fix: add missing /sessions/{session_id}/objects/{file_id} endpoint for LibreChat file freshness check

[gafda]

Problem

LibreChat's getSessionInfo (in process.js) calls GET /sessions/{session_id}/objects/{file_id}?kind=user&id={userId} to verify whether previously-uploaded files are still active in the code environment before priming them into the sandbox.

KubeCodeRun lacked this route entirely, so every call returned 404. This caused LibreChat to treat every file as expired, triggering a re-upload cycle on every turn. Users experienced repeated "you haven't uploaded any file" errors and had to retry messages multiple times until the session state aligned.

Fix

Added GET /sessions/{session_id}/objects/{file_id} endpoint that returns { name, lastModified }, satisfying LibreChat's freshness check. The endpoint:

• Looks up the file in the session's storage (Redis metadata)
• Returns the session's last_activity timestamp for active sessions (matching the existing /files/{session_id} summary logic)
• Accepts kind, id, version query params for LibreChat compatibility (not enforced server-side)
• Returns 404 only when the file genuinely doesn't exist

Evidence (LibreChat calling this endpoint)

LibreChat's getSessionInfo() in api/server/services/Files/Code/process.js:681 builds:

url: `${baseURL}/sessions/${ref.storage_session_id}/objects/${ref.file_id}${query}`
// query = buildCodeEnvDownloadQuery({ kind, id, version? })
// e.g. ?kind=user&id=677feb476a21a09984bc4b04

This is invoked from two call sites:

1. primeCodeFiles (process.js:933) — checks freshness of every previously-uploaded file before each code execution turn.
2. primeSkillFiles (packages/api/src/agents/skillFiles.ts:118) — checks freshness of skill-primed files.

If the endpoint returns 404 (missing), getSessionInfo returns null, LibreChat treats the file as expired, and attempts a re-upload cycle. With KubeCodeRun lacking this route, every turn triggered this cycle, explaining the repeated "you haven't uploaded any file" error and the flood of 404s in logs.

The checkIfActive() function (process.js:661) checks that lastModified is less than 23 hours old. For active sessions, we return datetime.now(UTC) which always satisfies this constraint.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds a new LibreChat-compatible endpoint GET /sessions/{session_id}/objects/{file_id} that returns file object metadata (notably lastModified) used by LibreChat's getSessionInfo to decide whether to re-upload a file.

Changes:

• New get_session_object route handler in src/api/files.py returning {name, lastModified} and 404 when file missing.
• Accepts (but does not enforce) kind/id/version query params for parity with LibreChat's buildCodeEnvDownloadQuery.
• Unit tests covering existing file, missing file (404), and query param acceptance.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File	Description
src/api/files.py	Adds the new endpoint with session-aware lastModified derivation and 404 fallback.
tests/unit/test_librechat_contract.py	Adds TestGetSessionObject covering success, not-found, and query-param scenarios.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.