LibreChat/api/server/middleware
Danny Avila 376370d610
♻️ refactor: Compute Context Gauge Client-Side, Drop Projection Endpoint (#13953)
* ♻️ refactor: Compute Context Gauge Client-Side, Drop Projection Endpoint

The /api/endpoints/context-projection endpoint re-fetched a conversation's
messages from Mongo and re-tokenized them to project the context gauge for
snapshot-less branches. The browser already holds those messages and their
per-message tokenCounts, so this duplicated work on the request path (an
unbounded read + server-side BPE tokenization until it was later capped).

Move the snapshot-less estimate fully client-side, from the in-memory index:

- sumBranch accumulates an uncalibrated char/4 estimate (estTokens) for
  count-less messages (imports / pre-feature) under the same summary cutoff
- useTokenUsage folds estTokens (calibrated via the existing calibrationFamily
  ratio) into the existing fallback; known per-message counts render unchanged
- delete the endpoint, controller, rate limiter, route, the getMessageTextStats
  data-schemas method, and the data-provider surface (endpoint/key/type/service/query)

No DB read, no server tokenization, no rate-limit knobs; the gauge recomputes
reactively from the index. Net -793 lines.

* 🩹 fix: Count quotes and object-form content in client context estimate

Address Codex review on the client-side context estimate:

- messageChars now reads object-form content text (part.text.value), not
  only string text/think, so imported / pre-feature messages whose body
  lives in content parts are no longer estimated as zero.
- Count-less user messages include their merged quote excerpts in the
  estimate, mirroring what the send path prepends into the prompt.

* 🩹 fix: Cap over-window estimate and surface estimated tokens in breakdown

Address remaining Codex review on the client-side context estimate:

- Clamp the snapshot-less estimate's displayed usedTokens to maxTokens. The
  send path prunes an over-window branch before calling the model, so the
  gauge never actually exceeds the window; this avoids impossible values
  (e.g. 50k / 8k) without re-introducing client-side pruning.
- Surface the calibrated count-less estimate as its own "Estimated" row in
  the breakdown popover, so a branch of only count-less imported / pre-feature
  messages is no longer shown as Input 0 / Output 0 under a non-zero header.

* 🩹 fix: Refine client context estimate per Codex re-review

- Drop calibration from the snapshot-less estimate. The removed projection
  never actually calibrated (the client never sent a ratio), and a ratio
  inflated by provider-injected context over-estimates visible imported text.
- Exclude reasoning (think) / error parts from the estimate; the send path
  strips them, so they are not part of the next call's context.
- Fold quote text into the estimate even when a tokenCount is present, since
  the edit route recounts tokenCount from text only and drops the merged quote.

* 🩹 fix: Recount quoted user turns instead of topping up the stored count

The previous round added quote chars on top of a quoted message's stored
tokenCount, which double-counts the common (unedited) case where the count
already includes the merged quote prompt. Match the removed projection
instead: for quoted user turns, ignore the stored count and estimate the
full merged text. This both avoids the double-count and still corrects the
stale text-only count an edit leaves behind.

* 🩹 fix: Trust stored counts for quoted turns; count tool-call parts

- Quoted user turns: revert to trusting a present tokenCount. The send path's
  stored count already includes the merged quote (and any calibration), and
  the client's char/4 path is coarser, so recounting regressed normal turns.
  Only count-less messages estimate quotes from text.
- Count tool-call name/args/output for count-less assistant messages; the
  formatter sends them back as context, so omitting them under-reported
  imported branches with tool history.

* 🩹 fix: Exclude in-flight tail from estimate to avoid resume double-count

On resume the live path seeds liveTokens from the partial response and also
writes that content into the messages cache, where the count-less response
is estimated into estTokens too — double-counting the in-flight output on the
snapshot-less estimate path. sumBranch now exposes the tail message's own
estimate (tailEstTokens); the estimate path drops it while a stream is live,
so the in-flight response is counted once (via liveTokens). The breakdown's
Estimated row uses the same in-flight-adjusted value.

* 🩹 fix: Recount quoted user turns in context estimate (match send path)

A quoted user turn's stored tokenCount is unreliable for the gauge: a
text-only Save edit recomputes it from text alone, and the send path
(needsCanonicalTokenCount in agents/client.js) recounts the quote-merged
prompt every turn regardless of the stored value. Mirror that on the client
— estimate quoted turns from the merged text+quotes and ignore the stored
count — so snapshot-less branches don't under-report by the quote block.
Reverts the earlier "trust the count" assumption, which the server disproves.

* 🧹 chore: Route useResumableSSE diagnostics through the frontend logger

Convert the [ResumableSSE]/[Debug] console.log and console.error diagnostics
to the gated frontend `logger` (client/src/utils/logger), splitting the tag
from the message so object arguments are passed through as real args (logged
expandably, not stringified) and the logs stay tag-filterable and off the
production console unless explicitly enabled. All log statements preserved;
nothing removed.

* 🩹 fix: Prefer content over text when estimating count-less messages

A stopped agent response is saved with both a `text` field and a structured
`content` array, and the send path formats from content. messageChars
early-returned on `text`, dropping the content array (and the tool-call tokens
it carries) from the snapshot-less estimate — also making the tool_call
handling dead for such messages. Prefer content when present, fall back to text.
2026-06-25 15:29:31 -04:00
..
__tests__ 📈 fix: Isolate RUM Telemetry Proxy Auth from App Auth (#13765) 2026-06-15 12:49:44 -04:00
accessResources 🔗 feat: Snapshot Files for Shared-Link Attachments (#13740) 2026-06-20 23:05:13 -04:00
assistants ⚗️ feat: Agent Context Compaction/Summarization (#12287) 2026-03-21 14:28:56 -04:00
config refactor: Short-Circuit Config Override Resolution (#12553) 2026-04-07 22:38:08 -04:00
limiters ♻️ refactor: Compute Context Gauge Client-Side, Drop Projection Endpoint (#13953) 2026-06-25 15:29:31 -04:00
roles ⚗️ feat: Agent Context Compaction/Summarization (#12287) 2026-03-21 14:28:56 -04:00
spec 🧭 fix: Add Base Path Support for Login/Register and Image Paths (#10116) 2025-11-21 11:25:14 -05:00
validate 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
abortMiddleware.js 🛑 refactor: Demote User Abort Logs (#13904) 2026-06-23 09:55:21 -04:00
abortMiddleware.spec.js 🛑 refactor: Demote User Abort Logs (#13904) 2026-06-23 09:55:21 -04:00
abortRun.js 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
buildEndpointOption.js 🧾 fix: Harden Historical File Authorization (#13918) 2026-06-23 15:49:57 -04:00
buildEndpointOption.spec.js 🧾 fix: Harden Historical File Authorization (#13918) 2026-06-23 15:49:57 -04:00
canAccessSharedLink.js 🔗 feat: Add Granular Access Control to Shared Links via ACL System (#13051) 2026-06-03 14:17:17 -04:00
canDeleteAccount.js 📜 feat: Implement System Grants for Capability-Based Authorization (#11896) 2026-03-21 14:28:54 -04:00
canDeleteAccount.spec.js 📜 feat: Implement System Grants for Capability-Based Authorization (#11896) 2026-03-21 14:28:54 -04:00
checkBan.js ♾️ fix: Permanent Ban Cache and Expired Ban Cleanup Defects (#12324) 2026-03-20 12:47:51 -04:00
checkDomainAllowed.js 🪪 fix: Resolve Group-Scoped Config Overrides (#13176) 2026-05-18 10:16:20 -04:00
checkInviteUser.js 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
checkPeoplePickerAccess.js 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
checkPeoplePickerAccess.spec.js 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
checkSharePublicAccess.js 🗝️ fix: Enforce Skill Share Role Permission (#13062) 2026-05-11 09:39:58 -04:00
checkSharePublicAccess.spec.js 🗝️ fix: Enforce Skill Share Role Permission (#13062) 2026-05-11 09:39:58 -04:00
denyRequest.js 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
error.js 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
index.js 📈 fix: Isolate RUM Telemetry Proxy Auth from App Auth (#13765) 2026-06-15 12:49:44 -04:00
logHeaders.js
moderateText.js 🖇️ feat: Reference Selected Chat Text with Multi-Quote Popup (#13868) 2026-06-21 08:33:11 -04:00
noIndex.js
optionalJwtAuth.js 🔐 feat: Mint Code API Auth Tokens (#13028) 2026-05-09 16:09:10 -04:00
optionalShareFileAuth.js 🍪 fix: Validate Shared-File Cookie Auth Against the Live Refresh Session (#13908) 2026-06-23 08:32:28 -04:00
optionalShareFileAuth.spec.js 🍪 fix: Validate Shared-File Cookie Auth Against the Live Refresh Session (#13908) 2026-06-23 08:32:28 -04:00
requireJwtAuth.js 📈 fix: Isolate RUM Telemetry Proxy Auth from App Auth (#13765) 2026-06-15 12:49:44 -04:00
requireLdapAuth.js
requireLocalAuth.js
setHeaders.js
setTwoFactorTempUser.js 🚦 fix: Guard Auth Continuation with Dedicated Limiter (#13555) 2026-06-06 14:21:28 -04:00
uaParser.js
validateImageRequest.js 🍪 refactor: Move OpenID Tokens from Cookies to Server-Side Sessions (#11236) 2026-01-06 15:22:10 -05:00
validateMessageReq.js 🪝 feat: HITL Tool Approval Scaffolding (Slice A) (#12938) 2026-06-24 16:47:16 -04:00
validateModel.js 🏗️ refactor: Remove Redundant Caching, Migrate Config Services to TypeScript (#12466) 2026-03-30 16:49:48 -04:00
validatePasswordReset.js
validateRegistration.js