github/OpenHands
1
1
Fork 0
mirror of https://github.com/All-Hands-AI/OpenHands.git synced 2026-04-29 03:00:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
ae5f13088198adc866cb761c083e623b5b4afcab
OpenHands/opendevin/server
History
adragos e0b67ad2f1 feat: add Security Analyzer functionality (#3058) 
* feat: Initial work on security analyzer

* feat: Add remote invariant client

* chore: improve fault tolerance of client

* feat: Add button to enable Invariant Security Analyzer

* [feat] confirmation mode for bash actions

* feat: Add Invariant Tab with security risk outputs

* feat: Add modal setting for Confirmation Mode

* fix: frontend tests for confirmation mode switch

* fix: add missing CONFIRMATION_MODE value in SettingsModal.test.tsx

* fix: update test to integrate new setting

* feat: Initial work on security analyzer

* feat: Add remote invariant client

* chore: improve fault tolerance of client

* feat: Add button to enable Invariant Security Analyzer

* feat: Add Invariant Tab with security risk outputs

* feat: integrate security analyzer with confirmation mode

* feat: improve invariant analyzer tab

* feat: Implement user confirmation for running bash/python code

* fix: don't display rejected actions

* fix: make confirmation show only on assistant messages

* feat: download traces, update policy, implement settings, auto-approve based on defined risk

* Fix: low risk not being shown because it's 0

* fix: duplicate logs in tab

* fix: log duplication

* chore: prepare for merge, remove logging

* Merge confirmation_mode from OpenDevin main

* test: update tests to pass

* chore: finish merging changes, security analyzer now operational again

* feat: document Security Analyzers

* refactor: api, monitor

* chore: lint, fix risk None, revert policy

* fix: check security_risk for None

* refactor: rename instances of invariant to security analyzer

* feat: add /api/options/security-analyzers endpoint

* Move security analyzer from tab to modal

* Temporary fix lock when security analyzer is not chosen

* feat: don't show lock at all when security analyzer is not enabled

* refactor:
- Frontend:
* change type of SECURITY_ANALYZER from bool to string
* add combobox to select SECURITY_ANALYZER, current options are "invariant and "" (no security analyzer)
* Security is now a modal, lock in bottom right is visible only if there's a security analyzer selected
- Backend:
* add close to SecurityAnalyzer
* instantiate SecurityAnalyzer based on provided string from frontend

* fix: update close to be async, to be consistent with other close on resources

* fix: max height of modal (prevent overflow)

* feat: add logo

* small fixes

* update docs for creating a security analyzer module

* fix linting

* update timeout for http client

* fix: move security_analyzer config from agent to session

* feat: add security_risk to browser actions

* add optional remark on combobox

* fix: asdict not called on dataclass, remove invariant dependency

* fix: exclude None values when serializing

* feat: take default policy from invariant-server instead of being hardcoded

* fix: check if policy is None

* update image name

* test: fix some failing runs

* fix: security analyzer tests

* refactor: merge confirmation_mode and security_analyzer into SecurityConfig. Change invariant error message for docker

* test: add tests for invariant parsing actions / observations

* fix: python linting for test_security.py

* Apply suggestions from code review

Co-authored-by: Engel Nyst <enyst@users.noreply.github.com>

* use ActionSecurityRisk | None intead of Optional

* refactor action parsing

* add extra check

* lint parser.py

* test: add field keep_prompt to test_security

* docs: add information about how to enable the analyzer

* test: Remove trailing whitespace in README.md text

---------

Co-authored-by: Mislav Balunovic <mislav.balunovic@gmail.com>
Co-authored-by: Engel Nyst <enyst@users.noreply.github.com>
Co-authored-by: Xingyao Wang <xingyao6@illinois.edu>
2024-08-13 11:29:41 +00:00
..
auth
Remove global config from auth (#2962)
2024-07-17 06:25:45 -04:00
data_models
Add links to a feedback sharing site (#2580)
2024-06-22 09:36:31 +02:00
mock
Remove monologue agent (#3036)
2024-07-19 19:25:05 +00:00
session
feat: add Security Analyzer functionality (#3058)
2024-08-13 11:29:41 +00:00
__init__.py
feat: websocket connection management and sandbox bound to session. (#559)
2024-04-05 12:19:52 -05:00
listen.py
feat: add Security Analyzer functionality (#3058)
2024-08-13 11:29:41 +00:00
README.md
Chore Readme updates (#3302)
2024-08-08 18:06:58 -04:00

README.md

OpenDevin Server

This is a WebSocket server that executes tasks using an agent.

Recommended Prerequisites

  • Initialize the frontend code
  • Install Python 3.12 (brew install python for those using homebrew)
  • Install pipx: (brew install pipx followed by pipx ensurepath)
  • Install poetry: (pipx install poetry)

Install

First build a distribution of the frontend code (From the project root directory):

cd frontend
npm install
npm run build
cd ..

Next run poetry shell (So you don't have to repeat poetry run)

Start the Server

uvicorn opendevin.server.listen:app --reload --port 3000

Test the Server

You can use websocat to test the server.

websocat ws://127.0.0.1:3000/ws
{"action": "start", "args": {"task": "write a bash script that prints hello"}}

Supported Environment Variables

LLM_API_KEY=sk-... # Your OpenAI API Key
LLM_MODEL=gpt-4o   # Default model for the agent to use
WORKSPACE_BASE=/path/to/your/workspace # Default absolute path to workspace

API Schema

There are two types of messages that can be sent to, or received from, the server:

  • Actions
  • Observations

Actions

An action has three parts:

  • action: The action to be taken
  • args: The arguments for the action
  • message: A friendly message that can be put in the chat log

There are several kinds of actions. Their arguments are listed below. This list may grow over time.

  • initialize - initializes the agent. Only sent by client.
    • model - the name of the model to use
    • directory - the path to the workspace
    • agent_cls - the class of the agent to use
  • start - starts a new development task. Only sent by the client.
    • task - the task to start
  • read - reads the content of a file.
    • path - the path of the file to read
  • write - writes the content to a file.
    • path - the path of the file to write
    • content - the content to write to the file
  • run - runs a command.
    • command - the command to run
  • browse - opens a web page.
    • url - the URL to open
  • think - Allows the agent to make a plan, set a goal, or record thoughts
    • thought - the thought to record
  • finish - agent signals that the task is completed

Observations

An observation has four parts:

  • observation: The observation type
  • content: A string representing the observed data
  • extras: additional structured data
  • message: A friendly message that can be put in the chat log

There are several kinds of observations. Their extras are listed below. This list may grow over time.

  • read - the content of a file
    • path - the path of the file read
  • browse - the HTML content of a url
    • url - the URL opened
  • run - the output of a command
    • command - the command run
    • exit_code - the exit code of the command
  • chat - a message from the user
Reference in New Issue View Git Blame Copy Permalink