mirror of
https://github.com/OpenHands/OpenHands.git
synced 2025-12-26 05:48:36 +08:00
e0b67ad2f1
* feat: Initial work on security analyzer * feat: Add remote invariant client * chore: improve fault tolerance of client * feat: Add button to enable Invariant Security Analyzer * [feat] confirmation mode for bash actions * feat: Add Invariant Tab with security risk outputs * feat: Add modal setting for Confirmation Mode * fix: frontend tests for confirmation mode switch * fix: add missing CONFIRMATION_MODE value in SettingsModal.test.tsx * fix: update test to integrate new setting * feat: Initial work on security analyzer * feat: Add remote invariant client * chore: improve fault tolerance of client * feat: Add button to enable Invariant Security Analyzer * feat: Add Invariant Tab with security risk outputs * feat: integrate security analyzer with confirmation mode * feat: improve invariant analyzer tab * feat: Implement user confirmation for running bash/python code * fix: don't display rejected actions * fix: make confirmation show only on assistant messages * feat: download traces, update policy, implement settings, auto-approve based on defined risk * Fix: low risk not being shown because it's 0 * fix: duplicate logs in tab * fix: log duplication * chore: prepare for merge, remove logging * Merge confirmation_mode from OpenDevin main * test: update tests to pass * chore: finish merging changes, security analyzer now operational again * feat: document Security Analyzers * refactor: api, monitor * chore: lint, fix risk None, revert policy * fix: check security_risk for None * refactor: rename instances of invariant to security analyzer * feat: add /api/options/security-analyzers endpoint * Move security analyzer from tab to modal * Temporary fix lock when security analyzer is not chosen * feat: don't show lock at all when security analyzer is not enabled * refactor: - Frontend: * change type of SECURITY_ANALYZER from bool to string * add combobox to select SECURITY_ANALYZER, current options are "invariant and "" (no security analyzer) * Security is now a modal, lock in bottom right is visible only if there's a security analyzer selected - Backend: * add close to SecurityAnalyzer * instantiate SecurityAnalyzer based on provided string from frontend * fix: update close to be async, to be consistent with other close on resources * fix: max height of modal (prevent overflow) * feat: add logo * small fixes * update docs for creating a security analyzer module * fix linting * update timeout for http client * fix: move security_analyzer config from agent to session * feat: add security_risk to browser actions * add optional remark on combobox * fix: asdict not called on dataclass, remove invariant dependency * fix: exclude None values when serializing * feat: take default policy from invariant-server instead of being hardcoded * fix: check if policy is None * update image name * test: fix some failing runs * fix: security analyzer tests * refactor: merge confirmation_mode and security_analyzer into SecurityConfig. Change invariant error message for docker * test: add tests for invariant parsing actions / observations * fix: python linting for test_security.py * Apply suggestions from code review Co-authored-by: Engel Nyst <enyst@users.noreply.github.com> * use ActionSecurityRisk | None intead of Optional * refactor action parsing * add extra check * lint parser.py * test: add field keep_prompt to test_security * docs: add information about how to enable the analyzer * test: Remove trailing whitespace in README.md text --------- Co-authored-by: Mislav Balunovic <mislav.balunovic@gmail.com> Co-authored-by: Engel Nyst <enyst@users.noreply.github.com> Co-authored-by: Xingyao Wang <xingyao6@illinois.edu>
200 lines
4.7 KiB
TOML
200 lines
4.7 KiB
TOML
###################### OpenDevin Configuration Example ######################
|
|
#
|
|
# All settings have default values, so you only need to uncomment and
|
|
# modify what you want to change
|
|
# The fields within each section are sorted in alphabetical order.
|
|
#
|
|
##############################################################################
|
|
|
|
#################################### Core ####################################
|
|
# General core configurations
|
|
##############################################################################
|
|
[core]
|
|
# API key for E2B
|
|
#e2b_api_key = ""
|
|
|
|
# Base path for the workspace
|
|
workspace_base = "./workspace"
|
|
|
|
# Cache directory path
|
|
#cache_dir = "/tmp/cache"
|
|
|
|
# Debugging enabled
|
|
#debug = false
|
|
|
|
# Disable color in terminal output
|
|
#disable_color = false
|
|
|
|
# Enable saving and restoring the session when run from CLI
|
|
#enable_cli_session = false
|
|
|
|
# File store path
|
|
#file_store_path = "/tmp/file_store"
|
|
|
|
# File store type
|
|
#file_store = "memory"
|
|
|
|
# List of allowed file extensions for uploads
|
|
#file_uploads_allowed_extensions = [".*"]
|
|
|
|
# Maximum file size for uploads, in megabytes
|
|
#file_uploads_max_file_size_mb = 0
|
|
|
|
# Maximum budget per task, 0.0 means no limit
|
|
#max_budget_per_task = 0.0
|
|
|
|
# Maximum number of iterations
|
|
#max_iterations = 100
|
|
|
|
# Path to mount the workspace in the sandbox
|
|
#workspace_mount_path_in_sandbox = "/workspace"
|
|
|
|
# Path to mount the workspace
|
|
#workspace_mount_path = ""
|
|
|
|
# Path to rewrite the workspace mount path to
|
|
#workspace_mount_rewrite = ""
|
|
|
|
# Run as devin
|
|
#run_as_devin = true
|
|
|
|
# Runtime environment
|
|
#runtime = "eventstream"
|
|
|
|
# Name of the default agent
|
|
#default_agent = "CodeActAgent"
|
|
|
|
#################################### LLM #####################################
|
|
# Configuration for LLM models (group name starts with 'llm')
|
|
# use 'llm' for the default LLM config
|
|
##############################################################################
|
|
[llm]
|
|
# AWS access key ID
|
|
#aws_access_key_id = ""
|
|
|
|
# AWS region name
|
|
#aws_region_name = ""
|
|
|
|
# AWS secret access key
|
|
#aws_secret_access_key = ""
|
|
|
|
# API key to use
|
|
api_key = "your-api-key"
|
|
|
|
# API base URL
|
|
#base_url = ""
|
|
|
|
# API version
|
|
#api_version = ""
|
|
|
|
# Cost per input token
|
|
#input_cost_per_token = 0.0
|
|
|
|
# Cost per output token
|
|
#output_cost_per_token = 0.0
|
|
|
|
# Custom LLM provider
|
|
#custom_llm_provider = ""
|
|
|
|
# Embedding API base URL
|
|
#embedding_base_url = ""
|
|
|
|
# Embedding deployment name
|
|
#embedding_deployment_name = ""
|
|
|
|
# Embedding model to use
|
|
embedding_model = ""
|
|
|
|
# Maximum number of characters in an observation's content
|
|
#max_message_chars = 10000
|
|
|
|
# Maximum number of input tokens
|
|
#max_input_tokens = 0
|
|
|
|
# Maximum number of output tokens
|
|
#max_output_tokens = 0
|
|
|
|
# Model to use
|
|
model = "gpt-4o"
|
|
|
|
# Number of retries to attempt
|
|
#num_retries = 5
|
|
|
|
# Retry maximum wait time
|
|
#retry_max_wait = 60
|
|
|
|
# Retry minimum wait time
|
|
#retry_min_wait = 3
|
|
|
|
# Temperature for the API
|
|
#temperature = 0.0
|
|
|
|
# Timeout for the API
|
|
#timeout = 0
|
|
|
|
# Top p for the API
|
|
#top_p = 0.5
|
|
|
|
[llm.gpt3]
|
|
# API key to use
|
|
api_key = "your-api-key"
|
|
|
|
# Model to use
|
|
model = "gpt-3.5"
|
|
|
|
#################################### Agent ###################################
|
|
# Configuration for agents (group name starts with 'agent')
|
|
# Use 'agent' for the default agent config
|
|
# otherwise, group name must be `agent.<agent_name>` (case-sensitive), e.g.
|
|
# agent.CodeActAgent
|
|
##############################################################################
|
|
[agent]
|
|
# Memory enabled
|
|
#memory_enabled = false
|
|
|
|
# Memory maximum threads
|
|
#memory_max_threads = 2
|
|
|
|
# LLM config group to use
|
|
#llm_config = 'llm'
|
|
|
|
[agent.RepoExplorerAgent]
|
|
# Example: use a cheaper model for RepoExplorerAgent to reduce cost, especially
|
|
# useful when an agent doesn't demand high quality but uses a lot of tokens
|
|
llm_config = 'gpt3'
|
|
|
|
#################################### Sandbox ###################################
|
|
# Configuration for the sandbox
|
|
##############################################################################
|
|
[sandbox]
|
|
# Sandbox timeout in seconds
|
|
#timeout = 120
|
|
|
|
# Sandbox user ID
|
|
#user_id = 1000
|
|
|
|
# Container image to use for the sandbox
|
|
#container_image = "nikolaik/python-nodejs:python3.11-nodejs22"
|
|
|
|
# Use host network
|
|
#use_host_network = false
|
|
|
|
# Enable auto linting after editing
|
|
#enable_auto_lint = false
|
|
|
|
#################################### Security ###################################
|
|
# Configuration for security features
|
|
##############################################################################
|
|
[security]
|
|
|
|
# Enable confirmation mode
|
|
#confirmation_mode = true
|
|
|
|
# The security analyzer to use
|
|
#security_analyzer = ""
|
|
|
|
#################################### Eval ####################################
|
|
# Configuration for the evaluation, please refer to the specific evaluation
|
|
# plugin for the available options
|
|
##############################################################################
|