LibreChat
LibreChat supports custom OpenAI-compatible endpoints via librechat.yaml. Its placeholder substitution system lets you forward the logged-in user's email to CoreCube on every request — no special header mode needs to be enabled on the LibreChat side.
Prerequisites
- CoreCube running and accessible from your LibreChat instance
- LibreChat with a
librechat.yamlconfiguration file - An admin account on CoreCube
Step 1 — Create a service API key
In the CoreCube admin console, go to Settings → API Keys and create a new key:
| Field | Value |
|---|---|
| Key Name | LibreChat Production (or any label) |
| Key Type | Service — proxy app |
| Integration | Generic |
| Owner User | Select an admin user as key owner |
| Auto-provision users | Enable if you want CoreCube to create accounts automatically for new LibreChat users |
| Default scope | Select the scope new users should receive (required when auto-provision is on) |
Save the key — copy the raw value now, it is shown only once.
LibreChat lets you choose the header name yourself. The Generic preset uses X-Cube-User, which LibreChat populates with the user's email via the {{LIBRECHAT_USER_EMAIL}} placeholder.
Step 2 — Configure librechat.yaml
Add CoreCube as a custom endpoint in your librechat.yaml. The key line is the X-Cube-User header with the {{LIBRECHAT_USER_EMAIL}} placeholder — LibreChat replaces this with the logged-in user's email on every request.
endpoints:
custom:
- name: 'CoreCube'
apiKey: 'cc_YOUR_SERVICE_KEY'
baseURL: 'http://corecube:7400/v1'
models:
default: ['claude-sonnet-4-5']
fetch: true
headers:
X-Cube-User: '{{LIBRECHAT_USER_EMAIL}}'
titleConvo: true
titleModel: 'claude-sonnet-4-5'
summarize: false
summaryModel: 'claude-sonnet-4-5'
forcePrompt: false
modelDisplayLabel: 'CoreCube'
Replace cc_YOUR_SERVICE_KEY with the key from Step 1, and adjust baseURL to match your setup.
With fetch: true, LibreChat calls GET /v1/models and receives a single model named after your CoreCube instance (default CoreCube). The default model name you list is only a display label — the upstream LLM that answers each request is chosen by CoreCube's own routing, not selected in LibreChat.
LibreChat supports additional user fields as placeholders:
| Placeholder | Value |
|---|---|
{{LIBRECHAT_USER_EMAIL}} | User's email address (recommended) |
{{LIBRECHAT_USER_ID}} | Internal LibreChat user ID |
{{LIBRECHAT_USER_NAME}} | Display name |
{{LIBRECHAT_USER_USERNAME}} | Username |
Use {{LIBRECHAT_USER_EMAIL}} — CoreCube matches users by email.
Step 3 — Ensure users exist in CoreCube
CoreCube resolves the user from the forwarded email. Each LibreChat user must have a matching account in CoreCube with the same email address.
Option A — Manual: Create users in CoreCube admin (Settings → Users) with matching email addresses.
Option B — Auto-provision: Enable the auto-provision toggle on the service key (Step 1). New users are created automatically on their first query.
Auto-provisioned users receive a no_access role and the default scope only. They cannot log into the CoreCube admin console. Adjust their scope and role in CoreCube admin after provisioning if needed.
Step 4 — Assign knowledge scopes
In CoreCube admin, go to Access Control → Scopes and assign each user to the appropriate scope. Users without a scope assignment will receive empty search results.
How it works end-to-end
Alice logs into LibreChat
→ sends a chat message
→ LibreChat calls POST /v1/chat/completions
with: Authorization: Bearer cc_SERVICE_KEY
X-Cube-User: alice@company.com ← injected from {{LIBRECHAT_USER_EMAIL}}
→ CoreCube resolves alice, applies her scopes
→ searches only compartments alice can access
→ returns cited response
Troubleshooting
"User not found" errors
The email in LibreChat does not match any CoreCube user. Check that the {{LIBRECHAT_USER_EMAIL}} placeholder is correctly placed in librechat.yaml under headers, not parameters.
Placeholder not substituted (literal {{LIBRECHAT_USER_EMAIL}} sent)
LibreChat version is too old, or librechat.yaml is not being loaded. Check that your LibreChat instance is reading the config file and is at a version that supports user field placeholders.
Requests fail with 400 MISSING_USER
The headers block is missing or misconfigured, so no X-Cube-User value reaches CoreCube. A service key with no forwarded identity is rejected with 400 MISSING_USER ("Service keys require X-Cube-User header") rather than returning shared results. Confirm the X-Cube-User header is present under headers and that the {{LIBRECHAT_USER_EMAIL}} placeholder is substituting correctly.