokenSchema = tokenSchema;
 exports.toolCallSchema = toolCallSchema;
 exports.transactionSchema = transactionSchema;
 exports.userSchema = userSchema;
+exports.validateVertexConfig = validateVertexConfig;
+exports.vertexConfigSetup = vertexConfigSetup;
 exports.webSearchAuth = webSearchAuth;
 exports.webSearchKeys = webSearchKeys;
 //# sourceMappingURL=index.cjs.map