🔌 refactor: Decouple bash_tool from Per-User CODE_API_KEY

[danny-avila]

Summary

I decoupled bash_tool registration and skill-file priming from per-user CODE_API_KEY lookups as part of Phase 4 of the Agent Skills umbrella (#12625). LIBRECHAT_CODE_API_KEY is the LibreChat-hosted sandbox service key — a system-level credential, not a per-user secret — so bash_tool is now gated solely on the execute_code capability and the agents library resolves the key from process.env directly.

• Simplified enrichWithSkillConfigurable to drop the loadAuthValues and preResolvedCodeApiKey params and stop injecting codeApiKey into the tool configurable object.
• Updated primeInvokedSkills to read the sandbox key from process.env[EnvVar.CODE_API_KEY] directly; removed codeApiKey and loadAuthValues from PrimeInvokedSkillsDeps.
• Changed the skill-tool file-priming guard in handlers.ts to read the key from env rather than mergedConfigurable.
• Removed the pre-resolution block plus unused EnvVar and loadAuthValues imports from api/server/services/Endpoints/agents/initialize.js; dropped the corresponding args at both call sites.
• Simplified the bash_tool loader in ToolService.js to call createBashExecutionTool({}) — the agents library reads LIBRECHAT_CODE_API_KEY from the environment internally. Removed the "Code execution is not available" placeholder tool.
• Added packages/api/src/agents/skillConfigurable.spec.ts with three focused unit tests pinning the new surface contract.

Out of scope (intentionally untouched): the legacy CodeExecutionTool path in handleTools.js, post-execution file-download callbacks, Programmatic Tool Calling registration, and the per-user execute_code plugin install hook in the frontend.

Change Type

• Bug fix (non-breaking change which fixes an issue)

Testing

Ran the targeted Jest suites from packages/api:

• npx jest src/agents/__tests__/skills.test.ts — 36/36 pass.
• npx jest src/agents/__tests__/initialize.test.ts — 9/9 pass.
• npx jest src/agents/skillConfigurable.spec.ts — 3/3 pass (new).
• npx jest src/agents — 419 pass; the 6 pre-existing failures (summarization e2e and the handlers session-context passthrough tests) exist on the base branch unchanged, verified via git stash comparison. They stem from the parent node_modules having @librechat/agents@3.1.63 installed while the branch expects ^3.1.66-dev.0, not from this change.

Recommended manual verification in a full install:

• With LIBRECHAT_CODE_API_KEY set and execute_code enabled on an agent with a skill → skill invocation runs bash commands and primes files.
• With the env var unset → tool creation fails loudly via the agents library's own error, no crash.
• With execute_code disabled → bash_tool is absent from the definitions (unchanged behavior).

Test Configuration:

• Node 20.19.x / npm workspaces
• Base branch: feat/agent-skills (HEAD 08d02c1dc)

Checklist

• My code adheres to this project's style guidelines
• I have performed a self-review of my own code
• My changes do not introduce new warnings
• I have written tests demonstrating that my changes are effective or that my feature works
• Local unit tests pass with my changes

[danny-avila]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 50bb359682

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Enforce execute_code capability before priming skill files

This path now primes skill files whenever LIBRECHAT_CODE_API_KEY is present in the server environment, but it no longer checks whether code execution is enabled for the run/agent. In deployments where skills are enabled but execute_code is intentionally disabled, invoking a file-backed skill will still upload files to the code sandbox, causing unintended data egress and background code-env activity. Please gate this branch on the same execute-code capability signal used when registering bash_tool.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Skip history file re-priming when execute_code is disabled

primeInvokedSkills now derives the API key directly from process env and will re-prime historical skill files whenever that env var is set, even if the current run does not have code execution enabled. That means conversations can trigger sandbox uploads during history reconstruction despite bash_tool being unavailable for the agent, which is both unnecessary and a data-scope regression. Add an execute-code capability gate before entering the priming/upload path.

Useful? React with 👍 / 👎.