danny-avila · danny-avila · Mar 21, 2026 · Mar 21, 2026 · Mar 21, 2026 · Mar 21, 2026
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,3 @@
+# Force LF line endings for shell scripts and git hooks (required for cross-platform compatibility)
+.husky/* text eol=lf
+*.sh text eol=lf
diff --git a/.husky/pre-commit b/.husky/pre-commit
@@ -1,2 +1,3 @@
+#!/bin/sh
 [ -n "$CI" ] && exit 0
 npx lint-staged --config ./.husky/lint-staged.config.js
diff --git a/AGENTS.md b/AGENTS.md
@@ -29,6 +29,12 @@ The source code for `@librechat/agents` (major backend dependency, same team) is
 
 ## Code Style
 
+### Naming and File Organization
+
+- **Single-word file names** whenever possible (e.g., `permissions.ts`, `capabilities.ts`, `service.ts`).
+- When multiple words are needed, prefer grouping related modules under a **single-word directory** rather than using multi-word file names (e.g., `admin/capabilities.ts` not `adminCapabilities.ts`).
+- The directory already provides context — `app/service.ts` not `app/appConfigService.ts`.
+
 ### Structure and Clarity
 
 - **Never-nesting**: early returns, flat code, minimal indentation. Break complex operations into well-named helpers.

diff --git a/api/server/index.js b/api/server/index.js
@@ -141,6 +141,7 @@ const startServer = async () => {
   /* API Endpoints */
   app.use('/api/auth', routes.auth);
   app.use('/api/admin', routes.adminAuth);
+  app.use('/api/admin/config', routes.adminConfig);
   app.use('/api/actions', routes.actions);
   app.use('/api/keys', routes.keys);
   app.use('/api/api-keys', routes.apiKeys);

diff --git a/api/server/middleware/config/app.js b/api/server/middleware/config/app.js
@@ -4,7 +4,8 @@ const { getAppConfig } = require('~/server/services/Config');
 const configMiddleware = async (req, res, next) => {
   try {
     const userRole = req.user?.role;
-    req.config = await getAppConfig({ role: userRole });
+    const userId = req.user?.id;
+    req.config = await getAppConfig({ role: userRole, userId });
 
     next();
   } catch (error) {

diff --git a/api/server/routes/admin/config.js b/api/server/routes/admin/config.js
@@ -0,0 +1,36 @@
+const express = require('express');
+const { createAdminConfigHandlers } = require('@librechat/api');
+const { SystemCapabilities } = require('@librechat/data-schemas');
+const {
+  requireCapability,
+  hasConfigCapability,
+} = require('~/server/middleware/roles/capabilities');
+const { requireJwtAuth } = require('~/server/middleware');
+const { signalConfigChange } = require('~/server/services/Config/app');
+const db = require('~/models');
+
+const router = express.Router();
+
+const requireAdminAccess = requireCapability(SystemCapabilities.ACCESS_ADMIN);
+
+const handlers = createAdminConfigHandlers({
+  findConfigByPrincipal: db.findConfigByPrincipal,
+  getApplicableConfigs: db.getApplicableConfigs,
+  upsertConfig: db.upsertConfig,
+  deleteConfig: db.deleteConfig,
+  toggleConfigActive: db.toggleConfigActive,
+  hasConfigCapability,
+  signalConfigChange,
+});
+
+router.use(requireJwtAuth, requireAdminAccess);
+
+router.get('/', handlers.listConfigs);
+router.get('/:principalType/:principalId', handlers.getConfig);
+router.put('/:principalType/:principalId', handlers.upsertConfigOverrides);
+router.patch('/:principalType/:principalId/fields', handlers.patchConfigField);
+router.delete('/:principalType/:principalId/fields', handlers.deleteConfigField);
+router.delete('/:principalType/:principalId', handlers.deleteConfigOverrides);
+router.patch('/:principalType/:principalId/active', handlers.toggleConfig);
+
+module.exports = router;
diff --git a/api/server/routes/index.js b/api/server/routes/index.js
@@ -2,6 +2,7 @@ const accessPermissions = require('./accessPermissions');
 const assistants = require('./assistants');
 const categories = require('./categories');
 const adminAuth = require('./admin/auth');
+const adminConfig = require('./admin/config');
 const endpoints = require('./endpoints');
 const staticRoute = require('./static');
 const messages = require('./messages');
@@ -31,6 +32,7 @@ module.exports = {
   mcp,
   auth,
   adminAuth,
+  adminConfig,
   keys,
   apiKeys,
   user,

diff --git a/api/server/services/Config/app.js b/api/server/services/Config/app.js
@@ -1,12 +1,12 @@
 const { CacheKeys } = require('librechat-data-provider');
-const { logger, AppService } = require('@librechat/data-schemas');
+const { createAppConfigService } = require('@librechat/api');
+const { AppService } = require('@librechat/data-schemas');
 const { loadAndFormatTools } = require('~/server/services/start/tools');
 const loadCustomConfig = require('./loadCustomConfig');
 const { setCachedTools } = require('./getCachedTools');
 const getLogStores = require('~/cache/getLogStores');
 const paths = require('~/config/paths');
-
-const BASE_CONFIG_KEY = '_BASE_';
+const db = require('~/models');
 
 const loadBaseConfig = async () => {
   /** @type {TCustomConfig} */
@@ -20,65 +20,17 @@ const loadBaseConfig = async () => {
   return AppService({ config, paths, systemTools });
 };
 
-/**
- * Get the app configuration based on user context
- * @param {Object} [options]
- * @param {string} [options.role] - User role for role-based config
- * @param {boolean} [options.refresh] - Force refresh the cache
- * @returns {Promise<AppConfig>}
- */
-async function getAppConfig(options = {}) {
-  const { role, refresh } = options;
-
-  const cache = getLogStores(CacheKeys.APP_CONFIG);
-  const cacheKey = role ? role : BASE_CONFIG_KEY;
-
-  if (!refresh) {
-    const cached = await cache.get(cacheKey);
-    if (cached) {
-      return cached;
-    }
-  }
-
-  let baseConfig = await cache.get(BASE_CONFIG_KEY);
-  if (!baseConfig) {
-    logger.info('[getAppConfig] App configuration not initialized. Initializing AppService...');
-    baseConfig = await loadBaseConfig();
-
-    if (!baseConfig) {
-      throw new Error('Failed to initialize app configuration through AppService.');
-    }
-
-    if (baseConfig.availableTools) {
-      await setCachedTools(baseConfig.availableTools);
-    }
-
-    await cache.set(BASE_CONFIG_KEY, baseConfig);
-  }
-
-  // For now, return the base config
-  // In the future, this is where we'll apply role-based modifications
-  if (role) {
-    // TODO: Apply role-based config modifications
-    // const roleConfig = await applyRoleBasedConfig(baseConfig, role);
-    // await cache.set(cacheKey, roleConfig);
-    // return roleConfig;
-  }
-
-  return baseConfig;
-}
-
-/**
- * Clear the app configuration cache
- * @returns {Promise<boolean>}
- */
-async function clearAppConfigCache() {
-  const cache = getLogStores(CacheKeys.CONFIG_STORE);
-  const cacheKey = CacheKeys.APP_CONFIG;
-  return await cache.delete(cacheKey);
-}
+const { getAppConfig, signalConfigChange, clearAppConfigCache } = createAppConfigService({
+  loadBaseConfig,
+  setCachedTools,
+  getCache: getLogStores,
+  cacheKeys: CacheKeys,
+  getApplicableConfigs: db.getApplicableConfigs,
+  getUserPrincipals: db.getUserPrincipals,
+});
 
 module.exports = {
   getAppConfig,
+  signalConfigChange,
   clearAppConfigCache,
 };