* feat: Initial work on security analyzer
* feat: Add remote invariant client
* chore: improve fault tolerance of client
* feat: Add button to enable Invariant Security Analyzer
* [feat] confirmation mode for bash actions
* feat: Add Invariant Tab with security risk outputs
* feat: Add modal setting for Confirmation Mode
* fix: frontend tests for confirmation mode switch
* fix: add missing CONFIRMATION_MODE value in SettingsModal.test.tsx
* fix: update test to integrate new setting
* feat: Initial work on security analyzer
* feat: Add remote invariant client
* chore: improve fault tolerance of client
* feat: Add button to enable Invariant Security Analyzer
* feat: Add Invariant Tab with security risk outputs
* feat: integrate security analyzer with confirmation mode
* feat: improve invariant analyzer tab
* feat: Implement user confirmation for running bash/python code
* fix: don't display rejected actions
* fix: make confirmation show only on assistant messages
* feat: download traces, update policy, implement settings, auto-approve based on defined risk
* Fix: low risk not being shown because it's 0
* fix: duplicate logs in tab
* fix: log duplication
* chore: prepare for merge, remove logging
* Merge confirmation_mode from OpenDevin main
* test: update tests to pass
* chore: finish merging changes, security analyzer now operational again
* feat: document Security Analyzers
* refactor: api, monitor
* chore: lint, fix risk None, revert policy
* fix: check security_risk for None
* refactor: rename instances of invariant to security analyzer
* feat: add /api/options/security-analyzers endpoint
* Move security analyzer from tab to modal
* Temporary fix lock when security analyzer is not chosen
* feat: don't show lock at all when security analyzer is not enabled
* refactor:
- Frontend:
* change type of SECURITY_ANALYZER from bool to string
* add combobox to select SECURITY_ANALYZER, current options are "invariant and "" (no security analyzer)
* Security is now a modal, lock in bottom right is visible only if there's a security analyzer selected
- Backend:
* add close to SecurityAnalyzer
* instantiate SecurityAnalyzer based on provided string from frontend
* fix: update close to be async, to be consistent with other close on resources
* fix: max height of modal (prevent overflow)
* feat: add logo
* small fixes
* update docs for creating a security analyzer module
* fix linting
* update timeout for http client
* fix: move security_analyzer config from agent to session
* feat: add security_risk to browser actions
* add optional remark on combobox
* fix: asdict not called on dataclass, remove invariant dependency
* fix: exclude None values when serializing
* feat: take default policy from invariant-server instead of being hardcoded
* fix: check if policy is None
* update image name
* test: fix some failing runs
* fix: security analyzer tests
* refactor: merge confirmation_mode and security_analyzer into SecurityConfig. Change invariant error message for docker
* test: add tests for invariant parsing actions / observations
* fix: python linting for test_security.py
* Apply suggestions from code review
Co-authored-by: Engel Nyst <enyst@users.noreply.github.com>
* use ActionSecurityRisk | None intead of Optional
* refactor action parsing
* add extra check
* lint parser.py
* test: add field keep_prompt to test_security
* docs: add information about how to enable the analyzer
* test: Remove trailing whitespace in README.md text
---------
Co-authored-by: Mislav Balunovic <mislav.balunovic@gmail.com>
Co-authored-by: Engel Nyst <enyst@users.noreply.github.com>
Co-authored-by: Xingyao Wang <xingyao6@illinois.edu>
* switch default to eventstream runtime
* remove pull docker from makefile
* fix unittest
* fix file store path
* try deprecate server runtime
* remove persist sandbox
* move file utils
* remove server runtime related workflow
* remove unused method
* attempt to remove the reliance on filestore for BE
* fix async for list file
* fix list_files to post
* fix list files
* add suffix to directory
* make sure list file returns abs path;
make sure other backend endpoints accpets abs path
* remove server runtime test workflow
* set git config in runtime
* Remove global config from memory
* Remove runtime global config
* Remove from storage
* Remove global config
* Fix event stream tests
* Fix sandbox issue
* Change config
* Removed transferred tests
* Add swe env box
* Fixes on testing
* Fixed some tests
* Merge with stashed changes
* Fix typing
* Fix ipython test
* Revive function
* Make temp_dir fixture
* Remove test to avoid circular import
* fix eventstream filestore for test_runtime
* fix parse arg issue that cause integration test to fail
* support swebench pull from custom namespace
* add back simple tests for runtime
* move multi-line bash tests to test_runtime;
support multi-line bash for esruntime;
* add testcase to handle PS2 prompt
* use bashlex for bash parsing to handle multi-line commands;
add testcases for multi-line commands
* revert ghcr runtime change
* Apply stash
* fix run as other user;
make test async;
* fix test runtime for run as od
* add run-as-devin to all the runtime tests
* handle the case when username is root
* move all run-as-devin tests from sandbox;
only tests a few cases on different user to save time;
* move over multi-line echo related tests to test_runtime
* fix user-specific jupyter by fixing the pypoetry virtualenv folder
* make plugin's init async;
chdir at initialization of jupyter plugin;
move ipy simple testcase to test runtime;
* support agentskills import in
move tests for jupyter pwd tests;
overload `add_env_vars` for EventStreamRuntime to update env var also in Jupyter;
make agentskills read env var lazily, in case env var is updated;
* fix ServerRuntime agentskills issue
* move agnostic image test to test_runtime
* merge runtime tests in CI
* fix enable auto lint as env var
* update warning message
* update warning message
* test for different container images
* change parsing output as debug
* add exception handling for update_pwd_decorator
* fix unit test indentation
* add plugins as default input to Runtime class;
remove init_sandbox_plugins;
implement add_env_var (include jupyter) in the base class;
* fix server runtime auto lint
* Revert "add exception handling for update_pwd_decorator"
This reverts commit 2b668b1506.
* tries to print debugging info for agentskills
* explictly setting uid (try fix permission issue)
* Revert "tries to print debugging info for agentskills"
This reverts commit 8be4c86756.
* set sandbox user id during testing to hopefully fix the permission issue
* add browser tools for server runtime
* try to debug for old pwd
* update debug cmd
* only test agnostic runtime when TEST_RUNTIME is Server
* fix temp dir mkdir
* load TEST_RUNTIME at the beginning
* remove ipython tests
* only log to file when DEBUG
* default logging to project root
* temporarily remove log to file
* fix LLM logger dir
* fix logger
* make set pwd an optional aux action
* fix prev pwd
* fix infinity recursion
* simplify
* do not import the whole od library to avoid logger folder by jupyter
* fix browsing
* increase timeout
* attempt to fix agentskills yet again
* clean up in testcases, since CI maybe run as non-root
* add _cause attribute for event.id
* remove parent
* add a bunch of debugging statement again for CI :(
* fix temp_dir fixture
* change all temp dir to follow pytest's tmp_path_factory
* remove extra bracket
* clean up error printing a bit
* jupyter chdir to self.config.workspace_mount_path_in_sandbox on initialization
* jupyter chdir to self.config.workspace_mount_path_in_sandbox on initialization
* add typing for tmp dir fixture
* clear the directory before running the test to avoid weird CI temp dir
* remove agnostic test case for server runtime
* Revert "remove agnostic test case for server runtime"
This reverts commit 30e2181c3f.
* disable agnostic tests in CI
* fix test
---------
Co-authored-by: Graham Neubig <neubig@gmail.com>
* update and polish gptq eval
* fix typo
* Update evaluation/gpqa/README.md
Co-authored-by: Graham Neubig <neubig@gmail.com>
* Update evaluation/gpqa/run_infer.py
Co-authored-by: Graham Neubig <neubig@gmail.com>
* add headless mode to all appropriate agent controller call
* delegate set to error when in headless mode
* try to deduplicate a bit
* make headless_mode default to True and only change it to false for AgentSession
---------
Co-authored-by: Graham Neubig <neubig@gmail.com>
* deprecating recall action
* fix integration tests
* fix integration tests
* refractor runtime to use async
* remove search memory
* rename .initialize to .ainit
* draft of runtime image building (separate from img agnostic)
* refractor runtime build into separate file and add unit tests for it
* fix image agnostic tests
* move `split_bash_commands` into a separate util file
* fix bash pexcept parsing for env
* refractor add_env_var from sandbox to runtime;
add test runtime for env var, remove it from sandbox;
* remove unclear comment
* capture broader error
* make `add_env_var` handle multiple export at the same time
* add multi env var test
* fix tests with new config
* make runtime tests a separate ci to avoid full disk
* Update Runtime README with architecture diagram and detailed explanations
* update test
* remove dependency of global config in sandbox test
* fix sandbox typo
* runtime tests does not need ghcr build now
* remove download runtime img
* remove dependency of global config in sandbox test
* fix sandbox typo
* try to free disk before running the tests
* Update opendevin/runtime/client/README.md
Co-authored-by: Yufan Song <33971064+yufansong@users.noreply.github.com>
* Update opendevin/runtime/client/README.md
Co-authored-by: Yufan Song <33971064+yufansong@users.noreply.github.com>
* Update opendevin/runtime/client/README.md
Co-authored-by: Yufan Song <33971064+yufansong@users.noreply.github.com>
* try to reduce code duplication
* Update opendevin/runtime/client/README.md
Co-authored-by: Yufan Song <33971064+yufansong@users.noreply.github.com>
* Update opendevin/runtime/client/README.md
Co-authored-by: Yufan Song <33971064+yufansong@users.noreply.github.com>
* Update opendevin/runtime/client/README.md
Co-authored-by: Yufan Song <33971064+yufansong@users.noreply.github.com>
* Update opendevin/runtime/client/README.md
Co-authored-by: Yufan Song <33971064+yufansong@users.noreply.github.com>
* Update opendevin/runtime/client/README.md
Co-authored-by: Yufan Song <33971064+yufansong@users.noreply.github.com>
* cleanup before setup
* temporarily remove this enable lint test since env var are now handled by runtime
* linter
---------
Co-authored-by: OpenDevin <opendevin@all-hands.dev>
Co-authored-by: Yufan Song <33971064+yufansong@users.noreply.github.com>
* Updated documentation using ruff's autofix feature
* Updated pyproject.toml to include docstring validations
* Updated documentation using ruff's autofix feature
* Updated pyproject.toml to include docstring validations
* Updated docstrings using ruff's autfix feature
* Deleted opendevin/runtime/utils/soource.py, Keeping in sync with main
---------
Co-authored-by: Graham Neubig <neubig@gmail.com>
* support loading a particular runtime class via config.runtime (default to server to not break things)
* move image agnostic util to shared runtime util
* move dependency
* include poetry.lock in sdist
* accept port as arg for client
* make client start server with specified port
* update image agnostic utility for eventstream runtime
* make client and runtime working with REST API
* rename execute_server
* add plugin to initialize stuff inside es-runtime;
cleanup runtime methods to delegate everything to container
* remove redundant ls -alh
* fix jupyter
* improve logging in agnostic sandbox
* improve logging of test function
* add read & edit
* update agnostic sandbox
* support setting work dir at start
* fix file read/write test
* fix unit test
* update tescase
* Fix unit test again
* fix unit test again again
Currently, OpenDevin uses a global singleton LLM config and a global singleton agent config. This PR allows customers to configure an LLM config for each agent. A hypothetically useful scenario is to use a cheaper LLM for repo exploration / code search, and a more powerful LLM to actually do the problem solving (CodeActAgent).
Partially solves #2075 (web GUI improvement is not the goal of this PR)
* refactor: Enhance file handling and code editing functionality
# PR Summary
**refactor: Enhance file handling and code editing functionality**
## PR Description
This pull request includes improvements to file handling, error management, and code editing functionality across multiple files. The changes enhance the robustness, security, and user experience of the application.
### Changes in `listen.py`
1. **Imports and Error Handling**:
- Removed `warnings` import and its usage with `litellm`.
- More consistent use of `JSONResponse` and `HTTPException` for error handling.
2. **WebSocket Endpoint (`/ws`)**:
- Simplified logic for handling events using a single `isinstance` check.
3. **New Endpoint**:
- Added `/api/save-file` POST endpoint for saving file contents.
- Implemented checks for agent state before allowing file edits.
4. **Code Style and Organization**:
- Improved code formatting and organization.
- Refactored some functions for better readability and consistency.
### Changes in `fileService.ts`
1. **Error Handling**:
- Added try-catch blocks to all functions for better error handling and logging.
2. **Input Sanitization**:
- Implemented `encodeURIComponent()` for file names and paths in API requests.
3. **Type Checking**:
- Added type checks for API responses to ensure data format consistency.
4. **File Upload Improvement**:
- Refactored `uploadFiles()` to use `Array.from(files)` instead of a for loop.
5. **New Functionality**:
- Added `saveFile()` function to allow saving file content to a specified path.
### Changes in `CodeEditor.tsx`
1. **New Dependencies**:
- Added imports for state management, UI components, and file operations.
2. **State Management**:
- Introduced new state variables for tracking save status and last saved time.
- Implemented Redux state management for code and agent state.
3. **UI Enhancements**:
- Added a save button with dynamic colors based on save status.
- Implemented a save notification system.
- Added a "Last saved" timestamp display.
4. **File Saving Functionality**:
- Implemented complete file saving feature with error handling and user feedback.
5. **Code Structure**:
- Improved structure with additional hooks and memoized values for optimization.
### Testing Performed
- Manually tested new file saving functionality.
- Verified error handling and user feedback mechanisms.
- Checked integration between backend (`listen.py`) and frontend (`fileService.ts`, `CodeEditor.tsx`).
### Next Steps
- Conduct thorough testing of the file saving feature across different scenarios.
- Update documentation to reflect new file handling capabilities.
- Consider adding unit tests for new functions and components.
* Added Docstrings back
Added Docstrings back
* Fix
# Allow Code Editing in AWAITING_USER_INPUT State
## Description
This pull request extends the functionality of the code editor to allow editing when the agent is in the AWAITING_USER_INPUT state, in addition to the existing PAUSED and FINISHED states.
## Changes
1. Backend (`listen.py`):
- Updated the `save_file` function to allow saving when the agent state is AWAITING_USER_INPUT.
2. Frontend (`CodeEditor.tsx`):
- Modified the `isEditingAllowed` condition to include the AWAITING_USER_INPUT state.
## Files Changed
- `listen.py`
- `CodeEditor.tsx`
## Testing
- Verified that the save button appears when the agent is in the AWAITING_USER_INPUT state.
- Tested saving files in all three allowed states (PAUSED, FINISHED, AWAITING_USER_INPUT).
- Ensured that saving is still prohibited in other agent states.
## Additional Notes
This change improves the user experience by allowing code edits while the agent is waiting for user input, which is a common scenario in interactive coding sessions.
* Add internationalization for 'File saved successfully' message
# Add internationalization for 'File saved successfully' message
## Description
This PR adds internationalization support for the "File saved successfully" message in the CodeEditor component. It updates the translation.json file to include translations for multiple languages and modifies the CodeEditor.tsx file to use the new translation key.
## Changes
1. Updated `translation.json`:
- Added a new key `CODE_EDITOR$FILE_SAVED_SUCCESSFULLY` with translations for multiple languages.
- Ensured the file structure supports multiple languages per key.
2. Modified `CodeEditor.tsx`:
- Updated the success message to use the new translation key.
- Applied the translation to both the toast notification and the on-screen notification.
## Why
These changes improve the user experience for non-English speakers by providing localized feedback when a file is successfully saved. This aligns with our goal of making the application more accessible to a global audience.
## How to Test
1. Change the application language to different supported languages.
2. Open the CodeEditor, make changes to a file, and save it.
3. Verify that the "File saved successfully" message appears in the correct language for both the toast and on-screen notifications.
## Additional Notes
Please pay special attention to the structure of the translation.json file to ensure it follows our established patterns for internationalization.
* Add toast notifications for error handling in fileService
# Add toast notifications for error handling in fileService
## Description
This PR enhances the error handling in the `fileService.ts` file by adding toast notifications for user feedback. It maintains the existing console error logging for debugging purposes while improving the user experience by providing visible error messages in the UI.
## Changes
- Added import for the toast utility
- Implemented toast.error() calls in catch blocks for all file operations
- Kept console.error() calls for detailed logging
- Updated error messages to be more user-friendly
## Files Changed
- `src/services/fileService.ts`
## Testing
- Tested all file operations (select, upload, list, save) to ensure proper error handling
- Verified that toast notifications appear when errors are simulated
- Confirmed that console errors are still logged for debugging
## Additional Notes
This change improves error visibility for users without altering the underlying error handling logic. It should make troubleshooting easier for both users and developers.
* Add file path safety check and improve error handling in file services
# Add file path safety check and improve error handling in file services
## Description
This PR enhances the `fileService.ts` by adding a safety check for file paths in the `saveFile` function and improves error handling across all file operations. It also includes new translations for various file-related error messages.
## Changes
1. Updated `src/services/fileService.ts`:
- Added a validation check for file paths in the saveFile function
- Improved error handling for all file operations (select, upload, list, save)
- Implemented toast error messages with translation support
2. Updated `src/i18n/translations.json`:
- Added new translation keys for file service error messages:
- FILE_SERVICE$SELECT_FILE_ERROR
- FILE_SERVICE$UPLOAD_FILES_ERROR
- FILE_SERVICE$LIST_FILES_ERROR
- FILE_SERVICE$SAVE_FILE_ERROR
- FILE_SERVICE$INVALID_FILE_PATH
## Files Changed
- `src/services/fileService.ts`
- `src/i18n/translations.json`
## Key Implementation Details
```typescript
export async function saveFile(filePath: string, content: string): Promise<void> {
const { t } = useTranslation();
if (!filePath || filePath.includes('..')) {
toast.error(t(I18nKey.FILE_SERVICE$INVALID_FILE_PATH));
throw new Error('Invalid file path');
}
try {
// Existing implementation...
} catch (error) {
console.error('Error saving file:', error);
toast.error(t(I18nKey.FILE_SERVICE$SAVE_FILE_ERROR), 'File Save Error');
throw error;
}
}
```
## Testing
- Verified that the saveFile function rejects invalid file paths (empty or containing '..')
- Confirmed that appropriate error messages are displayed using toast notifications for all file operations
- Tested with different languages to ensure translated messages appear correctly
## Security Implications
The file path check in saveFile enhances security by preventing potential directory traversal attacks.
## Next Steps
- Consider adding similar safety checks to other file operations if applicable
- Ensure thorough testing of error scenarios across all supported languages
* Add docstrings to listen.py
# Add docstrings to listen.py
## Description
This PR adds comprehensive docstrings to all functions in the `listen.py` file. These additions improve code documentation, making the file more readable and maintainable for current and future developers.
## Changes
- Added docstrings to all functions in `listen.py`
- Docstrings follow the Google Python Style Guide format
- Included descriptions, parameters, return values, and potential exceptions for each function
## Files Changed
- `src/listen.py`
## Docstring Example
Here's an example of one of the added docstrings:
```python
@app.post('/api/save-file')
async def save_file(request: Request):
"""
Save a file to the agent's runtime file store.
This endpoint allows saving a file when the agent is in a paused, finished,
or awaiting user input state. It checks the agent's state before proceeding
with the file save operation.
Args:
request (Request): The incoming FastAPI request object.
Returns:
JSONResponse: A JSON response indicating the success of the operation.
Raises:
HTTPException:
- 403 error if the agent is not in an allowed state for editing.
- 400 error if the file path or content is missing.
- 500 error if there's an unexpected error during the save operation.
"""
# Function implementation...
```
## Impact
- Improved code readability and maintainability
- Better understanding of function purposes, inputs, outputs, and potential errors
- Easier onboarding for new developers working on this file
- Enhanced IDE support for function descriptions and parameter information
## Testing
- No functional changes were made, so existing tests should pass without modification
- Manual review of docstrings for accuracy and completeness is recommended
## Next Steps
- Consider adding similar docstrings to other files in the project for consistency
- Review the added docstrings to ensure they accurately describe the current functionality
- Update docstrings as needed when function implementations change in the future
## Additional Notes
The existing code structure and functionality remain unchanged. This PR focuses solely on improving documentation through the addition of docstrings.
* Revert exclude_list formatting and add docstrings in listen.py
# Revert exclude_list formatting and add docstrings in listen.py
## Description
This PR makes two main changes to the `listen.py` file:
1. Reverts the `exclude_list` in the `list_files` function to its original format, with each item on a separate line.
2. Adds comprehensive docstrings to all functions in the file.
These changes improve code readability, maintain consistency with project standards, and enhance documentation for better maintainability.
## Changes
1. Updated `opendevin/server/listen.py`:
- Reverted `exclude_list` formatting in `list_files` function
- Added docstrings to all functions
## Detailed Changes
### 1. Reverted exclude_list formatting
```python
exclude_list = (
'.git',
'.DS_Store',
'.svn',
'.hg',
'.idea',
'.vscode',
'.settings',
'.pytest_cache',
'__pycache__',
'node_modules',
'vendor',
'build',
'dist',
'bin',
'logs',
'log',
'tmp',
'temp',
'coverage',
'venv',
'env',
)
```
### 2. Added docstrings (example)
```python
@app.get('/api/list-files')
def list_files(request: Request, path: str = '/'):
"""
List files in the specified path.
This function retrieves a list of files from the agent's runtime file store,
excluding certain system and hidden files/directories.
Args:
request (Request): The incoming request object.
path (str, optional): The path to list files from. Defaults to '/'.
Returns:
list: A list of file names in the specified path.
Raises:
HTTPException: If there's an error listing the files.
"""
# Function implementation...
```
## Rationale
- Reverting `exclude_list` formatting maintains consistency with the project's coding style and ensures proper functioning of pre-commit hooks.
- Adding docstrings improves code documentation, making it easier for developers to understand and maintain the codebase.
## Impact
- Improved code readability and consistency
- Enhanced documentation for all functions in `listen.py`
- Easier onboarding for new developers
- Better IDE support for function descriptions and parameter information
## Testing
- No functional changes were made, so existing tests should pass without modification
- Manual review of the reverted `exclude_list` and new docstrings is recommended
## Additional Notes
- The existing code functionality remains unchanged
- All functions in `listen.py` now have detailed docstrings following the Google Python Style Guide format
## Next Steps
- Review the added docstrings to ensure they accurately describe the current functionality
- Consider adding similar docstrings to other files in the project for consistency
- Update docstrings as needed when function implementations change in the future
* made code reviewable
* fixed ruff issues
* Update listen.py docstrings
* final tweaks
* re-added encodedURIComponent in selectFile
---------
Co-authored-by: tobitege <tobitege@gmx.de>
Co-authored-by: sp.wack <83104063+amanape@users.noreply.github.com>
* feat: lazy launching browser; browser optional for diffrent agents.
* style: lint
* fix: integration test fail due to browser not started.
* fix: run by cli and integration test failed.
* fix: lint
* fix: lint
---------
Co-authored-by: Graham Neubig <neubig@gmail.com>
* Fix: Feedback should be sent through the backend to avoid CORS issues
* Update
* Fix merge error
* Revert unnecessary change
* Lint
* Moved to services
* Fixed bugs
---------
Co-authored-by: OpenDevin <opendevin@opendevin.ai>
