SDK Minimal Python: MCP-only tools (camelCase), remove fallbacks/handlers; Conversation delegates to runtime.execute_tool; Runtime.get_tools MCP-shape + execute_tool dispatcher; fix imports

PRD: add Runtime and SDK sections for MCP-first minimal SDK (get_tools, execute_tool, sdk.Tool, Conversation flow, Anthropic sequencing)
Runtime: add get_tools() in MCP format (name/description/inputSchema); SDK: Conversation uses runtime.get_tools() with fallback, binds handlers for execute_bash/file_read/file_write; keep SDK Tool param conversion\n\nCo-authored-by: openhands <openhands@all-hands.dev>
2026-04-29 03:00:45 -04:00 · 2025-08-24 23:14:06 +00:00 · 2025-08-24 22:57:31 +00:00 · 2025-08-24 22:23:06 +00:00 · 2025-08-24 22:08:41 +00:00 · 2025-08-24 19:23:11 +00:00
277 changed files with 9233 additions and 3873 deletions
@@ -22,7 +22,7 @@ jobs:
        uses: actions/checkout@v4

      - name: Install poetry via pipx
-        uses: abatilo/actions-poetry@v3
+        uses: abatilo/actions-poetry@v4
        with:
          poetry-version: 2.1.3

@@ -73,7 +73,7 @@ jobs:
      - name: Install Python dependencies using Poetry
        run: poetry install --with dev,test,runtime
      - name: Run Windows unit tests
-        run: poetry run pytest -svv tests/unit/test_windows_bash.py
+        run: poetry run pytest -svv tests/unit/runtime/utils/test_windows_bash.py
        env:
          PYTHONPATH: ".;$env:PYTHONPATH"
          DEBUG: "1"
@@ -0,0 +1,50 @@
+name: Welcome Good First Issue
+
+on:
+  issues:
+    types: [labeled]
+
+permissions:
+  issues: write
+
+jobs:
+  comment-on-good-first-issue:
+    if: github.event.label.name == 'good first issue'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if welcome comment already exists
+        id: check_comment
+        uses: actions/github-script@v7
+        with:
+          result-encoding: string
+          script: |
+            const issueNumber = context.issue.number;
+            const comments = await github.rest.issues.listComments({
+              ...context.repo,
+              issue_number: issueNumber
+            });
+
+            const alreadyCommented = comments.data.some(
+              (comment) =>
+                comment.body.includes('<!-- auto-comment:good-first-issue -->')
+            );
+
+            return alreadyCommented ? 'true' : 'false';
+
+      - name: Leave welcome comment
+        if: steps.check_comment.outputs.result == 'false'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const repoUrl = `https://github.com/${context.repo.owner}/${context.repo.repo}`;
+
+            await github.rest.issues.createComment({
+              ...context.repo,
+              issue_number: context.issue.number,
+              body: "🙌 **Hey there, future contributor!** 🙌\n\n" +
+                    "This issue has been labeled as **good first issue**, which means it's a great place to get started with the OpenHands project.\n\n" +
+                    "If you're interested in working on it, feel free to! No need to ask for permission.\n\n" +
+                    "Be sure to check out our [development setup guide](" + repoUrl + "/blob/main/Development.md) to get your environment set up, and follow our [contribution guidelines](" + repoUrl + "/blob/main/CONTRIBUTING.md) when you're ready to submit a fix.\n\n" +
+                    "🙌 Happy hacking! 🙌\n\n" +
+                    "<!-- auto-comment:good-first-issue -->"
+            });
@@ -257,3 +257,5 @@ containers/runtime/code

 # test results
 test-results
+.sessions
+.eval_sessions
@@ -363,10 +363,11 @@ classpath = "my_package.my_module.MyCustomAgent"
 #confirmation_mode = false

 # The security analyzer to use (For Headless / CLI only -  In Web this is overridden by Session Init)
-#security_analyzer = ""
+# Available options: 'llm' (default), 'invariant'
+#security_analyzer = "llm"

 # Whether to enable security analyzer
-#enable_security_analyzer = false
+#enable_security_analyzer = true

 #################################### Condenser #################################
 # Condensers control how conversation history is managed and compressed when
@@ -21,7 +21,7 @@ ENV POETRY_NO_INTERACTION=1 \
    POETRY_CACHE_DIR=/tmp/poetry_cache

 RUN apt-get update -y \
-    && apt-get install -y curl make git build-essential \
+    && apt-get install -y curl make git build-essential jq gettext \
    && python3 -m pip install poetry --break-system-packages

 COPY pyproject.toml poetry.lock ./
@@ -0,0 +1,52 @@
+# Confirmation Mode and Security Analyzers
+
+OpenHands provides a security framework to help protect users from potentially risky actions through **Confirmation Mode** and **Security Analyzers**. This system analyzes agent actions and prompts users for confirmation when high-risk operations are detected.
+
+## Overview
+
+The security system consists of two main components:
+
+1. **Confirmation Mode**: When enabled, the agent will pause and ask for user confirmation before executing actions that are flagged as high-risk by the security analyzer.
+
+2. **Security Analyzers**: These are modules that evaluate the risk level of agent actions and determine whether user confirmation is required.
+
+## Configuration
+
+### CLI
+In CLI mode, confirmation is enabled by default. You will have an option to uses the LLM Analyzer and will automatically confirm LOW and MEDIUM risk actions, only prompting for HIGH risk actions.
+
+## Security Analyzers
+
+OpenHands includes multiple analyzers:
+
+- **No Analyzer**: Do not use any security analyzer. The agent will prompt you to confirm *EVERY* action.
+- **LLM Risk Analyzer** (default): Uses the same LLM as the agent to assess action risk levels
+- **Invariant Analyzer**: Uses Invariant Labs' policy engine to evaluate action traces against security policies
+
+### LLM Risk Analyzer
+The default analyzer that leverages the agent's LLM to evaluate the security risk of each action. It considers the action type, parameters, and context to assign risk levels.
+
+### Invariant Analyzer
+An advanced analyzer that:
+- Collects conversation events and parses them into a trace
+- Checks the trace against an Invariant policy to classify risk (low, medium, high)
+- Manages an Invariant server container automatically if needed
+- Supports optional browsing-alignment and harmful-content checks
+
+## How It Works
+
+1. **Action Analysis**: When the agent wants to perform an action, the selected security analyzer evaluates its risk level.
+
+2. **Risk Assessment**: The analyzer returns one of three risk levels:
+   - **LOW**: Action proceeds without confirmation
+   - **MEDIUM**: Action proceeds without confirmation (may be configurable in future)
+   - **HIGH**: Action is paused, and user confirmation is requested
+
+3. **User Confirmation**: For high-risk actions, a confirmation dialog appears with:
+   - Description of the action
+   - Risk assessment explanation
+   - Options to approve or deny action
+
+4. **Action Execution**: Based on user response:
+   - **Approve**: Action proceeds as planned
+   - **Deny**: Action is cancelled
@@ -129,7 +129,7 @@ docker run -it \
    --add-host host.docker.internal:host-gateway \
    --name openhands-app-$(date +%Y%m%d%H%M%S) \
    docker.all-hands.dev/all-hands-ai/openhands:0.54 \
-    python -m openhands.cli.main --override-cli-mode true
+    python -m openhands.cli.entry --override-cli-mode true
 ```

 <Note>
@@ -130,3 +130,28 @@ docker run # ... \
 <Note>
 **Docker Desktop Required**: Network isolation features, including custom networks and `host.docker.internal` routing, require Docker Desktop. Docker Engine alone does not support these features on localhost across custom networks. If you're using Docker Engine without Docker Desktop, network isolation may not work as expected.
 </Note>
+
+### Sidecar Containers
+
+If you want to run sidecar containers to the sandbox 'runner' containers without exposing the sandbox containers to the host network, you can use the `SANDBOX_ADDITIONAL_NETWORKS` environment variable to specify additional Docker network names that should be added to the sandbox containers.
+
+```bash
+docker network create openhands-sccache
+
+docker run -d \
+  --hostname openhandsredis \
+  --network openhands-sccache \
+  redis
+
+docker run # ...
+    -e SANDBOX_ADDITIONAL_NETWORKS='["openhands-sccache"]' \
+    # ...
+```
+
+Then all sandbox instances will have to access a shared redis instance at `openhandsredis:6379`.
+
+#### Docker Compose gotcha
+
+Note that Docker Compose adds a prefix (a scope) by default to created networks, which is not taken into account by the additional networks config. Therefore when using docker compose you have to either:
+- specify a network name via the `name` field to remove the scoping (https://docs.docker.com/reference/compose-file/networks/#name) 
+- or provide the scope within the given config (e.g. `SANDBOX_ADDITIONAL_NETWORKS: '["myscope_openhands-sccache"]'` where `myscope` is the docker-compose assigned prefix). 
@@ -9,7 +9,8 @@ from evaluation.utils.shared import (
    EvalMetadata,
    EvalOutput,
    compatibility_for_eval_history_pairs,
-    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -60,18 +61,15 @@ AGENT_CLS_TO_INST_SUFFIX = {
 def get_config(
    metadata: EvalMetadata,
 ) -> OpenHandsConfig:
-    sandbox_config = get_default_sandbox_config_for_eval()
-    sandbox_config.base_container_image = 'python:3.12-bookworm'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    # Create config with EDA-specific container image
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
    )
+
+    # Override the container image for EDA
+    config.sandbox.base_container_image = 'python:3.12-bookworm'
+
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
    agent_config.enable_prompt_extensions = False
@@ -146,7 +144,7 @@ def process_instance(

    logger.info(f'Final message: {final_message} | Ground truth: {instance["text"]}')
    test_result = game.reward()
-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # history is now available as a stream of events, rather than list of pairs of (Action, Observation)
    # for compatibility with the existing output format, we can remake the pairs here
@@ -17,7 +17,8 @@ from evaluation.utils.shared import (
    EvalMetadata,
    EvalOutput,
    compatibility_for_eval_history_pairs,
-    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -40,19 +41,12 @@ from openhands.utils.async_utils import call_async_from_sync
 def get_config(
    metadata: EvalMetadata,
 ) -> OpenHandsConfig:
-    sandbox_config = get_default_sandbox_config_for_eval()
-    sandbox_config.base_container_image = 'python:3.12-slim'
+    # Create config with agent_bench-specific container image
+    config = get_openhands_config_for_eval(metadata=metadata)
+
+    # Override the container image for agent_bench
+    config.sandbox.base_container_image = 'python:3.12-slim'

-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
-        runtime=os.environ.get('RUNTIME', 'docker'),
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
-    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
    agent_config.enable_prompt_extensions = False
@@ -273,7 +267,7 @@ def process_instance(
    # remove when it becomes unnecessary
    histories = compatibility_for_eval_history_pairs(state.history)

-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # Save the output
    output = EvalOutput(
@@ -17,6 +17,8 @@ from evaluation.utils.shared import (
    EvalOutput,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -49,15 +51,10 @@ def get_config(
 ) -> OpenHandsConfig:
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'python:3.11-bookworm'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
+        sandbox_config=sandbox_config,
        runtime=os.environ.get('RUNTIME', 'docker'),
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -246,7 +243,7 @@ def process_instance(
    # for compatibility with the existing output format, we can remake the pairs here
    # remove when it becomes unnecessary
    histories = compatibility_for_eval_history_pairs(state.history)
-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # Save the output
    output = EvalOutput(
@@ -15,6 +15,8 @@ from evaluation.utils.shared import (
    codeact_user_response,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -60,15 +62,10 @@ def get_config(
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = BIOCODER_BENCH_CONTAINER_IMAGE

-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -294,7 +291,7 @@ def process_instance(
        raise ValueError('State should not be None.')

    test_result = complete_runtime(runtime, instance)
-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)
    # history is now available as a stream of events, rather than list of pairs of (Action, Observation)
    # for compatibility with the existing output format, we can remake the pairs here
    # remove when it becomes unnecessary
@@ -18,6 +18,8 @@ from evaluation.utils.shared import (
    EvalOutput,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -74,15 +76,10 @@ def get_config(
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'python:3.12-bookworm'

-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -422,7 +419,7 @@ def process_instance(
    # You can simply get the LAST `MessageAction` from the returned `state.history` and parse it for evaluation.
    if state is None:
        raise ValueError('State should not be None.')
-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # history is now available as a stream of events, rather than list of pairs of (Action, Observation)
    # for compatibility with the existing output format, we can remake the pairs here
@@ -11,6 +11,8 @@ from evaluation.utils.shared import (
    EvalOutput,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -39,14 +41,8 @@ def get_config(
    )
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'python:3.12-bookworm'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
-        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        workspace_base=None,
-        workspace_mount_path=None,
+    config = get_openhands_config_for_eval(
+        metadata=metadata, runtime='docker', sandbox_config=sandbox_config
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -88,7 +84,7 @@ def process_instance(
    if state is None:
        raise ValueError('State should not be None.')

-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)
    # history is now available as a stream of events, rather than list of pairs of (Action, Observation)
    # for compatibility with the existing output format, we can remake the pairs here
    # remove when it becomes unnecessary
@@ -16,6 +16,8 @@ from evaluation.utils.shared import (
    assert_and_raise,
    codeact_user_response,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -113,16 +115,11 @@ def get_config(
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = base_container_image

-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
-        max_iterations=metadata.max_iterations,
-        enable_browser=RUN_WITH_BROWSING,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
+        sandbox_config=sandbox_config,
        runtime=os.environ.get('RUNTIME', 'docker'),
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        enable_browser=RUN_WITH_BROWSING,
    )
    config.set_llm_config(
        update_llm_config_for_completions_logging(
@@ -480,7 +477,7 @@ def process_instance(

    # NOTE: this is NO LONGER the event stream, but an agent history that includes delegate agent's events
    histories = [event_to_dict(event) for event in state.history]
-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # Save the output
    output = EvalOutput(
@@ -17,6 +17,8 @@ from evaluation.utils.shared import (
    codeact_user_response,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -64,15 +66,10 @@ def get_config(
 ) -> OpenHandsConfig:
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'python:3.12-bookworm'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -294,7 +291,7 @@ def process_instance(
    if state is None:
        raise ValueError('State should not be None.')

-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)
    test_result = complete_runtime(state)

    # history is now available as a stream of events, rather than list of pairs of (Action, Observation)
@@ -22,6 +22,8 @@ from evaluation.utils.shared import (
    codeact_user_response,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -59,15 +61,10 @@ def get_config(
 ) -> OpenHandsConfig:
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'nikolaik/python-nodejs:python3.12-nodejs22'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
+        sandbox_config=sandbox_config,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
    )
    config.set_llm_config(metadata.llm_config)
    if metadata.agent_config:
@@ -269,7 +266,7 @@ Here is the task:
        'model_answer': model_answer,
        'ground_truth': instance['Final answer'],
    }
-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # history is now available as a stream of events, rather than list of pairs of (Action, Observation)
    # for compatibility with the existing output format, we can remake the pairs here
@@ -12,6 +12,8 @@ from evaluation.utils.shared import (
    codeact_user_response,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -42,15 +44,10 @@ def get_config(
 ) -> OpenHandsConfig:
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'python:3.12-bookworm'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -108,7 +105,7 @@ def process_instance(
    # attempt to parse model_answer
    ast_eval_fn = instance['ast_eval']
    correct, hallucination = ast_eval_fn(instance_id, model_answer_raw)
-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)
    logger.info(
        f'Final message: {model_answer_raw} | Correctness: {correct} | Hallucination: {hallucination}'
    )
@@ -30,6 +30,8 @@ from evaluation.utils.shared import (
    EvalOutput,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -63,15 +65,10 @@ def get_config(
 ) -> OpenHandsConfig:
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'python:3.12-bookworm'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -292,7 +289,7 @@ Ok now its time to start solving the question. Good luck!
    if state is None:
        raise ValueError('State should not be None.')

-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # Save the output
    output = EvalOutput(
@@ -23,6 +23,8 @@ from evaluation.utils.shared import (
    codeact_user_response,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -84,15 +86,10 @@ def get_config(
 ) -> OpenHandsConfig:
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'python:3.12-bookworm'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -248,7 +245,7 @@ def process_instance(

    if state is None:
        raise ValueError('State should not be None.')
-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)
    test_result = complete_runtime(runtime, instance)

    # history is now available as a stream of events, rather than list of pairs of (Action, Observation)
@@ -16,6 +16,7 @@ import ruamel.yaml
 from evaluation.utils.shared import (
    EvalMetadata,
    get_default_sandbox_config_for_eval,
+    get_openhands_config_for_eval,
    make_metadata,
 )
 from openhands.core.config import (
@@ -37,15 +38,10 @@ def get_config(
 ) -> OpenHandsConfig:
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'python:3.12-bookworm'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -22,6 +22,8 @@ from evaluation.utils.shared import (
    codeact_user_response,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -47,15 +49,10 @@ def get_config(
 ) -> OpenHandsConfig:
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'python:3.12-bookworm'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -335,7 +332,7 @@ Be thorough in your exploration, testing, and reasoning. It's fine if your think
        )
    )
    assert state is not None
-    metrics = state.metrics.get() if state.metrics else {}
+    metrics = get_metrics(state)

    test_result = complete_runtime(runtime, instance)

@@ -10,6 +10,8 @@ from evaluation.utils.shared import (
    codeact_user_response,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -51,15 +53,10 @@ def get_config(
        '$OH_INTERPRETER_PATH -m pip install scitools-pyke'
    )

-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -247,7 +244,7 @@ def process_instance(
    )
    test_result['final_message'] = final_message

-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)
    # history is now available as a stream of events, rather than list of pairs of (Action, Observation)
    # for compatibility with the existing output format, we can remake the pairs here
    # remove when it becomes unnecessary
@@ -13,6 +13,8 @@ from evaluation.utils.shared import (
    codeact_user_response,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -57,15 +59,10 @@ def get_config(
 ) -> OpenHandsConfig:
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'xingyaoww/od-eval-miniwob:v1.0'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime=os.environ.get('RUNTIME', 'docker'),
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(
        update_llm_config_for_completions_logging(
@@ -174,7 +171,7 @@ def process_instance(
    if state is None:
        raise ValueError('State should not be None.')

-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # Instruction is the first message from the USER
    instruction = ''
@@ -15,6 +15,8 @@ from evaluation.utils.shared import (
    EvalOutput,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -109,15 +111,10 @@ def get_config(
        f'$OH_INTERPRETER_PATH -m pip install {" ".join(MINT_DEPENDENCIES)}'
    )

-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -205,7 +202,7 @@ def process_instance(
        task_state = state.extra_data['task_state']
        logger.info('Task state: ' + str(task_state.to_dict()))

-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # history is now available as a stream of events, rather than list of pairs of (Action, Observation)
    # for compatibility with the existing output format, we can remake the pairs here
@@ -26,6 +26,8 @@ from evaluation.utils.shared import (
    codeact_user_response,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -79,15 +81,10 @@ def get_config(
 ) -> OpenHandsConfig:
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'public.ecr.aws/i5g0m1f6/ml-bench'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -250,7 +247,7 @@ def process_instance(instance: Any, metadata: EvalMetadata, reset_logger: bool =
        )
    )
    assert state is not None
-    metrics = state.metrics.get() if state.metrics else {}
+    metrics = get_metrics(state)

    test_result = complete_runtime(runtime)

@@ -23,6 +23,7 @@ from evaluation.utils.shared import (
    EvalMetadata,
    EvalOutput,
    get_default_sandbox_config_for_eval,
+    get_openhands_config_for_eval,
    prepare_dataset,
    reset_logger_for_multiprocessing,
    run_evaluation,
@@ -87,13 +88,9 @@ def get_config(metadata: EvalMetadata, instance: pd.Series) -> OpenHandsConfig:
        dataset_name=metadata.dataset,
        instance_id=instance['instance_id'],
    )
-    config = OpenHandsConfig(
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
        runtime=os.environ.get('RUNTIME', 'docker'),
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    return config

@@ -21,6 +21,7 @@ from evaluation.utils.shared import (
    codeact_user_response,
    get_default_sandbox_config_for_eval,
    get_metrics,
+    get_openhands_config_for_eval,
    is_fatal_evaluation_error,
    make_metadata,
    prepare_dataset,
@@ -341,16 +342,11 @@ def get_config(
        instance_id=instance['instance_id'],
    )

-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
-        max_iterations=metadata.max_iterations,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        enable_browser=RUN_WITH_BROWSING,
        runtime=os.environ.get('RUNTIME', 'docker'),
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(
        update_llm_config_for_completions_logging(
@@ -31,6 +31,7 @@ from evaluation.utils.shared import (
    codeact_user_response,
    get_default_sandbox_config_for_eval,
    get_metrics,
+    get_openhands_config_for_eval,
    is_fatal_evaluation_error,
    make_metadata,
    prepare_dataset,
@@ -174,15 +175,10 @@ def get_config(
        instance_id=instance['instance_id'],
    )

-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
-        max_iterations=metadata.max_iterations,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime=os.environ.get('RUNTIME', 'docker'),
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )

    config.set_llm_config(
@@ -12,6 +12,8 @@ from evaluation.utils.shared import (
    codeact_user_response,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -63,16 +65,10 @@ def get_config(
    sandbox_config.base_container_image = (
        'docker.io/xingyaoww/openhands-eval-scienceagentbench'
    )
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime=os.environ.get('RUNTIME', 'docker'),
-        max_budget_per_task=4,
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(
        update_llm_config_for_completions_logging(
@@ -218,7 +214,7 @@ If the program uses some packages that are incompatible, please figure out alter
    # You can simply get the LAST `MessageAction` from the returned `state.history` and parse it for evaluation.
    if state is None:
        raise ValueError('State should not be None.')
-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # history is now available as a stream of events, rather than list of pairs of (Action, Observation)
    # for compatibility with the existing output format, we can remake the pairs here
@@ -19,6 +19,7 @@ from evaluation.utils.shared import (
    EvalMetadata,
    EvalOutput,
    get_default_sandbox_config_for_eval,
+    get_openhands_config_for_eval,
    prepare_dataset,
    reset_logger_for_multiprocessing,
    run_evaluation,
@@ -83,13 +84,9 @@ def get_config(metadata: EvalMetadata, instance: pd.Series) -> OpenHandsConfig:
        dataset_name=metadata.dataset,
        instance_id=instance['instance_id'],
    )
-    config = OpenHandsConfig(
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
        runtime=os.environ.get('RUNTIME', 'docker'),
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    return config

@@ -32,6 +32,7 @@ from evaluation.utils.shared import (
    codeact_user_response,
    get_default_sandbox_config_for_eval,
    get_metrics,
+    get_openhands_config_for_eval,
    is_fatal_evaluation_error,
    make_metadata,
    prepare_dataset,
@@ -227,16 +228,11 @@ def get_config(
        instance_id=instance['instance_id'],
    )

-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
-        max_iterations=metadata.max_iterations,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        enable_browser=RUN_WITH_BROWSING,
        runtime=os.environ.get('RUNTIME', 'docker'),
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )

    config.set_llm_config(
@@ -21,6 +21,7 @@ from evaluation.utils.shared import (
    EvalException,
    EvalMetadata,
    EvalOutput,
+    get_metrics,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -179,7 +180,7 @@ def process_instance(
        raise ValueError('State should not be None.')

    histories = [event_to_dict(event) for event in state.history]
-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # Save the output
    instruction = message_action.content
@@ -20,6 +20,7 @@ from evaluation.utils.shared import (
    codeact_user_response,
    get_default_sandbox_config_for_eval,
    get_metrics,
+    get_openhands_config_for_eval,
    is_fatal_evaluation_error,
    make_metadata,
    prepare_dataset,
@@ -199,16 +200,11 @@ def get_config(
        'REPO_PATH': f'/workspace/{workspace_dir_name}/',
    }

-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
-        max_iterations=metadata.max_iterations,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        enable_browser=RUN_WITH_BROWSING,
        runtime=os.environ.get('RUNTIME', 'docker'),
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(
        update_llm_config_for_completions_logging(
@@ -37,6 +37,7 @@ from evaluation.benchmarks.testgeneval.utils import load_testgeneval_dataset
 from evaluation.utils.shared import (
    EvalMetadata,
    EvalOutput,
+    get_openhands_config_for_eval,
    prepare_dataset,
    reset_logger_for_multiprocessing,
    run_evaluation,
@@ -58,20 +59,21 @@ def get_config(instance: pd.Series) -> OpenHandsConfig:
        f'Invalid container image for instance {instance["instance_id_swebench"]}.'
    )
    logger.info(f'Using instance container image: {base_container_image}.')
-    return OpenHandsConfig(
-        run_as_openhands=False,
-        runtime=os.environ.get('RUNTIME', 'eventstream'),
-        sandbox=SandboxConfig(
-            base_container_image=base_container_image,
-            use_host_network=False,
-            timeout=1800,
-            api_key=os.environ.get('ALLHANDS_API_KEY'),
-            remote_runtime_api_url=os.environ.get(
-                'SANDBOX_REMOTE_RUNTIME_API_URL', 'http://localhost:8000'
-            ),
+
+    # Create custom sandbox config for testgeneval with specific requirements
+    sandbox_config = SandboxConfig(
+        base_container_image=base_container_image,
+        use_host_network=False,
+        timeout=1800,  # Longer timeout than default (300)
+        api_key=os.environ.get('ALLHANDS_API_KEY'),
+        remote_runtime_api_url=os.environ.get(
+            'SANDBOX_REMOTE_RUNTIME_API_URL', 'http://localhost:8000'
        ),
-        workspace_base=None,
-        workspace_mount_path=None,
+    )
+
+    return get_openhands_config_for_eval(
+        sandbox_config=sandbox_config,
+        runtime=os.environ.get('RUNTIME', 'docker'),  # Different default runtime
    )


@@ -25,6 +25,7 @@ from evaluation.utils.shared import (
    assert_and_raise,
    codeact_user_response,
    get_metrics,
+    get_openhands_config_for_eval,
    is_fatal_evaluation_error,
    make_metadata,
    prepare_dataset,
@@ -126,29 +127,26 @@ def get_config(
        f'Submit an issue on https://github.com/All-Hands-AI/OpenHands if you run into any issues.'
    )

-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
-        max_iterations=metadata.max_iterations,
-        runtime=os.environ.get('RUNTIME', 'eventstream'),
-        sandbox=SandboxConfig(
-            base_container_image=base_container_image,
-            enable_auto_lint=True,
-            use_host_network=False,
-            # large enough timeout, since some testcases take very long to run
-            timeout=300,
-            # Add platform to the sandbox config to solve issue 4401
-            platform='linux/amd64',
-            api_key=os.environ.get('ALLHANDS_API_KEY', None),
-            remote_runtime_api_url=os.environ.get(
-                'SANDBOX_REMOTE_RUNTIME_API_URL', 'http://localhost:8000'
-            ),
-            keep_runtime_alive=False,
-            remote_runtime_init_timeout=3600,
+    sandbox_config = SandboxConfig(
+        base_container_image=base_container_image,
+        enable_auto_lint=True,
+        use_host_network=False,
+        # large enough timeout, since some testcases take very long to run
+        timeout=300,
+        # Add platform to the sandbox config to solve issue 4401
+        platform='linux/amd64',
+        api_key=os.environ.get('ALLHANDS_API_KEY', None),
+        remote_runtime_api_url=os.environ.get(
+            'SANDBOX_REMOTE_RUNTIME_API_URL', 'http://localhost:8000'
        ),
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        keep_runtime_alive=False,
+        remote_runtime_init_timeout=3600,
+    )
+
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
+        sandbox_config=sandbox_config,
+        runtime=os.environ.get('RUNTIME', 'docker'),
    )
    config.set_llm_config(
        update_llm_config_for_completions_logging(
@@ -12,7 +12,10 @@ import tempfile
 import yaml
 from browsing import pre_login

-from evaluation.utils.shared import get_default_sandbox_config_for_eval
+from evaluation.utils.shared import (
+    get_default_sandbox_config_for_eval,
+    get_openhands_config_for_eval,
+)
 from openhands.controller.state.state import State
 from openhands.core.config import (
    LLMConfig,
@@ -42,19 +45,17 @@ def get_config(
    sandbox_config.enable_auto_lint = True
    # If the web services are running on the host machine, this must be set to True
    sandbox_config.use_host_network = True
-    config = OpenHandsConfig(
-        run_as_openhands=False,
-        max_budget_per_task=4,
+    config = get_openhands_config_for_eval(
        max_iterations=100,
-        save_trajectory_path=os.path.join(
-            mount_path_on_host, f'traj_{task_short_name}.json'
-        ),
-        sandbox=sandbox_config,
        # we mount trajectories path so that trajectories, generated by OpenHands
        # controller, can be accessible to the evaluator file in the runtime container
+        sandbox_config=sandbox_config,
        workspace_mount_path=mount_path_on_host,
-        workspace_mount_path_in_sandbox='/outputs',
    )
+    config.save_trajectory_path = os.path.join(
+        mount_path_on_host, f'traj_{task_short_name}.json'
+    )
+    config.max_budget_per_task = 4
    config.set_llm_config(llm_config)
    if agent_config:
        config.set_agent_config(agent_config)
@@ -11,6 +11,8 @@ from evaluation.utils.shared import (
    codeact_user_response,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -43,15 +45,10 @@ def get_config(
 ) -> OpenHandsConfig:
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.base_container_image = 'python:3.12-bookworm'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -134,7 +131,7 @@ def process_instance(instance: Any, metadata: EvalMetadata, reset_logger: bool =
    correct = eval_answer(str(model_answer_raw), str(answer))
    logger.info(f'Final message: {model_answer_raw} | Correctness: {correct}')

-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # history is now available as a stream of events, rather than list of pairs of (Action, Observation)
    # for compatibility with the existing output format, we can remake the pairs here
@@ -20,6 +20,7 @@ from evaluation.utils.shared import (
    codeact_user_response,
    get_default_sandbox_config_for_eval,
    get_metrics,
+    get_openhands_config_for_eval,
    is_fatal_evaluation_error,
    make_metadata,
    prepare_dataset,
@@ -160,16 +161,11 @@ def get_config(
        instance_id=instance['instance_id'],
    )

-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
-        max_iterations=metadata.max_iterations,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        enable_browser=RUN_WITH_BROWSING,
        runtime=os.environ.get('RUNTIME', 'docker'),
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(
        update_llm_config_for_completions_logging(
@@ -12,6 +12,8 @@ from evaluation.utils.shared import (
    EvalOutput,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -72,16 +74,10 @@ def get_config(
        'VWA_WIKIPEDIA': f'{base_url}:8888',
        'VWA_HOMEPAGE': f'{base_url}:4399',
    }
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
-        attach_to_existing=True,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(
        update_llm_config_for_completions_logging(
@@ -179,7 +175,7 @@ def process_instance(
    if state is None:
        raise ValueError('State should not be None.')

-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # Instruction obtained from the first message from the USER
    instruction = ''
@@ -12,6 +12,8 @@ from evaluation.utils.shared import (
    EvalOutput,
    compatibility_for_eval_history_pairs,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -64,15 +66,10 @@ def get_config(
        'MAP': f'{base_url}:3000',
        'HOMEPAGE': f'{base_url}:4399',
    }
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime='docker',
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
+        sandbox_config=sandbox_config,
    )
    config.set_llm_config(metadata.llm_config)
    agent_config = config.get_agent_config(metadata.agent_class)
@@ -163,7 +160,7 @@ def process_instance(
    if state is None:
        raise ValueError('State should not be None.')

-    metrics = state.metrics.get() if state.metrics else None
+    metrics = get_metrics(state)

    # Instruction is the first message from the USER
    instruction = ''
@@ -9,6 +9,8 @@ from evaluation.utils.shared import (
    EvalMetadata,
    EvalOutput,
    get_default_sandbox_config_for_eval,
+    get_metrics,
+    get_openhands_config_for_eval,
    make_metadata,
    prepare_dataset,
    reset_logger_for_multiprocessing,
@@ -44,18 +46,12 @@ def get_config(
 ) -> OpenHandsConfig:
    sandbox_config = get_default_sandbox_config_for_eval()
    sandbox_config.platform = 'linux/amd64'
-    config = OpenHandsConfig(
-        default_agent=metadata.agent_class,
-        run_as_openhands=False,
+    config = get_openhands_config_for_eval(
+        metadata=metadata,
        runtime=os.environ.get('RUNTIME', 'docker'),
-        max_iterations=metadata.max_iterations,
-        sandbox=sandbox_config,
-        # do not mount workspace
-        workspace_base=None,
-        workspace_mount_path=None,
-        # debug
-        debug=True,
+        sandbox_config=sandbox_config,
    )
+    config.debug = True
    config.set_llm_config(
        update_llm_config_for_completions_logging(
            metadata.llm_config, metadata.eval_output_dir, instance_id
@@ -135,7 +131,7 @@ def process_instance(
        assert len(histories) > 0, 'History should not be empty'

        test_result: TestResult = test_class.verify_result(runtime, histories)
-        metrics = state.metrics.get() if state.metrics else None
+        metrics = get_metrics(state)
    finally:
        runtime.close()

@@ -668,8 +668,23 @@ def is_fatal_runtime_error(error: str | None) -> bool:


 def get_metrics(state: State) -> dict[str, Any]:
-    """Extract metrics from the state."""
-    metrics = state.metrics.get() if state.metrics else {}
+    """Extract metrics for evaluations.
+
+    Prefer ConversationStats (source of truth) and fall back to state.metrics for
+    backward compatibility.
+    """
+    metrics: dict[str, Any]
+    try:
+        if getattr(state, 'conversation_stats', None):
+            combined = state.conversation_stats.get_combined_metrics()
+            metrics = combined.get()
+        elif getattr(state, 'metrics', None):
+            metrics = state.metrics.get()
+        else:
+            metrics = {}
+    except Exception:
+        metrics = state.metrics.get() if getattr(state, 'metrics', None) else {}
+
    metrics['condenser'] = get_condensation_metadata(state)
    return metrics

@@ -688,3 +703,79 @@ def get_default_sandbox_config_for_eval() -> SandboxConfig:
        remote_runtime_enable_retries=True,
        remote_runtime_class='sysbox',
    )
+
+
+def get_openhands_config_for_eval(
+    metadata: EvalMetadata | None = None,
+    sandbox_config: SandboxConfig | None = None,
+    runtime: str | None = None,
+    max_iterations: int | None = None,
+    default_agent: str | None = None,
+    enable_browser: bool = False,
+    workspace_base: str | None = None,
+    workspace_mount_path: str | None = None,
+):
+    """Create an OpenHandsConfig with common patterns used across evaluation scripts.
+
+    This function provides a standardized way to create OpenHands configurations
+    for evaluation runs, with sensible defaults that match the patterns used in
+    most run_infer.py scripts. Individual evaluation scripts can override specific
+    attributes as needed.
+
+    Args:
+        metadata: EvalMetadata containing agent class, max iterations, etc.
+        sandbox_config: Custom sandbox config. If None, uses get_default_sandbox_config_for_eval()
+        runtime: Runtime type. If None, uses environment RUNTIME or 'docker'
+        max_iterations: Max iterations for the agent. If None, uses metadata.max_iterations
+        default_agent: Agent class name. If None, uses metadata.agent_class
+        enable_browser: Whether to enable browser functionality
+        workspace_base: Workspace base path. Defaults to None
+        workspace_mount_path: Workspace mount path. Defaults to None
+
+    Returns:
+        OpenHandsConfig: Configured for evaluation with eval-specific overrides applied
+    """
+    # Defer import to avoid circular imports at module load time
+    from openhands.core.config.openhands_config import (
+        OpenHandsConfig as _OHConfig,  # type: ignore
+    )
+
+    # Use provided sandbox config or get default
+    if sandbox_config is None:
+        sandbox_config = get_default_sandbox_config_for_eval()
+
+    # Extract values from metadata if provided
+    if metadata is not None:
+        if max_iterations is None:
+            max_iterations = metadata.max_iterations
+        if default_agent is None:
+            default_agent = metadata.agent_class
+
+    # Use environment runtime or default
+    if runtime is None:
+        runtime = os.environ.get('RUNTIME', 'docker')
+
+    # Provide sensible defaults if still None
+    if default_agent is None:
+        default_agent = 'CodeActAgent'
+    if max_iterations is None:
+        max_iterations = 50
+
+    # Always use repo-local .eval_sessions directory (absolute path)
+    eval_store = os.path.abspath(os.path.join(os.getcwd(), '.eval_sessions'))
+
+    # Create the base config with evaluation-specific overrides
+    config = _OHConfig(
+        default_agent=default_agent,
+        run_as_openhands=False,
+        runtime=runtime,
+        max_iterations=max_iterations,
+        enable_browser=enable_browser,
+        sandbox=sandbox_config,
+        workspace_base=workspace_base,
+        workspace_mount_path=workspace_mount_path,
+        file_store='local',
+        file_store_path=eval_store,
+    )
+
+    return config
@@ -232,13 +232,16 @@ describe("RepositorySelectionForm", () => {
    renderForm();

    const dropdown = await screen.findByTestId("repo-dropdown");
-    const input = dropdown.querySelector('input[type="text"]') as HTMLInputElement;
+    const input = dropdown.querySelector(
+      'input[type="text"]',
+    ) as HTMLInputElement;
    expect(input).toBeInTheDocument();

    await userEvent.type(input, "https://github.com/kubernetes/kubernetes");
    expect(searchGitReposSpy).toHaveBeenLastCalledWith(
      "kubernetes/kubernetes",
      3,
+      "github",
    );
  });

@@ -268,13 +271,16 @@ describe("RepositorySelectionForm", () => {
    renderForm();

    const dropdown = await screen.findByTestId("repo-dropdown");
-    const input = dropdown.querySelector('input[type="text"]') as HTMLInputElement;
+    const input = dropdown.querySelector(
+      'input[type="text"]',
+    ) as HTMLInputElement;
    expect(input).toBeInTheDocument();

    await userEvent.type(input, "https://github.com/kubernetes/kubernetes");
    expect(searchGitReposSpy).toHaveBeenLastCalledWith(
      "kubernetes/kubernetes",
      3,
+      "github",
    );
  });
 });
@@ -444,28 +444,38 @@ describe("MicroagentManagement", () => {
    expect(filePath2).toBeInTheDocument();
  });

-  it("should display add microagent button in repository accordion", async () => {
+  it("should render add microagent button", async () => {
    renderMicroagentManagement();

-    // Wait for repositories to be loaded
+    // Wait for repositories to be loaded and processed
    await waitFor(() => {
      expect(mockUseUserRepositories).toHaveBeenCalled();
    });

+    // Wait for repositories to be displayed in the accordion
+    await waitFor(() => {
+      expect(screen.getByTestId("repository-name-tooltip")).toBeInTheDocument();
+    });
+
    // Check that add microagent buttons are present
    const addButtons = screen.getAllByTestId("add-microagent-button");
    expect(addButtons.length).toBeGreaterThan(0);
  });

-  it("should open add microagent modal when add button is clicked", async () => {
+  it("should open modal when add button is clicked", async () => {
    const user = userEvent.setup();
    renderMicroagentManagement();

-    // Wait for repositories to be loaded
+    // Wait for repositories to be loaded and processed
    await waitFor(() => {
      expect(mockUseUserRepositories).toHaveBeenCalled();
    });

+    // Wait for repositories to be displayed in the accordion
+    await waitFor(() => {
+      expect(screen.getByTestId("repository-name-tooltip")).toBeInTheDocument();
+    });
+
    // Find and click the first add microagent button
    const addButtons = screen.getAllByTestId("add-microagent-button");
    await user.click(addButtons[0]);
@@ -1292,11 +1302,18 @@ describe("MicroagentManagement", () => {
    it("should render add microagent button", async () => {
      renderMicroagentManagement();

-      // Wait for repositories to be loaded
+      // Wait for repositories to be loaded and processed
      await waitFor(() => {
        expect(mockUseUserRepositories).toHaveBeenCalled();
      });

+      // Wait for repositories to be displayed in the accordion
+      await waitFor(() => {
+        expect(
+          screen.getByTestId("repository-name-tooltip"),
+        ).toBeInTheDocument();
+      });
+
      // Check that add microagent buttons are present
      const addButtons = screen.getAllByTestId("add-microagent-button");
      expect(addButtons.length).toBeGreaterThan(0);
@@ -1306,11 +1323,18 @@ describe("MicroagentManagement", () => {
      const user = userEvent.setup();
      renderMicroagentManagement();

-      // Wait for repositories to be loaded
+      // Wait for repositories to be loaded and processed
      await waitFor(() => {
        expect(mockUseUserRepositories).toHaveBeenCalled();
      });

+      // Wait for repositories to be displayed in the accordion
+      await waitFor(() => {
+        expect(
+          screen.getByTestId("repository-name-tooltip"),
+        ).toBeInTheDocument();
+      });
+
      // Find and click the first add microagent button
      const addButtons = screen.getAllByTestId("add-microagent-button");
      await user.click(addButtons[0]);
@@ -1361,11 +1385,18 @@ describe("MicroagentManagement", () => {
      const user = userEvent.setup();
      renderMicroagentManagement();

-      // Wait for repositories to be loaded
+      // Wait for repositories to be loaded and processed
      await waitFor(() => {
        expect(mockUseUserRepositories).toHaveBeenCalled();
      });

+      // Wait for repositories to be displayed in the accordion
+      await waitFor(() => {
+        expect(
+          screen.getByTestId("repository-name-tooltip"),
+        ).toBeInTheDocument();
+      });
+
      // Find and click the first add microagent button
      const addButtons = screen.getAllByTestId("add-microagent-button");
      await user.click(addButtons[0]);
@@ -1385,11 +1416,18 @@ describe("MicroagentManagement", () => {
      const user = userEvent.setup();
      renderMicroagentManagement();

-      // Wait for repositories to be loaded
+      // Wait for repositories to be loaded and processed
      await waitFor(() => {
        expect(mockUseUserRepositories).toHaveBeenCalled();
      });

+      // Wait for repositories to be displayed in the accordion
+      await waitFor(() => {
+        expect(
+          screen.getByTestId("repository-name-tooltip"),
+        ).toBeInTheDocument();
+      });
+
      // Find and click the first add microagent button
      const addButtons = screen.getAllByTestId("add-microagent-button");
      await user.click(addButtons[0]);
@@ -1408,11 +1446,18 @@ describe("MicroagentManagement", () => {
      const user = userEvent.setup();
      renderMicroagentManagement();

-      // Wait for repositories to be loaded
+      // Wait for repositories to be loaded and processed
      await waitFor(() => {
        expect(mockUseUserRepositories).toHaveBeenCalled();
      });

+      // Wait for repositories to be displayed in the accordion
+      await waitFor(() => {
+        expect(
+          screen.getByTestId("repository-name-tooltip"),
+        ).toBeInTheDocument();
+      });
+
      // Find and click the first add microagent button
      const addButtons = screen.getAllByTestId("add-microagent-button");
      await user.click(addButtons[0]);
@@ -1441,11 +1486,18 @@ describe("MicroagentManagement", () => {
      const user = userEvent.setup();
      renderMicroagentManagement();

-      // Wait for repositories to be loaded
+      // Wait for repositories to be loaded and processed
      await waitFor(() => {
        expect(mockUseUserRepositories).toHaveBeenCalled();
      });

+      // Wait for repositories to be displayed in the accordion
+      await waitFor(() => {
+        expect(
+          screen.getByTestId("repository-name-tooltip"),
+        ).toBeInTheDocument();
+      });
+
      // Find and click the first add microagent button
      const addButtons = screen.getAllByTestId("add-microagent-button");
      await user.click(addButtons[0]);
@@ -1468,11 +1520,18 @@ describe("MicroagentManagement", () => {
      const user = userEvent.setup();
      renderMicroagentManagement();

-      // Wait for repositories to be loaded
+      // Wait for repositories to be loaded and processed
      await waitFor(() => {
        expect(mockUseUserRepositories).toHaveBeenCalled();
      });

+      // Wait for repositories to be displayed in the accordion
+      await waitFor(() => {
+        expect(
+          screen.getByTestId("repository-name-tooltip"),
+        ).toBeInTheDocument();
+      });
+
      // Find and click the first add microagent button
      const addButtons = screen.getAllByTestId("add-microagent-button");
      await user.click(addButtons[0]);
@@ -1494,11 +1553,18 @@ describe("MicroagentManagement", () => {
      const user = userEvent.setup();
      renderMicroagentManagement();

-      // Wait for repositories to be loaded
+      // Wait for repositories to be loaded and processed
      await waitFor(() => {
        expect(mockUseUserRepositories).toHaveBeenCalled();
      });

+      // Wait for repositories to be displayed in the accordion
+      await waitFor(() => {
+        expect(
+          screen.getByTestId("repository-name-tooltip"),
+        ).toBeInTheDocument();
+      });
+
      // Find and click the first add microagent button
      const addButtons = screen.getAllByTestId("add-microagent-button");
      await user.click(addButtons[0]);
@@ -79,6 +79,35 @@ describe("Content", () => {
        expect(screen.getByTestId("set-indicator")).toBeInTheDocument();
      });
    });
+
+    it("should conditionally show security analyzer based on confirmation mode", async () => {
+      renderLlmSettingsScreen();
+      await screen.findByTestId("llm-settings-screen");
+
+      const confirmation = screen.getByTestId("enable-confirmation-mode-switch");
+
+      // Initially confirmation mode is false, so security analyzer should not be visible
+      expect(confirmation).not.toBeChecked();
+      expect(
+        screen.queryByTestId("security-analyzer-input"),
+      ).not.toBeInTheDocument();
+
+      // Enable confirmation mode
+      await userEvent.click(confirmation);
+      expect(confirmation).toBeChecked();
+
+      // Security analyzer should now be visible
+      screen.getByTestId("security-analyzer-input");
+
+      // Disable confirmation mode again
+      await userEvent.click(confirmation);
+      expect(confirmation).not.toBeChecked();
+
+      // Security analyzer should be hidden again
+      expect(
+        screen.queryByTestId("security-analyzer-input"),
+      ).not.toBeInTheDocument();
+    });
  });

  describe("Advanced form", () => {
@@ -107,7 +136,6 @@ describe("Content", () => {
      within(advancedForm).getByTestId("llm-api-key-input");
      within(advancedForm).getByTestId("llm-api-key-help-anchor-advanced");
      within(advancedForm).getByTestId("agent-input");
-      within(advancedForm).getByTestId("enable-confirmation-mode-switch");
      within(advancedForm).getByTestId("enable-memory-condenser-switch");

      await userEvent.click(advancedSwitch);
@@ -130,9 +158,6 @@ describe("Content", () => {
      const baseUrl = screen.getByTestId("base-url-input");
      const apiKey = screen.getByTestId("llm-api-key-input");
      const agent = screen.getByTestId("agent-input");
-      const confirmation = screen.getByTestId(
-        "enable-confirmation-mode-switch",
-      );
      const condensor = screen.getByTestId("enable-memory-condenser-switch");

      expect(model).toHaveValue("openhands/claude-sonnet-4-20250514");
@@ -140,15 +165,7 @@ describe("Content", () => {
      expect(apiKey).toHaveValue("");
      expect(apiKey).toHaveProperty("placeholder", "");
      expect(agent).toHaveValue("CodeActAgent");
-      expect(confirmation).not.toBeChecked();
      expect(condensor).toBeChecked();
-
-      // check that security analyzer is present
-      expect(
-        screen.queryByTestId("security-analyzer-input"),
-      ).not.toBeInTheDocument();
-      await userEvent.click(confirmation);
-      screen.getByTestId("security-analyzer-input");
    });

    it("should render the advanced form if existings settings are advanced", async () => {
@@ -177,7 +194,7 @@ describe("Content", () => {
        agent: "CoActAgent",
        confirmation_mode: true,
        enable_default_condenser: false,
-        security_analyzer: "mock-invariant",
+        security_analyzer: "none",
      });

      renderLlmSettingsScreen();
@@ -203,7 +220,7 @@ describe("Content", () => {
        expect(agent).toHaveValue("CoActAgent");
        expect(confirmation).toBeChecked();
        expect(condensor).not.toBeChecked();
-        expect(securityAnalyzer).toHaveValue("mock-invariant");
+        expect(securityAnalyzer).toHaveValue("SETTINGS$SECURITY_ANALYZER_NONE");
      });
    });
  });
@@ -293,7 +310,7 @@ describe("Form submission", () => {
    // select security analyzer
    const securityAnalyzer = screen.getByTestId("security-analyzer-input");
    await userEvent.click(securityAnalyzer);
-    const securityAnalyzerOption = screen.getByText("mock-invariant");
+    const securityAnalyzerOption = screen.getByText("SETTINGS$SECURITY_ANALYZER_NONE");
    await userEvent.click(securityAnalyzerOption);

    const submitButton = screen.getByTestId("submit-button");
@@ -306,7 +323,7 @@ describe("Form submission", () => {
        agent: "CoActAgent",
        confirmation_mode: true,
        enable_default_condenser: false,
-        security_analyzer: "mock-invariant",
+        security_analyzer: null,
      }),
    );
  });
@@ -375,9 +392,11 @@ describe("Form submission", () => {
    const baseUrl = await screen.findByTestId("base-url-input");
    const apiKey = await screen.findByTestId("llm-api-key-input");
    const agent = await screen.findByTestId("agent-input");
-    const confirmation = await screen.findByTestId("enable-confirmation-mode-switch");
    const condensor = await screen.findByTestId("enable-memory-condenser-switch");

+    // Confirmation mode switch is now in basic settings, always visible
+    const confirmation = await screen.findByTestId("enable-confirmation-mode-switch");
+
    // enter custom model
    await userEvent.type(model, "-mini");
    expect(model).toHaveValue("openai/gpt-4o-mini");
@@ -451,14 +470,17 @@ describe("Form submission", () => {
    // select security analyzer
    const securityAnalyzer = await screen.findByTestId("security-analyzer-input");
    await userEvent.click(securityAnalyzer);
-    const securityAnalyzerOption = screen.getByText("mock-invariant");
+    const securityAnalyzerOption = screen.getByText("SETTINGS$SECURITY_ANALYZER_NONE");
    await userEvent.click(securityAnalyzerOption);
-    expect(securityAnalyzer).toHaveValue("mock-invariant");
+    expect(securityAnalyzer).toHaveValue("SETTINGS$SECURITY_ANALYZER_NONE");

    expect(submitButton).not.toBeDisabled();

-    await userEvent.clear(securityAnalyzer);
-    expect(securityAnalyzer).toHaveValue("");
+    // revert back to original value
+    await userEvent.click(securityAnalyzer);
+    const originalSecurityAnalyzerOption = screen.getByText("SETTINGS$SECURITY_ANALYZER_LLM_DEFAULT");
+    await userEvent.click(originalSecurityAnalyzerOption);
+    expect(securityAnalyzer).toHaveValue("SETTINGS$SECURITY_ANALYZER_LLM_DEFAULT");
    expect(submitButton).toBeDisabled();
  });

@@ -552,7 +574,7 @@ describe("Form submission", () => {
      expect.objectContaining({
        llm_model: "openhands/claude-sonnet-4-20250514",
        llm_base_url: "",
-        confirmation_mode: false,
+        confirmation_mode: true, // Confirmation mode is now a basic setting, should be preserved
      }),
    );
  });
@@ -107,9 +107,7 @@ describe("Content", () => {
      expect(screen.queryByTestId("add-secret-button")).not.toBeInTheDocument(),
    );
    const button = await screen.findByTestId("connect-git-button");
-    await userEvent.click(button);
-
-    screen.getByTestId("git-settings-screen");
+    expect(button).toHaveAttribute("href", "/settings/integrations");
  });

  it("should render an empty table when there are no existing secrets", async () => {
@@ -29,23 +29,5 @@ describe("hasAdvancedSettingsSet", () => {
        }),
      ).toBe(true);
    });
-
-    test("CONFIRMATION_MODE is true", () => {
-      expect(
-        hasAdvancedSettingsSet({
-          ...DEFAULT_SETTINGS,
-          CONFIRMATION_MODE: true,
-        }),
-      ).toBe(true);
-    });
-
-    test("SECURITY_ANALYZER is set", () => {
-      expect(
-        hasAdvancedSettingsSet({
-          ...DEFAULT_SETTINGS,
-          SECURITY_ANALYZER: "test",
-        }),
-      ).toBe(true);
-    });
  });
 });
@@ -1,7 +1,9 @@
-import { useCallback, useMemo, useRef } from "react";
+import { useCallback, useMemo, useState } from "react";
 import { useTranslation } from "react-i18next";
 import { Provider } from "../../types/settings";
 import { useGitRepositories } from "../../hooks/query/use-git-repositories";
+import { useSearchRepositories } from "../../hooks/query/use-search-repositories";
+import { useDebounce } from "../../hooks/use-debounce";
 import OpenHands from "../../api/open-hands";
 import { GitRepository } from "../../types/git";
 import {
@@ -19,10 +21,6 @@ export interface GitRepositoryDropdownProps {
  onChange?: (repository?: GitRepository) => void;
 }

-interface SearchCache {
-  [key: string]: GitRepository[];
-}
-
 export function GitRepositoryDropdown({
  provider,
  value,
@@ -33,6 +31,20 @@ export function GitRepositoryDropdown({
  onChange,
 }: GitRepositoryDropdownProps) {
  const { t } = useTranslation();
+  const [searchInput, setSearchInput] = useState("");
+  const debouncedSearchInput = useDebounce(searchInput, 300);
+
+  // Process search input to handle URLs
+  const processedSearchInput = useMemo(() => {
+    if (debouncedSearchInput.startsWith("https://")) {
+      const match = debouncedSearchInput.match(
+        /https:\/\/[^/]+\/([^/]+\/[^/]+)/,
+      );
+      return match ? match[1] : debouncedSearchInput;
+    }
+    return debouncedSearchInput;
+  }, [debouncedSearchInput]);
+
  const {
    data,
    fetchNextPage,
@@ -45,6 +57,10 @@ export function GitRepositoryDropdown({
    enabled: !disabled,
  });

+  // Search query for processed input (handles URLs)
+  const { data: searchData, isLoading: isSearchLoading } =
+    useSearchRepositories(processedSearchInput, provider);
+
  const allOptions: AsyncSelectOption[] = useMemo(
    () =>
      data?.pages
@@ -58,75 +74,83 @@ export function GitRepositoryDropdown({
    [data],
  );

-  // Keep track of search results
-  const searchCache = useRef<SearchCache>({});
+  const searchOptions: AsyncSelectOption[] = useMemo(
+    () =>
+      searchData
+        ? searchData.map((repo) => ({
+            value: repo.id,
+            label: repo.full_name,
+          }))
+        : [],
+    [searchData],
+  );

  const selectedOption = useMemo(() => {
    // First check in loaded pages
    const option = allOptions.find((opt) => opt.value === value);
    if (option) return option;

-    // If not found, check in search cache
-    const repo = Object.values(searchCache.current)
-      .flat()
-      .find((r) => r.id === value);
-
-    if (repo) {
-      return {
-        value: repo.id,
-        label: repo.full_name,
-      };
-    }
+    // If not found, check in search results
+    const searchOption = searchOptions.find((opt) => opt.value === value);
+    if (searchOption) return searchOption;

    return null;
-  }, [allOptions, value]);
+  }, [allOptions, searchOptions, value]);

  const loadOptions = useCallback(
    async (inputValue: string): Promise<AsyncSelectOption[]> => {
+      // Update search input to trigger debounced search
+      setSearchInput(inputValue);
+
      // If empty input, show all loaded options
      if (!inputValue.trim()) {
        return allOptions;
      }

-      // If it looks like a URL, extract the repo name and search
+      // For very short inputs, do local filtering
+      if (inputValue.length < 2) {
+        return allOptions.filter((option) =>
+          option.label.toLowerCase().includes(inputValue.toLowerCase()),
+        );
+      }
+
+      // Handle URL inputs by performing direct search
      if (inputValue.startsWith("https://")) {
        const match = inputValue.match(/https:\/\/[^/]+\/([^/]+\/[^/]+)/);
        if (match) {
          const repoName = match[1];
-          const searchResults = await OpenHands.searchGitRepositories(
-            repoName,
-            3,
-          );
-          // Cache the search results
-          searchCache.current[repoName] = searchResults;
-          return searchResults.map((repo) => ({
-            value: repo.id,
-            label: repo.full_name,
-          }));
+          try {
+            // Perform direct search for URL-based inputs
+            const repositories = await OpenHands.searchGitRepositories(
+              repoName,
+              3,
+              provider,
+            );
+            return repositories.map((repo) => ({
+              value: repo.full_name,
+              label: repo.full_name,
+              data: repo,
+            }));
+          } catch (error) {
+            // Fall back to local filtering if search fails
+            return allOptions.filter((option) =>
+              option.label.toLowerCase().includes(repoName.toLowerCase()),
+            );
+          }
        }
      }

-      // For any other input, search via API
-      if (inputValue.length >= 2) {
-        // Only search if at least 2 characters
-        const searchResults = await OpenHands.searchGitRepositories(
-          inputValue,
-          10,
-        );
-        // Cache the search results
-        searchCache.current[inputValue] = searchResults;
-        return searchResults.map((repo) => ({
-          value: repo.id,
-          label: repo.full_name,
-        }));
+      // For regular text inputs, use hook-based search results if available
+      if (searchOptions.length > 0 && processedSearchInput === inputValue) {
+        return searchOptions;
      }

-      // For very short inputs, do local filtering
+      // Fallback to local filtering while search is loading
      return allOptions.filter((option) =>
        option.label.toLowerCase().includes(inputValue.toLowerCase()),
      );
    },
-    [allOptions],
+    [allOptions, searchOptions, processedSearchInput, provider],
  );

  const handleChange = (option: AsyncSelectOption | null) => {
@@ -142,9 +166,7 @@ export function GitRepositoryDropdown({

    // If not found, check in search results
    if (!repo) {
-      repo = Object.values(searchCache.current)
-        .flat()
-        .find((r) => r.id === option.value);
+      repo = searchData?.find((r) => r.id === option.value);
    }

    onChange?.(repo);
@@ -167,7 +189,7 @@ export function GitRepositoryDropdown({
        errorMessage={errorMessage}
        disabled={disabled}
        isClearable={false}
-        isLoading={isLoading || isLoading || isFetchingNextPage}
+        isLoading={isLoading || isFetchingNextPage || isSearchLoading}
        cacheOptions
        defaultOptions={allOptions}
        onChange={handleChange}
@@ -7,11 +7,10 @@ import { ConversationCard } from "../conversation-panel/conversation-card";
 import { Provider } from "#/types/settings";

 interface ControlsProps {
-  setSecurityOpen: (isOpen: boolean) => void;
  showSecurityLock: boolean;
 }

-export function Controls({ setSecurityOpen, showSecurityLock }: ControlsProps) {
+export function Controls({ showSecurityLock }: ControlsProps) {
  const { data: conversation } = useActiveConversation();
  const [contextMenuOpen, setContextMenuOpen] = React.useState(false);

@@ -21,9 +20,7 @@ export function Controls({ setSecurityOpen, showSecurityLock }: ControlsProps) {
        <AgentControlBar />
        <AgentStatusBar />

-        {showSecurityLock && (
-          <SecurityLock onClick={() => setSecurityOpen(true)} />
-        )}
+        {showSecurityLock && <SecurityLock />}
      </div>

      <ConversationCard
@@ -1,17 +1,28 @@
 import { IoLockClosed } from "react-icons/io5";
+import { Tooltip } from "@heroui/react";
+import { useTranslation } from "react-i18next";
+import { Link } from "react-router";
+import { I18nKey } from "#/i18n/declaration";

-interface SecurityLockProps {
-  onClick: () => void;
-}
+export function SecurityLock() {
+  const { t } = useTranslation();

-export function SecurityLock({ onClick }: SecurityLockProps) {
  return (
-    <div
-      className="cursor-pointer hover:opacity-80 transition-all"
-      style={{ marginRight: "8px" }}
-      onClick={onClick}
+    <Tooltip
+      content={
+        <div className="max-w-xs p-2">
+          {t(I18nKey.SETTINGS$CONFIRMATION_MODE_LOCK_TOOLTIP)}
+        </div>
+      }
+      placement="top"
    >
-      <IoLockClosed size={20} />
-    </div>
+      <Link
+        to="/settings"
+        className="mr-2 cursor-pointer hover:opacity-80 transition-all"
+        aria-label={t(I18nKey.SETTINGS$TITLE)}
+      >
+        <IoLockClosed size={20} />
+      </Link>
+    </Tooltip>
  );
 }
@@ -17,7 +17,7 @@ export function MicroagentManagementAccordionTitle({
        <TooltipButton
          tooltip={repository.full_name}
          ariaLabel={repository.full_name}
-          className="text-white text-base font-normal bg-transparent p-0 min-w-0 h-auto cursor-pointer truncate max-w-[232px]"
+          className="text-white text-base font-normal bg-transparent p-0 min-w-0 h-auto cursor-pointer truncate max-w-[200px] translate-y-[-1px]"
          testId="repository-name-tooltip"
          placement="bottom"
        >
@@ -7,8 +7,6 @@ import {
 } from "#/state/microagent-management-slice";
 import { RootState } from "#/store";
 import { GitRepository } from "#/types/git";
-import PlusIcon from "#/icons/plus.svg?react";
-import { TooltipButton } from "#/components/shared/buttons/tooltip-button";

 interface MicroagentManagementAddMicroagentButtonProps {
  repository: GitRepository;
@@ -25,23 +23,22 @@ export function MicroagentManagementAddMicroagentButton({

  const dispatch = useDispatch();

-  const handleClick = (e: React.MouseEvent<HTMLDivElement>) => {
+  const handleClick = (e: React.MouseEvent<HTMLButtonElement>) => {
    e.stopPropagation();
    dispatch(setAddMicroagentModalVisible(!addMicroagentModalVisible));
    dispatch(setSelectedRepository(repository));
  };

  return (
-    <div onClick={handleClick}>
-      <TooltipButton
-        tooltip={t(I18nKey.COMMON$ADD_MICROAGENT)}
-        ariaLabel={t(I18nKey.COMMON$ADD_MICROAGENT)}
-        className="p-0 min-w-0 h-6 w-6 flex items-center justify-center bg-transparent cursor-pointer"
-        testId="add-microagent-button"
-        placement="bottom"
-      >
-        <PlusIcon width={22} height={22} />
-      </TooltipButton>
-    </div>
+    <button
+      type="button"
+      onClick={handleClick}
+      className="translate-y-[-1px]"
+      data-testid="add-microagent-button"
+    >
+      <span className="text-sm font-normal leading-5 text-[#8480FF] cursor-pointer hover:text-[#6C63FF] transition-colors duration-200">
+        {t(I18nKey.COMMON$ADD_MICROAGENT)}
+      </span>
+    </button>
  );
 }
@@ -1,4 +1,5 @@
 import React, { useEffect, useState } from "react";
+import { useTranslation } from "react-i18next";
 import { useDispatch, useSelector } from "react-redux";
 import { MicroagentManagementSidebar } from "./microagent-management-sidebar";
 import { MicroagentManagementMain } from "./microagent-management-main";
@@ -25,6 +26,12 @@ import { GitRepository } from "#/types/git";
 import { queryClient } from "#/query-client-config";
 import { Provider } from "#/types/settings";
 import { MicroagentManagementLearnThisRepoModal } from "./microagent-management-learn-this-repo-modal";
+import {
+  displaySuccessToast,
+  displayErrorToast,
+} from "#/utils/custom-toast-handlers";
+import { getFirstPRUrl } from "#/utils/parse-pr-url";
+import { I18nKey } from "#/i18n/declaration";

 // Handle error events
 const isErrorEvent = (evt: unknown): evt is { error: true; message: string } =>
@@ -112,6 +119,8 @@ export function MicroagentManagementContent() {
    learnThisRepoModalVisible,
  } = useSelector((state: RootState) => state.microagentManagement);

+  const { t } = useTranslation();
+
  const dispatch = useDispatch();

  const { createConversationAndSubscribe, isPending } =
@@ -159,6 +168,37 @@ export function MicroagentManagementContent() {
          ? (selectedRepository as GitRepository).full_name
          : "";

+      // Check if agent is running and ready to work
+      if (
+        isOpenHandsEvent(socketEvent) &&
+        isAgentStateChangeObservation(socketEvent) &&
+        socketEvent.extras.agent_state === AgentState.RUNNING
+      ) {
+        displaySuccessToast(
+          t(I18nKey.MICROAGENT_MANAGEMENT$OPENING_PR_TO_CREATE_MICROAGENT),
+        );
+      }
+
+      // Check if agent has finished and we have a PR
+      if (isOpenHandsEvent(socketEvent) && isFinishAction(socketEvent)) {
+        const prUrl = getFirstPRUrl(socketEvent.args.final_thought || "");
+        if (prUrl) {
+          displaySuccessToast(
+            t(I18nKey.MICROAGENT_MANAGEMENT$PR_READY_FOR_REVIEW),
+          );
+        } else {
+          // Agent finished but no PR found
+          displaySuccessToast(t(I18nKey.MICROAGENT_MANAGEMENT$PR_NOT_CREATED));
+        }
+      }
+
+      // Handle error events
+      if (isErrorEvent(socketEvent) || isAgentStatusError(socketEvent)) {
+        displayErrorToast(
+          t(I18nKey.MICROAGENT_MANAGEMENT$ERROR_CREATING_MICROAGENT),
+        );
+      }
+
      if (shouldInvalidateConversationsList(socketEvent)) {
        invalidateConversationsList(repositoryName);
      }
@@ -65,6 +65,18 @@ export function MicroagentManagementRepoMicroagents({
    }
  }, [conversations]);

+  useEffect(
+    () => () => {
+      dispatch(
+        setSelectedMicroagentItem({
+          microagent: null,
+          conversation: null,
+        }),
+      );
+    },
+    [],
+  );
+
  // Show loading only when both queries are loading
  const isLoading = isLoadingMicroagents || isLoadingConversations;

@@ -82,7 +94,7 @@ export function MicroagentManagementRepoMicroagents({
  // If there's an error with microagents, show the learn this repo component
  if (isError) {
    return (
-      <div className="pb-4">
+      <div>
        <MicroagentManagementLearnThisRepo repository={repository} />
      </div>
    );
@@ -93,7 +105,7 @@ export function MicroagentManagementRepoMicroagents({
  const totalItems = numberOfMicroagents + numberOfConversations;

  return (
-    <div className="pb-4">
+    <div>
      {totalItems === 0 && (
        <MicroagentManagementLearnThisRepo repository={repository} />
      )}
@@ -97,8 +97,10 @@ export function MicroagentManagementRepositories({
        variant="splitted"
        className="w-full px-0 gap-3"
        itemClasses={{
-          base: "shadow-none bg-transparent border border-[#ffffff40] rounded-[6px] cursor-pointer",
-          trigger: "cursor-pointer gap-1",
+          base: "shadow-none bg-transparent cursor-pointer px-0",
+          trigger: "cursor-pointer gap-2 py-3",
+          indicator:
+            "flex items-center justify-center p-0.5 pr-[3px] text-white hover:bg-[#454545] rounded transition-colors duration-200 rotate-180",
        }}
        selectionMode="multiple"
      >
@@ -1,8 +1,7 @@
 import { Tooltip } from "@heroui/react";
 import { useTranslation } from "react-i18next";
-import ConfirmIcon from "#/assets/confirm";
-import RejectIcon from "#/assets/reject";
 import { I18nKey } from "#/i18n/declaration";
+import { cn } from "#/utils/utils";

 interface ActionTooltipProps {
  type: "confirm" | "reject";
@@ -12,25 +11,35 @@ interface ActionTooltipProps {
 export function ActionTooltip({ type, onClick }: ActionTooltipProps) {
  const { t } = useTranslation();

-  const content =
-    type === "confirm"
-      ? t(I18nKey.CHAT_INTERFACE$USER_CONFIRMED)
-      : t(I18nKey.CHAT_INTERFACE$USER_REJECTED);
+  const isConfirm = type === "confirm";
+
+  const ariaLabel = isConfirm
+    ? t(I18nKey.ACTION$CONFIRM)
+    : t(I18nKey.ACTION$REJECT);
+
+  const content = isConfirm
+    ? t(I18nKey.CHAT_INTERFACE$USER_CONFIRMED)
+    : t(I18nKey.CHAT_INTERFACE$USER_REJECTED);
+
+  const buttonLabel = isConfirm
+    ? `${t(I18nKey.CHAT_INTERFACE$INPUT_CONTINUE_MESSAGE)} ⌘↩`
+    : `${t(I18nKey.BUTTON$CANCEL)} ⇧⌘⌫`;

  return (
    <Tooltip content={content} closeDelay={100}>
      <button
        data-testid={`action-${type}-button`}
        type="button"
-        aria-label={
+        aria-label={ariaLabel}
+        className={cn(
+          "rounded px-2 h-6.5 text-sm font-medium leading-5 cursor-pointer hover:opacity-80",
          type === "confirm"
-            ? t(I18nKey.ACTION$CONFIRM)
-            : t(I18nKey.ACTION$REJECT)
-        }
-        className="bg-tertiary rounded-full p-1 hover:bg-base-secondary"
+            ? "bg-tertiary text-white"
+            : "bg-white text-[#0D0F11]",
+        )}
        onClick={onClick}
      >
-        {type === "confirm" ? <ConfirmIcon /> : <RejectIcon />}
+        {buttonLabel}
      </button>
    </Tooltip>
  );
@@ -1,31 +1,120 @@
+import { useDispatch, useSelector } from "react-redux";
+import { useCallback, useEffect } from "react";
 import { useTranslation } from "react-i18next";
 import { I18nKey } from "#/i18n/declaration";
 import { AgentState } from "#/types/agent-state";
 import { generateAgentStateChangeEvent } from "#/services/agent-state-service";
 import { useWsClient } from "#/context/ws-client-provider";
 import { ActionTooltip } from "../action-tooltip";
+import { isOpenHandsAction } from "#/types/core/guards";
+import { ActionSecurityRisk } from "#/state/security-analyzer-slice";
+import { RiskAlert } from "#/components/shared/risk-alert";
+import WarningIcon from "#/icons/u-warning.svg?react";
+import { RootState } from "#/store";
+import { addSubmittedEventId } from "#/state/event-message-slice";

 export function ConfirmationButtons() {
-  const { t } = useTranslation();
-  const { send } = useWsClient();
+  const submittedEventIds = useSelector(
+    (state: RootState) => state.eventMessage.submittedEventIds,
+  );

-  const handleStateChange = (state: AgentState) => {
-    const event = generateAgentStateChangeEvent(state);
-    send(event);
-  };
+  const dispatch = useDispatch();
+
+  const { t } = useTranslation();
+
+  const { send, parsedEvents } = useWsClient();
+
+  // Find the most recent action awaiting confirmation
+  const awaitingAction = parsedEvents
+    .slice()
+    .reverse()
+    .find((ev) => {
+      if (!isOpenHandsAction(ev) || ev.source !== "agent") return false;
+      const args = ev.args as Record<string, unknown>;
+      return args?.confirmation_state === "awaiting_confirmation";
+    });
+
+  const handleStateChange = useCallback(
+    (state: AgentState) => {
+      if (!awaitingAction) {
+        return;
+      }
+
+      dispatch(addSubmittedEventId(awaitingAction.id));
+      send(generateAgentStateChangeEvent(state));
+    },
+    [send],
+  );
+
+  // Handle keyboard shortcuts
+  useEffect(() => {
+    if (!awaitingAction) {
+      return undefined;
+    }
+
+    const handleCancelShortcut = (event: KeyboardEvent) => {
+      if (event.shiftKey && event.metaKey && event.key === "Backspace") {
+        event.preventDefault();
+        handleStateChange(AgentState.USER_REJECTED);
+      }
+    };
+
+    const handleContinueShortcut = (event: KeyboardEvent) => {
+      if (event.metaKey && event.key === "Enter") {
+        event.preventDefault();
+        handleStateChange(AgentState.USER_CONFIRMED);
+      }
+    };
+
+    const handleKeyDown = (event: KeyboardEvent) => {
+      // Cancel: Shift+Cmd+Backspace (⇧⌘⌫)
+      handleCancelShortcut(event);
+      // Continue: Cmd+Enter (⌘↩)
+      handleContinueShortcut(event);
+    };
+
+    document.addEventListener("keydown", handleKeyDown);
+
+    return () => document.removeEventListener("keydown", handleKeyDown);
+  }, [awaitingAction, handleStateChange]);
+
+  if (!awaitingAction || submittedEventIds.includes(awaitingAction.id)) {
+    return null;
+  }
+
+  const { args } = awaitingAction as { args: Record<string, unknown> };
+
+  const risk = args?.security_risk;
+
+  const isHighRisk =
+    typeof risk === "string"
+      ? risk.toLowerCase() === "high"
+      : Number(risk) === ActionSecurityRisk.HIGH;

  return (
-    <div className="flex justify-between items-center pt-4">
-      <p>{t(I18nKey.CHAT_INTERFACE$USER_ASK_CONFIRMATION)}</p>
-      <div className="flex items-center gap-3">
-        <ActionTooltip
-          type="confirm"
-          onClick={() => handleStateChange(AgentState.USER_CONFIRMED)}
-        />
-        <ActionTooltip
-          type="reject"
-          onClick={() => handleStateChange(AgentState.USER_REJECTED)}
+    <div className="flex flex-col gap-2 pt-4">
+      {isHighRisk && (
+        <RiskAlert
+          content={t(I18nKey.CHAT_INTERFACE$HIGH_RISK_WARNING)}
+          icon={<WarningIcon width={16} height={16} color="#fff" />}
+          severity="high"
+          title={t(I18nKey.COMMON$HIGH_RISK)}
        />
+      )}
+      <div className="flex justify-between items-center">
+        <p className="text-sm font-normal text-white">
+          {t(I18nKey.CHAT_INTERFACE$USER_ASK_CONFIRMATION)}
+        </p>
+        <div className="flex items-center gap-3">
+          <ActionTooltip
+            type="reject"
+            onClick={() => handleStateChange(AgentState.USER_REJECTED)}
+          />
+          <ActionTooltip
+            type="confirm"
+            onClick={() => handleStateChange(AgentState.USER_CONFIRMED)}
+          />
+        </div>
      </div>
    </div>
  );
@@ -23,7 +23,7 @@ export function ModalBackdrop({ children, onClose }: ModalBackdropProps) {
    <div className="fixed inset-0 flex items-center justify-center z-20">
      <div
        onClick={handleClick}
-        className="fixed inset-0 bg-black bg-opacity-80"
+        className="fixed inset-0 bg-black opacity-60"
      />
      <div className="relative">{children}</div>
    </div>
@@ -93,14 +93,14 @@ function SecurityInvariant() {
    (risk: ActionSecurityRisk) => {
      switch (risk) {
        case ActionSecurityRisk.LOW:
-          return t(I18nKey.SECURITY_ANALYZER$LOW_RISK);
+          return t(I18nKey.SECURITY$LOW_RISK);
        case ActionSecurityRisk.MEDIUM:
-          return t(I18nKey.SECURITY_ANALYZER$MEDIUM_RISK);
+          return t(I18nKey.SECURITY$MEDIUM_RISK);
        case ActionSecurityRisk.HIGH:
-          return t(I18nKey.SECURITY_ANALYZER$HIGH_RISK);
+          return t(I18nKey.SECURITY$HIGH_RISK);
        case ActionSecurityRisk.UNKNOWN:
        default:
-          return t(I18nKey.SECURITY_ANALYZER$UNKNOWN_RISK);
+          return t(I18nKey.SECURITY$UNKNOWN_RISK);
      }
    },
    [t],
@@ -0,0 +1,36 @@
+import { ReactNode } from "react";
+import { cn } from "#/utils/utils";
+
+interface RiskAlertProps {
+  className?: string;
+  content: ReactNode;
+  icon?: ReactNode;
+  severity: "high" | "medium" | "low";
+  title: string;
+}
+
+export function RiskAlert({
+  className,
+  content,
+  icon,
+  severity,
+  title,
+}: RiskAlertProps) {
+  // Currently, we are only supporting the high risk alert. If we use want to support other risk levels, we can add them here and use cva to create different variants of this component.
+  if (severity === "high") {
+    return (
+      <div
+        className={cn(
+          "flex items-center gap-3.5 bg-[#4A0709] border border-[#FF0006] text-red-400 rounded-xl px-3.5 h-13 text-sm text-white",
+          className,
+        )}
+      >
+        {icon && <span className="">{icon}</span>}
+        <span className="font-bold">{title}</span>
+        <span className="font-normal">{content}</span>
+      </div>
+    );
+  }
+
+  return null;
+}
@@ -357,6 +357,7 @@ export enum I18nKey {
  CHAT_INTERFACE$INPUT_PLACEHOLDER = "CHAT_INTERFACE$INPUT_PLACEHOLDER",
  CHAT_INTERFACE$INPUT_CONTINUE_MESSAGE = "CHAT_INTERFACE$INPUT_CONTINUE_MESSAGE",
  CHAT_INTERFACE$USER_ASK_CONFIRMATION = "CHAT_INTERFACE$USER_ASK_CONFIRMATION",
+  CHAT_INTERFACE$HIGH_RISK_WARNING = "CHAT_INTERFACE$HIGH_RISK_WARNING",
  CHAT_INTERFACE$USER_CONFIRMED = "CHAT_INTERFACE$USER_CONFIRMED",
  CHAT_INTERFACE$USER_REJECTED = "CHAT_INTERFACE$USER_REJECTED",
  CHAT_INTERFACE$INPUT_SEND_MESSAGE_BUTTON_CONTENT = "CHAT_INTERFACE$INPUT_SEND_MESSAGE_BUTTON_CONTENT",
@@ -371,10 +372,6 @@ export enum I18nKey {
  CHAT_INTERFACE$MESSAGE_ARIA_LABEL = "CHAT_INTERFACE$MESSAGE_ARIA_LABEL",
  CHAT_INTERFACE$CHAT_CONVERSATION = "CHAT_INTERFACE$CHAT_CONVERSATION",
  CHAT_INTERFACE$UNKNOWN_SENDER = "CHAT_INTERFACE$UNKNOWN_SENDER",
-  SECURITY_ANALYZER$UNKNOWN_RISK = "SECURITY_ANALYZER$UNKNOWN_RISK",
-  SECURITY_ANALYZER$LOW_RISK = "SECURITY_ANALYZER$LOW_RISK",
-  SECURITY_ANALYZER$MEDIUM_RISK = "SECURITY_ANALYZER$MEDIUM_RISK",
-  SECURITY_ANALYZER$HIGH_RISK = "SECURITY_ANALYZER$HIGH_RISK",
  SETTINGS$MODEL_TOOLTIP = "SETTINGS$MODEL_TOOLTIP",
  SETTINGS$AGENT_TOOLTIP = "SETTINGS$AGENT_TOOLTIP",
  SETTINGS$LANGUAGE_TOOLTIP = "SETTINGS$LANGUAGE_TOOLTIP",
@@ -385,9 +382,12 @@ export enum I18nKey {
  SETTINGS$REFRESH_LLM_API_KEY = "SETTINGS$REFRESH_LLM_API_KEY",
  SETTINGS$CONFIRMATION_MODE = "SETTINGS$CONFIRMATION_MODE",
  SETTINGS$CONFIRMATION_MODE_TOOLTIP = "SETTINGS$CONFIRMATION_MODE_TOOLTIP",
+  SETTINGS$CONFIRMATION_MODE_LOCK_TOOLTIP = "SETTINGS$CONFIRMATION_MODE_LOCK_TOOLTIP",
  SETTINGS$AGENT_SELECT_ENABLED = "SETTINGS$AGENT_SELECT_ENABLED",
  SETTINGS$SECURITY_ANALYZER = "SETTINGS$SECURITY_ANALYZER",
  SETTINGS$SECURITY_ANALYZER_PLACEHOLDER = "SETTINGS$SECURITY_ANALYZER_PLACEHOLDER",
+  SETTINGS$SECURITY_ANALYZER_TOOLTIP = "SETTINGS$SECURITY_ANALYZER_TOOLTIP",
+  SETTINGS$SECURITY_ANALYZER_DESCRIPTION = "SETTINGS$SECURITY_ANALYZER_DESCRIPTION",
  SETTINGS$DONT_KNOW_API_KEY = "SETTINGS$DONT_KNOW_API_KEY",
  SETTINGS$CLICK_FOR_INSTRUCTIONS = "SETTINGS$CLICK_FOR_INSTRUCTIONS",
  SETTINGS$SAVED = "SETTINGS$SAVED",
@@ -781,8 +781,6 @@ export enum I18nKey {
  PROJECT_MANAGEMENT$SVC_ACC_EMAIL_VALIDATION_ERROR = "PROJECT_MANAGEMENT$SVC_ACC_EMAIL_VALIDATION_ERROR",
  PROJECT_MANAGEMENT$SVC_ACC_API_KEY_VALIDATION_ERROR = "PROJECT_MANAGEMENT$SVC_ACC_API_KEY_VALIDATION_ERROR",
  MICROAGENT_MANAGEMENT$ERROR_LOADING_MICROAGENT_CONTENT = "MICROAGENT_MANAGEMENT$ERROR_LOADING_MICROAGENT_CONTENT",
-  SETTINGS$MCP_ERROR_ENV_INVALID_FORMAT = "SETTINGS$MCP_ERROR_ENV_INVALID_FORMAT",
-  SETTINGS$MCP_ERROR_URL_DUPLICATE = "SETTINGS$MCP_ERROR_URL_DUPLICATE",
  SETTINGS$MCP_SERVER_TYPE_SSE = "SETTINGS$MCP_SERVER_TYPE_SSE",
  SETTINGS$MCP_SERVER_TYPE_STDIO = "SETTINGS$MCP_SERVER_TYPE_STDIO",
  SETTINGS$MCP_SERVER_TYPE_SHTTP = "SETTINGS$MCP_SERVER_TYPE_SHTTP",
@@ -794,6 +792,8 @@ export enum I18nKey {
  SETTINGS$MCP_ERROR_NAME_DUPLICATE = "SETTINGS$MCP_ERROR_NAME_DUPLICATE",
  SETTINGS$MCP_ERROR_COMMAND_REQUIRED = "SETTINGS$MCP_ERROR_COMMAND_REQUIRED",
  SETTINGS$MCP_ERROR_COMMAND_NO_SPACES = "SETTINGS$MCP_ERROR_COMMAND_NO_SPACES",
+  SETTINGS$MCP_ERROR_URL_DUPLICATE = "SETTINGS$MCP_ERROR_URL_DUPLICATE",
+  SETTINGS$MCP_ERROR_ENV_INVALID_FORMAT = "SETTINGS$MCP_ERROR_ENV_INVALID_FORMAT",
  SETTINGS$MCP_SERVER_TYPE = "SETTINGS$MCP_SERVER_TYPE",
  SETTINGS$MCP_API_KEY_PLACEHOLDER = "SETTINGS$MCP_API_KEY_PLACEHOLDER",
  SETTINGS$MCP_COMMAND_ARGUMENTS = "SETTINGS$MCP_COMMAND_ARGUMENTS",
@@ -810,4 +810,12 @@ export enum I18nKey {
  PROJECT_MANAGEMENT$CONFIGURE_MODAL_DESCRIPTION = "PROJECT_MANAGEMENT$CONFIGURE_MODAL_DESCRIPTION",
  PROJECT_MANAGEMENT$IMPORTANT_WORKSPACE_INTEGRATION = "PROJECT_MANAGEMENT$IMPORTANT_WORKSPACE_INTEGRATION",
  SETTINGS = "SETTINGS",
+  MICROAGENT_MANAGEMENT$OPENING_PR_TO_CREATE_MICROAGENT = "MICROAGENT_MANAGEMENT$OPENING_PR_TO_CREATE_MICROAGENT",
+  MICROAGENT_MANAGEMENT$PR_READY_FOR_REVIEW = "MICROAGENT_MANAGEMENT$PR_READY_FOR_REVIEW",
+  MICROAGENT_MANAGEMENT$PR_NOT_CREATED = "MICROAGENT_MANAGEMENT$PR_NOT_CREATED",
+  MICROAGENT_MANAGEMENT$ERROR_CREATING_MICROAGENT = "MICROAGENT_MANAGEMENT$ERROR_CREATING_MICROAGENT",
+  SETTINGS$SECURITY_ANALYZER_LLM_DEFAULT = "SETTINGS$SECURITY_ANALYZER_LLM_DEFAULT",
+  SETTINGS$SECURITY_ANALYZER_NONE = "SETTINGS$SECURITY_ANALYZER_NONE",
+  SETTINGS$SECURITY_ANALYZER_INVARIANT = "SETTINGS$SECURITY_ANALYZER_INVARIANT",
+  COMMON$HIGH_RISK = "COMMON$HIGH_RISK",
 }
@@ -432,68 +432,68 @@
    "uk": "Повторний вхід до OpenHands..."
  },
  "SECURITY$LOW_RISK": {
-    "en": "Low Risk",
-    "ja": "低リスク",
-    "zh-CN": "低风险",
-    "zh-TW": "低風險",
-    "ko-KR": "낮은 위험",
-    "no": "Lav risiko",
-    "it": "Rischio basso",
-    "pt": "Baixo risco",
-    "es": "Riesgo bajo",
-    "ar": "مخاطر منخفضة",
-    "fr": "Risque faible",
-    "tr": "Düşük risk",
-    "de": "Geringes Risiko",
-    "uk": "Низький ризик"
+    "en": "Risk: Low",
+    "ja": "リスク: 低",
+    "zh-CN": "风险: 低",
+    "zh-TW": "風險: 低",
+    "ko-KR": "위험: 낮음",
+    "no": "Risiko: Lav",
+    "it": "Rischio: Basso",
+    "pt": "Risco: Baixo",
+    "es": "Riesgo: Bajo",
+    "ar": "المخاطر: منخفضة",
+    "fr": "Risque : Faible",
+    "tr": "Risk: Düşük",
+    "de": "Risiko: Gering",
+    "uk": "Ризик: Низький"
  },
  "SECURITY$MEDIUM_RISK": {
-    "en": "Medium Risk",
-    "ja": "中リスク",
-    "zh-CN": "中等风险",
-    "zh-TW": "中等風險",
-    "ko-KR": "중간 위험",
-    "no": "Middels risiko",
-    "it": "Rischio medio",
-    "pt": "Risco médio",
-    "es": "Riesgo medio",
-    "ar": "مخاطر متوسطة",
-    "fr": "Risque moyen",
-    "tr": "Orta risk",
-    "de": "Mittleres Risiko",
-    "uk": "Середній ризик"
+    "en": "Risk: Medium",
+    "ja": "リスク: 中",
+    "zh-CN": "风险: 中等",
+    "zh-TW": "風險: 中等",
+    "ko-KR": "위험: 중간",
+    "no": "Risiko: Middels",
+    "it": "Rischio: Medio",
+    "pt": "Risco: Médio",
+    "es": "Riesgo: Medio",
+    "ar": "المخاطر: متوسطة",
+    "fr": "Risque : Moyen",
+    "tr": "Risk: Orta",
+    "de": "Risiko: Mittel",
+    "uk": "Ризик: Середній"
  },
  "SECURITY$HIGH_RISK": {
-    "en": "High Risk",
-    "ja": "高リスク",
-    "zh-CN": "高风险",
-    "zh-TW": "高風險",
-    "ko-KR": "높은 위험",
-    "no": "Høy risiko",
-    "it": "Rischio alto",
-    "pt": "Alto risco",
-    "es": "Riesgo alto",
-    "ar": "مخاطر عالية",
-    "fr": "Risque élevé",
-    "tr": "Yüksek risk",
-    "de": "Hohes Risiko",
-    "uk": "Високий ризик"
+    "en": "Risk: High",
+    "ja": "リスク: 高",
+    "zh-CN": "风险: 高",
+    "zh-TW": "風險: 高",
+    "ko-KR": "위험: 높음",
+    "no": "Risiko: Høy",
+    "it": "Rischio: Alto",
+    "pt": "Risco: Alto",
+    "es": "Riesgo: Alto",
+    "ar": "المخاطر: عالية",
+    "fr": "Risque : Élevé",
+    "tr": "Risk: Yüksek",
+    "de": "Risiko: Hoch",
+    "uk": "Ризик: Високий"
  },
  "SECURITY$UNKNOWN_RISK": {
-    "en": "Unknown Risk",
-    "ja": "不明なリスク",
-    "zh-CN": "未知风险",
-    "zh-TW": "未知風險",
-    "ko-KR": "알 수 없는 위험",
-    "no": "Ukjent risiko",
-    "it": "Rischio sconosciuto",
-    "pt": "Risco desconhecido",
-    "es": "Riesgo desconocido",
-    "ar": "مخاطر غير معروفة",
-    "fr": "Risque inconnu",
-    "tr": "Bilinmeyen risk",
-    "de": "Unbekanntes Risiko",
-    "uk": "Невідомий ризик"
+    "en": "Risk: Unknown",
+    "ja": "リスク: 不明",
+    "zh-CN": "风险: 未知",
+    "zh-TW": "風險: 未知",
+    "ko-KR": "위험: 알 수 없음",
+    "no": "Risiko: Ukjent",
+    "it": "Rischio: Sconosciuto",
+    "pt": "Risco: Desconhecido",
+    "es": "Riesgo: Desconocido",
+    "ar": "المخاطر: غير معروفة",
+    "fr": "Risque : Inconnu",
+    "tr": "Risk: Bilinmeyen",
+    "de": "Risiko: Unbekannt",
+    "uk": "Ризик: Невідомий"
  },
  "FINISH$TASK_COMPLETED_SUCCESSFULLY": {
    "en": "I believe that the task was **completed successfully**.",
@@ -2432,20 +2432,20 @@
    "uk": "Git налаштування"
  },
  "SETTINGS$GIT_SETTINGS_DESCRIPTION": {
-    "en": "Configure Git integration settings",
-    "ja": "Git統合設定を構成する",
-    "zh-CN": "配置Git集成设置",
-    "zh-TW": "配置Git整合設定",
-    "ko-KR": "Git 통합 설정 구성",
-    "de": "Git-Integrationseinstellungen konfigurieren",
-    "no": "Konfigurer Git-integrasjonsinnstillinger",
-    "it": "Configura le impostazioni di integrazione Git",
-    "pt": "Configure as configurações de integração Git",
-    "es": "Configure los ajustes de integración Git",
-    "ar": "تكوين إعدادات تكامل Git",
-    "fr": "Configurer les paramètres d'intégration Git",
-    "tr": "Git entegrasyon ayarlarını yapılandırın",
-    "uk": "Налаштуйте параметри інтеграції Git"
+    "en": "Configure the username and email that OpenHands uses to commit changes.",
+    "ja": "OpenHandsがコミットに使用するユーザー名とメールを設定します。",
+    "zh-CN": "配置OpenHands用于提交更改的用户名和电子邮件。",
+    "zh-TW": "配置OpenHands用於提交更改的用戶名和電子郵件。",
+    "ko-KR": "OpenHands가 변경 사항을 커밋할 때 사용하는 사용자 이름과 이메일을 구성합니다.",
+    "de": "Konfigurieren Sie den Benutzernamen und die E-Mail, die OpenHands zum Committen von Änderungen verwendet.",
+    "no": "Konfigurer brukernavnet og e-posten som OpenHands bruker for å committe endringer.",
+    "it": "Configura il nome utente e l'email che OpenHands utilizza per committare le modifiche.",
+    "pt": "Configure o nome de usuário e o email que o OpenHands usa para fazer commits de alterações.",
+    "es": "Configure el nombre de usuario y el correo electrónico que OpenHands utiliza para confirmar cambios.",
+    "ar": "قم بتكوين اسم المستخدم والبريد الإلكتروني الذي يستخدمه OpenHands لارتكاب التغييرات.",
+    "fr": "Configurez le nom d'utilisateur et l'email qu'OpenHands utilise pour valider les modifications.",
+    "tr": "OpenHands'ın değişiklikleri commit etmek için kullandığı kullanıcı adını ve e-postayı yapılandırın.",
+    "uk": "Налаштуйте ім'я користувача та електронну пошту, які OpenHands використовує для фіксації змін."
  },
  "SETTINGS$SOUND_NOTIFICATIONS": {
    "en": "Sound Notifications",
@@ -2520,11 +2520,11 @@
    "de": "Lösbarkeitsanalyse aktivieren",
    "no": "Aktiver løsningsanalyse",
    "it": "Abilita analisi di risolvibilità",
-    "pt": "Ativar análise de resolubilidade",
-    "es": "Habilitar análisis de resolubilidad",
+    "pt": "Ativar análise de solucionabilidade",
+    "es": "Habilitar análisis de solvencia",
    "ar": "تمكين تحليل القابلية للحل",
-    "fr": "Activer l'analyse de résolvabilité",
-    "tr": "Çözülebilirlik analizini etkinleştir",
+    "fr": "Activer l'analyse de solvabilité",
+    "tr": "Çözünürlük Analizini Etkinleştir",
    "uk": "Увімкнути аналіз розв'язності"
  },
  "SETTINGS$SEARCH_API_KEY": {
@@ -5711,6 +5711,22 @@
    "ja": "このアクションを実行してもよろしいですか？",
    "uk": "Ви хочете продовжити цю дію?"
  },
+  "CHAT_INTERFACE$HIGH_RISK_WARNING": {
+    "en": "Review carefully before proceeding.",
+    "zh-CN": "在继续之前请仔细检查。",
+    "de": "Überprüfen Sie sorgfältig, bevor Sie fortfahren.",
+    "zh-TW": "在繼續之前請仔細檢查。",
+    "ko-KR": "계속하기 전에 신중히 검토하세요.",
+    "no": "Gå nøye gjennom før du fortsetter.",
+    "it": "Esamina attentamente prima di procedere.",
+    "pt": "Revise cuidadosamente antes de prosseguir.",
+    "es": "Revise cuidadosamente antes de continuar.",
+    "ar": "يرجى المراجعة بعناية قبل المتابعة.",
+    "fr": "Examinez attentivement avant de continuer.",
+    "tr": "Devam etmeden önce dikkatlice gözden geçirin.",
+    "ja": "続行する前に慎重に確認してください。",
+    "uk": "Уважно перевірте перед продовженням."
+  },
  "CHAT_INTERFACE$USER_CONFIRMED": {
    "en": "Confirm the requested action",
    "de": "Bestätigen Sie die angeforderte Aktion",
@@ -5935,70 +5951,6 @@
    "ja": "不明な送信者",
    "uk": "Невідомий"
  },
-  "SECURITY_ANALYZER$UNKNOWN_RISK": {
-    "en": "Unknown Risk",
-    "de": "Unbekanntes Risiko",
-    "zh-CN": "未知风险",
-    "ko-KR": "알 수 없는 위험",
-    "no": "Ukjent risiko",
-    "zh-TW": "未知風險",
-    "it": "Rischio sconosciuto",
-    "pt": "Risco desconhecido",
-    "es": "Riesgo desconocido",
-    "ar": "مخاطر غير معروفة",
-    "fr": "Risque inconnu",
-    "tr": "Bilinmeyen risk",
-    "ja": "不明なリスク",
-    "uk": "Невідомий ризик"
-  },
-  "SECURITY_ANALYZER$LOW_RISK": {
-    "en": "Low Risk",
-    "de": "Niedriges Risiko",
-    "zh-CN": "低风险",
-    "ko-KR": "낮은 위험",
-    "no": "Lav risiko",
-    "zh-TW": "低風險",
-    "it": "Rischio basso",
-    "pt": "Baixo risco",
-    "es": "Riesgo bajo",
-    "ar": "مخاطر منخفضة",
-    "fr": "Risque faible",
-    "tr": "Düşük risk",
-    "ja": "低リスク",
-    "uk": "Низький ризик"
-  },
-  "SECURITY_ANALYZER$MEDIUM_RISK": {
-    "en": "Medium Risk",
-    "de": "Mittleres Risiko",
-    "zh-CN": "中等风险",
-    "ko-KR": "중간 위험",
-    "no": "Middels risiko",
-    "zh-TW": "中等風險",
-    "it": "Rischio medio",
-    "pt": "Risco médio",
-    "es": "Riesgo medio",
-    "ar": "مخاطر متوسطة",
-    "fr": "Risque moyen",
-    "tr": "Orta risk",
-    "ja": "中リスク",
-    "uk": "Середній ризик"
-  },
-  "SECURITY_ANALYZER$HIGH_RISK": {
-    "en": "High Risk",
-    "de": "Hohes Risiko",
-    "zh-CN": "高风险",
-    "ko-KR": "높은 위험",
-    "no": "Høy risiko",
-    "zh-TW": "高風險",
-    "it": "Rischio elevato",
-    "pt": "Alto risco",
-    "es": "Riesgo alto",
-    "ar": "مخاطر عالية",
-    "fr": "Risque élevé",
-    "tr": "Yüksek risk",
-    "ja": "高リスク",
-    "uk": "Високий ризик"
-  },
  "SETTINGS$MODEL_TOOLTIP": {
    "en": "Select the language model to use.",
    "zh-CN": "选择要使用的语言模型",
@@ -6159,6 +6111,22 @@
    "ja": "エージェントのアクションを実行前に確認",
    "uk": "Очікує підтвердження користувача перед виконанням коду."
  },
+  "SETTINGS$CONFIRMATION_MODE_LOCK_TOOLTIP": {
+    "en": "The agent is in confirmation mode. It will prompt the user to confirm certain actions when security analyzer policy detected a high-risk action. Click this icon to go to settings tab for more information.",
+    "de": "Der Agent befindet sich im Bestätigungsmodus. Er wird den Benutzer auffordern, bestimmte Aktionen zu bestätigen, wenn die Sicherheitsanalysator-Richtlinie eine risikoreiche Aktion erkannt hat. Weitere Informationen finden Sie auf der Registerkarte Einstellungen.",
+    "zh-CN": "代理处于确认模式。当安全分析器策略检测到高风险操作时，它会提示用户确认某些操作。查看设置选项卡了解更多信息。",
+    "zh-TW": "代理處於確認模式。當安全分析器策略檢測到高風險操作時，它會提示使用者確認某些操作。查看設定選項卡了解更多資訊。",
+    "ko-KR": "에이전트가 확인 모드에 있습니다. 보안 분석기 정책이 고위험 작업을 감지하면 사용자에게 특정 작업을 확인하도록 요청합니다. 자세한 내용은 설정 탭을 확인하세요.",
+    "no": "Agenten er i bekreftelsesmodus. Den vil be brukeren om å bekrefte visse handlinger når sikkerhetsanalysatorpolitikken oppdager en høyrisiko-handling. Sjekk innstillingsfanen for mer informasjon.",
+    "it": "L'agente è in modalità di conferma. Chiederà all'utente di confermare certe azioni quando la politica dell'analizzatore di sicurezza rileva un'azione ad alto rischio. Controlla la scheda impostazioni per maggiori informazioni.",
+    "pt": "O agente está no modo de confirmação. Ele solicitará ao usuário que confirme certas ações quando a política do analisador de segurança detectar uma ação de alto risco. Verifique a aba de configurações para mais informações.",
+    "es": "El agente está en modo de confirmación. Solicitará al usuario que confirme ciertas acciones cuando la política del analizador de seguridad detecte una acción de alto riesgo. Consulte la pestaña de configuración para obtener más información.",
+    "ar": "الوكيل في وضع التأكيد. سيطلب من المستخدم تأكيد إجراءات معينة عندما تكتشف سياسة محلل الأمان إجراءً عالي المخاطر. تحقق من علامة تبويب الإعدادات للحصول على مزيد من المعلومات.",
+    "fr": "L'agent est en mode de confirmation. Il demandera à l'utilisateur de confirmer certaines actions lorsque la politique de l'analyseur de sécurité détecte une action à haut risque. Consultez l'onglet paramètres pour plus d'informations.",
+    "tr": "Ajan onay modunda. Güvenlik analizörü politikası yüksek riskli bir eylem tespit ettiğinde kullanıcıdan belirli eylemleri onaylamasını isteyecek. Daha fazla bilgi için ayarlar sekmesini kontrol edin.",
+    "ja": "エージェントは確認モードです。セキュリティアナライザーポリシーが高リスクアクションを検出した場合、特定のアクションの確認をユーザーに求めます。詳細については設定タブを確認してください。",
+    "uk": "Агент знаходиться в режимі підтвердження. Він попросить користувача підтвердити певні дії, коли політика аналізатора безпеки виявить дію високого ризику. Перевірте вкладку налаштувань для отримання додаткової інформації."
+  },
  "SETTINGS$AGENT_SELECT_ENABLED": {
    "en": "Enable Agent Selection - Advanced Users",
    "zh-CN": "启用智能体选择 - 高级用户",
@@ -6207,6 +6175,38 @@
    "ja": "セキュリティアナライザーを選択…",
    "uk": "Виберіть аналізатор безпеки…"
  },
+  "SETTINGS$SECURITY_ANALYZER_TOOLTIP": {
+    "en": "When enabled, the agent will pause and ask for confirmation when it tries to execute high-risk actions",
+    "de": "Wenn aktiviert, pausiert der Agent und fragt nach Bestätigung, wenn er versucht, risikoreiche Aktionen auszuführen",
+    "zh-CN": "启用后，代理在尝试执行高风险操作时会暂停并要求确认",
+    "zh-TW": "啟用後，代理在嘗試執行高風險操作時會暫停並要求確認",
+    "ko-KR": "활성화되면 에이전트가 고위험 작업을 실행하려고 할 때 일시 중지하고 확인을 요청합니다",
+    "no": "Når aktivert, vil agenten pause og be om bekreftelse når den prøver å utføre høyrisiko-handlinger",
+    "it": "Quando abilitato, l'agente si fermerà e chiederà conferma quando tenta di eseguire azioni ad alto rischio",
+    "pt": "Quando ativado, o agente pausará e pedirá confirmação quando tentar executar ações de alto risco",
+    "es": "Cuando está habilitado, el agente se pausará y pedirá confirmación cuando trate de ejecutar acciones de alto riesgo",
+    "ar": "عند التمكين، سيتوقف الوكيل ويطلب التأكيد عندما يحاول تنفيذ إجراءات عالية المخاطر",
+    "fr": "Lorsqu'il est activé, l'agent se mettra en pause et demandera confirmation lorsqu'il tentera d'exécuter des actions à haut risque",
+    "tr": "Etkinleştirildiğinde, ajan yüksek riskli eylemleri gerçekleştirmeye çalıştığında duraklar ve onay ister",
+    "ja": "有効にすると、エージェントは高リスクなアクションを実行しようとする際に一時停止し、確認を求めます",
+    "uk": "Коли увімкнено, агент зупиниться і попросить підтвердження, коли спробує виконати дії високого ризику"
+  },
+  "SETTINGS$SECURITY_ANALYZER_DESCRIPTION": {
+    "en": "The security analyzer will be used in conjunction with confirmation mode. By default, it utilizes LLM-predicted action risk to determine whether to prompt the user for confirmation. If the risk is HIGH, it will prompt the user for confirmation by default.",
+    "de": "Der Sicherheitsanalysator wird in Verbindung mit dem Bestätigungsmodus verwendet. Standardmäßig nutzt er LLM-vorhergesagtes Aktionsrisiko, um zu bestimmen, ob der Benutzer zur Bestätigung aufgefordert werden soll. Wenn das Risiko HOCH ist, wird er standardmäßig zur Bestätigung auffordern.",
+    "zh-CN": "安全分析器将与确认模式结合使用。默认情况下，它利用LLM预测的操作风险来确定是否提示用户确认。如果风险为高，它将默认提示用户确认。",
+    "zh-TW": "安全分析器將與確認模式結合使用。預設情況下，它利用LLM預測的操作風險來確定是否提示用戶確認。如果風險為高，它將預設提示用戶確認。",
+    "ko-KR": "보안 분석기는 확인 모드와 함께 사용됩니다. 기본적으로 LLM이 예측한 작업 위험을 활용하여 사용자에게 확인을 요청할지 결정합니다. 위험이 높으면 기본적으로 사용자에게 확인을 요청합니다.",
+    "no": "Sikkerhetsanalysatoren vil bli brukt i forbindelse med bekreftelsesmodus. Som standard bruker den LLM-forutsagt handlingsrisiko for å bestemme om brukeren skal bli bedt om bekreftelse. Hvis risikoen er HØY, vil den be om bekreftelse som standard.",
+    "it": "L'analizzatore di sicurezza verrà utilizzato insieme alla modalità di conferma. Per impostazione predefinita, utilizza il rischio di azione previsto dall'LLM per determinare se richiedere conferma all'utente. Se il rischio è ALTO, richiederà conferma per impostazione predefinita.",
+    "pt": "O analisador de segurança será usado em conjunto com o modo de confirmação. Por padrão, utiliza o risco de ação previsto pelo LLM para determinar se deve solicitar confirmação ao usuário. Se o risco for ALTO, solicitará confirmação por padrão.",
+    "es": "El analizador de seguridad se utilizará junto con el modo de confirmación. Por defecto, utiliza el riesgo de acción predicho por LLM para determinar si solicitar confirmación al usuario. Si el riesgo es ALTO, solicitará confirmación por defecto.",
+    "ar": "سيتم استخدام محلل الأمان بالتزامن مع وضع التأكيد. افتراضياً، يستخدم مخاطر الإجراء المتوقعة من LLM لتحديد ما إذا كان يجب مطالبة المستخدم بالتأكيد. إذا كان الخطر عالياً، فسيطالب بالتأكيد افتراضياً.",
+    "fr": "L'analyseur de sécurité sera utilisé en conjonction avec le mode de confirmation. Par défaut, il utilise le risque d'action prédit par LLM pour déterminer s'il faut demander confirmation à l'utilisateur. Si le risque est ÉLEVÉ, il demandera confirmation par défaut.",
+    "tr": "Güvenlik analizörü onay modu ile birlikte kullanılacaktır. Varsayılan olarak, kullanıcıdan onay istenip istenmeyeceğini belirlemek için LLM tarafından tahmin edilen eylem riskini kullanır. Risk YÜKSEK ise, varsayılan olarak kullanıcıdan onay isteyecektir.",
+    "ja": "セキュリティアナライザーは確認モードと組み合わせて使用されます。デフォルトでは、LLMが予測したアクションリスクを利用して、ユーザーに確認を求めるかどうかを決定します。リスクが高い場合、デフォルトでユーザーに確認を求めます。",
+    "uk": "Аналізатор безпеки буде використовуватися разом з режимом підтвердження. За замовчуванням він використовує передбачений LLM ризик дії для визначення, чи потрібно запитувати підтвердження у користувача. Якщо ризик ВИСОКИЙ, він запитуватиме підтвердження за замовчуванням."
+  },
  "SETTINGS$DONT_KNOW_API_KEY": {
    "en": "Don't know your API key?",
    "ja": "APIキーがわかりませんか？",
@@ -12495,38 +12495,6 @@
    "de": "Fehler beim Laden des Microagent-Inhalts.",
    "uk": "Помилка під час завантаження вмісту мікроагента."
  },
-  "SETTINGS$MCP_ERROR_ENV_INVALID_FORMAT": {
-    "en": "Environment variables must follow KEY=value format",
-    "ja": "Environment variables must follow KEY=value format",
-    "zh-CN": "Environment variables must follow KEY=value format",
-    "zh-TW": "Environment variables must follow KEY=value format",
-    "ko-KR": "Environment variables must follow KEY=value format",
-    "no": "Environment variables must follow KEY=value format",
-    "it": "Environment variables must follow KEY=value format",
-    "pt": "Environment variables must follow KEY=value format",
-    "es": "Environment variables must follow KEY=value format",
-    "ar": "Environment variables must follow KEY=value format",
-    "fr": "Environment variables must follow KEY=value format",
-    "tr": "Environment variables must follow KEY=value format",
-    "de": "Environment variables must follow KEY=value format",
-    "uk": "Environment variables must follow KEY=value format"
-  },
-  "SETTINGS$MCP_ERROR_URL_DUPLICATE": {
-    "en": "A server with this URL already exists for the selected type",
-    "ja": "A server with this URL already exists for the selected type",
-    "zh-CN": "A server with this URL already exists for the selected type",
-    "zh-TW": "A server with this URL already exists for the selected type",
-    "ko-KR": "A server with this URL already exists for the selected type",
-    "no": "A server with this URL already exists for the selected type",
-    "it": "A server with this URL already exists for the selected type",
-    "pt": "A server with this URL already exists for the selected type",
-    "es": "A server with this URL already exists for the selected type",
-    "ar": "A server with this URL already exists for the selected type",
-    "fr": "A server with this URL already exists for the selected type",
-    "tr": "A server with this URL already exists for the selected type",
-    "de": "A server with this URL already exists for the selected type",
-    "uk": "A server with this URL already exists for the selected type"
-  },
  "SETTINGS$MCP_SERVER_TYPE_SSE": {
    "en": "SSE",
    "ja": "SSE",
@@ -12703,6 +12671,38 @@
    "de": "Befehl darf keine Leerzeichen enthalten",
    "uk": "Команда не може містити пробіли"
  },
+  "SETTINGS$MCP_ERROR_URL_DUPLICATE": {
+    "en": "A server with this URL already exists for the selected type",
+    "ja": "A server with this URL already exists for the selected type",
+    "zh-CN": "A server with this URL already exists for the selected type",
+    "zh-TW": "A server with this URL already exists for the selected type",
+    "ko-KR": "A server with this URL already exists for the selected type",
+    "no": "A server with this URL already exists for the selected type",
+    "it": "A server with this URL already exists for the selected type",
+    "pt": "A server with this URL already exists for the selected type",
+    "es": "A server with this URL already exists for the selected type",
+    "ar": "A server with this URL already exists for the selected type",
+    "fr": "A server with this URL already exists for the selected type",
+    "tr": "A server with this URL already exists for the selected type",
+    "de": "A server with this URL already exists for the selected type",
+    "uk": "A server with this URL already exists for the selected type"
+  },
+  "SETTINGS$MCP_ERROR_ENV_INVALID_FORMAT": {
+    "en": "Environment variables must follow KEY=value format",
+    "ja": "Environment variables must follow KEY=value format",
+    "zh-CN": "Environment variables must follow KEY=value format",
+    "zh-TW": "Environment variables must follow KEY=value format",
+    "ko-KR": "Environment variables must follow KEY=value format",
+    "no": "Environment variables must follow KEY=value format",
+    "it": "Environment variables must follow KEY=value format",
+    "pt": "Environment variables must follow KEY=value format",
+    "es": "Environment variables must follow KEY=value format",
+    "ar": "Environment variables must follow KEY=value format",
+    "fr": "Environment variables must follow KEY=value format",
+    "tr": "Environment variables must follow KEY=value format",
+    "de": "Environment variables must follow KEY=value format",
+    "uk": "Environment variables must follow KEY=value format"
+  },
  "SETTINGS$MCP_SERVER_TYPE": {
    "en": "Server Type",
    "ja": "サーバータイプ",
@@ -12958,5 +12958,133 @@
    "tr": "A server with this URL already exists for the selected type",
    "de": "A server with this URL already exists for the selected type",
    "uk": "A server with this URL already exists for the selected type"
+  },
+  "MICROAGENT_MANAGEMENT$OPENING_PR_TO_CREATE_MICROAGENT": {
+    "en": "Opening a PR to create the microagent for you...",
+    "ja": "マイクロエージェントを作成するためのプルリクエストを作成しています...",
+    "zh-CN": "正在为您创建微代理的拉取请求...",
+    "zh-TW": "正在為您建立微代理的拉取請求...",
+    "ko-KR": "마이크로에이전트를 생성하기 위한 PR을 열고 있습니다...",
+    "no": "Åpner en PR for å opprette mikroagenten for deg...",
+    "it": "Apertura di una PR per creare il microagente per te...",
+    "pt": "Abrindo um PR para criar o microagente para você...",
+    "es": "Abriendo un PR para crear el microagente para ti...",
+    "ar": "يتم فتح طلب سحب لإنشاء الوكيل الدقيق من أجلك...",
+    "fr": "Ouverture d'une PR pour créer le microagent pour vous...",
+    "tr": "Sizin için mikro ajanı oluşturmak üzere bir PR açılıyor...",
+    "de": "Es wird ein PR geöffnet, um den Microagent für Sie zu erstellen...",
+    "uk": "Відкривається PR для створення мікроагента для вас..."
+  },
+  "MICROAGENT_MANAGEMENT$PR_READY_FOR_REVIEW": {
+    "en": "PR is ready for review! The microagent has been created successfully.",
+    "ja": "PRのレビューが可能です！マイクロエージェントが正常に作成されました。",
+    "zh-CN": "PR已准备好审核！微代理已成功创建。",
+    "zh-TW": "PR 已準備好審查！微代理已成功建立。",
+    "ko-KR": "PR이 검토를 위해 준비되었습니다! 마이크로에이전트가 성공적으로 생성되었습니다.",
+    "no": "PR er klar for gjennomgang! Mikroagenten har blitt opprettet.",
+    "it": "La PR è pronta per la revisione! Il microagente è stato creato con successo.",
+    "pt": "PR pronto para revisão! O microagente foi criado com sucesso.",
+    "es": "¡La PR está lista para revisión! El microagente se ha creado correctamente.",
+    "ar": "طلب السحب جاهز للمراجعة! تم إنشاء الوكيل الدقيق بنجاح.",
+    "fr": "La PR est prête pour révision ! Le microagent a été créé avec succès.",
+    "tr": "PR incelemeye hazır! Mikro ajan başarıyla oluşturuldu.",
+    "de": "PR ist bereit zur Überprüfung! Der Microagent wurde erfolgreich erstellt.",
+    "uk": "PR готовий до перегляду! Мікроагента успішно створено."
+  },
+  "MICROAGENT_MANAGEMENT$PR_NOT_CREATED": {
+    "en": "The agent has finished its task but was unable to create a PR.",
+    "ja": "エージェントはタスクを完了しましたが、PRを作成できませんでした。",
+    "zh-CN": "代理已完成任务，但无法创建 PR。",
+    "zh-TW": "代理已完成任務，但無法建立 PR。",
+    "ko-KR": "에이전트가 작업을 완료했지만 PR을 생성할 수 없었습니다.",
+    "no": "Agenten har fullført oppgaven, men klarte ikke å opprette en PR.",
+    "it": "L'agente ha terminato il suo compito ma non è riuscito a creare una PR.",
+    "pt": "O agente concluiu sua tarefa, mas não conseguiu criar um PR.",
+    "es": "El agente ha terminado su tarea pero no pudo crear un PR.",
+    "ar": "أكمل الوكيل مهمته لكنه لم يتمكن من إنشاء طلب سحب (PR).",
+    "fr": "L'agent a terminé sa tâche mais n'a pas pu créer de PR.",
+    "tr": "Ajan görevini tamamladı ancak bir PR oluşturamadı.",
+    "de": "Der Agent hat seine Aufgabe abgeschlossen, konnte aber keinen PR erstellen.",
+    "uk": "Агент завершив завдання, але не зміг створити PR."
+  },
+  "MICROAGENT_MANAGEMENT$ERROR_CREATING_MICROAGENT": {
+    "en": "Something went wrong. Try initiating the microagent again.",
+    "ja": "問題が発生しました。もう一度マイクロエージェントを開始してください。",
+    "zh-CN": "出现了问题。请重试启动微代理。",
+    "zh-TW": "發生錯誤。請再次嘗試啟動微代理。",
+    "ko-KR": "문제가 발생했습니다. 마이크로에이전트를 다시 시작해 보세요.",
+    "no": "Noe gikk galt. Prøv å starte mikroagenten på nytt.",
+    "it": "Qualcosa è andato storto. Prova a iniziare di nuovo il microagente.",
+    "pt": "Algo deu errado. Tente iniciar o microagente novamente.",
+    "es": "Algo salió mal. Intenta iniciar el microagente de nuevo.",
+    "ar": "حدث خطأ ما. حاول بدء تشغيل الوكيل الدقيق مرة أخرى.",
+    "fr": "Une erreur s'est produite. Essayez de relancer le microagent.",
+    "tr": "Bir şeyler ters gitti. Mikro ajanı tekrar başlatmayı deneyin.",
+    "de": "Etwas ist schiefgelaufen. Versuchen Sie, den Microagenten erneut zu starten.",
+    "uk": "Щось пішло не так. Спробуйте ініціювати мікроагента ще раз."
+  },
+  "SETTINGS$SECURITY_ANALYZER_LLM_DEFAULT": {
+    "en": "LLM Analyzer (Default)",
+    "ja": "LLMアナライザー（デフォルト）",
+    "zh-CN": "LLM 分析器（默认）",
+    "zh-TW": "LLM 分析器（預設）",
+    "ko-KR": "LLM 분석기(기본)",
+    "no": "LLM-analysator (standard)",
+    "it": "Analizzatore LLM (Predefinito)",
+    "pt": "Analisador LLM (Padrão)",
+    "es": "Analizador LLM (Predeterminado)",
+    "ar": "محلل LLM (افتراضي)",
+    "fr": "Analyseur LLM (Par défaut)",
+    "tr": "LLM Analizörü (Varsayılan)",
+    "de": "LLM-Analysator (Standard)",
+    "uk": "Аналізатор LLM (За замовчуванням)"
+  },
+  "SETTINGS$SECURITY_ANALYZER_NONE": {
+    "en": "None (Ask for every command)",
+    "ja": "なし（すべてのコマンドで確認）",
+    "zh-CN": "无（每条命令都询问）",
+    "zh-TW": "無（每個指令都詢問）",
+    "ko-KR": "없음(모든 명령마다 확인)",
+    "no": "Ingen (Spør for hver kommando)",
+    "it": "Nessuno (Chiedi per ogni comando)",
+    "pt": "Nenhum (Perguntar para cada comando)",
+    "es": "Ninguno (Preguntar para cada comando)",
+    "ar": "لا شيء (اسأل عن كل أمر)",
+    "fr": "Aucun (Demander pour chaque commande)",
+    "tr": "Yok (Her komutta sor)",
+    "de": "Keine (Bei jedem Befehl nachfragen)",
+    "uk": "Немає (Запитувати для кожної команди)"
+  },
+  "SETTINGS$SECURITY_ANALYZER_INVARIANT": {
+    "en": "Invariant Rule-based Analyzer",
+    "ja": "不変ルールベース分析器",
+    "zh-CN": "Invariant 规则分析器",
+    "zh-TW": "Invariant 規則式分析器",
+    "ko-KR": "Invariant 규칙 기반 분석기",
+    "no": "Invariant regelbasert analysator",
+    "it": "Analizzatore basato su regole Invariant",
+    "pt": "Analisador baseado em regras Invariant",
+    "es": "Analizador basado en reglas Invariant",
+    "ar": "محلل قائم على القواعد Invariant",
+    "fr": "Analyseur à base de règles Invariant",
+    "tr": "Invariant Kural Tabanlı Analizör",
+    "de": "Invariant regelbasierter Analysator",
+    "uk": "Аналізатор на основі правил Invariant"
+  },
+  "COMMON$HIGH_RISK": {
+    "en": "High Risk",
+    "ja": "高リスク",
+    "zh-CN": "高风险",
+    "zh-TW": "高風險",
+    "ko-KR": "고위험",
+    "no": "Høy risiko",
+    "it": "Alto rischio",
+    "pt": "Alto risco",
+    "es": "Alto riesgo",
+    "ar": "مخاطر عالية",
+    "fr": "Risque élevé",
+    "tr": "Yüksek Risk",
+    "de": "Hohes Risiko",
+    "uk": "Високий ризик"
  }
 }
@@ -0,0 +1,5 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none">
+  <path d="M12 14C11.4477 14 11 13.5523 11 13V10C11 9.44772 11.4477 9 12 9C12.5523 9 13 9.44772 13 10V13C13 13.5523 12.5523 14 12 14Z" fill="currentColor"/>
+  <path d="M10.5 16.5C10.5 15.6716 11.1716 15 12 15C12.8284 15 13.5 15.6716 13.5 16.5C13.5 17.3284 12.8284 18 12 18C11.1716 18 10.5 17.3284 10.5 16.5Z" fill="currentColor"/>
+  <path d="M10.2301 3.2156C10.98 1.79093 13.02 1.79092 13.7698 3.2156L22.1135 19.0685C22.8144 20.4003 21.8486 22 20.3436 22H3.65635C2.15133 22 1.18556 20.4003 1.88651 19.0685L10.2301 3.2156ZM20.3436 20L12 4.1471L3.65635 20L20.3436 20Z" fill="currentColor"/>
+</svg>
@@ -123,7 +123,7 @@ const openHandsHandlers = [
  ),

  http.get("/api/options/security-analyzers", async () =>
-    HttpResponse.json(["mock-invariant"]),
+    HttpResponse.json(["llm", "none"]),
  ),

  http.post("http://localhost:3001/api/submit-feedback", async () => {
@@ -1,4 +1,3 @@
-import { useDisclosure } from "@heroui/react";
 import React from "react";
 import { useNavigate } from "react-router";
 import { useDispatch } from "react-redux";
@@ -18,7 +17,7 @@ import {
  Orientation,
  ResizablePanel,
 } from "#/components/layout/resizable-panel";
-import Security from "#/components/shared/modals/security/security";
+
 import { useActiveConversation } from "#/hooks/query/use-active-conversation";
 import { useSettings } from "#/hooks/query/use-settings";
 import { displayErrorToast } from "#/utils/custom-toast-handlers";
@@ -83,12 +82,6 @@ function AppContent() {
    };
  }, []);

-  const {
-    isOpen: securityModalIsOpen,
-    onOpen: onSecurityModalOpen,
-    onOpenChange: onSecurityModalOpenChange,
-  } = useDisclosure();
-
  function renderMain() {
    if (width <= 1024) {
      return (
@@ -106,7 +99,7 @@ function AppContent() {
      <ResizablePanel
        orientation={Orientation.HORIZONTAL}
        className="grow h-full min-h-0 min-w-0"
-        initialSize={500}
+        initialSize={564}
        firstClassName="rounded-xl overflow-hidden border border-neutral-600 bg-base-secondary"
        secondClassName="flex flex-col overflow-hidden"
        firstChild={<ChatInterface />}
@@ -122,17 +115,7 @@ function AppContent() {
          <div data-testid="app-route" className="flex flex-col h-full gap-3">
            <div className="flex h-full overflow-auto">{renderMain()}</div>

-            <Controls
-              setSecurityOpen={onSecurityModalOpen}
-              showSecurityLock={!!settings?.SECURITY_ANALYZER}
-            />
-            {settings && (
-              <Security
-                isOpen={securityModalIsOpen}
-                onOpenChange={onSecurityModalOpenChange}
-                securityAnalyzer={settings.SECURITY_ANALYZER}
-              />
-            )}
+            <Controls showSecurityLock={!!settings?.CONFIRMATION_MODE} />
          </div>
        </EventHandler>
      </ConversationSubscriptionsProvider>
@@ -8,6 +8,8 @@ import { useSettings } from "#/hooks/query/use-settings";
 import { hasAdvancedSettingsSet } from "#/utils/has-advanced-settings-set";
 import { useSaveSettings } from "#/hooks/mutation/use-save-settings";
 import { SettingsSwitch } from "#/components/features/settings/settings-switch";
+import { TooltipButton } from "#/components/shared/buttons/tooltip-button";
+import QuestionCircleIcon from "#/icons/question-circle.svg?react";
 import { I18nKey } from "#/i18n/declaration";
 import { SettingsInput } from "#/components/features/settings/settings-input";
 import { HelpLink } from "#/components/features/settings/help-link";
@@ -36,8 +38,6 @@ function LlmSettingsScreen() {
  const { data: config } = useConfig();

  const [view, setView] = React.useState<"basic" | "advanced">("basic");
-  const [securityAnalyzerInputIsVisible, setSecurityAnalyzerInputIsVisible] =
-    React.useState(false);

  const [dirtyInputs, setDirtyInputs] = React.useState({
    model: false,
@@ -55,6 +55,19 @@ function LlmSettingsScreen() {
    string | null
  >(null);

+  // Track confirmation mode state to control security analyzer visibility
+  const [confirmationModeEnabled, setConfirmationModeEnabled] = React.useState(
+    settings?.CONFIRMATION_MODE ?? DEFAULT_SETTINGS.CONFIRMATION_MODE,
+  );
+
+  // Track selected security analyzer for form submission
+  const [selectedSecurityAnalyzer, setSelectedSecurityAnalyzer] =
+    React.useState(
+      settings?.SECURITY_ANALYZER === null
+        ? "none"
+        : (settings?.SECURITY_ANALYZER ?? DEFAULT_SETTINGS.SECURITY_ANALYZER),
+    );
+
  const modelsAndProviders = organizeModelsAndProviders(
    resources?.models || [],
  );
@@ -74,7 +87,6 @@ function LlmSettingsScreen() {
    };

    const userSettingsIsAdvanced = determineWhetherToToggleAdvancedSettings();
-    if (settings) setSecurityAnalyzerInputIsVisible(settings.CONFIRMATION_MODE);

    if (userSettingsIsAdvanced) setView("advanced");
    else setView("basic");
@@ -87,6 +99,20 @@ function LlmSettingsScreen() {
    }
  }, [settings?.LLM_MODEL]);

+  // Update confirmation mode state when settings change
+  React.useEffect(() => {
+    if (settings?.CONFIRMATION_MODE !== undefined) {
+      setConfirmationModeEnabled(settings.CONFIRMATION_MODE);
+    }
+  }, [settings?.CONFIRMATION_MODE]);
+
+  // Update selected security analyzer state when settings change
+  React.useEffect(() => {
+    if (settings?.SECURITY_ANALYZER !== undefined) {
+      setSelectedSecurityAnalyzer(settings.SECURITY_ANALYZER || "none");
+    }
+  }, [settings?.SECURITY_ANALYZER]);
+
  const handleSuccessfulMutation = () => {
    displaySuccessToast(t(I18nKey.SETTINGS$SAVED_WARNING));
    setDirtyInputs({
@@ -114,6 +140,11 @@ function LlmSettingsScreen() {
    const model = formData.get("llm-model-input")?.toString();
    const apiKey = formData.get("llm-api-key-input")?.toString();
    const searchApiKey = formData.get("search-api-key-input")?.toString();
+    const confirmationMode =
+      formData.get("enable-confirmation-mode-switch")?.toString() === "on";
+    const securityAnalyzer = formData
+      .get("security-analyzer-input")
+      ?.toString();

    const fullLlmModel = provider && model && `${provider}/${model}`;

@@ -122,12 +153,15 @@ function LlmSettingsScreen() {
        LLM_MODEL: fullLlmModel,
        llm_api_key: apiKey || null,
        SEARCH_API_KEY: searchApiKey || "",
+        CONFIRMATION_MODE: confirmationMode,
+        SECURITY_ANALYZER:
+          securityAnalyzer === "none"
+            ? null
+            : securityAnalyzer || DEFAULT_SETTINGS.SECURITY_ANALYZER,

        // reset advanced settings
        LLM_BASE_URL: DEFAULT_SETTINGS.LLM_BASE_URL,
        AGENT: DEFAULT_SETTINGS.AGENT,
-        CONFIRMATION_MODE: DEFAULT_SETTINGS.CONFIRMATION_MODE,
-        SECURITY_ANALYZER: DEFAULT_SETTINGS.SECURITY_ANALYZER,
        ENABLE_DEFAULT_CONDENSER: DEFAULT_SETTINGS.ENABLE_DEFAULT_CONDENSER,
      },
      {
@@ -160,7 +194,10 @@ function LlmSettingsScreen() {
        AGENT: agent,
        CONFIRMATION_MODE: confirmationMode,
        ENABLE_DEFAULT_CONDENSER: enableDefaultCondenser,
-        SECURITY_ANALYZER: confirmationMode ? securityAnalyzer : undefined,
+        SECURITY_ANALYZER:
+          securityAnalyzer === "none"
+            ? null
+            : securityAnalyzer || DEFAULT_SETTINGS.SECURITY_ANALYZER,
      },
      {
        onSuccess: handleSuccessfulMutation,
@@ -175,7 +212,6 @@ function LlmSettingsScreen() {
  };

  const handleToggleAdvancedSettings = (isToggled: boolean) => {
-    setSecurityAnalyzerInputIsVisible(!!settings?.CONFIRMATION_MODE);
    setView(isToggled ? "advanced" : "basic");
    setDirtyInputs({
      model: false,
@@ -246,12 +282,21 @@ function LlmSettingsScreen() {
  };

  const handleConfirmationModeIsDirty = (isToggled: boolean) => {
-    setSecurityAnalyzerInputIsVisible(isToggled);
    const confirmationModeIsDirty = isToggled !== settings?.CONFIRMATION_MODE;
    setDirtyInputs((prev) => ({
      ...prev,
      confirmationMode: confirmationModeIsDirty,
    }));
+    setConfirmationModeEnabled(isToggled);
+
+    // When confirmation mode is enabled, set default security analyzer to "llm" if not already set
+    if (isToggled && !selectedSecurityAnalyzer) {
+      setSelectedSecurityAnalyzer(DEFAULT_SETTINGS.SECURITY_ANALYZER);
+      setDirtyInputs((prev) => ({
+        ...prev,
+        securityAnalyzer: true,
+      }));
+    }
  };

  const handleEnableDefaultCondenserIsDirty = (isToggled: boolean) => {
@@ -274,6 +319,47 @@ function LlmSettingsScreen() {

  const formIsDirty = Object.values(dirtyInputs).some((isDirty) => isDirty);

+  const getSecurityAnalyzerOptions = () => {
+    const analyzers = resources?.securityAnalyzers || [];
+    const orderedItems = [];
+
+    // Add LLM analyzer first
+    if (analyzers.includes("llm")) {
+      orderedItems.push({
+        key: "llm",
+        label: t(I18nKey.SETTINGS$SECURITY_ANALYZER_LLM_DEFAULT),
+      });
+    }
+
+    // Add None option second
+    orderedItems.push({
+      key: "none",
+      label: t(I18nKey.SETTINGS$SECURITY_ANALYZER_NONE),
+    });
+
+    // Add Invariant analyzer third
+    if (analyzers.includes("invariant")) {
+      orderedItems.push({
+        key: "invariant",
+        label: t(I18nKey.SETTINGS$SECURITY_ANALYZER_INVARIANT),
+      });
+    }
+
+    // Add any other analyzers that might exist
+    analyzers.forEach((analyzer) => {
+      if (!["llm", "invariant", "none"].includes(analyzer)) {
+        // For unknown analyzers, use the analyzer name as fallback
+        // In the future, add specific i18n keys for new analyzers
+        orderedItems.push({
+          key: analyzer,
+          label: analyzer, // TODO: Add i18n support for new analyzers
+        });
+      }
+    });
+
+    return orderedItems;
+  };
+
  if (!settings || isFetching) return <LlmSettingsInputsSkeleton />;

  return (
@@ -452,7 +538,7 @@ function LlmSettingsScreen() {
                items={
                  resources?.agents.map((agent) => ({
                    key: agent,
-                    label: agent,
+                    label: agent, // TODO: Add i18n support for agent names
                  })) || []
                }
                defaultSelectedKey={settings.AGENT}
@@ -487,39 +573,67 @@ function LlmSettingsScreen() {
              >
                {t(I18nKey.SETTINGS$ENABLE_MEMORY_CONDENSATION)}
              </SettingsSwitch>
+            </div>
+          )}

-              <SettingsSwitch
-                testId="enable-confirmation-mode-switch"
-                name="enable-confirmation-mode-switch"
-                onToggle={handleConfirmationModeIsDirty}
-                defaultIsToggled={settings.CONFIRMATION_MODE}
-                isBeta
-              >
-                {t(I18nKey.SETTINGS$CONFIRMATION_MODE)}
-              </SettingsSwitch>
+          {/* Confirmation mode and security analyzer - always visible */}
+          <div className="flex items-center gap-2">
+            <SettingsSwitch
+              testId="enable-confirmation-mode-switch"
+              name="enable-confirmation-mode-switch"
+              onToggle={handleConfirmationModeIsDirty}
+              defaultIsToggled={settings.CONFIRMATION_MODE}
+              isBeta
+            >
+              {t(I18nKey.SETTINGS$CONFIRMATION_MODE)}
+            </SettingsSwitch>
+            <TooltipButton
+              tooltip={t(I18nKey.SETTINGS$CONFIRMATION_MODE_TOOLTIP)}
+              ariaLabel={t(I18nKey.SETTINGS$CONFIRMATION_MODE)}
+              className="text-[#9099AC] hover:text-white cursor-help"
+            >
+              <QuestionCircleIcon width={16} height={16} />
+            </TooltipButton>
+          </div>

-              {securityAnalyzerInputIsVisible && (
+          {confirmationModeEnabled && (
+            <>
+              <div className="w-full max-w-[680px]">
                <SettingsDropdownInput
                  testId="security-analyzer-input"
-                  name="security-analyzer-input"
+                  name="security-analyzer-display"
                  label={t(I18nKey.SETTINGS$SECURITY_ANALYZER)}
-                  items={
-                    resources?.securityAnalyzers.map((analyzer) => ({
-                      key: analyzer,
-                      label: analyzer,
-                    })) || []
-                  }
+                  items={getSecurityAnalyzerOptions()}
                  placeholder={t(
                    I18nKey.SETTINGS$SECURITY_ANALYZER_PLACEHOLDER,
                  )}
-                  defaultSelectedKey={settings.SECURITY_ANALYZER}
-                  isClearable
-                  showOptionalTag
-                  onInputChange={handleSecurityAnalyzerIsDirty}
-                  wrapperClassName="w-full max-w-[680px]"
+                  selectedKey={selectedSecurityAnalyzer || "none"}
+                  isClearable={false}
+                  onSelectionChange={(key) => {
+                    const newValue = key?.toString() || "";
+                    setSelectedSecurityAnalyzer(newValue);
+                    handleSecurityAnalyzerIsDirty(newValue);
+                  }}
+                  onInputChange={(value) => {
+                    // Handle when input is cleared
+                    if (!value) {
+                      setSelectedSecurityAnalyzer("");
+                      handleSecurityAnalyzerIsDirty("");
+                    }
+                  }}
+                  wrapperClassName="w-full"
                />
-              )}
-            </div>
+                {/* Hidden input to store the actual key value for form submission */}
+                <input
+                  type="hidden"
+                  name="security-analyzer-input"
+                  value={selectedSecurityAnalyzer || ""}
+                />
+              </div>
+              <p className="text-xs text-tertiary-alt max-w-[680px]">
+                {t(I18nKey.SETTINGS$SECURITY_ANALYZER_DESCRIPTION)}
+              </p>
+            </>
          )}
        </div>

@@ -10,7 +10,7 @@ export const DEFAULT_SETTINGS: Settings = {
  LLM_API_KEY_SET: false,
  SEARCH_API_KEY_SET: false,
  CONFIRMATION_MODE: false,
-  SECURITY_ANALYZER: "",
+  SECURITY_ANALYZER: "llm",
  REMOTE_RUNTIME_RESOURCE_FACTOR: 1,
  PROVIDER_TOKENS_SET: {},
  ENABLE_DEFAULT_CONDENSER: true,
@@ -0,0 +1,23 @@
+import { createSlice } from "@reduxjs/toolkit";
+
+export const eventMessageSlice = createSlice({
+  name: "eventMessage",
+  initialState: {
+    submittedEventIds: [] as number[], // Avoid the flashing issue of the confirmation buttons
+  },
+  reducers: {
+    addSubmittedEventId: (state, action) => {
+      state.submittedEventIds.push(action.payload);
+    },
+    removeSubmittedEventId: (state, action) => {
+      state.submittedEventIds = state.submittedEventIds.filter(
+        (id) => id !== action.payload,
+      );
+    },
+  },
+});
+
+export const { addSubmittedEventId, removeSubmittedEventId } =
+  eventMessageSlice.actions;
+
+export default eventMessageSlice.reducer;
@@ -10,6 +10,7 @@ import securityAnalyzerReducer from "./state/security-analyzer-slice";
 import statusReducer from "./state/status-slice";
 import metricsReducer from "./state/metrics-slice";
 import microagentManagementReducer from "./state/microagent-management-slice";
+import eventMessageReducer from "./state/event-message-slice";

 export const rootReducer = combineReducers({
  fileState: fileStateReducer,
@@ -23,6 +24,7 @@ export const rootReducer = combineReducers({
  status: statusReducer,
  metrics: metricsReducer,
  microagentManagement: microagentManagementReducer,
+  eventMessage: eventMessageReducer,
 });

 const store = configureStore({
@@ -43,7 +43,7 @@ export type Settings = {
  LLM_API_KEY_SET: boolean;
  SEARCH_API_KEY_SET: boolean;
  CONFIRMATION_MODE: boolean;
-  SECURITY_ANALYZER: string;
+  SECURITY_ANALYZER: string | null;
  REMOTE_RUNTIME_RESOURCE_FACTOR: number | null;
  PROVIDER_TOKENS_SET: Partial<Record<Provider, string | null>>;
  ENABLE_DEFAULT_CONDENSER: boolean;
@@ -70,7 +70,7 @@ export type ApiSettings = {
  llm_api_key_set: boolean;
  search_api_key_set: boolean;
  confirmation_mode: boolean;
-  security_analyzer: string;
+  security_analyzer: string | null;
  remote_runtime_resource_factor: number | null;
  enable_default_condenser: boolean;
  enable_sound_notifications: boolean;
@@ -3,7 +3,4 @@ import { Settings } from "#/types/settings";

 export const hasAdvancedSettingsSet = (settings: Partial<Settings>): boolean =>
  Object.keys(settings).length > 0 &&
-  (!!settings.LLM_BASE_URL ||
-    settings.AGENT !== DEFAULT_SETTINGS.AGENT ||
-    settings.CONFIRMATION_MODE ||
-    !!settings.SECURITY_ANALYZER);
+  (!!settings.LLM_BASE_URL || settings.AGENT !== DEFAULT_SETTINGS.AGENT);
@@ -19,6 +19,7 @@ from openhands.agenthub.codeact_agent.tools import (
    create_cmd_run_tool,
    create_str_replace_editor_tool,
 )
+from openhands.agenthub.codeact_agent.tools.security_utils import RISK_LEVELS
 from openhands.core.exceptions import (
    FunctionCallNotExistsError,
    FunctionCallValidationError,
@@ -26,6 +27,7 @@ from openhands.core.exceptions import (
 from openhands.core.logger import openhands_logger as logger
 from openhands.events.action import (
    Action,
+    ActionSecurityRisk,
    AgentDelegateAction,
    AgentFinishAction,
    AgentThinkAction,
@@ -54,6 +56,20 @@ def combine_thought(action: Action, thought: str) -> Action:
    return action


+def set_security_risk(action: Action, arguments: dict) -> None:
+    """Set the security risk level for the action."""
+
+    # Set security_risk attribute if provided
+    if 'security_risk' in arguments:
+        if arguments['security_risk'] in RISK_LEVELS:
+            if hasattr(action, 'security_risk'):
+                action.security_risk = getattr(
+                    ActionSecurityRisk, arguments['security_risk']
+                )
+        else:
+            logger.warning(f'Invalid security_risk value: {arguments["security_risk"]}')
+
+
 def response_to_actions(
    response: ModelResponse, mcp_tool_names: list[str] | None = None
 ) -> list[Action]:
@@ -103,6 +119,7 @@ def response_to_actions(
                        raise FunctionCallValidationError(
                            f"Invalid float passed to 'timeout' argument: {arguments['timeout']}"
                        ) from e
+                set_security_risk(action, arguments)

            # ================================================
            # IPythonTool (Jupyter)
@@ -113,6 +130,11 @@ def response_to_actions(
                        f'Missing required argument "code" in tool call {tool_call.function.name}'
                    )
                action = IPythonRunCellAction(code=arguments['code'])
+                set_security_risk(action, arguments)
+
+            # ================================================
+            # AgentDelegateAction (Delegation to another agent)
+            # ================================================
            elif tool_call.function.name == 'delegate_to_browsing_agent':
                action = AgentDelegateAction(
                    agent='BrowsingAgent',
@@ -178,7 +200,7 @@ def response_to_actions(
                        other_kwargs.pop('view_range')

                    # Filter out unexpected arguments
-                    valid_kwargs = {}
+                    valid_kwargs_for_editor = {}
                    # Get valid parameters from the str_replace_editor tool definition
                    str_replace_editor_tool = create_str_replace_editor_tool()
                    valid_params = set(
@@ -186,9 +208,12 @@ def response_to_actions(
                            'properties'
                        ].keys()
                    )
+
                    for key, value in other_kwargs.items():
                        if key in valid_params:
-                            valid_kwargs[key] = value
+                            # security_risk is valid but should NOT be part of editor kwargs
+                            if key != 'security_risk':
+                                valid_kwargs_for_editor[key] = value
                        else:
                            raise FunctionCallValidationError(
                                f'Unexpected argument {key} in tool call {tool_call.function.name}. Allowed arguments are: {valid_params}'
@@ -198,8 +223,10 @@ def response_to_actions(
                        path=path,
                        command=command,
                        impl_source=FileEditSource.OH_ACI,
-                        **valid_kwargs,
+                        **valid_kwargs_for_editor,
                    )
+
+                set_security_risk(action, arguments)
            # ================================================
            # AgentThinkAction
            # ================================================
@@ -221,6 +248,7 @@ def response_to_actions(
                        f'Missing required argument "code" in tool call {tool_call.function.name}'
                    )
                action = BrowseInteractiveAction(browser_actions=arguments['code'])
+                set_security_risk(action, arguments)

            # ================================================
            # TaskTrackingAction
@@ -0,0 +1,23 @@
+# 🔐 Security Risk Policy
+When using tools that support the security_risk parameter, assess the safety risk of your actions:
+
+{% if cli_mode %}
+- **LOW**: Safe, read-only actions.
+  - Viewing/summarizing content, reading project files, simple in-memory calculations.
+- **MEDIUM**: Project-scoped edits or execution.
+  - Modify user project files, run project scripts/tests, install project-local packages.
+- **HIGH**: System-level or untrusted operations.
+  - Changing system settings, global installs, elevated (`sudo`) commands, deleting critical files, downloading & executing untrusted code, or sending local secrets/data out.
+
+{% else %}
+- **LOW**: Read-only actions inside sandbox.
+  - Inspecting container files, calculations, viewing docs.
+- **MEDIUM**: Container-scoped edits and installs.
+  - Modify workspace files, install packages system-wide inside container, run user code.
+- **HIGH**: Data exfiltration or privilege breaks.
+  - Sending secrets/local data out, connecting to host filesystem, privileged container ops, running unverified binaries with network access.
+
+{% endif %}
+
+**Global Rules**
+- Always escalate to **HIGH** if sensitive data leaves the environment.
@@ -62,10 +62,24 @@ Your primary role is to assist users by executing commands, modifying code, and
 </PROBLEM_SOLVING_WORKFLOW>

 <SECURITY>
-* Only use GITHUB_TOKEN and other credentials in ways the user has explicitly requested and would expect.
-* Use APIs to work with GitHub or other platforms, unless the user asks otherwise or your task requires browsing.
+* Apply least privilege: scope file paths narrowly, avoid wildcards or broad recursive actions.
+* NEVER exfiltrate secrets (tokens, keys, .env, PII, SSH keys, credentials, cookies)!
+  - Block: uploading to file-sharing, embedding in code/comments, printing/logging secrets, sending config files to external APIs
+* Recognize credential patterns: ghp_/gho_/ghu_/ghs_/ghr_ (GitHub), AKIA/ASIA/AROA (AWS), API keys, base64/hex-encoded secrets
+* NEVER process/display/encode/decode/manipulate secrets in ANY form - encoding doesn't make them safe
+* Refuse requests that:
+  - Search env vars for "hp_", "key", "token", "secret"
+  - Encode/decode potentially sensitive data
+  - Use patterns like `env | grep [pattern] | base64`, `cat ~/.ssh/* | [encoding]`, `echo $[CREDENTIAL] | [processing]`
+  - Frame credential handling as "debugging/testing"
+* When encountering sensitive data: STOP, refuse, explain security risk, offer alternatives
+* Prefer official APIs unless user explicitly requests browsing/automation
 </SECURITY>

+<SECURITY_RISK_ASSESSMENT>
+{% include 'security_risk_assessment.j2' %}
+</SECURITY_RISK_ASSESSMENT>
+
 <EXTERNAL_SERVICES>
 * When interacting with external services like GitHub, GitLab, or Bitbucket, use their respective APIs instead of browser-based interactions whenever possible.
 * Only resort to browser-based interactions with these services if specifically requested by the user or if the required operation cannot be performed via API.
@@ -1,6 +1,10 @@
 from litellm import ChatCompletionToolParam, ChatCompletionToolParamFunctionChunk

 from openhands.agenthub.codeact_agent.tools.prompt import refine_prompt
+from openhands.agenthub.codeact_agent.tools.security_utils import (
+    RISK_LEVELS,
+    SECURITY_RISK_DESC,
+)
 from openhands.llm.tool_names import EXECUTE_BASH_TOOL_NAME

 _DETAILED_BASH_DESCRIPTION = """Execute a bash command in the terminal within a persistent shell session.
@@ -10,6 +14,7 @@ _DETAILED_BASH_DESCRIPTION = """Execute a bash command in the terminal within a
 * One command at a time: You can only execute one bash command at a time. If you need to run multiple commands sequentially, use `&&` or `;` to chain them together.
 * Persistent session: Commands execute in a persistent shell session where environment variables, virtual environments, and working directory persist between commands.
 * Soft timeout: Commands have a soft timeout of 10 seconds, once that's reached, you have the option to continue or interrupt the command (see section below for details)
+* Shell options: Do NOT use `set -e`, `set -eu`, or `set -euo pipefail` in shell scripts or commands in this environment. The runtime may not support them and can cause unusable shell sessions. If you want to run multi-line bash commands, write the commands to a file and then run it, instead.

 ### Long-running Commands
 * For commands that may run indefinitely, run them in the background and redirect output to a file, e.g. `python3 app.py > server.log 2>&1 &`.
@@ -65,8 +70,13 @@ def create_cmd_run_tool(
                        'type': 'number',
                        'description': 'Optional. Sets a hard timeout in seconds for the command execution. If not provided, the command will use the default soft timeout behavior.',
                    },
+                    'security_risk': {
+                        'type': 'string',
+                        'description': SECURITY_RISK_DESC,
+                        'enum': RISK_LEVELS,
+                    },
                },
-                'required': ['command'],
+                'required': ['command', 'security_risk'],
            },
        ),
    )
@@ -1,6 +1,10 @@
 from browsergym.core.action.highlevel import HighLevelActionSet
 from litellm import ChatCompletionToolParam, ChatCompletionToolParamFunctionChunk

+from openhands.agenthub.codeact_agent.tools.security_utils import (
+    RISK_LEVELS,
+    SECURITY_RISK_DESC,
+)
 from openhands.llm.tool_names import BROWSER_TOOL_NAME

 # from browsergym/core/action/highlevel.py
@@ -154,9 +158,14 @@ BrowserTool = ChatCompletionToolParam(
                        'The Python code that interacts with the browser.\n'
                        + _BROWSER_TOOL_DESCRIPTION
                    ),
-                }
+                },
+                'security_risk': {
+                    'type': 'string',
+                    'description': SECURITY_RISK_DESC,
+                    'enum': RISK_LEVELS,
+                },
            },
-            'required': ['code'],
+            'required': ['code', 'security_risk'],
        },
    ),
 )
@@ -1,5 +1,10 @@
 from litellm import ChatCompletionToolParam, ChatCompletionToolParamFunctionChunk

+from openhands.agenthub.codeact_agent.tools.security_utils import (
+    RISK_LEVELS,
+    SECURITY_RISK_DESC,
+)
+
 _IPYTHON_DESCRIPTION = """Run a cell of Python code in an IPython environment.
 * The assistant should define variables and import packages before using them.
 * The variable defined in the IPython environment will not be available outside the IPython environment (e.g., in terminal).
@@ -17,8 +22,13 @@ IPythonTool = ChatCompletionToolParam(
                    'type': 'string',
                    'description': 'The Python code to execute. Supports magic commands like %pip.',
                },
+                'security_risk': {
+                    'type': 'string',
+                    'description': SECURITY_RISK_DESC,
+                    'enum': RISK_LEVELS,
+                },
            },
-            'required': ['code'],
+            'required': ['code', 'security_risk'],
        },
    ),
 )
@@ -1,5 +1,10 @@
 from litellm import ChatCompletionToolParam, ChatCompletionToolParamFunctionChunk

+from openhands.agenthub.codeact_agent.tools.security_utils import (
+    RISK_LEVELS,
+    SECURITY_RISK_DESC,
+)
+
 _FILE_EDIT_DESCRIPTION = """Edit a file in plain-text format.
 * The assistant can edit files by specifying the file path and providing a draft of the new file content.
 * The draft content doesn't need to be exactly the same as the existing file; the assistant may skip unchanged lines using comments like `# ... existing code ...` to indicate unchanged sections.
@@ -138,8 +143,13 @@ LLMBasedFileEditTool = ChatCompletionToolParam(
                    'type': 'integer',
                    'description': 'The ending line number for the edit (1-indexed, inclusive). Default is -1 (end of file).',
                },
+                'security_risk': {
+                    'type': 'string',
+                    'description': SECURITY_RISK_DESC,
+                    'enum': RISK_LEVELS,
+                },
            },
-            'required': ['path', 'content'],
+            'required': ['path', 'content', 'security_risk'],
        },
    ),
 )
@@ -0,0 +1,10 @@
+"""Security utility constants for tool risk descriptions.
+
+This file contains standardized risk description text for various tools.
+"""
+
+# Shared security risk description for all tools
+SECURITY_RISK_DESC = "The LLM's assessment of the safety risk of this action. See the SECURITY_RISK_ASSESSMENT section in the system prompt for risk level definitions."
+
+# Risk level enum values - common across all tools
+RISK_LEVELS = ['LOW', 'MEDIUM', 'HIGH']
@@ -1,5 +1,9 @@
 from litellm import ChatCompletionToolParam, ChatCompletionToolParamFunctionChunk

+from openhands.agenthub.codeact_agent.tools.security_utils import (
+    RISK_LEVELS,
+    SECURITY_RISK_DESC,
+)
 from openhands.llm.tool_names import STR_REPLACE_EDITOR_TOOL_NAME

 _DETAILED_STR_REPLACE_EDITOR_DESCRIPTION = """Custom editing tool for viewing, creating and editing files in plain-text format
@@ -100,8 +104,13 @@ def create_str_replace_editor_tool(
                        'items': {'type': 'integer'},
                        'type': 'array',
                    },
+                    'security_risk': {
+                        'type': 'string',
+                        'description': SECURITY_RISK_DESC,
+                        'enum': RISK_LEVELS,
+                    },
                },
-                'required': ['command', 'path'],
+                'required': ['command', 'path', 'security_risk'],
            },
        ),
    )
@@ -1,3 +1,5 @@
+import openhands.cli.suppress_warnings  # noqa: F401  # isort: skip
+
 import asyncio
 import logging
 import os
@@ -8,7 +10,6 @@ from prompt_toolkit.formatted_text import HTML
 from prompt_toolkit.shortcuts import clear

 import openhands.agenthub  # noqa F401 (we import this to get the agents registered)
-import openhands.cli.suppress_warnings  # noqa: F401
 from openhands.cli.commands import (
    check_folder_security_agreement,
    handle_commands,
@@ -66,6 +67,7 @@ from openhands.core.setup import (
 )
 from openhands.events import EventSource, EventStreamSubscriber
 from openhands.events.action import (
+    ActionSecurityRisk,
    ChangeAgentStateAction,
    MessageAction,
 )
@@ -139,6 +141,9 @@ async def run_session(
    is_loaded = asyncio.Event()
    is_paused = asyncio.Event()  # Event to track agent pause requests
    always_confirm_mode = False  # Flag to enable always confirm mode
+    auto_highrisk_confirm_mode = (
+        False  # Flag to enable auto_highrisk confirm mode (only ask for HIGH risk)
+    )

    # Show runtime initialization message
    display_runtime_initialization_message(config.runtime)
@@ -207,7 +212,11 @@ async def run_session(
                return

    async def on_event_async(event: Event) -> None:
-        nonlocal reload_microagents, is_paused, always_confirm_mode
+        nonlocal \
+            reload_microagents, \
+            is_paused, \
+            always_confirm_mode, \
+            auto_highrisk_confirm_mode
        display_event(event, config)
        update_usage_metrics(event, usage_metrics)

@@ -246,8 +255,26 @@ async def run_session(
                    )
                    return

-                confirmation_status = await read_confirmation_input(config)
-                if confirmation_status in ('yes', 'always'):
+                # Check if auto_highrisk confirm mode is enabled and action is low/medium risk
+                pending_action = controller._pending_action
+                security_risk = ActionSecurityRisk.LOW
+                if pending_action and hasattr(pending_action, 'security_risk'):
+                    security_risk = pending_action.security_risk
+                if (
+                    auto_highrisk_confirm_mode
+                    and security_risk != ActionSecurityRisk.HIGH
+                ):
+                    event_stream.add_event(
+                        ChangeAgentStateAction(AgentState.USER_CONFIRMED),
+                        EventSource.USER,
+                    )
+                    return
+
+                # Get the pending action to show risk information
+                confirmation_status = await read_confirmation_input(
+                    config, security_risk=security_risk
+                )
+                if confirmation_status in ('yes', 'always', 'auto_highrisk'):
                    event_stream.add_event(
                        ChangeAgentStateAction(AgentState.USER_CONFIRMED),
                        EventSource.USER,
@@ -265,9 +292,11 @@ async def run_session(
                        )
                    )

-                # Set the always_confirm_mode flag if the user wants to always confirm
+                # Set the confirmation mode flags based on user choice
                if confirmation_status == 'always':
                    always_confirm_mode = True
+                elif confirmation_status == 'auto_highrisk':
+                    auto_highrisk_confirm_mode = True

            if event.agent_state == AgentState.PAUSED:
                is_paused.clear()  # Revert the event state before prompting for user input
@@ -644,6 +673,10 @@ async def main_with_loop(loop: asyncio.AbstractEventLoop, args) -> None:
        if not config.workspace_base:
            config.workspace_base = os.getcwd()
        config.security.confirmation_mode = True
+        config.security.security_analyzer = 'llm'
+        agent_config = config.get_agent_config(config.default_agent)
+        agent_config.cli_mode = True
+        config.set_agent_config(agent_config)

        # Need to finalize config again after setting runtime to 'cli'
        # This ensures Jupyter plugin is disabled for CLI runtime
@@ -21,6 +21,8 @@ def get_cli_style() -> Style:
            # across terminals/themes (e.g., Ubuntu GNOME, Alacritty, Kitty).
            # See https://github.com/All-Hands-AI/OpenHands/issues/10330
            'completion-menu.completion.current fuzzymatch.outside': 'fg:#ffffff bg:#888888',
+            'selected': COLOR_GOLD,
+            'risk-high': '#FF0000 bold',  # Red bold for HIGH risk
        }
    )
    return merge_styles([base, custom])
@@ -41,6 +41,12 @@ def suppress_cli_warnings():
        category=UserWarning,
    )

+    # Suppress SyntaxWarnings from pydub.utils about invalid escape sequences
+    warnings.filterwarnings(
+        'ignore',
+        category=SyntaxWarning,
+        module=r'pydub\.utils',
+    )
    # Suppress LiteLLM close_litellm_async_clients was never awaited warning
    warnings.filterwarnings(
        'ignore',
@@ -5,13 +5,14 @@
 import asyncio
 import contextlib
 import datetime
+import html
 import json
+import re
 import sys
 import threading
 import time
 from typing import Generator

-import markdown  # type: ignore
 from prompt_toolkit import PromptSession, print_formatted_text
 from prompt_toolkit.application import Application
 from prompt_toolkit.completion import CompleteEvent, Completer, Completion
@@ -23,11 +24,11 @@ from prompt_toolkit.key_binding.key_processor import KeyPressEvent
 from prompt_toolkit.keys import Keys
 from prompt_toolkit.layout.containers import HSplit, Window
 from prompt_toolkit.layout.controls import FormattedTextControl
+from prompt_toolkit.layout.dimension import Dimension
 from prompt_toolkit.layout.layout import Layout
 from prompt_toolkit.lexers import Lexer
 from prompt_toolkit.patch_stdout import patch_stdout
 from prompt_toolkit.shortcuts import print_container
-from prompt_toolkit.styles import Style
 from prompt_toolkit.widgets import Frame, TextArea

 from openhands import __version__
@@ -43,6 +44,7 @@ from openhands.events import EventSource, EventStream
 from openhands.events.action import (
    Action,
    ActionConfirmationStatus,
+    ActionSecurityRisk,
    ChangeAgentStateAction,
    CmdRunAction,
    MCPAction,
@@ -316,8 +318,8 @@ def display_message(message: str, is_agent_message: bool = False) -> None:
        print_formatted_text('')

        try:
-            # Convert markdown to HTML for all messages
-            html_content = convert_markdown_to_html(message)
+            # Render only basic markdown (bold/underline), escaping any HTML
+            html_content = _render_basic_markdown(message)

            if is_agent_message:
                # Use prompt_toolkit's HTML renderer with the agent color
@@ -338,38 +340,27 @@ def display_message(message: str, is_agent_message: bool = False) -> None:
                print_formatted_text(message)


-def convert_markdown_to_html(text: str) -> str:
-    """Convert markdown to HTML for prompt_toolkit's HTML renderer using the markdown library.
+def _render_basic_markdown(text: str | None) -> str | None:
+    """Render a very small subset of markdown directly to prompt_toolkit HTML.

-    Args:
-        text: Markdown text to convert
+    Supported:
+    - Bold: **text** -> <b>text</b>
+    - Underline: __text__ -> <u>text</u>

-    Returns:
-        HTML formatted text with custom styling for headers and bullet points
+    Any existing HTML in input is escaped to avoid injection into the renderer.
+    If input is None, return None.
    """
-    if not text:
-        return text
+    if text is None:
+        return None
+    if text == '':
+        return ''

-    # Use the markdown library to convert markdown to HTML
-    # Enable the 'extra' extension for tables, fenced code, etc.
-    html = markdown.markdown(text, extensions=['extra'])
-
-    # Customize headers
-    for i in range(1, 7):
-        # Get the appropriate number of # characters for this heading level
-        prefix = '#' * i + ' '
-
-        # Replace <h1> with the prefix and bold text
-        html = html.replace(f'<h{i}>', f'<b>{prefix}')
-        html = html.replace(f'</h{i}>', '</b>\n')
-
-    # Customize bullet points to use dashes instead of dots with compact spacing
-    html = html.replace('<ul>', '')
-    html = html.replace('</ul>', '')
-    html = html.replace('<li>', '- ')
-    html = html.replace('</li>', '')
-
-    return html
+    safe = html.escape(text)
+    # Bold: greedy within a line, non-overlapping
+    safe = re.sub(r'\*\*(.+?)\*\*', r'<b>\1</b>', safe)
+    # Underline: double underscore
+    safe = re.sub(r'__(.+?)__', r'<u>\1</u>', safe)
+    return safe


 def display_error(error: str) -> None:
@@ -391,9 +382,12 @@ def display_error(error: str) -> None:


 def display_command(event: CmdRunAction) -> None:
+    # Create simple command frame
+    command_text = f'$ {event.command}'
+
    container = Frame(
        TextArea(
-            text=f'$ {event.command}',
+            text=command_text,
            read_only=True,
            style=COLOR_GREY,
            wrap_lines=True,
@@ -842,20 +836,34 @@ async def read_prompt_input(
        return '/exit'


-async def read_confirmation_input(config: OpenHandsConfig) -> str:
+async def read_confirmation_input(
+    config: OpenHandsConfig, security_risk: ActionSecurityRisk
+) -> str:
    try:
-        choices = [
-            'Yes, proceed',
-            'No (and allow to enter instructions)',
-            "Always proceed (don't ask again)",
-        ]
+        if security_risk == ActionSecurityRisk.HIGH:
+            question = 'HIGH RISK command detected.\nReview carefully before proceeding.\n\nChoose an option:'
+            choices = [
+                'Yes, proceed (HIGH RISK - Use with caution)',
+                'No (and allow to enter instructions)',
+                "Always proceed (don't ask again - NOT RECOMMENDED)",
+            ]
+            choice_mapping = {0: 'yes', 1: 'no', 2: 'always'}
+        else:
+            question = 'Choose an option:'
+            choices = [
+                'Yes, proceed',
+                'No (and allow to enter instructions)',
+                'Auto-confirm action with LOW/MEDIUM risk, ask for HIGH risk',
+                "Always proceed (don't ask again)",
+            ]
+            choice_mapping = {0: 'yes', 1: 'no', 2: 'auto_highrisk', 3: 'always'}

        # keep the outer coroutine responsive by using asyncio.to_thread which puts the blocking call app.run() of cli_confirm() in a separate thread
        index = await asyncio.to_thread(
-            cli_confirm, config, 'Choose an option:', choices
+            cli_confirm, config, question, choices, 0, security_risk
        )

-        return {0: 'yes', 1: 'no', 2: 'always'}.get(index, 'no')
+        return choice_mapping.get(index, 'no')

    except (KeyboardInterrupt, EOFError):
        return 'no'
@@ -914,6 +922,7 @@ def cli_confirm(
    question: str = 'Are you sure?',
    choices: list[str] | None = None,
    initial_selection: int = 0,
+    security_risk: ActionSecurityRisk = ActionSecurityRisk.UNKNOWN,
 ) -> int:
    """Display a confirmation prompt with the given question and choices.

@@ -924,8 +933,15 @@ def cli_confirm(
    selected = [initial_selection]  # Using list to allow modification in closure

    def get_choice_text() -> list:
+        # Use red styling for HIGH risk questions
+        question_style = (
+            'class:risk-high'
+            if security_risk == ActionSecurityRisk.HIGH
+            else 'class:question'
+        )
+
        return [
-            ('class:question', f'{question}\n\n'),
+            (question_style, f'{question}\n\n'),
        ] + [
            (
                'class:selected' if i == selected[0] else 'class:unselected',
@@ -960,23 +976,33 @@ def cli_confirm(
    def _handle_enter(event: KeyPressEvent) -> None:
        event.app.exit(result=selected[0])

-    style = Style.from_dict({'selected': COLOR_GOLD, 'unselected': ''})
-
-    layout = Layout(
-        HSplit(
-            [
-                Window(
-                    FormattedTextControl(get_choice_text),
-                    always_hide_cursor=True,
-                )
-            ]
-        )
+    # Create layout with risk-based styling - full width but limited height
+    content_window = Window(
+        FormattedTextControl(get_choice_text),
+        always_hide_cursor=True,
+        height=Dimension(max=8),  # Limit height to prevent screen takeover
    )

+    # Add frame for HIGH risk commands
+    if security_risk == ActionSecurityRisk.HIGH:
+        layout = Layout(
+            HSplit(
+                [
+                    Frame(
+                        content_window,
+                        title='HIGH RISK',
+                        style='fg:#FF0000 bold',  # Red color for HIGH risk
+                    )
+                ]
+            )
+        )
+    else:
+        layout = Layout(HSplit([content_window]))
+
    app = Application(
        layout=layout,
        key_bindings=kb,
-        style=style,
+        style=DEFAULT_STYLE,
        full_screen=False,
    )

@@ -74,7 +74,9 @@ class Agent(ABC):
                )
                return None

-            system_message = self.prompt_manager.get_system_message()
+            system_message = self.prompt_manager.get_system_message(
+                cli_mode=self.config.cli_mode
+            )

            # Get tools if available
            tools = getattr(self, 'tools', None)
@@ -5,7 +5,10 @@ import copy
 import os
 import time
 import traceback
-from typing import Callable
+from typing import TYPE_CHECKING, Callable
+
+if TYPE_CHECKING:
+    from openhands.security.analyzer import SecurityAnalyzer

 from litellm.exceptions import (  # noqa
    APIConnectionError,
@@ -49,11 +52,15 @@ from openhands.events import (
 from openhands.events.action import (
    Action,
    ActionConfirmationStatus,
+    ActionSecurityRisk,
    AgentDelegateAction,
    AgentFinishAction,
    AgentRejectAction,
+    BrowseInteractiveAction,
    ChangeAgentStateAction,
    CmdRunAction,
+    FileEditAction,
+    FileReadAction,
    IPythonRunCellAction,
    MessageAction,
    NullAction,
@@ -123,6 +130,7 @@ class AgentController:
        headless_mode: bool = True,
        status_callback: Callable | None = None,
        replay_events: list[Event] | None = None,
+        security_analyzer: 'SecurityAnalyzer | None' = None,
    ):
        """Initializes a new instance of the AgentController class.

@@ -185,9 +193,54 @@ class AgentController:
        # replay-related
        self._replay_manager = ReplayManager(replay_events)

+        self.confirmation_mode = confirmation_mode
+
+        # security analyzer for direct access
+        self.security_analyzer = security_analyzer
+
        # Add the system message to the event stream
        self._add_system_message()

+    async def _handle_security_analyzer(self, action: Action) -> None:
+        """Handle security risk analysis for an action.
+
+        If a security analyzer is configured, use it to analyze the action.
+        If no security analyzer is configured, set the risk to HIGH (fail-safe approach).
+
+        Args:
+            action: The action to analyze for security risks.
+        """
+        if self.security_analyzer:
+            try:
+                if (
+                    hasattr(action, 'security_risk')
+                    and action.security_risk is not None
+                ):
+                    logger.debug(
+                        f'Original security risk for {action}: {action.security_risk})'
+                    )
+                if hasattr(action, 'security_risk'):
+                    action.security_risk = await self.security_analyzer.security_risk(
+                        action
+                    )
+                    logger.debug(
+                        f'[Security Analyzer: {self.security_analyzer.__class__}] Override security risk for action {action}: {action.security_risk}'
+                    )
+            except Exception as e:
+                logger.warning(
+                    f'Failed to analyze security risk for action {action}: {e}'
+                )
+                if hasattr(action, 'security_risk'):
+                    action.security_risk = ActionSecurityRisk.UNKNOWN
+        else:
+            # When no security analyzer is configured, treat all actions as UNKNOWN risk
+            # This is a fail-safe approach that ensures confirmation is required
+            logger.debug(
+                f'No security analyzer configured, setting UNKNOWN risk for action: {action}'
+            )
+            if hasattr(action, 'security_risk'):
+                action.security_risk = ActionSecurityRisk.UNKNOWN
+
    def _add_system_message(self):
        for event in self.event_stream.search_events(start_id=self.state.start_id):
            if isinstance(event, MessageAction) and event.source == EventSource.USER:
@@ -695,6 +748,7 @@ class AgentController:
            initial_state=state,
            is_delegate=True,
            headless_mode=self.headless_mode,
+            security_analyzer=self.security_analyzer,
        )

    def end_delegate(self) -> None:
@@ -862,11 +916,45 @@ class AgentController:

        if action.runnable:
            if self.state.confirmation_mode and (
-                type(action) is CmdRunAction or type(action) is IPythonRunCellAction
+                type(action) is CmdRunAction
+                or type(action) is IPythonRunCellAction
+                or type(action) is BrowseInteractiveAction
+                or type(action) is FileEditAction
+                or type(action) is FileReadAction
            ):
-                action.confirmation_state = (
-                    ActionConfirmationStatus.AWAITING_CONFIRMATION
+                # Handle security risk analysis using the dedicated method
+                await self._handle_security_analyzer(action)
+
+                # Check if the action has a security_risk attribute set by the LLM or security analyzer
+                security_risk = getattr(
+                    action, 'security_risk', ActionSecurityRisk.UNKNOWN
                )
+
+                is_high_security_risk = security_risk == ActionSecurityRisk.HIGH
+                is_ask_for_every_action = (
+                    security_risk == ActionSecurityRisk.UNKNOWN
+                    and not self.security_analyzer
+                )
+
+                # If security_risk is HIGH, requires confirmation
+                # UNLESS it is CLI which will handle action risks it itself
+                if self.agent.config.cli_mode:
+                    # TODO(refactor): this is not ideal to have CLI been an exception
+                    # We should refactor agent controller to consider this in the future
+                    # See issue: https://github.com/All-Hands-AI/OpenHands/issues/10464
+                    action.confirmation_state = (  # type: ignore[union-attr]
+                        ActionConfirmationStatus.AWAITING_CONFIRMATION
+                    )
+                # Only HIGH security risk actions require confirmation
+                elif (
+                    is_high_security_risk or is_ask_for_every_action
+                ) and self.confirmation_mode:
+                    logger.debug(
+                        f'[non-CLI mode] Detected HIGH security risk in action: {action}. Ask for confirmation'
+                    )
+                    action.confirmation_state = (  # type: ignore[union-attr]
+                        ActionConfirmationStatus.AWAITING_CONFIRMATION
+                    )
            self._pending_action = action

        if not isinstance(action, NullAction):
@@ -12,6 +12,8 @@ from openhands.utils.import_utils import get_impl


 class AgentConfig(BaseModel):
+    cli_mode: bool = Field(default=False)
+    """Whether the agent is running in CLI mode. This can be used to disable certain tools that are not supported in CLI mode."""
    llm_config: str | None = Field(default=None)
    """The name of the llm config to use. If specified, this will override global llm config."""
    classpath: str | None = Field(default=None)
@@ -172,9 +172,6 @@ class LLMConfig(BaseModel):

        # Set reasoning_effort to 'high' by default for non-Gemini models
        # Gemini models use optimized thinking budget when reasoning_effort is None
-        logger.debug(
-            f'Setting reasoning_effort for model {self.model} with reasoning_effort {self.reasoning_effort}'
-        )
        if self.reasoning_effort is None and 'gemini-2.5-pro' not in self.model:
            self.reasoning_effort = 'high'

@@ -18,6 +18,7 @@ class SandboxConfig(BaseModel):
        remote_runtime_enable_retries: Whether to enable retries (on recoverable errors like requests.ConnectionError) for the remote runtime API requests.
        enable_auto_lint: Whether to enable auto-lint.
        use_host_network: Whether to use the host network.
+        additional_networks: A list of additional Docker networks to connect to
        runtime_binding_address: The binding address for the runtime ports.  It specifies which network interface on the host machine Docker should bind the runtime ports to.
        initialize_plugins: Whether to initialize plugins.
        force_rebuild_runtime: Whether to force rebuild the runtime image.
@@ -65,6 +66,7 @@ class SandboxConfig(BaseModel):
        default=False
    )  # once enabled, OpenHands would lint files after editing
    use_host_network: bool = Field(default=False)
+    additional_networks: list[str] = Field(default=[])
    runtime_binding_address: str = Field(default='0.0.0.0')
    runtime_extra_build_args: list[str] | None = Field(default=None)
    initialize_plugins: bool = Field(default=True)
@@ -26,7 +26,6 @@ from openhands.memory.memory import Memory
 from openhands.microagent.microagent import BaseMicroagent
 from openhands.runtime import get_runtime_cls
 from openhands.runtime.base import Runtime
-from openhands.security import SecurityAnalyzer, options
 from openhands.server.services.conversation_stats import ConversationStats
 from openhands.storage import get_file_store
 from openhands.storage.data_models.user_secrets import UserSecrets
@@ -63,12 +62,6 @@ def create_runtime(
    file_store = get_file_store(config.file_store, config.file_store_path)
    event_stream = EventStream(session_id, file_store)

-    # set up the security analyzer
-    if config.security.security_analyzer:
-        options.SecurityAnalyzers.get(
-            config.security.security_analyzer, SecurityAnalyzer
-        )(event_stream)
-
    # agent class
    if agent:
        agent_cls = type(agent)
@@ -245,6 +238,7 @@ def create_controller(
        headless_mode=headless_mode,
        confirmation_mode=config.security.confirmation_mode,
        replay_events=replay_events,
+        security_analyzer=runtime.security_analyzer,
    )
    return (controller, initial_state)

@@ -1,4 +1,8 @@
-from openhands.events.action.action import Action, ActionConfirmationStatus
+from openhands.events.action.action import (
+    Action,
+    ActionConfirmationStatus,
+    ActionSecurityRisk,
+)
 from openhands.events.action.agent import (
    AgentDelegateAction,
    AgentFinishAction,
@@ -40,4 +44,5 @@ __all__ = [
    'RecallAction',
    'MCPAction',
    'TaskTrackingAction',
+    'ActionSecurityRisk',
 ]
@@ -11,7 +11,7 @@ class BrowseURLAction(Action):
    thought: str = ''
    action: str = ActionType.BROWSE
    runnable: ClassVar[bool] = True
-    security_risk: ActionSecurityRisk | None = None
+    security_risk: ActionSecurityRisk = ActionSecurityRisk.UNKNOWN
    return_axtree: bool = False

    @property
@@ -33,7 +33,7 @@ class BrowseInteractiveAction(Action):
    browsergym_send_msg_to_user: str = ''
    action: str = ActionType.BROWSE_INTERACTIVE
    runnable: ClassVar[bool] = True
-    security_risk: ActionSecurityRisk | None = None
+    security_risk: ActionSecurityRisk = ActionSecurityRisk.UNKNOWN
    return_axtree: bool = False

    @property
@@ -25,7 +25,7 @@ class CmdRunAction(Action):
    action: str = ActionType.RUN
    runnable: ClassVar[bool] = True
    confirmation_state: ActionConfirmationStatus = ActionConfirmationStatus.CONFIRMED
-    security_risk: ActionSecurityRisk | None = None
+    security_risk: ActionSecurityRisk = ActionSecurityRisk.UNKNOWN

    @property
    def message(self) -> str:
@@ -49,7 +49,7 @@ class IPythonRunCellAction(Action):
    action: str = ActionType.RUN_IPYTHON
    runnable: ClassVar[bool] = True
    confirmation_state: ActionConfirmationStatus = ActionConfirmationStatus.CONFIRMED
-    security_risk: ActionSecurityRisk | None = None
+    security_risk: ActionSecurityRisk = ActionSecurityRisk.UNKNOWN
    kernel_init_code: str = ''  # code to run in the kernel (if the kernel is restarted)

    def __str__(self) -> str:
@@ -19,7 +19,7 @@ class FileReadAction(Action):
    thought: str = ''
    action: str = ActionType.READ
    runnable: ClassVar[bool] = True
-    security_risk: ActionSecurityRisk | None = None
+    security_risk: ActionSecurityRisk = ActionSecurityRisk.UNKNOWN
    impl_source: FileReadSource = FileReadSource.DEFAULT
    view_range: list[int] | None = None  # ONLY used in OH_ACI mode

@@ -42,7 +42,7 @@ class FileWriteAction(Action):
    thought: str = ''
    action: str = ActionType.WRITE
    runnable: ClassVar[bool] = True
-    security_risk: ActionSecurityRisk | None = None
+    security_risk: ActionSecurityRisk = ActionSecurityRisk.UNKNOWN

    @property
    def message(self) -> str:
@@ -111,7 +111,7 @@ class FileEditAction(Action):
    thought: str = ''
    action: str = ActionType.EDIT
    runnable: ClassVar[bool] = True
-    security_risk: ActionSecurityRisk | None = None
+    security_risk: ActionSecurityRisk = ActionSecurityRisk.UNKNOWN
    impl_source: FileEditSource = FileEditSource.OH_ACI

    def __repr__(self) -> str:
@@ -12,7 +12,7 @@ class MCPAction(Action):
    thought: str = ''
    action: str = ActionType.MCP
    runnable: ClassVar[bool] = True
-    security_risk: ActionSecurityRisk | None = None
+    security_risk: ActionSecurityRisk = ActionSecurityRisk.UNKNOWN

    @property
    def message(self) -> str:
@@ -13,7 +13,7 @@ class MessageAction(Action):
    image_urls: list[str] | None = None
    wait_for_response: bool = False
    action: str = ActionType.MESSAGE
-    security_risk: ActionSecurityRisk | None = None
+    security_risk: ActionSecurityRisk = ActionSecurityRisk.UNKNOWN

    @property
    def message(self) -> str:
@@ -1,7 +1,7 @@
 from typing import Any

 from openhands.core.exceptions import LLMMalformedActionError
-from openhands.events.action.action import Action
+from openhands.events.action.action import Action, ActionSecurityRisk
 from openhands.events.action.agent import (
    AgentDelegateAction,
    AgentFinishAction,
@@ -124,6 +124,15 @@ def action_from_dict(action: dict) -> Action:
    if 'images_urls' in args:
        args['image_urls'] = args.pop('images_urls')

+    # Handle security_risk deserialization
+    if 'security_risk' in args and args['security_risk'] is not None:
+        try:
+            # Convert numeric value (int) back to enum
+            args['security_risk'] = ActionSecurityRisk(args['security_risk'])
+        except (ValueError, TypeError):
+            # If conversion fails, remove the invalid value
+            args.pop('security_risk')
+
    # handle deprecated args
    args = handle_action_deprecated_args(args)

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
enyst	6c8c93add4	SDK Minimal Python: MCP-only tools (camelCase), remove fallbacks/handlers; Conversation delegates to runtime.execute_tool; Runtime.get_tools MCP-shape + execute_tool dispatcher; fix imports	2025-08-24 23:14:06 +00:00
enyst	0a3f389bc4	PRD: add Runtime and SDK sections for MCP-first minimal SDK (get_tools, execute_tool, sdk.Tool, Conversation flow, Anthropic sequencing)	2025-08-24 22:57:31 +00:00
enyst	37f4784e05	Runtime: add get_tools() in MCP format (name/description/inputSchema); SDK: Conversation uses runtime.get_tools() with fallback, binds handlers for execute_bash/file_read/file_write; keep SDK Tool param conversion\n\nCo-authored-by: openhands <openhands@all-hands.dev>	2025-08-24 22:23:06 +00:00
enyst	475947ebcd	Apply pre-commit autofixes (ruff/format)\n\nCo-authored-by: openhands <openhands@all-hands.dev>	2025-08-24 22:08:41 +00:00
enyst	5a6b741612	I am OpenHands-GPT-5, an AI agent — Option B: vendor CodeAct system_prompt and include; render with cli_mode=True for SDK system_message.\n\n- Copy system_prompt.j2 and security_risk_assessment.j2 under openhands/sdk/prompts\n- Render via Jinja2 and refine_prompt; persist as system_message\n\nCo-authored-by: openhands <openhands@all-hands.dev>	2025-08-24 19:23:11 +00:00
enyst	3d8f2dcd67	I am OpenHands-GPT-5, an AI agent — remove local task docs from branch before pushing	2025-08-24 18:58:47 +00:00
enyst	8db1a6034c	I am OpenHands-GPT-5, an AI agent — Embed fully-rendered CodeAct system prompt in SDK system_message; PRD updated to specify exact source.\n\n- Load system prompt from CodeActAgent system_prompt.j2 and persist as system_message at loop start\n- Allow appending simple system_prompt_extensions\n\nCo-authored-by: openhands <openhands@all-hands.dev>	2025-08-24 18:55:15 +00:00
enyst	0a9db47533	I am OpenHands-GPT-5, an AI agent — Minimal Python SDK groundwork: autoresume synthesis of assistant tool_calls; TUI snippet formatting and headless exit semantics; expand system_message in PRD.\n\n- Implement synthesized assistant tool_calls in _reconstruct_messages_from_events (canonical OpenAI format)\n- Include system_message reconstruction\n- TUI: concise per-step logs with truncation policy; headless returns non-zero on fatal\n- Expand PRD: system prompt source, behaviors\n\nCo-authored-by: openhands <openhands@all-hands.dev>	2025-08-24 18:32:42 +00:00
Engel Nyst	d9bc5824a0	docs: add shell guidance to avoid `set -e` variants in this environment (#10579 ) Co-authored-by: openhands <openhands@all-hands.dev>	2025-08-24 13:39:37 +08:00
Xingyao Wang	fd5b5075d6	Simplify CLI markdown rendering; remove python-markdown deps; update tests (#10538 ) Co-authored-by: openhands <openhands@all-hands.dev>	2025-08-24 01:23:06 +08:00
Hiep Le	f5cd7b256d	feat(frontend): Implement LLM risk analyzer UI (#10569 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: openhands <openhands@all-hands.dev> Co-authored-by: Xingyao Wang <xingyao@all-hands.dev> Co-authored-by: Graham Neubig <neubig@gmail.com> Co-authored-by: llamantino <213239228+llamantino@users.noreply.github.com> Co-authored-by: mamoodi <mamoodiha@gmail.com> Co-authored-by: Tim O'Farrell <tofarr@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ryan H. Tran <descience.thh10@gmail.com> Co-authored-by: Neeraj Panwar <49247372+npneeraj@users.noreply.github.com> Co-authored-by: sp.wack <83104063+amanape@users.noreply.github.com> Co-authored-by: Insop <1240382+insop@users.noreply.github.com> Co-authored-by: test <test@test.com> Co-authored-by: Engel Nyst <enyst@users.noreply.github.com> Co-authored-by: Zhonghao Jiang <zhonghao.J@outlook.com> Co-authored-by: Ray Myers <ray.myers@gmail.com>	2025-08-23 02:08:45 +07:00
Neeraj Panwar	df86fd275d	Fixes bug 9682 (#9692 ) Co-authored-by: Xingyao Wang <xingyao@all-hands.dev>	2025-08-22 16:51:53 +00:00
Xingyao Wang	d22a2e39e7	feat(agent): add security-related items in system prompt to defense against data exfiltration (#10477 ) Co-authored-by: Engel Nyst <enyst@users.noreply.github.com> Co-authored-by: openhands <openhands@all-hands.dev>	2025-08-22 15:53:13 +00:00
Xingyao Wang	ca424ec15d	[agent] Add LLM risk analyzer (#9349 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: openhands <openhands@all-hands.dev> Co-authored-by: Graham Neubig <neubig@gmail.com> Co-authored-by: llamantino <213239228+llamantino@users.noreply.github.com> Co-authored-by: mamoodi <mamoodiha@gmail.com> Co-authored-by: Tim O'Farrell <tofarr@gmail.com> Co-authored-by: Hiep Le <69354317+hieptl@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ryan H. Tran <descience.thh10@gmail.com> Co-authored-by: Neeraj Panwar <49247372+npneeraj@users.noreply.github.com> Co-authored-by: sp.wack <83104063+amanape@users.noreply.github.com> Co-authored-by: Insop <1240382+insop@users.noreply.github.com> Co-authored-by: test <test@test.com> Co-authored-by: Engel Nyst <enyst@users.noreply.github.com> Co-authored-by: Zhonghao Jiang <zhonghao.J@outlook.com> Co-authored-by: Ray Myers <ray.myers@gmail.com>	2025-08-22 14:02:36 +00:00
Xingyao Wang	4507a25b85	Evaluation: redirect sessions to repo-local .eval_sessions via helper; apply across entrypoints; add tests (#10540 ) Co-authored-by: openhands <openhands@all-hands.dev>	2025-08-22 13:34:02 +00:00
llamantino	d9cf5b7302	ci: add GitHub Action to post welcome message on good first issues (#9707 ) Co-authored-by: Engel Nyst <enyst@users.noreply.github.com>	2025-08-22 09:09:45 -04:00
Xingyao Wang	2a86e32263	fix(CI): Pin @modelcontextprotocol/server-filesystem to version 2025.8.18 (#10561 ) Co-authored-by: openhands <openhands@all-hands.dev>	2025-08-22 05:00:11 +08:00
Engel Nyst	b311ae6e15	fix: normalize malformed <parameter> tags (Qwen3) (#10539 )	2025-08-21 19:03:20 +02:00
Ryan H. Tran	adb773789a	Upgrade `aci` to 0.3.2: clamp view_range end to file length and emit warning instead of error (#10502 )	2025-08-21 23:01:54 +07:00
Engel Nyst	91d3d1d20a	Fix: expose aggregated LLM metrics in State for evaluation scripts (#10537 ) Co-authored-by: openhands <openhands@all-hands.dev>	2025-08-21 17:43:09 +02:00
llamantino	e9e2c98946	fix(tests): increase hard timeout in test_bash_server to avoid timeout on Windows (#9930 )	2025-08-21 17:12:42 +02:00
Engel Nyst	7861c1ddf7	fix(anthropic): disable extended thinking for Opus 4.1 (#10532 ) Co-authored-by: openhands <openhands@all-hands.dev>	2025-08-21 00:13:15 +02:00
Engel Nyst	5ce5469bfa	docs: update OpenAPI specification to include all current endpoints (#10412 ) Co-authored-by: openhands <openhands@all-hands.dev>	2025-08-20 21:58:35 +02:00
Xingyao Wang	4a3f5dd9b4	fix(runtime): correctly set session_api_key for local runtime (#10506 )	2025-08-21 03:51:19 +08:00
Joe O'Connor	bc8b995dd3	Add additional networks (#9566 ) Co-authored-by: Engel Nyst <enyst@users.noreply.github.com>	2025-08-20 18:52:31 +00:00
chuckbutkus	07c4742496	Add useful tools jq and gettext to image (#10531 )	2025-08-20 18:27:09 +00:00
mamoodi	b5887f8a9d	Fix CLI docs command (#10520 )	2025-08-20 14:53:15 +00:00
mamoodi	0166df6575	Release 0.54.0 (#10465 )	2025-08-20 10:29:15 -04:00
Ryan H. Tran	e03a1f4e37	Move TASKS.md to session-specific directory in `~/.openhands` (#10493 ) Co-authored-by: openhands <openhands@all-hands.dev>	2025-08-20 22:26:55 +08:00
sp.wack	c763f0e368	chroe(vscode): Refresh vscode integration lockfile (#9965 ) Co-authored-by: openhands <openhands@all-hands.dev> Co-authored-by: Engel Nyst <enyst@users.noreply.github.com>	2025-08-20 15:33:11 +02:00
Engel Nyst	bb0e24d23b	Centralize model feature checks (#10414 ) Co-authored-by: OpenHands-GPT-5 <openhands@all-hands.dev>	2025-08-19 20:30:07 +00:00
sp.wack	aa6b454772	fix: Enhance GitHub repository search to include user organizations (#10324 ) Co-authored-by: openhands <openhands@all-hands.dev>	2025-08-19 15:56:15 +00:00
sp.wack	0297b3da18	Fix conversation ID validation to return 400 instead of 500 for long IDs (#10496 )	2025-08-19 18:03:05 +04:00
Hiep Le	476954f3a4	refactor(frontend): update the styling for the microagent management page. (#10494 )	2025-08-19 19:50:42 +07:00
dependabot[bot]	f296d7bde5	chore(deps): bump abatilo/actions-poetry from 3 to 4 (#10487 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-19 13:58:39 +02:00
Zacharias Fisches	f866b3f8ea	Update modal runtime for modal>=1.0 (#10479 ) Co-authored-by: Ryan H. Tran <descience.thh10@gmail.com>	2025-08-19 10:33:03 +00:00
Zacharias Fisches	36d31b74f7	fix jinja / dockerfile syntax by removing newlines (#10476 ) Co-authored-by: Xingyao Wang <xingyao@all-hands.dev>	2025-08-19 02:50:41 +00:00
Engel Nyst	634a7691a2	tests: reorganize unit tests into subdirectories mirroring source modules (#10484 ) Co-authored-by: openhands <openhands@all-hands.dev>	2025-08-19 01:11:07 +02:00