From a2d4adf455e2ac90f75fe5aa664075c5901e6510 Mon Sep 17 00:00:00 2001 From: Danny Avila Date: Wed, 28 Jan 2026 10:12:54 -0500 Subject: [PATCH 01/10] docs: add changelog for v0.8.2 release with major accessibility improvements, dynamic MCP server management, and new model support --- components/changelog/content/v0.8.2.mdx | 115 ++++++++++++++++++++++++ pages/changelog/v0.8.2.mdx | 14 +++ 2 files changed, 129 insertions(+) create mode 100644 components/changelog/content/v0.8.2.mdx create mode 100644 pages/changelog/v0.8.2.mdx diff --git a/components/changelog/content/v0.8.2.mdx b/components/changelog/content/v0.8.2.mdx new file mode 100644 index 000000000..3a35dabef --- /dev/null +++ b/components/changelog/content/v0.8.2.mdx @@ -0,0 +1,115 @@ +## What's Changed + +## ๐Ÿž๏ธ Highlights + +Major features and improvements since [v0.8.1](https://www.librechat.ai/changelog/v0.8.1) + +### ๐Ÿ‘ Major Accessibility Overhaul +Extensive improvements to meet WCAG standards with better screen reader support, keyboard navigation, focus management, and contrast ratios across the entire application. + +### ๐Ÿ—๏ธ Dynamic MCP Server Management +Add, configure, and share MCP servers directly from the UI with full access control. Includes API key authentication support, domain restrictions for remote transports, and improved OAuth handling. + +### ๐Ÿ“Œ Pin Your Favorites +Pin frequently used agents and models to the sidebar for quick access. + +### ๐ŸŒŠ Resumable LLM Streams with Horizontal Scaling +Cross-replica support for resumable streams in Redis mode, enabling seamless horizontal scaling for production deployments. + +### ๐Ÿ“Š Inline Mermaid Diagrams +Render Mermaid diagrams inline within chat messages with enhanced UX and focus rendering. + +### ๐Ÿค– New Model & Provider Support +- **Moonshot Kimi K2** Bedrock support +- **Anthropic Beta** support for Bedrock +- **Anthropic Vertex AI** support +- **Gemini Image Generation Tool** (Nano Banana) +- **Bedrock Guardrails** support +- **GPT-5.1 and GPT-5.2** token pricing updates +- **'Extra High' Reasoning Effort** OpenAI parameter + +### โœจ Additional Notable Features +- **Claude Conversation Importer** with thinking support +- **Floating Copy Button** for code blocks +- **Transparent Chat Header** option +- **Custom Group Icon** support for Model Specs +- **OpenRouter Audio/Video** file upload support +- **Custom Endpoint Support** for Memory LLM Config +- **Bedrock Provider Support** for Memory Agent + +--- + +For detailed changes in each release candidate, see: +- [v0.8.2-rc1](/changelog/v0.8.2-rc1) - Dynamic MCP Server Infrastructure, Accessibility Overhaul, Pin Favorites +- [v0.8.2-rc2](/changelog/v0.8.2-rc2) - Resumable Streams, Mermaid Diagrams, Claude Importer, Bedrock Guardrails +- [v0.8.2-rc3](/changelog/v0.8.2-rc3) - Moonshot Kimi K2, Anthropic Beta for Bedrock + +--- + +## Changes Since v0.8.2-rc3 + +### โœจ Features + +* โœ… Zod Email Validation at Login by [@dustinhealy](https://github.com/dustinhealy) in [#11434](https://github.com/danny-avila/LibreChat/pull/11434) +* โœ…๏ธ Accessible Model Selection Icons and Announcements by [@dustinhealy](https://github.com/dustinhealy) in [#11454](https://github.com/danny-avila/LibreChat/pull/11454) +* ๐Ÿ˜ถโ€๐ŸŒซ๏ธ Better Blur on Collapsed Chat Input by [@dustinhealy](https://github.com/dustinhealy) in [#11464](https://github.com/danny-avila/LibreChat/pull/11464) +* ๐ŸŽฏ High Contrast Focus Outlines for Settings Popup Menu Items by [@dustinhealy](https://github.com/dustinhealy) in [#11451](https://github.com/danny-avila/LibreChat/pull/11451) +* ๐Ÿ”’ Sanitize Placeholders in User-provided MCP Server Config by [@danny-avila](https://github.com/danny-avila) in [#11486](https://github.com/danny-avila/LibreChat/pull/11486) + +### ๐Ÿ› Fixes + +* ๐ŸŽจ Layering for Right-hand Side Panel by [@danny-avila](https://github.com/danny-avila) in [#11392](https://github.com/danny-avila/LibreChat/pull/11392) +* ๐Ÿ”’ Session Expiry Management for OpenID/SAML by [@danny-avila](https://github.com/danny-avila) in [#11407](https://github.com/danny-avila/LibreChat/pull/11407) +* ๐Ÿ”Ž Focus Credential Inputs in Agent Tools by [@dustinhealy](https://github.com/dustinhealy) in [#11394](https://github.com/danny-avila/LibreChat/pull/11394) +* ๐Ÿ“Š MeiliSearch Sync Threshold & Document Count Accuracy by [@ablizorukov](https://github.com/ablizorukov) in [#11406](https://github.com/danny-avila/LibreChat/pull/11406) +* ๐Ÿช„ Code Block handling in Artifact Updates by [@danny-avila](https://github.com/danny-avila) in [#11417](https://github.com/danny-avila/LibreChat/pull/11417) +* ๐Ÿ“ข Alert for Agent Builder Name Invalidation by [@dustinhealy](https://github.com/dustinhealy) in [#11430](https://github.com/danny-avila/LibreChat/pull/11430) +* ๐Ÿ’ฐ Multi-Agent Token Spending & Prevent Double-Spend by [@danny-avila](https://github.com/danny-avila) in [#11433](https://github.com/danny-avila/LibreChat/pull/11433) +* ๐Ÿ”ง Add `hasAgentAccess` to dependencies in useNewConvo hook by [@danny-avila](https://github.com/danny-avila) in [#11427](https://github.com/danny-avila/LibreChat/pull/11427) +* โœ‚๏ธ Clipped Focus Outlines in Conversation Panel by [@dustinhealy](https://github.com/dustinhealy) in [#11438](https://github.com/danny-avila/LibreChat/pull/11438) +* ๐Ÿ“ Dropdown Menu Z-Index Adjustments by [@dustinhealy](https://github.com/dustinhealy) in [#11441](https://github.com/danny-avila/LibreChat/pull/11441) +* ๐Ÿ”– Announce Bookmark Selection State by [@dustinhealy](https://github.com/dustinhealy) in [#11450](https://github.com/danny-avila/LibreChat/pull/11450) +* โ†•๏ธ Add `aria-expanded` Attribute to ConvoOptions by [@dustinhealy](https://github.com/dustinhealy) in [#11452](https://github.com/danny-avila/LibreChat/pull/11452) +* ๐Ÿ Message Race Condition if Cancelled Early by [@danny-avila](https://github.com/danny-avila) in [#11462](https://github.com/danny-avila/LibreChat/pull/11462) +* ๐Ÿ›‚ Encode Non-ASCII Characters in MCP Server Headers by [@kenzaelk98](https://github.com/kenzaelk98) in [#11432](https://github.com/danny-avila/LibreChat/pull/11432) +* ๐Ÿ“ฌ Email Verification Handling in Create-User Command by [@shtayeb](https://github.com/shtayeb) in [#11408](https://github.com/danny-avila/LibreChat/pull/11408) +* ๐Ÿ”ง Agent Deletion Logic to Update User Favorites by [@danny-avila](https://github.com/danny-avila) in [#11466](https://github.com/danny-avila/LibreChat/pull/11466) +* ๐Ÿง‘โ€๐Ÿซ Multi-Agent Instructions Handling by [@danny-avila](https://github.com/danny-avila) in [#11484](https://github.com/danny-avila/LibreChat/pull/11484) +* ๐Ÿ”Š Conversation Search Result Announcement by [@dustinhealy](https://github.com/dustinhealy) in [#11449](https://github.com/danny-avila/LibreChat/pull/11449) +* ๐Ÿ”’ Access Check for User-Specific Job Metadata in Streaming Endpoint by [@danny-avila](https://github.com/danny-avila) in [#11487](https://github.com/danny-avila/LibreChat/pull/11487) +* ๐Ÿ”ง Adjust offset when deleting documents during MeiliSearch cleanup by [@ablizorukov](https://github.com/ablizorukov) in [#11488](https://github.com/danny-avila/LibreChat/pull/11488) +* ๐Ÿงฉ Missing Memory Agent Assignment for Matching IDs by [@danny-avila](https://github.com/danny-avila) in [#11514](https://github.com/danny-avila/LibreChat/pull/11514) + +### ๐Ÿ”ง Refactoring + +* ๐Ÿชค Reset Interaction State When Mouse Leaves Conversation Item by [@mohamedmagdy17593](https://github.com/mohamedmagdy17593) in [#11402](https://github.com/danny-avila/LibreChat/pull/11402) +* ๐Ÿช Secure Cookie Setting for Localhost OAuth Sessions by [@maxesse](https://github.com/maxesse) in [#11518](https://github.com/danny-avila/LibreChat/pull/11518) + +### ๐Ÿ“ฆ Dependencies & Chores + +* ๐Ÿ“ฆ Bump lodash version to ^4.17.23 by [@danny-avila](https://github.com/danny-avila) in [#11476](https://github.com/danny-avila/LibreChat/pull/11476) +* ๐Ÿ“ฆ Bump `@modelcontextprotocol/sdk` to v1.25.3 by [@danny-avila](https://github.com/danny-avila) in [#11545](https://github.com/danny-avila/LibreChat/pull/11545) + +### ๐ŸŒ Internationalization + +* ๐ŸŒ i18n: Update translation.json with latest translations by [@github-actions[bot]](https://github.com/apps/github-actions) in [#11439](https://github.com/danny-avila/LibreChat/pull/11439), [#11465](https://github.com/danny-avila/LibreChat/pull/11465) + +## New Contributors + +* [@Gerald-M](https://github.com/Gerald-M) made their first contribution in [#10908](https://github.com/danny-avila/LibreChat/pull/10908) +* [@alessiopelliccione](https://github.com/alessiopelliccione) made their first contribution in [#11008](https://github.com/danny-avila/LibreChat/pull/11008) +* [@Nk-rodrigues](https://github.com/Nk-rodrigues) made their first contribution in [#11087](https://github.com/danny-avila/LibreChat/pull/11087) +* [@SpectralOne](https://github.com/SpectralOne) made their first contribution in [#11057](https://github.com/danny-avila/LibreChat/pull/11057) +* [@papasaidfine](https://github.com/papasaidfine) made their first contribution in [#11070](https://github.com/danny-avila/LibreChat/pull/11070) +* [@chrisdoyle](https://github.com/chrisdoyle) made their first contribution in [#10567](https://github.com/danny-avila/LibreChat/pull/10567) +* [@RisingOrange](https://github.com/RisingOrange) made their first contribution in [#11123](https://github.com/danny-avila/LibreChat/pull/11123) +* [@ablizorukov](https://github.com/ablizorukov) made their first contribution in [#11157](https://github.com/danny-avila/LibreChat/pull/11157) +* [@nealedj](https://github.com/nealedj) made their first contribution in [#11141](https://github.com/danny-avila/LibreChat/pull/11141) +* [@shtayeb](https://github.com/shtayeb) made their first contribution in [#11200](https://github.com/danny-avila/LibreChat/pull/11200) +* [@lurkerCha](https://github.com/lurkerCha) made their first contribution in [#11228](https://github.com/danny-avila/LibreChat/pull/11228) +* [@ynori7](https://github.com/ynori7) made their first contribution in [#11282](https://github.com/danny-avila/LibreChat/pull/11282) +* [@darthhexx](https://github.com/darthhexx) made their first contribution in [#11323](https://github.com/danny-avila/LibreChat/pull/11323) +* [@kenzaelk98](https://github.com/kenzaelk98) made their first contribution in [#11432](https://github.com/danny-avila/LibreChat/pull/11432) +* [@mohamedmagdy17593](https://github.com/mohamedmagdy17593) made their first contribution in [#11402](https://github.com/danny-avila/LibreChat/pull/11402) + +**Full Changelog**: https://github.com/danny-avila/LibreChat/compare/v0.8.1...v0.8.2 diff --git a/pages/changelog/v0.8.2.mdx b/pages/changelog/v0.8.2.mdx new file mode 100644 index 000000000..5c487cd42 --- /dev/null +++ b/pages/changelog/v0.8.2.mdx @@ -0,0 +1,14 @@ +--- +date: 2026/01/28 +title: ๐Ÿš€ LibreChat v0.8.2 +description: The v0.8.2 release of LibreChat +--- + +import { ChangelogHeader } from '@/components/changelog/ChangelogHeader' +import Content from '@/components/changelog/content/v0.8.2.mdx' + + + +--- + + From ef42ce4a3e17111168caf8f92e7426ab9b8fa775 Mon Sep 17 00:00:00 2001 From: Danny Avila Date: Wed, 28 Jan 2026 10:28:18 -0500 Subject: [PATCH 02/10] docs: add documentation for Resumable Streams feature, including benefits, deployment modes, and troubleshooting tips --- pages/docs/features/_meta.ts | 1 + pages/docs/features/index.mdx | 8 + pages/docs/features/resumable_streams.mdx | 172 ++++++++++++++++++++++ 3 files changed, 181 insertions(+) create mode 100644 pages/docs/features/resumable_streams.mdx diff --git a/pages/docs/features/_meta.ts b/pages/docs/features/_meta.ts index 3d50f7f5e..872f38277 100644 --- a/pages/docs/features/_meta.ts +++ b/pages/docs/features/_meta.ts @@ -6,6 +6,7 @@ export default { artifacts: 'Artifacts - Generative UI', web_search: 'Web Search', memory: 'Memory', + resumable_streams: 'Resumable Streams', image_gen: 'Image Generation', upload_as_text: 'Upload as Text', ocr: 'OCR for Documents', diff --git a/pages/docs/features/index.mdx b/pages/docs/features/index.mdx index 43717ca61..f6ccb54c5 100644 --- a/pages/docs/features/index.mdx +++ b/pages/docs/features/index.mdx @@ -53,6 +53,14 @@ import Image from 'next/image' - **Flexible Usage**: Use MCP tools directly in chat or integrate them with custom agents - **[Learn More โ†’](/docs/features/mcp)** +### ๐ŸŒŠ [Resumable Streams](/docs/features/resumable_streams) + +- **Never Lose a Response**: AI responses automatically reconnect and resume if your connection dropsโ€”no content is ever lost. +- **Multi-Tab & Multi-Device Sync**: Open the same chat in multiple tabs or pick up on another device, and everything stays in sync. +- **Freedom to Multitask**: Start a generation, open new tabs or switch apps, and return to find your complete response waiting. +- **Production-Ready Scaling**: Works seamlessly from single-server setups to horizontally scaled deployments with Redis. +- **[Learn More โ†’](/docs/features/resumable_streams)** + ### ๐Ÿช„ **[Artifacts](/docs/features/artifacts)** - **Generative UI:** React, HTML, Mermaid diagrams diff --git a/pages/docs/features/resumable_streams.mdx b/pages/docs/features/resumable_streams.mdx new file mode 100644 index 000000000..be0c84ebb --- /dev/null +++ b/pages/docs/features/resumable_streams.mdx @@ -0,0 +1,172 @@ +--- +title: Resumable Streams +description: Never lose an AI responseโ€”seamless reconnection, multi-tab sync, and horizontal scaling for production deployments +--- + +# ๐ŸŒŠ Resumable Streams + +LibreChat features a resilient streaming architecture that ensures you never lose AI-generated content. Whether your connection drops, you switch tabs, or you pick up on another device, your responses are always preserved and synchronized. + +## Why It Matters + +Traditional chat applications lose all streaming content when your connection drops. With resumable streams, LibreChat: + +- **Preserves every response** โ€” Network hiccups, browser refreshes, or server restarts won't cause data loss +- **Keeps multiple tabs in sync** โ€” Open the same conversation in two browser tabs and watch them update together in real-time +- **Enables seamless device switching** โ€” Start a conversation on your desktop and continue on your phone +- **Lets you multitask freely** โ€” Start a generation, browse other tabs, and come back to a complete response + +## How It Works + +When you send a message to an AI model, LibreChat creates a generation job that tracks all streamed content. The magic happens when something interrupts your connection: + +1. **Automatic detection** โ€” The client detects the disconnection instantly +2. **State reconstruction** โ€” Upon reconnecting, the server rebuilds all previously streamed content +3. **Seamless sync** โ€” Missing content is delivered via a sync event +4. **Transparent continuation** โ€” Streaming resumes from the current position + +This all happens automaticallyโ€”no user action required. + +### Multi-Tab & Multi-Device Experience + +One of the most powerful aspects of resumable streams is **real-time synchronization**: + +- **Same chat, multiple windows** โ€” Open a conversation in two browser tabs and both receive updates simultaneously +- **Cross-device continuity** โ€” Start a long generation on your laptop, then check the result on your phone +- **Team collaboration** โ€” In shared conversations, all viewers see content appear in real-time + +## Deployment Modes + +LibreChat supports two deployment configurations: + +### Single-Instance Mode (Default) + +Uses in-memory storage with Node.js `EventEmitter` for pub/sub. Perfect for: +- Local development +- Single-server deployments +- Docker Compose setups + +**No configuration required** โ€” Works out of the box. + +### Redis Mode (Production) + +Uses Redis Streams and Pub/Sub for cross-instance communication. Essential for: +- Horizontally scaled deployments +- Load-balanced production environments +- High-availability setups +- Kubernetes clusters + +With Redis mode, a user can start a generation on one server instance and seamlessly resume on anotherโ€”perfect for rolling deployments and auto-scaling. + +## Configuration + +### Enabling Redis Streams + +Add these environment variables to your `.env` file: + +```bash filename=".env" +USE_REDIS_STREAMS=true +REDIS_URI=redis://localhost:6379 +``` + +### Redis Cluster Support + +For Redis Cluster deployments: + +```bash filename=".env" +USE_REDIS_STREAMS=true +USE_REDIS_CLUSTER=true +REDIS_URI=redis://node1:7001,redis://node2:7002,redis://node3:7003 +``` + +LibreChat automatically uses hash-tagged keys to ensure multi-key operations stay within the same cluster slot. + +## Use Cases + +### Unstable Networks +On spotty WiFi or cellular connections, responses automatically resume when connectivity returns. No need to re-send your prompt. + +### Mobile Users +Switch from WiFi to cellular (or vice versa) without losing your response. The stream picks up exactly where it left off. + +### Long-Running Generations +For complex prompts that generate lengthy responses, feel free to check other tabs or apps. Your response will be waiting when you return. + +### Multi-Device Workflows +Start a conversation on your work computer, commute home, and check the result on your phoneโ€”the full response is there. + +### Production Deployments +Scale horizontally across multiple server instances while maintaining stream continuity. Rolling deployments won't interrupt active generations. + +## Technical Details + +### Content Reconstruction + +The system aggregates all streamed delta events to rebuild: +- Message content (text, tool calls, citations) +- Agent run steps and intermediate reasoning +- Metadata and state information + +### Performance Optimizations + +**Memory-first approach**: When reconnecting to the same server instance, LibreChat uses local cache for zero-latency content recovery, avoiding unnecessary Redis round trips. + +**Automatic cleanup**: Stale job entries are removed during queries to prevent memory leaks. Completed streams expire automatically. + +**Efficient storage**: In-memory mode uses `WeakRef` for graph storage, enabling automatic garbage collection when conversations end. + +### Data Flow + +| Component | Storage Mechanism | +|-----------|-------------------| +| Chunks | Redis Streams (`XADD`/`XRANGE`) | +| Job metadata | Redis Hash structures | +| Real-time events | Redis Pub/Sub channels | +| Expiration | Automatic TTL after stream completion | + +## Testing Resumable Streams + +You can verify the feature is working: + +1. Start a streaming conversation with any AI model +2. **Tab test**: Open the same chat in a new browser tabโ€”both should sync +3. **Disconnect test**: Turn off your network briefly, then reconnect +4. **Navigation test**: Navigate away mid-stream, then return + +In all cases, you should see the complete response with no data loss. + +## Troubleshooting + +### Streams not resuming? + +**Check Redis connectivity:** +```bash +docker exec -it librechat-redis redis-cli ping +# Should return: PONG +``` + +**Verify environment variables:** +```bash +# Ensure USE_REDIS_STREAMS is set +echo $USE_REDIS_STREAMS +``` + +### Content appears duplicated? + +This typically indicates a client version mismatch. Ensure you're running the latest version of LibreChat. + +### High memory usage in single-instance mode? + +Completed streams are automatically garbage collected. If you're seeing high memory usage, check for: +- Very long-running streams that haven't completed +- Streams that errored without proper cleanup + +## Related Documentation + +- [Agents](/docs/features/agents) โ€” AI agents with tool use capabilities +- [Redis Configuration](/docs/configuration/pre_configured_ai/ollama#redis) โ€” Setting up Redis for LibreChat +- [Docker Deployment](/docs/local/docker) โ€” Container-based deployment guide + +--- + +For implementation details, see [PR #10926](https://github.com/danny-avila/LibreChat/pull/10926). From df8fd6b9ed31c493cfe91a1fd8aba7eab58a7cd9 Mon Sep 17 00:00:00 2001 From: Danny Avila Date: Wed, 28 Jan 2026 10:28:28 -0500 Subject: [PATCH 03/10] =?UTF-8?q?=E2=9A=99=EF=B8=8F=20Config=20v1.3.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../changelog/content/config_v1.3.3.mdx | 42 ++++++++++++ pages/changelog/config_v1.3.3.mdx | 13 ++++ .../object_structure/actions.mdx | 42 ++++++++++++ .../object_structure/aws_bedrock.mdx | 38 +++++++++++ .../object_structure/interface.mdx | 64 ++++++++++++++++--- .../object_structure/mcp_servers.mdx | 62 ++++++++++++++++++ .../object_structure/mcp_settings.mdx | 33 ++++++---- .../object_structure/model_specs.mdx | 7 +- 8 files changed, 280 insertions(+), 21 deletions(-) create mode 100644 components/changelog/content/config_v1.3.3.mdx create mode 100644 pages/changelog/config_v1.3.3.mdx diff --git a/components/changelog/content/config_v1.3.3.mdx b/components/changelog/content/config_v1.3.3.mdx new file mode 100644 index 000000000..9559757c6 --- /dev/null +++ b/components/changelog/content/config_v1.3.3.mdx @@ -0,0 +1,42 @@ +- Restructured `interface.prompts` and `interface.agents` from boolean to object structure + - Added `use` field to control whether users can use prompts/agents (default: `true`) + - Added `share` field to control whether users can share prompts/agents (default: `false`) + - Added `public` field to enable public sharing of prompts/agents (default: `false`) + - Boolean values still supported for backward compatibility (treated as `use` setting) + - See [Interface Configuration](/docs/configuration/librechat_yaml/object_structure/interface#prompts) for details + +- Added `public` field to `interface.mcpServers` configuration + - Controls whether users can share MCP servers publicly (default: `false`) + - See [Interface Configuration](/docs/configuration/librechat_yaml/object_structure/interface#mcpservers) for details + +- Enhanced SSRF protection for `actions.allowedDomains` and `mcpSettings.allowedDomains` + - If not configured, SSRF targets are blocked by default (localhost, private IPs, `.internal`/`.local` TLDs) + - To allow internal targets, you must explicitly add them to `allowedDomains` + - Supports protocol and port restrictions (e.g., `'https://api.example.com:8443'`) + - See [Actions Configuration](/docs/configuration/librechat_yaml/object_structure/actions#alloweddomains) for details + +- Added `guardrailConfig` to `endpoints.bedrock` for AWS Bedrock Guardrails support + - Configure `guardrailIdentifier` with your guardrail ID + - Set `guardrailVersion` to specify the version + - Optional `trace` field for debugging (`"enabled"`, `"enabled_full"`, or `"disabled"`) + - See [AWS Bedrock Configuration](/docs/configuration/librechat_yaml/object_structure/aws_bedrock#guardrailconfig) for details + +- Added new fields to MCP server configurations + - Added `title` field for custom display name in the UI + - Added `description` field for server description + - Added `apiKey` authentication for SSE/HTTP transports with `source`, `authorization_type`, and `custom_header` options + - Added `oauth.skip_code_challenge_check` for providers like AWS Cognito that support S256 but don't advertise it + - See [MCP Servers Configuration](/docs/configuration/librechat_yaml/object_structure/mcp_servers) for details + +- Added `groupIcon` property for model specs custom groups + - Specify built-in icon keys (e.g., `"openAI"`, `"groq"`) or custom URLs + - Only the first spec with a `groupIcon` in each group is used + - See [Model Specs Configuration](/docs/configuration/librechat_yaml/object_structure/model_specs#group) for details + +- Added `xhigh` (extra high) reasoning effort option for OpenAI models + - New option for `reasoning_effort` parameter: `"xhigh"` + - See [Model Specs - Preset Fields](/docs/configuration/librechat_yaml/object_structure/model_specs#reasoning_effort) for details + +- Bedrock `promptCache` parameter now defaults to `true` for Claude and Nova models + - Automatically enables prompt caching for supported Bedrock models + - Can be explicitly disabled by setting `promptCache: false` diff --git a/pages/changelog/config_v1.3.3.mdx b/pages/changelog/config_v1.3.3.mdx new file mode 100644 index 000000000..73b869c86 --- /dev/null +++ b/pages/changelog/config_v1.3.3.mdx @@ -0,0 +1,13 @@ +--- +date: 2026/01/17 +title: โš™๏ธ Config v1.3.3 +--- + +import { ChangelogHeader } from '@/components/changelog/ChangelogHeader' +import Content from '@/components/changelog/content/config_v1.3.3.mdx' + + + +--- + + diff --git a/pages/docs/configuration/librechat_yaml/object_structure/actions.mdx b/pages/docs/configuration/librechat_yaml/object_structure/actions.mdx index 454eb7d40..3ec68bac0 100644 --- a/pages/docs/configuration/librechat_yaml/object_structure/actions.mdx +++ b/pages/docs/configuration/librechat_yaml/object_structure/actions.mdx @@ -13,6 +13,7 @@ actions: - "swapi.dev" - "librechat.ai" - "google.com" + - "https://api.example.com:8443" # With protocol and port ``` ## allowedDomains @@ -26,10 +27,51 @@ actions: **Required** +### Security Context (SSRF Protection) + +By default, LibreChat includes SSRF (Server-Side Request Forgery) protection that **blocks** requests to: +- **Localhost** addresses (`localhost`, `127.0.0.1`, `::1`) +- **Private IP ranges** (`10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) +- **Link-local addresses** (`169.254.0.0/16`) +- **Internal TLDs** (`.internal`, `.local`, `.localhost`) + +If your actions need to access internal services, you **must explicitly add them** to `allowedDomains`. + +### Pattern Formats + +The `allowedDomains` array supports several formats: + +1. **Domain only** - Allows all protocols and ports: + ```yaml + allowedDomains: + - "api.example.com" + ``` + +2. **With protocol** - Restricts to specific protocol: + ```yaml + allowedDomains: + - "https://api.example.com" + ``` + +3. **With protocol and port** - Restricts to specific protocol and port: + ```yaml + allowedDomains: + - "https://api.example.com:8443" + ``` + +4. **Internal addresses** (must be explicitly allowed): + ```yaml + allowedDomains: + - "192.168.1.100" + - "internal-api.local" + ``` + **Example:** ```yaml filename="actions / allowedDomains" allowedDomains: - "swapi.dev" - "librechat.ai" - "google.com" + - "https://secure-api.example.com:443" + - "192.168.1.50" # Internal service (explicitly allowed) ``` \ No newline at end of file diff --git a/pages/docs/configuration/librechat_yaml/object_structure/aws_bedrock.mdx b/pages/docs/configuration/librechat_yaml/object_structure/aws_bedrock.mdx index e37b45b91..0bb35c9f6 100644 --- a/pages/docs/configuration/librechat_yaml/object_structure/aws_bedrock.mdx +++ b/pages/docs/configuration/librechat_yaml/object_structure/aws_bedrock.mdx @@ -12,6 +12,10 @@ endpoints: availableRegions: - "us-east-1" - "us-west-2" + guardrailConfig: + guardrailIdentifier: "your-guardrail-id" + guardrailVersion: "1" + trace: "enabled" ``` > **Note:** AWS Bedrock endpoint supports all [Shared Endpoint Settings](/docs/configuration/librechat_yaml/object_structure/shared_endpoint_settings), including `streamRate`, `titleModel`, `titleMethod`, `titlePrompt`, `titlePromptTemplate`, and `titleEndpoint`. The settings shown below are specific to Bedrock or have Bedrock-specific defaults. @@ -66,6 +70,40 @@ availableRegions: - "us-west-2" ``` +## guardrailConfig + +**Key:** + + +**Sub-keys:** + + +**Example:** +```yaml filename="guardrailConfig" +endpoints: + bedrock: + guardrailConfig: + guardrailIdentifier: "abc123xyz" + guardrailVersion: "1" + trace: "enabled" +``` + +**Notes:** +- Guardrails help ensure responsible AI usage by filtering harmful content, PII, and other sensitive information +- The `guardrailIdentifier` can be found in the AWS Bedrock console under Guardrails +- Set `trace` to `"enabled"` or `"enabled_full"` during development to see which guardrail policies are triggered +- For production, set `trace` to `"disabled"` to reduce response payload size + ## Notes - The main configuration for AWS Bedrock is done through environment variables, additional forms of authentication are in development. \ No newline at end of file diff --git a/pages/docs/configuration/librechat_yaml/object_structure/interface.mdx b/pages/docs/configuration/librechat_yaml/object_structure/interface.mdx index df4764604..60f64cd7f 100644 --- a/pages/docs/configuration/librechat_yaml/object_structure/interface.mdx +++ b/pages/docs/configuration/librechat_yaml/object_structure/interface.mdx @@ -38,6 +38,7 @@ interface: use: true create: true share: false + public: false trustCheckbox: label: "I trust this server" subLabel: "Only enable servers you trust" @@ -57,10 +58,16 @@ interface: parameters: true sidePanel: true presets: false - prompts: true + prompts: + use: true + share: true + public: false bookmarks: true multiConvo: true - agents: true + agents: + use: true + share: true + public: false customWelcome: "Hey {{user.name}}! Welcome to LibreChat" runCode: true webSearch: true @@ -84,6 +91,7 @@ interface: ['use', 'Boolean', 'Controls whether users have permission to use existing MCP servers.', 'true'], ['create', 'Boolean', 'Controls whether users have permission to create new MCP servers.', 'true'], ['share', 'Boolean', 'Controls whether users have permission to share MCP servers with other users.', 'false'], + ['public', 'Boolean', 'Controls whether users can share MCP servers publicly (visible to all users).', 'false'], ['trustCheckbox', 'Object', 'Customizable labels for the trust checkbox in the MCP server dialog. Supports simple strings or language-keyed objects for internationalization.', 'See below'], ]} /> @@ -227,18 +235,38 @@ interface: **Key:** **Default:** `true` -**Example:** -```yaml filename="interface / prompts" +When using the object structure: + +**Sub-keys:** + + +**Example (boolean):** +```yaml filename="interface / prompts (boolean)" interface: prompts: false ``` +**Example (object):** +```yaml filename="interface / prompts (object)" +interface: + prompts: + use: true + share: true + public: false +``` + ## bookmarks **Key:** @@ -280,18 +308,38 @@ More info on [Agents](/docs/features/agents) **Key:** **Default:** `true` -**Example:** -```yaml filename="interface / agents" +When using the object structure: + +**Sub-keys:** + + +**Example (boolean):** +```yaml filename="interface / agents (boolean)" interface: agents: true ``` +**Example (object):** +```yaml filename="interface / agents (object)" +interface: + agents: + use: true + share: true + public: false +``` + ## customWelcome **Key:** diff --git a/pages/docs/configuration/librechat_yaml/object_structure/mcp_servers.mdx b/pages/docs/configuration/librechat_yaml/object_structure/mcp_servers.mdx index 753b69cff..0d86d8af7 100644 --- a/pages/docs/configuration/librechat_yaml/object_structure/mcp_servers.mdx +++ b/pages/docs/configuration/librechat_yaml/object_structure/mcp_servers.mdx @@ -75,11 +75,14 @@ mcpServers: +#### `title` + +- **Type:** String (Optional) +- **Description:** Custom display name for the MCP server in the UI. If not specified, the server key name is used. +- **Example:** + ```yaml + my-server: + title: "File System Access" + command: npx + args: ["-y", "@modelcontextprotocol/server-filesystem"] + ``` + +#### `description` + +- **Type:** String (Optional) +- **Description:** Description of the MCP server, displayed in the UI to help users understand its purpose and capabilities. +- **Example:** + ```yaml + my-server: + title: "File System Access" + description: "Provides read/write access to local files and directories" + command: npx + args: ["-y", "@modelcontextprotocol/server-filesystem"] + ``` + #### `type` - **Type:** String @@ -162,6 +190,39 @@ mcpServers: Authorization: "Bearer ${SOME_AUTH_TOKEN}" ``` +#### `apiKey` + +- **Type:** Object (Optional, for `sse` and `streamable-http` types) +- **Description:** API key authentication configuration for the MCP server. Provides a structured way to configure API key-based authentication. +- **Sub-keys:** + - `source`: String - Where the API key comes from. Options: + - `"admin"`: API key is configured by the administrator (in environment variables or config) + - `"user"`: API key is provided by the user through the UI + - `authorization_type`: String - How the API key is sent in requests. Options: + - `"bearer"`: Sent as `Authorization: Bearer ` + - `"basic"`: Sent as `Authorization: Basic ` + - `"custom"`: Sent in a custom header (requires `custom_header`) + - `custom_header`: String - (Required when `authorization_type` is `"custom"`) The header name to use for the API key +- **Example:** + ```yaml + # Admin-provided API key with Bearer auth + my-server: + type: streamable-http + url: https://api.example.com/mcp + apiKey: + source: "admin" + authorization_type: "bearer" + + # User-provided API key with custom header + another-server: + type: sse + url: https://api.example.com/sse + apiKey: + source: "user" + authorization_type: "custom" + custom_header: "X-API-Key" + ``` + #### `iconPath` - **Type:** String (Optional) @@ -291,6 +352,7 @@ mcpServers: - `token_endpoint_auth_methods_supported`: Array of Strings - Supported token endpoint authentication methods (defaults to `["client_secret_basic", "client_secret_post"]`) - `response_types_supported`: Array of Strings - Supported response types (defaults to `["code"]`) - `code_challenge_methods_supported`: Array of Strings - Supported PKCE code challenge methods (defaults to `["S256", "plain"]`) + - `skip_code_challenge_check`: Boolean - Skip checking whether the OAuth provider advertises PKCE support. Useful for providers like AWS Cognito that support S256 but don't advertise it in their metadata. (defaults to `false`) - **Example:** ```yaml oauth-api-server: diff --git a/pages/docs/configuration/librechat_yaml/object_structure/mcp_settings.mdx b/pages/docs/configuration/librechat_yaml/object_structure/mcp_settings.mdx index 5966fbd92..71d54608d 100644 --- a/pages/docs/configuration/librechat_yaml/object_structure/mcp_settings.mdx +++ b/pages/docs/configuration/librechat_yaml/object_structure/mcp_settings.mdx @@ -10,10 +10,11 @@ The `mcpSettings` configuration provides global settings for MCP (Model Context # Example MCP Settings Configuration mcpSettings: allowedDomains: - - "example.com" # Specific domain - - "*.example.com" # All subdomains using wildcard - - "mcp-server" # Local Docker domain - - "172.24.1.165" # Internal network IP + - "example.com" # Specific domain + - "*.example.com" # All subdomains using wildcard + - "mcp-server" # Local Docker domain + - "172.24.1.165" # Internal network IP + - "https://api.example.com:8443" # With protocol and port ``` ## Configuration @@ -26,14 +27,16 @@ mcpSettings: ]} /> -### Security Context +### Security Context (SSRF Protection) -By default, LibreChat restricts MCP servers from connecting to internal, local, or private network addresses to prevent potential security risks. This means that MCP servers using: -- **Internal IP addresses** (e.g., `172.24.1.165`, `192.168.1.100`) -- **Local Docker domains** (e.g., `mcp-server`, `localhost`) -- **Private network ranges** (e.g., `10.0.0.0/8`) +By default, LibreChat includes SSRF (Server-Side Request Forgery) protection that **blocks** MCP servers from connecting to: +- **Localhost** addresses (`localhost`, `127.0.0.1`, `::1`) +- **Private IP ranges** (`10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) +- **Link-local addresses** (`169.254.0.0/16`) +- **Internal TLDs** (`.internal`, `.local`, `.localhost`) +- **Local Docker domains** (e.g., `mcp-server`, `host.docker.internal`) -**must** be explicitly allowed in the `allowedDomains` configuration. +If your MCP servers need to connect to internal services, you **must explicitly add them** to `allowedDomains`. ### Pattern Formats @@ -44,7 +47,7 @@ The `allowedDomains` array supports several pattern formats: allowedDomains: - "example.com" ``` - Only allows connections to exactly `example.com` + Only allows connections to exactly `example.com` (any protocol/port) 2. **Wildcard Subdomain Match** ```yaml @@ -69,6 +72,14 @@ The `allowedDomains` array supports several pattern formats: ``` Allows connections to Docker container names or special Docker domains +5. **With Protocol and Port** + ```yaml + allowedDomains: + - "https://api.example.com:8443" + - "http://internal-mcp:3000" + ``` + Restricts connections to specific protocol and port combinations + ### Error Messages If you see errors like: diff --git a/pages/docs/configuration/librechat_yaml/object_structure/model_specs.mdx b/pages/docs/configuration/librechat_yaml/object_structure/model_specs.mdx index 4d61de2a4..a6a4df6bc 100644 --- a/pages/docs/configuration/librechat_yaml/object_structure/model_specs.mdx +++ b/pages/docs/configuration/librechat_yaml/object_structure/model_specs.mdx @@ -901,7 +901,7 @@ preset: #### promptCache -> **Supported by:** `anthropic`, `bedrock` (Anthropic models) +> **Supported by:** `anthropic`, `bedrock` (Anthropic and Nova models) > (Toggle Anthropicโ€™s โ€œprompt-cachingโ€ feature) **Supported by:** `openAI`, `azureOpenAI`, custom (OpenAI-like) From 4ed79d79429910733ad50b68f3835e5e0f7b4e02 Mon Sep 17 00:00:00 2001 From: Danny Avila Date: Wed, 28 Jan 2026 11:18:28 -0500 Subject: [PATCH 04/10] docs: enhance Redis configuration guide to include horizontal scaling and resumable streams details --- pages/docs/configuration/redis.mdx | 46 +++++++++++++++++++++-- pages/docs/features/resumable_streams.mdx | 11 ++++-- 2 files changed, 51 insertions(+), 6 deletions(-) diff --git a/pages/docs/configuration/redis.mdx b/pages/docs/configuration/redis.mdx index af76e75e3..174841548 100644 --- a/pages/docs/configuration/redis.mdx +++ b/pages/docs/configuration/redis.mdx @@ -1,11 +1,11 @@ --- title: Redis -description: Setting up Redis for caching and session storage in LibreChat +description: Setting up Redis for caching, session storage, and horizontal scaling in LibreChat --- # Redis Configuration Guide for LibreChat -This guide covers how to configure Redis for caching and session storage in LibreChat. Redis provides significant performance improvements and enables horizontal scaling capabilities. +This guide covers how to configure Redis for caching and session storage in LibreChat. Redis provides significant performance improvements and is **required for horizontal scaling**โ€”if you're running multiple LibreChat instances behind a load balancer, Redis ensures consistent state across all instances. ## Table of Contents @@ -15,6 +15,7 @@ This guide covers how to configure Redis for caching and session storage in Libr - [Advanced Options](#advanced-options) - [Performance Tuning](#performance-tuning) - [Configuration Examples](#configuration-examples) +- [Resumable Streams](#resumable-streams) ## Basic Setup @@ -251,4 +252,43 @@ REDIS_URI=redis://cluster-node1:7001,redis://cluster-node2:7002,redis://cluster- REDIS_USERNAME=cluster_user REDIS_PASSWORD=cluster_password REDIS_KEY_PREFIX=librechat-cluster -``` \ No newline at end of file +``` + +## Resumable Streams + +Redis enables [Resumable Streams](/docs/features/resumable_streams) for horizontally scaled deployments. When enabled, AI responses can seamlessly reconnect and resume across server instances. + +**Important:** When `USE_REDIS=true`, resumable streams automatically use Redis for cross-instance coordination. This is the recommended setup for horizontally scaled deployments where users might connect to different server instances. + +**Note:** If you're running a single LibreChat instance, Redis for resumable streams is typically overkillโ€”the built-in in-memory mode works fine. Redis becomes essential when you have multiple LibreChat instances behind a load balancer, where a user's reconnection might hit a different server than where their stream started. + +### Configuration + +```bash +# Redis enabled = resumable streams automatically use Redis +USE_REDIS=true +REDIS_URI=redis://127.0.0.1:6379 + +# Optional: explicitly control resumable streams behavior +# USE_REDIS_STREAMS=true # Enabled by default when USE_REDIS=true +``` + +### Key Benefits (for Horizontal Scaling) + +- **Cross-instance continuity**: Users can start a generation on one server and resume on another +- **Rolling deployments**: Active streams survive server restarts +- **Multi-tab sync**: Same conversation syncs across multiple browser tabs in a load-balanced environment +- **Connection resilience**: Automatic reconnection regardless of which server handles the request + +### Cluster Configuration + +For Redis Cluster deployments, LibreChat automatically uses hash-tagged keys to ensure stream operations stay within the same cluster slot: + +```bash +USE_REDIS=true +USE_REDIS_STREAMS=true +USE_REDIS_CLUSTER=true +REDIS_URI=redis://node1:7001,redis://node2:7002,redis://node3:7003 +``` + +See [Resumable Streams](/docs/features/resumable_streams) for more details on this feature. \ No newline at end of file diff --git a/pages/docs/features/resumable_streams.mdx b/pages/docs/features/resumable_streams.mdx index be0c84ebb..a0bd08ff2 100644 --- a/pages/docs/features/resumable_streams.mdx +++ b/pages/docs/features/resumable_streams.mdx @@ -58,15 +58,20 @@ Uses Redis Streams and Pub/Sub for cross-instance communication. Essential for: With Redis mode, a user can start a generation on one server instance and seamlessly resume on anotherโ€”perfect for rolling deployments and auto-scaling. +**Note:** If you only run a single LibreChat instance, Redis for resumable streams is typically unnecessaryโ€”the in-memory mode handles everything. Redis becomes valuable when you have multiple LibreChat instances behind a load balancer. That said, Redis is still useful for other features like caching and session storage even in single-instance deployments. + ## Configuration ### Enabling Redis Streams -Add these environment variables to your `.env` file: +When Redis is enabled (`USE_REDIS=true`), resumable streams automatically use Redis. You can also explicitly enable it: ```bash filename=".env" -USE_REDIS_STREAMS=true +USE_REDIS=true REDIS_URI=redis://localhost:6379 +# Resumable streams will use Redis automatically when USE_REDIS=true +# To explicitly control it: +USE_REDIS_STREAMS=true ``` ### Redis Cluster Support @@ -163,8 +168,8 @@ Completed streams are automatically garbage collected. If you're seeing high mem ## Related Documentation +- [Redis Configuration](/docs/configuration/redis) โ€” Setting up Redis for caching and horizontal scaling - [Agents](/docs/features/agents) โ€” AI agents with tool use capabilities -- [Redis Configuration](/docs/configuration/pre_configured_ai/ollama#redis) โ€” Setting up Redis for LibreChat - [Docker Deployment](/docs/local/docker) โ€” Container-based deployment guide --- From 0bf52481517a68836bc3eed955892270fe2301f3 Mon Sep 17 00:00:00 2001 From: Danny Avila Date: Wed, 28 Jan 2026 11:19:10 -0500 Subject: [PATCH 05/10] docs: enhance configuration documentation for various services including Anthropic via Vertex AI, AWS Bedrock, Gemini Image Generation, and CDN options for Amazon S3 and Azure Blob Storage --- pages/docs/configuration/dotenv.mdx | 170 ++++++++++++++++++ .../pre_configured_ai/google.mdx | 16 ++ pages/docs/configuration/rag_api.mdx | 35 ++-- pages/docs/configuration/stt_tts.mdx | 16 +- 4 files changed, 221 insertions(+), 16 deletions(-) diff --git a/pages/docs/configuration/dotenv.mdx b/pages/docs/configuration/dotenv.mdx index 5fcb5fc10..38cd1a91c 100644 --- a/pages/docs/configuration/dotenv.mdx +++ b/pages/docs/configuration/dotenv.mdx @@ -330,6 +330,35 @@ see: [Anthropic Endpoint](/docs/configuration/pre_configured_ai/anthropic) > **Note:** Must be compatible with the Anthropic Endpoint. Also, Claude 2 and Claude 3 models perform best at this task, with `claude-3-haiku` models being the cheapest. +#### Anthropic via Vertex AI + +You can also use Anthropic Claude models through Google Cloud Vertex AI. For detailed YAML configuration options, see: [Anthropic Vertex AI Configuration](/docs/configuration/librechat_yaml/object_structure/anthropic_vertex) + + + +> **Note:** When using Vertex AI, you must also configure `GOOGLE_SERVICE_KEY_FILE` (see [Google Configuration](#google)) with a service account that has the `Vertex AI User` role. + +### AWS Bedrock + +See: [AWS Bedrock Setup](/docs/configuration/pre_configured_ai/bedrock) + + + +> **Note:** You can omit the access keys to use the default AWS credentials chain (environment variables, SSO credentials, shared credentials files, or EC2/ECS Instance Metadata Service). See [AWS Bedrock Setup](/docs/configuration/pre_configured_ai/bedrock) for more details. + ### BingAI Bing, also used for Sydney, jailbreak, and Bing Image Creator @@ -351,15 +380,18 @@ Follow these instructions to setup the [Google Endpoint](/docs/configuration/pre ['GOOGLE_KEY', 'string', 'Google API key. Set to "user_provided" to allow users to provide their own API key from the WebUI.', 'GOOGLE_KEY=user_provided'], ['GOOGLE_SERVICE_KEY_FILE', 'string', 'Path to Google service account JSON key file, URL to fetch it from, or stringified JSON. Used for Vertex AI authentication (e.g., OCR features).', 'GOOGLE_SERVICE_KEY_FILE=/path/to/auth.json'], ['GOOGLE_REVERSE_PROXY', 'string', 'Google reverse proxy URL.', 'GOOGLE_REVERSE_PROXY='], + ['GOOGLE_AUTH_HEADER', 'boolean', 'Use Authorization header instead of X-goog-api-key. Some reverse proxies require this.', '# GOOGLE_AUTH_HEADER=true'], ['GOOGLE_MODELS', 'string', 'Available Gemini API Google models, separated by commas.', 'GOOGLE_MODELS=gemini-1.0-pro,gemini-1.0-pro-001,gemini-1.0-pro-latest,gemini-1.0-pro-vision-latest,gemini-1.5-pro-latest,gemini-pro,gemini-pro-vision'], ['GOOGLE_MODELS', 'string', 'Available Vertex AI Google models, separated by commas.', 'GOOGLE_MODELS=gemini-1.5-pro-preview-0409,gemini-1.0-pro-vision-001,gemini-pro,gemini-pro-vision,chat-bison,chat-bison-32k,codechat-bison,codechat-bison-32k,text-bison,text-bison-32k,text-unicorn,code-gecko,code-bison,code-bison-32k'], ['GOOGLE_TITLE_MODEL', 'string', 'DEPRECATED: The model used for titling with Google.', 'GOOGLE_TITLE_MODEL=gemini-pro'], ['GOOGLE_LOC', 'string', 'Specifies the Google Cloud location for processing API requests', 'GOOGLE_LOC=us-central1'], + ['GOOGLE_CLOUD_LOCATION', 'string', 'Alternative region for Gemini Image Generation (e.g., global).', '# GOOGLE_CLOUD_LOCATION=global'], ['GOOGLE_EXCLUDE_SAFETY_SETTINGS', 'string', 'Completely omit the safety settings that are included by default, which will use provider defaults', 'GOOGLE_EXCLUDE_SAFETY_SETTINGS=true'], ['GOOGLE_SAFETY_SEXUALLY_EXPLICIT', 'string', 'Safety setting for sexually explicit content. Options are BLOCK_ALL, BLOCK_ONLY_HIGH, WARN_ONLY, and OFF.', 'GOOGLE_SAFETY_SEXUALLY_EXPLICIT=BLOCK_ONLY_HIGH'], ['GOOGLE_SAFETY_HATE_SPEECH', 'string', 'Safety setting for hate speech content. Options are BLOCK_ALL, BLOCK_ONLY_HIGH, WARN_ONLY, and OFF.', 'GOOGLE_SAFETY_HATE_SPEECH=BLOCK_ONLY_HIGH'], ['GOOGLE_SAFETY_HARASSMENT', 'string', 'Safety setting for harassment content. Options are BLOCK_ALL, BLOCK_ONLY_HIGH, WARN_ONLY, and OFF.', 'GOOGLE_SAFETY_HARASSMENT=BLOCK_ONLY_HIGH'], ['GOOGLE_SAFETY_DANGEROUS_CONTENT', 'string', 'Safety setting for dangerous content. Options are BLOCK_ALL, BLOCK_ONLY_HIGH, WARN_ONLY, and OFF.', 'GOOGLE_SAFETY_DANGEROUS_CONTENT=BLOCK_ONLY_HIGH'], + ['GOOGLE_SAFETY_CIVIC_INTEGRITY', 'string', 'Safety setting for civic integrity content. Options are BLOCK_ALL, BLOCK_ONLY_HIGH, WARN_ONLY, and OFF.', '# GOOGLE_SAFETY_CIVIC_INTEGRITY=BLOCK_ONLY_HIGH'], ]} /> @@ -372,6 +404,20 @@ Customize the available models, separated by commas, **without spaces**. The fir - (b) Switch your account type to monthly invoiced billing following this instruction: https://cloud.google.com/billing/docs/how-to/invoiced-billing +#### Gemini Image Generation + +Gemini Image Generation is a tool for Agents that supports both the Gemini API and Vertex AI. See: [Gemini Image Generation](/docs/configuration/tools/gemini_image_gen) + + + +> **Note:** When using Vertex AI (`GEMINI_VERTEX_ENABLED=true`), you must also configure `GOOGLE_SERVICE_KEY_FILE` with a service account that has the `Vertex AI User` role. No API key is required. + ### OpenAI See: [OpenAI Setup](/docs/configuration/pre_configured_ai/openai) @@ -732,6 +778,16 @@ See detailed instructions here: **[Wolfram Alpha](/docs/configuration/tools/wolf ]} /> +### OpenWeather + +See detailed instructions here: **[OpenWeather](/docs/configuration/tools/openweather)** + + + +> **Note:** When using the default Docker setup, the `.env` file is shared between LibreChat and the RAG API. For complete configuration options, see the [RAG API documentation](/docs/configuration/rag_api). + +## Speech to Text & Text to Speech + +Configure Speech-to-Text (STT) and Text-to-Speech (TTS) services. See: **[Speech Settings](/docs/configuration/stt_tts)** + + + ## User System This section contains the configuration for: @@ -1130,6 +1227,9 @@ For more information: ['OPENID_IMAGE_URL', 'string', 'The URL of the OpenID login button image.','OPENID_IMAGE_URL='], ['OPENID_USE_END_SESSION_ENDPOINT', 'string', 'Whether to use the Issuer End Session Endpoint as a Logout Redirect','OPENID_USE_END_SESSION_ENDPOINT=TRUE'], ['OPENID_AUTO_REDIRECT', 'boolean', 'Whether to automatically redirect to the OpenID provider.','OPENID_AUTO_REDIRECT=true'], + ['OPENID_USE_PKCE', 'boolean', 'Use PKCE (Proof Key for Code Exchange) for OpenID authentication.','# OPENID_USE_PKCE=true'], + ['OPENID_POST_LOGOUT_REDIRECT_URI', 'string', 'Redirect URI after OpenID logout. Defaults to ${DOMAIN_CLIENT}/login.','# OPENID_POST_LOGOUT_REDIRECT_URI='], + ['OPENID_CLOCK_TOLERANCE', 'number', 'Clock tolerance in seconds for token validation. Default: 300.','# OPENID_CLOCK_TOLERANCE=300'], ['OPENID_GENERATE_NONCE', 'boolean', 'Force the OpenID client to generate a nonce parameter. Required by some identity providers like AWS Cognito (especially with federation) and Authentik.','OPENID_GENERATE_NONCE=true'], ['DEBUG_OPENID_REQUESTS', 'boolean', 'Enable detailed logging of OpenID request headers. When disabled (default), only request URLs are logged at debug level. When enabled, request headers are also logged (with sensitive data masked) for deeper debugging of authentication issues.','DEBUG_OPENID_REQUESTS=false'], ]} @@ -1271,6 +1371,36 @@ For more information: **[LDAP/AD Authentication](/docs/configuration/authenticat 'Enable LDAP StartTLS for upgrading the connection to TLS. Set to true to enable this feature.', 'LDAP_STARTTLS=true', ], + [ + 'LDAP_LOGIN_USES_USERNAME', + 'boolean', + 'Use username instead of email for LDAP login.', + '# LDAP_LOGIN_USES_USERNAME=true', + ], + [ + 'LDAP_ID', + 'string', + 'LDAP attribute for unique user ID. Default: uid or sAMAccountName, mail.', + '# LDAP_ID=uid', + ], + [ + 'LDAP_USERNAME', + 'string', + 'LDAP attribute for username. Default: givenName or mail.', + '# LDAP_USERNAME=givenName', + ], + [ + 'LDAP_EMAIL', + 'string', + 'LDAP attribute for email. Default: mail.', + '# LDAP_EMAIL=userPrincipalName', + ], + [ + 'LDAP_FULL_NAME', + 'string', + 'LDAP attribute(s) for full name. Can be comma-separated. Default: givenName + surname.', + '# LDAP_FULL_NAME=givenName,surname', + ], ]} /> @@ -1339,6 +1469,45 @@ See: **[Firebase CDN Configuration](/docs/configuration/cdn/firebase)** ]} /> +### Amazon S3 CDN + +See: **[Amazon S3 CDN Configuration](/docs/configuration/cdn/s3)** + + +If you are using S3 as your file storage strategy, make sure to set the `file_strategy` option to `s3` in your `librechat.yaml` configuration file. + + + + +> **Note:** Use either `AZURE_STORAGE_CONNECTION_STRING` (Option A) or `AZURE_STORAGE_ACCOUNT_NAME` with Managed Identity (Option B), not both. + ### UI #### Help and FAQ Button @@ -1445,6 +1614,7 @@ For detailed configuration and examples, see: **[Redis Configuration Guide](/doc -Here are some notable configurations: - -- `RAG_OPENAI_API_KEY`: The API key for OpenAI API Embeddings (if using default settings). - - Note: `OPENAI_API_KEY` will work but `RAG_OPENAI_API_KEY` will override it in order to not conflict with the LibreChat credential. -- `RAG_PORT`: The port number where the API server will run. Defaults to port 8000. -- `RAG_HOST`: The hostname or IP address where the API server will run. Defaults to "0.0.0.0" -- `COLLECTION_NAME`: The name of the collection in the vector store. Default is "testcollection". -- `RAG_USE_FULL_CONTEXT`: (Optional) Set to "True" to fetch entire context of the file(s) uploaded/referenced into the conversation. Default value is "false" which means it fetches only the top 4 results (top_k=4) of the file based on the user's message. -- `CHUNK_SIZE`: The size of the chunks for text processing. Default is "1500". -- `CHUNK_OVERLAP`: The overlap between chunks during text processing. Default is "100". -- `EMBEDDINGS_PROVIDER`: The embeddings provider to use. Options are "openai", "azure", "huggingface", "huggingfacetei", or "ollama". Default is "openai". -- `EMBEDDINGS_MODEL`: The specific embeddings model to use from the configured provider. Default is dependent on the provider; for "openai", the model is "text-embedding-3-small". -- `OLLAMA_BASE_URL`: It should be provided if RAG API runs in docker and usually is `http://host.docker.internal:11434`. - -There are several more configuration options. +### Environment Variables + + + +> **Note:** `OPENAI_API_KEY` will work for RAG embeddings, but `RAG_OPENAI_API_KEY` will override it to avoid credential conflicts. For a complete list and their descriptions, please refer to the [RAG API repo.](https://github.com/danny-avila/rag_api/) diff --git a/pages/docs/configuration/stt_tts.mdx b/pages/docs/configuration/stt_tts.mdx index faa0977bc..78019d881 100644 --- a/pages/docs/configuration/stt_tts.mdx +++ b/pages/docs/configuration/stt_tts.mdx @@ -11,7 +11,21 @@ The Google Cloud STT/TTS and Deepgram services are being planned for future inte ## Speech Introduction -The Speech Configuration includes settings for both Speech-to-Text (STT) and Text-to-Speech (TTS) under a unified `speech:` section. Additionally, there is a new `speechTab` menu for user-specific settings +The Speech Configuration includes settings for both Speech-to-Text (STT) and Text-to-Speech (TTS) under a unified `speech:` section. Additionally, there is a new `speechTab` menu for user-specific settings. + +### Environment Variables + +When using cloud-based STT/TTS services, you'll need to set API keys in your `.env` file: + +```bash filename=".env" +# Speech-to-Text API key (e.g., OpenAI Whisper) +STT_API_KEY=your-stt-api-key + +# Text-to-Speech API key (e.g., OpenAI TTS, ElevenLabs) +TTS_API_KEY=your-tts-api-key +``` + +These keys are then referenced in your `librechat.yaml` configuration using `${STT_API_KEY}` and `${TTS_API_KEY}`. ## Speech Tab (optional) From 9bdfcca37cc1881b0c0d72fc06e0b543efce55e8 Mon Sep 17 00:00:00 2001 From: Danny Avila Date: Wed, 28 Jan 2026 11:55:40 -0500 Subject: [PATCH 06/10] docs: enhance configuration documentation for logging, file upload, and speech features, including rate limiting options and environment variable references --- pages/docs/configuration/dotenv.mdx | 74 +++++ .../librechat_yaml/object_structure/_meta.ts | 2 + .../object_structure/config.mdx | 123 ++++--- .../object_structure/interface.mdx | 100 ++++++ .../object_structure/speech.mdx | 311 ++++++++++++++++++ pages/docs/configuration/stt_tts.mdx | 2 + 6 files changed, 562 insertions(+), 50 deletions(-) create mode 100644 pages/docs/configuration/librechat_yaml/object_structure/speech.mdx diff --git a/pages/docs/configuration/dotenv.mdx b/pages/docs/configuration/dotenv.mdx index 38cd1a91c..3c1f70ed8 100644 --- a/pages/docs/configuration/dotenv.mdx +++ b/pages/docs/configuration/dotenv.mdx @@ -207,6 +207,7 @@ LibreChat has built-in central logging, see [Logging System](/docs/configuration ['DEBUG_CONSOLE', 'boolean', 'Enable verbose console/stdout logs in the same format as file debug logs.', 'DEBUG_CONSOLE=false'], ['CONSOLE_JSON', 'boolean', 'Enable verbose JSON console/stdout logs suitable for cloud deployments like GCP/AWS.', 'CONSOLE_JSON=false'], ['CONSOLE_JSON_STRING_LENGTH', 'number', 'Configure the truncation size for console/stdout logs, defaults to 255', 'CONSOLE_JSON_STRING_LENGTH=1000'], + ['LIBRECHAT_LOG_DIR', 'string', 'Custom directory for log files. Defaults to /app/logs (Docker) or api/logs (local dev).', '# LIBRECHAT_LOG_DIR=/custom/log/path'], ]} /> @@ -1051,6 +1052,78 @@ Limits how often users can fork conversations to prevent abuse. ]} /> +#### File upload rate limiting + +Limits how often users can upload files to prevent abuse. + +> Note: These can also be configured via `librechat.yaml` in the `rateLimits.fileUploads` section. + +##### IP Limiter: + + + +##### User Limiter: + + + +#### TTS (Text-to-Speech) rate limiting + +Limits how often users can use Text-to-Speech to prevent abuse. + +> Note: These can also be configured via `librechat.yaml` in the `rateLimits.tts` section. + +##### IP Limiter: + + + +##### User Limiter: + + + +#### STT (Speech-to-Text) rate limiting + +Limits how often users can use Speech-to-Text to prevent abuse. + +> Note: These can also be configured via `librechat.yaml` in the `rateLimits.stt` section. + +##### IP Limiter: + + + +##### User Limiter: + + + ### Balance The following feature allows for the management of user balances within the system's endpoints. You have the option to add balances manually, or you may choose to implement a system that accumulates balances automatically for users. If a specific initial balance is defined in the configuration, tokens will be credited to the user's balance automatically when they register. @@ -1534,6 +1607,7 @@ Properly setting cache headers is crucial for optimizing the performance and eff options={[ ['APP_TITLE', 'string', 'App title.','APP_TITLE=LibreChat'], ['CUSTOM_FOOTER', 'string', 'Custom footer.','# CUSTOM_FOOTER="My custom footer"'], + ['TEMP_CHAT_RETENTION_HOURS', 'number', '**Deprecated:** Use `interface.temporaryChatRetention` in librechat.yaml instead. Hours to retain temporary chats. Default: 720 (30 days).','# TEMP_CHAT_RETENTION_HOURS=168'], ]} /> diff --git a/pages/docs/configuration/librechat_yaml/object_structure/_meta.ts b/pages/docs/configuration/librechat_yaml/object_structure/_meta.ts index 159d03222..09d12391c 100644 --- a/pages/docs/configuration/librechat_yaml/object_structure/_meta.ts +++ b/pages/docs/configuration/librechat_yaml/object_structure/_meta.ts @@ -4,6 +4,7 @@ export default { model_specs: 'Model Specs', registration: 'Registration', file_config: 'File Config', + speech: 'Speech (TTS/STT)', transactions: 'Transactions', balance: 'Balance', agents: 'Agents', @@ -11,6 +12,7 @@ export default { mcp_settings: 'MCP Settings', ocr: 'OCR', memory: 'Memory', + web_search: 'Web Search', custom_endpoint: 'Custom Endpoint', custom_params: 'Customize Endpoint Parameters', azure_openai: 'Azure OpenAI', diff --git a/pages/docs/configuration/librechat_yaml/object_structure/config.mdx b/pages/docs/configuration/librechat_yaml/object_structure/config.mdx index 898a44250..a7e27adc1 100644 --- a/pages/docs/configuration/librechat_yaml/object_structure/config.mdx +++ b/pages/docs/configuration/librechat_yaml/object_structure/config.mdx @@ -423,73 +423,33 @@ see also: **Subkeys:** see: [Interface Object Structure](/docs/configuration/librechat_yaml/object_structure/interface) -## temporaryChatRetention - -The `temporaryChatRetention` configuration allows you to customize how long temporary chats are retained before being automatically deleted. This setting applies to all temporary conversations created by users and provides flexible control over data retention policies. - -**Configuration Options:** - - - -**Validation Rules:** -- **Minimum**: 1 hour (prevents immediate deletion) -- **Maximum**: 8760 hours (1 year maximum retention) -- **Default**: 720 hours (30 days) - -**Configuration Methods:** - -1. **Environment Variable**: `TEMP_CHAT_RETENTION_HOURS=168` -2. **LibreChat.yaml**: `interface.temporaryChatRetention: 168` -3. **Priority**: Config file takes precedence over environment variable - -**Example Configuration:** - -```yaml filename="temporaryChatRetention" -interface: - # Retain temporary chats for 7 days (168 hours) - temporaryChatRetention: 168 -``` - -**Common Retention Periods:** -- **1 hour**: `temporaryChatRetention: 1` (minimal retention) -- **24 hours**: `temporaryChatRetention: 24` (1 day) -- **168 hours**: `temporaryChatRetention: 168` (1 week) -- **720 hours**: `temporaryChatRetention: 720` (30 days - default) -- **8760 hours**: `temporaryChatRetention: 8760` (1 year - maximum) - -**Important Notes:** - -- Automatic cleanup occurs via MongoDB TTL (Time To Live) indexes -- Changes apply only to newly created temporary chats -- Existing temporary chats retain their original expiration dates -- Invalid values automatically fallback to the default (720 hours) -- Setting too low values may impact user experience with temporary chats -- This setting only affects temporary chats, not regular conversations - ## modelSpecs **Key:** @@ -658,6 +618,63 @@ mcpServers: see: [MCP Servers Object Structure](/docs/configuration/librechat_yaml/object_structure/mcp_servers) +## speech + +**Key:** + + +**Subkeys:** + + +see: [Speech Object Structure](/docs/configuration/librechat_yaml/object_structure/speech) + +## turnstile + +**Key:** + + +**Subkeys:** + + +see: [Turnstile Object Structure](/docs/configuration/librechat_yaml/object_structure/turnstile) + +## transactions + +**Key:** + + +**Subkeys:** + + +see: [Transactions Object Structure](/docs/configuration/librechat_yaml/object_structure/transactions) + ## Additional links - [AWS Bedrock Object Structure](/docs/configuration/librechat_yaml/object_structure/aws_bedrock) - [Custom Endpoint Object Structure](/docs/configuration/librechat_yaml/object_structure/custom_endpoint) @@ -665,3 +682,9 @@ see: [MCP Servers Object Structure](/docs/configuration/librechat_yaml/object_st - [Assistants Endpoint Object Structure](/docs/configuration/librechat_yaml/object_structure/assistants_endpoint) - [Agents](/docs/configuration/librechat_yaml/object_structure/agents) - [OCR Config Object Structure](/docs/configuration/librechat_yaml/object_structure/ocr) +- [Speech Object Structure](/docs/configuration/librechat_yaml/object_structure/speech) +- [Turnstile Object Structure](/docs/configuration/librechat_yaml/object_structure/turnstile) +- [Transactions Object Structure](/docs/configuration/librechat_yaml/object_structure/transactions) +- [Balance Object Structure](/docs/configuration/librechat_yaml/object_structure/balance) +- [Web Search Object Structure](/docs/configuration/librechat_yaml/object_structure/web_search) +- [Memory Object Structure](/docs/configuration/librechat_yaml/object_structure/memory) diff --git a/pages/docs/configuration/librechat_yaml/object_structure/interface.mdx b/pages/docs/configuration/librechat_yaml/object_structure/interface.mdx index 60f64cd7f..d11578265 100644 --- a/pages/docs/configuration/librechat_yaml/object_structure/interface.mdx +++ b/pages/docs/configuration/librechat_yaml/object_structure/interface.mdx @@ -6,6 +6,7 @@ The `interface` object allows for customization of various user interface elemen These are fields under `interface`: + - `endpointsMenu` - `mcpServers` - `privacyPolicy` - `termsOfService` @@ -15,13 +16,18 @@ These are fields under `interface`: - `presets` - `prompts` - `bookmarks` + - `memories` - `multiConvo` - `agents` + - `temporaryChat` + - `temporaryChatRetention` - `customWelcome` - `runCode` - `webSearch` - `fileSearch` - `fileCitations` + - `peoplePicker` + - `marketplace` **Notes:** @@ -75,6 +81,25 @@ interface: fileCitations: true ``` +## endpointsMenu + +Controls the visibility of the endpoints menu dropdown in the chat interface. + +**Key:** + + +**Default:** `true` + +**Example:** +```yaml filename="interface / endpointsMenu" +interface: + endpointsMenu: false +``` + ## mcpServers **Key:** @@ -284,6 +309,25 @@ interface: bookmarks: true ``` +## memories + +**Key:** + + +**Default:** `true` + +**Note:** This controls the UI visibility of the memories feature. For detailed memory behavior configuration (token limits, personalization, agent settings), see the [Memory Configuration](/docs/configuration/librechat_yaml/object_structure/memory). + +**Example:** +```yaml filename="interface / memories" +interface: + memories: true +``` + ## multiConvo **Key:** @@ -340,6 +384,62 @@ interface: public: false ``` +## temporaryChat + +Controls whether the temporary chat feature is available to users. Temporary chats are not saved to conversation history and are automatically deleted after a configurable retention period. + +**Key:** + + +**Default:** `true` + +**Note:** The retention period for temporary chats can be configured using `temporaryChatRetention`. + +**Example:** +```yaml filename="interface / temporaryChat" +interface: + temporaryChat: true +``` + +## temporaryChatRetention + +The `temporaryChatRetention` configuration allows you to customize how long temporary chats are retained before being automatically deleted. + +**Key:** + + +**Validation Rules:** +- **Minimum**: 1 hour (prevents immediate deletion) +- **Maximum**: 8760 hours (1 year maximum retention) +- **Default**: 720 hours (30 days) + +**Configuration Methods:** +1. **LibreChat.yaml** (recommended): `interface.temporaryChatRetention: 168` +2. **Environment Variable** (deprecated): `TEMP_CHAT_RETENTION_HOURS=168` + +> **Note:** The environment variable `TEMP_CHAT_RETENTION_HOURS` is deprecated. Please use the `interface.temporaryChatRetention` config option in `librechat.yaml` instead. The config file value takes precedence over the environment variable. + +**Example:** +```yaml filename="interface / temporaryChatRetention" +interface: + temporaryChatRetention: 168 # Retain temporary chats for 7 days +``` + +**Common Retention Periods:** +- **1 hour**: `temporaryChatRetention: 1` (minimal retention) +- **24 hours**: `temporaryChatRetention: 24` (1 day) +- **168 hours**: `temporaryChatRetention: 168` (1 week) +- **720 hours**: `temporaryChatRetention: 720` (30 days - default) +- **8760 hours**: `temporaryChatRetention: 8760` (1 year - maximum) + ## customWelcome **Key:** diff --git a/pages/docs/configuration/librechat_yaml/object_structure/speech.mdx b/pages/docs/configuration/librechat_yaml/object_structure/speech.mdx new file mode 100644 index 000000000..02315ae43 --- /dev/null +++ b/pages/docs/configuration/librechat_yaml/object_structure/speech.mdx @@ -0,0 +1,311 @@ +# Speech Configuration + +## Overview + +The `speech` object allows you to configure Text-to-Speech (TTS) and Speech-to-Text (STT) providers directly in your `librechat.yaml` configuration file. This enables server-side speech services without requiring users to configure their own API keys. + +**Fields under `speech`:** + +- `tts` - Text-to-Speech provider configurations +- `stt` - Speech-to-Text provider configurations +- `speechTab` - Default UI settings for speech features + +**Notes:** + +- Multiple providers can be configured simultaneously +- Users can select their preferred provider from the available options +- API keys in the config file should use environment variable references for security + +## Example + +```yaml filename="speech" +speech: + tts: + openai: + apiKey: "${TTS_API_KEY}" + model: "tts-1" + voices: ["alloy", "echo", "fable", "onyx", "nova", "shimmer"] + elevenlabs: + apiKey: "${ELEVENLABS_API_KEY}" + model: "eleven_multilingual_v2" + voices: ["voice-id-1", "voice-id-2"] + stt: + openai: + apiKey: "${STT_API_KEY}" + model: "whisper-1" + speechTab: + conversationMode: true + advancedMode: false + speechToText: true + textToSpeech: true +``` + +--- + +## tts + +The `tts` object configures Text-to-Speech providers. Multiple providers can be configured, and users can choose which one to use. + +### openai + +OpenAI TTS configuration using models like `tts-1` or `tts-1-hd`. + + + +**Example:** +```yaml filename="speech / tts / openai" +tts: + openai: + apiKey: "${TTS_API_KEY}" + model: "tts-1" + voices: ["alloy", "echo", "fable", "onyx", "nova", "shimmer"] +``` + +### azureOpenAI + +Azure OpenAI TTS configuration. + + + +**Example:** +```yaml filename="speech / tts / azureOpenAI" +tts: + azureOpenAI: + instanceName: "my-azure-instance" + apiKey: "${AZURE_TTS_API_KEY}" + deploymentName: "tts-deployment" + apiVersion: "2024-02-15-preview" + model: "tts-1" + voices: ["alloy", "echo", "nova"] +``` + +### elevenlabs + +ElevenLabs TTS configuration for high-quality voice synthesis. + + + +**voice_settings Sub-keys:** + + +**Example:** +```yaml filename="speech / tts / elevenlabs" +tts: + elevenlabs: + apiKey: "${ELEVENLABS_API_KEY}" + model: "eleven_multilingual_v2" + voices: ["21m00Tcm4TlvDq8ikWAM", "AZnzlk1XvdvUeBnXmlld"] + voice_settings: + stability: 0.5 + similarity_boost: 0.75 + use_speaker_boost: true +``` + +### localai + +LocalAI TTS configuration for self-hosted speech synthesis. + + + +**Example:** +```yaml filename="speech / tts / localai" +tts: + localai: + url: "http://localhost:8080" + voices: ["en-us-amy-low", "en-us-danny-low"] + backend: "piper" +``` + +--- + +## stt + +The `stt` object configures Speech-to-Text providers. + +### openai + +OpenAI Whisper STT configuration. + + + +**Example:** +```yaml filename="speech / stt / openai" +stt: + openai: + apiKey: "${STT_API_KEY}" + model: "whisper-1" +``` + +### azureOpenAI + +Azure OpenAI Whisper STT configuration. + + + +**Example:** +```yaml filename="speech / stt / azureOpenAI" +stt: + azureOpenAI: + instanceName: "my-azure-instance" + apiKey: "${AZURE_STT_API_KEY}" + deploymentName: "whisper-deployment" + apiVersion: "2024-02-15-preview" +``` + +--- + +## speechTab + +The `speechTab` object configures default UI settings for speech features. These settings control what users see by default in the speech settings panel. + + + +### speechToText (Object format) + +When using an object instead of a boolean: + + + +### textToSpeech (Object format) + +When using an object instead of a boolean: + + + +**Example:** +```yaml filename="speech / speechTab" +speechTab: + conversationMode: false + advancedMode: false + speechToText: + engineSTT: "openai" + autoTranscribeAudio: true + decibelValue: -45 + textToSpeech: + engineTTS: "openai" + voice: "nova" + automaticPlayback: false + playbackRate: 1.0 + cacheTTS: true +``` + +--- + +## Complete Example + +```yaml filename="librechat.yaml" +version: 1.2.9 +cache: true + +speech: + tts: + openai: + apiKey: "${TTS_API_KEY}" + model: "tts-1-hd" + voices: ["alloy", "echo", "fable", "onyx", "nova", "shimmer"] + elevenlabs: + apiKey: "${ELEVENLABS_API_KEY}" + model: "eleven_multilingual_v2" + voices: ["21m00Tcm4TlvDq8ikWAM", "AZnzlk1XvdvUeBnXmlld"] + voice_settings: + stability: 0.5 + similarity_boost: 0.75 + stt: + openai: + apiKey: "${STT_API_KEY}" + model: "whisper-1" + speechTab: + conversationMode: false + advancedMode: false + speechToText: true + textToSpeech: + engineTTS: "openai" + voice: "nova" + automaticPlayback: false +``` + +--- + +## Notes + +- Always use environment variable references (e.g., `${API_KEY}`) for API keys in configuration files +- Multiple TTS providers can be configured; users select their preferred option in the UI +- The `speechTab` settings define defaults that users can override in their personal settings +- For detailed feature documentation, see [Speech to Text & Text to Speech](/docs/configuration/stt_tts) diff --git a/pages/docs/configuration/stt_tts.mdx b/pages/docs/configuration/stt_tts.mdx index 78019d881..3cea6434c 100644 --- a/pages/docs/configuration/stt_tts.mdx +++ b/pages/docs/configuration/stt_tts.mdx @@ -13,6 +13,8 @@ The Google Cloud STT/TTS and Deepgram services are being planned for future inte The Speech Configuration includes settings for both Speech-to-Text (STT) and Text-to-Speech (TTS) under a unified `speech:` section. Additionally, there is a new `speechTab` menu for user-specific settings. +> **See Also:** For detailed YAML configuration schema and all available options, see the [Speech Object Structure](/docs/configuration/librechat_yaml/object_structure/speech) documentation. + ### Environment Variables When using cloud-based STT/TTS services, you'll need to set API keys in your `.env` file: From c2620c48a4104342bfed535578ba57086a518f00 Mon Sep 17 00:00:00 2001 From: Danny Avila Date: Wed, 28 Jan 2026 17:21:01 -0500 Subject: [PATCH 07/10] docs: update changelog for v0.8.2 to reflect major accessibility improvements and new resumable LLM streams feature --- components/changelog/content/v0.8.2.mdx | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/components/changelog/content/v0.8.2.mdx b/components/changelog/content/v0.8.2.mdx index 3a35dabef..ba00ce056 100644 --- a/components/changelog/content/v0.8.2.mdx +++ b/components/changelog/content/v0.8.2.mdx @@ -2,10 +2,8 @@ ## ๐Ÿž๏ธ Highlights -Major features and improvements since [v0.8.1](https://www.librechat.ai/changelog/v0.8.1) - -### ๐Ÿ‘ Major Accessibility Overhaul -Extensive improvements to meet WCAG standards with better screen reader support, keyboard navigation, focus management, and contrast ratios across the entire application. +### ๐ŸŒŠ Resumable LLM Streams with Horizontal Scaling +Cross-replica support for resumable streams in Redis mode, enabling seamless horizontal scaling for production deployments. ### ๐Ÿ—๏ธ Dynamic MCP Server Management Add, configure, and share MCP servers directly from the UI with full access control. Includes API key authentication support, domain restrictions for remote transports, and improved OAuth handling. @@ -13,12 +11,12 @@ Add, configure, and share MCP servers directly from the UI with full access cont ### ๐Ÿ“Œ Pin Your Favorites Pin frequently used agents and models to the sidebar for quick access. -### ๐ŸŒŠ Resumable LLM Streams with Horizontal Scaling -Cross-replica support for resumable streams in Redis mode, enabling seamless horizontal scaling for production deployments. - ### ๐Ÿ“Š Inline Mermaid Diagrams Render Mermaid diagrams inline within chat messages with enhanced UX and focus rendering. +### ๐Ÿ‘ Major Accessibility Overhaul +Extensive improvements to meet WCAG standards with better screen reader support, keyboard navigation, focus management, and contrast ratios across the entire application. + ### ๐Ÿค– New Model & Provider Support - **Moonshot Kimi K2** Bedrock support - **Anthropic Beta** support for Bedrock From 746cdb7efaf84967042052c33835c4b8ff3c39a0 Mon Sep 17 00:00:00 2001 From: Danny Avila Date: Wed, 28 Jan 2026 17:34:17 -0500 Subject: [PATCH 08/10] docs: update changelog for v1.3.3 to include link to promptCache model specs documentation --- components/changelog/content/config_v1.3.3.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/components/changelog/content/config_v1.3.3.mdx b/components/changelog/content/config_v1.3.3.mdx index 9559757c6..9d749d2ae 100644 --- a/components/changelog/content/config_v1.3.3.mdx +++ b/components/changelog/content/config_v1.3.3.mdx @@ -40,3 +40,4 @@ - Bedrock `promptCache` parameter now defaults to `true` for Claude and Nova models - Automatically enables prompt caching for supported Bedrock models - Can be explicitly disabled by setting `promptCache: false` + - See [Model Specs - promptCache](/docs/configuration/librechat_yaml/object_structure/model_specs#promptcache) for details From 588754a4e3fae00ca442cb36b044ef9318331475 Mon Sep 17 00:00:00 2001 From: Danny Avila Date: Wed, 28 Jan 2026 17:36:44 -0500 Subject: [PATCH 09/10] docs: enhance SSRF protection documentation for allowedDomains configuration in actions and MCP settings --- .../changelog/content/config_v1.3.3.mdx | 7 ++++--- .../object_structure/actions.mdx | 19 ++++++++++++++---- .../object_structure/mcp_settings.mdx | 20 ++++++++++++++----- 3 files changed, 34 insertions(+), 12 deletions(-) diff --git a/components/changelog/content/config_v1.3.3.mdx b/components/changelog/content/config_v1.3.3.mdx index 9d749d2ae..f8a4aa015 100644 --- a/components/changelog/content/config_v1.3.3.mdx +++ b/components/changelog/content/config_v1.3.3.mdx @@ -10,10 +10,11 @@ - See [Interface Configuration](/docs/configuration/librechat_yaml/object_structure/interface#mcpservers) for details - Enhanced SSRF protection for `actions.allowedDomains` and `mcpSettings.allowedDomains` - - If not configured, SSRF targets are blocked by default (localhost, private IPs, `.internal`/`.local` TLDs) - - To allow internal targets, you must explicitly add them to `allowedDomains` + - When not configured: SSRF targets are blocked by default, all other domains are allowed + - When configured: Only listed domains are allowed + - Blocked targets include: localhost, private IPs, link-local IPs, `.internal`/`.local` TLDs, and common service names - Supports protocol and port restrictions (e.g., `'https://api.example.com:8443'`) - - See [Actions Configuration](/docs/configuration/librechat_yaml/object_structure/actions#alloweddomains) for details + - See [Actions Configuration](/docs/configuration/librechat_yaml/object_structure/actions#alloweddomains) and [MCP Settings](/docs/configuration/librechat_yaml/object_structure/mcp_settings#alloweddomains) for details - Added `guardrailConfig` to `endpoints.bedrock` for AWS Bedrock Guardrails support - Configure `guardrailIdentifier` with your guardrail ID diff --git a/pages/docs/configuration/librechat_yaml/object_structure/actions.mdx b/pages/docs/configuration/librechat_yaml/object_structure/actions.mdx index 3ec68bac0..84b7ca420 100644 --- a/pages/docs/configuration/librechat_yaml/object_structure/actions.mdx +++ b/pages/docs/configuration/librechat_yaml/object_structure/actions.mdx @@ -21,19 +21,30 @@ actions: **Key:** -**Required** +**Optional** ### Security Context (SSRF Protection) -By default, LibreChat includes SSRF (Server-Side Request Forgery) protection that **blocks** requests to: +LibreChat includes SSRF (Server-Side Request Forgery) protection with the following behavior: + +**When `allowedDomains` is NOT configured:** +- SSRF-prone targets are **blocked by default** +- All other external domains are **allowed** + +**When `allowedDomains` IS configured:** +- **Only** domains on the list are allowed +- Internal/SSRF targets can be allowed by explicitly adding them to the list + +**Blocked SSRF targets include:** - **Localhost** addresses (`localhost`, `127.0.0.1`, `::1`) - **Private IP ranges** (`10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) -- **Link-local addresses** (`169.254.0.0/16`) +- **Link-local addresses** (`169.254.0.0/16`, includes cloud metadata IPs) - **Internal TLDs** (`.internal`, `.local`, `.localhost`) +- **Common internal service names** (`redis`, `mongodb`, `postgres`, `api`, etc.) If your actions need to access internal services, you **must explicitly add them** to `allowedDomains`. diff --git a/pages/docs/configuration/librechat_yaml/object_structure/mcp_settings.mdx b/pages/docs/configuration/librechat_yaml/object_structure/mcp_settings.mdx index 71d54608d..76545097a 100644 --- a/pages/docs/configuration/librechat_yaml/object_structure/mcp_settings.mdx +++ b/pages/docs/configuration/librechat_yaml/object_structure/mcp_settings.mdx @@ -23,20 +23,30 @@ mcpSettings: ### Security Context (SSRF Protection) -By default, LibreChat includes SSRF (Server-Side Request Forgery) protection that **blocks** MCP servers from connecting to: +LibreChat includes SSRF (Server-Side Request Forgery) protection with the following behavior: + +**When `allowedDomains` is NOT configured:** +- SSRF-prone targets are **blocked by default** +- All other external domains are **allowed** + +**When `allowedDomains` IS configured:** +- **Only** domains on the list are allowed +- Internal/SSRF targets can be allowed by explicitly adding them to the list + +**Blocked SSRF targets include:** - **Localhost** addresses (`localhost`, `127.0.0.1`, `::1`) - **Private IP ranges** (`10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) -- **Link-local addresses** (`169.254.0.0/16`) +- **Link-local addresses** (`169.254.0.0/16`, includes cloud metadata IPs) - **Internal TLDs** (`.internal`, `.local`, `.localhost`) -- **Local Docker domains** (e.g., `mcp-server`, `host.docker.internal`) +- **Common internal service names** (`redis`, `mongodb`, `postgres`, `api`, `rag_api`, etc.) -If your MCP servers need to connect to internal services, you **must explicitly add them** to `allowedDomains`. +If your MCP servers need to connect to internal services or Docker containers, you **must explicitly add them** to `allowedDomains`. ### Pattern Formats From 0ad1f7cfd6b2d64c574f2c887746a66a43d07aa3 Mon Sep 17 00:00:00 2001 From: Danny Avila Date: Wed, 28 Jan 2026 17:37:15 -0500 Subject: [PATCH 10/10] docs: update release date for Config v1.3.3 in changelog --- pages/changelog/config_v1.3.3.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/changelog/config_v1.3.3.mdx b/pages/changelog/config_v1.3.3.mdx index 73b869c86..253d70ef1 100644 --- a/pages/changelog/config_v1.3.3.mdx +++ b/pages/changelog/config_v1.3.3.mdx @@ -1,5 +1,5 @@ --- -date: 2026/01/17 +date: 2026/01/28 title: โš™๏ธ Config v1.3.3 ---