critic_server_url and critic_model_name are now user-facing settings
exposed in the GUI. The backend no longer mutates them based on proxy
detection. _get_agent_settings is now a pure pass-through with model
override only.
SDK pin: b69f7cee
Co-authored-by: openhands <openhands@all-hands.dev>
security_analyzer lives in VerificationSettings, not on Agent.
The model_copy override was a no-op.
Co-authored-by: openhands <openhands@all-hands.dev>
Replace manual Agent construction with settings.create_agent() when
SDK AgentSettings are available. This makes settings the single
source of truth for LLM, tools, condenser, critic, and agent context.
Key changes:
- _get_default_critic() eliminated — replaced by _apply_critic_proxy()
which sets critic_server_url/critic_model_name on the settings, then
lets the SDK's build_critic() do the construction.
- _create_agent_with_context() settings path: populate tools +
agent_context on settings, call create_agent(), apply runtime-only
overrides (mcp_config, system_prompt) via model_copy.
- Legacy path (no agent_settings) kept for backward compat.
- Tests updated: agent_context now in Agent() constructor,
mcp_config/system_prompt in model_copy.
Co-authored-by: openhands <openhands@all-hands.dev>
Update poetry.lock, enterprise/poetry.lock, and uv.lock to resolve
to SDK commit bb601665 which includes the merged VerificationSettings.
Co-authored-by: openhands <openhands@all-hands.dev>
Create OpenHandsAgentSettings(AgentSettings) in the OpenHands codebase
that extends the SDK's AgentSettings with a 'security' section containing
confirmation_mode (critical) and security_analyzer (major). The SDK's
export_schema() picks these up automatically via its metadata conventions.
Backend:
- SecuritySettings pydantic model with SDK metadata annotations
- OpenHandsAgentSettings subclass used by _get_sdk_settings_schema()
- _SDK_TO_FLAT_SETTINGS bridges dotted SDK keys to flat Settings attrs
so existing consumers (session init, security-analyzer setup) work
- _extract_sdk_settings_values seeds from flat fields for UI display
Frontend:
- /settings/security route renders the security schema section
- Nav: LLM -> Security -> Condenser -> Critic (both SAAS and OSS)
- Removed empty General page (no schema section exists for it yet)
Tests:
- New test_get_sdk_settings_schema_includes_security_section
- All 119 backend + 10 frontend tests pass
Co-authored-by: openhands <openhands@all-hands.dev>
- Add /settings/general and /settings/security sidebar pages rendering
their respective SDK schema sections
- Reorder nav: General above LLM, Security below LLM (both SAAS + OSS)
- Remove SDK_LEGACY_FIELD_MAP and all legacy field bridging — the only
canonical store for SDK settings is now sdk_settings_values
- Simplify to_agent_settings(), _extract_sdk_settings_values(), and
_apply_settings_payload() to read/write sdk_settings_values only
- Fix inferInitialView to accept an optional schemaOverride so
SdkSectionPage passes filteredSchema (prevents cross-section
minor-value overrides from elevating the view tier on unrelated pages)
- Add SETTINGS$NAV_GENERAL and SETTINGS$NAV_SECURITY i18n keys with
translations for all 14 languages
- Use lock.svg for Security icon and settings.svg for General icon
Co-authored-by: openhands <openhands@all-hands.dev>
- Add /settings/condenser and /settings/critic routes alongside LLM
- Extract reusable SdkSectionPage component with render-prop header
- Extract SchemaField + FIELD_HELP_LINKS into shared sdk-settings module
- LLM page now only renders 'llm' section; condenser/critic each render
their own section using the same generic SdkSectionPage
- Add nav items with MemoryIcon (Condenser) and LightbulbIcon (Critic)
to both SAAS_NAV_ITEMS and OSS_NAV_ITEMS
- Add SETTINGS$NAV_CONDENSER and SETTINGS$NAV_CRITIC i18n keys with
translations for all 14 supported languages
- Update tests to reflect LLM-only page scope
Co-authored-by: openhands <openhands@all-hands.dev>
- Rewrite llm-settings.tsx with SettingsView = 'basic' | 'advanced' | 'all'
- Critical fields (llm.model, llm.api_key, llm.base_url) rendered with purpose-built
components at the top: ModelSelector for model, SettingsInput for API key/base URL
- Generic schema-driven fields rendered below, excluding specially-rendered keys
- UI-only help link mapping (FIELD_HELP_LINKS) for API key guidance
- Add SETTINGS$ALL i18n key with translations for all supported languages
- Update sdk-settings-schema.ts with isFieldVisibleInView, inferInitialView,
hasAdvancedSettings, hasMinorSettings, SPECIALLY_RENDERED_KEYS
- Fix no-continue lint error
- Add llm.base_url to mock schema and test fixtures
- Update all tests for three-tier view and CriticalFields rendering
- Remove search_api_key from has-advanced-settings-set.ts
- Merge main into branch
Co-authored-by: openhands <openhands@all-hands.dev>
Strip git-based openhands SDK dependencies from the exported
requirements.txt in the enterprise Dockerfile. These packages are
already installed via the base app image and cannot have their hashes
verified by pip when using git branch references.
Co-authored-by: openhands <openhands@all-hands.dev>
Poetry 2.3.0 changed the content-hash algorithm to include dependency
groups. The Docker build cache had an older Poetry version that computed
a different hash, causing 'pyproject.toml changed significantly' errors.
Pinning >=2.3.0 ensures the Dockerfile installs a compatible version and
also busts the stale cache layer.
Co-authored-by: openhands <openhands@all-hands.dev>
